Changelog for audit-debuginfo-1.7.7-5.3.x86_64.rpm :
Wed Dec 10 13:00:00 2008 olhAATTsuse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)

Fri Dec 5 13:00:00 2008 tonyjAATTsuse.de
- Revision to previous fix for bnc#445353.
These should go into SLES11 RC1.
1) Add --line-buffered option to limit when stdout is flushed (performance).
2) Testing found a related bug where (if input is a pipe) the last logical
record would permanently be queued waiting for a subsequent record indicating
end of the previous. This subsequent record may never arrive. Timer is
now run causing this record to be flushed if no new record arrives within
timeout. This fix is upstream also.

Fri Nov 21 13:00:00 2008 tonyjAATTsuse.de
- Force ausearch to flush stdout if pipe (bnc#445353)

Thu Oct 30 13:00:00 2008 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Fri Sep 26 14:00:00 2008 tonyjAATTsuse.de
- Update from 1.7.4 to 1.7.7. GSS support disabled for present
- Redhat changelog for 1.7.5 - 1.7.7 follows:

* Wed Sep 11 2008 Steve Grubb 1.7.7-1
- Bug fixes for gss code in remote logging (DJ Delorie)
- Fix ausearch -i to keep the node field in the output
- ausyscall now does strstr match on syscall names
- Makefile cleanup (Philipp Hahn)
- Add watched syscall support to audisp-prelude
- Use the right define for tcp_wrappers in auditd
- Expose encoding API for fields being logged from user space

* Wed Sep 11 2008 Steve Grubb 1.7.6-1
- Update event record list and aureport classifications (Yu Zhiguo/Peng Haitao)
- Add subject to audit daemon events (Chu Li)
- Fix parsing of acct & exe fields in user records (Peng Haitao)
- Make client error handling in audisp-remote robust (DJ Delorie)
- Add tcp_wrappers support for auditd
- Updated syscall tables for 2.6.27 kernel
- Add heartbeat exchange to remote logging protocol (DJ Delorie)
- Audit connect/disconnect of remote clients
- In ausearch, collect pid from AVC records (Peng Haitao)
- Add auparse_get_field_type function to describe field\'s contents
- Add GSS/Kerberos encryption to the remote protocol (DJ Delorie)

* Mon Aug 25 2008 Steve Grubb 1.7.5-1
- Update system-config-audit to 0.4.8
- Whole lot of bug fixes - see ChangeLog for details
- Reimplement auditd main loop using libev
- Add TCP listener to auditd to receive remote events

Tue Aug 5 14:00:00 2008 tonyjAATTsuse.de
- Remove audit rules on audit stop (bnc#409093)

Wed Jun 25 14:00:00 2008 tonyjAATTsuse.de
- Update from 1.7.2 to 1.7.4
- Redhat changelog for 1.7.3 - 1.7.4 follows:

* Mon May 19 2008 Steve Grubb 1.7.4-1
- Fix interpreting of keys in syscall records
- Interpret audit rule config change list fields
- Don\'t error on name=(null) PATH records in ausearch/report
- Add key report to aureport
- Fix --end today to be now
- Added python bindings for auparse_goto_record_num
- Update system-config-audit to 0.4.7 (Miloslav Trmac)
- Add support for the filetype field option in auditctl
- In audispd boost priority after starting children

* Fri May 09 2008 Steve Grubb 1.7.3-1
- Fix path processing in AVC records.
- auparse_find_field_next() wasn\'t resetting field ptr going to next record.
- auparse_find_field() wasn\'t checking current field before iterating
- cleanup some string handling in audisp-prelude plugin
- Update auditctl man page
- Fix output of keys in ausearch interpretted mode
- Fix ausearch/report --start now to not be reset to midnight
- Added auparse_goto_record_num function
- Prelude plugin now uses auparse_goto_record_num to avoid skipping a record
- audispd now has a priority boost config option
- Look for laddr in avcs reported via prelude
- Detect page 0 mmaps and alert via prelude
- Update from 1.6.8 to 1.7.2
- Complete fix for BNC# 378725
- Redhat changelog for 1.6.9-1.7.2 follows:

* Wed Apr 09 2008 Steve Grubb 1.7.2-1
- gen_table.c now includes IPC defines to avoid glibc-headers wild goose chase
- ausyscall program added for cross referencing syscall name and number info
- Add login session ID search capability to ausearch

* Tue Apr 08 2008 Steve Grubb 1.7.1-1
- Remove LSB headers info for init scripts
- Fix buffer overflow in audit_log_user_command, again (#438840)
- Fix memory leak in EOE code in auditd (#440075)
- In auditctl, don\'t use new operators in legacy rule format
- Made a couple corrections in alpha & x86_64 syscall tables (Miloslav Trmac)
- Add example STIG rules file
- Add string table lookup performance improvement patch (Miloslav Trmac)
- auparse_find_field_next performance improvement

* Sun Mar 30 2008 Steve Grubb 1.7-1
- Improve input error handling in audispd
- Improve end of event detection in auparse library
- Improve handling of abstract namespaces
- Add test mode for prelude plugin
- Handle user space avcs in prelude plugin
- Audit event serial number now recorded in idmef alert
- Add --just-one option to ausearch
- Fix watched account login detection for some failed login attempts
- Couple fixups in audit logging functions (Miloslav Trmac)
- Add support in auditctl for virtual keys
- Added new type for user space MAC policy load events
- auparse_find_field_next was not iterating correctly, fixed it
- Add idmef alerts for access or execution of watched file
- Fix buffer overflow in audit_log_user_command
- Add basic remote logging plugin - only sends & no flow control
- Update ausearch with interpret fixes from auparse

