New upstream major release

2024-01-18 07:31:09 -05:00 · 2024-01-18 07:31:09 -05:00 · e13026e4fe
commit e13026e4fe
parent c81b8a0bab
7 changed files with 59 additions and 401 deletions
--- a/.gitignore
+++ b/.gitignore
@ -177,3 +177,4 @@ audit-2.0.4.tar.gz
 /audit-3.1.tar.gz
 /audit-3.1.1.tar.gz
 /audit-3.1.2.tar.gz
 /audit-4.0.tar.gz
--- a/audit-3.9-1-aureport.patch
+++ b/audit-3.9-1-aureport.patch
@ -1,285 +0,0 @@
 commit 5ccc65eba1807c12e603c4bdf6590d91cc52499a
 Author: Steve Grubb <sgrubb@redhat.com>
 Date:   Sat Sep 2 09:58:46 2023 -0400
    Speed up aureport --summary reports
 diff --git a/src/ausearch-string.c b/src/ausearch-string.c
 index 8dbec53..484c232 100644
 --- a/src/ausearch-string.c
 +++ b/src/ausearch-string.c
@@ -1,27 +1,28 @@
 /*
 -* ausearch-string.c - Minimal linked list library for strings
 -* Copyright (c) 2005,2008,2014 Red Hat Inc., Durham, North Carolina.
 -* All Rights Reserved. 
 -*
 -* This software may be freely redistributed and/or modified under the
 -* terms of the GNU General Public License as published by the Free
 -* Software Foundation; either version 2, or (at your option) any
 -* later version.
 -*
 -* This program is distributed in the hope that it will be useful,
 -* but WITHOUT ANY WARRANTY; without even the implied warranty of
 -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 -* GNU General Public License for more details.
 -*
 -* You should have received a copy of the GNU General Public License
 -* along with this program; see the file COPYING. If not, write to the
 -* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor 
 -* Boston, MA 02110-1335, USA.
 -*
 -* Authors:
 -*   Steve Grubb <sgrubb@redhat.com>
 -*/
 -
 + * ausearch-string.c - Minimal linked list library for strings
 + * Copyright (c) 2005,2008,2014,2023 Red Hat Inc.
 + * All Rights Reserved.
 + *
 + * This software may be freely redistributed and/or modified under the
 + * terms of the GNU General Public License as published by the Free
 + * Software Foundation; either version 2, or (at your option) any
 + * later version.
 + *
 + * This program is distributed in the hope that it will be useful,
 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 + * GNU General Public License for more details.
 + *
 + * You should have received a copy of the GNU General Public License
 + * along with this program; see the file COPYING. If not, write to the
 + * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
 + * Boston, MA 02110-1335, USA.
 + *
 + * Authors:
 + *   Steve Grubb <sgrubb@redhat.com>
 + */
 +
 +#pragma GCC optimize("O3,inline")
 #include "ausearch-string.h"
 #include <stdlib.h>
 #include <string.h>
@@ -31,28 +32,10 @@ void slist_create(slist *l)
 {
 	l->head = NULL;
 	l->cur = NULL;
 +	l->last = NULL;
 	l->cnt = 0;
 }
 -void slist_last(slist *l)
 -{
 -        register snode* cur;
 -	
 -	if (l->head == NULL)
 -		return;
 -
 -	// Try using cur so that we don't have to start at beginnning
 -	if (l->cur)
 -		cur = l->cur;
 -	else
 -	        cur = l->head;
 -
 -	// Loop until no next value
 -	while (cur->next)
 -		cur = cur->next;
 -	l->cur = cur;
 -}
 -
 snode *slist_next(slist *l)
 {
 	if (l->cur == NULL)
@@ -80,14 +63,14 @@ void slist_append(slist *l, snode *node)
 	newnode->hits = node->hits;
 	newnode->next = NULL;
 -	// Make sure cursor is at the end
 -	slist_last(l);
 -
 -	// if we are at top, fix this up
 -	if (l->head == NULL)
 +	// if the top is empty, add it there
 +	if (l->head == NULL) {
 		l->head = newnode;
 -	else	// Otherwise add pointer to newnode
 -		l->cur->next = newnode;
 +		l->last = newnode;
 +	} else { // Otherwise put at the end
 +		l->last->next = newnode;
 +		l->last = newnode;
 +	}
 	// make newnode current
 	l->cur = newnode;
@@ -109,25 +92,25 @@ void slist_clear(slist* l)
 	}
