From 92fbf83e687a6b27570f032995203678dadaf097 Mon Sep 17 00:00:00 2001 From: CentOS Buildsys Date: Mar 26 2014 13:49:43 +0000 Subject: import rsyslog-7.4.7-6.el7.src.rpm --- diff --git a/.rsyslog.metadata b/.rsyslog.metadata index e69762c..2ba55fe 100644 --- a/.rsyslog.metadata +++ b/.rsyslog.metadata @@ -1 +1 @@ -b4791ac7be1c27288a394e5701e217bce555bf75 SOURCES/rsyslog-7.4.2.tar.gz +f4d6c60572bf661c7a7ea6a0f5e221e5a0fbf65a SOURCES/rsyslog-7.4.7.tar.gz diff --git a/SOURCES/rsyslog-7.3.15-imuxsock-warning.patch b/SOURCES/rsyslog-7.3.15-imuxsock-warning.patch deleted file mode 100644 index d2eaad8..0000000 --- a/SOURCES/rsyslog-7.3.15-imuxsock-warning.patch +++ /dev/null @@ -1,35 +0,0 @@ -From ac6c45537391d67beb55b03ccf301bdaa150cd8a Mon Sep 17 00:00:00 2001 -From: Tomas Heinrich -Date: Mon, 3 Jun 2013 15:09:07 +0200 -Subject: [PATCH] imuxsock: don't report an error message for - $OmitLocalLogging - ---- - plugins/imuxsock/imuxsock.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c -index c503852..dad09ab 100644 ---- a/plugins/imuxsock/imuxsock.c -+++ b/plugins/imuxsock/imuxsock.c -@@ -1284,6 +1284,8 @@ BEGINactivateCnfPrePrivDrop - instanceConf_t *inst; - CODESTARTactivateCnfPrePrivDrop - runModConf = pModConf; -+ if(runModConf->bOmitLocalLogging && nfd == 1) -+ ABORT_FINALIZE(RS_RET_OK); - for(inst = runModConf->root ; inst != NULL ; inst = inst->next) { - addListner(inst); - } -@@ -1325,6 +1327,8 @@ BEGINrunInput - #endif - - CODESTARTrunInput -+ if(runModConf->bOmitLocalLogging && nfd == 1) -+ ABORT_FINALIZE(RS_RET_OK); - /* this is an endless loop - it is terminated when the thread is - * signalled to do so. This, however, is handled by the framework, - * right into the sleep below. --- -1.7.10.4 - diff --git a/SOURCES/rsyslog-7.4.2-imuxsock-rfc3339.patch b/SOURCES/rsyslog-7.4.2-imuxsock-rfc3339.patch deleted file mode 100644 index 3ae46c4..0000000 --- a/SOURCES/rsyslog-7.4.2-imuxsock-rfc3339.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 06a3239f2eaf90eb7c7034b563fa32b1b09beedd Mon Sep 17 00:00:00 2001 -From: Tomas Heinrich -Date: Wed, 6 Nov 2013 17:57:49 +0100 -Subject: [PATCH] imuxsock: pass along missing legacy config variables - -Not doing so caused that the system log socket was unaffected by these -directives. - -bCreatePath is still not passed but currently, there's no placeholder for it. ---- - plugins/imuxsock/imuxsock.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c -index c503852..1c4ba47 100644 ---- a/plugins/imuxsock/imuxsock.c -+++ b/plugins/imuxsock/imuxsock.c -@@ -159,11 +159,11 @@ static int startIndexUxLocalSockets; /* process fd from that index on (used to - static int nfd = 1; /* number of Unix sockets open / read-only after startup */ - static int sd_fds = 0; /* number of systemd activated sockets */ - --/* config vars for legacy config system */ - #define DFLT_bCreatePath 0 - #define DFLT_ratelimitInterval 0 - #define DFLT_ratelimitBurst 200 - #define DFLT_ratelimitSeverity 1 /* do not rate-limit emergency messages */ -+/* config vars for the legacy config system */ - static struct configSettings_s { - int bOmitLocalLogging; - uchar *pLogSockName; -@@ -188,6 +188,7 @@ static struct configSettings_s { - int bParseTrusted; /* parse trusted properties */ - } cs; - -+/* config vars for the v2 config system (rsyslog v6+) */ - struct instanceConf_s { - uchar *sockName; - uchar *pLogHostName; /* host name to use with this socket */ -@@ -1256,11 +1257,14 @@ BEGINendCnfLoad - CODESTARTendCnfLoad - if(!loadModConf->configSetViaV2Method) { - /* persist module-specific settings from legacy config system */ -+ /* these are used to initialize the system log socket (listeners[0]) */ - loadModConf->bOmitLocalLogging = cs.bOmitLocalLogging; - loadModConf->pLogSockName = cs.pLogSockName; - loadModConf->bIgnoreTimestamp = cs.bIgnoreTimestampSysSock; -+ loadModConf->bUseSysTimeStamp = cs.bUseSysTimeStampSysSock; - loadModConf->bUseFlowCtl = cs.bUseFlowCtlSysSock; - loadModConf->bAnnotateSysSock = cs.bAnnotateSysSock; -+ loadModConf->bWritePidSysSock = cs.bWritePidSysSock; - loadModConf->bParseTrusted = cs.bParseTrusted; - loadModConf->ratelimitIntervalSysSock = cs.ratelimitIntervalSysSock; - loadModConf->ratelimitBurstSysSock = cs.ratelimitBurstSysSock; --- -1.7.10.4 - diff --git a/SOURCES/rsyslog-7.4.7-bz1030044-remove-ads.patch b/SOURCES/rsyslog-7.4.7-bz1030044-remove-ads.patch new file mode 100644 index 0000000..cdbcf0e --- /dev/null +++ b/SOURCES/rsyslog-7.4.7-bz1030044-remove-ads.patch @@ -0,0 +1,236 @@ +From 79e4e43bcadb0fb520240c655f529874f305f786 Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Thu, 14 Nov 2013 15:14:08 +0100 +Subject: [PATCH] Remove references to Google ads from html documentation + +--- + doc/rsyslog_secure_tls.html | 13 ------------- + doc/tls_cert_ca.html | 13 ------------- + doc/tls_cert_client.html | 13 ------------- + doc/tls_cert_errmsgs.html | 13 ------------- + doc/tls_cert_machine.html | 13 ------------- + doc/tls_cert_scenario.html | 13 ------------- + doc/tls_cert_server.html | 13 ------------- + doc/tls_cert_summary.html | 13 ------------- + doc/tls_cert_udp_relay.html | 13 ------------- + 9 files changed, 117 deletions(-) + +diff --git a/doc/rsyslog_secure_tls.html b/doc/rsyslog_secure_tls.html +index b15e5a4..0bef2b3 100644 +--- a/doc/rsyslog_secure_tls.html ++++ b/doc/rsyslog_secure_tls.html +@@ -38,19 +38,6 @@ below. Do not blame us if it doesn't provide what you need ;)

