From 7c1c95b2e768b8b145847138d7b98fa492734d94 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 28 Mar 2024 11:42:38 +0000 Subject: [PATCH] import CS rsyslog-8.2310.0-4.el9 --- .gitignore | 4 +- .rsyslog.metadata | 4 +- ...hbz1659898-imjournal-default-tag-v2.patch} | 40 +- ...slog-8.2102.0-capabilities-capnetraw.patch | 11 - ....2102.0-capabilities-drop-credential.patch | 67 -- ...og-8.2102.0-libcapng-no-cap-support2.patch | 11 - ...-8.2102.0-rhbz1909639-statefiles-doc.patch | 47 -- ...rsyslog-8.2102.0-rhbz1938863-covscan.patch | 163 ----- ...8.2102.0-rhbz1960536-fdleak-on-fsync.patch | 20 - ...9-remove-abort-on-id-resolution-fail.patch | 102 --- ...102.0-rhbz1984616-imuxsock-ratelimit.patch | 26 - ...-8.2102.0-rhbz2021076-prioritize-SAN.patch | 11 - ...rhbz2046158-gnutls-broken-connection.patch | 215 ------ ...02.0-rhbz2064318-errfile-maxsize-doc.patch | 51 -- ...8.2102.0-rhbz2064318-errfile-maxsize.patch | 192 ----- ...102.0-rhbz2124849-extra-ca-files-doc.patch | 25 - ...-8.2102.0-rhbz2124849-extra-ca-files.patch | 682 ------------------ ...yslog-8.2102.0-rhbz2127404-libcap-ng.patch | 195 ----- ...og-8.2102.0-rhbz2129015-journal-COMM.patch | 12 - .../rsyslog-8.2102.0-rhbz2157658-imklog.patch | 20 - ...rsyslog-8.2102.0-rhbz2157804-cstrlen.patch | 72 -- .../rsyslog-8.2102.0-rhbz2192955-es-0.patch | 37 - .../rsyslog-8.2102.0-rhbz2192955-es-1.patch | 54 -- .../rsyslog-8.2102.0-rhbz2192955-es-2.patch | 43 -- .../rsyslog-8.2102.0-rhbz2192955-es-3.patch | 148 ---- .../rsyslog-8.2102.0-rhbz2192955-es-4.patch | 118 --- .../rsyslog-8.2102.0-rhbz2192955-es-5.patch | 40 - .../rsyslog-8.2102.0-rhbz2192955-es-6.patch | 53 -- .../rsyslog-8.2102.0-rhbz2192955-es-doc.patch | 32 - ....2102.0-rhbz2216919-libcapng-default.patch | 109 --- ....2102.0-rhbz2216919-libcapng-no-drop.patch | 145 ---- ...-preserve-statefile-on-file-move-doc.patch | 42 ++ ...not-preserve-statefile-on-file-move.patch} | 103 +-- .../rsyslog-8.2310.0-omprog-binary-path.patch | 41 ++ ...8.2310.0-remove-state-on-file-delete.patch | 11 + ...og-8.37.0-rhbz2081396-CVE-2022-24903.patch | 30 - SOURCES/rsyslog.conf | 1 + SPECS/rsyslog.spec | 102 +-- 38 files changed, 177 insertions(+), 2902 deletions(-) rename SOURCES/{rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch => rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch} (66%) delete mode 100644 SOURCES/rsyslog-8.2102.0-capabilities-capnetraw.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-capabilities-drop-credential.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1938863-covscan.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2157658-imklog.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch delete mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch create mode 100644 SOURCES/rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move-doc.patch rename SOURCES/{rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch => rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move.patch} (50%) create mode 100644 SOURCES/rsyslog-8.2310.0-omprog-binary-path.patch create mode 100644 SOURCES/rsyslog-8.2310.0-remove-state-on-file-delete.patch delete mode 100644 SOURCES/rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch diff --git a/.gitignore b/.gitignore index 91e367c..7903c69 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/qpid-proton-0.39.0.tar.gz -SOURCES/rsyslog-8.2102.0.tar.gz -SOURCES/rsyslog-doc-8.2102.0.tar.gz +SOURCES/rsyslog-8.2310.0.tar.gz +SOURCES/rsyslog-doc-8.2310.0.tar.gz diff --git a/.rsyslog.metadata b/.rsyslog.metadata index 129c428..5aa1760 100644 --- a/.rsyslog.metadata +++ b/.rsyslog.metadata @@ -1,3 +1,3 @@ e2fe5aada26415aeb1902435a8acf5ee388cb2cf SOURCES/qpid-proton-0.39.0.tar.gz -fdda78ed808e7a0dca03ead9227a0a5d913a050f SOURCES/rsyslog-8.2102.0.tar.gz -9c2188d435cb5f79c1c35749003bd2a61e7f2d07 SOURCES/rsyslog-doc-8.2102.0.tar.gz +702012a5ed36fe2a07bed78f80de1915787aac75 SOURCES/rsyslog-8.2310.0.tar.gz +9016da3bc06acdbde78ad83d129582c22fe444a1 SOURCES/rsyslog-doc-8.2310.0.tar.gz diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch b/SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch similarity index 66% rename from SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch rename to SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch index e9a188d..2d0d51d 100644 --- a/SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch +++ b/SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch @@ -1,7 +1,7 @@ -diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjournal.c ---- ./plugins/imjournal/imjournal.c.default-tag 2018-05-17 08:50:11.416418022 -0400 -+++ ./plugins/imjournal/imjournal.c 2018-05-17 08:53:02.884418022 -0400 -@@ -78,6 +78,7 @@ static struct configSettings_s { +diff -up rsyslog-8.2310.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2310.0/plugins/imjournal/imjournal.c +--- rsyslog-8.2310.0/plugins/imjournal/imjournal.c.orig 2023-10-10 16:42:39.771369418 +0200 ++++ rsyslog-8.2310.0/plugins/imjournal/imjournal.c 2023-10-10 16:51:39.839133580 +0200 +@@ -87,6 +87,7 @@ static struct configSettings_s { int bWorkAroundJournalBug; /* deprecated, left for backwards compatibility only */ int bFsync; int bRemote; @@ -9,7 +9,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn } cs; static rsRetVal facilityHdlr(uchar **pp, void *pVal); -@@ -93,7 +94,8 @@ static struct cnfparamdescr modpdescr[] +@@ -106,7 +107,8 @@ static struct cnfparamdescr modpdescr[] { "usepid", eCmdHdlrString, 0 }, { "workaroundjournalbug", eCmdHdlrBinary, 0 }, { "fsync", eCmdHdlrBinary, 0 }, @@ -19,7 +19,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn }; static struct cnfparamblk modpblk = { CNFPARAMBLK_VERSION, -@@ -104,6 +106,7 @@ static struct cnfparamblk modpblk = +@@ -117,6 +119,7 @@ static struct cnfparamblk modpblk = #define DFLT_persiststateinterval 10 #define DFLT_SEVERITY pri2sev(LOG_NOTICE) #define DFLT_FACILITY pri2fac(LOG_USER) @@ -27,37 +27,27 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn static int bLegacyCnfModGlobalsPermitted = 1;/* are legacy module-global config parameters permitted? */ -@@ -268,7 +271,7 @@ readjournal(void) - - /* Information from messages */ - char *message = NULL; -- char *sys_iden; -+ char *sys_iden = NULL; - char *sys_iden_help = NULL; - - const void *get; -@@ -331,7 +334,7 @@ readjournal(void) - if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) { - CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden)); +@@ -458,7 +461,7 @@ readjournal(void) + } else if (journalGetData("_COMM", &get, &length) >= 0) { + CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden)); } else { - CHKmalloc(sys_iden = strdup("journal")); + CHKmalloc(sys_iden = strdup(cs.dfltTag)); } /* trying to get PID, default is "SYSLOG_PID" property */ -@@ -654,6 +657,11 @@ CODESTARTrunInput - "\"usepidfromsystem\" is depricated, use \"usepid\" instead"); +@@ -826,6 +829,10 @@ CODESTARTrunInput + "\"usepidfromsystem\" is deprecated, use \"usepid\" instead"); } + if (cs.dfltTag == NULL) { + cs.dfltTag = strdup(DFLT_TAG); + } -+ + if (cs.usePid && (strcmp(cs.usePid, "system") == 0)) { pidFieldName = "_PID"; bPidFallBack = 0; -@@ -732,6 +740,7 @@ CODESTARTbeginCnfLoad +@@ -914,6 +921,7 @@ CODESTARTbeginCnfLoad cs.bWorkAroundJournalBug = 1; cs.bFsync = 0; cs.bRemote = 0; @@ -65,7 +55,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn ENDbeginCnfLoad -@@ -754,6 +763,7 @@ BEGINfreeCnf +@@ -983,6 +991,7 @@ BEGINfreeCnf CODESTARTfreeCnf free(cs.stateFile); free(cs.usePid); @@ -73,7 +63,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn free(journalContext.cursor); statsobj.Destruct(&(statsCounter.stats)); ENDfreeCnf -@@ -832,6 +842,8 @@ CODESTARTsetModCnf +@@ -1077,6 +1086,8 @@ CODESTARTsetModCnf cs.bFsync = (int) pvals[i].val.d.n; } else if (!strcmp(modpblk.descr[i].name, "remote")) { cs.bRemote = (int) pvals[i].val.d.n; @@ -82,7 +72,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn } else { dbgprintf("imjournal: program error, non-handled " "param '%s' in beginCnfLoad\n", modpblk.descr[i].name); -@@ -799,6 +820,8 @@ CODEmodInit_QueryRegCFSLineHdlr +@@ -1144,6 +1155,8 @@ CODEmodInit_QueryRegCFSLineHdlr facilityHdlr, &cs.iDfltFacility, STD_LOADABLE_MODULE_ID)); CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournalusepidfromsystem", 0, eCmdHdlrBinary, NULL, &cs.bUseJnlPID, STD_LOADABLE_MODULE_ID)); diff --git a/SOURCES/rsyslog-8.2102.0-capabilities-capnetraw.patch b/SOURCES/rsyslog-8.2102.0-capabilities-capnetraw.patch deleted file mode 100644 index 0857463..0000000 --- a/SOURCES/rsyslog-8.2102.0-capabilities-capnetraw.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c ---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-03-06 09:33:13.969300666 +0100 -+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-03-06 09:33:35.089326502 +0100 -@@ -2164,6 +2164,7 @@ main(int argc, char **argv) - CAP_SETGID, - CAP_SETUID, - CAP_DAC_OVERRIDE, -+ CAP_NET_RAW, - CAP_SYS_ADMIN, - CAP_SYS_CHROOT, - CAP_SYS_RESOURCE, diff --git a/SOURCES/rsyslog-8.2102.0-capabilities-drop-credential.patch b/SOURCES/rsyslog-8.2102.0-capabilities-drop-credential.patch deleted file mode 100644 index 2faf05c..0000000 --- a/SOURCES/rsyslog-8.2102.0-capabilities-drop-credential.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c ---- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-02-17 11:52:17.460043970 +0100 -+++ rsyslog-8.2102.0/runtime/rsconf.c 2023-02-17 12:00:49.881602881 +0100 -@@ -33,9 +33,6 @@ - #include - #include - #include --#ifdef ENABLE_LIBCAPNG -- #include --#endif - - #include "rsyslog.h" - #include "obj.h" -@@ -549,7 +546,7 @@ rsRetVal doDropPrivGid(void) - uchar szBuf[1024]; - DEFiRet; - --#ifndef ENABLE_LIBCAPNG -+ - if(!ourConf->globals.gidDropPrivKeepSupplemental) { - res = setgroups(0, NULL); /* remove all supplemental group IDs */ - if(res) { -@@ -567,15 +564,6 @@ rsRetVal doDropPrivGid(void) - "could not set requested group id: %s via setgid()", szBuf); - ABORT_FINALIZE(RS_RET_ERR_DROP_PRIV); - } --#else -- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP; -- res = capng_change_id(-1, ourConf->globals.gidDropPriv, capng_flags); -- if (res) { -- LogError(0, RS_RET_LIBCAPNG_ERR, -- "could not set requested group id %d via capng_change_id()", ourConf->globals.gidDropPriv); -- ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR); -- } --#endif - - DBGPRINTF("setgid(%d): %d\n", ourConf->globals.gidDropPriv, res); - snprintf((char*)szBuf, sizeof(szBuf), "rsyslogd's groupid changed to %d", -@@ -613,13 +601,8 @@ static void doDropPrivUid(int iUid) - iUid, szBuf); - } - --#ifndef ENABLE_LIBCAPNG -+ - res = setuid(iUid); -- // res = setuid(cnf->globals.uidDropPriv); --#else -- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP; -- res = capng_change_id(iUid, -1, capng_flags); --#endif - - if(res) { - /* if we can not set the userid, this is fatal, so let's unconditionally abort */ -diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c ---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-02-17 11:52:00.011011019 +0100 -+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-02-17 11:58:37.322491823 +0100 -@@ -2161,9 +2161,9 @@ main(int argc, char **argv) - CAP_LEASE, - CAP_NET_ADMIN, - CAP_NET_BIND_SERVICE, -- CAP_PERFMON, - CAP_SETGID, - CAP_SETUID, -+ CAP_DAC_OVERRIDE, - CAP_SYS_ADMIN, - CAP_SYS_CHROOT, - CAP_SYS_RESOURCE, diff --git a/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch b/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch deleted file mode 100644 index 91ef39c..0000000 --- a/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c ---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-07-28 11:11:36.253771848 +0200 -+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-07-28 11:11:57.628795339 +0200 -@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv) - capabilities_t capabilities[] = { - #define CAP_FIELD(code) { code, #code, 0 } - CAP_FIELD(CAP_BLOCK_SUSPEND), -+ CAP_FIELD(CAP_NET_RAW), - CAP_FIELD(CAP_CHOWN), - CAP_FIELD(CAP_IPC_LOCK), - CAP_FIELD(CAP_LEASE), diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch b/SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch deleted file mode 100644 index b717972..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff -up rsyslog-8.2102.0/doc/configuration/modules/imfile.html.state-file-leaking-doc rsyslog-8.2102.0/doc/configuration/modules/imfile.html ---- rsyslog-8.2102.0/doc/configuration/modules/imfile.html.state-file-leaking-doc 2021-02-15 12:53:31.000000000 +0100 -+++ rsyslog-8.2102.0/doc/configuration/modules/imfile.html 2022-03-29 10:35:07.187827004 +0200 -@@ -294,6 +294,28 @@ rsyslog needs write permissions to work - also might require SELinux definitions (or similar for other enhanced security - systems).

- -+
-+

deleteStateOnFileMove

-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
typedefaultmandatoryobsolete legacy directive
binaryoffnonone
-+

This parameter controls if state files are deleted if their associated main file is rotated via move. Usually, this is a good idea, because otherwise state files are not deleted when log rotation occurs.

-+ -+

However, there is one situation where not deleting associated state file after log rotation makes sense: this is the case if a monitored file is later moved back to the same location as it was before.

-+
- -
-

Input Parameters

-@@ -1214,6 +1236,7 @@ and Others.

-
  • sortFiles
    • -
  • PollingInterval
    • -
  • statefile.directory
    • -+
  • deleteStateOnFileMove
    • - - -
  • Input Parameters
      -@@ -1311,4 +1334,4 @@ and Others.

