Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libaudit1-4.0-2.1 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

Name: libaudit1 Distribution: openSUSE Tumbleweed
Version: 4.0 Vendor: openSUSE
Release: 2.1 Build date: Tue Sep 17 20:20:58 2024
Group: System/Libraries Build host: reproducible
Size: 133857 Source RPM: audit-4.0-2.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://people.redhat.com/sgrubb/audit/
Summary: Library for interfacing with the kernel audit subsystem
The libaudit package contains the shared libraries needed for
applications to use the audit framework.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Tue Sep 17 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update to 4.0
    - Drop python2 support
    - Drop auvirt and autrace programs
    - Drop SysVinit support
    - Require the use of the 5.0 or later kernel headers
    - New README.md file
    - Rewrite legacy service functions in terms of systemctl
    - Consolidate and update end of event detection to a common function
    - Split off rule loading from auditd.service into audit-rules.service
    - Refactor libaudit.h to split out logging functions and record numbers
    - Speed up aureport --summary reports
    - Limit libaudit python bindings to logging functions
    - Add a metrics function for auparse
    - Change auditctl to use pidfd_send_signal for signaling auditd
    - Adjust watches to optimize syscalls hooked when watch file access
    - Drop nispom rules
    - Add intepretations for fsconfig, fsopen, fsmount, & move_mount
    - Many code fixups (cgzones)
    - Update syscall and interpretation tables to the 6.8 kernel
    (from v3.1.2)
    - When processing a run level change, make auditd exit
    - In auditd, fix return code when rules added in immutable mode
    - In auparse, when files are given, also consider EUID for access
    - Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya)
    - Disable Python bindings from setting rules due to swig bug (S. Trofimovich)
    - Update all lookup tables for the 6.5 kernel
    - Don't be as paranoid about auditctl -R file permissions
    - In ausearch, correct subject/object search to be an and if both are given
    - Adjust formats for 64 bit time_t
    - Fix segfault in python bindings around the feed API
    - Add feed_has_data, get_record_num, and get/goto_field_num to python bindings
  - Update spec:
    * Add fix-auparse-test.patch (downstream):
      Upstream tests uses a static value (42) for 'gdm' uid/gid (based
      on Fedora values, apparently).  Replace these occurrences with
      'unknown(123456)'
    * Replace '--with-python' with '--with-python3' on %configure
    * Add new headers 'audit_logging.h' and 'audit-records.h' for
      audit-devel
* Mon Jul 03 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.1.1:
    * Add user friendly keywords for signals to auditctl
    * In ausearch, parse up URINGOP and DM_CTRL records
    * Harden auparse to better handle corrupt logs
    * Fix a CFLAGS propogation problem in the common directory
    * Move the audispd af_unix plugin to a standalone program
* Thu May 04 2023 Frederic Crozat <fcrozat@suse.com>
  - Add _multibuild to define additional spec files as additional
    flavors.
    Eliminates the need for source package links in OBS.
* Mon Mar 20 2023 Giuliano Belinassi <giuliano.belinassi@suse.com>
  - Enable livepatching on main library on x86_64.
* Mon Feb 20 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.1:
    * Disable ProtectControlGroups in auditd.service by default
    * Fix rule checking for exclude filter
    * Make audit_rule_syscallbyname_data work correctly outside of auditctl
    * Add new record types
    * Add io_uring support
    * Add support for new FANOTIFY record fields
    * Add keyword, this-hour, to ausearch/report start/end options
    * Add Requires.private to audit.pc file
    * Try to interpret OPENAT2 fields correctly
* Thu Dec 15 2022 Enzo Matsumiya <ematsumiya@suse.de>
  - Enable build for ARM (32-bit)
  - Update to version 3.0.9:
    * In auditd, release the async flush lock on stop
    * Don't allow auditd to log directly into /var/log when log_group is non-zero
    * Cleanup krb5 memory leaks on error paths
    * Update auditd.cron to use auditctl --signal
    * In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
    * In auparse, special case kernel module name interpretation
    * If overflow_action is ignore, don't treat as an error
    (3.0.8)
    * Add gcc function attributes for access and allocation
    * Add some more man pages (MIZUTA Takeshi)
    * In auditd, change the reinitializing of the plugin queue
    * Fix path normalization in auparse (Sergio Correia)
    * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
    * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
    * Drop ProtectHome from auditd.service as it interferes with rules
    (3.0.7)
    * Add support for the OPENAT2 record type (Richard Guy Briggs)
    * In auditd, close the logging file descriptor when logging is suspended
    * Update the capabilities lookup table to match 5.16 kernel
    * Improve interpretation of renamat & faccessat family of syscalls
    * Update syscall table for the 5.16 kernel
    * Reduce dependency from initscripts to initscripts-service
  - Refresh patches (context adjusment):
    * audit-allow-manual-stop.patch
    * audit-ausearch-do-not-require-tclass.patch
    * audit-no-gss.patch
    * enable-stop-rules.patch
    * fix-hardened-service.patch
    * harden_auditd.service.patch
  - Remove patches (fixed by version update):
    * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
    * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
* Mon Apr 11 2022 Jan Engelhardt <jengelh@inai.de>
  - Modernize specfile constructs.
