From 2188d5b09b8f79cce935890ad814b0afafa09b9c Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Fri, 13 Nov 2015 04:48:48 -0500 Subject: audit: upgrade 2.4.3 -> 2.4.4 * rebase patch audit-python-configure.patch * 2.4.4 includes CVE-2015-5186 and bug fixes, detials refer to: http://people.redhat.com/sgrubb/audit/ChangeLog Signed-off-by: Wenzong Fan Signed-off-by: Joe MacDonald --- .../audit/audit/audit-python-configure.patch | 7 +- recipes-security/audit/audit_2.4.3.bb | 100 --------------------- recipes-security/audit/audit_2.4.4.bb | 100 +++++++++++++++++++++ 3 files changed, 104 insertions(+), 103 deletions(-) delete mode 100644 recipes-security/audit/audit_2.4.3.bb create mode 100644 recipes-security/audit/audit_2.4.4.bb (limited to 'recipes-security/audit') diff --git a/recipes-security/audit/audit/audit-python-configure.patch b/recipes-security/audit/audit/audit-python-configure.patch index d9b0829..b47cf5d 100644 --- a/recipes-security/audit/audit/audit-python-configure.patch +++ b/recipes-security/audit/audit/audit-python-configure.patch @@ -7,12 +7,13 @@ Upstream-Status: pending Signed-off-by: Xin Ouyang Signed-off-by: Li Xin +Signed-off-by: Wenzong Fan --- configure.ac | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/configure.ac b/configure.ac -index 4be62a3..d1842e2 100644 +index 1f48cb4..cdb5219 100644 --- a/configure.ac +++ b/configure.ac @@ -94,21 +94,8 @@ if test x$use_python = xno ; then @@ -29,7 +30,7 @@ index 4be62a3..d1842e2 100644 -else - python_found="no" - if test x$use_python = xyes ; then -- AC_MSG_ERROR([Python explicitly required and python headers found]) +- AC_MSG_ERROR([Python explicitly requested and python headers were not found]) - else - AC_MSG_WARN("Python headers not found - python bindings will not be made") - fi @@ -40,5 +41,5 @@ index 4be62a3..d1842e2 100644 AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes") -- -1.8.4.2 +1.9.1 diff --git a/recipes-security/audit/audit_2.4.3.bb b/recipes-security/audit/audit_2.4.3.bb deleted file mode 100644 index f0fa949..0000000 --- a/recipes-security/audit/audit_2.4.3.bb +++ /dev/null @@ -1,100 +0,0 @@ -SUMMARY = "User space tools for kernel auditing" -DESCRIPTION = "The audit package contains the user space utilities for \ -storing and searching the audit records generated by the audit subsystem \ -in the Linux kernel." -HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" -SECTION = "base" -PR = "r8" -LICENSE = "GPLv2+ & LGPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" - -SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \ - file://audit-python-configure.patch \ - file://audit-python.patch \ - file://fix-swig-host-contamination.patch \ - file://auditd \ - file://auditd.service \ - file://audit-volatile.conf \ - file://audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch \ -" -SRC_URI[md5sum] = "544d863af2016b76afd8d1691b251164" -SRC_URI[sha256sum] = "9c914704fecc602e143e37152f3efbab2469692684c1a8cc1b801c1b49c7abc6" - -inherit autotools pythonnative update-rc.d systemd - -UPDATERCPN = "auditd" -INITSCRIPT_NAME = "auditd" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE_${PN} = "auditd.service" - -DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)" - -EXTRA_OECONF += "--without-prelude \ - --with-libwrap \ - --enable-gssapi-krb5=no \ - --with-libcap-ng=yes \ - --with-python=yes \ - --libdir=${base_libdir} \ - --sbindir=${base_sbindir} \ - --without-python3 \ - --disable-zos-remote \ - " -EXTRA_OECONF_append_arm = " --with-arm=yes" - -EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \ - PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ - pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ - STDINC='${STAGING_INCDIR}' \ - " - -SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" -DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ -interface to the audit system, audispd. These plugins can do things \ -like relay events to remote machines or analyze events for suspicious \ -behavior." - -PACKAGES =+ "audispd-plugins" -PACKAGES += "auditd ${PN}-python" - -FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" -FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \ - ${sysconfdir}/audisp/plugins.d/au-remote.conf \ - ${sbindir}/audisp-remote ${localstatedir}/spool/audit \ - " -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" -FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la ${base_libdir}/pkgconfig/*" - -CONFFILES_auditd += "${sysconfdir}/audit/audit.rules" -RDEPENDS_auditd += "bash" - -do_install_append() { - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la - - # reuse auditd config - [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default - mv ${D}/etc/sysconfig/auditd ${D}/etc/default - rmdir ${D}/etc/sysconfig/ - - # replace init.d - install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd - rm -rf ${D}/etc/rc.d - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d/ - install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ - fi - - # install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system - - chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d - chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules - - # Based on the audit.spec "Copy default rules into place on new installation" - cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules -} diff --git a/recipes-security/audit/audit_2.4.4.bb b/recipes-security/audit/audit_2.4.4.bb new file mode 100644 index 0000000..55a5b12 --- /dev/null +++ b/recipes-security/audit/audit_2.4.4.bb @@ -0,0 +1,100 @@ +SUMMARY = "User space tools for kernel auditing" +DESCRIPTION = "The audit package contains the user space utilities for \ +storing and searching the audit records generated by the audit subsystem \ +in the Linux kernel." +HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" +SECTION = "base" +PR = "r8" +LICENSE = "GPLv2+ & LGPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" + +SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \ + file://audit-python-configure.patch \ + file://audit-python.patch \ + file://fix-swig-host-contamination.patch \ + file://auditd \ + file://auditd.service \ + file://audit-volatile.conf \ + file://audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch \ +" +SRC_URI[md5sum] = "72b0fd94d32846142bc472f0d91e62b4" +SRC_URI[sha256sum] = "25f57f465f3230d7b1166b615ffd6748818a3dc225d0e8b396c5b2e951674e23" + +inherit autotools pythonnative update-rc.d systemd + +UPDATERCPN = "auditd" +INITSCRIPT_NAME = "auditd" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE_${PN} = "auditd.service" + +DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)" + +EXTRA_OECONF += "--without-prelude \ + --with-libwrap \ + --enable-gssapi-krb5=no \ + --with-libcap-ng=yes \ + --with-python=yes \ + --libdir=${base_libdir} \ + --sbindir=${base_sbindir} \ + --without-python3 \ + --disable-zos-remote \ + " +EXTRA_OECONF_append_arm = " --with-arm=yes" + +EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \ + PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ + pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ + STDINC='${STAGING_INCDIR}' \ + " + +SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" +DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ +interface to the audit system, audispd. These plugins can do things \ +like relay events to remote machines or analyze events for suspicious \ +behavior." + +PACKAGES =+ "audispd-plugins" +PACKAGES += "auditd ${PN}-python" + +FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" +FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" +FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \ + ${sysconfdir}/audisp/plugins.d/au-remote.conf \ + ${sbindir}/audisp-remote ${localstatedir}/spool/audit \ + " +FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" +FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" +FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la ${base_libdir}/pkgconfig/*" + +CONFFILES_auditd += "${sysconfdir}/audit/audit.rules" +RDEPENDS_auditd += "bash" + +do_install_append() { + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la + + # reuse auditd config + [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default + mv ${D}/etc/sysconfig/auditd ${D}/etc/default + rmdir ${D}/etc/sysconfig/ + + # replace init.d + install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd + rm -rf ${D}/etc/rc.d + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ + fi + + # install systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system + + chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d + chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules + + # Based on the audit.spec "Copy default rules into place on new installation" + cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules +} -- cgit v1.2.3-54-g00ecf