From b322838199d2df2175361c7b5976189fa7b76af7 Mon Sep 17 00:00:00 2001
From: Cropi <alakatos@redhat.com>
Date: Wed, 8 Jan 2025 10:14:40 +0100
Subject: [PATCH] Rebase to 4.0.3

- Pluginst must have .conf suffix, otherwise skipped
  Resolves: RHEL-58838
- ausearch checkpoint inode fix
  Resolves: RHEL-58838
- Audisp-filter: filter audit events and forward them to other plugins
  Resolves: RHEL-5199
- Log to console when system is halted due to audit not having enough storage
  Resolves: RHEL-990
- auditctl: remove misleasing error with --input file
  Resolves: RHEL-5200
- Remove ProtectKernelModules=true from service file
  Resolves: RHEL-5200
- Update syscall tables to reflect current kernel
  Resolves: RHEL-46969
- af_unix: Restore old behavior
  Resolves: RHEL-39955
- Add systemd-tempfiles.d for audit when root fs is read-only
  Resolves: RHEL-45311
- ausearch fix error reporting
  Resolves: RHEL-45311
---
 .gitignore                 |  1 +
 audit-4.0-attributes.patch | 45 -----------------------------------
 audit.spec                 | 48 ++++++++++++++++++++++++++++++--------
 sources                    |  2 +-
 4 files changed, 40 insertions(+), 56 deletions(-)
 delete mode 100644 audit-4.0-attributes.patch

diff --git a/.gitignore b/.gitignore
index 63de530..0602930 100644
--- a/.gitignore
+++ b/.gitignore
@@ -178,3 +178,4 @@ audit-2.0.4.tar.gz
 /audit-3.1.1.tar.gz
 /audit-3.1.2.tar.gz
 /audit-4.0.tar.gz
+/v4.0.3.tar.gz
diff --git a/audit-4.0-attributes.patch b/audit-4.0-attributes.patch
deleted file mode 100644
index 6ef90f6..0000000
--- a/audit-4.0-attributes.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 0db6e0960a5c55b468f21f9841bbc7e67832b66a Mon Sep 17 00:00:00 2001
-From: Steve Grubb <ausearch.1@gmail.com>
-Date: Wed, 17 Jan 2024 12:07:25 -0500
-Subject: [PATCH] Update function attributes
-
----
- auparse/auparse.h |  2 +-
- lib/libaudit.h    | 10 +++++-----
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/auparse/auparse.h b/auparse/auparse.h
-index c27f1ff96..0b3f68c35 100644
---- a/auparse/auparse.h
-+++ b/auparse/auparse.h
-@@ -68,7 +68,7 @@ void auparse_add_callback(auparse_state_t *au, auparse_callback_ptr callback,
- 			void *user_data, user_destroy user_destroy_func);
- void auparse_set_escape_mode(auparse_state_t *au, auparse_esc_t mode);
- int auparse_reset(auparse_state_t *au);
--char *auparse_metrics(const auparse_state_t *au);
-+char *auparse_metrics(const auparse_state_t *au) __attr_dealloc_free;
- 
- /* Functions that are part of the search interface */
- int ausearch_add_expression(auparse_state_t *au, const char *expression,
-diff --git a/lib/libaudit.h b/lib/libaudit.h
-index 34b337a7c..15ea2e6f4 100644
---- a/lib/libaudit.h
-+++ b/lib/libaudit.h
-@@ -248,12 +248,12 @@ int  audit_set_enabled(int fd, uint32_t enabled) __wur;
- int  audit_set_failure(int fd, uint32_t failure) __wur;
- int  audit_set_rate_limit(int fd, uint32_t limit);
- int  audit_set_backlog_limit(int fd, uint32_t limit);
--int audit_set_backlog_wait_time(int fd, uint32_t bwt);
--int audit_reset_lost(int fd);
--int audit_reset_backlog_wait_time_actual(int fd);
-+int  audit_set_backlog_wait_time(int fd, uint32_t bwt);
-+int  audit_reset_lost(int fd);
-+int  audit_reset_backlog_wait_time_actual(int fd);
- int  audit_set_feature(int fd, unsigned feature, unsigned value,
--		      unsigned lock);
--int  audit_set_loginuid_immutable(int fd);
-+		      unsigned lock) __wur;
-+int  audit_set_loginuid_immutable(int fd) __wur;
- 
- /* AUDIT_LIST_RULES */
- int  audit_request_rules_list_data(int fd);
diff --git a/audit.spec b/audit.spec
index d9cb699..083c65e 100644
--- a/audit.spec
+++ b/audit.spec
@@ -1,14 +1,14 @@
 