* Sun Nov 07 2021 Callum Farmer <gmbr3@opensuse.org>
  - Update to version 3.0.6:
    * fixes a segfault on some SELINUX_ERR records
    * makes IPX packet interpretation dependent on the ipx header
      file existing
    * adds b32/b64 support to ausyscall
    * adds support for armv8l
    * fixes auditctl list of syscalls on PPC
    * auditd.service now restarts auditd under some conditions
* Thu Sep 16 2021 Enzo Matsumiya <ematsumiya@suse.com>
  - Update to version 3.0.5:
    * In auditd, flush uid/gid caches when user/group added/deleted/modified
    * Fixed various issues when dealing with corrupted logs
    * In auditd, check if log_file is valid before closing handle
  - Include fixed from 3.0.4:
    * Apply performance speedups to auparse library
    * Optimize rule loading in auditctl
    * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
    * Update syscall table to the 5.14 kernel
    * Fixed various issues when dealing with corrupted logs
* Fri Jul 30 2021 Enzo Matsumiya <ematsumiya@suse.com>
  - Update to version 3.0.3:
    * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined
    * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids
    * Change auparse_feed_has_data in auparse to include incomplete events
    * Auditd, stop linking against -lrt
    * Add ProtectHome and RestrictRealtime to auditd.service
    * In auditd, read up to 3 netlink packets in a row
    * In auditd, do not validate path to plugin unless active
    * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists
  - use https source urls
* Mon Jun 14 2021 Enzo Matsumiya <ematsumiya@suse.com>
  - Adjust audit.spec and audit-secondary.spec to support new version
  - Include fix for libev
    * add libev-werror.patch
  - Update to version 3.0.2
  - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
  - Optionally interpret auid in auditctl -l
  - Update some syscall argument interpretations
  - In auditd, do not allow spaces in the hostname name format
  - Big documentation cleanup (MIZUTA Takeshi)
  - Update syscall table to the 5.12 kernel
  - Update the auparse normalizer for new event types
  - Fix compiler warnings in ids subsystem
  - Block a couple signals from flush & reconfigure threads
  - In auditd, don't wait on flush thread when exiting
  - Output error message if the path of input files are too long ausearch/report
    Included fixes from 3.0.1
  - Update syscall table to the 5.11 kernel
  - Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
  - Only enable periodic timers when listening on the network
  - Upgrade libev to 4.33
  - Add auparse_new_buffer function to auparse library
  - Use the select libev backend unless aggregating events
  - Add sudoers to some base audit rules
  - Update the auparse normalizer for some new syscalls and event types
    Included fixes from 3.0
  - Generate checkpoint file even when no results are returned (Burn Alting)
  - Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
  - Convert auparse_test to run with python3 (Tomáš Chvátal)
  - Drop support for prelude
  - Adjust backlog_wait_time in rules to the kernel default (#1482848)
  - Remove ids key syntax checking of rules in auditctl
  - Use SIGCONT to dump auditd internal state (#1504251)
  - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
  - Fix parsing of uid & success for ausearch
  - Add support for not equal operator in audit by executable (Ondrej Mosnacek)
  - Hide lru symbols in auparse
  - Add systemd process protections
  - Fix aureport summary time range reporting
  - Allow unlimited retries on startup for remote logging
  - Add queue_depth to remote logging stats and increase default queue_depth size
  - Fix segfault on shutdown
  - Merge auditd and audispd code
  - Close on execute init_pipe fd (#1587995)
  - Breakout audisp syslog plugin to be standalone program
  - Create a common internal library to reduce code
  - Move all audispd config files under /etc/audit/
  - Move audispd.conf settings into auditd.conf
  - Add queue depth statistics to internal state dump report
  - Add network statistics to internal state dump report
  - SIGUSR now also restarts queue processing if its suspended
  - Update lookup tables for the 4.18 kernel
  - Add auparse_normalizer support for SOFTWARE_UPDATE event
  - Add 30-ospp-v42.rules to meet new Common Criteria requirements
