From 3a8ed0dafe0a709b68ab5b9143fcab79ec44815c Mon Sep 17 00:00:00 2001 From: Qiumiao Zhang Date: Mon, 30 Oct 2023 20:47:17 +0800 Subject: [PATCH] adapt for non-systemd scenairo Signed-off-by: Qiumiao Zhang (cherry picked from commit c9835a6b22fb61798f5e8ce765ff8f31bc52805d) --- ...Driver-Fix-memory-leaks-in-gtlsInitC.patch | 108 +++--- ...KUP-FIXED-Don-t-crash-Rsyslog-on-mmd.patch | 252 +++++++------- ...-fix-depreacted-API-issues-for-OpenS.patch | 240 ++++++------- ...prevent-pot.-segfault-when-switchung.patch | 114 +++---- ...gfix-using-uuid-msg-prop-can-deadloc.patch | 168 ++++----- ...journal-add-second-fallback-to-_COMM.patch | 76 ++--- ...the-order-of-doHUP-and-processImInte.patch | 14 +- ...-sha256-for-StreamDriverAuthMode-x50.patch | 318 +++++++++--------- ...ueue-info-to-journal-when-queue-full.patch | 30 +- ...-to-journal-when-receive-USR1-signal.patch | 39 ++- rsyslog.spec | 10 +- 11 files changed, 694 insertions(+), 675 deletions(-) diff --git a/backport-GNUTls-Driver-Fix-memory-leaks-in-gtlsInitC.patch b/backport-GNUTls-Driver-Fix-memory-leaks-in-gtlsInitC.patch index 0db0594..968f3ea 100644 --- a/backport-GNUTls-Driver-Fix-memory-leaks-in-gtlsInitC.patch +++ b/backport-GNUTls-Driver-Fix-memory-leaks-in-gtlsInitC.patch @@ -1,54 +1,54 @@ -From e7ad250f51bba571c9861c4ab7df2df135be9ea3 Mon Sep 17 00:00:00 2001 -From: Andre lorbach -Date: Thu, 11 May 2023 16:49:11 +0200 -Subject: [PATCH] [backport] GNUTls Driver: Fix memory leaks in gtlsInitCred - -Missing CA Certificate or multiple Connections caused -a memory leak in pThis->xcred as it was allocated each time in -gtlsInitCred by gnutls_certificate_allocate_credentials - -closes: https://github.com/rsyslog/rsyslog/issues/5135 - ---- - -Conflict:NA -Type:bugfix -Reference:https://github.com/rsyslog/rsyslog/commit/3401d687d2d5f9556165b53be79fbe4dc49b8c79 - ---- ---- - runtime/nsd_gtls.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c -index bbda5c5bc..da549d728 100644 ---- a/runtime/nsd_gtls.c -+++ b/runtime/nsd_gtls.c -@@ -711,7 +711,10 @@ gtlsInitCred(nsd_gtls_t *const pThis ) - DEFiRet; - - /* X509 stuff */ -- CHKgnutls(gnutls_certificate_allocate_credentials(&pThis->xcred)); -+ if (pThis->xcred == NULL) { -+ /* Allocate only ONCE */ -+ CHKgnutls(gnutls_certificate_allocate_credentials(&pThis->xcred)); -+ } - - /* sets the trusted cas file */ - cafile = (pThis->pszCAFile == NULL) ? glbl.GetDfltNetstrmDrvrCAF() : pThis->pszCAFile; -@@ -2264,7 +2267,12 @@ finalize_it: - if(pThis->bHaveSess) { - gnutls_deinit(pThis->sess); - pThis->bHaveSess = 0; -+ /* Free memory using gnutls api first*/ -+ gnutls_certificate_free_credentials(pThis->xcred); - pThis->xcred = NULL; -+ /* Free other memory */ -+ free(pThis->pszConnectHost); -+ pThis->pszConnectHost = NULL; - } - } - --- -2.12.3 - +From e7ad250f51bba571c9861c4ab7df2df135be9ea3 Mon Sep 17 00:00:00 2001 +From: Andre lorbach +Date: Thu, 11 May 2023 16:49:11 +0200 +Subject: [PATCH] [backport] GNUTls Driver: Fix memory leaks in gtlsInitCred + +Missing CA Certificate or multiple Connections caused +a memory leak in pThis->xcred as it was allocated each time in +gtlsInitCred by gnutls_certificate_allocate_credentials + +closes: https://github.com/rsyslog/rsyslog/issues/5135 + +--- + +Conflict:NA +Type:bugfix +Reference:https://github.com/rsyslog/rsyslog/commit/3401d687d2d5f9556165b53be79fbe4dc49b8c79 + +--- +--- + runtime/nsd_gtls.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index bbda5c5bc..da549d728 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -711,7 +711,10 @@ gtlsInitCred(nsd_gtls_t *const pThis ) + DEFiRet; + + /* X509 stuff */ +- CHKgnutls(gnutls_certificate_allocate_credentials(&pThis->xcred)); ++ if (pThis->xcred == NULL) { ++ /* Allocate only ONCE */ ++ CHKgnutls(gnutls_certificate_allocate_credentials(&pThis->xcred)); ++ } + + /* sets the trusted cas file */ + cafile = (pThis->pszCAFile == NULL) ? glbl.GetDfltNetstrmDrvrCAF() : pThis->pszCAFile; +@@ -2264,7 +2267,12 @@ finalize_it: + if(pThis->bHaveSess) { + gnutls_deinit(pThis->sess); + pThis->bHaveSess = 0; ++ /* Free memory using gnutls api first*/ ++ gnutls_certificate_free_credentials(pThis->xcred); + pThis->xcred = NULL; ++ /* Free other memory */ ++ free(pThis->pszConnectHost); ++ pThis->pszConnectHost = NULL; + } + } + +-- +2.12.3 + diff --git a/backport-MMDBLOOKUP-FIXED-Don-t-crash-Rsyslog-on-mmd.patch b/backport-MMDBLOOKUP-FIXED-Don-t-crash-Rsyslog-on-mmd.patch index 7801e3c..ac6959d 100644 --- a/backport-MMDBLOOKUP-FIXED-Don-t-crash-Rsyslog-on-mmd.patch +++ b/backport-MMDBLOOKUP-FIXED-Don-t-crash-Rsyslog-on-mmd.patch @@ -1,126 +1,126 @@ -From bd5933ce7617238b143a54709f582d2e2abbdd5f Mon Sep 17 00:00:00 2001 -From: frikilax -Date: Tue, 19 Apr 2022 09:56:06 +0200 -Subject: [PATCH] [backport] MMDBLOOKUP::FIXED:: Don't crash Rsyslog on mmdb - file errors - ---- - -Conflict:NA -Reference:https://github.com/rsyslog/rsyslog/commit/0869d725f297f50830ae4a026902d6aa35d8f8bd - ---- ---- - plugins/mmdblookup/mmdblookup.c | 39 ++++++++++++++++++++++++++++++--------- - 1 file changed, 30 insertions(+), 9 deletions(-) - -diff --git a/plugins/mmdblookup/mmdblookup.c b/plugins/mmdblookup/mmdblookup.c -index 3fe5172a9..85536f2cf 100644 ---- a/plugins/mmdblookup/mmdblookup.c -+++ b/plugins/mmdblookup/mmdblookup.c -@@ -68,6 +68,7 @@ typedef struct wrkrInstanceData { - instanceData *pData; - MMDB_s mmdb; - pthread_mutex_t mmdbMutex; -+ sbool mmdb_is_open; - } wrkrInstanceData_t; - - struct modConfData_s { -@@ -122,15 +123,30 @@ int open_mmdb(const char *file, MMDB_s *mmdb) { - dbgprintf(" IO error: %s\n", strerror(errno)); - } - LogError(0, RS_RET_SUSPENDED, "maxminddb error: cannot open database file"); -+ return RS_RET_SUSPENDED; - } - -- return MMDB_SUCCESS != status; -+ return RS_RET_OK; - } - - void close_mmdb(MMDB_s *mmdb) { - MMDB_close(mmdb); - } - -+static rsRetVal wrkr_reopen_mmdb(wrkrInstanceData_t *pWrkrData) { -+ DEFiRet; -+ pthread_mutex_lock(&pWrkrData->mmdbMutex); -+ LogMsg(0, NO_ERRCODE, LOG_INFO, "mmdblookup: reopening MMDB file"); -+ if (pWrkrData->mmdb_is_open) close_mmdb(&pWrkrData->mmdb); -+ pWrkrData->mmdb_is_open = 0; -+ CHKiRet(open_mmdb(pWrkrData->pData->pszMmdbFile, &pWrkrData->mmdb)); -+ pWrkrData->mmdb_is_open = 1; -+ -+finalize_it: -+ pthread_mutex_unlock(&pWrkrData->mmdbMutex); -+ RETiRet; -+} -+ - BEGINbeginCnfLoad - CODESTARTbeginCnfLoad - loadModConf = pModConf; -@@ -163,6 +179,7 @@ ENDcreateInstance - BEGINcreateWrkrInstance - CODESTARTcreateWrkrInstance - CHKiRet(open_mmdb(pData->pszMmdbFile, &pWrkrData->mmdb)); -+ pWrkrData->mmdb_is_open = 1; - CHKiConcCtrl(pthread_mutex_init(&pWrkrData->mmdbMutex, NULL)); - finalize_it: - ENDcreateWrkrInstance -@@ -190,7 +207,8 @@ ENDfreeInstance - - BEGINfreeWrkrInstance - CODESTARTfreeWrkrInstance -- close_mmdb(&pWrkrData->mmdb); -+ if (pWrkrData->mmdb_is_open) close_mmdb(&pWrkrData->mmdb); -+ pWrkrData->mmdb_is_open = 0; - pthread_mutex_destroy(&pWrkrData->mmdbMutex); - ENDfreeWrkrInstance - -@@ -312,6 +330,7 @@ ENDdbgPrintInstInfo - - BEGINtryResume - CODESTARTtryResume -+ iRet = wrkr_reopen_mmdb(pWrkrData); - ENDtryResume - - -@@ -356,6 +375,11 @@ BEGINdoAction_NoStrings - json_object *total_json = NULL; - MMDB_entry_data_list_s *entry_data_list = NULL; - CODESTARTdoAction -+ /* ensure file is open before beginning */ -+ if (!pWrkrData->mmdb_is_open) { -+ CHKiRet(wrkr_reopen_mmdb(pWrkrData)); -+ } -+ - /* key is given, so get the property json */ - msgPropDescr_t pProp; - msgPropDescrFill(&pProp, (uchar*)pData->pszKey, strlen(pData->pszKey)); -@@ -382,7 +406,9 @@ CODESTARTdoAction - } - if (MMDB_SUCCESS != mmdb_err) { - dbgprintf("Got an error from the maxminddb library: %s\n", MMDB_strerror(mmdb_err)); -- ABORT_FINALIZE(RS_RET_OK); -+ close_mmdb(&pWrkrData->mmdb); -+ pWrkrData->mmdb_is_open = 0; -+ ABORT_FINALIZE(RS_RET_IO_ERROR); - } - if (!result.found_entry) { - dbgprintf("No entry found in database for '%s'\n", pszValue); -@@ -450,12 +476,7 @@ BEGINdoHUPWrkr - CODESTARTdoHUPWrkr - dbgprintf("mmdblookup: HUP received\n"); - if (pWrkrData->pData->reloadOnHup) { -- // a mutex is needed, as it's the main thread that runs this handler -- pthread_mutex_lock(&pWrkrData->mmdbMutex); -- LogMsg(0, NO_ERRCODE, LOG_INFO, "mmdblookup: reloading MMDB file"); -- close_mmdb(&pWrkrData->mmdb); -- iRet = open_mmdb(pWrkrData->pData->pszMmdbFile, &pWrkrData->mmdb); -- pthread_mutex_unlock(&pWrkrData->mmdbMutex); -+ iRet = wrkr_reopen_mmdb(pWrkrData); - } - ENDdoHUPWrkr - --- -2.12.3 - +From bd5933ce7617238b143a54709f582d2e2abbdd5f Mon Sep 17 00:00:00 2001 +From: frikilax +Date: Tue, 19 Apr 2022 09:56:06 +0200 +Subject: [PATCH] [backport] MMDBLOOKUP::FIXED:: Don't crash Rsyslog on mmdb + file errors + +--- + +Conflict:NA +Reference:https://github.com/rsyslog/rsyslog/commit/0869d725f297f50830ae4a026902d6aa35d8f8bd + +--- +--- + plugins/mmdblookup/mmdblookup.c | 39 ++++++++++++++++++++++++++++++--------- + 1 file changed, 30 insertions(+), 9 deletions(-) + +diff --git a/plugins/mmdblookup/mmdblookup.c b/plugins/mmdblookup/mmdblookup.c +index 3fe5172a9..85536f2cf 100644 +--- a/plugins/mmdblookup/mmdblookup.c ++++ b/plugins/mmdblookup/mmdblookup.c +@@ -68,6 +68,7 @@ typedef struct wrkrInstanceData { + instanceData *pData; + MMDB_s mmdb; + pthread_mutex_t mmdbMutex; ++ sbool mmdb_is_open; + } wrkrInstanceData_t; + + struct modConfData_s { +@@ -122,15 +123,30 @@ int open_mmdb(const char *file, MMDB_s *mmdb) { + dbgprintf(" IO error: %s\n", strerror(errno)); + } + LogError(0, RS_RET_SUSPENDED, "maxminddb error: cannot open database file"); ++ return RS_RET_SUSPENDED; + } + +- return MMDB_SUCCESS != status; ++ return RS_RET_OK; + } + + void close_mmdb(MMDB_s *mmdb) { + MMDB_close(mmdb); + } + ++static rsRetVal wrkr_reopen_mmdb(wrkrInstanceData_t *pWrkrData) { ++ DEFiRet; ++ pthread_mutex_lock(&pWrkrData->mmdbMutex); ++ LogMsg(0, NO_ERRCODE, LOG_INFO, "mmdblookup: reopening MMDB file"); ++ if (pWrkrData->mmdb_is_open) close_mmdb(&pWrkrData->mmdb); ++ pWrkrData->mmdb_is_open = 0; ++ CHKiRet(open_mmdb(pWrkrData->pData->pszMmdbFile, &pWrkrData->mmdb)); ++ pWrkrData->mmdb_is_open = 1; ++ ++finalize_it: ++ pthread_mutex_unlock(&pWrkrData->mmdbMutex); ++ RETiRet; ++} ++ + BEGINbeginCnfLoad + CODESTARTbeginCnfLoad + loadModConf = pModConf; +@@ -163,6 +179,7 @@ ENDcreateInstance + BEGINcreateWrkrInstance + CODESTARTcreateWrkrInstance + CHKiRet(open_mmdb(pData->pszMmdbFile, &pWrkrData->mmdb)); ++ pWrkrData->mmdb_is_open = 1; + CHKiConcCtrl(pthread_mutex_init(&pWrkrData->mmdbMutex, NULL)); + finalize_it: + ENDcreateWrkrInstance +@@ -190,7 +207,8 @@ ENDfreeInstance + + BEGINfreeWrkrInstance + CODESTARTfreeWrkrInstance +- close_mmdb(&pWrkrData->mmdb); ++ if (pWrkrData->mmdb_is_open) close_mmdb(&pWrkrData->mmdb); ++ pWrkrData->mmdb_is_open = 0; + pthread_mutex_destroy(&pWrkrData->mmdbMutex); + ENDfreeWrkrInstance + +@@ -312,6 +330,7 @@ ENDdbgPrintInstInfo + + BEGINtryResume + CODESTARTtryResume ++ iRet = wrkr_reopen_mmdb(pWrkrData); + ENDtryResume + + +@@ -356,6 +375,11 @@ BEGINdoAction_NoStrings + json_object *total_json = NULL; + MMDB_entry_data_list_s *entry_data_list = NULL; + CODESTARTdoAction ++ /* ensure file is open before beginning */ ++ if (!pWrkrData->mmdb_is_open) { ++ CHKiRet(wrkr_reopen_mmdb(pWrkrData)); ++ } ++ + /* key is given, so get the property json */ + msgPropDescr_t pProp; + msgPropDescrFill(&pProp, (uchar*)pData->pszKey, strlen(pData->pszKey)); +@@ -382,7 +406,9 @@ CODESTARTdoAction + } + if (MMDB_SUCCESS != mmdb_err) { + dbgprintf("Got an error from the maxminddb library: %s\n", MMDB_strerror(mmdb_err)); +- ABORT_FINALIZE(RS_RET_OK); ++ close_mmdb(&pWrkrData->mmdb); ++ pWrkrData->mmdb_is_open = 0; ++ ABORT_FINALIZE(RS_RET_IO_ERROR); + } + if (!result.found_entry) { + dbgprintf("No entry found in database for '%s'\n", pszValue); +@@ -450,12 +476,7 @@ BEGINdoHUPWrkr + CODESTARTdoHUPWrkr + dbgprintf("mmdblookup: HUP received\n"); + if (pWrkrData->pData->reloadOnHup) { +- // a mutex is needed, as it's the main thread that runs this handler +- pthread_mutex_lock(&pWrkrData->mmdbMutex); +- LogMsg(0, NO_ERRCODE, LOG_INFO, "mmdblookup: reloading MMDB file"); +- close_mmdb(&pWrkrData->mmdb); +- iRet = open_mmdb(pWrkrData->pData->pszMmdbFile, &pWrkrData->mmdb); +- pthread_mutex_unlock(&pWrkrData->mmdbMutex); ++ iRet = wrkr_reopen_mmdb(pWrkrData); + } + ENDdoHUPWrkr + +-- +2.12.3 + diff --git a/backport-OpenSSL-fix-depreacted-API-issues-for-OpenS.patch b/backport-OpenSSL-fix-depreacted-API-issues-for-OpenS.patch index 2dc8a38..253bc2e 100644 --- a/backport-OpenSSL-fix-depreacted-API-issues-for-OpenS.patch +++ b/backport-OpenSSL-fix-depreacted-API-issues-for-OpenS.patch @@ -1,120 +1,120 @@ -From 4fe3152b51884916861303573294be3d797f3998 Mon Sep 17 00:00:00 2001 -From: Andre lorbach -Date: Mon, 27 Jun 2022 14:39:07 +0200 -Subject: [PATCH] [backport] OpenSSL: fix depreacted API issues for OpenSSL 3.x - -- OpenSSL error strings are loaded automatically now -- Debug Callback has changed -- See for more: - https://www.openssl.org/docs/manmaster/man7/migration_guide.html - -closes: https://github.com/rsyslog/rsyslog/issues/4912 ---- - -Conflict:NA -Reference:https://github.com/rsyslog/rsyslog/commit/bd4d4a6c5ccf6c0d279e6c45bf719433bc48105d - ---- ---- - runtime/nsd_ossl.c | 39 ++++++++++++++++++++++++++++++--------- - 1 file changed, 30 insertions(+), 9 deletions(-) - -diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c -index 13f697704..5d8ebd86c 100644 ---- a/runtime/nsd_ossl.c -+++ b/runtime/nsd_ossl.c -@@ -31,6 +31,9 @@ - #include - #include - #include -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) -+# include -+#endif - #include - #include - #include -@@ -294,16 +297,20 @@ int verify_callback(int status, X509_STORE_CTX *store) - return status; - } - -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) -+long BIO_debug_callback_ex(BIO *bio, int cmd, const char __attribute__((unused)) *argp, -+ size_t __attribute__((unused)) len, int argi, long __attribute__((unused)) argl, -+ int ret, size_t __attribute__((unused)) *processed) -+#else - long BIO_debug_callback(BIO *bio, int cmd, const char __attribute__((unused)) *argp, - int argi, long __attribute__((unused)) argl, long ret) -+#endif - { -+ long ret2 = ret; // Helper value to avoid printf compile errors long<>int - long r = 1; -- - if (BIO_CB_RETURN & cmd) - r = ret; -- - dbgprintf("openssl debugmsg: BIO[%p]: ", (void *)bio); -- - switch (cmd) { - case BIO_CB_FREE: - dbgprintf("Free - %s\n", RSYSLOG_BIO_method_name(bio)); -@@ -350,19 +357,19 @@ long BIO_debug_callback(BIO *bio, int cmd, const char __attribute__((unused)) *a - RSYSLOG_BIO_method_name(bio)); - break; - case BIO_CB_RETURN | BIO_CB_READ: -- dbgprintf("read return %ld\n", ret); -+ dbgprintf("read return %ld\n", ret2); - break; - case BIO_CB_RETURN | BIO_CB_WRITE: -- dbgprintf("write return %ld\n", ret); -+ dbgprintf("write return %ld\n", ret2); - break; - case BIO_CB_RETURN | BIO_CB_GETS: -- dbgprintf("gets return %ld\n", ret); -+ dbgprintf("gets return %ld\n", ret2); - break; - case BIO_CB_RETURN | BIO_CB_PUTS: -- dbgprintf("puts return %ld\n", ret); -+ dbgprintf("puts return %ld\n", ret2); - break; - case BIO_CB_RETURN | BIO_CB_CTRL: -- dbgprintf("ctrl return %ld\n", ret); -+ dbgprintf("ctrl return %ld\n", ret2); - break; - default: - dbgprintf("bio callback - unknown type (%d)\n", cmd); -@@ -420,9 +427,19 @@ osslGlblInit(void) - - /* Load readable error strings */ - SSL_load_error_strings(); -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) -+ /* -+ * ERR_load_*(), ERR_func_error_string(), ERR_get_error_line(), ERR_get_error_line_data(), ERR_get_state() -+ * OpenSSL now loads error strings automatically so these functions are not needed. -+ * SEE FOR MORE: -+ * https://www.openssl.org/docs/manmaster/man7/migration_guide.html -+ * -+ */ -+#else -+ /* Load error strings into mem*/ - ERR_load_BIO_strings(); - ERR_load_crypto_strings(); -- -+#endif - RETiRet; - } - -@@ -557,7 +574,11 @@ osslInitSession(nsd_ossl_t *pThis, osslSslState_t osslType) /* , nsd_ossl_t *pSe - dbgprintf("osslInitSession: Init conn BIO[%p] done\n", (void *)conn); - - /* Set debug Callback for conn BIO as well! */ -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) -+ BIO_set_callback_ex(conn, BIO_debug_callback_ex); -+#else - BIO_set_callback(conn, BIO_debug_callback); -+#endif - - /* TODO: still needed? Set to NON blocking ! */ - BIO_set_nbio( conn, 1 ); --- -2.12.3 - +From 4fe3152b51884916861303573294be3d797f3998 Mon Sep 17 00:00:00 2001 +From: Andre lorbach +Date: Mon, 27 Jun 2022 14:39:07 +0200 +Subject: [PATCH] [backport] OpenSSL: fix depreacted API issues for OpenSSL 3.x + +- OpenSSL error strings are loaded automatically now +- Debug Callback has changed +- See for more: + https://www.openssl.org/docs/manmaster/man7/migration_guide.html + +closes: https://github.com/rsyslog/rsyslog/issues/4912 +--- + +Conflict:NA +Reference:https://github.com/rsyslog/rsyslog/commit/bd4d4a6c5ccf6c0d279e6c45bf719433bc48105d + +--- +--- + runtime/nsd_ossl.c | 39 ++++++++++++++++++++++++++++++--------- + 1 file changed, 30 insertions(+), 9 deletions(-) + +diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c +index 13f697704..5d8ebd86c 100644 +--- a/runtime/nsd_ossl.c ++++ b/runtime/nsd_ossl.c +@@ -31,6 +31,9 @@ + #include + #include + #include ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) ++# include ++#endif + #include + #include + #include +@@ -294,16 +297,20 @@ int verify_callback(int status, X509_STORE_CTX *store) + return status; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) ++long BIO_debug_callback_ex(BIO *bio, int cmd, const char __attribute__((unused)) *argp, ++ size_t __attribute__((unused)) len, int argi, long __attribute__((unused)) argl, ++ int ret, size_t __attribute__((unused)) *processed) ++#else + long BIO_debug_callback(BIO *bio, int cmd, const char __attribute__((unused)) *argp, + int argi, long __attribute__((unused)) argl, long ret) ++#endif + { ++ long ret2 = ret; // Helper value to avoid printf compile errors long<>int + long r = 1; +- + if (BIO_CB_RETURN & cmd) + r = ret; +- + dbgprintf("openssl debugmsg: BIO[%p]: ", (void *)bio); +- + switch (cmd) { + case BIO_CB_FREE: + dbgprintf("Free - %s\n", RSYSLOG_BIO_method_name(bio)); +@@ -350,19 +357,19 @@ long BIO_debug_callback(BIO *bio, int cmd, const char __attribute__((unused)) *a + RSYSLOG_BIO_method_name(bio)); + break; + case BIO_CB_RETURN | BIO_CB_READ: +- dbgprintf("read return %ld\n", ret); ++ dbgprintf("read return %ld\n", ret2); + break; + case BIO_CB_RETURN | BIO_CB_WRITE: +- dbgprintf("write return %ld\n", ret); ++ dbgprintf("write return %ld\n", ret2); + break; + case BIO_CB_RETURN | BIO_CB_GETS: +- dbgprintf("gets return %ld\n", ret); ++ dbgprintf("gets return %ld\n", ret2); + break; + case BIO_CB_RETURN | BIO_CB_PUTS: +- dbgprintf("puts return %ld\n", ret); ++ dbgprintf("puts return %ld\n", ret2); + break; + case BIO_CB_RETURN | BIO_CB_CTRL: +- dbgprintf("ctrl return %ld\n", ret); ++ dbgprintf("ctrl return %ld\n", ret2); + break; + default: + dbgprintf("bio callback - unknown type (%d)\n", cmd); +@@ -420,9 +427,19 @@ osslGlblInit(void) + + /* Load readable error strings */ + SSL_load_error_strings(); ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) ++ /* ++ * ERR_load_*(), ERR_func_error_string(), ERR_get_error_line(), ERR_get_error_line_data(), ERR_get_state() ++ * OpenSSL now loads error strings automatically so these functions are not needed. ++ * SEE FOR MORE: ++ * https://www.openssl.org/docs/manmaster/man7/migration_guide.html ++ * ++ */ ++#else ++ /* Load error strings into mem*/ + ERR_load_BIO_strings(); + ERR_load_crypto_strings(); +- ++#endif + RETiRet; + } + +@@ -557,7 +574,11 @@ osslInitSession(nsd_ossl_t *pThis, osslSslState_t osslType) /* , nsd_ossl_t *pSe + dbgprintf("osslInitSession: Init conn BIO[%p] done\n", (void *)conn); + + /* Set debug Callback for conn BIO as well! */ ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) ++ BIO_set_callback_ex(conn, BIO_debug_callback_ex); ++#else + BIO_set_callback(conn, BIO_debug_callback); ++#endif + + /* TODO: still needed? Set to NON blocking ! */ + BIO_set_nbio( conn, 1 ); +-- +2.12.3 + diff --git a/backport-bugfix-prevent-pot.-segfault-when-switchung.patch b/backport-bugfix-prevent-pot.-segfault-when-switchung.patch index ed493d1..016d8ec 100644 --- a/backport-bugfix-prevent-pot.-segfault-when-switchung.patch +++ b/backport-bugfix-prevent-pot.