* rebase patch audit-python-configure.patch * remove audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch as it had already been applied upstream
* 2.5 includes miscellaneous enhancements and fixes: 2.5 - Make augenrules the default method to load audit rules - Put rules in its own directory and break out rules into groups - Have auditd do a fsync before closing log - Make default flush setting larger - In auparse. terminate the generated strings (Burn Alting) - In auditd, add incremental_async flushing mode - Clean up dangling fields in DAEMON events - Add audit by process name support to auditctl (Richard Briggs) - Relax permissions on systemd files - Fix auparse to handle interlaced events (Burn Alting) - Allow more syslog facilities in audispd-syslog (Aleksander Adamowski) 2.4.5 - Fix auditd disk flushing for data and sync modes - Fix auditctl to not show options not supported on older OS - Add audit.m4 file to aid adding support to other projects - Fix C99 inline function build issue - Add account lock and unlock event types - Change logging loophole check to geteuid() - Fix ausearch to not consider AUDIT_PROCTITLE events malformed (Burn Alting) - Fix ausearch to parse FEATURE_CHANGE events ( From http://people.redhat.com/sgrubb/audit/ChangeLog ) Signed-off-by: T.O. Radzy Radzykewycz <ra...@windriver.com> --- ...et-inline-functions-work-with-gnu89-gnu11.patch | 71 -------------- .../audit/audit/audit-python-configure.patch | 3 +- recipes-security/audit/audit_2.4.4.bb | 100 -------------------- recipes-security/audit/audit_2.5.bb | 104 +++++++++++++++++++++ 4 files changed, 106 insertions(+), 172 deletions(-) delete mode 100644 recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch delete mode 100644 recipes-security/audit/audit_2.4.4.bb create mode 100644 recipes-security/audit/audit_2.5.bb diff --git a/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch b/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch deleted file mode 100644 index 578cfc1dc476..000000000000 --- a/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 15036dd4fa9eb209f5e148c6f7ee081f5ca78fa4 Mon Sep 17 00:00:00 2001 -From: Wenzong Fan <wenzong....@windriver.com> -Date: Fri, 11 Sep 2015 03:37:13 -0400 -Subject: [PATCH] audit/auvirt: get inline functions work with both gnu89 & gnu11 - -After gcc upgraded to gcc5, and if the codes are compiled without -optimization (-O0), and the below error will happen: - - auvirt.c:484: undefined reference to `copy_str' - auvirt.c:667: undefined reference to `is_resource' - collect2: error: ld returned 1 exit status - -gcc5 defaults to -std=gnu11 instead of -std=gnu89, and it requires that -exactly one C source file has the callable copy of the inline function. -Consider the following program: - - inline int - foo (void) - { - return 42; - } - - int - main (void) - { - return foo (); - } - -The program above will not link with the C99 inline semantics, because -no out-of-line function foo is generated. To fix this, either mark the -function foo as static, or add the following declaration: - - static inline int foo (void); - -More information refer to: https://gcc.gnu.org/gcc-5/porting_to.html - -Note: using "extern inline" will fail to build with gcc4.x, so replace -inline with "static inline". - -Upstream-Status: Pending - -Signed-off-by: Wenzong Fan <wenzong....@windriver.com> ---- - tools/auvirt/auvirt.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tools/auvirt/auvirt.c b/tools/auvirt/auvirt.c -index 655c454..b16d718 100644 ---- a/tools/auvirt/auvirt.c -+++ b/tools/auvirt/auvirt.c -@@ -138,7 +138,7 @@ void event_free(struct event *event) - } - } - --inline char *copy_str(const char *str) -+static inline char *copy_str(const char *str) - { - return (str) ? strdup(str) : NULL; - } -@@ -650,7 +650,7 @@ int process_control_event(auparse_state_t *au) - return 0; - } - --inline int is_resource(const char *res) -+static inline int is_resource(const char *res) - { - if (res == NULL || - res[0] == '\0' || --- -1.9.1 - diff --git a/recipes-security/audit/audit/audit-python-configure.patch b/recipes-security/audit/audit/audit-python-configure.patch index b47cf5d2d968..cb62ec3022bb 100644 --- a/recipes-security/audit/audit/audit-python-configure.patch +++ b/recipes-security/audit/audit/audit-python-configure.patch @@ -8,6 +8,7 @@ Upstream-Status: pending Signed-off-by: Xin Ouyang <xin.ouy...@windriver.com> Signed-off-by: Li Xin <lixin.f...@cn.fujitsu.com> Signed-off-by: Wenzong Fan <wenzong....@windriver.com> +Signed-off-by: T.O. Radzy Radzykewycz <ra...@windriver.com> --- configure.ac | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) @@ -29,7 +30,7 @@ index 1f48cb4..cdb5219 100644 - AC_MSG_NOTICE(Python bindings will be built) -else - python_found="no" -- if test x$use_python = xyes ; then +- if test "x$use_python" = xyes ; then - AC_MSG_ERROR([Python explicitly requested and python headers were not found]) - else - AC_MSG_WARN("Python headers not found - python bindings will not be made") diff --git a/recipes-security/audit/audit_2.4.4.bb b/recipes-security/audit/audit_2.4.4.bb deleted file mode 100644 index 55a5b12ba9c9..000000000000 --- a/recipes-security/audit/audit_2.4.4.bb +++ /dev/null @@ -1,100 +0,0 @@ -SUMMARY = "User space tools for kernel auditing" -DESCRIPTION = "The audit package contains the user space utilities for \ -storing and searching the audit records generated by the audit subsystem \ -in the Linux kernel." -HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"; -SECTION = "base" -PR = "r8" -LICENSE = "GPLv2+ & LGPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" - -SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \ - file://audit-python-configure.patch \ - file://audit-python.patch \ - file://fix-swig-host-contamination.patch \ - file://auditd \ - file://auditd.service \ - file://audit-volatile.conf \ - file://audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch \ -" -SRC_URI[md5sum] = "72b0fd94d32846142bc472f0d91e62b4" -SRC_URI[sha256sum] = "25f57f465f3230d7b1166b615ffd6748818a3dc225d0e8b396c5b2e951674e23" - -inherit