Fix wrong type conversion in cstrLen()
resolves: rhbz#2157805 imjournal: by default retrieves _PID from journal as PID number resolves: rhbz#2176397 Systemd service file hardening resolves: rhbz#2176403 rsyslog.conf: load imuxsock and imjournal before loading rsyslog.d resolves: rhbz#2165899 rsyslog is now started after the network service during boot resolves: rhbz#2074318 imjournal: add second fallback to the message identifier resolves: rhbv#2129015
This commit is contained in:
parent
bf71201ec3
commit
d6b54a3912
12
rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
Normal file
12
rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
|
||||||
|
--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2023-05-19 10:32:32.467826852 +0200
|
||||||
|
+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2023-05-19 10:33:34.426902983 +0200
|
||||||
|
@@ -452,6 +452,8 @@ readjournal(void)
|
||||||
|
/* Get message identifier, client pid and add ':' */
|
||||||
|
if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
|
||||||
|
CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
|
||||||
|
+ } else if (journalGetData("_COMM", &get, &length) >= 0) {
|
||||||
|
+ CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden));
|
||||||
|
} else {
|
||||||
|
CHKmalloc(sys_iden = strdup(cs.dfltTag));
|
||||||
|
}
|
72
rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
Normal file
72
rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
diff -up rsyslog-8.2102.0/parse.h.orig rsyslog-8.2102.0/parse.h
|
||||||
|
--- rsyslog-8.2102.0/parse.h.orig 2023-05-09 09:10:09.236597063 +0200
|
||||||
|
+++ rsyslog-8.2102.0/parse.h 2023-05-09 09:10:26.913608034 +0200
|
||||||
|
@@ -56,7 +56,7 @@ struct rsParsObject
|
||||||
|
rsObjID OID; /**< object ID */
|
||||||
|
#endif
|
||||||
|
cstr_t *pCStr; /**< pointer to the string object we are parsing */
|
||||||
|
- int iCurrPos; /**< current parsing position (char offset) */
|
||||||
|
+ size_t iCurrPos; /**< current parsing position (char offset) */
|
||||||
|
};
|
||||||
|
typedef struct rsParsObject rsParsObj;
|
||||||
|
|
||||||
|
diff -up rsyslog-8.2102.0/runtime/stream.c.orig rsyslog-8.2102.0/runtime/stream.c
|
||||||
|
--- rsyslog-8.2102.0/runtime/stream.c.orig 2023-05-09 09:10:34.122612508 +0200
|
||||||
|
+++ rsyslog-8.2102.0/runtime/stream.c 2023-05-09 09:12:47.934640583 +0200
|
||||||
|
@@ -1071,7 +1071,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t
|
||||||
|
cstr_t *thisLine = NULL;
|
||||||
|
rsRetVal readCharRet;
|
||||||
|
const time_t tCurr = pThis->readTimeout ? getTime(NULL) : 0;
|
||||||
|
- int maxMsgSize = glblGetMaxLine();
|
||||||
|
+ size_t maxMsgSize = glblGetMaxLine();
|
||||||
|
DEFiRet;
|
||||||
|
|
||||||
|
do {
|
||||||
|
@@ -1132,9 +1132,9 @@ strmReadMultiLine(strm_t *pThis, cstr_t
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
- int currLineLen = cstrLen(thisLine);
|
||||||
|
+ size_t currLineLen = cstrLen(thisLine);
|
||||||
|
if(currLineLen > 0) {
|
||||||
|
- int len;
|
||||||
|
+ size_t len;
|
||||||
|
if((len = cstrLen(pThis->prevMsgSegment) + currLineLen) <
|
||||||
|
maxMsgSize) {
|
||||||
|
CHKiRet(cstrAppendCStr(pThis->prevMsgSegment, thisLine));
|
||||||
|
@@ -1144,7 +1144,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t
|
||||||
|
len = 0;
|
||||||
|
} else {
|
||||||
|
len = currLineLen-(len-maxMsgSize);
|
||||||
|
- for(int z=0; z<len; z++) {
|
||||||
|
+ for(size_t z=0; z<len; z++) {
|
||||||
|
cstrAppendChar(pThis->prevMsgSegment,
|
||||||
|
thisLine->pBuf[z]);
|
||||||
|
}
|
||||||
|
diff -up rsyslog-8.2102.0/runtime/stringbuf.c.orig rsyslog-8.2102.0/runtime/stringbuf.c
|
||||||
|
--- rsyslog-8.2102.0/runtime/stringbuf.c.orig 2023-05-09 09:09:37.627577446 +0200
|
||||||
|
+++ rsyslog-8.2102.0/runtime/stringbuf.c 2023-05-09 09:09:59.061590749 +0200
|
||||||
|
@@ -474,7 +474,7 @@ finalize_it:
|
||||||
|
* This is due to performance reasons.
