From adf122f84023e7c2e6a55ea09c09cd2e36fdb328 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 7 Nov 2023 12:02:57 +0000 Subject: [PATCH] import UBI rsyslog-8.2102.0-117.el9 --- .gitignore | 2 +- .rsyslog.metadata | 2 +- SOURCES/openssl3-compatibility.patch | 83 ---------- ...og-8.2102.0-libcapng-no-cap-support2.patch | 4 +- ...og-8.2102.0-rhbz2129015-journal-COMM.patch | 12 ++ ...rsyslog-8.2102.0-rhbz2157804-cstrlen.patch | 72 +++++++++ .../rsyslog-8.2102.0-rhbz2192955-es-0.patch | 37 +++++ .../rsyslog-8.2102.0-rhbz2192955-es-1.patch | 54 +++++++ .../rsyslog-8.2102.0-rhbz2192955-es-2.patch | 43 +++++ .../rsyslog-8.2102.0-rhbz2192955-es-3.patch | 148 ++++++++++++++++++ .../rsyslog-8.2102.0-rhbz2192955-es-4.patch | 118 ++++++++++++++ .../rsyslog-8.2102.0-rhbz2192955-es-5.patch | 40 +++++ .../rsyslog-8.2102.0-rhbz2192955-es-6.patch | 53 +++++++ .../rsyslog-8.2102.0-rhbz2192955-es-doc.patch | 32 ++++ ....2102.0-rhbz2216919-libcapng-default.patch | 109 +++++++++++++ ...2102.0-rhbz2216919-libcapng-no-drop.patch} | 86 +++------- SOURCES/rsyslog.conf | 7 +- SOURCES/rsyslog.service | 14 ++ SPECS/rsyslog.spec | 73 +++++++-- 19 files changed, 817 insertions(+), 172 deletions(-) delete mode 100644 SOURCES/openssl3-compatibility.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch create mode 100644 SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch rename SOURCES/{rsyslog-8.2102.0-libcapng-no-cap-support.patch => rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch} (57%) diff --git a/.gitignore b/.gitignore index 8a200b6..91e367c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/qpid-proton-0.34.0.tar.gz +SOURCES/qpid-proton-0.39.0.tar.gz SOURCES/rsyslog-8.2102.0.tar.gz SOURCES/rsyslog-doc-8.2102.0.tar.gz diff --git a/.rsyslog.metadata b/.rsyslog.metadata index e0fc0e7..129c428 100644 --- a/.rsyslog.metadata +++ b/.rsyslog.metadata @@ -1,3 +1,3 @@ -390e5cb87a6331cf0ce451d7f6552e2c0d97f706 SOURCES/qpid-proton-0.34.0.tar.gz +e2fe5aada26415aeb1902435a8acf5ee388cb2cf SOURCES/qpid-proton-0.39.0.tar.gz fdda78ed808e7a0dca03ead9227a0a5d913a050f SOURCES/rsyslog-8.2102.0.tar.gz 9c2188d435cb5f79c1c35749003bd2a61e7f2d07 SOURCES/rsyslog-doc-8.2102.0.tar.gz diff --git a/SOURCES/openssl3-compatibility.patch b/SOURCES/openssl3-compatibility.patch deleted file mode 100644 index c86fe23..0000000 --- a/SOURCES/openssl3-compatibility.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c ---- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig 2021-06-01 09:29:27.976842727 +0200 -+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c 2021-06-01 09:31:05.232015887 +0200 -@@ -353,65 +353,6 @@ static int verify_callback(int preverify - return preverify_ok; - } - --// This was introduced in v1.1 --#if OPENSSL_VERSION_NUMBER < 0x10100000 --int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) --{ -- dh->p = p; -- dh->q = q; -- dh->g = g; -- return 1; --} --#endif -- --// this code was generated using the command: --// "openssl dhparam -C -2 2048" --static DH *get_dh2048(void) --{ -- static const unsigned char dhp_2048[]={ -- 0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81, -- 0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9, -- 0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C, -- 0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E, -- 0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2, -- 0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E, -- 0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44, -- 0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF, -- 0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE, -- 0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB, -- 0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2, -- 0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A, -- 0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF, -- 0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88, -- 0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C, -- 0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C, -- 0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9, -- 0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2, -- 0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0, -- 0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B, -- 0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0, -- 0x23,0x1C,0x09,0x33, -- }; -- static const unsigned char dhg_2048[]={ -- 0x02, -- }; -- DH *dh = DH_new(); -- BIGNUM *dhp_bn, *dhg_bn; -- -- if (dh == NULL) -- return NULL; -- dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL); -- dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL); -- if (dhp_bn == NULL || dhg_bn == NULL -- || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { -- DH_free(dh); -- BN_free(dhp_bn); -- BN_free(dhg_bn); -- return NULL; -- } -- return dh; --} -- - typedef struct { - char *id; - SSL_SESSION *session; -@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_ - domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx); - # endif - -- DH *dh = get_dh2048(); -- if (dh) { -- SSL_CTX_set_tmp_dh(domain->ctx, dh); -- DH_free(dh); -- SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE); -- } -- - return true; - } - diff --git a/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch b/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch index 0adefd1..91ef39c 100644 --- a/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch +++ b/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch @@ -1,6 +1,6 @@ diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c ---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-07-28 10:58:34.763191141 +0200 -+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-07-28 10:59:14.867276818 +0200 +--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-07-28 11:11:36.253771848 +0200 ++++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-07-28 11:11:57.628795339 +0200 @@ -1571,6 +1571,7 @@ initAll(int argc, char **argv) capabilities_t capabilities[] = { #define CAP_FIELD(code) { code, #code, 0 } diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch b/SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch new file mode 100644 index 0000000..0c18c56 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch @@ -0,0 +1,12 @@ +diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c +--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2023-05-19 10:32:32.467826852 +0200 ++++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2023-05-19 10:33:34.426902983 +0200 +@@ -452,6 +452,8 @@ readjournal(void) + /* Get message identifier, client pid and add ':' */ + if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) { + CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden)); ++ } else if (journalGetData("_COMM", &get, &length) >= 0) { ++ CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden)); + } else { + CHKmalloc(sys_iden = strdup(cs.dfltTag)); + } diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch b/SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch new file mode 100644 index 0000000..aaf5beb --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch @@ -0,0 +1,72 @@ +diff -up rsyslog-8.2102.0/parse.h.orig rsyslog-8.2102.0/parse.h +--- rsyslog-8.2102.0/parse.h.orig 2023-05-09 09:10:09.236597063 +0200 ++++ rsyslog-8.2102.0/parse.h 2023-05-09 09:10:26.913608034 +0200 +@@ -56,7 +56,7 @@ struct rsParsObject + rsObjID OID; /**< object ID */ + #endif + cstr_t *pCStr; /**< pointer to the string object we are parsing */ +- int iCurrPos; /**< current parsing position (char offset) */ ++ size_t iCurrPos; /**< current parsing position (char offset) */ + }; + typedef struct rsParsObject rsParsObj; + +diff -up rsyslog-8.2102.0/runtime/stream.c.orig rsyslog-8.2102.0/runtime/stream.c +--- rsyslog-8.2102.0/runtime/stream.c.orig 2023-05-09 09:10:34.122612508 +0200 ++++ rsyslog-8.2102.0/runtime/stream.c 2023-05-09 09:12:47.934640583 +0200 +@@ -1071,7 +1071,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t + cstr_t *thisLine = NULL; + rsRetVal readCharRet; + const time_t tCurr = pThis->readTimeout ? getTime(NULL) : 0; +- int maxMsgSize = glblGetMaxLine(); ++ size_t maxMsgSize = glblGetMaxLine(); + DEFiRet; + + do { +@@ -1132,9 +1132,9 @@ strmReadMultiLine(strm_t *pThis, cstr_t + } + + +- int currLineLen = cstrLen(thisLine); ++ size_t currLineLen = cstrLen(thisLine); + if(currLineLen > 0) { +- int len; ++ size_t len; + if((len = cstrLen(pThis->prevMsgSegment) + currLineLen) < + maxMsgSize) { + CHKiRet(cstrAppendCStr(pThis->prevMsgSegment, thisLine)); +@@ -1144,7 +1144,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t + len = 0; + } else { + len = currLineLen-(len-maxMsgSize); +- for(int z=0; zprevMsgSegment, + thisLine->pBuf[z]); + } +diff -up rsyslog-8.2102.0/runtime/stringbuf.c.orig rsyslog-8.2102.0/runtime/stringbuf.c +--- rsyslog-8.2102.0/runtime/stringbuf.c.orig 2023-05-09 09:09:37.627577446 +0200 ++++ rsyslog-8.2102.0/runtime/stringbuf.c 2023-05-09 09:09:59.061590749 +0200 +@@ -474,7 +474,7 @@ finalize_it: + * This is due to performance reasons. + */ + #ifndef NDEBUG +-int cstrLen(cstr_t *pThis) ++size_t cstrLen(cstr_t *pThis) + { + rsCHECKVALIDOBJECT(pThis, OIDrsCStr); + return(pThis->iStrLen); +diff -up rsyslog-8.2102.0/runtime/stringbuf.h.orig rsyslog-8.2102.0/runtime/stringbuf.h +--- rsyslog-8.2102.0/runtime/stringbuf.h.orig 2023-05-09 09:08:05.199520082 +0200 ++++ rsyslog-8.2102.0/runtime/stringbuf.h 2023-05-09 09:09:26.924570803 +0200 +@@ -144,9 +144,9 @@ rsRetVal cstrAppendCStr(cstr_t *pThis, c + + /* now come inline-like functions */ + #ifdef NDEBUG +-# define cstrLen(x) ((int)((x)->iStrLen)) ++# define cstrLen(x) ((size_t)((x)->iStrLen)) + #else +- int cstrLen(cstr_t *pThis); ++ size_t cstrLen(cstr_t *pThis); + #endif + #define rsCStrLen(s) cstrLen((s)) + diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch new file mode 100644 index 0000000..52dbb5e --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch @@ -0,0 +1,37 @@ +diff -up rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c +--- rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig 2023-05-11 14:14:39.778187570 +0200 ++++ rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c 2023-05-11 14:15:36.254234445 +0200 +@@ -232,7 +232,11 @@ static rsRetVal curlSetup(wrkrInstanceDa + BEGINcreateInstance + CODESTARTcreateInstance + pData->fdErrFile = -1; +- pthread_mutex_init(&pData->mutErrFile, NULL); ++ if(pthread_mutex_init(&pData->mutErrFile, NULL) != 0) { ++ LogError(errno, RS_RET_ERR, "omelasticsearch: cannot create " ++ "error file mutex, failing this action"); ++ ABORT_FINALIZE(RS_RET_ERR); ++ } + pData->caCertFile = NULL; + pData->myCertFile = NULL; + pData->myPrivKeyFile = NULL; +@@ -240,6 +244,7 @@ CODESTARTcreateInstance + pData->retryRulesetName = NULL; + pData->retryRuleset = NULL; + pData->rebindInterval = DEFAULT_REBIND_INTERVAL; ++finalize_it: + ENDcreateInstance + + BEGINcreateWrkrInstance +@@ -2165,10 +2170,12 @@ ENDfreeCnf + + BEGINdoHUP + CODESTARTdoHUP ++ pthread_mutex_lock(&pData->mutErrFile); + if(pData->fdErrFile != -1) { + close(pData->fdErrFile); + pData->fdErrFile = -1; + } ++ pthread_mutex_unlock(&pData->mutErrFile); + ENDdoHUP + + diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch new file mode 100644 index 0000000..451d554 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch @@ -0,0 +1,54 @@ +diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c +index 0808c6054e..d7d6c68e60 100644 +--- a/plugins/omelasticsearch/omelasticsearch.c ++++ b/plugins/omelasticsearch/omelasticsearch.c +@@ -116,6 +116,7 @@ typedef struct instanceConf_s { + uchar **serverBaseUrls; + int numServers; + long healthCheckTimeout; ++ long indexTimeout; + uchar *uid; + uchar *pwd; + uchar *authBuf; +@@ -187,6 +188,7 @@ static struct cnfparamdescr actpdescr[] = { + { "server", eCmdHdlrArray, 0 }, + { "serverport", eCmdHdlrInt, 0 }, + { "healthchecktimeout", eCmdHdlrInt, 0 }, ++ { "indextimeout", eCmdHdlrInt, 0 }, + { "uid", eCmdHdlrGetWord, 0 }, + { "pwd", eCmdHdlrGetWord, 0 }, + { "searchindex", eCmdHdlrGetWord, 0 }, +@@ -355,6 +357,7 @@ CODESTARTdbgPrintInstInfo + dbgprintf("\ttemplate='%s'\n", pData->tplName); + dbgprintf("\tnumServers=%d\n", pData->numServers); + dbgprintf("\thealthCheckTimeout=%lu\n", pData->healthCheckTimeout); ++ dbgprintf("\tindexTimeout=%lu\n", pData->indexTimeout); + dbgprintf("\tserverBaseUrls="); + for(i = 0 ; i < pData->numServers ; ++i) + dbgprintf("%c'%s'", i == 0 ? '[' : ' ', pData->serverBaseUrls[i]); +@@ -1768,6 +1771,8 @@ curlPostSetup(wrkrInstanceData_t *const pWrkrData) + PTR_ASSERT_SET_TYPE(pWrkrData, WRKR_DATA_TYPE_ES); + curlSetupCommon(pWrkrData, pWrkrData->curlPostHandle); + curl_easy_setopt(pWrkrData->curlPostHandle, CURLOPT_POST, 1); ++ curl_easy_setopt(pWrkrData->curlPostHandle, ++ CURLOPT_TIMEOUT_MS, pWrkrData->pData->indexTimeout); + } + + #define CONTENT_JSON "Content-Type: application/json; charset=utf-8" +@@ -1797,6 +1802,7 @@ setInstParamDefaults(instanceData *const pData) + pData->serverBaseUrls = NULL; + pData->defaultPort = 9200; + pData->healthCheckTimeout = 3500; ++ pData->indexTimeout = 0; + pData->uid = NULL; + pData->pwd = NULL; + pData->authBuf = NULL; +@@ -1865,6 +1871,8 @@ CODESTARTnewActInst + pData->defaultPort = (int) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "healthchecktimeout")) { + pData->healthCheckTimeout = (long) pvals[i].val.d.n; ++ } else if(!strcmp(actpblk.descr[i].name, "indextimeout")) { ++ pData->indexTimeout = (long) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "uid")) { + pData->uid = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(actpblk.descr[i].name, "pwd")) { diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch new file mode 100644 index 0000000..3951495 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch @@ -0,0 +1,43 @@ +diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c +index 0808c6054e..ed9359732c 100644 +--- a/plugins/omelasticsearch/omelasticsearch.c ++++ b/plugins/omelasticsearch/omelasticsearch.c +@@ -877,14 +877,6 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p + int i; + int numitems; + fjson_object *items=NULL, *jo_errors = NULL; +- int errors = 0; +- +- if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) { +- errors = fjson_object_get_boolean(jo_errors); +- if (!errors && pWrkrData->pData->retryFailures) { +- return RS_RET_OK; +- } +- } + + /*iterate over items*/ + if(!fjson_object_object_get_ex(replyRoot, "items", &items)) { +@@ -897,6 +889,15 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p + + numitems = fjson_object_array_length(items); + ++ int errors = 0; ++ if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) { ++ errors = fjson_object_get_boolean(jo_errors); ++ if (!errors && pWrkrData->pData->retryFailures) { ++ STATSCOUNTER_ADD(indexSuccess, mutIndexSuccess, numitems); ++ return RS_RET_OK; ++ } ++ } ++ + if (reqmsg) { + DBGPRINTF("omelasticsearch: Entire request %s\n", reqmsg); + } else { +@@ -1267,6 +1268,7 @@ getDataRetryFailures(context *ctx,int itemStatus,char *request,char *response, + response); + } + } ++ + need_free_omes = 0; + CHKiRet(msgAddJSON(msg, (uchar*)".omes", omes, 0, 0)); + MsgSetRuleset(msg, ctx->retryRuleset); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch new file mode 100644 index 0000000..976391e --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch @@ -0,0 +1,148 @@ +diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c +index ed9359732c..8200403eaf 100644 +--- a/plugins/omelasticsearch/omelasticsearch.c ++++ b/plugins/omelasticsearch/omelasticsearch.c +@@ -86,12 +86,14 @@ STATSCOUNTER_DEF(rebinds, mutRebinds) + static prop_t *pInputName = NULL; + + # define META_STRT "{\"index\":{\"_index\": \"" +-# define META_STRT_CREATE "{\"create\":{\"_index\": \"" ++# define META_STRT_CREATE "{\"create\":{" /* \"_index\": \" */ ++# define META_IX "\"_index\": \"" + # define META_TYPE "\",\"_type\":\"" + # define META_PIPELINE "\",\"pipeline\":\"" + # define META_PARENT "\",\"_parent\":\"" + # define META_ID "\", \"_id\":\"" + # define META_END "\"}}\n" ++# define META_END_NOQUOTE " }}\n" + + typedef enum { + ES_WRITE_INDEX, +@@ -362,8 +364,8 @@ CODESTARTdbgPrintInstInfo + dbgprintf("\tdefaultPort=%d\n", pData->defaultPort); + dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid); + dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : ""); +- dbgprintf("\tsearch index='%s'\n", pData->searchIndex); +- dbgprintf("\tsearch type='%s'\n", pData->searchType); ++ dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex); ++ dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType); + dbgprintf("\tpipeline name='%s'\n", pData->pipelineName); + dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName); + dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty); +@@ -596,8 +598,8 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls, + } + + done: +- assert(srchIndex != NULL); +- assert(srchType != NULL); ++ //assert(srchIndex != NULL); ++ //assert(srchType != NULL); + return; + } + +@@ -633,9 +635,14 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) + parent = NULL; + } else { + getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); +- r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex)); +- if(r == 0) r = es_addChar(&url, '/'); +- if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType)); ++ if(searchIndex != NULL) { ++ r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex)); ++ if(r == 0) r = es_addChar(&url, '/'); ++ if(searchType != NULL) { ++ if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType)); ++ } ++ } else ++ r = 0; + if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) { + if(r == 0) r = es_addChar(&url, separator); + if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1); +@@ -692,7 +699,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData, + uchar *pipelineName; + + getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); +- r += ustrlen((char *)message) + ustrlen(searchIndex) + ustrlen(searchType); ++ r += ustrlen((char *)message); ++ if(searchIndex != NULL) ++ r += ustrlen(searchIndex); ++ if(searchType != NULL) ++ r += ustrlen(searchType); + + if(parent != NULL) { + r += sizeof(META_PARENT)-1 + ustrlen(parent); +@@ -717,6 +728,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls) + { + int