From a48971ac9763864497de10b8cdc223976cc310bc Mon Sep 17 00:00:00 2001
From: Tomas Heinrich <theinric@redhat.com>
Date: Wed, 8 Jan 2014 16:27:34 +0100
Subject: [PATCH] Add a patch to remove references to Google ads in the html
 docs

Resolves: #1030044
---
 rsyslog-7.4.7-bz1030044-remove-ads.patch | 236 +++++++++++++++++++++++
 rsyslog.spec                             |   5 +
 2 files changed, 241 insertions(+)
 create mode 100644 rsyslog-7.4.7-bz1030044-remove-ads.patch

diff --git a/rsyslog-7.4.7-bz1030044-remove-ads.patch b/rsyslog-7.4.7-bz1030044-remove-ads.patch
new file mode 100644
index 0000000..cdbcf0e
--- /dev/null
+++ b/rsyslog-7.4.7-bz1030044-remove-ads.patch
@@ -0,0 +1,236 @@
+From 79e4e43bcadb0fb520240c655f529874f305f786 Mon Sep 17 00:00:00 2001
+From: Tomas Heinrich <theinric@redhat.com>
+Date: Thu, 14 Nov 2013 15:14:08 +0100
+Subject: [PATCH] Remove references to Google ads from html documentation
+
+---
+ doc/rsyslog_secure_tls.html | 13 -------------
+ doc/tls_cert_ca.html        | 13 -------------
+ doc/tls_cert_client.html    | 13 -------------
+ doc/tls_cert_errmsgs.html   | 13 -------------
+ doc/tls_cert_machine.html   | 13 -------------
+ doc/tls_cert_scenario.html  | 13 -------------
+ doc/tls_cert_server.html    | 13 -------------
+ doc/tls_cert_summary.html   | 13 -------------
+ doc/tls_cert_udp_relay.html | 13 -------------
+ 9 files changed, 117 deletions(-)
+
+diff --git a/doc/rsyslog_secure_tls.html b/doc/rsyslog_secure_tls.html
+index b15e5a4..0bef2b3 100644
+--- a/doc/rsyslog_secure_tls.html
++++ b/doc/rsyslog_secure_tls.html
+@@ -38,19 +38,6 @@ below. Do not blame us if it doesn't provide what you need ;)</p>
+ </ul>
+ <p>Our secrity goals are achived via public/private key security. As such, it is 
+ vital that private keys are well protected and not accessible to third parties. 
+-<span style="float: left">
+-<script type="text/javascript"><!--
+-google_ad_client = "pub-3204610807458280";
+-/* rsyslog doc inline */
+-google_ad_slot = "5958614527";
+-google_ad_width = 125;
+-google_ad_height = 125;
+-//-->
+-</script>
+-<script type="text/javascript"
+-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+-</script>
+-</span>
+ If private keys have become known to third parties, the system does not provide 
+ any security at all. Also, our solution bases on X.509 certificates and a (very 
+ limited) chain of trust. We have one instance (the CA) that issues all machine 
+diff --git a/doc/tls_cert_ca.html b/doc/tls_cert_ca.html
+index 2cae404..f366462 100644
+--- a/doc/tls_cert_ca.html
++++ b/doc/tls_cert_ca.html
+@@ -23,19 +23,6 @@ Gerhards</a> (2008-06-17)</i></small></p>
+ maintained by a trustworthy person (or group) and approves the indentities of 
+ all machines. It does so by issuing their certificates. In a small setup, the 
+ administrator can provide the CA function. What is important is the the CA's 
+-<span style="float: left">
+-<script type="text/javascript"><!--
+-google_ad_client = "pub-3204610807458280";
+-/* rsyslog doc inline */
+-google_ad_slot = "5958614527";
+-google_ad_width = 125;
+-google_ad_height = 125;
+-//-->
+-</script>
+-<script type="text/javascript"
+-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+-</script>
+-</span>
+ private key is well-protocted and machine certificates are only issued if it is 
+ know they are valid (in a single-admin case that means the admin should not 
+ issue certificates to anyone else except himself).</p>
+diff --git a/doc/tls_cert_client.html b/doc/tls_cert_client.html
+index dbe7961..53596fc 100644
+--- a/doc/tls_cert_client.html
++++ b/doc/tls_cert_client.html
+@@ -25,19 +25,6 @@ example, that meanst turng.example.net). The client check's the server's identit
+ talks to it only if it is the expected server. This is a very important step.
+ Without it, you would not detect man-in-the-middle attacks or simple malicious servers
+ who try to get hold of your valuable log data.
+-<span style="float: left">
+-<script type="text/javascript"><!--
+-google_ad_client = "pub-3204610807458280";
+-/* rsyslog doc inline */
+-google_ad_slot = "5958614527";
+-google_ad_width = 125;
+-google_ad_height = 125;
+-//-->
+-</script>
+-<script type="text/javascript"
+-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+-</script>
+-</span>
+ <p><center><img src="tls_cert_100.jpg"></center>
+ <p>Steps to do:
+ <ul>
+diff --git a/doc/tls_cert_errmsgs.html b/doc/tls_cert_errmsgs.html
+index d002174..2943efc 100644
+--- a/doc/tls_cert_errmsgs.html
++++ b/doc/tls_cert_errmsgs.html
+@@ -21,19 +21,6 @@ Gerhards</a> (2008-06-17)</i></small></p>
+ 
+ <h3>Error Messages</h3>
+ <p>This page covers error message you may see when setting up
+-<span style="float: left">
+-<script type="text/javascript"><!--
+-google_ad_client = "pub-3204610807458280";
+-/* rsyslog doc inline */
+-google_ad_slot = "5958614527";
+-google_ad_width = 125;
+-google_ad_height = 125;
+-//-->
+-</script>
+-<script type="text/javascript"
+-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+-</script>
+-</span>
+ <a href="http://www.rsyslog.com">rsyslog</a> with TLS. Please note that many
+ of the message stem back to the TLS library being used. In those cases, there is
+ not always a good explanation available in rsyslog alone.
+diff --git a/doc/tls_cert_machine.html b/doc/tls_cert_machine.html
+index 095e15c..fe2ee90 100644
+--- a/doc/tls_cert_machine.html
++++ b/doc/tls_cert_machine.html
+@@ -22,19 +22,6 @@ Gerhards</a> (2008-06-18)</i></small></p>
+ <p>In this step, we generate certificates for each of the machines. Please note
+ that both clients and servers need certificates. The certificate identifies each
+ machine to the remote peer. The DNSName specified inside the certificate can
+-<span style="float: left">
+-<script type="text/javascript"><!--
+-google_ad_client = "pub-3204610807458280";
+-/* rsyslog doc inline */
+-google_ad_slot = "5958614527";
+-google_ad_width = 125;
+-google_ad_height = 125;
+-//-->
+-</script>
+-<script type="text/javascript"
+-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+-</script>
+-</span>
+ be specified inside the $&lt;object&gt;PermittedPeer config statements.
+ <p>For now, we assume that a single person (or group) is responsible for the whole
+ rsyslog system and thus it is OK if that single person is in posession of all
+diff --git a/doc/tls_cert_scenario.html b/doc/tls_cert_scenario.html
+index 7973532..88c7657 100644
+--- a/doc/tls_cert_scenario.html
++++ b/doc/tls_cert_scenario.html
+@@ -21,19 +21,6 @@ Gerhards</a> (2008-06-17)</i></small></p>
+ 
+ <h3>Sample Scenario</h3>
+ <p>We have a quite simple scenario. There is one central syslog server, 
+-<span style="float: left">
+-<script type="text/javascript"><!--
+-google_ad_client = "pub-3204610807458280";
+-/* rsyslog doc inline */
+-google_ad_slot = "5958614527";
+-google_ad_width = 125;
+-google_ad_height = 125;
+-//-->
+-</script>
+-<script type="text/javascript"
+-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+-</script>
+-</span>
+ named central.example.net. These server is being reported to by two Linux 
+ machines with name zuse.example.net and turing.example.net. Also, there is a 
+ third client - ada.example.net - which send both its own messages to the central 
+diff --git a/doc/tls_cert_server.html b/doc/tls_cert_server.html
+index 9c024bc..b784be1 100644
+--- a/doc/tls_cert_server.html
++++ b/doc/tls_cert_server.html
+@@ -23,19 +23,6 @@ Gerhards</a> (2008-06-18)</i></small></p>
+ via TLS protected plain tcp based syslog from those peers that are explicitely permitted
+ to send to it. The picture below show our configuration. This step configures
+ the server central.example.net.
