From d05091114e9b1a79e8a190789b49ba9b66790e8e Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Sep 03 2007 15:33:16 +0000 Subject: - Update s-c-audit to version 0.4.3 - Fix reference counting in auparse python bindings (#263961) --- diff --git a/audit-1.3.1-python.patch b/audit-1.3.1-python.patch deleted file mode 100644 index 936a036..0000000 --- a/audit-1.3.1-python.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -ur audit-1.3.1.orig/audisp/Makefile audit-1.3.1/audisp/Makefile ---- audit-1.3.1.orig/audisp/Makefile 2006-12-21 19:10:45.000000000 -0500 -+++ audit-1.3.1/audisp/Makefile 2006-12-21 19:11:04.000000000 -0500 -@@ -1,6 +1,6 @@ - # Installation directories. - PREFIX ?= $(DESTDIR)/usr --LIBDIR ?= $(PREFIX)/lib/python2.4/site-packages -+LIBDIR ?= $(PREFIX)/lib/python2.5/site-packages - SBINDIR ?= $(DESTDIR)/sbin - LIB=AuditMsg.py - -diff -ur audit-1.3.1.orig/configure.ac audit-1.3.1/configure.ac ---- audit-1.3.1.orig/configure.ac 2006-12-21 19:10:45.000000000 -0500 -+++ audit-1.3.1/configure.ac 2006-12-21 19:11:37.000000000 -0500 -@@ -39,7 +39,7 @@ - AM_INIT_AUTOMAKE - AM_PROG_LIBTOOL - AC_SUBST(LIBTOOL_DEPS) --AM_PATH_PYTHON(2.4) -+AM_PATH_PYTHON - - echo . - echo Checking for programs -diff -ur audit-1.3.1.orig/src/ausearch-lookup.c audit-1.3.1/src/ausearch-lookup.c ---- audit-1.3.1.orig/src/ausearch-lookup.c 2006-12-21 19:10:45.000000000 -0500 -+++ audit-1.3.1/src/ausearch-lookup.c 2006-12-21 20:10:06.000000000 -0500 -@@ -24,6 +24,7 @@ - #include "config.h" - #include - #include -+#include // to work around buggy kernel headers - #include - #include "ausearch-lookup.h" - #include "ausearch-options.h" diff --git a/audit-1.6-python.patch b/audit-1.6-python.patch new file mode 100644 index 0000000..277e6d5 --- /dev/null +++ b/audit-1.6-python.patch @@ -0,0 +1,44 @@ +diff -ur /home/mitr/a/audit-1.6/bindings/python/auparse_python.c audit-1.6/bindings/python/auparse_python.c +--- /home/mitr/a/audit-1.6/bindings/python/auparse_python.c 2007-05-30 22:37:40.000000000 +0200 ++++ audit-1.6/bindings/python/auparse_python.c 2007-08-29 18:03:35.000000000 +0200 +@@ -57,8 +57,8 @@ + { + if (self->sec == NULL) { + if ((self->sec = PyInt_FromLong(self->event.sec)) == NULL) return NULL; +- Py_INCREF(self->sec); + } ++ Py_INCREF(self->sec); + return self->sec; + } + +@@ -67,8 +67,8 @@ + { + if (self->milli == NULL) { + if ((self->milli = PyInt_FromLong(self->event.milli)) == NULL) return NULL; +- Py_INCREF(self->milli); + } ++ Py_INCREF(self->milli); + return self->milli; + } + +@@ -77,8 +77,8 @@ + { + if (self->serial == NULL) { + if ((self->serial = PyInt_FromLong(self->event.serial)) == NULL) return NULL; +- Py_INCREF(self->serial); + } ++ Py_INCREF(self->serial); + return self->serial; + } + +@@ -88,7 +88,9 @@ + if (self->event.host == NULL) { + Py_RETURN_NONE; + } else { +- if ((self->host = PyString_FromString(self->event.host)) == NULL) return NULL; ++ if (self->host == NULL) { ++ if ((self->host = PyString_FromString(self->event.host)) == NULL) return NULL; ++ } + Py_INCREF(self->host); + return self->host; + } diff --git a/audit.spec b/audit.spec index 64e25f7..21369c0 100644 --- a/audit.spec +++ b/audit.spec @@ -1,14 +1,17 @@ -%define sca_version 0.4.2 +%define sca_version 0.4.3 +%define sca_release 1 Summary: User space tools for 2.6 kernel auditing Name: audit Version: 1.5.