From 9e14e3558d5d81248507c8dec26ebc19060a4bb6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 14 2020 01:54:27 +0000 Subject: import rsyslog-8.1911.0-6.el8 --- diff --git a/.gitignore b/.gitignore index 7250858..ad4a527 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ +SOURCES/qpid-proton-0.31.0.tar.gz SOURCES/rsyslog-8.1911.0.tar.gz SOURCES/rsyslog-doc-8.1911.0.tar.gz diff --git a/.rsyslog.metadata b/.rsyslog.metadata index 6d4863f..1e19d69 100644 --- a/.rsyslog.metadata +++ b/.rsyslog.metadata @@ -1,2 +1,3 @@ +8714235747ec8947648448eecda57e97d3a733ce SOURCES/qpid-proton-0.31.0.tar.gz 30dfc2b99d73598788e2bd0d0ac45e16e7c3a3d5 SOURCES/rsyslog-8.1911.0.tar.gz 8bcb23571ab8011b712ccf52acee20f8940b7f03 SOURCES/rsyslog-doc-8.1911.0.tar.gz diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch b/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch index cfc0115..145378b 100644 --- a/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch +++ b/SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch @@ -1,28 +1,123 @@ -From fec4535f1c407f39d35ed4f3921662f94710a10e Mon Sep 17 00:00:00 2001 -From: Rainer Gerhards -Date: Mon, 9 Dec 2019 08:46:27 +0100 -Subject: [PATCH] core/config bugfix: false error msg when config.enabled="on" - is used +From ba5b68be84888b24918dd019b87ed9f62d7fa988 Mon Sep 17 00:00:00 2001 +From: Jiri Vymazal +Date: Tue, 11 Feb 2020 13:46:23 +0100 +Subject: [PATCH] Fixed processing of 'cofig.enabled' directive -When the 'config.enabled="on"' config parameter an invalid error message -was emitted that this parameter is not supported. However, it was still -applied properly. This commit removes the invalid error message. - -closes https://github.com/rsyslog/rsyslog/issues/4011 +Previously the directive was processed way too late which caused +false errors whenever it was set to 'off' and possibly other +problems. --- - grammar/rainerscript.c | 2 ++ - 1 file changed, 2 insertions(+) + grammar/rainerscript.c | 43+++++++++++++++++++++++---------------- + grammar/rainerscript.h | 1 + + runtime/rsconf.c | 10 +++++++++ + 3 files changed, 38 insertions(+), 18 deletions(-) diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c -index 1b8581b537..fd55360472 100644 +index 8f14bbe319..4398e6011a 100644 --- a/grammar/rainerscript.c +++ b/grammar/rainerscript.c -@@ -1219,6 +1219,8 @@ nvlstGetParams(struct nvlst *lst, struct cnfparamblk *params, - for(val = lst; val != NULL ; val = val->next) { - val->bUsed = 1; - } -+ } else { -+ valnode->bUsed = 1; +@@ -699,6 +699,22 @@ nvlstFindNameCStr(struct nvlst *lst, const char *const __restrict__ name) + return lst; + } + ++/* check if the nvlst is disabled, and mark config.enabled directive ++ * as used if it is not. Returns 1 if block is disabled, 0 otherwise. ++ */ ++int nvlstChkDisabled(struct nvlst *lst) ++{ ++ struct nvlst *valnode; ++ ++ if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) { ++ lst->bUsed = 1; ++ if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) { ++ return 1; ++ } ++ } ++ return 0; ++} ++ + + /* check if there are duplicate names inside a nvlst and emit + * an error message, if so. +@@ -1207,21 +1224,6 @@ nvlstGetParams(struct nvlst *lst, struct cnfparamblk *params, } } +- /* now config-system parameters (currently a bit hackish, as we +- * only have one...). -- rgerhards, 2018-01-24 +- */ +- if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) { +- if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) { +- dbgprintf("config object disabled by configuration\n"); +- /* flag all params as used to not emit error mssages */ +- bInError = 1; +- struct nvlst *val; +- for(val = lst; val != NULL ; val = val->next) { +- val->bUsed = 1; +- } +- } +- } +- + /* done parameter processing */ + if(bInError) { + if(bValsWasNULL) +@@ -4418,8 +4418,13 @@ cnfstmtNewAct(struct nvlst *lst) + struct cnfstmt* cnfstmt; + char namebuf[256]; + rsRetVal localRet; +- if((cnfstmt = cnfstmtNew(S_ACT)) == NULL) ++ if((cnfstmt = cnfstmtNew(S_ACT)) == NULL) { + goto done; ++ } ++ if (nvlstChkDisabled(lst)) { ++ dbgprintf("action disabled by configuration\n"); ++ cnfstmt->nodetype = S_NOP; ++ } + localRet = actionNewInst(lst, &cnfstmt->d.act); + if(localRet == RS_RET_OK_WARN) { + parser_errmsg("warnings occured in file '%s' around line %d", +@@ -5284,6 +5289,11 @@ includeProcessCnf(struct nvlst *const lst) + goto done; + } + ++ if (nvlstChkDisabled(lst)) { ++ DBGPRINTF("include statement disabled\n"); ++ goto done; ++ } ++ + pvals = nvlstGetParams(lst, &incpblk, NULL); + if(pvals == NULL) { + goto done; +diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h +index bfa8ee6cb9..0f8128861b 100644 +--- a/grammar/rainerscript.h ++++ b/grammar/rainerscript.h +@@ -340,6 +340,7 @@ void nvlstDestruct(struct nvlst *lst); + void nvlstPrint(struct nvlst *lst); + void nvlstChkUnused(struct nvlst *lst); + struct nvlst* nvlstFindName(struct nvlst *lst, es_str_t *name); ++int nvlstChkDisabled(struct nvlst *lst); + struct cnfobj* cnfobjNew(enum cnfobjType objType, struct nvlst *lst); + void cnfobjDestruct(struct cnfobj *o); + void cnfobjPrint(struct cnfobj *o); +diff --git a/runtime/rsconf.c b/runtime/rsconf.c +index fc0863a738..303e06365b 100644 +--- a/runtime/rsconf.c ++++ b/runtime/rsconf.c +@@ -438,6 +438,16 @@ cnfDoObj(struct cnfobj *const o) + + dbgprintf("cnf:global:obj: "); + cnfobjPrint(o); ++ ++ /* We need to check for object disabling as early as here to cover most ++ * of them at once and avoid needless initializations ++ * - jvymazal 2020-02-12 ++ */ ++ if (nvlstChkDisabled(o->nvlst)) { ++ dbgprintf("object disabled by configuration\n"); ++ return; ++ } ++ + switch(o->objType) { + case CNFOBJ_GLOBAL: + glblProcessCnf(o); diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch b/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch new file mode 100644 index 0000000..da0fc3f --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch @@ -0,0 +1,33 @@ +From: Jiri Vymazal +Date: Wed, 18 Dec 2019 09:48:15 +0100 +Subject: [PATCH] Fix race condition related to libfastjson when using DA queue + +Rsyslogd aborts when writing to disk queue from multiple workers simultaneously. +It is assumed that libfastjson is not thread-safe. +Resolve libfastjson race condition when writing to disk queue. + +see also https://github.com/rsyslog/rsyslog/issues/4099 +--- + runtime/msg.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/runtime/msg.c b/runtime/msg.c +index b5c17cfdd4..f9da40005f 100644 +--- a/runtime/msg.c ++++ b/runtime/msg.c +@@ -1242,11 +1242,15 @@ static rsRetVal MsgSerialize(smsg_t *pThis, strm_t *pStrm) + psz = pThis->pszStrucData; + CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("pszStrucData"), PROPTYPE_PSZ, (void*) psz)); + if(pThis->json != NULL) { ++ MsgLock(pThis); + psz = (uchar*) json_object_get_string(pThis->json); ++ MsgUnlock(pThis); + CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("json"), PROPTYPE_PSZ, (void*) psz)); + } + if(pThis->localvars != NULL) { ++ MsgLock(pThis); + psz = (uchar*) json_object_get_string(pThis->localvars); ++ MsgUnlock(pThis); + CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("localvars"), PROPTYPE_PSZ, (void*) psz)); + } + diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch b/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch new file mode 100644 index 0000000..0b12f52 --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch @@ -0,0 +1,37 @@ +From 0c69ec76d8cac47bcfa78abae86229ad63c92b0b Mon Sep 17 00:00:00 2001 +From: Jiri Vymazal +Date: Tue, 21 Jan 2020 13:58:14 +0100 +Subject: [PATCH] Fixed saving of old file_id for statefiles + +Previously we saved old file_id unconditionally, which led to not +deleting old statefiles if files changes without rsyslog running. +Now it should work correctly. +--- + plugins/imfile/imfile.