* Sun Mar 09 2008 Steve Grubb 1.6.9-1
- Apply hidden attribute cleanup patch (Miloslav Trmac)
- Apply auparse expression interface patch (Miloslav Trmac)
- Fix potential memleak in audit event dispatcher
- Change default audispd queue depth to 80
- Update system-config-audit to version 0.4.6 (Miloslav Trmac)
- audisp-prelude alerts now controlled by config file
- Updated syscall table for 2.6.25 kernel
- Apply patch correcting acct field being misencoded (Miloslav Trmac)
- Added watched account login detection for prelude plugin

Wed Apr 23 14:00:00 2008 tonyjAATTsuse.de
- Fix for bnc#378725 VUL-0: audit buffer overflow

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Wed Mar 26 13:00:00 2008 tonyjAATTsuse.de
- Update from 1.6.2 to 1.6.8.
- Move audisp-plugins to new secondary spec (along with existing
python libs).
- Redhat changelog follows:

* Thu Feb 14 2008 Steve Grubb 1.6.8-1
- Update for gcc 4.3
- Cleanup descriptors in audispd before running plugin
- Fix \'recent\' keyword for aureport/search
- Fix SE Linux policy for zos_remote plugin
- Add event type for group password authentication attempts
- Couple of updates to the translation tables
- Add detection of failed group authentication to audisp-prelude

* Thu Jan 31 2008 Steve Grubb 1.6.7-1
- In ausearch/report, prefer -if to stdin
- In ausearch/report, add new command line option --input-logs (#428860)
- Updated audisp-prelude based on feedback from prelude-devel
- Added prelude alert for promiscuous socket being opened
- Added prelude alert for SE Linux policy enforcement changes
- Added prelude alerts for Forbidden Login Locations and Time
- Applied patch to auparse fixing error handling of searching by
interpreted value (Miloslav Trmac)

* Sat Jan 19 2008 Steve Grubb 1.6.6-1
- Add prelude IDS plugin for IDMEF alerts
- Add --user option to aulastlog command
- Use desktop-file-install for system-config-audit

* Mon Jan 07 2008 Steve Grubb 1.6.5-1
- Add more errno strings for exit codes in auditctl
- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
- Check for audit log being writable by owner in auditd
- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
- Updated CAPP, LSPP, and NISPOM rules for new capabilities
- Added aulastlog utility

* Sat Dec 29 2007 Steve Grubb 1.6.4-1
- fchmod of log file was on wrong variable (#426934)
- Allow use of errno strings for exit codes in audit rules

* Thu Dec 27 2007 Steve Grubb 1.6.3-1
- Add kernel release string to DEAMON_START events
- Fix keep_logs when num_logs option disabled (#325561)
- Fix auparse to handle node fields for syscall records
- Update system-config-audit to version 0.4.5 (Miloslav Trmac)
- Add keyword week-ago to aureport & ausearch start/end times
- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
- Add RACF zos remote audispd plugin (Klaus Kiwi)
- Add event queue overflow action to audispd

Tue Mar 18 13:00:00 2008 schwabAATTsuse.de
- Use autoreconf.

Wed Oct 31 13:00:00 2007 tonyjAATTsuse.de
- Incorporate 1 more Redhat fixe post 1.6.2
- Go back to 10.2 behaviour wrt to starting in disabled state.
This time using patch submitted upstream, fix for #Bug 333739

Wed Oct 10 14:00:00 2007 tonyjAATTsuse.de
- Upgrade to 1.6.2
Plus two bugs discovered in Fedora, will be fixed in 1.6.3

Wed Jul 25 14:00:00 2007 tonyjAATTsuse.de
- Upgrade to 1.5.5
Correct bug in audit_make_equivalent function (Al Viro)
Local: add AppArmor audit ID (upstream in 1.5.6)
don\'t build RedHat system-config-audit

Thu Jul 12 14:00:00 2007 tonyjAATTsuse.de
- Upgrade to 1.5.4
Add feed interface to auparse library (John Dennis)
Apply patch to libauparse for unresolved symbols (#241178)
Apply patch to add line numbers for file events in libauparse (John Dennis)
Change seresults to seresult in libauparse (John Dennis)
Add unit32_t definition to swig (#244210)
Add support for directory auditing
Update acct field to be escaped
- Fix for #280487 \"%ghost /var/log/audit/audit.log will remove the logfile\"

Mon May 7 14:00:00 2007 rguentherAATTsuse.de
- Drop pkg-config BuildRequires introduced by last change.

Wed May 2 14:00:00 2007 tonyjAATTsuse.de
- Upgrade to 1.5.3. Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig

Wed Nov 29 13:00:00 2006 tonyjAATTsuse.de
- Upgrade to 1.2.9 (drop several patches which are now upstream)
- Move to using /etc/audit directory for config files

Thu Aug 31 14:00:00 2006 tonyjAATTsuse.de
- Upgrade to 1.2.6-1

Sat Aug 26 14:00:00 2006 olhAATTsuse.de
- do not define __KERNEL__ in userland apps
- remove unused sys/syscall.h include

Wed Aug 16 14:00:00 2006 cthielAATTsuse.de
- split audit into audit and audit-libs-python