|
||||||
|
*/
|
||||||
|
#ifndef NDEBUG
|
||||||
|
-int cstrLen(cstr_t *pThis)
|
||||||
|
+size_t cstrLen(cstr_t *pThis)
|
||||||
|
{
|
||||||
|
rsCHECKVALIDOBJECT(pThis, OIDrsCStr);
|
||||||
|
return(pThis->iStrLen);
|
||||||
|
diff -up rsyslog-8.2102.0/runtime/stringbuf.h.orig rsyslog-8.2102.0/runtime/stringbuf.h
|
||||||
|
--- rsyslog-8.2102.0/runtime/stringbuf.h.orig 2023-05-09 09:08:05.199520082 +0200
|
||||||
|
+++ rsyslog-8.2102.0/runtime/stringbuf.h 2023-05-09 09:09:26.924570803 +0200
|
||||||
|
@@ -144,9 +144,9 @@ rsRetVal cstrAppendCStr(cstr_t *pThis, c
|
||||||
|
|
||||||
|
/* now come inline-like functions */
|
||||||
|
#ifdef NDEBUG
|
||||||
|
-# define cstrLen(x) ((int)((x)->iStrLen))
|
||||||
|
+# define cstrLen(x) ((size_t)((x)->iStrLen))
|
||||||
|
#else
|
||||||
|
- int cstrLen(cstr_t *pThis);
|
||||||
|
+ size_t cstrLen(cstr_t *pThis);
|
||||||
|
#endif
|
||||||
|
#define rsCStrLen(s) cstrLen((s))
|
||||||
|
|
@ -12,19 +12,20 @@ global(workDirectory="/var/lib/rsyslog")
|
|||||||
# Use default timestamp format
|
# Use default timestamp format
|
||||||
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
|
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
|
||||||
|
|
||||||
# Include all config files in /etc/rsyslog.d/
|
|
||||||
include(file="/etc/rsyslog.d/*.conf" mode="optional")
|
|
||||||
|
|
||||||
#### MODULES ####
|
#### MODULES ####
|
||||||
|
|
||||||
module(load="imuxsock" # provides support for local system logging (e.g. via logger command)
|
module(load="imuxsock" # provides support for local system logging (e.g. via logger command)
|
||||||
SysSock.Use="off") # Turn off message reception via local log socket;
|
SysSock.Use="off") # Turn off message reception via local log socket;
|
||||||
# local messages are retrieved through imjournal now.
|
# local messages are retrieved through imjournal now.
|
||||||
module(load="imjournal" # provides access to the systemd journal
|
module(load="imjournal" # provides access to the systemd journal
|
||||||
|
UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from
|
||||||
StateFile="imjournal.state") # File to store the position in the journal
|
StateFile="imjournal.state") # File to store the position in the journal
|
||||||
#module(load="imklog") # reads kernel messages (the same are read from journald)
|
#module(load="imklog") # reads kernel messages (the same are read from journald)
|
||||||
#module(load="immark") # provides --MARK-- message capability
|
#module(load="immark") # provides --MARK-- message capability
|
||||||
|
|
||||||
|
# Include all config files in /etc/rsyslog.d/
|
||||||
|
include(file="/etc/rsyslog.d/*.conf" mode="optional")
|
||||||
|
|
||||||
# Provides UDP syslog reception
|
# Provides UDP syslog reception
|
||||||
# for parameters see http://www.rsyslog.com/doc/imudp.html
|
# for parameters see http://www.rsyslog.com/doc/imudp.html
|
||||||
#module(load="imudp") # needs to be done just once
|
#module(load="imudp") # needs to be done just once
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=System Logging Service
|
Description=System Logging Service
|
||||||
;Requires=syslog.socket
|
;Requires=syslog.socket
|
||||||
|
Wants=network.target network-online.target
|
||||||
|
After=network.target network-online.target
|
||||||
Documentation=man:rsyslogd(8)
|
Documentation=man:rsyslogd(8)
|
||||||
Documentation=https://www.rsyslog.com/doc/
|
Documentation=https://www.rsyslog.com/doc/
|
||||||
|
|
||||||
@ -12,6 +14,18 @@ ExecReload=/usr/bin/kill -HUP $MAINPID
|
|||||||
UMask=0066
|
UMask=0066
|
||||||
StandardOutput=null
|
StandardOutput=null
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||||
|
RestrictNamespaces=net
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectHome=read-only
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
RestrictSUIDSGID=yes
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=~@clock @debug @module @raw-io @reboot @swap @cpu-emulation @obsolete
|
||||||
|
LockPersonality=yes
|
||||||
|
MemoryDenyWriteExecute=yes
|
||||||
|
|
||||||
# Increase the default a bit in order to allow many simultaneous
|
# Increase the default a bit in order to allow many simultaneous
|
||||||
# files to be monitored, we might need a lot of fds.
|
# files to be monitored, we might need a lot of fds.
|
||||||
|
20
rsyslog.spec
20
rsyslog.spec
@ -5,7 +5,7 @@
|
|||||||
Summary: Enhanced system logging and kernel message trapping daemon
|
Summary: Enhanced system logging and kernel message trapping daemon
|
||||||
Name: rsyslog
|
Name: rsyslog
|
||||||
Version: 8.2102.0
|
Version: 8.2102.0
|
||||||
Release: 113%{?dist}
|
Release: 114%{?dist}
|
||||||
License: (GPLv3+ and ASL 2.0)
|
License: (GPLv3+ and ASL 2.0)
|
||||||
URL: http://www.rsyslog.com/
|
URL: http://www.rsyslog.com/
|
||||||
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
|
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
|
||||||
@ -38,6 +38,8 @@ Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch
|
|||||||
Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch
|
Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch
|
||||||
Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch
|
Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch
|
||||||
Patch19: rsyslog-8.2102.0-capabilities-capnetraw.patch
|
Patch19: rsyslog-8.2102.0-capabilities-capnetraw.patch
|
||||||
|
Patch20: rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
|
||||||
|
Patch21: rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -293,6 +295,8 @@ mv build doc
|
|||||||
%patch17 -p1 -b .imklog-leak
|
%patch17 -p1 -b .imklog-leak
|
||||||
%patch18 -p1 -b .capabilities-drop-credential
|
%patch18 -p1 -b .capabilities-drop-credential
|
||||||
%patch19 -p1 -b .capabilities-capnetraw
|
%patch19 -p1 -b .capabilities-capnetraw
|
||||||
|
%patch20 -p1 -b .cstrlen
|
||||||
|
%patch21 -p1 -b .journalCOMM
|
||||||
|
|
||||||
pushd ..
|
pushd ..
|
||||||
%patch9 -p1 -b .openssl-compatibility
|
%patch9 -p1 -b .openssl-compatibility
|
||||||
@ -558,6 +562,20 @@ done
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri May 19 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-114
|
||||||
|
- Fix wrong type conversion in cstrLen()
|
||||||
|
resolves: rhbz#2157805
|
||||||
|
- imjournal: by default retrieves _PID from journal as PID number
|
||||||
|
resolves: rhbz#2176397
|
||||||
|
- Systemd service file hardening
|
||||||
|
resolves: rhbz#2176403
|
||||||
|
- rsyslog.conf: load imuxsock and imjournal before loading rsyslog.d
|
||||||
|
resolves: rhbz#2165899
|
||||||
|
- rsyslog is now started after the network service during boot
|
||||||
|
resolves: rhbz#2074318
|
||||||
|
- imjournal: add second fallback to the message identifier
|
||||||
|
resolves: rhbv#2129015
|
||||||
|
|
||||||
* Tue Mar 07 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-113
|
* Tue Mar 07 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-113
|
||||||
- Do not allow having selinux-policy < 38.1.3-1
|
- Do not allow having selinux-policy < 38.1.3-1
|
||||||
resolves: rhbz#2176386
|
resolves: rhbz#2176386
|
||||||
|
Loading…
Reference in New Issue
Block a user