diff --git a/audit-3.0.8-undo-flex-array.patch b/audit-3.0.8-undo-flex-array.patch deleted file mode 100644 index b74bd335b89a660f90a8ec6b380ee726f3e24dd1..0000000000000000000000000000000000000000 --- a/audit-3.0.8-undo-flex-array.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urp usr.orig/include/libaudit.h.orig usr/include/libaudit.h ---- usr.orig/include/libaudit.h.orig 2022-02-14 14:14:08.000000000 -0500 -+++ usr/include/libaudit.h 2022-02-23 13:35:52.638340789 -0500 -@@ -39,7 +39,7 @@ extern "C" { - #include - #include - #include --#include "audit.h" -+#include - #include - #include - diff --git a/audit-3.1.1-flex-array-workaround.patch b/audit-3.1.1-flex-array-workaround.patch deleted file mode 100644 index a7738718e8acf97cbb70b0d8101b3750f286f987..0000000000000000000000000000000000000000 --- a/audit-3.1.1-flex-array-workaround.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- audit-3.1.1/bindings/swig/src/auditswig.i 2022-03-29 16:52:34.000000000 -0400 -+++ audit-3.1.1/bindings/swig/src/auditswig.i 2022-03-29 17:31:15.810268855 -0400 -@@ -39,7 +39,7 @@ signed - #define __attribute(X) /*nothing*/ - typedef unsigned __u32; - typedef unsigned uid_t; --%include "/usr/include/linux/audit.h" -+%include "../lib/audit.h" - #define __extension__ /*nothing*/ - %include - %include "../lib/libaudit.h" ---- audit-3.1.1/lib/libaudit.h 2022-03-29 16:52:34.000000000 -0400 -+++ audit-3.1.1/lib/libaudit.h 2022-03-29 17:31:15.812268812 -0400 -@@ -27,7 +27,7 @@ - #include - #include - #include --#include -+#include "audit.h" - #include - #include - #ifndef __attr_access diff --git a/audit-3.1.1-prefix.patch b/audit-3.1.1-prefix.patch deleted file mode 100644 index cf5f30a16e5edefdc42147bada44bc9578080e97..0000000000000000000000000000000000000000 --- a/audit-3.1.1-prefix.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- audit-3.1.1/init.d/auditd.service.orig 2023-05-29 14:25:16.450156480 +0800 -+++ audit-3.1.1/init.d/auditd.service 2023-05-29 14:26:34.853156480 +0800 -@@ -19,16 +19,16 @@ - - [Service] - Type=forking --PIDFile=/run/auditd.pid --ExecStart=/sbin/auditd -+PIDFile=/var/run/auditd.pid -+ExecStart=/usr/sbin/auditd - ## To not use augenrules, copy this file to /etc/systemd/system/auditd.service - ## and comment/delete the next line and uncomment the auditctl line. - ## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ --ExecStartPost=-/sbin/augenrules --load --#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules -+ExecStartPost=-/usr/sbin/augenrules --load -+#ExecStartPost=-/usr/sbin/auditctl -R /etc/audit/audit.rules - # By default we don't clear the rules on exit. To enable this, uncomment - # the next line after copying the file to /etc/systemd/system/auditd.service --#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules -+#ExecStopPost=/usr/sbin/auditctl -R /etc/audit/audit-stop.rules - Restart=on-failure - # Do not restart for intentional exits. See EXIT CODES section in auditd(8). - RestartPreventExitStatus=2 4 6 diff --git a/audit-3.1.1-python3-linkage.patch b/audit-3.1.1-python3-linkage.patch deleted file mode 100644 index 6717deb7da9e91ba191bb241adb6e9ac02bd85f5..0000000000000000000000000000000000000000 --- a/audit-3.1.1-python3-linkage.patch +++ /dev/null @@ -1,41 +0,0 @@ ---- audit-3.1.1/bindings/python/python3/Makefile.am.orig 2023-05-30 10:10:45.265914728 +0800 -+++ audit-3.1.1/bindings/python/python3/Makefile.am 2023-05-30 10:11:04.640914728 +0800 -@@ -31,4 +31,4 @@ - auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS) - auparse_la_CFLAGS = -shared - auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro --auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la -+auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la $(PYTHON3_LIBS) ---- audit-3.1.1/bindings/python/python3/Makefile.in.orig 2023-05-30 10:11:12.226914728 +0800 -+++ audit-3.1.1/bindings/python/python3/Makefile.in 2023-05-30 10:11:21.836914728 +0800 -@@ -396,7 +396,7 @@ - auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS) - auparse_la_CFLAGS = -shared - auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro --auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la -+auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la $(PYTHON3_LIBS) - all: all-am - - .SUFFIXES: ---- audit-3.1.1/bindings/swig/python3/Makefile.am.orig 2023-05-30 10:11:31.480914728 +0800 -+++ audit-3.1.1/bindings/swig/python3/Makefile.am 2023-05-30 10:11:42.165914728 +0800 -@@ -34,7 +34,7 @@ - _audit_la_LDFLAGS = -module -avoid-version -Wl,-z,relro - _audit_la_HEADERS: $(top_builddir)/config.h - _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudit.la --_audit_la_LIBADD = ${top_builddir}/lib/libaudit.la -+_audit_la_LIBADD = ${top_builddir}/lib/libaudit.la $(PYTHON3_LIBS) - nodist__audit_la_SOURCES = audit_wrap.c - audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i - swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i ---- audit-3.1.1/bindings/swig/python3/Makefile.in.orig 2023-05-30 10:11:46.501914728 +0800 -+++ audit-3.1.1/bindings/swig/python3/Makefile.in 2023-05-30 10:11:53.039914728 +0800 -@@ -403,7 +403,7 @@ - _audit_la_CFLAGS = -shared - _audit_la_LDFLAGS = -module -avoid-version -Wl,-z,relro - _audit_la_DEPENDENCIES = ${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudit.la --_audit_la_LIBADD = ${top_builddir}/lib/libaudit.la -+_audit_la_LIBADD = ${top_builddir}/lib/libaudit.la $(PYTHON3_LIBS) - nodist__audit_la_SOURCES = audit_wrap.c - CLEANFILES = audit.py* audit_wrap.c *~ - all: all-am diff --git a/audit-3.1.1.tar.gz b/audit-3.1.1.tar.gz deleted file mode 100644 index 565d79e5b2382a357955a35f86a974df24b7d758..0000000000000000000000000000000000000000 Binary files a/audit-3.1.1.tar.gz and /dev/null differ diff --git a/audit-3.1.2.tar.gz b/audit-3.1.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..3fcd3f92372652ab8711121afa1caf6a889ec525 Binary files /dev/null and b/audit-3.1.2.tar.gz differ diff --git a/audit-3.9-1-aureport.patch b/audit-3.9-1-aureport.patch new file mode 100644 index 0000000000000000000000000000000000000000..165ab557cad30f60b04f8ea1342a25809b3706fc --- /dev/null +++ b/audit-3.9-1-aureport.patch @@ -0,0 +1,285 @@ +commit 5ccc65eba1807c12e603c4bdf6590d91cc52499a +Author: Steve Grubb +Date: Sat Sep 2 09:58:46 2023 -0400 + + Speed up aureport --summary reports + +diff --git a/src/ausearch-string.c b/src/ausearch-string.c +index 8dbec53..484c232 100644 +--- a/src/ausearch-string.c ++++ b/src/ausearch-string.c +@@ -1,27 +1,28 @@ + /* +-* ausearch-string.c - Minimal linked list library for strings +-* Copyright (c) 2005,2008,2014 Red Hat Inc., Durham, North Carolina. +-* All Rights Reserved. +-* +-* This software may be freely redistributed and/or modified under the +-* terms of the GNU General Public License as published by the Free +-* Software Foundation; either version 2, or (at your option) any +-* later version. +-* +-* This program is distributed in the hope that it will be useful, +-* but WITHOUT ANY WARRANTY; without even the implied warranty of +-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-* GNU General Public License for more details. +-* +-* You should have received a copy of the GNU General Public License +-* along with this program; see the file COPYING. If not, write to the +-* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor +-* Boston, MA 02110-1335, USA. +-* +-* Authors: +-* Steve Grubb +-*/ +- ++ * ausearch-string.c - Minimal linked list library for strings ++ * Copyright (c) 2005,2008,2014,2023 Red Hat Inc. ++ * All Rights Reserved. ++ * ++ * This software may be freely redistributed and/or modified under the ++ * terms of the GNU General Public License as published by the Free ++ * Software Foundation; either version 2, or (at your option) any ++ * later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; see the file COPYING. If not, write to the ++ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor ++ * Boston, MA 02110-1335, USA. ++ * ++ * Authors: ++ * Steve Grubb ++ */ ++ ++#pragma GCC optimize("O3,inline") + #include "ausearch-string.h" + #include + #include +@@ -31,28 +32,10 @@ void slist_create(slist *l) + { + l->head = NULL; + l->cur = NULL; ++ l->last = NULL; + l->cnt = 0; + } + +-void slist_last(slist *l) +-{ +- register snode* cur; +- +- if (l->head == NULL) +- return; +- +- // Try using cur so that we don't have to start at beginnning +- if (l->cur) +- cur = l->cur; +- else +- cur = l->head; +- +- // Loop until no next value +- while (cur->next) +- cur = cur->next; +- l->cur = cur; +-} +- + snode *slist_next(slist *l) + { + if (l->cur == NULL) +@@ -80,14 +63,14 @@ void slist_append(slist *l, snode *node) + newnode->hits = node->hits; + newnode->next = NULL; + +- // Make sure cursor is at the end +- slist_last(l); +- +- // if we are at top, fix this up +- if (l->head == NULL) ++ // if the top is empty, add it there ++ if (l->head == NULL) { + l->head = newnode; +- else // Otherwise add pointer to newnode +- l->cur->next = newnode; ++ l->last = newnode; ++ } else { // Otherwise put at the end ++ l->last->next = newnode; ++ l->last = newnode; ++ } + + // make newnode current + l->cur = newnode; +@@ -109,25 +92,25 @@ void slist_clear(slist* l) + } + l->head = NULL; + l->cur = NULL; ++ l->last = NULL; + l->cnt = 0; + } + +-/* This function dominates the timing of aureport. Needs to be more efficient */ + int slist_add_if_uniq(slist *l, const char *str) + { + snode sn; +- register snode *cur; ++ register snode *cur; + + if (str == NULL) + return -1; + +- cur = l->head; ++ cur = l->head; + while (cur) { + if (strcmp(str, cur->str) == 0) { + cur->hits++; + l->cur = cur; + return 0; +- } else ++ } else + cur = cur->next; + } + +@@ -140,7 +123,7 @@ int slist_add_if_uniq(slist *l, const char *str) + } + + // If lprev would be NULL, use l->head +-static void swap_nodes(snode *lprev, snode *left, snode *right) ++static inline void swap_nodes(snode *lprev, snode *left, snode *right) + { + snode *t = right->next; + if (lprev) +@@ -150,17 +133,13 @@ static void swap_nodes(snode *lprev, snode *left, snode *right) + } + + // This will sort the list from most hits to least +-void slist_sort_by_hits(slist *l) ++static void old_sort_by_hits(slist *l) + { + register snode* cur, *prev; +- +- if (l->cnt <= 1) +- return; +- + prev = cur = l->head; + + while (cur && cur->next) { +- /* If the next node is bigger */ ++ // If the next node is bigger + if (cur->hits < cur->next->hits) { + if (cur == l->head) { + // Update the actual list head +@@ -180,3 +159,82 @@ void slist_sort_by_hits(slist *l) + l->cur = l->head; + } + ++// Merge two sorted lists ++static snode* slist_merge_sorted_lists(snode *a, snode *b) ++{ ++ snode dummy; ++ snode *tail = &dummy; ++ dummy.next = NULL; ++ ++ while (a && b) { ++ if (a->hits >= b->hits) { ++ tail->next = a; ++ a = a->next; ++ } else { ++ tail->next = b; ++ b = b->next; ++ } ++ tail = tail->next; ++ } ++ tail->next = a ? a : b; ++ return dummy.next; ++} ++ ++// Split the list into two halves ++static void slist_split_list(snode *head, snode **front, snode **back) ++{ ++ snode *fast, *slow; ++ slow = head; ++ fast = head->next; ++ ++ while (fast) { ++ fast = fast->next; ++ if (fast) { ++ slow = slow->next; ++ fast = fast->next; ++ } ++ } ++ ++ *front = head; ++ *back = slow->next; ++ slow->next = NULL; ++} ++ ++// Merge sort for linked list ++static void slist_merge_sort(snode **head_ref) ++{ ++ snode *head = *head_ref; ++ snode *a, *b; ++ ++ if (!head || !head->next) ++ return; ++ ++ slist_split_list(head, &a, &b); ++ ++ slist_merge_sort(&a); ++ slist_merge_sort(&b); ++ ++ *head_ref = slist_merge_sorted_lists(a, b); ++} ++ ++// This function dominates aureport --summary --kind output ++void slist_sort_by_hits(slist *l) ++{ ++ if (l->cnt <= 1) ++ return; ++ ++ // If the list is small, use old algorithm because ++ // the new one has some overhead that makes it slower ++ // until the list is big enough that the inefficiencies ++ // of the old algorithm cause slowness. The value chosen ++ // below is just a guess. At 100, the old algorithm is ++ // faster. At 1000, the new one is 5x faster. ++ if (l->cnt < 200) ++ return old_sort_by_hits(l); ++ ++ slist_merge_sort(&l->head); ++ ++ // End with cur pointing at first record ++ l->cur = l->head; ++} ++ +diff --git a/src/ausearch-string.h b/src/ausearch-string.h +index 1cfc4a6..5fcf1ee 100644 +--- a/src/ausearch-string.h ++++ b/src/ausearch-string.h +@@ -1,6 +1,6 @@ + /* + * ausearch-string.h - Header file for ausearch-string.c +-* Copyright (c) 2005,2008 