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c +index 908bb5901c..5ad44f6c59 100644 +--- a/plugins/imfile/imfile.c ++++ b/plugins/imfile/imfile.c +@@ -1258,8 +1258,8 @@ get_file_id_hash(const char *data, size_t lendata, + static void ATTR_NONNULL(1) + getFileID(act_obj_t *const act) + { +- /* save the old id for cleaning purposes */ +- strncpy(act->file_id_prev, (const char*)act->file_id, FILE_ID_HASH_SIZE); ++ char tmp_id[FILE_ID_HASH_SIZE]; ++ strncpy(tmp_id, (const char*)act->file_id, FILE_ID_HASH_SIZE); + act->file_id[0] = '\0'; + assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */ + char filedata[FILE_ID_SIZE]; +@@ -1270,6 +1270,9 @@ getFileID(act_obj_t *const act) + } else { + DBGPRINTF("getFileID partial or error read, ret %d\n", r); + } ++ if (strncmp(tmp_id, act->file_id, FILE_ID_HASH_SIZE)) {/* save the old id for cleaning purposes */ ++ strncpy(act->file_id_prev, tmp_id, FILE_ID_HASH_SIZE); ++ } + DBGPRINTF("getFileID for '%s', file_id_hash '%s'\n", act->name, act->file_id); + } + diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch b/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch new file mode 100644 index 0000000..e95c892 --- /dev/null +++ b/SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch @@ -0,0 +1,24 @@ +From 89ff6436b55cd81c54dcb076490b0c4de98d508d Mon Sep 17 00:00:00 2001 +From: Jiri Vymazal +Date: Tue, 9 Jun 2020 12:09:59 +0200 +Subject: [PATCH] Fixing imfile segfaulting on selinux denial + +If imfile is denied access to file watched trough symlink there is +unchecked condition resulting in access to not initialized memory. +--- + plugins/imfile/imfile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c +index f360bd290b..21d6546552 100644 +--- a/plugins/imfile/imfile.c ++++ b/plugins/imfile/imfile.c +@@ -732,7 +732,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file, + } else { /* reporting only in debug for dirs as higher lvl paths are likely blocked by selinux */ + DBGPRINTF("imfile: error accessing directory '%s'", name); + } +- FINALIZE; ++ ABORT_FINALIZE(RS_RET_NO_FILE_ACCESS); + } + DBGPRINTF("add new active object '%s' in '%s'\n", name, edge->path); + CHKmalloc(act = calloc(sizeof(act_obj_t), 1)); diff --git a/SOURCES/rsyslog.conf b/SOURCES/rsyslog.conf index c4ac740..06b19d1 100644 --- a/SOURCES/rsyslog.conf +++ b/SOURCES/rsyslog.conf @@ -12,7 +12,7 @@ module(load="imuxsock" # provides support for local system logging (e.g. via module(load="imjournal" # provides access to the systemd journal StateFile="imjournal.state") # File to store the position in the journal #module(load="imklog") # reads kernel messages (the same are read from journald) -#module(load"immark") # provides --MARK-- message capability +#module(load="immark") # provides --MARK-- message capability # Provides UDP syslog reception # for parameters see http://www.rsyslog.com/doc/imudp.html diff --git a/SPECS/rsyslog.spec b/SPECS/rsyslog.spec index 5c5629c..ecbc2e2 100644 --- a/SPECS/rsyslog.spec +++ b/SPECS/rsyslog.spec @@ -6,7 +6,7 @@ Summary: Enhanced system logging and kernel message trapping daemon Name: rsyslog Version: 8.1911.0 -Release: 3%{?dist} +Release: 6%{?dist} License: (GPLv3+ and ASL 2.0) Group: System Environment/Daemons ExcludeArch: i686 @@ -16,6 +16,7 @@ Source1: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.ta Source2: rsyslog.conf Source3: rsyslog.sysconfig Source4: rsyslog.log +Source5: qpid-proton-0.31.0.tar.gz BuildRequires: autoconf BuildRequires: automake @@ -50,6 +51,9 @@ Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch Patch2: rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch Patch3: rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch Patch4: rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch +Patch5: rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch +Patch6: rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch +Patch7: rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch %package crypto Summary: Encryption support @@ -117,6 +121,20 @@ Group: System Environment/Daemons Requires: %name = %version-%release BuildRequires: mariadb-connector-c-devel +%package omamqp1 +Summary: AMQP1 support for rsyslog +Group: System Environment/Daemons +Requires: %name = %version-%release +Requires: cyrus-sasl-lib +Requires: openssl-libs +BuildRequires: cmake +BuildRequires: make +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: cyrus-sasl-devel +BuildRequires: openssl-devel +BuildRequires: python3 + %package pgsql Summary: PostgresSQL support for rsyslog Group: System Environment/Daemons @@ -191,6 +209,10 @@ modifies them so that they look like they originated from the read originator. The rsyslog-mysql package contains a dynamic shared object that will add MySQL database support to rsyslog. +%description omamqp1 +The rsyslog-omamqp1 package contains a dynamic shared object that will add +AMQP1 support to rsyslog. + %description pgsql The rsyslog-pgsql package contains a dynamic shared object that will add PostgreSQL database support to rsyslog. @@ -220,16 +242,44 @@ mv build doc # set up rsyslog sources %setup -q -D +%setup -q -D -T -b 5 %patch0 -p1 -b .service %patch1 -p1 -b .default-tag %patch2 -p1 -b .imfile-statefiles %patch3 -p1 -b .deny-expired-certs %patch4 -p1 -b .config-enabled-on +%patch5 -p1 -b .serialize-json +%patch6 -p1 -b .imfile-id +%patch7 -p1 -b .imfile-selinux-symlink %build %ifarch sparc64 #sparc64 need big PIE +export CFLAGS="$RPM_OPT_FLAGS -fPIC" +%else +export CFLAGS="$RPM_OPT_FLAGS -fpic" +%endif +# build the proton first +( + cd %{_builddir}/qpid-proton-0.31.0 + mkdir bld + cd bld + + # Need ENABLE_FUZZ_TESTING=NO to avoid a link failure + # Find python include dir and python library from + # https://stackoverflow.com/questions/24174394/cmake-is-not-able-to-find-python-libraries + cmake .. \ + -DBUILD_BINDINGS="" \ + -DBUILD_STATIC_LIBS=YES \ + -DENABLE_FUZZ_TESTING=NO \ + -DPYTHON_INCLUDE_DIR=$(python3 -c "from distutils.sysconfig import get_python_inc; print(get_python_inc())") \ + -DPYTHON_LIBRARY=$(python3 -c "import distutils.sysconfig as sysconfig; print(sysconfig.get_config_var('LIBDIR'))") \ + -DCMAKE_AR="/usr/bin/gcc-ar" -DCMAKE_NM="/usr/bin/gcc-nm" -DCMAKE_RANLIB="/usr/bin/gcc-ranlib" + make -j8 +) +%ifarch sparc64 +#sparc64 need big PIE export CFLAGS="$RPM_OPT_FLAGS -fPIE" %else export CFLAGS="$RPM_OPT_FLAGS -fpie" @@ -262,6 +312,7 @@ autoreconf -if --enable-mmsnmptrapd \ --enable-mmutf8fix \ --enable-mysql \ + --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.31.0/bld/c/include" \ --enable-omhttp \ --enable-omjournal \ --enable-omkafka \ @@ -417,6 +468,9 @@ done %doc %{rsyslog_docdir}/mysql-createDB.sql %{_libdir}/rsyslog/ommysql.so +%files omamqp1 +%{_libdir}/rsyslog/omamqp1.so + %files pgsql %doc %{rsyslog_docdir}/pgsql-createDB.sql %{_libdir}/rsyslog/ompgsql.so @@ -430,6 +484,27 @@ done %changelog +* Thu Jun 18 2020 Jiri Vymazal - 8.1911.0-6 + RHEL 8.3.0 ERRATUM +- added patch preventing imfile crash when selinux blocks symlink + access + resolves: rhbz#1843994 +- fixed config-enabled patch + resolves: rhbz#1659383 + +* Thu Jun 04 2020 Jiri Vymazal - 8.1911.0-5 + RHEL 8.3.0 ERRATUM +- added qpid-proton as another source and enabled omamqp1 module + in a separate sub-package with it statically linked + resolves: rhbz#1713427 +- extended config.enabled patch to cover rest of the cases + resolves: rhbz#1659383 +- added patch making json serialization thread-safe + resolves: rhbz#1789675 +- added another patch for imfile state-files id + resolves: rhbz#1793569 +- fixed typo in commend-out part of default rsyslog.conf + * Wed Dec 11 2019 Jiri Vymazal - 8.1911.0-3 RHEL 8.2.0 ERRATUM - added patch reverting rejecting expired certs by default