SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libauparse0-2.3.6-3.36.x86_64.rpm :
Tue Sep 2 14:00:00 2014 tonyjAATTsuse.com
- Add support for ppc64le (bnc#891861)
New patch: audit-add-ppc64le-mach-support.patch

Tue Apr 15 14:00:00 2014 tonyjAATTsuse.com
- Update to version 2.3.6
Changelog 2.3.6
- Add an option to auditctl to interpret a0 - a3 of syscall rules when listing
- Improve ARM and AARCH64 support (AKASHI Takahiro)
- Add ausearch --checkpoint feature (Burn Alting)
- Add --arch option to ausearch
- Improve too long config line in audispd, auditd, and auparse (#1071580)
- Fix aulast to accept the new AUDIT_LOGIN record format
- Remove clear_config symbol in auparse
Changelog 2.3.5
- In CRYPTO_KEY_USER events, do not interpret the \'fp\' field
- Change formatting of rules listing in auditctl to look like audit.rules
- Change auditctl to do all netlink comm and then print rules
- Add a debug option to ausearch to find skipped events
- Parse subject, auid, and ses in LOGIN events (3.14 kernel changed format)
- In auditd, when shifting logs, ignore the num_logs setting (#950158)
- Allow passing a directory as the input file for ausearch/report (LC Bruzenak)
- Interpret syscall fields in SECCOMP events
- Increase a couple buffers to handle longer input
Changelog 2.3.4
- Parse path in CONFIG_CHANGE events
- In audisp-remote, fix retry logic for temporary network failures
- In auparse, add get_type_name function
- Add --no-config command option to aureport
- Fix interpretting MCS seliunx contexts in ausearch (#970675)
- In auparse, classify selinux contexts as MAC_LABEL field type
- In ausearch/report parse vm-ctx and img-ctx as selinux labels
- Update translation tables for the 3.14 kernel

Tue Feb 4 13:00:00 2014 tonyjAATTsuse.com
- Update to version 2.3.3
Changelog 2.3.3
- Documentation updates
- Add AUDIT_USER_MAC_CONFIG_CHANGE event for MAC policy changes
- Update interpreting scheduler policy names
- Update automake files to automake-1.13.4
- Remove CAP_COMPROMISE_KERNEL interpretation
- Parse name field in AVC\'s (#1049916)
- Add missing typedef for auparse_type_t enumeration (#1053424)
- Fix parsing encoded filenames in records
- Parse SECCOMP events

Tue Nov 26 13:00:00 2013 tonyjAATTsuse.com
- Update to version 2.3.2
Changelog 2.3.2
- Put RefuseManualStop in the right systemd section (#969345)
- Add legacy restart scripts for systemd support
- Add more syscall argument interpretations
- Add \'unset\' keyword for uid & gid values in auditctl
- In ausearch, parse obj in IPC records
- In ausearch, parse subj in DAEMON_ROTATE records
- Fix interpretation of MQ_OPEN and MQ_NOTIFY events
- In auditd, restart dispatcher on SIGHUP if it had previously exited
- In audispd, exit when no active plugins are detected on reconfigure
- In audispd, clear signal mask set by libev so that SIGHUP works again
- In audispd, track binary plugins and restart if binary was updated
- In audispd, make sure we send signals to the correct process
- In auditd, clear signal mask when spawning any child process
- In audispd, make builtin plugins respond to SIGHUP
- In auparse, interpret mode flags of open syscall if O_CREAT is passed
- In audisp-remote, don\'t make address lookup always a permanent failure
- In audisp-remote, remove EOE events more efficiently
- In auditd, log the reason when email account is not valid
- In audisp-remote, change default remote_ending action to reconnect
- Add support for Aarch64 processors
Changelog 2.3.1
- Rearrange auditd setting enabled and pid to avoid a race (#910568)
- Interpret the ocomm field from OBJ_PID records
- Fix missing \'then\' statement in sysvinit script
- Switch ausearch to use libauparse for interpretting fields
- In libauparse, interpret prctl arg0, sched_setscheduler arg1
- In auparse, check source_list isn\'t NULL when opening next file (Liequan Che)
- In libauparse, interpret send
* flags argument
- In libauparse, interpret level and name options for set/getsockopt
- In ausearch/report, don\'t flush events until last file (Burn Alting)
- Don\'t use systemctl to stop the audit daemon
Changelog 2.3
- The clone(2) man page is really clone(3), fix interpretation of clone syscall
- Add systemd support for reload (#901533)
- Allow -F msgtype on the user filter
- Add legacy support for resuming logging under systemd (#830780)
- Add legacy support for rotating logs under systemd (#916611)
- In auditd, collect SIGUSR2 info for DAEMON_RESUME events
- Updated man pages
- Update libev to 4.15
- Update syscall tables for 3.9 kernel
- Interpret MQ_OPEN events
- Add augenrules support (Burn Alting)
- Consume less stack sending audit events

Fri Jun 28 14:00:00 2013 cooloAATTsuse.com
- remove libcap-ng too from audit.spec as it\'s only needed for plugins
(and libcap-ng itself needs python to build bindings)

Thu Jun 27 14:00:00 2013 tonyjAATTsuse.com
- Eliminate build cycles. audit.spec now builds only libs/devel.
Remainder (including daemon) built from audit-secondary.spec

Fri Apr 26 14:00:00 2013 mmeisterAATTsuse.com
- audit-no_m4_dir.patch: Removed AC_CONFIG_MACRO_DIR([m4]) from
configure.ac to fix build with new automake

Mon Mar 25 13:00:00 2013 crrodriguezAATTopensuse.org
- --with-libcap-ng=yes has no effect if libcap-ng is not
buildrequired and the lack of those requires causes a broken
configure script after autoreconf add pkgconfig(libcap-ng)
to both audit and audit-secondary, cap-ng is actually only
use in the latter.

Mon Mar 25 13:00:00 2013 crrodriguezAATTopensuse.org
- Version 2.2.3
- Code cleanups
- In spec file, don\'t own lib64/audit
- Update man pages
- Aureport no longer reads auditd.conf when stdin is used
- Don\'t let systemd kill auditd if auditctl errors out
- Update syscall table for 3.7 and 3.8 kernels
- Add interpretation for setns and unshare syscalls
- Code cleanup (Tyler Hicks)
- Documentation cleanups (Laurent Bigonville)
- Add dirfd interpretation to the
*at functions
- Add termination signal to clone flags interpretation
- Update stig.rules
- In auditctl, when listing rules don\'t print numeric value of dir fields
- Add support for rng resource type in auvirt
- Fix aulast bad login output (#922508)
- In ausearch, allow negative numbers for session and auid searches
- In audisp-remote, if disk_full_action is stop then stop sending (#908977)

Fri Mar 22 13:00:00 2013 crrodriguezAATTopensuse.org
- remove sysvinit scripts.

Wed Jan 30 13:00:00 2013 crrodriguezAATTopensuse.org
- remove old tarball and update -secondary spec

Wed Jan 30 13:00:00 2013 crrodriguezAATTopensuse.org
- Audit 2.2.2 , the purpose of this update is too add compatibility
with systemd for 12.3
- In auditd, tcp_max_per_addr was allowing 1 more connection than specified
- In ausearch, fix matching of object records
- Auditctl was returning -1 when listing rules filtered on a key field
- Add interpretations for CAP_BLOCK_SUSPEND and CAP_COMPROMISE_KERNEL
- Add armv5tejl, armv5tel, armv6l and armv7l machine types (Nathaniel Husted)
- Updates for the 3.6 kernel
- Add auparse_feed_has_data function to libauparse
- Update audisp-prelude to use auparse_feed_has_data
- Add support to conditionally build auditd network listener (Tyler Hicks)
- In auditd, reset a flag after receiving USR1 signal info when rotating logs
- Add optional systemd init script support
- Add support for SECCOMP event type
- Don\'t interpret aN_len field in EXECVE records (#869555)
- In audisp-remote, do better job of draining queue
- Fix capability parsing in ausearch/auparse
- Interpret BPRM_FCAPS capability fields
- Add ANOM_LINK event type

Tue Jan 22 13:00:00 2013 jengelhAATTinai.de
- Executing autoreconf requires autoconf

Fri Oct 12 14:00:00 2012 cooloAATTsuse.com
- update to 2.2.1, upstream changelog:
2.2.1
- Add more interpretations in auparse for syscall parameters
- Add some interpretations to ausearch for syscall parameters
- In ausearch/report and auparse, allocate extra space for node names
- Update syscall tables for the 3.3.0 kernel
- Update libev to 4.0.4
- Reduce the size of some applications
- In auditctl, check usage against euid rather than uid
2.2
- Correct all rules for clock_settime
- Fix possible segfault in auparse library
- Handle malformed socket addresses better
- Improve performance in audit_log_user_message()
- Improve performance in writing to the log file in auditd
- Syscall update for accept4 and recvmmsg
- Update autrace resource usage mode syscall list
- Improved sample rules for recent syscalls
- Add some debug info to audisp-remote startup and shutdown
- Make compiling with Python optional
- In auditd, if disk_error_action is ignore, don\'t syslog anything
- Fix some memory leaks
- If audispd is stopping, don\'t restart children
- Add support in auditctl for shell escaped filenames (Alexander)
- Add search support for virt events (Marcelo Cerri)
- Update interpretation tables
- Sync auparse\'s auditd config parser with auditd\'s parser
- In ausearch, also use cwd fields in file name searchs
- In ausearch, parse cwd in USER_CMD events
- In ausearch, correct parsing of uid in user space events
- In ausearch, update parsing of integrity events
- Apply some text cleanups from Debian (Russell Coker)
- In auditd, relax some permission checks for external apps
- Add ROLE_MODIFY event type
- In auditctl, new -c option to continue through bad rules but with failed exit
- Add auvirt program to do special reporting on virt events (Marcelo Cerri)
- Add interfield comparison support to auditctl (Peter Moody)
- Update auparse type intepretation for apparmor (Marcelo Cerri)
- Increase tcp_max_per_addr maximum to 1024.
- remove audit-no_python.patch, there is a configure switch for that now
- remove prereq on sysvinit

Tue Feb 28 13:00:00 2012 tonyjAATTsuse.com
- Update to version 2.1.3, upstream changelog:
- 2.1.3
- Fix parsing of EXECVE records to not escape argc field
- If auditd\'s disk is full, send the right reason to client (#715315)
- Add CAP_WAKE_ALARM to interpretations
- Some updates to audisp-remote\'s remote-fgets function (Mirek Trmac)
- Add detection of TTY events to audisp-prelude (Matteo Sessa)
- Updated syscall tables for the 3.0 kernel
- Update linker flags for better relro support
- Make default size of logs bigger (#727310)
- Extract obj from NETFILTER_PKT events
- Disable 2 kerberos config options in audisp-remote.conf
- 2.1.2
- In ausearch/report, fix a segfault caused by MAC_POLICY_LOAD records
- In ausearch/report, add and update parsers
- In auditd, cleanup DAEMON_ACCEPT and DAEMON_CLOSE addr fields
- In ausearch/report, parse addr field of DAEMON_ACCEPT & DAEMON_CLOSE records
- In auditd, move startup success to after events are registered
- If auditd shutsdown due to failed tcp init, write a DAEMON_ABORT event
- Update auditd to avoid the oom killer in new kernels (Andreas Jaeger)
- Parse and interpret NETFILTER_PKT events correctly
- Return error if auditctl -l fails (#709345)
- In audisp-remote, replace glibc\'s fgets with custom implementation

Fri Sep 30 14:00:00 2011 cooloAATTsuse.com
- add libtool as buildrequire to make the spec file more reliable

Sat Sep 17 14:00:00 2011 jengelhAATTmedozas.de
- Remove redundant tags/sections from specfile
- Add audit-devel to baselibs

Wed May 11 14:00:00 2011 meissnerAATTsuse.de
- Adjust license of libaudit and libauparse to be
LGPLv2.1 or later.

Wed Apr 27 14:00:00 2011 tonyjAATTnovell.com
- Update to version 2.1.1, upstream changelog:
- 2.1.1
- When ausearch is interpretting, output \"as is\" if no = is found
- Correct socket setup in remote logging
- Adjusted a couple default settings for remote logging and init script
- Audispd was not marking restarted plugins as active
- Audisp-remote should keep a capability if local_port < 1024
- When audispd restarts plugin, send event in its preferred format
- In audisp-remote, make all I/O asynchronous
- In audisp-remote, add sigusr1 handler to dump internal state
- Fix autrace to use correct syscalls on s390 and s390x systems
- Add shutdown syscall to remote logging teardowns
- Correct autrace rule for 32 bits systems
2.1
- Update auditctl man page for new field on user filter
- Fix crash in aulast when auid is foreign to the system
- Code cleanups
- Add store and forward model to audispd-remote (Mirek Trmac)
- Free memory on failed startups in audisp-prelude
- Fix memory leak in aureport
- Fix parsing state problem in libauparse
- Improve the robustness of libaudit field encoding functions
- Update capability tables
- In auditd, make failure action config checking consistent
- In auditd, check that NULL is not being passed to safe_exec
- In audisp-remote, overflow_action wasn\'t suspending if that action was chosen
- Update interpretations for virt events
- Improve remote logging warning and error messages
- Add interpretations for netfilter events
2.0.6
- ausearch/report performance improvements
- Synchronize all sample syscall rules to use action,list
- If program name provided to audit_log_acct_message, escape it
- Fix man page for the audit_encode_nv_string function (#647131)
- If value is NULL, don\'t segfault (#647128)
- Fix simple event parsing to not assume session id can\'t be last (Peng Haitao)
- Add support for new mmap audit event type
- Add ability for audispd syslog plugin to choose facility local0-7 (#593340)
- Fix autrace to use correct syscalls on i386 systems (Peng Haitao)
- On startup and reconfig, check for excess logs and unlink them
- Add a couple missing parser debug messages
- Fix error output resolving numeric address and update man page
- Add netfilter event types
- Fix spelling error in audit.rules man page (#667845)
- Improve warning in auditctl regarding immutable mode (#654883)
- Update syscall tables for the 2.6.37 kernel
- In ausearch, allow searching for auid -1
- Add queue overflow_action to audisp-remote to control queue overflows
- Update sample rules for new syscalls and packages

Mon Feb 21 13:00:00 2011 ajAATTsuse.de
- Fix value of oom_score_adj.

Tue Dec 7 13:00:00 2010 cooloAATTnovell.com
- prereq init script syslog

Sun Nov 7 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- use full RELRO.

Tue Sep 28 14:00:00 2010 tonyjAATTnovell.com
- Update to version 2.0.5 (drop: audit-as_needed.patch)
- Update README-BEFORE-ADDING-PATCHES
- Upstream 2.0.5 changelog:
- Make auparse handle empty AUSOURCE_FILE_ARRAY correctly (Miloslav Trmač)
- On i386, audit rules do not work on inode\'s with a large number (#554553)
- Fix displaying of inode values to be unsigned integers when listing rules
- Correct Makefile install of audispd (Jason Tang)
- Syscall table updates for 2.6.34 kernel
- Add definitions for service start and stop
- Fix handling of ignore errors in auditctl
- Fix gssapi support to build with new linker options
- Add virtualization event types
- Update aureport program help and man pages to show all options

Tue Sep 28 14:00:00 2010 ajAATTsuse.de
- Annotate patch audit-oom_score_adj.

Mon Sep 27 14:00:00 2010 ajAATTsuse.de
- Use /proc//oom_score_adj if available.

Mon Jun 28 14:00:00 2010 jengelhAATTmedozas.de
- use %_smp_mflags

Fri Jun 25 14:00:00 2010 tonyjAATTnovell.com
- Minor changes to README-BEFORE-ADDING-PATCHES file.
- Add this file as %source in spec

Fri Jun 25 14:00:00 2010 dmuellerAATTsuse.de
- obsolete -XXbit package

Tue May 4 14:00:00 2010 tonyjAATTsuse.de
- Update to version 2.0.4. This is a major version update,
libaudit.so has changed version. There is no backward compatibility.
audit-libs has been split into libaudit1 and libauparse0.
- Redhat changelog for 2.0 - 2.0.4 follows:

* 2.0.4
- Make alpha processor support optional
- Add support for the arm eabi processor
- add a compatible regexp processing capability to auparse (Miloslav Trmač)
- Fix regression in parsing user space originating records in aureport
- Add tcp_max_per_addr option in auditd.conf to limit concurrent connections
- Rearrange shutdown of auditd to allow DAEMON_END event more time

* 2.0.3
- In auditd, tell libev to stop processing a connection when idle timeout
- In auditd, tell libev to stop processing a connection when shutting down
- Interpret CAPSET records in ausearch/auparse

* 2.0.2
- If audisp-remote plugin has a queue at exit, use non-zero exit code
- Fix autrace to use the exit filter
- In audisp-remote, add a sigchld handler
- In auditd, check for duplicate remote connections before accepting
- Remove trailing \':\' if any are at the end of acct fields in ausearch
- Update remote logging code to do better sanity check of data
- Fix audisp-prelude to prefer files if multiple path records are encountered
- Add libaudit.conf man page
- In auditd, disconnect idle clients

* 2.0.1
- Aulast now reads daemon_start events for the kernel version of reboot
- Clarify the man pages for ausearch/report regarding locale and date formats
- Fix getloginuid for python bindings
- Disable the audispd af_unix plugin by default
- Add a couple new init script actions for LSB 3.2
- In audisp-remote plugin, timeout network reads (#514090)
- Make some error logging in audisp-remote plugin more prominent
- Add audit.rules man page
- Interpret the session field in audit events

* 2.0
- Remove system-config-audit
- Get rid of () from userspace originating events
- Removed old syscall rules API - not needed since 2.6.16
- Remove all use of the old rule structs from API
- Fix uninitialized variable in auditd log rotation
- Add libcap-ng support for audispd plugins
- Removed ancient defines that are part of kernel 2.6.29 headers
- Bump soname number for libaudit
- In auditctl, deprecate the entry filter and move rules to exit filter
- Parse integrity audit records in ausearch/report (Mimi Zohar)
- Updated syscall table for 2.6.31 kernel
- Remove support for the legacy negate syscall rule operator
- In auditd reset syslog warnings if disk space becomes available

Sun Dec 13 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0

Mon Sep 28 14:00:00 2009 crrodriguezAATTsuse.de
- do not package static libraries
- fix -devel package dependencies

Sat Jun 20 14:00:00 2009 cmorve69AATTyahoo.es
- fixed build with --as-needed

Fri Jun 19 14:00:00 2009 cooloAATTnovell.com
- disable as-needed for this package as it fails to build with it

Mon May 11 14:00:00 2009 tonyjAATTsuse.de
- Update from 1.7.7 to 1.7.13.
- Redhat changelog for 1.7.8 - 1.7.13 follows:

* Tue Apr 21 2009 Steve Grubb 1.7.13-1
- Disable libev asserts unless --with-debug passed to configure
- Handle kernel 2.6.29\'s audit = 0 boot parameter better
- Install audit.py file in arch specific python directory (Dan Walsh)
- Fix problem with negative uids in audit rules on 32 bit systems
- When file type is unknown, output octal for mode field (Miloslav Trmač)
- Update tty keystroke interpretations (Miloslav Trmač)

* Tue Feb 24 2009 Steve Grubb 1.7.12-1
- Add definitions for crypto events
- Fix regression where msgtype couldn\'t be used as a range in audit rules
- In libaudit, extend time spent checking reply
- In acct events, prefer id over acct if given
- In aulast, try id and acct in USER_LOGIN events
- When in immutable mode, have auditctl tell user instead of sending rules
- Add option to sysconfig to disable audit system on auditd stop
- Add tcp_wrappers config option to auditd
- Aulastlog can now take input from stdin
- Update libaudit python bindings to throw exceptions on error
- Adjust formatting of TTY data in libauparse to be like ausearch/report
- Add more key mappings to TTY interpretations
- Add internal queue to audisp-remote
- Fix failure action code to allow executables in audisp-remote (Chu Li)
- Fix memory leak when NOLOG log_format option given to auditd
- Quieten some of the reconnect text being sent to syslog in audisp-remote
- Apply some libev fixups to auditd
- Cleanup shutdown sequence of auditd
- Allow auditd log rotation via SIGUSR1 when NOLOG log format option given

* Sat Jan 10 2009 Steve Grubb 1.7.11-1
- Don\'t error out in auditd when calling setsid
- Reformat a couple auditd error messages (Oden Eriksson)
- If log rotate fails, leave the old log writable
- Fixed bug in setting up auditd event loop when listening
- Warn if on biarch machine and auditctl rules show a syscall mismatch
- Audisp-remote was not parsing some config options correctly
- In auparse, check for single key in addition to virtual keys
- When auditd shuts down, send AUDIT_RMW_TYPE_ENDING messages to clients
- Created reconnect option to remote ending setting of audisp-remote

* Sat Dec 13 2008 Steve Grubb 1.7.10-1
- Fix ausearch and aureport to handle out of order events
- Add line-buffer option to ausearch & timeout pipe input (Tony Jones)
- Add support in ausearch/report for tty data
- In audisp-remote, allow the keyword \"any\" for local_port
- Tighten parsing for -m and -w options in auditctl
- Add session query hint for aulast proof
- Fix audisp-remote to tolerate krb5 config options when not supported
- Created new aureport option for tty keystroke report
- audispd should detect backup config files and not use them
- When checking for ack in netlink interface, retry on EAGAIN a few times
- In aureport, fix mods report to show acct acted upon

* Wed Nov 05 2008 Steve Grubb 1.7.9-1
- Fix uninitialized variable in aureport causing segfault
- Quieten down the gssapi not supported messages
- Fix bug interpretting i386 logs on x86_64 machines
- If kernel is in immutable mode, auditd should not send enable command
- Fix ausearch/report recent and now time keyword lookups
- Created aulast program
- prelude plugin should pull auid for login alert from 2nd uid field
- Add system boot, shutdown, and run level change events
- Add max_restarts to audispd.conf to limit times a plugin is restarted
- Expand session detection in ausearch

* Wed Oct 22 2008 Steve Grubb 1.7.8-1
- Interpret TTY audit data in auparse (Miloslav Trmač)
- Extract terminal from USER_AVC events for ausearch/report (Peng Haitao)
- Add USER_AVCs to aureport\'s avc reporting (Peng Haitao)
- Short circuit hostname resolution in libaudit if host is empty
- If log_group and user are not root, don\'t check dispatcher perms
- Fix a bug when executing \"ausearch -te today PM\"
- Add --exit search option to ausearch
- Fix parsing config file when kerberos is disabled

Tue Apr 14 14:00:00 2009 dmuellerAATTsuse.de
- refresh patches


  
ICM