rpms
/
rsyslog
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c-beta
rpms:c9-beta
rpms:i9c
rpms:c9
...
pull from: rpms:c10-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c-beta
rpms:c9-beta
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

39 changed files with 492 additions and 3275 deletions
Show Stats

4
.gitignore vendored
Unescape View File

@ -1,3 +1,3 @@
SOURCES/qpid-proton-0.39.0.tar.gz
SOURCES/rsyslog-8.2102.0.tar.gz
SOURCES/rsyslog-doc-8.2102.0.tar.gz
SOURCES/rsyslog-8.2408.0.tar.gz
SOURCES/rsyslog-doc-8.2408.0.tar.gz

6
.rsyslog.metadata
Unescape View File

@ -1,3 +1,3 @@
e2fe5aada26415aeb1902435a8acf5ee388cb2cf SOURCES/qpid-proton-0.39.0.tar.gz
fdda78ed808e7a0dca03ead9227a0a5d913a050f SOURCES/rsyslog-8.2102.0.tar.gz
9c2188d435cb5f79c1c35749003bd2a61e7f2d07 SOURCES/rsyslog-doc-8.2102.0.tar.gz
de593ff72792d70b9027dd67aaa2b830dc148574 SOURCES/qpid-proton-0.39.0.tar.gz
83dd5ab9a5ca60b96eba1b01850ef2904b5f8639 SOURCES/rsyslog-8.2408.0.tar.gz
b2d852706e9a1029ee20adf4ecaab42865301b56 SOURCES/rsyslog-doc-8.2408.0.tar.gz

72
SOURCES/disable-openssl-engine.patch
Unescape View File

@ -0,0 +1,72 @@
diff -up rsyslog-8.2408.0/runtime/net_ossl.c.orig rsyslog-8.2408.0/runtime/net_ossl.c
--- rsyslog-8.2408.0/runtime/net_ossl.c.orig 2024-08-21 12:20:02.634846602 +0200
+++ rsyslog-8.2408.0/runtime/net_ossl.c 2024-08-21 12:23:59.487229756 +0200
@@ -223,6 +223,7 @@ osslGlblInit(void)
PRAGMA_DIAGNOSTIC_PUSH
PRAGMA_IGNORE_Wdeprecated_declarations
+#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM
// Initialize OpenSSL engine library
ENGINE_load_builtin_engines();
/* Register all of them for every algorithm they collectively implement */
@@ -243,6 +244,7 @@ PRAGMA_IGNORE_Wdeprecated_declarations
}
// Free the engine reference when done
ENGINE_free(osslEngine);
+#endif
PRAGMA_DIAGNOSTIC_POP
}
@@ -251,7 +253,10 @@ void
osslGlblExit(void)
{
DBGPRINTF("openssl: entering osslGlblExit\n");
+
+#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM
ENGINE_cleanup();
+#endif
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
@@ -638,7 +643,7 @@ net_ossl_chkonepeername(net_ossl_t *pThi
#endif
char *x509name = NULL;
DEFiRet;
-
+
if (certpeer == NULL) {
ABORT_FINALIZE(RS_RET_TLS_NO_CERT);
}
@@ -1151,6 +1156,8 @@ net_ossl_init_engine(__attribute__((unus
PRAGMA_DIAGNOSTIC_PUSH
PRAGMA_IGNORE_Wdeprecated_declarations
+#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM
+
// Get the default RSA engine
ENGINE *default_engine = ENGINE_get_default_RSA();
if (default_engine) {
@@ -1188,6 +1195,7 @@ PRAGMA_IGNORE_Wdeprecated_declarations
} else {
DBGPRINTF("net_ossl_init_engine: use openssl default Engine");
}
+#endif
PRAGMA_DIAGNOSTIC_POP
RETiRet;
diff -up rsyslog-8.2408.0/runtime/net_ossl.h.orig rsyslog-8.2408.0/runtime/net_ossl.h
--- rsyslog-8.2408.0/runtime/net_ossl.h.orig 2024-08-21 12:19:42.902648065 +0200
+++ rsyslog-8.2408.0/runtime/net_ossl.h 2024-08-21 12:23:14.053772607 +0200
@@ -31,7 +31,11 @@
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
# include <openssl/bioerr.h>
#endif
-#include <openssl/engine.h>
+
+#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM
+# include <openssl/engine.h>
+#endif
+
#include <openssl/rand.h>
#include <openssl/evp.h>

93
SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
Unescape View File

@ -1,93 +0,0 @@
diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjournal.c
--- ./plugins/imjournal/imjournal.c.default-tag 2018-05-17 08:50:11.416418022 -0400
+++ ./plugins/imjournal/imjournal.c 2018-05-17 08:53:02.884418022 -0400
@@ -78,6 +78,7 @@ static struct configSettings_s {
int bWorkAroundJournalBug; /* deprecated, left for backwards compatibility only */
int bFsync;
int bRemote;
+ char *dfltTag;
} cs;
static rsRetVal facilityHdlr(uchar **pp, void *pVal);
@@ -93,7 +94,8 @@ static struct cnfparamdescr modpdescr[]
{ "usepid", eCmdHdlrString, 0 },
{ "workaroundjournalbug", eCmdHdlrBinary, 0 },
{ "fsync", eCmdHdlrBinary, 0 },
- { "remote", eCmdHdlrBinary, 0 }
+ { "remote", eCmdHdlrBinary, 0 },
+ { "defaulttag", eCmdHdlrGetWord, 0 }
};
static struct cnfparamblk modpblk =
{ CNFPARAMBLK_VERSION,
@@ -104,6 +106,7 @@ static struct cnfparamblk modpblk =
#define DFLT_persiststateinterval 10
#define DFLT_SEVERITY pri2sev(LOG_NOTICE)
#define DFLT_FACILITY pri2fac(LOG_USER)
+#define DFLT_TAG "journal"
static int bLegacyCnfModGlobalsPermitted = 1;/* are legacy module-global config parameters permitted? */
@@ -268,7 +271,7 @@ readjournal(void)
/* Information from messages */
char *message = NULL;
- char *sys_iden;
+ char *sys_iden = NULL;
char *sys_iden_help = NULL;
const void *get;
@@ -331,7 +334,7 @@ readjournal(void)
if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
} else {
- CHKmalloc(sys_iden = strdup("journal"));
+ CHKmalloc(sys_iden = strdup(cs.dfltTag));
}
/* trying to get PID, default is "SYSLOG_PID" property */
@@ -654,6 +657,11 @@ CODESTARTrunInput
"\"usepidfromsystem\" is depricated, use \"usepid\" instead");
}
+ if (cs.dfltTag == NULL) {
+ cs.dfltTag = strdup(DFLT_TAG);
+ }
+
+
if (cs.usePid && (strcmp(cs.usePid, "system") == 0)) {
pidFieldName = "_PID";
bPidFallBack = 0;
@@ -732,6 +740,7 @@ CODESTARTbeginCnfLoad
cs.bWorkAroundJournalBug = 1;
cs.bFsync = 0;
cs.bRemote = 0;
+ cs.dfltTag = NULL;
ENDbeginCnfLoad
@@ -754,6 +763,7 @@ BEGINfreeCnf
CODESTARTfreeCnf
free(cs.stateFile);
free(cs.usePid);
+ free(cs.dfltTag);
free(journalContext.cursor);
statsobj.Destruct(&(statsCounter.stats));
ENDfreeCnf
@@ -832,6 +842,8 @@ CODESTARTsetModCnf
cs.bFsync = (int) pvals[i].val.d.n;
} else if (!strcmp(modpblk.descr[i].name, "remote")) {
cs.bRemote = (int) pvals[i].val.d.n;
+ } else if (!strcmp(modpblk.descr[i].name, "defaulttag")) {
+ cs.dfltTag = (char *)es_str2cstr(pvals[i].val.d.estr, NULL);
} else {
dbgprintf("imjournal: program error, non-handled "
"param '%s' in beginCnfLoad\n", modpblk.descr[i].name);
@@ -799,6 +820,8 @@ CODEmodInit_QueryRegCFSLineHdlr
facilityHdlr, &cs.iDfltFacility, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournalusepidfromsystem", 0, eCmdHdlrBinary,
NULL, &cs.bUseJnlPID, STD_LOADABLE_MODULE_ID));
+ CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournaldefaulttag", 0, eCmdHdlrGetWord,
+ NULL, &cs.dfltTag, STD_LOADABLE_MODULE_ID));
ENDmodInit
/* vim:set ai:
*/

11
SOURCES/rsyslog-8.2102.0-capabilities-capnetraw.patch
Unescape View File

@ -1,11 +0,0 @@
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-03-06 09:33:13.969300666 +0100
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-03-06 09:33:35.089326502 +0100
@@ -2164,6 +2164,7 @@ main(int argc, char **argv)
CAP_SETGID,
CAP_SETUID,
CAP_DAC_OVERRIDE,
+ CAP_NET_RAW,
CAP_SYS_ADMIN,
CAP_SYS_CHROOT,
CAP_SYS_RESOURCE,

67
SOURCES/rsyslog-8.2102.0-capabilities-drop-credential.patch
Unescape View File

@ -1,67 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-02-17 11:52:17.460043970 +0100
+++ rsyslog-8.2102.0/runtime/rsconf.c 2023-02-17 12:00:49.881602881 +0100
@@ -33,9 +33,6 @@
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/stat.h>
-#ifdef ENABLE_LIBCAPNG
- #include <cap-ng.h>
-#endif
#include "rsyslog.h"
#include "obj.h"
@@ -549,7 +546,7 @@ rsRetVal doDropPrivGid(void)
uchar szBuf[1024];
DEFiRet;
-#ifndef ENABLE_LIBCAPNG
+
if(!ourConf->globals.gidDropPrivKeepSupplemental) {
res = setgroups(0, NULL); /* remove all supplemental group IDs */
if(res) {
@@ -567,15 +564,6 @@ rsRetVal doDropPrivGid(void)
"could not set requested group id: %s via setgid()", szBuf);
ABORT_FINALIZE(RS_RET_ERR_DROP_PRIV);
}
-#else
- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
- res = capng_change_id(-1, ourConf->globals.gidDropPriv, capng_flags);
- if (res) {
- LogError(0, RS_RET_LIBCAPNG_ERR,
- "could not set requested group id %d via capng_change_id()", ourConf->globals.gidDropPriv);
- ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR);
- }
-#endif
DBGPRINTF("setgid(%d): %d\n", ourConf->globals.gidDropPriv, res);
snprintf((char*)szBuf, sizeof(szBuf), "rsyslogd's groupid changed to %d",
@@ -613,13 +601,8 @@ static void doDropPrivUid(int iUid)
iUid, szBuf);
}
-#ifndef ENABLE_LIBCAPNG
+
res = setuid(iUid);
- // res = setuid(cnf->globals.uidDropPriv);
-#else
- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
- res = capng_change_id(iUid, -1, capng_flags);
-#endif
if(res) {
/* if we can not set the userid, this is fatal, so let's unconditionally abort */
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-02-17 11:52:00.011011019 +0100
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-02-17 11:58:37.322491823 +0100
@@ -2161,9 +2161,9 @@ main(int argc, char **argv)
CAP_LEASE,
CAP_NET_ADMIN,
CAP_NET_BIND_SERVICE,
- CAP_PERFMON,
CAP_SETGID,
CAP_SETUID,
+ CAP_DAC_OVERRIDE,
CAP_SYS_ADMIN,
CAP_SYS_CHROOT,
CAP_SYS_RESOURCE,

11
SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
Unescape View File

@ -1,11 +0,0 @@
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-07-28 11:11:36.253771848 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-07-28 11:11:57.628795339 +0200
@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
capabilities_t capabilities[] = {
#define CAP_FIELD(code) { code, #code, 0 }
CAP_FIELD(CAP_BLOCK_SUSPEND),
+ CAP_FIELD(CAP_NET_RAW),
CAP_FIELD(CAP_CHOWN),
CAP_FIELD(CAP_IPC_LOCK),
CAP_FIELD(CAP_LEASE),

21
SOURCES/rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
Unescape View File

@ -1,21 +0,0 @@
diff -up rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig rsyslog-8.2102.0/plugins/omrelp/omrelp.c
--- rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig 2021-06-15 12:46:14.758589030 +0200
+++ rsyslog-8.2102.0/plugins/omrelp/omrelp.c 2021-06-15 12:47:08.130516632 +0200
@@ -303,7 +303,7 @@ ENDfreeCnf
BEGINcreateInstance
CODESTARTcreateInstance
pData->sizeWindow = 0;
- pData->timeout = 90;
+ pData->timeout = 5;
pData->connTimeout = 10;
pData->rebindInterval = 0;
pData->bEnableTLS = DFLT_ENABLE_TLS;
@@ -365,7 +365,7 @@ setInstParamDefaults(instanceData *pData
pData->target = NULL;
pData->port = NULL;
pData->tplName = NULL;
- pData->timeout = 90;
+ pData->timeout = 5;
pData->connTimeout = 10;
pData->sizeWindow = 0;
pData->rebindInterval = 0;

47
SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch
Unescape View File

@ -1,47 +0,0 @@
diff -up rsyslog-8.2102.0/doc/configuration/modules/imfile.html.state-file-leaking-doc rsyslog-8.2102.0/doc/configuration/modules/imfile.html
--- rsyslog-8.2102.0/doc/configuration/modules/imfile.html.state-file-leaking-doc 2021-02-15 12:53:31.000000000 +0100
+++ rsyslog-8.2102.0/doc/configuration/modules/imfile.html 2022-03-29 10:35:07.187827004 +0200
@@ -294,6 +294,28 @@ rsyslog needs write permissions to work
also might require SELinux definitions (or similar for other enhanced security
systems).</p>
</div>
+<div class="section" id="deletestateonfilemove">
+<h4>deleteStateOnFileMove<a class="headerlink" href="#deletestateonfilemove" title="Permalink to this headline">¶</a></h4>
+<table border="1" class="colwidths-auto parameter-table docutils">
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">type</th>
+<th class="head">default</th>
+<th class="head">mandatory</th>
+<th class="head"><code class="docutils literal notranslate"><span class="pre">obsolete</span> <span class="pre">legacy</span></code> directive</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td>binary</td>
+<td>off</td>
+<td>no</td>
+<td>none</td>
+</tr>
+</tbody>
+</table>
+<p>This parameter controls if state files are deleted if their associated main file is rotated via move. Usually, this is a good idea, because otherwise state files are not deleted when log rotation occurs.</p>
+
+<p>However, there is one situation where not deleting associated state file after log rotation makes sense: this is the case if a monitored file is later moved back to the same location as it was before.</p>
+</div>
</div>
<div class="section" id="input-parameters">
<h3>Input Parameters<a class="headerlink" href="#input-parameters" title="Permalink to this headline">¶</a></h3>
@@ -1214,6 +1236,7 @@ and Others.</p>
<li><a class="reference internal" href="#sortfiles">sortFiles</a></li>
<li><a class="reference internal" href="#pollinginterval">PollingInterval</a></li>
<li><a class="reference internal" href="#statefile-directory">statefile.directory</a></li>
+<li><a class="reference internal" href="#deletestateonfilemove">deleteStateOnFileMove</a></li>
</ul>
</li>
<li><a class="reference internal" href="#input-parameters">Input Parameters</a><ul>
@@ -1311,4 +1334,4 @@ and Others.</p>
<div class="footer" role="contentinfo">
</div>
</body>
-</html>
\ No newline at end of file
+</html>

162
SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch
Unescape View File

@ -1,162 +0,0 @@
diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2102.0/plugins/imfile/imfile.c
--- rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/plugins/imfile/imfile.c 2022-03-28 12:51:03.572554843 +0200
@@ -259,6 +259,7 @@ struct modConfData_s {
Must be manually reset to 0 if desired. Helper for
polling mode.
*/
+ sbool deleteStateOnFileMove;
};
static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
static modConfData_t *runModConf = NULL;/* modConf ptr to use for run process */
@@ -305,7 +306,8 @@ static struct cnfparamdescr modpdescr[]
{ "sortfiles", eCmdHdlrBinary, 0 },
{ "statefile.directory", eCmdHdlrString, 0 },
{ "normalizepath", eCmdHdlrBinary, 0 },
- { "mode", eCmdHdlrGetWord, 0 }
+ { "mode", eCmdHdlrGetWord, 0 },
+ { "deletestateonfilemove", eCmdHdlrBinary, 0 }
};
static struct cnfparamblk modpblk =
{ CNFPARAMBLK_VERSION,
@@ -545,11 +547,20 @@ static int
in_setupWatch(act_obj_t *const act, const int is_file)
{
int wd = -1;
+ int flags;
if(runModConf->opMode != OPMODE_INOTIFY)
goto done;
- wd = inotify_add_watch(ino_fd, act->name,
- (is_file) ? IN_MODIFY|IN_DONT_FOLLOW : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO);
+ // wd = inotify_add_watch(ino_fd, act->name,
+ // (is_file) ? IN_MODIFY|IN_DONT_FOLLOW : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO);
+ if(is_file)
+ flags = IN_MODIFY|IN_DONT_FOLLOW;
+ else if(runModConf->deleteStateOnFileMove)
+ flags = IN_CREATE|IN_DELETE|IN_MOVED_TO;
+ else
+ flags = IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO;
+ wd = inotify_add_watch(ino_fd, act->name, flags);
+
if(wd < 0) {
if (errno == EACCES) { /* There is high probability of selinux denial on top-level paths */
DBGPRINTF("imfile: permission denied when adding watch for '%s'\n", act->name);
@@ -713,7 +724,7 @@ act_obj_add(fs_edge_t *const edge, const
char basename[MAXFNAME];
DEFiRet;
int fd = -1;
-
+
DBGPRINTF("act_obj_add: edge %p, name '%s' (source '%s')\n", edge, name, source? source : "---");
for(act = edge->active ; act != NULL ; act = act->next) {
if(!strcmp(act->name, name)) {
@@ -977,9 +988,18 @@ act_obj_destroy(act_obj_t *const act, co
if(act == NULL)
return;
- DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
- act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted,
- act->in_move);
+ // DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
+ // act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted,
+ // act->in_move);
+ if (runModConf->deleteStateOnFileMove) {
+ DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d\n",
+ act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted);
+ } else {
+ DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
+ act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm,
+ is_deleted, act->in_move);
+ }
+
if(act->is_symlink && is_deleted) {
act_obj_t *target_act;
for(target_act = act->edge->active ; target_act != NULL ; target_act = target_act->next) {
@@ -996,13 +1016,15 @@ act_obj_destroy(act_obj_t *const act, co
pollFile(act); /* get any left-over data */
if(inst->bRMStateOnDel) {
statefn = getStateFileName(act, statefile, sizeof(statefile));
- getFullStateFileName(statefn, "", toDel, sizeof(toDel)); // TODO: check!
+ // getFullStateFileName(statefn, "", toDel, sizeof(toDel)); // TODO: check!
+ getFullStateFileName(statefn, act->file_id, toDel, sizeof(toDel)); // TODO: check!
statefn = toDel;
}
persistStrmState(act);
strm.Destruct(&act->pStrm);
/* we delete state file after destruct in case strm obj initiated a write */
- if(is_deleted && !act->in_move && inst->bRMStateOnDel) {
+ // if(is_deleted && !act->in_move && inst->bRMStateOnDel) {
+ if(is_deleted && inst->bRMStateOnDel && (runModConf->deleteStateOnFileMove || !act->in_move)) {
DBGPRINTF("act_obj_destroy: deleting state file %s\n", statefn);
unlink((char*)statefn);
}
@@ -1012,6 +1034,7 @@ act_obj_destroy(act_obj_t *const act, co
}
#ifdef HAVE_INOTIFY_INIT
if(act->wd != -1) {
+ inotify_rm_watch(ino_fd, act->wd);
wdmapDel(act->wd);
}
#endif
@@ -2026,6 +2049,7 @@ CODESTARTbeginCnfLoad
loadModConf->timeoutGranularity = 1000; /* default: 1 second */
loadModConf->haveReadTimeouts = 0; /* default: no timeout */
loadModConf->normalizePath = 1;
+ loadModConf->deleteStateOnFileMove = 0;
loadModConf->sortFiles = GLOB_NOSORT;
loadModConf->stateFileDirectory = NULL;
loadModConf->conf_tree = calloc(sizeof(fs_node_t), 1);
@@ -2085,6 +2109,8 @@ CODESTARTsetModCnf
loadModConf->stateFileDirectory = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(modpblk.descr[i].name, "normalizepath")) {
loadModConf->normalizePath = (sbool) pvals[i].val.d.n;
+ } else if(!strcmp(modpblk.descr[i].name, "deletestateonfilemove")) {
+ loadModConf->deleteStateOnFileMove = (sbool) pvals[i].val.d.n;
} else if(!strcmp(modpblk.descr[i].name, "mode")) {
if(!es_strconstcmp(pvals[i].val.d.estr, "polling"))
loadModConf->opMode = OPMODE_POLLING;
@@ -2388,16 +2414,35 @@ in_processEvent(struct inotify_event *ev
DBGPRINTF("in_processEvent process Event %x is_file %d, act->name '%s'\n",
ev->mask, etry->act->edge->is_file, etry->act->name);
- if((ev->mask & IN_MOVED_FROM)) {
- flag_in_move(etry->act->edge->node->edges, ev->name);
- }
- if(ev->mask & (IN_MOVED_FROM | IN_MOVED_TO)) {
- fs_node_walk(etry->act->edge->node, poll_tree);
- } else if(etry->act->edge->is_file && !(etry->act->is_symlink)) {
- in_handleFileEvent(ev, etry); // esentially poll_file()!
+ // if((ev->mask & IN_MOVED_FROM)) {
+ // flag_in_move(etry->act->edge->node->edges, ev->name);
+ // }
+ // if(ev->mask & (IN_MOVED_FROM | IN_MOVED_TO)) {
+ // fs_node_walk(etry->act->edge->node, poll_tree);
+ // } else if(etry->act->edge->is_file && !(etry->act->is_symlink)) {
+ // in_handleFileEvent(ev, etry); // esentially poll_file()!
+ // } else {
+ // fs_node_walk(etry->act->edge->node, poll_tree);
+ // }
+ if(!runModConf->deleteStateOnFileMove) {
+ if((ev->mask & IN_MOVED_FROM)) {
+ flag_in_move(etry->act->edge->node->edges, ev->name);
+ }
+ if(ev->mask & (IN_MOVED_FROM | IN_MOVED_TO)) {
+ fs_node_walk(etry->act->edge->node, poll_tree);
+ } else if(etry->act->edge->is_file && !(etry->act->is_symlink)) {
+ in_handleFileEvent(ev, etry); // esentially poll_file()!
+ } else {
+ fs_node_walk(etry->act->edge->node, poll_tree);
+ }
} else {
- fs_node_walk(etry->act->edge->node, poll_tree);
+ if((ev->mask & IN_MODIFY) && etry->act->edge->is_file && !(etry->act->is_symlink)) {
+ in_handleFileEvent(ev, etry); // esentially poll_file()!
+ } else {
+ fs_node_walk(etry->act->edge->node, poll_tree);
+ }
}
+
done: return;
}

