From 02c9ca947b17abd7b46355dd616f164498464695 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 9 Nov 2021 04:50:05 -0500 Subject: [PATCH] import rsyslog-8.2102.0-5.el8 --- .gitignore | 6 +- .rsyslog.metadata | 6 +- ...1.0-rhbz1659383-config-enabled-error.patch | 123 --------------- ...1911.0-rhbz1763757-imfile-statefiles.patch | 142 ------------------ ...-rhbz1782353-deny-expired-by-default.patch | 58 ------- ...1.0-rhbz1789675-serialize-crash-race.patch | 33 ---- ...-8.1911.0-rhbz1793569-imfile-file_id.patch | 37 ----- ...1843994-imfile-selinux-symlink-crash.patch | 24 --- ...log-8.1911.0-rhbz1944756-large-group.patch | 49 ------ SOURCES/rsyslog-8.1911.0-service.patch | 21 --- ...2102.0-rhbz1866877-unexpected-length.patch | 14 ++ ...0-rhbz1886400-reduce-default-timeout.patch | 21 +++ ...8.2102.0-rhbz1960536-fdleak-on-fsync.patch | 20 +++ ...9-remove-abort-on-id-resolution-fail.patch | 102 +++++++++++++ ...102.0-rhbz1984616-imuxsock-ratelimit.patch | 26 ++++ SOURCES/rsyslog.service | 23 +++ SPECS/rsyslog.spec | 101 +++++++++---- 17 files changed, 282 insertions(+), 524 deletions(-) delete mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch delete mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch delete mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch delete mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch delete mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch delete mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch delete mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1944756-large-group.patch delete mode 100644 SOURCES/rsyslog-8.1911.0-service.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch create mode 100644 SOURCES/rsyslog.service diff --git a/.gitignore b/.gitignore index ad4a527..8a200b6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/qpid-proton-0.31.0.tar.gz -SOURCES/rsyslog-8.1911.0.tar.gz -SOURCES/rsyslog-doc-8.1911.0.tar.gz +SOURCES/qpid-proton-0.34.0.tar.gz +SOURCES/rsyslog-8.2102.0.tar.gz +SOURCES/rsyslog-doc-8.2102.0.tar.gz diff --git a/.rsyslog.metadata b/.rsyslog.metadata index 1e19d69..e0fc0e7 100644 --- a/.rsyslog.metadata +++ b/.rsyslog.metadata @@ -1,3 +1,3 @@ -8714235747ec8947648448eecda57e97d3a733ce SOURCES/qpid-proton-0.31.0.tar.gz -30dfc2b99d73598788e2bd0d0ac45e16e7c3a3d5 SOURCES/rsyslog-8.1911.0.tar.gz -8bcb23571ab8011b712ccf52acee20f8940b7f03 SOURCES/rsyslog-doc-8.1911.0.tar.gz +390e5cb87a6331cf0ce451d7f6552e2c0d97f706 SOURCES/qpid-proton-0.34.0.tar.gz +fdda78ed808e7a0dca03ead9227a0a5d913a050f SOURCES/rsyslog-8.2102.0.tar.gz +9c2188d435cb5f79c1c35749003bd2a61e7f2d07 SOURCES/rsyslog-doc-8.2102.0.tar.gz diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch b/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch deleted file mode 100644 index 145378b..0000000 --- a/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch +++ /dev/null @@ -1,123 +0,0 @@ -From ba5b68be84888b24918dd019b87ed9f62d7fa988 Mon Sep 17 00:00:00 2001 -From: Jiri Vymazal -Date: Tue, 11 Feb 2020 13:46:23 +0100 -Subject: [PATCH] Fixed processing of 'cofig.enabled' directive - -Previously the directive was processed way too late which caused -false errors whenever it was set to 'off' and possibly other -problems. ---- - grammar/rainerscript.c | 43+++++++++++++++++++++++---------------- - grammar/rainerscript.h | 1 + - runtime/rsconf.c | 10 +++++++++ - 3 files changed, 38 insertions(+), 18 deletions(-) - -diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c -index 8f14bbe319..4398e6011a 100644 ---- a/grammar/rainerscript.c -+++ b/grammar/rainerscript.c -@@ -699,6 +699,22 @@ nvlstFindNameCStr(struct nvlst *lst, const char *const __restrict__ name) - return lst; - } - -+/* check if the nvlst is disabled, and mark config.enabled directive -+ * as used if it is not. Returns 1 if block is disabled, 0 otherwise. -+ */ -+int nvlstChkDisabled(struct nvlst *lst) -+{ -+ struct nvlst *valnode; -+ -+ if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) { -+ lst->bUsed = 1; -+ if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) { -+ return 1; -+ } -+ } -+ return 0; -+} -+ - - /* check if there are duplicate names inside a nvlst and emit - * an error message, if so. -@@ -1207,21 +1224,6 @@ nvlstGetParams(struct nvlst *lst, struct cnfparamblk *params, - } - } - -- /* now config-system parameters (currently a bit hackish, as we -- * only have one...). -- rgerhards, 2018-01-24 -- */ -- if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) { -- if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) { -- dbgprintf("config object disabled by configuration\n"); -- /* flag all params as used to not emit error mssages */ -- bInError = 1; -- struct nvlst *val; -- for(val = lst; val != NULL ; val = val->next) { -- val->bUsed = 1; -- } -- } -- } -- - /* done parameter processing */ - if(bInError) { - if(bValsWasNULL) -@@ -4418,8 +4418,13 @@ cnfstmtNewAct(struct nvlst *lst) - struct cnfstmt* cnfstmt; - char namebuf[256]; - rsRetVal