From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: audit 2.8.5 released Date: Fri, 01 Mar 2019 16:33:59 -0500 Message-ID: <1745421.1OG1CDpRsM@x2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from x2.localnet (ovpn-123-97.rdu2.redhat.com [10.10.123.97]) by smtp.corp.redhat.com (Postfix) with ESMTP id E68311001DF8 for ; Fri, 1 Mar 2019 21:33:59 +0000 (UTC) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Linux Audit List-Id: linux-audit@redhat.com Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - Fix segfault on shutdown - Fix hang on startup (#1587995) - Add sleep to script to dump state so file is ready when needed - Add auparse_normalizer support for SOFTWARE_UPDATE event - Mark netlabel events as simple events so that get processed quicker - When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Update lookup tables for the 4.18 kernel - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - Event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - In ausearch/report, limit record size when malformed - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Treat all network originating events as VER2 so dispatcher doesn't format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) This is a big update to the maintenance branch of the audit package. All of the fixes included here are cherry picked fixes from the audit-3.0 development branch. This might be the last release for the 2.8 code base. We'll just have to see. Work on the audit-3.0 release is waiting for the audit container work to land and then should be released soon thereafter. (Just in case people were wonder what is holding up an official audit-3.0 release.) SHA256: 0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7 Please let me know if you run across any problems with this release. -Steve