163
SOURCES/rsyslog-8.2102.0-rhbz1938863-covscan.patch
Unescape View File

@ -1,163 +0,0 @@
diff -up rsyslog-8.2102.0/contrib/imdocker/imdocker.c.covscan rsyslog-8.2102.0/contrib/imdocker/imdocker.c
--- rsyslog-8.2102.0/contrib/imdocker/imdocker.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/contrib/imdocker/imdocker.c 2021-07-22 14:10:31.877231143 +0200
@@ -1527,6 +1527,7 @@ process_json(sbool isInit, const char* j
pInstances->last_container_id,
(unsigned)pInstances->last_container_created);
}
+ // coverity[leaked_storage : FALSE]
CHKiRet(dockerContLogsInstSetUrlById(isInit, pInst,
pInstances->curlm, containerId));
CHKiRet(dockerContLogReqsAdd(pInstances, pInst));
diff -up rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c.covscan rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c
--- rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c.covscan 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c 2021-07-22 14:10:31.877231143 +0200
@@ -324,7 +324,6 @@ BEGINnewActInst
struct cnfparamvals *pvals;
int i;
int iNumTpls;
- uchar *keydup = NULL;
CODESTARTnewActInst
if((pvals = nvlstGetParams(lst, &actpblk, NULL)) == NULL)
ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
@@ -417,14 +416,11 @@ CODESTARTnewActInst
CHKiRet(OMSRsetEntry(*ppOMSR, 0, (uchar*)pData->tplName, OMSR_NO_RQD_TPL_OPTS));
if (pData->dynaKey) {
- CHKmalloc(keydup = ustrdup(pData->key));
CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(pData->key), OMSR_NO_RQD_TPL_OPTS));
- keydup = NULL; /* handed over */
}
CODE_STD_FINALIZERnewActInst
cnfparamvalsDestruct(pvals, &actpblk);
- free(keydup);
ENDnewActInst
diff -up rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c.covscan rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c
--- rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c 2021-07-22 14:10:31.877231143 +0200
@@ -778,6 +778,7 @@ static rsRetVal publishRabbitMQ(wrkrInst
ABORT_FINALIZE(RS_RET_RABBITMQ_CONN_ERR);
}
+ // coverity[identical_branches : FALSE]
if (manage_error(amqp_basic_publish(self->a_conn, 1, exchange, routing_key,
0, 0, p_amqp_props, body_bytes), "amqp_basic_publish")) {
/* error already notified */
diff -up rsyslog-8.2102.0/grammar/rainerscript.c.covscan rsyslog-8.2102.0/grammar/rainerscript.c
--- rsyslog-8.2102.0/grammar/rainerscript.c.covscan 2021-02-15 12:06:16.000000000 +0100
+++ rsyslog-8.2102.0/grammar/rainerscript.c 2021-07-22 14:10:31.878231140 +0200
@@ -2814,7 +2814,7 @@ evalVar(struct cnfvar *__restrict__ cons
if(bMustBeFreed)
free(pszProp);
}
-
+ // coverity[leaked_storage : FALSE]
}
/* perform a string comparision operation against a while array. Semantic is
diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.covscan rsyslog-8.2102.0/plugins/imfile/imfile.c
--- rsyslog-8.2102.0/plugins/imfile/imfile.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/plugins/imfile/imfile.c 2021-07-22 14:10:31.878231140 +0200
@@ -1278,6 +1278,7 @@ static void ATTR_NONNULL(1)
getFileID(act_obj_t *const act)
{
char tmp_id[FILE_ID_HASH_SIZE];
+ // coverity[buffer_size_warning : FALSE]
strncpy(tmp_id, (const char*)act->file_id, FILE_ID_HASH_SIZE);
act->file_id[0] = '\0';
assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */
@@ -1290,6 +1291,7 @@ getFileID(act_obj_t *const act)
DBGPRINTF("getFileID partial or error read, ret %d\n", r);
}
if (strncmp(tmp_id, act->file_id, FILE_ID_HASH_SIZE)) {/* save the old id for cleaning purposes */
+ // coverity[buffer_size_warning : FALSE]
strncpy(act->file_id_prev, tmp_id, FILE_ID_HASH_SIZE);
}
DBGPRINTF("getFileID for '%s', file_id_hash '%s'\n", act->name, act->file_id);
@@ -1544,6 +1546,7 @@ openFileWithoutStateFile(act_obj_t *cons
const int fd = open(act->name, O_RDONLY | O_CLOEXEC);
if(fd >= 0) {
act->pStrm->iCurrOffs = lseek64(fd, 0, SEEK_END);
+ close(fd);
if(act->pStrm->iCurrOffs < 0) {
act->pStrm->iCurrOffs = 0;
LogError(errno, RS_RET_ERR, "imfile: could not query current "
diff -up rsyslog-8.2102.0/plugins/imptcp/imptcp.c.covscan rsyslog-8.2102.0/plugins/imptcp/imptcp.c
--- rsyslog-8.2102.0/plugins/imptcp/imptcp.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/plugins/imptcp/imptcp.c 2021-07-22 14:10:31.878231140 +0200
@@ -1920,6 +1920,7 @@ lstnActivity(ptcplstn_t *const pLstn)
}
finalize_it:
+ // coverity[leaked_handle : FALSE]
RETiRet;
}
diff -up rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c.covscan rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c
--- rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c.covscan 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c 2021-07-22 14:10:31.879231138 +0200
@@ -394,7 +394,7 @@ CODEmodInit_QueryRegCFSLineHdlr
ABORT_FINALIZE(RS_RET_NO_MSG_PASSING);
}
-
+ // coverity[identical_branches : FALSE]
CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler,
resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID));
ENDmodInit
diff -up rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c.covscan rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c
--- rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c.covscan 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c 2021-07-22 14:10:31.879231138 +0200
@@ -368,6 +368,7 @@ writeDataError(wrkrInstanceData_t *const
}
finalize_it:
+ // coverity[leaked_storage : FALSE]
RETiRet;
}
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.covscan rsyslog-8.2102.0/runtime/nsd_gtls.c
--- rsyslog-8.2102.0/runtime/nsd_gtls.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2021-07-22 14:17:06.183174167 +0200
@@ -227,7 +227,7 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis)
pThis->bOurKeyIsInit = 1;
CHKgnutls(gnutls_x509_privkey_import(pThis->ourKey, &data, GNUTLS_X509_FMT_PEM));
free(data.data);
-
+ data.data = NULL;
finalize_it:
if(iRet == RS_RET_CERTLESS) {
diff -up rsyslog-8.2102.0/runtime/nsd_ptcp.c.covscan rsyslog-8.2102.0/runtime/nsd_ptcp.c
--- rsyslog-8.2102.0/runtime/nsd_ptcp.c.covscan 2021-02-15 08:20:04.000000000 +0100
+++ rsyslog-8.2102.0/runtime/nsd_ptcp.c 2021-07-22 14:10:31.879231138 +0200
@@ -191,6 +191,7 @@ SetTlsVerifyDepth(nsd_t __attribute__((u
nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
DEFiRet;
ISOBJ_TYPE_assert((pThis), nsd_ptcp);
+ // coverity[identical_branches : FALSE]
if (verifyDepth == 0) {
FINALIZE;
}
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.covscan rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2021-07-22 14:10:31.879231138 +0200
@@ -293,6 +293,7 @@ writePidFile(void)
free((void*)tmpPidFile);
}
finalize_it:
+ // coverity[leaked_storage : FALSE]
RETiRet;
}
@@ -1026,6 +1027,7 @@ splitOversizeMessage(smsg_t *const pMsg)
/* if necessary, write partial last segment */
if(len_last_segment != 0) {
CHKmalloc(pMsg_seg = MsgDup(pMsg));
+ // coverity[copy_paste_error : FALSE]
MsgSetRawMsg(pMsg_seg, rawmsg + (nsegments * maxlen), len_last_segment);
submitMsg2(pMsg_seg);
}

20
SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
Unescape View File

@ -1,20 +0,0 @@
diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-15 12:30:35.238832058 +0200
+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-15 12:32:04.699721356 +0200
@@ -565,6 +565,8 @@ persistJournalState(void)
ABORT_FINALIZE(RS_RET_IO_ERROR);
}
+ fflush(sf);
+
/* change the name of the file to the configured one */
if (rename(tmp_sf, cs.stateFile) < 0) {
LogError(errno, iRet, "imjournal: rename() failed for new path: '%s'", cs.stateFile);
@@ -586,6 +588,7 @@ persistJournalState(void)
LogError(errno, RS_RET_IO_ERROR, "imjournal: fsync on '%s' failed", glbl.GetWorkDir());
ABORT_FINALIZE(RS_RET_IO_ERROR);
}
+ closedir(wd);
}
DBGPRINTF("Persisted journal to '%s'\n", cs.stateFile);

102
SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
Unescape View File

@ -1,102 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/cfsysline.c.orig rsyslog-8.2102.0/runtime/cfsysline.c
--- rsyslog-8.2102.0/runtime/cfsysline.c.orig 2021-08-04 07:16:02.663163106 +0200
+++ rsyslog-8.2102.0/runtime/cfsysline.c 2021-08-04 07:18:05.952490008 +0200
@@ -353,13 +353,8 @@ static rsRetVal doGetGID(uchar **pp, rsR
assert(*pp != NULL);
if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "could not extract group name: %s\n", (char*)szName);
- exit(1); /* good exit */
- } else {
- LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
- ABORT_FINALIZE(RS_RET_NOT_FOUND);
- }
+ LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
}
do {
@@ -380,10 +375,6 @@ static rsRetVal doGetGID(uchar **pp, rsR
LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", szName);
}
iRet = RS_RET_NOT_FOUND;
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "ID for group '%s' could not be found or error\n", szName);
- exit(1); /* good exit */
- }
} else {
if(pSetHdlr == NULL) {
/* we should set value directly to var */
@@ -418,25 +409,15 @@ static rsRetVal doGetUID(uchar **pp, rsR
assert(*pp != NULL);
if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "could not extract user name: %s\n", (char*)szName);
- exit(1); /* good exit */
- } else {
- LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
- ABORT_FINALIZE(RS_RET_NOT_FOUND);
- }
+ LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
}
getpwnam_r((char*)szName, &pwBuf, stringBuf, sizeof(stringBuf), &ppwBuf);
if(ppwBuf == NULL) {
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "ID for user '%s' could not be found or error\n", (char*)szName);
- exit(1); /* good exit */
- } else {
- LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
- iRet = RS_RET_NOT_FOUND;
- }
+ LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
+ iRet = RS_RET_NOT_FOUND;
} else {
if(pSetHdlr == NULL) {
/* we should set value directly to var */
diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
--- rsyslog-8.2102.0/runtime/glbl.c.orig 2021-08-04 07:18:19.301633677 +0200
+++ rsyslog-8.2102.0/runtime/glbl.c 2021-08-04 07:19:02.409019106 +0200
@@ -210,7 +210,6 @@ static struct cnfparamdescr cnfparamdesc
{ "environment", eCmdHdlrArray, 0 },
{ "processinternalmessages", eCmdHdlrBinary, 0 },
{ "umask", eCmdHdlrFileCreateMode, 0 },
- { "security.abortonidresolutionfail", eCmdHdlrBinary, 0 },
{ "internal.developeronly.options", eCmdHdlrInt, 0 },
{ "internalmsg.ratelimit.interval", eCmdHdlrPositiveInt, 0 },
{ "internalmsg.ratelimit.burst", eCmdHdlrPositiveInt, 0 },
@@ -1443,8 +1442,6 @@ glblDoneLoadCnf(void)
glblInputTimeoutShutdown = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "privdrop.group.keepsupplemental")) {
loadConf->globals.gidDropPrivKeepSupplemental = (int) cnfparamvals[i].val.d.n;
- } else if(!strcmp(paramblk.descr[i].name, "security.abortonidresolutionfail")) {
- loadConf->globals.abortOnIDResolutionFail = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "net.acladdhostnameonfail")) {
*(net.pACLAddHostnameOnFail) = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "net.aclresolvehostname")) {
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2021-08-04 07:19:13.103104854 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.c 2021-08-04 07:19:44.635357684 +0200
@@ -156,7 +156,6 @@ static void cnfSetDefaults(rsconf_t *pTh
pThis->globals.maxErrMsgToStderr = -1;
pThis->globals.umask = -1;
pThis->globals.gidDropPrivKeepSupplemental = 0;
- pThis->globals.abortOnIDResolutionFail = 1;
pThis->templates.root = NULL;
pThis->templates.last = NULL;
pThis->templates.lastStatic = NULL;
diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
--- rsyslog-8.2102.0/runtime/rsconf.h.orig 2021-08-04 07:20:15.848607958 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.h 2021-08-04 07:20:42.782823920 +0200
@@ -73,7 +73,6 @@ struct globals_s {
int uidDropPriv; /* user-id to which priveleges should be dropped to */
int gidDropPriv; /* group-id to which priveleges should be dropped to */
int gidDropPrivKeepSupplemental; /* keep supplemental groups when dropping? */
- int abortOnIDResolutionFail;
int umask; /* umask to use */
uchar *pszConfDAGFile; /* name of config DAG file, non-NULL means generate one */

26
SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
Unescape View File

@ -1,26 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/ratelimit.c.orig rsyslog-8.2102.0/runtime/ratelimit.c
--- rsyslog-8.2102.0/runtime/ratelimit.c.orig 2021-07-27 10:37:50.972903104 +0200
+++ rsyslog-8.2102.0/runtime/ratelimit.c 2021-07-27 10:38:26.141002988 +0200
@@ -235,7 +235,6 @@ ratelimitMsg(ratelimit_t *__restrict__ c
{
DEFiRet;
rsRetVal localRet;
- int severity = 0;
*ppRepMsg = NULL;
@@ -246,13 +245,12 @@ ratelimitMsg(ratelimit_t *__restrict__ c
DBGPRINTF("Message discarded, parsing error %d\n", localRet);
ABORT_FINALIZE(RS_RET_DISCARDMSG);
}
- severity = pMsg->iSeverity;
}
}
/* Only the messages having severity level at or below the
* treshold (the value is >=) are subject to ratelimiting. */
- if(ratelimit->interval && (severity >= ratelimit->severity)) {
+ if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) {
char namebuf[512]; /* 256 for FGDN adn 256 for APPNAME should be enough */
snprintf(namebuf, sizeof namebuf, "%s:%s", getHOSTNAME(pMsg),
getAPPNAME(pMsg, 0));

11
SOURCES/rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
Unescape View File

@ -1,11 +0,0 @@
diff -up ./rsyslog-8.2102.0/runtime/nsd_gtls.c.ori ./rsyslog-8.2102.0/runtime/nsd_gtls.c
--- rsyslog-8.2102.0/runtime/nsd_gtls.c.ori 2022-01-17 15:50:08.285827256 +0100
+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2022-01-17 15:52:33.282594512 +0100
@@ -1791,6 +1791,7 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew
pNew->gnutlsPriorityString = pThis->gnutlsPriorityString;
pNew->DrvrVerifyDepth = pThis->DrvrVerifyDepth;
pNew->dataTypeCheck = pThis->dataTypeCheck;
+ pNew->bSANpriority = pThis->bSANpriority;
/* if we reach this point, we are in TLS mode */
iRet = gtlsInitSession(pNew);

215
SOURCES/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
Unescape View File

@ -1,215 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.orig rsyslog-8.2102.0/runtime/nsd_gtls.c
--- rsyslog-8.2102.0/runtime/nsd_gtls.c.orig 2022-04-11 09:26:17.826271989 +0200
+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2022-04-11 09:33:28.702012052 +0200
@@ -556,7 +556,9 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
DEFiRet;
ISOBJ_TYPE_assert(pThis, nsd_gtls);
- DBGPRINTF("gtlsRecordRecv: start\n");
+ DBGPRINTF("gtlsRecordRecv: start (Pending Data: %zd | Wanted Direction: %s)\n",
+ gnutls_record_check_pending(pThis->sess),
+ (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ ? "READ" : "WRITE") );
lenRcvd = gnutls_record_recv(pThis->sess, pThis->pszRcvBuf, NSD_GTLS_MAX_RCVBUF);
if(lenRcvd >= 0) {
@@ -581,14 +583,30 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
(NSD_GTLS_MAX_RCVBUF+lenRcvd));
pThis->lenRcvBuf = NSD_GTLS_MAX_RCVBUF+lenRcvd;
} else {
- goto sslerr;
+ if (lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
+ goto sslerragain; /* Go to ERR AGAIN handling */
+ } else {
+ /* Do all other error handling */
+ int gnuRet = lenRcvd;
+ ABORTgnutls;
+ }
}
}
} else if(lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
-sslerr:
- pThis->rtryCall = gtlsRtry_recv;
- dbgprintf("GnuTLS receive requires a retry (this most probably is OK and no error condition)\n");
- ABORT_FINALIZE(RS_RET_RETRY);
+sslerragain:
+ /* Check if the underlaying file descriptor needs to read or write data!*/
+ if (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ) {
+ pThis->rtryCall = gtlsRtry_recv;
+ dbgprintf("GnuTLS receive requires a retry, this most probably is OK and no error condition\n");
+ ABORT_FINALIZE(RS_RET_RETRY);
+ } else {
+ uchar *pErr = gtlsStrerror(lenRcvd);
+ LogError(0, RS_RET_GNUTLS_ERR, "GnuTLS receive error %zd has wrong read direction(wants write) "
+ "- this could be caused by a broken connection. GnuTLS reports: %s\n",
+ lenRcvd, pErr);
+ free(pErr);
+ ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
+ }
} else {
int gnuRet = lenRcvd;
ABORTgnutls;
@@ -1978,6 +1996,7 @@ static rsRetVal
Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
{
int iSent;
+ int wantsWriteData = 0;
nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
DEFiRet;
ISOBJ_TYPE_assert(pThis, nsd_gtls);
@@ -1998,10 +2017,12 @@ Send(nsd_t *pNsd, uchar *pBuf, ssize_t *
break;
}
if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN) {
+ /* Check if the underlaying file descriptor needs to read or write data!*/
+ wantsWriteData = gnutls_record_get_direction(pThis->sess);
uchar *pErr = gtlsStrerror(iSent);
- LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d - this "
- "could be caused by a broken connection. GnuTLS reports: %s \n",
- iSent, pErr);
+ LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d, wantsWriteData=%d - this "
+ "could be caused by a broken connection. GnuTLS reports: %s\n",
+ iSent, wantsWriteData, pErr);
free(pErr);
gnutls_perror(iSent);
ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.h.orig rsyslog-8.2102.0/runtime/nsd_gtls.h
--- rsyslog-8.2102.0/runtime/nsd_gtls.h.orig 2022-04-11 09:26:32.744262781 +0200
+++ rsyslog-8.2102.0/runtime/nsd_gtls.h 2022-04-11 09:34:29.909982895 +0200
@@ -33,6 +33,11 @@ typedef enum {
gtlsRtry_recv = 2
} gtlsRtryCall_t; /**< IDs of calls that needs to be retried */
+typedef enum {
+ gtlsDir_READ = 0, /**< GNUTLS wants READ */
+ gtlsDir_WRITE = 1 /**< GNUTLS wants WRITE */
+} gtlsDirection_t;
+
typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */
/* the nsd_gtls object */
diff -up rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig rsyslog-8.2102.0/runtime/nsdsel_gtls.c
--- rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig 2022-04-11 09:26:42.529256742 +0200
+++ rsyslog-8.2102.0/runtime/nsdsel_gtls.c 2022-04-11 09:38:27.425869737 +0200
@@ -81,6 +81,7 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls);
+ DBGPRINTF("Add on nsd %p:\n", pNsdGTLS);
if(pNsdGTLS->iMode == 1) {
if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
++pThis->iBufferRcvReady;
@@ -99,6 +100,8 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
}
}
+ dbgprintf("nsdsel_gtls: reached end on nsd %p, calling nsdsel_ptcp.Add with waitOp %d... \n", pNsdGTLS, waitOp);
+
/* if we reach this point, we need no special handling */
CHKiRet(nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp));
@@ -120,7 +123,8 @@ Select(nsdsel_t *pNsdsel, int *piNumRead
if(pThis->iBufferRcvReady > 0) {
/* we still have data ready! */
*piNumReady = pThis->iBufferRcvReady;
- dbgprintf("nsdsel_gtls: doing dummy select, data present\n");
+ dbgprintf("nsdsel_gtls: doing dummy select for %p->iBufferRcvReady=%d, data present\n",
+ pThis, pThis->iBufferRcvReady);
} else {
iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
}
@@ -138,7 +142,7 @@ doRetry(nsd_gtls_t *pNsd)
DEFiRet;
int gnuRet;
- dbgprintf("GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
+ dbgprintf("doRetry: GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
/* We follow a common scheme here: first, we do the systen call and
* then we check the result. So far, the result is checked after the
@@ -151,7 +155,7 @@ doRetry(nsd_gtls_t *pNsd)
case gtlsRtry_handshake:
gnuRet = gnutls_handshake(pNsd->sess);
if(gnuRet == GNUTLS_E_AGAIN || gnuRet == GNUTLS_E_INTERRUPTED) {
- dbgprintf("GnuTLS handshake retry did not finish - "
+ dbgprintf("doRetry: GnuTLS handshake retry did not finish - "
"setting to retry (this is OK and can happen)\n");
FINALIZE;
} else if(gnuRet == 0) {
@@ -167,9 +171,20 @@ doRetry(nsd_gtls_t *pNsd)
}
break;
case gtlsRtry_recv:
- dbgprintf("retrying gtls recv, nsd: %p\n", pNsd);
- CHKiRet(gtlsRecordRecv(pNsd));
- pNsd->rtryCall = gtlsRtry_None; /* we are done */
+ dbgprintf("doRetry: retrying gtls recv, nsd: %p\n", pNsd);
+ iRet = gtlsRecordRecv(pNsd);
+ if (iRet == RS_RET_RETRY) {
+ // Check if there is pending data
+ size_t stBytesLeft = gnutls_record_check_pending(pNsd->sess);
+ if (stBytesLeft > 0) {
+ // We are in retry and more data waiting, finalize it
+ goto finalize_it;
+ } else {
+ dbgprintf("doRetry: gtlsRecordRecv returned RETRY, but there is no pending"
+ "data on nsd: %p\n", pNsd);
+ }
+ }
+ pNsd->rtryCall = gtlsRtry_None; /* no more data, we are done */
gnuRet = 0;
break;
case gtlsRtry_None:
@@ -241,7 +256,7 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd,
* socket. -- rgerhards, 2010-11-20
*/
if(pThis->iBufferRcvReady) {
- dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n");
+ dbgprintf("nsd_gtls: dummy read, %p->buffer not available for this FD\n", pThis);
*pbIsReady = 0;
FINALIZE;
}
diff -up rsyslog-8.2102.0/runtime/tcpsrv.c.orig rsyslog-8.2102.0/runtime/tcpsrv.c
--- rsyslog-8.2102.0/runtime/tcpsrv.c.orig 2022-04-11 09:27:00.376245726 +0200
+++ rsyslog-8.2102.0/runtime/tcpsrv.c 2022-04-11 09:41:57.885777708 +0200
@@ -609,14 +609,15 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
int oserr = 0;
ISOBJ_TYPE_assert(pThis, tcpsrv);
- DBGPRINTF("netstream %p with new data\n", (*ppSess)->pStrm);
+ prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ DBGPRINTF("netstream %p with new data from remote peer %s\n", (*ppSess)->pStrm, pszPeer);
/* Receive message */
iRet = pThis->pRcvData(*ppSess, buf, sizeof(buf), &iRcvd, &oserr);
switch(iRet) {
case RS_RET_CLOSED:
if(pThis->bEmitMsgOnClose) {
errno = 0;
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(0, RS_RET_PEER_CLOSED_CONN, "Netstream session %p closed by remote "
"peer %s.\n", (*ppSess)->pStrm, pszPeer);
}
@@ -632,13 +633,13 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
/* in this case, something went awfully wrong.
* We are instructed to terminate the session.
*/
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(oserr, localRet, "Tearing down TCP Session from %s", pszPeer);
CHKiRet(closeSess(pThis, ppSess, pPoll));
}
break;
default:
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(oserr, iRet, "netstream session %p from %s will be closed due to error",
(*ppSess)->pStrm, pszPeer);
CHKiRet(closeSess(pThis, ppSess, pPoll));
@@ -838,6 +839,7 @@ RunSelect(tcpsrv_t *pThis, nsd_epworkset
while(iTCPSess != -1) {
/* TODO: access to pNsd is NOT really CLEAN, use method... */
CHKiRet(nssel.Add(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD));
+ DBGPRINTF("tcpsrv process session %d:\n", iTCPSess);
/* now get next... */
iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess);
}