+ +

Our secrity goals are achived via public/private key security. As such, it is + vital that private keys are well protected and not accessible to third parties. +- +- +- +- + If private keys have become known to third parties, the system does not provide + any security at all. Also, our solution bases on X.509 certificates and a (very + limited) chain of trust. We have one instance (the CA) that issues all machine +diff --git a/doc/tls_cert_ca.html b/doc/tls_cert_ca.html +index 2cae404..f366462 100644 +--- a/doc/tls_cert_ca.html ++++ b/doc/tls_cert_ca.html +@@ -23,19 +23,6 @@ Gerhards (2008-06-17)

+ maintained by a trustworthy person (or group) and approves the indentities of + all machines. It does so by issuing their certificates. In a small setup, the + administrator can provide the CA function. What is important is the the CA's +- +- +- +- + private key is well-protocted and machine certificates are only issued if it is + know they are valid (in a single-admin case that means the admin should not + issue certificates to anyone else except himself).

+diff --git a/doc/tls_cert_client.html b/doc/tls_cert_client.html +index dbe7961..53596fc 100644 +--- a/doc/tls_cert_client.html ++++ b/doc/tls_cert_client.html +@@ -25,19 +25,6 @@ example, that meanst turng.example.net). The client check's the server's identit + talks to it only if it is the expected server. This is a very important step. + Without it, you would not detect man-in-the-middle attacks or simple malicious servers + who try to get hold of your valuable log data. +- +- +- +- +

+

Steps to do: +

    +diff --git a/doc/tls_cert_errmsgs.html b/doc/tls_cert_errmsgs.html +index d002174..2943efc 100644 +--- a/doc/tls_cert_errmsgs.html ++++ b/doc/tls_cert_errmsgs.html +@@ -21,19 +21,6 @@ Gerhards (2008-06-17)

    + +

    Error Messages

    +

    This page covers error message you may see when setting up +- +- +- +- + rsyslog with TLS. Please note that many + of the message stem back to the TLS library being used. In those cases, there is + not always a good explanation available in rsyslog alone. +diff --git a/doc/tls_cert_machine.html b/doc/tls_cert_machine.html +index 095e15c..fe2ee90 100644 +--- a/doc/tls_cert_machine.html ++++ b/doc/tls_cert_machine.html +@@ -22,19 +22,6 @@ Gerhards (2008-06-18)

    +

    In this step, we generate certificates for each of the machines. Please note + that both clients and servers need certificates. The certificate identifies each + machine to the remote peer. The DNSName specified inside the certificate can +- +- +- +- + be specified inside the $<object>PermittedPeer config statements. +

    For now, we assume that a single person (or group) is responsible for the whole + rsyslog system and thus it is OK if that single person is in posession of all +diff --git a/doc/tls_cert_scenario.html b/doc/tls_cert_scenario.html +index 7973532..88c7657 100644 +--- a/doc/tls_cert_scenario.html ++++ b/doc/tls_cert_scenario.html +@@ -21,19 +21,6 @@ Gerhards (2008-06-17)

    + +

    Sample Scenario

    +

    We have a quite simple scenario. There is one central syslog server, +- +- +- +- + named central.example.net. These server is being reported to by two Linux + machines with name zuse.example.net and turing.example.net. Also, there is a + third client - ada.example.net - which send both its own messages to the central +diff --git a/doc/tls_cert_server.html b/doc/tls_cert_server.html +index 9c024bc..b784be1 100644 +--- a/doc/tls_cert_server.html ++++ b/doc/tls_cert_server.html +@@ -23,19 +23,6 @@ Gerhards (2008-06-18)

    + via TLS protected plain tcp based syslog from those peers that are explicitely permitted + to send to it. The picture below show our configuration. This step configures + the server central.example.net. +- +- +- +- +

    +

    Important: Keep in mind that the order of configuration directives + is very important in rsyslog. As such, the samples given below do only work if the given +diff --git a/doc/tls_cert_summary.html b/doc/tls_cert_summary.html +index 8e003bc..95844a8 100644 +--- a/doc/tls_cert_summary.html ++++ b/doc/tls_cert_summary.html +@@ -20,19 +20,6 @@ Gerhards (2008-07-03)

    + +

    Summary

    +

    If you followed the steps outlined in this documentation set, you now have +- +- +- +- + a reasonable (for most needs) secure setup for the following environment: +

    +

    You have learned about the security decisions involved and which we +diff --git a/doc/tls_cert_udp_relay.html b/doc/tls_cert_udp_relay.html +index f4740ce..d44689c 100644 +--- a/doc/tls_cert_udp_relay.html ++++ b/doc/tls_cert_udp_relay.html +@@ -26,19 +26,6 @@ directly to it, because we would like to have TLS protection for its sensitve + logs. If the router and the syslog relay are on a sufficiently secure private + network, this setup can be considered reasonable secure. In any case, it is the + best alternative among the possible configuration scenarios. +- +- +- +- +

    +

    Steps to do: +

      +-- +1.8.4.3 + diff --git a/SOURCES/rsyslog-7.4.7-bz1038136-imjournal-message-loss.patch b/SOURCES/rsyslog-7.4.7-bz1038136-imjournal-message-loss.patch new file mode 100644 index 0000000..73134f5 --- /dev/null +++ b/SOURCES/rsyslog-7.4.7-bz1038136-imjournal-message-loss.patch @@ -0,0 +1,267 @@ +From effa35d1ae33c1ac825317802b6e970e68f98af2 Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Fri, 31 Jan 2014 11:35:55 +0100 +Subject: [PATCH] Improve handling of messages without syslog properties + +* Don't drop messages without the MESSAGE field +* Set default severity for all messages + Some messages comming from journald don't have the SYSLOG_PRIORITY + field. These are typically the messages logged through journald's + native API. Set the default severity for these messages to 'notice'. +* Set default facility for all messages + Some messages comming from journald don't have the SYSLOG_FACILITY + field. These are typically the messages logged through journald's + native API. Set the default facility for these messages to 'user'. +* Make default priority configurable +--- + doc/imjournal.html | 16 ++++++ + plugins/imjournal/imjournal.c | 124 +++++++++++++++++++++++++++++++----------- + 2 files changed, 109 insertions(+), 31 deletions(-) + +diff --git a/doc/imjournal.html b/doc/imjournal.html +index 8f29169..b4d2105 100644 +--- a/doc/imjournal.html ++++ b/doc/imjournal.html +@@ -69,6 +69,18 @@ journal and read only new messages. This option is only used when there is + no StateFile to avoid message loss. +
    + ++
  • DefaultSeverity <severity>
    ++Some messages comming from journald don't have the SYSLOG_PRIORITY ++field. These are typically the messages logged through journald's ++native API. This option specifies the default severity for these ++messages. Defaults to 'notice'. ++ ++
  • DefaultFacility <facility>
    ++Some messages comming from journald don't have the SYSLOG_FACILITY ++field. These are typically the messages logged through journald's ++native API. This option specifies the default facility for these ++messages. Defaults to 'user'. ++ + Caveats/Known Bugs: +

    +

      +@@ -105,6 +117,10 @@ Equivalent to: ratelimit.interval + Equivalent to: ratelimit.burst +
    • $ImjournalIgnorePreviousMessages
      + Equivalent to: ignorePreviousMessages
      • ++
    • $ImjournalDefaultSeverity
      ++Equivalent to: DefaultSeverity
      • ++
    • $ImjournalDefaultFacility
      ++Equivalent to: DefaultFacility
      • +
    + + +diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c +index 36c7e04..7d42b84 100755 +--- a/plugins/imjournal/imjournal.c ++++ b/plugins/imjournal/imjournal.c +@@ -68,15 +68,21 @@ static struct configSettings_s { + int ratelimitInterval; + int ratelimitBurst; + int bIgnorePrevious; ++ int iDfltSeverity; ++ int iDfltFacility; + } cs; + ++static rsRetVal facilityHdlr(uchar **pp, void *pVal); ++ + /* module-global parameters */ + static struct cnfparamdescr modpdescr[] = { + { "statefile", eCmdHdlrGetWord, 0 }, + { "ratelimit.interval", eCmdHdlrInt, 0 }, + { "ratelimit.burst", eCmdHdlrInt, 0 }, + { "persiststateinterval", eCmdHdlrInt, 0 }, +- { "ignorepreviousmessages", eCmdHdlrBinary, 0 } ++ { "ignorepreviousmessages", eCmdHdlrBinary, 0 }, ++ { "defaultseverity", eCmdHdlrSeverity, 0 }, ++ { "defaultfacility", eCmdHdlrString, 0 } + }; + static struct cnfparamblk modpblk = + { CNFPARAMBLK_VERSION, +@@ -85,6 +91,8 @@ static struct cnfparamblk modpblk = + }; + + #define DFLT_persiststateinterval 10 ++#define DFLT_SEVERITY LOG_PRI(LOG_NOTICE) ++#define DFLT_FACILITY LOG_FAC(LOG_USER) + + static int bLegacyCnfModGlobalsPermitted = 1;/* are legacy module-global config parameters permitted? */ + +@@ -94,6 +102,37 @@ static prop_t *pLocalHostIP = NULL; /* a pseudo-constant propterty for 127.0.0.1 + static ratelimit_t *ratelimiter = NULL; + static sd_journal *j; + ++/* ugly workaround to handle facility numbers; values ++ derived from names need to be eight times smaller */ ++static rsRetVal facilityHdlr(uchar **pp, void *pVal) ++{ ++ DEFiRet; ++ char *p; ++ ++ skipWhiteSpace(pp); ++ p = (char *) *pp; ++ ++ if (isdigit((int) *p)) { ++ *((int *) pVal) = (int) strtol(p, (char **) pp, 10); ++ } else { ++ int len; ++ syslogName_t *c; ++ ++ for (len = 0; p[len] && !isspace((int) p[len]); len++) ++ /* noop */; ++ for (c = syslogFacNames; c->c_name; c++) { ++ if (!strncasecmp(p, (char *) c->c_name, len)) { ++ *((int *) pVal) = LOG_FAC(c->c_val); ++ break; ++ } ++ } ++ *pp += len; ++ } ++ ++ RETiRet; ++} ++ ++ + /* enqueue the the journal message into the message queue. + * The provided msg string is not freed - thus must be done + * by the caller. +@@ -158,7 +197,6 @@ readjournal() { + const void *get; + const void *pidget; + char *parse; +- char *get2; + size_t length; + size_t pidlength; + +@@ -170,45 +208,52 @@ readjournal() { + + long prefixlen = 0; + +- int priority = 0; +- int facility = 0; ++ int severity = cs.iDfltSeverity; ++ int facility = cs.iDfltFacility; + + /* Get message text */ + if (sd_journal_get_data(j, "MESSAGE", &get, &length) < 0) { +- logmsgInternal(NO_ERRCODE, LOG_SYSLOG|LOG_INFO, (uchar *)"log message from journal doesn't have MESSAGE", 0); +- iRet = RS_RET_OK; +- goto ret; +- } +- message = strndup(get+8, length-8); +- if (message == NULL) { +- iRet = RS_RET_OUT_OF_MEMORY; +- goto ret; ++ message = strdup(""); ++ } else { ++ message = strndup(get+8, length-8); ++ if (message == NULL) { ++ iRet = RS_RET_OUT_OF_MEMORY; ++ goto ret; ++ } + } + +- /* Get message priority */ ++ /* Get message severity ("priority" in journald's terminology) */ + if (sd_journal_get_data(j, "PRIORITY", &get, &length) >= 0) { +- get2 = strndup(get, length); +- priority = ((char *)get2)[9] - '0'; +- free (get2); ++ if (length == 10) { ++ severity = ((char *)get)[9] - '0'; ++ if (severity < 0 || 7 < severity) { ++ dbgprintf("The value of the 'PRIORITY' field is " ++ "out of bounds: %d, resetting\n", severity); ++ severity = cs.iDfltSeverity; ++ } ++ } else { ++ dbgprintf("The value of the 'PRIORITY' field has an " ++ "unexpected length: %d\n", length); ++ } + } + + /* Get syslog facility */ + if (sd_journal_get_data(j, "SYSLOG_FACILITY", &get, &length) >= 0) { +- get2 = strndup(get, length); +- char f = ((char *)get2)[16]; +- if (f >= '0' && f <= '9') { +- facility += f - '0'; +- } +- f = ((char *)get2)[17]; +- if (f >= '0' && f <= '9') { +- facility *= 10; +- facility += (f - '0'); ++ if (length == 17 || length == 18) { ++ facility = ((char *)get)[16] - '0'; ++ if (length == 18) { ++ facility *= 10; ++ facility += ((char *)get)[17] - '0'; ++ } ++ if (facility < 0 || 23 < facility) { ++ dbgprintf("The value of the 'FACILITY' field is " ++ "out of bounds: %d, resetting\n", facility); ++ facility = cs.iDfltFacility; ++ } ++ } else { ++ dbgprintf("The value of the 'FACILITY' field has an " ++ "unexpected length: %d\n", length); + } +- free (get2); +- } else { +- /* message is missing facility -> internal systemd journal msg, drop */ +- iRet = RS_RET_OK; +- goto free_message; + } + + /* Get message identifier, client pid and add ':' */ +@@ -349,7 +394,7 @@ readjournal() { + } + + /* submit message */ +- enqMsg((uchar *)message, (uchar *) sys_iden_help, facility, priority, &tv, json); ++ enqMsg((uchar *)message, (uchar *) sys_iden_help, facility, severity, &tv, json); + + finalize_it: + free(sys_iden_help); +@@ -569,6 +614,8 @@ CODESTARTbeginCnfLoad + cs.stateFile = NULL; + cs.ratelimitBurst = 20000; + cs.ratelimitInterval = 600; ++ cs.iDfltSeverity = DFLT_SEVERITY; ++ cs.iDfltFacility = DFLT_FACILITY; + ENDbeginCnfLoad + + +@@ -657,6 +704,17 @@ CODESTARTsetModCnf + cs.ratelimitInterval = (int) pvals[i].val.d.n; + } else if (!strcmp(modpblk.descr[i].name, "ignorepreviousmessages")) { + cs.bIgnorePrevious = (int) pvals[i].val.d.n; ++ } else if (!strcmp(modpblk.descr[i].name, "defaultseverity")) { ++ cs.iDfltSeverity = (int) pvals[i].val.d.n; ++ } else if (!strcmp(modpblk.descr[i].name, "defaultfacility")) { ++ /* ugly workaround to handle facility numbers; values ++ derived from names need to be eight times smaller */ ++ ++ char *fac, *p; ++ ++ fac = p = es_str2cstr(pvals[i].val.d.estr, NULL); ++ facilityHdlr((uchar **) &p, (void *) &cs.iDfltFacility); ++ free(fac); + } else { + dbgprintf("imjournal: program error, non-handled " + "param '%s' in beginCnfLoad\n", modpblk.descr[i].name); +@@ -710,6 +768,10 @@ CODEmodInit_QueryRegCFSLineHdlr + NULL, &cs.stateFile, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournalignorepreviousmessages", 0, eCmdHdlrBinary, + NULL, &cs.bIgnorePrevious, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournaldefaultseverity", 0, eCmdHdlrSeverity, ++ NULL, &cs.iDfltSeverity, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournaldefaultfacility", 0, eCmdHdlrCustomHandler, ++ facilityHdlr, &cs.iDfltFacility, STD_LOADABLE_MODULE_ID)); + + + ENDmodInit +-- +1.8.4.3 + diff --git a/SOURCES/rsyslog-7.4.7-bz1052266-dont-link-libee.patch b/SOURCES/rsyslog-7.4.7-bz1052266-dont-link-libee.patch new file mode 100644 index 0000000..9babd75 --- /dev/null +++ b/SOURCES/rsyslog-7.4.7-bz1052266-dont-link-libee.patch @@ -0,0 +1,42 @@ +diff -ur rsyslog-7.4.7.bck2014-01-20.1/runtime/Makefile.am rsyslog-7.4.7.bck2014-01-20/runtime/Makefile.am +--- rsyslog-7.4.7.bck2014-01-20.1/runtime/Makefile.am 2014-01-20 13:00:47.922000000 -0500 ++++ rsyslog-7.4.7.bck2014-01-20/runtime/Makefile.am 2014-01-20 12:57:44.048000000 -0500 +@@ -102,8 +102,8 @@ + librsyslog_la_CPPFLAGS = -DSD_EXPORT_SYMBOLS -D_PATH_MODDIR=\"$(pkglibdir)/\" -I\$(top_srcdir) -I\$(top_srcdir)/grammar + endif + #librsyslog_la_LDFLAGS = -module -avoid-version +-librsyslog_la_CPPFLAGS += $(PTHREADS_CFLAGS) $(LIBEE_CFLAGS) $(LIBUUID_CFLAGS) $(JSON_C_CFLAGS) -I\$(top_srcdir)/tools +-librsyslog_la_LIBADD = $(DL_LIBS) $(RT_LIBS) $(LIBEE_LIBS) $(LIBUUID_LIBS) $(JSON_C_LIBS) ++librsyslog_la_CPPFLAGS += $(PTHREADS_CFLAGS) $(LIBUUID_CFLAGS) $(JSON_C_CFLAGS) -I\$(top_srcdir)/tools ++librsyslog_la_LIBADD = $(DL_LIBS) $(RT_LIBS) $(LIBUUID_LIBS) $(JSON_C_LIBS) + + # + # regular expression support +diff -ur rsyslog-7.4.7.bck2014-01-20.1/runtime/Makefile.in rsyslog-7.4.7.bck2014-01-20/runtime/Makefile.in +--- rsyslog-7.4.7.bck2014-01-20.1/runtime/Makefile.in 2014-01-20 13:00:47.924000000 -0500 ++++ rsyslog-7.4.7.bck2014-01-20/runtime/Makefile.in 2014-01-20 12:57:44.050000000 -0500 +@@ -650,19 +650,17 @@ + @WITH_MODDIRS_FALSE@librsyslog_la_CPPFLAGS = -DSD_EXPORT_SYMBOLS \ + @WITH_MODDIRS_FALSE@ -D_PATH_MODDIR=\"$(pkglibdir)/\" \ + @WITH_MODDIRS_FALSE@ -I\$(top_srcdir) -I\$(top_srcdir)/grammar \ +-@WITH_MODDIRS_FALSE@ $(PTHREADS_CFLAGS) $(LIBEE_CFLAGS) \ +-@WITH_MODDIRS_FALSE@ $(LIBUUID_CFLAGS) $(JSON_C_CFLAGS) \ +-@WITH_MODDIRS_FALSE@ -I\$(top_srcdir)/tools ++@WITH_MODDIRS_FALSE@ $(PTHREADS_CFLAGS) $(LIBUUID_CFLAGS) \ ++@WITH_MODDIRS_FALSE@ $(JSON_C_CFLAGS) -I\$(top_srcdir)/tools + # the files with ../ we need to work on - so that they either become part of the + # runtime or will no longer be needed. -- rgerhards, 2008-06-13 + # + #librsyslog_la_LDFLAGS = -module -avoid-version + @WITH_MODDIRS_TRUE@librsyslog_la_CPPFLAGS = -DSD_EXPORT_SYMBOLS \ + @WITH_MODDIRS_TRUE@ -D_PATH_MODDIR=\"$(pkglibdir)/:$(moddirs)\" \ +-@WITH_MODDIRS_TRUE@ $(PTHREADS_CFLAGS) $(LIBEE_CFLAGS) \ +-@WITH_MODDIRS_TRUE@ $(LIBUUID_CFLAGS) $(JSON_C_CFLAGS) \ +-@WITH_MODDIRS_TRUE@ -I\$(top_srcdir)/tools +-librsyslog_la_LIBADD = $(DL_LIBS) $(RT_LIBS) $(LIBEE_LIBS) $(LIBUUID_LIBS) $(JSON_C_LIBS) ++@WITH_MODDIRS_TRUE@ $(PTHREADS_CFLAGS) $(LIBUUID_CFLAGS) \ ++@WITH_MODDIRS_TRUE@ $(JSON_C_CFLAGS) -I\$(top_srcdir)/tools ++librsyslog_la_LIBADD = $(DL_LIBS) $(RT_LIBS) $(LIBUUID_LIBS) $(JSON_C_LIBS) + @ENABLE_REGEXP_TRUE@lmregexp_la_SOURCES = regexp.c regexp.h + @ENABLE_REGEXP_TRUE@lmregexp_la_CPPFLAGS = $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) + @ENABLE_REGEXP_TRUE@lmregexp_la_LDFLAGS = -module -avoid-version diff --git a/SOURCES/rsyslog-7.4.7-bz1053669-imuxsock-wrn.patch b/SOURCES/rsyslog-7.4.7-bz1053669-imuxsock-wrn.patch new file mode 100644 index 0000000..9974cf6 --- /dev/null +++ b/SOURCES/rsyslog-7.4.7-bz1053669-imuxsock-wrn.patch @@ -0,0 +1,39 @@ +From 8e0ac9576056a71dd7ad69157a94d56d433afbf6 Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Mon, 20 Jan 2014 16:23:17 +0100 +Subject: [PATCH] imuxsock: don't issue a warning if there are no sockets + configured + +--- + plugins/imuxsock/imuxsock.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c +index df504dd..aadb853 100644 +--- a/plugins/imuxsock/imuxsock.c ++++ b/plugins/imuxsock/imuxsock.c +@@ -1291,6 +1291,10 @@ CODESTARTactivateCnfPrePrivDrop + for(inst = runModConf->root ; inst != NULL ; inst = inst->next) { + addListner(inst); + } ++ if(runModConf->bOmitLocalLogging && nfd == 1) { ++ /* No sockets were configured, no reason to run. */ ++ ABORT_FINALIZE(RS_RET_OK); ++ } + CHKiRet(activateListeners()); + finalize_it: + ENDactivateCnfPrePrivDrop +@@ -1329,6 +1333,10 @@ BEGINrunInput + #endif + + CODESTARTrunInput ++ if(runModConf->bOmitLocalLogging && nfd == 1) { ++ /* No sockets were configured, no reason to run. */ ++ ABORT_FINALIZE(RS_RET_OK); ++ } + /* this is an endless loop - it is terminated when the thread is + * signalled to do so. This, however, is handled by the framework, + * right into the sleep below. +-- +1.8.4.3 + diff --git a/SOURCES/rsyslog-7.4.7-bz1054171-omjournal-warning.patch b/SOURCES/rsyslog-7.4.7-bz1054171-omjournal-warning.patch new file mode 100644 index 0000000..6d4a18a --- /dev/null +++ b/SOURCES/rsyslog-7.4.7-bz1054171-omjournal-warning.patch @@ -0,0 +1,25 @@ +From e921bfe82068a1767311181ad7f4c78ed86e2577 Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Thu, 16 Jan 2014 11:43:55 +0100 +Subject: [PATCH] bugfix: invert the logic for issuing a warning + +--- + plugins/omjournal/omjournal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/omjournal/omjournal.c b/plugins/omjournal/omjournal.c +index 160c369..937d277 100644 +--- a/plugins/omjournal/omjournal.c ++++ b/plugins/omjournal/omjournal.c +@@ -153,7 +153,7 @@ ENDdoAction + BEGINparseSelectorAct + CODESTARTparseSelectorAct + CODE_STD_STRING_REQUESTparseSelectorAct(1) +- if(strncmp((char*) p, ":omjournal:", sizeof(":omjournal:") - 1)) { ++ if(!strncmp((char*) p, ":omjournal:", sizeof(":omjournal:") - 1)) { + errmsg.LogError(0, RS_RET_LEGA_ACT_NOT_SUPPORTED, + "omjournal supports only v6+ config format, use: " + "action(type=\"omjournal\" ...)"); +-- +1.8.4.3 + diff --git a/SOURCES/rsyslog-7.4.7-numeric-uid.patch b/SOURCES/rsyslog-7.4.7-numeric-uid.patch new file mode 100644 index 0000000..c9f8310 --- /dev/null +++ b/SOURCES/rsyslog-7.4.7-numeric-uid.patch @@ -0,0 +1,129 @@ +From 032fcabdb7f3fc515d8155f48751271535df7b8e Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Thu, 5 Dec 2013 19:46:51 +0100 +Subject: [PATCH] Add directives for numerically specifying GIDs/UIDs + +The already present directives (FileOwner, FileGroup, DirOwner, +DirGroup) translate names to numerical IDs, which depends on the user +information being available during rsyslog's startup. This can fail if +the information is obtained over a network or from a service such as +SSSD. The new directives provide a way to specify the numerical IDs +directly and bypass the lookup. +--- + doc/omfile.html | 12 ++++++++++++ + doc/rsyslog_conf_global.html | 4 ++++ + tools/omfile.c | 16 ++++++++++++++++ + 3 files changed, 32 insertions(+) + +diff --git a/doc/omfile.html b/doc/omfile.html +index 0f64f26..5f839fe 100644 +--- a/doc/omfile.html ++++ b/doc/omfile.html +@@ -53,15 +53,27 @@ +
  • DirOwner
    + Set the file owner for directories newly created. Please note that this setting does not affect the owner of directories already existing. The parameter is a user name, for which the userid is obtained by rsyslogd during startup processing. Interim changes to the user mapping are not detected.

    • + ++
  • DirOwnerNum
    ++ Set the file owner for directories newly created. Please note that this setting does not affect the owner of directories already existing. The parameter is a numerical ID, which is used regardless of whether the user actually exists. This can be useful if the user mapping is not available to rsyslog during startup.

    • ++ +
  • DirGroup
    + Set the group for directories newly created. Please note that this setting does not affect the group of directories already existing. The parameter is a group name, for which the groupid is obtained by rsyslogd on during startup processing. Interim changes to the user mapping are not detected.

    • + ++
  • DirGroupNum
    ++ Set the group for directories newly created. Please note that this setting does not affect the group of directories already existing. The parameter is a numerical ID, which is used regardless of whether the group actually exists. This can be useful if the group mapping is not available to rsyslog during startup.

    • ++ +
  • FileOwner
    + Set the file owner for files newly created. Please note that this setting does not affect the owner of files already existing. The parameter is a user name, for which the userid is obtained by rsyslogd during startup processing. Interim changes to the user mapping are not detected.

    • + ++
  • FileOwnerNum
    ++ Set the file owner for files newly created. Please note that this setting does not affect the owner of files already existing. The parameter is a numerical ID, which which is used regardless of whether the user actually exists. This can be useful if the user mapping is not available to rsyslog during startup.

    • ++ +
  • FileGroup
    + Set the group for files newly created. Please note that this setting does not affect the group of files already existing. The parameter is a group name, for which the groupid is obtained by rsyslogd during startup processing. Interim changes to the user mapping are not detected.

    • + ++
  • $FileGroupNum
    ++ Set the group for files newly created. Please note that this setting does not affect the group of files already existing. The parameter is a numerical ID, which is used regardless of whether the group actually exists. This can be useful if the group mapping is not available to rsyslog during startup.

    • ++ +
  • DirCreateMode [defaul 0700]
    + This is the same as $FileCreateMode, but for directories automatically generated.

    • + +diff --git a/doc/rsyslog_conf_global.html b/doc/rsyslog_conf_global.html +index e48ed6d..b9a2ba2 100644 +--- a/doc/rsyslog_conf_global.html ++++ b/doc/rsyslog_conf_global.html +@@ -136,7 +136,9 @@ our paper on using multiple rule sets in rsyslog$CreateDirs [on/off] - create directories on an as-needed basis +
  • $DirCreateMode
    • +
  • $DirGroup
    • ++
  • $DirGroupNum
    • +
  • $DirOwner
    • ++
  • $DirOwnerNum
    • +
  • $DropMsgsWithMaliciousDnsPTRRecords
    • +
  • $DropTrailingLFOnReception
    • +
  • $DynaFileCacheSize
    • +@@ -148,7 +150,9 @@ our paper on using multiple rule sets in rsyslog$FailOnChownFailure +
  • $FileCreateMode
    • +
  • $FileGroup
    • ++
  • $FileGroupNum
    • +
  • $FileOwner
    • ++
  • $FileOwnerNum
    • +
  • $GenerateConfigGraph
    • +
  • $GssForwardServiceName
    • +
  • $GssListenServiceName
    • +diff --git a/tools/omfile.c b/tools/omfile.c +index 3dca347..fd14cb5 100644 +--- a/tools/omfile.c ++++ b/tools/omfile.c +@@ -233,9 +233,13 @@ static struct cnfparamdescr actpdescr[] = { + { "flushontxend", eCmdHdlrBinary, 0 }, /* legacy: omfileflushontxend */ + { "iobuffersize", eCmdHdlrSize, 0 }, /* legacy: omfileiobuffersize */ + { "dirowner", eCmdHdlrUID, 0 }, /* legacy: dirowner */ ++ { "dirownernum", eCmdHdlrInt, 0 }, /* legacy: dirownernum */ + { "dirgroup", eCmdHdlrGID, 0 }, /* legacy: dirgroup */ ++ { "dirgroupnum", eCmdHdlrInt, 0 }, /* legacy: dirgroupnum */ + { "fileowner", eCmdHdlrUID, 0 }, /* legacy: fileowner */ ++ { "fileownernum", eCmdHdlrInt, 0 }, /* legacy: fileownernum */ + { "filegroup", eCmdHdlrGID, 0 }, /* legacy: filegroup */ ++ { "filegroupnum", eCmdHdlrInt, 0 }, /* legacy: filegroupnum */ + { "dircreatemode", eCmdHdlrFileCreateMode, 0 }, /* legacy: dircreatemode */ + { "filecreatemode", eCmdHdlrFileCreateMode, 0 }, /* legacy: filecreatemode */ + { "failonchownfailure", eCmdHdlrBinary, 0 }, /* legacy: failonchownfailure */ +@@ -1139,12 +1143,20 @@ CODESTARTnewActInst + pData->iIOBufSize = (int) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "dirowner")) { + pData->dirUID = (int) pvals[i].val.d.n; ++ } else if(!strcmp(actpblk.descr[i].name, "dirownernum")) { ++ pData->dirUID = (int) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "dirgroup")) { + pData->dirGID = (int) pvals[i].val.d.n; ++ } else if(!strcmp(actpblk.descr[i].name, "dirgroupnum")) { ++ pData->dirGID = (int) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "fileowner")) { + pData->fileUID = (int) pvals[i].val.d.n; ++ } else if(!strcmp(actpblk.descr[i].name, "fileownernum")) { ++ pData->fileUID = (int) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "filegroup")) { + pData->fileGID = (int) pvals[i].val.d.n; ++ } else if(!strcmp(actpblk.descr[i].name, "filegroupnum")) { ++ pData->fileGID = (int) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "dircreatemode")) { + pData->fDirCreateMode = (int) pvals[i].val.d.n; + } else if(!strcmp(actpblk.descr[i].name, "filecreatemode")) { +@@ -1377,9 +1389,13 @@ INITLegCnfVars + CHKiRet(omsdRegCFSLineHdlr((uchar *)"omfileflushontxend", 0, eCmdHdlrBinary, NULL, &cs.bFlushOnTXEnd, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"omfileiobuffersize", 0, eCmdHdlrSize, NULL, &cs.iIOBufSize, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"dirowner", 0, eCmdHdlrUID, NULL, &cs.dirUID, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"dirownernum", 0, eCmdHdlrInt, NULL, &cs.dirUID, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"dirgroup", 0, eCmdHdlrGID, NULL, &cs.dirGID, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"dirgroupnum", 0, eCmdHdlrInt, NULL, &cs.dirGID, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"fileowner", 0, eCmdHdlrUID, NULL, &cs.fileUID, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"fileownernum", 0, eCmdHdlrInt, NULL, &cs.fileUID, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"filegroup", 0, eCmdHdlrGID, NULL, &cs.fileGID, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"filegroupnum", 0, eCmdHdlrInt, NULL, &cs.fileGID, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"dircreatemode", 0, eCmdHdlrFileCreateMode, NULL, &cs.fDirCreateMode, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"filecreatemode", 0, eCmdHdlrFileCreateMode, NULL, &cs.fCreateMode, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"createdirs", 0, eCmdHdlrBinary, NULL, &cs.bCreateDirs, STD_LOADABLE_MODULE_ID)); +-- +1.8.4.3 + diff --git a/SOURCES/rsyslog-7.4.7-omelasticsearch-atomic-inst.patch b/SOURCES/rsyslog-7.4.7-omelasticsearch-atomic-inst.patch new file mode 100644 index 0000000..a553cf8 --- /dev/null +++ b/SOURCES/rsyslog-7.4.7-omelasticsearch-atomic-inst.patch @@ -0,0 +1,48 @@ +From c1cae8d67c58d723bff0d6c47b9991d24289e209 Mon Sep 17 00:00:00 2001 +From: Tomas Heinrich +Date: Sun, 12 Jan 2014 22:10:00 +0100 +Subject: [PATCH] bugfix: omelasticsearch did not compile on platforms without + atomic instructions + +Adapted from from http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=16207e3d55ac6bb15af6d50791d2c7462816de57 +--- + plugins/omelasticsearch/omelasticsearch.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c +index b82968d..cc3c203 100644 +--- a/plugins/omelasticsearch/omelasticsearch.c ++++ b/plugins/omelasticsearch/omelasticsearch.c +@@ -608,7 +608,7 @@ curlPost(instanceData *pData, uchar *message, int msglen, uchar **tpls, int nmsg + case CURLE_COULDNT_RESOLVE_PROXY: + case CURLE_COULDNT_CONNECT: + case CURLE_WRITE_ERROR: +- STATSCOUNTER_INC(indexHTTPReqFail, mutHTTPReqFail); ++ STATSCOUNTER_INC(indexHTTPReqFail, mutIndexHTTPReqFail); + indexHTTPFail += nmsgs; + DBGPRINTF("omelasticsearch: we are suspending ourselfs due " + "to failure %lld of curl_easy_perform()\n", +@@ -1001,16 +1001,16 @@ CODEmodInit_QueryRegCFSLineHdlr + /* support statistics gathering */ + CHKiRet(statsobj.Construct(&indexStats)); + CHKiRet(statsobj.SetName(indexStats, (uchar *)"omelasticsearch")); +- STATSCOUNTER_INIT(indexSubmit, mutCtrIndexSubmit); ++ STATSCOUNTER_INIT(indexSubmit, mutIndexSubmit); + CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"submitted", + ctrType_IntCtr, &indexSubmit)); +- STATSCOUNTER_INIT(indexHTTPFail, mutCtrIndexHTTPFail); ++ STATSCOUNTER_INIT(indexHTTPFail, mutIndexHTTPFail); + CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.http", + ctrType_IntCtr, &indexHTTPFail)); +- STATSCOUNTER_INIT(indexHTTPReqFail, mutCtrIndexHTTPReqFail); ++ STATSCOUNTER_INIT(indexHTTPReqFail, mutIndexHTTPReqFail); + CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.httprequests", + ctrType_IntCtr, &indexHTTPReqFail)); +- STATSCOUNTER_INIT(indexESFail, mutCtrIndexESFail); ++ STATSCOUNTER_INIT(indexESFail, mutIndexESFail); + CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.es", + ctrType_IntCtr, &indexESFail)); + CHKiRet(statsobj.ConstructFinalize(indexStats)); +-- +1.8.4.3 + diff --git a/SOURCES/rsyslog.conf b/SOURCES/rsyslog.conf index 6972b4d..735472d 100644 --- a/SOURCES/rsyslog.conf +++ b/SOURCES/rsyslog.conf @@ -1,4 +1,4 @@ -# rsyslog v5 configuration file +# rsyslog configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html @@ -8,7 +8,7 @@ # The imjournal module bellow is now used as a message source instead of imuxsock. $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal -$ModLoad imklog # provides kernel logging support (previously done by rklogd) +#$ModLoad imklog # reads kernel messages (the same are read from journald) #$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception diff --git a/SPECS/rsyslog.spec b/SPECS/rsyslog.spec index e7441ad..c71e53f 100644 --- a/SPECS/rsyslog.spec +++ b/SPECS/rsyslog.spec @@ -1,5 +1,3 @@ -%global _exec_prefix %{nil} -%global _libdir %{_exec_prefix}/%{_lib} %define rsyslog_statedir %{_sharedstatedir}/rsyslog %define rsyslog_pkidir %{_sysconfdir}/pki/rsyslog %if 0%{?rhel} >= 7 @@ -14,8 +12,8 @@ Summary: Enhanced system logging and kernel message trapping daemon Name: rsyslog -Version: 7.4.2 -Release: 4%{?dist} +Version: 7.4.7 +Release: 6%{?dist} License: (GPLv3+ and ASL 2.0) Group: System Environment/Daemons URL: http://www.rsyslog.com/ @@ -28,13 +26,22 @@ Patch0: rsyslog-7.4.1-sd-service.patch Patch1: rsyslog-7.2.2-manpage-dbg-mode.patch # prevent modification of trusted properties (proposed upstream) Patch2: rsyslog-7.2.1-msg_c_nonoverwrite_merge.patch +# sent upstream +Patch3: rsyslog-7.4.7-bz1053669-imuxsock-wrn.patch +# sent upstream +Patch5: rsyslog-7.4.7-bz1030044-remove-ads.patch # merged upstream -Patch3: rsyslog-7.3.15-imuxsock-warning.patch -Patch4: rsyslog-7.4.2-imuxsock-rfc3339.patch +Patch6: rsyslog-7.4.7-numeric-uid.patch +# adapted from http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=16207e3d55ac6bb15af6d50791d2c7462816de57 +Patch7: rsyslog-7.4.7-omelasticsearch-atomic-inst.patch +Patch8: rsyslog-7.4.7-bz1052266-dont-link-libee.patch +Patch9: rsyslog-7.4.7-bz1054171-omjournal-warning.patch +Patch10: rsyslog-7.4.7-bz1038136-imjournal-message-loss.patch BuildRequires: bison BuildRequires: flex BuildRequires: json-c-devel +BuildRequires: libestr-devel >= 0.1.9 BuildRequires: libuuid-devel BuildRequires: pkgconfig BuildRequires: python-docutils @@ -84,7 +91,7 @@ Requires: %name = %version-%release Summary: Log normalization support for rsyslog Group: System Environment/Daemons Requires: %name = %version-%release -BuildRequires: libestr-devel libee-devel liblognorm-devel +BuildRequires: libee-devel liblognorm-devel %package mmaudit Summary: Message modification module supporting Linux audit format @@ -106,6 +113,7 @@ BuildRequires: libdbi-devel Summary: MySQL support for rsyslog Group: System Environment/Daemons Requires: %name = %version-%release +BuildRequires: mysql >= 4.0 BuildRequires: mysql-devel >= 4.0 %if %{want_mongodb} @@ -169,7 +177,7 @@ advanced features suitable for enterprise-class, encryption-protected syslog relay chains. %description crypto -This package containes a module providing log file encryption and a +This package contains a module providing log file encryption and a command line tool to process encrypted logs. %description doc @@ -253,7 +261,12 @@ of source ports. %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 %build %ifarch sparc64 @@ -335,6 +348,9 @@ rm -f %{buildroot}%{_libdir}/rsyslog/*.la # get rid of socket activation by default sed -i '/^Alias/s/^/;/;/^Requires=syslog.socket/s/^/;/' %{buildroot}%{_unitdir}/rsyslog.service +# convert line endings from "\r\n" to "\n" +cat tools/recover_qi.pl | tr -d '\r' > %{buildroot}%{_bindir}/rsyslog-recover-qi.pl + %post for n in /var/log/{messages,secure,maillog,spooler} do @@ -357,7 +373,9 @@ done %dir %{rsyslog_statedir} %dir %{rsyslog_pkidir} %{_sbindir}/rsyslogd -%{_mandir}/*/* +%attr(755,root,root) %{_bindir}/rsyslog-recover-qi.pl +%{_mandir}/man5/rsyslog.conf.5.gz +%{_mandir}/man8/rsyslogd.8.gz %{_unitdir}/rsyslog.service %config(noreplace) %{_sysconfdir}/rsyslog.conf %config(noreplace) %{_sysconfdir}/sysconfig/rsyslog @@ -396,10 +414,13 @@ done %{_libdir}/rsyslog/pmsnare.so %files crypto +%defattr(-,root,root) %{_bindir}/rscryutil +%{_mandir}/man1/rscryutil.1.gz %{_libdir}/rsyslog/lmcry_gcry.so %files doc +%defattr(-,root,root) %doc doc/*html %files elasticsearch @@ -479,6 +500,68 @@ done %{_libdir}/rsyslog/omudpspoof.so %changelog +* Wed Mar 26 2014 Tomas Heinrich 7.4.7-6 +- disable the imklog plugin by default + the patch for rhbz#1038136 caused duplication of kernel messages since the + messages read by the imklog plugin were now also pulled in from journald + resolves: #1078654 + +* Wed Feb 19 2014 Tomas Heinrich 7.4.7-5 +- move the rscryutil man page to the crypto subpackage + resolves: #1056565 +- add a patch to prevent message loss in imjournal + rsyslog-7.4.7-bz1038136-imjournal-message-loss.patch + resolves: #1038136 + +* Fri Jan 24 2014 Daniel Mach - 7.4.7-4 +- Mass rebuild 2014-01-24 + +* Mon Jan 20 2014 Tomas Heinrich 7.4.7-3 +- replace rsyslog-7.3.15-imuxsock-warning.patch + with rsyslog-7.4.7-bz1053669-imuxsock-wrn.patch + resolves: #1053669 +- add rsyslog-7.4.7-bz1052266-dont-link-libee.patch to prevent + linking the main binary with libee + resolves: #1052266 +- add rsyslog-7.4.7-bz1054171-omjournal-warning.patch to fix + a condition for issuing a warning in omjournal + resolves: #1054171 +- drop the "v5" string from the conf file as it's misleading + resolves: #1040036 + +* Wed Jan 15 2014 Honza Horak - 7.4.7-2 +- Rebuild for mariadb-libs + Related: #1045013 + +* Mon Jan 06 2014 Tomas Heinrich 7.4.7-1 +- rebase to 7.4.7 + add requirement on libestr >= 0.1.9 + resolves: #836485 + resolves: #1020854 + resolves: #1040036 +- drop patch 4; not needed anymore + rsyslog-7.4.2-imuxsock-rfc3339.patch +- install the rsyslog-recover-qi.pl tool +- fix a typo in a package description +- add missing defattr directives +- add a patch to remove references to Google ads in the html docs + rsyslog-7.4.7-bz1030044-remove-ads.patch + Resolves: #1030043 +- add a patch to allow numeric specification of UIDs/GUIDs + rsyslog-7.4.7-numeric-uid.patch + resolves: #1032198 +- change the installation prefix to "/usr" + resolves: #1032223 +- fix a bad date in the changelog + resolves: #1043622 +- resolve a build issue with missing mysql_config by adding + additional BuildRequires for the mysql package +- add a patch to resolve build issue on ppc + rsyslog-7.4.7-omelasticsearch-atomic-inst.patch + +* Fri Dec 27 2013 Daniel Mach - 7.4.2-5 +- Mass rebuild 2013-12-27 + * Wed Nov 06 2013 Tomas Heinrich 7.4.2-4 - add a patch to fix issues with rfc 3339 timestamp parsing resolves: #1020826 @@ -486,7 +569,7 @@ done * Fri Jul 12 2013 Jan Safranek - 7.4.2-3 - Rebuilt for new net-snmp -* Tue Jul 10 2013 Tomas Heinrich 7.4.2-2 +* Wed Jul 10 2013 Tomas Heinrich 7.4.2-2 - make compilation of the rabbitmq plugin optional resolves: #978919