Rebase to 4.0.3

- Pluginst must have .conf suffix, otherwise skipped Resolves: RHEL-58838 - ausearch checkpoint inode fix Resolves: RHEL-58838 - Audisp-filter: filter audit events and forward them to other plugins Resolves: RHEL-5199 - Log to console when system is halted due to audit not having enough storage Resolves: RHEL-990 - auditctl: remove misleasing error with --input file Resolves: RHEL-5200 - Remove ProtectKernelModules=true from service file Resolves: RHEL-5200 - Update syscall tables to reflect current kernel Resolves: RHEL-46969 - af_unix: Restore old behavior Resolves: RHEL-39955 - Add systemd-tempfiles.d for audit when root fs is read-only Resolves: RHEL-45311 - ausearch fix error reporting Resolves: RHEL-45311
2025-01-08 10:14:40 +01:00 · 2025-01-08 10:14:40 +01:00 · b322838199
commit b322838199
parent cb94a9d99f
4 changed files with 40 additions and 56 deletions
--- a/.gitignore
+++ b/.gitignore
@ -178,3 +178,4 @@ audit-2.0.4.tar.gz
 /audit-3.1.1.tar.gz
 /audit-3.1.2.tar.gz
 /audit-4.0.tar.gz
+/v4.0.3.tar.gz
--- a/audit-4.0-attributes.patch
+++ b/audit-4.0-attributes.patch
@ -1,45 +0,0 @@
-From 0db6e0960a5c55b468f21f9841bbc7e67832b66a Mon Sep 17 00:00:00 2001
-From: Steve Grubb <ausearch.1@gmail.com>
-Date: Wed, 17 Jan 2024 12:07:25 -0500
-Subject: [PATCH] Update function attributes
-
---
- auparse/auparse.h |  2 +-
- lib/libaudit.h    | 10 +++++-----
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/auparse/auparse.h b/auparse/auparse.h
-index c27f1ff96..0b3f68c35 100644
--- a/auparse/auparse.h
-+++ b/auparse/auparse.h
-@@ -68,7 +68,7 @@ void auparse_add_callback(auparse_state_t *au, auparse_callback_ptr callback,
- 			void *user_data, user_destroy user_destroy_func);
- void auparse_set_escape_mode(auparse_state_t *au, auparse_esc_t mode);
- int auparse_reset(auparse_state_t *au);
-char *auparse_metrics(const auparse_state_t *au);
-+char *auparse_metrics(const auparse_state_t *au) __attr_dealloc_free;
- 
- /* Functions that are part of the search interface */
- int ausearch_add_expression(auparse_state_t *au, const char *expression,
-diff --git a/lib/libaudit.h b/lib/libaudit.h
-index 34b337a7c..15ea2e6f4 100644
--- a/lib/libaudit.h
-+++ b/lib/libaudit.h
-@@ -248,12 +248,12 @@ int  audit_set_enabled(int fd, uint32_t enabled) __wur;
- int  audit_set_failure(int fd, uint32_t failure) __wur;
- int  audit_set_rate_limit(int fd, uint32_t limit);
- int  audit_set_backlog_limit(int fd, uint32_t limit);
-int audit_set_backlog_wait_time(int fd, uint32_t bwt);
-int audit_reset_lost(int fd);
-int audit_reset_backlog_wait_time_actual(int fd);
-+int  audit_set_backlog_wait_time(int fd, uint32_t bwt);
-+int  audit_reset_lost(int fd);
-+int  audit_reset_backlog_wait_time_actual(int fd);
- int  audit_set_feature(int fd, unsigned feature, unsigned value,
-		      unsigned lock);
-int  audit_set_loginuid_immutable(int fd);
-+		      unsigned lock) __wur;
-+int  audit_set_loginuid_immutable(int fd) __wur;
- 
- /* AUDIT_LIST_RULES */
- int  audit_request_rules_list_data(int fd);
--- a/audit.spec
+++ b/audit.spec
@ -1,14 +1,14 @@

 Summary: User space tools for kernel auditing
 Name: audit
-Version: 4.0
-Release: 10%{?dist}
+Version: 4.0.3
+Release: 1%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later
-URL: http://people.redhat.com/sgrubb/audit/
-Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
+URL: https://github.com/linux-audit/audit-userspace/
+Source0: https://github.com/linux-audit/audit-userspace/archive/refs/tags/v%{version}.tar.gz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
-Patch1: audit-4.0-attributes.patch
 BuildRequires: make gcc
+BuildRequires: autoconf automake libtool
 BuildRequires: kernel-headers >= 5.0
 BuildRequires: systemd

@ -95,20 +95,20 @@ Recommends: %{name} = %{version}-%{release}
 The audit rules package contains the rules and utilities to load audit rules.

