audit-audispd-plugins-4.0.2-2.1 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

The audit-audispd-plugins package contains plugin components for the
audit dispatcher (audispd).

Provides

• audit-audispd-plugins
• audit-audispd-plugins(armv7hl-32)
• config(audit-audispd-plugins)

Requires

• config(audit-audispd-plugins) = 4.0.2-2.1
• ld-linux-armhf.so.3
• ld-linux-armhf.so.3(GLIBC_2.4)
• libauparse.so.0
• libc.so.6
• libc.so.6(GLIBC_2.15)
• libc.so.6(GLIBC_2.28)
• libc.so.6(GLIBC_2.32)
• libc.so.6(GLIBC_2.33)
• libc.so.6(GLIBC_2.34)
• libc.so.6(GLIBC_2.38)
• libc.so.6(GLIBC_2.4)
• libc.so.6(GLIBC_2.8)
• libcap-ng.so.0
• libgcc_s.so.1
• libgcc_s.so.1(GCC_3.5)
• liblber.so.2
• liblber.so.2(OPENLDAP_2.200)
• libldap.so.2
• libldap.so.2(OPENLDAP_2.200)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

GPL-2.0-or-later

Changelog

* Mon Jan 26 2026 Callum Farmer <gmbr3@opensuse.org>
  - Move all /var/spool, /var/log directories to systemd-tmpfiles
* Tue Jun 10 2025 Wolfgang Frisch <wolfgang.frisch@suse.com>
  - Refresh systemd service patches:
    - audit-allow-manual-stop.patch
    - auditd.service-fix-plugin-termination.patch
    - enable-stop-rules.patch
    - fix-hardened-service.patch
    - harden_auditd.service.patch
  - Update to 4.0.2
    - Fix musl C builds
    - Many code cleanups (Yugend)
    - Use atomic variables if available for signal related flags
    - Dont rotate audit logs when auditd is in debug mode
    - Fix a couple memory leaks on error paths
    - Correct output when displaying rules with exe/path/dir (Attila Lakatos)
    - Fix auparse lookup test to not use the system libaupaurse
    - Improve auparse metrics
    - Update auparse normalizer for recent syscalls
    - Make status report uniform
  - Update to 4.0.1
    - Update TRUSTED_APP interpretation to look for known fields
    - In auditd plugins, allow variable amount of arguments (Attila Lakatos)
    - Fix augenrules to work correctly when kernel is in immutable mode
    - Add ausearch_cur_event to auparse library (Attila Lakatos)
    - Add audisp-filter plugin (Attila Lakatos)
    - Improve sorting speed of aureport --summary reports
    - auditd & audit-rules.service pick up paths automatically (Laurent Bigonville)
    - Update auparse normalizer for new syscalls
* Fri Oct 04 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update audit.spec (bsc#1231236):
    * add requirement for 'awk' package
    * move some %post logic from audit to audit-rules
* Wed Oct 02 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Readd audit-allow-manual-stop.patch (removed by mistake)
* Tue Oct 01 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Fix plugin termination when using systemd service units (bsc#1215377)
    * add auditd.service-fix-plugin-termination.patch
* Thu Sep 26 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update audit-secondary.spec:
    * Add "Requires: audit-rules" for audit package
    * Remove preun/postun handling of audit-rules.service
* Tue Sep 17 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update to 4.0
    - Drop python2 support
    - Drop auvirt and autrace programs
    - Drop SysVinit support
    - Require the use of the 5.0 or later kernel headers
    - New README.md file
    - Rewrite legacy service functions in terms of systemctl
    - Consolidate and update end of event detection to a common function
    - Split off rule loading from auditd.service into audit-rules.service
    - Refactor libaudit.h to split out logging functions and record numbers
    - Speed up aureport --summary reports
    - Limit libaudit python bindings to logging functions
    - Add a metrics function for auparse
    - Change auditctl to use pidfd_send_signal for signaling auditd
    - Adjust watches to optimize syscalls hooked when watch file access
    - Drop nispom rules
    - Add intepretations for fsconfig, fsopen, fsmount, & move_mount
    - Many code fixups (cgzones)