Red Hat Inc., Durham, North Carolina. ++* Copyright (c) 2005,2008,2023 Red Hat Inc. + * All Rights Reserved. + * + * This software may be freely redistributed and/or modified under the +@@ -15,7 +15,7 @@ + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file COPYING. If not, write to the +-* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor ++* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor + * Boston, MA 02110-1335, USA. + * + * Authors: +@@ -41,6 +41,7 @@ typedef struct _snode{ + typedef struct { + snode *head; // List head + snode *cur; // Pointer to current node ++ snode *last; // Pointer to current node + unsigned int cnt; // How many items in this list + } slist; + diff --git a/audit-3.9-2-no-io_uring.patch b/audit-3.9-2-no-io_uring.patch new file mode 100644 index 0000000000000000000000000000000000000000..a72d8a74772762df332aff77cfb18d92598ff4d2 --- /dev/null +++ b/audit-3.9-2-no-io_uring.patch @@ -0,0 +1,19 @@ +commit b4cc077dac3e9bee1df59ee04cb2c466bc603033 +Author: Steve Grubb +Date: Wed Nov 1 15:14:25 2023 -0400 + + completely disable io_uring code in libev + +diff --git a/src/libev/ev.c b/src/libev/ev.c +index a4ef36f..c4a0070 100644 +--- a/src/libev/ev.c ++++ b/src/libev/ev.c +@@ -128,7 +128,7 @@ + + # if HAVE_LINUX_FS_H && HAVE_SYS_TIMERFD_H && HAVE_KERNEL_RWF_T + # ifndef EV_USE_IOURING +-# define EV_USE_IOURING EV_FEATURE_BACKENDS ++# define EV_USE_IOURING 0 // Intentionally drop the io_uring backend + # endif + # else + # undef EV_USE_IOURING diff --git a/audit-3.9-4-fix-leak.patch b/audit-3.9-4-fix-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..c5da715e493b18eaf9899f552e664868340d4d50 --- /dev/null +++ b/audit-3.9-4-fix-leak.patch @@ -0,0 +1,25 @@ +commit e1b75c41b3bd4f7de981b1c89b3a23c64cda53e1 +Author: cgzones +Date: Wed Nov 1 20:35:40 2023 +0100 + + lib: close audit socket in load_feature_bitmap() (#334) + +diff --git a/lib/libaudit.c b/lib/libaudit.c +index 0a52285..72b25a9 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -657,12 +657,14 @@ static void load_feature_bitmap(void) + + /* Found it... */ + features_bitmap = rep.status->feature_bitmap; ++ audit_close(fd); + return; + } + } + } + #endif + features_bitmap = AUDIT_FEATURES_UNSUPPORTED; ++ audit_close(fd); + } + + uint32_t audit_get_features(void) diff --git a/audit-3.9-5-mk-static.patch b/audit-3.9-5-mk-static.patch new file mode 100644 index 0000000000000000000000000000000000000000..f2bcb5aec0f885a27df87c4fbe5fc5130cb162a6 --- /dev/null +++ b/audit-3.9-5-mk-static.patch @@ -0,0 +1,19 @@ +commit 73c9ce37b15a963c6e609906d232b0a6ea9c741f +Author: Steve Grubb +Date: Wed Nov 1 17:22:47 2023 -0400 + + declare file local function static + +diff --git a/lib/libaudit.c b/lib/libaudit.c +index 72b25a9..cfbad1d 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -997,7 +997,7 @@ uint32_t audit_get_session(void) + return ses; + } + +-int audit_rule_syscall_data(struct audit_rule_data *rule, int scall) ++static int audit_rule_syscall_data(struct audit_rule_data *rule, int scall) + { + int word = AUDIT_WORD(scall); + int bit = AUDIT_BIT(scall); diff --git a/audit.spec b/audit.spec index 7dcb6f59f58d9ce2d26087a6014eb0145299a8b8..25cd654ef06f51adb2010f2a1d1ec6c29a5cf68e 100644 --- a/audit.spec +++ b/audit.spec @@ -1,32 +1,32 @@ -%define anolis_release 3 -# an audit.spec is provided in upstream audit source tree, modify to match -# Anolis OS specfile guidelines. -# Only support python3 in Anolis OS 23 -%define __python python3 - -Name: audit -Version: 3.1.1 -Release: %{anolis_release}%{dist} Summary: User space tools for kernel auditing +Name: audit +Version: 3.1.2 +Release: 5%{?dist} License: GPL-2.0-or-later AND LGPL-2.0-or-later -Group: System Environment/Daemons - -URL: https://people.redhat.com/sgrubb/audit/ -Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz -Patch1: audit-3.1.1-flex-array-workaround.patch -Patch2: audit-3.0.8-undo-flex-array.patch -Patch3: audit-3.1.1-prefix.patch -Patch4: audit-3.1.1-python3-linkage.patch - - -BuildRequires: gcc -BuildRequires: krb5-devel libcap-ng-devel +URL: http://people.redhat.com/sgrubb/audit/ +Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz +Source1: https://www.gnu.org/licenses/lgpl-2.1.txt +Patch1: audit-3.9-1-aureport.patch +Patch2: audit-3.9-2-no-io_uring.patch +Patch3: audit-3.9-4-fix-leak.patch +Patch4: audit-3.9-5-mk-static.patch + +BuildRequires: make gcc +BuildRequires: krb5-devel BuildRequires: kernel-headers >= 2.6.29 BuildRequires: systemd +BuildRequires: autoconf automake libtool + +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires(post): systemd coreutils procps-ng +Requires(preun): systemd +Recommends: initscripts-service +Requires(postun): systemd coreutils -Requires: %{name}-libs = %{version}-%{release} -%{?systemd_requires} +# Placing this here under the assumption that anything using the +# python libraries expects the system to have an audit daemon +Obsoletes: python2-audit < %{version}-%{release} %description The audit package contains the user space utilities for @@ -35,17 +35,17 @@ the audit subsystem in the Linux 2.6 and later kernels. %package libs Summary: Dynamic library for libaudit -# CAUTION: libs use another license. -License: LGPLv2+ +License: LGPL-2.0-or-later +BuildRequires: libcap-ng-devel %description libs -The audit-libs package contains the dynamic libraries needed for +The audit-libs package contains the dynamic libraries needed for applications to use the audit framework. %package libs-devel Summary: Header files for libaudit -License: LGPLv2+ -Requires: %{name}-libs = %{version}-%{release} +License: LGPL-2.0-or-later +Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: kernel-headers >= 2.6.29 %description libs-devel @@ -54,10 +54,11 @@ developing applications that need to use the audit framework libraries. %package -n python3-audit Summary: Python3 bindings for libaudit -License: LGPLv2+ -BuildRequires: python3-devel swig -Requires: %{name}-libs = %{version}-%{release} +License: LGPL-2.0-or-later +BuildRequires: python3-devel python-setuptools swig +Requires: %{name}-libs%{?_isa} = %{version}-%{release} Provides: audit-libs-python3 = %{version}-%{release} +Provides: audit-libs-python3%{?_isa} = %{version}-%{release} Obsoletes: audit-libs-python3 < %{version}-%{release} %description -n python3-audit @@ -66,109 +67,124 @@ and libauparse can be used by python3. %package -n audispd-plugins Summary: Plugins for the audit event dispatcher -License: GPLv2+ +License: GPL-2.0-or-later BuildRequires: krb5-devel libcap-ng-devel -Requires: %{name} = %{version}-%{release} -Requires: %{name}-libs = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description -n audispd-plugins The audispd-plugins package provides plugins for the real-time interface to the audit system, audispd. These plugins can do things -like relay events to remote machines or analyze events for suspicious -behavior. +like relay events to remote machines. %package -n audispd-plugins-zos Summary: z/OS plugin for the audit event dispatcher -License: GPLv2+ +License: GPL-2.0-or-later BuildRequires: openldap-devel libcap-ng-devel -Requires: %{name} = %{version}-%{release} -Requires: %{name}-libs = %{version}-%{release} - +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + %description -n audispd-plugins-zos The audispd-plugins-zos package provides a plugin that will forward all incoming audit events, as they happen, to a configured z/OS SMF (Service Management Facility) database, through an IBM Tivoli Directory Server (ITDS) set for Remote Audit service. -%package doc -Summary: Documentation files for %{name} -Requires: %{name} = %{version}-%{release} -BuildArch: noarch - -%description doc -The %{name}-doc package contains documentation files for %{name}. - %prep %setup -q -# FIXME part1: see https://listman.redhat.com/archives/linux-audit/2022-February/018843.html -cp -fv /usr/include/linux/audit.h lib/ -%patch1 -p1 -%patch3 -p1 -%patch4 -p1 +cp %{SOURCE1} . +%patch 1 -p1 +%patch 2 -p1 +%patch 3 -p1 +%patch 4 -p1 -# Remove the ids code, upstream says it's not ready +# Remove the ids code, its not ready sed -i 's/ ids / /' audisp/plugins/Makefile.am sed -i 's/ ids / /' audisp/plugins/Makefile.in %build -%configure \ - --disable-static \ - --with-python=no \ - --with-python3=yes \ - --enable-gssapi-krb5=yes --with-arm --with-aarch64 \ - --with-libcap-ng=yes --without-golang --enable-zos-remote \ - --enable-systemd --enable-experimental --with-io_uring -%make_build +%configure --with-python=no \ + --with-python3=yes \ + --enable-gssapi-krb5=yes --with-arm --with-aarch64 \ + --with-libcap-ng=yes --without-golang --enable-zos-remote \ + --enable-systemd --enable-experimental --with-io_uring + +make CFLAGS="%{optflags}" %{?_smp_mflags} %install -mkdir --mode=0750 -p $RPM_BUILD_ROOT{%{_sysconfdir}/audit/plugins.d,%{_sysconfdir}/audit/rules.d} -mkdir --mode=0700 -p $RPM_BUILD_ROOT%{_var}/log/audit -mkdir -p $RPM_BUILD_ROOT%{_var}/spool/audit -%make_install +mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audit/plugins.d,etc/audit/rules.d} +mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8} +mkdir -p $RPM_BUILD_ROOT/%{_lib} +mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit +mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit +mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit +make DESTDIR=$RPM_BUILD_ROOT install -# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp -touch -r ./audit.spec $RPM_BUILD_ROOT%{_sysconfdir}/libaudit.conf -touch -r ./audit.spec $RPM_BUILD_ROOT%{_mandir}/man5/libaudit.conf.5 +# Remove these items so they don't get picked up. +rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a +rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a -# undo the workaround -pushd %{buildroot} - patch -p0 < %{PATCH2} - find . -name '*.orig' -delete -popd +find $RPM_BUILD_ROOT -name '*.la' -delete +find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.a' -delete -%generate_compatibility_deps +# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp +touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf +touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz %check -%make_build check +make check # Get rid of make files so that they don't get packaged. rm -f rules/Makefile* %post # Copy default rules into place on new installation -files=`ls %{_sysconfdir}/audit/rules.d/ 2>/dev/null | wc -w` +files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w` if [ "$files" -eq 0 ] ; then - cp %{_datadir}/%{name}/sample-rules/10-base-config.rules %{_sysconfdir}/audit/rules.d/audit.rules - chmod 0600 %{_sysconfdir}/audit/rules.d/audit.rules +%if 0%{?rhel} + if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then + cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules +%else + # FESCO asked for audit to be off by default. #1117953 + if [ -e %{_datadir}/%{name}/sample-rules/10-no-audit.rules ] ; then + cp %{_datadir}/%{name}/sample-rules/10-no-audit.rules /etc/audit/rules.d/audit.rules +%endif + else + touch /etc/audit/rules.d/audit.rules + fi + chmod 0600 /etc/audit/rules.d/audit.rules fi %systemd_post auditd.service %preun %systemd_preun auditd.service +# Prefer script because it waits for auditd to terminate +if [ -e /usr/libexec/initscripts/legacy-actions/auditd/stop ] ; then + /usr/libexec/initscripts/legacy-actions/auditd/stop +else + auditctl --signal stop +fi %postun -%systemd_postun auditd.service +if [ $1 -ge 1 ]; then + state=$(systemctl status auditd | awk '/Active:/ { print $2 }') + if [ $state = "active" ] ; then + # Prefer script because it waits for auditd to terminate + if [ -e /usr/libexec/initscripts/legacy-actions/auditd/stop ] ; then + /usr/libexec/initscripts/legacy-actions/auditd/stop + else + auditctl --signal stop + fi + systemctl start auditd + fi +fi %files libs -%dir %{abidir} -%license COPYING.LIB +%{!?_licensedir:%global license %%doc} +%license lgpl-2.1.txt %{_libdir}/libaudit.so.1* %{_libdir}/libauparse.* -%{abidir}/_audit.dump -%{abidir}/libaudit.dump -%{abidir}/auparse.dump -%{abidir}/libauparse.dump -%config(noreplace) %{_sysconfdir}/libaudit.conf -%{_mandir}/man5/libaudit.conf.5.* +%config(noreplace) %attr(640,root,root) /etc/libaudit.conf +%{_mandir}/man5/libaudit.conf.5.gz %files libs-devel %doc contrib/plugin @@ -186,86 +202,83 @@ fi %attr(755,root,root) %{python3_sitearch}/* %files +%doc ChangeLog init.d/auditd.cron +%{!?_licensedir:%global license %%doc} %license COPYING -%doc rules init.d/auditd.cron -%{_datadir}/%{name}/sample-rules/* -%{_mandir}/man8/auditctl.8* -%{_mandir}/man8/auditd.8* -%{_mandir}/man8/aureport.8* -%{_mandir}/man8/ausearch.8* -%{_mandir}/man8/autrace.8* -%{_mandir}/man8/aulast.8* -%{_mandir}/man8/aulastlog.8* -%{_mandir}/man8/auvirt.8* -%{_mandir}/man8/augenrules.8* -%{_mandir}/man8/ausyscall.8* -%{_mandir}/man8/audisp-af_unix.8* -%{_mandir}/man7/audit.rules.7* -%{_mandir}/man5/auditd.conf.5* -%{_mandir}/man5/ausearch-expression.5* -%{_mandir}/man5/auditd-plugins.5* -%{_sbindir}/auditctl -%{_sbindir}/auditd -%{_sbindir}/ausearch -%{_sbindir}/aureport -%{_sbindir}/autrace -%{_sbindir}/augenrules -%{_sbindir}/audisp-af_unix -%{_bindir}/aulast -%{_bindir}/aulastlog -%{_bindir}/ausyscall -%{_bindir}/auvirt -%{abidir}/ausearch-option.list -%{abidir}/aureport-option.list -%{abidir}/auvirt-option.list -%{_unitdir}/auditd.service -%dir %{_libexecdir}/initscripts/legacy-actions/auditd -%{_libexecdir}/initscripts/legacy-actions/auditd/condrestart -%{_libexecdir}/initscripts/legacy-actions/auditd/reload -%{_libexecdir}/initscripts/legacy-actions/auditd/restart -%{_libexecdir}/initscripts/legacy-actions/auditd/resume -%{_libexecdir}/initscripts/legacy-actions/auditd/rotate -%{_libexecdir}/initscripts/legacy-actions/auditd/state -%{_libexecdir}/initscripts/legacy-actions/auditd/stop -%{_libexecdir}/audit-functions +%attr(755,root,root) %{_datadir}/%{name} +%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz +%attr(644,root,root) %{_mandir}/man8/auditd.8.gz +%attr(644,root,root) %{_mandir}/man8/aureport.8.gz +%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz +%attr(644,root,root) %{_mandir}/man8/autrace.8.gz +%attr(644,root,root) %{_mandir}/man8/aulast.8.gz +%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz +%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz +%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz +%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz +%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz +%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz +%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz +%attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz +%attr(755,root,root) %{_sbindir}/auditctl +%attr(755,root,root) %{_sbindir}/auditd +%attr(755,root,root) %{_sbindir}/ausearch +%attr(755,root,root) %{_sbindir}/aureport +%attr(750,root,root) %{_sbindir}/autrace +%attr(755,root,root) %{_sbindir}/augenrules +%attr(755,root,root) %{_bindir}/aulast +%attr(755,root,root) %{_bindir}/aulastlog +%attr(755,root,root) %{_bindir}/ausyscall +%attr(755,root,root) %{_bindir}/auvirt +%attr(644,root,root) %{_unitdir}/auditd.service +%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd +%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart +%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/reload +%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/restart +%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume +%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate +%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state +%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop +%attr(750,root,root) %{_libexecdir}/audit-functions %ghost %{_localstatedir}/run/auditd.state %attr(-,root,-) %dir %{_var}/log/audit -%dir %{_sysconfdir}/audit -%dir %{_sysconfdir}/audit/rules.d -%dir %{_sysconfdir}/audit/plugins.d -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf -%ghost %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules -%ghost %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit.rules -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules -%config(noreplace) %{_sysconfdir}/audit/plugins.d/af_unix.conf +%attr(750,root,root) %dir /etc/audit +%attr(750,root,root) %dir /etc/audit/rules.d +%attr(750,root,root) %dir /etc/audit/plugins.d +%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf +%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules +%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules +%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules %files -n audispd-plugins -%config(noreplace) %{_sysconfdir}/audit/audisp-remote.conf -%config(noreplace) %{_sysconfdir}/audit/plugins.d/au-remote.conf -%config(noreplace) %{_sysconfdir}/audit/plugins.d/syslog.conf -%config(noreplace) %{_sysconfdir}/audit/audisp-statsd.conf -%config(noreplace) %{_sysconfdir}/audit/plugins.d/au-statsd.conf +%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf +%config(noreplace) %attr(640,root,root) /etc/audit/audisp-statsd.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-statsd.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf %attr(750,root,root) %{_sbindir}/audisp-remote %attr(750,root,root) %{_sbindir}/audisp-syslog +%attr(750,root,root) %{_sbindir}/audisp-af_unix %attr(750,root,root) %{_sbindir}/audisp-statsd -%{abidir}/audisp-remote-option.list %attr(700,root,root) %dir %{_var}/spool/audit -%{_mandir}/man5/audisp-remote.conf.5* -%{_mandir}/man8/audisp-remote.8* -%{_mandir}/man8/audisp-syslog.8* -%{_mandir}/man8/audisp-statsd.8* +%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz +%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz +%attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz +%attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz +%attr(644,root,root) %{_mandir}/man8/audisp-statsd.8.gz %files -n audispd-plugins-zos -%{_mandir}/man8/audispd-zos-remote.8* -%{_mandir}/man5/zos-remote.conf.5* -%config(noreplace) %{_sysconfdir}/audit/plugins.d/audispd-zos-remote.conf -%config(noreplace) %{_sysconfdir}/audit/zos-remote.conf +%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz +%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/audispd-zos-remote.conf +%config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf %attr(750,root,root) %{_sbindir}/audispd-zos-remote -%files doc -%doc README ChangeLog AUTHORS TODO NEWS - %changelog +* Fri Mar 22 2024 yangxianzhao - 3.1.2-5 +- Update to 3.1.2-5 + * Mon Mar 11 2024 Bo Ren - 3.1.1-3 - Rebuild with python3.11 @@ -293,3 +306,4 @@ fi * Fri Mar 11 2022 Caspar Zhang 3.0.7-1 - New upstream release for Anolis OS 23 + diff --git a/lgpl-2.1.txt b/lgpl-2.1.txt new file mode 100644 index 0000000000000000000000000000000000000000..4362b49151d7b34ef83b3067a8f9c9f877d72a0e --- /dev/null +++ b/lgpl-2.1.txt @@ -0,0 +1,502 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 2.1, February 1999 + + Copyright (C) 1991, 1999 Free Software Foundation, Inc. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.] + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +Licenses are intended to guarantee your freedom to share and change +free software--to make sure the software is free for all its users. + + This license, the Lesser General Public License, applies to some +specially designated software packages--typically libraries--of the +Free Software Foundation and other authors who decide to use it. You +can use it too, but we suggest you first think carefully about whether +this license or the ordinary General Public License is the better +strategy to use in any particular case, based on the explanations below. + + When we speak of free software, we are referring to freedom of use, +not price. Our General Public Licenses are designed to make sure that +you have the freedom to distribute copies of free software (and charge +for this service if you wish); that you receive source code or can get +it if you want it; that you can change the software and use pieces of +it in new free programs; and that you are informed that you can do +these things. + + To protect your rights, we need to make restrictions that forbid +distributors to deny you these rights or to ask you to surrender these +rights. These restrictions translate to certain responsibilities for +you if you distribute copies of the library or if you modify it. + + For example, if you distribute copies of the library, whether gratis +or for a fee, you must give the recipients all the rights that we gave +you. You must make sure that they, too, receive or can get the source +code. If you link other code with the library, you must provide +complete object files to the recipients, so that they can relink them +with the library after making changes to the library and recompiling +it. And you must show them these terms so they know their rights. + + We protect your rights with a two-step method: (1) we copyright the +library, and (2) we offer you this license, which gives you legal +permission to copy, distribute and/or modify the library. + + To protect each distributor, we want to make it very clear that +there is no warranty for the free library. Also, if the library is +modified by someone else and passed on, the recipients should know +that what they have is not the original version, so that the original +author's reputation will not be affected by problems that might be +introduced by others. + + Finally, software patents pose a constant threat to the existence of +any free program. We wish to make sure that a company cannot +effectively restrict the users of a free program by obtaining a +restrictive license from a patent holder. Therefore, we insist that +any patent license obtained for a version of the library must be +consistent with the full freedom of use specified in this license. + + Most GNU software, including some libraries, is covered by the +ordinary GNU General Public License. This license, the GNU Lesser +General Public License, applies to certain designated libraries, and +is quite different from the ordinary General Public License. We use +this license for certain libraries in order to permit linking those +libraries into non-free programs. + + When a program is linked with a library, whether statically or using +a shared library, the combination of the two is legally speaking a +combined work, a derivative of the original library. The ordinary +General Public License therefore permits such linking only if the +entire combination fits its criteria of freedom. The Lesser General +Public License permits more lax criteria for linking other code with +the library. + + We call this license the "Lesser" General Public License because it +does Less to protect the user's freedom than the ordinary General +Public License. It also provides other free software developers Less +of an advantage over competing non-free programs. These disadvantages +are the reason we use the ordinary General Public License for many +libraries. However, the Lesser license provides advantages in certain +special circumstances. + + For example, on rare occasions, there may be a special need to +encourage the widest possible use of a certain library, so that it becomes +a de-facto standard. To achieve this, non-free programs must be +allowed to use the library. A more frequent case is that a free +library does the same job as widely used non-free libraries. In this +case, there is little to gain by limiting the free library to free +software only, so we use the Lesser General Public License. + + In other cases, permission to use a particular library in non-free +programs enables a greater number of people to use a large body of +free software. For example, permission to use the GNU C Library in +non-free programs enables many more people to use the whole GNU +operating system, as well as its variant, the GNU/Linux operating +system. + + Although the Lesser General Public License is Less protective of the +users' freedom, it does ensure that the user of a program that is +linked with the Library has the freedom and the wherewithal to run +that program using a modified version of the Library. + + The precise terms and conditions for copying, distribution and +modification follow. Pay close attention to the difference between a +"work based on the library" and a "work that uses the library". The +former contains code derived from the library, whereas the latter must +be combined with the library in order to run. + + GNU LESSER GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library or other +program which contains a notice placed by the copyright holder or +other authorized party saying it may be distributed under the terms of +this Lesser General Public License (also called "this License"). +Each licensee is addressed as "you". + + A "library" means a collection of software functions and/or data +prepared so as to be conveniently linked with application programs +(which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work +which has been distributed under these terms. A "work based on the +Library" means either the Library or any derivative work under +copyright law: that is to say, a work containing the Library or a +portion of it, either verbatim or with modifications and/or translated +straightforwardly into another language. (Hereinafter, translation is +included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for +making modifications to it. For a library, complete source code means +all the source code for all modules it contains, plus any associated +interface definition files, plus the scripts used to control compilation +and installation of the library. + + Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running a program using the Library is not restricted, and output from +such a program is covered only if its contents constitute a work based +on the Library (independent of the use of the Library in a tool for +writing it). Whether that is true depends on what the Library does +and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's +complete source code as you receive it, in any medium, provided that +you conspicuously and appropriately publish on each copy an +appropriate copyright notice and disclaimer of warranty; keep intact +all the notices that refer to this License and to the absence of any +warranty; and distribute a copy of this License along with the +Library. + + You may charge a fee for the physical act of transferring a copy, +and you may at your option offer warranty protection in exchange for a +fee. + + 2. You may modify your copy or copies of the Library or any portion +of it, thus forming a work based on the Library, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a + table of data to be supplied by an application program that uses + the facility, other than as an argument passed when the facility + is invoked, then you must make a good faith effort to ensure that, + in the event an application does not supply such function or + table, the facility still operates, and performs whatever part of + its purpose remains meaningful. + + (For example, a function in a library to compute square roots has + a purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must + be optional: if the application does not supply it, the square + root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Library, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Library, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote +it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library +with the Library (or with a work based on the Library) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public +License instead of this License to a given copy of the Library. To do +this, you must alter all the notices that refer to this License, so +that they refer to the ordinary GNU General Public License, version 2, +instead of to this License. (If a newer version than version 2 of the +ordinary GNU General Public License has appeared, then you can specify +that version instead if you wish.) Do not make any other change in +these notices. + + Once this change is made in a given copy, it is irreversible for +that copy, so the ordinary GNU General Public License applies to all +subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of +the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or +derivative of it, under Section 2) in object code or executable form +under the terms of Sections 1 and 2 above provided that you accompany +it with the complete corresponding machine-readable source code, which +must be distributed under the terms of Sections 1 and 2 above on a +medium customarily used for software interchange. + + If distribution of object code is made by offering access to copy +from a designated place, then offering equivalent access to copy the +source code from the same place satisfies the requirement to +distribute the source code, even though third parties are not +compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the +Library, but is designed to work with the Library by being compiled or +linked with it, is called a "work that uses the Library". Such a +work, in isolation, is not a derivative work of the Library, and +therefore falls outside the scope of this License. + + However, linking a "work that uses the Library" with the Library +creates an executable that is a derivative of the Library (because it +contains portions of the Library), rather than a "work that uses the +library". The executable is therefore covered by this License. +Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file +that is part of the Library, the object code for the work may be a +derivative work of the Library even though the source code is not. +Whether this is true is especially significant if the work can be +linked without the Library, or if the work is itself a library. The +threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data +structure layouts and accessors, and small macros and small inline +functions (ten lines or less in length), then the use of the object +file is unrestricted, regardless of whether it is legally a derivative +work. (Executables containing this object code plus portions of the +Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may +distribute the object code for the work under the terms of Section 6. +Any executables containing that work also fall under Section 6, +whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also combine or +link a "work that uses the Library" with the Library to produce a +work containing portions of the Library, and distribute that work +under terms of your choice, provided that the terms permit +modification of the work for the customer's own use and reverse +engineering for debugging such modifications. + + You must give prominent notice with each copy of the work that the +Library is used in it and that the Library and its use are covered by +this License. You must supply a copy of this License. If the work +during execution displays copyright notices, you must include the +copyright notice for the Library among them, as well as a reference +directing the user to the copy of this License. Also, you must do one +of these things: + + a) Accompany the work with the complete corresponding + machine-readable source code for the Library including whatever + changes were used in the work (which must be distributed under + Sections 1 and 2 above); and, if the work is an executable linked + with the Library, with the complete machine-readable "work that + uses the Library", as object code and/or source code, so that the + user can modify the Library and then relink to produce a modified + executable containing the modified Library. (It is understood + that the user who changes the contents of definitions files in the + Library will not necessarily be able to recompile the application + to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user's computer system, + rather than copying library functions into the executable, and (2) + will operate properly with a modified version of the library, if + the user installs one, as long as the modified version is + interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at + least three years, to give the same user the materials + specified in Subsection 6a, above, for a charge no more + than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy + from a designated place, offer equivalent access to copy the above + specified materials from the same place. + + e) Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the +Library" must include any data and utility programs needed for +reproducing the executable from it. However, as a special exception, +the materials to be distributed need not include anything that is +normally distributed (in either source or binary form) with the major +components (compiler, kernel, and so on) of the operating system on +which the executable runs, unless that component itself accompanies +the executable. + + It may happen that this requirement contradicts the license +restrictions of other proprietary libraries that do not normally +accompany the operating system. Such a contradiction means you cannot +use both them and the Library together in an executable that you +distribute. + + 7. You may place library facilities that are a work based on the +Library side-by-side in a single library together with other library +facilities not covered by this License, and distribute such a combined +library, provided that the separate distribution of the work based on +the Library and of the other library facilities is otherwise +permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work + based on the Library, uncombined with any other library + facilities. This must be distributed under the terms of the + Sections above. + + b) Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + + 8. You may not copy, modify, sublicense, link with, or distribute +the Library except as expressly provided under this License. Any +attempt otherwise to copy, modify, sublicense, link with, or +distribute the Library is void, and will automatically terminate your +rights under this License. However, parties who have received copies, +or rights, from you under this License will not have their licenses +terminated so long as such parties remain in full compliance. + + 9. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Library or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Library (or any work based on the +Library), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Library or works based on it. + + 10. Each time you redistribute the Library (or any work based on the +Library), the recipient automatically receives a license from the +original licensor to copy, distribute, link with or modify the Library +subject to these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties with +this License. + + 11. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Library at all. For example, if a patent +license would not permit royalty-free redistribution of the Library by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any +particular circumstance, the balance of the section is intended to apply, +and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Library under this License may add +an explicit geographical distribution limitation excluding those countries, +so that distribution is permitted only in or among countries not thus +excluded. In such case, this License incorporates the limitation as if +written in the body of this License. + + 13. The Free Software Foundation may publish revised and/or new +versions of the Lesser General Public License from time to time. +Such new versions will be similar in spirit to the present version, +but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library +specifies a version number of this License which applies to it and +"any later version", you have the option of following the terms and +conditions either of that version or of any later version published by +the Free Software Foundation. If the Library does not specify a +license version number, you may choose any version ever published by +the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free +programs whose distribution conditions are incompatible with these, +write to the author to ask for permission. For software which is +copyrighted by the Free Software Foundation, write to the Free +Software Foundation; we sometimes make exceptions for this. Our +decision will be guided by the two goals of preserving the free status +of all derivatives of our free software and of promoting the sharing +and reuse of software generally. + + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY +KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU +FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING +RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF +SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Libraries + + If you develop a new library, and you want it to be of the greatest +possible use to the public, we recommend making it free software that +everyone can redistribute and change. You can do so by permitting +redistribution under these terms (or, alternatively, under the terms of the +ordinary General Public License). + + To apply these terms, attach the following notices to the library. It is +safest to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the library, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the + library `Frob' (a library for tweaking knobs) written by James Random Hacker. + + , 1 April 1990 + Ty Coon, President of Vice + +That's all there is to it!