Hello community,
here is the log from the commit of package audit
checked in at Wed Oct 31 12:24:10 CET 2007.
--------
--- audit/audit.changes 2007-10-10 23:19:35.000000000 +0200
+++ /mounts/work_src_done/STABLE/audit/audit.changes 2007-10-31 07:10:34.100751000 +0100
@@ -1,0 +2,7 @@
+Wed Oct 31 07:08:38 CET 2007 - tonyj@suse.de
+
+- Incorporate 1 more Redhat fixe post 1.6.2
+- Go back to 10.2 behaviour wrt to starting in disabled state.
+ This time using patch submitted upstream, fix for #Bug 333739
+
+-------------------------------------------------------------------
New:
----
audit-startup.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ audit-libs-python.spec ++++++
--- /var/tmp/diff_new_pack.R15694/_old 2007-10-31 12:22:49.000000000 +0100
+++ /var/tmp/diff_new_pack.R15694/_new 2007-10-31 12:22:49.000000000 +0100
@@ -15,7 +15,7 @@
BuildRequires: audit-devel gcc-c++ pkg-config python-devel swig
Summary: Python Bindings for libaudit
Version: 1.6.2
-Release: 1
+Release: 10
License: GPL v2 or later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/
++++++ audit.spec ++++++
--- /var/tmp/diff_new_pack.R15694/_old 2007-10-31 12:22:49.000000000 +0100
+++ /var/tmp/diff_new_pack.R15694/_new 2007-10-31 12:22:49.000000000 +0100
@@ -14,7 +14,7 @@
BuildRequires: gcc-c++
Summary: User Space Tools for 2.6 Kernel Auditing
Version: 1.6.2
-Release: 1
+Release: 4
License: GPL v2 or later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/
@@ -24,6 +24,7 @@
Patch0: audit-no_sca.patch
Patch1: audit-no_python.patch
Patch2: audit-1.6.2-bugs.patch
+Patch3: audit-startup.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-libs = %{version}-%{release}
PreReq: %insserv_prereq %fillup_prereq
@@ -56,7 +57,7 @@
%package devel
Summary: Header files and static library for libaudit
-License: LGPL v2 or later
+License: LGPL v2.1 or later
Group: System/Monitoring
Requires: %{name}-libs = %{version}-%{release}
@@ -76,6 +77,7 @@
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%build
#autoreconf -iv --install
@@ -194,6 +196,10 @@
%dir %attr(700,root,root) /var/log/audit
%ghost %config(noreplace) /var/log/audit/audit.log
%changelog
+* Wed Oct 31 2007 - tonyj@suse.de
+- Incorporate 1 more Redhat fixe post 1.6.2
+- Go back to 10.2 behaviour wrt to starting in disabled state.
+ This time using patch submitted upstream, fix for #Bug 333739
* Wed Oct 10 2007 - tonyj@suse.de
- Upgrade to 1.6.2
Plus two bugs discovered in Fedora, will be fixed in 1.6.3
++++++ audit-1.6.2-bugs.patch ++++++
--- /var/tmp/diff_new_pack.R15694/_old 2007-10-31 12:22:49.000000000 +0100
+++ /var/tmp/diff_new_pack.R15694/_new 2007-10-31 12:22:49.000000000 +0100
@@ -2,10 +2,22 @@
Subject: Patches for 1.6.2
Upsteam: yes (in 1.6.3)
-Misc patches for 1.6.2 audit
+Misc patches for 1.6.2 audit (from Steve Grubb)
---- audit-1.6.2.orig/lib/lookup_table.c 2007-10-05 10:30:25.000000000 -0400
-+++ audit-1.6.2/lib/lookup_table.c 2007-10-05 10:32:01.000000000 -0400
+diff -urp audit-1.6.2.orig/audisp/audispd.c audit-1.6.2/audisp/audispd.c
+--- audit-1.6.2.orig/audisp/audispd.c 2007-10-17 13:56:22.000000000 -0400
++++ audit-1.6.2/audisp/audispd.c 2007-10-17 14:13:49.000000000 -0400
+@@ -369,7 +369,6 @@ int main(int argc, char *argv[])
+ conf = plist_get_cur(&plugin_conf);
+ while (conf) {
+ free_pconfig(conf->p);
+- free(conf->p);
+ conf = plist_next(&plugin_conf);
+ }
+ plist_clear(&plugin_conf);
+diff -urp audit-1.6.2.orig/lib/lookup_table.c audit-1.6.2/lib/lookup_table.c
