diff --git a/backport-Deallocate-outchannel-resources-in-rsconf-destructor.patch b/backport-Deallocate-outchannel-resources-in-rsconf-destructor.patch new file mode 100644 index 0000000000000000000000000000000000000000..0e1b8309527601967264d502b7a7506c16c256fd --- /dev/null +++ b/backport-Deallocate-outchannel-resources-in-rsconf-destructor.patch @@ -0,0 +1,39 @@ +From 4fc5ed645a125661ce773ecf5376df5062305976 Mon Sep 17 00:00:00 2001 +From: alakatos +Date: Tue, 30 Nov 2021 18:13:23 +0100 +Subject: [PATCH] Deallocate outchannel resources in rsconf destructor + +Conflict:NA +Reference:https://github.com/rsyslog/rsyslog/commit/4fc5ed645a125661ce773ecf5376df5062305976 +--- + outchannel.c | 4 ++++ + runtime/rsconf.c | 1 + + 2 files changed, 5 insertions(+) + +diff --git a/outchannel.c b/outchannel.c +index db78d93763..ba5809f4af 100644 +--- a/outchannel.c ++++ b/outchannel.c +@@ -272,6 +272,10 @@ void ochDeleteAll(void) + pOch = pOch->pNext; + if(pOchDel->pszName != NULL) + free(pOchDel->pszName); ++ if(pOchDel->pszFileTemplate != NULL) ++ free(pOchDel->pszFileTemplate); ++ if(pOchDel->cmdOnSizeLimit != NULL) ++ free(pOchDel->cmdOnSizeLimit); + free(pOchDel); + } + } +diff --git a/runtime/rsconf.c b/runtime/rsconf.c +index 3042a16849..6eb7042526 100644 +--- a/runtime/rsconf.c ++++ b/runtime/rsconf.c +@@ -240,6 +240,7 @@ CODESTARTobjDestruct(rsconf) + tplDeleteAll(pThis); + dynstats_destroyAllBuckets(); + perctileBucketsDestruct(); ++ ochDeleteAll(); + free(pThis->globals.mainQ.pszMainMsgQFName); + free(pThis->globals.pszConfDAGFile); + lookupDestroyCnf(); diff --git a/backport-Fix-Segmentation-fault-in-close-journal.patch b/backport-Fix-Segmentation-fault-in-close-journal.patch new file mode 100644 index 0000000000000000000000000000000000000000..c63971948fe51f77b3f9266d1753cb26debeebbb --- /dev/null +++ b/backport-Fix-Segmentation-fault-in-close-journal.patch @@ -0,0 +1,29 @@ +From eab250be3701b6aa5ccc65f2f79fd5b41f08b2b2 Mon Sep 17 00:00:00 2001 +From: "t.feng" +Date: Mon, 8 Aug 2022 11:36:59 +0800 +Subject: [PATCH] Fix Segmentation fault in close journal + +Conflict:NA +Reference:https://github.com/rsyslog/rsyslog/commit/eab250be3701b6aa5ccc65f2f79fd5b41f08b2b2 + +--- + plugins/imjournal/imjournal.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c +index 53034fe..6fb3b7a 100644 +--- a/plugins/imjournal/imjournal.c ++++ b/plugins/imjournal/imjournal.c +@@ -1001,7 +1001,9 @@ CODESTARTafterRun + persistJournalState(); + } + closeJournal(); +- ratelimitDestruct(ratelimiter); ++ if (ratelimiter) { ++ ratelimitDestruct(ratelimiter); ++ } + ENDafterRun + + +-- +2.23.0 \ No newline at end of file diff --git a/backport-Terminate-all-tcpsrv-threads-properly.patch b/backport-Terminate-all-tcpsrv-threads-properly.patch new file mode 100644 index 0000000000000000000000000000000000000000..132f0fb46c674ddbe373ce4f34f17c33665e6bb9 --- /dev/null +++ b/backport-Terminate-all-tcpsrv-threads-properly.patch @@ -0,0 +1,30 @@ +From 178a36c9b497a78855e1eda03550c3089473ace7 Mon Sep 17 00:00:00 2001 +From: Gabor Orosz +Date: Fri, 14 Jan 2022 19:58:17 +0000 +Subject: [PATCH] Terminate all tcpsrv threads properly + +Graceful shutdown of Rsyslog could