length = strlen((char *)message); + int r; ++ int endQuote = 1; + uchar *searchIndex = NULL; + uchar *searchType; + uchar *parent = NULL; +@@ -725,28 +737,43 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls) + DEFiRet; + + getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); +- if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) ++ if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) { + r = es_addBuf(&pWrkrData->batch.data, META_STRT_CREATE, sizeof(META_STRT_CREATE)-1); +- else ++ endQuote = 0; ++ } else + r = es_addBuf(&pWrkrData->batch.data, META_STRT, sizeof(META_STRT)-1); +- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex, ++ if(searchIndex != NULL) { ++ endQuote = 1; ++ if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) ++ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1); ++ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex, + ustrlen(searchIndex)); +- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1); +- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType, ++ if(searchType != NULL) { ++ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1); ++ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType, + ustrlen(searchType)); ++ } ++ } + if(parent != NULL) { ++ endQuote = 1; + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PARENT, sizeof(META_PARENT)-1); + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)parent, ustrlen(parent)); + } + if(pipelineName != NULL && (!pWrkrData->pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) { ++ endQuote = 1; + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PIPELINE, sizeof(META_PIPELINE)-1); + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)pipelineName, ustrlen(pipelineName)); + } + if(bulkId != NULL) { ++ endQuote = 1; + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_ID, sizeof(META_ID)-1); + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)bulkId, ustrlen(bulkId)); + } +- if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1); ++ if(endQuote == 0) { ++ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END_NOQUOTE, sizeof(META_END_NOQUOTE)-1); ++ } else { ++ if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1); ++ } + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)message, length); + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, "\n", sizeof("\n")-1); + if(r != 0) { +@@ -2094,6 +2121,8 @@ CODESTARTnewActInst + CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls)); + } + ++ //Only needed befor ES-Version 7.x ++ /* + if(pData->searchIndex == NULL) + pData->searchIndex = (uchar*) strdup("system"); + if(pData->searchType == NULL) +@@ -2104,6 +2133,7 @@ CODESTARTnewActInst + "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation); + ABORT_FINALIZE(RS_RET_CONFIG_ERROR); + } ++ */ + + if (pData->retryFailures) { + CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL)); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch new file mode 100644 index 0000000..e6e6b70 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch @@ -0,0 +1,118 @@ +diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c +index 8200403eaf..8b74d610df 100644 +--- a/plugins/omelasticsearch/omelasticsearch.c ++++ b/plugins/omelasticsearch/omelasticsearch.c +@@ -130,6 +130,7 @@ typedef struct instanceConf_s { + uchar *timeout; + uchar *bulkId; + uchar *errorFile; ++ int esVersion; + sbool errorOnly; + sbool interleaved; + sbool dynSrchIdx; +@@ -221,7 +222,8 @@ static struct cnfparamdescr actpdescr[] = { + { "ratelimit.interval", eCmdHdlrInt, 0 }, + { "ratelimit.burst", eCmdHdlrInt, 0 }, + { "retryruleset", eCmdHdlrString, 0 }, +- { "rebindinterval", eCmdHdlrInt, 0 } ++ { "rebindinterval", eCmdHdlrInt, 0 }, ++ { "esversion.major", eCmdHdlrPositiveInt, 0 } + }; + static struct cnfparamblk actpblk = + { CNFPARAMBLK_VERSION, +@@ -246,6 +248,7 @@ CODESTARTcreateInstance + pData->retryRulesetName = NULL; + pData->retryRuleset = NULL; + pData->rebindInterval = DEFAULT_REBIND_INTERVAL; ++ pData->esVersion = 0; + finalize_it: + ENDcreateInstance + +@@ -364,8 +367,10 @@ CODESTARTdbgPrintInstInfo + dbgprintf("\tdefaultPort=%d\n", pData->defaultPort); + dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid); + dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : ""); +- dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex); +- dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType); ++ dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ++ ? (uchar*)"(not configured)" : pData->searchIndex); ++ dbgprintf("\tsearch type='%s'\n", pData->searchType == NULL ++ ? (uchar*)"(not configured)" : pData->searchType); + dbgprintf("\tpipeline name='%s'\n", pData->pipelineName); + dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName); + dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty); +@@ -598,8 +603,6 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls, + } + + done: +- //assert(srchIndex != NULL); +- //assert(srchType != NULL); + return; + } + +@@ -700,11 +703,12 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData, + + getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); + r += ustrlen((char *)message); +- if(searchIndex != NULL) +- r += ustrlen(searchIndex); +- if(searchType != NULL) +- r += ustrlen(searchType); +- ++ if(searchIndex != NULL) { ++ r += ustrlen(searchIndex); ++ } ++ if(searchType != NULL) { ++ r += ustrlen(searchType); ++ } + if(parent != NULL) { + r += sizeof(META_PARENT)-1 + ustrlen(parent); + } +@@ -728,7 +732,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls) + { + int length = strlen((char *)message); + int r; +- int endQuote = 1; ++ int endQuote = 1; + uchar *searchIndex = NULL; + uchar *searchType; + uchar *parent = NULL; +@@ -1990,6 +1994,8 @@ CODESTARTnewActInst + pData->retryRulesetName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(actpblk.descr[i].name, "rebindinterval")) { + pData->rebindInterval = (int) pvals[i].val.d.n; ++ } else if(!strcmp(actpblk.descr[i].name, "esversion.major")) { ++ pData->esVersion = pvals[i].val.d.n; + } else { + LogError(0, RS_RET_INTERNAL_ERROR, "omelasticsearch: program error, " + "non-handled param '%s'", actpblk.descr[i].name); +@@ -2121,19 +2127,18 @@ CODESTARTnewActInst + CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls)); + } + +- //Only needed befor ES-Version 7.x +- /* +- if(pData->searchIndex == NULL) +- pData->searchIndex = (uchar*) strdup("system"); +- if(pData->searchType == NULL) +- pData->searchType = (uchar*) strdup("events"); ++ if(pData->esVersion < 8) { ++ if(pData->searchIndex == NULL) ++ pData->searchIndex = (uchar*) strdup("system"); ++ if(pData->searchType == NULL) ++ pData->searchType = (uchar*) strdup("events"); + +- if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) { +- LogError(0, RS_RET_CONFIG_ERROR, +- "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation); +- ABORT_FINALIZE(RS_RET_CONFIG_ERROR); ++ if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) { ++ LogError(0, RS_RET_CONFIG_ERROR, ++ "omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation); ++ ABORT_FINALIZE(RS_RET_CONFIG_ERROR); ++ } + } +- */ + + if (pData->retryFailures) { + CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL)); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch new file mode 100644 index 0000000..c9a2cb3 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch @@ -0,0 +1,40 @@ +diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c +index 76d5081d3b..f481ec3f7e 100644 +--- a/plugins/omelasticsearch/omelasticsearch.c ++++ b/plugins/omelasticsearch/omelasticsearch.c +@@ -620,6 +620,8 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) + uchar *parent; + uchar *bulkId; + char* baseUrl; ++ /* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */ ++ uchar* actualSearchType = (uchar*)"_doc"; + es_str_t *url; + int r; + DEFiRet; +@@ -645,11 +647,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) + if(searchIndex != NULL) { + r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex)); + if(r == 0) r = es_addChar(&url, '/'); +- if(searchType != NULL) { +- if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType)); +- } +- } else +- r = 0; ++ ++ if(searchType != NULL) { ++ actualSearchType = searchType; ++ } ++ if(r == 0) r = es_addChar(&url, '/'); ++ if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType)); + if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) { + if(r == 0) r = es_addChar(&url, separator); + if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1); +@@ -693,7 +696,7 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData, + const uchar *const message, + uchar **const tpls) + { +- size_t r = sizeof(META_TYPE)-1 + sizeof(META_END)-1 + sizeof("\n")-1; ++ size_t r = sizeof(META_END)-1 + sizeof("\n")-1; + if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) + r += sizeof(META_STRT_CREATE)-1; + else diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch new file mode 100644 index 0000000..ca79d57 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch @@ -0,0 +1,53 @@ +diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c +index f481ec3f7e..b297a9274f 100644 +--- a/plugins/omelasticsearch/omelasticsearch.c ++++ b/plugins/omelasticsearch/omelasticsearch.c +@@ -623,7 +623,7 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) + /* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */ + uchar* actualSearchType = (uchar*)"_doc"; + es_str_t *url; +- int r; ++ int r = 0; + DEFiRet; + instanceData *const pData = pWrkrData->pData; + char separator; +@@ -646,13 +646,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls) + getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName); + if(searchIndex != NULL) { + r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex)); ++ if(searchType != NULL && searchType[0] != '\0') { ++ actualSearchType = searchType; ++ } + if(r == 0) r = es_addChar(&url, '/'); +- +- if(searchType != NULL) { +- actualSearchType = searchType; ++ if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType)); + } +- if(r == 0) r = es_addChar(&url, '/'); +- if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType)); + if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) { + if(r == 0) r = es_addChar(&url, separator); + if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1); +@@ -714,7 +713,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData, + r += ustrlen(searchIndex); + } + if(searchType != NULL) { +- r += ustrlen(searchType); ++ if(searchType[0] == '\0') { ++ r += 4; // "_doc" ++ } else { ++ r += ustrlen(searchType); ++ } + } + if(parent != NULL) { + r += sizeof(META_PARENT)-1 + ustrlen(parent); +@@ -759,7 +762,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls) + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1); + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex, + ustrlen(searchIndex)); +- if(searchType != NULL) { ++ if(searchType != NULL && searchType[0] != '\0') { + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1); + if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType, + ustrlen(searchType)); diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch new file mode 100644 index 0000000..c5bb718 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch @@ -0,0 +1,32 @@ +diff -up rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html +--- rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig 2023-05-11 15:56:24.308601241 +0200 ++++ rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html 2023-05-11 15:57:11.000662477 +0200 +@@ -156,6 +156,28 @@ this timeframe. Defaults to 3500.

+

Note, the health check is verifying connectivity only, not the state of + the Elasticsearch cluster.

+ ++ ++
++

esVersion.major

++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++
typedefaultmandatoryobsolete legacy directive
integer0nonone
++

ElasticSearch is notoriously bad at maintaining backwards compatibility. For this reason, the setting can be used to configure the server’s major version number (e.g. 7, 8, …). As far as we know breaking changes only happen with major version changes. As of now, only value 8 triggers API changes. All other values select pre-version-8 API usage.

++
++ +
+

searchIndex

+ diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch b/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch new file mode 100644 index 0000000..8ddb5f4 --- /dev/null +++ b/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch @@ -0,0 +1,109 @@ +diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c +--- rsyslog-8.2102.0/runtime/glbl.c.orig 2023-06-27 08:20:45.265387162 +0200 ++++ rsyslog-8.2102.0/runtime/glbl.c 2023-06-27 08:20:45.262387154 +0200 +@@ -230,7 +230,8 @@ static struct cnfparamdescr cnfparamdesc + { "reverselookup.cache.ttl.enable", eCmdHdlrBinary, 0 }, + { "shutdown.queue.doublesize", eCmdHdlrBinary, 0 }, + { "debug.files", eCmdHdlrArray, 0 }, +- { "debug.whitelist", eCmdHdlrBinary, 0 } ++ { "debug.whitelist", eCmdHdlrBinary, 0 }, ++ { "libcapng.default", eCmdHdlrBinary, 0 } + }; + static struct cnfparamblk paramblk = + { CNFPARAMBLK_VERSION, +@@ -1315,6 +1316,13 @@ glblDoneLoadCnf(void) + if(!strcmp(paramblk.descr[i].name, "workdirectory")) { + cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL); + setWorkDir(NULL, cstr); ++ } else if(!strcmp(paramblk.descr[i].name, "libcapng.default")) { ++#ifdef ENABLE_LIBCAPNG ++ loadConf->globals.bAbortOnFailedLibcapngSetup = (int) cnfparamvals[i].val.d.n; ++#else ++ LogError(0, RS_RET_ERR, "rsyslog wasn't " ++ "compiled with libcap-ng support."); ++#endif + } else if(!strcmp(paramblk.descr[i].name, "variables.casesensitive")) { + const int val = (int) cnfparamvals[i].val.d.n; + fjson_global_do_case_sensitive_comparison(val); +diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c +--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-06-27 08:20:45.265387162 +0200 ++++ rsyslog-8.2102.0/runtime/rsconf.c 2023-06-27 08:20:45.264387159 +0200 +@@ -146,6 +146,9 @@ int rsconfNeedDropPriv(rsconf_t *const c + + static void cnfSetDefaults(rsconf_t *pThis) + { ++#ifdef ENABLE_LIBCAPNG ++ pThis->globals.bAbortOnFailedLibcapngSetup = 1; ++#endif + pThis->globals.bAbortOnUncleanConfig = 0; + pThis->globals.bReduceRepeatMsgs = 0; + pThis->globals.bDebugPrintTemplateList = 1; +diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h +--- rsyslog-8.2102.0/runtime/rsconf.h.orig 2023-06-27 08:20:45.265387162 +0200 ++++ rsyslog-8.2102.0/runtime/rsconf.h 2023-06-27 08:20:45.260387149 +0200 +@@ -61,6 +61,9 @@ struct queuecnf_s { + * be re-set as often as the user likes). + */ + struct globals_s { ++#ifdef ENABLE_LIBCAPNG ++ int bAbortOnFailedLibcapngSetup; ++#endif + int bDebugPrintTemplateList; + int bDebugPrintModuleList; + int bDebugPrintCfSysLineHandlerList; +diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c +--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-06-27 08:20:45.245387109 +0200 ++++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-06-27 08:31:35.250120215 +0200 +@@ -2151,7 +2151,7 @@ main(int argc, char **argv) + /* + * Drop capabilities to the necessary set + */ +- int capng_rc; ++ int capng_rc, capng_failed = 0; + capng_clear(CAPNG_SELECT_BOTH); + + if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, +@@ -2161,10 +2161,9 @@ main(int argc, char **argv) + CAP_LEASE, + CAP_NET_ADMIN, + CAP_NET_BIND_SERVICE, ++ CAP_DAC_OVERRIDE, + CAP_SETGID, + CAP_SETUID, +- CAP_DAC_OVERRIDE, +- CAP_NET_RAW, + CAP_SYS_ADMIN, + CAP_SYS_CHROOT, + CAP_SYS_RESOURCE, +@@ -2173,17 +2172,25 @@ main(int argc, char **argv) + )) != 0) { + LogError(0, RS_RET_LIBCAPNG_ERR, + "could not update the internal posix capabilities settings " +- "based on the options passed to it, capng_updatev=%d\n", capng_rc); +- exit(-1); ++ "based on the options passed to it, capng_updatev=%d", capng_rc); ++ capng_failed = 1; + } + + if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) { + LogError(0, RS_RET_LIBCAPNG_ERR, +- "could not transfer the specified internal posix capabilities " +- "settings to the kernel, capng_apply=%d\n", capng_rc); +- exit(-1); ++ "could not transfer the specified internal posix capabilities " ++ "settings to the kernel, capng_apply=%d", capng_rc); ++ capng_failed = 1; ++ } ++ ++ if (capng_failed) { ++ DBGPRINTF("Capabilities were not dropped successfully.\n"); ++ if (loadConf->globals.bAbortOnFailedLibcapngSetup) { ++ exit(RS_RET_LIBCAPNG_ERR); ++ } ++ } else { ++ DBGPRINTF("Capabilities were dropped successfully\n"); + } +- DBGPRINTF("Capabilities were dropped successfully\n"); + #endif + + initAll(argc, argv); diff --git a/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support.patch b/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch similarity index 57% rename from SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support.patch rename to SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch index d7693ad..27361d7 100644 --- a/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support.patch +++ b/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch @@ -1,64 +1,11 @@ -diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c ---- rsyslog-8.2102.0/runtime/glbl.c.orig 2023-07-14 09:32:51.781256794 +0200 -+++ rsyslog-8.2102.0/runtime/glbl.c 2023-07-14 09:34:34.061315870 +0200 -@@ -230,7 +230,8 @@ static struct cnfparamdescr cnfparamdesc - { "reverselookup.cache.ttl.enable", eCmdHdlrBinary, 0 }, - { "shutdown.queue.doublesize", eCmdHdlrBinary, 0 }, - { "debug.files", eCmdHdlrArray, 0 }, -- { "debug.whitelist", eCmdHdlrBinary, 0 } -+ { "debug.whitelist", eCmdHdlrBinary, 0 }, -+ { "libcapng.default", eCmdHdlrBinary, 0 } - }; - static struct cnfparamblk paramblk = - { CNFPARAMBLK_VERSION, -@@ -1315,6 +1316,13 @@ glblDoneLoadCnf(void) - if(!strcmp(paramblk.descr[i].name, "workdirectory")) { - cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL); - setWorkDir(NULL, cstr); -+ } else if(!strcmp(paramblk.descr[i].name, "libcapng.default")) { -+#ifdef ENABLE_LIBCAPNG -+ loadConf->globals.bAbortOnFailedLibcapngSetup = (int) cnfparamvals[i].val.d.n; -+#else -+ LogError(0, RS_RET_ERR, "rsyslog wasn't " -+ "compiled with libcap-ng support."); -+#endif - } else if(!strcmp(paramblk.descr[i].name, "variables.casesensitive")) { - const int val = (int) cnfparamvals[i].val.d.n; - fjson_global_do_case_sensitive_comparison(val); -diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c ---- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-07-14 09:32:56.923259764 +0200 -+++ rsyslog-8.2102.0/runtime/rsconf.c 2023-07-14 09:34:47.722323759 +0200 -@@ -146,6 +146,9 @@ int rsconfNeedDropPriv(rsconf_t *const c - - static void cnfSetDefaults(rsconf_t *pThis) - { -+#ifdef ENABLE_LIBCAPNG -+ pThis->globals.bAbortOnFailedLibcapngSetup = 1; -+#endif - pThis->globals.bAbortOnUncleanConfig = 0; - pThis->globals.bReduceRepeatMsgs = 0; - pThis->globals.bDebugPrintTemplateList = 1; -diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h ---- rsyslog-8.2102.0/runtime/rsconf.h.orig 2023-07-14 09:33:02.575263028 +0200 -+++ rsyslog-8.2102.0/runtime/rsconf.h 2023-07-14 09:35:29.265347750 +0200 -@@ -61,6 +61,9 @@ struct queuecnf_s { - * be re-set as often as the user likes). - */ - struct globals_s { -+#ifdef ENABLE_LIBCAPNG -+ int bAbortOnFailedLibcapngSetup; -+#endif - int bDebugPrintTemplateList; - int bDebugPrintModuleList; - int bDebugPrintCfSysLineHandlerList; diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c ---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-07-14 09:29:13.038130459 +0200 -+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-07-14 09:31:58.575226065 +0200 +--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-06-27 08:56:27.321174891 +0200 ++++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-06-27 08:58:17.977481782 +0200 @@ -1557,6 +1557,88 @@ initAll(int argc, char **argv) resetErrMsgsFlag(); localRet = rsconf.Load(&ourConf, ConfFile); -+#ifdef ENABLE_LIBCAPNG ++ #ifdef ENABLE_LIBCAPNG + /* + * Drop capabilities to the necessary set + */ @@ -143,7 +90,7 @@ diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd. if(fp_rs_full_conf_output != NULL) { if(fp_rs_full_conf_output != stdout) { fclose(fp_rs_full_conf_output); -@@ -2147,45 +2229,6 @@ main(int argc, char **argv) +@@ -2147,52 +2229,6 @@ main(int argc, char **argv) bProcessInternalMessages = 1; dbgClassInit(); @@ -151,7 +98,7 @@ diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd. - /* - * Drop capabilities to the necessary set - */ -- int capng_rc; +- int capng_rc, capng_failed = 0; - capng_clear(CAPNG_SELECT_BOTH); - - if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, @@ -161,10 +108,9 @@ diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd. - CAP_LEASE, - CAP_NET_ADMIN, - CAP_NET_BIND_SERVICE, +- CAP_DAC_OVERRIDE, - CAP_SETGID, - CAP_SETUID, -- CAP_DAC_OVERRIDE, -- CAP_NET_RAW, - CAP_SYS_ADMIN, - CAP_SYS_CHROOT, - CAP_SYS_RESOURCE, @@ -173,17 +119,25 @@ diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd. - )) != 0) { - LogError(0, RS_RET_LIBCAPNG_ERR, - "could not update the internal posix capabilities settings " -- "based on the options passed to it, capng_updatev=%d\n", capng_rc); -- exit(-1); +- "based on the options passed to it, capng_updatev=%d", capng_rc); +- capng_failed = 1; - } - - if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) { - LogError(0, RS_RET_LIBCAPNG_ERR, -- "could not transfer the specified internal posix capabilities " -- "settings to the kernel, capng_apply=%d\n", capng_rc); -- exit(-1); +- "could not transfer the specified internal posix capabilities " +- "settings to the kernel, capng_apply=%d", capng_rc); +- capng_failed = 1; +- } +- +- if (capng_failed) { +- DBGPRINTF("Capabilities were not dropped successfully.\n"); +- if (loadConf->globals.bAbortOnFailedLibcapngSetup) { +- exit(RS_RET_LIBCAPNG_ERR); +- } +- } else { +- DBGPRINTF("Capabilities were dropped successfully\n"); - } -- DBGPRINTF("Capabilities were dropped successfully\n"); -#endif - initAll(argc, argv); diff --git a/SOURCES/rsyslog.conf b/SOURCES/rsyslog.conf index b51e844..368399f 100644 --- a/SOURCES/rsyslog.conf +++ b/SOURCES/rsyslog.conf @@ -12,19 +12,20 @@ global(workDirectory="/var/lib/rsyslog") # Use default timestamp format module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat") -# Include all config files in /etc/rsyslog.d/ -include(file="/etc/rsyslog.d/*.conf" mode="optional") - #### MODULES #### module(load="imuxsock" # provides support for local system logging (e.g. via logger command) SysSock.Use="off") # Turn off message reception via local log socket; # local messages are retrieved through imjournal now. module(load="imjournal" # provides access to the systemd journal + UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from StateFile="imjournal.state") # File to store the position in the journal #module(load="imklog") # reads kernel messages (the same are read from journald) #module(load="immark") # provides --MARK-- message capability +# Include all config files in /etc/rsyslog.d/ +include(file="/etc/rsyslog.d/*.conf" mode="optional") + # Provides UDP syslog reception # for parameters see