localRet; -- if((cnfstmt = cnfstmtNew(S_ACT)) == NULL) -+ if((cnfstmt = cnfstmtNew(S_ACT)) == NULL) { - goto done; -+ } -+ if (nvlstChkDisabled(lst)) { -+ dbgprintf("action disabled by configuration\n"); -+ cnfstmt->nodetype = S_NOP; -+ } - localRet = actionNewInst(lst, &cnfstmt->d.act); - if(localRet == RS_RET_OK_WARN) { - parser_errmsg("warnings occured in file '%s' around line %d", -@@ -5284,6 +5289,11 @@ includeProcessCnf(struct nvlst *const lst) - goto done; - } - -+ if (nvlstChkDisabled(lst)) { -+ DBGPRINTF("include statement disabled\n"); -+ goto done; -+ } -+ - pvals = nvlstGetParams(lst, &incpblk, NULL); - if(pvals == NULL) { - goto done; -diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h -index bfa8ee6cb9..0f8128861b 100644 ---- a/grammar/rainerscript.h -+++ b/grammar/rainerscript.h -@@ -340,6 +340,7 @@ void nvlstDestruct(struct nvlst *lst); - void nvlstPrint(struct nvlst *lst); - void nvlstChkUnused(struct nvlst *lst); - struct nvlst* nvlstFindName(struct nvlst *lst, es_str_t *name); -+int nvlstChkDisabled(struct nvlst *lst); - struct cnfobj* cnfobjNew(enum cnfobjType objType, struct nvlst *lst); - void cnfobjDestruct(struct cnfobj *o); - void cnfobjPrint(struct cnfobj *o); -diff --git a/runtime/rsconf.c b/runtime/rsconf.c -index fc0863a738..303e06365b 100644 ---- a/runtime/rsconf.c -+++ b/runtime/rsconf.c -@@ -438,6 +438,16 @@ cnfDoObj(struct cnfobj *const o) - - dbgprintf("cnf:global:obj: "); - cnfobjPrint(o); -+ -+ /* We need to check for object disabling as early as here to cover most -+ * of them at once and avoid needless initializations -+ * - jvymazal 2020-02-12 -+ */ -+ if (nvlstChkDisabled(o->nvlst)) { -+ dbgprintf("object disabled by configuration\n"); -+ return; -+ } -+ - switch(o->objType) { - case CNFOBJ_GLOBAL: - glblProcessCnf(o); diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch b/SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch deleted file mode 100644 index 6e18e63..0000000 --- a/SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch +++ /dev/null @@ -1,142 +0,0 @@ -From ac30968b7858d4ca3743d2b4d296eca543864fe2 Mon Sep 17 00:00:00 2001 -From: Jiri Vymazal -Date: Fri, 22 Nov 2019 14:25:59 +0100 -Subject: [PATCH] Thorougher state-file renaming and cleaning - -Now checking if file-id changes and reanming - cleaning state file -accordingly and always checking and cleaning old inode-only style -state files. ---- - plugins/imfile/imfile.c | 66 +++++++++++++++++++++++++++-------------- - 1 file changed, 43 insertions(+), 23 deletions(-) - -diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c -index d9bf0fbb6d..9db2b47ac9 100644 ---- a/plugins/imfile/imfile.c -+++ b/plugins/imfile/imfile.c -@@ -182,6 +182,7 @@ struct act_obj_s { - time_t timeoutBase; /* what time to calculate the timeout against? */ - /* file dynamic data */ - char file_id[FILE_ID_HASH_SIZE]; /* file id for this entry, once we could obtain it */ -+ char file_id_prev[FILE_ID_HASH_SIZE]; /* previous file id for this entry, set if changed */ - int in_move; /* workaround for inotify move: if set, state file must not be deleted */ - ino_t ino; /* current inode nbr */ - int fd; /* fd to file in order to obtain file_id (needs to be preserved across move) */ -@@ -711,7 +712,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file, - if (is_file) { - LogError(errno, RS_RET_ERR, "imfile: error accessing file '%s'", name); - } else { /* reporting only in debug for dirs as higher lvl paths are likely blocked by selinux */ -- DBGPRINTF("imfile: error accessing file '%s'", name); -+ DBGPRINTF("imfile: error accessing directory '%s'", name); - } - FINALIZE; - } -@@ -727,6 +728,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file, - act->ino = ino; - act->fd = fd; - act->file_id[0] = '\0'; -+ act->file_id_prev[0] = '\0'; - act->is_symlink = is_symlink; - if (source) { /* we are target of symlink */ - CHKmalloc(act->source_name = strdup(source)); -@@ -1256,17 +1258,15 @@ get_file_id_hash(const char *data, size_t lendata, - static void ATTR_NONNULL(1) - getFileID(act_obj_t *const act) - { -- if(act->file_id[0] != '\0') { -- return; /* everything already done */ -- } -+ /* save the old id for cleaning purposes */ -+ strncpy(act->file_id_prev, (const char*)act->file_id, FILE_ID_HASH_SIZE); -+ act->file_id[0] = '\0'; - assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */ - char filedata[FILE_ID_SIZE]; -+ lseek(act->fd, 0, SEEK_SET); /* Seek to beginning of file so we have correct id */ - const int r = read(act->fd, filedata, FILE_ID_SIZE); - if(r == FILE_ID_SIZE) { - get_file_id_hash(filedata, sizeof(filedata), act->file_id, sizeof(act->file_id)); -- dbgprintf("file_id '%s' obtained, closing monitoring file handle\n", act->file_id); -- close(act->fd); /* we will never go here! */ -- act->fd = -1; - } else { - DBGPRINTF("getFileID partial or error read, ret %d\n", r); - } -@@ -1378,28 +1378,13 @@ openFileWithStateFile(act_obj_t *const act) - if(fd < 0) { - if(errno == ENOENT) { - if(act->file_id[0] != '\0') { -- const char *pszSFNamHash = strdup((const char*)pszSFNam); -- CHKmalloc(pszSFNamHash); - DBGPRINTF("state file %s for %s does not exist - trying to see if " - "inode-only file exists\n", pszSFNam, act->name); - getFullStateFileName(statefn, "", pszSFNam, sizeof(pszSFNam)); - fd = open((char*)pszSFNam, O_CLOEXEC | O_NOCTTY | O_RDONLY, 0600); - if(fd >= 0) { -- dbgprintf("found inode-only state file, renaming it now that we " -- "know the file_id, new name: %s\n", pszSFNamHash); -- /* we now can use identify the file, so let's rename it */ -- if(rename((const char*)pszSFNam, pszSFNamHash) != 0) { -- LogError(errno, RS_RET_IO_ERROR, -- "imfile error trying to rename state file for '%s' - " -- "ignoring this error, usually this means a file no " -- "longer file is left over, but this may also cause " -- "some real trouble. Still the best we can do ", -- act->name); -- free((void*) pszSFNamHash); -- ABORT_FINALIZE(RS_RET_IO_ERROR); -- } -+ dbgprintf("found inode-only state file, will be renamed at next persist\n"); - } -- free((void*) pszSFNamHash); - } - if(fd < 0) { - DBGPRINTF("state file %s for %s does not exist - trying to see if " -@@ -2609,6 +2594,36 @@ atomicWriteStateFile(const char *fn, const char *content) - RETiRet; - } - -+/* This function should be called after any file ID change - that is if -+ * file grown from hash-only statefile, or was truncated, this will ensure -+ * we delete the old file so we do not make garbage in our working dir and -+ * there are no leftover statefiles which can in theory later bind to something -+ * and cause data loss. -+ * jvymazal 2019-11-27 -+ */ -+static void -+removeOldStatefile(const uchar *statefn, const char *hashToDelete) -+{ -+ int ret; -+ uchar statefname[MAXFNAME]; -+ -+ getFullStateFileName(statefn, hashToDelete, statefname, sizeof(statefname)); -+ DBGPRINTF("removing old state file: '%s'\n", statefname); -+ ret = unlink((const char*)statefname); -+ if(ret != 0) { -+ if (errno != ENOENT) { -+ LogError(errno, RS_RET_IO_ERROR, -+ "imfile error trying to delete old state file: '%s' - ignoring this " -+ "error, usually this means a file no longer file is left over, but " -+ "this may also cause some real trouble. Still the best we can do ", -+ statefname); -+ } else { -+ DBGPRINTF("trying to delete no longer valid statefile '%s' which no " -+ "longer exists (probably already deleted)\n", statefname); -+ } -+ } -+} -+ - - /* This function persists information for a specific file being monitored. - * To do so, it simply persists the stream object. We do NOT abort on error -@@ -2660,6 +2675,11 @@ persistStrmState(act_obj_t *const act) - CHKiRet(atomicWriteStateFile((const char*)statefname, jstr)); - json_object_put(json); - -+ /* file-id changed remove the old statefile */ -+ if (strncmp((const char *)act->file_id_prev, (const char *)act->file_id, FILE_ID_HASH_SIZE)) { -+ removeOldStatefile(statefn, act->file_id_prev); -+ } -+ - finalize_it: - if(iRet != RS_RET_OK) { - LogError(0, iRet, "imfile: could not persist state " diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch b/SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch deleted file mode 100644 index 8700dff..0000000 --- a/SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 0de93c9e1597b20f71bb61d5375ded546cfd2fa8 Mon Sep 17 00:00:00 2001 -From: Jiri Vymazal -Date: Wed, 11 Dec 2019 15:35:26 +0100 -Subject: [PATCH] Changed default for permitExpiredCerts to "off" - -This is to be conssitent with rsyslog's prior behavior where -expired certs were automatically rejected ---- - runtime/nsd_gtls.c | 10 +++++----- - runtime/nsd_ossl.c | 8 ++++---- - 2 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c -index 5df12994d1..2be0ca9c92 100644 ---- a/runtime/nsd_gtls.c -+++ b/runtime/nsd_gtls.c -@@ -1461,16 +1461,16 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode) - nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; - - ISOBJ_TYPE_assert((pThis), nsd_gtls); -- /* default is set to warn! */ -- if(mode == NULL || !strcasecmp((char*)mode, "warn")) { -- pThis->permitExpiredCerts = GTLS_EXPIRED_WARN; -- } else if(!strcasecmp((char*) mode, "off")) { -+ /* default is set to off! */ -+ if(mode == NULL || !strcasecmp((char*)mode, "off")) { - pThis->permitExpiredCerts = GTLS_EXPIRED_DENY; -+ } else if(!strcasecmp((char*) mode, "warn")) { -+ pThis->permitExpiredCerts = GTLS_EXPIRED_WARN; - } else if(!strcasecmp((char*) mode, "on")) { - pThis->permitExpiredCerts = GTLS_EXPIRED_PERMIT; - } else { - LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: permitexpiredcerts mode '%s' not supported by " -- "ossl netstream driver", mode); -+ "gtls netstream driver", mode); - ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED); - } - -diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c -index 4f8dd845ab..ebb2537d72 100644 ---- a/runtime/nsd_ossl.c -+++ b/runtime/nsd_ossl.c -@@ -1130,11 +1130,11 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode) - nsd_ossl_t *pThis = (nsd_ossl_t*) pNsd; - - ISOBJ_TYPE_assert((pThis), nsd_ossl); -- /* default is set to warn! */ -- if(mode == NULL || !strcasecmp((char*)mode, "warn")) { -- pThis->permitExpiredCerts = OSSL_EXPIRED_WARN; -- } else if(!strcasecmp((char*) mode, "off")) { -+ /* default is set to off! */ -+ if(mode == NULL || !strcasecmp((char*)mode, "off")) { - pThis->permitExpiredCerts = OSSL_EXPIRED_DENY; -+ } else if(!strcasecmp((char*) mode, "warn")) { -+ pThis->permitExpiredCerts = OSSL_EXPIRED_WARN; - } else if(!strcasecmp((char*) mode, "on")) { - pThis->permitExpiredCerts = OSSL_EXPIRED_PERMIT; - } else { diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch b/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch deleted file mode 100644 index da0fc3f..0000000 --- a/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: Jiri Vymazal -Date: Wed, 18 Dec 2019 09:48:15 +0100 -Subject: [PATCH] Fix race condition related to libfastjson when using DA queue - -Rsyslogd aborts when writing to disk queue from multiple workers simultaneously. -It is assumed that libfastjson is not thread-safe. -Resolve libfastjson race condition when writing to disk queue. - -see also https://github.com/rsyslog/rsyslog/issues/4099 ---- - runtime/msg.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/runtime/msg.c b/runtime/msg.c -index b5c17cfdd4..f9da40005f 100644 ---- a/runtime/msg.c -+++ b/runtime/msg.c -@@ -1242,11 +1242,15 @@ static rsRetVal MsgSerialize(smsg_t *pThis, strm_t *pStrm) - psz = pThis->pszStrucData; - CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("pszStrucData"), PROPTYPE_PSZ, (void*) psz)); - if(pThis->json != NULL) { -+ MsgLock(pThis); - psz = (uchar*) json_object_get_string(pThis->json); -+ MsgUnlock(pThis); - CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("json"), PROPTYPE_PSZ, (void*) psz)); - } - if(pThis->localvars != NULL) { -+ MsgLock(pThis); - psz = (uchar*) json_object_get_string(pThis->localvars); -+ MsgUnlock(pThis); - CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("localvars"), PROPTYPE_PSZ, (void*) psz)); - } - diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch b/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch deleted file mode 100644 index 0b12f52..0000000 --- a/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0c69ec76d8cac47bcfa78abae86229ad63c92b0b Mon Sep 17 00:00:00 2001 -From: Jiri Vymazal -Date: Tue, 21 Jan 2020 13:58:14 +0100 -Subject: [PATCH] Fixed saving of old file_id for statefiles - -Previously we saved old file_id unconditionally, which led to not -deleting old statefiles if files changes without rsyslog running. -Now it should work correctly. ---- - plugins/imfile/imfile.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c -index 908bb5901c..5ad44f6c59 100644 ---- a/plugins/imfile/imfile.c -+++ b/plugins/imfile/imfile.c -@@ -1258,8 +1258,8 @@ get_file_id_hash(const char *data, size_t lendata, - static void ATTR_NONNULL(1) - getFileID(act_obj_t *const act) - { -- /* save the old id for cleaning purposes */ -- strncpy(act->file_id_prev, (const char*)act->file_id, FILE_ID_HASH_SIZE); -+ char tmp_id[FILE_ID_HASH_SIZE]; -+ strncpy(tmp_id, (const char*)act->file_id, FILE_ID_HASH_SIZE); - act->file_id[0] = '\0'; - assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */ - char filedata[FILE_ID_SIZE]; -@@ -1270,6 +1270,9 @@ getFileID(act_obj_t *const act) - } else { - DBGPRINTF("getFileID partial or error read, ret %d\n", r); - } -+ if (strncmp(tmp_id, act->file_id, FILE_ID_HASH_SIZE)) {/* save the old id for cleaning purposes */ -+ strncpy(act->file_id_prev, tmp_id, FILE_ID_HASH_SIZE); -+ } - DBGPRINTF("getFileID for '%s', file_id_hash '%s'\n", act->name, act->file_id); - } - diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch b/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch deleted file mode 100644 index e95c892..0000000 --- a/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 89ff6436b55cd81c54dcb076490b0c4de98d508d Mon Sep 17 00:00:00 2001 -From: Jiri Vymazal -Date: Tue, 9 Jun 2020 12:09:59 +0200 -Subject: [PATCH] Fixing imfile segfaulting on selinux denial - -If imfile is denied access to file watched trough symlink there is -unchecked condition resulting in access to not initialized memory. ---- - plugins/imfile/imfile.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c -index f360bd290b..21d6546552 100644 ---- a/plugins/imfile/imfile.c -+++ b/plugins/imfile/imfile.c -@@ -732,7 +732,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file, - } else { /* reporting only in debug for dirs as higher lvl paths are likely blocked by selinux */ - DBGPRINTF("imfile: error accessing directory '%s'", name); - } -- FINALIZE; -+ ABORT_FINALIZE(RS_RET_NO_FILE_ACCESS); - } - DBGPRINTF("add new active object '%s' in '%s'\n", name, edge->path); - CHKmalloc(act = calloc(sizeof(act_obj_t), 1)); diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1944756-large-group.patch b/SOURCES/rsyslog-8.1911.0-rhbz1944756-large-group.patch deleted file mode 100644 index d9633b5..0000000 --- a/SOURCES/rsyslog-8.1911.0-rhbz1944756-large-group.