Enable openssl
resolves: rhbz#1972058 Close dir when fsync=on resolves: rhbz#1972069 Do not exit when user/group can not be found resolves: rhbz#1990868 Remove abortOnIDResolution fail Always use message severity when comparing with ratelimit severity resolves: rhbz#1990869
This commit is contained in:
parent
70f03d2010
commit
2669cb8cc6
93
rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
Normal file
93
rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
Normal file
@ -0,0 +1,93 @@
|
||||
diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjournal.c
|
||||
--- ./plugins/imjournal/imjournal.c.default-tag 2018-05-17 08:50:11.416418022 -0400
|
||||
+++ ./plugins/imjournal/imjournal.c 2018-05-17 08:53:02.884418022 -0400
|
||||
@@ -78,6 +78,7 @@ static struct configSettings_s {
|
||||
int bWorkAroundJournalBug; /* deprecated, left for backwards compatibility only */
|
||||
int bFsync;
|
||||
int bRemote;
|
||||
+ char *dfltTag;
|
||||
} cs;
|
||||
|
||||
static rsRetVal facilityHdlr(uchar **pp, void *pVal);
|
||||
@@ -93,7 +94,8 @@ static struct cnfparamdescr modpdescr[]
|
||||
{ "usepid", eCmdHdlrString, 0 },
|
||||
{ "workaroundjournalbug", eCmdHdlrBinary, 0 },
|
||||
{ "fsync", eCmdHdlrBinary, 0 },
|
||||
- { "remote", eCmdHdlrBinary, 0 }
|
||||
+ { "remote", eCmdHdlrBinary, 0 },
|
||||
+ { "defaulttag", eCmdHdlrGetWord, 0 }
|
||||
};
|
||||
static struct cnfparamblk modpblk =
|
||||
{ CNFPARAMBLK_VERSION,
|
||||
@@ -104,6 +106,7 @@ static struct cnfparamblk modpblk =
|
||||
#define DFLT_persiststateinterval 10
|
||||
#define DFLT_SEVERITY pri2sev(LOG_NOTICE)
|
||||
#define DFLT_FACILITY pri2fac(LOG_USER)
|
||||
+#define DFLT_TAG "journal"
|
||||
|
||||
static int bLegacyCnfModGlobalsPermitted = 1;/* are legacy module-global config parameters permitted? */
|
||||
|
||||
@@ -268,7 +271,7 @@ readjournal(void)
|
||||
|
||||
/* Information from messages */
|
||||
char *message = NULL;
|
||||
- char *sys_iden;
|
||||
+ char *sys_iden = NULL;
|
||||
char *sys_iden_help = NULL;
|
||||
|
||||
const void *get;
|
||||
@@ -331,7 +334,7 @@ readjournal(void)
|
||||
if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
|
||||
CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
|
||||
} else {
|
||||
- CHKmalloc(sys_iden = strdup("journal"));
|
||||
+ CHKmalloc(sys_iden = strdup(cs.dfltTag));
|
||||
}
|
||||
|
||||
/* trying to get PID, default is "SYSLOG_PID" property */
|
||||
@@ -654,6 +657,11 @@ CODESTARTrunInput
|
||||
"\"usepidfromsystem\" is depricated, use \"usepid\" instead");
|
||||
}
|
||||
|
||||
+ if (cs.dfltTag == NULL) {
|
||||
+ cs.dfltTag = strdup(DFLT_TAG);
|
||||
+ }
|
||||
+
|
||||
+
|
||||
if (cs.usePid && (strcmp(cs.usePid, "system") == 0)) {
|
||||
pidFieldName = "_PID";
|
||||
bPidFallBack = 0;
|
||||
@@ -732,6 +740,7 @@ CODESTARTbeginCnfLoad
|
||||
cs.bWorkAroundJournalBug = 1;
|
||||
cs.bFsync = 0;
|
||||
cs.bRemote = 0;
|
||||
+ cs.dfltTag = NULL;
|
||||
ENDbeginCnfLoad
|
||||
|
||||
|
||||
@@ -754,6 +763,7 @@ BEGINfreeCnf
|
||||
CODESTARTfreeCnf
|
||||
free(cs.stateFile);
|
||||
free(cs.usePid);
|
||||
+ free(cs.dfltTag);
|
||||
free(journalContext.cursor);
|
||||
statsobj.Destruct(&(statsCounter.stats));
|
||||
ENDfreeCnf
|
||||
@@ -832,6 +842,8 @@ CODESTARTsetModCnf
|
||||
cs.bFsync = (int) pvals[i].val.d.n;
|
||||
} else if (!strcmp(modpblk.descr[i].name, "remote")) {
|
||||
cs.bRemote = (int) pvals[i].val.d.n;
|
||||
+ } else if (!strcmp(modpblk.descr[i].name, "defaulttag")) {
|
||||
+ cs.dfltTag = (char *)es_str2cstr(pvals[i].val.d.estr, NULL);
|
||||
} else {
|
||||
dbgprintf("imjournal: program error, non-handled "
|
||||
"param '%s' in beginCnfLoad\n", modpblk.descr[i].name);
|
||||
@@ -799,6 +820,8 @@ CODEmodInit_QueryRegCFSLineHdlr
|
||||
facilityHdlr, &cs.iDfltFacility, STD_LOADABLE_MODULE_ID));
|
||||
CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournalusepidfromsystem", 0, eCmdHdlrBinary,
|
||||
NULL, &cs.bUseJnlPID, STD_LOADABLE_MODULE_ID));
|
||||
+ CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournaldefaulttag", 0, eCmdHdlrGetWord,
|
||||
+ NULL, &cs.dfltTag, STD_LOADABLE_MODULE_ID));
|
||||
ENDmodInit
|
||||
/* vim:set ai:
|
||||
*/
|
21
rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
Normal file
21
rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
Normal file
@ -0,0 +1,21 @@
|
||||
diff -up rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig rsyslog-8.2102.0/plugins/omrelp/omrelp.c
|
||||
--- rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig 2021-06-15 12:46:14.758589030 +0200
|
||||
+++ rsyslog-8.2102.0/plugins/omrelp/omrelp.c 2021-06-15 12:47:08.130516632 +0200
|
||||
@@ -303,7 +303,7 @@ ENDfreeCnf
|
||||
BEGINcreateInstance
|
||||
CODESTARTcreateInstance
|
||||
pData->sizeWindow = 0;
|
||||
- pData->timeout = 90;
|
||||
+ pData->timeout = 5;
|
||||
pData->connTimeout = 10;
|
||||
pData->rebindInterval = 0;
|
||||
pData->bEnableTLS = DFLT_ENABLE_TLS;
|
||||
@@ -365,7 +365,7 @@ setInstParamDefaults(instanceData *pData
|
||||
pData->target = NULL;
|
||||
pData->port = NULL;
|
||||
pData->tplName = NULL;
|
||||
- pData->timeout = 90;
|
||||
+ pData->timeout = 5;
|
||||
pData->connTimeout = 10;
|
||||
pData->sizeWindow = 0;
|
||||
pData->rebindInterval = 0;
|
20
rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
Normal file
20
rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
Normal file
@ -0,0 +1,20 @@
|
||||
diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
|
||||
--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-15 12:30:35.238832058 +0200
|
||||
+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-15 12:32:04.699721356 +0200
|
||||
@@ -565,6 +565,8 @@ persistJournalState(void)
|
||||
ABORT_FINALIZE(RS_RET_IO_ERROR);
|
||||
}
|
||||
|
||||
+ fflush(sf);
|
||||
+
|
||||
/* change the name of the file to the configured one */
|
||||
if (rename(tmp_sf, cs.stateFile) < 0) {
|
||||
LogError(errno, iRet, "imjournal: rename() failed for new path: '%s'", cs.stateFile);
|
||||
@@ -586,6 +588,7 @@ persistJournalState(void)
|
||||
LogError(errno, RS_RET_IO_ERROR, "imjournal: fsync on '%s' failed", glbl.GetWorkDir());
|
||||
ABORT_FINALIZE(RS_RET_IO_ERROR);
|
||||
}
|
||||
+ closedir(wd);
|
||||
}
|
||||
|
||||
DBGPRINTF("Persisted journal to '%s'\n", cs.stateFile);
|
@ -0,0 +1,102 @@
|
||||
diff -up rsyslog-8.2102.0/runtime/cfsysline.c.orig rsyslog-8.2102.0/runtime/cfsysline.c
|
||||
--- rsyslog-8.2102.0/runtime/cfsysline.c.orig 2021-08-04 07:16:02.663163106 +0200
|
||||
+++ rsyslog-8.2102.0/runtime/cfsysline.c 2021-08-04 07:18:05.952490008 +0200
|
||||
@@ -353,13 +353,8 @@ static rsRetVal doGetGID(uchar **pp, rsR
|
||||
assert(*pp != NULL);
|
||||
|
||||
if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
|
||||
- if(loadConf->globals.abortOnIDResolutionFail) {
|
||||
- fprintf(stderr, "could not extract group name: %s\n", (char*)szName);
|
||||
- exit(1); /* good exit */
|
||||
- } else {
|
||||
- LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
|
||||
- ABORT_FINALIZE(RS_RET_NOT_FOUND);
|
||||
- }
|
||||
+ LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
|
||||
+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
|
||||
}
|
||||
|
||||
do {
|
||||
@@ -380,10 +375,6 @@ static rsRetVal doGetGID(uchar **pp, rsR
|
||||
LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", szName);
|
||||
}
|
||||
iRet = RS_RET_NOT_FOUND;
|
||||
- if(loadConf->globals.abortOnIDResolutionFail) {
|
||||
- fprintf(stderr, "ID for group '%s' could not be found or error\n", szName);
|
||||
- exit(1); /* good exit */
|
||||
- }
|
||||
} else {
|
||||
if(pSetHdlr == NULL) {
|
||||
/* we should set value directly to var */
|
||||
@@ -418,25 +409,15 @@ static rsRetVal doGetUID(uchar **pp, rsR
|
||||
assert(*pp != NULL);
|
||||
|
||||
if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
|
||||
- if(loadConf->globals.abortOnIDResolutionFail) {
|
||||
- fprintf(stderr, "could not extract user name: %s\n", (char*)szName);
|
||||
- exit(1); /* good exit */
|
||||
- } else {
|
||||
- LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
|
||||
- ABORT_FINALIZE(RS_RET_NOT_FOUND);
|
||||
- }
|
||||
+ LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
|
||||
+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
|
||||
}
|
||||
|
||||
getpwnam_r((char*)szName, &pwBuf, stringBuf, sizeof(stringBuf), &ppwBuf);
|
||||
|
||||
if(ppwBuf == NULL) {
|
||||
- if(loadConf->globals.abortOnIDResolutionFail) {
|
||||
- fprintf(stderr, "ID for user '%s' could not be found or error\n", (char*)szName);
|
||||
- exit(1); /* good exit */
|
||||
- } else {
|
||||
- LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
|
||||
- iRet = RS_RET_NOT_FOUND;
|
||||
- }
|
||||
+ LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
|
||||
+ iRet = RS_RET_NOT_FOUND;
|
||||
} else {
|
||||
if(pSetHdlr == NULL) {
|
||||
/* we should set value directly to var */
|
||||
diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
|
||||
--- rsyslog-8.2102.0/runtime/glbl.c.orig 2021-08-04 07:18:19.301633677 +0200
|
||||
+++ rsyslog-8.2102.0/runtime/glbl.c 2021-08-04 07:19:02.409019106 +0200
|
||||
@@ -210,7 +210,6 @@ static struct cnfparamdescr cnfparamdesc
|
||||
{ "environment", eCmdHdlrArray, 0 },
|
||||
{ "processinternalmessages", eCmdHdlrBinary, 0 },
|
||||
{ "umask", eCmdHdlrFileCreateMode, 0 },
|
||||
- { "security.abortonidresolutionfail", eCmdHdlrBinary, 0 },
|
||||
{ "internal.developeronly.options", eCmdHdlrInt, 0 },
|
||||
{ "internalmsg.ratelimit.interval", eCmdHdlrPositiveInt, 0 },
|
||||
{ "internalmsg.ratelimit.burst", eCmdHdlrPositiveInt, 0 },
|
||||
@@ -1443,8 +1442,6 @@ glblDoneLoadCnf(void)
|
||||
glblInputTimeoutShutdown = (int) cnfparamvals[i].val.d.n;
|
||||
} else if(!strcmp(paramblk.descr[i].name, "privdrop.group.keepsupplemental")) {
|
||||
loadConf->globals.gidDropPrivKeepSupplemental = (int) cnfparamvals[i].val.d.n;
|
||||
- } else if(!strcmp(paramblk.descr[i].name, "security.abortonidresolutionfail")) {
|
||||
- loadConf->globals.abortOnIDResolutionFail = (int) cnfparamvals[i].val.d.n;
|
||||
} else if(!strcmp(paramblk.descr[i].name, "net.acladdhostnameonfail")) {
|
||||
*(net.pACLAddHostnameOnFail) = (int) cnfparamvals[i].val.d.n;
|
||||
} else if(!strcmp(paramblk.descr[i].name, "net.aclresolvehostname")) {
|
||||
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
|
||||
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2021-08-04 07:19:13.103104854 +0200
|
||||
+++ rsyslog-8.2102.0/runtime/rsconf.c 2021-08-04 07:19:44.635357684 +0200
|
||||
@@ -156,7 +156,6 @@ static void cnfSetDefaults(rsconf_t *pTh
|
||||
pThis->globals.maxErrMsgToStderr = -1;
|
||||
pThis->globals.umask = -1;
|
||||
pThis->globals.gidDropPrivKeepSupplemental = 0;
|
||||
- pThis->globals.abortOnIDResolutionFail = 1;
|
||||
pThis->templates.root = NULL;
|
||||
pThis->templates.last = NULL;
|
||||
pThis->templates.lastStatic = NULL;
|
||||
diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
|
||||
--- rsyslog-8.2102.0/runtime/rsconf.h.orig 2021-08-04 07:20:15.848607958 +0200
|
||||
+++ rsyslog-8.2102.0/runtime/rsconf.h 2021-08-04 07:20:42.782823920 +0200
|
||||
@@ -73,7 +73,6 @@ struct globals_s {
|
||||
int uidDropPriv; /* user-id to which priveleges should be dropped to */
|
||||
int gidDropPriv; /* group-id to which priveleges should be dropped to */
|
||||
int gidDropPrivKeepSupplemental; /* keep supplemental groups when dropping? */
|
||||
- int abortOnIDResolutionFail;
|
||||
int umask; /* umask to use */
|
||||
uchar *pszConfDAGFile; /* name of config DAG file, non-NULL means generate one */
|
||||
|
26
rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
Normal file
26
rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff -up rsyslog-8.2102.0/runtime/ratelimit.c.orig rsyslog-8.2102.0/runtime/ratelimit.c
|
||||
--- rsyslog-8.2102.0/runtime/ratelimit.c.orig 2021-07-27 10:37:50.972903104 +0200
|
||||
+++ rsyslog-8.2102.0/runtime/ratelimit.c 2021-07-27 10:38:26.141002988 +0200
|
||||
@@ -235,7 +235,6 @@ ratelimitMsg(ratelimit_t *__restrict__ c
|
||||
{
|
||||
DEFiRet;
|
||||
rsRetVal localRet;
|
||||
- int severity = 0;
|
||||
|
||||
*ppRepMsg = NULL;
|
||||
|
||||
@@ -246,13 +245,12 @@ ratelimitMsg(ratelimit_t *__restrict__ c
|
||||
DBGPRINTF("Message discarded, parsing error %d\n", localRet);
|
||||
ABORT_FINALIZE(RS_RET_DISCARDMSG);
|
||||
}
|
||||
- severity = pMsg->iSeverity;
|
||||
}
|
||||
}
|
||||
|
||||
/* Only the messages having severity level at or below the
|
||||
* treshold (the value is >=) are subject to ratelimiting. */
|
||||
- if(ratelimit->interval && (severity >= ratelimit->severity)) {
|
||||
+ if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) {
|
||||
char namebuf[512]; /* 256 for FGDN adn 256 for APPNAME should be enough */
|
||||
snprintf(namebuf, sizeof namebuf, "%s:%s", getHOSTNAME(pMsg),
|
||||
getAPPNAME(pMsg, 0));
|
44
rsyslog.spec
44
rsyslog.spec
@ -5,7 +5,7 @@
|
||||
Summary: Enhanced system logging and kernel message trapping daemon
|
||||
Name: rsyslog
|
||||
Version: 8.2102.0
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: (GPLv3+ and ASL 2.0)
|
||||
URL: http://www.rsyslog.com/
|
||||
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
|
||||
@ -19,6 +19,11 @@ Source5: rsyslog.service
|
||||
Source6: qpid-proton-0.34.0.tar.gz
|
||||
|
||||
Patch0: openssl3-compatibility.patch
|
||||
Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
|
||||
Patch2: rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
|
||||
Patch3: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
|
||||
Patch4: rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
|
||||
Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
@ -96,10 +101,16 @@ Requires: %name = %version-%release
|
||||
BuildRequires: librelp-devel >= 1.2.16
|
||||
|
||||
%package gnutls
|
||||
Summary: TLS protocol support for rsyslog
|
||||
Summary: TLS protocol support for rsyslog via GnuTLS library
|
||||
Requires: %name = %version-%release
|
||||
BuildRequires: gnutls-devel
|
||||
|
||||
%package openssl
|
||||
Summary: TLS protocol support for rsyslog via OpenSSL library
|
||||
Group: System Environment/Daemons
|
||||
Requires: %name = %version-%release
|
||||
BuildRequires: openssl-devel
|
||||
|
||||
%package snmp
|
||||
Summary: SNMP protocol support for rsyslog
|
||||
Requires: %name = %version-%release
|
||||
@ -187,9 +198,15 @@ protocol.
|
||||
|
||||
%description gnutls
|
||||
The rsyslog-gnutls package contains the rsyslog plugins that provide the
|
||||
ability to receive syslog messages via upcoming syslog-transport-tls
|
||||
ability to send and receive syslog messages via upcoming syslog-transport-tls
|
||||
IETF standard protocol.
|
||||
|
||||
%description openssl
|
||||
The rsyslog-openssl package contains the rsyslog plugins that provide the
|
||||
ability to send and receive syslog messages via TCP or RELP using TLS
|
||||
encryption via OpenSSL library. For details refer to rsyslog doc on imtcp
|
||||
and omfwd modules.
|
||||
|
||||
%description snmp
|
||||
The rsyslog-snmp package contains the rsyslog plugin that provides the
|
||||
ability to send syslog messages as SNMPv1 and SNMPv2c traps.
|
||||
@ -220,6 +237,12 @@ mv build doc
|
||||
# Unpack qpid-proton for rhel
|
||||
%setup -q -D -T -b 6
|
||||
|
||||
%patch1 -p1 -b .default-tag
|
||||
%patch2 -p1 -b .fd-leak-on-fsync
|
||||
%patch3 -p1 -b .timeout
|
||||
%patch4 -p1 -b .imuxsock-rate-limit
|
||||
%patch5 -p1 -b .abort-on-id-resolution-fail
|
||||
|
||||
pushd ..
|
||||
%patch0 -p1 -b .openssl-compatibility
|
||||
popd
|
||||
@ -269,6 +292,7 @@ autoreconf -if
|
||||
--enable-elasticsearch \
|
||||
--enable-generate-man-pages \
|
||||
--enable-gnutls \
|
||||
--enable-openssl \
|
||||
--enable-gssapi-krb5 \
|
||||
--enable-imfile \
|
||||
--enable-imjournal \
|
||||
@ -446,6 +470,9 @@ done
|
||||
%files gnutls
|
||||
%{_libdir}/rsyslog/lmnsd_gtls.so
|
||||
|
||||
%files openssl
|
||||
%{_libdir}/rsyslog/lmnsd_ossl.so
|
||||
|
||||
%files snmp
|
||||
%{_libdir}/rsyslog/omsnmp.so
|
||||
|
||||
@ -466,6 +493,17 @@ done
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Aug 18 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-7
|
||||
- Enable openssl
|
||||
resolves: rhbz#1972058
|
||||
- Close dir when fsync=on
|
||||
resolves: rhbz#1972069
|
||||
- Do not exit when user/group can not be found
|
||||
resolves: rhbz#1990868
|
||||
- Remove abortOnIDResolution fail
|
||||
- Always use message severity when comparing with ratelimit severity
|
||||
resolves: rhbz#1990869
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 8.2102.0-6
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
Loading…
Reference in New Issue
Block a user