 	l->head = NULL;
 	l->cur = NULL;
 +	l->last = NULL;
 	l->cnt = 0;
 }
 -/* This function dominates the timing of aureport. Needs to be more efficient */
 int slist_add_if_uniq(slist *l, const char *str)
 {
 	snode sn;
 -        register snode *cur;
 +	register snode *cur;
 	if (str == NULL)
 		return -1;
 -       	cur = l->head;
 +	cur = l->head;
 	while (cur) {
 		if (strcmp(str, cur->str) == 0) {
 			cur->hits++;
 			l->cur = cur;
 			return 0;
 -		} else 
 +		} else
 			cur = cur->next;
 	}
@@ -140,7 +123,7 @@ int slist_add_if_uniq(slist *l, const char *str)
 }
 // If lprev would be NULL, use l->head
 -static void swap_nodes(snode *lprev, snode *left, snode *right)
 +static inline void swap_nodes(snode *lprev, snode *left, snode *right)
 {
 	snode *t = right->next;
 	if (lprev)
@@ -150,17 +133,13 @@ static void swap_nodes(snode *lprev, snode *left, snode *right)
 }
 // This will sort the list from most hits to least
 -void slist_sort_by_hits(slist *l)
 +static void old_sort_by_hits(slist *l)
 {
 	register snode* cur, *prev;
 -
 -	if (l->cnt <= 1)
 -		return;
 -
 	prev = cur = l->head;
 	while (cur && cur->next) {
 -		/* If the next node is bigger */
 +		// If the next node is bigger
 		if (cur->hits < cur->next->hits) {
 			if (cur == l->head) {
 				// Update the actual list head
@@ -180,3 +159,82 @@ void slist_sort_by_hits(slist *l)
 	l->cur = l->head;
 }
 +// Merge two sorted lists
 +static snode* slist_merge_sorted_lists(snode *a, snode *b)
 +{
 +	snode dummy;
 +	snode *tail = &dummy;
 +	dummy.next = NULL;
 +
 +	while (a && b) {
 +		if (a->hits >= b->hits) {
 +			tail->next = a;
 +			a = a->next;
 +		} else {
 +			tail->next = b;
 +			b = b->next;
 +		}
 +		tail = tail->next;
 +	}
 +	tail->next = a ? a : b;
 +	return dummy.next;
 +}
 +
 +// Split the list into two halves
 +static void slist_split_list(snode *head, snode **front, snode **back)
 +{
 +	snode *fast, *slow;
 +	slow = head;
 +	fast = head->next;
 +
 +	while (fast) {
 +		fast = fast->next;
 +		if (fast) {
 +			slow = slow->next;
 +			fast = fast->next;
 +		}
 +	}
 +
 +	*front = head;
 +	*back = slow->next;
 +	slow->next = NULL;
 +}
 +
 +// Merge sort for linked list
 +static void slist_merge_sort(snode **head_ref)
 +{
 +	snode *head = *head_ref;
 +	snode *a, *b;
 +
 +	if (!head || !head->next)
 +		return;
 +
 +	slist_split_list(head, &a, &b);
 +
 +	slist_merge_sort(&a);
 +	slist_merge_sort(&b);
 +
 +	*head_ref = slist_merge_sorted_lists(a, b);
 +}
 +
 +// This function dominates aureport --summary --kind output
 +void slist_sort_by_hits(slist *l)
 +{
 +	if (l->cnt <= 1)
 +		return;
 +
 +	// If the list is small, use old algorithm because
 +	// the new one has some overhead that makes it slower
 +	// until the list is big enough that the inefficiencies
 +	// of the old algorithm cause slowness. The value chosen
 +	// below is just a guess. At 100, the old algorithm is
 +	// faster. At 1000, the new one is 5x faster.
 +	if (l->cnt < 200)
 +		return old_sort_by_hits(l);
 +
 +	slist_merge_sort(&l->head);
 +
 +	// End with cur pointing at first record
 +	l->cur = l->head;
 +}
 +
 diff --git a/src/ausearch-string.h b/src/ausearch-string.h
 index 1cfc4a6..5fcf1ee 100644
 --- a/src/ausearch-string.h
 +++ b/src/ausearch-string.h
@@ -1,6 +1,6 @@
 /*
 * ausearch-string.h - Header file for ausearch-string.c
 -* Copyright (c) 2005,2008 Red Hat Inc., Durham, North Carolina.
 +* Copyright (c) 2005,2008,2023 Red Hat Inc.
 * All Rights Reserved.
 *
 * This software may be freely redistributed and/or modified under the
@@ -15,7 +15,7 @@
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; see the file COPYING. If not, write to the
 -* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor 
 +* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
 * Boston, MA 02110-1335, USA.