51
SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
Unescape View File

@ -1,51 +0,0 @@
--- a/source/configuration/actions.rst 2020-01-13 09:35:54.000000000 +0100
+++ b/source/configuration/actions.rst 2022-03-09 10:46:23.945881936 +0100
@@ -90,6 +90,12 @@
provided to the action in question, the action name as well as
the rsyslog status code roughly explaining why it failed.
+- **action.errorfile.maxsize** integer
+
+ In some cases, error file needs to be limited in size.
+ This option allows specifying a maximum size, in bytes, for the error file.
+ When error file reaches that size, no more errors are written to it.
+
- **action.execOnlyOnceEveryInterval** integer
Execute action only if the last execute is at last seconds in the
--- a/build/_sources/configuration/actions.rst.txt 2020-01-13 09:35:54.000000000 +0100
+++ b/build/_sources/configuration/actions.rst.txt 2022-03-09 11:17:44.391213038 +0100
@@ -90,6 +90,12 @@
provided to the action in question, the action name as well as
the rsyslog status code roughly explaining why it failed.
+- **action.errorfile.maxsize** integer
+
+ In some cases, error file needs to be limited in size.
+ This option allows specifying a maximum size, in bytes, for the error file.
+ When error file reaches that size, no more errors are written to it.
+
- **action.execOnlyOnceEveryInterval** integer
Execute action only if the last execute is at last seconds in the
--- a/build/configuration/actions.html 2021-02-15 12:53:30.000000000 +0100
+++ b/build/configuration/actions.html 2022-03-09 11:27:04.035799702 +0100
@@ -122,6 +122,11 @@
provided to the action in question, the action name as well as
the rsyslog status code roughly explaining why it failed.</p>
</li>
+<li><p class="first"><strong>action.errorfile.maxsize</strong> integer</p>
+<p>In some cases, error file needs to be limited in size.
+This option allows specifying a maximum size, in bytes, for the error file.
+When error file reaches that size, no more errors are written to it.</p>
+</li>
<li><p class="first"><strong>action.execOnlyOnceEveryInterval</strong> integer</p>
<p>Execute action only if the last execute is at last seconds in the
past (more info in ommail, but may be used with any action)</p>
@@ -672,4 +677,4 @@
<div class="footer" role="contentinfo">
</div>
</body>
-</html>
\ No newline at end of file
+</html>

192
SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch
Unescape View File

@ -1,192 +0,0 @@
--- rsyslog-8.2102.0-ori/action.c 2021-02-15 12:06:16.000000000 +0100
+++ rsyslog-8.2102.0-changes/action.c 2022-03-10 11:00:11.027242300 +0100
@@ -198,6 +198,7 @@
{ "name", eCmdHdlrGetWord, 0 }, /* legacy: actionname */
{ "type", eCmdHdlrString, CNFPARAM_REQUIRED }, /* legacy: actionname */
{ "action.errorfile", eCmdHdlrString, 0 },
+ { "action.errorfile.maxsize", eCmdHdlrInt, 0 },
{ "action.writeallmarkmessages", eCmdHdlrBinary, 0 }, /* legacy: actionwriteallmarkmessages */
{ "action.execonlyeverynthtime", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtime */
{ "action.execonlyeverynthtimetimeout", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtimetimeout */
@@ -400,6 +401,8 @@
pThis->iResumeRetryCount = 0;
pThis->pszName = NULL;
pThis->pszErrFile = NULL;
+ pThis->maxErrFileSize = 0;
+ pThis->errFileWritten = 0;
pThis->pszExternalStateFile = NULL;
pThis->fdErrFile = -1;
pThis->bWriteAllMarkMsgs = 1;
@@ -1436,6 +1439,14 @@
pThis->pszName, pThis->pszErrFile);
goto done;
}
+ if (pThis->maxErrFileSize > 0) {
+ struct stat statbuf;
+ if (fstat(pThis->fdErrFile, &statbuf) == -1) {
+ LogError(errno, RS_RET_ERR, "failed to fstat %s", pThis->pszErrFile);
+ goto done;
+ }
+ pThis->errFileWritten += statbuf.st_size;
+ }
}
for(int i = 0 ; i < nparams ; ++i) {
@@ -1454,16 +1465,26 @@
char *const rendered = strdup((char*)fjson_object_to_json_string(etry));
if(rendered == NULL)
goto done;
- const size_t toWrite = strlen(rendered) + 1;
- /* note: we use the '\0' inside the string to store a LF - we do not
- * otherwise need it and it safes us a copy/realloc.
- */
- rendered[toWrite-1] = '\n'; /* NO LONGER A STRING! */
- const ssize_t wrRet = write(pThis->fdErrFile, rendered, toWrite);
- if(wrRet != (ssize_t) toWrite) {
- LogError(errno, RS_RET_IO_ERROR,
- "action %s: error writing errorFile %s, write returned %lld",
- pThis->pszName, pThis->pszErrFile, (long long) wrRet);
+ size_t toWrite = strlen(rendered) + 1;
+ // Check if need to truncate the amount of bytes to write
+ if (pThis->maxErrFileSize > 0) {
+ if (pThis->errFileWritten + toWrite > pThis->maxErrFileSize) {
+ // Truncate to the pending available
+ toWrite = pThis->maxErrFileSize - pThis->errFileWritten;
+ }
+ pThis->errFileWritten += toWrite;
+ }
+ if(toWrite > 0) {
+ /* note: we use the '\0' inside the string to store a LF - we do not
+ * otherwise need it and it safes us a copy/realloc.
+ */
+ rendered[toWrite-1] = '\n'; /* NO LONGER A STRING! */
+ const ssize_t wrRet = write(pThis->fdErrFile, rendered, toWrite);
+ if(wrRet != (ssize_t) toWrite) {
+ LogError(errno, RS_RET_IO_ERROR,
+ "action %s: error writing errorFile %s, write returned %lld",
+ pThis->pszName, pThis->pszErrFile, (long long) wrRet);
+ }
}
free(rendered);
@@ -2048,6 +2069,8 @@
continue; /* this is handled seperately during module select! */
} else if(!strcmp(pblk.descr[i].name, "action.errorfile")) {
pAction->pszErrFile = es_str2cstr(pvals[i].val.d.estr, NULL);
+ } else if(!strcmp(pblk.descr[i].name, "action.errorfile.maxsize")) {
+ pAction->maxErrFileSize = pvals[i].val.d.n;
} else if(!strcmp(pblk.descr[i].name, "action.externalstate.file")) {
pAction->pszExternalStateFile = es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(pblk.descr[i].name, "action.writeallmarkmessages")) {
--- rsyslog-8.2102.0-ori/action.h 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0-changes/action.h 2022-03-04 11:36:47.024588972 +0100
@@ -77,6 +77,8 @@
/* error file */
const char *pszErrFile;
int fdErrFile;
+ size_t maxErrFileSize;
+ size_t errFileWritten;
pthread_mutex_t mutErrFile;
/* external stat file system */
const char *pszExternalStateFile;
--- rsyslog-8.2102.0-ori/tests/Makefile.am 2021-02-15 12:06:16.000000000 +0100
+++ rsyslog-8.2102.0-changes/tests/Makefile.am 2022-03-04 11:38:01.625095709 +0100
@@ -695,7 +695,8 @@
mysql-actq-mt.sh \
mysql-actq-mt-withpause.sh \
action-tx-single-processing.sh \
- action-tx-errfile.sh
+ action-tx-errfile.sh \
+ action-tx-errfile-maxsize.sh
mysql-basic.log: mysqld-start.log
mysql-basic-cnf6.log: mysqld-start.log
@@ -2156,6 +2157,8 @@
sndrcv_omudpspoof_nonstdpt.sh \
sndrcv_gzip.sh \
action-tx-single-processing.sh \
+ omfwd-errfile-maxsize.sh \
+ action-tx-errfile-maxsize.sh \
action-tx-errfile.sh \
testsuites/action-tx-errfile.result \
pipeaction.sh \
--- rsyslog-8.2102.0-ori/tests/omfwd-errfile-maxsize.sh 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0-changes/tests/omfwd-errfile-maxsize.sh 2022-03-04 11:39:02.060506234 +0100
@@ -0,0 +1,17 @@
+#!/bin/bash
+# part of the rsyslog project, released under ASL 2.0
+. ${srcdir:=.}/diag.sh init
+
+export MAX_ERROR_SIZE=1999
+
+generate_conf
+add_conf '
+action(type="omfwd" target="1.2.3.4" port="1234" Protocol="tcp" NetworkNamespace="doesNotExist"
+ action.errorfile="'$RSYSLOG2_OUT_LOG'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'")
+'
+startup
+shutdown_when_empty
+wait_shutdown
+check_file_exists ${RSYSLOG2_OUT_LOG}
+file_size_check ${RSYSLOG2_OUT_LOG} ${MAX_ERROR_SIZE}
+exit_test
--- rsyslog-8.2102.0-ori/tests/action-tx-errfile-maxsize.sh 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0-changes/tests/action-tx-errfile-maxsize.sh 2022-03-04 11:59:22.592796989 +0100
@@ -0,0 +1,35 @@
+#!/bin/bash
+# part of the rsyslog project, released under ASL 2.0
+
+. ${srcdir:=.}/diag.sh init
+
+export NUMMESSAGES=50 # enough to generate big file
+export MAX_ERROR_SIZE=100
+
+generate_conf
+add_conf '
+$ModLoad ../plugins/ommysql/.libs/ommysql
+global(errormessagestostderr.maxnumber="5")
+
+template(type="string" name="tpl" string="insert into SystemEvents (Message, Facility) values (\"%msg%\", %$!facility%)" option.sql="on")
+
+if((not($msg contains "error")) and ($msg contains "msgnum:")) then {
+ set $.num = field($msg, 58, 2);
+ if $.num % 2 == 0 then {
+ set $!facility = $syslogfacility;
+ } else {
+ set $/cntr = 0;
+ }
+ action(type="ommysql" name="mysql_action_errfile_maxsize" server="127.0.0.1" template="tpl"
+ db="'$RSYSLOG_DYNNAME'" uid="rsyslog" pwd="testbench" action.errorfile="'$RSYSLOG2_OUT_LOG'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'")
+}
+'
+mysql_prep_for_test
+startup
+injectmsg
+shutdown_when_empty
+wait_shutdown
+mysql_get_data
+check_file_exists ${RSYSLOG2_OUT_LOG}
+file_size_check ${RSYSLOG2_OUT_LOG} ${MAX_ERROR_SIZE}
+exit_test
--- rsyslog-8.2102.0/tests/omfwd-errfile-maxsize-filled.sh 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0-changes/tests/omfwd-errfile-maxsize-filled.sh 2022-03-08 16:24:01.174365289 +0100
@@ -0,0 +1,19 @@
+#!/bin/bash
+# part of the rsyslog project, released under ASL 2.0
+. ${srcdir:=.}/diag.sh init
+ERRFILE=$(mktemp)
+export MAX_ERROR_SIZE=1999
+export INITIAL_FILE_SIZE=$((MAX_ERROR_SIZE - 100))
+dd if=/dev/urandom of=${ERRFILE} bs=1 count=${INITIAL_FILE_SIZE}
+generate_conf
+add_conf '
+action(type="omfwd" target="1.2.3.4" port="1234" Protocol="tcp" NetworkNamespace="doesNotExist"
+ action.errorfile="'$ERRFILE'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'")
+'
+startup
+shutdown_when_empty
+wait_shutdown
+check_file_exists ${ERRFILE}
+file_size_check ${ERRFILE} ${MAX_ERROR_SIZE}
+exit_test
+rm ${ERRFILE}

25
SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch
Unescape View File

@ -1,25 +0,0 @@
--- rsyslog-8.2102.0/doc/configuration/global/index.html 2021-02-15 12:53:30.000000000 +0100
+++ rsyslog-8.2102.0.backup.doc.202209071236/doc/configuration/global/index.html 2022-09-07 12:33:21.318360707 +0200
@@ -119,7 +119,14 @@
<a class="reference internal" href="../../concepts/netstrm_drvr.html"><span class="doc">network stream driver</span></a> to use.
Defaults to ptcp.</p>
</li>
-<li><p class="first"><strong>$DefaultNetstreamDriverCAFile</strong> &lt;/path/to/cafile.pem&gt;</p>
+<li><p class="first"><strong>$DefaultNetstreamDriverCAFile</strong> &lt;/path/to/cafile.pem&gt;</p>
+</li>
+<li><p class="first"><strong>$NetstreamDriverCAExtraFiles</strong> &lt;/path/to/extracafile.pem&gt; -
+This directive allows to configure multiple additional extra CA files.
+This is intended for SSL certificate chains to work appropriately,
+as the different CA files in the chain need to be specified.
+It must be remarked that this directive only works with the OpenSSL driver.
+</p>
</li>
<li><p class="first"><strong>$DefaultNetstreamDriverCertFile</strong> &lt;/path/to/certfile.pem&gt;</p>
</li>
@@ -311,4 +318,4 @@
<div class="footer" role="contentinfo">
</div>
</body>
-</html>
\ No newline at end of file
+</html>

682
SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch
Unescape View File

@ -1,682 +0,0 @@
--- rsyslog-8.2102.0.ori/runtime/glbl.h 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0/runtime/glbl.h 2022-09-06 11:13:31.538674778 +0200
@@ -72,6 +72,7 @@
SIMP_PROP(DfltNetstrmDrvrCAF, uchar*)
SIMP_PROP(DfltNetstrmDrvrKeyFile, uchar*)
SIMP_PROP(DfltNetstrmDrvrCertFile, uchar*)
+ SIMP_PROP(NetstrmDrvrCAExtraFiles, uchar*)
SIMP_PROP(ParserControlCharacterEscapePrefix, uchar)
SIMP_PROP(ParserDropTrailingLFOnReception, int)
SIMP_PROP(ParserEscapeControlCharactersOnReceive, int)
--- rsyslog-8.2102.0.ori/runtime/glbl.c 2022-09-06 10:37:26.440149338 +0200
+++ rsyslog-8.2102.0/runtime/glbl.c 2022-09-06 11:12:06.198378210 +0200
@@ -122,6 +122,7 @@
static uchar *pszDfltNetstrmDrvrCAF = NULL; /* default CA file for the netstrm driver */
static uchar *pszDfltNetstrmDrvrKeyFile = NULL; /* default key file for the netstrm driver (server) */
static uchar *pszDfltNetstrmDrvrCertFile = NULL; /* default cert file for the netstrm driver (server) */
+static uchar *pszNetstrmDrvrCAExtraFiles = NULL; /* list of additional CAExtraFiles */
int bTerminateInputs = 0; /* global switch that inputs shall terminate ASAP (1=> terminate) */
static uchar cCCEscapeChar = '#'; /* character to be used to start an escape sequence for control chars */
static int bDropTrailingLF = 1; /* drop trailing LF's on reception? */
@@ -176,6 +177,7 @@
{ "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 },
{ "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 },
{ "defaultnetstreamdriver", eCmdHdlrString, 0 },
+ { "netstreamdrivercaextrafiles", eCmdHdlrString, 0 },
{ "maxmessagesize", eCmdHdlrSize, 0 },
{ "oversizemsg.errorfile", eCmdHdlrGetWord, 0 },
{ "oversizemsg.report", eCmdHdlrBinary, 0 },
@@ -307,6 +309,8 @@
/* TODO: use custom function which frees existing value */
SIMP_PROP_SET(DfltNetstrmDrvrCertFile, pszDfltNetstrmDrvrCertFile, uchar*)
/* TODO: use custom function which frees existing value */
+SIMP_PROP_SET(NetstrmDrvrCAExtraFiles, pszNetstrmDrvrCAExtraFiles, uchar*)
+/* TODO: use custom function which frees existing value */
#undef SIMP_PROP
#undef SIMP_PROP_SET
@@ -830,6 +834,13 @@
return(pszDfltNetstrmDrvr == NULL ? DFLT_NETSTRM_DRVR : pszDfltNetstrmDrvr);
}
+/* return the additional ca extra files */
+static uchar*
+GetNetstrmDrvrCAExtraFiles(void)
+{
+ return(pszNetstrmDrvrCAExtraFiles);
+}
+
/* return the current default netstream driver CA File */
static uchar*
@@ -925,6 +936,7 @@
SIMP_PROP(DfltNetstrmDrvrCAF)
SIMP_PROP(DfltNetstrmDrvrKeyFile)
SIMP_PROP(DfltNetstrmDrvrCertFile)
+ SIMP_PROP(NetstrmDrvrCAExtraFiles)
#ifdef USE_UNLIMITED_SELECT
SIMP_PROP(FdSetSize)
#endif
@@ -945,6 +957,8 @@
pszDfltNetstrmDrvrKeyFile = NULL;
free(pszDfltNetstrmDrvrCertFile);
pszDfltNetstrmDrvrCertFile = NULL;
+ free(pszNetstrmDrvrCAExtraFiles);
+ pszNetstrmDrvrCAExtraFiles = NULL;
free(LocalHostNameOverride);
LocalHostNameOverride = NULL;
free(oversizeMsgErrorFile);
@@ -1350,6 +1364,9 @@
free(pszDfltNetstrmDrvr);
pszDfltNetstrmDrvr = (uchar*)
es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
+ } else if(!strcmp(paramblk.descr[i].name, "netstreamdrivercaextrafiles")) {
+ free(pszNetstrmDrvrCAExtraFiles);
+ pszNetstrmDrvrCAExtraFiles = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
} else if(!strcmp(paramblk.descr[i].name, "preservefqdn")) {
bPreserveFQDN = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name,
@@ -1546,6 +1563,8 @@
&pszDfltNetstrmDrvrKeyFile, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdrivercertfile", 0, eCmdHdlrGetWord, NULL,
&pszDfltNetstrmDrvrCertFile, NULL));
+ CHKiRet(regCfSysLineHdlr((uchar *)"netstreamdrivercaextrafiles", 0, eCmdHdlrGetWord, NULL,
+ &pszNetstrmDrvrCAExtraFiles, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"localhostname", 0, eCmdHdlrGetWord, NULL, &LocalHostNameOverride, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"localhostipif", 0, eCmdHdlrGetWord, setLocalHostIPIF, NULL, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"optimizeforuniprocessor", 0, eCmdHdlrGoneAway, NULL, NULL, NULL));
@@ -1579,6 +1598,7 @@
free(pszDfltNetstrmDrvrCAF);
free(pszDfltNetstrmDrvrKeyFile);
free(pszDfltNetstrmDrvrCertFile);
+ free(pszNetstrmDrvrCAExtraFiles);
free(pszWorkDir);
free(LocalDomain);
free(LocalHostName);
--- rsyslog-8.2102.0.ori/runtime/nsd_ossl.c 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/runtime/nsd_ossl.c 2022-09-06 11:25:18.144130340 +0200
@@ -88,6 +88,7 @@
static short bHaveCA;
static short bHaveCert;
static short bHaveKey;
+static short bHaveExtraCAFiles;
static int bAnonInit;
static MUTEX_TYPE anonInit_mut = PTHREAD_MUTEX_INITIALIZER;
@@ -413,7 +414,8 @@
{
DEFiRet;
DBGPRINTF("openssl: entering osslGlblInit\n");
- const char *caFile, *certFile, *keyFile;
+ const char *caFile, *certFile, *keyFile, *extraCaFile;
+ char *extraCaFiles;
/* Setup OpenSSL library */
if((opensslh_THREAD_setup() == 0) || !SSL_library_init()) {
@@ -450,9 +452,27 @@
} else {
bHaveKey = 1;
}
+ extraCaFiles = (char*) glbl.GetNetstrmDrvrCAExtraFiles();
+ if(extraCaFiles == NULL) {
+ bHaveExtraCAFiles = 0;
+ } else {
+ bHaveExtraCAFiles = 1;
+ }
/* Create main CTX Object */
ctx = SSL_CTX_new(SSLv23_method());
+ if(bHaveExtraCAFiles == 1) {
+ while((extraCaFile = strsep(&extraCaFiles, ","))) {
+ if(SSL_CTX_load_verify_locations(ctx, extraCaFile, NULL) != 1) {
+ LogError(0, RS_RET_TLS_CERT_ERR, "Error: Extra Certificate file could not be accessed. "
+ "Check at least: 1) file path is correct, 2) file exist, "
+ "3) permissions are correct, 4) file content is correct. "
+ "Open ssl error info may follow in next messages");
+ osslLastSSLErrorMsg(0, NULL, LOG_ERR, "osslGlblInit");
+ ABORT_FINALIZE(RS_RET_TLS_CERT_ERR);
+ }
+ }
+ }
if(bHaveCA == 1 && SSL_CTX_load_verify_locations(ctx, caFile, NULL) != 1) {
LogError(0, RS_RET_TLS_CERT_ERR, "Error: CA certificate could not be accessed. "
"Check at least: 1) file path is correct, 2) file exist, "
@@ -476,7 +496,7 @@
"Open ssl error info may follow in next messages");
osslLastSSLErrorMsg(0, NULL, LOG_ERR, "osslGlblInit");
ABORT_FINALIZE(RS_RET_TLS_KEY_ERR);
- }
+ }
/* Set CTX Options */
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); /* Disable insecure SSLv2 Protocol */
--- rsyslog-8.2102.0.ori/tests/Makefile.am 2022-09-06 10:37:26.447149363 +0200
+++ rsyslog-8.2102.0/tests/Makefile.am 2022-09-06 12:05:55.443600359 +0200
@@ -1247,7 +1247,8 @@
sndrcv_tls_ossl_servercert_gtls_clientanon.sh \
sndrcv_tls_ossl_serveranon_gtls_clientanon.sh \
sndrcv_tls_gtls_servercert_ossl_clientanon.sh \
- sndrcv_tls_gtls_serveranon_ossl_clientanon.sh
+ sndrcv_tls_gtls_serveranon_ossl_clientanon.sh \
+ sndrcv_ossl_cert_chain.sh
endif
endif
@@ -2575,6 +2576,7 @@
sndrcv_tls_ossl_serveranon_gtls_clientanon.sh \
sndrcv_tls_gtls_servercert_ossl_clientanon.sh \
sndrcv_tls_gtls_serveranon_ossl_clientanon.sh \
+ sndrcv_ossl_cert_chain.sh \
omtcl.sh \
omtcl.tcl \
pmsnare-default.sh \
--- rsyslog-8.2102.0.ori/tests/sndrcv_ossl_cert_chain.sh 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/sndrcv_ossl_cert_chain.sh 2022-09-06 10:48:41.512496691 +0200
@@ -0,0 +1,76 @@
+#!/bin/bash
+# alorbach, 2019-01-16
+# This file is part of the rsyslog project, released under ASL 2.0
+. ${srcdir:=.}/diag.sh init
+export NUMMESSAGES=1000
+# uncomment for debugging support:
+#export RSYSLOG_DEBUG="debug nostdout noprintmutexaction"
+export RSYSLOG_DEBUGLOG="log"
+generate_conf
+export PORT_RCVR="$(get_free_port)"
+### This is important, as it must be exactly the same
+### as the ones configured in used certificates
+export HOSTNAME="fedora"
+add_conf '
+global(
+ DefaultNetstreamDriver="ossl"
+ DefaultNetstreamDriverCAFile="'$srcdir/testsuites/certchain/ca-cert.pem'"
+ DefaultNetstreamDriverCertFile="'$srcdir/testsuites/certchain/server-cert.pem'"
+ DefaultNetstreamDriverKeyFile="'$srcdir/testsuites/certchain/server-key.pem'"
+ NetstreamDriverCAExtraFiles="'$srcdir/testsuites/certchain/ca-root-cert.pem'"
+)
+
+module( load="../plugins/imtcp/.libs/imtcp"
+ StreamDriver.Name="ossl"
+ StreamDriver.Mode="1"
+ PermittedPeer="'$HOSTNAME'"
+ StreamDriver.AuthMode="x509/name" )
+# then SENDER sends to this port (not tcpflood!)
+input( type="imtcp" port="'$PORT_RCVR'" )
+
+$template outfmt,"%msg:F,58:2%\n"
+$template dynfile,"'$RSYSLOG_OUT_LOG'" # trick to use relative path names!
+:msg, contains, "msgnum:" ?dynfile;outfmt
+'
+startup
+export RSYSLOG_DEBUGLOG="log2"
+#valgrind="valgrind"
+generate_conf 2
+export TCPFLOOD_PORT="$(get_free_port)"
+add_conf '
+global(
+ defaultNetstreamDriverCAFile="'$srcdir/testsuites/certchain/ca-root-cert.pem'"
+ defaultNetstreamDriverCertFile="'$srcdir/testsuites/certchain/client-cert.pem'"
+ defaultNetstreamDriverKeyFile="'$srcdir/testsuites/certchain/client-key.pem'"
+)
+
+# Note: no TLS for the listener, this is for tcpflood!
+$ModLoad ../plugins/imtcp/.libs/imtcp
+input( type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port" )
+
+# set up the action
+action( type="omfwd"
+ protocol="tcp"
+ target="127.0.0.1"
+ port="'$PORT_RCVR'"
+ StreamDriver="ossl"
+ StreamDriverMode="1"
+ StreamDriverAuthMode="x509/name"
+ StreamDriverPermittedPeers="'$HOSTNAME'"
+ )
+' 2
+startup 2
+
+# now inject the messages into instance 2. It will connect to instance 1,
+# and that instance will record the data.
+tcpflood -m$NUMMESSAGES -i1
+wait_file_lines
+# shut down sender when everything is sent, receiver continues to run concurrently
+shutdown_when_empty 2
+wait_shutdown 2
+# now it is time to stop the receiver as well
+shutdown_when_empty
+wait_shutdown
+
+seq_check 1 $NUMMESSAGES
+exit_test
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/ca-cert.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/ca-cert.pem 2022-09-06 10:48:41.513496694 +0200
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBzCCA2+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMR0wGwYDVQQDExRyc3lzbG9nK2NoYWluK2Nhcm9vdDAe
+Fw0yMjA2MDYxMzQwNDlaFw0yMzA2MDYxMzQwNDlaMGkxCzAJBgNVBAYTAkNaMRAw
+DgYDVQQIEwdNb3JhdmlhMQ0wCwYDVQQHEwRCcm5vMRAwDgYDVQQKEwdSZWQgSGF0
+MQwwCgYDVQQLEwNHU1MxGTAXBgNVBAMTEHJzeXNsb2crY2hhaW4rY2EwggGiMA0G
+CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQD6yDdc9T3oddk5smOhF8OkRXwb2nvC
+M4RPPiuiACvbVoc3UdW2e4NI77J75JzNQL3gQUpgxGcvWiQt3R67ecYgIWiq0zpi
+MrcU3S0dboK10A6NXtcVc4RgwUPf0c8toM975c/6q2XT9Q0SbcI7HKXdzTXQZJDz
+sqQ3UjJuoCLSl6Dd8M0HXJnd2HlF1h5JeIp5vGrCJzQ5SyO6b4jVODtx/uXBohGn
+2x8NdB7wO5NecDyryrwv+FsUXWS4NNmj917bBuXSx3SmW/G7e8AFvcHN8VG6AxH7
+nap+EWGQia+LNG489flgU3U7Ec8zpTrI1wU6bUi6lK/RPxU0ViCaceGjXfoNofIc
+gGJOSS0LaHjM+c4OhmKWrIJ59j2L/rlIvmfqRO3qgThF4eaOfQTbixe/oiy3gR85
++X6YDXvBwTGZDD6OeG1fCzx/snQLiP3/dRv6LJFE8Krawc9OCOWRDRlIxubrkmYz
+LVBxcFgI4BBGNYVsaMSYrkCVaS2Rv1sNAi0CAwEAAaOBtTCBsjAPBgNVHRMBAf8E
+BTADAQH/MCQGA1UdEQQdMBuCBmZlZG9yYYcEfwAAAYELcm9vdEBmZWRvcmEwDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ7t+ub2L0VzaTLfpubh4rnDk2RmjAfBgNV
+HSMEGDAWgBSv9FgWjwDV6oGLewYzCo2/AdWTmzApBgNVHR8EIjAgMB6gHKAahhho
+dHRwOi8vMTI3LjAuMC4xL2dldGNybC8wDQYJKoZIhvcNAQELBQADggGBADrv9nld
+FjKZCIVQCVxYc1/KFFnKo2KRCqvSdfb235Kx+5tSFWUsOfkSGjfLrv2+IFKSirFQ
+uFSac/qOrMo/W/4A+ypahG9Sx9PRD626/myr8exee2ygkcuGOuXvX3HkcpzNCmId
+ZS5ygtscFq3NdntwBJHe2ANOSJKIIBzC+gzn4r/V6PdxPEjiUrFs515/RBByi63r
+wWPeqvbaectyZyFIS0XN3LAjVb+zu0NQJqBpUGJlRBI1bRbPECu94LB8Huk/jgSJ
+OyFUKrnNeqaGqKnRfHxJxT/LjeTkQ/5cCOQTuE9IPbRvTykUzUQ3PrltwNqzAb44
+9Trqvqg+qGTfNuI7EZAO26zXbltYVZ+BmlULjKors49Ozq5l1JIevvq66etrE9oT
+DsII88MSIWn8bqaXETfKdIWtWu7Os7tmBTnfDQWGpNDJ3UwDpkyQPYJZJuSfELX0
+jpuWuE/1SbLxTx8eAe83z4yM3C21Kg5K2eJ0udagjM8xPdqYI8tF/4bNbA==
+-----END CERTIFICATE-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-root-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/ca-root-cert.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-root-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/ca-root-cert.pem 2022-09-06 10:48:41.513496694 +0200
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE6jCCA1KgAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMR0wGwYDVQQDExRyc3lzbG9nK2NoYWluK2Nhcm9vdDAe
+Fw0yMjA2MDYxMzQwNDlaFw0yMzA2MDYxMzQwNDlaMG0xCzAJBgNVBAYTAkNaMRAw
+DgYDVQQIEwdNb3JhdmlhMQ0wCwYDVQQHEwRCcm5vMRAwDgYDVQQKEwdSZWQgSGF0
+MQwwCgYDVQQLEwNHU1MxHTAbBgNVBAMTFHJzeXNsb2crY2hhaW4rY2Fyb290MIIB
+ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuqAAv1OIGwQqCi1Mflrq8Buo
+G3UtiD8cMEovjzndFV4Ww5fm+R2vCv+tHq6a85mLL0wdqXh+/bAyDzxaULheXZel
+rGPuUFEH2BpOwKXBd31Vx1x32aN9iaoaND/JVQSp+9PeP9zyKeZIN2vFSyNK7LCA
+hdDXVoYeTktXMbm0vB2vMKk+5Vzc7WfyMfrdDvciuULzLU1RzRS2/RkHNlve5iVQ
+XbNN6CpVtXb0K/kcp4SQIVbNTD/g6Z3JnewSWwqjM9/axTC17rpqhsxaWk712Zjo
+lYeuWKfaF9eRXU951u/vrXMMRkDZe0cq5OiTbc1uUQag7uXkbUtEk5HDSihUWwxz
+MegUdUBXFN6EJ7OauWFOeyVJbbvPRa3q9fdlLILvv5/9SiMim6avcj6DlyUz2RhC
+YPh/gJHItuIbZ6hEU+aKqiDYMTHyibRoqOMZgsc8Vo1JAHQTI6gA8JQtGtjEbzIR
+GFkQkj4tvAQQgl5fs9nuweH9GoIaBl1IoIVZyR9PAgMBAAGjgZQwgZEwDwYDVR0T
+AQH/BAUwAwEB/zAkBgNVHREEHTAbggZmZWRvcmGHBH8AAAGBC3Jvb3RAZmVkb3Jh
+MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUr/RYFo8A1eqBi3sGMwqNvwHVk5sw
+KQYDVR0fBCIwIDAeoBygGoYYaHR0cDovLzEyNy4wLjAuMS9nZXRjcmwvMA0GCSqG
+SIb3DQEBCwUAA4IBgQBn/NZeqYon25QY1RmjYkCQ0B+uXsquGURETP30hQ+ltbbG
+u4jP+ll+oYkGVt1+eBi8Qw+rf8Qk3Q/+jmCoGS9vVjQc97r3YJxnFb3zB4HDCWdZ
+qXK7GeBlFA4XAtJO0ya8HCx4znuXKiNwqrJJHyyW2gvkY9raRkKOzj3/9jQXgAw4
+1d8NR9SxjKA2PnCSWNdVQOAm4us2tJXJexvbRx+b9Yu8LgUX/AdT4zqkIV8n6oFV
+XNaGyOsDN/+4JEsKbBixL+g3Y6yQHrwKMYq/Gh1WF33u2yYCzMU4Lw9AoYRG0jHi
+iAFchiwneGdC7E+To+qNdH5QJY38ZI7kWg3ADcXzwhTmvVUz5DNub9raE6yZZ4uf
+CyTGAJjH9USuhwH3unmB0kDjEOExIJHm+9uNA8S/81cwoCl2pz/hzr2fQwR2YLSa
+ox9p6cnQmnkL2j2QXhTvjDIswJmxuR43yqDIZUlx6cq1pTSJeN+8WcB2iK61p4DH
+JhH8af3aLUI5FNNgjas=
+-----END CERTIFICATE-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/client-cert.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/client-cert.pem 2022-09-06 10:48:41.513496694 +0200
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXjCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMRkwFwYDVQQDExByc3lzbG9nK2NoYWluK2NhMB4XDTIy
+MDYwNjEzNDA0OVoXDTIzMDYwNjEzNDA0OVowbTELMAkGA1UEBhMCQ1oxEDAOBgNV
+BAgTB01vcmF2aWExDTALBgNVBAcTBEJybm8xEDAOBgNVBAoTB1JlZCBIYXQxDDAK
+BgNVBAsTA0dTUzEdMBsGA1UEAxMUcnN5c2xvZytjaGFpbitjbGllbnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSIbnL1ViRk9CAPerSirUpBtnR4qYD
+XzPSkVJzX5PKLJkeJ6z6oIPoioh59+70ipL5K4ETkmbUFaKP+Lrk7l53BvAnP8Ba
+1rWNV2gzgyiihGCs7N/iamh9Rzj5lQCvzUJhiTcphcptV+0IIf9rbEggEazbSg1A
+BHxS8EBUx+ddVJc6MAlEbA/sstkqfE14k8YZPZlU9ZmLjyHbsQbfXFegYee6WMP0
+M7CqrMZ0ZWvDRWgqWOE+b8agmIKPb2VxJXuR3iXBJk8ANcrRzn/tXShMuGK5KiWL
+a6mFrzR6w55DgjIAKkmPO43jMO/qbWB91RVys/ztK7qIoXm3yadOeIU1AgMBAAGj
+gYwwgYkwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAkBgNVHREE
+HTAbggZmZWRvcmGHBH8AAAGBC3Jvb3RAZmVkb3JhMB0GA1UdDgQWBBSoW3Alxk4+
+6Uwv80/UE5C5rT4e6TAfBgNVHSMEGDAWgBQ7t+ub2L0VzaTLfpubh4rnDk2RmjAN
+BgkqhkiG9w0BAQsFAAOCAYEA5Nbnwixitghw9Zg3DANXFXiOsQBx7KEup7+x7edw
+n9r2raqNJEjT2Fv+ClEA3CIdPF+4wjoolOPezrNJxKO3UpYCQeO4ZU/QVl8BX8NB
+4v1rUqXsvhE//4FcLvMM+6n8Nrtt1VRhks8N0b0p/md9dFKGucd4otPZm0sbOrsg
+nrhDYzZiFAzJg3zFwOOHzxP6iKj2mfq+2XRiKl7SlbnEj/8l21Ne1V+mDV5++AEZ
+N/quuf8zYHwwuc3Y8K84doow9yBpFqrpBbazb8586utrAbTbytCqskzImFIjo5Oa
+1ujWArMDsVGGr+NzFWwCTz8VTNNJ5H1cBin0gT41/OwUQv8DIJqzmSFTg9Uqmb2V
+ZwjIvMGE4Tz8phzD0IbSXYmQsSeku4olIDM1d+vLvBlipGAeInmA+nZmeZwdD04c
+poqUj+H3mj1r6WOlk2ivV0TUZKO/JHydkBVf2EQJlEmGuSq/7S889fx3GT7jGcOb
+gl5LlIaraMgA48dK8gJUWtJh
+-----END CERTIFICATE-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-key.pem rsyslog-8.2102.0/tests/testsuites/certchain/client-key.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-key.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/client-key.pem 2022-09-06 12:10:13.808498227 +0200
@@ -0,0 +1,134 @@
+Public Key Info:
+ Public Key Algorithm: RSA
+ Key Security Level: Medium (2048 bits)
+
+modulus:
+ 00:d2:21:b9:cb:d5:58:91:93:d0:80:3d:ea:d2:8a:b5
+ 29:06:d9:d1:e2:a6:03:5f:33:d2:91:52:73:5f:93:ca
+ 2c:99:1e:27:ac:fa:a0:83:e8:8a:88:79:f7:ee:f4:8a
+ 92:f9:2b:81:13:92:66:d4:15:a2:8f:f8:ba:e4:ee:5e
+ 77:06:f0:27:3f:c0:5a:d6:b5:8d:57:68:33:83:28:a2
+ 84:60:ac:ec:df:e2:6a:68:7d:47:38:f9:95:00:af:cd
+ 42:61:89:37:29:85:ca:6d:57:ed:08:21:ff:6b:6c:48
+ 20:11:ac:db:4a:0d:40:04:7c:52:f0:40:54:c7:e7:5d
+ 54:97:3a:30:09:44:6c:0f:ec:b2:d9:2a:7c:4d:78:93
+ c6:19:3d:99:54:f5:99:8b:8f:21:db:b1:06:df:5c:57
+ a0:61:e7:ba:58:c3:f4:33:b0:aa:ac:c6:74:65:6b:c3
+ 45:68:2a:58:e1:3e:6f:c6:a0:98:82:8f:6f:65:71:25
+ 7b:91:de:25:c1:26:4f:00:35:ca:d1:ce:7f:ed:5d:28
+ 4c:b8:62:b9:2a:25:8b:6b:a9:85:af:34:7a:c3:9e:43
+ 82:32:00:2a:49:8f:3b:8d:e3:30:ef:ea:6d:60:7d:d5
+ 15:72:b3:fc:ed:2b:ba:88:a1:79:b7:c9:a7:4e:78:85
+ 35:
+
+public exponent:
+ 01:00:01:
+
+private exponent:
+ 1f:0c:c4:bb:8d:e6:ec:7b:ff:0f:34:17:02:cd:64:3f
+ 8f:b7:97:ff:f9:af:fd:dd:56:7c:0a:c6:e9:94:99:07
+ 46:08:e2:ab:f8:cc:c7:31:11:67:61:3e:75:9c:c4:ed
+ 3a:cc:66:e2:51:7b:c8:52:fa:16:74:16:89:c5:7f:47
+ ef:4a:85:42:32:56:39:eb:d1:da:dc:96:e0:06:9d:1d
+ 1a:7b:f2:f4:92:2c:4f:0c:53:fd:e3:43:55:3a:a5:05
+ ee:0b:ac:8f:02:2a:0b:46:36:cc:40:d9:d1:31:ca:e6
+ 92:36:0c:a1:40:9b:f9:0d:b5:e3:b2:5d:d4:bc:27:5a
+ 17:fd:3f:bd:8e:44:55:f2:e3:96:ac:cc:11:be:65:01
+ 55:98:92:92:ac:59:46:fd:e2:11:80:eb:18:56:6a:82
+ 3c:79:ec:30:b7:06:9b:97:55:74:36:17:7e:d8:c6:95
+ 4e:a5:e1:55:5a:2a:d6:5d:cc:86:39:88:82:ba:31:19
+ 98:d7:26:28:09:fe:b4:38:fe:1b:43:19:19:4f:ae:f2
+ 27:18:d6:07:9a:c2:1c:66:2d:5a:e6:22:2e:ca:71:26
+ dc:76:8f:2e:f3:84:e3:61:5f:77:d3:63:8a:d0:6b:42
+ 2a:6f:1b:98:91:b9:82:8d:d4:c4:f3:92:98:b4:a4:f1
+
+
+prime1:
+ 00:e1:f4:19:35:e3:e2:e7:14:a6:56:8b:45:f9:2b:19
+ bb:13:b3:66:73:44:5d:ca:69:cb:73:d9:78:5a:0f:fd
+ de:ba:74:b3:53:70:a9:ab:52:22:34:78:a2:26:4a:aa
+ 8f:1b:65:c1:3e:df:65:8c:9b:9a:70:04:ae:70:f6:ea
+ c4:e5:20:fa:16:e0:4f:56:f4:7b:d1:14:cc:94:e1:3c
+ 58:02:82:98:20:cd:13:cf:a2:49:13:7a:88:c1:84:72
+ 97:4f:1b:e8:d5:cb:6d:43:dd:d2:b8:09:dd:4f:ee:ce
+ 03:0b:c4:c2:9b:cf:3d:a0:a3:57:fd:1c:c9:eb:af:ae
+ 67:
+
+prime2:
+ 00:ee:13:05:f0:4c:13:e2:f8:27:53:c4:ad:89:d9:31
+ b9:1b:e8:17:b9:db:36:cd:54:0c:15:eb:50:85:e4:8b
+ 03:c4:f2:6d:a0:41:dc:99:21:7e:1e:8a:a1:5e:86:fe
+ 53:d2:72:53:73:8a:7e:a2:43:83:d5:af:b0:e0:1a:89
+ b5:3f:b3:26:d2:8e:92:0d:ed:d1:29:ee:c5:f1:ff:fc
+ 67:2c:a6:5d:4c:27:40:8a:5c:a1:23:d4:3f:11:bb:eb
+ 51:84:be:83:ec:73:3c:2e:ff:43:f6:74:16:b8:95:36
+ 2a:0b:1e:04:81:04:08:7a:40:21:dd:fb:dd:97:0a:76
+ 03:
+
+coefficient:
+ 00:a0:4c:15:4b:85:2f:81:6b:2e:e7:68:31:84:84:09
+ c4:45:55:01:da:3d:25:9d:37:67:ab:19:0b:1f:d3:9f
+ fc:09:12:31:66:5a:93:d8:d9:f2:00:c7:f7:03:0d:2b
+ 9d:2d:b8:38:d0:82:de:03:e7:21:03:29:4f:2a:2b:b5
+ 70:a3:bc:5b:bd:0e:f1:8b:bc:22:58:4a:b4:8f:fd:f5
+ d4:f3:99:31:b1:db:f6:1d:d9:12:a2:48:0a:d0:05:1a
+ 72:dc:8e:30:67:3c:e0:6a:b5:dc:93:6f:e4:17:79:a1
+ 63:2e:25:78:ef:86:d7:9c:f3:dd:5b:d2:bd:62:4f:44
+ f9:
+
+exp1:
+ 60:a2:e2:49:5f:0e:83:20:1c:c7:f4:c6:d7:7b:2c:85
+ 0b:36:f6:01:24:63:2c:97:b4:b0:f6:78:77:a4:51:42
+ 79:e2:41:73:d5:42:6b:88:34:22:d6:d9:1a:a1:62:72
+ d4:17:df:df:40:f2:10:81:d8:3a:42:76:4c:cf:fd:b6
+ 79:fc:71:99:69:13:e5:af:a8:68:d2:89:70:bf:27:ec
+ c8:1e:0c:6c:32:e9:5f:2b:1c:2f:dd:7f:31:ac:b0:c9
+ af:c6:d2:fc:e5:04:f5:3a:a0:cd:9f:42:6c:d6:48:7b
+ 9b:03:ea:eb:72:65:fc:17:00:21:bb:b7:4c:3a:95:cf
+
+
+exp2:
+ 00:a1:a7:61:1c:ed:4b:83:8e:24:86:08:c2:1d:1b:d1
+ 5b:73:cb:80:70:be:9c:d3:87:02:3d:cf:ee:79:3b:d9
+ f8:d1:3e:1b:99:f9:9e:a4:8b:cd:6b:47:8e:92:f4:ee
+ b4:53:ed:35:24:fb:21:49:64:b6:9b:de:14:27:d7:5d
+ 32:28:f2:a8:a5:c8:10:fc:4c:42:fe:4a:17:36:5f:2f
+ 2f:8f:6d:d7:63:e2:33:3c:bf:f0:da:b7:3f:ab:f7:01
+ ad:f4:88:b8:63:51:4b:c8:4d:a4:04:30:87:4d:06:64
+ 24:e0:2f:9d:b7:4c:d9:c4:c8:cf:36:3f:d3:12:c0:13
+ a9:
+
+
+Public Key PIN:
+ pin-sha256:I1Gv1FM9aCxvuCmF0uDnbDbIJgm1TFB2dtJV5v2iCEA=
+Public Key ID:
+ sha256:2351afd4533d682c6fb82985d2e0e76c36c82609b54c507676d255e6fda20840
+ sha1:a85b7025c64e3ee94c2ff34fd41390b9ad3e1ee9
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA0iG5y9VYkZPQgD3q0oq1KQbZ0eKmA18z0pFSc1+TyiyZHies
++qCD6IqIeffu9IqS+SuBE5Jm1BWij/i65O5edwbwJz/AWta1jVdoM4MoooRgrOzf
+4mpofUc4+ZUAr81CYYk3KYXKbVftCCH/a2xIIBGs20oNQAR8UvBAVMfnXVSXOjAJ
+RGwP7LLZKnxNeJPGGT2ZVPWZi48h27EG31xXoGHnuljD9DOwqqzGdGVrw0VoKljh
+Pm/GoJiCj29lcSV7kd4lwSZPADXK0c5/7V0oTLhiuSoli2upha80esOeQ4IyACpJ
+jzuN4zDv6m1gfdUVcrP87Su6iKF5t8mnTniFNQIDAQABAoIBAB8MxLuN5ux7/w80
+FwLNZD+Pt5f/+a/93VZ8CsbplJkHRgjiq/jMxzERZ2E+dZzE7TrMZuJRe8hS+hZ0
+FonFf0fvSoVCMlY569Ha3JbgBp0dGnvy9JIsTwxT/eNDVTqlBe4LrI8CKgtGNsxA
+2dExyuaSNgyhQJv5DbXjsl3UvCdaF/0/vY5EVfLjlqzMEb5lAVWYkpKsWUb94hGA
+6xhWaoI8eewwtwabl1V0Nhd+2MaVTqXhVVoq1l3MhjmIgroxGZjXJigJ/rQ4/htD
+GRlPrvInGNYHmsIcZi1a5iIuynEm3HaPLvOE42Ffd9NjitBrQipvG5iRuYKN1MTz
+kpi0pPECgYEA4fQZNePi5xSmVotF+SsZuxOzZnNEXcppy3PZeFoP/d66dLNTcKmr
+UiI0eKImSqqPG2XBPt9ljJuacASucPbqxOUg+hbgT1b0e9EUzJThPFgCgpggzRPP
+okkTeojBhHKXTxvo1cttQ93SuAndT+7OAwvEwpvPPaCjV/0cyeuvrmcCgYEA7hMF
+8EwT4vgnU8StidkxuRvoF7nbNs1UDBXrUIXkiwPE8m2gQdyZIX4eiqFehv5T0nJT
+c4p+okOD1a+w4BqJtT+zJtKOkg3t0SnuxfH//Gcspl1MJ0CKXKEj1D8Ru+tRhL6D
+7HM8Lv9D9nQWuJU2KgseBIEECHpAId373ZcKdgMCgYBgouJJXw6DIBzH9MbXeyyF
+Czb2ASRjLJe0sPZ4d6RRQnniQXPVQmuINCLW2RqhYnLUF9/fQPIQgdg6QnZMz/22
+efxxmWkT5a+oaNKJcL8n7MgeDGwy6V8rHC/dfzGssMmvxtL85QT1OqDNn0Js1kh7
+mwPq63Jl/BcAIbu3TDqVzwKBgQChp2Ec7UuDjiSGCMIdG9Fbc8uAcL6c04cCPc/u
+eTvZ+NE+G5n5nqSLzWtHjpL07rRT7TUk+yFJZLab3hQn110yKPKopcgQ/ExC/koX
+Nl8vL49t12PiMzy/8Nq3P6v3Aa30iLhjUUvITaQEMIdNBmQk4C+dt0zZxMjPNj/T
+EsATqQKBgQCgTBVLhS+Bay7naDGEhAnERVUB2j0lnTdnqxkLH9Of/AkSMWZak9jZ
+8gDH9wMNK50tuDjQgt4D5yEDKU8qK7Vwo7xbvQ7xi7wiWEq0j/311POZMbHb9h3Z
+EqJICtAFGnLcjjBnPOBqtdyTb+QXeaFjLiV474bXnPPdW9K9Yk9E+Q==
+-----END RSA PRIVATE KEY-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/server-cert.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/server-cert.pem 2022-09-06 10:48:41.513496694 +0200
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIEVTCCAr2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMRkwFwYDVQQDExByc3lzbG9nK2NoYWluK2NhMB4XDTIy
+MDYwNjEzNDA0OVoXDTIzMDYwNjEzNDA0OVowbTELMAkGA1UEBhMCQ1oxEDAOBgNV
+BAgTB01vcmF2aWExDTALBgNVBAcTBEJybm8xEDAOBgNVBAoTB1JlZCBIYXQxDDAK
+BgNVBAsTA0dTUzEdMBsGA1UEAxMUcnN5c2xvZytjaGFpbitzZXJ2ZXIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3mDP67/SPVbCCgInxXNr9sOLz2yWx
+fa4jtgdbgWK5mib4XdPYTdH6hRiur/n6yn9rzhDeFFMUhSwQpQ81OyZfUFNU0A0q
+x7AZMgVOm3ZqMDk8O57UfuSdURJJPsEwMzZ8Q5d6wyq7xheX0DZjB8LUN8J6SX4w
+K2Ok1wCBOQdfjvW09tOVqQK7puHq85UWsEBTiZ7ie1Fg6FLNscPVoavjNNyYAORM
+Vz0Byv1zBdJzBHufqHUdjX7uMkUPcKfiU/TjQWMRYF3Yp5z2wFohi4Zgtise7xW5
+SfgcAIjA1bm5xMIaiUxRUZHUhCaoj6c2vZygrFO7MuB/2ngoEbqZ57pdAgMBAAGj
+gYMwgYAwDAYDVR0TAQH/BAIwADAwBgNVHREEKTAnggZmZWRvcmGHBH8AAAGBF3Jv
+b3RAZmVkb3JhdGxzd3d3c2VydmVyMB0GA1UdDgQWBBRxxQqJoRCHlrmwDLcB0aU3
+W/QRbDAfBgNVHSMEGDAWgBQ7t+ub2L0VzaTLfpubh4rnDk2RmjANBgkqhkiG9w0B
+AQsFAAOCAYEAkheMCnXNDh2fOhMyOifBFKqlUUsYzZoYU5UNweZijdKAKxJ4zdsS
+i31a2IG4ePBPX7PShUUr2E1PEQ2XBDi/HcCoK54qcqzhxGS83Rf/2YxN4BjU8jaA
+7RhIA0fv5haKxxhjRIDT6vsAXPB0HM/f3Y+E21GVbsQVUE1pP8QrDkcU0EwIjEfW
+tFEBitmb0s/11d8/ZLdYAuvvfzDzuN9kuAcj5dkdpB5Wo9R3h2NXnD6EIWIUHn/I
+zwgXdb/n9gUI6jQMC6shFjXScVT2jgjfziWi/M66PBbtEbEnhOEKdbW0o2lPiL3j
+2UDj6fMshRBAnSoBtEYm/lywBs3vDUGpMUSQFIAwPgUkizAl5DEdmE9PLqRL9HNT
+UIg8tQql9Xr29edEiuMHpIyH8eEa+KI2CpKG3KfYDBMaC7z9MvkpYuSuIG3dsQxy
+YguWDH7c0iosQVpHx8dxj5Exj1/QOXcD5tAVY/+DBe48nRzDTlZmRGQjtqr6Nw0j
+BIXBoqaes0D4
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFBzCCA2+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMR0wGwYDVQQDExRyc3lzbG9nK2NoYWluK2Nhcm9vdDAe
+Fw0yMjA2MDYxMzQwNDlaFw0yMzA2MDYxMzQwNDlaMGkxCzAJBgNVBAYTAkNaMRAw
+DgYDVQQIEwdNb3JhdmlhMQ0wCwYDVQQHEwRCcm5vMRAwDgYDVQQKEwdSZWQgSGF0
+MQwwCgYDVQQLEwNHU1MxGTAXBgNVBAMTEHJzeXNsb2crY2hhaW4rY2EwggGiMA0G
+CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQD6yDdc9T3oddk5smOhF8OkRXwb2nvC
+M4RPPiuiACvbVoc3UdW2e4NI77J75JzNQL3gQUpgxGcvWiQt3R67ecYgIWiq0zpi
+MrcU3S0dboK10A6NXtcVc4RgwUPf0c8toM975c/6q2XT9Q0SbcI7HKXdzTXQZJDz
+sqQ3UjJuoCLSl6Dd8M0HXJnd2HlF1h5JeIp5vGrCJzQ5SyO6b4jVODtx/uXBohGn
+2x8NdB7wO5NecDyryrwv+FsUXWS4NNmj917bBuXSx3SmW/G7e8AFvcHN8VG6AxH7
+nap+EWGQia+LNG489flgU3U7Ec8zpTrI1wU6bUi6lK/RPxU0ViCaceGjXfoNofIc
+gGJOSS0LaHjM+c4OhmKWrIJ59j2L/rlIvmfqRO3qgThF4eaOfQTbixe/oiy3gR85
++X6YDXvBwTGZDD6OeG1fCzx/snQLiP3/dRv6LJFE8Krawc9OCOWRDRlIxubrkmYz
+LVBxcFgI4BBGNYVsaMSYrkCVaS2Rv1sNAi0CAwEAAaOBtTCBsjAPBgNVHRMBAf8E
+BTADAQH/MCQGA1UdEQQdMBuCBmZlZG9yYYcEfwAAAYELcm9vdEBmZWRvcmEwDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ7t+ub2L0VzaTLfpubh4rnDk2RmjAfBgNV
+HSMEGDAWgBSv9FgWjwDV6oGLewYzCo2/AdWTmzApBgNVHR8EIjAgMB6gHKAahhho
+dHRwOi8vMTI3LjAuMC4xL2dldGNybC8wDQYJKoZIhvcNAQELBQADggGBADrv9nld
+FjKZCIVQCVxYc1/KFFnKo2KRCqvSdfb235Kx+5tSFWUsOfkSGjfLrv2+IFKSirFQ
+uFSac/qOrMo/W/4A+ypahG9Sx9PRD626/myr8exee2ygkcuGOuXvX3HkcpzNCmId
+ZS5ygtscFq3NdntwBJHe2ANOSJKIIBzC+gzn4r/V6PdxPEjiUrFs515/RBByi63r
+wWPeqvbaectyZyFIS0XN3LAjVb+zu0NQJqBpUGJlRBI1bRbPECu94LB8Huk/jgSJ
+OyFUKrnNeqaGqKnRfHxJxT/LjeTkQ/5cCOQTuE9IPbRvTykUzUQ3PrltwNqzAb44
+9Trqvqg+qGTfNuI7EZAO26zXbltYVZ+BmlULjKors49Ozq5l1JIevvq66etrE9oT
+DsII88MSIWn8bqaXETfKdIWtWu7Os7tmBTnfDQWGpNDJ3UwDpkyQPYJZJuSfELX0
+jpuWuE/1SbLxTx8eAe83z4yM3C21Kg5K2eJ0udagjM8xPdqYI8tF/4bNbA==
+-----END CERTIFICATE-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-key.pem rsyslog-8.2102.0/tests/testsuites/certchain/server-key.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-key.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/server-key.pem 2022-09-06 12:10:28.635549755 +0200
@@ -0,0 +1,133 @@
+Public Key Info:
+ Public Key Algorithm: RSA
+ Key Security Level: Medium (2048 bits)
+
+modulus:
+ 00:b7:98:33:fa:ef:f4:8f:55:b0:82:80:89:f1:5c:da
+ fd:b0:e2:f3:db:25:b1:7d:ae:23:b6:07:5b:81:62:b9
+ 9a:26:f8:5d:d3:d8:4d:d1:fa:85:18:ae:af:f9:fa:ca
+ 7f:6b:ce:10:de:14:53:14:85:2c:10:a5:0f:35:3b:26
+ 5f:50:53:54:d0:0d:2a:c7:b0:19:32:05:4e:9b:76:6a
+ 30:39:3c:3b:9e:d4:7e:e4:9d:51:12:49:3e:c1:30:33
+ 36:7c:43:97:7a:c3:2a:bb:c6:17:97:d0:36:63:07:c2
+ d4:37:c2:7a:49:7e:30:2b:63:a4:d7:00:81:39:07:5f
+ 8e:f5:b4:f6:d3:95:a9:02:bb:a6:e1:ea:f3:95:16:b0
+ 40:53:89:9e:e2:7b:51:60:e8:52:cd:b1:c3:d5:a1:ab
+ e3:34:dc:98:00:e4:4c:57:3d:01:ca:fd:73:05:d2:73
+ 04:7b:9f:a8:75:1d:8d:7e:ee:32:45:0f:70:a7:e2:53
+ f4:e3:41:63:11:60:5d:d8:a7:9c:f6:c0:5a:21:8b:86
+ 60:b6:2b:1e:ef:15:b9:49:f8:1c:00:88:c0:d5:b9:b9
+ c4:c2:1a:89:4c:51:51:91:d4:84:26:a8:8f:a7:36:bd
+ 9c:a0:ac:53:bb:32:e0:7f:da:78:28:11:ba:99:e7:ba
+ 5d:
+
+public exponent:
+ 01:00:01:
+
+private exponent:
+ 68:06:20:25:a5:82:0f:18:c1:3b:20:33:88:83:51:3d
+ 7e:d5:08:d0:79:a9:f8:89:0b:88:de:e0:55:0e:28:15
+ 94:d1:12:f0:ae:55:61:8d:2d:8e:8f:a3:fb:e2:c2:8b
+ b1:fc:7f:08:25:c1:f1:15:87:a3:22:b2:dc:39:58:83
+ 96:d2:b0:72:75:93:70:b3:71:83:2b:08:a0:03:57:25
+ 5d:b8:a8:1b:55:51:54:9d:62:4b:17:1f:2c:7c:ef:f7
+ 86:2f:12:0c:27:ba:f5:cb:c6:a0:69:03:f7:d6:74:e8
+ a3:73:58:b0:7d:84:33:81:70:eb:b5:48:82:94:8f:ea
+ 4c:c7:9c:58:02:90:68:b1:64:29:df:a8:8a:69:15:d4
+ 49:21:2f:aa:25:f1:e7:10:8b:93:37:ca:51:d3:4e:d6
+ de:cf:60:04:6b:10:41:1b:f5:0f:be:b7:2a:cd:41:44
+ 50:25:be:e5:57:60:1e:3e:e9:d7:70:86:68:a6:4f:3d
+ 7d:d8:0e:7f:9b:de:de:e6:02:35:33:9f:b6:68:bb:cd
+ 2f:33:69:09:9e:da:91:6b:16:89:db:14:20:59:3a:92
+ 7e:78:4e:e1:02:3f:c8:a5:3f:bd:f2:bc:3a:da:f2:97
+ 06:f5:96:eb:c8:09:f7:04:cb:7f:e2:e2:12:52:d4:21
+
+
+prime1:
+ 00:ed:e4:b8:72:ee:b0:9e:38:db:f8:e7:fa:52:a5:94
+ 4a:4b:05:54:f0:96:23:72:d6:01:ba:9f:f4:3e:65:24
+ 29:c0:47:4a:6f:a9:a4:02:36:c5:2c:c5:ea:cd:09:5c
+ 2d:8e:3c:56:aa:e4:e7:85:32:a8:a7:4f:18:12:17:8c
+ 93:15:07:da:3e:f4:df:33:7e:35:39:59:2d:f4:1c:ba
+ 65:e8:42:c7:75:a0:c2:53:47:ad:ee:74:44:21:6a:42
+ 75:7f:40:1f:8b:06:0e:df:c3:02:4d:50:58:75:f2:29
+ 58:e2:0c:a0:7b:fe:be:c4:ab:76:ff:24:c1:4b:e6:ce
+ 75:
+
+prime2:
+ 00:c5:91:7c:48:59:dd:05:68:5c:8a:46:0b:3b:69:92
+ 80:d1:c6:28:27:88:c8:a9:73:7c:32:ee:87:a7:31:29
+ ff:56:38:41:07:3e:0f:01:5c:cf:eb:93:db:e7:fb:b9
+ e7:15:94:93:ea:fa:f8:60:79:c6:16:d2:db:9b:64:5f
+ c3:b8:f0:52:c0:e7:ff:e0:9a:94:22:fb:7e:5e:80:8f
+ c0:ca:46:f4:87:91:e7:ad:6d:74:26:d1:fa:c0:f8:f5
+ 7e:b3:0c:bb:23:5e:7d:5d:8b:c9:2e:68:76:be:d4:b4
+ 75:de:3c:70:70:ad:1e:64:de:e4:1d:f7:df:af:46:0f
+ 49:
+
+coefficient:
+ 00:89:f1:2c:f9:14:89:25:21:7a:ad:75:30:f0:b1:e7
+ 20:b3:14:14:d7:c9:b6:78:3c:c7:c8:92:3a:64:8e:47
+ d0:10:fc:01:a9:a6:25:a5:61:6d:8f:da:d4:85:fa:06
+ 9f:a5:27:a8:7d:38:e2:67:19:65:ab:a9:00:52:8c:f3
+ 51:fe:f9:a6:4f:ab:47:04:0a:86:ae:f0:fe:3d:2d:72
+ 76:6d:ad:03:48:af:23:67:92:28:34:83:bc:45:7d:c0
+ 45:ca:89:4a:4f:dd:11:a6:3a:5a:23:47:f4:7c:82:42
+ dc:e8:56:85:d8:1b:9d:08:9c:6e:ca:17:58:d7:d4:bb
+ 77:
+
+exp1:
+ 21:50:b8:ac:0f:d5:58:33:2a:4b:2f:61:95:15:6f:31
+ 00:54:9c:d2:9c:94:16:4e:f6:2b:06:9f:93:e5:62:2d
+ 1e:aa:5d:38:4a:0f:97:e7:c7:b1:3f:7e:64:7c:7d:16
+ 3c:27:23:14:07:be:8c:9e:cd:93:b0:b5:f4:42:ac:03
+ 25:1c:d6:69:9e:ad:6b:6e:af:51:7a:b5:be:cc:0f:26
+ 9a:62:4f:c0:9f:64:d7:78:e0:58:d6:9b:7b:fa:7f:98
+ 28:db:f8:0e:e6:28:4b:19:ea:46:9d:8b:e5:e8:a5:f5
+ b6:a2:82:0f:1b:5b:e7:fb:03:4d:33:fe:85:fc:aa:c9
+
+
+exp2:
+ 59:36:db:22:68:c1:ef:a1:32:b8:95:ec:98:85:91:cc
+ 6d:ed:c7:50:22:ea:49:ea:86:59:11:71:5c:44:4d:2c
+ aa:28:78:e4:e6:57:2c:4c:56:ef:90:33:2b:4c:76:a4
+ 2d:10:8c:c2:fd:55:8f:6b:2d:d2:3c:a1:42:48:4f:1e
+ 38:b2:fd:0b:73:38:0e:9a:7e:ee:55:16:b9:61:e0:88
+ 34:4f:5a:38:a5:e0:32:66:4c:9f:03:0e:f2:78:f9:92
+ 9f:13:ce:a5:a8:13:80:5c:91:1a:4d:bd:e1:6a:77:9b
+ 0a:21:cc:bc:74:d0:56:c8:77:c6:38:9a:5f:b1:89:51
+
+
+
+Public Key PIN:
+ pin-sha256:FSR0pC1TUEe+ZMU7YSVDDmYP4hmDlsIJRKf4D8LiJZ8=
+Public Key ID:
+ sha256:152474a42d535047be64c53b6125430e660fe2198396c20944a7f80fc2e2259f
+ sha1:71c50a89a1108796b9b00cb701d1a5375bf4116c
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAt5gz+u/0j1WwgoCJ8Vza/bDi89slsX2uI7YHW4FiuZom+F3T
+2E3R+oUYrq/5+sp/a84Q3hRTFIUsEKUPNTsmX1BTVNANKsewGTIFTpt2ajA5PDue
+1H7knVESST7BMDM2fEOXesMqu8YXl9A2YwfC1DfCekl+MCtjpNcAgTkHX471tPbT
+lakCu6bh6vOVFrBAU4me4ntRYOhSzbHD1aGr4zTcmADkTFc9Acr9cwXScwR7n6h1
+HY1+7jJFD3Cn4lP040FjEWBd2Kec9sBaIYuGYLYrHu8VuUn4HACIwNW5ucTCGolM
+UVGR1IQmqI+nNr2coKxTuzLgf9p4KBG6mee6XQIDAQABAoIBAGgGICWlgg8YwTsg
+M4iDUT1+1QjQean4iQuI3uBVDigVlNES8K5VYY0tjo+j++LCi7H8fwglwfEVh6Mi
+stw5WIOW0rBydZNws3GDKwigA1clXbioG1VRVJ1iSxcfLHzv94YvEgwnuvXLxqBp
+A/fWdOijc1iwfYQzgXDrtUiClI/qTMecWAKQaLFkKd+oimkV1EkhL6ol8ecQi5M3
+ylHTTtbez2AEaxBBG/UPvrcqzUFEUCW+5VdgHj7p13CGaKZPPX3YDn+b3t7mAjUz
+n7Zou80vM2kJntqRaxaJ2xQgWTqSfnhO4QI/yKU/vfK8Otrylwb1luvICfcEy3/i
+4hJS1CECgYEA7eS4cu6wnjjb+Of6UqWUSksFVPCWI3LWAbqf9D5lJCnAR0pvqaQC
+NsUsxerNCVwtjjxWquTnhTKop08YEheMkxUH2j703zN+NTlZLfQcumXoQsd1oMJT
+R63udEQhakJ1f0AfiwYO38MCTVBYdfIpWOIMoHv+vsSrdv8kwUvmznUCgYEAxZF8
+SFndBWhcikYLO2mSgNHGKCeIyKlzfDLuh6cxKf9WOEEHPg8BXM/rk9vn+7nnFZST
+6vr4YHnGFtLbm2Rfw7jwUsDn/+CalCL7fl6Aj8DKRvSHkeetbXQm0frA+PV+swy7
+I159XYvJLmh2vtS0dd48cHCtHmTe5B33369GD0kCgYAhULisD9VYMypLL2GVFW8x
+AFSc0pyUFk72Kwafk+ViLR6qXThKD5fnx7E/fmR8fRY8JyMUB76Mns2TsLX0QqwD
+JRzWaZ6ta26vUXq1vswPJppiT8CfZNd44FjWm3v6f5go2/gO5ihLGepGnYvl6KX1
+tqKCDxtb5/sDTTP+hfyqyQKBgFk22yJowe+hMriV7JiFkcxt7cdQIupJ6oZZEXFc
+RE0sqih45OZXLExW75AzK0x2pC0QjML9VY9rLdI8oUJITx44sv0LczgOmn7uVRa5
+YeCINE9aOKXgMmZMnwMO8nj5kp8TzqWoE4BckRpNveFqd5sKIcy8dNBWyHfGOJpf
+sYlRAoGBAInxLPkUiSUheq11MPCx5yCzFBTXybZ4PMfIkjpkjkfQEPwBqaYlpWFt
+j9rUhfoGn6UnqH044mcZZaupAFKM81H++aZPq0cECoau8P49LXJ2ba0DSK8jZ5Io
+NIO8RX3ARcqJSk/dEaY6WiNH9HyCQtzoVoXYG50InG7KF1jX1Lt3
+-----END RSA PRIVATE KEY-----

