Enable openssl

resolves: rhbz#1972058
Close dir when fsync=on
  resolves: rhbz#1972069
Do not exit when user/group can not be found
  resolves: rhbz#1990868
Remove abortOnIDResolution fail
Always use message severity when comparing with ratelimit severity
  resolves: rhbz#1990869
This commit is contained in:
alakatos 2021-08-16 12:36:52 +02:00
parent 70f03d2010
commit 2669cb8cc6
6 changed files with 303 additions and 3 deletions

View File

@ -0,0 +1,93 @@
diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjournal.c
--- ./plugins/imjournal/imjournal.c.default-tag 2018-05-17 08:50:11.416418022 -0400
+++ ./plugins/imjournal/imjournal.c 2018-05-17 08:53:02.884418022 -0400
@@ -78,6 +78,7 @@ static struct configSettings_s {
int bWorkAroundJournalBug; /* deprecated, left for backwards compatibility only */
int bFsync;
int bRemote;
+ char *dfltTag;
} cs;
static rsRetVal facilityHdlr(uchar **pp, void *pVal);
@@ -93,7 +94,8 @@ static struct cnfparamdescr modpdescr[]
{ "usepid", eCmdHdlrString, 0 },
{ "workaroundjournalbug", eCmdHdlrBinary, 0 },
{ "fsync", eCmdHdlrBinary, 0 },
- { "remote", eCmdHdlrBinary, 0 }
+ { "remote", eCmdHdlrBinary, 0 },
+ { "defaulttag", eCmdHdlrGetWord, 0 }
};
static struct cnfparamblk modpblk =
{ CNFPARAMBLK_VERSION,
@@ -104,6 +106,7 @@ static struct cnfparamblk modpblk =
#define DFLT_persiststateinterval 10
#define DFLT_SEVERITY pri2sev(LOG_NOTICE)
#define DFLT_FACILITY pri2fac(LOG_USER)
+#define DFLT_TAG "journal"
static int bLegacyCnfModGlobalsPermitted = 1;/* are legacy module-global config parameters permitted? */
@@ -268,7 +271,7 @@ readjournal(void)
/* Information from messages */
char *message = NULL;
- char *sys_iden;
+ char *sys_iden = NULL;
char *sys_iden_help = NULL;
const void *get;
@@ -331,7 +334,7 @@ readjournal(void)
if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
} else {
- CHKmalloc(sys_iden = strdup("journal"));
+ CHKmalloc(sys_iden = strdup(cs.dfltTag));
}
/* trying to get PID, default is "SYSLOG_PID" property */
@@ -654,6 +657,11 @@ CODESTARTrunInput
"\"usepidfromsystem\" is depricated, use \"usepid\" instead");
}
+ if (cs.dfltTag == NULL) {
+ cs.dfltTag = strdup(DFLT_TAG);
+ }
+
+
if (cs.usePid && (strcmp(cs.usePid, "system") == 0)) {
pidFieldName = "_PID";
bPidFallBack = 0;
@@ -732,6 +740,7 @@ CODESTARTbeginCnfLoad
cs.bWorkAroundJournalBug = 1;
cs.bFsync = 0;
cs.bRemote = 0;
+ cs.dfltTag = NULL;
ENDbeginCnfLoad
@@ -754,6 +763,7 @@ BEGINfreeCnf
CODESTARTfreeCnf
free(cs.stateFile);
free(cs.usePid);
+ free(cs.dfltTag);
free(journalContext.cursor);
statsobj.Destruct(&(statsCounter.stats));
ENDfreeCnf
@@ -832,6 +842,8 @@ CODESTARTsetModCnf
cs.bFsync = (int) pvals[i].val.d.n;
} else if (!strcmp(modpblk.descr[i].name, "remote")) {
cs.bRemote = (int) pvals[i].val.d.n;
+ } else if (!strcmp(modpblk.descr[i].name, "defaulttag")) {
+ cs.dfltTag = (char *)es_str2cstr(pvals[i].val.d.estr, NULL);
} else {
dbgprintf("imjournal: program error, non-handled "
"param '%s' in beginCnfLoad\n", modpblk.descr[i].name);
@@ -799,6 +820,8 @@ CODEmodInit_QueryRegCFSLineHdlr
facilityHdlr, &cs.iDfltFacility, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournalusepidfromsystem", 0, eCmdHdlrBinary,
NULL, &cs.bUseJnlPID, STD_LOADABLE_MODULE_ID));
+ CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournaldefaulttag", 0, eCmdHdlrGetWord,
+ NULL, &cs.dfltTag, STD_LOADABLE_MODULE_ID));
ENDmodInit
/* vim:set ai:
*/

View File

@ -0,0 +1,21 @@
diff -up rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig rsyslog-8.2102.0/plugins/omrelp/omrelp.c
--- rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig 2021-06-15 12:46:14.758589030 +0200
+++ rsyslog-8.2102.0/plugins/omrelp/omrelp.c 2021-06-15 12:47:08.130516632 +0200
@@ -303,7 +303,7 @@ ENDfreeCnf
BEGINcreateInstance
CODESTARTcreateInstance
pData->sizeWindow = 0;
- pData->timeout = 90;
+ pData->timeout = 5;
pData->connTimeout = 10;
pData->rebindInterval = 0;
pData->bEnableTLS = DFLT_ENABLE_TLS;
@@ -365,7 +365,7 @@ setInstParamDefaults(instanceData *pData
pData->target = NULL;
pData->port = NULL;
pData->tplName = NULL;
- pData->timeout = 90;
+ pData->timeout = 5;
pData->connTimeout = 10;
pData->sizeWindow = 0;
pData->rebindInterval = 0;

View File

@ -0,0 +1,20 @@
diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-15 12:30:35.238832058 +0200
+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-15 12:32:04.699721356 +0200
@@ -565,6 +565,8 @@ persistJournalState(void)
ABORT_FINALIZE(RS_RET_IO_ERROR);
}
+ fflush(sf);
+
/* change the name of the file to the configured one */
if (rename(tmp_sf, cs.stateFile) < 0) {
LogError(errno, iRet, "imjournal: rename() failed for new path: '%s'", cs.stateFile);
@@ -586,6 +588,7 @@ persistJournalState(void)
LogError(errno, RS_RET_IO_ERROR, "imjournal: fsync on '%s' failed", glbl.GetWorkDir());
ABORT_FINALIZE(RS_RET_IO_ERROR);
}
+ closedir(wd);
}
DBGPRINTF("Persisted journal to '%s'\n", cs.stateFile);

View File

@ -0,0 +1,102 @@
diff -up rsyslog-8.2102.0/runtime/cfsysline.c.orig rsyslog-8.2102.0/runtime/cfsysline.c
--- rsyslog-8.2102.0/runtime/cfsysline.c.orig 2021-08-04 07:16:02.663163106 +0200
+++ rsyslog-8.2102.0/runtime/cfsysline.c 2021-08-04 07:18:05.952490008 +0200
@@ -353,13 +353,8 @@ static rsRetVal doGetGID(uchar **pp, rsR
assert(*pp != NULL);
if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "could not extract group name: %s\n", (char*)szName);
- exit(1); /* good exit */
- } else {
- LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
- ABORT_FINALIZE(RS_RET_NOT_FOUND);
- }
+ LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
}
do {
@@ -380,10 +375,6 @@ static rsRetVal doGetGID(uchar **pp, rsR
LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", szName);
}
iRet = RS_RET_NOT_FOUND;
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "ID for group '%s' could not be found or error\n", szName);
- exit(1); /* good exit */
- }
} else {
if(pSetHdlr == NULL) {
/* we should set value directly to var */
@@ -418,25 +409,15 @@ static rsRetVal doGetUID(uchar **pp, rsR
assert(*pp != NULL);
if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "could not extract user name: %s\n", (char*)szName);
- exit(1); /* good exit */
- } else {
- LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
- ABORT_FINALIZE(RS_RET_NOT_FOUND);
- }
+ LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
}
getpwnam_r((char*)szName, &pwBuf, stringBuf, sizeof(stringBuf), &ppwBuf);
if(ppwBuf == NULL) {
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "ID for user '%s' could not be found or error\n", (char*)szName);
- exit(1); /* good exit */
- } else {
- LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
- iRet = RS_RET_NOT_FOUND;
- }
+ LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
+ iRet = RS_RET_NOT_FOUND;
} else {
if(pSetHdlr == NULL) {
/* we should set value directly to var */
diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
--- rsyslog-8.2102.0/runtime/glbl.c.orig 2021-08-04 07:18:19.301633677 +0200
+++ rsyslog-8.2102.0/runtime/glbl.c 2021-08-04 07:19:02.409019106 +0200
@@ -210,7 +210,6 @@ static struct cnfparamdescr cnfparamdesc
{ "environment", eCmdHdlrArray, 0 },
{ "processinternalmessages", eCmdHdlrBinary, 0 },
{ "umask", eCmdHdlrFileCreateMode, 0 },
- { "security.abortonidresolutionfail", eCmdHdlrBinary, 0 },
{ "internal.developeronly.options", eCmdHdlrInt, 0 },
{ "internalmsg.ratelimit.interval", eCmdHdlrPositiveInt, 0 },
{ "internalmsg.ratelimit.burst", eCmdHdlrPositiveInt, 0 },
@@ -1443,8 +1442,6 @@ glblDoneLoadCnf(void)
glblInputTimeoutShutdown = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "privdrop.group.keepsupplemental")) {
loadConf->globals.gidDropPrivKeepSupplemental = (int) cnfparamvals[i].val.d.n;
- } else if(!strcmp(paramblk.descr[i].name, "security.abortonidresolutionfail")) {
- loadConf->globals.abortOnIDResolutionFail = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "net.acladdhostnameonfail")) {
*(net.pACLAddHostnameOnFail) = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "net.aclresolvehostname")) {
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2021-08-04 07:19:13.103104854 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.c 2021-08-04 07:19:44.635357684 +0200
@@ -156,7 +156,6 @@ static void cnfSetDefaults(rsconf_t *pTh
pThis->globals.maxErrMsgToStderr = -1;
pThis->globals.umask = -1;
pThis->globals.gidDropPrivKeepSupplemental = 0;
- pThis->globals.abortOnIDResolutionFail = 1;
pThis->templates.root = NULL;
pThis->templates.last = NULL;
pThis->templates.lastStatic = NULL;
diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
--- rsyslog-8.2102.0/runtime/rsconf.h.orig 2021-08-04 07:20:15.848607958 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.h 2021-08-04 07:20:42.782823920 +0200
@@ -73,7 +73,6 @@ struct globals_s {
int uidDropPriv; /* user-id to which priveleges should be dropped to */
int gidDropPriv; /* group-id to which priveleges should be dropped to */
int gidDropPrivKeepSupplemental; /* keep supplemental groups when dropping? */
- int abortOnIDResolutionFail;
int umask; /* umask to use */
uchar *pszConfDAGFile; /* name of config DAG file, non-NULL means generate one */

View File

@ -0,0 +1,26 @@
diff -up rsyslog-8.2102.0/runtime/ratelimit.c.orig rsyslog-8.2102.0/runtime/ratelimit.c
--- rsyslog-8.2102.0/runtime/ratelimit.c.orig 2021-07-27 10:37:50.972903104 +0200
+++ rsyslog-8.2102.0/runtime/ratelimit.c 2021-07-27 10:38:26.141002988 +0200
@@ -235,7 +235,6 @@ ratelimitMsg(ratelimit_t *__restrict__ c
{
DEFiRet;
rsRetVal localRet;
- int severity = 0;
*ppRepMsg = NULL;
@@ -246,13 +245,12 @@ ratelimitMsg(ratelimit_t *__restrict__ c
DBGPRINTF("Message discarded, parsing error %d\n", localRet);
ABORT_FINALIZE(RS_RET_DISCARDMSG);
}
- severity = pMsg->iSeverity;
}
}
/* Only the messages having severity level at or below the
* treshold (the value is >=) are subject to ratelimiting. */
- if(ratelimit->interval && (severity >= ratelimit->severity)) {
+ if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) {
char namebuf[512]; /* 256 for FGDN adn 256 for APPNAME should be enough */
snprintf(namebuf, sizeof namebuf, "%s:%s", getHOSTNAME(pMsg),
getAPPNAME(pMsg, 0));

View File

@ -5,7 +5,7 @@
Summary: Enhanced system logging and kernel message trapping daemon
Name: rsyslog
Version: 8.2102.0
Release: 6%{?dist}
Release: 7%{?dist}
License: (GPLv3+ and ASL 2.0)
URL: http://www.rsyslog.com/
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@ -19,6 +19,11 @@ Source5: rsyslog.service
Source6: qpid-proton-0.34.0.tar.gz
Patch0: openssl3-compatibility.patch
Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
Patch2: rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
Patch3: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
Patch4: rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
BuildRequires: make
BuildRequires: gcc
@ -96,10 +101,16 @@ Requires: %name = %version-%release
BuildRequires: librelp-devel >= 1.2.16
%package gnutls
Summary: TLS protocol support for rsyslog
Summary: TLS protocol support for rsyslog via GnuTLS library
Requires: %name = %version-%release
BuildRequires: gnutls-devel
%package openssl
Summary: TLS protocol support for rsyslog via OpenSSL library
Group: System Environment/Daemons
Requires: %name = %version-%release
BuildRequires: openssl-devel
%package snmp
Summary: SNMP protocol support for rsyslog
Requires: %name = %version-%release
@ -187,9 +198,15 @@ protocol.
%description gnutls
The rsyslog-gnutls package contains the rsyslog plugins that provide the
ability to receive syslog messages via upcoming syslog-transport-tls
ability to send and receive syslog messages via upcoming syslog-transport-tls
IETF standard protocol.
%description openssl
The rsyslog-openssl package contains the rsyslog plugins that provide the
ability to send and receive syslog messages via TCP or RELP using TLS
encryption via OpenSSL library. For details refer to rsyslog doc on imtcp
and omfwd modules.
%description snmp
The rsyslog-snmp package contains the rsyslog plugin that provides the
ability to send syslog messages as SNMPv1 and SNMPv2c traps.
@ -220,6 +237,12 @@ mv build doc
# Unpack qpid-proton for rhel
%setup -q -D -T -b 6
%patch1 -p1 -b .default-tag
%patch2 -p1 -b .fd-leak-on-fsync
%patch3 -p1 -b .timeout
%patch4 -p1 -b .imuxsock-rate-limit
%patch5 -p1 -b .abort-on-id-resolution-fail
pushd ..
%patch0 -p1 -b .openssl-compatibility
popd
@ -269,6 +292,7 @@ autoreconf -if
--enable-elasticsearch \
--enable-generate-man-pages \
--enable-gnutls \
--enable-openssl \
--enable-gssapi-krb5 \
--enable-imfile \
--enable-imjournal \
@ -446,6 +470,9 @@ done
%files gnutls
%{_libdir}/rsyslog/lmnsd_gtls.so
%files openssl
%{_libdir}/rsyslog/lmnsd_ossl.so
%files snmp
%{_libdir}/rsyslog/omsnmp.so
@ -466,6 +493,17 @@ done
%changelog
* Wed Aug 18 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-7
- Enable openssl
resolves: rhbz#1972058
- Close dir when fsync=on
resolves: rhbz#1972069
- Do not exit when user/group can not be found
resolves: rhbz#1990868
- Remove abortOnIDResolution fail
- Always use message severity when comparing with ratelimit severity
resolves: rhbz#1990869
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 8.2102.0-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688