diff --git a/rsyslog-7.4.0-imjournal-segv.rhbz971471.patch b/rsyslog-7.4.0-imjournal-segv.rhbz971471.patch new file mode 100644 index 0000000..45149b2 --- /dev/null +++ b/rsyslog-7.4.0-imjournal-segv.rhbz971471.patch @@ -0,0 +1,35 @@ +From 0082647fa5e6849b83ab4c6b9ab2e8803245db14 Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Fri, 7 Jun 2013 01:15:10 +0200 +Subject: [PATCH] bugfix: be more tolerant to malformed journal fields + +This prevents a segfault when a malformed journal entry field doesn't +contain an equal sign. Should not ever happen but was actually +triggered by a real bug in systemd journal. +--- + plugins/imjournal/imjournal.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c +index ae29154..cce45b9 100755 +--- a/plugins/imjournal/imjournal.c ++++ b/plugins/imjournal/imjournal.c +@@ -244,7 +244,14 @@ readjournal() { + SD_JOURNAL_FOREACH_DATA(j, get, l) { + /* locate equal sign, this is always present */ + equal_sign = memchr(get, '=', l); +- assert (equal_sign != NULL); ++ ++ /* ... but we know better than to trust the specs */ ++ if (equal_sign == NULL) { ++ errmsg.LogError(0, RS_RET_ERR,"SD_JOURNAL_FOREACH_DATA()" ++ " returned a malformed field (has no '='): '%s'", ++ get); ++ continue; /* skip the entry */ ++ } + + /* get length of journal data prefix */ + prefixlen = ((char *)equal_sign - (char *)get); +-- +1.7.10.4 + diff --git a/rsyslog-7.4.0-ratelimiter-loop.rhbz971471.patch b/rsyslog-7.4.0-ratelimiter-loop.rhbz971471.patch new file mode 100644 index 0000000..9d201b3 --- /dev/null +++ b/rsyslog-7.4.0-ratelimiter-loop.rhbz971471.patch @@ -0,0 +1,38 @@ +From f11a873dc4e258c346765af9d5d23a1180493ee8 Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Sat, 8 Jun 2013 23:27:48 +0200 +Subject: [PATCH 2/2] bugfix: prevent an endless loop in the ratelimiter + +If messages are being dropped because of ratelimiting, an internal +message is generated to inform about this fact. This should happen +only uppon the firs occurance but the counter that tracks the number +of dropped messages was incremented only after sending the message. If +the message itself gets ratelimited, an endless loop spins out of +control. Thanks to Jerry James for notifying about this. +--- + runtime/ratelimit.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/runtime/ratelimit.c b/runtime/ratelimit.c +index d83da2d..ec24855 100644 +--- a/runtime/ratelimit.c ++++ b/runtime/ratelimit.c +@@ -167,13 +167,13 @@ withinRatelimit(ratelimit_t *ratelimit, time_t tt) + ratelimit->done++; + ret = 1; + } else { +- if(ratelimit->missed == 0) { ++ ratelimit->missed++; ++ if(ratelimit->missed == 1) { + snprintf((char*)msgbuf, sizeof(msgbuf), + "%s: begin to drop messages due to rate-limiting", + ratelimit->name); + logmsgInternal(RS_RET_RATE_LIMITED, LOG_SYSLOG|LOG_INFO, msgbuf, 0); + } +- ratelimit->missed++; + ret = 0; + } + +-- +1.7.10.4 + diff --git a/rsyslog-7.4.0-ratelimiter-loop2.rhbz971471.patch b/rsyslog-7.4.0-ratelimiter-loop2.rhbz971471.patch new file mode 100644 index 0000000..15c1038 --- /dev/null +++ b/rsyslog-7.4.0-ratelimiter-loop2.rhbz971471.patch @@ -0,0 +1,29 @@ +From 82db8e6fbba89bf486cc7e642e4f8daaa43852e8 Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Mon, 10 Jun 2013 23:09:38 +0200 +Subject: [PATCH] bugfix: prevent another endless loop in the ratelimiter + +The message that reports how many messages were lost due to +ratelimiting was sent before reseting the state that led to it. If it +itself got ratelimited, this could lead to an endless loop. +--- + runtime/ratelimit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/runtime/ratelimit.c b/runtime/ratelimit.c +index ec24855..443a5fa 100644 +--- a/runtime/ratelimit.c ++++ b/runtime/ratelimit.c +@@ -128,8 +128,8 @@ tellLostCnt(ratelimit_t *ratelimit) + snprintf((char*)msgbuf, sizeof(msgbuf), + "%s: %u messages lost due to rate-limiting", + ratelimit->name, ratelimit->missed); +- logmsgInternal(RS_RET_RATE_LIMITED, LOG_SYSLOG|LOG_INFO, msgbuf, 0); + ratelimit->missed = 0; ++ logmsgInternal(RS_RET_RATE_LIMITED, LOG_SYSLOG|LOG_INFO, msgbuf, 0); + } + } + +-- +1.7.10.4 + diff --git a/rsyslog.spec b/rsyslog.spec index 76c75c5..9c86b8f 100644 --- a/rsyslog.spec +++ b/rsyslog.spec @@ -26,7 +26,13 @@ Patch0: rsyslog-7.2.2-systemd.patch Patch1: rsyslog-7.2.2-manpage-dbg-mode.patch # prevent modification of trusted properties (proposed upstream) Patch2: rsyslog-7.2.1-msg_c_nonoverwrite_merge.patch +# merged upstream Patch3: rsyslog-7.3.15-imuxsock-warning.patch +# merged upstream +Patch4: rsyslog-7.4.0-imjournal-segv.rhbz971471.patch +# merged upstream +Patch5: rsyslog-7.4.0-ratelimiter-loop.rhbz971471.patch +Patch6: rsyslog-7.4.0-ratelimiter-loop2.rhbz971471.patch BuildRequires: bison BuildRequires: flex @@ -244,6 +250,9 @@ of source ports. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %build %ifarch sparc64 @@ -469,6 +478,10 @@ done - rebase to 7.4.0 - drop autoconf automake libtool from BuildRequires - depends on systemd >= 201 because of the sd_journal_get_events() api +- add a patch to prevent a segfault in imjournal caused by a bug in + systemd journal +- add a patch to prevent an endless loop in the ratelimiter +- add a patch to prevent another endless loop in the ratelimiter * Tue Jun 04 2013 Tomas Heinrich 7.3.15-1.20130604git6e72fa6 - rebase to an upstream snapshot, effectively version 7.3.15