-segfault-when-switchung.patch @@ -1,57 +1,57 @@ -From 1807410d18519520ed813dd4b9d2b2d34e583415 Mon Sep 17 00:00:00 2001 -From: Rainer Gerhards -Date: Sun, 30 Oct 2022 18:43:26 +0100 -Subject: [PATCH] [backport] bugfix: prevent pot. segfault when switchung to - queue emergency mode - -When switching to Disk queue emergency mode, we destructed the in-memory -queue object. Practice has shown that this MAY cause races during -destruction which themselfs can lead to segfault. For that reason, we -now keep the disk queueu object. This will keep some ressources, -including disk space, allocated. But we prefer that over a segfault. -After all, it only happens after a serious queue error when we are -already at the edge of hard problems. - -see also: https://github.com/rsyslog/rsyslog/issues/4963 - ---- - -Conflict:NA -Type:bugfix -Reference:https://github.com/rsyslog/rsyslog/commit/eaac48d0d23afe0146454cd9f5004ddcb47cc81b - ---- ---- - runtime/queue.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/runtime/queue.c b/runtime/queue.c -index b3fdd5101..856b4df25 100644 ---- a/runtime/queue.c -+++ b/runtime/queue.c -@@ -794,8 +794,12 @@ static rsRetVal qDelLinkedList(qqueue_t *pThis) - /* The following function is used to "save" ourself from being killed by - * a fatally failed disk queue. A fatal failure is, for example, if no - * data can be read or written. In that case, the disk support is disabled, -- * with all on-disk structures kept as-is as much as possible. Instead, the -- * queue is switched to direct mode, so that at least -+ * with all on-disk structures kept as-is as much as possible. However, -+ * we do not really stop or destruct the in-memory disk queue object. -+ * Practice has shown that this may cause races during destruction which -+ * themselfs can lead to segfault. So we prefer to was some ressources by -+ * keeping the queue active. -+ * Instead, the queue is switched to direct mode, so that at least - * some processing can happen. Of course, this may still have lots of - * undesired side-effects, but is probably better than aborting the - * syslogd. Note that this function *must* succeed in one way or another, as -@@ -808,7 +812,6 @@ queueSwitchToEmergencyMode(qqueue_t *pThis, rsRetVal initiatingError) - { - pThis->iQueueSize = 0; - pThis->nLogDeq = 0; -- qDestructDisk(pThis); /* free disk structures */ - - pThis->qType = QUEUETYPE_DIRECT; - pThis->qConstruct = qConstructDirect; --- -2.12.3 - +From 1807410d18519520ed813dd4b9d2b2d34e583415 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Sun, 30 Oct 2022 18:43:26 +0100 +Subject: [PATCH] [backport] bugfix: prevent pot. segfault when switchung to + queue emergency mode + +When switching to Disk queue emergency mode, we destructed the in-memory +queue object. Practice has shown that this MAY cause races during +destruction which themselfs can lead to segfault. For that reason, we +now keep the disk queueu object. This will keep some ressources, +including disk space, allocated. But we prefer that over a segfault. +After all, it only happens after a serious queue error when we are +already at the edge of hard problems. + +see also: https://github.com/rsyslog/rsyslog/issues/4963 + +--- + +Conflict:NA +Type:bugfix +Reference:https://github.com/rsyslog/rsyslog/commit/eaac48d0d23afe0146454cd9f5004ddcb47cc81b + +--- +--- + runtime/queue.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/runtime/queue.c b/runtime/queue.c +index b3fdd5101..856b4df25 100644 +--- a/runtime/queue.c ++++ b/runtime/queue.c +@@ -794,8 +794,12 @@ static rsRetVal qDelLinkedList(qqueue_t *pThis) + /* The following function is used to "save" ourself from being killed by + * a fatally failed disk queue. A fatal failure is, for example, if no + * data can be read or written. In that case, the disk support is disabled, +- * with all on-disk structures kept as-is as much as possible. Instead, the +- * queue is switched to direct mode, so that at least ++ * with all on-disk structures kept as-is as much as possible. However, ++ * we do not really stop or destruct the in-memory disk queue object. ++ * Practice has shown that this may cause races during destruction which ++ * themselfs can lead to segfault. So we prefer to was some ressources by ++ * keeping the queue active. ++ * Instead, the queue is switched to direct mode, so that at least + * some processing can happen. Of course, this may still have lots of + * undesired side-effects, but is probably better than aborting the + * syslogd. Note that this function *must* succeed in one way or another, as +@@ -808,7 +812,6 @@ queueSwitchToEmergencyMode(qqueue_t *pThis, rsRetVal initiatingError) + { + pThis->iQueueSize = 0; + pThis->nLogDeq = 0; +- qDestructDisk(pThis); /* free disk structures */ + + pThis->qType = QUEUETYPE_DIRECT; + pThis->qConstruct = qConstructDirect; +-- +2.12.3 + diff --git a/backport-core-bugfix-using-uuid-msg-prop-can-deadloc.patch b/backport-core-bugfix-using-uuid-msg-prop-can-deadloc.patch index 4924ae0..ed9b78c 100644 --- a/backport-core-bugfix-using-uuid-msg-prop-can-deadloc.patch +++ b/backport-core-bugfix-using-uuid-msg-prop-can-deadloc.patch @@ -1,84 +1,84 @@ -From deefc958c388995fac99c581284fb86eb9653ece Mon Sep 17 00:00:00 2001 -From: Rainer Gerhards -Date: Thu, 23 Mar 2023 10:58:32 +0100 -Subject: [PATCH] [backport] core/bugfix: using $uuid msg prop can deadlock - rsyslog on shutdown - -This problem can occur if a large number of threads is used and rsyslog -cannot shut down all queues etc within the regular time interval. In this -case, it cancels some threads. That can leave the mutex guarding libuuid -calls locked and thus prevents other, not yet cancelled threads from -progressing. Assuming pthread_mutex_lock() is not a cancellation point, -this will case these other threads to hang forever and thus create a -deadlock situation. - -closes https://github.com/rsyslog/rsyslog/issues/5104 - ---- - -Conflict:runtime/msg.c -Type:bugfix -Reference:https://github.com/rsyslog/rsyslog/commit/82687e14fbf3d854e8cc954efb9fb0efa69a28d2 - ---- ---- - runtime/msg.c | 19 ++++++++++++------- - 1 file changed, 12 insertions(+), 7 deletions(-) - -diff --git a/runtime/msg.c b/runtime/msg.c -index 73b7cec80..a3ddb8684 100644 ---- a/runtime/msg.c -+++ b/runtime/msg.c -@@ -7,7 +7,7 @@ - * of the "old" message code without any modifications. However, it - * helps to have things at the right place one we go to the meat of it. - * -- * Copyright 2007-2020 Rainer Gerhards and Adiscon GmbH. -+ * Copyright 2007-2023 Rainer Gerhards and Adiscon GmbH. - * - * This file is part of the rsyslog runtime library. - * -@@ -1618,13 +1618,22 @@ msgSetPRI(smsg_t *const __restrict__ pMsg, syslog_pri_t pri) - /* note: libuuid seems not to be thread-safe, so we need - * to get some safeguards in place. - */ -+static pthread_mutex_t mutUUID = PTHREAD_MUTEX_INITIALIZER; -+ -+static void call_uuid_generate(uuid_t uuid) -+{ -+ pthread_mutex_lock(&mutUUID); -+ pthread_cleanup_push(mutexCancelCleanup, &mutUUID); -+ uuid_generate(uuid); -+ pthread_cleanup_pop(1); -+} -+ - static void msgSetUUID(smsg_t * const pM) - { - size_t lenRes = sizeof(uuid_t) * 2 + 1; - char hex_char [] = "0123456789ABCDEF"; - unsigned int byte_nbr; - uuid_t uuid; -- static pthread_mutex_t mutUUID = PTHREAD_MUTEX_INITIALIZER; - - dbgprintf("[MsgSetUUID] START, lenRes %llu\n", (long long unsigned) lenRes); - assert(pM != NULL); -@@ -1632,9 +1641,7 @@ static void msgSetUUID(smsg_t * const pM) - if((pM->pszUUID = (uchar*) malloc(lenRes)) == NULL) { - pM->pszUUID = (uchar *)""; - } else { -- pthread_mutex_lock(&mutUUID); -- uuid_generate(uuid); -- pthread_mutex_unlock(&mutUUID); -+ call_uuid_generate(uuid); - for (byte_nbr = 0; byte_nbr < sizeof (uuid_t); byte_nbr++) { - pM->pszUUID[byte_nbr * 2 + 0] = hex_char[uuid [byte_nbr] >> 4]; - pM->pszUUID[byte_nbr * 2 + 1] = hex_char[uuid [byte_nbr] & 15]; -@@ -5352,5 +5359,3 @@ BEGINObjClassInit(msg, 1, OBJ_IS_CORE_MODULE) - INIT_ATOMIC_HELPER_MUT(mutTrimCtr); - # endif - ENDObjClassInit(msg) --/* vim:set ai: -- */ --- -2.12.3 - +From deefc958c388995fac99c581284fb86eb9653ece Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Thu, 23 Mar 2023 10:58:32 +0100 +Subject: [PATCH] [backport] core/bugfix: using $uuid msg prop can deadlock + rsyslog on shutdown + +This problem can occur if a large number of threads is used and rsyslog +cannot shut down all queues etc within the regular time interval. In this +case, it cancels some threads. That can leave the mutex guarding libuuid +calls locked and thus prevents other, not yet cancelled threads from +progressing. Assuming pthread_mutex_lock() is not a cancellation point, +this will case these other threads to hang forever and thus create a +deadlock situation. + +closes https://github.com/rsyslog/rsyslog/issues/5104 + +--- + +Conflict:runtime/msg.c +Type:bugfix +Reference:https://github.com/rsyslog/rsyslog/commit/82687e14fbf3d854e8cc954efb9fb0efa69a28d2 + +--- +--- + runtime/msg.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/runtime/msg.c b/runtime/msg.c +index 73b7cec80..a3ddb8684 100644 +--- a/runtime/msg.c ++++ b/runtime/msg.c +@@ -7,7 +7,7 @@ + * of the "old" message code without any modifications. However, it + * helps to have things at the right place one we go to the meat of it. + * +- * Copyright 2007-2020 Rainer Gerhards and Adiscon GmbH. ++ * Copyright 2007-2023 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of the rsyslog runtime library. + * +@@ -1618,13 +1618,22 @@ msgSetPRI(smsg_t *const __restrict__ pMsg, syslog_pri_t pri) + /* note: libuuid seems not to be thread-safe, so we need + * to get some safeguards in place. + */ ++static pthread_mutex_t mutUUID = PTHREAD_MUTEX_INITIALIZER; ++ ++static void call_uuid_generate(uuid_t uuid) ++{ ++ pthread_mutex_lock(&mutUUID); ++ pthread_cleanup_push(mutexCancelCleanup, &mutUUID); ++ uuid_generate(uuid); ++ pthread_cleanup_pop(1); ++} ++ + static void msgSetUUID(smsg_t * const pM) + { + size_t lenRes = sizeof(uuid_t) * 2 + 1; + char hex_char [] = "0123456789ABCDEF"; + unsigned int byte_nbr; + uuid_t uuid; +- static pthread_mutex_t mutUUID = PTHREAD_MUTEX_INITIALIZER; + + dbgprintf("[MsgSetUUID] START, lenRes %llu\n", (long long unsigned) lenRes); + assert(pM != NULL); +@@ -1632,9 +1641,7 @@ static void msgSetUUID(smsg_t * const pM) + if((pM->pszUUID = (uchar*) malloc(lenRes)) == NULL) { + pM->pszUUID = (uchar *)""; + } else { +- pthread_mutex_lock(&mutUUID); +- uuid_generate(uuid); +- pthread_mutex_unlock(&mutUUID); ++ call_uuid_generate(uuid); + for (byte_nbr = 0; byte_nbr < sizeof (uuid_t); byte_nbr++) { + pM->pszUUID[byte_nbr * 2 + 0] = hex_char[uuid [byte_nbr] >> 4]; + pM->pszUUID[byte_nbr * 2 + 1] = hex_char[uuid [byte_nbr] & 15]; +@@ -5352,5 +5359,3 @@ BEGINObjClassInit(msg, 1, OBJ_IS_CORE_MODULE) + INIT_ATOMIC_HELPER_MUT(mutTrimCtr); + # endif + ENDObjClassInit(msg) +-/* vim:set ai: +- */ +-- +2.12.3 + diff --git a/backport-imjournal-add-second-fallback-to-_COMM.patch b/backport-imjournal-add-second-fallback-to-_COMM.patch index eba679c..cfed44c 100644 --- a/backport-imjournal-add-second-fallback-to-_COMM.patch +++ b/backport-imjournal-add-second-fallback-to-_COMM.patch @@ -1,38 +1,38 @@ -From 45900dd550e0aca724a4ec66c2833de3d27565e1 Mon Sep 17 00:00:00 2001 -From: alakatos -Date: Mon, 31 Oct 2022 14:40:12 +0100 -Subject: [PATCH] [backport] imjournal: add second fallback to _COMM - -If SYSLOG_IDENTIFIER is not present in the journal message, -then lookup the _COMM field, which stands for the name -of the process the journal entry originates from. This is -needed in order to be in compliance with the journalctl -output. - ---- - -Conflict:NA -Type:bugfix -Reference:https://github.com/rsyslog/rsyslog/commit/fb5ae30e6ac4dc584dd9c5463e27e7fc5e9060a4 - ---- ---- - plugins/imjournal/imjournal.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c -index 6fb3b7a07..4d9e59966 100644 ---- a/plugins/imjournal/imjournal.c -+++ b/plugins/imjournal/imjournal.c -@@ -453,6 +453,8 @@ readjournal(void) - /* Get message identifier, client pid and add ':' */ - if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) { - CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden)); -+ } else if (journalGetData("_COMM", &get, &length) >= 0) { -+ CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden)); - } else { - CHKmalloc(sys_iden = strdup("journal")); - } --- -2.12.3 - +From 45900dd550e0aca724a4ec66c2833de3d27565e1 Mon Sep 17 00:00:00 2001 +From: alakatos +Date: Mon, 31 Oct 2022 14:40:12 +0100 +Subject: [PATCH] [backport] imjournal: add second fallback to _COMM + +If SYSLOG_IDENTIFIER is not present in the journal message, +then lookup the _COMM field, which stands for the name +of the process the journal entry originates from. This is +needed in order to be in compliance with the journalctl +output. + +--- + +Conflict:NA +Type:bugfix +Reference:https://github.com/rsyslog/rsyslog/commit/fb5ae30e6ac4dc584dd9c5463e27e7fc5e9060a4 + +--- +--- + plugins/imjournal/imjournal.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c +index 6fb3b7a07..4d9e59966 100644 +--- a/plugins/imjournal/imjournal.c ++++ b/plugins/imjournal/imjournal.c +@@ -453,6 +453,8 @@ readjournal(void) + /* Get message identifier, client pid and add ':' */ + if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) { + CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden)); ++ } else if (journalGetData("_COMM", &get, &length) >= 0) { ++ CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden)); + } else { + CHKmalloc(sys_iden = strdup("journal")); + } +-- +2.12.3 + diff --git a/backport-rsyslogd-adjust-the-order-of-doHUP-and-processImInte.patch b/backport-rsyslogd-adjust-the-order-of-doHUP-and-processImInte.patch index 0cfb6e9..0490747 100644 --- a/backport-rsyslogd-adjust-the-order-of-doHUP-and-processImInte.patch +++ b/backport-rsyslogd-adjust-the-order-of-doHUP-and-processImInte.patch @@ -20,11 +20,11 @@ Reference:https://github.com/rsyslog/rsyslog/commit/857f77906f95681aa15c7ba3f88c 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c -index 9a126dd..8410d44 100644 +index 36aae54..c5b2252 100644 --- a/tools/rsyslogd.c +++ b/tools/rsyslogd.c -@@ -1966,8 +1966,6 @@ mainloop(void) - sigaddset(&sigblockset, SIGUSR1); +@@ -1976,8 +1976,6 @@ mainloop(void) + #endif do { - processImInternal(); @@ -32,15 +32,15 @@ index 9a126dd..8410d44 100644 pthread_sigmask(SIG_BLOCK, &sigblockset, &origmask); if(bChildDied) { reapChild(); -@@ -1988,6 +1986,8 @@ mainloop(void) - g_bRecordQueue = 0; +@@ -2000,6 +1998,8 @@ mainloop(void) } + #endif -+ processImInternal(); ++ processImInternal(); + if(bFinished) break; /* exit as quickly as possible */ -- -2.33.0 +2.19.1 diff --git a/backport-support-sha256-for-StreamDriverAuthMode-x50.patch b/backport-support-sha256-for-StreamDriverAuthMode-x50.patch index 941142a..0c4268c 100644 --- a/backport-support-sha256-for-StreamDriverAuthMode-x50.patch +++ b/backport-support-sha256-for-StreamDriverAuthMode-x50.patch @@ -1,159 +1,159 @@ -From 7614f08d6e5688be750722c81567916159f99824 Mon Sep 17 00:00:00 2001 -From: cody -Date: Thu, 7 Jul 2022 16:11:43 +0200 -Subject: [PATCH] [backport] support sha256 for - StreamDriverAuthMode="x509/fingerprint" - ---- - -Conflict:NA -Type:bugfix -Reference:https://github.com/rsyslog/rsyslog/commit/8a52bf055394b38a0da609ea1104ca336e3d5252 - ---- ---- - runtime/nsd_gtls.c | 22 ++++++++++++++++++---- - runtime/nsd_ossl.c | 24 +++++++++++++++++++----- - 2 files changed, 37 insertions(+), 9 deletions(-) - -diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c -index da549d728..f1dcaf22b 100644 ---- a/runtime/nsd_gtls.c -+++ b/runtime/nsd_gtls.c -@@ -493,7 +493,7 @@ print_info(nsd_gtls_t *pThis) - * rgerhards, 2008-05-08 - */ - static rsRetVal --GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr) -+GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr, const char* prefix) - { - cstr_t *pStr = NULL; - uchar buf[4]; -@@ -501,7 +501,7 @@ GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr) - DEFiRet; - - CHKiRet(rsCStrConstruct(&pStr)); -- CHKiRet(rsCStrAppendStrWithLen(pStr, (uchar*)"SHA1", 4)); -+ CHKiRet(rsCStrAppendStrWithLen(pStr, (uchar*) prefix, strlen(prefix))); - for(i = 0 ; i < sizeFingerprint ; ++i) { - snprintf((char*)buf, sizeof(buf), ":%2.2X", pFingerprint[i]); - CHKiRet(rsCStrAppendStrWithLen(pStr, buf, 3)); -@@ -922,8 +922,11 @@ static rsRetVal - gtlsChkPeerFingerprint(nsd_gtls_t *pThis, gnutls_x509_crt_t *pCert) - { - uchar fingerprint[20]; -+ uchar fingerprintSha256[32]; - size_t size; -+ size_t sizeSha256; - cstr_t *pstrFingerprint = NULL; -+ cstr_t *pstrFingerprintSha256 = NULL; - int bFoundPositiveMatch; - permittedPeers_t *pPeer; - int gnuRet; -@@ -933,17 +936,27 @@ gtlsChkPeerFingerprint(nsd_gtls_t *pThis, gnutls_x509_crt_t *pCert) - - /* obtain the SHA1 fingerprint */ - size = sizeof(fingerprint); -+ sizeSha256 = sizeof(fingerprintSha256); - CHKgnutls(gnutls_x509_crt_get_fingerprint(*pCert, GNUTLS_DIG_SHA1, fingerprint, &size)); -- CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint)); -+ CHKgnutls(gnutls_x509_crt_get_fingerprint(*pCert, GNUTLS_DIG_SHA256, fingerprintSha256, &sizeSha256)); -+ CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint, "SHA1")); -+ CHKiRet(GenFingerprintStr(fingerprintSha256, sizeSha256, &pstrFingerprintSha256, "SHA256")); - dbgprintf("peer's certificate SHA1 fingerprint: %s\n", cstrGetSzStrNoNULL(pstrFingerprint)); -+ dbgprintf("peer's certificate SHA256 fingerprint: %s\n", cstrGetSzStrNoNULL(pstrFingerprintSha256)); -+ - - /* now search through the permitted peers to see if we can find a permitted one */ - bFoundPositiveMatch = 0; - pPeer = pThis->pPermPeers; - while(pPeer != NULL && !bFoundPositiveMatch) { - if(!rsCStrSzStrCmp(pstrFingerprint, pPeer->pszID, strlen((char*) pPeer->pszID))) { -+ dbgprintf("gtlsChkPeerFingerprint: peer's certificate SHA1 MATCH found: %s\n", pPeer->pszID); - bFoundPositiveMatch = 1; -- } else { -+ } else if(!rsCStrSzStrCmp(pstrFingerprintSha256 , pPeer->pszID, strlen((char*) pPeer->pszID))) { -+ dbgprintf("gtlsChkPeerFingerprint: peer's certificate SHA256 MATCH found: %s\n", pPeer->pszID); -+ bFoundPositiveMatch = 1; -+ } -+ else { - pPeer = pPeer->pNext; - } - } -@@ -2384,3 +2397,4 @@ CODESTARTmodInit - ENDmodInit - /* vi:set ai: - */ -+ -diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c -index 5d8ebd86c..d3eb643f7 100644 ---- a/runtime/nsd_ossl.c -+++ b/runtime/nsd_ossl.c -@@ -387,7 +387,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char __attribute__((unused)) *a - * rgerhards, 2008-05-08 - */ - static rsRetVal --GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr) -+GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr, const char* prefix) - { - cstr_t *pStr = NULL; - uchar buf[4]; -@@ -395,7 +395,7 @@ GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr) - DEFiRet; - - CHKiRet(rsCStrConstruct(&pStr)); -- CHKiRet(rsCStrAppendStrWithLen(pStr, (uchar*)"SHA1", 4)); -+ CHKiRet(rsCStrAppendStrWithLen(pStr, (uchar*) prefix, strlen(prefix))); - for(i = 0 ; i < sizeFingerprint ; ++i) { - snprintf((char*)buf, sizeof(buf), ":%2.2X", pFingerprint[i]); - CHKiRet(rsCStrAppendStrWithLen(pStr, buf, 3)); -@@ -613,11 +613,15 @@ osslChkPeerFingerprint(nsd_ossl_t *pThis, X509 *pCert) - unsigned int n; - uchar *fromHostIP = NULL; - uchar fingerprint[20 /*EVP_MAX_MD_SIZE**/]; -+ uchar fingerprintSha256[32 /*EVP_MAX_MD_SIZE**/]; - size_t size; -+ size_t sizeSha256; - cstr_t *pstrFingerprint = NULL; -+ cstr_t *pstrFingerprintSha256 = NULL; - int bFoundPositiveMatch; - permittedPeers_t *pPeer; - const EVP_MD *fdig = EVP_sha1(); -+ const EVP_MD *fdigSha256 = EVP_sha256(); - - ISOBJ_TYPE_assert(pThis, nsd_ossl); - -@@ -627,17 +631,27 @@ osslChkPeerFingerprint(nsd_ossl_t *pThis, X509 *pCert) - dbgprintf("osslChkPeerFingerprint: error X509cert is not valid!\n"); - ABORT_FINALIZE(RS_RET_INVALID_FINGERPRINT); - } -- -- CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint)); -+ sizeSha256 = sizeof(fingerprintSha256); -+ if (!X509_digest(pCert,fdigSha256,fingerprintSha256,&n)) { -+ dbgprintf("osslChkPeerFingerprint: error X509cert is not valid!\n"); -+ ABORT_FINALIZE(RS_RET_INVALID_FINGERPRINT); -+ } -+ CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint, "SHA1")); - dbgprintf("osslChkPeerFingerprint: peer's certificate SHA1 fingerprint: %s\n", - cstrGetSzStrNoNULL(pstrFingerprint)); -+ CHKiRet(GenFingerprintStr(fingerprintSha256, sizeSha256, &pstrFingerprintSha256, "SHA256")); -+ dbgprintf("osslChkPeerFingerprint: peer's certificate SHA256 fingerprint: %s\n", -+ cstrGetSzStrNoNULL(pstrFingerprintSha256)); - - /* now search through the permitted peers to see if we can find a permitted one */ - bFoundPositiveMatch = 0; - pPeer = pThis->pPermPeers; - while(pPeer != NULL && !bFoundPositiveMatch) { - if(!rsCStrSzStrCmp(pstrFingerprint, pPeer->pszID, strlen((char*) pPeer->pszID))) { -- dbgprintf("osslChkPeerFingerprint: peer's certificate MATCH found: %s\n", pPeer->pszID); -+ dbgprintf("osslChkPeerFingerprint: peer's certificate SHA1 MATCH found: %s\n", pPeer->pszID); -+ bFoundPositiveMatch = 1; -+ } else if(!rsCStrSzStrCmp(pstrFingerprintSha256, pPeer->pszID, strlen((char*) pPeer->pszID))) { -+ dbgprintf("osslChkPeerFingerprint: peer's certificate