195
SOURCES/rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch
Unescape View File

@ -1,195 +0,0 @@
diff -up rsyslog-8.2102.0/configure.ac.orig rsyslog-8.2102.0/configure.ac
--- rsyslog-8.2102.0/configure.ac.orig 2022-11-21 11:39:40.717183684 +0100
+++ rsyslog-8.2102.0/configure.ac 2022-11-21 11:40:18.697206706 +0100
@@ -387,6 +387,28 @@ if test "$enable_fmhash_xxhash" = "yes";
])
fi
+AC_ARG_ENABLE(libcap-ng,
+ [AS_HELP_STRING([--enable-libcap-ng],[Enable dropping capabilities to only the necessary set @<:@default=no@:>@])],
+ [case "${enableval}" in
+ yes) enable_libcapng="yes" ;;
+ no) enable_libcapng="no" ;;
+ *) AC_MSG_ERROR(bad value ${enableval} for --enable_libcapng) ;;
+ esac],
+ [enable_libcapng=no]
+)
+
+if test "$enable_libcapng" = "yes"; then
+ PKG_CHECK_MODULES(
+ [LIBCAPNG],
+ [libcap-ng >= 0.8.2],
+ [AC_DEFINE([ENABLE_LIBCAPNG], [1], [Indicator that libcap-ng is present])],
+ [AC_MSG_ERROR(libcap-ng is not present.)]
+ )
+ CFLAGS="$CFLAGS $LIBCAPNG_CFLAGS"
+ LIBS="$LIBS $LIBCAPNG_LIBS"
+fi
+
+
#gssapi
AC_ARG_ENABLE(gssapi_krb5,
@@ -2688,6 +2710,7 @@ echo " liblogging-stdlog support enab
echo " libsystemd enabled: $enable_libsystemd"
echo " kafka static linking enabled: $enable_kafka_static"
echo " atomic operations enabled: $enable_atomic_operations"
+echo " libcap-ng support enabled: $enable_libcapng"
echo
echo "---{ input plugins }---"
if test "$unamestr" != "AIX"; then
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2022-11-21 11:40:31.926214720 +0100
+++ rsyslog-8.2102.0/runtime/rsconf.c 2022-11-21 11:44:26.742356979 +0100
@@ -33,6 +33,9 @@
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/stat.h>
+#ifdef ENABLE_LIBCAPNG
+ #include <cap-ng.h>
+#endif
#include "rsyslog.h"
#include "obj.h"
@@ -546,6 +549,7 @@ rsRetVal doDropPrivGid(void)
uchar szBuf[1024];
DEFiRet;
+#ifndef ENABLE_LIBCAPNG
if(!ourConf->globals.gidDropPrivKeepSupplemental) {
res = setgroups(0, NULL); /* remove all supplemental group IDs */
if(res) {
@@ -560,9 +564,19 @@ rsRetVal doDropPrivGid(void)
if(res) {
rs_strerror_r(errno, (char*)szBuf, sizeof(szBuf));
LogError(0, RS_RET_ERR_DROP_PRIV,
- "could not set requested group id: %s", szBuf);
+ "could not set requested group id: %s via setgid()", szBuf);
ABORT_FINALIZE(RS_RET_ERR_DROP_PRIV);
}
+#else
+ int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
+ res = capng_change_id(-1, ourConf->globals.gidDropPriv, capng_flags);
+ if (res) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not set requested group id %d via capng_change_id()", ourConf->globals.gidDropPriv);
+ ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR);
+ }
+#endif
+
DBGPRINTF("setgid(%d): %d\n", ourConf->globals.gidDropPriv, res);
snprintf((char*)szBuf, sizeof(szBuf), "rsyslogd's groupid changed to %d",
ourConf->globals.gidDropPriv);
@@ -599,7 +613,14 @@ static void doDropPrivUid(int iUid)
iUid, szBuf);
}
+#ifndef ENABLE_LIBCAPNG
res = setuid(iUid);
+ // res = setuid(cnf->globals.uidDropPriv);
+#else
+ int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
+ res = capng_change_id(iUid, -1, capng_flags);
+#endif
+
if(res) {
/* if we can not set the userid, this is fatal, so let's unconditionally abort */
perror("could not set requested userid");
diff -up rsyslog-8.2102.0/runtime/rsyslog.h.orig rsyslog-8.2102.0/runtime/rsyslog.h
--- rsyslog-8.2102.0/runtime/rsyslog.h.orig 2022-11-21 11:45:09.007382588 +0100
+++ rsyslog-8.2102.0/runtime/rsyslog.h 2022-11-21 11:45:31.333396112 +0100
@@ -582,6 +582,7 @@ enum rsRetVal_ /** return value. All
RS_RET_RABBITMQ_CHANNEL_ERR = -2449, /**< RabbitMQ Connection error */
RS_RET_NO_WRKDIR_SET = -2450, /**< working directory not set, but desired by functionality */
RS_RET_ERR_QUEUE_FN_DUP = -2451, /**< duplicate queue file name */
+ RS_RET_LIBCAPNG_ERR = -2455, /**< error during dropping the capabilities */
/* RainerScript error messages (range 1000.. 1999) */
RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2022-11-21 11:45:17.587387786 +0100
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2022-11-21 11:46:19.509425295 +0100
@@ -38,6 +38,10 @@
# include <systemd/sd-daemon.h>
#endif
+#ifdef ENABLE_LIBCAPNG
+ #include <cap-ng.h>
+#endif
+
#include "rsyslog.h"
#include "wti.h"
#include "ratelimit.h"
@@ -321,7 +325,7 @@ checkStartupOK(void)
fprintf(stderr, "rsyslogd: error reading pid file, cannot start up\n");
ABORT_FINALIZE(RS_RET_ERR);
}
-
+
/* ok, we got a pid, let's check if the process is running */
const pid_t pid = (pid_t) pf_pid;
if(kill(pid, 0) == 0 || errno != ESRCH) {
@@ -1594,7 +1598,7 @@ initAll(int argc, char **argv)
localRet = RS_RET_OK;
}
CHKiRet(localRet);
-
+
CHKiRet(rsyslogd_InitStdRatelimiters());
if(bChDirRoot) {
@@ -2019,7 +2023,7 @@ deinitAll(void)
/* close the inputs */
DBGPRINTF("Terminating input threads...\n");
glbl.SetGlobalInputTermination();
-
+
thrdTerminateAll();
/* and THEN send the termination log message (see long comment above) */
@@ -2142,6 +2146,45 @@ main(int argc, char **argv)
if(log_dflt != NULL && !strcmp(log_dflt, "1"))
bProcessInternalMessages = 1;
dbgClassInit();
+
+#ifdef ENABLE_LIBCAPNG
+ /*
+ * Drop capabilities to the necessary set
+ */
+ int capng_rc;
+ capng_clear(CAPNG_SELECT_BOTH);
+
+ if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+ CAP_BLOCK_SUSPEND,
+ CAP_CHOWN,
+ CAP_IPC_LOCK,
+ CAP_LEASE,
+ CAP_NET_ADMIN,
+ CAP_NET_BIND_SERVICE,
+ CAP_PERFMON,
+ CAP_SETGID,
+ CAP_SETUID,
+ CAP_SYS_ADMIN,
+ CAP_SYS_CHROOT,
+ CAP_SYS_RESOURCE,
+ CAP_SYSLOG,
+ -1
+ )) != 0) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not update the internal posix capabilities settings "
+ "based on the options passed to it, capng_updatev=%d\n", capng_rc);
+ exit(-1);
+ }
+
+ if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not transfer the specified internal posix capabilities "
+ "settings to the kernel, capng_apply=%d\n", capng_rc);
+ exit(-1);
+ }
+ DBGPRINTF("Capabilities were dropped successfully\n");
+#endif
+
initAll(argc, argv);
#ifdef HAVE_LIBSYSTEMD
sd_notify(0, "READY=1");

12
SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
Unescape View File

@ -1,12 +0,0 @@
diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2023-05-19 10:32:32.467826852 +0200
+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2023-05-19 10:33:34.426902983 +0200
@@ -452,6 +452,8 @@ readjournal(void)
/* Get message identifier, client pid and add ':' */
if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
+ } else if (journalGetData("_COMM", &get, &length) >= 0) {
+ CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden));
} else {
CHKmalloc(sys_iden = strdup(cs.dfltTag));
}

20
SOURCES/rsyslog-8.2102.0-rhbz2157658-imklog.patch
Unescape View File

@ -1,20 +0,0 @@
diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c
index 6c24b5a2db..78cfc3bae2 100644
--- a/plugins/imklog/imklog.c
+++ b/plugins/imklog/imklog.c
@@ -453,6 +453,7 @@ ENDactivateCnf
BEGINfreeCnf
CODESTARTfreeCnf
+ free(pModConf->pszBindRuleset);
ENDfreeCnf
@@ -475,7 +476,6 @@ CODESTARTmodExit
if(pInputName != NULL)
prop.Destruct(&pInputName);
- free(runModConf->pszBindRuleset);
/* release objects we used */
objRelease(glbl, CORE_COMPONENT);
objRelease(net, CORE_COMPONENT);

72
SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
Unescape View File

@ -1,72 +0,0 @@
diff -up rsyslog-8.2102.0/parse.h.orig rsyslog-8.2102.0/parse.h
--- rsyslog-8.2102.0/parse.h.orig 2023-05-09 09:10:09.236597063 +0200
+++ rsyslog-8.2102.0/parse.h 2023-05-09 09:10:26.913608034 +0200
@@ -56,7 +56,7 @@ struct rsParsObject
rsObjID OID; /**< object ID */
#endif
cstr_t *pCStr; /**< pointer to the string object we are parsing */
- int iCurrPos; /**< current parsing position (char offset) */
+ size_t iCurrPos; /**< current parsing position (char offset) */
};
typedef struct rsParsObject rsParsObj;
diff -up rsyslog-8.2102.0/runtime/stream.c.orig rsyslog-8.2102.0/runtime/stream.c
--- rsyslog-8.2102.0/runtime/stream.c.orig 2023-05-09 09:10:34.122612508 +0200
+++ rsyslog-8.2102.0/runtime/stream.c 2023-05-09 09:12:47.934640583 +0200
@@ -1071,7 +1071,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t
cstr_t *thisLine = NULL;
rsRetVal readCharRet;
const time_t tCurr = pThis->readTimeout ? getTime(NULL) : 0;
- int maxMsgSize = glblGetMaxLine();
+ size_t maxMsgSize = glblGetMaxLine();
DEFiRet;
do {
@@ -1132,9 +1132,9 @@ strmReadMultiLine(strm_t *pThis, cstr_t
}
- int currLineLen = cstrLen(thisLine);
+ size_t currLineLen = cstrLen(thisLine);
if(currLineLen > 0) {
- int len;
+ size_t len;
if((len = cstrLen(pThis->prevMsgSegment) + currLineLen) <
maxMsgSize) {
CHKiRet(cstrAppendCStr(pThis->prevMsgSegment, thisLine));
@@ -1144,7 +1144,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t
len = 0;
} else {
len = currLineLen-(len-maxMsgSize);
- for(int z=0; z<len; z++) {
+ for(size_t z=0; z<len; z++) {
cstrAppendChar(pThis->prevMsgSegment,
thisLine->pBuf[z]);
}
diff -up rsyslog-8.2102.0/runtime/stringbuf.c.orig rsyslog-8.2102.0/runtime/stringbuf.c
--- rsyslog-8.2102.0/runtime/stringbuf.c.orig 2023-05-09 09:09:37.627577446 +0200
+++ rsyslog-8.2102.0/runtime/stringbuf.c 2023-05-09 09:09:59.061590749 +0200
@@ -474,7 +474,7 @@ finalize_it:
* This is due to performance reasons.
*/
#ifndef NDEBUG
-int cstrLen(cstr_t *pThis)
+size_t cstrLen(cstr_t *pThis)
{
rsCHECKVALIDOBJECT(pThis, OIDrsCStr);
return(pThis->iStrLen);
diff -up rsyslog-8.2102.0/runtime/stringbuf.h.orig rsyslog-8.2102.0/runtime/stringbuf.h
--- rsyslog-8.2102.0/runtime/stringbuf.h.orig 2023-05-09 09:08:05.199520082 +0200
+++ rsyslog-8.2102.0/runtime/stringbuf.h 2023-05-09 09:09:26.924570803 +0200
@@ -144,9 +144,9 @@ rsRetVal cstrAppendCStr(cstr_t *pThis, c
/* now come inline-like functions */
#ifdef NDEBUG
-# define cstrLen(x) ((int)((x)->iStrLen))
+# define cstrLen(x) ((size_t)((x)->iStrLen))
#else
- int cstrLen(cstr_t *pThis);
+ size_t cstrLen(cstr_t *pThis);
#endif
#define rsCStrLen(s) cstrLen((s))

37
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch
Unescape View File

@ -1,37 +0,0 @@
diff -up rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c
--- rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig 2023-05-11 14:14:39.778187570 +0200
+++ rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c 2023-05-11 14:15:36.254234445 +0200
@@ -232,7 +232,11 @@ static rsRetVal curlSetup(wrkrInstanceDa
BEGINcreateInstance
CODESTARTcreateInstance
pData->fdErrFile = -1;
- pthread_mutex_init(&pData->mutErrFile, NULL);
+ if(pthread_mutex_init(&pData->mutErrFile, NULL) != 0) {
+ LogError(errno, RS_RET_ERR, "omelasticsearch: cannot create "
+ "error file mutex, failing this action");
+ ABORT_FINALIZE(RS_RET_ERR);
+ }
pData->caCertFile = NULL;
pData->myCertFile = NULL;
pData->myPrivKeyFile = NULL;
@@ -240,6 +244,7 @@ CODESTARTcreateInstance
pData->retryRulesetName = NULL;
pData->retryRuleset = NULL;
pData->rebindInterval = DEFAULT_REBIND_INTERVAL;
+finalize_it:
ENDcreateInstance
BEGINcreateWrkrInstance
@@ -2165,10 +2170,12 @@ ENDfreeCnf
BEGINdoHUP
CODESTARTdoHUP
+ pthread_mutex_lock(&pData->mutErrFile);
if(pData->fdErrFile != -1) {
close(pData->fdErrFile);
pData->fdErrFile = -1;
}
+ pthread_mutex_unlock(&pData->mutErrFile);
ENDdoHUP

54
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch
Unescape View File

@ -1,54 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index 0808c6054e..d7d6c68e60 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -116,6 +116,7 @@ typedef struct instanceConf_s {
uchar **serverBaseUrls;
int numServers;
long healthCheckTimeout;
+ long indexTimeout;
uchar *uid;
uchar *pwd;
uchar *authBuf;
@@ -187,6 +188,7 @@ static struct cnfparamdescr actpdescr[] = {
{ "server", eCmdHdlrArray, 0 },
{ "serverport", eCmdHdlrInt, 0 },
{ "healthchecktimeout", eCmdHdlrInt, 0 },
+ { "indextimeout", eCmdHdlrInt, 0 },
{ "uid", eCmdHdlrGetWord, 0 },
{ "pwd", eCmdHdlrGetWord, 0 },
{ "searchindex", eCmdHdlrGetWord, 0 },
@@ -355,6 +357,7 @@ CODESTARTdbgPrintInstInfo
dbgprintf("\ttemplate='%s'\n", pData->tplName);
dbgprintf("\tnumServers=%d\n", pData->numServers);
dbgprintf("\thealthCheckTimeout=%lu\n", pData->healthCheckTimeout);
+ dbgprintf("\tindexTimeout=%lu\n", pData->indexTimeout);
dbgprintf("\tserverBaseUrls=");
for(i = 0 ; i < pData->numServers ; ++i)
dbgprintf("%c'%s'", i == 0 ? '[' : ' ', pData->serverBaseUrls[i]);
@@ -1768,6 +1771,8 @@ curlPostSetup(wrkrInstanceData_t *const pWrkrData)
PTR_ASSERT_SET_TYPE(pWrkrData, WRKR_DATA_TYPE_ES);
curlSetupCommon(pWrkrData, pWrkrData->curlPostHandle);
curl_easy_setopt(pWrkrData->curlPostHandle, CURLOPT_POST, 1);
+ curl_easy_setopt(pWrkrData->curlPostHandle,
+ CURLOPT_TIMEOUT_MS, pWrkrData->pData->indexTimeout);
}
#define CONTENT_JSON "Content-Type: application/json; charset=utf-8"
@@ -1797,6 +1802,7 @@ setInstParamDefaults(instanceData *const pData)
pData->serverBaseUrls = NULL;
pData->defaultPort = 9200;
pData->healthCheckTimeout = 3500;
+ pData->indexTimeout = 0;
pData->uid = NULL;
pData->pwd = NULL;
pData->authBuf = NULL;
@@ -1865,6 +1871,8 @@ CODESTARTnewActInst
pData->defaultPort = (int) pvals[i].val.d.n;
} else if(!strcmp(actpblk.descr[i].name, "healthchecktimeout")) {
pData->healthCheckTimeout = (long) pvals[i].val.d.n;
+ } else if(!strcmp(actpblk.descr[i].name, "indextimeout")) {
+ pData->indexTimeout = (long) pvals[i].val.d.n;
} else if(!strcmp(actpblk.descr[i].name, "uid")) {
pData->uid = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(actpblk.descr[i].name, "pwd")) {

43
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch
Unescape View File

@ -1,43 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index 0808c6054e..ed9359732c 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -877,14 +877,6 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p
int i;
int numitems;
fjson_object *items=NULL, *jo_errors = NULL;
- int errors = 0;
-
- if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) {
- errors = fjson_object_get_boolean(jo_errors);
- if (!errors && pWrkrData->pData->retryFailures) {
- return RS_RET_OK;
- }
- }
/*iterate over items*/
if(!fjson_object_object_get_ex(replyRoot, "items", &items)) {
@@ -897,6 +889,15 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p
numitems = fjson_object_array_length(items);
+ int errors = 0;
+ if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) {
+ errors = fjson_object_get_boolean(jo_errors);
+ if (!errors && pWrkrData->pData->retryFailures) {
+ STATSCOUNTER_ADD(indexSuccess, mutIndexSuccess, numitems);
+ return RS_RET_OK;
+ }
+ }
+
if (reqmsg) {
DBGPRINTF("omelasticsearch: Entire request %s\n", reqmsg);
} else {
@@ -1267,6 +1268,7 @@ getDataRetryFailures(context *ctx,int itemStatus,char *request,char *response,
response);
}
}
+
need_free_omes = 0;
CHKiRet(msgAddJSON(msg, (uchar*)".omes", omes, 0, 0));
MsgSetRuleset(msg, ctx->retryRuleset);

148
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch
Unescape View File

@ -1,148 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index ed9359732c..8200403eaf 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -86,12 +86,14 @@ STATSCOUNTER_DEF(rebinds, mutRebinds)
static prop_t *pInputName = NULL;
# define META_STRT "{\"index\":{\"_index\": \""
-# define META_STRT_CREATE "{\"create\":{\"_index\": \""
+# define META_STRT_CREATE "{\"create\":{" /* \"_index\": \" */
+# define META_IX "\"_index\": \""
# define META_TYPE "\",\"_type\":\""
# define META_PIPELINE "\",\"pipeline\":\""
# define META_PARENT "\",\"_parent\":\""
# define META_ID "\", \"_id\":\""
# define META_END "\"}}\n"
+# define META_END_NOQUOTE " }}\n"
typedef enum {
ES_WRITE_INDEX,
@@ -362,8 +364,8 @@ CODESTARTdbgPrintInstInfo
dbgprintf("\tdefaultPort=%d\n", pData->defaultPort);
dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid);
dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : "");
- dbgprintf("\tsearch index='%s'\n", pData->searchIndex);
- dbgprintf("\tsearch type='%s'\n", pData->searchType);
+ dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex);
+ dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType);
dbgprintf("\tpipeline name='%s'\n", pData->pipelineName);
dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName);
dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty);
@@ -596,8 +598,8 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls,
}
done:
- assert(srchIndex != NULL);
- assert(srchType != NULL);
+ //assert(srchIndex != NULL);
+ //assert(srchType != NULL);
return;
}
@@ -633,9 +635,14 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
parent = NULL;
} else {
getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
- r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
- if(r == 0) r = es_addChar(&url, '/');
- if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType));
+ if(searchIndex != NULL) {
+ r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
+ if(r == 0) r = es_addChar(&url, '/');
+ if(searchType != NULL) {
+ if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType));
+ }
+ } else
+ r = 0;
if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
if(r == 0) r = es_addChar(&url, separator);
if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1);
@@ -692,7 +699,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
uchar *pipelineName;
getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
- r += ustrlen((char *)message) + ustrlen(searchIndex) + ustrlen(searchType);
+ r += ustrlen((char *)message);
+ if(searchIndex != NULL)
+ r += ustrlen(searchIndex);
+ if(searchType != NULL)
+ r += ustrlen(searchType);
if(parent != NULL) {
r += sizeof(META_PARENT)-1 + ustrlen(parent);
@@ -717,6 +728,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
{
int length = strlen((char *)message);
int r;
+ int endQuote = 1;
uchar *searchIndex = NULL;
uchar *searchType;
uchar *parent = NULL;
@@ -725,28 +737,43 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
DEFiRet;
getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
- if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE)
+ if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) {
r = es_addBuf(&pWrkrData->batch.data, META_STRT_CREATE, sizeof(META_STRT_CREATE)-1);
- else
+ endQuote = 0;
+ } else
r = es_addBuf(&pWrkrData->batch.data, META_STRT, sizeof(META_STRT)-1);
- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex,
+ if(searchIndex != NULL) {
+ endQuote = 1;
+ if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE)
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1);
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex,
ustrlen(searchIndex));
- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1);
- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType,
+ if(searchType != NULL) {
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1);
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType,
ustrlen(searchType));
+ }
+ }
if(parent != NULL) {
+ endQuote = 1;
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PARENT, sizeof(META_PARENT)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)parent, ustrlen(parent));
}
if(pipelineName != NULL && (!pWrkrData->pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
+ endQuote = 1;
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PIPELINE, sizeof(META_PIPELINE)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)pipelineName, ustrlen(pipelineName));
}
if(bulkId != NULL) {
+ endQuote = 1;
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_ID, sizeof(META_ID)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)bulkId, ustrlen(bulkId));
}
- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1);
+ if(endQuote == 0) {
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END_NOQUOTE, sizeof(META_END_NOQUOTE)-1);
+ } else {
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1);
+ }
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)message, length);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, "\n", sizeof("\n")-1);
if(r != 0) {
@@ -2094,6 +2121,8 @@ CODESTARTnewActInst
CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls));
}
+ //Only needed befor ES-Version 7.x
+ /*
if(pData->searchIndex == NULL)
pData->searchIndex = (uchar*) strdup("system");
if(pData->searchType == NULL)
@@ -2104,6 +2133,7 @@ CODESTARTnewActInst
"omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation);
ABORT_FINALIZE(RS_RET_CONFIG_ERROR);
}
+ */
if (pData->retryFailures) {
CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL));

118
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch
Unescape View File

@ -1,118 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index 8200403eaf..8b74d610df 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -130,6 +130,7 @@ typedef struct instanceConf_s {
uchar *timeout;
uchar *bulkId;
uchar *errorFile;
+ int esVersion;
sbool errorOnly;
sbool interleaved;
sbool dynSrchIdx;
@@ -221,7 +222,8 @@ static struct cnfparamdescr actpdescr[] = {
{ "ratelimit.interval", eCmdHdlrInt, 0 },
{ "ratelimit.burst", eCmdHdlrInt, 0 },
{ "retryruleset", eCmdHdlrString, 0 },
- { "rebindinterval", eCmdHdlrInt, 0 }
+ { "rebindinterval", eCmdHdlrInt, 0 },
+ { "esversion.major", eCmdHdlrPositiveInt, 0 }
};
static struct cnfparamblk actpblk =
{ CNFPARAMBLK_VERSION,
@@ -246,6 +248,7 @@ CODESTARTcreateInstance
pData->retryRulesetName = NULL;
pData->retryRuleset = NULL;
pData->rebindInterval = DEFAULT_REBIND_INTERVAL;
+ pData->esVersion = 0;
finalize_it:
ENDcreateInstance
@@ -364,8 +367,10 @@ CODESTARTdbgPrintInstInfo
dbgprintf("\tdefaultPort=%d\n", pData->defaultPort);
dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid);
dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : "");
- dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex);
- dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType);
+ dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL
+ ? (uchar*)"(not configured)" : pData->searchIndex);
+ dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL
+ ? (uchar*)"(not configured)" : pData->searchType);
dbgprintf("\tpipeline name='%s'\n", pData->pipelineName);
dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName);
dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty);
@@ -598,8 +603,6 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls,
}
done:
- //assert(srchIndex != NULL);
- //assert(srchType != NULL);
return;
}
@@ -700,11 +703,12 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
r += ustrlen((char *)message);
- if(searchIndex != NULL)
- r += ustrlen(searchIndex);
- if(searchType != NULL)
- r += ustrlen(searchType);
-
+ if(searchIndex != NULL) {
+ r += ustrlen(searchIndex);
+ }
+ if(searchType != NULL) {
+ r += ustrlen(searchType);
+ }
if(parent != NULL) {
r += sizeof(META_PARENT)-1 + ustrlen(parent);
}
@@ -728,7 +732,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
{
int length = strlen((char *)message);
int r;
- int endQuote = 1;
+ int endQuote = 1;
uchar *searchIndex = NULL;
uchar *searchType;
uchar *parent = NULL;
@@ -1990,6 +1994,8 @@ CODESTARTnewActInst
pData->retryRulesetName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(actpblk.descr[i].name, "rebindinterval")) {
pData->rebindInterval = (int) pvals[i].val.d.n;
+ } else if(!strcmp(actpblk.descr[i].name, "esversion.major")) {
+ pData->esVersion = pvals[i].val.d.n;
} else {
LogError(0, RS_RET_INTERNAL_ERROR, "omelasticsearch: program error, "
"non-handled param '%s'", actpblk.descr[i].name);
@@ -2121,19 +2127,18 @@ CODESTARTnewActInst
CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls));
}
- //Only needed befor ES-Version 7.x
- /*
- if(pData->searchIndex == NULL)
- pData->searchIndex = (uchar*) strdup("system");
- if(pData->searchType == NULL)
- pData->searchType = (uchar*) strdup("events");
+ if(pData->esVersion < 8) {
+ if(pData->searchIndex == NULL)
+ pData->searchIndex = (uchar*) strdup("system");
+ if(pData->searchType == NULL)
+ pData->searchType = (uchar*) strdup("events");
- if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) {
- LogError(0, RS_RET_CONFIG_ERROR,
- "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation);
- ABORT_FINALIZE(RS_RET_CONFIG_ERROR);
+ if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) {
+ LogError(0, RS_RET_CONFIG_ERROR,
+ "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation);
+ ABORT_FINALIZE(RS_RET_CONFIG_ERROR);
+ }
}
- */
if (pData->retryFailures) {
CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL));

