diff options
| author | T.O. Radzy Radzykewycz <radzy@windriver.com> | 2016-02-29 14:50:37 -0800 |
|---|---|---|
| committer | Philip Tricca <flihp@twobit.us> | 2016-03-06 23:51:33 +0000 |
| commit | 41a20c43a3b3b66d505ed64fd9d48fd293697496 (patch) | |
| tree | b23c4e69e37b711b33f8d52e7b73ccc78d440cc0 | |
| parent | 1df7cefdbfc7a7ec18e7c1d4e5f37fb4bcacc9ae (diff) | |
| download | meta-selinux-41a20c43a3b3b66d505ed64fd9d48fd293697496.tar.gz | |
audit: upgrade 2.4.4 -> 2.5
* rebase patch audit-python-configure.patch
* remove audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
as it had already been applied upstream
* 2.5 includes miscellaneous enhancements and fixes:
2.5
- Make augenrules the default method to load audit rules
- Put rules in its own directory and break out rules into groups
- Have auditd do a fsync before closing log
- Make default flush setting larger
- In auparse. terminate the generated strings (Burn Alting)
- In auditd, add incremental_async flushing mode
- Clean up dangling fields in DAEMON events
- Add audit by process name support to auditctl (Richard Briggs)
- Relax permissions on systemd files
- Fix auparse to handle interlaced events (Burn Alting)
- Allow more syslog facilities in audispd-syslog (Aleksander Adamowski)
2.4.5
- Fix auditd disk flushing for data and sync modes
- Fix auditctl to not show options not supported on older OS
- Add audit.m4 file to aid adding support to other projects
- Fix C99 inline function build issue
- Add account lock and unlock event types
- Change logging loophole check to geteuid()
- Fix ausearch to not consider AUDIT_PROCTITLE events malformed (Burn Alting)
- Fix ausearch to parse FEATURE_CHANGE events
( From http://people.redhat.com/sgrubb/audit/ChangeLog )
Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
| -rw-r--r-- | recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch | 71 | ||||
| -rw-r--r-- | recipes-security/audit/audit/audit-python-configure.patch | 3 | ||||
| -rw-r--r-- | recipes-security/audit/audit_2.5.bb (renamed from recipes-security/audit/audit_2.4.4.bb) | 14 |
3 files changed, 10 insertions, 78 deletions
diff --git a/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch b/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch deleted file mode 100644 index 578cfc1..0000000 --- a/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch +++ /dev/null | |||
| @@ -1,71 +0,0 @@ | |||
| 1 | From 15036dd4fa9eb209f5e148c6f7ee081f5ca78fa4 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Wenzong Fan <wenzong.fan@windriver.com> | ||
| 3 | Date: Fri, 11 Sep 2015 03:37:13 -0400 | ||
| 4 | Subject: [PATCH] audit/auvirt: get inline functions work with both gnu89 & gnu11 | ||
| 5 | |||
| 6 | After gcc upgraded to gcc5, and if the codes are compiled without | ||
| 7 | optimization (-O0), and the below error will happen: | ||
| 8 | |||
| 9 | auvirt.c:484: undefined reference to `copy_str' | ||
| 10 | auvirt.c:667: undefined reference to `is_resource' | ||
| 11 | collect2: error: ld returned 1 exit status | ||
| 12 | |||
| 13 | gcc5 defaults to -std=gnu11 instead of -std=gnu89, and it requires that | ||
| 14 | exactly one C source file has the callable copy of the inline function. | ||
| 15 | Consider the following program: | ||
| 16 | |||
| 17 | inline int | ||
| 18 | foo (void) | ||
| 19 | { | ||
| 20 | return 42; | ||
| 21 | } | ||
| 22 | |||
| 23 | int | ||
| 24 | main (void) | ||
| 25 | { | ||
| 26 | return foo (); | ||
| 27 | } | ||
| 28 | |||
| 29 | The program above will not link with the C99 inline semantics, because | ||
| 30 | no out-of-line function foo is generated. To fix this, either mark the | ||
| 31 | function foo as static, or add the following declaration: | ||
| 32 | |||
| 33 | static inline int foo (void); | ||
| 34 | |||
| 35 | More information refer to: https://gcc.gnu.org/gcc-5/porting_to.html | ||
| 36 | |||
| 37 | Note: using "extern inline" will fail to build with gcc4.x, so replace | ||
| 38 | inline with "static inline". | ||
| 39 | |||
| 40 | Upstream-Status: Pending | ||
| 41 | |||
| 42 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
| 43 | --- | ||
| 44 | tools/auvirt/auvirt.c | 4 ++-- | ||
| 45 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
| 46 | |||
| 47 | diff --git a/tools/auvirt/auvirt.c b/tools/auvirt/auvirt.c | ||
| 48 | index 655c454..b16d718 100644 | ||
| 49 | --- a/tools/auvirt/auvirt.c | ||
| 50 | +++ b/tools/auvirt/auvirt.c | ||
| 51 | @@ -138,7 +138,7 @@ void event_free(struct event *event) | ||
| 52 | } | ||
| 53 | } | ||
| 54 | |||
| 55 | -inline char *copy_str(const char *str) | ||
| 56 | +static inline char *copy_str(const char *str) | ||
| 57 | { | ||
| 58 | return (str) ? strdup(str) : NULL; | ||
| 59 | } | ||
| 60 | @@ -650,7 +650,7 @@ int process_control_event(auparse_state_t *au) | ||
| 61 | return 0; | ||
| 62 | } | ||
| 63 | |||
| 64 | -inline int is_resource(const char *res) | ||
| 65 | +static inline int is_resource(const char *res) | ||
| 66 | { | ||
| 67 | if (res == NULL || | ||
| 68 | res[0] == '\0' || | ||
| 69 | -- | ||
| 70 | 1.9.1 | ||
| 71 | |||
diff --git a/recipes-security/audit/audit/audit-python-configure.patch b/recipes-security/audit/audit/audit-python-configure.patch index b47cf5d..cb62ec3 100644 --- a/recipes-security/audit/audit/audit-python-configure.patch +++ b/recipes-security/audit/audit/audit-python-configure.patch | |||
| @@ -8,6 +8,7 @@ Upstream-Status: pending | |||
| 8 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> | 8 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> |
| 9 | Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> | 9 | Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> |
| 10 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | 10 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> |
| 11 | Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com> | ||
| 11 | --- | 12 | --- |
| 12 | configure.ac | 17 ++--------------- | 13 | configure.ac | 17 ++--------------- |
| 13 | 1 file changed, 2 insertions(+), 15 deletions(-) | 14 | 1 file changed, 2 insertions(+), 15 deletions(-) |
| @@ -29,7 +30,7 @@ index 1f48cb4..cdb5219 100644 | |||
| 29 | - AC_MSG_NOTICE(Python bindings will be built) | 30 | - AC_MSG_NOTICE(Python bindings will be built) |
| 30 | -else | 31 | -else |
| 31 | - python_found="no" | 32 | - python_found="no" |
| 32 | - if test x$use_python = xyes ; then | 33 | - if test "x$use_python" = xyes ; then |
| 33 | - AC_MSG_ERROR([Python explicitly requested and python headers were not found]) | 34 | - AC_MSG_ERROR([Python explicitly requested and python headers were not found]) |
| 34 | - else | 35 | - else |
| 35 | - AC_MSG_WARN("Python headers not found - python bindings will not be made") | 36 | - AC_MSG_WARN("Python headers not found - python bindings will not be made") |
diff --git a/recipes-security/audit/audit_2.4.4.bb b/recipes-security/audit/audit_2.5.bb index 55a5b12..7affecd 100644 --- a/recipes-security/audit/audit_2.4.4.bb +++ b/recipes-security/audit/audit_2.5.bb | |||
| @@ -4,21 +4,19 @@ storing and searching the audit records generated by the audit subsystem \ | |||
| 4 | in the Linux kernel." | 4 | in the Linux kernel." |
| 5 | HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" | 5 | HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" |
| 6 | SECTION = "base" | 6 | SECTION = "base" |
| 7 | PR = "r8" | ||
| 8 | LICENSE = "GPLv2+ & LGPLv2+" | 7 | LICENSE = "GPLv2+ & LGPLv2+" |
| 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" | 8 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" |
| 10 | 9 | ||
| 11 | SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \ | 10 | SRC_URI = "http://people.redhat.com/sgrubb/${BPN}/${BPN}-${PV}.tar.gz \ |
| 12 | file://audit-python-configure.patch \ | 11 | file://audit-python-configure.patch \ |
| 13 | file://audit-python.patch \ | 12 | file://audit-python.patch \ |
| 14 | file://fix-swig-host-contamination.patch \ | 13 | file://fix-swig-host-contamination.patch \ |
| 15 | file://auditd \ | 14 | file://auditd \ |
| 16 | file://auditd.service \ | 15 | file://auditd.service \ |
| 17 | file://audit-volatile.conf \ | 16 | file://audit-volatile.conf \ |
| 18 | file://audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch \ | ||
| 19 | " | 17 | " |
| 20 | SRC_URI[md5sum] = "72b0fd94d32846142bc472f0d91e62b4" | 18 | SRC_URI[md5sum] = "e721d48f3e1927c84b7c176b3bdbc443" |
| 21 | SRC_URI[sha256sum] = "25f57f465f3230d7b1166b615ffd6748818a3dc225d0e8b396c5b2e951674e23" | 19 | SRC_URI[sha256sum] = "9b0a0760c6f37d80cbbfe46a74db722e60ac8100b28eb31953878ffca8ac14b4" |
| 22 | 20 | ||
| 23 | inherit autotools pythonnative update-rc.d systemd | 21 | inherit autotools pythonnative update-rc.d systemd |
| 24 | 22 | ||
| @@ -87,11 +85,15 @@ do_install_append() { | |||
| 87 | install -d ${D}${sysconfdir}/tmpfiles.d/ | 85 | install -d ${D}${sysconfdir}/tmpfiles.d/ |
| 88 | install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ | 86 | install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ |
| 89 | fi | 87 | fi |
| 90 | 88 | ||
| 91 | # install systemd unit files | 89 | # install systemd unit files |
| 92 | install -d ${D}${systemd_unitdir}/system | 90 | install -d ${D}${systemd_unitdir}/system |
| 93 | install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system | 91 | install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system |
| 94 | 92 | ||
| 93 | # audit-2.5 doesn't install any rules by default, so we do that here | ||
| 94 | mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d | ||
| 95 | cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules | ||
| 96 | |||
| 95 | chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d | 97 | chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d |
| 96 | chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules | 98 | chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules |
| 97 | 99 | ||