SHA256 MATCH found: %s\n", pPeer->pszID); - bFoundPositiveMatch = 1; - } else { - dbgprintf("osslChkPeerFingerprint: NOMATCH peer certificate: %s\n", pPeer->pszID); --- -2.12.3 - +From 7614f08d6e5688be750722c81567916159f99824 Mon Sep 17 00:00:00 2001 +From: cody +Date: Thu, 7 Jul 2022 16:11:43 +0200 +Subject: [PATCH] [backport] support sha256 for + StreamDriverAuthMode="x509/fingerprint" + +--- + +Conflict:NA +Type:bugfix +Reference:https://github.com/rsyslog/rsyslog/commit/8a52bf055394b38a0da609ea1104ca336e3d5252 + +--- +--- + runtime/nsd_gtls.c | 22 ++++++++++++++++++---- + runtime/nsd_ossl.c | 24 +++++++++++++++++++----- + 2 files changed, 37 insertions(+), 9 deletions(-) + +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index da549d728..f1dcaf22b 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -493,7 +493,7 @@ print_info(nsd_gtls_t *pThis) + * rgerhards, 2008-05-08 + */ + static rsRetVal +-GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr) ++GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr, const char* prefix) + { + cstr_t *pStr = NULL; + uchar buf[4]; +@@ -501,7 +501,7 @@ GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr) + DEFiRet; + + CHKiRet(rsCStrConstruct(&pStr)); +- CHKiRet(rsCStrAppendStrWithLen(pStr, (uchar*)"SHA1", 4)); ++ CHKiRet(rsCStrAppendStrWithLen(pStr, (uchar*) prefix, strlen(prefix))); + for(i = 0 ; i < sizeFingerprint ; ++i) { + snprintf((char*)buf, sizeof(buf), ":%2.2X", pFingerprint[i]); + CHKiRet(rsCStrAppendStrWithLen(pStr, buf, 3)); +@@ -922,8 +922,11 @@ static rsRetVal + gtlsChkPeerFingerprint(nsd_gtls_t *pThis, gnutls_x509_crt_t *pCert) + { + uchar fingerprint[20]; ++ uchar fingerprintSha256[32]; + size_t size; ++ size_t sizeSha256; + cstr_t *pstrFingerprint = NULL; ++ cstr_t *pstrFingerprintSha256 = NULL; + int bFoundPositiveMatch; + permittedPeers_t *pPeer; + int gnuRet; +@@ -933,17 +936,27 @@ gtlsChkPeerFingerprint(nsd_gtls_t *pThis, gnutls_x509_crt_t *pCert) + + /* obtain the SHA1 fingerprint */ + size = sizeof(fingerprint); ++ sizeSha256 = sizeof(fingerprintSha256); + CHKgnutls(gnutls_x509_crt_get_fingerprint(*pCert, GNUTLS_DIG_SHA1, fingerprint, &size)); +- CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint)); ++ CHKgnutls(gnutls_x509_crt_get_fingerprint(*pCert, GNUTLS_DIG_SHA256, fingerprintSha256, &sizeSha256)); ++ CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint, "SHA1")); ++ CHKiRet(GenFingerprintStr(fingerprintSha256, sizeSha256, &pstrFingerprintSha256, "SHA256")); + dbgprintf("peer's certificate SHA1 fingerprint: %s\n", cstrGetSzStrNoNULL(pstrFingerprint)); ++ dbgprintf("peer's certificate SHA256 fingerprint: %s\n", cstrGetSzStrNoNULL(pstrFingerprintSha256)); ++ + + /* now search through the permitted peers to see if we can find a permitted one */ + bFoundPositiveMatch = 0; + pPeer = pThis->pPermPeers; + while(pPeer != NULL && !bFoundPositiveMatch) { + if(!rsCStrSzStrCmp(pstrFingerprint, pPeer->pszID, strlen((char*) pPeer->pszID))) { ++ dbgprintf("gtlsChkPeerFingerprint: peer's certificate SHA1 MATCH found: %s\n", pPeer->pszID); + bFoundPositiveMatch = 1; +- } else { ++ } else if(!rsCStrSzStrCmp(pstrFingerprintSha256 , pPeer->pszID, strlen((char*) pPeer->pszID))) { ++ dbgprintf("gtlsChkPeerFingerprint: peer's certificate SHA256 MATCH found: %s\n", pPeer->pszID); ++ bFoundPositiveMatch = 1; ++ } ++ else { + pPeer = pPeer->pNext; + } + } +@@ -2384,3 +2397,4 @@ CODESTARTmodInit + ENDmodInit + /* vi:set ai: + */ ++ +diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c +index 5d8ebd86c..d3eb643f7 100644 +--- a/runtime/nsd_ossl.c ++++ b/runtime/nsd_ossl.c +@@ -387,7 +387,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char __attribute__((unused)) *a + * rgerhards, 2008-05-08 + */ + static rsRetVal +-GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr) ++GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr, const char* prefix) + { + cstr_t *pStr = NULL; + uchar buf[4]; +@@ -395,7 +395,7 @@ GenFingerprintStr(uchar *pFingerprint, size_t sizeFingerprint, cstr_t **ppStr) + DEFiRet; + + CHKiRet(rsCStrConstruct(&pStr)); +- CHKiRet(rsCStrAppendStrWithLen(pStr, (uchar*)"SHA1", 4)); ++ CHKiRet(rsCStrAppendStrWithLen(pStr, (uchar*) prefix, strlen(prefix))); + for(i = 0 ; i < sizeFingerprint ; ++i) { + snprintf((char*)buf, sizeof(buf), ":%2.2X", pFingerprint[i]); + CHKiRet(rsCStrAppendStrWithLen(pStr, buf, 3)); +@@ -613,11 +613,15 @@ osslChkPeerFingerprint(nsd_ossl_t *pThis, X509 *pCert) + unsigned int n; + uchar *fromHostIP = NULL; + uchar fingerprint[20 /*EVP_MAX_MD_SIZE**/]; ++ uchar fingerprintSha256[32 /*EVP_MAX_MD_SIZE**/]; + size_t size; ++ size_t sizeSha256; + cstr_t *pstrFingerprint = NULL; ++ cstr_t *pstrFingerprintSha256 = NULL; + int bFoundPositiveMatch; + permittedPeers_t *pPeer; + const EVP_MD *fdig = EVP_sha1(); ++ const EVP_MD *fdigSha256 = EVP_sha256(); + + ISOBJ_TYPE_assert(pThis, nsd_ossl); + +@@ -627,17 +631,27 @@ osslChkPeerFingerprint(nsd_ossl_t *pThis, X509 *pCert) + dbgprintf("osslChkPeerFingerprint: error X509cert is not valid!\n"); + ABORT_FINALIZE(RS_RET_INVALID_FINGERPRINT); + } +- +- CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint)); ++ sizeSha256 = sizeof(fingerprintSha256); ++ if (!X509_digest(pCert,fdigSha256,fingerprintSha256,&n)) { ++ dbgprintf("osslChkPeerFingerprint: error X509cert is not valid!\n"); ++ ABORT_FINALIZE(RS_RET_INVALID_FINGERPRINT); ++ } ++ CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint, "SHA1")); + dbgprintf("osslChkPeerFingerprint: peer's certificate SHA1 fingerprint: %s\n", + cstrGetSzStrNoNULL(pstrFingerprint)); ++ CHKiRet(GenFingerprintStr(fingerprintSha256, sizeSha256, &pstrFingerprintSha256, "SHA256")); ++ dbgprintf("osslChkPeerFingerprint: peer's certificate SHA256 fingerprint: %s\n", ++ cstrGetSzStrNoNULL(pstrFingerprintSha256)); + + /* now search through the permitted peers to see if we can find a permitted one */ + bFoundPositiveMatch = 0; + pPeer = pThis->pPermPeers; + while(pPeer != NULL && !bFoundPositiveMatch) { + if(!rsCStrSzStrCmp(pstrFingerprint, pPeer->pszID, strlen((char*) pPeer->pszID))) { +- dbgprintf("osslChkPeerFingerprint: peer's certificate MATCH found: %s\n", pPeer->pszID); ++ dbgprintf("osslChkPeerFingerprint: peer's certificate SHA1 MATCH found: %s\n", pPeer->pszID); ++ bFoundPositiveMatch = 1; ++ } else if(!rsCStrSzStrCmp(pstrFingerprintSha256, pPeer->pszID, strlen((char*) pPeer->pszID))) { ++ dbgprintf("osslChkPeerFingerprint: peer's certificate SHA256 MATCH found: %s\n", pPeer->pszID); + bFoundPositiveMatch = 1; + } else { + dbgprintf("osslChkPeerFingerprint: NOMATCH peer certificate: %s\n", pPeer->pszID); +-- +2.12.3 + diff --git a/print-main-queue-info-to-journal-when-queue-full.patch b/print-main-queue-info-to-journal-when-queue-full.patch index 4eaaf42..7e123b4 100644 --- a/print-main-queue-info-to-journal-when-queue-full.patch +++ b/print-main-queue-info-to-journal-when-queue-full.patch @@ -2,17 +2,14 @@ From 27ee1b988a465e5f89e8a9234f4a01c34cab4387 Mon Sep 17 00:00:00 2001 From: wangshouping Date: Mon, 27 Apr 2020 08:53:18 -0400 Subject: [PATCH] print main queue info to journal when queue full -Signed-off-by: wangshouping - -V-2: add macro control for systemd/sd-journal.h -Signed-off-by: pengyi37 +Signed-off-by: wangshouping --- - runtime/queue.c | 31 +++++++++++++++++++++++++++++++ - 1 file changed, 31 insertions(+) + runtime/queue.c | 39 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 39 insertions(+) diff --git a/runtime/queue.c b/runtime/queue.c -index 3083fb9..b3fdd51 100644 +index 3083fb9..6974173 100644 --- a/runtime/queue.c +++ b/runtime/queue.c @@ -47,6 +47,9 @@ @@ -20,15 +17,16 @@ index 3083fb9..b3fdd51 100644 #include #include +#ifdef HAVE_LIBSYSTEMD -+# include ++#include +#endif #include "rsyslog.h" #include "queue.h" -@@ -116,6 +119,14 @@ rsRetVal qqueueSetSpoolDir(qqueue_t *pThis, uchar *pszSpoolDir, int lenSpoolDir) +@@ -116,6 +119,16 @@ rsRetVal qqueueSetSpoolDir(qqueue_t *pThis, uchar *pszSpoolDir, int lenSpoolDir) /* some constants for queuePersist () */ #define QUEUE_CHECKPOINT 1 #define QUEUE_NO_CHECKPOINT 0 ++#ifdef HAVE_LIBSYSTEMD +#define TIME_OUT 300 +#define TIMEOUT_ENQUEUE_ZERO 1 +#define TIMEOUT_ENQUEUE_NONZERO 2 @@ -37,13 +35,15 @@ index 3083fb9..b3fdd51 100644 + .tv_sec = 0, + .tv_nsec = 0, +}; ++#endif /* tables for interfacing with the v6 config system */ static struct cnfparamdescr cnfpdescr[] = { -@@ -3008,6 +3019,24 @@ finalize_it: +@@ -3008,7 +3021,27 @@ finalize_it: RETiRet; } ++#ifdef HAVE_LIBSYSTEMD +void PrintQueueFullLog(qqueue_t *pThis, int flag) +{ + struct timespec timeNow; @@ -63,23 +63,29 @@ index 3083fb9..b3fdd51 100644 + } +} ++#endif /* enqueue a single data object. * Note that the queue mutex MUST already be locked when this function is called. -@@ -3105,12 +3134,14 @@ doEnqSingleObj(qqueue_t *pThis, flowControl_t flowCtlType, smsg_t *pMsg) + * rgerhards, 2009-06-16 +@@ -3105,12 +3138,18 @@ doEnqSingleObj(qqueue_t *pThis, flowControl_t flowCtlType, smsg_t *pMsg) "discarding QueueSize=%d MaxQueueSize=%d sizeOnDisk=%lld " "sizeOnDiskMax=%lld\n", pThis->iQueueSize, pThis->iMaxQueueSize, pThis->tVars.disk.sizeOnDisk, pThis->sizeOnDiskMax); ++#ifdef HAVE_LIBSYSTEMD + PrintQueueFullLog(pThis, TIMEOUT_ENQUEUE_ZERO); ++#endif STATSCOUNTER_INC(pThis->ctrFDscrd, pThis->mutCtrFDscrd); msgDestruct(&pMsg); ABORT_FINALIZE(RS_RET_QUEUE_FULL); } else { DBGOPRINT((obj_t*) pThis, "doEnqSingleObject: queue FULL - waiting %dms to drain.\n", pThis->toEnq); ++#ifdef HAVE_LIBSYSTEMD + PrintQueueFullLog(pThis, TIMEOUT_ENQUEUE_NONZERO); ++#endif if(glbl.GetGlobalInputTermState()) { DBGOPRINT((obj_t*) pThis, "doEnqSingleObject: queue FULL, discard due to " "FORCE_TERM.\n"); -- -2.23.0 +2.19.1 diff --git a/print-main-queue-info-to-journal-when-receive-USR1-signal.patch b/print-main-queue-info-to-journal-when-receive-USR1-signal.patch index 1924a74..08103c7 100644 --- a/print-main-queue-info-to-journal-when-receive-USR1-signal.patch +++ b/print-main-queue-info-to-journal-when-receive-USR1-signal.patch @@ -2,70 +2,78 @@ From 27ee1b988a465e5f89e8a9234f4a01c34cab4387 Mon Sep 17 00:00:00 2001 From: wangshouping Date: Mon, 27 Apr 2020 08:53:18 -0400 Subject: [PATCH] print main queue info to journal when receive USR1 signal -Signed-off-by: wangshouping - -V-2: add macro control for systemd/sd-journal.h -Signed-off-by: pengyi37 +Signed-off-by: wangshouping --- - tools/rsyslogd.c | 19 ++++++++++++++++++- - 1 file changed, 18 insertions(+), 1 deletion(-) + tools/rsyslogd.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c -index f1eea07..657f4de 100644 +index f1eea07..36aae54 100644 --- a/tools/rsyslogd.c +++ b/tools/rsyslogd.c @@ -36,6 +36,7 @@ #endif #ifdef HAVE_LIBSYSTEMD # include -+# include ++#include #endif #include "rsyslog.h" -@@ -180,6 +181,7 @@ void rsyslogdDoDie(int sig); +@@ -180,6 +181,9 @@ void rsyslogdDoDie(int sig); /* global data items */ static int bChildDied; static int bHadHUP; ++#ifdef HAVE_LIBSYSTEMD +static int g_bRecordQueue; ++#endif static int doFork = 1; /* fork - run in daemon mode - read-only after startup */ int bFinished = 0; /* used by termination signal handler, read-only except there * is either 0 or the number of the signal that requested the -@@ -1269,8 +1271,13 @@ rsyslogdDebugSwitch(void) +@@ -1269,9 +1273,16 @@ rsyslogdDebugSwitch(void) dbgprintf("\n"); debugging_on = 0; } + } ++#ifdef HAVE_LIBSYSTEMD +static void RsyslogdDebugQueue(void) +{ + g_bRecordQueue = 1; +} ++#endif /* This is the main entry point into rsyslogd. Over time, we should try to * modularize it a bit more... -@@ -1618,7 +1625,7 @@ initAll(int argc, char **argv) + * +@@ -1618,7 +1629,11 @@ initAll(int argc, char **argv) hdlr_enable(SIGINT, rsyslogdDoDie); hdlr_enable(SIGQUIT, rsyslogdDoDie); } else { -- hdlr_enable(SIGUSR1, SIG_IGN); ++#ifdef HAVE_LIBSYSTEMD + hdlr_enable(SIGUSR1, RsyslogdDebugQueue); ++#else + hdlr_enable(SIGUSR1, SIG_IGN); ++#endif hdlr_enable(SIGINT, SIG_IGN); hdlr_enable(SIGQUIT, SIG_IGN); } -@@ -1956,6 +1963,7 @@ mainloop(void) +@@ -1956,6 +1971,9 @@ mainloop(void) sigaddset(&sigblockset, SIGTERM); sigaddset(&sigblockset, SIGCHLD); sigaddset(&sigblockset, SIGHUP); ++#ifdef HAVE_LIBSYSTEMD + sigaddset(&sigblockset, SIGUSR1); ++#endif do { processImInternal(); -@@ -1970,6 +1978,15 @@ mainloop(void) +@@ -1970,6 +1988,17 @@ mainloop(void) doHUP(); bHadHUP = 0; } ++#ifdef HAVE_LIBSYSTEMD + if (g_bRecordQueue) { + if (pMsgQueue != NULL) { + sd_journal_print(LOG_NOTICE, "main queue size information: current QueueSize=%d MaxQueueSize=%d\n", @@ -75,9 +83,10 @@ index f1eea07..657f4de 100644 + } + g_bRecordQueue = 0; + } ++#endif if(bFinished) break; /* exit as quickly as possible */ -- -2.23.0 +2.19.1 diff --git a/rsyslog.spec b/rsyslog.spec index 9b14e1e..f43def3 100644 --- a/rsyslog.spec +++ b/rsyslog.spec @@ -7,7 +7,7 @@ Name: rsyslog Version: 8.2110.0 -Release: 17 +Release: 18 Summary: The rocket-fast system for log processing License: (GPLv3+ and ASL 2.0) URL: http://www.rsyslog.com/ @@ -26,10 +26,8 @@ Patch9000: rsyslog-8.24.0-ensure-parent-dir-exists-when-writting-log-file.p Patch9001: bugfix-rsyslog-7.4.7-imjournal-add-monotonic-timestamp.patch Patch9002: bugfix-rsyslog-7.4.7-add-configuration-to-avoid-memory-leak.patch Patch9003: rsyslog-8.37.0-initialize-variables-and-check-return-value.patch -%if %{systemd_lived} == 1 Patch9004: print-main-queue-info-to-journal-when-queue-full.patch Patch9005: print-main-queue-info-to-journal-when-receive-USR1-signal.patch -%endif Patch9006: bugfix-CVE-2022-24903.patch Patch6000: backport-testbench-skip-omfwd_fast_imuxsock.sh-if-liblogging-stdlog-is-not-available.patch @@ -536,6 +534,12 @@ done %{_mandir}/man1/rscryutil.1.gz %changelog +* Mon Oct 30 2023 zhangqiumiao - 8.2110.0-18 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:adapt for non-systemd scenario + * Tue Oct 10 2023 renyi <977713017@qq.com> - 8.2110.0-17 - Type:NA - ID:NA -- Gitee