audit-3.0.9 released

[Steve Grubb]

Hello,

I've just released a new version of the audit daemon. It can be
downloaded from http://people.redhat.com/sgrubb/audit. It will also be
in rawhide soon. The ChangeLog is:

- In auditd, release the async flush lock on stop
- Don't allow auditd to log directly into /var/log when log_group is non-zero
- Cleanup krb5 memory leaks on error paths
- Update auditd.cron to use auditctl --signal
- In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
- In auparse, special case kernel module name interpretation
- If overflow_action is ignore, don't treat as an error

The main driver for this release is to update the kerberos code. It could 
leak memory on certain error conditions. Also added in this release is 
support for records with more than 36 fields. Auditing execve calls would be 
the only way that it might have fell short. Now the field array is realloced 
bigger on demand. And one last item is that the kernel module name was not 
being interpreted correctly. Due to the field name being the same as a file 
path, it was being processed like a path instead of an escaped name.

SHA256: fd9570444df1573a274ca8ba23590082298a083cfc0618138957f590e845bc78

Please let me know if you run across any problems with this release.

-Steve