      - - -- -\ No newline at end of file -+ diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1938863-covscan.patch b/SOURCES/rsyslog-8.2102.0-rhbz1938863-covscan.patch deleted file mode 100644 index 931987a..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz1938863-covscan.patch +++ /dev/null @@ -1,163 +0,0 @@ -diff -up rsyslog-8.2102.0/contrib/imdocker/imdocker.c.covscan rsyslog-8.2102.0/contrib/imdocker/imdocker.c ---- rsyslog-8.2102.0/contrib/imdocker/imdocker.c.covscan 2021-01-18 11:21:14.000000000 +0100 -+++ rsyslog-8.2102.0/contrib/imdocker/imdocker.c 2021-07-22 14:10:31.877231143 +0200 -@@ -1527,6 +1527,7 @@ process_json(sbool isInit, const char* j - pInstances->last_container_id, - (unsigned)pInstances->last_container_created); - } -+ // coverity[leaked_storage : FALSE] - CHKiRet(dockerContLogsInstSetUrlById(isInit, pInst, - pInstances->curlm, containerId)); - CHKiRet(dockerContLogReqsAdd(pInstances, pInst)); -diff -up rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c.covscan rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c ---- rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c.covscan 2020-10-03 19:06:47.000000000 +0200 -+++ rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c 2021-07-22 14:10:31.877231143 +0200 -@@ -324,7 +324,6 @@ BEGINnewActInst - struct cnfparamvals *pvals; - int i; - int iNumTpls; -- uchar *keydup = NULL; - CODESTARTnewActInst - if((pvals = nvlstGetParams(lst, &actpblk, NULL)) == NULL) - ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS); -@@ -417,14 +416,11 @@ CODESTARTnewActInst - CHKiRet(OMSRsetEntry(*ppOMSR, 0, (uchar*)pData->tplName, OMSR_NO_RQD_TPL_OPTS)); - - if (pData->dynaKey) { -- CHKmalloc(keydup = ustrdup(pData->key)); - CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(pData->key), OMSR_NO_RQD_TPL_OPTS)); -- keydup = NULL; /* handed over */ - } - - CODE_STD_FINALIZERnewActInst - cnfparamvalsDestruct(pvals, &actpblk); -- free(keydup); - ENDnewActInst - - -diff -up rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c.covscan rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c ---- rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c.covscan 2021-01-18 11:21:14.000000000 +0100 -+++ rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c 2021-07-22 14:10:31.877231143 +0200 -@@ -778,6 +778,7 @@ static rsRetVal publishRabbitMQ(wrkrInst - ABORT_FINALIZE(RS_RET_RABBITMQ_CONN_ERR); - } - -+ // coverity[identical_branches : FALSE] - if (manage_error(amqp_basic_publish(self->a_conn, 1, exchange, routing_key, - 0, 0, p_amqp_props, body_bytes), "amqp_basic_publish")) { - /* error already notified */ -diff -up rsyslog-8.2102.0/grammar/rainerscript.c.covscan rsyslog-8.2102.0/grammar/rainerscript.c ---- rsyslog-8.2102.0/grammar/rainerscript.c.covscan 2021-02-15 12:06:16.000000000 +0100 -+++ rsyslog-8.2102.0/grammar/rainerscript.c 2021-07-22 14:10:31.878231140 +0200 -@@ -2814,7 +2814,7 @@ evalVar(struct cnfvar *__restrict__ cons - if(bMustBeFreed) - free(pszProp); - } -- -+ // coverity[leaked_storage : FALSE] - } - - /* perform a string comparision operation against a while array. Semantic is -diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.covscan rsyslog-8.2102.0/plugins/imfile/imfile.c ---- rsyslog-8.2102.0/plugins/imfile/imfile.c.covscan 2021-01-18 11:21:14.000000000 +0100 -+++ rsyslog-8.2102.0/plugins/imfile/imfile.c 2021-07-22 14:10:31.878231140 +0200 -@@ -1278,6 +1278,7 @@ static void ATTR_NONNULL(1) - getFileID(act_obj_t *const act) - { - char tmp_id[FILE_ID_HASH_SIZE]; -+ // coverity[buffer_size_warning : FALSE] - strncpy(tmp_id, (const char*)act->file_id, FILE_ID_HASH_SIZE); - act->file_id[0] = '\0'; - assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */ -@@ -1290,6 +1291,7 @@ getFileID(act_obj_t *const act) - DBGPRINTF("getFileID partial or error read, ret %d\n", r); - } - if (strncmp(tmp_id, act->file_id, FILE_ID_HASH_SIZE)) {/* save the old id for cleaning purposes */ -+ // coverity[buffer_size_warning : FALSE] - strncpy(act->file_id_prev, tmp_id, FILE_ID_HASH_SIZE); - } - DBGPRINTF("getFileID for '%s', file_id_hash '%s'\n", act->name, act->file_id); -@@ -1544,6 +1546,7 @@ openFileWithoutStateFile(act_obj_t *cons - const int fd = open(act->name, O_RDONLY | O_CLOEXEC); - if(fd >= 0) { - act->pStrm->iCurrOffs = lseek64(fd, 0, SEEK_END); -+ close(fd); - if(act->pStrm->iCurrOffs < 0) { - act->pStrm->iCurrOffs = 0; - LogError(errno, RS_RET_ERR, "imfile: could not query current " -diff -up rsyslog-8.2102.0/plugins/imptcp/imptcp.c.covscan rsyslog-8.2102.0/plugins/imptcp/imptcp.c ---- rsyslog-8.2102.0/plugins/imptcp/imptcp.c.covscan 2021-01-18 11:21:14.000000000 +0100 -+++ rsyslog-8.2102.0/plugins/imptcp/imptcp.c 2021-07-22 14:10:31.878231140 +0200 -@@ -1920,6 +1920,7 @@ lstnActivity(ptcplstn_t *const pLstn) - } - - finalize_it: -+ // coverity[leaked_handle : FALSE] - RETiRet; - } - -diff -up rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c.covscan rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c ---- rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c.covscan 2020-10-03 19:06:47.000000000 +0200 -+++ rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c 2021-07-22 14:10:31.879231138 +0200 -@@ -394,7 +394,7 @@ CODEmodInit_QueryRegCFSLineHdlr - ABORT_FINALIZE(RS_RET_NO_MSG_PASSING); - } - -- -+ // coverity[identical_branches : FALSE] - CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, - resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID)); - ENDmodInit -diff -up rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c.covscan rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c ---- rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c.covscan 2020-10-03 19:06:47.000000000 +0200 -+++ rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c 2021-07-22 14:10:31.879231138 +0200 -@@ -368,6 +368,7 @@ writeDataError(wrkrInstanceData_t *const - } - - finalize_it: -+ // coverity[leaked_storage : FALSE] - RETiRet; - } - -diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.covscan rsyslog-8.2102.0/runtime/nsd_gtls.c ---- rsyslog-8.2102.0/runtime/nsd_gtls.c.covscan 2021-01-18 11:21:14.000000000 +0100 -+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2021-07-22 14:17:06.183174167 +0200 -@@ -227,7 +227,7 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis) - pThis->bOurKeyIsInit = 1; - CHKgnutls(gnutls_x509_privkey_import(pThis->ourKey, &data, GNUTLS_X509_FMT_PEM)); - free(data.data); -- -+ data.data = NULL; - - finalize_it: - if(iRet == RS_RET_CERTLESS) { -diff -up rsyslog-8.2102.0/runtime/nsd_ptcp.c.covscan rsyslog-8.2102.0/runtime/nsd_ptcp.c ---- rsyslog-8.2102.0/runtime/nsd_ptcp.c.covscan 2021-02-15 08:20:04.000000000 +0100 -+++ rsyslog-8.2102.0/runtime/nsd_ptcp.c 2021-07-22 14:10:31.879231138 +0200 -@@ -191,6 +191,7 @@ SetTlsVerifyDepth(nsd_t __attribute__((u - nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; - DEFiRet; - ISOBJ_TYPE_assert((pThis), nsd_ptcp); -+ // coverity[identical_branches : FALSE] - if (verifyDepth == 0) { - FINALIZE; - } -diff -up rsyslog-8.2102.0/tools/rsyslogd.c.covscan rsyslog-8.2102.0/tools/rsyslogd.c ---- rsyslog-8.2102.0/tools/rsyslogd.c.covscan 2021-01-18 11:21:14.000000000 +0100 -+++ rsyslog-8.2102.0/tools/rsyslogd.c 2021-07-22 14:10:31.879231138 +0200 -@@ -293,6 +293,7 @@ writePidFile(void) - free((void*)tmpPidFile); - } - finalize_it: -+ // coverity[leaked_storage : FALSE] - RETiRet; - } - -@@ -1026,6 +1027,7 @@ splitOversizeMessage(smsg_t *const pMsg) - /* if necessary, write partial last segment */ - if(len_last_segment != 0) { - CHKmalloc(pMsg_seg = MsgDup(pMsg)); -+ // coverity[copy_paste_error : FALSE] - MsgSetRawMsg(pMsg_seg, rawmsg + (nsegments * maxlen), len_last_segment); - submitMsg2(pMsg_seg); - } diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch b/SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch deleted file mode 100644 index f95dd5a..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c ---- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-15 12:30:35.238832058 +0200 -+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-15 12:32:04.699721356 +0200 -@@ -565,6 +565,8 @@ persistJournalState(void) - ABORT_FINALIZE(RS_RET_IO_ERROR); - } - -+ fflush(sf); -+ - /* change the name of the file to the configured one */ - if (rename(tmp_sf, cs.stateFile) < 0) { - LogError(errno, iRet, "imjournal: rename() failed for new path: '%s'", cs.stateFile); -@@ -586,6 +588,7 @@ persistJournalState(void) - LogError(errno, RS_RET_IO_ERROR, "imjournal: fsync on '%s' failed", glbl.GetWorkDir()); - ABORT_FINALIZE(RS_RET_IO_ERROR); - } -+ closedir(wd); - } - - DBGPRINTF("Persisted journal to '%s'\n", cs.stateFile); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch b/SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch deleted file mode 100644 index 344eef6..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch +++ /dev/null @@ -1,102 +0,0 @@ -diff -up rsyslog-8.2102.0/runtime/cfsysline.c.orig rsyslog-8.2102.0/runtime/cfsysline.c ---- rsyslog-8.2102.0/runtime/cfsysline.c.orig 2021-08-04 07:16:02.663163106 +0200 -+++ rsyslog-8.2102.0/runtime/cfsysline.c 2021-08-04 07:18:05.952490008 +0200 -@@ -353,13 +353,8 @@ static rsRetVal doGetGID(uchar **pp, rsR - assert(*pp != NULL); - - if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) { -- if(loadConf->globals.abortOnIDResolutionFail) { -- fprintf(stderr, "could not extract group name: %s\n", (char*)szName); -- exit(1); /* good exit */ -- } else { -- LogError(0, RS_RET_NOT_FOUND, "could not extract group name"); -- ABORT_FINALIZE(RS_RET_NOT_FOUND); -- } -+ LogError(0, RS_RET_NOT_FOUND, "could not extract group name"); -+ ABORT_FINALIZE(RS_RET_NOT_FOUND); - } - - do { -@@ -380,10 +375,6 @@ static rsRetVal doGetGID(uchar **pp, rsR - LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", szName); - } - iRet = RS_RET_NOT_FOUND; -- if(loadConf->globals.abortOnIDResolutionFail) { -- fprintf(stderr, "ID for group '%s' could not be found or error\n", szName); -- exit(1); /* good exit */ -- } - } else { - if(pSetHdlr == NULL) { - /* we should set value directly to var */ -@@ -418,25 +409,15 @@ static rsRetVal doGetUID(uchar **pp, rsR - assert(*pp != NULL); - - if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) { -- if(loadConf->globals.abortOnIDResolutionFail) { -- fprintf(stderr, "could not extract user name: %s\n", (char*)szName); -- exit(1); /* good exit */ -- } else { -- LogError(0, RS_RET_NOT_FOUND, "could not extract user name"); -- ABORT_FINALIZE(RS_RET_NOT_FOUND); -- } -+ LogError(0, RS_RET_NOT_FOUND, "could not extract user name"); -+ ABORT_FINALIZE(RS_RET_NOT_FOUND); - } - - getpwnam_r((char*)szName, &pwBuf, stringBuf, sizeof(stringBuf), &ppwBuf); - - if(ppwBuf == NULL) { -- if(loadConf->globals.abortOnIDResolutionFail) { -- fprintf(stderr, "ID for user '%s' could not be found or error\n", (char*)szName); -- exit(1); /* good exit */ -- } else { -- LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName); -- iRet = RS_RET_NOT_FOUND; -- } -+ LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName); -+ iRet = RS_RET_NOT_FOUND; - } else { - if(pSetHdlr == NULL) { - /* we should set value directly to var */ -diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c ---- rsyslog-8.2102.0/runtime/glbl.c.orig 2021-08-04 07:18:19.301633677 +0200 -+++ rsyslog-8.2102.0/runtime/glbl.c 2021-08-04 07:19:02.409019106 +0200 -@@ -210,7 +210,6 @@ static struct cnfparamdescr cnfparamdesc - { "environment", eCmdHdlrArray, 0 }, - { "processinternalmessages", eCmdHdlrBinary, 0 }, - { "umask", eCmdHdlrFileCreateMode, 0 }, -- { "security.abortonidresolutionfail", eCmdHdlrBinary, 0 }, - { "internal.developeronly.options", eCmdHdlrInt, 0 }, - { "internalmsg.ratelimit.interval", eCmdHdlrPositiveInt, 0 }, - { "internalmsg.ratelimit.burst", eCmdHdlrPositiveInt, 0 }, -@@ -1443,8 +1442,6 @@ glblDoneLoadCnf(void) - glblInputTimeoutShutdown = (int) cnfparamvals[i].val.d.n; - } else if(!strcmp(paramblk.descr[i].name, "privdrop.group.keepsupplemental")) { - loadConf->globals.gidDropPrivKeepSupplemental = (int) cnfparamvals[i].val.d.n; -- } else if(!strcmp(paramblk.descr[i].name, "security.abortonidresolutionfail")) { -- loadConf->globals.abortOnIDResolutionFail = (int) cnfparamvals[i].val.d.n; - } else if(!strcmp(paramblk.descr[i].name, "net.acladdhostnameonfail")) { - *(net.pACLAddHostnameOnFail) = (int) cnfparamvals[i].val.d.n; - } else if(!strcmp(paramblk.descr[i].name, "net.aclresolvehostname")) { -diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c ---- rsyslog-8.2102.0/runtime/rsconf.c.orig 2021-08-04 07:19:13.103104854 +0200 -+++ rsyslog-8.2102.0/runtime/rsconf.c 2021-08-04 07:19:44.635357684 +0200 -@@ -156,7 +156,6 @@ static void cnfSetDefaults(rsconf_t *pTh - pThis->globals.maxErrMsgToStderr = -1; - pThis->globals.umask = -1; - pThis->globals.gidDropPrivKeepSupplemental = 0; -- pThis->globals.abortOnIDResolutionFail = 1; - pThis->templates.root = NULL; - pThis->templates.last = NULL; - pThis->templates.lastStatic = NULL; -diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h ---- rsyslog-8.2102.0/runtime/rsconf.h.orig 2021-08-04 07:20:15.848607958 +0200 -+++ rsyslog-8.2102.0/runtime/rsconf.h 2021-08-04 07:20:42.782823920 +0200 -@@ -73,7 +73,6 @@ struct globals_s { - int uidDropPriv; /* user-id to which priveleges should be dropped to */ - int gidDropPriv; /* group-id to which priveleges should be dropped to */ - int gidDropPrivKeepSupplemental; /* keep supplemental groups when dropping? */ -- int abortOnIDResolutionFail; - int umask; /* umask to use */ - uchar *pszConfDAGFile; /* name of config DAG file, non-NULL means generate one */ - diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch b/SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch deleted file mode 100644 index 710f48c..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -up rsyslog-8.2102.0/runtime/ratelimit.c.orig rsyslog-8.2102.0/runtime/ratelimit.c ---- rsyslog-8.2102.0/runtime/ratelimit.c.orig 2021-07-27 10:37:50.972903104 +0200 -+++ rsyslog-8.2102.0/runtime/ratelimit.c 2021-07-27 10:38:26.141002988 +0200 -@@ -235,7 +235,6 @@ ratelimitMsg(ratelimit_t *__restrict__ c - { - DEFiRet; - rsRetVal localRet; -- int severity = 0; - - *ppRepMsg = NULL; - -@@ -246,13 +245,12 @@ ratelimitMsg(ratelimit_t *__restrict__ c - DBGPRINTF("Message discarded, parsing error %d\n", localRet); - ABORT_FINALIZE(RS_RET_DISCARDMSG); - } -- severity = pMsg->iSeverity; - } - } - - /* Only the messages having severity level at or below the - * treshold (the value is >=) are subject to ratelimiting. */ -- if(ratelimit->interval && (severity >= ratelimit->severity)) { -+ if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) { - char namebuf[512]; /* 256 for FGDN adn 256 for APPNAME should be enough */ - snprintf(namebuf, sizeof namebuf, "%s:%s", getHOSTNAME(pMsg), - getAPPNAME(pMsg, 0)); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch b/SOURCES/rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch deleted file mode 100644 index 20817c6..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up ./rsyslog-8.2102.0/runtime/nsd_gtls.c.ori ./rsyslog-8.2102.0/runtime/nsd_gtls.c ---- rsyslog-8.2102.0/runtime/nsd_gtls.c.ori 2022-01-17 15:50:08.285827256 +0100 -+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2022-01-17 15:52:33.282594512 +0100 -@@ -1791,6 +1791,7 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew - pNew->gnutlsPriorityString = pThis->gnutlsPriorityString; - pNew->DrvrVerifyDepth = pThis->DrvrVerifyDepth; - pNew->dataTypeCheck = pThis->dataTypeCheck; -+ pNew->bSANpriority = pThis->bSANpriority; - - /* if we reach this point, we are in TLS mode */ - iRet = gtlsInitSession(pNew); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch b/SOURCES/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch deleted file mode 100644 index 0c3a3a7..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch +++ /dev/null @@ -1,215 +0,0 @@ -diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.orig rsyslog-8.2102.0/runtime/nsd_gtls.c ---- rsyslog-8.2102.0/runtime/nsd_gtls.c.orig 2022-04-11 09:26:17.826271989 +0200 -+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2022-04-11 09:33:28.702012052 +0200 -@@ -556,7 +556,9 @@ gtlsRecordRecv(nsd_gtls_t *pThis) - DEFiRet; - - ISOBJ_TYPE_assert(pThis, nsd_gtls); -- DBGPRINTF("gtlsRecordRecv: start\n"); -+ DBGPRINTF("gtlsRecordRecv: start (Pending Data: %zd | Wanted Direction: %s)\n", -+ gnutls_record_check_pending(pThis->sess), -+ (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ ? "READ" : "WRITE") ); - - lenRcvd = gnutls_record_recv(pThis->sess, pThis->pszRcvBuf, NSD_GTLS_MAX_RCVBUF); - if(lenRcvd >= 0) { -@@ -581,14 +583,30 @@ gtlsRecordRecv(nsd_gtls_t *pThis) - (NSD_GTLS_MAX_RCVBUF+lenRcvd)); - pThis->lenRcvBuf = NSD_GTLS_MAX_RCVBUF+lenRcvd; - } else { -- goto sslerr; -+ if (lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) { -+ goto sslerragain; /* Go to ERR AGAIN handling */ -+ } else { -+ /* Do all other error handling */ -+ int gnuRet = lenRcvd; -+ ABORTgnutls; -+ } - } - } - } else if(lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) { --sslerr: -- pThis->rtryCall = gtlsRtry_recv; -- dbgprintf("GnuTLS receive requires a retry (this most probably is OK and no error condition)\n"); -- ABORT_FINALIZE(RS_RET_RETRY); -+sslerragain: -+ /* Check if the underlaying file descriptor needs to read or write data!*/ -+ if (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ) { -+ pThis->rtryCall = gtlsRtry_recv; -+ dbgprintf("GnuTLS receive requires a retry, this most probably is OK and no error condition\n"); -+ ABORT_FINALIZE(RS_RET_RETRY); -+ } else { -+ uchar *pErr = gtlsStrerror(lenRcvd); -+ LogError(0, RS_RET_GNUTLS_ERR, "GnuTLS receive error %zd has wrong read direction(wants write) " -+ "- this could be caused by a broken connection. GnuTLS reports: %s\n", -+ lenRcvd, pErr); -+ free(pErr); -+ ABORT_FINALIZE(RS_RET_GNUTLS_ERR); -+ } - } else { - int gnuRet = lenRcvd; - ABORTgnutls; -@@ -1978,6 +1996,7 @@ static rsRetVal - Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) - { - int iSent; -+ int wantsWriteData = 0; - nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; - DEFiRet; - ISOBJ_TYPE_assert(pThis, nsd_gtls); -@@ -1998,10 +2017,12 @@ Send(nsd_t *pNsd, uchar *pBuf, ssize_t * - break; - } - if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN) { -+ /* Check if the underlaying file descriptor needs to read or write data!*/ -+ wantsWriteData = gnutls_record_get_direction(pThis->sess); - uchar *pErr = gtlsStrerror(iSent); -- LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d - this " -- "could be caused by a broken connection. GnuTLS reports: %s \n", -- iSent, pErr); -+ LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d, wantsWriteData=%d - this " -+ "could be caused by a broken connection. GnuTLS reports: %s\n", -+ iSent, wantsWriteData, pErr); - free(pErr); - gnutls_perror(iSent); - ABORT_FINALIZE(RS_RET_GNUTLS_ERR); -diff -up rsyslog-8.2102.0/runtime/nsd_gtls.h.orig rsyslog-8.2102.0/runtime/nsd_gtls.h ---- rsyslog-8.2102.0/runtime/nsd_gtls.h.orig 2022-04-11 09:26:32.744262781 +0200 -+++ rsyslog-8.2102.0/runtime/nsd_gtls.h 2022-04-11 09:34:29.909982895 +0200 -@@ -33,6 +33,11 @@ typedef enum { - gtlsRtry_recv = 2 - } gtlsRtryCall_t; /**< IDs of calls that needs to be retried */ - -+typedef enum { -+ gtlsDir_READ = 0, /**< GNUTLS wants READ */ -+ gtlsDir_WRITE = 1 /**< GNUTLS wants WRITE */ -+} gtlsDirection_t; -+ - typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */ - - /* the nsd_gtls object */ -diff -up rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig rsyslog-8.2102.0/runtime/nsdsel_gtls.c ---- rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig 2022-04-11 09:26:42.529256742 +0200 -+++ rsyslog-8.2102.0/runtime/nsdsel_gtls.c 2022-04-11 09:38:27.425869737 +0200 -@@ -81,6 +81,7 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds - - ISOBJ_TYPE_assert(pThis, nsdsel_gtls); - ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls); -+ DBGPRINTF("Add on nsd %p:\n", pNsdGTLS); - if(pNsdGTLS->iMode == 1) { - if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) { - ++pThis->iBufferRcvReady; -@@ -99,6 +100,8 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds - } - } - -+ dbgprintf("nsdsel_gtls: reached end on nsd %p, calling nsdsel_ptcp.Add with waitOp %d... \n", pNsdGTLS, waitOp); -+ - /* if we reach this point, we need no special handling */ - CHKiRet(nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp)); - -@@ -120,7 +123,8 @@ Select(nsdsel_t *pNsdsel, int *piNumRead - if(pThis->iBufferRcvReady > 0) { - /* we still have data ready! */ - *piNumReady = pThis->iBufferRcvReady; -- dbgprintf("nsdsel_gtls: doing dummy select, data present\n"); -+ dbgprintf("nsdsel_gtls: doing dummy select for %p->iBufferRcvReady=%d, data present\n", -+ pThis, pThis->iBufferRcvReady); - } else { - iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady); - } -@@ -138,7 +142,7 @@ doRetry(nsd_gtls_t *pNsd) - DEFiRet; - int gnuRet; - -- dbgprintf("GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall); -+ dbgprintf("doRetry: GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall); - - /* We follow a common scheme here: first, we do the systen call and - * then we check the result. So far, the result is checked after the -@@ -151,7 +155,7 @@ doRetry(nsd_gtls_t *pNsd) - case gtlsRtry_handshake: - gnuRet = gnutls_handshake(pNsd->sess); - if(gnuRet == GNUTLS_E_AGAIN || gnuRet == GNUTLS_E_INTERRUPTED) { -- dbgprintf("GnuTLS handshake retry did not finish - " -+ dbgprintf("doRetry: GnuTLS handshake retry did not finish - " - "setting to retry (this is OK and can happen)\n"); - FINALIZE; - } else if(gnuRet == 0) { -@@ -167,9 +171,20 @@ doRetry(nsd_gtls_t *pNsd) - } - break; - case gtlsRtry_recv: -- dbgprintf("retrying gtls recv, nsd: %p\n", pNsd); -- CHKiRet(gtlsRecordRecv(pNsd)); -- pNsd->rtryCall = gtlsRtry_None; /* we are done */ -+ dbgprintf("doRetry: retrying gtls recv, nsd: %p\n", pNsd); -+ iRet = gtlsRecordRecv(pNsd); -+ if (iRet == RS_RET_RETRY) { -+ // Check if there is pending data -+ size_t stBytesLeft = gnutls_record_check_pending(pNsd->sess); -+ if (stBytesLeft > 0) { -+ // We are in retry and more data waiting, finalize it -+ goto finalize_it; -+ } else { -+ dbgprintf("doRetry: gtlsRecordRecv returned RETRY, but there is no pending" -+ "data on nsd: %p\n", pNsd); -+ } -+ } -+ pNsd->rtryCall = gtlsRtry_None; /* no more data, we are done */ - gnuRet = 0; - break; - case gtlsRtry_None: -@@ -241,7 +256,7 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, - * socket. -- rgerhards, 2010-11-20 - */ - if(pThis->iBufferRcvReady) { -- dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n"); -+ dbgprintf("nsd_gtls: dummy read, %p->buffer not available for this FD\n", pThis); - *pbIsReady = 0; - FINALIZE; - } -diff -up rsyslog-8.2102.0/runtime/tcpsrv.c.orig rsyslog-8.2102.0/runtime/tcpsrv.c ---- rsyslog-8.2102.0/runtime/tcpsrv.c.orig 2022-04-11 09:27:00.376245726 +0200 -+++ rsyslog-8.2102.0/runtime/tcpsrv.c 2022-04-11 09:41:57.885777708 +0200 -@@ -609,14 +609,15 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t * - int oserr = 0; - - ISOBJ_TYPE_assert(pThis, tcpsrv); -- DBGPRINTF("netstream %p with new data\n", (*ppSess)->pStrm); -+ prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer); -+ DBGPRINTF("netstream %p with new data from remote peer %s\n", (*ppSess)->pStrm, pszPeer); - /* Receive message */ - iRet = pThis->pRcvData(*ppSess, buf, sizeof(buf), &iRcvd, &oserr); - switch(iRet) { - case RS_RET_CLOSED: - if(pThis->bEmitMsgOnClose) { - errno = 0; -- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer); -+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer); - LogError(0, RS_RET_PEER_CLOSED_CONN, "Netstream session %p closed by remote " - "peer %s.\n", (*ppSess)->pStrm, pszPeer); - } -@@ -632,13 +633,13 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t * - /* in this case, something went awfully wrong. - * We are instructed to terminate the session. - */ -- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer); -+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer); - LogError(oserr, localRet, "Tearing down TCP Session from %s", pszPeer); - CHKiRet(closeSess(pThis, ppSess, pPoll)); - } - break; - default: -- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer); -+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer); - LogError(oserr, iRet, "netstream session %p from %s will be closed due to error", - (*ppSess)->pStrm, pszPeer); - CHKiRet(closeSess(pThis, ppSess, pPoll)); -@@ -838,6 +839,7 @@ RunSelect(tcpsrv_t *pThis, nsd_epworkset - while(iTCPSess != -1) { - /* TODO: access to pNsd is NOT really CLEAN, use method... */ - CHKiRet(nssel.Add(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD)); -+ DBGPRINTF("tcpsrv process session %d:\n", iTCPSess); - /* now get next... */ - iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess); - } diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch b/SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch deleted file mode 100644 index 01a6fc4..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch +++ /dev/null @@ -1,51 +0,0 @@ ---- a/source/configuration/actions.rst 2020-01-13 09:35:54.000000000 +0100 -+++ b/source/configuration/actions.rst 2022-03-09 10:46:23.945881936 +0100 -@@ -90,6 +90,12 @@ - provided to the action in question, the action name as well as - the rsyslog status code roughly explaining why it failed. - -+- **action.errorfile.maxsize** integer -+ -+ In some cases, error file needs to be limited in size. -+ This option allows specifying a maximum size, in bytes, for the error file. -+ When error file reaches that size, no more errors are written to it. -+ - - **action.execOnlyOnceEveryInterval** integer - - Execute action only if the last execute is at last seconds in the ---- a/build/_sources/configuration/actions.rst.txt 2020-01-13 09:35:54.000000000 +0100 -+++ b/build/_sources/configuration/actions.rst.txt 2022-03-09 11:17:44.391213038 +0100 -@@ -90,6 +90,12 @@ - provided to the action in question, the action name as well as - the rsyslog status code roughly explaining why it failed. - -+- **action.errorfile.maxsize** integer -+ -+ In some cases, error file needs to be limited in size. -+ This option allows specifying a maximum size, in bytes, for the error file. -+ When error file reaches that size, no more errors are written to it. -+ - - **action.execOnlyOnceEveryInterval** integer - - Execute action only if the last execute is at last seconds in the ---- a/build/configuration/actions.html 2021-02-15 12:53:30.000000000 +0100 -+++ b/build/configuration/actions.html 2022-03-09 11:27:04.035799702 +0100 -@@ -122,6 +122,11 @@ - provided to the action in question, the action name as well as - the rsyslog status code roughly explaining why it failed.

      - -+

    • action.errorfile.maxsize integer

      -+

      In some cases, error file needs to be limited in size. -+This option allows specifying a maximum size, in bytes, for the error file. -+When error file reaches that size, no more errors are written to it.

      -+
      • -

    • action.execOnlyOnceEveryInterval integer

      -

      Execute action only if the last execute is at last seconds in the - past (more info in ommail, but may be used with any action)

      -@@ -672,4 +677,4 @@ - - -- -\ No newline at end of file -+ diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch b/SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch deleted file mode 100644 index ba5bec9..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch +++ /dev/null @@ -1,192 +0,0 @@ ---- rsyslog-8.2102.0-ori/action.c 2021-02-15 12:06:16.000000000 +0100 -+++ rsyslog-8.2102.0-changes/action.c 2022-03-10 11:00:11.027242300 +0100 -@@ -198,6 +198,7 @@ - { "name", eCmdHdlrGetWord, 0 }, /* legacy: actionname */ - { "type", eCmdHdlrString, CNFPARAM_REQUIRED }, /* legacy: actionname */ - { "action.errorfile", eCmdHdlrString, 0 }, -+ { "action.errorfile.maxsize", eCmdHdlrInt, 0 }, - { "action.writeallmarkmessages", eCmdHdlrBinary, 0 }, /* legacy: actionwriteallmarkmessages */ - { "action.execonlyeverynthtime", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtime */ - { "action.execonlyeverynthtimetimeout", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtimetimeout */ -@@ -400,6 +401,8 @@ - pThis->iResumeRetryCount = 0; - pThis->pszName = NULL; - pThis->pszErrFile = NULL; -+ pThis->maxErrFileSize = 0; -+ pThis->errFileWritten = 0; - pThis->pszExternalStateFile = NULL; - pThis->fdErrFile = -1; - pThis->bWriteAllMarkMsgs = 1; -@@ -1436,6 +1439,14 @@ - pThis->pszName, pThis->pszErrFile); - goto done; - } -+ if (pThis->maxErrFileSize > 0) { -+ struct stat statbuf; -+ if (fstat(pThis->fdErrFile, &statbuf) == -1) { -+ LogError(errno, RS_RET_ERR, "failed to fstat %s", pThis->pszErrFile); -+ goto done; -+ } -+ pThis->errFileWritten += statbuf.st_size; -+ } - } - - for(int i = 0 ; i < nparams ; ++i) { -@@ -1454,16 +1465,26 @@ - char *const rendered = strdup((char*)fjson_object_to_json_string(etry)); - if(rendered == NULL) - goto done; -- const size_t toWrite = strlen(rendered) + 1; -- /* note: we use the '\0' inside the string to store a LF - we do not -- * otherwise need it and it safes us a copy/realloc. -- */ -- rendered[toWrite-1] = '\n'; /* NO LONGER A STRING! */ -- const ssize_t wrRet = write(pThis->fdErrFile, rendered, toWrite); -- if(wrRet != (ssize_t) toWrite) { -- LogError(errno, RS_RET_IO_ERROR, -- "action %s: error writing errorFile %s, write returned %lld", -- pThis->pszName, pThis->pszErrFile, (long long) wrRet); -+ size_t toWrite = strlen(rendered) + 1; -+ // Check if need to truncate the amount of bytes to write -+ if (pThis->maxErrFileSize > 0) { -+ if (pThis->errFileWritten + toWrite > pThis->maxErrFileSize) { -+ // Truncate to the pending available -+ toWrite = pThis->maxErrFileSize - pThis->errFileWritten; -+ } -+ pThis->errFileWritten += toWrite; -+ } -+ if(toWrite > 0) { -+ /* note: we use the '\0' inside the string to store a LF - we do not -+ * otherwise need it and it safes us a copy/realloc. -+ */ -+ rendered[toWrite-1] = '\n'; /* NO LONGER A STRING! */ -+ const ssize_t wrRet = write(pThis->fdErrFile, rendered, toWrite); -+ if(wrRet != (ssize_t) toWrite) { -+ LogError(errno, RS_RET_IO_ERROR, -+ "action %s: error writing errorFile %s, write returned %lld", -+ pThis->pszName, pThis->pszErrFile, (long long) wrRet); -+ } - } - free(rendered); - -@@ -2048,6 +2069,8 @@ - continue; /* this is handled seperately during module select! */ - } else if(!strcmp(pblk.descr[i].name, "action.errorfile")) { - pAction->pszErrFile = es_str2cstr(pvals[i].val.d.estr, NULL); -+ } else if(!strcmp(pblk.descr[i].name, "action.errorfile.maxsize")) { -+ pAction->maxErrFileSize = pvals[i].val.d.n; - } else if(!strcmp(pblk.descr[i].name, "action.externalstate.file")) { - pAction->pszExternalStateFile = es_str2cstr(pvals[i].val.d.estr, NULL); - } else if(!strcmp(pblk.descr[i].name, "action.writeallmarkmessages")) { ---- rsyslog-8.2102.0-ori/action.h 2020-10-03 19:06:47.000000000 +0200 -+++ rsyslog-8.2102.0-changes/action.h 2022-03-04 11:36:47.024588972 +0100 -@@ -77,6 +77,8 @@ - /* error file */ - const char *pszErrFile; - int fdErrFile; -+ size_t maxErrFileSize; -+ size_t errFileWritten; - pthread_mutex_t mutErrFile; - /* external stat file system */ - const char *pszExternalStateFile; ---- rsyslog-8.2102.0-ori/tests/Makefile.am 2021-02-15 12:06:16.000000000 +0100 -+++ rsyslog-8.2102.0-changes/tests/Makefile.am 2022-03-04 11:38:01.625095709 +0100 -@@ -695,7 +695,8 @@ - mysql-actq-mt.sh \ - mysql-actq-mt-withpause.sh \ - action-tx-single-processing.sh \ -- action-tx-errfile.sh -+ action-tx-errfile.sh \ -+ action-tx-errfile-maxsize.sh - - mysql-basic.log: mysqld-start.log - mysql-basic-cnf6.log: mysqld-start.log -@@ -2156,6 +2157,8 @@ - sndrcv_omudpspoof_nonstdpt.sh \ - sndrcv_gzip.sh \ - action-tx-single-processing.sh \ -+ omfwd-errfile-maxsize.sh \ -+ action-tx-errfile-maxsize.sh \ - action-tx-errfile.sh \ - testsuites/action-tx-errfile.result \ - pipeaction.sh \ ---- rsyslog-8.2102.0-ori/tests/omfwd-errfile-maxsize.sh 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0-changes/tests/omfwd-errfile-maxsize.sh 2022-03-04 11:39:02.060506234 +0100 -@@ -0,0 +1,17 @@ -+#!/bin/bash -+# part of the rsyslog project, released under ASL 2.0 -+. ${srcdir:=.}/diag.sh init -+ -+export MAX_ERROR_SIZE=1999 -+ -+generate_conf -+add_conf ' -+action(type="omfwd" target="1.2.3.4" port="1234" Protocol="tcp" NetworkNamespace="doesNotExist" -+ action.errorfile="'$RSYSLOG2_OUT_LOG'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'") -+' -+startup -+shutdown_when_empty -+wait_shutdown -+check_file_exists ${RSYSLOG2_OUT_LOG} -+file_size_check ${RSYSLOG2_OUT_LOG} ${MAX_ERROR_SIZE} -+exit_test ---- rsyslog-8.2102.0-ori/tests/action-tx-errfile-maxsize.sh 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0-changes/tests/action-tx-errfile-maxsize.sh 2022-03-04 11:59:22.592796989 +0100 -@@ -0,0 +1,35 @@ -+#!/bin/bash -+# part of the rsyslog project, released under ASL 2.0 -+ -+. ${srcdir:=.}/diag.sh init -+ -+export NUMMESSAGES=50 # enough to generate big file -+export MAX_ERROR_SIZE=100 -+ -+generate_conf -+add_conf ' -+$ModLoad ../plugins/ommysql/.libs/ommysql -+global(errormessagestostderr.maxnumber="5") -+ -+template(type="string" name="tpl" string="insert into SystemEvents (Message, Facility) values (\"%msg%\", %$!facility%)" option.sql="on") -+ -+if((not($msg contains "error")) and ($msg contains "msgnum:")) then { -+ set $.num = field($msg, 58, 2); -+ if $.num % 2 == 0 then { -+ set $!facility = $syslogfacility; -+ } else { -+ set $/cntr = 0; -+ } -+ action(type="ommysql" name="mysql_action_errfile_maxsize" server="127.0.0.1" template="tpl" -+ db="'$RSYSLOG_DYNNAME'" uid="rsyslog" pwd="testbench" action.errorfile="'$RSYSLOG2_OUT_LOG'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'") -+} -+' -+mysql_prep_for_test -+startup -+injectmsg -+shutdown_when_empty -+wait_shutdown -+mysql_get_data -+check_file_exists ${RSYSLOG2_OUT_LOG} -+file_size_check ${RSYSLOG2_OUT_LOG} ${MAX_ERROR_SIZE} -+exit_test ---- rsyslog-8.2102.0/tests/omfwd-errfile-maxsize-filled.sh 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0-changes/tests/omfwd-errfile-maxsize-filled.sh 2022-03-08 16:24:01.174365289 +0100 -@@ -0,0 +1,19 @@ -+#!/bin/bash -+# part of the rsyslog project, released under ASL 2.0 -+. ${srcdir:=.}/diag.sh init -+ERRFILE=$(mktemp) -+export MAX_ERROR_SIZE=1999 -+export INITIAL_FILE_SIZE=$((MAX_ERROR_SIZE - 100)) -+dd if=/dev/urandom of=${ERRFILE} bs=1 count=${INITIAL_FILE_SIZE} -+generate_conf -+add_conf ' -+action(type="omfwd" target="1.2.3.4" port="1234" Protocol="tcp" NetworkNamespace="doesNotExist" -+ action.errorfile="'$ERRFILE'" action.errorfile.maxsize="'$MAX_ERROR_SIZE'") -+' -+startup -+shutdown_when_empty -+wait_shutdown -+check_file_exists ${ERRFILE} -+file_size_check ${ERRFILE} ${MAX_ERROR_SIZE} -+exit_test -+rm ${ERRFILE} diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch b/SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch deleted file mode 100644 index 5c46529..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- rsyslog-8.2102.0/doc/configuration/global/index.html 2021-02-15 12:53:30.000000000 +0100 -+++ rsyslog-8.2102.0.backup.doc.202209071236/doc/configuration/global/index.html 2022-09-07 12:33:21.318360707 +0200 -@@ -119,7 +119,14 @@ - network stream driver to use. - Defaults to ptcp.

      -
      • --

    • $DefaultNetstreamDriverCAFile </path/to/cafile.pem>

      -+

    • $DefaultNetstreamDriverCAFile </path/to/cafile.pem>

      -+
      • -+

    • $NetstreamDriverCAExtraFiles </path/to/extracafile.pem> - -+This directive allows to configure multiple additional extra CA files. -+This is intended for SSL certificate chains to work appropriately, -+as the different CA files in the chain need to be specified. -+It must be remarked that this directive only works with the OpenSSL driver. -+

      -
      • -

    • $DefaultNetstreamDriverCertFile </path/to/certfile.pem>

      -
      • -@@ -311,4 +318,4 @@ - - -- -\ No newline at end of file -+ diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch b/SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch deleted file mode 100644 index 172bc51..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch +++ /dev/null @@ -1,682 +0,0 @@ ---- rsyslog-8.2102.0.ori/runtime/glbl.h 2020-10-03 19:06:47.000000000 +0200 -+++ rsyslog-8.2102.0/runtime/glbl.h 2022-09-06 11:13:31.538674778 +0200 -@@ -72,6 +72,7 @@ - SIMP_PROP(DfltNetstrmDrvrCAF, uchar*) - SIMP_PROP(DfltNetstrmDrvrKeyFile, uchar*) - SIMP_PROP(DfltNetstrmDrvrCertFile, uchar*) -+ SIMP_PROP(NetstrmDrvrCAExtraFiles, uchar*) - SIMP_PROP(ParserControlCharacterEscapePrefix, uchar) - SIMP_PROP(ParserDropTrailingLFOnReception, int) - SIMP_PROP(ParserEscapeControlCharactersOnReceive, int) ---- rsyslog-8.2102.0.ori/runtime/glbl.c 2022-09-06 10:37:26.440149338 +0200 -+++ rsyslog-8.2102.0/runtime/glbl.c 2022-09-06 11:12:06.198378210 +0200 -@@ -122,6 +122,7 @@ - static uchar *pszDfltNetstrmDrvrCAF = NULL; /* default CA file for the netstrm driver */ - static uchar *pszDfltNetstrmDrvrKeyFile = NULL; /* default key file for the netstrm driver (server) */ - static uchar *pszDfltNetstrmDrvrCertFile = NULL; /* default cert file for the netstrm driver (server) */ -+static uchar *pszNetstrmDrvrCAExtraFiles = NULL; /* list of additional CAExtraFiles */ - int bTerminateInputs = 0; /* global switch that inputs shall terminate ASAP (1=> terminate) */ - static uchar cCCEscapeChar = '#'; /* character to be used to start an escape sequence for control chars */ - static int bDropTrailingLF = 1; /* drop trailing LF's on reception? */ -@@ -176,6 +177,7 @@ - { "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 }, - { "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 }, - { "defaultnetstreamdriver", eCmdHdlrString, 0 }, -+ { "netstreamdrivercaextrafiles", eCmdHdlrString, 0 }, - { "maxmessagesize", eCmdHdlrSize, 0 }, - { "oversizemsg.errorfile", eCmdHdlrGetWord, 0 }, - { "oversizemsg.report", eCmdHdlrBinary, 0 }, -@@ -307,6 +309,8 @@ - /* TODO: use custom function which frees existing value */ - SIMP_PROP_SET(DfltNetstrmDrvrCertFile, pszDfltNetstrmDrvrCertFile, uchar*) - /* TODO: use custom function which frees existing value */ -+SIMP_PROP_SET(NetstrmDrvrCAExtraFiles, pszNetstrmDrvrCAExtraFiles, uchar*) -+/* TODO: use custom function which frees existing value */ - - #undef SIMP_PROP - #undef SIMP_PROP_SET -@@ -830,6 +834,13 @@ - return(pszDfltNetstrmDrvr == NULL ? DFLT_NETSTRM_DRVR : pszDfltNetstrmDrvr); - } - -+/* return the additional ca extra files */ -+static uchar* -+GetNetstrmDrvrCAExtraFiles(void) -+{ -+ return(pszNetstrmDrvrCAExtraFiles); -+} -+ - - /* return the current default netstream driver CA File */ - static uchar* -@@ -925,6 +936,7 @@ - SIMP_PROP(DfltNetstrmDrvrCAF) - SIMP_PROP(DfltNetstrmDrvrKeyFile) - SIMP_PROP(DfltNetstrmDrvrCertFile) -+ SIMP_PROP(NetstrmDrvrCAExtraFiles) - #ifdef USE_UNLIMITED_SELECT - SIMP_PROP(FdSetSize) - #endif -@@ -945,6 +957,8 @@ - pszDfltNetstrmDrvrKeyFile = NULL; - free(pszDfltNetstrmDrvrCertFile); - pszDfltNetstrmDrvrCertFile = NULL; -+ free(pszNetstrmDrvrCAExtraFiles); -+ pszNetstrmDrvrCAExtraFiles = NULL; - free(LocalHostNameOverride); - LocalHostNameOverride = NULL; - free(oversizeMsgErrorFile); -@@ -1350,6 +1364,9 @@ - free(pszDfltNetstrmDrvr); - pszDfltNetstrmDrvr = (uchar*) - es_str2cstr(cnfparamvals[i].val.d.estr, NULL); -+ } else if(!strcmp(paramblk.descr[i].name, "netstreamdrivercaextrafiles")) { -+ free(pszNetstrmDrvrCAExtraFiles); -+ pszNetstrmDrvrCAExtraFiles = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL); - } else if(!strcmp(paramblk.descr[i].name, "preservefqdn")) { - bPreserveFQDN = (int) cnfparamvals[i].val.d.n; - } else if(!strcmp(paramblk.descr[i].name, -@@ -1546,6 +1563,8 @@ - &pszDfltNetstrmDrvrKeyFile, NULL)); - CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdrivercertfile", 0, eCmdHdlrGetWord, NULL, - &pszDfltNetstrmDrvrCertFile, NULL)); -+ CHKiRet(regCfSysLineHdlr((uchar *)"netstreamdrivercaextrafiles", 0, eCmdHdlrGetWord, NULL, -+ &pszNetstrmDrvrCAExtraFiles, NULL)); - CHKiRet(regCfSysLineHdlr((uchar *)"localhostname", 0, eCmdHdlrGetWord, NULL, &LocalHostNameOverride, NULL)); - CHKiRet(regCfSysLineHdlr((uchar *)"localhostipif", 0, eCmdHdlrGetWord, setLocalHostIPIF, NULL, NULL)); - CHKiRet(regCfSysLineHdlr((uchar *)"optimizeforuniprocessor", 0, eCmdHdlrGoneAway, NULL, NULL, NULL)); -@@ -1579,6 +1598,7 @@ - free(pszDfltNetstrmDrvrCAF); - free(pszDfltNetstrmDrvrKeyFile); - free(pszDfltNetstrmDrvrCertFile); -+ free(pszNetstrmDrvrCAExtraFiles); - free(pszWorkDir); - free(LocalDomain); - free(LocalHostName); ---- rsyslog-8.2102.0.ori/runtime/nsd_ossl.c 2021-01-18 11:21:14.000000000 +0100 -+++ rsyslog-8.2102.0/runtime/nsd_ossl.c 2022-09-06 11:25:18.144130340 +0200 -@@ -88,6 +88,7 @@ - static short bHaveCA; - static short bHaveCert; - static short bHaveKey; -+static short bHaveExtraCAFiles; - static int bAnonInit; - static MUTEX_TYPE anonInit_mut = PTHREAD_MUTEX_INITIALIZER; - -@@ -413,7 +414,8 @@ - { - DEFiRet; - DBGPRINTF("openssl: entering osslGlblInit\n"); -- const char *caFile, *certFile, *keyFile; -+ const char *caFile, *certFile, *keyFile, *extraCaFile; -+ char *extraCaFiles; - - /* Setup OpenSSL library */ - if((opensslh_THREAD_setup() == 0) || !SSL_library_init()) { -@@ -450,9 +452,27 @@ - } else { - bHaveKey = 1; - } -+ extraCaFiles = (char*) glbl.GetNetstrmDrvrCAExtraFiles(); -+ if(extraCaFiles == NULL) { -+ bHaveExtraCAFiles = 0; -+ } else { -+ bHaveExtraCAFiles = 1; -+ } - - /* Create main CTX Object */ - ctx = SSL_CTX_new(SSLv23_method()); -+ if(bHaveExtraCAFiles == 1) { -+ while((extraCaFile = strsep(&extraCaFiles, ","))) { -+ if(SSL_CTX_load_verify_locations(ctx, extraCaFile, NULL) != 1) { -+ LogError(0, RS_RET_TLS_CERT_ERR, "Error: Extra Certificate file could not be accessed. " -+ "Check at least: 1) file path is correct, 2) file exist, " -+ "3) permissions are correct, 4) file content is correct. " -+ "Open ssl error info may follow in next messages"); -+ osslLastSSLErrorMsg(0, NULL, LOG_ERR, "osslGlblInit"); -+ ABORT_FINALIZE(RS_RET_TLS_CERT_ERR); -+ } -+ } -+ } - if(bHaveCA == 1 && SSL_CTX_load_verify_locations(ctx, caFile, NULL) != 1) { - LogError(0, RS_RET_TLS_CERT_ERR, "Error: CA certificate could not be accessed. " - "Check at least: 1) file path is correct, 2) file exist, " -@@ -476,7 +496,7 @@ - "Open ssl error info may follow in next messages"); - osslLastSSLErrorMsg(0, NULL, LOG_ERR, "osslGlblInit"); - ABORT_FINALIZE(RS_RET_TLS_KEY_ERR); -- } -+ } - - /* Set CTX Options */ - SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); /* Disable insecure SSLv2 Protocol */ ---- rsyslog-8.2102.0.ori/tests/Makefile.am 2022-09-06 10:37:26.447149363 +0200 -+++ rsyslog-8.2102.0/tests/Makefile.am 2022-09-06 12:05:55.443600359 +0200 -@@ -1247,7 +1247,8 @@ - sndrcv_tls_ossl_servercert_gtls_clientanon.sh \ - sndrcv_tls_ossl_serveranon_gtls_clientanon.sh \ - sndrcv_tls_gtls_servercert_ossl_clientanon.sh \ -- sndrcv_tls_gtls_serveranon_ossl_clientanon.sh -+ sndrcv_tls_gtls_serveranon_ossl_clientanon.sh \ -+ sndrcv_ossl_cert_chain.sh - endif - endif - -@@ -2575,6 +2576,7 @@ - sndrcv_tls_ossl_serveranon_gtls_clientanon.sh \ - sndrcv_tls_gtls_servercert_ossl_clientanon.sh \ - sndrcv_tls_gtls_serveranon_ossl_clientanon.sh \ -+ sndrcv_ossl_cert_chain.sh \ - omtcl.sh \ - omtcl.tcl \ - pmsnare-default.sh \ ---- rsyslog-8.2102.0.ori/tests/sndrcv_ossl_cert_chain.sh 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0/tests/sndrcv_ossl_cert_chain.sh 2022-09-06 10:48:41.512496691 +0200 -@@ -0,0 +1,76 @@ -+#!/bin/bash -+# alorbach, 2019-01-16 -+# This file is part of the rsyslog project, released under ASL 2.0 -+. ${srcdir:=.}/diag.sh init -+export NUMMESSAGES=1000 -+# uncomment for debugging support: -+#export RSYSLOG_DEBUG="debug nostdout noprintmutexaction" -+export RSYSLOG_DEBUGLOG="log" -+generate_conf -+export PORT_RCVR="$(get_free_port)" -+### This is important, as it must be exactly the same -+### as the ones configured in used certificates -+export HOSTNAME="fedora" -+add_conf ' -+global( -+ DefaultNetstreamDriver="ossl" -+ DefaultNetstreamDriverCAFile="'$srcdir/testsuites/certchain/ca-cert.pem'" -+ DefaultNetstreamDriverCertFile="'$srcdir/testsuites/certchain/server-cert.pem'" -+ DefaultNetstreamDriverKeyFile="'$srcdir/testsuites/certchain/server-key.pem'" -+ NetstreamDriverCAExtraFiles="'$srcdir/testsuites/certchain/ca-root-cert.pem'" -+) -+ -+module( load="../plugins/imtcp/.libs/imtcp" -+ StreamDriver.Name="ossl" -+ StreamDriver.Mode="1" -+ PermittedPeer="'$HOSTNAME'" -+ StreamDriver.AuthMode="x509/name" ) -+# then SENDER sends to this port (not tcpflood!) -+input( type="imtcp" port="'$PORT_RCVR'" ) -+ -+$template outfmt,"%msg:F,58:2%\n" -+$template dynfile,"'$RSYSLOG_OUT_LOG'" # trick to use relative path names! -+:msg, contains, "msgnum:" ?dynfile;outfmt -+' -+startup -+export RSYSLOG_DEBUGLOG="log2" -+#valgrind="valgrind" -+generate_conf 2 -+export TCPFLOOD_PORT="$(get_free_port)" -+add_conf ' -+global( -+ defaultNetstreamDriverCAFile="'$srcdir/testsuites/certchain/ca-root-cert.pem'" -+ defaultNetstreamDriverCertFile="'$srcdir/testsuites/certchain/client-cert.pem'" -+ defaultNetstreamDriverKeyFile="'$srcdir/testsuites/certchain/client-key.pem'" -+) -+ -+# Note: no TLS for the listener, this is for tcpflood! -+$ModLoad ../plugins/imtcp/.libs/imtcp -+input( type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port" ) -+ -+# set up the action -+action( type="omfwd" -+ protocol="tcp" -+ target="127.0.0.1" -+ port="'$PORT_RCVR'" -+ StreamDriver="ossl" -+ StreamDriverMode="1" -+ StreamDriverAuthMode="x509/name" -+ StreamDriverPermittedPeers="'$HOSTNAME'" -+ ) -+' 2 -+startup 2 -+ -+# now inject the messages into instance 2. It will connect to instance 1, -+# and that instance will record the data. -+tcpflood -m$NUMMESSAGES -i1 -+wait_file_lines -+# shut down sender when everything is sent, receiver continues to run concurrently -+shutdown_when_empty 2 -+wait_shutdown 2 -+# now it is time to stop the receiver as well -+shutdown_when_empty -+wait_shutdown -+ -+seq_check 1 $NUMMESSAGES -+exit_test -diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/ca-cert.pem ---- rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-cert.pem 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0/tests/testsuites/certchain/ca-cert.pem 2022-09-06 10:48:41.513496694 +0200 -@@ -0,0 +1,29 @@ -+-----BEGIN CERTIFICATE----- -+MIIFBzCCA2+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJDWjEQ -+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh -+dDEMMAoGA1UECxMDR1NTMR0wGwYDVQQDExRyc3lzbG9nK2NoYWluK2Nhcm9vdDAe -+Fw0yMjA2MDYxMzQwNDlaFw0yMzA2MDYxMzQwNDlaMGkxCzAJBgNVBAYTAkNaMRAw -+DgYDVQQIEwdNb3JhdmlhMQ0wCwYDVQQHEwRCcm5vMRAwDgYDVQQKEwdSZWQgSGF0 -+MQwwCgYDVQQLEwNHU1MxGTAXBgNVBAMTEHJzeXNsb2crY2hhaW4rY2EwggGiMA0G -+CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQD6yDdc9T3oddk5smOhF8OkRXwb2nvC -+M4RPPiuiACvbVoc3UdW2e4NI77J75JzNQL3gQUpgxGcvWiQt3R67ecYgIWiq0zpi -+MrcU3S0dboK10A6NXtcVc4RgwUPf0c8toM975c/6q2XT9Q0SbcI7HKXdzTXQZJDz -+sqQ3UjJuoCLSl6Dd8M0HXJnd2HlF1h5JeIp5vGrCJzQ5SyO6b4jVODtx/uXBohGn -+2x8NdB7wO5NecDyryrwv+FsUXWS4NNmj917bBuXSx3SmW/G7e8AFvcHN8VG6AxH7 -+nap+EWGQia+LNG489flgU3U7Ec8zpTrI1wU6bUi6lK/RPxU0ViCaceGjXfoNofIc -+gGJOSS0LaHjM+c4OhmKWrIJ59j2L/rlIvmfqRO3qgThF4eaOfQTbixe/oiy3gR85 -++X6YDXvBwTGZDD6OeG1fCzx/snQLiP3/dRv6LJFE8Krawc9OCOWRDRlIxubrkmYz -+LVBxcFgI4BBGNYVsaMSYrkCVaS2Rv1sNAi0CAwEAAaOBtTCBsjAPBgNVHRMBAf8E -+BTADAQH/MCQGA1UdEQQdMBuCBmZlZG9yYYcEfwAAAYELcm9vdEBmZWRvcmEwDgYD -+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ7t+ub2L0VzaTLfpubh4rnDk2RmjAfBgNV -+HSMEGDAWgBSv9FgWjwDV6oGLewYzCo2/AdWTmzApBgNVHR8EIjAgMB6gHKAahhho -+dHRwOi8vMTI3LjAuMC4xL2dldGNybC8wDQYJKoZIhvcNAQELBQADggGBADrv9nld -+FjKZCIVQCVxYc1/KFFnKo2KRCqvSdfb235Kx+5tSFWUsOfkSGjfLrv2+IFKSirFQ -+uFSac/qOrMo/W/4A+ypahG9Sx9PRD626/myr8exee2ygkcuGOuXvX3HkcpzNCmId -+ZS5ygtscFq3NdntwBJHe2ANOSJKIIBzC+gzn4r/V6PdxPEjiUrFs515/RBByi63r -+wWPeqvbaectyZyFIS0XN3LAjVb+zu0NQJqBpUGJlRBI1bRbPECu94LB8Huk/jgSJ -+OyFUKrnNeqaGqKnRfHxJxT/LjeTkQ/5cCOQTuE9IPbRvTykUzUQ3PrltwNqzAb44 -+9Trqvqg+qGTfNuI7EZAO26zXbltYVZ+BmlULjKors49Ozq5l1JIevvq66etrE9oT -+DsII88MSIWn8bqaXETfKdIWtWu7Os7tmBTnfDQWGpNDJ3UwDpkyQPYJZJuSfELX0 -+jpuWuE/1SbLxTx8eAe83z4yM3C21Kg5K2eJ0udagjM8xPdqYI8tF/4bNbA== -+-----END CERTIFICATE----- -diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-root-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/ca-root-cert.pem ---- rsyslog-8.2102.0.ori/tests/testsuites/certchain/ca-root-cert.pem 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0/tests/testsuites/certchain/ca-root-cert.pem 2022-09-06 10:48:41.513496694 +0200 -@@ -0,0 +1,29 @@ -+-----BEGIN CERTIFICATE----- -+MIIE6jCCA1KgAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJDWjEQ -+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh -+dDEMMAoGA1UECxMDR1NTMR0wGwYDVQQDExRyc3lzbG9nK2NoYWluK2Nhcm9vdDAe -+Fw0yMjA2MDYxMzQwNDlaFw0yMzA2MDYxMzQwNDlaMG0xCzAJBgNVBAYTAkNaMRAw -+DgYDVQQIEwdNb3JhdmlhMQ0wCwYDVQQHEwRCcm5vMRAwDgYDVQQKEwdSZWQgSGF0 -+MQwwCgYDVQQLEwNHU1MxHTAbBgNVBAMTFHJzeXNsb2crY2hhaW4rY2Fyb290MIIB -+ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuqAAv1OIGwQqCi1Mflrq8Buo -+G3UtiD8cMEovjzndFV4Ww5fm+R2vCv+tHq6a85mLL0wdqXh+/bAyDzxaULheXZel -+rGPuUFEH2BpOwKXBd31Vx1x32aN9iaoaND/JVQSp+9PeP9zyKeZIN2vFSyNK7LCA -+hdDXVoYeTktXMbm0vB2vMKk+5Vzc7WfyMfrdDvciuULzLU1RzRS2/RkHNlve5iVQ -+XbNN6CpVtXb0K/kcp4SQIVbNTD/g6Z3JnewSWwqjM9/axTC17rpqhsxaWk712Zjo -+lYeuWKfaF9eRXU951u/vrXMMRkDZe0cq5OiTbc1uUQag7uXkbUtEk5HDSihUWwxz -+MegUdUBXFN6EJ7OauWFOeyVJbbvPRa3q9fdlLILvv5/9SiMim6avcj6DlyUz2RhC -+YPh/gJHItuIbZ6hEU+aKqiDYMTHyibRoqOMZgsc8Vo1JAHQTI6gA8JQtGtjEbzIR -+GFkQkj4tvAQQgl5fs9nuweH9GoIaBl1IoIVZyR9PAgMBAAGjgZQwgZEwDwYDVR0T -+AQH/BAUwAwEB/zAkBgNVHREEHTAbggZmZWRvcmGHBH8AAAGBC3Jvb3RAZmVkb3Jh -+MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUr/RYFo8A1eqBi3sGMwqNvwHVk5sw -+KQYDVR0fBCIwIDAeoBygGoYYaHR0cDovLzEyNy4wLjAuMS9nZXRjcmwvMA0GCSqG -+SIb3DQEBCwUAA4IBgQBn/NZeqYon25QY1RmjYkCQ0B+uXsquGURETP30hQ+ltbbG -+u4jP+ll+oYkGVt1+eBi8Qw+rf8Qk3Q/+jmCoGS9vVjQc97r3YJxnFb3zB4HDCWdZ -+qXK7GeBlFA4XAtJO0ya8HCx4znuXKiNwqrJJHyyW2gvkY9raRkKOzj3/9jQXgAw4 -+1d8NR9SxjKA2PnCSWNdVQOAm4us2tJXJexvbRx+b9Yu8LgUX/AdT4zqkIV8n6oFV -+XNaGyOsDN/+4JEsKbBixL+g3Y6yQHrwKMYq/Gh1WF33u2yYCzMU4Lw9AoYRG0jHi -+iAFchiwneGdC7E+To+qNdH5QJY38ZI7kWg3ADcXzwhTmvVUz5DNub9raE6yZZ4uf -+CyTGAJjH9USuhwH3unmB0kDjEOExIJHm+9uNA8S/81cwoCl2pz/hzr2fQwR2YLSa -+ox9p6cnQmnkL2j2QXhTvjDIswJmxuR43yqDIZUlx6cq1pTSJeN+8WcB2iK61p4DH -+JhH8af3aLUI5FNNgjas= -+-----END CERTIFICATE----- -diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/client-cert.pem ---- rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-cert.pem 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0/tests/testsuites/certchain/client-cert.pem 2022-09-06 10:48:41.513496694 +0200 -@@ -0,0 +1,26 @@ -+-----BEGIN CERTIFICATE----- -+MIIEXjCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEQ -+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh -+dDEMMAoGA1UECxMDR1NTMRkwFwYDVQQDExByc3lzbG9nK2NoYWluK2NhMB4XDTIy -+MDYwNjEzNDA0OVoXDTIzMDYwNjEzNDA0OVowbTELMAkGA1UEBhMCQ1oxEDAOBgNV -+BAgTB01vcmF2aWExDTALBgNVBAcTBEJybm8xEDAOBgNVBAoTB1JlZCBIYXQxDDAK -+BgNVBAsTA0dTUzEdMBsGA1UEAxMUcnN5c2xvZytjaGFpbitjbGllbnQwggEiMA0G -+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSIbnL1ViRk9CAPerSirUpBtnR4qYD -+XzPSkVJzX5PKLJkeJ6z6oIPoioh59+70ipL5K4ETkmbUFaKP+Lrk7l53BvAnP8Ba -+1rWNV2gzgyiihGCs7N/iamh9Rzj5lQCvzUJhiTcphcptV+0IIf9rbEggEazbSg1A -+BHxS8EBUx+ddVJc6MAlEbA/sstkqfE14k8YZPZlU9ZmLjyHbsQbfXFegYee6WMP0 -+M7CqrMZ0ZWvDRWgqWOE+b8agmIKPb2VxJXuR3iXBJk8ANcrRzn/tXShMuGK5KiWL -+a6mFrzR6w55DgjIAKkmPO43jMO/qbWB91RVys/ztK7qIoXm3yadOeIU1AgMBAAGj -+gYwwgYkwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAkBgNVHREE -+HTAbggZmZWRvcmGHBH8AAAGBC3Jvb3RAZmVkb3JhMB0GA1UdDgQWBBSoW3Alxk4+ -+6Uwv80/UE5C5rT4e6TAfBgNVHSMEGDAWgBQ7t+ub2L0VzaTLfpubh4rnDk2RmjAN -+BgkqhkiG9w0BAQsFAAOCAYEA5Nbnwixitghw9Zg3DANXFXiOsQBx7KEup7+x7edw -+n9r2raqNJEjT2Fv+ClEA3CIdPF+4wjoolOPezrNJxKO3UpYCQeO4ZU/QVl8BX8NB -+4v1rUqXsvhE//4FcLvMM+6n8Nrtt1VRhks8N0b0p/md9dFKGucd4otPZm0sbOrsg -+nrhDYzZiFAzJg3zFwOOHzxP6iKj2mfq+2XRiKl7SlbnEj/8l21Ne1V+mDV5++AEZ -+N/quuf8zYHwwuc3Y8K84doow9yBpFqrpBbazb8586utrAbTbytCqskzImFIjo5Oa -+1ujWArMDsVGGr+NzFWwCTz8VTNNJ5H1cBin0gT41/OwUQv8DIJqzmSFTg9Uqmb2V -+ZwjIvMGE4Tz8phzD0IbSXYmQsSeku4olIDM1d+vLvBlipGAeInmA+nZmeZwdD04c -+poqUj+H3mj1r6WOlk2ivV0TUZKO/JHydkBVf2EQJlEmGuSq/7S889fx3GT7jGcOb -+gl5LlIaraMgA48dK8gJUWtJh -+-----END CERTIFICATE----- -diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-key.pem rsyslog-8.2102.0/tests/testsuites/certchain/client-key.pem ---- rsyslog-8.2102.0.ori/tests/testsuites/certchain/client-key.pem 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0/tests/testsuites/certchain/client-key.pem 2022-09-06 12:10:13.808498227 +0200 -@@ -0,0 +1,134 @@ -+Public Key Info: -+ Public Key Algorithm: RSA -+ Key Security Level: Medium (2048 bits) -+ -+modulus: -+ 00:d2:21:b9:cb:d5:58:91:93:d0:80:3d:ea:d2:8a:b5 -+ 29:06:d9:d1:e2:a6:03:5f:33:d2:91:52:73:5f:93:ca -+ 2c:99:1e:27:ac:fa:a0:83:e8:8a:88:79:f7:ee:f4:8a -+ 92:f9:2b:81:13:92:66:d4:15:a2:8f:f8:ba:e4:ee:5e -+ 77:06:f0:27:3f:c0:5a:d6:b5:8d:57:68:33:83:28:a2 -+ 84:60:ac:ec:df:e2:6a:68:7d:47:38:f9:95:00:af:cd -+ 42:61:89:37:29:85:ca:6d:57:ed:08:21:ff:6b:6c:48 -+ 20:11:ac:db:4a:0d:40:04:7c:52:f0:40:54:c7:e7:5d -+ 54:97:3a:30:09:44:6c:0f:ec:b2:d9:2a:7c:4d:78:93 -+ c6:19:3d:99:54:f5:99:8b:8f:21:db:b1:06:df:5c:57 -+ a0:61:e7:ba:58:c3:f4:33:b0:aa:ac:c6:74:65:6b:c3 -+ 45:68:2a:58:e1:3e:6f:c6:a0:98:82:8f:6f:65:71:25 -+ 7b:91:de:25:c1:26:4f:00:35:ca:d1:ce:7f:ed:5d:28 -+ 4c:b8:62:b9:2a:25:8b:6b:a9:85:af:34:7a:c3:9e:43 -+ 82:32:00:2a:49:8f:3b:8d:e3:30:ef:ea:6d:60:7d:d5 -+ 15:72:b3:fc:ed:2b:ba:88:a1:79:b7:c9:a7:4e:78:85 -+ 35: -+ -+public exponent: -+ 01:00:01: -+ -+private exponent: -+ 1f:0c:c4:bb:8d:e6:ec:7b:ff:0f:34:17:02:cd:64:3f -+ 8f:b7:97:ff:f9:af:fd:dd:56:7c:0a:c6:e9:94:99:07 -+ 46:08:e2:ab:f8:cc:c7:31:11:67:61:3e:75:9c:c4:ed -+ 3a:cc:66:e2:51:7b:c8:52:fa:16:74:16:89:c5:7f:47 -+ ef:4a:85:42:32:56:39:eb:d1:da:dc:96:e0:06:9d:1d -+ 1a:7b:f2:f4:92:2c:4f:0c:53:fd:e3:43:55:3a:a5:05 -+ ee:0b:ac:8f:02:2a:0b:46:36:cc:40:d9:d1:31:ca:e6 -+ 92:36:0c:a1:40:9b:f9:0d:b5:e3:b2:5d:d4:bc:27:5a -+ 17:fd:3f:bd:8e:44:55:f2:e3:96:ac:cc:11:be:65:01 -+ 55:98:92:92:ac:59:46:fd:e2:11:80:eb:18:56:6a:82 -+ 3c:79:ec:30:b7:06:9b:97:55:74:36:17:7e:d8:c6:95 -+ 4e:a5:e1:55:5a:2a:d6:5d:cc:86:39:88:82:ba:31:19 -+ 98:d7:26:28:09:fe:b4:38:fe:1b:43:19:19:4f:ae:f2 -+ 27:18:d6:07:9a:c2:1c:66:2d:5a:e6:22:2e:ca:71:26 -+ dc:76:8f:2e:f3:84:e3:61:5f:77:d3:63:8a:d0:6b:42 -+ 2a:6f:1b:98:91:b9:82:8d:d4:c4:f3:92:98:b4:a4:f1 -+ -+ -+prime1: -+ 00:e1:f4:19:35:e3:e2:e7:14:a6:56:8b:45:f9:2b:19 -+ bb:13:b3:66:73:44:5d:ca:69:cb:73:d9:78:5a:0f:fd -+ de:ba:74:b3:53:70:a9:ab:52:22:34:78:a2:26:4a:aa -+ 8f:1b:65:c1:3e:df:65:8c:9b:9a:70:04:ae:70:f6:ea -+ c4:e5:20:fa:16:e0:4f:56:f4:7b:d1:14:cc:94:e1:3c -+ 58:02:82:98:20:cd:13:cf:a2:49:13:7a:88:c1:84:72 -+ 97:4f:1b:e8:d5:cb:6d:43:dd:d2:b8:09:dd:4f:ee:ce -+ 03:0b:c4:c2:9b:cf:3d:a0:a3:57:fd:1c:c9:eb:af:ae -+ 67: -+ -+prime2: -+ 00:ee:13:05:f0:4c:13:e2:f8:27:53:c4:ad:89:d9:31 -+ b9:1b:e8:17:b9:db:36:cd:54:0c:15:eb:50:85:e4:8b -+ 03:c4:f2:6d:a0:41:dc:99:21:7e:1e:8a:a1:5e:86:fe -+ 53:d2:72:53:73:8a:7e:a2:43:83:d5:af:b0:e0:1a:89 -+ b5:3f:b3:26:d2:8e:92:0d:ed:d1:29:ee:c5:f1:ff:fc -+ 67:2c:a6:5d:4c:27:40:8a:5c:a1:23:d4:3f:11:bb:eb -+ 51:84:be:83:ec:73:3c:2e:ff:43:f6:74:16:b8:95:36 -+ 2a:0b:1e:04:81:04:08:7a:40:21:dd:fb:dd:97:0a:76 -+ 03: -+ -+coefficient: -+ 00:a0:4c:15:4b:85:2f:81:6b:2e:e7:68:31:84:84:09 -+ c4:45:55:01:da:3d:25:9d:37:67:ab:19:0b:1f:d3:9f -+ fc:09:12:31:66:5a:93:d8:d9:f2:00:c7:f7:03:0d:2b -+ 9d:2d:b8:38:d0:82:de:03:e7:21:03:29:4f:2a:2b:b5 -+ 70:a3:bc:5b:bd:0e:f1:8b:bc:22:58:4a:b4:8f:fd:f5 -+ d4:f3:99:31:b1:db:f6:1d:d9:12:a2:48:0a:d0:05:1a -+ 72:dc:8e:30:67:3c:e0:6a:b5:dc:93:6f:e4:17:79:a1 -+ 63:2e:25:78:ef:86:d7:9c:f3:dd:5b:d2:bd:62:4f:44 -+ f9: -+ -+exp1: -+ 60:a2:e2:49:5f:0e:83:20:1c:c7:f4:c6:d7:7b:2c:85 -+ 0b:36:f6:01:24:63:2c:97:b4:b0:f6:78:77:a4:51:42 -+ 79:e2:41:73:d5:42:6b:88:34:22:d6:d9:1a:a1:62:72 -+ d4:17:df:df:40:f2:10:81:d8:3a:42:76:4c:cf:fd:b6 -+ 79:fc:71:99:69:13:e5:af:a8:68:d2:89:70:bf:27:ec -+ c8:1e:0c:6c:32:e9:5f:2b:1c:2f:dd:7f:31:ac:b0:c9 -+ af:c6:d2:fc:e5:04:f5:3a:a0:cd:9f:42:6c:d6:48:7b -+ 9b:03:ea:eb:72:65:fc:17:00:21:bb:b7:4c:3a:95:cf -+ -+ -+exp2: -+ 00:a1:a7:61:1c:ed:4b:83:8e:24:86:08:c2:1d:1b:d1 -+ 5b:73:cb:80:70:be:9c:d3:87:02:3d:cf:ee:79:3b:d9 -+ f8:d1:3e:1b:99:f9:9e:a4:8b:cd:6b:47:8e:92:f4:ee -+ b4:53:ed:35:24:fb:21:49:64:b6:9b:de:14:27:d7:5d -+ 32:28:f2:a8:a5:c8:10:fc:4c:42:fe:4a:17:36:5f:2f -+ 2f:8f:6d:d7:63:e2:33:3c:bf:f0:da:b7:3f:ab:f7:01 -+ ad:f4:88:b8:63:51:4b:c8:4d:a4:04:30:87:4d:06:64 -+ 24:e0:2f:9d:b7:4c:d9:c4:c8:cf:36:3f:d3:12:c0:13 -+ a9: -+ -+ -+Public Key PIN: -+ pin-sha256:I1Gv1FM9aCxvuCmF0uDnbDbIJgm1TFB2dtJV5v2iCEA= -+Public Key ID: -+ sha256:2351afd4533d682c6fb82985d2e0e76c36c82609b54c507676d255e6fda20840 -+ sha1:a85b7025c64e3ee94c2ff34fd41390b9ad3e1ee9 -+ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEpAIBAAKCAQEA0iG5y9VYkZPQgD3q0oq1KQbZ0eKmA18z0pFSc1+TyiyZHies -++qCD6IqIeffu9IqS+SuBE5Jm1BWij/i65O5edwbwJz/AWta1jVdoM4MoooRgrOzf -+4mpofUc4+ZUAr81CYYk3KYXKbVftCCH/a2xIIBGs20oNQAR8UvBAVMfnXVSXOjAJ -+RGwP7LLZKnxNeJPGGT2ZVPWZi48h27EG31xXoGHnuljD9DOwqqzGdGVrw0VoKljh -+Pm/GoJiCj29lcSV7kd4lwSZPADXK0c5/7V0oTLhiuSoli2upha80esOeQ4IyACpJ -+jzuN4zDv6m1gfdUVcrP87Su6iKF5t8mnTniFNQIDAQABAoIBAB8MxLuN5ux7/w80 -+FwLNZD+Pt5f/+a/93VZ8CsbplJkHRgjiq/jMxzERZ2E+dZzE7TrMZuJRe8hS+hZ0 -+FonFf0fvSoVCMlY569Ha3JbgBp0dGnvy9JIsTwxT/eNDVTqlBe4LrI8CKgtGNsxA -+2dExyuaSNgyhQJv5DbXjsl3UvCdaF/0/vY5EVfLjlqzMEb5lAVWYkpKsWUb94hGA -+6xhWaoI8eewwtwabl1V0Nhd+2MaVTqXhVVoq1l3MhjmIgroxGZjXJigJ/rQ4/htD -+GRlPrvInGNYHmsIcZi1a5iIuynEm3HaPLvOE42Ffd9NjitBrQipvG5iRuYKN1MTz -+kpi0pPECgYEA4fQZNePi5xSmVotF+SsZuxOzZnNEXcppy3PZeFoP/d66dLNTcKmr -+UiI0eKImSqqPG2XBPt9ljJuacASucPbqxOUg+hbgT1b0e9EUzJThPFgCgpggzRPP -+okkTeojBhHKXTxvo1cttQ93SuAndT+7OAwvEwpvPPaCjV/0cyeuvrmcCgYEA7hMF -+8EwT4vgnU8StidkxuRvoF7nbNs1UDBXrUIXkiwPE8m2gQdyZIX4eiqFehv5T0nJT -+c4p+okOD1a+w4BqJtT+zJtKOkg3t0SnuxfH//Gcspl1MJ0CKXKEj1D8Ru+tRhL6D -+7HM8Lv9D9nQWuJU2KgseBIEECHpAId373ZcKdgMCgYBgouJJXw6DIBzH9MbXeyyF -+Czb2ASRjLJe0sPZ4d6RRQnniQXPVQmuINCLW2RqhYnLUF9/fQPIQgdg6QnZMz/22 -+efxxmWkT5a+oaNKJcL8n7MgeDGwy6V8rHC/dfzGssMmvxtL85QT1OqDNn0Js1kh7 -+mwPq63Jl/BcAIbu3TDqVzwKBgQChp2Ec7UuDjiSGCMIdG9Fbc8uAcL6c04cCPc/u -+eTvZ+NE+G5n5nqSLzWtHjpL07rRT7TUk+yFJZLab3hQn110yKPKopcgQ/ExC/koX -+Nl8vL49t12PiMzy/8Nq3P6v3Aa30iLhjUUvITaQEMIdNBmQk4C+dt0zZxMjPNj/T -+EsATqQKBgQCgTBVLhS+Bay7naDGEhAnERVUB2j0lnTdnqxkLH9Of/AkSMWZak9jZ -+8gDH9wMNK50tuDjQgt4D5yEDKU8qK7Vwo7xbvQ7xi7wiWEq0j/311POZMbHb9h3Z -+EqJICtAFGnLcjjBnPOBqtdyTb+QXeaFjLiV474bXnPPdW9K9Yk9E+Q== -+-----END RSA PRIVATE KEY----- -diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-cert.pem rsyslog-8.2102.0/tests/testsuites/certchain/server-cert.pem ---- rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-cert.pem 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0/tests/testsuites/certchain/server-cert.pem 2022-09-06 10:48:41.513496694 +0200 -@@ -0,0 +1,55 @@ -+-----BEGIN CERTIFICATE----- -+MIIEVTCCAr2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJDWjEQ -+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh -+dDEMMAoGA1UECxMDR1NTMRkwFwYDVQQDExByc3lzbG9nK2NoYWluK2NhMB4XDTIy -+MDYwNjEzNDA0OVoXDTIzMDYwNjEzNDA0OVowbTELMAkGA1UEBhMCQ1oxEDAOBgNV -+BAgTB01vcmF2aWExDTALBgNVBAcTBEJybm8xEDAOBgNVBAoTB1JlZCBIYXQxDDAK -+BgNVBAsTA0dTUzEdMBsGA1UEAxMUcnN5c2xvZytjaGFpbitzZXJ2ZXIwggEiMA0G -+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3mDP67/SPVbCCgInxXNr9sOLz2yWx -+fa4jtgdbgWK5mib4XdPYTdH6hRiur/n6yn9rzhDeFFMUhSwQpQ81OyZfUFNU0A0q -+x7AZMgVOm3ZqMDk8O57UfuSdURJJPsEwMzZ8Q5d6wyq7xheX0DZjB8LUN8J6SX4w -+K2Ok1wCBOQdfjvW09tOVqQK7puHq85UWsEBTiZ7ie1Fg6FLNscPVoavjNNyYAORM -+Vz0Byv1zBdJzBHufqHUdjX7uMkUPcKfiU/TjQWMRYF3Yp5z2wFohi4Zgtise7xW5 -+SfgcAIjA1bm5xMIaiUxRUZHUhCaoj6c2vZygrFO7MuB/2ngoEbqZ57pdAgMBAAGj -+gYMwgYAwDAYDVR0TAQH/BAIwADAwBgNVHREEKTAnggZmZWRvcmGHBH8AAAGBF3Jv -+b3RAZmVkb3JhdGxzd3d3c2VydmVyMB0GA1UdDgQWBBRxxQqJoRCHlrmwDLcB0aU3 -+W/QRbDAfBgNVHSMEGDAWgBQ7t+ub2L0VzaTLfpubh4rnDk2RmjANBgkqhkiG9w0B -+AQsFAAOCAYEAkheMCnXNDh2fOhMyOifBFKqlUUsYzZoYU5UNweZijdKAKxJ4zdsS -+i31a2IG4ePBPX7PShUUr2E1PEQ2XBDi/HcCoK54qcqzhxGS83Rf/2YxN4BjU8jaA -+7RhIA0fv5haKxxhjRIDT6vsAXPB0HM/f3Y+E21GVbsQVUE1pP8QrDkcU0EwIjEfW -+tFEBitmb0s/11d8/ZLdYAuvvfzDzuN9kuAcj5dkdpB5Wo9R3h2NXnD6EIWIUHn/I -+zwgXdb/n9gUI6jQMC6shFjXScVT2jgjfziWi/M66PBbtEbEnhOEKdbW0o2lPiL3j -+2UDj6fMshRBAnSoBtEYm/lywBs3vDUGpMUSQFIAwPgUkizAl5DEdmE9PLqRL9HNT -+UIg8tQql9Xr29edEiuMHpIyH8eEa+KI2CpKG3KfYDBMaC7z9MvkpYuSuIG3dsQxy -+YguWDH7c0iosQVpHx8dxj5Exj1/QOXcD5tAVY/+DBe48nRzDTlZmRGQjtqr6Nw0j -+BIXBoqaes0D4 -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIIFBzCCA2+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJDWjEQ -+MA4GA1UECBMHTW9yYXZpYTENMAsGA1UEBxMEQnJubzEQMA4GA1UEChMHUmVkIEhh -+dDEMMAoGA1UECxMDR1NTMR0wGwYDVQQDExRyc3lzbG9nK2NoYWluK2Nhcm9vdDAe -+Fw0yMjA2MDYxMzQwNDlaFw0yMzA2MDYxMzQwNDlaMGkxCzAJBgNVBAYTAkNaMRAw -+DgYDVQQIEwdNb3JhdmlhMQ0wCwYDVQQHEwRCcm5vMRAwDgYDVQQKEwdSZWQgSGF0 -+MQwwCgYDVQQLEwNHU1MxGTAXBgNVBAMTEHJzeXNsb2crY2hhaW4rY2EwggGiMA0G -+CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQD6yDdc9T3oddk5smOhF8OkRXwb2nvC -+M4RPPiuiACvbVoc3UdW2e4NI77J75JzNQL3gQUpgxGcvWiQt3R67ecYgIWiq0zpi -+MrcU3S0dboK10A6NXtcVc4RgwUPf0c8toM975c/6q2XT9Q0SbcI7HKXdzTXQZJDz -+sqQ3UjJuoCLSl6Dd8M0HXJnd2HlF1h5JeIp5vGrCJzQ5SyO6b4jVODtx/uXBohGn -+2x8NdB7wO5NecDyryrwv+FsUXWS4NNmj917bBuXSx3SmW/G7e8AFvcHN8VG6AxH7 -+nap+EWGQia+LNG489flgU3U7Ec8zpTrI1wU6bUi6lK/RPxU0ViCaceGjXfoNofIc -+gGJOSS0LaHjM+c4OhmKWrIJ59j2L/rlIvmfqRO3qgThF4eaOfQTbixe/oiy3gR85 -++X6YDXvBwTGZDD6OeG1fCzx/snQLiP3/dRv6LJFE8Krawc9OCOWRDRlIxubrkmYz -+LVBxcFgI4BBGNYVsaMSYrkCVaS2Rv1sNAi0CAwEAAaOBtTCBsjAPBgNVHRMBAf8E -+BTADAQH/MCQGA1UdEQQdMBuCBmZlZG9yYYcEfwAAAYELcm9vdEBmZWRvcmEwDgYD -+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ7t+ub2L0VzaTLfpubh4rnDk2RmjAfBgNV -+HSMEGDAWgBSv9FgWjwDV6oGLewYzCo2/AdWTmzApBgNVHR8EIjAgMB6gHKAahhho -+dHRwOi8vMTI3LjAuMC4xL2dldGNybC8wDQYJKoZIhvcNAQELBQADggGBADrv9nld -+FjKZCIVQCVxYc1/KFFnKo2KRCqvSdfb235Kx+5tSFWUsOfkSGjfLrv2+IFKSirFQ -+uFSac/qOrMo/W/4A+ypahG9Sx9PRD626/myr8exee2ygkcuGOuXvX3HkcpzNCmId -+ZS5ygtscFq3NdntwBJHe2ANOSJKIIBzC+gzn4r/V6PdxPEjiUrFs515/RBByi63r -+wWPeqvbaectyZyFIS0XN3LAjVb+zu0NQJqBpUGJlRBI1bRbPECu94LB8Huk/jgSJ -+OyFUKrnNeqaGqKnRfHxJxT/LjeTkQ/5cCOQTuE9IPbRvTykUzUQ3PrltwNqzAb44 -+9Trqvqg+qGTfNuI7EZAO26zXbltYVZ+BmlULjKors49Ozq5l1JIevvq66etrE9oT -+DsII88MSIWn8bqaXETfKdIWtWu7Os7tmBTnfDQWGpNDJ3UwDpkyQPYJZJuSfELX0 -+jpuWuE/1SbLxTx8eAe83z4yM3C21Kg5K2eJ0udagjM8xPdqYI8tF/4bNbA== -+-----END CERTIFICATE----- -diff -Nuar rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-key.pem rsyslog-8.2102.0/tests/testsuites/certchain/server-key.pem ---- rsyslog-8.2102.0.ori/tests/testsuites/certchain/server-key.pem 1970-01-01 01:00:00.000000000 +0100 -+++ rsyslog-8.2102.0/tests/testsuites/certchain/server-key.pem 2022-09-06 12:10:28.635549755 +0200 -@@ -0,0 +1,133 @@ -+Public Key Info: -+ Public Key Algorithm: RSA -+ Key Security Level: Medium (2048 bits) -+ -+modulus: -+ 00:b7:98:33:fa:ef:f4:8f:55:b0:82:80:89:f1:5c:da -+ fd:b0:e2:f3:db:25:b1:7d:ae:23:b6:07:5b:81:62:b9 -+ 9a:26:f8:5d:d3:d8:4d:d1:fa:85:18:ae:af:f9:fa:ca -+ 7f:6b:ce:10:de:14:53:14:85:2c:10:a5:0f:35:3b:26 -+ 5f:50:53:54:d0:0d:2a:c7:b0:19:32:05:4e:9b:76:6a -+ 30:39:3c:3b:9e:d4:7e:e4:9d:51:12:49:3e:c1:30:33 -+ 36:7c:43:97:7a:c3:2a:bb:c6:17:97:d0:36:63:07:c2 -+ d4:37:c2:7a:49:7e:30:2b:63:a4:d7:00:81:39:07:5f -+ 8e:f5:b4:f6:d3:95:a9:02:bb:a6:e1:ea:f3:95:16:b0 -+ 40:53:89:9e:e2:7b:51:60:e8:52:cd:b1:c3:d5:a1:ab -+ e3:34:dc:98:00:e4:4c:57:3d:01:ca:fd:73:05:d2:73 -+ 04:7b:9f:a8:75:1d:8d:7e:ee:32:45:0f:70:a7:e2:53 -+ f4:e3:41:63:11:60:5d:d8:a7:9c:f6:c0:5a:21:8b:86 -+ 60:b6:2b:1e:ef:15:b9:49:f8:1c:00:88:c0:d5:b9:b9 -+ c4:c2:1a:89:4c:51:51:91:d4:84:26:a8:8f:a7:36:bd -+ 9c:a0:ac:53:bb:32:e0:7f:da:78:28:11:ba:99:e7:ba -+ 5d: -+ -+public exponent: -+ 01:00:01: -+ -+private exponent: -+ 68:06:20:25:a5:82:0f:18:c1:3b:20:33:88:83:51:3d -+ 7e:d5:08:d0:79:a9:f8:89:0b:88:de:e0:55:0e:28:15 -+ 94:d1:12:f0:ae:55:61:8d:2d:8e:8f:a3:fb:e2:c2:8b -+ b1:fc:7f:08:25:c1:f1:15:87:a3:22:b2:dc:39:58:83 -+ 96:d2:b0:72:75:93:70:b3:71:83:2b:08:a0:03:57:25 -+ 5d:b8:a8:1b:55:51:54:9d:62:4b:17:1f:2c:7c:ef:f7 -+ 86:2f:12:0c:27:ba:f5:cb:c6:a0:69:03:f7:d6:74:e8 -+ a3:73:58:b0:7d:84:33:81:70:eb:b5:48:82:94:8f:ea -+ 4c:c7:9c:58:02:90:68:b1:64:29:df:a8:8a:69:15:d4 -+ 49:21:2f:aa:25:f1:e7:10:8b:93:37:ca:51:d3:4e:d6 -+ de:cf:60:04:6b:10:41:1b:f5:0f:be:b7:2a:cd:41:44 -+ 50:25:be:e5:57:60:1e:3e:e9:d7:70:86:68:a6:4f:3d -+ 7d:d8:0e:7f:9b:de:de:e6:02:35:33:9f:b6:68:bb:cd -+ 2f:33:69:09:9e:da:91:6b:16:89:db:14:20:59:3a:92 -+ 7e:78:4e:e1:02:3f:c8:a5:3f:bd:f2:bc:3a:da:f2:97 -+ 06:f5:96:eb:c8:09:f7:04:cb:7f:e2:e2:12:52:d4:21 -+ -+ -+prime1: -+ 00:ed:e4:b8:72:ee:b0:9e:38:db:f8:e7:fa:52:a5:94 -+ 4a:4b:05:54:f0:96:23:72:d6:01:ba:9f:f4:3e:65:24 -+ 29:c0:47:4a:6f:a9:a4:02:36:c5:2c:c5:ea:cd:09:5c -+ 2d:8e:3c:56:aa:e4:e7:85:32:a8:a7:4f:18:12:17:8c -+ 93:15:07:da:3e:f4:df:33:7e:35:39:59:2d:f4:1c:ba -+ 65:e8:42:c7:75:a0:c2:53:47:ad:ee:74:44:21:6a:42 -+ 75:7f:40:1f:8b:06:0e:df:c3:02:4d:50:58:75:f2:29 -+ 58:e2:0c:a0:7b:fe:be:c4:ab:76:ff:24:c1:4b:e6:ce -+ 75: -+ -+prime2: -+ 00:c5:91:7c:48:59:dd:05:68:5c:8a:46:0b:3b:69:92 -+ 80:d1:c6:28:27:88:c8:a9:73:7c:32:ee:87:a7:31:29 -+ ff:56:38:41:07:3e:0f:01:5c:cf:eb:93:db:e7:fb:b9 -+ e7:15:94:93:ea:fa:f8:60:79:c6:16:d2:db:9b:64:5f -+ c3:b8:f0:52:c0:e7:ff:e0:9a:94:22:fb:7e:5e:80:8f -+ c0:ca:46:f4:87:91:e7:ad:6d:74:26:d1:fa:c0:f8:f5 -+ 7e:b3:0c:bb:23:5e:7d:5d:8b:c9:2e:68:76:be:d4:b4 -+ 75:de:3c:70:70:ad:1e:64:de:e4:1d:f7:df:af:46:0f -+ 49: -+ -+coefficient: -+ 00:89:f1:2c:f9:14:89:25:21:7a:ad:75:30:f0:b1:e7 -+ 20:b3:14:14:d7:c9:b6:78:3c:c7:c8:92:3a:64:8e:47 -+ d0:10:fc:01:a9:a6:25:a5:61:6d:8f:da:d4:85:fa:06 -+ 9f:a5:27:a8:7d:38:e2:67:19:65:ab:a9:00:52:8c:f3 -+ 51:fe:f9:a6:4f:ab:47:04:0a:86:ae:f0:fe:3d:2d:72 -+ 76:6d:ad:03:48:af:23:67:92:28:34:83:bc:45:7d:c0 -+ 45:ca:89:4a:4f:dd:11:a6:3a:5a:23:47:f4:7c:82:42 -+ dc:e8:56:85:d8:1b:9d:08:9c:6e:ca:17:58:d7:d4:bb -+ 77: -+ -+exp1: -+ 21:50:b8:ac:0f:d5:58:33:2a:4b:2f:61:95:15:6f:31 -+ 00:54:9c:d2:9c:94:16:4e:f6:2b:06:9f:93:e5:62:2d -+ 1e:aa:5d:38:4a:0f:97:e7:c7:b1:3f:7e:64:7c:7d:16 -+ 3c:27:23:14:07:be:8c:9e:cd:93:b0:b5:f4:42:ac:03 -+ 25:1c:d6:69:9e:ad:6b:6e:af:51:7a:b5:be:cc:0f:26 -+ 9a:62:4f:c0:9f:64:d7:78:e0:58:d6:9b:7b:fa:7f:98 -+ 28:db:f8:0e:e6:28:4b:19:ea:46:9d:8b:e5:e8:a5:f5 -+ b6:a2:82:0f:1b:5b:e7:fb:03:4d:33:fe:85:fc:aa:c9 -+ -+ -+exp2: -+ 59:36:db:22:68:c1:ef:a1:32:b8:95:ec:98:85:91:cc -+ 6d:ed:c7:50:22:ea:49:ea:86:59:11:71:5c:44:4d:2c -+ aa:28:78:e4:e6:57:2c:4c:56:ef:90:33:2b:4c:76:a4 -+ 2d:10:8c:c2:fd:55:8f:6b:2d:d2:3c:a1:42:48:4f:1e -+ 38:b2:fd:0b:73:38:0e:9a:7e:ee:55:16:b9:61:e0:88 -+ 34:4f:5a:38:a5:e0:32:66:4c:9f:03:0e:f2:78:f9:92 -+ 9f:13:ce:a5:a8:13:80:5c:91:1a:4d:bd:e1:6a:77:9b -+ 0a:21:cc:bc:74:d0:56:c8:77:c6:38:9a:5f:b1:89:51 -+ -+ -+ -+Public Key PIN: -+ pin-sha256:FSR0pC1TUEe+ZMU7YSVDDmYP4hmDlsIJRKf4D8LiJZ8= -+Public Key ID: -+ sha256:152474a42d535047be64c53b6125430e660fe2198396c20944a7f80fc2e2259f -+ sha1:71c50a89a1108796b9b00cb701d1a5375bf4116c -+ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEowIBAAKCAQEAt5gz+u/0j1WwgoCJ8Vza/bDi89slsX2uI7YHW4FiuZom+F3T -+2E3R+oUYrq/5+sp/a84Q3hRTFIUsEKUPNTsmX1BTVNANKsewGTIFTpt2ajA5PDue -+1H7knVESST7BMDM2fEOXesMqu8YXl9A2YwfC1DfCekl+MCtjpNcAgTkHX471tPbT -+lakCu6bh6vOVFrBAU4me4ntRYOhSzbHD1aGr4zTcmADkTFc9Acr9cwXScwR7n6h1 -+HY1+7jJFD3Cn4lP040FjEWBd2Kec9sBaIYuGYLYrHu8VuUn4HACIwNW5ucTCGolM -+UVGR1IQmqI+nNr2coKxTuzLgf9p4KBG6mee6XQIDAQABAoIBAGgGICWlgg8YwTsg -+M4iDUT1+1QjQean4iQuI3uBVDigVlNES8K5VYY0tjo+j++LCi7H8fwglwfEVh6Mi -+stw5WIOW0rBydZNws3GDKwigA1clXbioG1VRVJ1iSxcfLHzv94YvEgwnuvXLxqBp -+A/fWdOijc1iwfYQzgXDrtUiClI/qTMecWAKQaLFkKd+oimkV1EkhL6ol8ecQi5M3 -+ylHTTtbez2AEaxBBG/UPvrcqzUFEUCW+5VdgHj7p13CGaKZPPX3YDn+b3t7mAjUz -+n7Zou80vM2kJntqRaxaJ2xQgWTqSfnhO4QI/yKU/vfK8Otrylwb1luvICfcEy3/i -+4hJS1CECgYEA7eS4cu6wnjjb+Of6UqWUSksFVPCWI3LWAbqf9D5lJCnAR0pvqaQC -+NsUsxerNCVwtjjxWquTnhTKop08YEheMkxUH2j703zN+NTlZLfQcumXoQsd1oMJT -+R63udEQhakJ1f0AfiwYO38MCTVBYdfIpWOIMoHv+vsSrdv8kwUvmznUCgYEAxZF8 -+SFndBWhcikYLO2mSgNHGKCeIyKlzfDLuh6cxKf9WOEEHPg8BXM/rk9vn+7nnFZST -+6vr4YHnGFtLbm2Rfw7jwUsDn/+CalCL7fl6Aj8DKRvSHkeetbXQm0frA+PV+swy7 -+I159XYvJLmh2vtS0dd48cHCtHmTe5B33369GD0kCgYAhULisD9VYMypLL2GVFW8x -+AFSc0pyUFk72Kwafk+ViLR6qXThKD5fnx7E/fmR8fRY8JyMUB76Mns2TsLX0QqwD -+JRzWaZ6ta26vUXq1vswPJppiT8CfZNd44FjWm3v6f5go2/gO5ihLGepGnYvl6KX1 -+tqKCDxtb5/sDTTP+hfyqyQKBgFk22yJowe+hMriV7JiFkcxt7cdQIupJ6oZZEXFc -+RE0sqih45OZXLExW75AzK0x2pC0QjML9VY9rLdI8oUJITx44sv0LczgOmn7uVRa5 -+YeCINE9aOKXgMmZMnwMO8nj5kp8TzqWoE4BckRpNveFqd5sKIcy8dNBWyHfGOJpf -+sYlRAoGBAInxLPkUiSUheq11MPCx5yCzFBTXybZ4PMfIkjpkjkfQEPwBqaYlpWFt -+j9rUhfoGn6UnqH044mcZZaupAFKM81H++aZPq0cECoau8P49LXJ2ba0DSK8jZ5Io -+NIO8RX3ARcqJSk/dEaY6WiNH9HyCQtzoVoXYG50InG7KF1jX1Lt3 -+-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch b/SOURCES/rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch deleted file mode 100644 index de64bcc..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch +++ /dev/null @@ -1,195 +0,0 @@ -diff -up rsyslog-8.2102.0/configure.ac.orig rsyslog-8.2102.0/configure.ac ---- rsyslog-8.2102.0/configure.ac.orig 2022-11-21 11:39:40.717183684 +0100 -+++ rsyslog-8.2102.0/configure.ac 2022-11-21 11:40:18.697206706 +0100 -@@ -387,6 +387,28 @@ if test "$enable_fmhash_xxhash" = "yes"; - ]) - fi - -+AC_ARG_ENABLE(libcap-ng, -+ [AS_HELP_STRING([--enable-libcap-ng],[Enable dropping capabilities to only the necessary set @<:@default=no@:>@])], -+ [case "${enableval}" in -+ yes) enable_libcapng="yes" ;; -+ no) enable_libcapng="no" ;; -+ *) AC_MSG_ERROR(bad value ${enableval} for --enable_libcapng) ;; -+ esac], -+ [enable_libcapng=no] -+) -+ -+if test "$enable_libcapng" = "yes"; then -+ PKG_CHECK_MODULES( -+ [LIBCAPNG], -+ [libcap-ng >= 0.8.2], -+ [AC_DEFINE([ENABLE_LIBCAPNG], [1], [Indicator that libcap-ng is present])], -+ [AC_MSG_ERROR(libcap-ng is not present.)] -+ ) -+ CFLAGS="$CFLAGS $LIBCAPNG_CFLAGS" -+ LIBS="$LIBS $LIBCAPNG_LIBS" -+fi -+ -+ - - #gssapi - AC_ARG_ENABLE(gssapi_krb5, -@@ -2688,6 +2710,7 @@ echo " liblogging-stdlog support enab - echo " libsystemd enabled: $enable_libsystemd" - echo " kafka static linking enabled: $enable_kafka_static" - echo " atomic operations enabled: $enable_atomic_operations" -+echo " libcap-ng support enabled: $enable_libcapng" - echo - echo "---{ input plugins }---" - if test "$unamestr" != "AIX"; then -diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c ---- rsyslog-8.2102.0/runtime/rsconf.c.orig 2022-11-21 11:40:31.926214720 +0100 -+++ rsyslog-8.2102.0/runtime/rsconf.c 2022-11-21 11:44:26.742356979 +0100 -@@ -33,6 +33,9 @@ - #include - #include - #include -+#ifdef ENABLE_LIBCAPNG -+ #include -+#endif - - #include "rsyslog.h" - #include "obj.h" -@@ -546,6 +549,7 @@ rsRetVal doDropPrivGid(void) - uchar szBuf[1024]; - DEFiRet; - -+#ifndef ENABLE_LIBCAPNG - if(!ourConf->globals.gidDropPrivKeepSupplemental) { - res = setgroups(0, NULL); /* remove all supplemental group IDs */ - if(res) { -@@ -560,9 +564,19 @@ rsRetVal doDropPrivGid(void) - if(res) { - rs_strerror_r(errno, (char*)szBuf, sizeof(szBuf)); - LogError(0, RS_RET_ERR_DROP_PRIV, -- "could not set requested group id: %s", szBuf); -+ "could not set requested group id: %s via setgid()", szBuf); - ABORT_FINALIZE(RS_RET_ERR_DROP_PRIV); - } -+#else -+ int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP; -+ res = capng_change_id(-1, ourConf->globals.gidDropPriv, capng_flags); -+ if (res) { -+ LogError(0, RS_RET_LIBCAPNG_ERR, -+ "could not set requested group id %d via capng_change_id()", ourConf->globals.gidDropPriv); -+ ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR); -+ } -+#endif -+ - DBGPRINTF("setgid(%d): %d\n", ourConf->globals.gidDropPriv, res); - snprintf((char*)szBuf, sizeof(szBuf), "rsyslogd's groupid changed to %d", - ourConf->globals.gidDropPriv); -@@ -599,7 +613,14 @@ static void doDropPrivUid(int iUid) - iUid, szBuf); - } - -+#ifndef ENABLE_LIBCAPNG - res = setuid(iUid); -+ // res = setuid(cnf->globals.uidDropPriv); -+#else -+ int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP; -+ res = capng_change_id(iUid, -1, capng_flags); -+#endif -+ - if(res) { - /* if we can not set the userid, this is fatal, so let's unconditionally abort */ - perror("could not set requested userid"); -diff -up rsyslog-8.2102.0/runtime/rsyslog.h.orig rsyslog-8.2102.0/runtime/rsyslog.h ---- rsyslog-8.2102.0/runtime/rsyslog.h.orig 2022-11-21 11:45:09.007382588 +0100 -+++ rsyslog-8.2102.0/runtime/rsyslog.h 2022-11-21 11:45:31.333396112 +0100 -@@ -582,6 +582,7 @@ enum rsRetVal_ /** return value. All - RS_RET_RABBITMQ_CHANNEL_ERR = -2449, /**< RabbitMQ Connection error */ - RS_RET_NO_WRKDIR_SET = -2450, /**< working directory not set, but desired by functionality */ - RS_RET_ERR_QUEUE_FN_DUP = -2451, /**< duplicate queue file name */ -+ RS_RET_LIBCAPNG_ERR = -2455, /**< error during dropping the capabilities */ - - /* RainerScript error messages (range 1000.. 1999) */ - RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c ---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2022-11-21 11:45:17.587387786 +0100 -+++ rsyslog-8.2102.0/tools/rsyslogd.c 2022-11-21 11:46:19.509425295 +0100 -@@ -38,6 +38,10 @@ - # include - #endif - -+#ifdef ENABLE_LIBCAPNG -+ #include -+#endif -+ - #include "rsyslog.h" - #include "wti.h" - #include "ratelimit.h" -@@ -321,7 +325,7 @@ checkStartupOK(void) - fprintf(stderr, "rsyslogd: error reading pid file, cannot start up\n"); - ABORT_FINALIZE(RS_RET_ERR); - } -- -+ - /* ok, we got a pid, let's check if the process is running */ - const pid_t pid = (pid_t) pf_pid; - if(kill(pid, 0) == 0 || errno != ESRCH) { -@@ -1594,7 +1598,7 @@ initAll(int argc, char **argv) - localRet = RS_RET_OK; - } - CHKiRet(localRet); -- -+ - CHKiRet(rsyslogd_InitStdRatelimiters()); - - if(bChDirRoot) { -@@ -2019,7 +2023,7 @@ deinitAll(void) - /* close the inputs */ - DBGPRINTF("Terminating input threads...\n"); - glbl.SetGlobalInputTermination(); -- -+ - thrdTerminateAll(); - - /* and THEN send the termination log message (see long comment above) */ -@@ -2142,6 +2146,45 @@ main(int argc, char **argv) - if(log_dflt != NULL && !strcmp(log_dflt, "1")) - bProcessInternalMessages = 1; - dbgClassInit(); -+ -+#ifdef ENABLE_LIBCAPNG -+ /* -+ * Drop capabilities to the necessary set -+ */ -+ int capng_rc; -+ capng_clear(CAPNG_SELECT_BOTH); -+ -+ if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_BLOCK_SUSPEND, -+ CAP_CHOWN, -+ CAP_IPC_LOCK, -+ CAP_LEASE, -+ CAP_NET_ADMIN, -+ CAP_NET_BIND_SERVICE, -+ CAP_PERFMON, -+ CAP_SETGID, -+ CAP_SETUID, -+ CAP_SYS_ADMIN, -+ CAP_SYS_CHROOT, -+ CAP_SYS_RESOURCE, -+ CAP_SYSLOG, -+ -1 -+ )) != 0) { -+ LogError(0, RS_RET_LIBCAPNG_ERR, -+ "could not update the internal posix capabilities settings " -+ "based on the options passed to it, capng_updatev=%d\n", capng_rc); -+ exit(-1); -+ } -+ -+ if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) { -+ LogError(0, RS_RET_LIBCAPNG_ERR, -+ "could not transfer the specified internal posix capabilities " -+ "settings to the kernel, capng_apply=%d\n", capng_rc); -+ exit(-1); -+ } -+ DBGPRINTF("Capabilities were dropped successfully\n"); -+#endif -+ - initAll(argc, argv); - #ifdef HAVE_LIBSYSTEMD - sd_notify(0, "READY=1"); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch b/SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch deleted file mode 100644 index 0c18c56..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c ---- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2023-05-19 10:32:32.467826852 +0200 -+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2023-05-19 10:33:34.426902983 +0200 -@@ -452,6 +452,8 @@ readjournal(void) - /* Get message identifier, client pid and add ':' */ - if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) { - CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden)); -+ } else if (journalGetData("_COMM", &get, &length) >= 0) { -+ CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden)); - } else { - CHKmalloc(sys_iden = strdup(cs.dfltTag)); - } diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2157658-imklog.patch b/SOURCES/rsyslog-8.2102.0-rhbz2157658-imklog.patch deleted file mode 100644 index 8e46b35..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2157658-imklog.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c -index 6c24b5a2db..78cfc3bae2 100644 ---- a/plugins/imklog/imklog.c -+++ b/plugins/imklog/imklog.c -@@ -453,6 +453,7 @@ ENDactivateCnf - - BEGINfreeCnf - CODESTARTfreeCnf -+ free(pModConf->pszBindRuleset); - ENDfreeCnf - - -@@ -475,7 +476,6 @@ CODESTARTmodExit - if(pInputName != NULL) - prop.Destruct(&pInputName); - -- free(runModConf->pszBindRuleset); - /* release objects we used */ - objRelease(glbl, CORE_COMPONENT); - objRelease(net, CORE_COMPONENT); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch b/SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch deleted file mode 100644 index aaf5beb..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch +++ /dev/null @@ -1,72 +0,0 @@ -diff -up rsyslog-8.2102.0/parse.h.orig rsyslog-8.2102.0/parse.h ---- rsyslog-8.2102.0/parse.h.orig 2023-05-09 09:10:09.236597063 +0200 -+++ rsyslog-8.2102.0/parse.h 2023-05-09 09:10:26.913608034 +0200 -@@ -56,7 +56,7 @@ struct rsParsObject - rsObjID OID; /**< object ID */ - #endif - cstr_t *pCStr; /**< pointer to the string object we are parsing */ -- int iCurrPos; /**< current parsing position (char offset) */ -+ size_t iCurrPos; /**< current parsing position (char offset) */ - }; - typedef struct rsParsObject rsParsObj; - -diff -up rsyslog-8.2102.0/runtime/stream.c.orig rsyslog-8.2102.0/runtime/stream.c ---- rsyslog-8.2102.0/runtime/stream.c.orig 2023-05-09 09:10:34.122612508 +0200 -+++ rsyslog-8.2102.0/runtime/stream.c 2023-05-09 09:12:47.934640583 +0200 -@@ -1071,7 +1071,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t - cstr_t *thisLine = NULL; - rsRetVal readCharRet; - const time_t tCurr = pThis->readTimeout ? getTime(NULL) : 0; -- int maxMsgSize = glblGetMaxLine(); -+ size_t maxMsgSize = glblGetMaxLine(); - DEFiRet; - - do { -@@ -1132,9 +1132,9 @@ strmReadMultiLine(strm_t *pThis, cstr_t - } - - -- int currLineLen = cstrLen(thisLine); -+ size_t currLineLen = cstrLen(thisLine); - if(currLineLen > 0) { -- int len; -+ size_t len; - if((len = cstrLen(pThis->prevMsgSegment) + currLineLen) < - maxMsgSize) { - CHKiRet(cstrAppendCStr(pThis->prevMsgSegment, thisLine)); -@@ -1144,7 +1144,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t - len = 0; - } else { - len = currLineLen-(len-maxMsgSize); -- for(int z=0; zprevMsgSegment, - thisLine->pBuf[z]); - } -diff -up rsyslog-8.2102.0/runtime/stringbuf.c.orig rsyslog-8.2102.0/runtime/stringbuf.c ---- rsyslog-8.2102.0/runtime/stringbuf.c.orig 2023-05-09 09:09:37.627577446 +0200 -+++ rsyslog-8.2102.0/runtime/stringbuf.c 2023-05-09 09:09:59.061590749 +0200 -@@ -474,7 +474,7 @@ finalize_it: - * This is due to performance reasons. - */ - #ifndef NDEBUG --int cstrLen(cstr_t *pThis) -+size_t cstrLen(cstr_t *pThis) - { - rsCHECKVALIDOBJECT(pThis, OIDrsCStr); - return(pThis->iStrLen); -diff -up rsyslog-8.2102.0/runtime/stringbuf.h.orig rsyslog-8.2102.0/runtime/stringbuf.h ---- rsyslog-8.2102.0/runtime/stringbuf.h.orig 2023-05-09 09:08:05.199520082 +0200 -+++ rsyslog-8.2102.0/runtime/stringbuf.h 2023-05-09 09:09:26.924570803 +0200 -@@ -144,9 +144,9 @@ rsRetVal cstrAppendCStr(cstr_t *pThis, c - - /* now come inline-like functions */ - #ifdef NDEBUG --# define cstrLen(x) ((int)((x)->iStrLen)) -+# define cstrLen(x) ((size_t)((x)->iStrLen)) - #else -- int cstrLen(cstr_t *pThis); -+ size_t cstrLen(cstr_t *pThis); - #endif - #define rsCStrLen(s) cstrLen((s)) - diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch deleted file mode 100644 index 52dbb5e..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c ---- rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig 2023-05-11 14:14:39.778187570 +0200 -+++ rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c 2023-05-11 14:15:36.254234445 +0200 -@@ -232,7 +232,11 @@ static rsRetVal curlSetup(wrkrInstanceDa - BEGINcreateInstance - CODESTARTcreateInstance - pData->fdErrFile = -1; -- pthread_mutex_init(&pData->mutErrFile, NULL); -+ if(pthread_mutex_init(&pData->mutErrFile, NULL) != 0) { -+ LogError(errno, RS_RET_ERR, "omelasticsearch: cannot create " -+ "error file mutex, failing this action"); -+ ABORT_FINALIZE(RS_RET_ERR); -+ } - pData->caCertFile = NULL; - pData->myCertFile = NULL; - pData->myPrivKeyFile = NULL; -@@ -240,6 +244,7 @@ CODESTARTcreateInstance - pData->retryRulesetName = NULL; - pData->retryRuleset = NULL; - pData->rebindInterval = DEFAULT_REBIND_INTERVAL; -+finalize_it: - ENDcreateInstance - - BEGINcreateWrkrInstance -@@ -2165,10 +2170,12 @@ ENDfreeCnf - - BEGINdoHUP - CODESTARTdoHUP -+ pthread_mutex_lock(&pData->mutErrFile); - if(pData->fdErrFile != -1) { - close(pData->fdErrFile); - pData->fdErrFile = -1; - } -+ pthread_mutex_unlock(&pData->mutErrFile); - ENDdoHUP - - diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch deleted file mode 100644 index 451d554..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch +++ /dev/null @@ -1,54 +0,0 @@ -diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c -index 0808c6054e..d7d6c68e60 100644 ---- a/plugins/omelasticsearch/omelasticsearch.c -+++ b/plugins/omelasticsearch/omelasticsearch.c -@@ -116,6 +116,7 @@ typedef struct instanceConf_s { - uchar **serverBaseUrls; - int numServers; - long healthCheckTimeout; -+ long indexTimeout; - uchar *uid; - uchar *pwd; - uchar *authBuf; -@@ -187,6 +188,7 @@ static struct cnfparamdescr actpdescr[] = { - { "server", eCmdHdlrArray, 0 }, - { "serverport", eCmdHdlrInt, 0 }, - { "healthchecktimeout", eCmdHdlrInt, 0 }, -+ { "indextimeout", eCmdHdlrInt, 0 }, - { "uid", eCmdHdlrGetWord, 0 }, - { "pwd", eCmdHdlrGetWord, 0 }, - { "searchindex", eCmdHdlrGetWord, 0 }, -@@ -355,6 +357,7 @@ CODESTARTdbgPrintInstInfo - dbgprintf("\ttemplate='%s'\n", pData->tplName); - dbgprintf("\tnumServers=%d\n", pData->numServers); - dbgprintf("\thealthCheckTimeout=%lu\n", pData->healthCheckTimeout); -+ dbgprintf("\tindexTimeout=%lu\n", pData->indexTimeout); - dbgprintf("\tserverBaseUrls="); - for(i = 0 ; i < pData->numServers ; ++i) - dbgprintf("%c'%s'", i == 0 ? '[' : ' ', pData->serverBaseUrls[i]); -@@ -1768,6 +1771,8 @@ curlPostSetup(wrkrInstanceData_t *const pWrkrData) - PTR_ASSERT_SET_TYPE(pWrkrData, WRKR_DATA_TYPE_ES); - curlSetupCommon(pWrkrData, pWrkrData->curlPostHandle); - curl_easy_setopt(pWrkrData->curlPostHandle, CURLOPT_POST, 1); -+ curl_easy_setopt(pWrkrData->curlPostHandle, -+ CURLOPT_TIMEOUT_MS, pWrkrData->pData->indexTimeout); - } - - #define CONTENT_JSON "Content-Type: application/json; charset=utf-8" -@@ -1797,6 +1802,7 @@ setInstParamDefaults(instanceData *const pData) - pData->serverBaseUrls = NULL; - pData->defaultPort = 9200; - pData->healthCheckTimeout = 3500; -+ pData->indexTimeout = 0; - pData->uid = NULL; - pData->pwd = NULL; - pData->authBuf = NULL; -@@ -1865,6 +1871,8 @@ CODESTARTnewActInst - pData->defaultPort = (int) pvals[i].val.d.n; - } else if(!strcmp(actpblk.descr[i].name, "healthchecktimeout")) { - pData->healthCheckTimeout = (long) pvals[i].val.d.n; -+ } else if(!strcmp(actpblk.descr[i].name, "indextimeout")) { -+ pData->indexTimeout = (long) pvals[i].val.d.n; - } else if(!strcmp(actpblk.descr[i].name, "uid")) { - pData->uid = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); - } else if(!strcmp(actpblk.descr[i].name, "pwd")) { diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch deleted file mode 100644 index 3951495..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c -index 0808c6054e..ed9359732c 100644 ---- a/plugins/omelasticsearch/omelasticsearch.c -+++ b/plugins/omelasticsearch/omelasticsearch.c -@@ -877,14 +877,6 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p - int i; - int numitems; - fjson_object *items=NULL, *jo_errors = NULL; -- int errors = 0; -- -- if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) { -- errors = fjson_object_get_boolean(jo_errors); -- if (!errors && pWrkrData->pData->retryFailures) { -- return RS_RET_OK; -- } -- } - - /*iterate over items*/ - if(!fjson_object_object_get_ex(replyRoot, "items", &items)) { -@@ -897,6 +889,15 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p - - numitems = fjson_object_array_length(items); - -+ int errors = 0; -+ if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) { -+ errors = fjson_object_get_boolean(jo_errors); -+ if (!errors && pWrkrData->pData->retryFailures) { -+ STATSCOUNTER_ADD(indexSuccess, mutIndexSuccess, numitems); -+ return RS_RET_OK; -+ } -+ } -+ - if (reqmsg) { - DBGPRINTF("omelasticsearch: Entire request %s\n", reqmsg); - } else { -@@ -1267,6 +1268,7 @@ getDataRetryFailures(context *ctx,int itemStatus,char *request,char *response, - response); - } - } -+ - need_free_omes = 0; - CHKiRet(msgAddJSON(msg, (uchar*)".omes", omes, 0, 0)); - MsgSetRuleset(msg, ctx->retryRuleset); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch deleted file mode 100644 index 976391e..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch +++ /dev/null @@ -1,148 +0,0 @@ -diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c -index ed9359732c..8200403eaf 100644 ---- a/plugins/omelasticsearch/omelasticsearch.c -+++ b/plugins/omelasticsearch/omelasticsearch.c -@@ -86,12 +86,14 @@ STATSCOUNTER_DEF(rebinds, mutRebinds) - static prop_t *pInputName = NULL; - - # define META_STRT "{\"index\":{\"_index\": \"" --# define META_STRT_CREATE "{\"create\":{\"_index\": \"" -+# define META_STRT_CREATE "{\"create\":{" /* \"_index\": \" */ -+# define META_IX "\"_index\": \"" - # define META_TYPE "\",\"_type\":\"" - # define META_PIPELINE "\",\"pipeline\":\"" - # define META_PARENT "\",\"_parent\":\"" - # define META_ID "\", \"_id\":\"" - # define META_END "\"}}\n" -+# define META_END_NOQUOTE " }}\n" - - typedef enum { - ES_WRITE_INDEX, -@@ -362,8 +364,8 @@ CODESTARTdbgPrintInstInfo - dbgprintf("\tdefaultPort=%d\n", pData->defaultPort); - dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid); - dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : ""); -- dbgprintf("\tsearch index='%s'\n", pData->searchIndex); -- dbgprintf("\tsearch type='%s'\n", pData->searchType); -+ dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex); -+ dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType); - dbgprintf("\tpipeline name='%s'\n", pData->pipelineName); - dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName); - dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty); -@@ -596,8 +598,8 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls, - } - - done: -- assert(srchIndex != NULL); -- assert(srchType != NULL); -+ //assert(srchIndex != NULL); -+ //assert(srchType != NULL); - return; - } - -@@ -633,9 +635,14 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) - parent = NULL; - } else { - getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); -- r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex)); -- if(r == 0) r = es_addChar(&url, '/'); -- if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType)); -+ if(searchIndex != NULL) { -+ r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex)); -+ if(r == 0) r = es_addChar(&url, '/'); -+ if(searchType != NULL) { -+ if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType)); -+ } -+ } else -+ r = 0; - if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) { - if(r == 0) r = es_addChar(&url, separator); - if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1); -@@ -692,7 +699,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData, - uchar *pipelineName; - - getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); -- r += ustrlen((char *)message) + ustrlen(searchIndex) + ustrlen(searchType); -+ r += ustrlen((char *)message); -+ if(searchIndex != NULL) -+ r += ustrlen(searchIndex); -+ if(searchType != NULL) -+ r += ustrlen(searchType); - - if(parent != NULL) { - r += sizeof(META_PARENT)-1 + ustrlen(parent); -@@ -717,6 +728,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls) - { - int length = strlen((char *)message); - int r; -+ int endQuote = 1; - uchar *searchIndex = NULL; - uchar *searchType; - uchar *parent = NULL; -@@ -725,28 +737,43 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls) - DEFiRet; - - getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); -- if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) -+ if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) { - r = es_addBuf(&pWrkrData->batch.data, META_STRT_CREATE, sizeof(META_STRT_CREATE)-1); -- else -+ endQuote = 0; -+ } else - r = es_addBuf(&pWrkrData->batch.data, META_STRT, sizeof(META_STRT)-1); -- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex, -+ if(searchIndex != NULL) { -+ endQuote = 1; -+ if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) -+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1); -+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex, - ustrlen(searchIndex)); -- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1); -- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType, -+ if(searchType != NULL) { -+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1); -+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType, - ustrlen(searchType)); -+ } -+ } - if(parent != NULL) { -+ endQuote = 1; - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PARENT, sizeof(META_PARENT)-1); - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)parent, ustrlen(parent)); - } - if(pipelineName != NULL && (!pWrkrData->pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) { -+ endQuote = 1; - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PIPELINE, sizeof(META_PIPELINE)-1); - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)pipelineName, ustrlen(pipelineName)); - } - if(bulkId != NULL) { -+ endQuote = 1; - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_ID, sizeof(META_ID)-1); - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)bulkId, ustrlen(bulkId)); - } -- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1); -+ if(endQuote == 0) { -+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END_NOQUOTE, sizeof(META_END_NOQUOTE)-1); -+ } else { -+ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1); -+ } - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)message, length); - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, "\n", sizeof("\n")-1); - if(r != 0) { -@@ -2094,6 +2121,8 @@ CODESTARTnewActInst - CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls)); - } - -+ //Only needed befor ES-Version 7.x -+ /* - if(pData->searchIndex == NULL) - pData->searchIndex = (uchar*) strdup("system"); - if(pData->searchType == NULL) -@@ -2104,6 +2133,7 @@ CODESTARTnewActInst - "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation); - ABORT_FINALIZE(RS_RET_CONFIG_ERROR); - } -+ */ - - if (pData->retryFailures) { - CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL)); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch deleted file mode 100644 index e6e6b70..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch +++ /dev/null @@ -1,118 +0,0 @@ -diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c -index 8200403eaf..8b74d610df 100644 ---- a/plugins/omelasticsearch/omelasticsearch.c -+++ b/plugins/omelasticsearch/omelasticsearch.c -@@ -130,6 +130,7 @@ typedef struct instanceConf_s { - uchar *timeout; - uchar *bulkId; - uchar *errorFile; -+ int esVersion; - sbool errorOnly; - sbool interleaved; - sbool dynSrchIdx; -@@ -221,7 +222,8 @@ static struct cnfparamdescr actpdescr[] = { - { "ratelimit.interval", eCmdHdlrInt, 0 }, - { "ratelimit.burst", eCmdHdlrInt, 0 }, - { "retryruleset", eCmdHdlrString, 0 }, -- { "rebindinterval", eCmdHdlrInt, 0 } -+ { "rebindinterval", eCmdHdlrInt, 0 }, -+ { "esversion.major", eCmdHdlrPositiveInt, 0 } - }; - static struct cnfparamblk actpblk = - { CNFPARAMBLK_VERSION, -@@ -246,6 +248,7 @@ CODESTARTcreateInstance - pData->retryRulesetName = NULL; - pData->retryRuleset = NULL; - pData->rebindInterval = DEFAULT_REBIND_INTERVAL; -+ pData->esVersion = 0; - finalize_it: - ENDcreateInstance - -@@ -364,8 +367,10 @@ CODESTARTdbgPrintInstInfo - dbgprintf("\tdefaultPort=%d\n", pData->defaultPort); - dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid); - dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : ""); -- dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex); -- dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType); -+ dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL -+ ? (uchar*)"(not configured)" : pData->searchIndex); -+ dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL -+ ? (uchar*)"(not configured)" : pData->searchType); - dbgprintf("\tpipeline name='%s'\n", pData->pipelineName); - dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName); - dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty); -@@ -598,8 +603,6 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls, - } - - done: -- //assert(srchIndex != NULL); -- //assert(srchType != NULL); - return; - } - -@@ -700,11 +703,12 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData, - - getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); - r += ustrlen((char *)message); -- if(searchIndex != NULL) -- r += ustrlen(searchIndex); -- if(searchType != NULL) -- r += ustrlen(searchType); -- -+ if(searchIndex != NULL) { -+ r += ustrlen(searchIndex); -+ } -+ if(searchType != NULL) { -+ r += ustrlen(searchType); -+ } - if(parent != NULL) { - r += sizeof(META_PARENT)-1 + ustrlen(parent); - } -@@ -728,7 +732,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls) - { - int length = strlen((char *)message); - int r; -- int endQuote = 1; -+ int endQuote = 1; - uchar *searchIndex = NULL; - uchar *searchType; - uchar *parent = NULL; -@@ -1990,6 +1994,8 @@ CODESTARTnewActInst - pData->retryRulesetName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); - } else if(!strcmp(actpblk.descr[i].name, "rebindinterval")) { - pData->rebindInterval = (int) pvals[i].val.d.n; -+ } else if(!strcmp(actpblk.descr[i].name, "esversion.major")) { -+ pData->esVersion = pvals[i].val.d.n; - } else { - LogError(0, RS_RET_INTERNAL_ERROR, "omelasticsearch: program error, " - "non-handled param '%s'", actpblk.descr[i].name); -@@ -2121,19 +2127,18 @@ CODESTARTnewActInst - CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls)); - } - -- //Only needed befor ES-Version 7.x -- /* -- if(pData->searchIndex == NULL) -- pData->searchIndex = (uchar*) strdup("system"); -- if(pData->searchType == NULL) -- pData->searchType = (uchar*) strdup("events"); -+ if(pData->esVersion < 8) { -+ if(pData->searchIndex == NULL) -+ pData->searchIndex = (uchar*) strdup("system"); -+ if(pData->searchType == NULL) -+ pData->searchType = (uchar*) strdup("events"); - -- if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) { -- LogError(0, RS_RET_CONFIG_ERROR, -- "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation); -- ABORT_FINALIZE(RS_RET_CONFIG_ERROR); -+ if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) { -+ LogError(0, RS_RET_CONFIG_ERROR, -+ "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation); -+ ABORT_FINALIZE(RS_RET_CONFIG_ERROR); -+ } - } -- */ - - if (pData->retryFailures) { - CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL)); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch deleted file mode 100644 index c9a2cb3..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c -index 76d5081d3b..f481ec3f7e 100644 ---- a/plugins/omelasticsearch/omelasticsearch.c -+++ b/plugins/omelasticsearch/omelasticsearch.c -@@ -620,6 +620,8 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) - uchar *parent; - uchar *bulkId; - char* baseUrl; -+ /* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */ -+ uchar* actualSearchType = (uchar*)"_doc"; - es_str_t *url; - int r; - DEFiRet; -@@ -645,11 +647,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) - if(searchIndex != NULL) { - r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex)); - if(r == 0) r = es_addChar(&url, '/'); -- if(searchType != NULL) { -- if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType)); -- } -- } else -- r = 0; -+ -+ if(searchType != NULL) { -+ actualSearchType = searchType; -+ } -+ if(r == 0) r = es_addChar(&url, '/'); -+ if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType)); - if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) { - if(r == 0) r = es_addChar(&url, separator); - if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1); -@@ -693,7 +696,7 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData, - const uchar *const message, - uchar **const tpls) - { -- size_t r = sizeof(META_TYPE)-1 + sizeof(META_END)-1 + sizeof("\n")-1; -+ size_t r = sizeof(META_END)-1 + sizeof("\n")-1; - if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) - r += sizeof(META_STRT_CREATE)-1; - else diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch deleted file mode 100644 index ca79d57..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c -index f481ec3f7e..b297a9274f 100644 ---- a/plugins/omelasticsearch/omelasticsearch.c -+++ b/plugins/omelasticsearch/omelasticsearch.c -@@ -623,7 +623,7 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) - /* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */ - uchar* actualSearchType = (uchar*)"_doc"; - es_str_t *url; -- int r; -+ int r = 0; - DEFiRet; - instanceData *const pData = pWrkrData->pData; - char separator; -@@ -646,13 +646,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) - getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); - if(searchIndex != NULL) { - r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex)); -+ if(searchType != NULL && searchType[0] != '\0') { -+ actualSearchType = searchType; -+ } - if(r == 0) r = es_addChar(&url, '/'); -- -- if(searchType != NULL) { -- actualSearchType = searchType; -+ if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType)); - } -- if(r == 0) r = es_addChar(&url, '/'); -- if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType)); - if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) { - if(r == 0) r = es_addChar(&url, separator); - if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1); -@@ -714,7 +713,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData, - r += ustrlen(searchIndex); - } - if(searchType != NULL) { -- r += ustrlen(searchType); -+ if(searchType[0] == '\0') { -+ r += 4; // "_doc" -+ } else { -+ r += ustrlen(searchType); -+ } - } - if(parent != NULL) { - r += sizeof(META_PARENT)-1 + ustrlen(parent); -@@ -759,7 +762,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls) - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1); - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex, - ustrlen(searchIndex)); -- if(searchType != NULL) { -+ if(searchType != NULL && searchType[0] != '\0') { - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1); - if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType, - ustrlen(searchType)); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch deleted file mode 100644 index c5bb718..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html ---- rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig 2023-05-11 15:56:24.308601241 +0200 -+++ rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html 2023-05-11 15:57:11.000662477 +0200 -@@ -156,6 +156,28 @@ this timeframe. Defaults to 3500.

      -

      Note, the health check is verifying connectivity only, not the state of - the Elasticsearch cluster.

      -
    • -+ -+
    -+

    esVersion.major

    -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
    typedefaultmandatoryobsolete legacy directive
    integer0nonone
    -+

    ElasticSearch is notoriously bad at maintaining backwards compatibility. For this reason, the setting can be used to configure the server’s major version number (e.g. 7, 8, …). As far as we know breaking changes only happen with major version changes. As of now, only value 8 triggers API changes. All other values select pre-version-8 API usage.

    -+
    -+ -
    -

    searchIndex

    - diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch b/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch deleted file mode 100644 index 8ddb5f4..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c ---- rsyslog-8.2102.0/runtime/glbl.c.orig 2023-06-27 08:20:45.265387162 +0200 -+++ rsyslog-8.2102.0/runtime/glbl.c 2023-06-27 08:20:45.262387154 +0200 -@@ -230,7 +230,8 @@ static struct cnfparamdescr cnfparamdesc - { "reverselookup.cache.ttl.enable", eCmdHdlrBinary, 0 }, - { "shutdown.queue.doublesize", eCmdHdlrBinary, 0 }, - { "debug.files", eCmdHdlrArray, 0 }, -- { "debug.whitelist", eCmdHdlrBinary, 0 } -+ { "debug.whitelist", eCmdHdlrBinary, 0 }, -+ { "libcapng.default", eCmdHdlrBinary, 0 } - }; - static struct cnfparamblk paramblk = - { CNFPARAMBLK_VERSION, -@@ -1315,6 +1316,13 @@ glblDoneLoadCnf(void) - if(!strcmp(paramblk.descr[i].name, "workdirectory")) { - cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL); - setWorkDir(NULL, cstr); -+ } else if(!strcmp(paramblk.descr[i].name, "libcapng.default")) { -+#ifdef ENABLE_LIBCAPNG -+ loadConf->globals.bAbortOnFailedLibcapngSetup = (int) cnfparamvals[i].val.d.n; -+#else -+ LogError(0, RS_RET_ERR, "rsyslog wasn't " -+ "compiled with libcap-ng support."); -+#endif - } else if(!strcmp(paramblk.descr[i].name, "variables.casesensitive")) { - const int val = (int) cnfparamvals[i].val.d.n; - fjson_global_do_case_sensitive_comparison(val); -diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c ---- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-06-27 08:20:45.265387162 +0200 -+++ rsyslog-8.2102.0/runtime/rsconf.c 2023-06-27 08:20:45.264387159 +0200 -@@ -146,6 +146,9 @@ int rsconfNeedDropPriv(rsconf_t *const c - - static void cnfSetDefaults(rsconf_t *pThis) - { -+#ifdef ENABLE_LIBCAPNG -+ pThis->globals.bAbortOnFailedLibcapngSetup = 1; -+#endif - pThis->globals.bAbortOnUncleanConfig = 0; - pThis->globals.bReduceRepeatMsgs = 0; - pThis->globals.bDebugPrintTemplateList = 1; -diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h ---- rsyslog-8.2102.0/runtime/rsconf.h.orig 2023-06-27 08:20:45.265387162 +0200 -+++ rsyslog-8.2102.0/runtime/rsconf.h 2023-06-27 08:20:45.260387149 +0200 -@@ -61,6 +61,9 @@ struct queuecnf_s { - * be re-set as often as the user likes). - */ - struct globals_s { -+#ifdef ENABLE_LIBCAPNG -+ int bAbortOnFailedLibcapngSetup; -+#endif - int bDebugPrintTemplateList; - int bDebugPrintModuleList; - int bDebugPrintCfSysLineHandlerList; -diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c ---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-06-27 08:20:45.245387109 +0200 -+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-06-27 08:31:35.250120215 +0200 -@@ -2151,7 +2151,7 @@ main(int argc, char **argv) - /* - * Drop capabilities to the necessary set - */ -- int capng_rc; -+ int capng_rc, capng_failed = 0; - capng_clear(CAPNG_SELECT_BOTH); - - if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -@@ -2161,10 +2161,9 @@ main(int argc, char **argv) - CAP_LEASE, - CAP_NET_ADMIN, - CAP_NET_BIND_SERVICE, -+ CAP_DAC_OVERRIDE, - CAP_SETGID, - CAP_SETUID, -- CAP_DAC_OVERRIDE, -- CAP_NET_RAW, - CAP_SYS_ADMIN, - CAP_SYS_CHROOT, - CAP_SYS_RESOURCE, -@@ -2173,17 +2172,25 @@ main(int argc, char **argv) - )) != 0) { - LogError(0, RS_RET_LIBCAPNG_ERR, - "could not update the internal posix capabilities settings " -- "based on the options passed to it, capng_updatev=%d\n", capng_rc); -- exit(-1); -+ "based on the options passed to it, capng_updatev=%d", capng_rc); -+ capng_failed = 1; - } - - if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) { - LogError(0, RS_RET_LIBCAPNG_ERR, -- "could not transfer the specified internal posix capabilities " -- "settings to the kernel, capng_apply=%d\n", capng_rc); -- exit(-1); -+ "could not transfer the specified internal posix capabilities " -+ "settings to the kernel, capng_apply=%d", capng_rc); -+ capng_failed = 1; -+ } -+ -+ if (capng_failed) { -+ DBGPRINTF("Capabilities were not dropped successfully.\n"); -+ if (loadConf->globals.bAbortOnFailedLibcapngSetup) { -+ exit(RS_RET_LIBCAPNG_ERR); -+ } -+ } else { -+ DBGPRINTF("Capabilities were dropped successfully\n"); - } -- DBGPRINTF("Capabilities were dropped successfully\n"); - #endif - - initAll(argc, argv); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch b/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch deleted file mode 100644 index 27361d7..0000000 --- a/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch +++ /dev/null @@ -1,145 +0,0 @@ -diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c ---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-06-27 08:56:27.321174891 +0200 -+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-06-27 08:58:17.977481782 +0200 -@@ -1557,6 +1557,88 @@ initAll(int argc, char **argv) - resetErrMsgsFlag(); - localRet = rsconf.Load(&ourConf, ConfFile); - -+ #ifdef ENABLE_LIBCAPNG -+ /* -+ * Drop capabilities to the necessary set -+ */ -+ int capng_rc, capng_failed = 0; -+ typedef struct capabilities_s { -+ int capability; /* capability code */ -+ const char *name; /* name of the capability to be displayed */ -+ sbool present; /* is the capability present that is needed by rsyslog? if so we do not drop it */ -+ } capabilities_t; -+ -+ capabilities_t capabilities[] = { -+ #define CAP_FIELD(code) { code, #code, 0 } -+ CAP_FIELD(CAP_BLOCK_SUSPEND), -+ CAP_FIELD(CAP_CHOWN), -+ CAP_FIELD(CAP_IPC_LOCK), -+ CAP_FIELD(CAP_LEASE), -+ CAP_FIELD(CAP_NET_ADMIN), -+ CAP_FIELD(CAP_NET_BIND_SERVICE), -+ CAP_FIELD(CAP_DAC_OVERRIDE), -+ CAP_FIELD(CAP_SETGID), -+ CAP_FIELD(CAP_SETUID), -+ CAP_FIELD(CAP_SYS_ADMIN), -+ CAP_FIELD(CAP_SYS_CHROOT), -+ CAP_FIELD(CAP_SYS_RESOURCE), -+ CAP_FIELD(CAP_SYSLOG) -+ #undef CAP_FIELD -+ }; -+ -+ if (capng_have_capabilities(CAPNG_SELECT_CAPS) > CAPNG_NONE) { -+ /* Examine which capabilities are available to us, so we do not try to -+ drop something that is not present. We need to do this in two steps, -+ because capng_clear clears the capability set. In the second step, -+ we add back those caps, which were present before clearing the selected -+ posix capabilities set. -+ */ -+ unsigned long caps_len = sizeof(capabilities) / sizeof(capabilities_t); -+ for (unsigned long i = 0; i < caps_len; i++) { -+ if (capng_have_capability(CAPNG_EFFECTIVE, capabilities[i].capability)) { -+ capabilities[i].present = 1; -+ } -+ } -+ -+ capng_clear(CAPNG_SELECT_BOTH); -+ -+ for (unsigned long i = 0; i < caps_len; i++) { -+ if (capabilities[i].present) { -+ DBGPRINTF("The %s capability is present, " -+ "will try to preserve it.\n", capabilities[i].name); -+ if ((capng_rc = capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ capabilities[i].capability)) != 0) { -+ LogError(0, RS_RET_LIBCAPNG_ERR, -+ "could not update the internal posix capabilities settings " -+ "based on the options passed to it, capng_update=%d", capng_rc); -+ capng_failed = 1; -+ } -+ } else { -+ DBGPRINTF("The %s capability is not present, " -+ "will not try to preserve it.\n", capabilities[i].name); -+ } -+ } -+ -+ if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) { -+ LogError(0, RS_RET_LIBCAPNG_ERR, -+ "could not transfer the specified internal posix capabilities " -+ "settings to the kernel, capng_apply=%d", capng_rc); -+ capng_failed = 1; -+ } -+ -+ if (capng_failed) { -+ DBGPRINTF("Capabilities were not dropped successfully.\n"); -+ if (loadConf->globals.bAbortOnFailedLibcapngSetup) { -+ ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR); -+ } -+ } else { -+ DBGPRINTF("Capabilities were dropped successfully\n"); -+ } -+ } else { -+ DBGPRINTF("No capabilities to drop\n"); -+ } -+#endif -+ - if(fp_rs_full_conf_output != NULL) { - if(fp_rs_full_conf_output != stdout) { - fclose(fp_rs_full_conf_output); -@@ -2147,52 +2229,6 @@ main(int argc, char **argv) - bProcessInternalMessages = 1; - dbgClassInit(); - --#ifdef ENABLE_LIBCAPNG -- /* -- * Drop capabilities to the necessary set -- */ -- int capng_rc, capng_failed = 0; -- capng_clear(CAPNG_SELECT_BOTH); -- -- if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -- CAP_BLOCK_SUSPEND, -- CAP_CHOWN, -- CAP_IPC_LOCK, -- CAP_LEASE, -- CAP_NET_ADMIN, -- CAP_NET_BIND_SERVICE, -- CAP_DAC_OVERRIDE, -- CAP_SETGID, -- CAP_SETUID, -- CAP_SYS_ADMIN, -- CAP_SYS_CHROOT, -- CAP_SYS_RESOURCE, -- CAP_SYSLOG, -- -1 -- )) != 0) { -- LogError(0, RS_RET_LIBCAPNG_ERR, -- "could not update the internal posix capabilities settings " -- "based on the options passed to it, capng_updatev=%d", capng_rc); -- capng_failed = 1; -- } -- -- if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) { -- LogError(0, RS_RET_LIBCAPNG_ERR, -- "could not transfer the specified internal posix capabilities " -- "settings to the kernel, capng_apply=%d", capng_rc); -- capng_failed = 1; -- } -- -- if (capng_failed) { -- DBGPRINTF("Capabilities were not dropped successfully.\n"); -- if (loadConf->globals.bAbortOnFailedLibcapngSetup) { -- exit(RS_RET_LIBCAPNG_ERR); -- } -- } else { -- DBGPRINTF("Capabilities were dropped successfully\n"); -- } --#endif -- - initAll(argc, argv); - #ifdef HAVE_LIBSYSTEMD - sd_notify(0, "READY=1"); diff --git a/SOURCES/rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move-doc.patch b/SOURCES/rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move-doc.patch new file mode 100644 index 0000000..16c8e5c --- /dev/null +++ b/SOURCES/rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move-doc.patch @@ -0,0 +1,42 @@ +diff -up rsyslog-8.2310.0/doc/configuration/modules/imfile.html.orig rsyslog-8.2310.0/doc/configuration/modules/imfile.html +--- rsyslog-8.2310.0/doc/configuration/modules/imfile.html.orig 2023-11-06 09:34:00.022802039 +0100 ++++ rsyslog-8.2310.0/doc/configuration/modules/imfile.html 2023-11-06 09:37:02.086613055 +0100 +@@ -293,6 +293,30 @@ rsyslog needs write permissions to work + also might require SELinux definitions (or similar for other enhanced security + systems).

    + ++ ++
    ++

    deleteStateOnFileMove

    ++
    ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++
    typedefaultmandatoryobsolete legacy directive
    binaryoffnonone
    ++

    This parameter controls if state files are deleted if their associated main file is rotated via move. Usually, this is a good idea, because otherwise state files are not deleted when log rotation occurs.

    ++ ++

    However, there is one situation where not deleting associated state file after log rotation makes sense: this is the case if a monitored file is later moved back to the same location as it was before.

    ++
    ++ + +
    +

    Input Parameters

    +@@ -1237,6 +1261,7 @@ and Others.

    +
  • sortFiles
    • +
  • PollingInterval
    • +
  • statefile.directory
    • ++
  • deleteStateOnFileMove
    • + + +
  • Input Parameters
      diff --git a/SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch b/SOURCES/rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move.patch similarity index 50% rename from SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch rename to SOURCES/rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move.patch index 161f90c..4e534d9 100644 --- a/SOURCES/rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch +++ b/SOURCES/rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move.patch @@ -1,7 +1,17 @@ -diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2102.0/plugins/imfile/imfile.c ---- rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking 2021-01-18 11:21:14.000000000 +0100 -+++ rsyslog-8.2102.0/plugins/imfile/imfile.c 2022-03-28 12:51:03.572554843 +0200 -@@ -259,6 +259,7 @@ struct modConfData_s { +From 0de0c4b274e7e33ed4a27b02d6046b62d612e29b Mon Sep 17 00:00:00 2001 +From: alakatos +Date: Tue, 24 Oct 2023 15:43:19 +0200 +Subject: [PATCH] Do not preserve statefile on file move + +--- + plugins/imfile/imfile.c | 45 ++++++++++++++++++++++++++++++----------- + 1 file changed, 33 insertions(+), 12 deletions(-) + +diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c +index 5febd6db6..8769a185f 100644 +--- a/plugins/imfile/imfile.c ++++ b/plugins/imfile/imfile.c +@@ -264,6 +264,7 @@ struct modConfData_s { Must be manually reset to 0 if desired. Helper for polling mode. */ @@ -9,7 +19,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2 }; static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */ static modConfData_t *runModConf = NULL;/* modConf ptr to use for run process */ -@@ -305,7 +306,8 @@ static struct cnfparamdescr modpdescr[] +@@ -310,7 +311,8 @@ static struct cnfparamdescr modpdescr[] = { { "sortfiles", eCmdHdlrBinary, 0 }, { "statefile.directory", eCmdHdlrString, 0 }, { "normalizepath", eCmdHdlrBinary, 0 }, @@ -19,7 +29,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2 }; static struct cnfparamblk modpblk = { CNFPARAMBLK_VERSION, -@@ -545,11 +547,20 @@ static int +@@ -551,11 +553,18 @@ static int in_setupWatch(act_obj_t *const act, const int is_file) { int wd = -1; @@ -29,77 +39,27 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2 - wd = inotify_add_watch(ino_fd, act->name, - (is_file) ? IN_MODIFY|IN_DONT_FOLLOW : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO); -+ // wd = inotify_add_watch(ino_fd, act->name, -+ // (is_file) ? IN_MODIFY|IN_DONT_FOLLOW : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO); -+ if(is_file) ++ if (is_file) + flags = IN_MODIFY|IN_DONT_FOLLOW; -+ else if(runModConf->deleteStateOnFileMove) ++ else if (runModConf->deleteStateOnFileMove) + flags = IN_CREATE|IN_DELETE|IN_MOVED_TO; + else + flags = IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO; -+ wd = inotify_add_watch(ino_fd, act->name, flags); + ++ wd = inotify_add_watch(ino_fd, act->name, flags); if(wd < 0) { if (errno == EACCES) { /* There is high probability of selinux denial on top-level paths */ DBGPRINTF("imfile: permission denied when adding watch for '%s'\n", act->name); -@@ -713,7 +724,7 @@ act_obj_add(fs_edge_t *const edge, const - char basename[MAXFNAME]; - DEFiRet; - int fd = -1; -- -+ - DBGPRINTF("act_obj_add: edge %p, name '%s' (source '%s')\n", edge, name, source? source : "---"); - for(act = edge->active ; act != NULL ; act = act->next) { - if(!strcmp(act->name, name)) { -@@ -977,9 +988,18 @@ act_obj_destroy(act_obj_t *const act, co - if(act == NULL) - return; - -- DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n", -- act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted, -- act->in_move); -+ // DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n", -+ // act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted, -+ // act->in_move); -+ if (runModConf->deleteStateOnFileMove) { -+ DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d\n", -+ act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted); -+ } else { -+ DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n", -+ act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, -+ is_deleted, act->in_move); -+ } -+ - if(act->is_symlink && is_deleted) { - act_obj_t *target_act; - for(target_act = act->edge->active ; target_act != NULL ; target_act = target_act->next) { -@@ -996,13 +1016,15 @@ act_obj_destroy(act_obj_t *const act, co - pollFile(act); /* get any left-over data */ - if(inst->bRMStateOnDel) { - statefn = getStateFileName(act, statefile, sizeof(statefile)); -- getFullStateFileName(statefn, "", toDel, sizeof(toDel)); // TODO: check! -+ // getFullStateFileName(statefn, "", toDel, sizeof(toDel)); // TODO: check! -+ getFullStateFileName(statefn, act->file_id, toDel, sizeof(toDel)); // TODO: check! - statefn = toDel; - } +@@ -1059,7 +1068,7 @@ act_obj_destroy(act_obj_t *const act, const int is_deleted) persistStrmState(act); strm.Destruct(&act->pStrm); /* we delete state file after destruct in case strm obj initiated a write */ - if(is_deleted && !act->in_move && inst->bRMStateOnDel) { -+ // if(is_deleted && !act->in_move && inst->bRMStateOnDel) { -+ if(is_deleted && inst->bRMStateOnDel && (runModConf->deleteStateOnFileMove || !act->in_move)) { ++ if(is_deleted && inst->bRMStateOnDel && (!act->in_move || runModConf->deleteStateOnFileMove)) { DBGPRINTF("act_obj_destroy: deleting state file %s\n", statefn); unlink((char*)statefn); } -@@ -1012,6 +1034,7 @@ act_obj_destroy(act_obj_t *const act, co - } - #ifdef HAVE_INOTIFY_INIT - if(act->wd != -1) { -+ inotify_rm_watch(ino_fd, act->wd); - wdmapDel(act->wd); - } - #endif -@@ -2026,6 +2049,7 @@ CODESTARTbeginCnfLoad +@@ -2090,6 +2099,7 @@ CODESTARTbeginCnfLoad loadModConf->timeoutGranularity = 1000; /* default: 1 second */ loadModConf->haveReadTimeouts = 0; /* default: no timeout */ loadModConf->normalizePath = 1; @@ -107,7 +67,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2 loadModConf->sortFiles = GLOB_NOSORT; loadModConf->stateFileDirectory = NULL; loadModConf->conf_tree = calloc(sizeof(fs_node_t), 1); -@@ -2085,6 +2109,8 @@ CODESTARTsetModCnf +@@ -2149,6 +2159,8 @@ CODESTARTsetModCnf loadModConf->stateFileDirectory = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); } else if(!strcmp(modpblk.descr[i].name, "normalizepath")) { loadModConf->normalizePath = (sbool) pvals[i].val.d.n; @@ -116,7 +76,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2 } else if(!strcmp(modpblk.descr[i].name, "mode")) { if(!es_strconstcmp(pvals[i].val.d.estr, "polling")) loadModConf->opMode = OPMODE_POLLING; -@@ -2388,16 +2414,35 @@ in_processEvent(struct inotify_event *ev +@@ -2452,16 +2464,25 @@ in_processEvent(struct inotify_event *ev) DBGPRINTF("in_processEvent process Event %x is_file %d, act->name '%s'\n", ev->mask, etry->act->edge->is_file, etry->act->name); @@ -127,17 +87,7 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2 - fs_node_walk(etry->act->edge->node, poll_tree); - } else if(etry->act->edge->is_file && !(etry->act->is_symlink)) { - in_handleFileEvent(ev, etry); // esentially poll_file()! -+ // if((ev->mask & IN_MOVED_FROM)) { -+ // flag_in_move(etry->act->edge->node->edges, ev->name); -+ // } -+ // if(ev->mask & (IN_MOVED_FROM | IN_MOVED_TO)) { -+ // fs_node_walk(etry->act->edge->node, poll_tree); -+ // } else if(etry->act->edge->is_file && !(etry->act->is_symlink)) { -+ // in_handleFileEvent(ev, etry); // esentially poll_file()! -+ // } else { -+ // fs_node_walk(etry->act->edge->node, poll_tree); -+ // } -+ if(!runModConf->deleteStateOnFileMove) { ++ if (!runModConf->deleteStateOnFileMove) { + if((ev->mask & IN_MOVED_FROM)) { + flag_in_move(etry->act->edge->node->edges, ev->name); + } @@ -160,3 +110,6 @@ diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2 done: return; } +-- +2.41.0 + diff --git a/SOURCES/rsyslog-8.2310.0-omprog-binary-path.patch b/SOURCES/rsyslog-8.2310.0-omprog-binary-path.patch new file mode 100644 index 0000000..fccef4d --- /dev/null +++ b/SOURCES/rsyslog-8.2310.0-omprog-binary-path.patch @@ -0,0 +1,41 @@ +diff -up rsyslog-8.2310.0/doc/configuration/modules/omprog.html.orig rsyslog-8.2310.0/doc/configuration/modules/omprog.html +--- rsyslog-8.2310.0/doc/configuration/modules/omprog.html.orig 2024-01-05 13:21:14.474252913 +0100 ++++ rsyslog-8.2310.0/doc/configuration/modules/omprog.html 2024-01-05 13:25:09.128562192 +0100 +@@ -144,8 +144,11 @@ passed to the external program.

      + + + +-

      Full path and command line parameters of the external program to execute.

      +-

      In legacy config, it is not possible to specify command line parameters.

      ++

      Full path and command line parameters of the external program to execute. ++ Arbitrary external programs should be placed under the /usr/libexec/rsyslog directory. ++ That is, the binaries put in this namespaced directory are meant for the consumption ++ of rsyslog, and are not intended to be executed by users. ++ In legacy config, it is not possible to specify command line parameters.

      +
    • +
    +

    confirmMessages

    +@@ -587,12 +590,12 @@ multiple processes.

    +
    +

    Example: command line arguments

    +

    In the following example, logs will be sent to a program log.sh located +-in /path/to. The program will receive the command line arguments ++in /usr/libexec/rsyslog. The program will receive the command line arguments + p1, p2 and --param3="value 3".

    + 
    module(load="omprog")
+ 
+ action(type="omprog"
+-       binary="/path/to/log.sh p1 p2 --param3=\"value 3\""
++       binary="/usr/libexec/rsyslog/log.sh p1 p2 --param3=\"value 3\""
+        template="RSYSLOG_TraditionalFileFormat")
+
    +
    +@@ -618,7 +621,7 @@ rsyslog will kill and restart it.

    + + action(type="omprog" + name="db_forward" +- binary="/usr/share/logging/db_forward.py" ++ binary="/usr/libexec/rsyslog/db_forward.py" + confirmMessages="on" + confirmTimeout="30000" + queue.type="LinkedList" diff --git a/SOURCES/rsyslog-8.2310.0-remove-state-on-file-delete.patch b/SOURCES/rsyslog-8.2310.0-remove-state-on-file-delete.patch new file mode 100644 index 0000000..3a26f4b --- /dev/null +++ b/SOURCES/rsyslog-8.2310.0-remove-state-on-file-delete.patch @@ -0,0 +1,11 @@ +diff -up rsyslog-8.2310.0/plugins/imfile/imfile.c.orig rsyslog-8.2310.0/plugins/imfile/imfile.c +--- rsyslog-8.2310.0/plugins/imfile/imfile.c.orig 2023-11-03 12:19:39.179103408 +0100 ++++ rsyslog-8.2310.0/plugins/imfile/imfile.c 2023-11-03 12:19:54.228237199 +0100 +@@ -1162,6 +1162,7 @@ fs_node_destroy(fs_node_t *const node) + DBGPRINTF("node destroy: %p edges:\n", node); + + for(edge = node->edges ; edge != NULL ; ) { ++ detect_updates(edge); + fs_node_destroy(edge->node); + fs_edge_t *const toDel = edge; + edge = edge->next; diff --git a/SOURCES/rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch b/SOURCES/rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch deleted file mode 100644 index e3b1453..0000000 --- a/SOURCES/rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up rsyslog-8.37.0/plugins/imptcp/imptcp.c.orig rsyslog-8.37.0/plugins/imptcp/imptcp.c ---- rsyslog-8.37.0/plugins/imptcp/imptcp.c.orig 2022-05-09 12:22:59.050623119 +0200 -+++ rsyslog-8.37.0/plugins/imptcp/imptcp.c 2022-05-09 12:34:39.979854853 +0200 -@@ -1032,7 +1032,10 @@ processDataRcvd(ptcpsess_t *const __rest - if(pThis->iOctetsRemain <= 200000000) { - pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0'; - } -- *(pThis->pMsg + pThis->iMsg++) = c; -+ // *(pThis->pMsg + pThis->iMsg++) = c; -+ if(pThis->iMsg < iMaxLine) { -+ *(pThis->pMsg + pThis->iMsg++) = c; -+ } - } else { /* done with the octet count, so this must be the SP terminator */ - DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain); - prop.GetString(pThis->peerName, &propPeerName, &lenPeerName); -diff -up rsyslog-8.37.0/runtime/tcps_sess.c.orig rsyslog-8.37.0/runtime/tcps_sess.c ---- rsyslog-8.37.0/runtime/tcps_sess.c.orig 2022-05-09 12:23:12.789627661 +0200 -+++ rsyslog-8.37.0/runtime/tcps_sess.c 2022-05-09 12:36:51.426898549 +0200 -@@ -389,7 +389,10 @@ processDataRcvd(tcps_sess_t *pThis, - if(pThis->iOctetsRemain <= 200000000) { - pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0'; - } -- *(pThis->pMsg + pThis->iMsg++) = c; -+ // *(pThis->pMsg + pThis->iMsg++) = c; -+ if(pThis->iMsg < iMaxLine) { -+ *(pThis->pMsg + pThis->iMsg++) = c; -+ } - } else { /* done with the octet count, so this must be the SP terminator */ - DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain); - prop.GetString(pThis->fromHost, &propPeerName, &lenPeerName); diff --git a/SOURCES/rsyslog.conf b/SOURCES/rsyslog.conf index 368399f..93ef732 100644 --- a/SOURCES/rsyslog.conf +++ b/SOURCES/rsyslog.conf @@ -19,6 +19,7 @@ module(load="imuxsock" # provides support for local system logging (e.g. via # local messages are retrieved through imjournal now. module(load="imjournal" # provides access to the systemd journal UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from + FileCreateMode="0644" # Set the access permissions for the state file StateFile="imjournal.state") # File to store the position in the journal #module(load="imklog") # reads kernel messages (the same are read from journald) #module(load="immark") # provides --MARK-- message capability diff --git a/SPECS/rsyslog.spec b/SPECS/rsyslog.spec index d762952..d09e5d4 100644 --- a/SPECS/rsyslog.spec +++ b/SPECS/rsyslog.spec @@ -4,8 +4,8 @@ Summary: Enhanced system logging and kernel message trapping daemon Name: rsyslog -Version: 8.2102.0 -Release: 117%{?dist} +Version: 8.2310.0 +Release: 4%{?dist} License: (GPLv3+ and ASL 2.0) URL: http://www.rsyslog.com/ Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz @@ -18,38 +18,12 @@ Source5: rsyslog.service # separatae sub-package with it statically linked(see rhbz#1713427) Source6: qpid-proton-0.39.0.tar.gz -Patch0: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch -Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch -Patch2: rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch -Patch3: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch -Patch4: rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch -Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch -Patch6: rsyslog-8.2102.0-rhbz1938863-covscan.patch -Patch7: rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch -Patch8: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch -Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch -Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch -Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch -Patch13: rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch -Patch14: rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch -Patch15: rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch -Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch -Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch -Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch -Patch19: rsyslog-8.2102.0-capabilities-capnetraw.patch -Patch20: rsyslog-8.2102.0-rhbz2157804-cstrlen.patch -Patch21: rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch -Patch22: rsyslog-8.2102.0-rhbz2192955-es-0.patch -Patch23: rsyslog-8.2102.0-rhbz2192955-es-1.patch -Patch24: rsyslog-8.2102.0-rhbz2192955-es-2.patch -Patch25: rsyslog-8.2102.0-rhbz2192955-es-3.patch -Patch26: rsyslog-8.2102.0-rhbz2192955-es-4.patch -Patch27: rsyslog-8.2102.0-rhbz2192955-es-5.patch -Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch -Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch -Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch -Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch -Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch +Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch +Patch2: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch +Patch3: rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move.patch +Patch4: rsyslog-8.2310.0-do-not-preserve-statefile-on-file-move-doc.patch +Patch5: rsyslog-8.2310.0-remove-state-on-file-delete.patch +Patch6: rsyslog-8.2310.0-omprog-binary-path.patch BuildRequires: make BuildRequires: gcc @@ -70,7 +44,7 @@ BuildRequires: systemd-devel >= 204-8 BuildRequires: zlib-devel BuildRequires: libcap-ng-devel -Conflicts: selinux-policy < 38.1.3-1 +Conflicts: selinux-policy < 38.1.29-1 Recommends: %{name}-logrotate = %version-%release Requires: bash >= 2.0 @@ -278,7 +252,6 @@ container metadata. %prep # set up rsyslog-doc sources %setup -q -a 1 -T -c -%patch0 -p1 rm -r LICENSE README.md source build/objects.inv mv build doc @@ -287,37 +260,12 @@ mv build doc # Unpack qpid-proton for rhel %setup -q -D -T -b 6 -%patch1 -p1 -b .default-tag -%patch2 -p1 -b .fd-leak-on-fsync -%patch3 -p1 -b .timeout -%patch4 -p1 -b .imuxsock-rate-limit -%patch5 -p1 -b .abort-on-id-resolution-fail -%patch6 -p1 -b .covscan -%patch7 -p1 -b .prioritize-SAN -%patch8 -p1 -b .errfile-maxsize -%patch10 -p1 -b .statefile-fix -%patch11 -p1 -%patch12 -p1 -b .gnutls-broken-connection -%patch13 -p1 -b .CVE -%patch14 -p1 -b .extra-ca-files -%patch15 -p1 -b .extra-ca-files-doc -%patch16 -p1 -b .libcap-ng -%patch17 -p1 -b .imklog-leak -%patch18 -p1 -b .capabilities-drop-credential -%patch19 -p1 -b .capabilities-capnetraw -%patch20 -p1 -b .cstrlen -%patch21 -p1 -b .journalCOMM -%patch22 -p1 -b .es0 -%patch23 -p1 -b .es1 -%patch24 -p1 -b .es2 -%patch25 -p1 -b .es3 -%patch26 -p1 -b .es4 -%patch27 -p1 -b .es5 -%patch28 -p1 -b .es6 -%patch29 -p1 -b .es-doc -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 3 -p1 +%patch -P 4 -p1 +%patch -P 5 -p1 +%patch -P 6 -p1 %build # Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags @@ -422,6 +370,7 @@ install -d -m 755 %{buildroot}%{_sysconfdir}/rsyslog.d install -d -m 700 %{buildroot}%{rsyslog_statedir} install -d -m 700 %{buildroot}%{rsyslog_pkidir} install -d -m 755 %{buildroot}%{rsyslog_docdir}/html +install -d -m 755 %{buildroot}%{_libexecdir}/%{name} install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rsyslog.conf install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog @@ -466,6 +415,7 @@ done %dir %{_sysconfdir}/rsyslog.d %dir %{rsyslog_statedir} %dir %{rsyslog_pkidir} +%dir %{_libexecdir}/%{name} %{_sbindir}/rsyslogd %{_mandir}/man5/rsyslog.conf.5.gz %{_mandir}/man8/rsyslogd.8.gz @@ -579,6 +529,24 @@ done %changelog +* Tue Dec 12 2023 Attila Lakatos - 8.2310.0-4 +- new directory for arbitrary external programs needed by omprog module + Resolves: RHEL-8676 + +* Mon Nov 06 2023 Attila Lakatos - 8.2310.0-3 +- Rebase to 8.2310.0 + Resolves: RHEL-5196 +- Allow setting certificates for separate connections + Resolves: RHEL-937 +- Capability dropping feature can be turned off + Resolves: RHEL-943 +- imjournal: new module parameter filecreatemode + Resolves: RHEL-949 + +* Wed Sep 06 2023 Patrik Koncity - 8.2102.0-118 +- Add rsyslog CI for new MR in c9s + Resolves: RHEL-608 + * Fri Jul 28 2023 Attila Lakatos - 8.2102.0-117 - Add back CAP_NET_RAW capability due to omudpspoof resolves: rhbz#2216919