audit-4.0-160000.2.2

- Update audit.spec: add requirement for 'awk' package (bsc#1231236)

- Update to 4.0
  - Drop python2 support
  - Drop auvirt and autrace programs
  - Drop SysVinit support
  - Require the use of the 5.0 or later kernel headers
  - New README.md file
  - Rewrite legacy service functions in terms of systemctl
  - Consolidate and update end of event detection to a common function
  - Split off rule loading from auditd.service into audit-rules.service
  - Refactor libaudit.h to split out logging functions and record numbers
  - Speed up aureport --summary reports
  - Limit libaudit python bindings to logging functions
  - Add a metrics function for auparse
  - Change auditctl to use pidfd_send_signal for signaling auditd
  - Adjust watches to optimize syscalls hooked when watch file access
  - Drop nispom rules
  - Add intepretations for fsconfig, fsopen, fsmount, & move_mount
  - Many code fixups (cgzones)
  - Update syscall and interpretation tables to the 6.8 kernel
  (from v3.1.2)
  - When processing a run level change, make auditd exit
  - In auditd, fix return code when rules added in immutable mode
  - In auparse, when files are given, also consider EUID for access
  - Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya)
  - Disable Python bindings from setting rules due to swig bug (S. Trofimovich)
  - Update all lookup tables for the 6.5 kernel
  - Don't be as paranoid about auditctl -R file permissions
  - In ausearch, correct subject/object search to be an and if both are given
  - Adjust formats for 64 bit time_t
  - Fix segfault in python bindings around the feed API
  - Add feed_has_data, get_record_num, and get/goto_field_num to python bindings
- Update spec:
  * Add fix-auparse-test.patch (downstream):
    Upstream tests uses a static value (42) for 'gdm' uid/gid (based
    on Fedora values, apparently).  Replace these occurrences with
    'unknown(123456)'
  * Replace '--with-python' with '--with-python3' on %configure
  * Add new headers 'audit_logging.h' and 'audit-records.h' for
    audit-devel

- Update to 3.1.1:
  * Add user friendly keywords for signals to auditctl
  * In ausearch, parse up URINGOP and DM_CTRL records
  * Harden auparse to better handle corrupt logs
  * Fix a CFLAGS propogation problem in the common directory
  * Move the audispd af_unix plugin to a standalone program

- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.

- Enable livepatching on main library on x86_64.

- Update to 3.1:
  * Disable ProtectControlGroups in auditd.service by default
  * Fix rule checking for exclude filter
  * Make audit_rule_syscallbyname_data work correctly outside of auditctl
  * Add new record types
  * Add io_uring support
  * Add support for new FANOTIFY record fields
  * Add keyword, this-hour, to ausearch/report start/end options
  * Add Requires.private to audit.pc file
  * Try to interpret OPENAT2 fields correctly

- Enable build for ARM (32-bit)
- Update to version 3.0.9:
  * In auditd, release the async flush lock on stop
  * Don't allow auditd to log directly into /var/log when log_group is non-zero
  * Cleanup krb5 memory leaks on error paths
  * Update auditd.cron to use auditctl --signal
  * In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
  * In auparse, special case kernel module name interpretation
  * If overflow_action is ignore, don't treat as an error
  (3.0.8)
  * Add gcc function attributes for access and allocation
  * Add some more man pages (MIZUTA Takeshi)
  * In auditd, change the reinitializing of the plugin queue
  * Fix path normalization in auparse (Sergio Correia)
  * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
  * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
  * Drop ProtectHome from auditd.service as it interferes with rules
  (3.0.7)
  * Add support for the OPENAT2 record type (Richard Guy Briggs)
  * In auditd, close the logging file descriptor when logging is suspended
  * Update the capabilities lookup table to match 5.16 kernel
  * Improve interpretation of renamat & faccessat family of syscalls
  * Update syscall table for the 5.16 kernel
  * Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
  * audit-allow-manual-stop.patch
  * audit-ausearch-do-not-require-tclass.patch
  * audit-no-gss.patch
  * enable-stop-rules.patch
  * fix-hardened-service.patch
  * harden_auditd.service.patch
- Remove patches (fixed by version update):
  * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
  * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch

- Modernize specfile constructs.

- Update to version 3.0.6:
  * fixes a segfault on some SELINUX_ERR records
  * makes IPX packet interpretation dependent on the ipx header
    file existing
  * adds b32/b64 support to ausyscall
  * adds support for armv8l
  * fixes auditctl list of syscalls on PPC
  * auditd.service now restarts auditd under some conditions

- Update to version 3.0.5:
  * In auditd, flush uid/gid caches when user/group added/deleted/modified
  * Fixed various issues when dealing with corrupted logs
  * In auditd, check if log_file is valid before closing handle
- Include fixed from 3.0.4:
  * Apply performance speedups to auparse library
  * Optimize rule loading in auditctl
  * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
  * Update syscall table to the 5.14 kernel
  * Fixed various issues when dealing with corrupted logs