|
|
|
|
Changelog for libaudit1-32bit-3.0.6-3.2.x86_64.rpm :
* Mon Apr 11 2022 Jan Engelhardt - Modernize specfile constructs. * Sun Nov 07 2021 Callum Farmer - Update to version 3.0.6: * fixes a segfault on some SELINUX_ERR records * makes IPX packet interpretation dependent on the ipx header file existing * adds b32/b64 support to ausyscall * adds support for armv8l * fixes auditctl list of syscalls on PPC * auditd.service now restarts auditd under some conditions * Thu Sep 16 2021 Enzo Matsumiya - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle- Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs * Fri Jul 30 2021 Enzo Matsumiya - Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists- use https source urls * Mon Jun 14 2021 Enzo Matsumiya - Adjust audit.spec and audit-secondary.spec to support new version- Include fix for libev * add libev-werror.patch- Update to version 3.0.2- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)- Optionally interpret auid in auditctl -l- Update some syscall argument interpretations- In auditd, do not allow spaces in the hostname name format- Big documentation cleanup (MIZUTA Takeshi)- Update syscall table to the 5.12 kernel- Update the auparse normalizer for new event types- Fix compiler warnings in ids subsystem- Block a couple signals from flush & reconfigure threads- In auditd, don\'t wait on flush thread when exiting- Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1- Update syscall table to the 5.11 kernel- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)- Only enable periodic timers when listening on the network- Upgrade libev to 4.33- Add auparse_new_buffer function to auparse library- Use the select libev backend unless aggregating events- Add sudoers to some base audit rules- Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0- Generate checkpoint file even when no results are returned (Burn Alting)- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)- Convert auparse_test to run with python3 (Tomáš Chvátal)- Drop support for prelude- Adjust backlog_wait_time in rules to the kernel default (#1482848)- Remove ids key syntax checking of rules in auditctl- Use SIGCONT to dump auditd internal state (#1504251)- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)- Fix parsing of uid & success for ausearch- Add support for not equal operator in audit by executable (Ondrej Mosnacek)- Hide lru symbols in auparse- Add systemd process protections- Fix aureport summary time range reporting- Allow unlimited retries on startup for remote logging- Add queue_depth to remote logging stats and increase default queue_depth size- Fix segfault on shutdown- Merge auditd and audispd code- Close on execute init_pipe fd (#1587995)- Breakout audisp syslog plugin to be standalone program- Create a common internal library to reduce code- Move all audispd config files under /etc/audit/- Move audispd.conf settings into auditd.conf- Add queue depth statistics to internal state dump report- Add network statistics to internal state dump report- SIGUSR now also restarts queue processing if its suspended- Update lookup tables for the 4.18 kernel- Add auparse_normalizer support for SOFTWARE_UPDATE event- Add 30-ospp-v42.rules to meet new Common Criteria requirements- Deprecate enable_krb and replace with transport config opt for remote logging- Mark netlabel events as simple events so that get processed quicker- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)- In aureport, fix segfault in file report- Add auparse_normalizer support for labeled networking events- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)- In ausearch/auparse, event aging is off by a second- In ausearch/auparse, correct event ordering to process oldest first- Migrate auparse python test to python3- auparse_reset was not clearing everything it should- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events- In ausearch/report, lightly parse selinux portion of USER_AVC events- Add bpf syscall command argument interpretation to auparse- In ausearch/report, limit record size when malformed- Port af_unix plugin to libev- In auditd, fix extract_type function for network originating events- In auditd, calculate right size and location for network originating events- Make legacy script wait for auditd to terminate (#1643567)- Treat all network originating events as VER2 so dispatcher doesn\'t format it- If an event has a node name make it VER2 so dispatcher doesnt format it- In audisp-remote do an initial connection attempt (#1625156)- In auditd, allow expression of space left as a percentage (#1650670)- On PPC64LE systems, only allow 64 bit rules (#1462178)- Make some parts of auditd state report optional based on config- Update to libev-4.25- Fix ausearch when checkpointing a single file (Burn Alting)- Fix scripting in 31-privileged.rules wrt filecap (#1662516)- In ausearch, do not checkpt if stdin is input source- In libev, remove __cold__ attribute for functions to allow proper hardening- Add tests to configure.ac for openldap support- Make systemd support files use /run rather than /var/run (Christian Hesse)- Fix minor memory leak in auditd kerberos credentials code- Allow exclude and user filter by executable name (Ondrej Mosnacek)- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test- In ausearch/report fix --end to use midnight time instead of now (#1671338)- Add substitue functions for strndupa & rawmemchr- Fix memleak in auparse caused by corrected event ordering- Fix legacy reload script to reload audit rules when daemon is reloaded- Support for unescaping in trusted messages (Dmitry Voronin)- In auditd, use standard template for DEAMON events (Richard Guy Briggs)- In aureport, fix segfault for malformed USER_CMD events- Add exe field to audit_log_user_command in libaudit- In auditctl support filter on socket address families (Richard Guy Briggs)- Deprecate support for Alpha & IA64 processors- If space_left_action is rotate, allow it every time (#1718444)- In auparse, drop standalone EOE events- Add milliseconds column for ausearch extra time csv format- Fix aureport first event reporting when no start given- In audisp-remote, add new config item for startup connection errors- Remove dependency on chkconfig- Install rules to /usr/share/audit/sample-rules/- Split up ospp rules to make SCAP scanning easier (#1746018)- In audisp-syslog, support interpreting records (#1497279)- Audit USER events now sends msg as name value pair- Add support for AUDIT_BPF event- Auditd should not process AUDIT_REPLACE events- Update syscall tables to the 5.5 kernel- Improve personality interpretation by using PERS_MASK- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup- Change auparse python bindings to shared object (Issue #121)- Add error messages for watch permissions- If audit rules file doesn\'t exist log error message instead of info message- Revise error message for unmatched options in auditctl- In audisp-remote, fixup remote endpoint disappearin in ascii format- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)- In auditctl, add support for sending a signal to auditd- Remove audit-fno-common.patch: fixed in upstream- Remove audit-python3.patch: fixed in upstream * Wed Dec 02 2020 Alexander Bergmann - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806) * Mon Jun 01 2020 Enzo Matsumiya - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs (bsc#1172295) * Mon Jan 13 2020 Tony Jones - Update to version 2.8.5: * Fix segfault on shutdown * Fix hang on startup (#1587995) * Add sleep to script to dump state so file is ready when needed * Add auparse_normalizer support for SOFTWARE_UPDATE event * Mark netlabel events as simple events so that get processed quicker * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) * Add 30-ospp-v42.rules to meet new Common Criteria requirements * Update lookup tables for the 4.18 kernel * In aureport, fix segfault in file report * Add auparse_normalizer support for labeled networking events * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) * Event aging is off by a second * In ausearch/auparse, correct event ordering to process oldest first * auparse_reset was not clearing everything it should * Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events * In ausearch/report, lightly parse selinux portion of USER_AVC events * In ausearch/report, limit record size when malformed * In auditd, fix extract_type function for network originating events * In auditd, calculate right size and location for network originating events * Treat all network originating events as VER2 so dispatcher doesn\'t format it * In audisp-remote do an initial connection attempt (#1625156) * In auditd, allow expression of space left as a percentage (#1650670) * On PPC64LE systems, only allow 64 bit rules (#1462178) * Make some parts of auditd state report optional based on config * Fix ausearch when checkpointing a single file (Burn Alting) * Fix scripting in 31-privileged.rules wrt filecap (#1662516) * In ausearch, do not checkpt if stdin is input source * In libev, remove __cold__ attribute for functions to allow proper hardening * Add tests to configure.ac for openldap support * Make systemd support files use /run rather than /var/run (Christian Hesse) * Fix minor memory leak in auditd kerberos credentials code * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test * In ausearch/report fix --end to use midnight time instead of now (#1671338)- Remote zos building is now a configurable option. It should be disabled in audit (and left enabled in audit-secondary). * Thu Mar 21 2019 Jan Engelhardt - Make use of some %make_install. * Sat Jun 23 2018 antoine.belvireAATTopensuse.org- Update to version 2.8.4: * Generate checkpoint file even when not results are returned (Burn Alting). * Fix log file creation when file logging is disabled entirely (Vlad Glagolev). * Use SIGCONT to dump auditd internal state (rh#1504251). * Fix parsing of virtual timestamp fields in ausearch_expression (rh#1515903). * Fix parsing of uid & success for ausearch. * Hide lru symbols in auparse. * Fix aureport summary time range reporting. * Allow unlimited retries on startup for remote logging. * Add queue_depth to remote logging stats and increase default queue_depth size. * Sun Jun 17 2018 antoine.belvireAATTopensuse.org- Update to version 2.8.3: * Correct msg function name in lru debug code. * Fix a segfault in auditd when dns resolution isn\'t available. * Make a reload legacy service for auditd. * In auparse python bindings, expose some new types that were missing. * In normalizer, pickup subject kind for user_login events. * Fix interpretation of unknown ioctcmds (rh#1540507). * Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, & RESP_ORIGIN_BLOCK_TIMED events. * In auparse_normalize for USER_LOGIN events, map acct for subj_kind. * Fix logging of IPv6 addresses in DAEMON_ACCEPT events (rh#1534748). * Do not rotate auditd logs when num_logs < 2 (brozs). * Fri Mar 16 2018 tonyjAATTsuse.com- Update header in audit-python3.patch- Update patch guidelines in README-BEFORE-ADDING-PATCHES * Wed Feb 07 2018 tchvatalAATTsuse.com- Add patch to fix test run without python2 interpreter: * audit-python3.patch- Update to 2.8.2 release: * Update tables for 4.14 kernel * Fixup ipv6 server side binding * AVC report from aureport was missing result column header (#1511606) * Add SOFTWARE_UPDATE event * In ausearch/report pickup any path and new-disk fields as a file * Fix value returned by auditctl --reset-lost (Richard Guy Briggs) * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field * Fix building on old systems without linux/fanotify.h * Fix shell portability issues reported by shellcheck * Auditd validate_email should not use gethostbyname
|
|
|