From 4baef87b6326f89c5a88b8e18ca77ae4c454f74f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 14 Jul 2020 01:54:27 +0000 Subject: [PATCH] import rsyslog-8.1911.0-6.el8 --- .gitignore | 3 + .rsyslog.metadata | 3 + ...1.0-rhbz1659383-config-enabled-error.patch | 123 ++++ ....0-rhbz1659898-imjournal-default-tag.patch | 93 +++ ...1911.0-rhbz1763757-imfile-statefiles.patch | 142 ++++ ...-rhbz1782353-deny-expired-by-default.patch | 58 ++ ...1.0-rhbz1789675-serialize-crash-race.patch | 33 + ...-8.1911.0-rhbz1793569-imfile-file_id.patch | 37 + ...1843994-imfile-selinux-symlink-crash.patch | 24 + SOURCES/rsyslog-8.1911.0-service.patch | 21 + SOURCES/rsyslog.conf | 79 +++ SOURCES/rsyslog.log | 12 + SOURCES/rsyslog.sysconfig | 5 + SPECS/rsyslog.spec | 668 ++++++++++++++++++ 14 files changed, 1301 insertions(+) create mode 100644 .gitignore create mode 100644 .rsyslog.metadata create mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch create mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch create mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch create mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch create mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch create mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch create mode 100644 SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch create mode 100644 SOURCES/rsyslog-8.1911.0-service.patch create mode 100644 SOURCES/rsyslog.conf create mode 100644 SOURCES/rsyslog.log create mode 100644 SOURCES/rsyslog.sysconfig create mode 100644 SPECS/rsyslog.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ad4a527 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +SOURCES/qpid-proton-0.31.0.tar.gz +SOURCES/rsyslog-8.1911.0.tar.gz +SOURCES/rsyslog-doc-8.1911.0.tar.gz diff --git a/.rsyslog.metadata b/.rsyslog.metadata new file mode 100644 index 0000000..1e19d69 --- /dev/null +++ b/.rsyslog.metadata @@ -0,0 +1,3 @@ +8714235747ec8947648448eecda57e97d3a733ce SOURCES/qpid-proton-0.31.0.tar.gz +30dfc2b99d73598788e2bd0d0ac45e16e7c3a3d5 SOURCES/rsyslog-8.1911.0.tar.gz +8bcb23571ab8011b712ccf52acee20f8940b7f03 SOURCES/rsyslog-doc-8.1911.0.tar.gz diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch b/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch new file mode 100644 index 0000000..145378b --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch @@ -0,0 +1,123 @@ +From ba5b68be84888b24918dd019b87ed9f62d7fa988 Mon Sep 17 00:00:00 2001 +From: Jiri Vymazal +Date: Tue, 11 Feb 2020 13:46:23 +0100 +Subject: [PATCH] Fixed processing of 'cofig.enabled' directive + +Previously the directive was processed way too late which caused +false errors whenever it was set to 'off' and possibly other +problems. +--- + grammar/rainerscript.c | 43+++++++++++++++++++++++---------------- + grammar/rainerscript.h | 1 + + runtime/rsconf.c | 10 +++++++++ + 3 files changed, 38 insertions(+), 18 deletions(-) + +diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c +index 8f14bbe319..4398e6011a 100644 +--- a/grammar/rainerscript.c ++++ b/grammar/rainerscript.c +@@ -699,6 +699,22 @@ nvlstFindNameCStr(struct nvlst *lst, const char *const __restrict__ name) + return lst; + } + ++/* check if the nvlst is disabled, and mark config.enabled directive ++ * as used if it is not. Returns 1 if block is disabled, 0 otherwise. ++ */ ++int nvlstChkDisabled(struct nvlst *lst) ++{ ++ struct nvlst *valnode; ++ ++ if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) { ++ lst->bUsed = 1; ++ if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) { ++ return 1; ++ } ++ } ++ return 0; ++} ++ + + /* check if there are duplicate names inside a nvlst and emit + * an error message, if so. +@@ -1207,21 +1224,6 @@ nvlstGetParams(struct nvlst *lst, struct cnfparamblk *params, + } + } + +- /* now config-system parameters (currently a bit hackish, as we +- * only have one...). -- rgerhards, 2018-01-24 +- */ +- if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) { +- if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) { +- dbgprintf("config object disabled by configuration\n"); +- /* flag all params as used to not emit error mssages */ +- bInError = 1; +- struct nvlst *val; +- for(val = lst; val != NULL ; val = val->next) { +- val->bUsed = 1; +- } +- } +- } +- + /* done parameter processing */ + if(bInError) { + if(bValsWasNULL) +@@ -4418,8 +4418,13 @@ cnfstmtNewAct(struct nvlst *lst) + struct cnfstmt* cnfstmt; + char namebuf[256]; + rsRetVal localRet; +- if((cnfstmt = cnfstmtNew(S_ACT)) == NULL) ++ if((cnfstmt = cnfstmtNew(S_ACT)) == NULL) { + goto done; ++ } ++ if (nvlstChkDisabled(lst)) { ++ dbgprintf("action disabled by configuration\n"); ++ cnfstmt->nodetype = S_NOP; ++ } + localRet = actionNewInst(lst, &cnfstmt->d.act); + if(localRet == RS_RET_OK_WARN) { + parser_errmsg("warnings occured in file '%s' around line %d", +@@ -5284,6 +5289,11 @@ includeProcessCnf(struct nvlst *const lst) + goto done; + } + ++ if (nvlstChkDisabled(lst)) { ++ DBGPRINTF("include statement disabled\n"); ++ goto done; ++ } ++ + pvals = nvlstGetParams(lst, &incpblk, NULL); + if(pvals == NULL) { + goto done; +diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h +index bfa8ee6cb9..0f8128861b 100644 +--- a/grammar/rainerscript.h ++++ b/grammar/rainerscript.h +@@ -340,6 +340,7 @@ void nvlstDestruct(struct nvlst *lst); + void nvlstPrint(struct nvlst *lst); + void nvlstChkUnused(struct nvlst *lst); + struct nvlst* nvlstFindName(struct nvlst *lst, es_str_t *name); ++int nvlstChkDisabled(struct nvlst *lst); + struct cnfobj* cnfobjNew(enum cnfobjType objType, struct nvlst *lst); + void cnfobjDestruct(struct cnfobj *o); + void cnfobjPrint(struct cnfobj *o); +diff --git a/runtime/rsconf.c b/runtime/rsconf.c +index fc0863a738..303e06365b 100644 +--- a/runtime/rsconf.c ++++ b/runtime/rsconf.c +@@ -438,6 +438,16 @@ cnfDoObj(struct cnfobj *const o) + + dbgprintf("cnf:global:obj: "); + cnfobjPrint(o); ++ ++ /* We need to check for object disabling as early as here to cover most ++ * of them at once and avoid needless initializations ++ * - jvymazal 2020-02-12 ++ */ ++ if (nvlstChkDisabled(o->nvlst)) { ++ dbgprintf("object disabled by configuration\n"); ++ return; ++ } ++ + switch(o->objType) { + case CNFOBJ_GLOBAL: + glblProcessCnf(o); diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch b/SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch new file mode 100644 index 0000000..e9a188d --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch @@ -0,0 +1,93 @@ +diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjournal.c +--- ./plugins/imjournal/imjournal.c.default-tag 2018-05-17 08:50:11.416418022 -0400 ++++ ./plugins/imjournal/imjournal.c 2018-05-17 08:53:02.884418022 -0400 +@@ -78,6 +78,7 @@ static struct configSettings_s { + int bWorkAroundJournalBug; /* deprecated, left for backwards compatibility only */ + int bFsync; + int bRemote; ++ char *dfltTag; + } cs; + + static rsRetVal facilityHdlr(uchar **pp, void *pVal); +@@ -93,7 +94,8 @@ static struct cnfparamdescr modpdescr[] + { "usepid", eCmdHdlrString, 0 }, + { "workaroundjournalbug", eCmdHdlrBinary, 0 }, + { "fsync", eCmdHdlrBinary, 0 }, +- { "remote", eCmdHdlrBinary, 0 } ++ { "remote", eCmdHdlrBinary, 0 }, ++ { "defaulttag", eCmdHdlrGetWord, 0 } + }; + static struct cnfparamblk modpblk = + { CNFPARAMBLK_VERSION, +@@ -104,6 +106,7 @@ static struct cnfparamblk modpblk = + #define DFLT_persiststateinterval 10 + #define DFLT_SEVERITY pri2sev(LOG_NOTICE) + #define DFLT_FACILITY pri2fac(LOG_USER) ++#define DFLT_TAG "journal" + + static int bLegacyCnfModGlobalsPermitted = 1;/* are legacy module-global config parameters permitted? */ + +@@ -268,7 +271,7 @@ readjournal(void) + + /* Information from messages */ + char *message = NULL; +- char *sys_iden; ++ char *sys_iden = NULL; + char *sys_iden_help = NULL; + + const void *get; +@@ -331,7 +334,7 @@ readjournal(void) + if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) { + CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden)); + } else { +- CHKmalloc(sys_iden = strdup("journal")); ++ CHKmalloc(sys_iden = strdup(cs.dfltTag)); + } + + /* trying to get PID, default is "SYSLOG_PID" property */ +@@ -654,6 +657,11 @@ CODESTARTrunInput + "\"usepidfromsystem\" is depricated, use \"usepid\" instead"); + } + ++ if (cs.dfltTag == NULL) { ++ cs.dfltTag = strdup(DFLT_TAG); ++ } ++ ++ + if (cs.usePid && (strcmp(cs.usePid, "system") == 0)) { + pidFieldName = "_PID"; + bPidFallBack = 0; +@@ -732,6 +740,7 @@ CODESTARTbeginCnfLoad + cs.bWorkAroundJournalBug = 1; + cs.bFsync = 0; + cs.bRemote = 0; ++ cs.dfltTag = NULL; + ENDbeginCnfLoad + + +@@ -754,6 +763,7 @@ BEGINfreeCnf + CODESTARTfreeCnf + free(cs.stateFile); + free(cs.usePid); ++ free(cs.dfltTag); + free(journalContext.cursor); + statsobj.Destruct(&(statsCounter.stats)); + ENDfreeCnf +@@ -832,6 +842,8 @@ CODESTARTsetModCnf + cs.bFsync = (int) pvals[i].val.d.n; + } else if (!strcmp(modpblk.descr[i].name, "remote")) { + cs.bRemote = (int) pvals[i].val.d.n; ++ } else if (!strcmp(modpblk.descr[i].name, "defaulttag")) { ++ cs.dfltTag = (char *)es_str2cstr(pvals[i].val.d.estr, NULL); + } else { + dbgprintf("imjournal: program error, non-handled " + "param '%s' in beginCnfLoad\n", modpblk.descr[i].name); +@@ -799,6 +820,8 @@ CODEmodInit_QueryRegCFSLineHdlr + facilityHdlr, &cs.iDfltFacility, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournalusepidfromsystem", 0, eCmdHdlrBinary, + NULL, &cs.bUseJnlPID, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournaldefaulttag", 0, eCmdHdlrGetWord, ++ NULL, &cs.dfltTag, STD_LOADABLE_MODULE_ID)); + ENDmodInit + /* vim:set ai: + */ diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch b/SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch new file mode 100644 index 0000000..6e18e63 --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch @@ -0,0 +1,142 @@ +From ac30968b7858d4ca3743d2b4d296eca543864fe2 Mon Sep 17 00:00:00 2001 +From: Jiri Vymazal +Date: Fri, 22 Nov 2019 14:25:59 +0100 +Subject: [PATCH] Thorougher state-file renaming and cleaning + +Now checking if file-id changes and reanming - cleaning state file +accordingly and always checking and cleaning old inode-only style +state files. +--- + plugins/imfile/imfile.c | 66 +++++++++++++++++++++++++++-------------- + 1 file changed, 43 insertions(+), 23 deletions(-) + +diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c +index d9bf0fbb6d..9db2b47ac9 100644 +--- a/plugins/imfile/imfile.c ++++ b/plugins/imfile/imfile.c +@@ -182,6 +182,7 @@ struct act_obj_s { + time_t timeoutBase; /* what time to calculate the timeout against? */ + /* file dynamic data */ + char file_id[FILE_ID_HASH_SIZE]; /* file id for this entry, once we could obtain it */ ++ char file_id_prev[FILE_ID_HASH_SIZE]; /* previous file id for this entry, set if changed */ + int in_move; /* workaround for inotify move: if set, state file must not be deleted */ + ino_t ino; /* current inode nbr */ + int fd; /* fd to file in order to obtain file_id (needs to be preserved across move) */ +@@ -711,7 +712,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file, + if (is_file) { + LogError(errno, RS_RET_ERR, "imfile: error accessing file '%s'", name); + } else { /* reporting only in debug for dirs as higher lvl paths are likely blocked by selinux */ +- DBGPRINTF("imfile: error accessing file '%s'", name); ++ DBGPRINTF("imfile: error accessing directory '%s'", name); + } + FINALIZE; + } +@@ -727,6 +728,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file, + act->ino = ino; + act->fd = fd; + act->file_id[0] = '\0'; ++ act->file_id_prev[0] = '\0'; + act->is_symlink = is_symlink; + if (source) { /* we are target of symlink */ + CHKmalloc(act->source_name = strdup(source)); +@@ -1256,17 +1258,15 @@ get_file_id_hash(const char *data, size_t lendata, + static void ATTR_NONNULL(1) + getFileID(act_obj_t *const act) + { +- if(act->file_id[0] != '\0') { +- return; /* everything already done */ +- } ++ /* save the old id for cleaning purposes */ ++ strncpy(act->file_id_prev, (const char*)act->file_id, FILE_ID_HASH_SIZE); ++ act->file_id[0] = '\0'; + assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */ + char filedata[FILE_ID_SIZE]; ++ lseek(act->fd, 0, SEEK_SET); /* Seek to beginning of file so we have correct id */ + const int r = read(act->fd, filedata, FILE_ID_SIZE); + if(r == FILE_ID_SIZE) { + get_file_id_hash(filedata, sizeof(filedata), act->file_id, sizeof(act->file_id)); +- dbgprintf("file_id '%s' obtained, closing monitoring file handle\n", act->file_id); +- close(act->fd); /* we will never go here! */ +- act->fd = -1; + } else { + DBGPRINTF("getFileID partial or error read, ret %d\n", r); + } +@@ -1378,28 +1378,13 @@ openFileWithStateFile(act_obj_t *const act) + if(fd < 0) { + if(errno == ENOENT) { + if(act->file_id[0] != '\0') { +- const char *pszSFNamHash = strdup((const char*)pszSFNam); +- CHKmalloc(pszSFNamHash); + DBGPRINTF("state file %s for %s does not exist - trying to see if " + "inode-only file exists\n", pszSFNam, act->name); + getFullStateFileName(statefn, "", pszSFNam, sizeof(pszSFNam)); + fd = open((char*)pszSFNam, O_CLOEXEC | O_NOCTTY | O_RDONLY, 0600); + if(fd >= 0) { +- dbgprintf("found inode-only state file, renaming it now that we " +- "know the file_id, new name: %s\n", pszSFNamHash); +- /* we now can use identify the file, so let's rename it */ +- if(rename((const char*)pszSFNam, pszSFNamHash) != 0) { +- LogError(errno, RS_RET_IO_ERROR, +- "imfile error trying to rename state file for '%s' - " +- "ignoring this error, usually this means a file no " +- "longer file is left over, but this may also cause " +- "some real trouble. Still the best we can do ", +- act->name); +- free((void*) pszSFNamHash); +- ABORT_FINALIZE(RS_RET_IO_ERROR); +- } ++ dbgprintf("found inode-only state file, will be renamed at next persist\n"); + } +- free((void*) pszSFNamHash); + } + if(fd < 0) { + DBGPRINTF("state file %s for %s does not exist - trying to see if " +@@ -2609,6 +2594,36 @@ atomicWriteStateFile(const char *fn, const char *content) + RETiRet; + } + ++/* This function should be called after any file ID change - that is if ++ * file grown from hash-only statefile, or was truncated, this will ensure ++ * we delete the old file so we do not make garbage in our working dir and ++ * there are no leftover statefiles which can in theory later bind to something ++ * and cause data loss. ++ * jvymazal 2019-11-27 ++ */ ++static void ++removeOldStatefile(const uchar *statefn, const char *hashToDelete) ++{ ++ int ret; ++ uchar statefname[MAXFNAME]; ++ ++ getFullStateFileName(statefn, hashToDelete, statefname, sizeof(statefname)); ++ DBGPRINTF("removing old state file: '%s'\n", statefname); ++ ret = unlink((const char*)statefname); ++ if(ret != 0) { ++ if (errno != ENOENT) { ++ LogError(errno, RS_RET_IO_ERROR, ++ "imfile error trying to delete old state file: '%s' - ignoring this " ++ "error, usually this means a file no longer file is left over, but " ++ "this may also cause some real trouble. Still the best we can do ", ++ statefname); ++ } else { ++ DBGPRINTF("trying to delete no longer valid statefile '%s' which no " ++ "longer exists (probably already deleted)\n", statefname); ++ } ++ } ++} ++ + + /* This function persists information for a specific file being monitored. + * To do so, it simply persists the stream object. We do NOT abort on error +@@ -2660,6 +2675,11 @@ persistStrmState(act_obj_t *const act) + CHKiRet(atomicWriteStateFile((const char*)statefname, jstr)); + json_object_put(json); + ++ /* file-id changed remove the old statefile */ ++ if (strncmp((const char *)act->file_id_prev, (const char *)act->file_id, FILE_ID_HASH_SIZE)) { ++ removeOldStatefile(statefn, act->file_id_prev); ++ } ++ + finalize_it: + if(iRet != RS_RET_OK) { + LogError(0, iRet, "imfile: could not persist state " diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch b/SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch new file mode 100644 index 0000000..8700dff --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch @@ -0,0 +1,58 @@ +From 0de93c9e1597b20f71bb61d5375ded546cfd2fa8 Mon Sep 17 00:00:00 2001 +From: Jiri Vymazal +Date: Wed, 11 Dec 2019 15:35:26 +0100 +Subject: [PATCH] Changed default for permitExpiredCerts to "off" + +This is to be conssitent with rsyslog's prior behavior where +expired certs were automatically rejected +--- + runtime/nsd_gtls.c | 10 +++++----- + runtime/nsd_ossl.c | 8 ++++---- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index 5df12994d1..2be0ca9c92 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -1461,16 +1461,16 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode) + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + + ISOBJ_TYPE_assert((pThis), nsd_gtls); +- /* default is set to warn! */ +- if(mode == NULL || !strcasecmp((char*)mode, "warn")) { +- pThis->permitExpiredCerts = GTLS_EXPIRED_WARN; +- } else if(!strcasecmp((char*) mode, "off")) { ++ /* default is set to off! */ ++ if(mode == NULL || !strcasecmp((char*)mode, "off")) { + pThis->permitExpiredCerts = GTLS_EXPIRED_DENY; ++ } else if(!strcasecmp((char*) mode, "warn")) { ++ pThis->permitExpiredCerts = GTLS_EXPIRED_WARN; + } else if(!strcasecmp((char*) mode, "on")) { + pThis->permitExpiredCerts = GTLS_EXPIRED_PERMIT; + } else { + LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: permitexpiredcerts mode '%s' not supported by " +- "ossl netstream driver", mode); ++ "gtls netstream driver", mode); + ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED); + } + +diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c +index 4f8dd845ab..ebb2537d72 100644 +--- a/runtime/nsd_ossl.c ++++ b/runtime/nsd_ossl.c +@@ -1130,11 +1130,11 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode) + nsd_ossl_t *pThis = (nsd_ossl_t*) pNsd; + + ISOBJ_TYPE_assert((pThis), nsd_ossl); +- /* default is set to warn! */ +- if(mode == NULL || !strcasecmp((char*)mode, "warn")) { +- pThis->permitExpiredCerts = OSSL_EXPIRED_WARN; +- } else if(!strcasecmp((char*) mode, "off")) { ++ /* default is set to off! */ ++ if(mode == NULL || !strcasecmp((char*)mode, "off")) { + pThis->permitExpiredCerts = OSSL_EXPIRED_DENY; ++ } else if(!strcasecmp((char*) mode, "warn")) { ++ pThis->permitExpiredCerts = OSSL_EXPIRED_WARN; + } else if(!strcasecmp((char*) mode, "on")) { + pThis->permitExpiredCerts = OSSL_EXPIRED_PERMIT; + } else { diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch b/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch new file mode 100644 index 0000000..da0fc3f --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch @@ -0,0 +1,33 @@ +From: Jiri Vymazal +Date: Wed, 18 Dec 2019 09:48:15 +0100 +Subject: [PATCH] Fix race condition related to libfastjson when using DA queue + +Rsyslogd aborts when writing to disk queue from multiple workers simultaneously. +It is assumed that libfastjson is not thread-safe. +Resolve libfastjson race condition when writing to disk queue. + +see also https://github.com/rsyslog/rsyslog/issues/4099 +--- + runtime/msg.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/runtime/msg.c b/runtime/msg.c +index b5c17cfdd4..f9da40005f 100644 +--- a/runtime/msg.c ++++ b/runtime/msg.c +@@ -1242,11 +1242,15 @@ static rsRetVal MsgSerialize(smsg_t *pThis, strm_t *pStrm) + psz = pThis->pszStrucData; + CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("pszStrucData"), PROPTYPE_PSZ, (void*) psz)); + if(pThis->json != NULL) { ++ MsgLock(pThis); + psz = (uchar*) json_object_get_string(pThis->json); ++ MsgUnlock(pThis); + CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("json"), PROPTYPE_PSZ, (void*) psz)); + } + if(pThis->localvars != NULL) { ++ MsgLock(pThis); + psz = (uchar*) json_object_get_string(pThis->localvars); ++ MsgUnlock(pThis); + CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("localvars"), PROPTYPE_PSZ, (void*) psz)); + } + diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch b/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch new file mode 100644 index 0000000..0b12f52 --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch @@ -0,0 +1,37 @@ +From 0c69ec76d8cac47bcfa78abae86229ad63c92b0b Mon Sep 17 00:00:00 2001 +From: Jiri Vymazal +Date: Tue, 21 Jan 2020 13:58:14 +0100 +Subject: [PATCH] Fixed saving of old file_id for statefiles + +Previously we saved old file_id unconditionally, which led to not +deleting old statefiles if files changes without rsyslog running. +Now it should work correctly. +--- + plugins/imfile/imfile.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c +index 908bb5901c..5ad44f6c59 100644 +--- a/plugins/imfile/imfile.c ++++ b/plugins/imfile/imfile.c +@@ -1258,8 +1258,8 @@ get_file_id_hash(const char *data, size_t lendata, + static void ATTR_NONNULL(1) + getFileID(act_obj_t *const act) + { +- /* save the old id for cleaning purposes */ +- strncpy(act->file_id_prev, (const char*)act->file_id, FILE_ID_HASH_SIZE); ++ char tmp_id[FILE_ID_HASH_SIZE]; ++ strncpy(tmp_id, (const char*)act->file_id, FILE_ID_HASH_SIZE); + act->file_id[0] = '\0'; + assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */ + char filedata[FILE_ID_SIZE]; +@@ -1270,6 +1270,9 @@ getFileID(act_obj_t *const act) + } else { + DBGPRINTF("getFileID partial or error read, ret %d\n", r); + } ++ if (strncmp(tmp_id, act->file_id, FILE_ID_HASH_SIZE)) {/* save the old id for cleaning purposes */ ++ strncpy(act->file_id_prev, tmp_id, FILE_ID_HASH_SIZE); ++ } + DBGPRINTF("getFileID for '%s', file_id_hash '%s'\n", act->name, act->file_id); + } + diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch b/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch new file mode 100644 index 0000000..e95c892 --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch @@ -0,0 +1,24 @@ +From 89ff6436b55cd81c54dcb076490b0c4de98d508d Mon Sep 17 00:00:00 2001 +From: Jiri Vymazal +Date: Tue, 9 Jun 2020 12:09:59 +0200 +Subject: [PATCH] Fixing imfile segfaulting on selinux denial + +If imfile is denied access to file watched trough symlink there is +unchecked condition resulting in access to not initialized memory. +--- + plugins/imfile/imfile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c +index f360bd290b..21d6546552 100644 +--- a/plugins/imfile/imfile.c ++++ b/plugins/imfile/imfile.c +@@ -732,7 +732,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file, + } else { /* reporting only in debug for dirs as higher lvl paths are likely blocked by selinux */ + DBGPRINTF("imfile: error accessing directory '%s'", name); + } +- FINALIZE; ++ ABORT_FINALIZE(RS_RET_NO_FILE_ACCESS); + } + DBGPRINTF("add new active object '%s' in '%s'\n", name, edge->path); + CHKmalloc(act = calloc(sizeof(act_obj_t), 1)); diff --git a/SOURCES/rsyslog-8.1911.0-service.patch b/SOURCES/rsyslog-8.1911.0-service.patch new file mode 100644 index 0000000..338a871 --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-service.patch @@ -0,0 +1,21 @@ +diff -up ./rsyslog.service.in.service ./rsyslog.service.in +--- ./rsyslog.service.in.service 2018-03-01 13:58:11.480598935 +0100 ++++ ./rsyslog.service.in 2018-03-01 13:58:25.433518607 +0100 +@@ -1,12 +1,16 @@ + [Unit] + Description=System Logging Service + Requires=syslog.socket ++Wants=network.target network-online.target ++After=network.target network-online.target + Documentation=man:rsyslogd(8) + Documentation=https://www.rsyslog.com/doc/ + + [Service] + Type=notify +-ExecStart=@sbindir@/rsyslogd -n -iNONE ++EnvironmentFile=-/etc/sysconfig/rsyslog ++ExecStart=@sbindir@/rsyslogd -n $SYSLOGD_OPTIONS ++UMask=0066 + StandardOutput=null + Restart=on-failure + diff --git a/SOURCES/rsyslog.conf b/SOURCES/rsyslog.conf new file mode 100644 index 0000000..06b19d1 --- /dev/null +++ b/SOURCES/rsyslog.conf @@ -0,0 +1,79 @@ +# rsyslog configuration file + +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html + +#### MODULES #### + +module(load="imuxsock" # provides support for local system logging (e.g. via logger command) + SysSock.Use="off") # Turn off message reception via local log socket; + # local messages are retrieved through imjournal now. +module(load="imjournal" # provides access to the systemd journal + StateFile="imjournal.state") # File to store the position in the journal +#module(load="imklog") # reads kernel messages (the same are read from journald) +#module(load="immark") # provides --MARK-- message capability + +# Provides UDP syslog reception +# for parameters see http://www.rsyslog.com/doc/imudp.html +#module(load="imudp") # needs to be done just once +#input(type="imudp" port="514") + +# Provides TCP syslog reception +# for parameters see http://www.rsyslog.com/doc/imtcp.html +#module(load="imtcp") # needs to be done just once +#input(type="imtcp" port="514") + +#### GLOBAL DIRECTIVES #### + +# Where to place auxiliary files +global(workDirectory="/var/lib/rsyslog") + +# Use default timestamp format +module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat") + +# Include all config files in /etc/rsyslog.d/ +include(file="/etc/rsyslog.d/*.conf" mode="optional") + +#### RULES #### + +# Log all kernel messages to the console. +# Logging much else clutters up the screen. +#kern.* /dev/console + +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +*.info;mail.none;authpriv.none;cron.none /var/log/messages + +# The authpriv file has restricted access. +authpriv.* /var/log/secure + +# Log all the mail messages in one place. +mail.* -/var/log/maillog + + +# Log cron stuff +cron.* /var/log/cron + +# Everybody gets emergency messages +*.emerg :omusrmsg:* + +# Save news errors of level crit and higher in a special file. +uucp,news.crit /var/log/spooler + +# Save boot messages also to boot.log +local7.* /var/log/boot.log + + +# ### sample forwarding rule ### +#action(type="omfwd" +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +#queue.filename="fwdRule1" # unique name prefix for spool files +#queue.maxdiskspace="1g" # 1gb space limit (use as much as possible) +#queue.saveonshutdown="on" # save messages to disk on shutdown +#queue.type="LinkedList" # run asynchronously +#action.resumeRetryCount="-1" # infinite retries if host is down +# Remote Logging (we use TCP for reliable delivery) +# remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514 +#Target="remote_host" Port="XXX" Protocol="tcp") diff --git a/SOURCES/rsyslog.log b/SOURCES/rsyslog.log new file mode 100644 index 0000000..b101e32 --- /dev/null +++ b/SOURCES/rsyslog.log @@ -0,0 +1,12 @@ +/var/log/cron +/var/log/maillog +/var/log/messages +/var/log/secure +/var/log/spooler +{ + missingok + sharedscripts + postrotate + /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true + endscript +} diff --git a/SOURCES/rsyslog.sysconfig b/SOURCES/rsyslog.sysconfig new file mode 100644 index 0000000..bc65731 --- /dev/null +++ b/SOURCES/rsyslog.sysconfig @@ -0,0 +1,5 @@ +# Options for rsyslogd +# Syslogd options are deprecated since rsyslog v3. +# If you want to use them, switch to compatibility mode 2 by "-c 2" +# See rsyslogd(8) for more details +SYSLOGD_OPTIONS="" diff --git a/SPECS/rsyslog.spec b/SPECS/rsyslog.spec new file mode 100644 index 0000000..ecbc2e2 --- /dev/null +++ b/SPECS/rsyslog.spec @@ -0,0 +1,668 @@ +%define rsyslog_statedir %{_sharedstatedir}/%{name} +%define rsyslog_pkidir %{_sysconfdir}/pki/%{name} +%define rsyslog_docdir %{_docdir}/%{name} + + +Summary: Enhanced system logging and kernel message trapping daemon +Name: rsyslog +Version: 8.1911.0 +Release: 6%{?dist} +License: (GPLv3+ and ASL 2.0) +Group: System Environment/Daemons +ExcludeArch: i686 +URL: http://www.rsyslog.com/ +Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz +Source1: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.tar.gz +Source2: rsyslog.conf +Source3: rsyslog.sysconfig +Source4: rsyslog.log +Source5: qpid-proton-0.31.0.tar.gz + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: bison +BuildRequires: flex +BuildRequires: libcurl-devel +BuildRequires: libgcrypt-devel +BuildRequires: libfastjson-devel >= 0.99.8 +BuildRequires: libestr-devel >= 0.1.9 +BuildRequires: libtool +BuildRequires: libuuid-devel +BuildRequires: pkgconfig +BuildRequires: python3-docutils +# it depens on rhbz#1419228 +BuildRequires: systemd-devel >= 219-39 +BuildRequires: zlib-devel + +Requires: logrotate >= 3.5.2 +Requires: bash >= 2.0 +Requires: libestr >= 0.1.9 +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +Provides: syslog +Obsoletes: sysklogd < 1.5-11 + +# tweak the upstream service file to honour configuration from /etc/sysconfig/rsyslog +Patch0: rsyslog-8.1911.0-service.patch +# imjournal: adds "journal" when tag/process name is missing +Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch +Patch2: rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch +Patch3: rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch +Patch4: rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch +Patch5: rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch +Patch6: rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch +Patch7: rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch + +%package crypto +Summary: Encryption support +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package doc +Summary: HTML Documentation for rsyslog +Group: Documentation +#no reason to have arched documentation +BuildArch: noarch + +%package elasticsearch +Summary: ElasticSearch output module for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package gnutls +Summary: TLS protocol support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: gnutls-devel + +%package gssapi +Summary: GSSAPI authentication and encryption support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: krb5-devel + +%package kafka +Summary: Provides kafka support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: librdkafka-devel + +%package mmaudit +Summary: Message modification module supporting Linux audit format +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package mmjsonparse +Summary: JSON enhanced logging support +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package mmkubernetes +Summary: Provides the mmkubernetes module +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package mmnormalize +Summary: Log normalization support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: liblognorm-devel + +%package mmsnmptrapd +Summary: Message modification module for snmptrapd generated messages +Group: System Environment/Daemons +Requires: %name = %version-%release + +%package mysql +Summary: MySQL support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: mariadb-connector-c-devel + +%package omamqp1 +Summary: AMQP1 support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +Requires: cyrus-sasl-lib +Requires: openssl-libs +BuildRequires: cmake +BuildRequires: make +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: cyrus-sasl-devel +BuildRequires: openssl-devel +BuildRequires: python3 + +%package pgsql +Summary: PostgresSQL support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: postgresql-devel + +%package relp +Summary: RELP protocol support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +Requires: librelp >= 1.0.3 +BuildRequires: librelp-devel >= 1.2.16 + +%package snmp +Summary: SNMP protocol support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +BuildRequires: net-snmp-devel + +%description +Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, +syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, +and fine grain output format control. It is compatible with stock sysklogd +and can be used as a drop-in replacement. Rsyslog is simple to set up, with +advanced features suitable for enterprise-class, encryption-protected syslog +relay chains. + +%description crypto +This package contains a module providing log file encryption and a +command line tool to process encrypted logs. + +%description doc +This subpackage contains documentation for rsyslog. + +%description elasticsearch +This module provides the capability for rsyslog to feed logs directly into +Elasticsearch. + +%description gnutls +The rsyslog-gnutls package contains the rsyslog plugins that provide the +ability to send and receive syslog messages via TCP or RELP using TLS +encryption. For details refer to rsyslog doc on imtcp and omfwd modules. + +%description gssapi +The rsyslog-gssapi package contains the rsyslog plugins which support GSSAPI +authentication and secure connections. GSSAPI is commonly used for Kerberos +authentication. + +%description kafka +The rsyslog-kafka package provides modules for Apache Kafka input and output. + +%description mmaudit +This module provides message modification supporting Linux audit format +in various settings. + +%description mmjsonparse +This module provides the capability to recognize and parse JSON enhanced +syslog messages. + +%description mmkubernetes +The rsyslog-mmkubernetes package provides module for adding kubernetes +container metadata. + +%description mmnormalize +This module provides the capability to normalize log messages via liblognorm. + +%description mmsnmptrapd +This message modification module takes messages generated from snmptrapd and +modifies them so that they look like they originated from the read originator. + +%description mysql +The rsyslog-mysql package contains a dynamic shared object that will add +MySQL database support to rsyslog. + +%description omamqp1 +The rsyslog-omamqp1 package contains a dynamic shared object that will add +AMQP1 support to rsyslog. + +%description pgsql +The rsyslog-pgsql package contains a dynamic shared object that will add +PostgreSQL database support to rsyslog. + +%description relp +The rsyslog-relp package contains the rsyslog plugins that provide +the ability to receive syslog messages via the reliable RELP +protocol. + +%description snmp +The rsyslog-snmp package contains the rsyslog plugin that provides the +ability to send syslog messages as SNMPv1 and SNMPv2c traps. + +%prep +# set up rsyslog-doc sources +%setup -q -a 1 -T -c + +#regenerate the docs + +#mv build/searchindex.js searchindex_backup.js +#sphinx-build -b html source build +#clean up +#mv searchindex_backup.js build/searchindex.js + +rm -r LICENSE README.md source build/objects.inv +mv build doc + +# set up rsyslog sources +%setup -q -D +%setup -q -D -T -b 5 + +%patch0 -p1 -b .service +%patch1 -p1 -b .default-tag +%patch2 -p1 -b .imfile-statefiles +%patch3 -p1 -b .deny-expired-certs +%patch4 -p1 -b .config-enabled-on +%patch5 -p1 -b .serialize-json +%patch6 -p1 -b .imfile-id +%patch7 -p1 -b .imfile-selinux-symlink + +%build +%ifarch sparc64 +#sparc64 need big PIE +export CFLAGS="$RPM_OPT_FLAGS -fPIC" +%else +export CFLAGS="$RPM_OPT_FLAGS -fpic" +%endif +# build the proton first +( + cd %{_builddir}/qpid-proton-0.31.0 + mkdir bld + cd bld + + # Need ENABLE_FUZZ_TESTING=NO to avoid a link failure + # Find python include dir and python library from + # https://stackoverflow.com/questions/24174394/cmake-is-not-able-to-find-python-libraries + cmake .. \ + -DBUILD_BINDINGS="" \ + -DBUILD_STATIC_LIBS=YES \ + -DENABLE_FUZZ_TESTING=NO \ + -DPYTHON_INCLUDE_DIR=$(python3 -c "from distutils.sysconfig import get_python_inc; print(get_python_inc())") \ + -DPYTHON_LIBRARY=$(python3 -c "import distutils.sysconfig as sysconfig; print(sysconfig.get_config_var('LIBDIR'))") \ + -DCMAKE_AR="/usr/bin/gcc-ar" -DCMAKE_NM="/usr/bin/gcc-nm" -DCMAKE_RANLIB="/usr/bin/gcc-ranlib" + make -j8 +) +%ifarch sparc64 +#sparc64 need big PIE +export CFLAGS="$RPM_OPT_FLAGS -fPIE" +%else +export CFLAGS="$RPM_OPT_FLAGS -fpie" +%endif +export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" + +sed -i 's/%{version}/%{version}-%{release}/g' configure.ac +autoreconf -if +%configure \ + --prefix=/usr \ + --disable-static \ + --disable-testbench \ + --enable-elasticsearch \ + --enable-generate-man-pages \ + --enable-gnutls \ + --enable-gssapi-krb5 \ + --enable-imdiag \ + --enable-imfile \ + --enable-imjournal \ + --enable-imkafka \ + --enable-impstats \ + --enable-imptcp \ + --enable-mail \ + --enable-mmanon \ + --enable-mmaudit \ + --enable-mmcount \ + --enable-mmjsonparse \ + --enable-mmkubernetes \ + --enable-mmnormalize \ + --enable-mmsnmptrapd \ + --enable-mmutf8fix \ + --enable-mysql \ + --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.31.0/bld/c/include" \ + --enable-omhttp \ + --enable-omjournal \ + --enable-omkafka \ + --enable-omprog \ + --enable-omstdout \ + --enable-omuxsock \ + --enable-pgsql \ + --enable-pmaixforwardedfrom \ + --enable-pmcisconames \ + --enable-pmlastmsg \ + --enable-pmsnare \ + --enable-relp \ + --enable-snmp \ + --enable-unlimited-select \ + --enable-usertools + +make + +%install +make DESTDIR=%{buildroot} install + +install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig +install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d +install -d -m 755 %{buildroot}%{_sysconfdir}/rsyslog.d +install -d -m 700 %{buildroot}%{rsyslog_statedir} +install -d -m 700 %{buildroot}%{rsyslog_pkidir} +install -d -m 755 %{buildroot}%{rsyslog_docdir}/html + +install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rsyslog.conf +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog +install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/syslog +install -p -m 644 plugins/ommysql/createDB.sql %{buildroot}%{rsyslog_docdir}/mysql-createDB.sql +install -p -m 644 plugins/ompgsql/createDB.sql %{buildroot}%{rsyslog_docdir}/pgsql-createDB.sql +install -p -m 644 contrib/mmkubernetes/*.rulebase %{buildroot}%{rsyslog_docdir} +# extract documentation +cp -r doc/* %{buildroot}%{rsyslog_docdir}/html +# get rid of libtool libraries +rm -f %{buildroot}%{_libdir}/rsyslog/*.la +# get rid of socket activation by default +sed -i '/^Alias/s/^/;/;/^Requires=syslog.socket/s/^/;/' %{buildroot}%{_unitdir}/rsyslog.service + +# convert line endings from "\r\n" to "\n" +cat tools/recover_qi.pl | tr -d '\r' > %{buildroot}%{_bindir}/rsyslog-recover-qi.pl + +%post +for n in /var/log/{messages,secure,maillog,spooler} +do + [ -f $n ] && continue + umask 066 && touch $n +done +%systemd_post rsyslog.service + +%preun +%systemd_preun rsyslog.service + +%postun +%systemd_postun_with_restart rsyslog.service + +%files +%doc AUTHORS COPYING* ChangeLog +%exclude %{rsyslog_docdir}/html +%exclude %{rsyslog_docdir}/mysql-createDB.sql +%exclude %{rsyslog_docdir}/pgsql-createDB.sql +%dir %{_libdir}/rsyslog +%dir %{_sysconfdir}/rsyslog.d +%dir %{rsyslog_statedir} +%dir %{rsyslog_pkidir} +%{_sbindir}/rsyslogd +%attr(755,root,root) %{_bindir}/rsyslog-recover-qi.pl +%{_mandir}/man5/rsyslog.conf.5.gz +%{_mandir}/man8/rsyslogd.8.gz +%{_unitdir}/rsyslog.service +%config(noreplace) %{_sysconfdir}/rsyslog.conf +%config(noreplace) %{_sysconfdir}/sysconfig/rsyslog +%config(noreplace) %{_sysconfdir}/logrotate.d/syslog +# plugins +%{_libdir}/rsyslog/fmhash.so +%{_libdir}/rsyslog/fmhttp.so +%{_libdir}/rsyslog/imdiag.so +%{_libdir}/rsyslog/imfile.so +%{_libdir}/rsyslog/imjournal.so +%{_libdir}/rsyslog/imklog.so +%{_libdir}/rsyslog/immark.so +%{_libdir}/rsyslog/impstats.so +%{_libdir}/rsyslog/imptcp.so +%{_libdir}/rsyslog/imtcp.so +%{_libdir}/rsyslog/imudp.so +%{_libdir}/rsyslog/imuxsock.so +%{_libdir}/rsyslog/lmnet.so +%{_libdir}/rsyslog/lmnetstrms.so +%{_libdir}/rsyslog/lmnsd_ptcp.so +%{_libdir}/rsyslog/lmregexp.so +%{_libdir}/rsyslog/lmtcpclt.so +%{_libdir}/rsyslog/lmtcpsrv.so +%{_libdir}/rsyslog/lmzlibw.so +%{_libdir}/rsyslog/mmanon.so +%{_libdir}/rsyslog/mmcount.so +%{_libdir}/rsyslog/mmexternal.so +%{_libdir}/rsyslog/mmutf8fix.so +%{_libdir}/rsyslog/omhttp.so +%{_libdir}/rsyslog/omjournal.so +%{_libdir}/rsyslog/ommail.so +%{_libdir}/rsyslog/omprog.so +%{_libdir}/rsyslog/omstdout.so +%{_libdir}/rsyslog/omtesting.so +%{_libdir}/rsyslog/omuxsock.so +%{_libdir}/rsyslog/pmaixforwardedfrom.so +%{_libdir}/rsyslog/pmcisconames.so +%{_libdir}/rsyslog/pmlastmsg.so +%{_libdir}/rsyslog/pmsnare.so + +%files crypto +%{_bindir}/rscryutil +%{_mandir}/man1/rscryutil.1.gz +%{_libdir}/rsyslog/lmcry_gcry.so + +%files doc +%doc %{rsyslog_docdir}/html + +%files elasticsearch +%{_libdir}/rsyslog/omelasticsearch.so + +%files gssapi +%{_libdir}/rsyslog/lmgssutil.so +%{_libdir}/rsyslog/imgssapi.so +%{_libdir}/rsyslog/omgssapi.so + +%files gnutls +%{_libdir}/rsyslog/lmnsd_gtls.so + +%files kafka +%{_libdir}/rsyslog/imkafka.so +%{_libdir}/rsyslog/omkafka.so + +%files mmaudit +%{_libdir}/rsyslog/mmaudit.so + +%files mmjsonparse +%{_libdir}/rsyslog/mmjsonparse.so + +%files mmkubernetes +%{_libdir}/rsyslog/mmkubernetes.so +%doc %{rsyslog_docdir}/k8s_filename.rulebase +%doc %{rsyslog_docdir}/k8s_container_name.rulebase + +%files mmnormalize +%{_libdir}/rsyslog/mmnormalize.so + +%files mmsnmptrapd +%{_libdir}/rsyslog/mmsnmptrapd.so + +%files mysql +%doc %{rsyslog_docdir}/mysql-createDB.sql +%{_libdir}/rsyslog/ommysql.so + +%files omamqp1 +%{_libdir}/rsyslog/omamqp1.so + +%files pgsql +%doc %{rsyslog_docdir}/pgsql-createDB.sql +%{_libdir}/rsyslog/ompgsql.so + +%files relp +%{_libdir}/rsyslog/imrelp.so +%{_libdir}/rsyslog/omrelp.so + +%files snmp +%{_libdir}/rsyslog/omsnmp.so + + +%changelog +* Thu Jun 18 2020 Jiri Vymazal - 8.1911.0-6 + RHEL 8.3.0 ERRATUM +- added patch preventing imfile crash when selinux blocks symlink + access + resolves: rhbz#1843994 +- fixed config-enabled patch + resolves: rhbz#1659383 + +* Thu Jun 04 2020 Jiri Vymazal - 8.1911.0-5 + RHEL 8.3.0 ERRATUM +- added qpid-proton as another source and enabled omamqp1 module + in a separate sub-package with it statically linked + resolves: rhbz#1713427 +- extended config.enabled patch to cover rest of the cases + resolves: rhbz#1659383 +- added patch making json serialization thread-safe + resolves: rhbz#1789675 +- added another patch for imfile state-files id + resolves: rhbz#1793569 +- fixed typo in commend-out part of default rsyslog.conf + +* Wed Dec 11 2019 Jiri Vymazal - 8.1911.0-3 + RHEL 8.2.0 ERRATUM +- added patch reverting rejecting expired certs by default + resolves: rhbz#1782353 +- added patch silencing false errors on config.enabled statement + resolves: rhbz#1659383 + +* Tue Dec 03 2019 Jiri Vymazal - 8.1911.0-2 + RHEL 8.2.0 ERRATUM +- cleaned old patches, fixed patch names + resolves: rhbz#1740683 + +* Mon Dec 02 2019 Jiri Vymazal - 8.1911.0-1 + RHEL 8.2.0 ERRATUM +- rebased to 8.1911.0 upstream version, removed, previously + upstreamed patches + resolves: rhbz#1740683 + resolves: rhbz#1659383 + resolves: rhbz#1746876 + resolves: rhbz#1676559 + resolves: rhbz#1692072 + resolves: rhbz#1692073 + resolves: rhbz#1692074 + resolves: rhbz#1699242 + resolves: rhbz#1738213 + resolves: rhbz#1744691 + resolves: rhbz#1755218 + resolves: rhbz#1768321 + resolves: rhbz#1768324 +- added patch fixing imfile stefiles naming + resolves: rhbz#1763757 + +* Fri Aug 30 2019 Jiri Vymazal - 8.37.0-13 + RHEL 8.1.0 ERRATUM +- added patch enabling stricter TLS certs checking conforming to + common criteria requirements + resolves: rhbz#1733244 + +* Mon Jul 22 2019 Jiri Vymazal - 8.37.0-12 + RHEL 8.1.0 ERRATUM +- edited imjournal memleak patch to not cause double-free crash + resolves: rhbz#1729995 +- added patch calling journald API only when there are no + preceeding errors + resolves: rhbz#1722165 +- added patch fixing imrelp module when invoked with old syntax + resolves: rhbz#1724218 + +* Wed Jun 05 2019 Jiri Vymazal - 8.37.0-11 + RHEL 8.1.0 ERRATUM +- fixed memory leak in imjournal by proper cursor releasing + resolves: rhbz#1716867 + +* Fri May 10 2019 Jiri Vymazal - 8.37.0-10 + RHEL 8.1.0 ERRATUM +- added option for imfile endmsg.regex + resolves: rhbz#1627941 +- added patch enhancing imfile rotation detection + resolves: rhbz#1674471 +- added patch fixing msgOffset datatype preventing crash on + message with too long other fields + resolves: rhbz#1677037 +- added patch introducing "preservecase" option for imudp/imtcp + resolves: rhbz#1614181 + +* Mon Dec 17 2018 Jiri Vymazal - 8.37.0-9 + RHEL 8.0.0 ERRATUM +- added back legacy option for imjournal default tag + resolves: rhbz#1659898 + +* Fri Dec 14 2018 Jiri Vymazal - 8.37.0-8 + RHEL 8.0.0 ERRATUM +- fixes mmkubenetes handling 404 and 429 errors + resolves: rhbz#1622768 + +* Fri Oct 19 2018 Jiri Vymazal - 8.37.0-7 +- removed version from docdir macro + resolves: rhbz#1638023 + +* Mon Aug 27 2018 Jiri Vymazal - 8.37.0-6 +- updated patch for enhanced imfile symlink support + resolves: rhbz#1614179 + +* Fri Aug 10 2018 Jiri Vymazal - 8.37.0-5 +- rebuild for rebased dependencies +- dependency cleanup and sorted sub-packages in spec + resolves: rhbz#1613880 + +* Fri Aug 10 2018 Jiri Vymazal - 8.37.0-4 +- enabled mmkubernetes module + resolves: rhbz#1614432 + resolves: rhbz#1614441 + +* Thu Aug 09 2018 Josef Ridky - 8.37.0-3 +- Rebuild for Net-SNMP + +* Thu Aug 09 2018 Jiri Vymazal - 8.37.0-2 +- added patch for enhanced imfile symlink support + resolves: rhbz#1614179 + +* Wed Aug 08 2018 Jiri Vymazal - 8.37.0-1 +- rebase to 8.37.0 + resolves: rhbz#1613880 + resolves: rhbz#1564054 + resolves: rhbz#1598218 + - dropped invalid statefile patch - upstreamed + - dropped imjournal duplicates patch - upstreamed + resolves: rhbz#1544394 +- renumbered default tag patch and fitted onto rebased version + +* Fri Aug 03 2018 Jiri Vymazal - 8.36.0-4 +- removed dependency on libee + resolves: rhbz#1612032 + +* Wed Aug 01 2018 Jiri Vymazal - 8.36.0-3 +- dropped json_nonoverwrite patch as there is no reason for + keeping it +- renumbered rest of patches +- added release number to AC_INIT to have it in package error logs + +* Mon Jul 16 2018 Charalampos Stratakis - 8.36.0-2 +- Depend on python3-docutils + +* Mon Jul 02 2018 Jiri Vymazal - 8.36.0-1 +- changed PID file name to follow upstream +- removed config option to disable stdlog as it is now + disabled by default + +* Thu Jun 28 2018 Jiri Vymazal - 8.36.0-1 +- rebase to 8.36 +- removed hiredis module +- removed omudpspoof module + resolves: rhbz#1593762 +- finished converting config to new-style syntax + +* Mon May 21 2018 Jiri Vymazal - 8.35.0-1 +- spec file cleanup +- enabled kafka and hiredis modules + resolves: rhbz#1542497 + resolves: rhbz#1542504 +- renamed patch fixing imjournal duplicating messages + resolves: rhbz#1544394 + +* Thu May 17 2018 Marek Tamaskovic - 8.35.0-1 +- rebase to 8.35 +- rebased patches from 8.32 to 8.35 + - fixed imjournal-duplicates + - fixed imjournal-default-tag + - fixed service patch + - fixed in upstream deserialize-property-name + +* Fri Mar 23 2018 Radovan Sroka - 8.32.0-2 +- rebuild, bumped release number + +* Tue Feb 06 2018 Radovan Sroka - 8.32.0-1 +- initial clean build with plugins from rhel7 +- removed plugins: + - libdbi + - omruleset + - pmrfc3164sd +- imported from fedora26