  - Deprecate enable_krb and replace with transport config opt for remote logging
  - Mark netlabel events as simple events so that get processed quicker
  - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
  - In aureport, fix segfault in file report
  - Add auparse_normalizer support for labeled networking events
  - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
  - In ausearch/auparse, event aging is off by a second
  - In ausearch/auparse, correct event ordering to process oldest first
  - Migrate auparse python test to python3
  - auparse_reset was not clearing everything it should
  - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
  - In ausearch/report, lightly parse selinux portion of USER_AVC events
  - Add bpf syscall command argument interpretation to auparse
  - In ausearch/report, limit record size when malformed
  - Port af_unix plugin to libev
  - In auditd, fix extract_type function for network originating events
  - In auditd, calculate right size and location for network originating events
  - Make legacy script wait for auditd to terminate (#1643567)
  - Treat all network originating events as VER2 so dispatcher doesn't format it
  - If an event has a node name make it VER2 so dispatcher doesnt format it
  - In audisp-remote do an initial connection attempt (#1625156)
  - In auditd, allow expression of space left as a percentage (#1650670)
  - On PPC64LE systems, only allow 64 bit rules (#1462178)
  - Make some parts of auditd state report optional based on config
  - Update to libev-4.25
  - Fix ausearch when checkpointing a single file (Burn Alting)
  - Fix scripting in 31-privileged.rules wrt filecap (#1662516)
  - In ausearch, do not checkpt if stdin is input source
  - In libev, remove __cold__ attribute for functions to allow proper hardening
  - Add tests to configure.ac for openldap support
  - Make systemd support files use /run rather than /var/run (Christian Hesse)
  - Fix minor memory leak in auditd kerberos credentials code
  - Allow exclude and user filter by executable name (Ondrej Mosnacek)
  - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
  - In ausearch/report fix --end to use midnight time instead of now (#1671338)
  - Add substitue functions for strndupa & rawmemchr
  - Fix memleak in auparse caused by corrected event ordering
  - Fix legacy reload script to reload audit rules when daemon is reloaded
  - Support for unescaping in trusted messages (Dmitry Voronin)
  - In auditd, use standard template for DEAMON events (Richard Guy Briggs)
  - In aureport, fix segfault for malformed USER_CMD events
  - Add exe field to audit_log_user_command in libaudit
  - In auditctl support filter on socket address families (Richard Guy Briggs)
  - Deprecate support for Alpha & IA64 processors
  - If space_left_action is rotate, allow it every time (#1718444)
  - In auparse, drop standalone EOE events
  - Add milliseconds column for ausearch extra time csv format
  - Fix aureport first event reporting when no start given
  - In audisp-remote, add new config item for startup connection errors
  - Remove dependency on chkconfig
  - Install rules to /usr/share/audit/sample-rules/
  - Split up ospp rules to make SCAP scanning easier (#1746018)
  - In audisp-syslog, support interpreting records (#1497279)
  - Audit USER events now sends msg as name value pair
  - Add support for AUDIT_BPF event
  - Auditd should not process AUDIT_REPLACE events
  - Update syscall tables to the 5.5 kernel
  - Improve personality interpretation by using PERS_MASK
  - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
  - Change auparse python bindings to shared object (Issue #121)
  - Add error messages for watch permissions
  - If audit rules file doesn't exist log error message instead of info message
  - Revise error message for unmatched options in auditctl
  - In audisp-remote, fixup remote endpoint disappearin in ascii format
  - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
  - In auditctl, add support for sending a signal to auditd
  - Remove audit-fno-common.patch: fixed in upstream
  - Remove audit-python3.patch: fixed in upstream

Files

/etc/libaudit.conf
/usr/lib64/libaudit.so.1
/usr/lib64/libaudit.so.1.0.0
/usr/share/man/man5/libaudit.conf.5.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Oct 9 02:19:17 2024