audit 2.7.6 released

audit 2.7.6 released

[Steve Grubb]

Hello,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:

- In auparse_nomalize, assign user-login as the event kind for AUDIT_LOGIN
- In auparse_normalize, move GRP_AUTH to its own event kind, group-change
- In auparse_normalize, assign obj_kind values for some group events
- In auparse_normalize, assign obj_kind values to some MAC events
- In auparse_normalize, try harder to find object for CONFIG_CHANGE events
- In auparse_normalize, correct the primary subject field for USER_LOGIN 
events
- In auparse_normalize, correct the primary object field for USER_LOGIN events
- Make string lookup tables more robust against bad input
- In auparse, make printing lists more robust against bad input
- In auparse, make unescaping more robust against bad input
- Make ausearch/report a little more robust to bad input
- Fix a memory leak in auparse when extracting a buggy date
- In ausearch --format mode, load interpretations for enriched events
- In auparse, load interpretations for feed events
- In audisp-remote, check for stop if stdin is a pipe (#1443107)

This release continues adjusting the normalizer mappings. I also spent some 
time fuzzing the logs and making the utilities more robust. This in theory 
should never be a problem because the logs are supposed to be well formed from 
the beginning. But just in case...its batter now.

I did find a problem where events that were coming in through the feed API of 
auparse were not getting the enriched event information loaded. That is now 
fixed. And we had a report of the audisp-remote plugin getting into an 
infinite loop if the remote server filled its disk and the remote plugin was 
supposed to stop on disk full.

SHA256: fa65289cffdc95a25bfbdba541f43ee1b12c707090a38fd027dcf9354b9014e7

Please let me know if you run across any problems with this release.

-Steve