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -up rsyslog-8.1911.0/grammar/rainerscript.c.orig rsyslog-8.1911.0/grammar/rainerscript.c ---- rsyslog-8.1911.0/grammar/rainerscript.c.orig 2021-04-06 13:43:55.366523373 +0200 -+++ rsyslog-8.1911.0/grammar/rainerscript.c 2021-04-06 13:44:40.039239056 +0200 -@@ -905,15 +905,29 @@ static int - doGetGID(struct nvlst *valnode, struct cnfparamdescr *param, - struct cnfparamvals *val) - { -- char *cstr; -- int r; -- struct group *resultBuf; -- struct group wrkBuf; -- char stringBuf[2048]; /* 2048 has been proven to be large enough */ -+ char *cstr; -+ int r; -+ struct group *resultBuf = NULL; -+ struct group wrkBuf; -+ char *stringBuf = NULL; -+ size_t bufSize = 1024; -+ int e; -+ -+ cstr = es_str2cstr(valnode->val.d.estr, NULL); -+ do { -+ char *p; -+ -+ /* Increase bufsize and try again.*/ -+ bufSize *= 2; -+ p = realloc(stringBuf, bufSize); -+ if(!p) { -+ e = ENOMEM; -+ break; -+ } -+ stringBuf = p; -+ e = getgrnam_r(cstr, &wrkBuf, stringBuf, bufSize, &resultBuf); -+ } while(!resultBuf && (e == ERANGE)); - -- cstr = es_str2cstr(valnode->val.d.estr, NULL); -- const int e = getgrnam_r(cstr, &wrkBuf, stringBuf, -- sizeof(stringBuf), &resultBuf); - if(resultBuf == NULL) { - if(e != 0) { - LogError(e, RS_RET_ERR, "parameter '%s': error to " -@@ -929,6 +943,7 @@ doGetGID(struct nvlst *valnode, struct c - param->name, (int) resultBuf->gr_gid, cstr); - r = 1; - } -+ free(stringBuf); - free(cstr); - return r; - } diff --git a/SOURCES/rsyslog-8.1911.0-service.patch b/SOURCES/rsyslog-8.1911.0-service.patch deleted file mode 100644 index 338a871..0000000 --- a/SOURCES/rsyslog-8.1911.0-service.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up ./rsyslog.service.in.service ./rsyslog.service.in ---- ./rsyslog.service.in.service 2018-03-01 13:58:11.480598935 +0100 -+++ ./rsyslog.service.in 2018-03-01 13:58:25.433518607 +0100 -@@ -1,12 +1,16 @@ - [Unit] - Description=System Logging Service - Requires=syslog.socket -+Wants=network.target network-online.target -+After=network.target network-online.target - Documentation=man:rsyslogd(8) - Documentation=https://www.rsyslog.com/doc/ - - [Service] - Type=notify --ExecStart=@sbindir@/rsyslogd -n -iNONE -+EnvironmentFile=-/etc/sysconfig/rsyslog -+ExecStart=@sbindir@/rsyslogd -n $SYSLOGD_OPTIONS -+UMask=0066 - StandardOutput=null - Restart=on-failure - diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch b/SOURCES/rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch new file mode 100644 index 0000000..1b9fd47 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch @@ -0,0 +1,14 @@ +diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c +--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-28 09:05:23.283262154 +0200 ++++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-28 09:10:05.858381106 +0200 +@@ -424,8 +424,8 @@ readjournal(void) + severity = cs.iDfltSeverity; + } + } else { +- LogError(0, RS_RET_ERR, "The value of the 'PRIORITY' field has an " +- "unexpected length: %zu\n", length); ++ DBGPRINTF("The value of the 'PRIORITY' field has an " ++ "unexpected length: %zu value: '%s'\n", length, (const char*)get); + } + } + diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch b/SOURCES/rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch new file mode 100644 index 0000000..a847084 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch @@ -0,0 +1,21 @@ +diff -up rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig rsyslog-8.2102.0/plugins/omrelp/omrelp.c +--- rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig 2021-06-15 12:46:14.758589030 +0200 ++++ rsyslog-8.2102.0/plugins/omrelp/omrelp.c 2021-06-15 12:47:08.130516632 +0200 +@@ -303,7 +303,7 @@ ENDfreeCnf + BEGINcreateInstance + CODESTARTcreateInstance + pData->sizeWindow = 0; +- pData->timeout = 90; ++ pData->timeout = 5; + pData->connTimeout = 10; + pData->rebindInterval = 0; + pData->bEnableTLS = DFLT_ENABLE_TLS; +@@ -365,7 +365,7 @@ setInstParamDefaults(instanceData *pData + pData->target = NULL; + pData->port = NULL; + pData->tplName = NULL; +- pData->timeout = 90; ++ pData->timeout = 5; + pData->connTimeout = 10; + pData->sizeWindow = 0; + pData->rebindInterval = 0; diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch b/SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch new file mode 100644 index 0000000..f95dd5a --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch @@ -0,0 +1,20 @@ +diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c +--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-15 12:30:35.238832058 +0200 ++++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-15 12:32:04.699721356 +0200 +@@ -565,6 +565,8 @@ persistJournalState(void) + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + ++ fflush(sf); ++ + /* change the name of the file to the