lead to segmentation faults when +multiple imtcp inputs are being used. That is because the rest of the +tcpsrv threads are left behind running, while their underlying objects +are being disposed by the main thread as part of the module +de-initialization. + +Signed-off-by: Gabor Orosz +Conflict:NA +Reference:https://github.com/rsyslog/rsyslog/commit/178a36c9b497a78855e1eda03550c3089473ace7 +--- + plugins/imtcp/imtcp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c +index 0e689a28d8..a6256acad8 100644 +--- a/plugins/imtcp/imtcp.c ++++ b/plugins/imtcp/imtcp.c +@@ -1007,6 +1007,7 @@ CODESTARTrunInput + iRet = tcpsrv.Run(tcpsrv_root->tcpsrv); + + /* de-init remaining servers */ ++ etry = tcpsrv_root->next; + while(etry != NULL) { + stopSrvWrkr(etry); + etry = etry->next; diff --git a/backport-add-support-for-permittedPeers-setting-at-input.patch b/backport-add-support-for-permittedPeers-setting-at-input.patch new file mode 100644 index 0000000000000000000000000000000000000000..cd44222b9ceb65cbadb76e1304e49344ef2e3b77 --- /dev/null +++ b/backport-add-support-for-permittedPeers-setting-at-input.patch @@ -0,0 +1,210 @@ +From f83306fe2a58708455e5f3b83679aca22f1283d2 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Fri, 22 Oct 2021 18:02:23 +0200 +Subject: [PATCH] imtcp: add support for permittedPeers setting at input() + level + +The permittedPeers settig was actually forgotten during the refactoring +of TLS input() level settings. This functionality is now added. + +closes: https://github.com/rsyslog/rsyslog/issues/4706 +Conflict:NA +Reference:https://github.com/rsyslog/rsyslog/commit/f83306fe2a58708455e5f3b83679aca22f1283d2 +--- + plugins/imtcp/imtcp.c | 53 +++++++++++++++++++++++++++---------------- + runtime/nsd_ossl.c | 1 + + runtime/tcps_sess.c | 2 ++ + 3 files changed, 36 insertions(+), 20 deletions(-) + +diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c +index 06774069c4..98a060e4c9 100644 +--- a/plugins/imtcp/imtcp.c ++++ b/plugins/imtcp/imtcp.c +@@ -63,7 +63,7 @@ + #include "tcpsrv.h" + #include "ruleset.h" + #include "rainerscript.h" +-#include "net.h" /* for permittedPeers, may be removed when this is removed */ ++#include "net.h" + #include "parserif.h" + + MODULE_TYPE_INPUT +@@ -144,6 +144,7 @@ struct instanceConf_s { + uchar *pszStrmDrvrCAFile; + uchar *pszStrmDrvrKeyFile; + uchar *pszStrmDrvrCertFile; ++ permittedPeers_t *pPermPeersRoot; + uchar *gnutlsPriorityString; + int iStrmDrvrExtendedCertCheck; + int iStrmDrvrSANPreference; +@@ -183,7 +184,7 @@ struct modConfData_s { + uchar *pszStrmDrvrCAFile; + uchar *pszStrmDrvrKeyFile; + uchar *pszStrmDrvrCertFile; +- struct cnfarray *permittedPeers; ++ permittedPeers_t *pPermPeersRoot; + sbool configSetViaV2Method; + sbool bPreserveCase; /* preserve case of fromhost; true by default */ + }; +@@ -251,6 +252,7 @@ static struct cnfparamdescr inppdescr[] = { + { "streamdriver.cafile", eCmdHdlrString, 0 }, + { "streamdriver.keyfile", eCmdHdlrString, 0 }, + { "streamdriver.certfile", eCmdHdlrString, 0 }, ++ { "permittedpeer", eCmdHdlrArray, 0 }, + { "gnutlsprioritystring", eCmdHdlrString, 0 }, + { "keepalive", eCmdHdlrBinary, 0 }, + { "keepalive.probes", eCmdHdlrNonNegInt, 