audit 2.7.5 released - Steve Grubb

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: audit 2.7.5 released
Date: Mon, 10 Apr 2017 14:43:41 -0400	[thread overview]
Message-ID: <1532644.lcFAHzg6gT@x2> (raw)

Hello,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:

- In auparse, output socket family name if unsupported but known
- In auparse, store arch & syscall fields in SECCOMP records for 
interpretation
- In auparse_normalize, create an event_kind for seccomp events
- In auparse, when interpreting discard 'unknown' enriched fields

This release has less development than normal. This is because I run across 
two bugs that I thought merit getting an updated audit daemon out sooner than 
later. The first bug was reported Laurent Bigonville where it was noticed that 
ausearch could be caused to segfault when it encountered a PF_PACKET socket 
address.

The other bug was that SECCOMP events were not resolving the syscall when the 
enriched event logging format was being used. This was corrected both in the 
creation of records and in searching records that already had bad data in 
them.

SHA256: 9ca4142fb6809367070a3f3449979055fa2daeb12a0a88c4874a0cfd02133922

Please let me know if you run across any problems with this release.

-Steve

                 reply	other threads:[~2017-04-10 18:43 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1532644.lcFAHzg6gT@x2 \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.