From b66dd9d149dfdb3e0075af83f0774d40ab54e5d6 Mon Sep 17 00:00:00 2001 From: Cropi Date: Fri, 31 Oct 2025 12:56:21 +0100 Subject: [PATCH] RHEL 9.8 ERRATUM Rebase to 8.2510.0 gnutls netstream driver: improve doc Resolves: RHEL-86031 rsyslog.conf: use RainerSscript syntax in actions Resolves: RHEL-42508 gnutls netstream driver: report missing certificate just once Resolves: RHEL-105782 --- .gitignore | 2 + gtls-unused-certificates.patch | 127 +++++++++++++++++++++++++ imfile-delete-state-on-file-move.patch | 101 -------------------- openssl-disable-engines.patch | 62 ------------ ossl-free-cert.patch | 38 ++++++++ rsyslog.conf | 32 +++---- rsyslog.spec | 49 +++++----- sources | 5 +- 8 files changed, 212 insertions(+), 204 deletions(-) create mode 100644 gtls-unused-certificates.patch delete mode 100644 imfile-delete-state-on-file-move.patch delete mode 100644 openssl-disable-engines.patch create mode 100644 ossl-free-cert.patch diff --git a/.gitignore b/.gitignore index 752b143..3beecee 100644 --- a/.gitignore +++ b/.gitignore @@ -88,3 +88,5 @@ rsyslog-4.6.3.tar.gz /rsyslog-doc-8.2412.0.tar.gz /rsyslog-8.2506.0.tar.gz /rsyslog-doc-8.2506.0.tar.gz +/rsyslog-8.2510.0.tar.gz +/qpid-proton-0.40.0.tar.gz diff --git a/gtls-unused-certificates.patch b/gtls-unused-certificates.patch new file mode 100644 index 0000000..e5f0813 --- /dev/null +++ b/gtls-unused-certificates.patch @@ -0,0 +1,127 @@ +From e3f131d561a1df7dd07631345662ab678614bba7 Mon Sep 17 00:00:00 2001 +From: Cropi +Date: Mon, 3 Nov 2025 14:13:19 +0100 +Subject: [PATCH 2/2] nsd_gtls: fix repeated warnings on connection retry + + test + +Move the `loggedWarnings` bitfield from per-instance to module-level +static storage in `runtime/nsd_gtls.c` so that missing cert/key/CA +warnings are emitted only once per rsyslogd process, not on every +connection retry. Otherwise, a broken connection can spam dosens of +logs. +--- + runtime/nsd_gtls.c | 26 ++++++++++++++----------- + runtime/nsd_gtls.h | 1 - + tests/omfwd-gtls-missing-cert-key.sh | 29 ++++++++++++++++++++++++++++ + 3 files changed, 44 insertions(+), 12 deletions(-) + create mode 100755 tests/omfwd-gtls-missing-cert-key.sh + +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index 7721c1bd1..9a7939fba 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -77,6 +77,9 @@ static pthread_mutex_t mutGtlsStrerror; + + static gnutls_dh_params_t dh_params; /**< server DH parameters for anon mode */ + ++/* Module-level bitfield for warnings that have been logged (shared across all instances) */ ++static unsigned loggedWarnings = 0; ++ + /* bitfield for warnings that have been logged */ + enum { + GTLS_LOGGED_WARN_CERT_MISSING = 1 << 0, +@@ -674,13 +677,14 @@ static rsRetVal gtlsAddOurCert(nsd_gtls_t *const pThis) { + keyFile = (pThis->pszKeyFile == NULL) ? glbl.GetDfltNetstrmDrvrKeyFile(runConf) : pThis->pszKeyFile; + dbgprintf("GTLS certificate file: '%s'\n", certFile); + dbgprintf("GTLS key file: '%s'\n", keyFile); +- if (certFile == NULL && !(pThis->loggedWarnings & GTLS_LOGGED_WARN_CERT_MISSING)) { +- LogMsg(0, RS_RET_CERT_MISSING, LOG_WARNING, "warning: certificate file is not set"); +- pThis->loggedWarnings |= GTLS_LOGGED_WARN_CERT_MISSING; ++ ++ if (certFile == NULL && !(loggedWarnings & GTLS_LOGGED_WARN_CERT_MISSING)) { ++ LogError(0, RS_RET_CERT_MISSING, "warning: certificate file is not set"); ++ loggedWarnings |= GTLS_LOGGED_WARN_CERT_MISSING; + } +- if (keyFile == NULL && !(pThis->loggedWarnings & GTLS_LOGGED_WARN_KEY_MISSING)) { +- LogMsg(0, RS_RET_CERTKEY_MISSING, LOG_WARNING, "warning: key file is not set"); +- pThis->loggedWarnings |= GTLS_LOGGED_WARN_KEY_MISSING; ++ if (keyFile == NULL && !(loggedWarnings & GTLS_LOGGED_WARN_KEY_MISSING)) { ++ LogError(0, RS_RET_CERTKEY_MISSING, "warning: key file is not set"); ++ loggedWarnings |= GTLS_LOGGED_WARN_KEY_MISSING; + } + + /* set certificate in gnutls */ +@@ -757,10 +761,11 @@ static rsRetVal gtlsInitCred(nsd_gtls_t *const pThis) { + + /* sets the trusted cas file */ + cafile = (pThis->pszCAFile == NULL) ? glbl.GetDfltNetstrmDrvrCAF(runConf) : pThis->pszCAFile; +- if (cafile == NULL && !(pThis->loggedWarnings & GTLS_LOGGED_WARN_CA_MISSING)) { +- LogMsg(0, RS_RET_CA_CERT_MISSING, LOG_WARNING, "Warning: CA certificate is not set"); +- pThis->loggedWarnings |= GTLS_LOGGED_WARN_CA_MISSING; +- } else { ++ if (cafile == NULL && !(loggedWarnings & GTLS_LOGGED_WARN_CA_MISSING)) { ++ LogError(0, RS_RET_CA_CERT_MISSING, "Warning: CA certificate is not set"); ++ loggedWarnings |= GTLS_LOGGED_WARN_CA_MISSING; ++ } ++ if (cafile != NULL) { + dbgprintf("GTLS CA file: '%s'\n", cafile); + gnuRet = gnutls_certificate_set_x509_trust_file(pThis->xcred, (char *)cafile, GNUTLS_X509_FMT_PEM); + if (gnuRet == GNUTLS_E_FILE_ERROR) { +@@ -1432,7 +1437,6 @@ static inline void gtlsSetTransportPtr(nsd_gtls_t *pThis, int sock) { + BEGINobjConstruct(nsd_gtls) /* be sure to specify the object type also in END macro! */ + iRet = nsd_ptcp.Construct(&pThis->pTcp); + pThis->bReportAuthErr = 1; +- pThis->loggedWarnings = 0; + ENDobjConstruct(nsd_gtls) + + +diff --git a/runtime/nsd_gtls.h b/runtime/nsd_gtls.h +index 685f65a49..f40ab3f13 100644 +--- a/runtime/nsd_gtls.h ++++ b/runtime/nsd_gtls.h +@@ -83,7 +83,6 @@ struct nsd_gtls_s { + gnutls_x509_privkey_t ourKey; /**< our private key, if in client mode (unused in server mode) */ + short bOurCertIsInit; /**< 1 if our certificate is initialized and must be deinit on destruction */ + short bOurKeyIsInit; /**< 1 if our private key is initialized and must be deinit on destruction */ +- unsigned short loggedWarnings; /**< bitfield of logged warnings */ + char *pszRcvBuf; + int lenRcvBuf; + /**< -1: empty, 0: connection closed, 1..NSD_GTLS_MAX_RCVBUF-1: data of that size present */ +diff --git a/tests/omfwd-gtls-missing-cert-key.sh b/tests/omfwd-gtls-missing-cert-key.sh +new file mode 100755 +index 000000000..36cb2f3f5 +--- /dev/null ++++ b/tests/omfwd-gtls-missing-cert-key.sh +@@ -0,0 +1,29 @@ ++#!/bin/bash ++# Test for gnutls loggedWarnings functionality with omfwd ++# This test verifies that warnings for missing cert/key files are logged only once ++# even when the action retries multiple times (loggedWarnings mechanism) ++. ${srcdir:=.