 %prep
-%setup -q
-%patch 1 -p1
+%setup -q -n %{name}-userspace-%{version}
 cp %{SOURCE1} .

+%build
+autoreconf -fv --install
 # Remove the ids code, its not ready
 sed -i 's/ ids / /' audisp/plugins/Makefile.am
 sed -i 's/ ids / /' audisp/plugins/Makefile.in

-%build
 %configure --with-python=no \
           --with-python3=yes \
-           --enable-gssapi-krb5=yes --with-arm --with-aarch64 \
+           --enable-gssapi-krb5=yes --with-arm --with-aarch64 --with-riscv \
           --with-libcap-ng=yes --without-golang --enable-zos-remote \
-           --enable-systemd --enable-experimental --with-io_uring
+           --enable-experimental --with-io_uring

 make CFLAGS="%{optflags}" %{?_smp_mflags}

@ -237,6 +237,7 @@ fi
 %attr(755,root,root) %{_bindir}/aulastlog
 %attr(755,root,root) %{_bindir}/ausyscall
 %attr(644,root,root) %{_unitdir}/auditd.service
+%attr(640,root,root) %{_tmpfilesdir}/audit.conf
 %attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/reload
@ -272,16 +273,20 @@ fi
 %config(noreplace) %attr(640,root,root) /etc/audit/audisp-statsd.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-statsd.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/audisp-filter.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/filter.conf
 %attr(750,root,root) %{_sbindir}/audisp-remote
 %attr(750,root,root) %{_sbindir}/audisp-syslog
 %attr(750,root,root) %{_sbindir}/audisp-af_unix
 %attr(750,root,root) %{_sbindir}/audisp-statsd
+%attr(750,root,root) %{_sbindir}/audisp-filter
 %attr(700,root,root) %dir %{_var}/spool/audit
 %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-statsd.8.gz
+%attr(644,root,root) %{_mandir}/man8/audisp-filter.8.gz

 %files -n audispd-plugins-zos
 %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
@ -291,6 +296,29 @@ fi
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote

 %changelog
+* Wed Jan 08 2025 Attila Lakatos <alakatos@redhat.com> - 4.0.3-1
+- Rebase to 4.0.3
+- Pluginst must have .conf suffix, otherwise skipped
+  Resolves: RHEL-58838
+- ausearch checkpoint inode fix
+  Resolves: RHEL-62333
+- Audisp-filter: filter audit events and forward them to other plugins
+  Resolves: RHEL-5199
+- Log to console when system is halted due to audit not having enough storage
+  Resolves: RHEL-990
+- auditctl: remove misleasing error with --input file
+  Resolves: RHEL-5200
+- Remove ProtectKernelModules=true from service file
+  Resolves: RHEL-59571
+- Update syscall tables to reflect current kernel
+  Resolves: RHEL-46969
+- af_unix: Restore old behavior
+  Resolves: RHEL-39955
+- Add systemd-tempfiles.d for audit when root fs is read-only
+  Resolves: RHEL-45311
+- ausearch fix error reporting
+  Resolves: RHEL-32808
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.0-10
 - Bump release for October 2024 mass rebuild:
  Resolves: RHEL-64018
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (audit-4.0.tar.gz) = 4ed5b216c75c655fd40a74b909d591922a66690bdf2cc5c69a23be3e9b10c8d341fd9b4f496f3ce2a8f99b7d86f0dda13e36387edd845b590ab767a82b4315cc
+SHA512 (v4.0.3.tar.gz) = a20d2f832632fa844764086aac98c80f7fcb120ceeaae7472248e04eec0493981e31fd59f22c3f0dbff81ccbcd132b8297812f2b4cdb87b866c59aedf3611342