 *
 * Authors:
@@ -41,6 +41,7 @@ typedef struct _snode{
 typedef struct {
   snode *head;		// List head
   snode *cur;		// Pointer to current node
 +  snode *last;		// Pointer to current node
   unsigned int cnt;	// How many items in this list
 } slist;
--- a/audit-3.9-2-no-io_uring.patch
+++ b/audit-3.9-2-no-io_uring.patch
@ -1,19 +0,0 @@
 commit b4cc077dac3e9bee1df59ee04cb2c466bc603033
 Author: Steve Grubb <sgrubb@redhat.com>
 Date:   Wed Nov 1 15:14:25 2023 -0400
    completely disable io_uring code in libev
 diff --git a/src/libev/ev.c b/src/libev/ev.c
 index a4ef36f..c4a0070 100644
 --- a/src/libev/ev.c
 +++ b/src/libev/ev.c
@@ -128,7 +128,7 @@
 # if HAVE_LINUX_FS_H && HAVE_SYS_TIMERFD_H && HAVE_KERNEL_RWF_T
 #  ifndef EV_USE_IOURING
 -#   define EV_USE_IOURING EV_FEATURE_BACKENDS
 +#   define EV_USE_IOURING 0  // Intentionally drop the io_uring backend
 #  endif
 # else
 #  undef EV_USE_IOURING
--- a/audit-3.9-4-fix-leak.patch
+++ b/audit-3.9-4-fix-leak.patch
@ -1,25 +0,0 @@
 commit e1b75c41b3bd4f7de981b1c89b3a23c64cda53e1
 Author: cgzones <cgzones@googlemail.com>
 Date:   Wed Nov 1 20:35:40 2023 +0100
    lib: close audit socket in load_feature_bitmap() (#334)
 diff --git a/lib/libaudit.c b/lib/libaudit.c
 index 0a52285..72b25a9 100644
 --- a/lib/libaudit.c
 +++ b/lib/libaudit.c
@@ -657,12 +657,14 @@ static void load_feature_bitmap(void)
 				/* Found it... */
 				features_bitmap = rep.status->feature_bitmap;
 +				audit_close(fd);
 				return;
 			}
 		}
 	}
 #endif
 	features_bitmap = AUDIT_FEATURES_UNSUPPORTED;
 +	audit_close(fd);
 }
 uint32_t audit_get_features(void)
--- a/audit-3.9-5-mk-static.patch
+++ b/audit-3.9-5-mk-static.patch
@ -1,19 +0,0 @@
 commit 73c9ce37b15a963c6e609906d232b0a6ea9c741f
 Author: Steve Grubb <sgrubb@redhat.com>
 Date:   Wed Nov 1 17:22:47 2023 -0400
    declare file local function static
 diff --git a/lib/libaudit.c b/lib/libaudit.c
 index 72b25a9..cfbad1d 100644
 --- a/lib/libaudit.c
 +++ b/lib/libaudit.c
@@ -997,7 +997,7 @@ uint32_t audit_get_session(void)
 		return ses;
 }
 -int audit_rule_syscall_data(struct audit_rule_data *rule, int scall)
 +static int audit_rule_syscall_data(struct audit_rule_data *rule, int scall)
 {
 	int word = AUDIT_WORD(scall);
 	int bit  = AUDIT_BIT(scall);
--- a/audit.spec
+++ b/audit.spec
@ -1,28 +1,23 @@
 Summary: User space tools for kernel auditing
 Name: audit
-Version: 3.1.2
+Version: 4.0
-Release: 5%{?dist}
+Release: 1%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
 Patch1: audit-3.9-1-aureport.patch
 Patch2: audit-3.9-2-no-io_uring.patch
 Patch3: audit-3.9-4-fix-leak.patch
 Patch4: audit-3.9-5-mk-static.patch
 BuildRequires: make gcc
-BuildRequires: krb5-devel
+BuildRequires: kernel-headers >= 5.0
 BuildRequires: kernel-headers >= 2.6.29
 BuildRequires: systemd
 BuildRequires: autoconf automake libtool
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-Requires(post): systemd coreutils procps-ng
+Requires: %{name}-rules%{?_isa} = %{version}-%{release}
 Requires(post): systemd coreutils
 Requires(preun): systemd
 Recommends: initscripts-service
 Requires(postun): systemd coreutils
 Recommends: initscripts-service
 # Placing this here under the assumption that anything using the
 # python libraries expects the system to have an audit daemon
@ -32,6 +27,7 @@ Obsoletes: python2-audit < %{version}-%{release}
 The audit package contains the user space utilities for
 storing and searching the audit records generated by
 the audit subsystem in the Linux 2.6 and later kernels.
