Bug 1559032 - Rebase audit package to 2.8.4 to pick up bug fixes
Summary: Rebase audit package to 2.8.4 to pick up bug fixes
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: audit
Version: 7.5
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: Ondrej Moriš
Mirek Jahoda
Depends On:
Blocks: 1553233
TreeView+ depends on / blocked
Reported: 2018-03-21 14:40 UTC by Steve Grubb
Modified: 2018-12-04 13:42 UTC (History)
6 users (show)

Fixed In Version: audit-2.8.4-2.el7
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
_audit_ rebased to 2.8.4 The _audit_ packages have been upgraded to upstream version 2.8.4, which provides a number of bug fixes and enhancements over the previous version. Notable changes include: * Added support for dumping internal state. You can now run the "service auditd state" command to see information about the *Audit* daemon. * Added support for the `SOFTWARE_UPDATE` event generated by the *rpm* and *yum* tools. * Allowed unlimited retries during a remote logging startup. This helps to start even if the aggregating server is not running when a client is booted. * Improved IPv6 remote logging.
Clone Of:
Last Closed: 2018-10-30 11:28:31 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3237 0 None None None 2018-10-30 11:29:01 UTC

Description Steve Grubb 2018-03-21 14:40:22 UTC
Description of problem:
Upstream audit  has fixed a number of bugs. The changelog is not very big. Its very close to what was done for RHEL 7.5.

- Correct msg function name in lru debug code
- Fix a segfault in auditd when dns resolution isn't available
- Make a reload legacy service for auditd
- In auparse python bindings, expose some new types that were missing
- In normalizer, pickup subject kind for user_login events
- Fix interpretation of unknown ioctcmds (#1540507)
- In auparse_normalize for USER_LOGIN events, map acct for subj_kind
- Fix logging of IPv6 addresses in DAEMON_ACCEPT events (#1534748)
- Do not rotate auditd logs when num_logs < 2 (brozs)

- Update tables for 4.14 kernel
- Fixup ipv6 server side binding
- AVC report from aureport was missing result column header (#1511606)
- In ausearch/report pickup any path and new-disk fields as a file
- Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
- In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
- Fix building on old systems without linux/fanotify.h
- Fix shell portability issues reported by shellcheck
- Auditd validate_email should not use gethostbyname

Additional info:
audit-2.8.3 is in F27 & F28 right now.

Comment 1 Steve Grubb 2018-04-09 13:13:22 UTC
Also, these should be picked up in a rebase:

- Generate checkpoint file even when not results are returned (Burn Alting)
- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
- Use SIGCONT to dump auditd internal state (#1504251)
- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)

Comment 5 Steve Grubb 2018-06-20 13:57:02 UTC
audit-2.8.4-1.el7 has been built to address this issue.

Comment 14 errata-xmlrpc 2018-10-30 11:28:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.