40
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch
Unescape View File

@ -1,40 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index 76d5081d3b..f481ec3f7e 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -620,6 +620,8 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
uchar *parent;
uchar *bulkId;
char* baseUrl;
+ /* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */
+ uchar* actualSearchType = (uchar*)"_doc";
es_str_t *url;
int r;
DEFiRet;
@@ -645,11 +647,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
if(searchIndex != NULL) {
r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
if(r == 0) r = es_addChar(&url, '/');
- if(searchType != NULL) {
- if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType));
- }
- } else
- r = 0;
+
+ if(searchType != NULL) {
+ actualSearchType = searchType;
+ }
+ if(r == 0) r = es_addChar(&url, '/');
+ if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType));
if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
if(r == 0) r = es_addChar(&url, separator);
if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1);
@@ -693,7 +696,7 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
const uchar *const message,
uchar **const tpls)
{
- size_t r = sizeof(META_TYPE)-1 + sizeof(META_END)-1 + sizeof("\n")-1;
+ size_t r = sizeof(META_END)-1 + sizeof("\n")-1;
if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE)
r += sizeof(META_STRT_CREATE)-1;
else

53
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch
Unescape View File

@ -1,53 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index f481ec3f7e..b297a9274f 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -623,7 +623,7 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
/* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */
uchar* actualSearchType = (uchar*)"_doc";
es_str_t *url;
- int r;
+ int r = 0;
DEFiRet;
instanceData *const pData = pWrkrData->pData;
char separator;
@@ -646,13 +646,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
if(searchIndex != NULL) {
r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
+ if(searchType != NULL && searchType[0] != '\0') {
+ actualSearchType = searchType;
+ }
if(r == 0) r = es_addChar(&url, '/');
-
- if(searchType != NULL) {
- actualSearchType = searchType;
+ if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType));
}
- if(r == 0) r = es_addChar(&url, '/');
- if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType));
if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
if(r == 0) r = es_addChar(&url, separator);
if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1);
@@ -714,7 +713,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
r += ustrlen(searchIndex);
}
if(searchType != NULL) {
- r += ustrlen(searchType);
+ if(searchType[0] == '\0') {
+ r += 4; // "_doc"
+ } else {
+ r += ustrlen(searchType);
+ }
}
if(parent != NULL) {
r += sizeof(META_PARENT)-1 + ustrlen(parent);
@@ -759,7 +762,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex,
ustrlen(searchIndex));
- if(searchType != NULL) {
+ if(searchType != NULL && searchType[0] != '\0') {
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType,
ustrlen(searchType));

32
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch
Unescape View File

@ -1,32 +0,0 @@
diff -up rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html
--- rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig 2023-05-11 15:56:24.308601241 +0200
+++ rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html 2023-05-11 15:57:11.000662477 +0200
@@ -156,6 +156,28 @@ this timeframe. Defaults to 3500.</p>
<p><em>Note, the health check is verifying connectivity only, not the state of
the Elasticsearch cluster.</em></p>
</div>
+
+<div class="section" id="esVersion.major">
+ <span id="id2"></span><h4>esVersion.major<a class="headerlink" href="#esVersion.major" title="Permalink to this headline">¶</a></h4>
+ <table border="1" class="colwidths-auto parameter-table docutils">
+ <thead valign="bottom">
+ <tr class="row-odd"><th class="head">type</th>
+ <th class="head">default</th>
+ <th class="head">mandatory</th>
+ <th class="head"><code class="docutils literal notranslate"><span class="pre">obsolete</span> <span class="pre">legacy</span></code> directive</th>
+ </tr>
+ </thead>
+ <tbody valign="top">
+ <tr class="row-even"><td>integer</td>
+ <td>0</td>
+ <td>no</td>
+ <td>none</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>ElasticSearch is notoriously bad at maintaining backwards compatibility. For this reason, the setting can be used to configure the servers major version number (e.g. 7, 8, …). As far as we know breaking changes only happen with major version changes. As of now, only value 8 triggers API changes. All other values select pre-version-8 API usage.</p>
+ </div>
+
<div class="section" id="searchindex">
<span id="id3"></span><h4>searchIndex<a class="headerlink" href="#searchindex" title="Permalink to this headline">¶</a></h4>
<table border="1" class="colwidths-auto parameter-table docutils">

109
SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
Unescape View File

@ -1,109 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
--- rsyslog-8.2102.0/runtime/glbl.c.orig 2023-06-27 08:20:45.265387162 +0200
+++ rsyslog-8.2102.0/runtime/glbl.c 2023-06-27 08:20:45.262387154 +0200
@@ -230,7 +230,8 @@ static struct cnfparamdescr cnfparamdesc
{ "reverselookup.cache.ttl.enable", eCmdHdlrBinary, 0 },
{ "shutdown.queue.doublesize", eCmdHdlrBinary, 0 },
{ "debug.files", eCmdHdlrArray, 0 },
- { "debug.whitelist", eCmdHdlrBinary, 0 }
+ { "debug.whitelist", eCmdHdlrBinary, 0 },
+ { "libcapng.default", eCmdHdlrBinary, 0 }
};
static struct cnfparamblk paramblk =
{ CNFPARAMBLK_VERSION,
@@ -1315,6 +1316,13 @@ glblDoneLoadCnf(void)
if(!strcmp(paramblk.descr[i].name, "workdirectory")) {
cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
setWorkDir(NULL, cstr);
+ } else if(!strcmp(paramblk.descr[i].name, "libcapng.default")) {
+#ifdef ENABLE_LIBCAPNG
+ loadConf->globals.bAbortOnFailedLibcapngSetup = (int) cnfparamvals[i].val.d.n;
+#else
+ LogError(0, RS_RET_ERR, "rsyslog wasn't "
+ "compiled with libcap-ng support.");
+#endif
} else if(!strcmp(paramblk.descr[i].name, "variables.casesensitive")) {
const int val = (int) cnfparamvals[i].val.d.n;
fjson_global_do_case_sensitive_comparison(val);
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-06-27 08:20:45.265387162 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.c 2023-06-27 08:20:45.264387159 +0200
@@ -146,6 +146,9 @@ int rsconfNeedDropPriv(rsconf_t *const c
static void cnfSetDefaults(rsconf_t *pThis)
{
+#ifdef ENABLE_LIBCAPNG
+ pThis->globals.bAbortOnFailedLibcapngSetup = 1;
+#endif
pThis->globals.bAbortOnUncleanConfig = 0;
pThis->globals.bReduceRepeatMsgs = 0;
pThis->globals.bDebugPrintTemplateList = 1;
diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
--- rsyslog-8.2102.0/runtime/rsconf.h.orig 2023-06-27 08:20:45.265387162 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.h 2023-06-27 08:20:45.260387149 +0200
@@ -61,6 +61,9 @@ struct queuecnf_s {
* be re-set as often as the user likes).
*/
struct globals_s {
+#ifdef ENABLE_LIBCAPNG
+ int bAbortOnFailedLibcapngSetup;
+#endif
int bDebugPrintTemplateList;
int bDebugPrintModuleList;
int bDebugPrintCfSysLineHandlerList;
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-06-27 08:20:45.245387109 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-06-27 08:31:35.250120215 +0200
@@ -2151,7 +2151,7 @@ main(int argc, char **argv)
/*
* Drop capabilities to the necessary set
*/
- int capng_rc;
+ int capng_rc, capng_failed = 0;
capng_clear(CAPNG_SELECT_BOTH);
if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
@@ -2161,10 +2161,9 @@ main(int argc, char **argv)
CAP_LEASE,
CAP_NET_ADMIN,
CAP_NET_BIND_SERVICE,
+ CAP_DAC_OVERRIDE,
CAP_SETGID,
CAP_SETUID,
- CAP_DAC_OVERRIDE,
- CAP_NET_RAW,
CAP_SYS_ADMIN,
CAP_SYS_CHROOT,
CAP_SYS_RESOURCE,
@@ -2173,17 +2172,25 @@ main(int argc, char **argv)
)) != 0) {
LogError(0, RS_RET_LIBCAPNG_ERR,
"could not update the internal posix capabilities settings "
- "based on the options passed to it, capng_updatev=%d\n", capng_rc);
- exit(-1);
+ "based on the options passed to it, capng_updatev=%d", capng_rc);
+ capng_failed = 1;
}
if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
LogError(0, RS_RET_LIBCAPNG_ERR,
- "could not transfer the specified internal posix capabilities "
- "settings to the kernel, capng_apply=%d\n", capng_rc);
- exit(-1);
+ "could not transfer the specified internal posix capabilities "
+ "settings to the kernel, capng_apply=%d", capng_rc);
+ capng_failed = 1;
+ }
+
+ if (capng_failed) {
+ DBGPRINTF("Capabilities were not dropped successfully.\n");
+ if (loadConf->globals.bAbortOnFailedLibcapngSetup) {
+ exit(RS_RET_LIBCAPNG_ERR);
+ }
+ } else {
+ DBGPRINTF("Capabilities were dropped successfully\n");
}
- DBGPRINTF("Capabilities were dropped successfully\n");
#endif
initAll(argc, argv);

145
SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
Unescape View File

@ -1,145 +0,0 @@
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-06-27 08:56:27.321174891 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-06-27 08:58:17.977481782 +0200
@@ -1557,6 +1557,88 @@ initAll(int argc, char **argv)
resetErrMsgsFlag();
localRet = rsconf.Load(&ourConf, ConfFile);
+ #ifdef ENABLE_LIBCAPNG
+ /*
+ * Drop capabilities to the necessary set
+ */
+ int capng_rc, capng_failed = 0;
+ typedef struct capabilities_s {
+ int capability; /* capability code */
+ const char *name; /* name of the capability to be displayed */
+ sbool present; /* is the capability present that is needed by rsyslog? if so we do not drop it */
+ } capabilities_t;
+
+ capabilities_t capabilities[] = {
+ #define CAP_FIELD(code) { code, #code, 0 }
+ CAP_FIELD(CAP_BLOCK_SUSPEND),
+ CAP_FIELD(CAP_CHOWN),
+ CAP_FIELD(CAP_IPC_LOCK),
+ CAP_FIELD(CAP_LEASE),
+ CAP_FIELD(CAP_NET_ADMIN),
+ CAP_FIELD(CAP_NET_BIND_SERVICE),
+ CAP_FIELD(CAP_DAC_OVERRIDE),
+ CAP_FIELD(CAP_SETGID),
+ CAP_FIELD(CAP_SETUID),
+ CAP_FIELD(CAP_SYS_ADMIN),
+ CAP_FIELD(CAP_SYS_CHROOT),
+ CAP_FIELD(CAP_SYS_RESOURCE),
+ CAP_FIELD(CAP_SYSLOG)
+ #undef CAP_FIELD
+ };
+
+ if (capng_have_capabilities(CAPNG_SELECT_CAPS) > CAPNG_NONE) {
+ /* Examine which capabilities are available to us, so we do not try to
+ drop something that is not present. We need to do this in two steps,
+ because capng_clear clears the capability set. In the second step,
+ we add back those caps, which were present before clearing the selected
+ posix capabilities set.
+ */
+ unsigned long caps_len = sizeof(capabilities) / sizeof(capabilities_t);
+ for (unsigned long i = 0; i < caps_len; i++) {
+ if (capng_have_capability(CAPNG_EFFECTIVE, capabilities[i].capability)) {
+ capabilities[i].present = 1;
+ }
+ }
+
+ capng_clear(CAPNG_SELECT_BOTH);
+
+ for (unsigned long i = 0; i < caps_len; i++) {
+ if (capabilities[i].present) {
+ DBGPRINTF("The %s capability is present, "
+ "will try to preserve it.\n", capabilities[i].name);
+ if ((capng_rc = capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+ capabilities[i].capability)) != 0) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not update the internal posix capabilities settings "
+ "based on the options passed to it, capng_update=%d", capng_rc);
+ capng_failed = 1;
+ }
+ } else {
+ DBGPRINTF("The %s capability is not present, "
+ "will not try to preserve it.\n", capabilities[i].name);
+ }
+ }
+
+ if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not transfer the specified internal posix capabilities "
+ "settings to the kernel, capng_apply=%d", capng_rc);
+ capng_failed = 1;
+ }
+
+ if (capng_failed) {
+ DBGPRINTF("Capabilities were not dropped successfully.\n");
+ if (loadConf->globals.bAbortOnFailedLibcapngSetup) {
+ ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR);
+ }
+ } else {
+ DBGPRINTF("Capabilities were dropped successfully\n");
+ }
+ } else {
+ DBGPRINTF("No capabilities to drop\n");
+ }
+#endif
+
if(fp_rs_full_conf_output != NULL) {
if(fp_rs_full_conf_output != stdout) {
fclose(fp_rs_full_conf_output);
@@ -2147,52 +2229,6 @@ main(int argc, char **argv)
bProcessInternalMessages = 1;
dbgClassInit();
-#ifdef ENABLE_LIBCAPNG
- /*
- * Drop capabilities to the necessary set
- */
- int capng_rc, capng_failed = 0;
- capng_clear(CAPNG_SELECT_BOTH);
-
- if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
- CAP_BLOCK_SUSPEND,
- CAP_CHOWN,
- CAP_IPC_LOCK,
- CAP_LEASE,
- CAP_NET_ADMIN,
- CAP_NET_BIND_SERVICE,
- CAP_DAC_OVERRIDE,
- CAP_SETGID,
- CAP_SETUID,
- CAP_SYS_ADMIN,
- CAP_SYS_CHROOT,
- CAP_SYS_RESOURCE,
- CAP_SYSLOG,
- -1
- )) != 0) {
- LogError(0, RS_RET_LIBCAPNG_ERR,
- "could not update the internal posix capabilities settings "
- "based on the options passed to it, capng_updatev=%d", capng_rc);
- capng_failed = 1;
- }
-
- if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
- LogError(0, RS_RET_LIBCAPNG_ERR,
- "could not transfer the specified internal posix capabilities "
- "settings to the kernel, capng_apply=%d", capng_rc);
- capng_failed = 1;
- }
-
- if (capng_failed) {
- DBGPRINTF("Capabilities were not dropped successfully.\n");
- if (loadConf->globals.bAbortOnFailedLibcapngSetup) {
- exit(RS_RET_LIBCAPNG_ERR);
- }
- } else {
- DBGPRINTF("Capabilities were dropped successfully\n");
- }
-#endif
-
initAll(argc, argv);
#ifdef HAVE_LIBSYSTEMD
sd_notify(0, "READY=1");

30
SOURCES/rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch
Unescape View File

@ -1,30 +0,0 @@
diff -up rsyslog-8.37.0/plugins/imptcp/imptcp.c.orig rsyslog-8.37.0/plugins/imptcp/imptcp.c
--- rsyslog-8.37.0/plugins/imptcp/imptcp.c.orig 2022-05-09 12:22:59.050623119 +0200
+++ rsyslog-8.37.0/plugins/imptcp/imptcp.c 2022-05-09 12:34:39.979854853 +0200
@@ -1032,7 +1032,10 @@ processDataRcvd(ptcpsess_t *const __rest
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ // *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->peerName, &propPeerName, &lenPeerName);
diff -up rsyslog-8.37.0/runtime/tcps_sess.c.orig rsyslog-8.37.0/runtime/tcps_sess.c
--- rsyslog-8.37.0/runtime/tcps_sess.c.orig 2022-05-09 12:23:12.789627661 +0200
+++ rsyslog-8.37.0/runtime/tcps_sess.c 2022-05-09 12:36:51.426898549 +0200
@@ -389,7 +389,10 @@ processDataRcvd(tcps_sess_t *pThis,
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ // *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->fromHost, &propPeerName, &lenPeerName);

10
SOURCES/rsyslog.conf
Unescape View File

@ -9,23 +9,23 @@
# Where to place auxiliary files
global(workDirectory="/var/lib/rsyslog")
#### MODULES ####
# Use default timestamp format
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
#### MODULES ####
module(load="imuxsock" # provides support for local system logging (e.g. via logger command)
SysSock.Use="off") # Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
module(load="imjournal" # provides access to the systemd journal
UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from
StateFile="imjournal.state") # File to store the position in the journal
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load="immark") # provides --MARK-- message capability
# Include all config files in /etc/rsyslog.d/
include(file="/etc/rsyslog.d/*.conf" mode="optional")
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load="immark") # provides --MARK-- message capability
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
#module(load="imudp") # needs to be done just once

2
SOURCES/rsyslog.log
Unescape View File

@ -7,6 +7,6 @@
missingok
sharedscripts
postrotate
/usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true
/usr/bin/systemctl reload rsyslog.service >/dev/null 2>&1 || true
endscript
}

14
SOURCES/rsyslog.service
Unescape View File

@ -1,8 +1,6 @@
[Unit]
Description=System Logging Service
;Requires=syslog.socket
Wants=network.target network-online.target
After=network.target network-online.target
Documentation=man:rsyslogd(8)
Documentation=https://www.rsyslog.com/doc/
@ -14,18 +12,6 @@ ExecReload=/usr/bin/kill -HUP $MAINPID
UMask=0066
StandardOutput=null
Restart=on-failure
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=net
NoNewPrivileges=yes
ProtectControlGroups=yes
ProtectHome=read-only
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @raw-io @reboot @swap @cpu-emulation @obsolete
LockPersonality=yes
MemoryDenyWriteExecute=yes
# Increase the default a bit in order to allow many simultaneous
# files to be monitored, we might need a lot of fds.