0 }, +@@ -365,6 +367,7 @@ createInstance(instanceConf_t **pinst) + inst->pszStrmDrvrCAFile = NULL; + inst->pszStrmDrvrKeyFile = NULL; + inst->pszStrmDrvrCertFile = NULL; ++ inst->pPermPeersRoot = NULL; + inst->gnutlsPriorityString = NULL; + inst->iStrmDrvrMode = loadModConf->iStrmDrvrMode; + inst->iStrmDrvrExtendedCertCheck = loadModConf->iStrmDrvrExtendedCertCheck; +@@ -451,6 +454,7 @@ addListner(modConfData_t *modConf, instanceConf_t *inst) + { + DEFiRet; + uchar *psz; /* work variable */ ++ permittedPeers_t *peers; + + tcpsrv_t *pOurTcpsrv; + CHKiRet(tcpsrv.Construct(&pOurTcpsrv)); +@@ -508,8 +512,10 @@ addListner(modConfData_t *modConf, instanceConf_t *inst) + ? modConf->pszStrmDrvrCertFile : inst->pszStrmDrvrCertFile; + CHKiRet(tcpsrv.SetDrvrCertFile(pOurTcpsrv, psz)); + +- if(pPermPeersRoot != NULL) { +- CHKiRet(tcpsrv.SetDrvrPermPeers(pOurTcpsrv, pPermPeersRoot)); ++ peers = (inst->pPermPeersRoot == NULL) ++ ? modConf->pPermPeersRoot : inst->pPermPeersRoot; ++ if(peers != NULL) { ++ CHKiRet(tcpsrv.SetDrvrPermPeers(pOurTcpsrv, peers)); + } + + /* initialized, now add socket and listener params */ +@@ -608,6 +614,12 @@ CODESTARTnewInpInst + inst->pszStrmDrvrName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(inppblk.descr[i].name, "gnutlsprioritystring")) { + inst->gnutlsPriorityString = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); ++ } else if(!strcmp(inppblk.descr[i].name, "permittedpeer")) { ++ for(int j = 0 ; j < pvals[i].val.d.ar->nmemb ; ++j) { ++ uchar *const peer = (uchar*) es_str2cstr(pvals[i].val.d.ar->arr[j], NULL); ++ CHKiRet(net.AddPermittedPeer(&inst->pPermPeersRoot, peer)); ++ free(peer); ++ } + } else if(!strcmp(inppblk.descr[i].name, "flowcontrol")) { + inst->bUseFlowControl = (int) pvals[i].val.d.n; + } else if(!strcmp(inppblk.descr[i].name, "disablelfdelimiter")) { +@@ -689,7 +701,7 @@ CODESTARTbeginCnfLoad + loadModConf->pszStrmDrvrCAFile = NULL; + loadModConf->pszStrmDrvrKeyFile = NULL; + loadModConf->pszStrmDrvrCertFile = NULL; +- loadModConf->permittedPeers = NULL; ++ loadModConf->pPermPeersRoot = NULL; + loadModConf->configSetViaV2Method = 0; + loadModConf->bPreserveCase = 1; /* default to true */ + bLegacyCnfModGlobalsPermitted = 1; +@@ -780,7 +792,11 @@ CODESTARTsetModCnf + } else if(!strcmp(modpblk.descr[i].name, "streamdriver.name")) { + loadModConf->pszStrmDrvrName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(modpblk.descr[i].name, "permittedpeer")) { +- loadModConf->permittedPeers = cnfarrayDup(pvals[i].val.d.ar); ++ for(int j = 0 ; j < pvals[i].val.d.ar->nmemb ; ++j) { ++ uchar *const peer = (uchar*) es_str2cstr(pvals[i].val.d.ar->arr[j], NULL); ++ CHKiRet(net.AddPermittedPeer(&loadModConf->pPermPeersRoot, peer)); ++ free(peer); ++ } + } else if(!strcmp(modpblk.descr[i].name, "preservecase")) { + loadModConf->bPreserveCase = (int) pvals[i].val.d.n; + } else { +@@ -818,6 +834,11 @@ CODESTARTendCnfLoad + pModConf->iKeepAliveProbes = cs.iKeepAliveProbes; + pModConf->iKeepAliveIntvl = cs.iKeepAliveIntvl; + pModConf->iKeepAliveTime = cs.iKeepAliveTime; ++ if(pPermPeersRoot != NULL) { ++ assert(pModConf->pPermPeersRoot == NULL); ++ pModConf->pPermPeersRoot = pPermPeersRoot; ++ pPermPeersRoot = NULL; /* memory handed over! */ ++ } + if((cs.pszStrmDrvrAuthMode == NULL) || (cs.pszStrmDrvrAuthMode[0] == '\0')) { + loadModConf->pszStrmDrvrAuthMode = NULL; + } else { +@@ -860,15 +881,8 @@ ENDcheckCnf + + BEGINactivateCnfPrePrivDrop + instanceConf_t *inst; +- int i; + CODESTARTactivateCnfPrePrivDrop + runModConf = pModConf; +- if(runModConf->permittedPeers != NULL) { +- for(i = 0 ; i < runModConf->permittedPeers->nmemb ; ++i) { +- setPermittedPeer(NULL, (uchar*) +- es_str2cstr(runModConf->permittedPeers->arr[i], NULL)); +- } +- } + for(inst = runModConf->root ; inst != NULL ; inst = inst->next) { + addListner(runModConf, inst); + } +@@ -899,10 +913,10 @@ CODESTARTfreeCnf + free(pModConf->pszStrmDrvrCAFile); + free(pModConf->pszStrmDrvrKeyFile); + free(pModConf->pszStrmDrvrCertFile); +- if(pModConf->permittedPeers != NULL) { +- cnfarrayContentDestruct(pModConf->permittedPeers); +- free(pModConf->permittedPeers); ++ if(pModConf->pPermPeersRoot != NULL) { ++ net.DestructPermittedPeers(&pModConf->pPermPeersRoot); + } ++ + for(inst = pModConf->root ; inst != NULL ; ) { + free((void*)inst->pszBindRuleset); + free((void*)inst->pszStrmDrvrAuthMode); +@@ -914,6 +928,9 @@ CODESTARTfreeCnf + free((void*)inst->gnutlsPriorityString); + free((void*)inst->pszInputName); + free((void*)inst->dfltTZ); ++ if(inst->pPermPeersRoot != NULL) { ++ net.DestructPermittedPeers(&inst->pPermPeersRoot); ++ } + del = inst; + inst = inst->next; + free(del); +@@ -1026,10 +1043,6 @@ ENDisCompatibleWithFeature + + BEGINmodExit + CODESTARTmodExit +- if(pPermPeersRoot != NULL) { +- net.DestructPermittedPeers(&pPermPeersRoot); +- } +- + /* release objects we used */ + objRelease(net, LM_NET_FILENAME); + objRelease(netstrm, LM_NETSTRMS_FILENAME); +diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c +index 110e11038b..03ebc0ab33 100644 +--- a/runtime/nsd_ossl.c ++++ b/runtime/nsd_ossl.c +@@ -612,6 +612,7 @@ osslChkPeerFingerprint(nsd_ossl_t *pThis, X509 *pCert) + dbgprintf("osslChkPeerFingerprint: peer's certificate MATCH found: %s\n", pPeer->pszID); + bFoundPositiveMatch = 1; + } else { ++ dbgprintf("osslChkPeerFingerprint: NOMATCH peer certificate: %s\n", pPeer->pszID); + pPeer = pPeer->pNext; + } + } +diff --git a/runtime/tcps_sess.c b/runtime/tcps_sess.c +index b12d873019..9e5dbcc5cb 100644 +--- a/runtime/tcps_sess.c ++++ b/runtime/tcps_sess.c +@@ -444,8 +444,10 @@ processDataRcvd(tcps_sess_t *pThis, + } + } else { + assert(pThis->inputState == eInMsg); ++ #if 0 // set to 1 for ultra-verbose + DBGPRINTF("DEBUG: processDataRcvd c=%c remain=%d\n", + c, pThis->iOctetsRemain); ++ #endif + + if(( ((c == '\n') && !pThis->pSrv->bDisableLFDelim) + || ((pThis->pSrv->addtlFrameDelim != TCPSRV_NO_ADDTL_DELIMITER) diff --git a/backport-add-test-for-legacy-permittedPeer-statement.patch b/backport-add-test-for-legacy-permittedPeer-statement.patch new file mode 100644 index 0000000000000000000000000000000000000000..45a316d698f50076a6bfefe43eeb8142635be880 --- /dev/null +++ b/backport-add-test-for-legacy-permittedPeer-statement.patch @@ -0,0 +1,78 @@ +From 202e10e24ca658f91c3aef87c017e8f0525744b5 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Mon, 