configured one */ + if (rename(tmp_sf, cs.stateFile) < 0) { + LogError(errno, iRet, "imjournal: rename() failed for new path: '%s'", cs.stateFile); +@@ -586,6 +588,7 @@ persistJournalState(void) + LogError(errno, RS_RET_IO_ERROR, "imjournal: fsync on '%s' failed", glbl.GetWorkDir()); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } ++ closedir(wd); + } + + DBGPRINTF("Persisted journal to '%s'\n", cs.stateFile); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch b/SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch new file mode 100644 index 0000000..344eef6 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch @@ -0,0 +1,102 @@ +diff -up rsyslog-8.2102.0/runtime/cfsysline.c.orig rsyslog-8.2102.0/runtime/cfsysline.c +--- rsyslog-8.2102.0/runtime/cfsysline.c.orig 2021-08-04 07:16:02.663163106 +0200 ++++ rsyslog-8.2102.0/runtime/cfsysline.c 2021-08-04 07:18:05.952490008 +0200 +@@ -353,13 +353,8 @@ static rsRetVal doGetGID(uchar **pp, rsR + assert(*pp != NULL); + + if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) { +- if(loadConf->globals.abortOnIDResolutionFail) { +- fprintf(stderr, "could not extract group name: %s\n", (char*)szName); +- exit(1); /* good exit */ +- } else { +- LogError(0, RS_RET_NOT_FOUND, "could not extract group name"); +- ABORT_FINALIZE(RS_RET_NOT_FOUND); +- } ++ LogError(0, RS_RET_NOT_FOUND, "could not extract group name"); ++ ABORT_FINALIZE(RS_RET_NOT_FOUND); + } + + do { +@@ -380,10 +375,6 @@ static rsRetVal doGetGID(uchar **pp, rsR + LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", szName); + } + iRet = RS_RET_NOT_FOUND; +- if(loadConf->globals.abortOnIDResolutionFail) { +- fprintf(stderr, "ID for group '%s' could not be found or error\n", szName); +- exit(1); /* good exit */ +- } + } else { + if(pSetHdlr == NULL) { + /* we should set value directly to var */ +@@ -418,25 +409,15 @@ static rsRetVal doGetUID(uchar **pp, rsR + assert(*pp != NULL); + + if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) { +- if(loadConf->globals.abortOnIDResolutionFail) { +- fprintf(stderr, "could not extract user name: %s\n", (char*)szName); +- exit(1); /* good exit */ +- } else { +- LogError(0, RS_RET_NOT_FOUND, "could not extract user name"); +- ABORT_FINALIZE(RS_RET_NOT_FOUND); +- } ++ LogError(0, RS_RET_NOT_FOUND, "could not extract user name"); ++ ABORT_FINALIZE(RS_RET_NOT_FOUND); + } + + getpwnam_r((char*)szName, &pwBuf, stringBuf, sizeof(stringBuf), &ppwBuf); + + if(ppwBuf == NULL) { +- if(loadConf->globals.abortOnIDResolutionFail) { +- fprintf(stderr, "ID for user '%s' could not be found or error\n", (char*)szName); +- exit(1); /* good exit */ +- } else { +- LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName); +- iRet = RS_RET_NOT_FOUND; +- } ++ LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName); ++ iRet = RS_RET_NOT_FOUND; + } else { + if(pSetHdlr == NULL) { + /* we should set value directly to var */ +diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c +--- rsyslog-8.2102.0/runtime/glbl.c.orig 2021-08-04 07:18:19.301633677 +0200 ++++ rsyslog-8.2102.0/runtime/glbl.c 2021-08-04 07:19:02.409019106 +0200 +@@ -210,7 +210,6 @@ static struct cnfparamdescr cnfparamdesc + { "environment", eCmdHdlrArray, 0 }, + { "processinternalmessages", eCmdHdlrBinary, 0 }, + { "umask", eCmdHdlrFileCreateMode, 0 }, +- { "security.abortonidresolutionfail", eCmdHdlrBinary, 0 }, + { "internal.developeronly.options", eCmdHdlrInt, 0 }, + { "internalmsg.ratelimit.interval", eCmdHdlrPositiveInt, 0 }, + { "internalmsg.ratelimit.burst", eCmdHdlrPositiveInt, 0 }, +@@ -1443,8 +1442,6 @@ glblDoneLoadCnf(void) + glblInputTimeoutShutdown = (int) cnfparamvals[i].val.d.n; + } else if(!strcmp(paramblk.descr[i].name, "privdrop.group.keepsupplemental")) { + loadConf->globals.gidDropPrivKeepSupplemental = (int) cnfparamvals[i].val.d.n; +- } else if(!strcmp(paramblk.descr[i].name, "security.abortonidresolutionfail")) { +- loadConf->globals.abortOnIDResolutionFail = (int) cnfparamvals[i].val.d.n; + } else if(!strcmp(paramblk.descr[i].name, "net.acladdhostnameonfail")) { + *(net.pACLAddHostnameOnFail) = (int) cnfparamvals[i].val.d.n; + } else if(!strcmp(paramblk.descr[i].name, "net.aclresolvehostname")) { +diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c +--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2021-08-04 07:19:13.103104854 +0200 ++++ rsyslog-8.2102.0/runtime/rsconf.c 2021-08-04 07:19:44.635357684 +0200 +@@ -156,7 +156,6 @@ static void cnfSetDefaults(rsconf_t *pTh + pThis->globals.maxErrMsgToStderr = -1; + pThis->globals.umask = -1; + pThis->globals.gidDropPrivKeepSupplemental = 0; +- pThis->globals.abortOnIDResolutionFail = 1; + pThis->templates.root = NULL; + pThis->templates.last = NULL; + pThis->templates.lastStatic = NULL; +diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h +--- rsyslog-8.2102.0/runtime/rsconf.h.orig 2021-08-04 07:20:15.848607958 +0200 ++++ rsyslog-8.2102.0/runtime/rsconf.h 2021-08-04 07:20:42.782823920 +0200 +@@ -73,7 +73,6 @@ struct globals_s { + int uidDropPriv; /* user-id to which priveleges should be dropped to */ + int gidDropPriv; /* group-id to which priveleges should be dropped to */ + int gidDropPrivKeepSupplemental; /* keep supplemental groups when dropping? */ +- int abortOnIDResolutionFail; + int umask; /* umask to use */ + uchar *pszConfDAGFile; /* name of config DAG file, non-NULL means generate one */ + diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch b/SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch new file mode 100644 index 0000000..710f48c --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch @@ -0,0 +1,26 @@ +diff -up rsyslog-8.2102.0/runtime/ratelimit.c.orig rsyslog-8.2102.0/runtime/ratelimit.c +--- rsyslog-8.2102.0/runtime/ratelimit.c.orig 2021-07-27 10:37:50.972903104 +0200 ++++ rsyslog-8.2102.0/runtime/ratelimit.c 2021-07-27 10:38:26.141002988 +0200 +@@ -235,7 +235,6 @@ ratelimitMsg(ratelimit_t *__restrict__ c + { + DEFiRet; + rsRetVal localRet; +- int severity = 0; + + *ppRepMsg = NULL; + +@@ -246,13 +245,12 @@ ratelimitMsg(ratelimit_t *__restrict__ c + DBGPRINTF("Message discarded, parsing error %d\n", localRet); + ABORT_FINALIZE(RS_RET_DISCARDMSG); + } +- severity = pMsg->iSeverity; + } + } + + /* Only the messages having severity level at or below the + * treshold (the value is >=) are subject to ratelimiting. */ +- if(ratelimit->interval && (severity >= ratelimit->severity)) { ++ if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) { + char namebuf[512]; /* 256 for FGDN adn 256 for APPNAME should be enough */ + snprintf(namebuf, sizeof namebuf, "%s:%s", getHOSTNAME(pMsg), + getAPPNAME(pMsg, 0)); diff --git a/SOURCES/rsyslog.service b/SOURCES/rsyslog.service new file mode 100644 index 0000000..3b073f6 --- /dev/null +++ b/SOURCES/rsyslog.service @@ -0,0 +1,23 @@ +[Unit] +Description=System Logging Service +;Requires=syslog.socket +Wants=network.target network-online.target +After=network.target network-online.target +Documentation=man:rsyslogd(8) +Documentation=https://www.rsyslog.com/doc/ + +[Service] +Type=notify +EnvironmentFile=-/etc/sysconfig/rsyslog +ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS +UMask=0066 +StandardOutput=null +Restart=on-failure + +# Increase the default a bit in order to allow many simultaneous +# files to be monitored, we might need a lot of fds. +LimitNOFILE=16384 + +[Install] +WantedBy=multi-user.target +;Alias=syslog.service diff --git a/SPECS/rsyslog.spec b/SPECS/rsyslog.spec index 2847707..38af939 100644 --- a/SPECS/rsyslog.spec +++ b/SPECS/rsyslog.spec @@ -5,8 +5,8 @@ Summary: Enhanced system logging and kernel message trapping daemon Name: rsyslog -Version: 8.1911.0 -Release: 7%{?dist}.2 +Version: 8.2102.0 +Release: 5%{?dist} License: (GPLv3+ and ASL 2.0) Group: System Environment/Daemons ExcludeArch: i686 @@ -16,7 +16,8 @@ Source1: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.ta Source2: rsyslog.conf Source3: rsyslog.sysconfig Source4: rsyslog.log -Source5: qpid-proton-0.31.0.tar.gz +Source5: qpid-proton-0.34.0.tar.gz +Source6: rsyslog.service BuildRequires: autoconf BuildRequires: automake @@ -33,7 +34,9 @@ BuildRequires: python3-docutils # it depens on rhbz#1419228 BuildRequires: systemd-devel >= 219-39 BuildRequires: zlib-devel +BuildRequires: openssl-devel +Requires: openssl-libs Requires: logrotate >= 3.5.2 Requires: bash >= 2.0 Requires: libestr >= 0.1.9 @@ -44,17 +47,13 @@ Requires(postun): systemd Provides: syslog Obsoletes: sysklogd < 1.5-11 -# tweak the upstream service file to honour configuration from /etc/sysconfig/rsyslog -Patch0: rsyslog-8.1911.0-service.patch # imjournal: adds "journal" when tag/process name is missing -Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch -Patch2: rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch -Patch3: rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch -Patch4: rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch -Patch5: rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch -Patch6: rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch -Patch7: rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch -Patch8: rsyslog-8.1911.0-rhbz1944756-large-group.patch +Patch0: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch +Patch1: rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch +Patch2: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch +Patch3: rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch +Patch4: rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch +Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch %package crypto Summary: Encryption support @@ -73,11 +72,17 @@ Group: System Environment/Daemons Requires: %name = %version-%release %package gnutls -Summary: TLS protocol support for rsyslog +Summary: TLS protocol support for rsyslog via GnuTLS library Group: System Environment/Daemons Requires: %name = %version-%release BuildRequires: gnutls-devel +%package openssl +Summary: TLS protocol