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: %{name}-%{version}.tar.gz Patch1: audit-1.5.7-updates.patch +Patch2: s-c-audit-0.4.3.patch +Patch3: audit-1.6-python.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gettext-devel intltool libtool swig python-devel BuildRequires: kernel-headers >= 2.6.18 @@ -55,17 +58,10 @@ Requires: %{name}-libs = %{version}-%{release} The audit-libs-python package contains the bindings so that libaudit and libauparse can be used by python. -%package audispd-plugins -Summary: Default plugins for the audit dispatcher -License: LGPL -Group: System Environment/Daemons - -%description audispd-plugins -The audispd-plugins package contains plugins for the audit dispatcher. - %package -n system-config-audit Summary: Utility for editing audit configuration Version: %{sca_version} +Release: %{sca_release}%{?dist} License: GPL Group: Applications/System Requires: pygtk2-libglade usermode usermode-gtk @@ -76,8 +72,11 @@ An utility for editing audit configuration. %prep %setup -q %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build +(cd system-config-audit; ./autogen.sh) aclocal && autoconf && autoheader && automake %configure --sbindir=/sbin --libdir=/%{_lib} make @@ -162,6 +161,7 @@ fi %files libs-devel %defattr(-,root,root) +%doc contrib/skeleton.c %{_libdir}/libaudit.a %{_libdir}/libauparse.a %{_libdir}/libaudit.so @@ -179,7 +179,7 @@ fi %files %defattr(-,root,root,-) -%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron +%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules init.d/auditd.cron %attr(0644,root,root) %{_mandir}/man8/* %attr(0644,root,root) %{_mandir}/man5/* %attr(750,root,root) /sbin/auditctl @@ -214,6 +214,10 @@ fi %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server %changelog +* Mon Sep 03 2007 Steve Grubb 1.5.6-2 +- Update s-c-audit to version 0.4.3 +- Fix reference counting in auparse python bindings (#263961) + * Tue Aug 28 2007 Steve Grubb 1.5.6-1 - New upstream version diff --git a/s-c-audit-0.4.3.patch b/s-c-audit-0.4.3.patch new file mode 100644 index 0000000..07c9331 --- /dev/null +++ b/s-c-audit-0.4.3.patch @@ -0,0 +1,124 @@ +diff -ur audit-1.5.6.orig/system-config-audit/ChangeLog audit-1.5.6/system-config-audit/ChangeLog +--- audit-1.5.6.orig/system-config-audit/ChangeLog 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/ChangeLog 2007-08-28 14:20:16.000000000 -0400 +@@ -1,3 +1,21 @@ ++2007-08-28 Miloslav Trmač ++ ++ * configure.ac: Release 0.4.3. ++ * NEWS: Update. ++ ++ * src/audit_rules.py (Field.option_text): New parameter rule. Use ++ -p only in rules with -w, -F perm= otherwise. ++ (Rule.command_text): Add -k only after -S. ++ ++2007-08-02 Miloslav Trmač ++ ++ * src/main_window.py (N_): Remove useless definition. ++ ++2007-07-23 Miloslav Trmač ++ ++ * src/watch_list_dialog.py (_WatchTable._validate_rule): Fix a ++ crash when the rule has no AUDIT_WATCH or AUDIT_PERM field. ++ + 2007-07-17 Miloslav Trmač + + * system-config-audit.desktop.in (Categories): Add System, to move the +diff -ur audit-1.5.6.orig/system-config-audit/configure.ac audit-1.5.6/system-config-audit/configure.ac +--- audit-1.5.6.orig/system-config-audit/configure.ac 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/configure.ac 2007-08-28 14:08:59.000000000 -0400 +@@ -1,5 +1,5 @@ + # Process this file with autoconf to produce a configure script. +-AC_INIT([system-config-audit], [0.4.2], [mitr@redhat.com]) ++AC_INIT([system-config-audit], [0.4.3], [mitr@redhat.com]) + AC_COPYRIGHT( + [Copyright (C) 2007 Red Hat, Inc. All rights reserved. + +diff -ur audit-1.5.6.orig/system-config-audit/NEWS audit-1.5.6/system-config-audit/NEWS +--- audit-1.5.6.orig/system-config-audit/NEWS 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/NEWS 2007-08-28 14:08:59.000000000 -0400 +@@ -1,5 +1,10 @@ ++Changes in release 0.4.3: ++* Fix order of -k and -S, and using -p without -w, in audit rules ++* Fix a crash validating a non-watch rule ++* Move the menu entry to the Administration submenu in GNOME ++ + Changes in release 0.4.2: +-* Modify to run on RHEL 5. ++* Modify to run on RHEL 5 + + Changes in release 0.4.1: + * Add an install-fedora Makefile target +diff -ur audit-1.5.6.orig/system-config-audit/src/audit_rules.py audit-1.5.6/system-config-audit/src/audit_rules.py +--- audit-1.5.6.orig/system-config-audit/src/audit_rules.py 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/src/audit_rules.py 2007-08-28 14:08:59.000000000 -0400 +@@ -347,13 +347,18 @@ + self.op = self.OP_EQ + self.value = self.get_field_type(self.var).parse_value(string, self.op) + +- def option_text(self): +- '''Return a string representing this field as an auditctl option.''' ++ def option_text(self, rule): ++ '''Return a string representing this field as an auditctl option. ++ ++ Use rule to determine the correct syntax. ++ ++ ''' + val = self._value_text() + if self.var == audit.AUDIT_FILTERKEY: + assert self.op == self.OP_EQ + return '-k %s' % val +- elif self.var == audit.AUDIT_PERM: ++ elif (self.var == audit.AUDIT_PERM and ++ len([f for f in rule.fields if f.var == audit.AUDIT_WATCH]) == 1): + assert self.op == self.OP_EQ + return '-p %s' % val + else: +@@ -443,16 +448,21 @@ + o.append('-w %s' % watches[0].value) + watch_used = True + # Add fields before syscalls because -F arch=... may change the meaning +- # of syscall names ++ # of syscall names. But add AUDIT_FILTERKEY only after -S, auditctl ++ # stubbornly insists on that order. + for f in self.fields: +- if f.var != audit.AUDIT_WATCH or not watch_used: +- o.append(f.option_text()) ++ if (f.var != audit.AUDIT_FILTERKEY and ++ (f.var != audit.AUDIT_WATCH or not watch_used)): ++ o.append(f.option_text(self)) + if list is not rules.exclude_rules: + for s in self.syscalls: + if s == self.SYSCALLS_ALL: + o.append('-S all') + else: + o.append('-S %s' % util.syscall_string(s, self.machine)) ++ for f in self.fields: ++ if f.var == audit.AUDIT_FILTERKEY: ++ o.append(f.option_text(self)) + return ' '.join(o) + + def __eq__(self, rule): +diff -ur audit-1.5.6.orig/system-config-audit/src/main_window.py audit-1.5.6/system-config-audit/src/main_window.py +--- audit-1.5.6.orig/system-config-audit/src/main_window.py 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/src/main_window.py 2007-08-28 14:08:59.000000000 -0400 +@@ -32,8 +32,6 @@ + import settings + import util + +-def N_(s): return s +- + def exit_watch_rules(rules): + '''Split exit rules to lists for WatchListDialog and RuleListDialog. + +diff -ur audit-1.5.6.orig/system-config-audit/src/server.c audit-1.5.6/system-config-audit/src/server.c +--- audit-1.5.6.orig/system-config-audit/src/server.c 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/src/server.c 2007-08-28 14:08:59.000000000 -0400 +@@ -200,7 +200,7 @@ + err = errno; + goto err_fd; + } +- if (st.st_size > SIZE_MAX) ++ if (st.st_size > (off_t)SIZE_MAX) + { + err = EFBIG; + goto err_fd;