646
SPECS/rsyslog.spec
Unescape View File

@ -1,12 +1,44 @@
%define rsyslog_statedir %{_sharedstatedir}/rsyslog
%define rsyslog_pkidir %{_sysconfdir}/pki/rsyslog
%define rsyslog_docdir %{_docdir}/rsyslog
%define qpid_proton_v 0.39.0
# The following packages are not enabled on rhel:
# hiredis, libdbi, mongodb, rabbitmq
# The omamqp1 plugin is built differently as qpid-proton is not available on rhel
%if 0%{?rhel}
%bcond_with hiredis
%bcond_with libdbi
%bcond_with mongodb
%bcond_with rabbitmq
%bcond_with mmtaghostname
%else
%bcond_without hiredis
%bcond_without libdbi
%bcond_without mongodb
%bcond_without rabbitmq
%endif
# Add options to not build with features listed below,
# the default is to build with them.
%bcond_without clickhouse
%bcond_without imdocker
%bcond_without improg
%bcond_without gnutls
%bcond_without openssl
%bcond_without gssapi
%bcond_without omamqp1
%bcond_without rdkafka
%bcond_without relp
%bcond_without mysql
%bcond_without pgsql
%bcond_without snmp
%bcond_without udpspoof
Summary: Enhanced system logging and kernel message trapping daemon
Name: rsyslog
Version: 8.2102.0
Release: 117%{?dist}
License: (GPLv3+ and ASL 2.0)
Version: 8.2408.0
Release: 1%{?dist}
License: GPL-3.0-or-later AND Apache-2.0
URL: http://www.rsyslog.com/
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
Source1: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.tar.gz
@ -16,40 +48,7 @@ Source4: rsyslog.log
Source5: rsyslog.service
# Add qpid-proton as another source, enable omamqp1 module in a
# separatae sub-package with it statically linked(see rhbz#1713427)
Source6: qpid-proton-0.39.0.tar.gz
Patch0: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
Patch2: rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
Patch3: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
Patch4: rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
Patch6: rsyslog-8.2102.0-rhbz1938863-covscan.patch
Patch7: rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
Patch8: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch
Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch
Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch
Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
Patch13: rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch
Patch14: rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch
Patch15: rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch
Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch
Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch
Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch
Patch19: rsyslog-8.2102.0-capabilities-capnetraw.patch
Patch20: rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
Patch21: rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
Patch22: rsyslog-8.2102.0-rhbz2192955-es-0.patch
Patch23: rsyslog-8.2102.0-rhbz2192955-es-1.patch
Patch24: rsyslog-8.2102.0-rhbz2192955-es-2.patch
Patch25: rsyslog-8.2102.0-rhbz2192955-es-3.patch
Patch26: rsyslog-8.2102.0-rhbz2192955-es-4.patch
Patch27: rsyslog-8.2102.0-rhbz2192955-es-5.patch
Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch
Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch
Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch
Source6: https://archive.apache.org/dist/qpid/proton/%{qpid_proton_v}/qpid-proton-%{qpid_proton_v}.tar.gz
BuildRequires: make
BuildRequires: gcc
@ -58,7 +57,6 @@ BuildRequires: automake
BuildRequires: bison
BuildRequires: dos2unix
BuildRequires: flex
BuildRequires: libgcrypt-devel
BuildRequires: libfastjson-devel >= 0.99.8
BuildRequires: libestr-devel >= 0.1.9
BuildRequires: libtool
@ -67,23 +65,21 @@ BuildRequires: pkgconfig
BuildRequires: python3-docutils
# make sure systemd is in a version that isn't affected by rhbz#974132
BuildRequires: systemd-devel >= 204-8
BuildRequires: systemd-rpm-macros
BuildRequires: zlib-devel
BuildRequires: libcap-ng-devel
Conflicts: selinux-policy < 38.1.3-1
Patch0: disable-openssl-engine.patch
Recommends: %{name}-logrotate = %version-%release
Recommends: logrotate
Obsoletes: rsyslog-logrotate < 8.2310.0-2
Provides: rsyslog-logrotate = %{version}-%{release}
Requires: bash >= 2.0
%{?systemd_ordering}
Provides: syslog
Obsoletes: sysklogd < 1.5-11
%package logrotate
Summary: Log rotation for rsyslog
Requires: %name = %version-%release
Requires: logrotate >= 3.5.2
%package crypto
Summary: Encryption support
Requires: %name = %version-%release
@ -97,10 +93,6 @@ Summary: ElasticSearch output module for rsyslog
Requires: %name = %version-%release
BuildRequires: libcurl-devel
%package mmfields
Summary: Fields extraction module
Requires: %name = %version-%release
%package mmjsonparse
Summary: JSON enhanced logging support
Requires: %name = %version-%release
@ -114,52 +106,81 @@ BuildRequires: libestr-devel liblognorm-devel >= 1.0.2
Summary: Message modification module supporting Linux audit format
Requires: %name = %version-%release
%package mmfields
Summary: Fields extraction module
Requires: %name = %version-%release
%if %{with mmtaghostname}
%package mmtaghostname
Summary: Message modification module supporting adding tags
Requires: %name = %version-%release
%endif
%if %{with snmp}
%package mmsnmptrapd
Summary: Message modification module for snmptrapd generated messages
Requires: %name = %version-%release
%endif
%if %{with mysql}
%package mysql
Summary: MySQL support for rsyslog
Requires: %name = %version-%release
BuildRequires: mariadb-connector-c-devel
%endif
%if %{with pgsql}
%package pgsql
Summary: PostgresSQL support for rsyslog
Requires: %name = %version-%release
BuildRequires: libpq-devel
%endif
%if %{with gssapi}
%package gssapi
Summary: GSSAPI authentication and encryption support for rsyslog
Requires: %name = %version-%release
BuildRequires: krb5-devel
%endif
%if %{with relp}
%package relp
Summary: RELP protocol support for rsyslog
Requires: %name = %version-%release
Requires: librelp >= 1.9.0
BuildRequires: librelp-devel >= 1.9.0
BuildRequires: librelp-devel >= 1.2.16
%endif
%if %{with gnutls}
%package gnutls
Summary: TLS protocol support for rsyslog via GnuTLS library
Requires: %name = %version-%release
BuildRequires: gnutls-devel
%endif
%if %{with openssl}
%package openssl
Summary: TLS protocol support for rsyslog via OpenSSL library
Group: System Environment/Daemons
Requires: %name = %version-%release
Requires: openssl-libs
BuildRequires: openssl-devel
%endif
%if %{with snmp}
%package snmp
Summary: SNMP protocol support for rsyslog
Requires: %name = %version-%release
BuildRequires: net-snmp-devel
%endif
%if %{with udpspoof}
%package udpspoof
Summary: Provides the omudpspoof module
Requires: %name = %version-%release
BuildRequires: libnet-devel
%endif
%if %{with omamqp1}
%package omamqp1
Summary: Provides the omamqp1 module
Requires: %name = %version-%release
@ -172,17 +193,49 @@ BuildRequires: gcc-c++
BuildRequires: cyrus-sasl-devel
BuildRequires: openssl-devel
BuildRequires: python3
%endif
%if %{with rdkafka}
%package kafka
Summary: Provides the omkafka module
Requires: %name = %version-%release
BuildRequires: librdkafka-devel
%endif
%package mmkubernetes
Summary: Provides the mmkubernetes module
Requires: %name = %version-%release
BuildRequires: libcurl-devel
%if %{with hiredis}
%package hiredis
Summary: Redis support for rsyslog
Requires: %name = %version-%release
BuildRequires: hiredis-devel
%endif
%if %{with libdbi}
%package libdbi
Summary: Libdbi database support for rsyslog
Requires: %name = %version-%release
BuildRequires: libdbi-devel
%endif
%if %{with mongodb}
%package mongodb
Summary: MongoDB support for rsyslog
Requires: %name = %version-%release
BuildRequires: mongo-c-driver-devel snappy-devel cyrus-sasl-devel
%endif
%if %{with rabbitmq}
%package rabbitmq
Summary: RabbitMQ support for rsyslog
Requires: %name = %version-%release
BuildRequires: librabbitmq-devel >= 0.2
%endif
%description
Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,
syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,
@ -191,9 +244,6 @@ and can be used as a drop-in replacement. Rsyslog is simple to set up, with
advanced features suitable for enterprise-class, encryption-protected syslog
relay chains.
%description logrotate
This subpackage contains the default logrotate configuration for rsyslog.
%description crypto
This package contains a module providing log file encryption and a
command line tool to process encrypted logs.
@ -216,126 +266,143 @@ This module provides the capability to normalize log messages via liblognorm.
This module provides message modification supporting Linux audit format
in various settings.
%description mmsnmptrapd
This message modification module takes messages generated from snmptrapd and
modifies them so that they look like they originated from the read originator.
%description mmfields
The mmfield module permits to extract fields. Using this module is of special
advantage if a field-based log format is to be processed, like for example CEF
and either a large number of fields is needed or a specific field is used multiple
times inside filters.
%if %{with mmtaghostname}
%description mmtaghostname
This module provides message modification for changing or adding the host name.
%endif
%if %{with snmp}
%description mmsnmptrapd
This message modification module takes messages generated from snmptrapd and
modifies them so that they look like they originated from the read originator.
%endif
%if %{with mysql}
%description mysql
The rsyslog-mysql package contains a dynamic shared object that will add
MySQL database support to rsyslog.
%endif
%if %{with pgsql}
%description pgsql
The rsyslog-pgsql package contains a dynamic shared object that will add
PostgreSQL database support to rsyslog.
%endif
%if %{with gssapi}
%description gssapi
The rsyslog-gssapi package contains the rsyslog plugins which support GSSAPI
authentication and secure connections. GSSAPI is commonly used for Kerberos
authentication.
%endif
%if %{with relp}
%description relp
The rsyslog-relp package contains the rsyslog plugins that provide
the ability to receive syslog messages via the reliable RELP
protocol.
%endif
%if %{with gnutls}
%description gnutls
The rsyslog-gnutls package contains the rsyslog plugins that provide the
ability to send and receive syslog messages via upcoming syslog-transport-tls
IETF standard protocol.
ability to send and receive syslog messages via TCP or RELP using TLS
encryption via GnuTLS library. For details refer to rsyslog doc on imtcp
and omfwd modules.
%endif
%if %{with openssl}
%description openssl
The rsyslog-openssl package contains the rsyslog plugins that provide the
ability to send and receive syslog messages via TCP or RELP using TLS
encryption via OpenSSL library. For details refer to rsyslog doc on imtcp
and omfwd modules.
%endif
%if %{with snmp}
%description snmp
The rsyslog-snmp package contains the rsyslog plugin that provides the
ability to send syslog messages as SNMPv1 and SNMPv2c traps.
%endif
%if %{with udpspoof}
%description udpspoof
This module is similar to the regular UDP forwarder, but permits to
spoof the sender address. Also, it enables to circle through a number
of source ports.
%endif
%if %{with omamqp1}
%description omamqp1
The omamqp1 output module can be used to send log messages via an AMQP
1.0-compatible messaging bus.
%endif
%if %{with rdkafka}
%description kafka
The rsyslog-kafka package provides module for Apache Kafka output.
%endif
%description mmkubernetes
The rsyslog-mmkubernetes package provides module for adding kubernetes
container metadata.
%if %{with hiredis}
%description hiredis
This module provides output to Redis.
%endif
%if %{with libdbi}
%description libdbi
This module supports a large number of database systems via
libdbi. Libdbi abstracts the database layer and provides drivers for
many systems. Drivers are available via the libdbi-drivers project.
%endif
%if %{with mongodb}
%description mongodb
The rsyslog-mongodb package contains a dynamic shared object that will add
MongoDB database support to rsyslog.
%endif
%if %{with rabbitmq}
%description rabbitmq
This module allows rsyslog to send messages to a RabbitMQ server.
%endif
%prep
# set up rsyslog-doc sources
%setup -q -a 1 -T -c
%patch0 -p1
rm -r LICENSE README.md source build/objects.inv
mv build doc
# set up rsyslog sources
%setup -q -D
# Unpack qpid-proton for rhel
%setup -q -D -T -b 6
%patch1 -p1 -b .default-tag
%patch2 -p1 -b .fd-leak-on-fsync
%patch3 -p1 -b .timeout
%patch4 -p1 -b .imuxsock-rate-limit
%patch5 -p1 -b .abort-on-id-resolution-fail
%patch6 -p1 -b .covscan
%patch7 -p1 -b .prioritize-SAN
%patch8 -p1 -b .errfile-maxsize
%patch10 -p1 -b .statefile-fix
%patch11 -p1
%patch12 -p1 -b .gnutls-broken-connection
%patch13 -p1 -b .CVE
%patch14 -p1 -b .extra-ca-files
%patch15 -p1 -b .extra-ca-files-doc
%patch16 -p1 -b .libcap-ng
%patch17 -p1 -b .imklog-leak
%patch18 -p1 -b .capabilities-drop-credential
%patch19 -p1 -b .capabilities-capnetraw
%patch20 -p1 -b .cstrlen
%patch21 -p1 -b .journalCOMM
%patch22 -p1 -b .es0
%patch23 -p1 -b .es1
%patch24 -p1 -b .es2
%patch25 -p1 -b .es3
%patch26 -p1 -b .es4
%patch27 -p1 -b .es5
%patch28 -p1 -b .es6
%patch29 -p1 -b .es-doc
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch -P 0 -p1
%build
# Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags
%ifarch aarch64
export CFLAGS="$RPM_OPT_FLAGS -mbranch-protection=standard"
%else
export CFLAGS="$RPM_OPT_FLAGS -fcf-protection=full"
%if %{with omamqp1}
# Unpack qpid-proton
%setup -q -D -T -b 6
%endif
%build
%ifarch sparc64
#sparc64 need big PIC
export CFLAGS="$RPM_OPT_FLAGS -fPIC"
%else
export CFLAGS="$RPM_OPT_FLAGS -fpic"
%endif
%if %{with omamqp1}
# build the proton first
(
cd %{_builddir}/qpid-proton-0.39.0
cd %{_builddir}/qpid-proton-%{qpid_proton_v}
mkdir bld
cd bld
@ -351,6 +418,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
-DCMAKE_AR="/usr/bin/gcc-ar" -DCMAKE_NM="/usr/bin/gcc-nm" -DCMAKE_RANLIB="/usr/bin/gcc-ranlib"
make -j8
)
%endif
%ifarch sparc64
#sparc64 need big PIE
@ -360,52 +428,106 @@ export CFLAGS="$RPM_OPT_FLAGS -fpie"
%endif
export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
%if %{with hiredis}
# the hiredis-devel package doesn't provide a pkg-config file
export HIREDIS_CFLAGS=-I/usr/include/hiredis
export HIREDIS_LIBS="-L%{_libdir} -lhiredis"
%endif
sed -i 's/%{version}/%{version}-%{release}/g' configure.ac
autoreconf -if
%configure \
--prefix=/usr \
--disable-static \
--disable-testbench \
--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.39.0/bld/c/include" \
%if %{with clickhouse}
--enable-clickhouse \
%endif
%if %{with imdocker}
--enable-imdocker \
%endif
%if %{with improg}
--enable-improg \
%endif
--enable-libcap-ng \
%if %{with libdbi}
--enable-libdbi \
%endif
%if %{with hiredis}
--enable-omhiredis \
%endif
%if %{with mongodb}
--enable-ommongodb \
%endif
%if %{with rabbitmq}
--enable-omrabbitmq \
%endif
%if %{with omamqp1}
--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-%{qpid_proton_v}/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-%{qpid_proton_v}/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-%{qpid_proton_v}/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-%{qpid_proton_v}/bld/c/include" \
%endif
--enable-elasticsearch \
--enable-generate-man-pages \
%if %{with gnutls}
--enable-gnutls \
%endif
%if %{with openssl}
--enable-openssl \
%endif
%if %{with gssapi}
--enable-gssapi-krb5 \
%endif
--enable-imfile \
--enable-imjournal \
%if %{with rdkafka}
--enable-imkafka \
--enable-omkafka \
%endif
--enable-impstats \
--enable-imptcp \
--enable-libcap-ng \
--enable-mail \
--enable-mmanon \
--enable-mmaudit \
--enable-mmcount \
--enable-mmfields \
--enable-mmkubernetes \
--enable-mmjsonparse \
--enable-mmnormalize \
--enable-mmfields \
%if %{with mmtaghostname}
--enable-mmtaghostname \
%endif
%if %{with snmp}
--enable-mmsnmptrapd \
%endif
--enable-mmutf8fix \
%if %{with mysql}
--enable-mysql \
%endif
--enable-omhttp \
--enable-omjournal \
--enable-omprog \
--enable-omstdout \
%if %{with udpspoof}
--enable-omudpspoof \
%endif
--enable-omuxsock \
%if %{with pgsql}
--enable-pgsql \
%endif
--enable-pmaixforwardedfrom \
--enable-pmcisconames \
--enable-pmlastmsg \
--enable-pmsnare \
%if %{with relp}
--enable-relp \
%endif
%if %{with snmp}
--enable-snmp \
%endif
--enable-unlimited-select \
--enable-usertools \
--enable-omkafka
--disable-libgcrypt \
--enable-openssl_crypto_provider
make V=1
@ -427,8 +549,15 @@ install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rsyslog.conf
install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog
install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/rsyslog
install -p -m 644 %{SOURCE5} %{buildroot}%{_unitdir}/rsyslog.service
%if %{with mysql}
install -p -m 644 plugins/ommysql/createDB.sql %{buildroot}%{rsyslog_docdir}/mysql-createDB.sql
%endif
%if %{with pgsql}
install -p -m 644 plugins/ompgsql/createDB.sql %{buildroot}%{rsyslog_docdir}/pgsql-createDB.sql
%endif
dos2unix tools/recover_qi.pl
install -p -m 644 tools/recover_qi.pl %{buildroot}%{rsyslog_docdir}/recover_qi.pl
install -p -m 644 contrib/mmkubernetes/*.rulebase %{buildroot}%{rsyslog_docdir}
@ -460,8 +589,12 @@ done
%doc AUTHORS ChangeLog README.md
%{rsyslog_docdir}
%exclude %{rsyslog_docdir}/html
%if %{with mysql}
%exclude %{rsyslog_docdir}/mysql-createDB.sql
%endif
%if %{with pgsql}
%exclude %{rsyslog_docdir}/pgsql-createDB.sql
%endif
%dir %{_libdir}/rsyslog
%dir %{_sysconfdir}/rsyslog.d
%dir %{rsyslog_statedir}
@ -472,6 +605,7 @@ done
%{_unitdir}/rsyslog.service
%config(noreplace) %{_sysconfdir}/rsyslog.conf
%config(noreplace) %{_sysconfdir}/sysconfig/rsyslog
%config(noreplace) %{_sysconfdir}/logrotate.d/rsyslog
# plugins
%{_libdir}/rsyslog/fmhash.so
%{_libdir}/rsyslog/fmhttp.so
@ -506,14 +640,20 @@ done
%{_libdir}/rsyslog/pmcisconames.so
%{_libdir}/rsyslog/pmlastmsg.so
%{_libdir}/rsyslog/pmsnare.so
%files logrotate
%config(noreplace) %{_sysconfdir}/logrotate.d/rsyslog
%if %{with imdocker}
%{_libdir}/rsyslog/imdocker.so
%endif
%if %{with improg}
%{_libdir}/rsyslog/improg.so
%endif
%if %{with clickhouse}
%{_libdir}/rsyslog/omclickhouse.so
%endif
%files crypto
%{_bindir}/rscryutil
%{_mandir}/man1/rscryutil.1.gz
%{_libdir}/rsyslog/lmcry_gcry.so
%{_libdir}/rsyslog/lmcry_ossl.so
%files doc
%doc %{rsyslog_docdir}/html
@ -524,194 +664,216 @@ done
%files mmaudit
%{_libdir}/rsyslog/mmaudit.so
%files mmfields
%{_libdir}/rsyslog/mmfields.so
%files mmjsonparse
%{_libdir}/rsyslog/mmjsonparse.so
%files mmnormalize
%{_libdir}/rsyslog/mmnormalize.so
%files mmfields
%{_libdir}/rsyslog/mmfields.so
%if %{with mmtaghostname}
%files mmtaghostname
%{_libdir}/rsyslog/mmtaghostname.so
%endif
%if %{with snmp}
%files mmsnmptrapd
%{_libdir}/rsyslog/mmsnmptrapd.so
%endif
%if %{with mysql}
%files mysql
%doc %{rsyslog_docdir}/mysql-createDB.sql
%{_libdir}/rsyslog/ommysql.so
%endif
%if %{with pgsql}
%files pgsql
%doc %{rsyslog_docdir}/pgsql-createDB.sql
%{_libdir}/rsyslog/ompgsql.so
%endif
%if %{with gssapi}
%files gssapi
%{_libdir}/rsyslog/lmgssutil.so
%{_libdir}/rsyslog/imgssapi.so
%{_libdir}/rsyslog/omgssapi.so
%endif
%if %{with relp}
%files relp
%{_libdir}/rsyslog/imrelp.so
%{_libdir}/rsyslog/omrelp.so
%endif
%if %{with gnutls}
%files gnutls
%{_libdir}/rsyslog/lmnsd_gtls.so
%endif
%if %{with openssl}
%files openssl
%{_libdir}/rsyslog/lmnsd_ossl.so
%endif
%if %{with snmp}
%files snmp
%{_libdir}/rsyslog/omsnmp.so
%endif
%if %{with udpspoof}
%files udpspoof
%{_libdir}/rsyslog/omudpspoof.so
%endif
%if %{with omamqp1}
%files omamqp1
%{_libdir}/rsyslog/omamqp1.so
%endif
%if %{with rdkafka}
%files kafka
%{_libdir}/rsyslog/imkafka.so
%{_libdir}/rsyslog/omkafka.so
%endif
%files mmkubernetes
%{_libdir}/rsyslog/mmkubernetes.so
%doc %{rsyslog_docdir}/k8s_filename.rulebase
%doc %{rsyslog_docdir}/k8s_container_name.rulebase
%if %{with hiredis}
%files hiredis
%{_libdir}/rsyslog/omhiredis.so
%endif
%if %{with libdbi}
%files libdbi
%{_libdir}/rsyslog/omlibdbi.so
%endif
%if %{with mongodb}
%files mongodb
%{_bindir}/logctl
%{_libdir}/rsyslog/ommongodb.so
%endif
%if %{with rabbitmq}
%files rabbitmq
%{_libdir}/rsyslog/omrabbitmq.so
%endif
%changelog
* Fri Jul 28 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-117
- Add back CAP_NET_RAW capability due to omudpspoof
resolves: rhbz#2216919
* Tue Jun 27 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-116
- libcapng: do not try to drop capabilities that are not present
- add global libcapng.default to not abort when libcapng fails
resolves: rhbz#2216919
* Mon May 22 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-115
- omelasticsearch: make compatible with elasticsearch>=8
- add new action specific parameter esversion.major
resolves: rhbz#2209017
* Fri May 19 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-114
- Fix wrong type conversion in cstrLen()
resolves: rhbz#2157805
- imjournal: by default retrieves _PID from journal as PID number
resolves: rhbz#2176397
- Systemd service file hardening
resolves: rhbz#2176403
- rsyslog.conf: load imuxsock and imjournal before loading rsyslog.d
resolves: rhbz#2165899
- rsyslog is now started after the network service during boot
resolves: rhbz#2074318
- imjournal: add second fallback to the message identifier
resolves: rhbv#2129015
* Tue Mar 07 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-113
- Do not allow having selinux-policy < 38.1.3-1
resolves: rhbz#2176386
* Mon Mar 06 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-112
- Add CAP_NET_RAW for initializing the libnet library for udpspoof
resolves: rhbz#2176387
* Wed Feb 22 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-111
- Rebuild
resolves: rhbz#2169748
resolves: rhbz#2158659
* Fri Feb 17 2023 Attila Lakatos <alakatos@redhat.com> -8.2102.0-110
- Do not preserve capabilities when changing credentials
resolves: rhbz#2169748
- Remove unnecessary capability CAP_PERFMON
- Add CAP_DAC_OVERRIDE to bypass file read and write permission checks
resolves: rhbz#2158659
* Mon Jan 09 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-109
- Make rsyslog-relp require librelp>= 1.9.0
resolves: rhbz#2124440
- Reorder logrotate parameters to work with POSIXLY_CORRECT env var
resolves: rhbz#2124488
* Fri Jan 06 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-108
- Fix invalid memory adressing in imklog that could case abort
resolves: rhbz#2157659
* Mon Nov 21 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-107
- Drop capabilities to only the neccessary set with libcap-ng
resolves: rhbz#2127404
* Tue Sep 06 2022 Sergio Arroutbi <sarroutb@redhat.com> - 8.2102.0-106
- Enable multiple SSL CA files
resolves: rhbz#2124849
* Mon May 09 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-105
- Address CVE-2022-24903, Heap-based overflow in TCP syslog server
resolves: rhbz#2081403
* Tue Apr 19 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-104
- Do not save patched doc files
resolves: rhbz#2069664
* Tue Apr 05 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-103
- Add deleteStateOnFileMove imfile module option
resolves: rhbz#2069664
- Add inotify_rm_watch() inotify API call when object needs to be destroyed
resolves: rhbz#2070528
- Fix error handling in gtlsRecordRecv, which can cause full CPU usage
* Fri Mar 11 2022 Sergio Arroutbi <sarroutb@redhat.com> - 8.2102.0-102
- Add action.errorfile.maxsize parameter
resolves: rhbz#2064318
* Wed Jan 19 2022 Sergio Arroutbi <sarroutb@redhat.com> - 8.2102.0-101
- Prioritize SAN
resolves: rhbz#2021076
* Mon Jan 17 2022 Sergio Arroutbi <sarroutb@redhat.com> - 8.2102.0-100
- Enable mmfields module
resolves: rhbz#2027971
* Tue Oct 26 2021 Davide Cavalca <dcavalca@centosproject.org> - 8.2102.0-10
* Wed Aug 21 2024 Attila Lakatos <alakatos@redhat.com> - 8.2408.0-1
- Rebase to 8.2408.0
- Remove dependency on libgcrypt
- Introduce new ossl crypto provider, replacement for gcry
Resolves: RHEL-22023
* Mon Aug 05 2024 Attila Lakatos <alakatos@redhat.com> - 8.2312.0-3
- Remove mmtaghostname subpackage
- Do not build with openssl engine support
resolves: RHEL-52863
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 8.2312.0-2
- Bump release for June 2024 mass rebuild
* Mon Feb 12 2024 Attila Lakatos <alakatos@redhat.com> - 8.2312.0-1
- Rebase to 8.2312.0
resolves: rhbz#2232275
* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 8.2310.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 8.2310.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 04 2024 Attila Lakatos <alakatos@redhat.com> - 8.2310.0-2
- Move rsyslog related logrotate config to the base package
resolves: rhbz#2242243
* Fri Aug 25 2023 Attila Lakatos <alakatos@redhat.com> - 8.2310.0-1
- Rebase to 8.2310.0
resolves: rhbz#2232275
* Wed Aug 16 2023 Stewart Smith <trawets@amazon.com> - 8.2306.0-4
- Add mmtaghostname module as a subpackage
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.2306.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jul 15 2023 Yaroslav Fedevych <yaroslav@fedevych.name> - 8.2306.0-2
- Specify qpid-proton's source as full URL to fix isolated builds
* Wed Jun 21 2023 Attila Lakatos <alakatos@redhat.com> - 8.2306.0-1
- rebase to 8.2306.0
resolves: rhbz#2151339
resolves: rhbz#2151092
* Wed May 10 2023 Todd Zullinger <tmz@pobox.com> - 8.2210.0-5
- Use 'systemctl reload' in logrotate script
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.2210.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Jan 17 2023 Attila Lakatos <alakatos@redhat.com> - 8.2210.0-3
- Remove CAP_PERFMON from the capability set
- Add CAP_DAC_OVERRIDE to the capability set
* Fri Dec 16 2022 Attila Lakatos <alakatos@redhat.com> - 8.2210.0-2
- Move all if rhel feature conditions to bcond
- Move to bcond: rdkafka, relp, mysql, pgsql, gssapi, gnutls, udpspoof, omamqp1
- Move to bcond: clickhouse, imdocker, improg
* Wed Nov 09 2022 Attila Lakatos <alakatos@redhat.com> - 8.2210.0-1
- rebase to 8.2210.0
resolves: rhbz#2097173
- Drop capabilities to the necessary set via libcap-ng
resolves: rhbz#2127403
* Wed Jul 27 2022 Attila Lakatos <alakatos@redhat.com> - 8.2204.0-3
- Restore default omfile template
resolves: rhbz#2088618
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.2204.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon May 09 2022 Attila Lakatos <alakatos@redhat.com> - 8.2204.0-1
- rebase to 8.2204.0
resolves: rhbz#1951970
- CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
resolves: rhbz#2082302
* Mon Jan 24 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-10
- Rebuild package with bundled qpid-proton
resolves: rhbz#2042940
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.2102.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Oct 06 2021 Davide Cavalca <dcavalca@fedoraproject.org> - 8.2102.0-8
- Split out logrotate config and dependency into a subpackage
resolves: rhbz#1992155
resolves: rhbz#1992153
* Fri Aug 27 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-9
- Add required flags for branch protection
- Add missing tests folder
- Resolve issues detected by covscan
resolves: rhbz#1938863
* Wed Sep 15 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-7
- Enable mmfields plugin
* Mon Aug 23 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-8
- Resolve issues detected by covscan
resolves: rhbz#1938863
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 8.2102.0-6
- Rebuilt with OpenSSL 3.0.0
* Wed Aug 18 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-7
* Wed Aug 25 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-5
- Enable openssl
resolves: rhbz#1972058
- Close dir when fsync=on
resolves: rhbz#1972069
- Do not exit when user/group can not be found
resolves: rhbz#1990868
- Remove abortOnIDResolution fail
- Always use message severity when comparing with ratelimit severity
resolves: rhbz#1990869
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 8.2102.0-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 8.2102.0-5
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Mon May 31 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-4
- Spec file clean up
- Port to OpenSSL 3.0
resolves: rhbz#1964823
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 8.2102.0-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
- Do not set default template for omfile
resolves: rhbz#1985195
* Tue Jul 27 2021 Pavel Raiskup <praiskup@redhat.com> - 8.2102.0-4
- reorder the rsyslog.conf to simplify the rsyslog.d configuration (#1985202)
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 8.2102.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Mar 17 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-2
- Remove rsyslog-recover-qi.pl from bindir, so it does not add dep on /usr/bin/perl
@ -722,6 +884,10 @@ done
resolves: rhbz#1905363
- enable additional plugins: imkafka, mmutf8fix
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 8.2010.0-4
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 8.2010.0-3
- rebuild for libpq ABI fix rhbz#1908268

Write Preview
Loading…
Cancel
Save