    - Update syscall and interpretation tables to the 6.8 kernel
    (from v3.1.2)
    - When processing a run level change, make auditd exit
    - In auditd, fix return code when rules added in immutable mode
    - In auparse, when files are given, also consider EUID for access
    - Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya)
    - Disable Python bindings from setting rules due to swig bug (S. Trofimovich)
    - Update all lookup tables for the 6.5 kernel
    - Don't be as paranoid about auditctl -R file permissions
    - In ausearch, correct subject/object search to be an and if both are given
    - Adjust formats for 64 bit time_t
    - Fix segfault in python bindings around the feed API
    - Add feed_has_data, get_record_num, and get/goto_field_num to python bindings
  - Update spec:
    * Move rules-related files into new subpackage `audit-rules':
    * Files moved:
    - /sbin/auditctl, /sbin/augenrules,
    /etc/audit/{audit.rules,rules.d/audit.rules,audit-stop.rules}
    - manpages for auditctl, augenrules, and audit.rules
    - /etc/audit is now owned by `audit-rules' as well
    * Add new file /usr/lib/systemd/system/audit-rules.service
    * Remove in-house create-augenrules-service.patch that generated
      augenrules.service systemd unit service
    * Remove ownership of /usr/share/audit
    * Create /usr/share/audit-rules directory on %install
    * Remove audit-userspace-517-compat.patch (fixed upstream)
    * Remove libev-werror.patch (fixed upstream)
    * Remove audit-allow-manual-stop.patch (fixed upstream)
    * Add fix-auparse-test.patch (downstream):
      Upstream tests uses a static value (42) for 'gdm' uid/gid (based
      on Fedora values, apparently).  Replace these occurrences with
      'unknown(123456)'
    * Replace '--with-python' with '--with-python3' on %configure
    * Remove autrace and auvirt references (upstream)
    * Replace README with README.md
  - Drop `--enable-systemd' from %configure as SysV-style scripts
    aren't supported in upstream since
    113ae191758c ("Drop support for SysVinit")
* Mon Aug 05 2024 Thorsten Kukuk <kukuk@suse.com>
  - Remove rcaudit symlink [jsc#PED-266]
* Mon Jul 03 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.1.1:
    * Add user friendly keywords for signals to auditctl
    * In ausearch, parse up URINGOP and DM_CTRL records
    * Harden auparse to better handle corrupt logs
    * Fix a CFLAGS propogation problem in the common directory
    * Move the audispd af_unix plugin to a standalone program
* Thu May 04 2023 Frederic Crozat <fcrozat@suse.com>
  - Add _multibuild to define additional spec files as additional
    flavors.
    Eliminates the need for source package links in OBS.
* Mon Feb 20 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.1:
    * Disable ProtectControlGroups in auditd.service by default
    * Fix rule checking for exclude filter
    * Make audit_rule_syscallbyname_data work correctly outside of auditctl
    * Add new record types
    * Add io_uring support
    * Add support for new FANOTIFY record fields
    * Add keyword, this-hour, to ausearch/report start/end options
    * Add Requires.private to audit.pc file
    * Try to interpret OPENAT2 fields correctly
* Tue Dec 27 2022 Ludwig Nussel <lnussel@suse.com>
  - Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Thu Dec 15 2022 Enzo Matsumiya <ematsumiya@suse.de>
  - Enable build for ARM (32-bit)
  - Update to version 3.0.9:
    * In auditd, release the async flush lock on stop
    * Don't allow auditd to log directly into /var/log when log_group is non-zero
    * Cleanup krb5 memory leaks on error paths
    * Update auditd.cron to use auditctl --signal
    * In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
    * In auparse, special case kernel module name interpretation
    * If overflow_action is ignore, don't treat as an error
    (3.0.8)
    * Add gcc function attributes for access and allocation