25 Oct 2021 09:18:44 +0200 +Subject: [PATCH] testbench: add test for legacy permittedPeer statement + +This is required to ensure backwards compatibility when doing changes +to the networking subsystem. So far this was not covered by any test. + +Conflict:NA +Reference:https://github.com/rsyslog/rsyslog/commit/202e10e24ca658f91c3aef87c017e8f0525744b5 +--- + tests/Makefile.am | 2 ++ + tests/imtcp-tls-gtls-x509name-legacy.sh | 33 +++++++++++++++++++++++++ + 2 files changed, 35 insertions(+) + create mode 100755 tests/imtcp-tls-gtls-x509name-legacy.sh + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index a68b6eb..9cc18a4 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -1267,6 +1267,7 @@ TESTS += \ + imtcp-tls-gtls-x509fingerprint.sh \ + imtcp-tls-gtls-x509name-invld.sh \ + imtcp-tls-gtls-x509name.sh \ ++ imtcp-tls-gtls-x509name-legacy.sh \ + imtcp-drvr-in-input-basic.sh \ + imtcp-multi-drvr-basic.sh \ + imtcp-multi-drvr-basic-parallel.sh +@@ -2130,6 +2131,7 @@ EXTRA_DIST= \ + imtcp-tls-gtls-x509fingerprint.sh \ + imtcp-tls-gtls-x509name-invld.sh \ + imtcp-tls-gtls-x509name.sh \ ++ imtcp-tls-gtls-x509name-legacy.sh \ + imtcp-drvr-in-input-basic.sh \ + imtcp-multi-drvr-basic.sh \ + imtcp-multi-drvr-basic-parallel.sh \ +diff --git a/tests/imtcp-tls-gtls-x509name-legacy.sh b/tests/imtcp-tls-gtls-x509name-legacy.sh +new file mode 100755 +index 0000000..c2c9bdd +--- /dev/null ++++ b/tests/imtcp-tls-gtls-x509name-legacy.sh +@@ -0,0 +1,33 @@ ++#!/bin/bash ++# This file is part of the rsyslog project, released under ASL 2.0 ++. ${srcdir:=.}/diag.sh init ++export NUMMESSAGES=1 ++generate_conf ++add_conf ' ++global( defaultNetstreamDriverCAFile="'$srcdir/tls-certs/ca.pem'" ++ defaultNetstreamDriverCertFile="'$srcdir/tls-certs/cert.pem'" ++ defaultNetstreamDriverKeyFile="'$srcdir/tls-certs/key.pem'" ++) ++ ++ ++# NOTE: we intentionally use legacy statements here! This *IS* what we want to test! ++$ModLoad ../plugins/imtcp/.libs/imtcp ++$inputTcpserverStreamdriverPermittedPeer rsyslog-client ++ ++input(type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port" ++ StreamDriver.Name="gtls" ++ StreamDriver.Mode="1" ++ StreamDriver.AuthMode="x509/name") ++ ++template(name="outfmt" type="string" string="%msg:F,58:2%\n") ++:msg, contains, "msgnum:" action( type="omfile" ++ template="outfmt" ++ file=`echo $RSYSLOG_OUT_LOG`) ++' ++startup ++tcpflood -p'$TCPFLOOD_PORT' -m$NUMMESSAGES -Ttls -x$srcdir/tls-certs/ca.pem -Z$srcdir/tls-certs/cert.pem -z$srcdir/tls-certs/key.pem ++wait_file_lines ++shutdown_when_empty ++wait_shutdown ++seq_check ++exit_test +-- +2.27.0 + diff --git a/backport-fix-memory-leak-in-afterRun-Code.patch b/backport-fix-memory-leak-in-afterRun-Code.patch new file mode 100644 index 0000000000000000000000000000000000000000..c042006fe985ecdeaf7df8750c540d845c43ee7c --- /dev/null +++ b/backport-fix-memory-leak-in-afterRun-Code.patch @@ -0,0 +1,96 @@ +From 1ac3312e5a1e809158a0cccd5a332d3a67562a4f Mon Sep 17 00:00:00 2001 +From: Andre lorbach +Date: Mon, 22 Nov 2021 23:08:08 +0100 +Subject: [PATCH] imtcp: fix memory leak in afterRun Code + +- tcpsrv_etry_t was left in memory, is now freed +- Fix copy&paste error for pszLstnPortFileName init +- Free cnf_params if createInstance init fails + +closes: https://github.com/rsyslog/rsyslog/issues/4646 +Conflict:NA +Reference:https://github.com/rsyslog/rsyslog/commit/1ac3312e5a1e809158a0cccd5a332d3a67562a4f +--- + plugins/imtcp/imtcp.