Hi Steve, nice to hear from you.

I have some questions for you, if you don't mind.
  1. Are you referred to as a Release Engineer?
  2. What specifically is rawhide in the context of this email message?
  3. Is Audit-3.0 going to be the standard for Red Hat 8 variants?

Thank you for your time,
--------------------------
Warron French



On Fri, Mar 1, 2019 at 4:34 PM Steve Grubb <sgrubb@redhat.com> wrote:
Hello,

I've just released a new version of the audit daemon. It can be
downloaded from http://people.redhat.com/sgrubb/audit. It will also be
in rawhide soon. The ChangeLog is:

- Fix segfault on shutdown
- Fix hang on startup (#1587995)
- Add sleep to script to dump state so file is ready when needed
- Add auparse_normalizer support for SOFTWARE_UPDATE event
- Mark netlabel events as simple events so that get processed quicker
- When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
- Add 30-ospp-v42.rules to meet new Common Criteria requirements
- Update lookup tables for the 4.18 kernel
- In aureport, fix segfault in file report
- Add auparse_normalizer support for labeled networking events
- Fix memory leak in audisp-remote plugin when using krb5 transport.
(#1622194)
- Event aging is off by a second
- In ausearch/auparse, correct event ordering to process oldest first
- auparse_reset was not clearing everything it should
- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
- In ausearch/report, lightly parse selinux portion of USER_AVC events
- In ausearch/report, limit record size when malformed
- In auditd, fix extract_type function for network originating events
- In auditd, calculate right size and location for network originating events
- Treat all network originating events as VER2 so dispatcher doesn't format
it
- In audisp-remote do an initial connection attempt (#1625156)
- In auditd, allow expression of space left as a percentage (#1650670)
- On PPC64LE systems, only allow 64 bit rules (#1462178)
- Make some parts of auditd state report optional based on config
- Fix ausearch when checkpointing a single file (Burn Alting)
- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
- In ausearch, do not checkpt if stdin is input source
- In libev, remove __cold__ attribute for functions to allow proper hardening
- Add tests to configure.ac for openldap support
- Make systemd support files use /run rather than /var/run (Christian Hesse)
- Fix minor memory leak in auditd kerberos credentials code
- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
- In ausearch/report fix --end to use midnight time instead of now (#1671338)

This is a big update to the maintenance branch of the audit package. All of
the fixes included here are cherry picked fixes from the audit-3.0 development
branch. This might be the last release for the 2.8 code base. We'll just have
to see.

Work on the audit-3.0 release is waiting for the audit container work to land
and then should be released soon thereafter. (Just in case people were wonder
what is holding up an official audit-3.0 release.)

SHA256: 0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7

Please let me know if you run across any problems with this release.

-Steve


--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit