From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-audit-bounces@redhat.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 9756AECAAD2
	for <linux-audit@archiver.kernel.org>; Mon, 29 Aug 2022 22:18:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1661811516;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=81IGptMWRlT4Wz77wSujsc0D4X7iLD+4m6cK3LL9wo4=;
	b=dJm5f8bmtZCqWleU3/9Zs4hg+KAXzvwyy+gUFr8/nL/SwXcCR2ItY3/GCzaBQ/CIQ6nKs+
	R/xWJDY3JRbnqr6HU8RhqnPj5V5V188ZHEH0haa08mUWCriPIkwIDYwQSVH5Mw1U/gF4ZG
	SEmBeeHEZfm6di6UxWDvUvfaEdAut+o=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-518-G74W6bPJPwe49Nrr4AUa2w-1; Mon, 29 Aug 2022 18:18:33 -0400
X-MC-Unique: G74W6bPJPwe49Nrr4AUa2w-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 18BA33C0D18A;
	Mon, 29 Aug 2022 22:18:32 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 7459540C141D;
	Mon, 29 Aug 2022 22:18:29 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 4E3E31946A42;
	Mon, 29 Aug 2022 22:18:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
 [10.11.54.4])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 0C9CB1946A40 for <linux-audit@listman.corp.redhat.com>;
 Mon, 29 Aug 2022 22:18:28 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id E266E2026D64; Mon, 29 Aug 2022 22:18:27 +0000 (UTC)
Received: from x2.localnet (unknown [10.22.18.150])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id CCDC82026D4C
 for <linux-audit@redhat.com>; Mon, 29 Aug 2022 22:18:27 +0000 (UTC)
From: Steve Grubb <sgrubb@redhat.com>
To: Linux Audit <linux-audit@redhat.com>
Subject: audit-3.0.9 released
Date: Mon, 29 Aug 2022 18:18:27 -0400
Message-ID: <5219086.31r3eYUQgx@x2>
Organization: Red Hat
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-BeenThere: linux-audit@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Linux Audit Discussion <linux-audit.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/linux-audit>,
 <mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/linux-audit/>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/linux-audit>,
 <mailto:linux-audit-request@redhat.com?subject=subscribe>
Errors-To: linux-audit-bounces@redhat.com
Sender: "Linux-audit" <linux-audit-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hello,

I've just released a new version of the audit daemon. It can be
downloaded from http://people.redhat.com/sgrubb/audit. It will also be
in rawhide soon. The ChangeLog is:

- In auditd, release the async flush lock on stop
- Don't allow auditd to log directly into /var/log when log_group is non-zero
- Cleanup krb5 memory leaks on error paths
- Update auditd.cron to use auditctl --signal
- In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
- In auparse, special case kernel module name interpretation
- If overflow_action is ignore, don't treat as an error

The main driver for this release is to update the kerberos code. It could 
leak memory on certain error conditions. Also added in this release is 
support for records with more than 36 fields. Auditing execve calls would be 
the only way that it might have fell short. Now the field array is realloced 
bigger on demand. And one last item is that the kernel module name was not 
being interpreted correctly. Due to the field name being the same as a file 
path, it was being processed like a path instead of an escaped name.

SHA256: fd9570444df1573a274ca8ba23590082298a083cfc0618138957f590e845bc78

Please let me know if you run across any problems with this release.

-Steve


--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit