import rsyslog-8.1911.0-6.el8

2020-11-03 07:06:45 -05:00 · 2020-11-03 07:06:45 -05:00 · 6659df9922
parent 4066a6fcea
commit 6659df9922
8 changed files with 287 additions and 21 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 SOURCES/qpid-proton-0.31.0.tar.gz
 SOURCES/rsyslog-8.1911.0.tar.gz
 SOURCES/rsyslog-doc-8.1911.0.tar.gz
--- a/.rsyslog.metadata
+++ b/.rsyslog.metadata
@ -1,2 +1,3 @@
 8714235747ec8947648448eecda57e97d3a733ce SOURCES/qpid-proton-0.31.0.tar.gz
 30dfc2b99d73598788e2bd0d0ac45e16e7c3a3d5 SOURCES/rsyslog-8.1911.0.tar.gz
 8bcb23571ab8011b712ccf52acee20f8940b7f03 SOURCES/rsyslog-doc-8.1911.0.tar.gz
--- a/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch
+++ b/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch
@ -1,28 +1,123 @@
-From fec4535f1c407f39d35ed4f3921662f94710a10e Mon Sep 17 00:00:00 2001
+From ba5b68be84888b24918dd019b87ed9f62d7fa988 Mon Sep 17 00:00:00 2001
-From: Rainer Gerhards <rgerhards@adiscon.com>
+From: Jiri Vymazal <jvymazal@redhat.com>
-Date: Mon, 9 Dec 2019 08:46:27 +0100
+Date: Tue, 11 Feb 2020 13:46:23 +0100
-Subject: [PATCH] core/config bugfix: false error msg when config.enabled="on"
+Subject: [PATCH] Fixed processing of 'cofig.enabled' directive
 is used
-When the 'config.enabled="on"' config parameter an invalid error message
+Previously the directive was processed way too late which caused
-was emitted that this parameter is not supported. However, it was still
+false errors whenever it was set to 'off' and possibly other
-applied properly. This commit removes the invalid error message.
+problems.
 closes https://github.com/rsyslog/rsyslog/issues/4011
 ---
- grammar/rainerscript.c | 2 ++
+ grammar/rainerscript.c | 43+++++++++++++++++++++++----------------
- 1 file changed, 2 insertions(+)
+ grammar/rainerscript.h |  1 +
 runtime/rsconf.c       | 10 +++++++++
 3 files changed, 38 insertions(+), 18 deletions(-)
 diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
-index 1b8581b537..fd55360472 100644
+index 8f14bbe319..4398e6011a 100644
 --- a/grammar/rainerscript.c
 +++ b/grammar/rainerscript.c
-@@ -1219,6 +1219,8 @@ nvlstGetParams(struct nvlst *lst, struct cnfparamblk *params,
+@@ -699,6 +699,22 @@ nvlstFindNameCStr(struct nvlst *lst, const char *const __restrict__ name)
- 			for(val = lst; val != NULL ; val = val->next) {
+ 	return lst;
- 				val->bUsed = 1;
+ }
- 			}
+ 
-+		} else {
+/* check if the nvlst is disabled, and mark config.enabled directive
-+			valnode->bUsed = 1;
+ * as used if it is not. Returns 1 if block is disabled, 0 otherwise.
 + */
 +int nvlstChkDisabled(struct nvlst *lst)
 +{
 +	struct nvlst *valnode;
 +
 +	if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) {
 +		lst->bUsed = 1;
 +		if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) {
 +			return 1;
 +		}
 +	}
 +	return 0;
 +}
 +
 /* check if there are duplicate names inside a nvlst and emit
  * an error message, if so.
@@ -1207,21 +1224,6 @@ nvlstGetParams(struct nvlst *lst, struct cnfparamblk *params,
 		}
 	}
 -	/* now config-system parameters (currently a bit hackish, as we
 -	 * only have one...). -- rgerhards, 2018-01-24
 -	 */
 -	if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) {
 -		if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) {
 -			dbgprintf("config object disabled by configuration\n");
 -			/* flag all params as used to not emit error mssages */
 -			bInError = 1;
 -			struct nvlst *val;
 -			for(val = lst; val != NULL ; val = val->next) {
 -				val->bUsed = 1;
 -			}
 -		}
 -	}
 -
 	/* done parameter processing */
 	if(bInError) {
 		if(bValsWasNULL)
@@ -4418,8 +4418,13 @@ cnfstmtNewAct(struct nvlst *lst)
 	struct cnfstmt* cnfstmt;
 	char namebuf[256];
 	rsRetVal localRet;
 -	if((cnfstmt = cnfstmtNew(S_ACT)) == NULL)
 +	if((cnfstmt = cnfstmtNew(S_ACT)) == NULL) {
 		goto done;
 +	}
 +	if (nvlstChkDisabled(lst)) {
 +		dbgprintf("action disabled by configuration\n");
 +		cnfstmt->nodetype = S_NOP;
 +	}
 	localRet = actionNewInst(lst, &cnfstmt->d.act);
 	if(localRet == RS_RET_OK_WARN) {
 		parser_errmsg("warnings occured in file '%s' around line %d",
@@ -5284,6 +5289,11 @@ includeProcessCnf(struct nvlst *const lst)
 		goto done;
 	}
 +	if (nvlstChkDisabled(lst)) {
 +		DBGPRINTF("include statement disabled\n");
 +		goto done;
 +	}
 +
 	pvals = nvlstGetParams(lst, &incpblk, NULL);
 	if(pvals == NULL) {
 		goto done;
 diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h
 index bfa8ee6cb9..0f8128861b 100644
 --- a/grammar/rainerscript.h
 +++ b/grammar/rainerscript.h
@@ -340,6 +340,7 @@ void nvlstDestruct(struct nvlst *lst);
 void nvlstPrint(struct nvlst *lst);
 void nvlstChkUnused(struct nvlst *lst);
 struct nvlst* nvlstFindName(struct nvlst *lst, es_str_t *name);
 +int nvlstChkDisabled(struct nvlst *lst);
 struct cnfobj* cnfobjNew(enum cnfobjType objType, struct nvlst *lst);
 void cnfobjDestruct(struct cnfobj *o);
 void cnfobjPrint(struct cnfobj *o);
 diff --git a/runtime/rsconf.c b/runtime/rsconf.c
 index fc0863a738..303e06365b 100644
 --- a/runtime/rsconf.c
 +++ b/runtime/rsconf.c
@@ -438,6 +438,16 @@ cnfDoObj(struct cnfobj *const o)
 	dbgprintf("cnf:global:obj: ");
 	cnfobjPrint(o);
 +
 +	/* We need to check for object disabling as early as here to cover most
 +	 * of them at once and avoid needless initializations
 +	 * - jvymazal 2020-02-12
 +	 */
 +	if (nvlstChkDisabled(o->nvlst)) {
 +		dbgprintf("object disabled by configuration\n");
 +		return;
 +	}
 +
 	switch(o->objType) {
 	case CNFOBJ_GLOBAL:
 		glblProcessCnf(o);
--- a/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch
+++ b/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch
@ -0,0 +1,33 @@
 From: Jiri Vymazal <jvymazal@redhat.com>
 Date: Wed, 18 Dec 2019 09:48:15 +0100
 Subject: [PATCH] Fix race condition related to libfastjson when using DA queue
 Rsyslogd aborts when writing to disk queue from multiple workers simultaneously.
 It is assumed that libfastjson is not thread-safe.
 Resolve libfastjson race condition when writing to disk queue.
 see also https://github.com/rsyslog/rsyslog/issues/4099
 ---
 runtime/msg.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/runtime/msg.c b/runtime/msg.c
 index b5c17cfdd4..f9da40005f 100644
 --- a/runtime/msg.c
 +++ b/runtime/msg.c
@@ -1242,11 +1242,15 @@ static rsRetVal MsgSerialize(smsg_t *pThis, strm_t *pStrm)
 	psz = pThis->pszStrucData;
 	CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("pszStrucData"), PROPTYPE_PSZ, (void*) psz));
 	if(pThis->json != NULL) {
 +		MsgLock(pThis);
 		psz = (uchar*) json_object_get_string(pThis->json);
 +		MsgUnlock(pThis);
 		CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("json"), PROPTYPE_PSZ, (void*) psz));
 	}
 	if(pThis->localvars != NULL) {
 +		MsgLock(pThis);
 		psz = (uchar*) json_object_get_string(pThis->localvars);
 +		MsgUnlock(pThis);
 		CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("localvars"), PROPTYPE_PSZ, (void*) psz));
 	}
--- a/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch
+++ b/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch
@ -0,0 +1,37 @@
 From 0c69ec76d8cac47bcfa78abae86229ad63c92b0b Mon Sep 17 00:00:00 2001
 From: Jiri Vymazal <jvymazal@redhat.com>
 Date: Tue, 21 Jan 2020 13:58:14 +0100
 Subject: [PATCH] Fixed saving of old file_id for statefiles
 Previously we saved old file_id unconditionally, which led to not
 deleting old statefiles if files changes without rsyslog running.
 Now it should work correctly.
 ---
 plugins/imfile/imfile.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
 diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
 index 908bb5901c..5ad44f6c59 100644
 --- a/plugins/imfile/imfile.c
 +++ b/plugins/imfile/imfile.c
@@ -1258,8 +1258,8 @@ get_file_id_hash(const char *data, size_t lendata,
 static void ATTR_NONNULL(1)
 getFileID(act_obj_t *const act)
 {
 -	/* save the old id for cleaning purposes */
 -	strncpy(act->file_id_prev, (const char*)act->file_id, FILE_ID_HASH_SIZE);
 +	char tmp_id[FILE_ID_HASH_SIZE];
 +	strncpy(tmp_id, (const char*)act->file_id, FILE_ID_HASH_SIZE);
 	act->file_id[0] = '\0';
 	assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */
 	char filedata[FILE_ID_SIZE];
@@ -1270,6 +1270,9 @@ getFileID(act_obj_t *const act)
 	} else {
 		DBGPRINTF("getFileID partial or error read, ret %d\n", r);
 	}
 +	if (strncmp(tmp_id, act->file_id, FILE_ID_HASH_SIZE)) {/* save the old id for cleaning purposes */
 +		strncpy(act->file_id_prev, tmp_id, FILE_ID_HASH_SIZE);
 +	}
 	DBGPRINTF("getFileID for '%s', file_id_hash '%s'\n", act->name, act->file_id);
 }
--- a/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch
+++ b/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch
@ -0,0 +1,24 @@
 From 89ff6436b55cd81c54dcb076490b0c4de98d508d Mon Sep 17 00:00:00 2001
 From: Jiri Vymazal <jvymazal@redhat.com>
 Date: Tue, 9 Jun 2020 12:09:59 +0200
 Subject: [PATCH] Fixing imfile segfaulting on selinux denial
 If imfile is denied access to file watched trough symlink there is
 unchecked condition resulting in access to not initialized memory.
 ---
 plugins/imfile/imfile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
 index f360bd290b..21d6546552 100644
 --- a/plugins/imfile/imfile.c
 +++ b/plugins/imfile/imfile.c
@@ -732,7 +732,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file,
 		} else { /* reporting only in debug for dirs as higher lvl paths are likely blocked by selinux */
 			DBGPRINTF("imfile: error accessing directory '%s'", name);
 		}
 -		FINALIZE;
 +		ABORT_FINALIZE(RS_RET_NO_FILE_ACCESS);
 	}
 	DBGPRINTF("add new active object '%s' in '%s'\n", name, edge->path);
 	CHKmalloc(act = calloc(sizeof(act_obj_t), 1));
--- a/SOURCES/rsyslog.conf
+++ b/SOURCES/rsyslog.conf
@ -12,7 +12,7 @@ module(load="imuxsock" 	  # provides support for local system logging (e.g. via
 module(load="imjournal" 	    # provides access to the systemd journal
       StateFile="imjournal.state") # File to store the position in the journal
 #module(load="imklog") # reads kernel messages (the same are read from journald)
-#module(load"immark") # provides --MARK-- message capability
+#module(load="immark") # provides --MARK-- message capability
 # Provides UDP syslog reception
 # for parameters see http://www.rsyslog.com/doc/imudp.html
--- a/SPECS/rsyslog.spec
+++ b/SPECS/rsyslog.spec
@ -6,7 +6,7 @@
 Summary: Enhanced system logging and kernel message trapping daemon
 Name: rsyslog
 Version: 8.1911.0
-Release: 3%{?dist}
+Release: 6%{?dist}
 License: (GPLv3+ and ASL 2.0)
 Group: System Environment/Daemons
 ExcludeArch: i686
@ -16,6 +16,7 @@ Source1: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.ta
 Source2: rsyslog.conf
 Source3: rsyslog.sysconfig
 Source4: rsyslog.log
 Source5: qpid-proton-0.31.0.tar.gz
 BuildRequires: autoconf
 BuildRequires: automake
@ -50,6 +51,9 @@ Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
 Patch2: rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch
 Patch3: rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch
 Patch4: rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch
 Patch5: rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch
 Patch6: rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch
 Patch7: rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch
 %package crypto
 Summary: Encryption support
@ -117,6 +121,20 @@ Group: System Environment/Daemons
 Requires: %name = %version-%release
 BuildRequires: mariadb-connector-c-devel
 %package omamqp1
 Summary: AMQP1 support for rsyslog
 Group: System Environment/Daemons
 Requires: %name = %version-%release
 Requires: cyrus-sasl-lib
 Requires: openssl-libs
 BuildRequires: cmake
 BuildRequires: make
 BuildRequires: gcc
 BuildRequires: gcc-c++
 BuildRequires: cyrus-sasl-devel
 BuildRequires: openssl-devel
 BuildRequires: python3
 %package pgsql
 Summary: PostgresSQL support for rsyslog
 Group: System Environment/Daemons
@ -191,6 +209,10 @@ modifies them so that they look like they originated from the read originator.
 The rsyslog-mysql package contains a dynamic shared object that will add
 MySQL database support to rsyslog.
 %description omamqp1
 The rsyslog-omamqp1 package contains a dynamic shared object that will add
 AMQP1 support to rsyslog.
 %description pgsql
 The rsyslog-pgsql package contains a dynamic shared object that will add
 PostgreSQL database support to rsyslog.
@ -220,16 +242,44 @@ mv build doc
 # set up rsyslog sources
 %setup -q -D
 %setup -q -D -T -b 5
 %patch0 -p1 -b .service
 %patch1 -p1 -b .default-tag
 %patch2 -p1 -b .imfile-statefiles
 %patch3 -p1 -b .deny-expired-certs
 %patch4 -p1 -b .config-enabled-on
 %patch5 -p1 -b .serialize-json
 %patch6 -p1 -b .imfile-id
 %patch7 -p1 -b .imfile-selinux-symlink
 %build
 %ifarch sparc64
 #sparc64 need big PIE
 export CFLAGS="$RPM_OPT_FLAGS -fPIC"
 %else
 export CFLAGS="$RPM_OPT_FLAGS -fpic"
 %endif
 # build the proton first
 (
 	cd %{_builddir}/qpid-proton-0.31.0
 	mkdir bld
 	cd bld
 	# Need ENABLE_FUZZ_TESTING=NO to avoid a link failure
 	# Find python include dir and python library from
 	# https://stackoverflow.com/questions/24174394/cmake-is-not-able-to-find-python-libraries
    cmake .. \
 		-DBUILD_BINDINGS="" \
 		-DBUILD_STATIC_LIBS=YES \
 		-DENABLE_FUZZ_TESTING=NO \
 		-DPYTHON_INCLUDE_DIR=$(python3 -c "from distutils.sysconfig import get_python_inc; print(get_python_inc())")  \
 		-DPYTHON_LIBRARY=$(python3 -c "import distutils.sysconfig as sysconfig; print(sysconfig.get_config_var('LIBDIR'))") \
 		-DCMAKE_AR="/usr/bin/gcc-ar" -DCMAKE_NM="/usr/bin/gcc-nm" -DCMAKE_RANLIB="/usr/bin/gcc-ranlib"
 	make -j8
 )
 %ifarch sparc64
 #sparc64 need big PIE
 export CFLAGS="$RPM_OPT_FLAGS -fPIE"
 %else
 export CFLAGS="$RPM_OPT_FLAGS -fpie"
@ -262,6 +312,7 @@ autoreconf -if
 	--enable-mmsnmptrapd \
 	--enable-mmutf8fix \
 	--enable-mysql \
 	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.31.0/bld/c/include" \
 	--enable-omhttp \
 	--enable-omjournal \
 	--enable-omkafka \
@ -417,6 +468,9 @@ done
 %doc %{rsyslog_docdir}/mysql-createDB.sql
 %{_libdir}/rsyslog/ommysql.so
 %files omamqp1
 %{_libdir}/rsyslog/omamqp1.so
 %files pgsql
 %doc %{rsyslog_docdir}/pgsql-createDB.sql
 %{_libdir}/rsyslog/ompgsql.so
@ -430,6 +484,27 @@ done
 %changelog
 * Thu Jun 18 2020 Jiri Vymazal <jvymazal@redhat.com> - 8.1911.0-6
  RHEL 8.3.0 ERRATUM
 - added patch preventing imfile crash when selinux blocks symlink
  access
  resolves: rhbz#1843994
 - fixed config-enabled patch
  resolves: rhbz#1659383
 * Thu Jun 04 2020 Jiri Vymazal <jvymazal@redhat.com> - 8.1911.0-5
  RHEL 8.3.0 ERRATUM
 - added qpid-proton as another source and enabled omamqp1 module
  in a separate sub-package with it statically linked
  resolves: rhbz#1713427
 - extended config.enabled patch to cover rest of the cases 
  resolves: rhbz#1659383
 - added patch making json serialization thread-safe
  resolves: rhbz#1789675
 - added another patch for imfile state-files id
  resolves: rhbz#1793569
 - fixed typo in commend-out part of default rsyslog.conf
 * Wed Dec 11 2019 Jiri Vymazal <jvymazal@redhat.com> - 8.1911.0-3
  RHEL 8.2.0 ERRATUM
 - added patch reverting rejecting expired certs by default