rpms
/
rsyslog
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS rsyslog-8.2310.0-4.el9

This commit is contained in:
eabdullin 2024-03-28 11:42:38 +00:00
parent 662eff7377
commit 7c1c95b2e7
38 changed files with 177 additions and 2902 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/qpid-proton-0.39.0.tar.gz
SOURCES/rsyslog-8.2102.0.tar.gz
SOURCES/rsyslog-doc-8.2102.0.tar.gz
SOURCES/rsyslog-8.2310.0.tar.gz
SOURCES/rsyslog-doc-8.2310.0.tar.gz

4
.rsyslog.metadata
View File

@ -1,3 +1,3 @@
e2fe5aada26415aeb1902435a8acf5ee388cb2cf SOURCES/qpid-proton-0.39.0.tar.gz
fdda78ed808e7a0dca03ead9227a0a5d913a050f SOURCES/rsyslog-8.2102.0.tar.gz
9c2188d435cb5f79c1c35749003bd2a61e7f2d07 SOURCES/rsyslog-doc-8.2102.0.tar.gz
702012a5ed36fe2a07bed78f80de1915787aac75 SOURCES/rsyslog-8.2310.0.tar.gz
9016da3bc06acdbde78ad83d129582c22fe444a1 SOURCES/rsyslog-doc-8.2310.0.tar.gz

40
SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch → SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch
View File

@ -1,7 +1,7 @@
diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjournal.c
--- ./plugins/imjournal/imjournal.c.default-tag 2018-05-17 08:50:11.416418022 -0400
+++ ./plugins/imjournal/imjournal.c 2018-05-17 08:53:02.884418022 -0400
@@ -78,6 +78,7 @@ static struct configSettings_s {
diff -up rsyslog-8.2310.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2310.0/plugins/imjournal/imjournal.c
--- rsyslog-8.2310.0/plugins/imjournal/imjournal.c.orig 2023-10-10 16:42:39.771369418 +0200
+++ rsyslog-8.2310.0/plugins/imjournal/imjournal.c 2023-10-10 16:51:39.839133580 +0200
@@ -87,6 +87,7 @@ static struct configSettings_s {
int bWorkAroundJournalBug; /* deprecated, left for backwards compatibility only */
int bFsync;
int bRemote;
@ -9,7 +9,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
} cs;
static rsRetVal facilityHdlr(uchar **pp, void *pVal);
@@ -93,7 +94,8 @@ static struct cnfparamdescr modpdescr[]
@@ -106,7 +107,8 @@ static struct cnfparamdescr modpdescr[]
{ "usepid", eCmdHdlrString, 0 },
{ "workaroundjournalbug", eCmdHdlrBinary, 0 },
{ "fsync", eCmdHdlrBinary, 0 },
@ -19,7 +19,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
};
static struct cnfparamblk modpblk =
{ CNFPARAMBLK_VERSION,
@@ -104,6 +106,7 @@ static struct cnfparamblk modpblk =
@@ -117,6 +119,7 @@ static struct cnfparamblk modpblk =
#define DFLT_persiststateinterval 10
#define DFLT_SEVERITY pri2sev(LOG_NOTICE)
#define DFLT_FACILITY pri2fac(LOG_USER)
@ -27,37 +27,27 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
static int bLegacyCnfModGlobalsPermitted = 1;/* are legacy module-global config parameters permitted? */
@@ -268,7 +271,7 @@ readjournal(void)
/* Information from messages */
char *message = NULL;
- char *sys_iden;
+ char *sys_iden = NULL;
char *sys_iden_help = NULL;
const void *get;
@@ -331,7 +334,7 @@ readjournal(void)
if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
@@ -458,7 +461,7 @@ readjournal(void)
} else if (journalGetData("_COMM", &get, &length) >= 0) {
CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden));
} else {
- CHKmalloc(sys_iden = strdup("journal"));
+ CHKmalloc(sys_iden = strdup(cs.dfltTag));
}
/* trying to get PID, default is "SYSLOG_PID" property */
@@ -654,6 +657,11 @@ CODESTARTrunInput
"\"usepidfromsystem\" is depricated, use \"usepid\" instead");
@@ -826,6 +829,10 @@ CODESTARTrunInput
"\"usepidfromsystem\" is deprecated, use \"usepid\" instead");
}
+ if (cs.dfltTag == NULL) {
+ cs.dfltTag = strdup(DFLT_TAG);
+ }
+
+
if (cs.usePid && (strcmp(cs.usePid, "system") == 0)) {
pidFieldName = "_PID";
bPidFallBack = 0;
@@ -732,6 +740,7 @@ CODESTARTbeginCnfLoad
@@ -914,6 +921,7 @@ CODESTARTbeginCnfLoad
cs.bWorkAroundJournalBug = 1;
cs.bFsync = 0;
cs.bRemote = 0;
@ -65,7 +55,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
ENDbeginCnfLoad
@@ -754,6 +763,7 @@ BEGINfreeCnf
@@ -983,6 +991,7 @@ BEGINfreeCnf
CODESTARTfreeCnf
free(cs.stateFile);
free(cs.usePid);
@ -73,7 +63,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
free(journalContext.cursor);
statsobj.Destruct(&(statsCounter.stats));
ENDfreeCnf
@@ -832,6 +842,8 @@ CODESTARTsetModCnf
@@ -1077,6 +1086,8 @@ CODESTARTsetModCnf
cs.bFsync = (int) pvals[i].val.d.n;
} else if (!strcmp(modpblk.descr[i].name, "remote")) {
cs.bRemote = (int) pvals[i].val.d.n;
@ -82,7 +72,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
} else {
dbgprintf("imjournal: program error, non-handled "
"param '%s' in beginCnfLoad\n", modpblk.descr[i].name);
@@ -799,6 +820,8 @@ CODEmodInit_QueryRegCFSLineHdlr
@@ -1144,6 +1155,8 @@ CODEmodInit_QueryRegCFSLineHdlr
facilityHdlr, &cs.iDfltFacility, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournalusepidfromsystem", 0, eCmdHdlrBinary,
NULL, &cs.bUseJnlPID, STD_LOADABLE_MODULE_ID));

11
SOURCES/rsyslog-8.2102.0-capabilities-capnetraw.patch
View File

@ -1,11 +0,0 @@
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-03-06 09:33:13.969300666 +0100
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-03-06 09:33:35.089326502 +0100
@@ -2164,6 +2164,7 @@ main(int argc, char **argv)
CAP_SETGID,
CAP_SETUID,
CAP_DAC_OVERRIDE,
+ CAP_NET_RAW,
CAP_SYS_ADMIN,
CAP_SYS_CHROOT,
CAP_SYS_RESOURCE,

67
SOURCES/rsyslog-8.2102.0-capabilities-drop-credential.patch
View File

@ -1,67 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-02-17 11:52:17.460043970 +0100
+++ rsyslog-8.2102.0/runtime/rsconf.c 2023-02-17 12:00:49.881602881 +0100
@@ -33,9 +33,6 @@
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/stat.h>
-#ifdef ENABLE_LIBCAPNG
- #include <cap-ng.h>
-#endif
#include "rsyslog.h"
#include "obj.h"
@@ -549,7 +546,7 @@ rsRetVal doDropPrivGid(void)
uchar szBuf[1024];
DEFiRet;
-#ifndef ENABLE_LIBCAPNG
+
if(!ourConf->globals.gidDropPrivKeepSupplemental) {
res = setgroups(0, NULL); /* remove all supplemental group IDs */
if(res) {
@@ -567,15 +564,6 @@ rsRetVal doDropPrivGid(void)
"could not set requested group id: %s via setgid()", szBuf);
ABORT_FINALIZE(RS_RET_ERR_DROP_PRIV);
}
-#else
- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
- res = capng_change_id(-1, ourConf->globals.gidDropPriv, capng_flags);
- if (res) {
- LogError(0, RS_RET_LIBCAPNG_ERR,
- "could not set requested group id %d via capng_change_id()", ourConf->globals.gidDropPriv);
- ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR);
- }
-#endif
DBGPRINTF("setgid(%d): %d\n", ourConf->globals.gidDropPriv, res);
snprintf((char*)szBuf, sizeof(szBuf), "rsyslogd's groupid changed to %d",
@@ -613,13 +601,8 @@ static void doDropPrivUid(int iUid)
iUid, szBuf);
}
-#ifndef ENABLE_LIBCAPNG
+
res = setuid(iUid);
- // res = setuid(cnf->globals.uidDropPriv);
-#else
- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
- res = capng_change_id(iUid, -1, capng_flags);
-#endif
if(res) {
/* if we can not set the userid, this is fatal, so let's unconditionally abort */
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-02-17 11:52:00.011011019 +0100
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-02-17 11:58:37.322491823 +0100
@@ -2161,9 +2161,9 @@ main(int argc, char **argv)
CAP_LEASE,
CAP_NET_ADMIN,
CAP_NET_BIND_SERVICE,
- CAP_PERFMON,
CAP_SETGID,
CAP_SETUID,
+ CAP_DAC_OVERRIDE,
CAP_SYS_ADMIN,
CAP_SYS_CHROOT,
CAP_SYS_RESOURCE,

11
SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
View File

@ -1,11 +0,0 @@
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-07-28 11:11:36.253771848 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-07-28 11:11:57.628795339 +0200
@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
capabilities_t capabilities[] = {
#define CAP_FIELD(code) { code, #code, 0 }
CAP_FIELD(CAP_BLOCK_SUSPEND),
+ CAP_FIELD(CAP_NET_RAW),
CAP_FIELD(CAP_CHOWN),
CAP_FIELD(CAP_IPC_LOCK),
CAP_FIELD(CAP_LEASE),

47
SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch
View File

@ -1,47 +0,0 @@
diff -up rsyslog-8.2102.0/doc/configuration/modules/imfile.html.state-file-leaking-doc rsyslog-8.2102.0/doc/configuration/modules/imfile.html
--- rsyslog-8.2102.0/doc/configuration/modules/imfile.html.state-file-leaking-doc 2021-02-15 12:53:31.000000000 +0100
+++ rsyslog-8.2102.0/doc/configuration/modules/imfile.html 2022-03-29 10:35:07.187827004 +0200
@@ -294,6 +294,28 @@ rsyslog needs write permissions to work
also might require SELinux definitions (or similar for other enhanced security
systems).</p>
</div>
+<div class="section" id="deletestateonfilemove">
+<h4>deleteStateOnFileMove<a class="headerlink" href="#deletestateonfilemove" title="Permalink to this headline">¶</a></h4>
+<table border="1" class="colwidths-auto parameter-table docutils">
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">type</th>
+<th class="head">default</th>
+<th class="head">mandatory</th>
+<th class="head"><code class="docutils literal notranslate"><span class="pre">obsolete</span> <span class="pre">legacy</span></code> directive</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td>binary</td>
+<td>off</td>
+<td>no</td>
+<td>none</td>
+</tr>
+</tbody>
+</table>
+<p>This parameter controls if state files are deleted if their associated main file is rotated via move. Usually, this is a good idea, because otherwise state files are not deleted when log rotation occurs.</p>
+
+<p>However, there is one situation where not deleting associated state file after log rotation makes sense: this is the case if a monitored file is later moved back to the same location as it was before.</p>
+</div>
</div>
<div class="section" id="input-parameters">
<h3>Input Parameters<a class="headerlink" href="#input-parameters" title="Permalink to this headline">¶</a></h3>
@@ -1214,6 +1236,7 @@ and Others.</p>
<li><a class="reference internal" href="#sortfiles">sortFiles</a></li>
<li><a class="reference internal" href="#pollinginterval">PollingInterval</a></li>
<li><a class="reference internal" href="#statefile-directory">statefile.directory</a></li>
+<li><a class="reference internal" href="#deletestateonfilemove">deleteStateOnFileMove</a></li>
</ul>
</li>
<li><a class="reference internal" href="#input-parameters">Input Parameters</a><ul>
@@ -1311,4 +1334,4 @@ and Others.</p>
<div class="footer" role="contentinfo">
</div>
</body>
-</html>
\ No newline at end of file
+</html>

163
SOURCES/rsyslog-8.2102.0-rhbz1938863-covscan.patch
View File

@ -1,163 +0,0 @@
diff -up rsyslog-8.2102.0/contrib/imdocker/imdocker.c.covscan rsyslog-8.2102.0/contrib/imdocker/imdocker.c
--- rsyslog-8.2102.0/contrib/imdocker/imdocker.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/contrib/imdocker/imdocker.c 2021-07-22 14:10:31.877231143 +0200
@@ -1527,6 +1527,7 @@ process_json(sbool isInit, const char* j
pInstances->last_container_id,
(unsigned)pInstances->last_container_created);
}
+ // coverity[leaked_storage : FALSE]
CHKiRet(dockerContLogsInstSetUrlById(isInit, pInst,
pInstances->curlm, containerId));
CHKiRet(dockerContLogReqsAdd(pInstances, pInst));
diff -up rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c.covscan rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c
--- rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c.covscan 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c 2021-07-22 14:10:31.877231143 +0200
@@ -324,7 +324,6 @@ BEGINnewActInst
struct cnfparamvals *pvals;
int i;
int iNumTpls;
- uchar *keydup = NULL;
CODESTARTnewActInst
if((pvals = nvlstGetParams(lst, &actpblk, NULL)) == NULL)
ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
@@ -417,14 +416,11 @@ CODESTARTnewActInst
CHKiRet(OMSRsetEntry(*ppOMSR, 0, (uchar*)pData->tplName, OMSR_NO_RQD_TPL_OPTS));
if (pData->dynaKey) {
- CHKmalloc(keydup = ustrdup(pData->key));
CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(pData->key), OMSR_NO_RQD_TPL_OPTS));
- keydup = NULL; /* handed over */
}
CODE_STD_FINALIZERnewActInst
cnfparamvalsDestruct(pvals, &actpblk);
- free(keydup);
ENDnewActInst
diff -up rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c.covscan rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c
--- rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c 2021-07-22 14:10:31.877231143 +0200
@@ -778,6 +778,7 @@ static rsRetVal publishRabbitMQ(wrkrInst
ABORT_FINALIZE(RS_RET_RABBITMQ_CONN_ERR);
}
+ // coverity[identical_branches : FALSE]
if (manage_error(amqp_basic_publish(self->a_conn, 1, exchange, routing_key,
0, 0, p_amqp_props, body_bytes), "amqp_basic_publish")) {
/* error already notified */
diff -up rsyslog-8.2102.0/grammar/rainerscript.c.covscan rsyslog-8.2102.0/grammar/rainerscript.c
--- rsyslog-8.2102.0/grammar/rainerscript.c.covscan 2021-02-15 12:06:16.000000000 +0100
+++ rsyslog-8.2102.0/grammar/rainerscript.c 2021-07-22 14:10:31.878231140 +0200
@@ -2814,7 +2814,7 @@ evalVar(struct cnfvar *__restrict__ cons
if(bMustBeFreed)
free(pszProp);
}
-
+ // coverity[leaked_storage : FALSE]
}
/* perform a string comparision operation against a while array. Semantic is
diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.covscan rsyslog-8.2102.0/plugins/imfile/imfile.c
--- rsyslog-8.2102.0/plugins/imfile/imfile.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/plugins/imfile/imfile.c 2021-07-22 14:10:31.878231140 +0200
@@ -1278,6 +1278,7 @@ static void ATTR_NONNULL(1)
getFileID(act_obj_t *const act)
{
char tmp_id[FILE_ID_HASH_SIZE];
+ // coverity[buffer_size_warning : FALSE]
strncpy(tmp_id, (const char*)act->file_id, FILE_ID_HASH_SIZE);
act->file_id[0] = '\0';
assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */
@@ -1290,6 +1291,7 @@ getFileID(act_obj_t *const act)
DBGPRINTF("getFileID partial or error read, ret %d\n", r);
}
if (strncmp(tmp_id, act->file_id, FILE_ID_HASH_SIZE)) {/* save the old id for cleaning purposes */
+ // coverity[buffer_size_warning : FALSE]
strncpy(act->file_id_prev, tmp_id, FILE_ID_HASH_SIZE);
}
DBGPRINTF("getFileID for '%s', file_id_hash '%s'\n", act->name, act->file_id);
@@ -1544,6 +1546,7 @@ openFileWithoutStateFile(act_obj_t *cons
const int fd = open(act->name, O_RDONLY | O_CLOEXEC);
if(fd >= 0) {
act->pStrm->iCurrOffs = lseek64(fd, 0, SEEK_END);
+ close(fd);
if(act->pStrm->iCurrOffs < 0) {
act->pStrm->iCurrOffs = 0;
LogError(errno, RS_RET_ERR, "imfile: could not query current "
diff -up rsyslog-8.2102.0/plugins/imptcp/imptcp.c.covscan rsyslog-8.2102.0/plugins/imptcp/imptcp.c
--- rsyslog-8.2102.0/plugins/imptcp/imptcp.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/plugins/imptcp/imptcp.c 2021-07-22 14:10:31.878231140 +0200
@@ -1920,6 +1920,7 @@ lstnActivity(ptcplstn_t *const pLstn)
}
finalize_it:
+ // coverity[leaked_handle : FALSE]
RETiRet;
}
diff -up rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c.covscan rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c
--- rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c.covscan 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c 2021-07-22 14:10:31.879231138 +0200
@@ -394,7 +394,7 @@ CODEmodInit_QueryRegCFSLineHdlr
ABORT_FINALIZE(RS_RET_NO_MSG_PASSING);
}
-
+ // coverity[identical_branches : FALSE]
CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler,
resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID));
ENDmodInit
diff -up rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c.covscan rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c
--- rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c.covscan 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c 2021-07-22 14:10:31.879231138 +0200
@@ -368,6 +368,7 @@ writeDataError(wrkrInstanceData_t *const
}
finalize_it:
+ // coverity[leaked_storage : FALSE]
RETiRet;
}
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.covscan rsyslog-8.2102.0/runtime/nsd_gtls.c
--- rsyslog-8.2102.0/runtime/nsd_gtls.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2021-07-22 14:17:06.183174167 +0200
@@ -227,7 +227,7 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis)
pThis->bOurKeyIsInit = 1;
CHKgnutls(gnutls_x509_privkey_import(pThis->ourKey, &data, GNUTLS_X509_FMT_PEM));
free(data.data);
-
+ data.data = NULL;
finalize_it:
if(iRet == RS_RET_CERTLESS) {
diff -up rsyslog-8.2102.0/runtime/nsd_ptcp.c.covscan rsyslog-8.2102.0/runtime/nsd_ptcp.c
--- rsyslog-8.2102.0/runtime/nsd_ptcp.c.covscan 2021-02-15 08:20:04.000000000 +0100
+++ rsyslog-8.2102.0/runtime/nsd_ptcp.c 2021-07-22 14:10:31.879231138 +0200
@@ -191,6 +191,7 @@ SetTlsVerifyDepth(nsd_t __attribute__((u
nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
DEFiRet;
ISOBJ_TYPE_assert((pThis), nsd_ptcp);
+ // coverity[identical_branches : FALSE]
if (verifyDepth == 0) {
FINALIZE;
}
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.covscan rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.covscan 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2021-07-22 14:10:31.879231138 +0200
@@ -293,6 +293,7 @@ writePidFile(void)
free((void*)tmpPidFile);
}
finalize_it:
+ // coverity[leaked_storage : FALSE]
RETiRet;
}
@@ -1026,6 +1027,7 @@ splitOversizeMessage(smsg_t *const pMsg)
/* if necessary, write partial last segment */
if(len_last_segment != 0) {
CHKmalloc(pMsg_seg = MsgDup(pMsg));
+ // coverity[copy_paste_error : FALSE]
MsgSetRawMsg(pMsg_seg, rawmsg + (nsegments * maxlen), len_last_segment);
submitMsg2(pMsg_seg);
}

20
SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
View File

@ -1,20 +0,0 @@
diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-15 12:30:35.238832058 +0200
+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-15 12:32:04.699721356 +0200
@@ -565,6 +565,8 @@ persistJournalState(void)
ABORT_FINALIZE(RS_RET_IO_ERROR);
}
+ fflush(sf);
+
/* change the name of the file to the configured one */
if (rename(tmp_sf, cs.stateFile) < 0) {
LogError(errno, iRet, "imjournal: rename() failed for new path: '%s'", cs.stateFile);
@@ -586,6 +588,7 @@ persistJournalState(void)
LogError(errno, RS_RET_IO_ERROR, "imjournal: fsync on '%s' failed", glbl.GetWorkDir());
ABORT_FINALIZE(RS_RET_IO_ERROR);
}
+ closedir(wd);
}
DBGPRINTF("Persisted journal to '%s'\n", cs.stateFile);