http://www.rsyslog.com/doc/imudp.html #module(load="imudp") # needs to be done just once diff --git a/SOURCES/rsyslog.service b/SOURCES/rsyslog.service index 9c13b1d..fa59599 100644 --- a/SOURCES/rsyslog.service +++ b/SOURCES/rsyslog.service @@ -1,6 +1,8 @@ [Unit] Description=System Logging Service ;Requires=syslog.socket +Wants=network.target network-online.target +After=network.target network-online.target Documentation=man:rsyslogd(8) Documentation=https://www.rsyslog.com/doc/ @@ -12,6 +14,18 @@ ExecReload=/usr/bin/kill -HUP $MAINPID UMask=0066 StandardOutput=null Restart=on-failure +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictNamespaces=net +NoNewPrivileges=yes +ProtectControlGroups=yes +ProtectHome=read-only +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @raw-io @reboot @swap @cpu-emulation @obsolete +LockPersonality=yes +MemoryDenyWriteExecute=yes # Increase the default a bit in order to allow many simultaneous # files to be monitored, we might need a lot of fds. diff --git a/SPECS/rsyslog.spec b/SPECS/rsyslog.spec index c42ba92..d762952 100644 --- a/SPECS/rsyslog.spec +++ b/SPECS/rsyslog.spec @@ -5,7 +5,7 @@ Summary: Enhanced system logging and kernel message trapping daemon Name: rsyslog Version: 8.2102.0 -Release: 113%{?dist}.1 +Release: 117%{?dist} License: (GPLv3+ and ASL 2.0) URL: http://www.rsyslog.com/ Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz @@ -16,7 +16,7 @@ Source4: rsyslog.log Source5: rsyslog.service # Add qpid-proton as another source, enable omamqp1 module in a # separatae sub-package with it statically linked(see rhbz#1713427) -Source6: qpid-proton-0.34.0.tar.gz +Source6: qpid-proton-0.39.0.tar.gz Patch0: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch @@ -27,7 +27,6 @@ Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch Patch6: rsyslog-8.2102.0-rhbz1938863-covscan.patch Patch7: rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch Patch8: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch -Patch9: openssl3-compatibility.patch Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch @@ -38,8 +37,19 @@ Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch Patch19: rsyslog-8.2102.0-capabilities-capnetraw.patch -Patch20: rsyslog-8.2102.0-libcapng-no-cap-support.patch -Patch21: rsyslog-8.2102.0-libcapng-no-cap-support2.patch +Patch20: rsyslog-8.2102.0-rhbz2157804-cstrlen.patch +Patch21: rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch +Patch22: rsyslog-8.2102.0-rhbz2192955-es-0.patch +Patch23: rsyslog-8.2102.0-rhbz2192955-es-1.patch +Patch24: rsyslog-8.2102.0-rhbz2192955-es-2.patch +Patch25: rsyslog-8.2102.0-rhbz2192955-es-3.patch +Patch26: rsyslog-8.2102.0-rhbz2192955-es-4.patch +Patch27: rsyslog-8.2102.0-rhbz2192955-es-5.patch +Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch +Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch +Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch +Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch +Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch BuildRequires: make BuildRequires: gcc @@ -295,12 +305,19 @@ mv build doc %patch17 -p1 -b .imklog-leak %patch18 -p1 -b .capabilities-drop-credential %patch19 -p1 -b .capabilities-capnetraw -%patch20 -p1 -%patch21 -p1 - -pushd .. -%patch9 -p1 -b .openssl-compatibility -popd +%patch20 -p1 -b .cstrlen +%patch21 -p1 -b .journalCOMM +%patch22 -p1 -b .es0 +%patch23 -p1 -b .es1 +%patch24 -p1 -b .es2 +%patch25 -p1 -b .es3 +%patch26 -p1 -b .es4 +%patch27 -p1 -b .es5 +%patch28 -p1 -b .es6 +%patch29 -p1 -b .es-doc +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 %build # Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags @@ -318,7 +335,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic" %endif # build the proton first ( - cd %{_builddir}/qpid-proton-0.34.0 + cd %{_builddir}/qpid-proton-0.39.0 mkdir bld cd bld @@ -350,7 +367,7 @@ autoreconf -if --prefix=/usr \ --disable-static \ --disable-testbench \ - --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \ + --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.39.0/bld/c/include" \ --enable-elasticsearch \ --enable-generate-man-pages \ --enable-gnutls \ @@ -562,9 +579,33 @@ done %changelog -* Fri Jul 14 2023 Attila Lakatos - 8.2102.0-113.1 -- Do not drop capabilities if we don't have any -- resolves: rhbz#2225088 +* Fri Jul 28 2023 Attila Lakatos - 8.2102.0-117 +- Add back CAP_NET_RAW capability due to omudpspoof + resolves: rhbz#2216919 + +* Tue Jun 27 2023 Attila Lakatos - 8.2102.0-116 +- libcapng: do not try to drop capabilities that are not present +- add global libcapng.default to not abort when libcapng fails + resolves: rhbz#2216919 + +* Mon May 22 2023 Attila Lakatos - 8.2102.0-115 +- omelasticsearch: make compatible with elasticsearch>=8 +- add new action specific parameter esversion.major + resolves: rhbz#2209017 + +* Fri May 19 2023 Attila Lakatos - 8.2102.0-114 +- Fix wrong type conversion in cstrLen() + resolves: rhbz#2157805 +- imjournal: by default retrieves _PID from journal as PID number + resolves: rhbz#2176397 +- Systemd service file hardening + resolves: rhbz#2176403 +- rsyslog.conf: load imuxsock and imjournal before loading rsyslog.d + resolves: rhbz#2165899 +- rsyslog is now started after the network service during boot + resolves: rhbz#2074318 +- imjournal: add second fallback to the message identifier + resolves: rhbv#2129015 * Tue Mar 07 2023 Attila Lakatos - 8.2102.0-113 - Do not allow having selinux-policy < 38.1.3-1