diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..99141d3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/qpid-proton-0.34.0.tar.gz +/rsyslog-8.2102.0.tar.gz +/rsyslog-doc-8.2102.0.tar.gz diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch b/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch new file mode 100644 index 0000000..e9a188d --- /dev/null +++ b/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch @@ -0,0 +1,93 @@ +diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjournal.c +--- ./plugins/imjournal/imjournal.c.default-tag 2018-05-17 08:50:11.416418022 -0400 ++++ ./plugins/imjournal/imjournal.c 2018-05-17 08:53:02.884418022 -0400 +@@ -78,6 +78,7 @@ static struct configSettings_s { + int bWorkAroundJournalBug; /* deprecated, left for backwards compatibility only */ + int bFsync; + int bRemote; ++ char *dfltTag; + } cs; + + static rsRetVal facilityHdlr(uchar **pp, void *pVal); +@@ -93,7 +94,8 @@ static struct cnfparamdescr modpdescr[] + { "usepid", eCmdHdlrString, 0 }, + { "workaroundjournalbug", eCmdHdlrBinary, 0 }, + { "fsync", eCmdHdlrBinary, 0 }, +- { "remote", eCmdHdlrBinary, 0 } ++ { "remote", eCmdHdlrBinary, 0 }, ++ { "defaulttag", eCmdHdlrGetWord, 0 } + }; + static struct cnfparamblk modpblk = + { CNFPARAMBLK_VERSION, +@@ -104,6 +106,7 @@ static struct cnfparamblk modpblk = + #define DFLT_persiststateinterval 10 + #define DFLT_SEVERITY pri2sev(LOG_NOTICE) + #define DFLT_FACILITY pri2fac(LOG_USER) ++#define DFLT_TAG "journal" + + static int bLegacyCnfModGlobalsPermitted = 1;/* are legacy module-global config parameters permitted? */ + +@@ -268,7 +271,7 @@ readjournal(void) + + /* Information from messages */ + char *message = NULL; +- char *sys_iden; ++ char *sys_iden = NULL; + char *sys_iden_help = NULL; + + const void *get; +@@ -331,7 +334,7 @@ readjournal(void) + if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) { + CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden)); + } else { +- CHKmalloc(sys_iden = strdup("journal")); ++ CHKmalloc(sys_iden = strdup(cs.dfltTag)); + } + + /* trying to get PID, default is "SYSLOG_PID" property */ +@@ -654,6 +657,11 @@ CODESTARTrunInput + "\"usepidfromsystem\" is depricated, use \"usepid\" instead"); + } + ++ if (cs.dfltTag == NULL) { ++ cs.dfltTag = strdup(DFLT_TAG); ++ } ++ ++ + if (cs.usePid && (strcmp(cs.usePid, "system") == 0)) { + pidFieldName = "_PID"; + bPidFallBack = 0; +@@ -732,6 +740,7 @@ CODESTARTbeginCnfLoad + cs.bWorkAroundJournalBug = 1; + cs.bFsync = 0; + cs.bRemote = 0; ++ cs.dfltTag = NULL; + ENDbeginCnfLoad + + +@@ -754,6 +763,7 @@ BEGINfreeCnf + CODESTARTfreeCnf + free(cs.stateFile); + free(cs.usePid); ++ free(cs.dfltTag); + free(journalContext.cursor); + statsobj.Destruct(&(statsCounter.stats)); + ENDfreeCnf +@@ -832,6 +842,8 @@ CODESTARTsetModCnf + cs.bFsync = (int) pvals[i].val.d.n; + } else if (!strcmp(modpblk.descr[i].name, "remote")) { + cs.bRemote = (int) pvals[i].val.d.n; ++ } else if (!strcmp(modpblk.descr[i].name, "defaulttag")) { ++ cs.dfltTag = (char *)es_str2cstr(pvals[i].val.d.estr, NULL); + } else { + dbgprintf("imjournal: program error, non-handled " + "param '%s' in beginCnfLoad\n", modpblk.descr[i].name); +@@ -799,6 +820,8 @@ CODEmodInit_QueryRegCFSLineHdlr + facilityHdlr, &cs.iDfltFacility, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournalusepidfromsystem", 0, eCmdHdlrBinary, + NULL, &cs.bUseJnlPID, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournaldefaulttag", 0, eCmdHdlrGetWord, ++ NULL, &cs.dfltTag, STD_LOADABLE_MODULE_ID)); + ENDmodInit + /* vim:set ai: + */ diff --git a/rsyslog-8.2102.0-rhbz1832368-prioritize-SAN.patch b/rsyslog-8.2102.0-rhbz1832368-prioritize-SAN.patch new file mode 100644 index 0000000..07eef68 --- /dev/null +++ b/rsyslog-8.2102.0-rhbz1832368-prioritize-SAN.patch @@ -0,0 +1,11 @@ +diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.orig rsyslog-8.2102.0/runtime/nsd_gtls.c +--- rsyslog-8.2102.0/runtime/nsd_gtls.c.orig 2021-11-22 09:33:25.501668376 +0100 ++++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2021-11-22 09:34:18.423642573 +0100 +@@ -1791,6 +1791,7 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew + pNew->gnutlsPriorityString = pThis->gnutlsPriorityString; + pNew->DrvrVerifyDepth = pThis->DrvrVerifyDepth; + pNew->dataTypeCheck = pThis->dataTypeCheck; ++ pNew->bSANpriority = pThis->bSANpriority; + + /* if we reach this point, we are in TLS mode */ + iRet = gtlsInitSession(pNew); diff --git a/rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch b/rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch new file mode 100644 index 0000000..1b9fd47 --- /dev/null +++ b/rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch @@ -0,0 +1,14 @@ +diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c +--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-28 09:05:23.283262154 +0200 ++++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-28 09:10:05.858381106 +0200 +@@ -424,8 +424,8 @@ readjournal(void) + severity = cs.iDfltSeverity; + } + } else { +- LogError(0, RS_RET_ERR, "The value of the 'PRIORITY' field has an " +- "unexpected length: %zu\n", length); ++ DBGPRINTF("The value of the 'PRIORITY' field has an " ++ "unexpected length: %zu value: '%s'\n", length, (const char*)get); + } + } + diff --git a/rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch b/rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch new file mode 100644 index 0000000..a847084 --- /dev/null +++ b/rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch @@ -0,0 +1,21 @@ +diff -up rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig rsyslog-8.2102.0/plugins/omrelp/omrelp.c +--- rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig 2021-06-15 12:46:14.758589030 +0200 ++++ rsyslog-8.2102.0/plugins/omrelp/omrelp.c 2021-06-15 12:47:08.130516632 +0200 +@@ -303,7 +303,7 @@ ENDfreeCnf + BEGINcreateInstance + CODESTARTcreateInstance + pData->sizeWindow = 0; +- pData->timeout = 90; ++ pData->timeout = 5; + pData->connTimeout = 10; + pData->rebindInterval = 0; + pData->bEnableTLS = DFLT_ENABLE_TLS; +@@ -365,7 +365,7 @@ setInstParamDefaults(instanceData *pData + pData->target = NULL; + pData->port = NULL; + pData->tplName = NULL; +- pData->timeout = 90; ++ pData->timeout = 5; + pData->connTimeout = 10; + pData->sizeWindow = 0; + pData->rebindInterval = 0; diff --git a/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch b/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch new file mode 100644 index 0000000..f95dd5a --- /dev/null +++ b/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch @@ -0,0 +1,20 @@ +diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c +--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-15 12:30:35.238832058 +0200 ++++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-15 12:32:04.699721356 +0200 +@@ -565,6 +565,8 @@ persistJournalState(void) + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + ++ fflush(sf); ++ + /* change the name of the file to the configured one */ + if (rename(tmp_sf, cs.stateFile) < 0) { + LogError(errno, iRet, "imjournal: rename() failed for new path: '%s'", cs.stateFile); +@@ -586,6 +588,7 @@ persistJournalState(void) + LogError(errno, RS_RET_IO_ERROR, "imjournal: fsync on '%s' failed", glbl.GetWorkDir()); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } ++ closedir(wd); + } + + DBGPRINTF("Persisted journal to '%s'\n", cs.stateFile); diff --git a/rsyslog-8.2102.0-rhbz1962318-errfile-maxsize.patch b/rsyslog-8.2102.0-rhbz1962318-errfile-maxsize.patch new file mode 100644 index 0000000..912a8b1 --- /dev/null +++ b/rsyslog-8.2102.0-rhbz1962318-errfile-maxsize.patch @@ -0,0 +1,190 @@ +--- rsyslog-8.2102.0/action.c 2021-02-15 12:06:16.000000000 +0100 ++++ rsyslog-8.2102.0-changes/action.c 2022-03-08 15:55:33.989525382 +0100 +@@ -198,6 +198,7 @@ + { "name", eCmdHdlrGetWord, 0 }, /* legacy: actionname */ + { "type", eCmdHdlrString, CNFPARAM_REQUIRED }, /* legacy: actionname */ + { "action.errorfile", eCmdHdlrString, 0 }, ++ { "action.errorfile.maxsize", eCmdHdlrInt, 0 }, + { "action.writeallmarkmessages", eCmdHdlrBinary, 0 }, /* legacy: actionwriteallmarkmessages */ + { "action.execonlyeverynthtime", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtime */ + { "action.execonlyeverynthtimetimeout", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtimetimeout */ +@@ -400,6 +401,8 @@ + pThis->iResumeRetryCount = 0; + pThis->pszName = NULL; + pThis->pszErrFile = NULL; ++ pThis->maxErrFileSize = 0; ++ pThis->errFileWritten = 0; + pThis->pszExternalStateFile = NULL; + pThis->fdErrFile = -1; + pThis->bWriteAllMarkMsgs = 1; +@@ -1436,6 +1439,12 @@ + pThis->pszName, pThis->pszErrFile); + goto done; + } ++ struct stat statbuf; ++ if (fstat(pThis->fdErrFile, &statbuf) == -1) { ++ LogError(errno, RS_RET_ERR, "failed to fstat %s", pThis->pszErrFile); ++ goto done; ++ } ++ pThis->errFileWritten += statbuf.st_size; + } + + for(int i = 0 ; i < nparams ; ++i) { +@@ -1454,16 +1463,26 @@ + char *const rendered = strdup((char*)fjson_object_to_json_string(etry)); + if(rendered == NULL) + goto done; +- const size_t toWrite = strlen(rendered) + 1; +- /* note: we use the '\0' inside the string to store a LF - we do not +- * otherwise need it and it safes us a copy/realloc. +- */ +- rendered[toWrite-1] = '\n'; /* NO LONGER A STRING! */ +- const ssize_t wrRet = write(pThis->fdErrFile, rendered, toWrite); +- if(wrRet != (ssize_t) toWrite) { +- LogError(errno, RS_RET_IO_ERROR, +- "action %s: error writing errorFile %s, write returned %lld", +- pThis->pszName, pThis->pszErrFile, (long long) wrRet); ++ size_t toWrite = strlen(rendered) + 1; ++ // Check if need to truncate the amount of bytes to write ++ if (pThis->maxErrFileSize > 0) { ++ if (pThis->errFileWritten + toWrite > pThis->maxErrFileSize) { ++ // Truncate to the pending available ++ toWrite = pThis->maxErrFileSize - pThis->errFileWritten; ++ } ++ pThis->errFileWritten += toWrite; ++ } ++ if(toWrite > 0) { ++ /* note: we use the '\0' inside the string to store a LF - we do not ++ * otherwise need it and it safes us a copy/realloc. ++ */ ++ rendered[toWrite-1] = '\n'; /* NO LONGER A STRING! */ ++ const ssize_t wrRet = write(pThis->fdErrFile, rendered, toWrite); ++ if(wrRet != (ssize_t) toWrite) { ++ LogError(errno, RS_RET_IO_ERROR, ++ "action %s: error writing errorFile %s, write returned %lld", ++ pThis->pszName, pThis->pszErrFile, (long long) wrRet); ++ } + } + free(rendered); + +@@ -2048,6 +2067,8 @@ + continue; /* this is handled seperately during module select! */ + } else if(!strcmp(pblk.descr[i].name, "action.errorfile")) { + pAction->pszErrFile = es_str2cstr(pvals[i].val.d.estr, NULL); ++ } else if(!strcmp(pblk.descr[i].name, "action.errorfile.maxsize")) { ++ pAction->maxErrFileSize = pvals[i].val.d.n; + } else if(!strcmp(pblk.descr[i].name, "action.externalstate.file")) { + pAction->pszExternalStateFile = es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(pblk.descr[i].name, "action.writeallmarkmessages")) { +--- rsyslog-8.2102.0-ori/action.h 2020-10-03 19:06:47.000000000 +0200 ++++ rsyslog-8.2102.0-changes/action.h 2022-03-04 11:36:47.024588972 +0100 +@@ -77,6 +77,8 @@ + /* error file */ + const char *pszErrFile; + int fdErrFile; ++ size_t maxErrFileSize; ++ size_t errFileWritten; + pthread_mutex_t mutErrFile; + /* external stat file system */ + const char *pszExternalStateFile; +--- rsyslog-8.2102.0-ori/tests/Makefile.am 2021-02-15 12:06:16.000000000 +0100 ++++ rsyslog-8.2102.0-changes/tests/Makefile.am 2022-03-04 11:38:01.625095709 +0100 +@@ -695,7 +695,8 @@ + mysql-actq-mt.sh \ + mysql-actq-mt-withpause.sh \ + action-tx-single-processing.sh \ +- action-tx-errfile.sh ++ action-tx-errfile.sh \ ++ action-tx-errfile-maxsize.sh + + mysql-basic.log: mysqld-start.log + mysql-basic-cnf6.log: mysqld-start.log +@@ -2156,6 +2157,8 @@ + sndrcv_omudpspoof_nonstdpt.sh \ + sndrcv_gzip.sh \ + action-tx-single-processing.sh \ ++ omfwd-errfile-maxsize.sh \ ++ action-tx-errfile-maxsize.sh \ + action-tx-errfile.sh \ + testsuites/action-tx-errfile.result \ + pipeaction.sh \ +--- rsyslog-8.2102.0-ori/tests/omfwd-errfile-maxsize.sh 1970-01-01 01:00:00.000000000 +0100 ++++ rsyslog-8.2102.0-changes/tests/omfwd-errfile-maxsize.sh 2022-03-04 11:39:02.060506234 +0100 +@@ -0,0 +1,17 @@ ++#!/bin/bash ++# part of the rsyslog project, released under ASL 2.0 ++. ${srcdir:=.}/diag.sh init ++ ++export MAX_ERROR_SIZE=1999 ++ ++generate_conf ++add_conf ' ++action(type="omfwd" target="1.2.3.4" port="1234" Protocol="tcp" NetworkNamespace="doesNotExist" ++ action.errorfile="'$RSYSLOG2_OUT_LOG'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'") ++' ++startup ++shutdown_when_empty ++wait_shutdown ++check_file_exists ${RSYSLOG2_OUT_LOG} ++file_size_check ${RSYSLOG2_OUT_LOG} ${MAX_ERROR_SIZE} ++exit_test +--- rsyslog-8.2102.0-ori/tests/action-tx-errfile-maxsize.sh 1970-01-01 01:00:00.000000000 +0100 ++++ rsyslog-8.2102.0-changes/tests/action-tx-errfile-maxsize.sh 2022-03-04 11:59:22.592796989 +0100 +@@ -0,0 +1,35 @@ ++#!/bin/bash ++# part of the rsyslog project, released under ASL 2.0 ++ ++. ${srcdir:=.}/diag.sh init ++ ++export NUMMESSAGES=50 # enough to generate big file ++export MAX_ERROR_SIZE=100 ++ ++generate_conf ++add_conf ' ++$ModLoad ../plugins/ommysql/.libs/ommysql ++global(errormessagestostderr.maxnumber="5") ++ ++template(type="string" name="tpl" string="insert into SystemEvents (Message, Facility) values (\"%msg%\", %$!facility%)" option.sql="on") ++ ++if((not($msg contains "error")) and ($msg contains "msgnum:")) then { ++ set $.num = field($msg, 58, 2); ++ if $.num % 2 == 0 then { ++ set $!facility = $syslogfacility; ++ } else { ++ set $/cntr = 0; ++ } ++ action(type="ommysql" name="mysql_action_errfile_maxsize" server="127.0.0.1" template="tpl" ++ db="'$RSYSLOG_DYNNAME'" uid="rsyslog" pwd="testbench" action.errorfile="'$RSYSLOG2_OUT_LOG'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'") ++} ++' ++mysql_prep_for_test ++startup ++injectmsg ++shutdown_when_empty ++wait_shutdown ++mysql_get_data ++check_file_exists ${RSYSLOG2_OUT_LOG} ++file_size_check ${RSYSLOG2_OUT_LOG} ${MAX_ERROR_SIZE} ++exit_test +--- rsyslog-8.2102.0/tests/omfwd-errfile-maxsize-filled.sh 1970-01-01 01:00:00.000000000 +0100 ++++ rsyslog-8.2102.0-changes/tests/omfwd-errfile-maxsize-filled.sh 2022-03-08 16:24:01.174365289 +0100 +@@ -0,0 +1,19 @@ ++#!/bin/bash ++# part of the rsyslog project, released under ASL 2.0 ++. ${srcdir:=.}/diag.sh init ++ERRFILE=$(mktemp) ++export MAX_ERROR_SIZE=1999 ++export INITIAL_FILE_SIZE=$((MAX_ERROR_SIZE - 100)) ++dd if=/dev/urandom of=${ERRFILE} bs=1 count=${INITIAL_FILE_SIZE} ++generate_conf ++add_conf ' ++action(type="omfwd" target="1.2.3.4" port="1234" Protocol="tcp" NetworkNamespace="doesNotExist" ++ action.errorfile="'$ERRFILE'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'") ++' ++startup ++shutdown_when_empty ++wait_shutdown ++check_file_exists ${ERRFILE} ++file_size_check ${ERRFILE} ${MAX_ERROR_SIZE} ++exit_test ++rm ${ERRFILE} diff --git a/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch b/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch new file mode 100644 index 0000000..344eef6 --- /dev/null +++ b/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch @@ -0,0 +1,102 @@ +diff -up rsyslog-8.2102.0/runtime/cfsysline.c.orig rsyslog-8.2102.0/runtime/cfsysline.c +--- rsyslog-8.2102.0/runtime/cfsysline.c.orig 2021-08-04 07:16:02.663163106 +0200 ++++ rsyslog-8.2102.0/runtime/cfsysline.c 2021-08-04 07:18:05.952490008 +0200 +@@ -353,13 +353,8 @@ static rsRetVal doGetGID(uchar **pp, rsR + assert(*pp != NULL); + + if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) { +- if(loadConf->globals.abortOnIDResolutionFail) { +- fprintf(stderr, "could not extract group name: %s\n", (char*)szName); +- exit(1); /* good exit */ +- } else { +- LogError(0, RS_RET_NOT_FOUND, "could not extract group name"); +- ABORT_FINALIZE(RS_RET_NOT_FOUND); +- } ++ LogError(0, RS_RET_NOT_FOUND, "could not extract group name"); ++ ABORT_FINALIZE(RS_RET_NOT_FOUND); + } + + do { +@@ -380,10 +375,6 @@ static rsRetVal doGetGID(uchar **pp, rsR + LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", szName); + } + iRet = RS_RET_NOT_FOUND; +- if(loadConf->globals.abortOnIDResolutionFail) { +- fprintf(stderr, "ID for group '%s' could not be found or error\n", szName); +- exit(1); /* good exit */ +- } + } else { + if(pSetHdlr == NULL) { + /* we should set value directly to var */ +@@ -418,25 +409,15 @@ static rsRetVal doGetUID(uchar **pp, rsR + assert(*pp != NULL); + + if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) { +- if(loadConf->globals.abortOnIDResolutionFail) { +- fprintf(stderr, "could not extract user name: %s\n", (char*)szName); +- exit(1); /* good exit */ +- } else { +- LogError(0, RS_RET_NOT_FOUND, "could not extract user name"); +- ABORT_FINALIZE(RS_RET_NOT_FOUND); +- } ++ LogError(0, RS_RET_NOT_FOUND, "could not extract user name"); ++ ABORT_FINALIZE(RS_RET_NOT_FOUND); + } + + getpwnam_r((char*)szName, &pwBuf, stringBuf, sizeof(stringBuf), &ppwBuf); + + if(ppwBuf == NULL) { +- if(loadConf->globals.abortOnIDResolutionFail) { +- fprintf(stderr, "ID for user '%s' could not be found or error\n", (char*)szName); +- exit(1); /* good exit */ +- } else { +- LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName); +- iRet = RS_RET_NOT_FOUND; +- } ++ LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName); ++ iRet = RS_RET_NOT_FOUND; + } else { + if(pSetHdlr == NULL) { + /* we should set value directly to var */ +diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c +--- rsyslog-8.2102.0/runtime/glbl.c.orig 2021-08-04 07:18:19.301633677 +0200 ++++ rsyslog-8.2102.0/runtime/glbl.c 2021-08-04 07:19:02.409019106 +0200 +@@ -210,7 +210,6 @@ static struct cnfparamdescr cnfparamdesc + { "environment", eCmdHdlrArray, 0 }, + { "processinternalmessages", eCmdHdlrBinary, 0 }, + { "umask", eCmdHdlrFileCreateMode, 0 }, +- { "security.abortonidresolutionfail", eCmdHdlrBinary, 0 }, + { "internal.developeronly.options", eCmdHdlrInt, 0 }, + { "internalmsg.ratelimit.interval", eCmdHdlrPositiveInt, 0 }, + { "internalmsg.ratelimit.burst", eCmdHdlrPositiveInt, 0 }, +@@ -1443,8 +1442,6 @@ glblDoneLoadCnf(void) + glblInputTimeoutShutdown = (int) cnfparamvals[i].val.d.n; + } else if(!strcmp(paramblk.descr[i].name, "privdrop.group.keepsupplemental")) { + loadConf->globals.gidDropPrivKeepSupplemental = (int) cnfparamvals[i].val.d.n; +- } else if(!strcmp(paramblk.descr[i].name, "security.abortonidresolutionfail")) { +- loadConf->globals.abortOnIDResolutionFail = (int) cnfparamvals[i].val.d.n; + } else if(!strcmp(paramblk.descr[i].name, "net.acladdhostnameonfail")) { + *(net.pACLAddHostnameOnFail) = (int) cnfparamvals[i].val.d.n; + } else if(!strcmp(paramblk.descr[i].name, "net.aclresolvehostname")) { +diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c +--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2021-08-04 07:19:13.103104854 +0200 ++++ rsyslog-8.2102.0/runtime/rsconf.c 2021-08-04 07:19:44.635357684 +0200 +@@ -156,7 +156,6 @@ static void cnfSetDefaults(rsconf_t *pTh + pThis->globals.maxErrMsgToStderr = -1; + pThis->globals.umask = -1; + pThis->globals.gidDropPrivKeepSupplemental = 0; +- pThis->globals.abortOnIDResolutionFail = 1; + pThis->templates.root = NULL; + pThis->templates.last = NULL; + pThis->templates.lastStatic = NULL; +diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h +--- rsyslog-8.2102.0/runtime/rsconf.h.orig 2021-08-04 07:20:15.848607958 +0200 ++++ rsyslog-8.2102.0/runtime/rsconf.h 2021-08-04 07:20:42.782823920 +0200 +@@ -73,7 +73,6 @@ struct globals_s { + int uidDropPriv; /* user-id to which priveleges should be dropped to */ + int gidDropPriv; /* group-id to which priveleges should be dropped to */ + int gidDropPrivKeepSupplemental; /* keep supplemental groups when dropping? */ +- int abortOnIDResolutionFail; + int umask; /* umask to use */ + uchar *pszConfDAGFile; /* name of config DAG file, non-NULL means generate one */ + diff --git a/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch b/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch new file mode 100644 index 0000000..710f48c --- /dev/null +++ b/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch @@ -0,0 +1,26 @@ +diff -up rsyslog-8.2102.0/runtime/ratelimit.c.orig rsyslog-8.2102.0/runtime/ratelimit.c +--- rsyslog-8.2102.0/runtime/ratelimit.c.orig 2021-07-27 10:37:50.972903104 +0200 ++++ rsyslog-8.2102.0/runtime/ratelimit.c 2021-07-27 10:38:26.141002988 +0200 +@@ -235,7 +235,6 @@ ratelimitMsg(ratelimit_t *__restrict__ c + { + DEFiRet; + rsRetVal localRet; +- int severity = 0; + + *ppRepMsg = NULL; + +@@ -246,13 +245,12 @@ ratelimitMsg(ratelimit_t *__restrict__ c + DBGPRINTF("Message discarded, parsing error %d\n", localRet); + ABORT_FINALIZE(RS_RET_DISCARDMSG); + } +- severity = pMsg->iSeverity; + } + } + + /* Only the messages having severity level at or below the + * treshold (the value is >=) are subject to ratelimiting. */ +- if(ratelimit->interval && (severity >= ratelimit->severity)) { ++ if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) { + char namebuf[512]; /* 256 for FGDN adn 256 for APPNAME should be enough */ + snprintf(namebuf, sizeof namebuf, "%s:%s", getHOSTNAME(pMsg), + getAPPNAME(pMsg, 0)); diff --git a/rsyslog.conf b/rsyslog.conf new file mode 100644 index 0000000..06b19d1 --- /dev/null +++ b/rsyslog.conf @@ -0,0 +1,79 @@ +# rsyslog configuration file + +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html + +#### MODULES #### + +module(load="imuxsock" # provides support for local system logging (e.g. via logger command) + SysSock.Use="off") # Turn off message reception via local log socket; + # local messages are retrieved through imjournal now. +module(load="imjournal" # provides access to the systemd journal + StateFile="imjournal.state") # File to store the position in the journal +#module(load="imklog") # reads kernel messages (the same are read from journald) +#module(load="immark") # provides --MARK-- message capability + +# Provides UDP syslog reception +# for parameters see http://www.rsyslog.com/doc/imudp.html +#module(load="imudp") # needs to be done just once +#input(type="imudp" port="514") + +# Provides TCP syslog reception +# for parameters see http://www.rsyslog.com/doc/imtcp.html +#module(load="imtcp") # needs to be done just once +#input(type="imtcp" port="514") + +#### GLOBAL DIRECTIVES #### + +# Where to place auxiliary files +global(workDirectory="/var/lib/rsyslog") + +# Use default timestamp format +module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat") + +# Include all config files in /etc/rsyslog.d/ +include(file="/etc/rsyslog.d/*.conf" mode="optional") + +#### RULES #### + +# Log all kernel messages to the console. +# Logging much else clutters up the screen. +#kern.* /dev/console + +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +*.info;mail.none;authpriv.none;cron.none /var/log/messages + +# The authpriv file has restricted access. +authpriv.* /var/log/secure + +# Log all the mail messages in one place. +mail.* -/var/log/maillog + + +# Log cron stuff +cron.* /var/log/cron + +# Everybody gets emergency messages +*.emerg :omusrmsg:* + +# Save news errors of level crit and higher in a special file. +uucp,news.crit /var/log/spooler + +# Save boot messages also to boot.log +local7.* /var/log/boot.log + + +# ### sample forwarding rule ### +#action(type="omfwd" +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +#queue.filename="fwdRule1" # unique name prefix for spool files +#queue.maxdiskspace="1g" # 1gb space limit (use as much as possible) +#queue.saveonshutdown="on" # save messages to disk on shutdown +#queue.type="LinkedList" # run asynchronously +#action.resumeRetryCount="-1" # infinite retries if host is down +# Remote Logging (we use TCP for reliable delivery) +# remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514 +#Target="remote_host" Port="XXX" Protocol="tcp") diff --git a/rsyslog.log b/rsyslog.log new file mode 100644 index 0000000..b101e32 --- /dev/null +++ b/rsyslog.log @@ -0,0 +1,12 @@ +/var/log/cron +/var/log/maillog +/var/log/messages +/var/log/secure +/var/log/spooler +{ + missingok + sharedscripts + postrotate + /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true + endscript +} diff --git a/rsyslog.service b/rsyslog.service new file mode 100644 index 0000000..3b073f6 --- /dev/null +++ b/rsyslog.service @@ -0,0 +1,23 @@ +[Unit] +Description=System Logging Service +;Requires=syslog.socket +Wants=network.target network-online.target +After=network.target network-online.target +Documentation=man:rsyslogd(8) +Documentation=https://www.rsyslog.com/doc/ + +[Service] +Type=notify +EnvironmentFile=-/etc/sysconfig/rsyslog +ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS +UMask=0066 +StandardOutput=null +Restart=on-failure + +# Increase the default a bit in order to allow many simultaneous +# files to be monitored, we might need a lot of fds. +LimitNOFILE=16384 + +[Install] +WantedBy=multi-user.target +;Alias=syslog.service diff --git a/rsyslog.spec b/rsyslog.spec new file mode 100644 index 0000000..3be62be --- /dev/null +++ b/rsyslog.spec @@ -0,0 +1,763 @@ +%define rsyslog_statedir %{_sharedstatedir}/%{name} +%define rsyslog_pkidir %{_sysconfdir}/pki/%{name} +%define rsyslog_docdir %{_docdir}/%{name} + + +Summary: Enhanced system logging and kernel message trapping daemon +Name: rsyslog +Version: 8.2102.0 +Release: 8%{?dist} +License: (GPLv3+ and ASL 2.0) +Group: System Environment/Daemons +ExcludeArch: i686 +URL: http://www.rsyslog.com/ +Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz +Source1: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.tar.gz +Source2: rsyslog.conf +Source3: rsyslog.sysconfig +Source4: rsyslog.log +Source5: qpid-proton-0.34.0.tar.gz +Source6: rsyslog.service + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: bison +BuildRequires: flex +BuildRequires: libcurl-devel +BuildRequires: libgcrypt-devel +BuildRequires: libfastjson-devel >= 0.99.8 +BuildRequires: libestr-devel >= 0.1.9 +BuildRequires: libtool +BuildRequires: libuuid-devel +BuildRequires: pkgconfig +BuildRequires: python3-docutils +# it depens on rhbz#1419228 +BuildRequires: systemd-devel >= 219-39 +BuildRequires: zlib-devel +BuildRequires: openssl-devel + +Requires: openssl-libs +Requires: logrotate >= 3.5.2 +Requires: bash >= 2.0 +Requires: libestr >= 0.1.9 +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +Provides: syslog +Obsoletes: sysklogd < 1.5-11 + +# imjournal: adds "journal" when tag/process name is missing +Patch0: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch +Patch1: rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch +Patch2: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch +Patch3: rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch +Patch4: rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch +Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch +Patch6: rsyslog-8.2102.0-rhbz1832368-prioritize-SAN.patch +Patch7: rsyslog-8.2102.0-rhbz1962318-errfile-maxsize.patch + +%package crypto +Summary: Encryption support +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package doc +Summary: HTML Documentation for rsyslog +Group: Documentation +#no reason to have arched documentation +BuildArch: noarch + +%package elasticsearch +Summary: ElasticSearch output module for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package gnutls +Summary: TLS protocol support for rsyslog via GnuTLS library +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: gnutls-devel + +%package openssl +Summary: TLS protocol support for rsyslog via OpenSSL library +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: openssl-devel + +%package gssapi +Summary: GSSAPI authentication and encryption support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: krb5-devel + +%package kafka +Summary: Provides kafka support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: librdkafka-devel + +%package mmaudit +Summary: Message modification module supporting Linux audit format +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package mmjsonparse +Summary: JSON enhanced logging support +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package mmkubernetes +Summary: Provides the mmkubernetes module +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package mmnormalize +Summary: Log normalization support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: liblognorm-devel + +%package mmfields +Summary: Fields extraction module +Requires: %name = %version-%release + +%package mmsnmptrapd +Summary: Message modification module for snmptrapd generated messages +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package mysql +Summary: MySQL support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: mariadb-connector-c-devel + +%package omamqp1 +Summary: AMQP1 support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +Requires: cyrus-sasl-lib +Requires: openssl-libs +BuildRequires: cmake +BuildRequires: make +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: cyrus-sasl-devel +BuildRequires: openssl-devel +BuildRequires: python3 + +%package pgsql +Summary: PostgresSQL support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: postgresql-devel + +%package relp +Summary: RELP protocol support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +Requires: librelp >= 1.0.3 +BuildRequires: librelp-devel >= 1.2.16 + +%package snmp +Summary: SNMP protocol support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: net-snmp-devel + +%package udpspoof +Summary: Provides the omudpspoof module +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: libnet-devel + +%description +Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, +syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, +and fine grain output format control. It is compatible with stock sysklogd +and can be used as a drop-in replacement. Rsyslog is simple to set up, with +advanced features suitable for enterprise-class, encryption-protected syslog +relay chains. + +%description crypto +This package contains a module providing log file encryption and a +command line tool to process encrypted logs. + +%description doc +This subpackage contains documentation for rsyslog. + +%description elasticsearch +This module provides the capability for rsyslog to feed logs directly into +Elasticsearch. + +%description gnutls +The rsyslog-gnutls package contains the rsyslog plugins that provide the +ability to send and receive syslog messages via TCP or RELP using TLS +encryption via GnuTLS library. For details refer to rsyslog doc on imtcp +and omfwd modules. + +%description openssl +The rsyslog-openssl package contains the rsyslog plugins that provide the +ability to send and receive syslog messages via TCP or RELP using TLS +encryption via OpenSSL library. For details refer to rsyslog doc on imtcp +and omfwd modules. + +%description gssapi +The rsyslog-gssapi package contains the rsyslog plugins which support GSSAPI +authentication and secure connections. GSSAPI is commonly used for Kerberos +authentication. + +%description kafka +The rsyslog-kafka package provides modules for Apache Kafka input and output. + +%description mmaudit +This module provides message modification supporting Linux audit format +in various settings. + +%description mmjsonparse +This module provides the capability to recognize and parse JSON enhanced +syslog messages. + +%description mmkubernetes +The rsyslog-mmkubernetes package provides module for adding kubernetes +container metadata. + +%description mmnormalize +This module provides the capability to normalize log messages via liblognorm. + +%description mmfields +The mmfield module permits to extract fields. Using this module is of special +advantage if a field-based log format is to be processed, like for example CEF +and either a large number of fields is needed or a specific field is used multiple +times inside filters. + +%description mmsnmptrapd +This message modification module takes messages generated from snmptrapd and +modifies them so that they look like they originated from the read originator. + +%description mysql +The rsyslog-mysql package contains a dynamic shared object that will add +MySQL database support to rsyslog. + +%description omamqp1 +The rsyslog-omamqp1 package contains a dynamic shared object that will add +AMQP1 support to rsyslog. + +%description pgsql +The rsyslog-pgsql package contains a dynamic shared object that will add +PostgreSQL database support to rsyslog. + +%description relp +The rsyslog-relp package contains the rsyslog plugins that provide +the ability to receive syslog messages via the reliable RELP +protocol. + +%description snmp +The rsyslog-snmp package contains the rsyslog plugin that provides the +ability to send syslog messages as SNMPv1 and SNMPv2c traps. + +%description udpspoof +This module is similar to the regular UDP forwarder, but permits to +spoof the sender address. Also, it enables to circle through a number +of source ports. + +%prep +# set up rsyslog-doc sources +%setup -q -a 1 -T -c + +#regenerate the docs + +#mv build/searchindex.js searchindex_backup.js +#sphinx-build -b html source build +#clean up +#mv searchindex_backup.js build/searchindex.js + +rm -r LICENSE README.md source build/objects.inv +mv build doc + +# set up rsyslog sources +%setup -q -D +%setup -q -D -T -b 5 + +%patch0 -p1 -b .default-tag +%patch1 -p1 -b .fd-leak-on-fsync +%patch2 -p1 -b .timeout +%patch3 -p1 -b .unexpected-priority-length +%patch4 -p1 -b .imuxsock-rate-limit +%patch5 -p1 -b .abort-on-id-resolution-fail +%patch6 -p1 -b .prioritizeSAN +%patch7 -p1 -b .errfile-maxsize + +%build +%ifarch sparc64 +#sparc64 need big PIE +export CFLAGS="$RPM_OPT_FLAGS -fPIC" +%else +export CFLAGS="$RPM_OPT_FLAGS -fpic" +%endif +# build the proton first +( + cd %{_builddir}/qpid-proton-0.34.0 + mkdir bld + cd bld + + # Need ENABLE_FUZZ_TESTING=NO to avoid a link failure + # Find python include dir and python library from + # https://stackoverflow.com/questions/24174394/cmake-is-not-able-to-find-python-libraries + cmake .. \ + -DBUILD_BINDINGS="" \ + -DBUILD_STATIC_LIBS=YES \ + -DENABLE_FUZZ_TESTING=NO \ + -DPYTHON_INCLUDE_DIR=$(python3 -c "from distutils.sysconfig import get_python_inc; print(get_python_inc())") \ + -DPYTHON_LIBRARY=$(python3 -c "import distutils.sysconfig as sysconfig; print(sysconfig.get_config_var('LIBDIR'))") \ + -DCMAKE_AR="/usr/bin/gcc-ar" -DCMAKE_NM="/usr/bin/gcc-nm" -DCMAKE_RANLIB="/usr/bin/gcc-ranlib" + make -j8 +) +%ifarch sparc64 +#sparc64 need big PIE +export CFLAGS="$RPM_OPT_FLAGS -fPIE" +%else +export CFLAGS="$RPM_OPT_FLAGS -fpie" +%endif +export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" + +sed -i 's/%{version}/%{version}-%{release}/g' configure.ac +autoreconf -if +%configure \ + --prefix=/usr \ + --disable-static \ + --disable-testbench \ + --enable-elasticsearch \ + --enable-generate-man-pages \ + --enable-gnutls \ + --enable-openssl \ + --enable-gssapi-krb5 \ + --enable-imdiag \ + --enable-imfile \ + --enable-imjournal \ + --enable-imkafka \ + --enable-impstats \ + --enable-imptcp \ + --enable-mail \ + --enable-mmanon \ + --enable-mmaudit \ + --enable-mmcount \ + --enable-mmjsonparse \ + --enable-mmkubernetes \ + --enable-mmnormalize \ + --enable-mmfields \ + --enable-mmsnmptrapd \ + --enable-mmutf8fix \ + --enable-mysql \ + --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \ + --enable-omhttp \ + --enable-omjournal \ + --enable-omkafka \ + --enable-omprog \ + --enable-omstdout \ + --enable-omudpspoof \ + --enable-omuxsock \ + --enable-pgsql \ + --enable-pmaixforwardedfrom \ + --enable-pmcisconames \ + --enable-pmlastmsg \ + --enable-pmsnare \ + --enable-relp \ + --enable-snmp \ + --enable-unlimited-select \ + --enable-usertools + +make + +%install +make DESTDIR=%{buildroot} install + +install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig +install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d +install -d -m 755 %{buildroot}%{_unitdir} +install -d -m 755 %{buildroot}%{_sysconfdir}/rsyslog.d +install -d -m 700 %{buildroot}%{rsyslog_statedir} +install -d -m 700 %{buildroot}%{rsyslog_pkidir} +install -d -m 755 %{buildroot}%{rsyslog_docdir}/html + +install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rsyslog.conf +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog +install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/syslog +install -p -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/rsyslog.service +install -p -m 644 plugins/ommysql/createDB.sql %{buildroot}%{rsyslog_docdir}/mysql-createDB.sql +install -p -m 644 plugins/ompgsql/createDB.sql %{buildroot}%{rsyslog_docdir}/pgsql-createDB.sql +install -p -m 644 contrib/mmkubernetes/*.rulebase %{buildroot}%{rsyslog_docdir} +# extract documentation +cp -r doc/* %{buildroot}%{rsyslog_docdir}/html +# get rid of libtool libraries +rm -f %{buildroot}%{_libdir}/rsyslog/*.la + +# convert line endings from "\r\n" to "\n" +cat tools/recover_qi.pl | tr -d '\r' > %{buildroot}%{_bindir}/rsyslog-recover-qi.pl + +%post +for n in /var/log/{messages,secure,maillog,spooler} +do + [ -f $n ] && continue + umask 066 && touch $n +done +%systemd_post rsyslog.service + +%preun +%systemd_preun rsyslog.service + +%postun +%systemd_postun_with_restart rsyslog.service + +%files +%doc AUTHORS COPYING* ChangeLog +%exclude %{rsyslog_docdir}/html +%exclude %{rsyslog_docdir}/mysql-createDB.sql +%exclude %{rsyslog_docdir}/pgsql-createDB.sql +%dir %{_libdir}/rsyslog +%dir %{_sysconfdir}/rsyslog.d +%dir %{rsyslog_statedir} +%dir %{rsyslog_pkidir} +%{_sbindir}/rsyslogd +%attr(755,root,root) %{_bindir}/rsyslog-recover-qi.pl +%{_mandir}/man5/rsyslog.conf.5.gz +%{_mandir}/man8/rsyslogd.8.gz +%{_unitdir}/rsyslog.service +%config(noreplace) %{_sysconfdir}/rsyslog.conf +%config(noreplace) %{_sysconfdir}/sysconfig/rsyslog +%config(noreplace) %{_sysconfdir}/logrotate.d/syslog +# plugins +%{_libdir}/rsyslog/fmhash.so +%{_libdir}/rsyslog/fmhttp.so +%{_libdir}/rsyslog/imdiag.so +%{_libdir}/rsyslog/imfile.so +%{_libdir}/rsyslog/imjournal.so +%{_libdir}/rsyslog/imklog.so +%{_libdir}/rsyslog/immark.so +%{_libdir}/rsyslog/impstats.so +%{_libdir}/rsyslog/imptcp.so +%{_libdir}/rsyslog/imtcp.so +%{_libdir}/rsyslog/imudp.so +%{_libdir}/rsyslog/imuxsock.so +%{_libdir}/rsyslog/lmnet.so +%{_libdir}/rsyslog/lmnetstrms.so +%{_libdir}/rsyslog/lmnsd_ptcp.so +%{_libdir}/rsyslog/lmregexp.so +%{_libdir}/rsyslog/lmtcpclt.so +%{_libdir}/rsyslog/lmtcpsrv.so +%{_libdir}/rsyslog/lmzlibw.so +%{_libdir}/rsyslog/mmanon.so +%{_libdir}/rsyslog/mmcount.so +%{_libdir}/rsyslog/mmexternal.so +%{_libdir}/rsyslog/mmutf8fix.so +%{_libdir}/rsyslog/omhttp.so +%{_libdir}/rsyslog/omjournal.so +%{_libdir}/rsyslog/ommail.so +%{_libdir}/rsyslog/omprog.so +%{_libdir}/rsyslog/omstdout.so +%{_libdir}/rsyslog/omtesting.so +%{_libdir}/rsyslog/omuxsock.so +%{_libdir}/rsyslog/pmaixforwardedfrom.so +%{_libdir}/rsyslog/pmcisconames.so +%{_libdir}/rsyslog/pmlastmsg.so +%{_libdir}/rsyslog/pmsnare.so + +%files crypto +%{_bindir}/rscryutil +%{_mandir}/man1/rscryutil.1.gz +%{_libdir}/rsyslog/lmcry_gcry.so + +%files doc +%doc %{rsyslog_docdir}/html + +%files elasticsearch +%{_libdir}/rsyslog/omelasticsearch.so + +%files gssapi +%{_libdir}/rsyslog/lmgssutil.so +%{_libdir}/rsyslog/imgssapi.so +%{_libdir}/rsyslog/omgssapi.so + +%files gnutls +%{_libdir}/rsyslog/lmnsd_gtls.so + +%files openssl +%{_libdir}/rsyslog/lmnsd_ossl.so + +%files kafka +%{_libdir}/rsyslog/imkafka.so +%{_libdir}/rsyslog/omkafka.so + +%files mmaudit +%{_libdir}/rsyslog/mmaudit.so + +%files mmjsonparse +%{_libdir}/rsyslog/mmjsonparse.so + +%files mmkubernetes +%{_libdir}/rsyslog/mmkubernetes.so +%doc %{rsyslog_docdir}/k8s_filename.rulebase +%doc %{rsyslog_docdir}/k8s_container_name.rulebase + +%files mmnormalize +%{_libdir}/rsyslog/mmnormalize.so + +%files mmfields +%{_libdir}/rsyslog/mmfields.so + +%files mmsnmptrapd +%{_libdir}/rsyslog/mmsnmptrapd.so + +%files mysql +%doc %{rsyslog_docdir}/mysql-createDB.sql +%{_libdir}/rsyslog/ommysql.so + +%files omamqp1 +%{_libdir}/rsyslog/omamqp1.so + +%files pgsql +%doc %{rsyslog_docdir}/pgsql-createDB.sql +%{_libdir}/rsyslog/ompgsql.so + +%files relp +%{_libdir}/rsyslog/imrelp.so +%{_libdir}/rsyslog/omrelp.so + +%files snmp +%{_libdir}/rsyslog/omsnmp.so + +%files udpspoof +%defattr(-,root,root) +%{_libdir}/rsyslog/omudpspoof.so + +%changelog +* Fri Mar 4 2022 Sergio Arroutbi - 8.2102.0-8 +- Include maxsize for error files + resolves: rhbz#1962318 + +* Mon Nov 22 2021 Attila Lakatos - 8.2102.0-7 +- Propagate prioritizeSAN when accepting new connection + resolves: rhbz#1832368 + +* Mon Oct 18 2021 Attila Lakatos - 8.2102.0-6 +- Enable mmfields module + resolves: rhbz#1947907 + resolves: rhbz#1866900 + +* Wed Aug 04 2021 Attila Lakatos - 8.2102.0-5 +- Do not exit when user/group can not be found + resolves: rhbz#1984489 +- Remove abortOnIDResolution fail + +* Tue Jul 27 2021 Attila Lakatos - 8.2102.0-4 +- Allways use message severity when comparing with ratelimit severity + resolves: rhbz#1984616 + +* Mon Jun 28 2021 Attila Lakatos - 8.2102.0-3 +- Priority field must have valid length + resolves: rhbz#1866877 +- Allocate more memory on too large groups + resolves: rhbz#1944718 + +* Tue May 18 2021 Attila Lakatos - 8.2102.0-2 + RHEL 8.5.0 ERRATUM +- rebase to 8.2102.0 + resolves: rhbz#1932795 +- Enable openssl + resolves: rhbz#1891458 +- EKU check for client cert on server side + resolves: rhbz#1783348 +- Use GNUTLS_SHUT_WR when ending TLS connections + resolves: rhbz#1880434 +- Use librelp with openssl enabled + resolves: rhbz#1795607 +- Close dir when fsync=on + resolves: rhbz#1960536 + +* Wed Nov 18 2020 Attila Lakatos - 8.1911.0-7 +- add back rsyslog-udpspoof package + resolves: rhbz#1869874 + +* Thu Jun 18 2020 Jiri Vymazal - 8.1911.0-6 + RHEL 8.3.0 ERRATUM +- added patch preventing imfile crash when selinux blocks symlink + access + resolves: rhbz#1843994 +- fixed config-enabled patch + resolves: rhbz#1659383 + +* Thu Jun 04 2020 Jiri Vymazal - 8.1911.0-5 + RHEL 8.3.0 ERRATUM +- added qpid-proton as another source and enabled omamqp1 module + in a separate sub-package with it statically linked + resolves: rhbz#1713427 +- extended config.enabled patch to cover rest of the cases + resolves: rhbz#1659383 +- added patch making json serialization thread-safe + resolves: rhbz#1789675 +- added another patch for imfile state-files id + resolves: rhbz#1793569 +- fixed typo in commend-out part of default rsyslog.conf + +* Wed Dec 11 2019 Jiri Vymazal - 8.1911.0-3 + RHEL 8.2.0 ERRATUM +- added patch reverting rejecting expired certs by default + resolves: rhbz#1782353 +- added patch silencing false errors on config.enabled statement + resolves: rhbz#1659383 + +* Tue Dec 03 2019 Jiri Vymazal - 8.1911.0-2 + RHEL 8.2.0 ERRATUM +- cleaned old patches, fixed patch names + resolves: rhbz#1740683 + +* Mon Dec 02 2019 Jiri Vymazal - 8.1911.0-1 + RHEL 8.2.0 ERRATUM +- rebased to 8.1911.0 upstream version, removed, previously + upstreamed patches + resolves: rhbz#1740683 + resolves: rhbz#1659383 + resolves: rhbz#1746876 + resolves: rhbz#1676559 + resolves: rhbz#1692072 + resolves: rhbz#1692073 + resolves: rhbz#1692074 + resolves: rhbz#1699242 + resolves: rhbz#1738213 + resolves: rhbz#1744691 + resolves: rhbz#1755218 + resolves: rhbz#1768321 + resolves: rhbz#1768324 +- added patch fixing imfile stefiles naming + resolves: rhbz#1763757 + +* Fri Aug 30 2019 Jiri Vymazal - 8.37.0-13 + RHEL 8.1.0 ERRATUM +- added patch enabling stricter TLS certs checking conforming to + common criteria requirements + resolves: rhbz#1733244 + +* Mon Jul 22 2019 Jiri Vymazal - 8.37.0-12 + RHEL 8.1.0 ERRATUM +- edited imjournal memleak patch to not cause double-free crash + resolves: rhbz#1729995 +- added patch calling journald API only when there are no + preceeding errors + resolves: rhbz#1722165 +- added patch fixing imrelp module when invoked with old syntax + resolves: rhbz#1724218 + +* Wed Jun 05 2019 Jiri Vymazal - 8.37.0-11 + RHEL 8.1.0 ERRATUM +- fixed memory leak in imjournal by proper cursor releasing + resolves: rhbz#1716867 + +* Fri May 10 2019 Jiri Vymazal - 8.37.0-10 + RHEL 8.1.0 ERRATUM +- added option for imfile endmsg.regex + resolves: rhbz#1627941 +- added patch enhancing imfile rotation detection + resolves: rhbz#1674471 +- added patch fixing msgOffset datatype preventing crash on + message with too long other fields + resolves: rhbz#1677037 +- added patch introducing "preservecase" option for imudp/imtcp + resolves: rhbz#1614181 + +* Mon Dec 17 2018 Jiri Vymazal - 8.37.0-9 + RHEL 8.0.0 ERRATUM +- added back legacy option for imjournal default tag + resolves: rhbz#1659898 + +* Fri Dec 14 2018 Jiri Vymazal - 8.37.0-8 + RHEL 8.0.0 ERRATUM +- fixes mmkubenetes handling 404 and 429 errors + resolves: rhbz#1622768 + +* Fri Oct 19 2018 Jiri Vymazal - 8.37.0-7 +- removed version from docdir macro + resolves: rhbz#1638023 + +* Mon Aug 27 2018 Jiri Vymazal - 8.37.0-6 +- updated patch for enhanced imfile symlink support + resolves: rhbz#1614179 + +* Fri Aug 10 2018 Jiri Vymazal - 8.37.0-5 +- rebuild for rebased dependencies +- dependency cleanup and sorted sub-packages in spec + resolves: rhbz#1613880 + +* Fri Aug 10 2018 Jiri Vymazal - 8.37.0-4 +- enabled mmkubernetes module + resolves: rhbz#1614432 + resolves: rhbz#1614441 + +* Thu Aug 09 2018 Josef Ridky - 8.37.0-3 +- Rebuild for Net-SNMP + +* Thu Aug 09 2018 Jiri Vymazal - 8.37.0-2 +- added patch for enhanced imfile symlink support + resolves: rhbz#1614179 + +* Wed Aug 08 2018 Jiri Vymazal - 8.37.0-1 +- rebase to 8.37.0 + resolves: rhbz#1613880 + resolves: rhbz#1564054 + resolves: rhbz#1598218 + - dropped invalid statefile patch - upstreamed + - dropped imjournal duplicates patch - upstreamed + resolves: rhbz#1544394 +- renumbered default tag patch and fitted onto rebased version + +* Fri Aug 03 2018 Jiri Vymazal - 8.36.0-4 +- removed dependency on libee + resolves: rhbz#1612032 + +* Wed Aug 01 2018 Jiri Vymazal - 8.36.0-3 +- dropped json_nonoverwrite patch as there is no reason for + keeping it +- renumbered rest of patches +- added release number to AC_INIT to have it in package error logs + +* Mon Jul 16 2018 Charalampos Stratakis - 8.36.0-2 +- Depend on python3-docutils + +* Mon Jul 02 2018 Jiri Vymazal - 8.36.0-1 +- changed PID file name to follow upstream +- removed config option to disable stdlog as it is now + disabled by default + +* Thu Jun 28 2018 Jiri Vymazal - 8.36.0-1 +- rebase to 8.36 +- removed hiredis module +- removed omudpspoof module + resolves: rhbz#1593762 +- finished converting config to new-style syntax + +* Mon May 21 2018 Jiri Vymazal - 8.35.0-1 +- spec file cleanup +- enabled kafka and hiredis modules + resolves: rhbz#1542497 + resolves: rhbz#1542504 +- renamed patch fixing imjournal duplicating messages + resolves: rhbz#1544394 + +* Thu May 17 2018 Marek Tamaskovic - 8.35.0-1 +- rebase to 8.35 +- rebased patches from 8.32 to 8.35 + - fixed imjournal-duplicates + - fixed imjournal-default-tag + - fixed service patch + - fixed in upstream deserialize-property-name + +* Fri Mar 23 2018 Radovan Sroka - 8.32.0-2 +- rebuild, bumped release number + +* Tue Feb 06 2018 Radovan Sroka - 8.32.0-1 +- initial clean build with plugins from rhel7 +- removed plugins: + - libdbi + - omruleset + - pmrfc3164sd +- imported from fedora26 diff --git a/rsyslog.sysconfig b/rsyslog.sysconfig new file mode 100644 index 0000000..bc65731 --- /dev/null +++ b/rsyslog.sysconfig @@ -0,0 +1,5 @@ +# Options for rsyslogd +# Syslogd options are deprecated since rsyslog v3. +# If you want to use them, switch to compatibility mode 2 by "-c 2" +# See rsyslogd(8) for more details +SYSLOGD_OPTIONS="" diff --git a/sources b/sources new file mode 100644 index 0000000..d12920a --- /dev/null +++ b/sources @@ -0,0 +1,3 @@ +SHA512 (qpid-proton-0.34.0.tar.gz) = 0de6c3d11baeee1d69821a0f1879a61b314f14589e02ea7ed0de8814c741217fdcafdd978b4061f73bc75588886299f4ac6808021506545ec8a883f39ad54fb3 +SHA512 (rsyslog-8.2102.0.tar.gz) = 281b0e5d5cb548c39a6e514e5fd5b1bdbe8ca0bdd9234f4fea581ed7679f76d2d75b65d14c3c5e799f86f91600074ff75b467aa1ff27cdbec0f4197261c5aec0 +SHA512 (rsyslog-doc-8.2102.0.tar.gz) = a5dc4fb9bd8892fac693c5692b926c8d7d9fa36667d6b4c6eccba750713af88d4317f6232efc2a16de38c2e58c4a8bc4d04c9ebb2e7ebc3b0878d53eef20dd2e