}/diag.sh init ++ ++export PORT_RCVR="$(get_free_port)" ++export RS_REDIR=">${RSYSLOG_DYNNAME}.rsyslog.log 2>&1" ++ ++generate_conf ++add_conf ' ++global(defaultNetstreamDriverCAFile="'$srcdir/tls-certs/ca.pem'") ++ ++action(type="omfwd" protocol="tcp" target="127.0.0.1" port="'$PORT_RCVR'" ++ StreamDriver="gtls" ++ StreamDriverMode="1" ++ StreamDriverAuthMode="x509/name" ++ action.resumeRetryCount="-1" ++ action.resumeInterval="10") ++' ++startup ++sleep 30 ++shutdown_immediate ++wait_shutdown ++ ++content_count_check "warning: certificate file is not set" 1 ${RSYSLOG_DYNNAME}.rsyslog.log ++content_count_check "warning: key file is not set" 1 ${RSYSLOG_DYNNAME}.rsyslog.log ++ ++exit_test +-- +2.51.0 + diff --git a/imfile-delete-state-on-file-move.patch b/imfile-delete-state-on-file-move.patch deleted file mode 100644 index ce8c2de..0000000 --- a/imfile-delete-state-on-file-move.patch +++ /dev/null @@ -1,101 +0,0 @@ -diff -up a/plugins/imfile/imfile.c.orig b/plugins/imfile/imfile.c ---- a/plugins/imfile/imfile.c.orig 2025-07-29 15:54:35.659288215 +0200 -+++ b/plugins/imfile/imfile.c 2025-07-29 15:54:40.119329980 +0200 -@@ -157,6 +157,7 @@ struct instanceConf_s { - int readTimeout; - unsigned delay_perMsg; - sbool bRMStateOnDel; -+ sbool bRMStateOnMove; - uint8_t readMode; - uchar *startRegex; - uchar *endRegex; -@@ -253,6 +254,7 @@ struct modConfData_s { - instanceConf_t *root, *tail; - fs_node_t *conf_tree; - uint8_t opMode; -+ sbool bRMStateOnMove; - sbool configSetViaV2Method; - uchar *stateFileDirectory; - sbool sortFiles; -@@ -310,7 +312,8 @@ static struct cnfparamdescr modpdescr[] - { "sortfiles", eCmdHdlrBinary, 0 }, - { "statefile.directory", eCmdHdlrString, 0 }, - { "normalizepath", eCmdHdlrBinary, 0 }, -- { "mode", eCmdHdlrGetWord, 0 } -+ { "mode", eCmdHdlrGetWord, 0 }, -+ { "deletestateonfilemove", eCmdHdlrBinary, 0 }, - }; - static struct cnfparamblk modpblk = - { CNFPARAMBLK_VERSION, -@@ -350,7 +353,8 @@ static struct cnfparamdescr inppdescr[] - { "needparse", eCmdHdlrBinary, 0}, - { "ignoreolderthan", eCmdHdlrInt, 0}, - { "maxbytesperminute", eCmdHdlrInt, 0}, -- { "maxlinesperminute", eCmdHdlrInt, 0} -+ { "maxlinesperminute", eCmdHdlrInt, 0}, -+ { "deletestateonfilemove", eCmdHdlrBinary, 0} - }; - static struct cnfparamblk inppblk = - { CNFPARAMBLK_VERSION, -@@ -856,7 +860,7 @@ detect_updates(fs_edge_t *const edge) - */ - sbool is_file = act->edge->is_file; - if (!is_file || act->time_to_delete + FILE_DELETE_DELAY < ttNow) { -- DBGPRINTF("detect_updates obj gone away, unlinking: " -+ DBGPRINTF("detect_updates obj gone away, unlinking: " - "'%s', ttDelete: %"PRId64"s, ttNow:%"PRId64" isFile: %d\n", - act->name, (int64_t) ttNow - (act->time_to_delete + FILE_DELETE_DELAY), - (int64_t) ttNow, is_file); -@@ -1061,8 +1065,17 @@ act_obj_destroy(act_obj_t *const act, co - } - persistStrmState(act); - strm.Destruct(&act->pStrm); -- /* we delete state file after destruct in case strm obj initiated a write */ -- if(is_deleted && !act->in_move && inst->bRMStateOnDel) { -+ -+ /* -+ * We delete the state file after the destruct operation to ensure that any pending -+ * writes initiated by the stream object are completed before removal. The state file -+ * is deleted in the following scenarios: -+ * - If the file has not been moved and we are configured to delete the state file -+ * when the original file is removed. -+ * - If the configuration specifies not to preserve the state file after the file -+ * has been renamed. This prevents orphaned state files. -+ */ -+ if(is_deleted && ((!act->in_move && inst->bRMStateOnDel) || inst->bRMStateOnMove)) { - DBGPRINTF("act_obj_destroy: deleting state file %s\n", statefn); - unlink((char*)statefn); - } -@@ -1773,6 +1786,7 @@ createInstance(instanceConf_t **const pi - inst->discardTruncatedMsg = 0; - inst->msgDiscardingError = 1; - inst->bRMStateOnDel = 1; -+ inst->bRMStateOnMove = loadModConf->bRMStateOnMove; - inst->escapeLF = 1; - inst->escapeLFString = NULL; - inst->reopenOnTruncate = 0; -@@ -1932,6 +1946,7 @@ addInstance(void __attribute__((unused)) - inst->addMetadata = 0; - inst->addCeeTag = 0; - inst->bRMStateOnDel = 0; -+ inst->bRMStateOnMove = loadModConf->bRMStateOnMove; - inst->readTimeout = loadModConf->readTimeout; - inst->msgFlag = 0; - -@@ -2089,6 +2104,7 @@ CODESTARTbeginCnfLoad - /* init our settings */ - loadModConf->opMode = OPMODE_POLLING; - loadModConf->iPollInterval = DFLT_PollInterval; -+ loadModConf->bRMStateOnMove = 0; - loadModConf->configSetViaV2Method = 0; - loadModConf->readTimeout = 0; /* default: no timeout */ - loadModConf->timeoutGranularity = 1000; /* default: 1 second */ -@@ -2142,6 +2158,8 @@ CODESTARTsetModCnf - continue; - if(!strcmp(modpblk.descr[i].name, "pollinginterval")) { - loadModConf->iPollInterval = (int) pvals[i].val.d.n; -+ } else if(!strcmp(modpblk.descr[i].name, "deletestateonfilemove")) { -+ loadModConf->bRMStateOnMove = (sbool) pvals[i].val.d.n; - } else if(!strcmp(modpblk.descr[i].name, "readtimeout")) { - loadModConf->readTimeout = (int) pvals[i].val.d.n; - } else if(!strcmp(modpblk.descr[i].name, "timeoutgranularity")) { diff --git a/openssl-disable-engines.patch b/openssl-disable-engines.patch deleted file mode 100644 index 877f0a4..0000000 --- a/openssl-disable-engines.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff --git a/plugins/imdtls/imdtls.c b/plugins/imdtls/imdtls.c -index f90e8ad61c..bfb63452c7 100644 ---- a/plugins/imdtls/imdtls.c -+++ b/plugins/imdtls/imdtls.c -@@ -41,7 +41,9 @@ - #if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) - # include - #endif --#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif - // --- - - #include "rsyslog.h" -diff --git a/plugins/omdtls/omdtls.c b/plugins/omdtls/omdtls.c -index 2b28908030..693ff99c77 100644 ---- a/plugins/omdtls/omdtls.c -+++ b/plugins/omdtls/omdtls.c -@@ -52,7 +52,9 @@ - #if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) - # include - #endif --#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif - // --- - - // Include rsyslog headers -diff --git a/runtime/net_ossl.h b/runtime/net_ossl.h -index af36ffe488..d66a422d4d 100644 ---- a/runtime/net_ossl.h -+++ b/runtime/net_ossl.h -@@ -31,7 +31,9 @@ - #if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) - # include - #endif --#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif - #include - #include - -diff --git a/tests/tcpflood.c b/tests/tcpflood.c -index 4b2d98b2c8..7322aeb135 100644 ---- a/tests/tcpflood.c -+++ b/tests/tcpflood.c -@@ -129,8 +129,10 @@ - #ifdef ENABLE_OPENSSL - #include - #include -- #include -- #include -+ #include -+# ifndef OPENSSL_NO_ENGINE -+# include -+# endif - - /* OpenSSL API differences */ - #if OPENSSL_VERSION_NUMBER >= 0x10100000L diff --git a/ossl-free-cert.patch b/ossl-free-cert.patch new file mode 100644 index 0000000..2b569e0 --- /dev/null +++ b/ossl-free-cert.patch @@ -0,0 +1,38 @@ +From e21ea186a88d2750c97092c016811d1378cbe24c Mon Sep 17 00:00:00 2001 +From: Cropi +Date: Thu, 9 Oct 2025 11:39:46 +0200 +Subject: [PATCH] ossl bugfix: ensure peer cert is freed in osslChkPeerAuth + +Ensure osslChkPeerAuth starts with a null peer-certificate pointer and +frees any retrieved X509 certificate so OpenSSL allocations from +SSL_get_peer_certificate do not leak after TLS handshakes. +--- + runtime/nsd_ossl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c +index 30300156b..954277fef 100644 +--- a/runtime/nsd_ossl.c ++++ b/runtime/nsd_ossl.c +@@ -353,7 +353,7 @@ finalize_it: + */ + rsRetVal osslChkPeerAuth(nsd_ossl_t *pThis) { + DEFiRet; +- X509 *certpeer; ++ X509 *certpeer = NULL; + + ISOBJ_TYPE_assert(pThis, nsd_ossl); + uchar *fromHostIP = NULL; +@@ -388,6 +388,9 @@ rsRetVal osslChkPeerAuth(nsd_ossl_t *pThis) { + break; + } + finalize_it: ++ if (certpeer != NULL) { ++ X509_free(certpeer); ++ } + if (fromHostIP != NULL) { + free(fromHostIP); + } +-- +2.51.0 + diff --git a/rsyslog.conf b/rsyslog.conf index 93ef732..403e44d 100644 --- a/rsyslog.conf +++ b/rsyslog.conf @@ -9,24 +9,25 @@ # Where to place auxiliary files global(workDirectory="/var/lib/rsyslog") +#### MODULES #### + # Use default timestamp format module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat") -#### MODULES #### - -module(load="imuxsock" # provides support for local system logging (e.g. via logger command) +module(load="imuxsock" # provides support for local system logging (e.g. via logger command) SysSock.Use="off") # Turn off message reception via local log socket; - # local messages are retrieved through imjournal now. -module(load="imjournal" # provides access to the systemd journal + # local messages are retrieved through imjournal now. +module(load="imjournal" # provides access to the systemd journal UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from FileCreateMode="0644" # Set the access permissions for the state file StateFile="imjournal.state") # File to store the position in the journal -#module(load="imklog") # reads kernel messages (the same are read from journald) -#module(load="immark") # provides --MARK-- message capability # Include all config files in /etc/rsyslog.d/ include(file="/etc/rsyslog.d/*.conf" mode="optional") +#module(load="imklog") # reads kernel messages (the same are read from journald) +#module(load="immark") # provides --MARK-- message capability + # Provides UDP syslog reception # for parameters see http://www.rsyslog.com/doc/imudp.html #module(load="imudp") # needs to be done just once @@ -41,30 +42,29 @@ include(file="/etc/rsyslog.d/*.conf" mode="optional") # Log all kernel messages to the console. # Logging much else clutters up the screen. -#kern.* /dev/console +#kern.* action(type="omfile" file="/dev/console") # Log anything (except mail) of level info or higher. # Don't log private authentication messages! -*.info;mail.none;authpriv.none;cron.none /var/log/messages +*.info;mail.none;authpriv.none;cron.none action(type="omfile" file="/var/log/messages") # The authpriv file has restricted access. -authpriv.* /var/log/secure +authpriv.* action(type="omfile" file="/var/log/secure") # Log all the mail messages in one place. -mail.* -/var/log/maillog - +mail.* action(type="omfile" file="/var/log/maillog" sync="on") # Log cron stuff -cron.* /var/log/cron +cron.* action(type="omfile" file="/var/log/cron") # Everybody gets emergency messages -*.emerg :omusrmsg:* +*.emerg action(type="omusrmsg" users="*") # Save news errors of level crit and higher in a special file. -uucp,news.crit /var/log/spooler +uucp,news.crit action(type="omfile" file="/var/log/spooler") # Save boot messages also to boot.log -local7.* /var/log/boot.log +local7.* action(type="omfile" file="/var/log/boot.log") # ### sample forwarding rule ### diff --git a/rsyslog.spec b/rsyslog.spec index 4cacb41..c864206 100644 --- a/rsyslog.spec +++ b/rsyslog.spec @@ -1,27 +1,26 @@ %define rsyslog_statedir %{_sharedstatedir}/rsyslog %define rsyslog_pkidir %{_sysconfdir}/pki/rsyslog %define rsyslog_docdir %{_docdir}/rsyslog -%define qpid_proton_v 0.39.0 +%define qpid_proton_v 0.40.0 Summary: Enhanced system logging and kernel message trapping daemon Name: rsyslog -Version: 8.2506.0 +Version: 8.2510.0 Release: 2%{?dist} License: GPL-3.0-or-later AND Apache-2.0 URL: http://www.rsyslog.com/ Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz -Source1: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.tar.gz -Source2: rsyslog.conf -Source3: rsyslog.sysconfig -Source4: rsyslog.log -Source5: rsyslog.service +Source1: rsyslog.conf +Source2: rsyslog.sysconfig +Source3: rsyslog.log +Source4: rsyslog.service # Add qpid-proton as another source, enable omamqp1 module in a # separatae sub-package with it statically linked(see rhbz#1713427) -Source6: https://archive.apache.org/dist/qpid/proton/%{qpid_proton_v}/qpid-proton-%{qpid_proton_v}.tar.gz +Source5: https://archive.apache.org/dist/qpid/proton/%{qpid_proton_v}/qpid-proton-%{qpid_proton_v}.tar.gz Source7: rsyslog-tmpfiles.conf -Patch0: openssl-disable-engines.patch -Patch1: imfile-delete-state-on-file-move.patch +Patch0: ossl-free-cert.patch +Patch1: gtls-unused-certificates.patch BuildRequires: make BuildRequires: gcc @@ -248,18 +247,13 @@ The rsyslog-mmkubernetes package provides module for adding kubernetes container metadata. %prep -# set up rsyslog-doc sources -%setup -q -a 1 -T -c - -rm -r LICENSE README.md source build/objects.inv -mv build doc # set up rsyslog sources %setup -q -D %patch -P 0 -p1 %patch -P 1 -p1 # Unpack qpid-proton for rhel -%setup -q -D -T -b 6 +%setup -q -D -T -b 5 %build # Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags @@ -366,10 +360,10 @@ install -d -m 755 %{buildroot}%{rsyslog_docdir}/html install -d -m 755 %{buildroot}%{_libexecdir}/%{name} install -d -m 755 %{buildroot}%{_tmpfilesdir} -install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rsyslog.conf -install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog -install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/rsyslog -install -p -m 644 %{SOURCE5} %{buildroot}%{_unitdir}/rsyslog.service +install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/rsyslog.conf +install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/rsyslog +install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/rsyslog.service install -p -m 644 %{SOURCE7} %{buildroot}%{_tmpfilesdir}/rsyslog.conf install -p -m 644 plugins/ommysql/createDB.sql %{buildroot}%{rsyslog_docdir}/mysql-createDB.sql install -p -m 644 plugins/ompgsql/createDB.sql %{buildroot}%{rsyslog_docdir}/pgsql-createDB.sql @@ -402,7 +396,7 @@ done %{!?_licensedir:%global license %%doc} %license COPYING* %doc AUTHORS ChangeLog README.md -%{rsyslog_docdir} +%exclude %{rsyslog_docdir}/recover_qi.pl %exclude %{rsyslog_docdir}/html %exclude %{rsyslog_docdir}/mysql-createDB.sql %exclude %{rsyslog_docdir}/pgsql-createDB.sql @@ -440,6 +434,7 @@ done %{_libdir}/rsyslog/mmanon.so %{_libdir}/rsyslog/mmcount.so %{_libdir}/rsyslog/mmexternal.so +%{_libdir}/rsyslog/mmleefparse.so %{_libdir}/rsyslog/mmutf8fix.so %{_libdir}/rsyslog/omhttp.so %{_libdir}/rsyslog/omjournal.so @@ -462,7 +457,8 @@ done %{_libdir}/rsyslog/lmcry_gcry.so %files doc -%doc %{rsyslog_docdir}/html +%{rsyslog_docdir}/html +%{rsyslog_docdir}/recover_qi.pl %files elasticsearch %{_libdir}/rsyslog/omelasticsearch.so @@ -525,6 +521,15 @@ done %changelog +* Fri Oct 31 2025 Attila Lakatos - 8.2510.0-2 +- Rebase to 8.2510.0 +- gnutls netstream driver: improve doc + Resolves: RHEL-86031 +- rsyslog.conf: use RainerSscript syntax in actions + Resolves: RHEL-42508 +- gnutls netstream driver: report missing certificate just once + Resolves: RHEL-105782 + * Tue Jul 29 2025 Attila Lakatos 8.2506.0-2 - imfile: reintroduce deleteStateOnFileMove parameter Resolves: RHEL-92262 diff --git a/sources b/sources index 7e05396..1294997 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ -SHA512 (qpid-proton-0.39.0.tar.gz) = df5c5469ee82ba02de62dce15b73b81aab2aae07c7db668182df690cea4ff7584111bd12143fe5e3569469a9ddf4950ac68d60b53d1a7815da4748052948cd1b -SHA512 (rsyslog-8.2506.0.tar.gz) = 82fd3a3e76217081c7903b0bdb8bdb46c23657593d84d5ff7f836efca4c76d7d2870706150a6473c0667f0c8571a3c8e5d237619a3ad3940701925efaec32941 -SHA512 (rsyslog-doc-8.2506.0.tar.gz) = 49db24f5905e4c48ab198358a646d105d0b10c23c7b9ea27d26baa533506e21420829a62acf52f4d34b56250d30988c1f8ab2d6798b3a416b0692c1fcf3c538d +SHA512 (rsyslog-8.2510.0.tar.gz) = d2e693fd8c7112e4ccc36ea6fbb19909df885e7cb2778e95c04b7c5e9db8240224decfee52308a46865b7deffcf1e31ade0104c90d84b768a4dece15e5ea190e +SHA512 (qpid-proton-0.40.0.tar.gz) = 3e7fe56ca1423f45f71d81f5e1d6ec5f21c073cc580628e12a8dbd545a86805b7312834e0d1234dde43797633d575ed639f21a96239b217500cc0a824482aae3