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c +index 98a060e4c9..0e689a28d8 100644 +--- a/plugins/imtcp/imtcp.c ++++ b/plugins/imtcp/imtcp.c +@@ -350,7 +350,7 @@ createInstance(instanceConf_t **pinst) + instanceConf_t *inst = NULL; + + DEFiRet; +- CHKmalloc(inst = malloc(sizeof(instanceConf_t))); ++ CHKmalloc(inst = (instanceConf_t*) calloc(1, sizeof(instanceConf_t))); + CHKmalloc(inst->cnf_params = (tcpLstnParams_t*) calloc(1, sizeof(tcpLstnParams_t))); + inst->next = NULL; + inst->pszBindRuleset = NULL; +@@ -400,6 +400,7 @@ createInstance(instanceConf_t **pinst) + *pinst = inst; + finalize_it: + if(iRet != RS_RET_OK) { ++ free(inst->cnf_params); + free(inst); + } + RETiRet; +@@ -431,7 +432,7 @@ static rsRetVal addInstance(void __attribute__((unused)) *pVal, uchar *pNewVal) + CHKmalloc(inst->cnf_params->pszAddr = ustrdup(cs.lstnIP)); + } + if((cs.lstnPortFile == NULL) || (cs.lstnPortFile[0] == '\0')) { +- inst->cnf_params->pszAddr = NULL; ++ inst->cnf_params->pszLstnPortFileName = NULL; + } else { + CHKmalloc(inst->cnf_params->pszLstnPortFileName = ustrdup(cs.lstnPortFile)); + } +@@ -706,7 +707,6 @@ CODESTARTbeginCnfLoad + loadModConf->bPreserveCase = 1; /* default to true */ + bLegacyCnfModGlobalsPermitted = 1; + /* init legacy config variables */ +- cs.pszStrmDrvrAuthMode = NULL; + resetConfigVariables(NULL, NULL); /* dummy parameters just to fulfill interface def */ + ENDbeginCnfLoad + +@@ -906,9 +906,9 @@ ENDactivateCnf + BEGINfreeCnf + instanceConf_t *inst, *del; + CODESTARTfreeCnf ++ free(pModConf->gnutlsPriorityString); + free(pModConf->pszStrmDrvrName); + free(pModConf->pszStrmDrvrAuthMode); +- free(pModConf->gnutlsPriorityString); + free(pModConf->pszStrmDrvrPermitExpiredCerts); + free(pModConf->pszStrmDrvrCAFile); + free(pModConf->pszStrmDrvrKeyFile); +@@ -1024,12 +1024,14 @@ ENDwillRun + BEGINafterRun + CODESTARTafterRun + tcpsrv_etry_t *etry = tcpsrv_root; ++ tcpsrv_etry_t *del; + while(etry != NULL) { + iRet = tcpsrv.Destruct(&etry->tcpsrv); + // TODO: check iRet, reprot error ++ del = etry; + etry = etry->next; ++ free(del); + } +- + net.clearAllowedSenders(UCHAR_CONSTANT("TCP")); + ENDafterRun + +@@ -1068,11 +1070,11 @@ resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unus + cs.iAddtlFrameDelim = TCPSRV_NO_ADDTL_DELIMITER; + cs.maxFrameSize = 200000; + cs.bDisableLFDelim = 0; +- free(cs.pszInputName); +- cs.pszInputName = NULL; ++ cs.bPreserveCase = 1; + free(cs.pszStrmDrvrAuthMode); + cs.pszStrmDrvrAuthMode = NULL; +- cs.bPreserveCase = 1; ++ free(cs.pszInputName); ++ cs.pszInputName = NULL; + free(cs.lstnPortFile); + cs.lstnPortFile = NULL; + return RS_RET_OK; diff --git a/backport-imtcp-bugfix-legacy-config-directives-did-no-longer-work.patch b/backport-imtcp-bugfix-legacy-config-directives-did-no-longer-work.patch new file mode 100644 index 0000000000000000000000000000000000000000..ec5947964e3d2fcfe495ab8eb2764a269c26b5b3 --- /dev/null +++ b/backport-imtcp-bugfix-legacy-config-directives-did-no-longer-work.patch @@ -0,0 +1,98 @@ +From 2623a89a0c66cced8fc37ac1daa0da936005bad6 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Tue, 15 Nov 2022 15:11:50 +0100 +Subject: [PATCH] imtcp bugfix: legacy config directives did no longer work + +Many "$InputTCPServer..." config directives did no longer work +and were completely ignored (e.g. "$InputTCPServerStreamDriverMode"). + +This was a regression from a08591be5d9 (May, 5th 2021). + +closes https://github.com/rsyslog/rsyslog/issues/5021 + +Conflict:NA +Reference:https://github.com/rsyslog/rsyslog/commit/2623a89a0c66cced8fc37ac1daa0da936005bad6 +--- + plugins/imtcp/imtcp.c | 15 ++++++++++++++- + runtime/nsd_gtls.c | 3 ++- + tests/imtcp-tls-gtls-x509name-legacy.sh | 10 ++++++---- + 3 files changed, 22 insertions(+), 6 deletions(-) + +diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c +index ccc99b0..e275750 100644 +--- a/plugins/imtcp/imtcp.c ++++ b/plugins/imtcp/imtcp.c +@@ -446,6 +446,20 @@ static rsRetVal addInstance(void __attribute__((unused)) *pVal, uchar *pNewVal) + CHKmalloc(inst->pszInputName = ustrdup(cs.pszInputName)); + } + inst->cnf_params->bSuppOctetFram = cs.bSuppOctetFram; ++ inst->iStrmDrvrMode = cs.iStrmDrvrMode; ++ inst->bKeepAlive = cs.bKeepAlive ; ++ inst->bUseFlowControl = cs.bUseFlowControl; ++ inst->bDisableLFDelim = cs.bDisableLFDelim; ++ inst->bEmitMsgOnClose = cs.bEmitMsgOnClose; ++ inst->bPreserveCase = cs.bPreserveCase; ++ inst->iKeepAliveProbes = cs.iKeepAliveProbes; ++ inst->iKeepAliveIntvl = cs.iKeepAliveIntvl; ++ inst->iKeepAliveTime = cs.iKeepAliveTime; ++ inst->iKeepAliveTime = cs.iKeepAliveTime; ++ inst->iAddtlFrameDelim = cs.iAddtlFrameDelim; ++ inst->iTCPLstnMax = cs.iTCPLstnMax; ++ inst->iTCPSessMax = cs.iTCPSessMax; ++ inst->iStrmDrvrMode = cs.iStrmDrvrMode; + + finalize_it: + free(pNewVal); +@@ -952,7 +966,6 @@ RunServerThread(void *myself) + { + tcpsrv_etry_t *const etry = (tcpsrv_etry_t*) myself; + rsRetVal iRet; +- dbgprintf("RGER: running ety %p\n", etry); + iRet = tcpsrv.Run(etry->tcpsrv); + if(iRet != RS_RET_OK) { + LogError(0, iRet, "imtcp: error while terminating server; rsyslog may hang on shutdown"); +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index 65e492d..378febb 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -1430,12 +1430,13 @@ ENDobjDestruct(nsd_gtls) + * rgerhards, 2008-04-28 + */ + static rsRetVal +-SetMode(nsd_t *pNsd, int mode) ++SetMode(nsd_t *const pNsd, const int mode) + { + DEFiRet; + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + + ISOBJ_TYPE_assert((pThis), nsd_gtls); ++ dbgprintf("(tls) mode: %d\n", mode); + if(mode != 0 && mode != 1) { + LogError(0, RS_RET_INVALID_DRVR_MODE, "error: driver mode %d not supported by " + "gtls netstream driver", mode); +diff --git a/tests/imtcp-tls-gtls-x509name-legacy.sh b/tests/imtcp-tls-gtls-x509name-legacy.sh +index c2c9bdd..4e8878c 100755 +--- a/tests/imtcp-tls-gtls-x509name-legacy.sh ++++ b/tests/imtcp-tls-gtls-x509name-legacy.sh +@@ -12,12 +12,14 @@ global( defaultNetstreamDriverCAFile="'$srcdir/tls-certs/ca.pem'" + + # NOTE: we intentionally use legacy statements here! This *IS* what we want to test! + $ModLoad ../plugins/imtcp/.libs/imtcp ++$DefaultNetstreamDriver gtls + $inputTcpserverStreamdriverPermittedPeer rsyslog-client + +-input(type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port" +- StreamDriver.Name="gtls" +- StreamDriver.Mode="1" +- StreamDriver.AuthMode="x509/name") ++$InputTCPServerStreamDriverAuthMode x509/name ++$InputTCPServerStreamDriverPermittedPeer Log_Streaming_Client ++$InputTCPServerStreamDriverMode 1 ++$InputTCPServerListenPortFile '$RSYSLOG_DYNNAME'.tcpflood_port ++$InputTCPServerRun 0 + + template(name="outfmt" type="string" string="%msg:F,58:2%\n") + :msg, contains, "msgnum:" action( type="omfile" +-- +2.27.0 + diff --git a/rsyslog.spec b/rsyslog.spec index 980543d3eb5a818c5081368fc9312bfc53eedb23..9742c27fcce9ecaac559f762eecbc860af97aa20 100644 --- a/rsyslog.spec +++ b/rsyslog.spec @@ -7,7 +7,7 @@ Name: rsyslog Version: 8.2110.0 -Release: 13 +Release: 14 Summary: The rocket-fast system for log processing License: (GPLv3+ and ASL 2.0) URL: http://www.rsyslog.com/ @@ -46,6 +46,13 @@ Patch6010: backport-core-bugfix-correct-local-host-name-after-config-proces Patch6011: backport-core-bugfix-local-hostname-invalid-if-no-global-config-object-given.patch Patch6012: backport-Simplified-and-fixed-IPv4-digit-detection.patch Patch6013: backport-tcpsrv-cleanup-remove-commented-out-code.patch +Patch6014: backport-add-support-for-permittedPeers-setting-at-input.patch +Patch6015: backport-fix-memory-leak-in-afterRun-Code.patch +Patch6016: backport-Terminate-all-tcpsrv-threads-properly.patch +Patch6017: backport-Deallocate-outchannel-resources-in-rsconf-destructor.patch +Patch6018: backport-Fix-Segmentation-fault-in-close-journal.patch +Patch6019: backport-add-test-for-legacy-permittedPeer-statement.patch +Patch6020: backport-imtcp-bugfix-legacy-config-directives-did-no-longer-work.patch BuildRequires: gcc autoconf automake bison dos2unix flex pkgconfig python3-docutils libtool BuildRequires: libgcrypt-devel libuuid-devel zlib-devel krb5-devel libnet-devel gnutls-devel @@ -358,6 +365,18 @@ rm -f %{buildroot}%{_libdir}/rsyslog/liboverride_gethostname_nonfqdn.so %delete_la %pre +# Delete file and package upgrades concurrently, Cause the upgrade to fail. +# so, empty file instead of deleting file +if [ -f /etc/cron.hourly/logrotate ];then + sed -i s/'^if[[:blank:]]*\[[[:blank:]]*-f[[:blank:]]*\/etc\/logrotate.d\/rsyslog[[:blank:]]*\];then$'/'if \[ -s \/etc\/logrotate.d\/rsyslog \];then'/g /etc/cron.hourly/logrotate + sed -i s/'^[[:blank:]]*rm[[:blank:]]*-f[[:blank:]]*\/etc\/logrotate.d\/rsyslog$'/' > \/etc\/logrotate.d\/rsyslog'/g /etc/cron.hourly/logrotate + # Delay 2s, wait for /etc/cron.hourly/logrotate delete file execution to complete + sleep 2 + if [ ! -f /etc/logrotate.d/rsyslog ]; then + touch /etc/logrotate.d/rsyslog + chmod 644 /etc/logrotate.d/rsyslog + fi +fi %post for n in /var/log/{messages,secure,maillog,spooler} @@ -508,6 +527,12 @@ done %{_mandir}/man1/rscryutil.1.gz %changelog +* Sat Dec 24 2022 pengyi - 8.2110.0-14 +- Type:NA +- ID:NA +- SUG:NA +- DESC: backport patches from upstream + * Sat Dec 17 2022 pengyi - 8.2110.0-13 - Type:NA - ID:NA