 Summary: User space tools for kernel auditing
 Name: audit
-Version: 4.0
-Release: 10%{?dist}
+Version: 4.0.3
+Release: 1%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later
-URL: http://people.redhat.com/sgrubb/audit/
-Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
+URL: https://github.com/linux-audit/audit-userspace/
+Source0: https://github.com/linux-audit/audit-userspace/archive/refs/tags/v%{version}.tar.gz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
-Patch1: audit-4.0-attributes.patch
 BuildRequires: make gcc
+BuildRequires: autoconf automake libtool
 BuildRequires: kernel-headers >= 5.0
 BuildRequires: systemd
 
@@ -95,20 +95,20 @@ Recommends: %{name} = %{version}-%{release}
 The audit rules package contains the rules and utilities to load audit rules.
 
 %prep
-%setup -q
-%patch 1 -p1
+%setup -q -n %{name}-userspace-%{version}
 cp %{SOURCE1} .
 
+%build
+autoreconf -fv --install
 # Remove the ids code, its not ready
 sed -i 's/ ids / /' audisp/plugins/Makefile.am
 sed -i 's/ ids / /' audisp/plugins/Makefile.in
 
-%build
 %configure --with-python=no \
            --with-python3=yes \
-           --enable-gssapi-krb5=yes --with-arm --with-aarch64 \
+           --enable-gssapi-krb5=yes --with-arm --with-aarch64 --with-riscv \
            --with-libcap-ng=yes --without-golang --enable-zos-remote \
-           --enable-systemd --enable-experimental --with-io_uring
+           --enable-experimental --with-io_uring
 
 make CFLAGS="%{optflags}" %{?_smp_mflags}
 
@@ -237,6 +237,7 @@ fi
 %attr(755,root,root) %{_bindir}/aulastlog
 %attr(755,root,root) %{_bindir}/ausyscall
 %attr(644,root,root) %{_unitdir}/auditd.service
+%attr(640,root,root) %{_tmpfilesdir}/audit.conf
 %attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/reload
@@ -272,16 +273,20 @@ fi
 %config(noreplace) %attr(640,root,root) /etc/audit/audisp-statsd.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-statsd.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/audisp-filter.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/filter.conf
 %attr(750,root,root) %{_sbindir}/audisp-remote
 %attr(750,root,root) %{_sbindir}/audisp-syslog
 %attr(750,root,root) %{_sbindir}/audisp-af_unix
 %attr(750,root,root) %{_sbindir}/audisp-statsd
+%attr(750,root,root) %{_sbindir}/audisp-filter
 %attr(700,root,root) %dir %{_var}/spool/audit
 %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-statsd.8.gz
+%attr(644,root,root) %{_mandir}/man8/audisp-filter.8.gz
 
 %files -n audispd-plugins-zos
 %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
@@ -291,6 +296,29 @@ fi
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote
 
 %changelog
+* Wed Jan 08 2025 Attila Lakatos <alakatos@redhat.com> - 4.0.3-1
+- Rebase to 4.0.3
+- Pluginst must have .conf suffix, otherwise skipped
+  Resolves: RHEL-58838
+- ausearch checkpoint inode fix
+  Resolves: RHEL-62333
+- Audisp-filter: filter audit events and forward them to other plugins
+  Resolves: RHEL-5199
+- Log to console when system is halted due to audit not having enough storage
+  Resolves: RHEL-990
+- auditctl: remove misleasing error with --input file
+  Resolves: RHEL-5200
+- Remove ProtectKernelModules=true from service file
+  Resolves: RHEL-59571
+- Update syscall tables to reflect current kernel
+  Resolves: RHEL-46969
+- af_unix: Restore old behavior
+  Resolves: RHEL-39955
+- Add systemd-tempfiles.d for audit when root fs is read-only
+  Resolves: RHEL-45311
+- ausearch fix error reporting
+  Resolves: RHEL-32808
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.0-10
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018
diff --git a/sources b/sources
index 1cff9b0..b48a140 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (audit-4.0.tar.gz) = 4ed5b216c75c655fd40a74b909d591922a66690bdf2cc5c69a23be3e9b10c8d341fd9b4f496f3ce2a8f99b7d86f0dda13e36387edd845b590ab767a82b4315cc
+SHA512 (v4.0.3.tar.gz) = a20d2f832632fa844764086aac98c80f7fcb120ceeaae7472248e04eec0493981e31fd59f22c3f0dbff81ccbcd132b8297812f2b4cdb87b866c59aedf3611342