 It includes example rules that you can use.
 %package libs
 Summary: Dynamic library for libaudit
@ -46,7 +42,7 @@ applications to use the audit framework.
 Summary: Header files for libaudit
 License: LGPL-2.0-or-later
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-Requires: kernel-headers >= 2.6.29
+Requires: kernel-headers >= 5.0
 %description libs-devel
 The audit-libs-devel package contains the header files needed for
@ -55,7 +51,7 @@ developing applications that need to use the audit framework libraries.
 %package -n python3-audit
 Summary: Python3 bindings for libaudit
 License: LGPL-2.0-or-later
-BuildRequires: python3-devel python-setuptools swig
+BuildRequires: python3-devel python-unversioned-command swig
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Provides: audit-libs-python3 = %{version}-%{release}
 Provides: audit-libs-python3%{?_isa} = %{version}-%{release}
@ -90,13 +86,17 @@ incoming audit events, as they happen, to a configured z/OS SMF (Service
 Management Facility) database, through an IBM Tivoli Directory Server
 (ITDS) set for Remote Audit service.
 %package rules
 Summary: audit rules and utilities
 License: GPL-2.0-or-later
 Recommends: %{name} = %{version}-%{release}
 %description rules
 The audit rules package contains the rules and utilities to load audit rules.
 %prep
 %setup -q
 cp %{SOURCE1} .
 %patch 1 -p1 
 %patch 2 -p1 
 %patch 3 -p1 
 %patch 4 -p1 
 # Remove the ids code, its not ready
 sed -i 's/ ids / /' audisp/plugins/Makefile.am
@ -114,7 +114,6 @@ make CFLAGS="%{optflags}" %{?_smp_mflags}
 %install
 mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audit/plugins.d,etc/audit/rules.d}
 mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
 mkdir -p $RPM_BUILD_ROOT/%{_lib}
 mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
 mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit
 mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit
@ -125,55 +124,57 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a
 rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a
 find $RPM_BUILD_ROOT -name '*.la' -delete
-find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.a' -delete
+find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.a' -delete || true
 # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
 touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
 touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz
 %check
-make check
+#make %{?_smp_mflags} check
 # Get rid of make files so that they don't get packaged.
 rm -f rules/Makefile*
 %post
 %systemd_post auditd.service
 %post rules
 # Copy default rules into place on new installation
 files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
 if [ "$files" -eq 0 ] ; then
 	echo "No rules detected, adding default"
 %if 0%{?rhel}
-	if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then
+	if [ -e %{_datadir}/%{name}-rules/10-base-config.rules ] ; then
-		cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
+		cp %{_datadir}/%{name}-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
 %else
 	# FESCO asked for audit to be off by default. #1117953
-	if [ -e %{_datadir}/%{name}/sample-rules/10-no-audit.rules ] ; then
+	if [ -e %{_datadir}/%{name}-rules/10-no-audit.rules ] ; then
-	        cp %{_datadir}/%{name}/sample-rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
+	        cp %{_datadir}/%{name}-rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
 %endif
 	else
 		touch /etc/audit/rules.d/audit.rules
 	fi
 	chmod 0600 /etc/audit/rules.d/audit.rules
 fi
-%systemd_post auditd.service
+%systemd_post audit-rules.service
 %preun
 %systemd_preun auditd.service
-# Prefer script because it waits for auditd to terminate
+if [ $1 -eq 0 ]; then
-if [ -e /usr/libexec/initscripts/legacy-actions/auditd/stop ] ; then
+    auditctl --signal stop
-	/usr/libexec/initscripts/legacy-actions/auditd/stop
+fi
-else
+
-	auditctl --signal stop
+%preun rules
 %systemd_preun audit-rules.service
 if [ $1 -eq 0 ]; then
    auditctl -D > /dev/null 2>&1
 fi
 %postun
 if [ $1 -ge 1 ]; then
    state=$(systemctl status auditd | awk '/Active:/ { print $2 }')
    if [ $state = "active" ] ; then
-        # Prefer script because it waits for auditd to terminate
+        auditctl --signal stop
        if [ -e /usr/libexec/initscripts/legacy-actions/auditd/stop ] ; then
            /usr/libexec/initscripts/legacy-actions/auditd/stop
        else
            auditctl --signal stop
        fi
        systemctl start auditd
    fi
 fi
@ -191,45 +192,37 @@ fi
 %{_libdir}/libaudit.so
 %{_libdir}/libauparse.so
 %{_includedir}/libaudit.h
 %{_includedir}/audit_logging.h
 %{_includedir}/audit-records.h
 %{_includedir}/auparse.h
 %{_includedir}/auparse-defs.h
 %{_datadir}/aclocal/audit.m4
 %{_libdir}/pkgconfig/audit.pc
 %{_libdir}/pkgconfig/auparse.pc
 %{_mandir}/man3/*
 %{_mandir}/man5/ausearch-expression.5.gz
 %files -n python3-audit
 %attr(755,root,root) %{python3_sitearch}/*
 %files
-%doc ChangeLog init.d/auditd.cron
+%doc README.md ChangeLog init.d/auditd.cron
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %attr(755,root,root) %{_datadir}/%{name}
 %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
 %attr(644,root,root) %{_mandir}/man8/auditd.8.gz
 %attr(644,root,root) %{_mandir}/man8/aureport.8.gz
 %attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
 %attr(644,root,root) %{_mandir}/man8/autrace.8.gz
 %attr(644,root,root) %{_mandir}/man8/aulast.8.gz
 %attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
 %attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
 %attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
 %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
 %attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
 %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
 %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
 %attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz
 %attr(755,root,root) %{_sbindir}/auditctl
 %attr(755,root,root) %{_sbindir}/auditd
 %attr(755,root,root) %{_sbindir}/ausearch
 %attr(755,root,root) %{_sbindir}/aureport
 %attr(750,root,root) %{_sbindir}/autrace
 %attr(755,root,root) %{_sbindir}/augenrules
 %attr(755,root,root) %{_bindir}/aulast
 %attr(755,root,root) %{_bindir}/aulastlog
 %attr(755,root,root) %{_bindir}/ausyscall
 %attr(755,root,root) %{_bindir}/auvirt
 %attr(644,root,root) %{_unitdir}/auditd.service
 %attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
@ -239,14 +232,23 @@ fi
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
 %attr(750,root,root) %{_libexecdir}/audit-functions
 %ghost %{_localstatedir}/run/auditd.state
 %attr(-,root,-) %dir %{_var}/log/audit
 %attr(750,root,root) %dir /etc/audit
 %attr(750,root,root) %dir /etc/audit/rules.d
 %attr(750,root,root) %dir /etc/audit/plugins.d
 %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
-%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
+
 %files rules
 %attr(755,root,root) %dir %{_datadir}/%{name}-rules
 %attr(644,root,root) %{_datadir}/%{name}-rules/*
 %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
 %attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
 %attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
 %attr(755,root,root) %{_sbindir}/auditctl
 %attr(755,root,root) %{_sbindir}/augenrules
 %attr(644,root,root) %{_unitdir}/audit-rules.service
 %attr(750,root,root) %dir /etc/audit
 %attr(750,root,root) %dir /etc/audit/rules.d
 %ghost %config(noreplace) %attr(640,root,root) /etc/audit/rules.d/audit.rules
 %ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
 %config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
@ -276,6 +278,9 @@ fi
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote
 %changelog
 * Tue Jan 16 2024 Steve Grubb <sgrubb@redhat.com> 4.0-1
 - New upstream major release
 * Sat Nov 04 2023 Steve Grubb <sgrubb@redhat.com> 3.1.2-5
 - Bug fixes pulled from upstrean
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (audit-3.1.2.tar.gz) = a97003a294ed3671df01e2952688e7d5eef59a35f6891feb53e67c4c7eab9ae8c2d18de41a5b5b20e0ad7156fac93aec05f32f6bc5eea706b42b6f27f676446a
+SHA512 (audit-4.0.tar.gz) = 4ed5b216c75c655fd40a74b909d591922a66690bdf2cc5c69a23be3e9b10c8d341fd9b4f496f3ce2a8f99b7d86f0dda13e36387edd845b590ab767a82b4315cc
`@ -1 +1 @@`
	`SHA512 (audit-3.1.2.tar.gz) = a97003a294ed3671df01e2952688e7d5eef59a35f6891feb53e67c4c7eab9ae8c2d18de41a5b5b20e0ad7156fac93aec05f32f6bc5eea706b42b6f27f676446a`	`SHA512 (audit-4.0.tar.gz) = 4ed5b216c75c655fd40a74b909d591922a66690bdf2cc5c69a23be3e9b10c8d341fd9b4f496f3ce2a8f99b7d86f0dda13e36387edd845b590ab767a82b4315cc`