102
SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
View File

@ -1,102 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/cfsysline.c.orig rsyslog-8.2102.0/runtime/cfsysline.c
--- rsyslog-8.2102.0/runtime/cfsysline.c.orig 2021-08-04 07:16:02.663163106 +0200
+++ rsyslog-8.2102.0/runtime/cfsysline.c 2021-08-04 07:18:05.952490008 +0200
@@ -353,13 +353,8 @@ static rsRetVal doGetGID(uchar **pp, rsR
assert(*pp != NULL);
if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "could not extract group name: %s\n", (char*)szName);
- exit(1); /* good exit */
- } else {
- LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
- ABORT_FINALIZE(RS_RET_NOT_FOUND);
- }
+ LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
}
do {
@@ -380,10 +375,6 @@ static rsRetVal doGetGID(uchar **pp, rsR
LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", szName);
}
iRet = RS_RET_NOT_FOUND;
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "ID for group '%s' could not be found or error\n", szName);
- exit(1); /* good exit */
- }
} else {
if(pSetHdlr == NULL) {
/* we should set value directly to var */
@@ -418,25 +409,15 @@ static rsRetVal doGetUID(uchar **pp, rsR
assert(*pp != NULL);
if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "could not extract user name: %s\n", (char*)szName);
- exit(1); /* good exit */
- } else {
- LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
- ABORT_FINALIZE(RS_RET_NOT_FOUND);
- }
+ LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
}
getpwnam_r((char*)szName, &pwBuf, stringBuf, sizeof(stringBuf), &ppwBuf);
if(ppwBuf == NULL) {
- if(loadConf->globals.abortOnIDResolutionFail) {
- fprintf(stderr, "ID for user '%s' could not be found or error\n", (char*)szName);
- exit(1); /* good exit */
- } else {
- LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
- iRet = RS_RET_NOT_FOUND;
- }
+ LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
+ iRet = RS_RET_NOT_FOUND;
} else {
if(pSetHdlr == NULL) {
/* we should set value directly to var */
diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
--- rsyslog-8.2102.0/runtime/glbl.c.orig 2021-08-04 07:18:19.301633677 +0200
+++ rsyslog-8.2102.0/runtime/glbl.c 2021-08-04 07:19:02.409019106 +0200
@@ -210,7 +210,6 @@ static struct cnfparamdescr cnfparamdesc
{ "environment", eCmdHdlrArray, 0 },
{ "processinternalmessages", eCmdHdlrBinary, 0 },
{ "umask", eCmdHdlrFileCreateMode, 0 },
- { "security.abortonidresolutionfail", eCmdHdlrBinary, 0 },
{ "internal.developeronly.options", eCmdHdlrInt, 0 },
{ "internalmsg.ratelimit.interval", eCmdHdlrPositiveInt, 0 },
{ "internalmsg.ratelimit.burst", eCmdHdlrPositiveInt, 0 },
@@ -1443,8 +1442,6 @@ glblDoneLoadCnf(void)
glblInputTimeoutShutdown = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "privdrop.group.keepsupplemental")) {
loadConf->globals.gidDropPrivKeepSupplemental = (int) cnfparamvals[i].val.d.n;
- } else if(!strcmp(paramblk.descr[i].name, "security.abortonidresolutionfail")) {
- loadConf->globals.abortOnIDResolutionFail = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "net.acladdhostnameonfail")) {
*(net.pACLAddHostnameOnFail) = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "net.aclresolvehostname")) {
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2021-08-04 07:19:13.103104854 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.c 2021-08-04 07:19:44.635357684 +0200
@@ -156,7 +156,6 @@ static void cnfSetDefaults(rsconf_t *pTh
pThis->globals.maxErrMsgToStderr = -1;
pThis->globals.umask = -1;
pThis->globals.gidDropPrivKeepSupplemental = 0;
- pThis->globals.abortOnIDResolutionFail = 1;
pThis->templates.root = NULL;
pThis->templates.last = NULL;
pThis->templates.lastStatic = NULL;
diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
--- rsyslog-8.2102.0/runtime/rsconf.h.orig 2021-08-04 07:20:15.848607958 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.h 2021-08-04 07:20:42.782823920 +0200
@@ -73,7 +73,6 @@ struct globals_s {
int uidDropPriv; /* user-id to which priveleges should be dropped to */
int gidDropPriv; /* group-id to which priveleges should be dropped to */
int gidDropPrivKeepSupplemental; /* keep supplemental groups when dropping? */
- int abortOnIDResolutionFail;
int umask; /* umask to use */
uchar *pszConfDAGFile; /* name of config DAG file, non-NULL means generate one */

26
SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
View File

@ -1,26 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/ratelimit.c.orig rsyslog-8.2102.0/runtime/ratelimit.c
--- rsyslog-8.2102.0/runtime/ratelimit.c.orig 2021-07-27 10:37:50.972903104 +0200
+++ rsyslog-8.2102.0/runtime/ratelimit.c 2021-07-27 10:38:26.141002988 +0200
@@ -235,7 +235,6 @@ ratelimitMsg(ratelimit_t *__restrict__ c
{
DEFiRet;
rsRetVal localRet;
- int severity = 0;
*ppRepMsg = NULL;
@@ -246,13 +245,12 @@ ratelimitMsg(ratelimit_t *__restrict__ c
DBGPRINTF("Message discarded, parsing error %d\n", localRet);
ABORT_FINALIZE(RS_RET_DISCARDMSG);
}
- severity = pMsg->iSeverity;
}
}
/* Only the messages having severity level at or below the
* treshold (the value is >=) are subject to ratelimiting. */
- if(ratelimit->interval && (severity >= ratelimit->severity)) {
+ if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) {
char namebuf[512]; /* 256 for FGDN adn 256 for APPNAME should be enough */
snprintf(namebuf, sizeof namebuf, "%s:%s", getHOSTNAME(pMsg),
getAPPNAME(pMsg, 0));

11
SOURCES/rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
View File

@ -1,11 +0,0 @@
diff -up ./rsyslog-8.2102.0/runtime/nsd_gtls.c.ori ./rsyslog-8.2102.0/runtime/nsd_gtls.c
--- rsyslog-8.2102.0/runtime/nsd_gtls.c.ori 2022-01-17 15:50:08.285827256 +0100
+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2022-01-17 15:52:33.282594512 +0100
@@ -1791,6 +1791,7 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew
pNew->gnutlsPriorityString = pThis->gnutlsPriorityString;
pNew->DrvrVerifyDepth = pThis->DrvrVerifyDepth;
pNew->dataTypeCheck = pThis->dataTypeCheck;
+ pNew->bSANpriority = pThis->bSANpriority;
/* if we reach this point, we are in TLS mode */
iRet = gtlsInitSession(pNew);

215
SOURCES/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
View File

@ -1,215 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.orig rsyslog-8.2102.0/runtime/nsd_gtls.c
--- rsyslog-8.2102.0/runtime/nsd_gtls.c.orig 2022-04-11 09:26:17.826271989 +0200
+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2022-04-11 09:33:28.702012052 +0200
@@ -556,7 +556,9 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
DEFiRet;
ISOBJ_TYPE_assert(pThis, nsd_gtls);
- DBGPRINTF("gtlsRecordRecv: start\n");
+ DBGPRINTF("gtlsRecordRecv: start (Pending Data: %zd | Wanted Direction: %s)\n",
+ gnutls_record_check_pending(pThis->sess),
+ (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ ? "READ" : "WRITE") );
lenRcvd = gnutls_record_recv(pThis->sess, pThis->pszRcvBuf, NSD_GTLS_MAX_RCVBUF);
if(lenRcvd >= 0) {
@@ -581,14 +583,30 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
(NSD_GTLS_MAX_RCVBUF+lenRcvd));
pThis->lenRcvBuf = NSD_GTLS_MAX_RCVBUF+lenRcvd;
} else {
- goto sslerr;
+ if (lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
+ goto sslerragain; /* Go to ERR AGAIN handling */
+ } else {
+ /* Do all other error handling */
+ int gnuRet = lenRcvd;
+ ABORTgnutls;
+ }
}
}
} else if(lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
-sslerr:
- pThis->rtryCall = gtlsRtry_recv;
- dbgprintf("GnuTLS receive requires a retry (this most probably is OK and no error condition)\n");
- ABORT_FINALIZE(RS_RET_RETRY);
+sslerragain:
+ /* Check if the underlaying file descriptor needs to read or write data!*/
+ if (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ) {
+ pThis->rtryCall = gtlsRtry_recv;
+ dbgprintf("GnuTLS receive requires a retry, this most probably is OK and no error condition\n");
+ ABORT_FINALIZE(RS_RET_RETRY);
+ } else {
+ uchar *pErr = gtlsStrerror(lenRcvd);
+ LogError(0, RS_RET_GNUTLS_ERR, "GnuTLS receive error %zd has wrong read direction(wants write) "
+ "- this could be caused by a broken connection. GnuTLS reports: %s\n",
+ lenRcvd, pErr);
+ free(pErr);
+ ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
+ }
} else {
int gnuRet = lenRcvd;
ABORTgnutls;
@@ -1978,6 +1996,7 @@ static rsRetVal
Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
{
int iSent;
+ int wantsWriteData = 0;
nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
DEFiRet;
ISOBJ_TYPE_assert(pThis, nsd_gtls);
@@ -1998,10 +2017,12 @@ Send(nsd_t *pNsd, uchar *pBuf, ssize_t *
break;
}
if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN) {
+ /* Check if the underlaying file descriptor needs to read or write data!*/
+ wantsWriteData = gnutls_record_get_direction(pThis->sess);
uchar *pErr = gtlsStrerror(iSent);
- LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d - this "
- "could be caused by a broken connection. GnuTLS reports: %s \n",
- iSent, pErr);
+ LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d, wantsWriteData=%d - this "
+ "could be caused by a broken connection. GnuTLS reports: %s\n",
+ iSent, wantsWriteData, pErr);
free(pErr);
gnutls_perror(iSent);
ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
diff -up rsyslog-8.2102.0/runtime/nsd_gtls.h.orig rsyslog-8.2102.0/runtime/nsd_gtls.h
--- rsyslog-8.2102.0/runtime/nsd_gtls.h.orig 2022-04-11 09:26:32.744262781 +0200
+++ rsyslog-8.2102.0/runtime/nsd_gtls.h 2022-04-11 09:34:29.909982895 +0200
@@ -33,6 +33,11 @@ typedef enum {
gtlsRtry_recv = 2
} gtlsRtryCall_t; /**< IDs of calls that needs to be retried */
+typedef enum {
+ gtlsDir_READ = 0, /**< GNUTLS wants READ */
+ gtlsDir_WRITE = 1 /**< GNUTLS wants WRITE */
+} gtlsDirection_t;
+
typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */
/* the nsd_gtls object */
diff -up rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig rsyslog-8.2102.0/runtime/nsdsel_gtls.c
--- rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig 2022-04-11 09:26:42.529256742 +0200
+++ rsyslog-8.2102.0/runtime/nsdsel_gtls.c 2022-04-11 09:38:27.425869737 +0200
@@ -81,6 +81,7 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls);
+ DBGPRINTF("Add on nsd %p:\n", pNsdGTLS);
if(pNsdGTLS->iMode == 1) {
if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
++pThis->iBufferRcvReady;
@@ -99,6 +100,8 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
}
}
+ dbgprintf("nsdsel_gtls: reached end on nsd %p, calling nsdsel_ptcp.Add with waitOp %d... \n", pNsdGTLS, waitOp);
+
/* if we reach this point, we need no special handling */
CHKiRet(nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp));
@@ -120,7 +123,8 @@ Select(nsdsel_t *pNsdsel, int *piNumRead
if(pThis->iBufferRcvReady > 0) {
/* we still have data ready! */
*piNumReady = pThis->iBufferRcvReady;
- dbgprintf("nsdsel_gtls: doing dummy select, data present\n");
+ dbgprintf("nsdsel_gtls: doing dummy select for %p->iBufferRcvReady=%d, data present\n",
+ pThis, pThis->iBufferRcvReady);
} else {
iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
}
@@ -138,7 +142,7 @@ doRetry(nsd_gtls_t *pNsd)
DEFiRet;
int gnuRet;
- dbgprintf("GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
+ dbgprintf("doRetry: GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
/* We follow a common scheme here: first, we do the systen call and
* then we check the result. So far, the result is checked after the
@@ -151,7 +155,7 @@ doRetry(nsd_gtls_t *pNsd)
case gtlsRtry_handshake:
gnuRet = gnutls_handshake(pNsd->sess);
if(gnuRet == GNUTLS_E_AGAIN || gnuRet == GNUTLS_E_INTERRUPTED) {
- dbgprintf("GnuTLS handshake retry did not finish - "
+ dbgprintf("doRetry: GnuTLS handshake retry did not finish - "
"setting to retry (this is OK and can happen)\n");
FINALIZE;
} else if(gnuRet == 0) {
@@ -167,9 +171,20 @@ doRetry(nsd_gtls_t *pNsd)
}
break;
case gtlsRtry_recv:
- dbgprintf("retrying gtls recv, nsd: %p\n", pNsd);
- CHKiRet(gtlsRecordRecv(pNsd));
- pNsd->rtryCall = gtlsRtry_None; /* we are done */
+ dbgprintf("doRetry: retrying gtls recv, nsd: %p\n", pNsd);
+ iRet = gtlsRecordRecv(pNsd);
+ if (iRet == RS_RET_RETRY) {
+ // Check if there is pending data
+ size_t stBytesLeft = gnutls_record_check_pending(pNsd->sess);
+ if (stBytesLeft > 0) {
+ // We are in retry and more data waiting, finalize it
+ goto finalize_it;
+ } else {
+ dbgprintf("doRetry: gtlsRecordRecv returned RETRY, but there is no pending"
+ "data on nsd: %p\n", pNsd);
+ }
+ }
+ pNsd->rtryCall = gtlsRtry_None; /* no more data, we are done */
gnuRet = 0;
break;
case gtlsRtry_None:
@@ -241,7 +256,7 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd,
* socket. -- rgerhards, 2010-11-20
*/
if(pThis->iBufferRcvReady) {
- dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n");
+ dbgprintf("nsd_gtls: dummy read, %p->buffer not available for this FD\n", pThis);
*pbIsReady = 0;
FINALIZE;
}
diff -up rsyslog-8.2102.0/runtime/tcpsrv.c.orig rsyslog-8.2102.0/runtime/tcpsrv.c
--- rsyslog-8.2102.0/runtime/tcpsrv.c.orig 2022-04-11 09:27:00.376245726 +0200
+++ rsyslog-8.2102.0/runtime/tcpsrv.c 2022-04-11 09:41:57.885777708 +0200
@@ -609,14 +609,15 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
int oserr = 0;
ISOBJ_TYPE_assert(pThis, tcpsrv);
- DBGPRINTF("netstream %p with new data\n", (*ppSess)->pStrm);
+ prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ DBGPRINTF("netstream %p with new data from remote peer %s\n", (*ppSess)->pStrm, pszPeer);
/* Receive message */
iRet = pThis->pRcvData(*ppSess, buf, sizeof(buf), &iRcvd, &oserr);
switch(iRet) {
case RS_RET_CLOSED:
if(pThis->bEmitMsgOnClose) {
errno = 0;
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(0, RS_RET_PEER_CLOSED_CONN, "Netstream session %p closed by remote "
"peer %s.\n", (*ppSess)->pStrm, pszPeer);
}
@@ -632,13 +633,13 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
/* in this case, something went awfully wrong.
* We are instructed to terminate the session.
*/
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(oserr, localRet, "Tearing down TCP Session from %s", pszPeer);
CHKiRet(closeSess(pThis, ppSess, pPoll));
}
break;
default:
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(oserr, iRet, "netstream session %p from %s will be closed due to error",
(*ppSess)->pStrm, pszPeer);
CHKiRet(closeSess(pThis, ppSess, pPoll));
@@ -838,6 +839,7 @@ RunSelect(tcpsrv_t *pThis, nsd_epworkset
while(iTCPSess != -1) {
/* TODO: access to pNsd is NOT really CLEAN, use method... */
CHKiRet(nssel.Add(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD));
+ DBGPRINTF("tcpsrv process session %d:\n", iTCPSess);
/* now get next... */
iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess);
}

51
SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
View File

@ -1,51 +0,0 @@
--- a/source/configuration/actions.rst 2020-01-13 09:35:54.000000000 +0100
+++ b/source/configuration/actions.rst 2022-03-09 10:46:23.945881936 +0100
@@ -90,6 +90,12 @@
provided to the action in question, the action name as well as
the rsyslog status code roughly explaining why it failed.
+- **action.errorfile.maxsize** integer
+
+ In some cases, error file needs to be limited in size.
+ This option allows specifying a maximum size, in bytes, for the error file.
+ When error file reaches that size, no more errors are written to it.
+
- **action.execOnlyOnceEveryInterval** integer
Execute action only if the last execute is at last seconds in the
--- a/build/_sources/configuration/actions.rst.txt 2020-01-13 09:35:54.000000000 +0100
+++ b/build/_sources/configuration/actions.rst.txt 2022-03-09 11:17:44.391213038 +0100
@@ -90,6 +90,12 @@
provided to the action in question, the action name as well as
the rsyslog status code roughly explaining why it failed.
+- **action.errorfile.maxsize** integer
+
+ In some cases, error file needs to be limited in size.
+ This option allows specifying a maximum size, in bytes, for the error file.
+ When error file reaches that size, no more errors are written to it.
+
- **action.execOnlyOnceEveryInterval** integer
Execute action only if the last execute is at last seconds in the
--- a/build/configuration/actions.html 2021-02-15 12:53:30.000000000 +0100
+++ b/build/configuration/actions.html 2022-03-09 11:27:04.035799702 +0100
@@ -122,6 +122,11 @@
provided to the action in question, the action name as well as
the rsyslog status code roughly explaining why it failed.</p>
</li>
+<li><p class="first"><strong>action.errorfile.maxsize</strong> integer</p>
+<p>In some cases, error file needs to be limited in size.
+This option allows specifying a maximum size, in bytes, for the error file.
+When error file reaches that size, no more errors are written to it.</p>
+</li>
<li><p class="first"><strong>action.execOnlyOnceEveryInterval</strong> integer</p>
<p>Execute action only if the last execute is at last seconds in the
past (more info in ommail, but may be used with any action)</p>
@@ -672,4 +677,4 @@
<div class="footer" role="contentinfo">
</div>
</body>
-</html>
\ No newline at end of file
+</html>

192
SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch
View File

@ -1,192 +0,0 @@
--- rsyslog-8.2102.0-ori/action.c 2021-02-15 12:06:16.000000000 +0100
+++ rsyslog-8.2102.0-changes/action.c 2022-03-10 11:00:11.027242300 +0100
@@ -198,6 +198,7 @@
{ "name", eCmdHdlrGetWord, 0 }, /* legacy: actionname */
{ "type", eCmdHdlrString, CNFPARAM_REQUIRED }, /* legacy: actionname */
{ "action.errorfile", eCmdHdlrString, 0 },
+ { "action.errorfile.maxsize", eCmdHdlrInt, 0 },
{ "action.writeallmarkmessages", eCmdHdlrBinary, 0 }, /* legacy: actionwriteallmarkmessages */
{ "action.execonlyeverynthtime", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtime */
{ "action.execonlyeverynthtimetimeout", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtimetimeout */
@@ -400,6 +401,8 @@
pThis->iResumeRetryCount = 0;
pThis->pszName = NULL;
pThis->pszErrFile = NULL;
+ pThis->maxErrFileSize = 0;
+ pThis->errFileWritten = 0;
pThis->pszExternalStateFile = NULL;
pThis->fdErrFile = -1;
pThis->bWriteAllMarkMsgs = 1;
@@ -1436,6 +1439,14 @@
pThis->pszName, pThis->pszErrFile);
goto done;
}
+ if (pThis->maxErrFileSize > 0) {
+ struct stat statbuf;
+ if (fstat(pThis->fdErrFile, &statbuf) == -1) {
+ LogError(errno, RS_RET_ERR, "failed to fstat %s", pThis->pszErrFile);
+ goto done;
+ }
+ pThis->errFileWritten += statbuf.st_size;
+ }
}
for(int i = 0 ; i < nparams ; ++i) {
@@ -1454,16 +1465,26 @@
char *const rendered = strdup((char*)fjson_object_to_json_string(etry));
if(rendered == NULL)
goto done;
- const size_t toWrite = strlen(rendered) + 1;
- /* note: we use the '\0' inside the string to store a LF - we do not
- * otherwise need it and it safes us a copy/realloc.
- */
- rendered[toWrite-1] = '\n'; /* NO LONGER A STRING! */
- const ssize_t wrRet = write(pThis->fdErrFile, rendered, toWrite);
- if(wrRet != (ssize_t) toWrite) {
- LogError(errno, RS_RET_IO_ERROR,
- "action %s: error writing errorFile %s, write returned %lld",
- pThis->pszName, pThis->pszErrFile, (long long) wrRet);
+ size_t toWrite = strlen(rendered) + 1;
+ // Check if need to truncate the amount of bytes to write
+ if (pThis->maxErrFileSize > 0) {
+ if (pThis->errFileWritten + toWrite > pThis->maxErrFileSize) {
+ // Truncate to the pending available
+ toWrite = pThis->maxErrFileSize - pThis->errFileWritten;
+ }
+ pThis->errFileWritten += toWrite;
+ }
+ if(toWrite > 0) {
+ /* note: we use the '\0' inside the string to store a LF - we do not
+ * otherwise need it and it safes us a copy/realloc.
+ */
+ rendered[toWrite-1] = '\n'; /* NO LONGER A STRING! */
+ const ssize_t wrRet = write(pThis->fdErrFile, rendered, toWrite);
+ if(wrRet != (ssize_t) toWrite) {
+ LogError(errno, RS_RET_IO_ERROR,
+ "action %s: error writing errorFile %s, write returned %lld",
+ pThis->pszName, pThis->pszErrFile, (long long) wrRet);
+ }
}
free(rendered);
@@ -2048,6 +2069,8 @@
continue; /* this is handled seperately during module select! */
} else if(!strcmp(pblk.descr[i].name, "action.errorfile")) {
pAction->pszErrFile = es_str2cstr(pvals[i].val.d.estr, NULL);
+ } else if(!strcmp(pblk.descr[i].name, "action.errorfile.maxsize")) {
+ pAction->maxErrFileSize = pvals[i].val.d.n;
} else if(!strcmp(pblk.descr[i].name, "action.externalstate.file")) {
pAction->pszExternalStateFile = es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(pblk.descr[i].name, "action.writeallmarkmessages")) {
--- rsyslog-8.2102.0-ori/action.h 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0-changes/action.h 2022-03-04 11:36:47.024588972 +0100
@@ -77,6 +77,8 @@
/* error file */
const char *pszErrFile;
int fdErrFile;
+ size_t maxErrFileSize;
+ size_t errFileWritten;
pthread_mutex_t mutErrFile;
/* external stat file system */
const char *pszExternalStateFile;
--- rsyslog-8.2102.0-ori/tests/Makefile.am 2021-02-15 12:06:16.000000000 +0100
+++ rsyslog-8.2102.0-changes/tests/Makefile.am 2022-03-04 11:38:01.625095709 +0100
@@ -695,7 +695,8 @@
mysql-actq-mt.sh \
mysql-actq-mt-withpause.sh \
action-tx-single-processing.sh \
- action-tx-errfile.sh
+ action-tx-errfile.sh \
+ action-tx-errfile-maxsize.sh
mysql-basic.log: mysqld-start.log
mysql-basic-cnf6.log: mysqld-start.log
@@ -2156,6 +2157,8 @@
sndrcv_omudpspoof_nonstdpt.sh \
sndrcv_gzip.sh \
action-tx-single-processing.sh \
+ omfwd-errfile-maxsize.sh \
+ action-tx-errfile-maxsize.sh \
action-tx-errfile.sh \
testsuites/action-tx-errfile.result \
pipeaction.sh \
--- rsyslog-8.2102.0-ori/tests/omfwd-errfile-maxsize.sh 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0-changes/tests/omfwd-errfile-maxsize.sh 2022-03-04 11:39:02.060506234 +0100
@@ -0,0 +1,17 @@
+#!/bin/bash
+# part of the rsyslog project, released under ASL 2.0
+. ${srcdir:=.}/diag.sh init
+
+export MAX_ERROR_SIZE=1999
+
+generate_conf
+add_conf '
+action(type="omfwd" target="1.2.3.4" port="1234" Protocol="tcp" NetworkNamespace="doesNotExist"
+ action.errorfile="'$RSYSLOG2_OUT_LOG'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'")
+'
+startup
+shutdown_when_empty
+wait_shutdown
+check_file_exists ${RSYSLOG2_OUT_LOG}
+file_size_check ${RSYSLOG2_OUT_LOG} ${MAX_ERROR_SIZE}
+exit_test
--- rsyslog-8.2102.0-ori/tests/action-tx-errfile-maxsize.sh 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0-changes/tests/action-tx-errfile-maxsize.sh 2022-03-04 11:59:22.592796989 +0100
@@ -0,0 +1,35 @@
+#!/bin/bash
+# part of the rsyslog project, released under ASL 2.0
+
+. ${srcdir:=.}/diag.sh init
+
+export NUMMESSAGES=50 # enough to generate big file
+export MAX_ERROR_SIZE=100
+
+generate_conf
+add_conf '
+$ModLoad ../plugins/ommysql/.libs/ommysql
+global(errormessagestostderr.maxnumber="5")
+
+template(type="string" name="tpl" string="insert into SystemEvents (Message, Facility) values (\"%msg%\", %$!facility%)" option.sql="on")
+
+if((not($msg contains "error")) and ($msg contains "msgnum:")) then {
+ set $.num = field($msg, 58, 2);
+ if $.num % 2 == 0 then {
+ set $!facility = $syslogfacility;
+ } else {
+ set $/cntr = 0;
+ }
+ action(type="ommysql" name="mysql_action_errfile_maxsize" server="127.0.0.1" template="tpl"
+ db="'$RSYSLOG_DYNNAME'" uid="rsyslog" pwd="testbench" action.errorfile="'$RSYSLOG2_OUT_LOG'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'")
+}
+'
+mysql_prep_for_test
+startup
+injectmsg
+shutdown_when_empty
+wait_shutdown
+mysql_get_data
+check_file_exists ${RSYSLOG2_OUT_LOG}
+file_size_check ${RSYSLOG2_OUT_LOG} ${MAX_ERROR_SIZE}
+exit_test
--- rsyslog-8.2102.0/tests/omfwd-errfile-maxsize-filled.sh 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0-changes/tests/omfwd-errfile-maxsize-filled.sh 2022-03-08 16:24:01.174365289 +0100
@@ -0,0 +1,19 @@
+#!/bin/bash
+# part of the rsyslog project, released under ASL 2.0
+. ${srcdir:=.}/diag.sh init
+ERRFILE=$(mktemp)
+export MAX_ERROR_SIZE=1999
+export INITIAL_FILE_SIZE=$((MAX_ERROR_SIZE - 100))
+dd if=/dev/urandom of=${ERRFILE} bs=1 count=${INITIAL_FILE_SIZE}
+generate_conf
+add_conf '
+action(type="omfwd" target="1.2.3.4" port="1234" Protocol="tcp" NetworkNamespace="doesNotExist"
+ action.errorfile="'$ERRFILE'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'")
+'
+startup
+shutdown_when_empty
+wait_shutdown
+check_file_exists ${ERRFILE}
+file_size_check ${ERRFILE} ${MAX_ERROR_SIZE}
+exit_test
+rm ${ERRFILE}

25
SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch
View File

@ -1,25 +0,0 @@
--- rsyslog-8.2102.0/doc/configuration/global/index.html 2021-02-15 12:53:30.000000000 +0100
+++ rsyslog-8.2102.0.backup.doc.202209071236/doc/configuration/global/index.html 2022-09-07 12:33:21.318360707 +0200
@@ -119,7 +119,14 @@
<a class="reference internal" href="../../concepts/netstrm_drvr.html"><span class="doc">network stream driver</span></a> to use.
Defaults to ptcp.</p>
</li>
-<li><p class="first"><strong>$DefaultNetstreamDriverCAFile</strong> &lt;/path/to/cafile.pem&gt;</p>
+<li><p class="first"><strong>$DefaultNetstreamDriverCAFile</strong> &lt;/path/to/cafile.pem&gt;</p>
+</li>
+<li><p class="first"><strong>$NetstreamDriverCAExtraFiles</strong> &lt;/path/to/extracafile.pem&gt; -
+This directive allows to configure multiple additional extra CA files.
+This is intended for SSL certificate chains to work appropriately,
+as the different CA files in the chain need to be specified.
+It must be remarked that this directive only works with the OpenSSL driver.
+</p>
</li>
<li><p class="first"><strong>$DefaultNetstreamDriverCertFile</strong> &lt;/path/to/certfile.pem&gt;</p>
</li>
@@ -311,4 +318,4 @@
<div class="footer" role="contentinfo">
</div>
</body>
-</html>
\ No newline at end of file
+</html>

682
SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch
View File

@ -1,682 +0,0 @@
--- rsyslog-8.2102.0.ori/runtime/glbl.h 2020-10-03 19:06:47.000000000 +0200
+++ rsyslog-8.2102.0/runtime/glbl.h 2022-09-06 11:13:31.538674778 +0200
@@ -72,6 +72,7 @@
SIMP_PROP(DfltNetstrmDrvrCAF, uchar*)
SIMP_PROP(DfltNetstrmDrvrKeyFile, uchar*)
SIMP_PROP(DfltNetstrmDrvrCertFile, uchar*)
+ SIMP_PROP(NetstrmDrvrCAExtraFiles, uchar*)
SIMP_PROP(ParserControlCharacterEscapePrefix, uchar)
SIMP_PROP(ParserDropTrailingLFOnReception, int)
SIMP_PROP(ParserEscapeControlCharactersOnReceive, int)
--- rsyslog-8.2102.0.ori/runtime/glbl.c 2022-09-06 10:37:26.440149338 +0200
+++ rsyslog-8.2102.0/runtime/glbl.c 2022-09-06 11:12:06.198378210 +0200
@@ -122,6 +122,7 @@
static uchar *pszDfltNetstrmDrvrCAF = NULL; /* default CA file for the netstrm driver */
static uchar *pszDfltNetstrmDrvrKeyFile = NULL; /* default key file for the netstrm driver (server) */
static uchar *pszDfltNetstrmDrvrCertFile = NULL; /* default cert file for the netstrm driver (server) */
+static uchar *pszNetstrmDrvrCAExtraFiles = NULL; /* list of additional CAExtraFiles */
int bTerminateInputs = 0; /* global switch that inputs shall terminate ASAP (1=> terminate) */
static uchar cCCEscapeChar = '#'; /* character to be used to start an escape sequence for control chars */
static int bDropTrailingLF = 1; /* drop trailing LF's on reception? */
@@ -176,6 +177,7 @@
{ "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 },
{ "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 },
{ "defaultnetstreamdriver", eCmdHdlrString, 0 },
+ { "netstreamdrivercaextrafiles", eCmdHdlrString, 0 },
{ "maxmessagesize", eCmdHdlrSize, 0 },
{ "oversizemsg.errorfile", eCmdHdlrGetWord, 0 },
{ "oversizemsg.report", eCmdHdlrBinary, 0 },
@@ -307,6 +309,8 @@
/* TODO: use custom function which frees existing value */
SIMP_PROP_SET(DfltNetstrmDrvrCertFile, pszDfltNetstrmDrvrCertFile, uchar*)
/* TODO: use custom function which frees existing value */
+SIMP_PROP_SET(NetstrmDrvrCAExtraFiles, pszNetstrmDrvrCAExtraFiles, uchar*)
+/* TODO: use custom function which frees existing value */
#undef SIMP_PROP
#undef SIMP_PROP_SET
@@ -830,6 +834,13 @@
return(pszDfltNetstrmDrvr == NULL ? DFLT_NETSTRM_DRVR : pszDfltNetstrmDrvr);
}
+/* return the additional ca extra files */
+static uchar*
+GetNetstrmDrvrCAExtraFiles(void)
+{
+ return(pszNetstrmDrvrCAExtraFiles);
+}
+
/* return the current default netstream driver CA File */
static uchar*
@@ -925,6 +936,7 @@
SIMP_PROP(DfltNetstrmDrvrCAF)
SIMP_PROP(DfltNetstrmDrvrKeyFile)
SIMP_PROP(DfltNetstrmDrvrCertFile)
+ SIMP_PROP(NetstrmDrvrCAExtraFiles)
#ifdef USE_UNLIMITED_SELECT
SIMP_PROP(FdSetSize)
#endif
@@ -945,6 +957,8 @@
pszDfltNetstrmDrvrKeyFile = NULL;
free(pszDfltNetstrmDrvrCertFile);
pszDfltNetstrmDrvrCertFile = NULL;
+ free(pszNetstrmDrvrCAExtraFiles);
+ pszNetstrmDrvrCAExtraFiles = NULL;
free(LocalHostNameOverride);
LocalHostNameOverride = NULL;
free(oversizeMsgErrorFile);
@@ -1350,6 +1364,9 @@
free(pszDfltNetstrmDrvr);
pszDfltNetstrmDrvr = (uchar*)
es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
+ } else if(!strcmp(paramblk.descr[i].name, "netstreamdrivercaextrafiles")) {
+ free(pszNetstrmDrvrCAExtraFiles);
+ pszNetstrmDrvrCAExtraFiles = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
} else if(!strcmp(paramblk.descr[i].name, "preservefqdn")) {
bPreserveFQDN = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name,
@@ -1546,6 +1563,8 @@
&pszDfltNetstrmDrvrKeyFile, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdrivercertfile", 0, eCmdHdlrGetWord, NULL,
&pszDfltNetstrmDrvrCertFile, NULL));
+ CHKiRet(regCfSysLineHdlr((uchar *)"netstreamdrivercaextrafiles", 0, eCmdHdlrGetWord, NULL,
+ &pszNetstrmDrvrCAExtraFiles, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"localhostname", 0, eCmdHdlrGetWord, NULL, &LocalHostNameOverride, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"localhostipif", 0, eCmdHdlrGetWord, setLocalHostIPIF, NULL, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"optimizeforuniprocessor", 0, eCmdHdlrGoneAway, NULL, NULL, NULL));
@@ -1579,6 +1598,7 @@
free(pszDfltNetstrmDrvrCAF);
free(pszDfltNetstrmDrvrKeyFile);
free(pszDfltNetstrmDrvrCertFile);
+ free(pszNetstrmDrvrCAExtraFiles);
free(pszWorkDir);
free(LocalDomain);
free(LocalHostName);
--- rsyslog-8.2102.0.ori/runtime/nsd_ossl.c 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/runtime/nsd_ossl.c 2022-09-06 11:25:18.144130340 +0200
@@ -88,6 +88,7 @@
static short bHaveCA;
static short bHaveCert;
static short bHaveKey;
+static short bHaveExtraCAFiles;
static int bAnonInit;
static MUTEX_TYPE anonInit_mut = PTHREAD_MUTEX_INITIALIZER;
@@ -413,7 +414,8 @@
{
DEFiRet;
DBGPRINTF("openssl: entering osslGlblInit\n");
- const char *caFile, *certFile, *keyFile;
+ const char *caFile, *certFile, *keyFile, *extraCaFile;
+ char *extraCaFiles;
/* Setup OpenSSL library */
if((opensslh_THREAD_setup() == 0) || !SSL_library_init()) {
@@ -450,9 +452,27 @@
} else {
bHaveKey = 1;
}
+ extraCaFiles = (char*) glbl.GetNetstrmDrvrCAExtraFiles();
+ if(extraCaFiles == NULL) {
+ bHaveExtraCAFiles = 0;
+ } else {
+ bHaveExtraCAFiles = 1;
+ }
/* Create main CTX Object */
ctx = SSL_CTX_new(SSLv23_method());
+ if(bHaveExtraCAFiles == 1) {
+ while((extraCaFile = strsep(&extraCaFiles, ","))) {
+ if(SSL_CTX_load_verify_locations(ctx, extraCaFile, NULL) != 1) {
+ LogError(0, RS_RET_TLS_CERT_ERR, "Error: Extra Certificate file could not be accessed. "
+ "Check at least: 1) file path is correct, 2) file exist, "
+ "3) permissions are correct, 4) file content is correct. "
+ "Open ssl error info may follow in next messages");
+ osslLastSSLErrorMsg(0, NULL, LOG_ERR, "osslGlblInit");
+ ABORT_FINALIZE(RS_RET_TLS_CERT_ERR);
+ }
+ }
+ }
if(bHaveCA == 1 && SSL_CTX_load_verify_locations(ctx, caFile, NULL) != 1) {
LogError(0, RS_RET_TLS_CERT_ERR, "Error: CA certificate could not be accessed. "
"Check at least: 1) file path is correct, 2) file exist, "
@@ -476,7 +496,7 @@
"Open ssl error info may follow in next messages");
osslLastSSLErrorMsg(0, NULL, LOG_ERR, "osslGlblInit");
ABORT_FINALIZE(RS_RET_TLS_KEY_ERR);
- }
+ }
/* Set CTX Options */
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); /* Disable insecure SSLv2 Protocol */
--- rsyslog-8.2102.0.ori/tests/Makefile.am 2022-09-06 10:37:26.447149363 +0200
+++ rsyslog-8.2102.0/tests/Makefile.am 2022-09-06 12:05:55.443600359 +0200
@@ -1247,7 +1247,8 @@
sndrcv_tls_ossl_servercert_gtls_clientanon.sh \
sndrcv_tls_ossl_serveranon_gtls_clientanon.sh \
sndrcv_tls_gtls_servercert_ossl_clientanon.sh \
- sndrcv_tls_gtls_serveranon_ossl_clientanon.sh
+ sndrcv_tls_gtls_serveranon_ossl_clientanon.sh \
+ sndrcv_ossl_cert_chain.sh
endif
endif
@@ -2575,6 +2576,7 @@
sndrcv_tls_ossl_serveranon_gtls_clientanon.sh \
sndrcv_tls_gtls_servercert_ossl_clientanon.sh \
sndrcv_tls_gtls_serveranon_ossl_clientanon.sh \
+ sndrcv_ossl_cert_chain.sh \
omtcl.sh \
omtcl.tcl \
pmsnare-default.sh \
--- rsyslog-8.2102.0.ori/tests/sndrcv_ossl_cert_chain.sh 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/sndrcv_ossl_cert_chain.sh 2022-09-06 10:48:41.512496691 +0200
@@ -0,0 +1,76 @@
+#!/bin/bash
+# alorbach, 2019-01-16
+# This file is part of the rsyslog project, released under ASL 2.0
+. ${srcdir:=.}/diag.sh init
+export NUMMESSAGES=1000
+# uncomment for debugging support:
+#export RSYSLOG_DEBUG="debug nostdout noprintmutexaction"
+export RSYSLOG_DEBUGLOG="log"
+generate_conf
+export PORT_RCVR="$(get_free_port)"
+### This is important, as it must be exactly the same
+### as the ones configured in used certificates
+export HOSTNAME="fedora"
+add_conf '
+global(
+ DefaultNetstreamDriver="ossl"
+ DefaultNetstreamDriverCAFile="'$srcdir/testsuites/certchain/ca-cert.pem'"
+ DefaultNetstreamDriverCertFile="'$srcdir/testsuites/certchain/server-cert.pem'"
+ DefaultNetstreamDriverKeyFile="'$srcdir/testsuites/certchain/server-key.pem'"
+ NetstreamDriverCAExtraFiles="'$srcdir/testsuites/certchain/ca-root-cert.pem'"
+)
+
+module( load="../plugins/imtcp/.libs/imtcp"
+ StreamDriver.Name="ossl"
+ StreamDriver.Mode="1"
+ PermittedPeer="'$HOSTNAME'"
+ StreamDriver.AuthMode="x509/name" )
+# then SENDER sends to this port (not tcpflood!)
+input( type="imtcp" port="'$PORT_RCVR'" )
+
+$template outfmt,"%msg:F,58:2%\n"
+$template dynfile,"'$RSYSLOG_OUT_LOG'" # trick to use relative path names!
+:msg, contains, "msgnum:" ?dynfile;outfmt
+'
+startup
+export RSYSLOG_DEBUGLOG="log2"
+#valgrind="valgrind"
+generate_conf 2
+export TCPFLOOD_PORT="$(get_free_port)"
+add_conf '
+global(
+ defaultNetstreamDriverCAFile="'$srcdir/testsuites/certchain/ca-root-cert.pem'"
+ defaultNetstreamDriverCertFile="'$srcdir/testsuites/certchain/client-cert.pem'"
+ defaultNetstreamDriverKeyFile="'$srcdir/testsuites/certchain/client-key.pem'"
+)
+
+# Note: no TLS for the listener, this is for tcpflood!
+$ModLoad ../plugins/imtcp/.libs/imtcp
+input( type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port" )
+
+# set up the action
+action( type="omfwd"
+ protocol="tcp"
+ target="127.0.0.1"
+ port="'$PORT_RCVR'"
+ StreamDriver="ossl"
+ StreamDriverMode="1"
+ StreamDriverAuthMode="x509/name"
+ StreamDriverPermittedPeers="'$HOSTNAME'"
+ )
+' 2
+startup 2
+
+# now inject the messages into instance 2. It will connect to instance 1,
+# and that instance will record the data.
+tcpflood -m$NUMMESSAGES -i1
+wait_file_lines
+# shut down sender when everything is sent, receiver continues to run concurrently
+shutdown_when_empty 2
+wait_shutdown 2
+# now it is time to stop the receiver as well
+shutdown_when_empty
+wait_shutdown
+
+seq_check 1 $NUMMESSAGES
+exit_test
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/ca-cert.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/ca-cert.pem 2022-09-06 10:48:41.513496694 +0200
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBzCCA2+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMR0wGwYDVQQDExRyc3lzbG9nK2NoYWluK2Nhcm9vdDAe
+Fw0yMjA2MDYxMzQwNDlaFw0yMzA2MDYxMzQwNDlaMGkxCzAJBgNVBAYTAkNaMRAw
+DgYDVQQIEwdNb3JhdmlhMQ0wCwYDVQQHEwRCcm5vMRAwDgYDVQQKEwdSZWQgSGF0
+MQwwCgYDVQQLEwNHU1MxGTAXBgNVBAMTEHJzeXNsb2crY2hhaW4rY2EwggGiMA0G
+CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQD6yDdc9T3oddk5smOhF8OkRXwb2nvC
+M4RPPiuiACvbVoc3UdW2e4NI77J75JzNQL3gQUpgxGcvWiQt3R67ecYgIWiq0zpi
+MrcU3S0dboK10A6NXtcVc4RgwUPf0c8toM975c/6q2XT9Q0SbcI7HKXdzTXQZJDz
+sqQ3UjJuoCLSl6Dd8M0HXJnd2HlF1h5JeIp5vGrCJzQ5SyO6b4jVODtx/uXBohGn
+2x8NdB7wO5NecDyryrwv+FsUXWS4NNmj917bBuXSx3SmW/G7e8AFvcHN8VG6AxH7
+nap+EWGQia+LNG489flgU3U7Ec8zpTrI1wU6bUi6lK/RPxU0ViCaceGjXfoNofIc
+gGJOSS0LaHjM+c4OhmKWrIJ59j2L/rlIvmfqRO3qgThF4eaOfQTbixe/oiy3gR85
++X6YDXvBwTGZDD6OeG1fCzx/snQLiP3/dRv6LJFE8Krawc9OCOWRDRlIxubrkmYz
+LVBxcFgI4BBGNYVsaMSYrkCVaS2Rv1sNAi0CAwEAAaOBtTCBsjAPBgNVHRMBAf8E
+BTADAQH/MCQGA1UdEQQdMBuCBmZlZG9yYYcEfwAAAYELcm9vdEBmZWRvcmEwDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ7t+ub2L0VzaTLfpubh4rnDk2RmjAfBgNV
+HSMEGDAWgBSv9FgWjwDV6oGLewYzCo2/AdWTmzApBgNVHR8EIjAgMB6gHKAahhho
+dHRwOi8vMTI3LjAuMC4xL2dldGNybC8wDQYJKoZIhvcNAQELBQADggGBADrv9nld
+FjKZCIVQCVxYc1/KFFnKo2KRCqvSdfb235Kx+5tSFWUsOfkSGjfLrv2+IFKSirFQ
+uFSac/qOrMo/W/4A+ypahG9Sx9PRD626/myr8exee2ygkcuGOuXvX3HkcpzNCmId
+ZS5ygtscFq3NdntwBJHe2ANOSJKIIBzC+gzn4r/V6PdxPEjiUrFs515/RBByi63r
+wWPeqvbaectyZyFIS0XN3LAjVb+zu0NQJqBpUGJlRBI1bRbPECu94LB8Huk/jgSJ
+OyFUKrnNeqaGqKnRfHxJxT/LjeTkQ/5cCOQTuE9IPbRvTykUzUQ3PrltwNqzAb44
+9Trqvqg+qGTfNuI7EZAO26zXbltYVZ+BmlULjKors49Ozq5l1JIevvq66etrE9oT
+DsII88MSIWn8bqaXETfKdIWtWu7Os7tmBTnfDQWGpNDJ3UwDpkyQPYJZJuSfELX0
+jpuWuE/1SbLxTx8eAe83z4yM3C21Kg5K2eJ0udagjM8xPdqYI8tF/4bNbA==
+-----END CERTIFICATE-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-root-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/ca-root-cert.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-root-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/ca-root-cert.pem 2022-09-06 10:48:41.513496694 +0200
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE6jCCA1KgAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMR0wGwYDVQQDExRyc3lzbG9nK2NoYWluK2Nhcm9vdDAe
+Fw0yMjA2MDYxMzQwNDlaFw0yMzA2MDYxMzQwNDlaMG0xCzAJBgNVBAYTAkNaMRAw
+DgYDVQQIEwdNb3JhdmlhMQ0wCwYDVQQHEwRCcm5vMRAwDgYDVQQKEwdSZWQgSGF0
+MQwwCgYDVQQLEwNHU1MxHTAbBgNVBAMTFHJzeXNsb2crY2hhaW4rY2Fyb290MIIB
+ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuqAAv1OIGwQqCi1Mflrq8Buo
+G3UtiD8cMEovjzndFV4Ww5fm+R2vCv+tHq6a85mLL0wdqXh+/bAyDzxaULheXZel
+rGPuUFEH2BpOwKXBd31Vx1x32aN9iaoaND/JVQSp+9PeP9zyKeZIN2vFSyNK7LCA
+hdDXVoYeTktXMbm0vB2vMKk+5Vzc7WfyMfrdDvciuULzLU1RzRS2/RkHNlve5iVQ
+XbNN6CpVtXb0K/kcp4SQIVbNTD/g6Z3JnewSWwqjM9/axTC17rpqhsxaWk712Zjo
+lYeuWKfaF9eRXU951u/vrXMMRkDZe0cq5OiTbc1uUQag7uXkbUtEk5HDSihUWwxz
+MegUdUBXFN6EJ7OauWFOeyVJbbvPRa3q9fdlLILvv5/9SiMim6avcj6DlyUz2RhC
+YPh/gJHItuIbZ6hEU+aKqiDYMTHyibRoqOMZgsc8Vo1JAHQTI6gA8JQtGtjEbzIR
+GFkQkj4tvAQQgl5fs9nuweH9GoIaBl1IoIVZyR9PAgMBAAGjgZQwgZEwDwYDVR0T
+AQH/BAUwAwEB/zAkBgNVHREEHTAbggZmZWRvcmGHBH8AAAGBC3Jvb3RAZmVkb3Jh
+MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUr/RYFo8A1eqBi3sGMwqNvwHVk5sw
+KQYDVR0fBCIwIDAeoBygGoYYaHR0cDovLzEyNy4wLjAuMS9nZXRjcmwvMA0GCSqG
+SIb3DQEBCwUAA4IBgQBn/NZeqYon25QY1RmjYkCQ0B+uXsquGURETP30hQ+ltbbG
+u4jP+ll+oYkGVt1+eBi8Qw+rf8Qk3Q/+jmCoGS9vVjQc97r3YJxnFb3zB4HDCWdZ
+qXK7GeBlFA4XAtJO0ya8HCx4znuXKiNwqrJJHyyW2gvkY9raRkKOzj3/9jQXgAw4
+1d8NR9SxjKA2PnCSWNdVQOAm4us2tJXJexvbRx+b9Yu8LgUX/AdT4zqkIV8n6oFV
+XNaGyOsDN/+4JEsKbBixL+g3Y6yQHrwKMYq/Gh1WF33u2yYCzMU4Lw9AoYRG0jHi
+iAFchiwneGdC7E+To+qNdH5QJY38ZI7kWg3ADcXzwhTmvVUz5DNub9raE6yZZ4uf
+CyTGAJjH9USuhwH3unmB0kDjEOExIJHm+9uNA8S/81cwoCl2pz/hzr2fQwR2YLSa
+ox9p6cnQmnkL2j2QXhTvjDIswJmxuR43yqDIZUlx6cq1pTSJeN+8WcB2iK61p4DH
+JhH8af3aLUI5FNNgjas=
+-----END CERTIFICATE-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/client-cert.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/client-cert.pem 2022-09-06 10:48:41.513496694 +0200
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXjCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMRkwFwYDVQQDExByc3lzbG9nK2NoYWluK2NhMB4XDTIy
+MDYwNjEzNDA0OVoXDTIzMDYwNjEzNDA0OVowbTELMAkGA1UEBhMCQ1oxEDAOBgNV
+BAgTB01vcmF2aWExDTALBgNVBAcTBEJybm8xEDAOBgNVBAoTB1JlZCBIYXQxDDAK
+BgNVBAsTA0dTUzEdMBsGA1UEAxMUcnN5c2xvZytjaGFpbitjbGllbnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSIbnL1ViRk9CAPerSirUpBtnR4qYD
+XzPSkVJzX5PKLJkeJ6z6oIPoioh59+70ipL5K4ETkmbUFaKP+Lrk7l53BvAnP8Ba
+1rWNV2gzgyiihGCs7N/iamh9Rzj5lQCvzUJhiTcphcptV+0IIf9rbEggEazbSg1A
+BHxS8EBUx+ddVJc6MAlEbA/sstkqfE14k8YZPZlU9ZmLjyHbsQbfXFegYee6WMP0
+M7CqrMZ0ZWvDRWgqWOE+b8agmIKPb2VxJXuR3iXBJk8ANcrRzn/tXShMuGK5KiWL
+a6mFrzR6w55DgjIAKkmPO43jMO/qbWB91RVys/ztK7qIoXm3yadOeIU1AgMBAAGj
+gYwwgYkwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAkBgNVHREE
+HTAbggZmZWRvcmGHBH8AAAGBC3Jvb3RAZmVkb3JhMB0GA1UdDgQWBBSoW3Alxk4+
+6Uwv80/UE5C5rT4e6TAfBgNVHSMEGDAWgBQ7t+ub2L0VzaTLfpubh4rnDk2RmjAN
+BgkqhkiG9w0BAQsFAAOCAYEA5Nbnwixitghw9Zg3DANXFXiOsQBx7KEup7+x7edw
+n9r2raqNJEjT2Fv+ClEA3CIdPF+4wjoolOPezrNJxKO3UpYCQeO4ZU/QVl8BX8NB
+4v1rUqXsvhE//4FcLvMM+6n8Nrtt1VRhks8N0b0p/md9dFKGucd4otPZm0sbOrsg
+nrhDYzZiFAzJg3zFwOOHzxP6iKj2mfq+2XRiKl7SlbnEj/8l21Ne1V+mDV5++AEZ
+N/quuf8zYHwwuc3Y8K84doow9yBpFqrpBbazb8586utrAbTbytCqskzImFIjo5Oa
+1ujWArMDsVGGr+NzFWwCTz8VTNNJ5H1cBin0gT41/OwUQv8DIJqzmSFTg9Uqmb2V
+ZwjIvMGE4Tz8phzD0IbSXYmQsSeku4olIDM1d+vLvBlipGAeInmA+nZmeZwdD04c
+poqUj+H3mj1r6WOlk2ivV0TUZKO/JHydkBVf2EQJlEmGuSq/7S889fx3GT7jGcOb
+gl5LlIaraMgA48dK8gJUWtJh
+-----END CERTIFICATE-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-key.pem rsyslog-8.2102.0/tests/testsuites/certchain/client-key.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-key.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/client-key.pem 2022-09-06 12:10:13.808498227 +0200
@@ -0,0 +1,134 @@
+Public Key Info:
+ Public Key Algorithm: RSA
+ Key Security Level: Medium (2048 bits)
+
+modulus:
+ 00:d2:21:b9:cb:d5:58:91:93:d0:80:3d:ea:d2:8a:b5
+ 29:06:d9:d1:e2:a6:03:5f:33:d2:91:52:73:5f:93:ca
+ 2c:99:1e:27:ac:fa:a0:83:e8:8a:88:79:f7:ee:f4:8a
+ 92:f9:2b:81:13:92:66:d4:15:a2:8f:f8:ba:e4:ee:5e
+ 77:06:f0:27:3f:c0:5a:d6:b5:8d:57:68:33:83:28:a2
+ 84:60:ac:ec:df:e2:6a:68:7d:47:38:f9:95:00:af:cd
+ 42:61:89:37:29:85:ca:6d:57:ed:08:21:ff:6b:6c:48
+ 20:11:ac:db:4a:0d:40:04:7c:52:f0:40:54:c7:e7:5d
+ 54:97:3a:30:09:44:6c:0f:ec:b2:d9:2a:7c:4d:78:93
+ c6:19:3d:99:54:f5:99:8b:8f:21:db:b1:06:df:5c:57
+ a0:61:e7:ba:58:c3:f4:33:b0:aa:ac:c6:74:65:6b:c3
+ 45:68:2a:58:e1:3e:6f:c6:a0:98:82:8f:6f:65:71:25
+ 7b:91:de:25:c1:26:4f:00:35:ca:d1:ce:7f:ed:5d:28
+ 4c:b8:62:b9:2a:25:8b:6b:a9:85:af:34:7a:c3:9e:43
+ 82:32:00:2a:49:8f:3b:8d:e3:30:ef:ea:6d:60:7d:d5
+ 15:72:b3:fc:ed:2b:ba:88:a1:79:b7:c9:a7:4e:78:85
+ 35:
+
+public exponent:
+ 01:00:01:
+
+private exponent:
+ 1f:0c:c4:bb:8d:e6:ec:7b:ff:0f:34:17:02:cd:64:3f
+ 8f:b7:97:ff:f9:af:fd:dd:56:7c:0a:c6:e9:94:99:07
+ 46:08:e2:ab:f8:cc:c7:31:11:67:61:3e:75:9c:c4:ed
+ 3a:cc:66:e2:51:7b:c8:52:fa:16:74:16:89:c5:7f:47
+ ef:4a:85:42:32:56:39:eb:d1:da:dc:96:e0:06:9d:1d
+ 1a:7b:f2:f4:92:2c:4f:0c:53:fd:e3:43:55:3a:a5:05
+ ee:0b:ac:8f:02:2a:0b:46:36:cc:40:d9:d1:31:ca:e6
+ 92:36:0c:a1:40:9b:f9:0d:b5:e3:b2:5d:d4:bc:27:5a
+ 17:fd:3f:bd:8e:44:55:f2:e3:96:ac:cc:11:be:65:01
+ 55:98:92:92:ac:59:46:fd:e2:11:80:eb:18:56:6a:82
+ 3c:79:ec:30:b7:06:9b:97:55:74:36:17:7e:d8:c6:95
+ 4e:a5:e1:55:5a:2a:d6:5d:cc:86:39:88:82:ba:31:19
+ 98:d7:26:28:09:fe:b4:38:fe:1b:43:19:19:4f:ae:f2
+ 27:18:d6:07:9a:c2:1c:66:2d:5a:e6:22:2e:ca:71:26
+ dc:76:8f:2e:f3:84:e3:61:5f:77:d3:63:8a:d0:6b:42
+ 2a:6f:1b:98:91:b9:82:8d:d4:c4:f3:92:98:b4:a4:f1
+
+
+prime1:
+ 00:e1:f4:19:35:e3:e2:e7:14:a6:56:8b:45:f9:2b:19
+ bb:13:b3:66:73:44:5d:ca:69:cb:73:d9:78:5a:0f:fd
+ de:ba:74:b3:53:70:a9:ab:52:22:34:78:a2:26:4a:aa
+ 8f:1b:65:c1:3e:df:65:8c:9b:9a:70:04:ae:70:f6:ea
+ c4:e5:20:fa:16:e0:4f:56:f4:7b:d1:14:cc:94:e1:3c
+ 58:02:82:98:20:cd:13:cf:a2:49:13:7a:88:c1:84:72
+ 97:4f:1b:e8:d5:cb:6d:43:dd:d2:b8:09:dd:4f:ee:ce
+ 03:0b:c4:c2:9b:cf:3d:a0:a3:57:fd:1c:c9:eb:af:ae
+ 67:
+
+prime2:
+ 00:ee:13:05:f0:4c:13:e2:f8:27:53:c4:ad:89:d9:31
+ b9:1b:e8:17:b9:db:36:cd:54:0c:15:eb:50:85:e4:8b
+ 03:c4:f2:6d:a0:41:dc:99:21:7e:1e:8a:a1:5e:86:fe
+ 53:d2:72:53:73:8a:7e:a2:43:83:d5:af:b0:e0:1a:89
+ b5:3f:b3:26:d2:8e:92:0d:ed:d1:29:ee:c5:f1:ff:fc
+ 67:2c:a6:5d:4c:27:40:8a:5c:a1:23:d4:3f:11:bb:eb
+ 51:84:be:83:ec:73:3c:2e:ff:43:f6:74:16:b8:95:36
+ 2a:0b:1e:04:81:04:08:7a:40:21:dd:fb:dd:97:0a:76
+ 03:
+
+coefficient:
+ 00:a0:4c:15:4b:85:2f:81:6b:2e:e7:68:31:84:84:09
+ c4:45:55:01:da:3d:25:9d:37:67:ab:19:0b:1f:d3:9f
+ fc:09:12:31:66:5a:93:d8:d9:f2:00:c7:f7:03:0d:2b
+ 9d:2d:b8:38:d0:82:de:03:e7:21:03:29:4f:2a:2b:b5
+ 70:a3:bc:5b:bd:0e:f1:8b:bc:22:58:4a:b4:8f:fd:f5
+ d4:f3:99:31:b1:db:f6:1d:d9:12:a2:48:0a:d0:05:1a
+ 72:dc:8e:30:67:3c:e0:6a:b5:dc:93:6f:e4:17:79:a1
+ 63:2e:25:78:ef:86:d7:9c:f3:dd:5b:d2:bd:62:4f:44
+ f9:
+
+exp1:
+ 60:a2:e2:49:5f:0e:83:20:1c:c7:f4:c6:d7:7b:2c:85
+ 0b:36:f6:01:24:63:2c:97:b4:b0:f6:78:77:a4:51:42
+ 79:e2:41:73:d5:42:6b:88:34:22:d6:d9:1a:a1:62:72
+ d4:17:df:df:40:f2:10:81:d8:3a:42:76:4c:cf:fd:b6
+ 79:fc:71:99:69:13:e5:af:a8:68:d2:89:70:bf:27:ec
+ c8:1e:0c:6c:32:e9:5f:2b:1c:2f:dd:7f:31:ac:b0:c9
+ af:c6:d2:fc:e5:04:f5:3a:a0:cd:9f:42:6c:d6:48:7b
+ 9b:03:ea:eb:72:65:fc:17:00:21:bb:b7:4c:3a:95:cf
+
+
+exp2:
+ 00:a1:a7:61:1c:ed:4b:83:8e:24:86:08:c2:1d:1b:d1
+ 5b:73:cb:80:70:be:9c:d3:87:02:3d:cf:ee:79:3b:d9
+ f8:d1:3e:1b:99:f9:9e:a4:8b:cd:6b:47:8e:92:f4:ee
+ b4:53:ed:35:24:fb:21:49:64:b6:9b:de:14:27:d7:5d
+ 32:28:f2:a8:a5:c8:10:fc:4c:42:fe:4a:17:36:5f:2f
+ 2f:8f:6d:d7:63:e2:33:3c:bf:f0:da:b7:3f:ab:f7:01
+ ad:f4:88:b8:63:51:4b:c8:4d:a4:04:30:87:4d:06:64
+ 24:e0:2f:9d:b7:4c:d9:c4:c8:cf:36:3f:d3:12:c0:13
+ a9:
+
+
+Public Key PIN:
+ pin-sha256:I1Gv1FM9aCxvuCmF0uDnbDbIJgm1TFB2dtJV5v2iCEA=
+Public Key ID:
+ sha256:2351afd4533d682c6fb82985d2e0e76c36c82609b54c507676d255e6fda20840
+ sha1:a85b7025c64e3ee94c2ff34fd41390b9ad3e1ee9
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA0iG5y9VYkZPQgD3q0oq1KQbZ0eKmA18z0pFSc1+TyiyZHies
++qCD6IqIeffu9IqS+SuBE5Jm1BWij/i65O5edwbwJz/AWta1jVdoM4MoooRgrOzf
+4mpofUc4+ZUAr81CYYk3KYXKbVftCCH/a2xIIBGs20oNQAR8UvBAVMfnXVSXOjAJ
+RGwP7LLZKnxNeJPGGT2ZVPWZi48h27EG31xXoGHnuljD9DOwqqzGdGVrw0VoKljh
+Pm/GoJiCj29lcSV7kd4lwSZPADXK0c5/7V0oTLhiuSoli2upha80esOeQ4IyACpJ
+jzuN4zDv6m1gfdUVcrP87Su6iKF5t8mnTniFNQIDAQABAoIBAB8MxLuN5ux7/w80
+FwLNZD+Pt5f/+a/93VZ8CsbplJkHRgjiq/jMxzERZ2E+dZzE7TrMZuJRe8hS+hZ0
+FonFf0fvSoVCMlY569Ha3JbgBp0dGnvy9JIsTwxT/eNDVTqlBe4LrI8CKgtGNsxA
+2dExyuaSNgyhQJv5DbXjsl3UvCdaF/0/vY5EVfLjlqzMEb5lAVWYkpKsWUb94hGA
+6xhWaoI8eewwtwabl1V0Nhd+2MaVTqXhVVoq1l3MhjmIgroxGZjXJigJ/rQ4/htD
+GRlPrvInGNYHmsIcZi1a5iIuynEm3HaPLvOE42Ffd9NjitBrQipvG5iRuYKN1MTz
+kpi0pPECgYEA4fQZNePi5xSmVotF+SsZuxOzZnNEXcppy3PZeFoP/d66dLNTcKmr
+UiI0eKImSqqPG2XBPt9ljJuacASucPbqxOUg+hbgT1b0e9EUzJThPFgCgpggzRPP
+okkTeojBhHKXTxvo1cttQ93SuAndT+7OAwvEwpvPPaCjV/0cyeuvrmcCgYEA7hMF
+8EwT4vgnU8StidkxuRvoF7nbNs1UDBXrUIXkiwPE8m2gQdyZIX4eiqFehv5T0nJT
+c4p+okOD1a+w4BqJtT+zJtKOkg3t0SnuxfH//Gcspl1MJ0CKXKEj1D8Ru+tRhL6D
+7HM8Lv9D9nQWuJU2KgseBIEECHpAId373ZcKdgMCgYBgouJJXw6DIBzH9MbXeyyF
+Czb2ASRjLJe0sPZ4d6RRQnniQXPVQmuINCLW2RqhYnLUF9/fQPIQgdg6QnZMz/22
+efxxmWkT5a+oaNKJcL8n7MgeDGwy6V8rHC/dfzGssMmvxtL85QT1OqDNn0Js1kh7
+mwPq63Jl/BcAIbu3TDqVzwKBgQChp2Ec7UuDjiSGCMIdG9Fbc8uAcL6c04cCPc/u
+eTvZ+NE+G5n5nqSLzWtHjpL07rRT7TUk+yFJZLab3hQn110yKPKopcgQ/ExC/koX
+Nl8vL49t12PiMzy/8Nq3P6v3Aa30iLhjUUvITaQEMIdNBmQk4C+dt0zZxMjPNj/T
+EsATqQKBgQCgTBVLhS+Bay7naDGEhAnERVUB2j0lnTdnqxkLH9Of/AkSMWZak9jZ
+8gDH9wMNK50tuDjQgt4D5yEDKU8qK7Vwo7xbvQ7xi7wiWEq0j/311POZMbHb9h3Z
+EqJICtAFGnLcjjBnPOBqtdyTb+QXeaFjLiV474bXnPPdW9K9Yk9E+Q==
+-----END RSA PRIVATE KEY-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/server-cert.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/server-cert.pem 2022-09-06 10:48:41.513496694 +0200
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIEVTCCAr2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMRkwFwYDVQQDExByc3lzbG9nK2NoYWluK2NhMB4XDTIy
+MDYwNjEzNDA0OVoXDTIzMDYwNjEzNDA0OVowbTELMAkGA1UEBhMCQ1oxEDAOBgNV
+BAgTB01vcmF2aWExDTALBgNVBAcTBEJybm8xEDAOBgNVBAoTB1JlZCBIYXQxDDAK
+BgNVBAsTA0dTUzEdMBsGA1UEAxMUcnN5c2xvZytjaGFpbitzZXJ2ZXIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3mDP67/SPVbCCgInxXNr9sOLz2yWx
+fa4jtgdbgWK5mib4XdPYTdH6hRiur/n6yn9rzhDeFFMUhSwQpQ81OyZfUFNU0A0q
+x7AZMgVOm3ZqMDk8O57UfuSdURJJPsEwMzZ8Q5d6wyq7xheX0DZjB8LUN8J6SX4w
+K2Ok1wCBOQdfjvW09tOVqQK7puHq85UWsEBTiZ7ie1Fg6FLNscPVoavjNNyYAORM
+Vz0Byv1zBdJzBHufqHUdjX7uMkUPcKfiU/TjQWMRYF3Yp5z2wFohi4Zgtise7xW5
+SfgcAIjA1bm5xMIaiUxRUZHUhCaoj6c2vZygrFO7MuB/2ngoEbqZ57pdAgMBAAGj
+gYMwgYAwDAYDVR0TAQH/BAIwADAwBgNVHREEKTAnggZmZWRvcmGHBH8AAAGBF3Jv
+b3RAZmVkb3JhdGxzd3d3c2VydmVyMB0GA1UdDgQWBBRxxQqJoRCHlrmwDLcB0aU3
+W/QRbDAfBgNVHSMEGDAWgBQ7t+ub2L0VzaTLfpubh4rnDk2RmjANBgkqhkiG9w0B
+AQsFAAOCAYEAkheMCnXNDh2fOhMyOifBFKqlUUsYzZoYU5UNweZijdKAKxJ4zdsS
+i31a2IG4ePBPX7PShUUr2E1PEQ2XBDi/HcCoK54qcqzhxGS83Rf/2YxN4BjU8jaA
+7RhIA0fv5haKxxhjRIDT6vsAXPB0HM/f3Y+E21GVbsQVUE1pP8QrDkcU0EwIjEfW
+tFEBitmb0s/11d8/ZLdYAuvvfzDzuN9kuAcj5dkdpB5Wo9R3h2NXnD6EIWIUHn/I
+zwgXdb/n9gUI6jQMC6shFjXScVT2jgjfziWi/M66PBbtEbEnhOEKdbW0o2lPiL3j
+2UDj6fMshRBAnSoBtEYm/lywBs3vDUGpMUSQFIAwPgUkizAl5DEdmE9PLqRL9HNT
+UIg8tQql9Xr29edEiuMHpIyH8eEa+KI2CpKG3KfYDBMaC7z9MvkpYuSuIG3dsQxy
+YguWDH7c0iosQVpHx8dxj5Exj1/QOXcD5tAVY/+DBe48nRzDTlZmRGQjtqr6Nw0j
+BIXBoqaes0D4
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFBzCCA2+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJDWjEQ
+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh
+dDEMMAoGA1UECxMDR1NTMR0wGwYDVQQDExRyc3lzbG9nK2NoYWluK2Nhcm9vdDAe
+Fw0yMjA2MDYxMzQwNDlaFw0yMzA2MDYxMzQwNDlaMGkxCzAJBgNVBAYTAkNaMRAw
+DgYDVQQIEwdNb3JhdmlhMQ0wCwYDVQQHEwRCcm5vMRAwDgYDVQQKEwdSZWQgSGF0
+MQwwCgYDVQQLEwNHU1MxGTAXBgNVBAMTEHJzeXNsb2crY2hhaW4rY2EwggGiMA0G
+CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQD6yDdc9T3oddk5smOhF8OkRXwb2nvC
+M4RPPiuiACvbVoc3UdW2e4NI77J75JzNQL3gQUpgxGcvWiQt3R67ecYgIWiq0zpi
+MrcU3S0dboK10A6NXtcVc4RgwUPf0c8toM975c/6q2XT9Q0SbcI7HKXdzTXQZJDz
+sqQ3UjJuoCLSl6Dd8M0HXJnd2HlF1h5JeIp5vGrCJzQ5SyO6b4jVODtx/uXBohGn
+2x8NdB7wO5NecDyryrwv+FsUXWS4NNmj917bBuXSx3SmW/G7e8AFvcHN8VG6AxH7
+nap+EWGQia+LNG489flgU3U7Ec8zpTrI1wU6bUi6lK/RPxU0ViCaceGjXfoNofIc
+gGJOSS0LaHjM+c4OhmKWrIJ59j2L/rlIvmfqRO3qgThF4eaOfQTbixe/oiy3gR85
++X6YDXvBwTGZDD6OeG1fCzx/snQLiP3/dRv6LJFE8Krawc9OCOWRDRlIxubrkmYz
+LVBxcFgI4BBGNYVsaMSYrkCVaS2Rv1sNAi0CAwEAAaOBtTCBsjAPBgNVHRMBAf8E
+BTADAQH/MCQGA1UdEQQdMBuCBmZlZG9yYYcEfwAAAYELcm9vdEBmZWRvcmEwDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ7t+ub2L0VzaTLfpubh4rnDk2RmjAfBgNV
+HSMEGDAWgBSv9FgWjwDV6oGLewYzCo2/AdWTmzApBgNVHR8EIjAgMB6gHKAahhho
+dHRwOi8vMTI3LjAuMC4xL2dldGNybC8wDQYJKoZIhvcNAQELBQADggGBADrv9nld
+FjKZCIVQCVxYc1/KFFnKo2KRCqvSdfb235Kx+5tSFWUsOfkSGjfLrv2+IFKSirFQ
+uFSac/qOrMo/W/4A+ypahG9Sx9PRD626/myr8exee2ygkcuGOuXvX3HkcpzNCmId
+ZS5ygtscFq3NdntwBJHe2ANOSJKIIBzC+gzn4r/V6PdxPEjiUrFs515/RBByi63r
+wWPeqvbaectyZyFIS0XN3LAjVb+zu0NQJqBpUGJlRBI1bRbPECu94LB8Huk/jgSJ
+OyFUKrnNeqaGqKnRfHxJxT/LjeTkQ/5cCOQTuE9IPbRvTykUzUQ3PrltwNqzAb44
+9Trqvqg+qGTfNuI7EZAO26zXbltYVZ+BmlULjKors49Ozq5l1JIevvq66etrE9oT
+DsII88MSIWn8bqaXETfKdIWtWu7Os7tmBTnfDQWGpNDJ3UwDpkyQPYJZJuSfELX0
+jpuWuE/1SbLxTx8eAe83z4yM3C21Kg5K2eJ0udagjM8xPdqYI8tF/4bNbA==
+-----END CERTIFICATE-----
diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-key.pem rsyslog-8.2102.0/tests/testsuites/certchain/server-key.pem
--- rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-key.pem 1970-01-01 01:00:00.000000000 +0100
+++ rsyslog-8.2102.0/tests/testsuites/certchain/server-key.pem 2022-09-06 12:10:28.635549755 +0200
@@ -0,0 +1,133 @@
+Public Key Info:
+ Public Key Algorithm: RSA
+ Key Security Level: Medium (2048 bits)
+
+modulus:
+ 00:b7:98:33:fa:ef:f4:8f:55:b0:82:80:89:f1:5c:da
+ fd:b0:e2:f3:db:25:b1:7d:ae:23:b6:07:5b:81:62:b9
+ 9a:26:f8:5d:d3:d8:4d:d1:fa:85:18:ae:af:f9:fa:ca
+ 7f:6b:ce:10:de:14:53:14:85:2c:10:a5:0f:35:3b:26
+ 5f:50:53:54:d0:0d:2a:c7:b0:19:32:05:4e:9b:76:6a
+ 30:39:3c:3b:9e:d4:7e:e4:9d:51:12:49:3e:c1:30:33
+ 36:7c:43:97:7a:c3:2a:bb:c6:17:97:d0:36:63:07:c2
+ d4:37:c2:7a:49:7e:30:2b:63:a4:d7:00:81:39:07:5f
+ 8e:f5:b4:f6:d3:95:a9:02:bb:a6:e1:ea:f3:95:16:b0
+ 40:53:89:9e:e2:7b:51:60:e8:52:cd:b1:c3:d5:a1:ab
+ e3:34:dc:98:00:e4:4c:57:3d:01:ca:fd:73:05:d2:73
+ 04:7b:9f:a8:75:1d:8d:7e:ee:32:45:0f:70:a7:e2:53
+ f4:e3:41:63:11:60:5d:d8:a7:9c:f6:c0:5a:21:8b:86
+ 60:b6:2b:1e:ef:15:b9:49:f8:1c:00:88:c0:d5:b9:b9
+ c4:c2:1a:89:4c:51:51:91:d4:84:26:a8:8f:a7:36:bd
+ 9c:a0:ac:53:bb:32:e0:7f:da:78:28:11:ba:99:e7:ba
+ 5d:
+
+public exponent:
+ 01:00:01:
+
+private exponent:
+ 68:06:20:25:a5:82:0f:18:c1:3b:20:33:88:83:51:3d
+ 7e:d5:08:d0:79:a9:f8:89:0b:88:de:e0:55:0e:28:15
+ 94:d1:12:f0:ae:55:61:8d:2d:8e:8f:a3:fb:e2:c2:8b
+ b1:fc:7f:08:25:c1:f1:15:87:a3:22:b2:dc:39:58:83
+ 96:d2:b0:72:75:93:70:b3:71:83:2b:08:a0:03:57:25
+ 5d:b8:a8:1b:55:51:54:9d:62:4b:17:1f:2c:7c:ef:f7
+ 86:2f:12:0c:27:ba:f5:cb:c6:a0:69:03:f7:d6:74:e8
+ a3:73:58:b0:7d:84:33:81:70:eb:b5:48:82:94:8f:ea
+ 4c:c7:9c:58:02:90:68:b1:64:29:df:a8:8a:69:15:d4
+ 49:21:2f:aa:25:f1:e7:10:8b:93:37:ca:51:d3:4e:d6
+ de:cf:60:04:6b:10:41:1b:f5:0f:be:b7:2a:cd:41:44
+ 50:25:be:e5:57:60:1e:3e:e9:d7:70:86:68:a6:4f:3d
+ 7d:d8:0e:7f:9b:de:de:e6:02:35:33:9f:b6:68:bb:cd
+ 2f:33:69:09:9e:da:91:6b:16:89:db:14:20:59:3a:92
+ 7e:78:4e:e1:02:3f:c8:a5:3f:bd:f2:bc:3a:da:f2:97
+ 06:f5:96:eb:c8:09:f7:04:cb:7f:e2:e2:12:52:d4:21
+
+
+prime1:
+ 00:ed:e4:b8:72:ee:b0:9e:38:db:f8:e7:fa:52:a5:94
+ 4a:4b:05:54:f0:96:23:72:d6:01:ba:9f:f4:3e:65:24
+ 29:c0:47:4a:6f:a9:a4:02:36:c5:2c:c5:ea:cd:09:5c
+ 2d:8e:3c:56:aa:e4:e7:85:32:a8:a7:4f:18:12:17:8c
+ 93:15:07:da:3e:f4:df:33:7e:35:39:59:2d:f4:1c:ba
+ 65:e8:42:c7:75:a0:c2:53:47:ad:ee:74:44:21:6a:42
+ 75:7f:40:1f:8b:06:0e:df:c3:02:4d:50:58:75:f2:29
+ 58:e2:0c:a0:7b:fe:be:c4:ab:76:ff:24:c1:4b:e6:ce
+ 75:
+
+prime2:
+ 00:c5:91:7c:48:59:dd:05:68:5c:8a:46:0b:3b:69:92
+ 80:d1:c6:28:27:88:c8:a9:73:7c:32:ee:87:a7:31:29
+ ff:56:38:41:07:3e:0f:01:5c:cf:eb:93:db:e7:fb:b9
+ e7:15:94:93:ea:fa:f8:60:79:c6:16:d2:db:9b:64:5f
+ c3:b8:f0:52:c0:e7:ff:e0:9a:94:22:fb:7e:5e:80:8f
+ c0:ca:46:f4:87:91:e7:ad:6d:74:26:d1:fa:c0:f8:f5
+ 7e:b3:0c:bb:23:5e:7d:5d:8b:c9:2e:68:76:be:d4:b4
+ 75:de:3c:70:70:ad:1e:64:de:e4:1d:f7:df:af:46:0f
+ 49:
+
+coefficient:
+ 00:89:f1:2c:f9:14:89:25:21:7a:ad:75:30:f0:b1:e7
+ 20:b3:14:14:d7:c9:b6:78:3c:c7:c8:92:3a:64:8e:47
+ d0:10:fc:01:a9:a6:25:a5:61:6d:8f:da:d4:85:fa:06
+ 9f:a5:27:a8:7d:38:e2:67:19:65:ab:a9:00:52:8c:f3
+ 51:fe:f9:a6:4f:ab:47:04:0a:86:ae:f0:fe:3d:2d:72
+ 76:6d:ad:03:48:af:23:67:92:28:34:83:bc:45:7d:c0
+ 45:ca:89:4a:4f:dd:11:a6:3a:5a:23:47:f4:7c:82:42
+ dc:e8:56:85:d8:1b:9d:08:9c:6e:ca:17:58:d7:d4:bb
+ 77:
+
+exp1:
+ 21:50:b8:ac:0f:d5:58:33:2a:4b:2f:61:95:15:6f:31
+ 00:54:9c:d2:9c:94:16:4e:f6:2b:06:9f:93:e5:62:2d
+ 1e:aa:5d:38:4a:0f:97:e7:c7:b1:3f:7e:64:7c:7d:16
+ 3c:27:23:14:07:be:8c:9e:cd:93:b0:b5:f4:42:ac:03
+ 25:1c:d6:69:9e:ad:6b:6e:af:51:7a:b5:be:cc:0f:26
+ 9a:62:4f:c0:9f:64:d7:78:e0:58:d6:9b:7b:fa:7f:98
+ 28:db:f8:0e:e6:28:4b:19:ea:46:9d:8b:e5:e8:a5:f5
+ b6:a2:82:0f:1b:5b:e7:fb:03:4d:33:fe:85:fc:aa:c9
+
+
+exp2:
+ 59:36:db:22:68:c1:ef:a1:32:b8:95:ec:98:85:91:cc
+ 6d:ed:c7:50:22:ea:49:ea:86:59:11:71:5c:44:4d:2c
+ aa:28:78:e4:e6:57:2c:4c:56:ef:90:33:2b:4c:76:a4
+ 2d:10:8c:c2:fd:55:8f:6b:2d:d2:3c:a1:42:48:4f:1e
+ 38:b2:fd:0b:73:38:0e:9a:7e:ee:55:16:b9:61:e0:88
+ 34:4f:5a:38:a5:e0:32:66:4c:9f:03:0e:f2:78:f9:92
+ 9f:13:ce:a5:a8:13:80:5c:91:1a:4d:bd:e1:6a:77:9b
+ 0a:21:cc:bc:74:d0:56:c8:77:c6:38:9a:5f:b1:89:51
+
+
+
+Public Key PIN:
+ pin-sha256:FSR0pC1TUEe+ZMU7YSVDDmYP4hmDlsIJRKf4D8LiJZ8=
+Public Key ID:
+ sha256:152474a42d535047be64c53b6125430e660fe2198396c20944a7f80fc2e2259f
+ sha1:71c50a89a1108796b9b00cb701d1a5375bf4116c
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAt5gz+u/0j1WwgoCJ8Vza/bDi89slsX2uI7YHW4FiuZom+F3T
+2E3R+oUYrq/5+sp/a84Q3hRTFIUsEKUPNTsmX1BTVNANKsewGTIFTpt2ajA5PDue
+1H7knVESST7BMDM2fEOXesMqu8YXl9A2YwfC1DfCekl+MCtjpNcAgTkHX471tPbT
+lakCu6bh6vOVFrBAU4me4ntRYOhSzbHD1aGr4zTcmADkTFc9Acr9cwXScwR7n6h1
+HY1+7jJFD3Cn4lP040FjEWBd2Kec9sBaIYuGYLYrHu8VuUn4HACIwNW5ucTCGolM
+UVGR1IQmqI+nNr2coKxTuzLgf9p4KBG6mee6XQIDAQABAoIBAGgGICWlgg8YwTsg
+M4iDUT1+1QjQean4iQuI3uBVDigVlNES8K5VYY0tjo+j++LCi7H8fwglwfEVh6Mi
+stw5WIOW0rBydZNws3GDKwigA1clXbioG1VRVJ1iSxcfLHzv94YvEgwnuvXLxqBp
+A/fWdOijc1iwfYQzgXDrtUiClI/qTMecWAKQaLFkKd+oimkV1EkhL6ol8ecQi5M3
+ylHTTtbez2AEaxBBG/UPvrcqzUFEUCW+5VdgHj7p13CGaKZPPX3YDn+b3t7mAjUz
+n7Zou80vM2kJntqRaxaJ2xQgWTqSfnhO4QI/yKU/vfK8Otrylwb1luvICfcEy3/i
+4hJS1CECgYEA7eS4cu6wnjjb+Of6UqWUSksFVPCWI3LWAbqf9D5lJCnAR0pvqaQC
+NsUsxerNCVwtjjxWquTnhTKop08YEheMkxUH2j703zN+NTlZLfQcumXoQsd1oMJT
+R63udEQhakJ1f0AfiwYO38MCTVBYdfIpWOIMoHv+vsSrdv8kwUvmznUCgYEAxZF8
+SFndBWhcikYLO2mSgNHGKCeIyKlzfDLuh6cxKf9WOEEHPg8BXM/rk9vn+7nnFZST
+6vr4YHnGFtLbm2Rfw7jwUsDn/+CalCL7fl6Aj8DKRvSHkeetbXQm0frA+PV+swy7
+I159XYvJLmh2vtS0dd48cHCtHmTe5B33369GD0kCgYAhULisD9VYMypLL2GVFW8x
+AFSc0pyUFk72Kwafk+ViLR6qXThKD5fnx7E/fmR8fRY8JyMUB76Mns2TsLX0QqwD
+JRzWaZ6ta26vUXq1vswPJppiT8CfZNd44FjWm3v6f5go2/gO5ihLGepGnYvl6KX1
+tqKCDxtb5/sDTTP+hfyqyQKBgFk22yJowe+hMriV7JiFkcxt7cdQIupJ6oZZEXFc
+RE0sqih45OZXLExW75AzK0x2pC0QjML9VY9rLdI8oUJITx44sv0LczgOmn7uVRa5
+YeCINE9aOKXgMmZMnwMO8nj5kp8TzqWoE4BckRpNveFqd5sKIcy8dNBWyHfGOJpf
+sYlRAoGBAInxLPkUiSUheq11MPCx5yCzFBTXybZ4PMfIkjpkjkfQEPwBqaYlpWFt
+j9rUhfoGn6UnqH044mcZZaupAFKM81H++aZPq0cECoau8P49LXJ2ba0DSK8jZ5Io
+NIO8RX3ARcqJSk/dEaY6WiNH9HyCQtzoVoXYG50InG7KF1jX1Lt3
+-----END RSA PRIVATE KEY-----

195
SOURCES/rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch
View File

@ -1,195 +0,0 @@
diff -up rsyslog-8.2102.0/configure.ac.orig rsyslog-8.2102.0/configure.ac
--- rsyslog-8.2102.0/configure.ac.orig 2022-11-21 11:39:40.717183684 +0100
+++ rsyslog-8.2102.0/configure.ac 2022-11-21 11:40:18.697206706 +0100
@@ -387,6 +387,28 @@ if test "$enable_fmhash_xxhash" = "yes";
])
fi
+AC_ARG_ENABLE(libcap-ng,
+ [AS_HELP_STRING([--enable-libcap-ng],[Enable dropping capabilities to only the necessary set @<:@default=no@:>@])],
+ [case "${enableval}" in
+ yes) enable_libcapng="yes" ;;
+ no) enable_libcapng="no" ;;
+ *) AC_MSG_ERROR(bad value ${enableval} for --enable_libcapng) ;;
+ esac],
+ [enable_libcapng=no]
+)
+
+if test "$enable_libcapng" = "yes"; then
+ PKG_CHECK_MODULES(
+ [LIBCAPNG],
+ [libcap-ng >= 0.8.2],
+ [AC_DEFINE([ENABLE_LIBCAPNG], [1], [Indicator that libcap-ng is present])],
+ [AC_MSG_ERROR(libcap-ng is not present.)]
+ )
+ CFLAGS="$CFLAGS $LIBCAPNG_CFLAGS"
+ LIBS="$LIBS $LIBCAPNG_LIBS"
+fi
+
+
#gssapi
AC_ARG_ENABLE(gssapi_krb5,
@@ -2688,6 +2710,7 @@ echo " liblogging-stdlog support enab
echo " libsystemd enabled: $enable_libsystemd"
echo " kafka static linking enabled: $enable_kafka_static"
echo " atomic operations enabled: $enable_atomic_operations"
+echo " libcap-ng support enabled: $enable_libcapng"
echo
echo "---{ input plugins }---"
if test "$unamestr" != "AIX"; then
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2022-11-21 11:40:31.926214720 +0100
+++ rsyslog-8.2102.0/runtime/rsconf.c 2022-11-21 11:44:26.742356979 +0100
@@ -33,6 +33,9 @@
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/stat.h>
+#ifdef ENABLE_LIBCAPNG
+ #include <cap-ng.h>
+#endif
#include "rsyslog.h"
#include "obj.h"
@@ -546,6 +549,7 @@ rsRetVal doDropPrivGid(void)
uchar szBuf[1024];
DEFiRet;
+#ifndef ENABLE_LIBCAPNG
if(!ourConf->globals.gidDropPrivKeepSupplemental) {
res = setgroups(0, NULL); /* remove all supplemental group IDs */
if(res) {
@@ -560,9 +564,19 @@ rsRetVal doDropPrivGid(void)
if(res) {
rs_strerror_r(errno, (char*)szBuf, sizeof(szBuf));
LogError(0, RS_RET_ERR_DROP_PRIV,
- "could not set requested group id: %s", szBuf);
+ "could not set requested group id: %s via setgid()", szBuf);
ABORT_FINALIZE(RS_RET_ERR_DROP_PRIV);
}
+#else
+ int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
+ res = capng_change_id(-1, ourConf->globals.gidDropPriv, capng_flags);
+ if (res) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not set requested group id %d via capng_change_id()", ourConf->globals.gidDropPriv);
+ ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR);
+ }
+#endif
+
DBGPRINTF("setgid(%d): %d\n", ourConf->globals.gidDropPriv, res);
snprintf((char*)szBuf, sizeof(szBuf), "rsyslogd's groupid changed to %d",
ourConf->globals.gidDropPriv);
@@ -599,7 +613,14 @@ static void doDropPrivUid(int iUid)
iUid, szBuf);
}
+#ifndef ENABLE_LIBCAPNG
res = setuid(iUid);
+ // res = setuid(cnf->globals.uidDropPriv);
+#else
+ int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
+ res = capng_change_id(iUid, -1, capng_flags);
+#endif
+
if(res) {
/* if we can not set the userid, this is fatal, so let's unconditionally abort */
perror("could not set requested userid");
diff -up rsyslog-8.2102.0/runtime/rsyslog.h.orig rsyslog-8.2102.0/runtime/rsyslog.h
--- rsyslog-8.2102.0/runtime/rsyslog.h.orig 2022-11-21 11:45:09.007382588 +0100
+++ rsyslog-8.2102.0/runtime/rsyslog.h 2022-11-21 11:45:31.333396112 +0100
@@ -582,6 +582,7 @@ enum rsRetVal_ /** return value. All
RS_RET_RABBITMQ_CHANNEL_ERR = -2449, /**< RabbitMQ Connection error */
RS_RET_NO_WRKDIR_SET = -2450, /**< working directory not set, but desired by functionality */
RS_RET_ERR_QUEUE_FN_DUP = -2451, /**< duplicate queue file name */
+ RS_RET_LIBCAPNG_ERR = -2455, /**< error during dropping the capabilities */
/* RainerScript error messages (range 1000.. 1999) */
RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2022-11-21 11:45:17.587387786 +0100
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2022-11-21 11:46:19.509425295 +0100
@@ -38,6 +38,10 @@
# include <systemd/sd-daemon.h>
#endif
+#ifdef ENABLE_LIBCAPNG
+ #include <cap-ng.h>
+#endif
+
#include "rsyslog.h"
#include "wti.h"
#include "ratelimit.h"
@@ -321,7 +325,7 @@ checkStartupOK(void)
fprintf(stderr, "rsyslogd: error reading pid file, cannot start up\n");
ABORT_FINALIZE(RS_RET_ERR);
}
-
+
/* ok, we got a pid, let's check if the process is running */
const pid_t pid = (pid_t) pf_pid;
if(kill(pid, 0) == 0 || errno != ESRCH) {
@@ -1594,7 +1598,7 @@ initAll(int argc, char **argv)
localRet = RS_RET_OK;
}
CHKiRet(localRet);
-
+
CHKiRet(rsyslogd_InitStdRatelimiters());
if(bChDirRoot) {
@@ -2019,7 +2023,7 @@ deinitAll(void)
/* close the inputs */
DBGPRINTF("Terminating input threads...\n");
glbl.SetGlobalInputTermination();
-
+
thrdTerminateAll();
/* and THEN send the termination log message (see long comment above) */
@@ -2142,6 +2146,45 @@ main(int argc, char **argv)
if(log_dflt != NULL && !strcmp(log_dflt, "1"))
bProcessInternalMessages = 1;
dbgClassInit();
+
+#ifdef ENABLE_LIBCAPNG
+ /*
+ * Drop capabilities to the necessary set
+ */
+ int capng_rc;
+ capng_clear(CAPNG_SELECT_BOTH);
+
+ if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+ CAP_BLOCK_SUSPEND,
+ CAP_CHOWN,
+ CAP_IPC_LOCK,
+ CAP_LEASE,
+ CAP_NET_ADMIN,
+ CAP_NET_BIND_SERVICE,
+ CAP_PERFMON,
+ CAP_SETGID,
+ CAP_SETUID,
+ CAP_SYS_ADMIN,
+ CAP_SYS_CHROOT,
+ CAP_SYS_RESOURCE,
+ CAP_SYSLOG,
+ -1
+ )) != 0) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not update the internal posix capabilities settings "
+ "based on the options passed to it, capng_updatev=%d\n", capng_rc);
+ exit(-1);
+ }
+
+ if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not transfer the specified internal posix capabilities "
+ "settings to the kernel, capng_apply=%d\n", capng_rc);
+ exit(-1);
+ }
+ DBGPRINTF("Capabilities were dropped successfully\n");
+#endif
+
initAll(argc, argv);
#ifdef HAVE_LIBSYSTEMD
sd_notify(0, "READY=1");

12
SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
View File

@ -1,12 +0,0 @@
diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2023-05-19 10:32:32.467826852 +0200
+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2023-05-19 10:33:34.426902983 +0200
@@ -452,6 +452,8 @@ readjournal(void)
/* Get message identifier, client pid and add ':' */
if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
+ } else if (journalGetData("_COMM", &get, &length) >= 0) {
+ CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden));
} else {
CHKmalloc(sys_iden = strdup(cs.dfltTag));
}

20
SOURCES/rsyslog-8.2102.0-rhbz2157658-imklog.patch
View File

@ -1,20 +0,0 @@
diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c
index 6c24b5a2db..78cfc3bae2 100644
--- a/plugins/imklog/imklog.c
+++ b/plugins/imklog/imklog.c
@@ -453,6 +453,7 @@ ENDactivateCnf
BEGINfreeCnf
CODESTARTfreeCnf
+ free(pModConf->pszBindRuleset);
ENDfreeCnf
@@ -475,7 +476,6 @@ CODESTARTmodExit
if(pInputName != NULL)
prop.Destruct(&pInputName);
- free(runModConf->pszBindRuleset);
/* release objects we used */
objRelease(glbl, CORE_COMPONENT);
objRelease(net, CORE_COMPONENT);

72
SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
View File

@ -1,72 +0,0 @@
diff -up rsyslog-8.2102.0/parse.h.orig rsyslog-8.2102.0/parse.h
--- rsyslog-8.2102.0/parse.h.orig 2023-05-09 09:10:09.236597063 +0200
+++ rsyslog-8.2102.0/parse.h 2023-05-09 09:10:26.913608034 +0200
@@ -56,7 +56,7 @@ struct rsParsObject
rsObjID OID; /**< object ID */
#endif
cstr_t *pCStr; /**< pointer to the string object we are parsing */
- int iCurrPos; /**< current parsing position (char offset) */
+ size_t iCurrPos; /**< current parsing position (char offset) */
};
typedef struct rsParsObject rsParsObj;
diff -up rsyslog-8.2102.0/runtime/stream.c.orig rsyslog-8.2102.0/runtime/stream.c
--- rsyslog-8.2102.0/runtime/stream.c.orig 2023-05-09 09:10:34.122612508 +0200
+++ rsyslog-8.2102.0/runtime/stream.c 2023-05-09 09:12:47.934640583 +0200
@@ -1071,7 +1071,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t
cstr_t *thisLine = NULL;
rsRetVal readCharRet;
const time_t tCurr = pThis->readTimeout ? getTime(NULL) : 0;
- int maxMsgSize = glblGetMaxLine();
+ size_t maxMsgSize = glblGetMaxLine();
DEFiRet;
do {
@@ -1132,9 +1132,9 @@ strmReadMultiLine(strm_t *pThis, cstr_t
}
- int currLineLen = cstrLen(thisLine);
+ size_t currLineLen = cstrLen(thisLine);
if(currLineLen > 0) {
- int len;
+ size_t len;
if((len = cstrLen(pThis->prevMsgSegment) + currLineLen) <
maxMsgSize) {
CHKiRet(cstrAppendCStr(pThis->prevMsgSegment, thisLine));
@@ -1144,7 +1144,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t
len = 0;
} else {
len = currLineLen-(len-maxMsgSize);
- for(int z=0; z<len; z++) {
+ for(size_t z=0; z<len; z++) {
cstrAppendChar(pThis->prevMsgSegment,
thisLine->pBuf[z]);
}
diff -up rsyslog-8.2102.0/runtime/stringbuf.c.orig rsyslog-8.2102.0/runtime/stringbuf.c
--- rsyslog-8.2102.0/runtime/stringbuf.c.orig 2023-05-09 09:09:37.627577446 +0200
+++ rsyslog-8.2102.0/runtime/stringbuf.c 2023-05-09 09:09:59.061590749 +0200
@@ -474,7 +474,7 @@ finalize_it:
* This is due to performance reasons.
*/
#ifndef NDEBUG
-int cstrLen(cstr_t *pThis)
+size_t cstrLen(cstr_t *pThis)
{
rsCHECKVALIDOBJECT(pThis, OIDrsCStr);
return(pThis->iStrLen);
diff -up rsyslog-8.2102.0/runtime/stringbuf.h.orig rsyslog-8.2102.0/runtime/stringbuf.h
--- rsyslog-8.2102.0/runtime/stringbuf.h.orig 2023-05-09 09:08:05.199520082 +0200
+++ rsyslog-8.2102.0/runtime/stringbuf.h 2023-05-09 09:09:26.924570803 +0200
@@ -144,9 +144,9 @@ rsRetVal cstrAppendCStr(cstr_t *pThis, c
/* now come inline-like functions */
#ifdef NDEBUG
-# define cstrLen(x) ((int)((x)->iStrLen))
+# define cstrLen(x) ((size_t)((x)->iStrLen))
#else
- int cstrLen(cstr_t *pThis);
+ size_t cstrLen(cstr_t *pThis);
#endif
#define rsCStrLen(s) cstrLen((s))

37
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch
View File

@ -1,37 +0,0 @@
diff -up rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c
--- rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig 2023-05-11 14:14:39.778187570 +0200
+++ rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c 2023-05-11 14:15:36.254234445 +0200
@@ -232,7 +232,11 @@ static rsRetVal curlSetup(wrkrInstanceDa
BEGINcreateInstance
CODESTARTcreateInstance
pData->fdErrFile = -1;
- pthread_mutex_init(&pData->mutErrFile, NULL);
+ if(pthread_mutex_init(&pData->mutErrFile, NULL) != 0) {
+ LogError(errno, RS_RET_ERR, "omelasticsearch: cannot create "
+ "error file mutex, failing this action");
+ ABORT_FINALIZE(RS_RET_ERR);
+ }
pData->caCertFile = NULL;
pData->myCertFile = NULL;
pData->myPrivKeyFile = NULL;
@@ -240,6 +244,7 @@ CODESTARTcreateInstance
pData->retryRulesetName = NULL;
pData->retryRuleset = NULL;
pData->rebindInterval = DEFAULT_REBIND_INTERVAL;
+finalize_it:
ENDcreateInstance
BEGINcreateWrkrInstance
@@ -2165,10 +2170,12 @@ ENDfreeCnf
BEGINdoHUP
CODESTARTdoHUP
+ pthread_mutex_lock(&pData->mutErrFile);
if(pData->fdErrFile != -1) {
close(pData->fdErrFile);
pData->fdErrFile = -1;
}
+ pthread_mutex_unlock(&pData->mutErrFile);
ENDdoHUP

54
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch
View File

@ -1,54 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index 0808c6054e..d7d6c68e60 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -116,6 +116,7 @@ typedef struct instanceConf_s {
uchar **serverBaseUrls;
int numServers;
long healthCheckTimeout;
+ long indexTimeout;
uchar *uid;
uchar *pwd;
uchar *authBuf;
@@ -187,6 +188,7 @@ static struct cnfparamdescr actpdescr[] = {
{ "server", eCmdHdlrArray, 0 },
{ "serverport", eCmdHdlrInt, 0 },
{ "healthchecktimeout", eCmdHdlrInt, 0 },
+ { "indextimeout", eCmdHdlrInt, 0 },
{ "uid", eCmdHdlrGetWord, 0 },
{ "pwd", eCmdHdlrGetWord, 0 },
{ "searchindex", eCmdHdlrGetWord, 0 },
@@ -355,6 +357,7 @@ CODESTARTdbgPrintInstInfo
dbgprintf("\ttemplate='%s'\n", pData->tplName);
dbgprintf("\tnumServers=%d\n", pData->numServers);
dbgprintf("\thealthCheckTimeout=%lu\n", pData->healthCheckTimeout);
+ dbgprintf("\tindexTimeout=%lu\n", pData->indexTimeout);
dbgprintf("\tserverBaseUrls=");
for(i = 0 ; i < pData->numServers ; ++i)
dbgprintf("%c'%s'", i == 0 ? '[' : ' ', pData->serverBaseUrls[i]);
@@ -1768,6 +1771,8 @@ curlPostSetup(wrkrInstanceData_t *const pWrkrData)
PTR_ASSERT_SET_TYPE(pWrkrData, WRKR_DATA_TYPE_ES);
curlSetupCommon(pWrkrData, pWrkrData->curlPostHandle);
curl_easy_setopt(pWrkrData->curlPostHandle, CURLOPT_POST, 1);
+ curl_easy_setopt(pWrkrData->curlPostHandle,
+ CURLOPT_TIMEOUT_MS, pWrkrData->pData->indexTimeout);
}
#define CONTENT_JSON "Content-Type: application/json; charset=utf-8"
@@ -1797,6 +1802,7 @@ setInstParamDefaults(instanceData *const pData)
pData->serverBaseUrls = NULL;
pData->defaultPort = 9200;
pData->healthCheckTimeout = 3500;
+ pData->indexTimeout = 0;
pData->uid = NULL;
pData->pwd = NULL;
pData->authBuf = NULL;
@@ -1865,6 +1871,8 @@ CODESTARTnewActInst
pData->defaultPort = (int) pvals[i].val.d.n;
} else if(!strcmp(actpblk.descr[i].name, "healthchecktimeout")) {
pData->healthCheckTimeout = (long) pvals[i].val.d.n;
+ } else if(!strcmp(actpblk.descr[i].name, "indextimeout")) {
+ pData->indexTimeout = (long) pvals[i].val.d.n;
} else if(!strcmp(actpblk.descr[i].name, "uid")) {
pData->uid = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(actpblk.descr[i].name, "pwd")) {

43
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch
View File

@ -1,43 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index 0808c6054e..ed9359732c 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -877,14 +877,6 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p
int i;
int numitems;
fjson_object *items=NULL, *jo_errors = NULL;
- int errors = 0;
-
- if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) {
- errors = fjson_object_get_boolean(jo_errors);
- if (!errors && pWrkrData->pData->retryFailures) {
- return RS_RET_OK;
- }
- }
/*iterate over items*/
if(!fjson_object_object_get_ex(replyRoot, "items", &items)) {
@@ -897,6 +889,15 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p
numitems = fjson_object_array_length(items);
+ int errors = 0;
+ if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) {
+ errors = fjson_object_get_boolean(jo_errors);
+ if (!errors && pWrkrData->pData->retryFailures) {
+ STATSCOUNTER_ADD(indexSuccess, mutIndexSuccess, numitems);
+ return RS_RET_OK;
+ }
+ }
+
if (reqmsg) {
DBGPRINTF("omelasticsearch: Entire request %s\n", reqmsg);
} else {
@@ -1267,6 +1268,7 @@ getDataRetryFailures(context *ctx,int itemStatus,char *request,char *response,
response);
}
}
+
need_free_omes = 0;
CHKiRet(msgAddJSON(msg, (uchar*)".omes", omes, 0, 0));
MsgSetRuleset(msg, ctx->retryRuleset);

148
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch
View File

@ -1,148 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index ed9359732c..8200403eaf 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -86,12 +86,14 @@ STATSCOUNTER_DEF(rebinds, mutRebinds)
static prop_t *pInputName = NULL;
# define META_STRT "{\"index\":{\"_index\": \""
-# define META_STRT_CREATE "{\"create\":{\"_index\": \""
+# define META_STRT_CREATE "{\"create\":{" /* \"_index\": \" */
+# define META_IX "\"_index\": \""
# define META_TYPE "\",\"_type\":\""
# define META_PIPELINE "\",\"pipeline\":\""
# define META_PARENT "\",\"_parent\":\""
# define META_ID "\", \"_id\":\""
# define META_END "\"}}\n"
+# define META_END_NOQUOTE " }}\n"
typedef enum {
ES_WRITE_INDEX,
@@ -362,8 +364,8 @@ CODESTARTdbgPrintInstInfo
dbgprintf("\tdefaultPort=%d\n", pData->defaultPort);
dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid);
dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : "");
- dbgprintf("\tsearch index='%s'\n", pData->searchIndex);
- dbgprintf("\tsearch type='%s'\n", pData->searchType);
+ dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex);
+ dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType);
dbgprintf("\tpipeline name='%s'\n", pData->pipelineName);
dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName);
dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty);
@@ -596,8 +598,8 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls,
}
done:
- assert(srchIndex != NULL);
- assert(srchType != NULL);
+ //assert(srchIndex != NULL);
+ //assert(srchType != NULL);
return;
}
@@ -633,9 +635,14 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
parent = NULL;
} else {
getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
- r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
- if(r == 0) r = es_addChar(&url, '/');
- if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType));
+ if(searchIndex != NULL) {
+ r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
+ if(r == 0) r = es_addChar(&url, '/');
+ if(searchType != NULL) {
+ if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType));
+ }
+ } else
+ r = 0;
if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
if(r == 0) r = es_addChar(&url, separator);
if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1);
@@ -692,7 +699,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
uchar *pipelineName;
getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
- r += ustrlen((char *)message) + ustrlen(searchIndex) + ustrlen(searchType);
+ r += ustrlen((char *)message);
+ if(searchIndex != NULL)
+ r += ustrlen(searchIndex);
+ if(searchType != NULL)
+ r += ustrlen(searchType);
if(parent != NULL) {
r += sizeof(META_PARENT)-1 + ustrlen(parent);
@@ -717,6 +728,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
{
int length = strlen((char *)message);
int r;
+ int endQuote = 1;
uchar *searchIndex = NULL;
uchar *searchType;
uchar *parent = NULL;
@@ -725,28 +737,43 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
DEFiRet;
getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
- if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE)
+ if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) {
r = es_addBuf(&pWrkrData->batch.data, META_STRT_CREATE, sizeof(META_STRT_CREATE)-1);
- else
+ endQuote = 0;
+ } else
r = es_addBuf(&pWrkrData->batch.data, META_STRT, sizeof(META_STRT)-1);
- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex,
+ if(searchIndex != NULL) {
+ endQuote = 1;
+ if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE)
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1);
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex,
ustrlen(searchIndex));
- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1);
- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType,
+ if(searchType != NULL) {
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1);
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType,
ustrlen(searchType));
+ }
+ }
if(parent != NULL) {
+ endQuote = 1;
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PARENT, sizeof(META_PARENT)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)parent, ustrlen(parent));
}
if(pipelineName != NULL && (!pWrkrData->pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
+ endQuote = 1;
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PIPELINE, sizeof(META_PIPELINE)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)pipelineName, ustrlen(pipelineName));
}
if(bulkId != NULL) {
+ endQuote = 1;
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_ID, sizeof(META_ID)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)bulkId, ustrlen(bulkId));
}
- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1);
+ if(endQuote == 0) {
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END_NOQUOTE, sizeof(META_END_NOQUOTE)-1);
+ } else {
+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1);
+ }
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)message, length);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, "\n", sizeof("\n")-1);
if(r != 0) {
@@ -2094,6 +2121,8 @@ CODESTARTnewActInst
CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls));
}
+ //Only needed befor ES-Version 7.x
+ /*
if(pData->searchIndex == NULL)
pData->searchIndex = (uchar*) strdup("system");
if(pData->searchType == NULL)
@@ -2104,6 +2133,7 @@ CODESTARTnewActInst
"omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation);
ABORT_FINALIZE(RS_RET_CONFIG_ERROR);
}
+ */
if (pData->retryFailures) {
CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL));

118
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch
View File

@ -1,118 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index 8200403eaf..8b74d610df 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -130,6 +130,7 @@ typedef struct instanceConf_s {
uchar *timeout;
uchar *bulkId;
uchar *errorFile;
+ int esVersion;
sbool errorOnly;
sbool interleaved;
sbool dynSrchIdx;
@@ -221,7 +222,8 @@ static struct cnfparamdescr actpdescr[] = {
{ "ratelimit.interval", eCmdHdlrInt, 0 },
{ "ratelimit.burst", eCmdHdlrInt, 0 },
{ "retryruleset", eCmdHdlrString, 0 },
- { "rebindinterval", eCmdHdlrInt, 0 }
+ { "rebindinterval", eCmdHdlrInt, 0 },
+ { "esversion.major", eCmdHdlrPositiveInt, 0 }
};
static struct cnfparamblk actpblk =
{ CNFPARAMBLK_VERSION,
@@ -246,6 +248,7 @@ CODESTARTcreateInstance
pData->retryRulesetName = NULL;
pData->retryRuleset = NULL;
pData->rebindInterval = DEFAULT_REBIND_INTERVAL;
+ pData->esVersion = 0;
finalize_it:
ENDcreateInstance
@@ -364,8 +367,10 @@ CODESTARTdbgPrintInstInfo
dbgprintf("\tdefaultPort=%d\n", pData->defaultPort);
dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid);
dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : "");
- dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex);
- dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType);
+ dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL
+ ? (uchar*)"(not configured)" : pData->searchIndex);
+ dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL
+ ? (uchar*)"(not configured)" : pData->searchType);
dbgprintf("\tpipeline name='%s'\n", pData->pipelineName);
dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName);
dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty);
@@ -598,8 +603,6 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls,
}
done:
- //assert(srchIndex != NULL);
- //assert(srchType != NULL);
return;
}
@@ -700,11 +703,12 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
r += ustrlen((char *)message);
- if(searchIndex != NULL)
- r += ustrlen(searchIndex);
- if(searchType != NULL)
- r += ustrlen(searchType);
-
+ if(searchIndex != NULL) {
+ r += ustrlen(searchIndex);
+ }
+ if(searchType != NULL) {
+ r += ustrlen(searchType);
+ }
if(parent != NULL) {
r += sizeof(META_PARENT)-1 + ustrlen(parent);
}
@@ -728,7 +732,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
{
int length = strlen((char *)message);
int r;
- int endQuote = 1;
+ int endQuote = 1;
uchar *searchIndex = NULL;
uchar *searchType;
uchar *parent = NULL;
@@ -1990,6 +1994,8 @@ CODESTARTnewActInst
pData->retryRulesetName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(actpblk.descr[i].name, "rebindinterval")) {
pData->rebindInterval = (int) pvals[i].val.d.n;
+ } else if(!strcmp(actpblk.descr[i].name, "esversion.major")) {
+ pData->esVersion = pvals[i].val.d.n;
} else {
LogError(0, RS_RET_INTERNAL_ERROR, "omelasticsearch: program error, "
"non-handled param '%s'", actpblk.descr[i].name);
@@ -2121,19 +2127,18 @@ CODESTARTnewActInst
CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls));
}
- //Only needed befor ES-Version 7.x
- /*
- if(pData->searchIndex == NULL)
- pData->searchIndex = (uchar*) strdup("system");
- if(pData->searchType == NULL)
- pData->searchType = (uchar*) strdup("events");
+ if(pData->esVersion < 8) {
+ if(pData->searchIndex == NULL)
+ pData->searchIndex = (uchar*) strdup("system");
+ if(pData->searchType == NULL)
+ pData->searchType = (uchar*) strdup("events");
- if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) {
- LogError(0, RS_RET_CONFIG_ERROR,
- "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation);
- ABORT_FINALIZE(RS_RET_CONFIG_ERROR);
+ if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) {
+ LogError(0, RS_RET_CONFIG_ERROR,
+ "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation);
+ ABORT_FINALIZE(RS_RET_CONFIG_ERROR);
+ }
}
- */
if (pData->retryFailures) {
CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL));

40
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch
View File

@ -1,40 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index 76d5081d3b..f481ec3f7e 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -620,6 +620,8 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
uchar *parent;
uchar *bulkId;
char* baseUrl;
+ /* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */
+ uchar* actualSearchType = (uchar*)"_doc";
es_str_t *url;
int r;
DEFiRet;
@@ -645,11 +647,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
if(searchIndex != NULL) {
r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
if(r == 0) r = es_addChar(&url, '/');
- if(searchType != NULL) {
- if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType));
- }
- } else
- r = 0;
+
+ if(searchType != NULL) {
+ actualSearchType = searchType;
+ }
+ if(r == 0) r = es_addChar(&url, '/');
+ if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType));
if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
if(r == 0) r = es_addChar(&url, separator);
if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1);
@@ -693,7 +696,7 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
const uchar *const message,
uchar **const tpls)
{
- size_t r = sizeof(META_TYPE)-1 + sizeof(META_END)-1 + sizeof("\n")-1;
+ size_t r = sizeof(META_END)-1 + sizeof("\n")-1;
if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE)
r += sizeof(META_STRT_CREATE)-1;
else

53
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch
View File

@ -1,53 +0,0 @@
diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
index f481ec3f7e..b297a9274f 100644
--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
@@ -623,7 +623,7 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
/* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */
uchar* actualSearchType = (uchar*)"_doc";
es_str_t *url;
- int r;
+ int r = 0;
DEFiRet;
instanceData *const pData = pWrkrData->pData;
char separator;
@@ -646,13 +646,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
if(searchIndex != NULL) {
r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
+ if(searchType != NULL && searchType[0] != '\0') {
+ actualSearchType = searchType;
+ }
if(r == 0) r = es_addChar(&url, '/');
-
- if(searchType != NULL) {
- actualSearchType = searchType;
+ if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType));
}
- if(r == 0) r = es_addChar(&url, '/');
- if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType));
if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
if(r == 0) r = es_addChar(&url, separator);
if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1);
@@ -714,7 +713,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
r += ustrlen(searchIndex);
}
if(searchType != NULL) {
- r += ustrlen(searchType);
+ if(searchType[0] == '\0') {
+ r += 4; // "_doc"
+ } else {
+ r += ustrlen(searchType);
+ }
}
if(parent != NULL) {
r += sizeof(META_PARENT)-1 + ustrlen(parent);
@@ -759,7 +762,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex,
ustrlen(searchIndex));
- if(searchType != NULL) {
+ if(searchType != NULL && searchType[0] != '\0') {
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1);
if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType,
ustrlen(searchType));

32
SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch
View File

@ -1,32 +0,0 @@
diff -up rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html
--- rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig 2023-05-11 15:56:24.308601241 +0200
+++ rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html 2023-05-11 15:57:11.000662477 +0200
@@ -156,6 +156,28 @@ this timeframe. Defaults to 3500.</p>
<p><em>Note, the health check is verifying connectivity only, not the state of
the Elasticsearch cluster.</em></p>
</div>
+
+<div class="section" id="esVersion.major">
+ <span id="id2"></span><h4>esVersion.major<a class="headerlink" href="#esVersion.major" title="Permalink to this headline">¶</a></h4>
+ <table border="1" class="colwidths-auto parameter-table docutils">
+ <thead valign="bottom">
+ <tr class="row-odd"><th class="head">type</th>
+ <th class="head">default</th>
+ <th class="head">mandatory</th>
+ <th class="head"><code class="docutils literal notranslate"><span class="pre">obsolete</span> <span class="pre">legacy</span></code> directive</th>
+ </tr>
+ </thead>
+ <tbody valign="top">
+ <tr class="row-even"><td>integer</td>
+ <td>0</td>
+ <td>no</td>
+ <td>none</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>ElasticSearch is notoriously bad at maintaining backwards compatibility. For this reason, the setting can be used to configure the servers major version number (e.g. 7, 8, …). As far as we know breaking changes only happen with major version changes. As of now, only value 8 triggers API changes. All other values select pre-version-8 API usage.</p>
+ </div>
+
<div class="section" id="searchindex">
<span id="id3"></span><h4>searchIndex<a class="headerlink" href="#searchindex" title="Permalink to this headline">¶</a></h4>
<table border="1" class="colwidths-auto parameter-table docutils">

109
SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
View File

@ -1,109 +0,0 @@
diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
--- rsyslog-8.2102.0/runtime/glbl.c.orig 2023-06-27 08:20:45.265387162 +0200
+++ rsyslog-8.2102.0/runtime/glbl.c 2023-06-27 08:20:45.262387154 +0200
@@ -230,7 +230,8 @@ static struct cnfparamdescr cnfparamdesc
{ "reverselookup.cache.ttl.enable", eCmdHdlrBinary, 0 },
{ "shutdown.queue.doublesize", eCmdHdlrBinary, 0 },
{ "debug.files", eCmdHdlrArray, 0 },
- { "debug.whitelist", eCmdHdlrBinary, 0 }
+ { "debug.whitelist", eCmdHdlrBinary, 0 },
+ { "libcapng.default", eCmdHdlrBinary, 0 }
};
static struct cnfparamblk paramblk =
{ CNFPARAMBLK_VERSION,
@@ -1315,6 +1316,13 @@ glblDoneLoadCnf(void)
if(!strcmp(paramblk.descr[i].name, "workdirectory")) {
cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
setWorkDir(NULL, cstr);
+ } else if(!strcmp(paramblk.descr[i].name, "libcapng.default")) {
+#ifdef ENABLE_LIBCAPNG
+ loadConf->globals.bAbortOnFailedLibcapngSetup = (int) cnfparamvals[i].val.d.n;
+#else
+ LogError(0, RS_RET_ERR, "rsyslog wasn't "
+ "compiled with libcap-ng support.");
+#endif
} else if(!strcmp(paramblk.descr[i].name, "variables.casesensitive")) {
const int val = (int) cnfparamvals[i].val.d.n;
fjson_global_do_case_sensitive_comparison(val);
diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-06-27 08:20:45.265387162 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.c 2023-06-27 08:20:45.264387159 +0200
@@ -146,6 +146,9 @@ int rsconfNeedDropPriv(rsconf_t *const c
static void cnfSetDefaults(rsconf_t *pThis)
{
+#ifdef ENABLE_LIBCAPNG
+ pThis->globals.bAbortOnFailedLibcapngSetup = 1;
+#endif
pThis->globals.bAbortOnUncleanConfig = 0;
pThis->globals.bReduceRepeatMsgs = 0;
pThis->globals.bDebugPrintTemplateList = 1;
diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
--- rsyslog-8.2102.0/runtime/rsconf.h.orig 2023-06-27 08:20:45.265387162 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.h 2023-06-27 08:20:45.260387149 +0200
@@ -61,6 +61,9 @@ struct queuecnf_s {
* be re-set as often as the user likes).
*/
struct globals_s {
+#ifdef ENABLE_LIBCAPNG
+ int bAbortOnFailedLibcapngSetup;
+#endif
int bDebugPrintTemplateList;
int bDebugPrintModuleList;
int bDebugPrintCfSysLineHandlerList;
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-06-27 08:20:45.245387109 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-06-27 08:31:35.250120215 +0200
@@ -2151,7 +2151,7 @@ main(int argc, char **argv)
/*
* Drop capabilities to the necessary set
*/
- int capng_rc;
+ int capng_rc, capng_failed = 0;
capng_clear(CAPNG_SELECT_BOTH);
if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
@@ -2161,10 +2161,9 @@ main(int argc, char **argv)
CAP_LEASE,
CAP_NET_ADMIN,
CAP_NET_BIND_SERVICE,
+ CAP_DAC_OVERRIDE,
CAP_SETGID,
CAP_SETUID,
- CAP_DAC_OVERRIDE,
- CAP_NET_RAW,
CAP_SYS_ADMIN,
CAP_SYS_CHROOT,
CAP_SYS_RESOURCE,
@@ -2173,17 +2172,25 @@ main(int argc, char **argv)
)) != 0) {
LogError(0, RS_RET_LIBCAPNG_ERR,
"could not update the internal posix capabilities settings "
- "based on the options passed to it, capng_updatev=%d\n", capng_rc);
- exit(-1);
+ "based on the options passed to it, capng_updatev=%d", capng_rc);
+ capng_failed = 1;
}
if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
LogError(0, RS_RET_LIBCAPNG_ERR,
- "could not transfer the specified internal posix capabilities "
- "settings to the kernel, capng_apply=%d\n", capng_rc);
- exit(-1);
+ "could not transfer the specified internal posix capabilities "
+ "settings to the kernel, capng_apply=%d", capng_rc);
+ capng_failed = 1;
+ }
+
+ if (capng_failed) {
+ DBGPRINTF("Capabilities were not dropped successfully.\n");
+ if (loadConf->globals.bAbortOnFailedLibcapngSetup) {
+ exit(RS_RET_LIBCAPNG_ERR);
+ }
+ } else {
+ DBGPRINTF("Capabilities were dropped successfully\n");
}
- DBGPRINTF("Capabilities were dropped successfully\n");
#endif
initAll(argc, argv);

145
SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
View File

@ -1,145 +0,0 @@
diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-06-27 08:56:27.321174891 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-06-27 08:58:17.977481782 +0200
@@ -1557,6 +1557,88 @@ initAll(int argc, char **argv)
resetErrMsgsFlag();
localRet = rsconf.Load(&ourConf, ConfFile);
+ #ifdef ENABLE_LIBCAPNG
+ /*
+ * Drop capabilities to the necessary set
+ */
+ int capng_rc, capng_failed = 0;
+ typedef struct capabilities_s {
+ int capability; /* capability code */
+ const char *name; /* name of the capability to be displayed */
+ sbool present; /* is the capability present that is needed by rsyslog? if so we do not drop it */
+ } capabilities_t;
+
+ capabilities_t capabilities[] = {
+ #define CAP_FIELD(code) { code, #code, 0 }
+ CAP_FIELD(CAP_BLOCK_SUSPEND),
+ CAP_FIELD(CAP_CHOWN),
+ CAP_FIELD(CAP_IPC_LOCK),
+ CAP_FIELD(CAP_LEASE),
+ CAP_FIELD(CAP_NET_ADMIN),
+ CAP_FIELD(CAP_NET_BIND_SERVICE),
+ CAP_FIELD(CAP_DAC_OVERRIDE),
+ CAP_FIELD(CAP_SETGID),
+ CAP_FIELD(CAP_SETUID),
+ CAP_FIELD(CAP_SYS_ADMIN),
+ CAP_FIELD(CAP_SYS_CHROOT),
+ CAP_FIELD(CAP_SYS_RESOURCE),
+ CAP_FIELD(CAP_SYSLOG)
+ #undef CAP_FIELD
+ };
+
+ if (capng_have_capabilities(CAPNG_SELECT_CAPS) > CAPNG_NONE) {
+ /* Examine which capabilities are available to us, so we do not try to
+ drop something that is not present. We need to do this in two steps,
+ because capng_clear clears the capability set. In the second step,
+ we add back those caps, which were present before clearing the selected
+ posix capabilities set.
+ */
+ unsigned long caps_len = sizeof(capabilities) / sizeof(capabilities_t);
+ for (unsigned long i = 0; i < caps_len; i++) {
+ if (capng_have_capability(CAPNG_EFFECTIVE, capabilities[i].capability)) {
+ capabilities[i].present = 1;
+ }
+ }
+
+ capng_clear(CAPNG_SELECT_BOTH);
+
+ for (unsigned long i = 0; i < caps_len; i++) {
+ if (capabilities[i].present) {
+ DBGPRINTF("The %s capability is present, "
+ "will try to preserve it.\n", capabilities[i].name);
+ if ((capng_rc = capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+ capabilities[i].capability)) != 0) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not update the internal posix capabilities settings "
+ "based on the options passed to it, capng_update=%d", capng_rc);
+ capng_failed = 1;
+ }
+ } else {
+ DBGPRINTF("The %s capability is not present, "
+ "will not try to preserve it.\n", capabilities[i].name);
+ }
+ }
+
+ if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
+ LogError(0, RS_RET_LIBCAPNG_ERR,
+ "could not transfer the specified internal posix capabilities "
+ "settings to the kernel, capng_apply=%d", capng_rc);
+ capng_failed = 1;
+ }
+
+ if (capng_failed) {
+ DBGPRINTF("Capabilities were not dropped successfully.\n");
+ if (loadConf->globals.bAbortOnFailedLibcapngSetup) {
+ ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR);
+ }
+ } else {
+ DBGPRINTF("Capabilities were dropped successfully\n");
+ }
+ } else {
+ DBGPRINTF("No capabilities to drop\n");
+ }
+#endif
+
if(fp_rs_full_conf_output != NULL) {
if(fp_rs_full_conf_output != stdout) {
fclose(fp_rs_full_conf_output);
@@ -2147,52 +2229,6 @@ main(int argc, char **argv)
bProcessInternalMessages = 1;
dbgClassInit();
-#ifdef ENABLE_LIBCAPNG
- /*
- * Drop capabilities to the necessary set
- */
- int capng_rc, capng_failed = 0;
- capng_clear(CAPNG_SELECT_BOTH);
-
- if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
- CAP_BLOCK_SUSPEND,
- CAP_CHOWN,
- CAP_IPC_LOCK,
- CAP_LEASE,
- CAP_NET_ADMIN,
- CAP_NET_BIND_SERVICE,
- CAP_DAC_OVERRIDE,
- CAP_SETGID,
- CAP_SETUID,
- CAP_SYS_ADMIN,
- CAP_SYS_CHROOT,
- CAP_SYS_RESOURCE,
- CAP_SYSLOG,
- -1
- )) != 0) {
- LogError(0, RS_RET_LIBCAPNG_ERR,
- "could not update the internal posix capabilities settings "
- "based on the options passed to it, capng_updatev=%d", capng_rc);
- capng_failed = 1;
- }
-
- if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
- LogError(0, RS_RET_LIBCAPNG_ERR,
- "could not transfer the specified internal posix capabilities "
- "settings to the kernel, capng_apply=%d", capng_rc);
- capng_failed = 1;
- }
-
- if (capng_failed) {
- DBGPRINTF("Capabilities were not dropped successfully.\n");
- if (loadConf->globals.bAbortOnFailedLibcapngSetup) {
- exit(RS_RET_LIBCAPNG_ERR);
- }
- } else {
- DBGPRINTF("Capabilities were dropped successfully\n");
- }
-#endif
-
initAll(argc, argv);
#ifdef HAVE_LIBSYSTEMD
sd_notify(0, "READY=1");

42
SOURCES/rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move-doc.patch Normal file
View File

@ -0,0 +1,42 @@
diff -up rsyslog-8.2310.0/doc/configuration/modules/imfile.html.orig rsyslog-8.2310.0/doc/configuration/modules/imfile.html
--- rsyslog-8.2310.0/doc/configuration/modules/imfile.html.orig 2023-11-06 09:34:00.022802039 +0100
+++ rsyslog-8.2310.0/doc/configuration/modules/imfile.html 2023-11-06 09:37:02.086613055 +0100
@@ -293,6 +293,30 @@ rsyslog needs write permissions to work
also might require SELinux definitions (or similar for other enhanced security
systems).</p>
</div>
+
+<div class="section" id="deletestateonfilemove">
+ <h4>deleteStateOnFileMove<a class="headerlink" href="#deletestateonfilemove" title="Permalink to this headline">¶</a></h4>
+ <table border="1" class="colwidths-auto parameter-table docutils">
+ <thead valign="bottom">
+ <tr class="row-odd"><th class="head">type</th>
+ <th class="head">default</th>
+ <th class="head">mandatory</th>
+ <th class="head"><code class="docutils literal notranslate"><span class="pre">obsolete</span> <span class="pre">legacy</span></code> directive</th>
+ </tr>
+ </thead>
+ <tbody valign="top">
+ <tr class="row-even"><td>binary</td>
+ <td>off</td>
+ <td>no</td>
+ <td>none</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>This parameter controls if state files are deleted if their associated main file is rotated via move. Usually, this is a good idea, because otherwise state files are not deleted when log rotation occurs.</p>
+
+<p>However, there is one situation where not deleting associated state file after log rotation makes sense: this is the case if a monitored file is later moved back to the same location as it was before.</p>
+</div>
+
</div>
<div class="section" id="input-parameters">
<h3>Input Parameters<a class="headerlink" href="#input-parameters" title="Permalink to this headline">¶</a></h3>
@@ -1237,6 +1261,7 @@ and Others.</p>
<li><a class="reference internal" href="#sortfiles">sortFiles</a></li>
<li><a class="reference internal" href="#pollinginterval">PollingInterval</a></li>
<li><a class="reference internal" href="#statefile-directory">statefile.directory</a></li>
+<li><a class="reference internal" href="#deletestateonfilemove">deleteStateOnFileMove</a></li>
</ul>
</li>
<li><a class="reference internal" href="#input-parameters">Input Parameters</a><ul>

103
SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch → SOURCES/rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move.patch
View File

@ -1,7 +1,17 @@
diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2102.0/plugins/imfile/imfile.c
--- rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking 2021-01-18 11:21:14.000000000 +0100
+++ rsyslog-8.2102.0/plugins/imfile/imfile.c 2022-03-28 12:51:03.572554843 +0200
@@ -259,6 +259,7 @@ struct modConfData_s {
From 0de0c4b274e7e33ed4a27b02d6046b62d612e29b Mon Sep 17 00:00:00 2001
From: alakatos <alakatos@redhat.com>
Date: Tue, 24 Oct 2023 15:43:19 +0200
Subject: [PATCH] Do not preserve statefile on file move
---
plugins/imfile/imfile.c | 45 ++++++++++++++++++++++++++++++-----------
1 file changed, 33 insertions(+), 12 deletions(-)
diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
index 5febd6db6..8769a185f 100644
--- a/plugins/imfile/imfile.c
+++ b/plugins/imfile/imfile.c
@@ -264,6 +264,7 @@ struct modConfData_s {
Must be manually reset to 0 if desired. Helper for
polling mode.
*/
@ -9,7 +19,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2
};
static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
static modConfData_t *runModConf = NULL;/* modConf ptr to use for run process */
@@ -305,7 +306,8 @@ static struct cnfparamdescr modpdescr[]
@@ -310,7 +311,8 @@ static struct cnfparamdescr modpdescr[] = {
{ "sortfiles", eCmdHdlrBinary, 0 },
{ "statefile.directory", eCmdHdlrString, 0 },
{ "normalizepath", eCmdHdlrBinary, 0 },
@ -19,7 +29,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2
};
static struct cnfparamblk modpblk =
{ CNFPARAMBLK_VERSION,
@@ -545,11 +547,20 @@ static int
@@ -551,11 +553,18 @@ static int
in_setupWatch(act_obj_t *const act, const int is_file)
{
int wd = -1;
@ -29,77 +39,27 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2
- wd = inotify_add_watch(ino_fd, act->name,
- (is_file) ? IN_MODIFY|IN_DONT_FOLLOW : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO);
+ // wd = inotify_add_watch(ino_fd, act->name,
+ // (is_file) ? IN_MODIFY|IN_DONT_FOLLOW : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO);
+ if(is_file)
+ if (is_file)
+ flags = IN_MODIFY|IN_DONT_FOLLOW;
+ else if(runModConf->deleteStateOnFileMove)
+ else if (runModConf->deleteStateOnFileMove)
+ flags = IN_CREATE|IN_DELETE|IN_MOVED_TO;
+ else
+ flags = IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO;
+ wd = inotify_add_watch(ino_fd, act->name, flags);
+
+ wd = inotify_add_watch(ino_fd, act->name, flags);
if(wd < 0) {
if (errno == EACCES) { /* There is high probability of selinux denial on top-level paths */
DBGPRINTF("imfile: permission denied when adding watch for '%s'\n", act->name);
@@ -713,7 +724,7 @@ act_obj_add(fs_edge_t *const edge, const
char basename[MAXFNAME];
DEFiRet;
int fd = -1;
-
+
DBGPRINTF("act_obj_add: edge %p, name '%s' (source '%s')\n", edge, name, source? source : "---");
for(act = edge->active ; act != NULL ; act = act->next) {
if(!strcmp(act->name, name)) {
@@ -977,9 +988,18 @@ act_obj_destroy(act_obj_t *const act, co
if(act == NULL)
return;
- DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
- act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted,
- act->in_move);
+ // DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
+ // act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted,
+ // act->in_move);
+ if (runModConf->deleteStateOnFileMove) {
+ DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d\n",
+ act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted);
+ } else {
+ DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
+ act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm,
+ is_deleted, act->in_move);
+ }
+
if(act->is_symlink && is_deleted) {
act_obj_t *target_act;
for(target_act = act->edge->active ; target_act != NULL ; target_act = target_act->next) {
@@ -996,13 +1016,15 @@ act_obj_destroy(act_obj_t *const act, co
pollFile(act); /* get any left-over data */
if(inst->bRMStateOnDel) {
statefn = getStateFileName(act, statefile, sizeof(statefile));
- getFullStateFileName(statefn, "", toDel, sizeof(toDel)); // TODO: check!
+ // getFullStateFileName(statefn, "", toDel, sizeof(toDel)); // TODO: check!
+ getFullStateFileName(statefn, act->file_id, toDel, sizeof(toDel)); // TODO: check!
statefn = toDel;
}
@@ -1059,7 +1068,7 @@ act_obj_destroy(act_obj_t *const act, const int is_deleted)
persistStrmState(act);
strm.Destruct(&act->pStrm);
/* we delete state file after destruct in case strm obj initiated a write */
- if(is_deleted && !act->in_move && inst->bRMStateOnDel) {
+ // if(is_deleted && !act->in_move && inst->bRMStateOnDel) {
+ if(is_deleted && inst->bRMStateOnDel && (runModConf->deleteStateOnFileMove || !act->in_move)) {
+ if(is_deleted && inst->bRMStateOnDel && (!act->in_move || runModConf->deleteStateOnFileMove)) {
DBGPRINTF("act_obj_destroy: deleting state file %s\n", statefn);
unlink((char*)statefn);
}
@@ -1012,6 +1034,7 @@ act_obj_destroy(act_obj_t *const act, co
}
#ifdef HAVE_INOTIFY_INIT
if(act->wd != -1) {
+ inotify_rm_watch(ino_fd, act->wd);
wdmapDel(act->wd);
}
#endif
@@ -2026,6 +2049,7 @@ CODESTARTbeginCnfLoad
@@ -2090,6 +2099,7 @@ CODESTARTbeginCnfLoad
loadModConf->timeoutGranularity = 1000; /* default: 1 second */
loadModConf->haveReadTimeouts = 0; /* default: no timeout */
loadModConf->normalizePath = 1;
@ -107,7 +67,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2
loadModConf->sortFiles = GLOB_NOSORT;
loadModConf->stateFileDirectory = NULL;
loadModConf->conf_tree = calloc(sizeof(fs_node_t), 1);
@@ -2085,6 +2109,8 @@ CODESTARTsetModCnf
@@ -2149,6 +2159,8 @@ CODESTARTsetModCnf
loadModConf->stateFileDirectory = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(modpblk.descr[i].name, "normalizepath")) {
loadModConf->normalizePath = (sbool) pvals[i].val.d.n;
@ -116,7 +76,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2
} else if(!strcmp(modpblk.descr[i].name, "mode")) {
if(!es_strconstcmp(pvals[i].val.d.estr, "polling"))
loadModConf->opMode = OPMODE_POLLING;
@@ -2388,16 +2414,35 @@ in_processEvent(struct inotify_event *ev
@@ -2452,16 +2464,25 @@ in_processEvent(struct inotify_event *ev)
DBGPRINTF("in_processEvent process Event %x is_file %d, act->name '%s'\n",
ev->mask, etry->act->edge->is_file, etry->act->name);
@ -127,17 +87,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2
- fs_node_walk(etry->act->edge->node, poll_tree);
- } else if(etry->act->edge->is_file && !(etry->act->is_symlink)) {
- in_handleFileEvent(ev, etry); // esentially poll_file()!
+ // if((ev->mask & IN_MOVED_FROM)) {
+ // flag_in_move(etry->act->edge->node->edges, ev->name);
+ // }
+ // if(ev->mask & (IN_MOVED_FROM | IN_MOVED_TO)) {
+ // fs_node_walk(etry->act->edge->node, poll_tree);
+ // } else if(etry->act->edge->is_file && !(etry->act->is_symlink)) {
+ // in_handleFileEvent(ev, etry); // esentially poll_file()!
+ // } else {
+ // fs_node_walk(etry->act->edge->node, poll_tree);
+ // }
+ if(!runModConf->deleteStateOnFileMove) {
+ if (!runModConf->deleteStateOnFileMove) {
+ if((ev->mask & IN_MOVED_FROM)) {
+ flag_in_move(etry->act->edge->node->edges, ev->name);
+ }
@ -160,3 +110,6 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2
done: return;
}
--
2.41.0

41
SOURCES/rsyslog-8.2310.0-omprog-binary-path.patch Normal file
View File

@ -0,0 +1,41 @@
diff -up rsyslog-8.2310.0/doc/configuration/modules/omprog.html.orig rsyslog-8.2310.0/doc/configuration/modules/omprog.html
--- rsyslog-8.2310.0/doc/configuration/modules/omprog.html.orig 2024-01-05 13:21:14.474252913 +0100
+++ rsyslog-8.2310.0/doc/configuration/modules/omprog.html 2024-01-05 13:25:09.128562192 +0100
@@ -144,8 +144,11 @@ passed to the external program.</p>
</tr>
</tbody>
</table>
-<p>Full path and command line parameters of the external program to execute.</p>
-<p>In legacy config, it is <strong>not possible</strong> to specify command line parameters.</p>
+<p>Full path and command line parameters of the external program to execute.
+ Arbitrary external programs should be placed under the /usr/libexec/rsyslog directory.
+ That is, the binaries put in this namespaced directory are meant for the consumption
+ of rsyslog, and are not intended to be executed by users.
+ In legacy config, it is <strong>not possible</strong> to specify command line parameters.</p>
</div>
<div class="section" id="confirmmessages">
<span id="id1"></span><h4>confirmMessages<a class="headerlink" href="#confirmmessages" title="Permalink to this headline">¶</a></h4>
@@ -587,12 +590,12 @@ multiple processes.</p>
<div class="section" id="example-command-line-arguments">
<h3>Example: command line arguments<a class="headerlink" href="#example-command-line-arguments" title="Permalink to this headline">¶</a></h3>
<p>In the following example, logs will be sent to a program <code class="docutils literal notranslate"><span class="pre">log.sh</span></code> located
-in <code class="docutils literal notranslate"><span class="pre">/path/to</span></code>. The program will receive the command line arguments
+in <code class="docutils literal notranslate"><span class="pre">/usr/libexec/rsyslog</span></code>. The program will receive the command line arguments
<code class="docutils literal notranslate"><span class="pre">p1</span></code>, <code class="docutils literal notranslate"><span class="pre">p2</span></code> and <code class="docutils literal notranslate"><span class="pre">--param3=&quot;value</span> <span class="pre">3&quot;</span></code>.</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>module(load=&quot;omprog&quot;)
action(type=&quot;omprog&quot;
- binary=&quot;/path/to/log.sh p1 p2 --param3=\&quot;value 3\&quot;&quot;
+ binary=&quot;/usr/libexec/rsyslog/log.sh p1 p2 --param3=\&quot;value 3\&quot;&quot;
template=&quot;RSYSLOG_TraditionalFileFormat&quot;)
</pre></div>
</div>
@@ -618,7 +621,7 @@ rsyslog will kill and restart it.</p>
action(type=&quot;omprog&quot;
name=&quot;db_forward&quot;
- binary=&quot;/usr/share/logging/db_forward.py&quot;
+ binary=&quot;/usr/libexec/rsyslog/db_forward.py&quot;
confirmMessages=&quot;on&quot;
confirmTimeout=&quot;30000&quot;
queue.type=&quot;LinkedList&quot;

11
SOURCES/rsyslog-8.2310.0-remove-state-on-file-delete.patch Normal file
View File

@ -0,0 +1,11 @@
diff -up rsyslog-8.2310.0/plugins/imfile/imfile.c.orig rsyslog-8.2310.0/plugins/imfile/imfile.c
--- rsyslog-8.2310.0/plugins/imfile/imfile.c.orig 2023-11-03 12:19:39.179103408 +0100
+++ rsyslog-8.2310.0/plugins/imfile/imfile.c 2023-11-03 12:19:54.228237199 +0100
@@ -1162,6 +1162,7 @@ fs_node_destroy(fs_node_t *const node)
DBGPRINTF("node destroy: %p edges:\n", node);
for(edge = node->edges ; edge != NULL ; ) {
+ detect_updates(edge);
fs_node_destroy(edge->node);
fs_edge_t *const toDel = edge;
edge = edge->next;

30
SOURCES/rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch
View File

@ -1,30 +0,0 @@
diff -up rsyslog-8.37.0/plugins/imptcp/imptcp.c.orig rsyslog-8.37.0/plugins/imptcp/imptcp.c
--- rsyslog-8.37.0/plugins/imptcp/imptcp.c.orig 2022-05-09 12:22:59.050623119 +0200
+++ rsyslog-8.37.0/plugins/imptcp/imptcp.c 2022-05-09 12:34:39.979854853 +0200
@@ -1032,7 +1032,10 @@ processDataRcvd(ptcpsess_t *const __rest
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ // *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->peerName, &propPeerName, &lenPeerName);
diff -up rsyslog-8.37.0/runtime/tcps_sess.c.orig rsyslog-8.37.0/runtime/tcps_sess.c
--- rsyslog-8.37.0/runtime/tcps_sess.c.orig 2022-05-09 12:23:12.789627661 +0200
+++ rsyslog-8.37.0/runtime/tcps_sess.c 2022-05-09 12:36:51.426898549 +0200
@@ -389,7 +389,10 @@ processDataRcvd(tcps_sess_t *pThis,
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ // *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->fromHost, &propPeerName, &lenPeerName);

1
SOURCES/rsyslog.conf
View File

@ -19,6 +19,7 @@ module(load="imuxsock" # provides support for local system logging (e.g. via
# local messages are retrieved through imjournal now.
module(load="imjournal" # provides access to the systemd journal
UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from
FileCreateMode="0644" # Set the access permissions for the state file
StateFile="imjournal.state") # File to store the position in the journal
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load="immark") # provides --MARK-- message capability

102
SPECS/rsyslog.spec
View File

@ -4,8 +4,8 @@
Summary: Enhanced system logging and kernel message trapping daemon
Name: rsyslog
Version: 8.2102.0
Release: 117%{?dist}
Version: 8.2310.0
Release: 4%{?dist}
License: (GPLv3+ and ASL 2.0)
URL: http://www.rsyslog.com/
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@ -18,38 +18,12 @@ Source5: rsyslog.service
# separatae sub-package with it statically linked(see rhbz#1713427)
Source6: qpid-proton-0.39.0.tar.gz
Patch0: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
Patch2: rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
Patch3: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
Patch4: rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
Patch6: rsyslog-8.2102.0-rhbz1938863-covscan.patch
Patch7: rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
Patch8: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch
Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch
Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch
Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
Patch13: rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch
Patch14: rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch
Patch15: rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch
Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch
Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch
Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch
Patch19: rsyslog-8.2102.0-capabilities-capnetraw.patch
Patch20: rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
Patch21: rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
Patch22: rsyslog-8.2102.0-rhbz2192955-es-0.patch
Patch23: rsyslog-8.2102.0-rhbz2192955-es-1.patch
Patch24: rsyslog-8.2102.0-rhbz2192955-es-2.patch
Patch25: rsyslog-8.2102.0-rhbz2192955-es-3.patch
Patch26: rsyslog-8.2102.0-rhbz2192955-es-4.patch
Patch27: rsyslog-8.2102.0-rhbz2192955-es-5.patch
Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch
Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch
Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch
Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch
Patch2: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
Patch3: rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move.patch
Patch4: rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move-doc.patch
Patch5: rsyslog-8.2310.0-remove-state-on-file-delete.patch
Patch6: rsyslog-8.2310.0-omprog-binary-path.patch
BuildRequires: make
BuildRequires: gcc
@ -70,7 +44,7 @@ BuildRequires: systemd-devel >= 204-8
BuildRequires: zlib-devel
BuildRequires: libcap-ng-devel
Conflicts: selinux-policy < 38.1.3-1
Conflicts: selinux-policy < 38.1.29-1
Recommends: %{name}-logrotate = %version-%release
Requires: bash >= 2.0
@ -278,7 +252,6 @@ container metadata.
%prep
# set up rsyslog-doc sources
%setup -q -a 1 -T -c
%patch0 -p1
rm -r LICENSE README.md source build/objects.inv
mv build doc
@ -287,37 +260,12 @@ mv build doc
# Unpack qpid-proton for rhel
%setup -q -D -T -b 6
%patch1 -p1 -b .default-tag
%patch2 -p1 -b .fd-leak-on-fsync
%patch3 -p1 -b .timeout
%patch4 -p1 -b .imuxsock-rate-limit
%patch5 -p1 -b .abort-on-id-resolution-fail
%patch6 -p1 -b .covscan
%patch7 -p1 -b .prioritize-SAN
%patch8 -p1 -b .errfile-maxsize
%patch10 -p1 -b .statefile-fix
%patch11 -p1
%patch12 -p1 -b .gnutls-broken-connection
%patch13 -p1 -b .CVE
%patch14 -p1 -b .extra-ca-files
%patch15 -p1 -b .extra-ca-files-doc
%patch16 -p1 -b .libcap-ng
%patch17 -p1 -b .imklog-leak
%patch18 -p1 -b .capabilities-drop-credential
%patch19 -p1 -b .capabilities-capnetraw
%patch20 -p1 -b .cstrlen
%patch21 -p1 -b .journalCOMM
%patch22 -p1 -b .es0
%patch23 -p1 -b .es1
%patch24 -p1 -b .es2
%patch25 -p1 -b .es3
%patch26 -p1 -b .es4
%patch27 -p1 -b .es5
%patch28 -p1 -b .es6
%patch29 -p1 -b .es-doc
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch -P 1 -p1
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
%patch -P 5 -p1
%patch -P 6 -p1
%build
# Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags
@ -422,6 +370,7 @@ install -d -m 755 %{buildroot}%{_sysconfdir}/rsyslog.d
install -d -m 700 %{buildroot}%{rsyslog_statedir}
install -d -m 700 %{buildroot}%{rsyslog_pkidir}
install -d -m 755 %{buildroot}%{rsyslog_docdir}/html
install -d -m 755 %{buildroot}%{_libexecdir}/%{name}
install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rsyslog.conf
install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog
@ -466,6 +415,7 @@ done
%dir %{_sysconfdir}/rsyslog.d
%dir %{rsyslog_statedir}
%dir %{rsyslog_pkidir}
%dir %{_libexecdir}/%{name}
%{_sbindir}/rsyslogd
%{_mandir}/man5/rsyslog.conf.5.gz
%{_mandir}/man8/rsyslogd.8.gz
@ -579,6 +529,24 @@ done
%changelog
* Tue Dec 12 2023 Attila Lakatos <alakatos@redhat.com> - 8.2310.0-4
- new directory for arbitrary external programs needed by omprog module
Resolves: RHEL-8676
* Mon Nov 06 2023 Attila Lakatos <alakatos@redhat.com> - 8.2310.0-3
- Rebase to 8.2310.0
Resolves: RHEL-5196
- Allow setting certificates for separate connections
Resolves: RHEL-937
- Capability dropping feature can be turned off
Resolves: RHEL-943
- imjournal: new module parameter filecreatemode
Resolves: RHEL-949
* Wed Sep 06 2023 Patrik Koncity <pkoncity@redhat.com> - 8.2102.0-118
- Add rsyslog CI for new MR in c9s
Resolves: RHEL-608
* Fri Jul 28 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-117
- Add back CAP_NET_RAW capability due to omudpspoof
resolves: rhbz#2216919