autotools pythonnative update-rc.d systemd - -UPDATERCPN = "auditd" -INITSCRIPT_NAME = "auditd" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE_${PN} = "auditd.service" - -DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)" - -EXTRA_OECONF += "--without-prelude \ - --with-libwrap \ - --enable-gssapi-krb5=no \ - --with-libcap-ng=yes \ - --with-python=yes \ - --libdir=${base_libdir} \ - --sbindir=${base_sbindir} \ - --without-python3 \ - --disable-zos-remote \ - " -EXTRA_OECONF_append_arm = " --with-arm=yes" - -EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \ - PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ - pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ - STDINC='${STAGING_INCDIR}' \ - " - -SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" -DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ -interface to the audit system, audispd. These plugins can do things \ -like relay events to remote machines or analyze events for suspicious \ -behavior." - -PACKAGES =+ "audispd-plugins" -PACKAGES += "auditd ${PN}-python" - -FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" -FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \ - ${sysconfdir}/audisp/plugins.d/au-remote.conf \ - ${sbindir}/audisp-remote ${localstatedir}/spool/audit \ - " -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" -FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la ${base_libdir}/pkgconfig/*" - -CONFFILES_auditd += "${sysconfdir}/audit/audit.rules" -RDEPENDS_auditd += "bash" - -do_install_append() { - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la - - # reuse auditd config - [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default - mv ${D}/etc/sysconfig/auditd ${D}/etc/default - rmdir ${D}/etc/sysconfig/ - - # replace init.d - install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd - rm -rf ${D}/etc/rc.d - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d/ - install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ - fi - - # install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system - - chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d - chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules - - # Based on the audit.spec "Copy default rules into place on new installation" - cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules -} diff --git a/recipes-security/audit/audit_2.5.bb b/recipes-security/audit/audit_2.5.bb new file mode 100644 index 000000000000..53aa23dabdd9 --- /dev/null +++ b/recipes-security/audit/audit_2.5.bb @@ -0,0 +1,104 @@ +SUMMARY = "User space tools for kernel auditing" +DESCRIPTION = "The audit package contains the user space utilities for \ +storing and searching the audit records generated by the audit subsystem \ +in the Linux kernel." +HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"; +SECTION = "base" +PR = "r8" +LICENSE = "GPLv2+ & LGPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" + +SRC_URI = "http://people.redhat.com/sgrubb/${BPN}/${BPN}-${PV}.tar.gz \ + file://audit-python-configure.patch \ + file://audit-python.patch \ + file://fix-swig-host-contamination.patch \ + file://auditd \ + file://auditd.service \ + file://audit-volatile.conf \ +" +SRC_URI[md5sum] = "e721d48f3e1927c84b7c176b3bdbc443" +SRC_URI[sha256sum] = "9b0a0760c6f37d80cbbfe46a74db722e60ac8100b28eb31953878ffca8ac14b4" + + +inherit autotools pythonnative update-rc.d systemd + +UPDATERCPN = "auditd" +INITSCRIPT_NAME = "auditd" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE_${PN} = "auditd.service" + +DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)" + +EXTRA_OECONF += "--without-prelude \ + --with-libwrap \ + --enable-gssapi-krb5=no \ + --with-libcap-ng=yes \ + --with-python=yes \ + --libdir=${base_libdir} \ + --sbindir=${base_sbindir} \ + --without-python3 \ + --disable-zos-remote \ + " +EXTRA_OECONF_append_arm = " --with-arm=yes" + +EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \ + PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ + pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ + STDINC='${STAGING_INCDIR}' \ + " + +SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" +DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ +interface to the audit system, audispd. These plugins can do things \ +like relay events to remote machines or analyze events for suspicious \ +behavior." + +PACKAGES =+ "audispd-plugins" +PACKAGES += "auditd ${PN}-python" + +FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" +FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" +FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \ + ${sysconfdir}/audisp/plugins.d/au-remote.conf \ + ${sbindir}/audisp-remote ${localstatedir}/spool/audit \ + " +FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" +FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" +FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la ${base_libdir}/pkgconfig/*" + +CONFFILES_auditd += "${sysconfdir}/audit/audit.rules" +RDEPENDS_auditd += "bash" + +do_install_append() { + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la + + # reuse auditd config + [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default + mv ${D}/etc/sysconfig/auditd ${D}/etc/default + rmdir ${D}/etc/sysconfig/ + + # replace init.d + install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd + rm -rf ${D}/etc/rc.d + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ + fi + + # install systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system + + # audit-2.5 doesn't install any rules by default, so we do that here + mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d + cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules + + chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d + chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules + + # Based on the audit.spec "Copy default rules into place on new installation" + cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules +} -- 1.9.1 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
