From e3fbb90c39a1a481d9d4e7f086a3bd1037472695 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 3 May 2012 10:57:44 +0200
Subject: [PATCH] Add secure-update patch (rhbz#809314)

---
 logwatch-secure-update.patch | 59 ++++++++++++++++++++++++++++++++++++
 logwatch.spec                |  4 +++
 2 files changed, 63 insertions(+)
 create mode 100644 logwatch-secure-update.patch

diff --git a/logwatch-secure-update.patch b/logwatch-secure-update.patch
new file mode 100644
index 0000000..bf3d990
--- /dev/null
+++ b/logwatch-secure-update.patch
@@ -0,0 +1,59 @@
+--- scripts/services/secure.orig	2012-04-27 10:13:45.400513896 +0200
++++ scripts/services/secure	2012-05-03 10:46:17.000000000 +0200
+@@ -210,6 +210,7 @@ while (defined($ThisLine = <STDIN>)) {
+       ( $ThisLine =~ /^pam_xauth\[\d+\]: call_xauth: child returned \d/) or
+       ( $ThisLine =~ /^su\[\d+\]: pam_authenticate: Authentication failure/) or
+       ( $ThisLine =~ /^passwd\[\d+\]:/) or
++      ( $ThisLine =~ /^passwd: gkr-pam: .*/) or
+       ( $ThisLine =~ /^reboot:/) or
+       ( $ThisLine =~ /^sudo:/) or
+       ( $ThisLine =~ /^su: pam_unix2: session (started|finished) for user [^ ]+, service [^ ]+/) or
+@@ -262,7 +263,10 @@ while (defined($ThisLine = <STDIN>)) {
+       ( $ThisLine =~ /(gdm-session-worker|gdm-password)\[\d+\]: gkr-pam: no password is available for user/) or
+       ( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
+       ( $ThisLine =~ /groupadd\[\d+\]: group added to /) or    # Details in other messages
+-      ( $ThisLine =~ /gdm-session-worker\[\d+\]: pam_namespace\(gdm:session\): Unmount of [^ ]* failed, Device or resource busy/)
++      ( $ThisLine =~ /gdm-session-worker\[\d+\]: pam_namespace\(gdm:session\): Unmount of [^ ]* failed, Device or resource busy/) or
++      ( $ThisLine =~ /pkexec: pam_systemd(.*): /) or
++      ( $ThisLine =~ /pkexec: \S+: Executing command /) or
++      ( $ThisLine =~ /su: pam_systemd(.*): Failed to parse message: /)
+    ) {
+       # Ignore these entries
+    } elsif ($ThisLine =~ /^spop3d/ || $ThisLine =~ /^pop\(\w+\)\[\d+\]:/) {
+@@ -378,9 +382,11 @@ while (defined($ThisLine = <STDIN>)) {
+       $UserLogin{$User}++;
+    } elsif ( $ThisLine =~ s/^userdel\[\d+\]: delete user `(.+)'/$1/ ) {
+       $DeletedUsers .= "   $ThisLine\n";
++   } elsif ( $ThisLine =~ s/^userdel: delete user '(.+)'/$1/ ) {
++      $DeletedUsers .= "   $ThisLine\n";
+    } elsif ( $ThisLine =~ s/^(?:useradd|adduser)\[\d+\]: new user: name=(.+), (?:uid|UID)=(\d+).*$/$1 ($2)/ ) {
+       $NewUsers .= "   $ThisLine\n";
+-   } elsif ( $ThisLine =~ s/^userdel\[\d+\]: remove(?:d)? group `(\S+)'( owned by \S+)?/$1/ ) {
++   } elsif ( $ThisLine =~ s/^userdel(?:\[\d+\])?: remove(?:d)? group [`'](\S+)'( owned by \S+)?/$1/ ) {
+       $DeletedGroups .= "   $ThisLine\n";
+    } elsif ( $ThisLine =~ s/^groupdel\[\d+\]: remove group `(.+)'/$1/ ) {
+       $DeletedGroups .= "   $ThisLine\n";
+@@ -421,6 +427,9 @@ while (defined($ThisLine = <STDIN>)) {
+       $XauthMessage{$Message}++;
+    } elsif ( ($Group,$NewName) = ($ThisLine =~ /^groupmod\[\d+\]: change group `(.*)' to `(.*)'/)) {
+       $GroupRenamed{"$Group -> $NewName"}++;
++   # } elsif ( ($Group) = ($ThisLine =~ /^groupmod: group changed in \/etc\/group (.*)'/)) {
++   } elsif ( ($Group) = $ThisLine =~ /^groupmod: group changed in \/etc\/group \(group (\S+)\):.*/) {
++      $GroupChanged{"$Group"}++;
+    } elsif ( ($User,$Home,$NewHome) = ($ThisLine =~ /^usermod\[\d+\]: change user `(.*)' home from `(.*)' to `(.*)'/)) {
+       $HomeChange{$User}{"$Home -> $NewHome"}++;
+    } elsif ( ($User,$From,$To) = ($ThisLine =~ /^usermod\[\d+\]:change user `(.*)' UID from `(.*)' to `(.*)'/)) {
+@@ -548,6 +557,13 @@ if (keys %GroupRenamed) {
+       print "   $Group\n";
+    }
+ }
++
++if (keys %GroupChanged) {
++   print "Changed groups:\n";
++   foreach $Group (sort {$a cmp $b} keys %GroupChanged) {
++      print "   $Group\n";
++   }
++}
+ 
+ if (keys %AddToGroup) {
+    print "\nAdded User to group:\n";
diff --git a/logwatch.spec b/logwatch.spec
index ef75709..899e00b 100644
--- a/logwatch.spec
+++ b/logwatch.spec
@@ -27,6 +27,8 @@ Patch7: logwatch-dovecot.patch
 Patch8: logwatch-sshd.patch
 Patch10: logwatch-secure-grammar.patch
 Patch11: logwatch-dovecot-proxy.patch
+# not yet in upstream
+Patch12: logwatch-secure-update.patch
 Requires: textutils sh-utils grep mailx
 Requires: perl(Date::Manip)
 BuildArchitectures: noarch
@@ -50,6 +52,7 @@ of the package on many systems.
 %patch8 -p1
 %patch10 -p1
 %patch11 -p0
+%patch12 -p0
 rm -f scripts/services/*.orig
 
 %build
@@ -143,6 +146,7 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
 %changelog
 * Fri Apr 27 2012 Jan Synáček <jsynacek@redhat.com> - 7.4.0-11.20120425svn100
 - Add dovecot-proxy patch (rhbz#812883)
+- Add secure-update patch (rhbz#809314)
 
 * Wed Apr 25 2012 Jan Synáček <jsynacek@redhat.com> - 7.4.0-10.20120425svn100
 - Update to revision 100