support for rsyslog via OpenSSL library +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: openssl-devel + %package gssapi Summary: GSSAPI authentication and encryption support for rsyslog Group: System Environment/Daemons @@ -183,7 +188,14 @@ Elasticsearch. %description gnutls The rsyslog-gnutls package contains the rsyslog plugins that provide the ability to send and receive syslog messages via TCP or RELP using TLS -encryption. For details refer to rsyslog doc on imtcp and omfwd modules. +encryption via GnuTLS library. For details refer to rsyslog doc on imtcp +and omfwd modules. + +%description openssl +The rsyslog-openssl package contains the rsyslog plugins that provide the +ability to send and receive syslog messages via TCP or RELP using TLS +encryption via OpenSSL library. For details refer to rsyslog doc on imtcp +and omfwd modules. %description gssapi The rsyslog-gssapi package contains the rsyslog plugins which support GSSAPI @@ -256,15 +268,12 @@ mv build doc %setup -q -D %setup -q -D -T -b 5 -%patch0 -p1 -b .service -%patch1 -p1 -b .default-tag -%patch2 -p1 -b .imfile-statefiles -%patch3 -p1 -b .deny-expired-certs -%patch4 -p1 -b .config-enabled-on -%patch5 -p1 -b .serialize-json -%patch6 -p1 -b .imfile-id -%patch7 -p1 -b .imfile-selinux-symlink -%patch8 -p1 -b .large-groups +%patch0 -p1 -b .default-tag +%patch1 -p1 -b .fd-leak-on-fsync +%patch2 -p1 -b .timeout +%patch3 -p1 -b .unexpected-priority-length +%patch4 -p1 -b .imuxsock-rate-limit +%patch5 -p1 -b .abort-on-id-resolution-fail %build %ifarch sparc64 @@ -275,7 +284,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic" %endif # build the proton first ( - cd %{_builddir}/qpid-proton-0.31.0 + cd %{_builddir}/qpid-proton-0.34.0 mkdir bld cd bld @@ -308,6 +317,7 @@ autoreconf -if --enable-elasticsearch \ --enable-generate-man-pages \ --enable-gnutls \ + --enable-openssl \ --enable-gssapi-krb5 \ --enable-imdiag \ --enable-imfile \ @@ -325,7 +335,7 @@ autoreconf -if --enable-mmsnmptrapd \ --enable-mmutf8fix \ --enable-mysql \ - --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.31.0/bld/c/include" \ + --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \ --enable-omhttp \ --enable-omjournal \ --enable-omkafka \ @@ -350,6 +360,7 @@ make DESTDIR=%{buildroot} install install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d +install -d -m 755 %{buildroot}%{_unitdir} install -d -m 755 %{buildroot}%{_sysconfdir}/rsyslog.d install -d -m 700 %{buildroot}%{rsyslog_statedir} install -d -m 700 %{buildroot}%{rsyslog_pkidir} @@ -358,6 +369,7 @@ install -d -m 755 %{buildroot}%{rsyslog_docdir}/html install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rsyslog.conf install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/syslog +install -p -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/rsyslog.service install -p -m 644 plugins/ommysql/createDB.sql %{buildroot}%{rsyslog_docdir}/mysql-createDB.sql install -p -m 644 plugins/ompgsql/createDB.sql %{buildroot}%{rsyslog_docdir}/pgsql-createDB.sql install -p -m 644 contrib/mmkubernetes/*.rulebase %{buildroot}%{rsyslog_docdir} @@ -365,8 +377,6 @@ install -p -m 644 contrib/mmkubernetes/*.rulebase %{buildroot}%{rsyslog_docdir} cp -r doc/* %{buildroot}%{rsyslog_docdir}/html # get rid of libtool libraries rm -f %{buildroot}%{_libdir}/rsyslog/*.la -# get rid of socket activation by default -sed -i '/^Alias/s/^/;/;/^Requires=syslog.socket/s/^/;/' %{buildroot}%{_unitdir}/rsyslog.service # convert line endings from "\r\n" to "\n" cat tools/recover_qi.pl | tr -d '\r' > %{buildroot}%{_bindir}/rsyslog-recover-qi.pl @@ -457,6 +467,9 @@ done %files gnutls %{_libdir}/rsyslog/lmnsd_gtls.so +%files openssl +%{_libdir}/rsyslog/lmnsd_ossl.so + %files kafka %{_libdir}/rsyslog/imkafka.so %{_libdir}/rsyslog/omkafka.so @@ -501,9 +514,35 @@ done %{_libdir}/rsyslog/omudpspoof.so %changelog -* Tue Apr 06 2021 Attila Lakatos - 8.1911.0-7.2 -- added patch resolving theoretically "too large" groups - resolves:rhbz#1944756 +* Wed Aug 04 2021 Attila Lakatos - 8.2102.0-5 +- Do not exit when user/group can not be found + resolves: rhbz#1984489 +- Remove abortOnIDResolution fail + +* Tue Jul 27 2021 Attila Lakatos - 8.2102.0-4 +- Allways use message severity when comparing with ratelimit severity + resolves: rhbz#1984616 + +* Mon Jun 28 2021 Attila Lakatos - 8.2102.0-3 +- Priority field must have valid length + resolves: rhbz#1866877 +- Allocate more memory on too large groups + resolves: rhbz#1944718 + +* Tue May 18 2021 Attila Lakatos - 8.2102.0-2 + RHEL 8.5.0 ERRATUM +- rebase to 8.2102.0 + resolves: rhbz#1932795 +- Enable openssl + resolves: rhbz#1891458 +- EKU check for client cert on server side + resolves: rhbz#1783348 +- Use GNUTLS_SHUT_WR when ending TLS connections + resolves: rhbz#1880434 +- Use librelp with openssl enabled + resolves: rhbz#1795607 +- Close dir when fsync=on + resolves: rhbz#1960536 * Wed Nov 18 2020 Attila Lakatos - 8.1911.0-7 - add back rsyslog-udpspoof package