+--- audit-1.6.2.orig/lib/lookup_table.c 2007-10-17 13:56:22.000000000 -0400
++++ audit-1.6.2/lib/lookup_table.c 2007-10-17 13:56:49.000000000 -0400
@@ -483,7 +483,7 @@ int audit_name_to_msg_type(const char *m
strncpy(buf, msg_type + 8, len);
errno = 0;
@@ -15,10 +27,34 @@
errno = 0;
return strtol(msg_type, NULL, 10);
}
-
---- audit-1.6.2.orig/src/auditd.c 2007-10-05 10:31:35.000000000 -0400
-+++ audit-1.6.2/src/auditd.c 2007-10-05 10:30:04.000000000 -0400
-@@ -135,8 +135,8 @@ static void distribute_event(struct audi
+diff -urp audit-1.6.2.orig/lib/msg_typetab.h audit-1.6.2/lib/msg_typetab.h
+--- audit-1.6.2.orig/lib/msg_typetab.h 2007-10-17 13:56:22.000000000 -0400
++++ audit-1.6.2/lib/msg_typetab.h 2007-10-17 13:57:27.000000000 -0400
+@@ -92,7 +92,7 @@ _S(AUDIT_KERNEL_OTHER, "KE
+ _S(AUDIT_FD_PAIR, "FD_PAIR" )
+ _S(AUDIT_OBJ_PID, "OBJ_PID" )
+ _S(AUDIT_TTY, "TTY" )
+-//_S(AUDIT_EOE, "EOE" )
++_S(AUDIT_EOE, "EOE" )
+ _S(AUDIT_AVC, "AVC" )
+ _S(AUDIT_SELINUX_ERR, "SELINUX_ERR" )
+ _S(AUDIT_AVC_PATH, "AVC_PATH" )
+diff -urp audit-1.6.2.orig/src/auditd.c audit-1.6.2/src/auditd.c
+--- audit-1.6.2.orig/src/auditd.c 2007-10-17 13:56:22.000000000 -0400
++++ audit-1.6.2/src/auditd.c 2007-10-17 13:59:32.000000000 -0400
+@@ -127,16 +127,18 @@ static void distribute_event(struct audi
+
+ /* End of Event is for realtime interface - skip local logging of it */
+ if (rep->reply.type != AUDIT_EOE) {
++ int yield = rep->reply.type <= AUDIT_LAST_DAEMON &&
++ rep->reply.type >= AUDIT_FIRST_DAEMON ? 1 : 0;
++
+ /* Write to local disk */
+ enqueue_event(rep);
+- if (rep->reply.type <= AUDIT_LAST_DAEMON &&
+- rep->reply.type >= AUDIT_FIRST_DAEMON)
++ if (yield)
+ pthread_yield(); /* Let other thread try to log it. */
}
/* Last chance to send...maybe the pipe is empty now. */
++++++ auditd.init ++++++
--- audit/auditd.init 2007-05-02 14:23:51.000000000 +0200
+++ /mounts/work_src_done/STABLE/audit/auditd.init 2007-10-30 22:09:46.229690000 +0100
@@ -98,6 +98,10 @@
case "$1" in
start)
echo -n "Starting auditd "
+ if [ "$AUDITD_DISABLE_CONTEXTS" == "yes" ] ; then
+ EXTRAOPTIONS="$EXTRAOPTIONS -s disable"
+ fi
+
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
startproc $AUDITD_BIN $EXTRAOPTIONS
++++++ auditd.sysconfig ++++++
--- audit/auditd.sysconfig 2007-05-02 14:23:33.000000000 +0200
+++ /mounts/work_src_done/STABLE/audit/auditd.sysconfig 2007-10-30 22:09:22.681270000 +0100
@@ -29,3 +29,7 @@
#
## Type: yesno
## Default: yes
+#
+# This option disables syscall auditing by default. This can also be
+# accomplished by auditctl -e.
+AUDITD_DISABLE_CONTEXTS="yes"
++++++ audit-startup.patch ++++++
--- audit-1.6.2.orig/docs/auditd.8
+++ audit-1.6.2/docs/auditd.8
@@ -3,7 +3,7 @@
auditd \- The Linux Audit daemon
.SH SYNOPSIS
.B auditd
-.RB [ \-f ]\ [ \-l ]\ [ \-n ]
+.RB [ \-f ]\ [ \-l ]\ [ \-n ]\ [ \-s\ disable|enable|nochange ]
.SH DESCRIPTION
\fBauditd\fP is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the
.B ausearch
@@ -24,6 +24,9 @@
.TP
.B \-n
no fork. This is useful for running off of inittab
+.TP
+.B \-s=\fIENABLE_STATE\fR
+specify when starting if auditd should change the current value for the kernel enabled flag. Valid values for ENABLE_STATE are "disable", "enable" or "nochange". The default is to enable (and disable when auditd terminates). The value of the enabled flag may be changed during the lifetime of auditd using 'auditctl -e'.
.SH SIGNALS
.TP
SIGHUP
--- audit-1.6.2.orig/src/auditd.c
+++ audit-1.6.2/src/auditd.c
@@ -36,6 +36,7 @@
#include