+-<span style="float: left">
+-<script type="text/javascript"><!--
+-google_ad_client = "pub-3204610807458280";
+-/* rsyslog doc inline */
+-google_ad_slot = "5958614527";
+-google_ad_width = 125;
+-google_ad_height = 125;
+-//-->
+-</script>
+-<script type="text/javascript"
+-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+-</script>
+-</span>
+ <p><center><img src="tls_cert_100.jpg"></center>
+ <p><i><font color="red"><b>Important:</b> Keep in mind that the order of configuration directives
+ is very important in rsyslog. As such, the samples given below do only work if the given
+diff --git a/doc/tls_cert_summary.html b/doc/tls_cert_summary.html
+index 8e003bc..95844a8 100644
+--- a/doc/tls_cert_summary.html
++++ b/doc/tls_cert_summary.html
+@@ -20,19 +20,6 @@ Gerhards</a> (2008-07-03)</i></small></p>
+ 
+ <h3>Summary</h3>
+ <p>If you followed the steps outlined in this documentation set, you now have
+-<span style="float: left">
+-<script type="text/javascript"><!--
+-google_ad_client = "pub-3204610807458280";
+-/* rsyslog doc inline */
+-google_ad_slot = "5958614527";
+-google_ad_width = 125;
+-google_ad_height = 125;
+-//-->
+-</script>
+-<script type="text/javascript"
+-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+-</script>
+-</span>
+ a reasonable (for most needs) secure setup for the following environment:
+ <center><img src="tls_cert_100.jpg"></center>
+ <p>You have learned about the security decisions involved and which we
+diff --git a/doc/tls_cert_udp_relay.html b/doc/tls_cert_udp_relay.html
+index f4740ce..d44689c 100644
+--- a/doc/tls_cert_udp_relay.html
++++ b/doc/tls_cert_udp_relay.html
+@@ -26,19 +26,6 @@ directly to it, because we would like to have TLS protection for its sensitve
+ logs. If the router and the syslog relay are on a sufficiently secure private
+ network, this setup can be considered reasonable secure. In any case, it is the
+ best alternative among the possible configuration scenarios.
+-<span style="float: left">
+-<script type="text/javascript"><!--
+-google_ad_client = "pub-3204610807458280";
+-/* rsyslog doc inline */
+-google_ad_slot = "5958614527";
+-google_ad_width = 125;
+-google_ad_height = 125;
+-//-->
+-</script>
+-<script type="text/javascript"
+-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+-</script>
+-</span>
+ <p><center><img src="tls_cert_100.jpg"></center>
+ <p>Steps to do:
+ <ul>
+-- 
+1.8.4.3
+
diff --git a/rsyslog.spec b/rsyslog.spec
index b639c9a..a1e1ede 100644
--- a/rsyslog.spec
+++ b/rsyslog.spec
@@ -28,6 +28,7 @@ Patch1: rsyslog-7.2.2-manpage-dbg-mode.patch
 Patch2: rsyslog-7.2.1-msg_c_nonoverwrite_merge.patch
 # merged upstream
 Patch3: rsyslog-7.3.15-imuxsock-warning.patch
+Patch4: rsyslog-7.4.7-bz1030044-remove-ads.patch
 
 BuildRequires: bison
 BuildRequires: flex
@@ -246,6 +247,7 @@ of source ports.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 %ifarch sparc64
@@ -478,6 +480,9 @@ done
 - install the rsyslog-recover-qi.pl tool
 - fix a typo in a package description
 - add missing defattr directives
+- add a patch to remove references to Google ads in the html docs
+  rsyslog-7.4.7-bz1030044-remove-ads.patch
+  Resolves: #1030044
 
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.4.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild