From 3d34a474c0ec8dd01407b1ee36519b4d09315ec5 Mon Sep 17 00:00:00 2001 From: Qiumiao Zhang Date: Mon, 29 Sep 2025 06:33:26 +0000 Subject: [PATCH] backport some patches from upstream Signed-off-by: Qiumiao Zhang --- ...not-try-to-call-a-function-if-it-doe.patch | 49 +++++++++++++ ...oid-blocking-sockets-during-TLS-hand.patch | 54 +++++++++++++++ ...gfix-Add-timeout-to-GnuTLS-handshake.patch | 50 ++++++++++++++ ...al-NULL-ptr-access-on-HUP-in-very-ea.patch | 31 +++++++++ ...fwd-fix-segfault-in-UDP-freeaddrinfo.patch | 32 +++++++++ ...tls-TLS-driver-fix-small-memory-leak.patch | 30 ++++++++ ...-startup-bugfix-cosmetic-memory-leak.patch | 51 ++++++++++++++ ...ix-potential-misadressing-in-sigmask.patch | 29 ++++++++ ...-remove-defect-type-of-RESOURCE_LEAK.patch | 38 ++++++++++ ...rflow-when-the-argument-to-replace-i.patch | 69 +++++++++++++++++++ ...o-not-free-the-uninitialized-cstring.patch | 46 +++++++++++++ ...-Fix-passing-the-value-to-EscapeChar.patch | 35 ++++++++++ ...ort-Fix-runConf-NULL-pointer-refence.patch | 31 +++++++++ backport-Keep-original-free-pattern.patch | 27 ++++++++ ...ove-connection-failure-error-message.patch | 56 +++++++++++++++ ...-debugging-messages-emited-to-stderr.patch | 31 +++++++++ rsyslog.spec | 39 ++++++++++- 17 files changed, 697 insertions(+), 1 deletion(-) create mode 100644 backport-0001-rainerscript-do-not-try-to-call-a-function-if-it-doe.patch create mode 100644 backport-0002-gnutls-bugfix-Avoid-blocking-sockets-during-TLS-hand.patch create mode 100644 backport-0003-gnutls-bugfix-Add-timeout-to-GnuTLS-handshake.patch create mode 100644 backport-0004-core-fix-potential-NULL-ptr-access-on-HUP-in-very-ea.patch create mode 100644 backport-0005-omfwd-fix-segfault-in-UDP-freeaddrinfo.patch create mode 100644 backport-0006-gnutls-TLS-driver-fix-small-memory-leak.patch create mode 100644 backport-0007-rsyslog-startup-bugfix-cosmetic-memory-leak.patch create mode 100644 backport-0008-core-fix-potential-misadressing-in-sigmask.patch create mode 100644 backport-0009-covscan-remove-defect-type-of-RESOURCE_LEAK.patch create mode 100644 backport-0010-Fix-a-buffer-overflow-when-the-argument-to-replace-i.patch create mode 100644 backport-Do-not-free-the-uninitialized-cstring.patch create mode 100644 backport-Fix-passing-the-value-to-EscapeChar.patch create mode 100644 backport-Fix-runConf-NULL-pointer-refence.patch create mode 100644 backport-Keep-original-free-pattern.patch create mode 100644 backport-network-subsystem-improve-connection-failure-error-message.patch create mode 100644 backport-nsd_ptcp-regression-fix-remove-debugging-messages-emited-to-stderr.patch diff --git a/backport-0001-rainerscript-do-not-try-to-call-a-function-if-it-doe.patch b/backport-0001-rainerscript-do-not-try-to-call-a-function-if-it-doe.patch new file mode 100644 index 0000000..22e985b --- /dev/null +++ b/backport-0001-rainerscript-do-not-try-to-call-a-function-if-it-doe.patch @@ -0,0 +1,49 @@ +From 52eea209f1d960df3b90fa677b436f2e5b0e52cb Mon Sep 17 00:00:00 2001 +From: Cropi +Date: Wed, 25 Sep 2024 10:32:49 +0200 +Subject: [PATCH 01/10] rainerscript: do not try to call a function if it does + not exist + +Reference:https://github.com/rsyslog/rsyslog/commit/3ccbc99a1bf6b2da543c9db9ac03aca2019fc50f +Conflict:NA +--- + grammar/rainerscript.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c +index bd30ef2..59a033a 100644 +--- a/grammar/rainerscript.c ++++ b/grammar/rainerscript.c +@@ -2886,11 +2886,6 @@ doFuncCall(struct cnffunc *__restrict__ const func, struct svar *__restrict__ co + free(fname); + } + if(func->fPtr == NULL) { +- char *fname = es_str2cstr(func->fname, NULL); +- LogError(0, RS_RET_INTERNAL_ERROR, +- "rainerscript: internal error: NULL pointer for function named '%s'\n", +- fname); +- free(fname); + ret->datatype = 'N'; + ret->d.n = 0; + } else { +@@ -3787,7 +3782,7 @@ cnffuncDestruct(struct cnffunc *func) + char *cstr = es_str2cstr(func->fname, NULL); + struct scriptFunct *foundFunc = searchModList(cstr); + free(cstr); +- if(foundFunc->destruct != NULL) { ++ if(foundFunc && foundFunc->destruct != NULL) { + foundFunc->destruct(func); + } + +@@ -5285,7 +5280,7 @@ cnffuncNew(es_str_t *fname, struct cnffparamlst* paramlst) + } + /* some functions require special initialization */ + struct scriptFunct *foundFunc = searchModList(cstr); +- if(foundFunc->initFunc != NULL) { ++ if(foundFunc && foundFunc->initFunc != NULL) { + foundFunc->initFunc(func); + } + free(cstr); +-- +2.19.1 + \ No newline at end of file diff --git a/backport-0002-gnutls-bugfix-Avoid-blocking-sockets-during-TLS-hand.patch b/backport-0002-gnutls-bugfix-Avoid-blocking-sockets-during-TLS-hand.patch new file mode 100644 index 0000000..34fce7a --- /dev/null +++ b/backport-0002-gnutls-bugfix-Avoid-blocking-sockets-during-TLS-hand.patch @@ -0,0 +1,54 @@ +From 273df3ab2791d1566729e1e849340ba5bb4ebb1a Mon Sep 17 00:00:00 2001 +From: Cropi +Date: Mon, 18 Nov 2024 09:54:48 +0100 +Subject: [PATCH 02/10] gnutls bugfix: Avoid blocking sockets during TLS + handshake + +When forwarding logs to a TLS server, using a blocking socket +can lead to indefinite waiting during the gnutls_handshake() +call if the server does not respond as expected. + +This commit modifies the behavior to use non-blocking sockets, +ensuring that the rsyslog client does not hang indefinitely +waiting for a response. + +Reference:https://github.com/rsyslog/rsyslog/commit/d24fd00c935e167a095f4725262ad52546404552 +Conflict:NA +--- + runtime/nsd_gtls.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index 8ee8792..4712be4 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -2193,6 +2193,7 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host, char *device) + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + int sock; + int gnuRet; ++ int flags; + const char *error_position; + # ifdef HAVE_GNUTLS_CERTIFICATE_TYPE_SET_PRIORITY + static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 }; +@@ -2294,10 +2295,17 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host, char *device) + gnutls_dh_set_prime_bits(pThis->sess, dhMinBits); + } + +- /* assign the socket to GnuTls */ + CHKiRet(nsd_ptcp.GetSock(pThis->pTcp, &sock)); ++ /* Set the socket to non-blocking mode */ ++ flags = fcntl(sock, F_GETFL, 0); ++ if (flags != -1) { ++ fcntl(sock, F_SETFL, flags | O_NONBLOCK); ++ } ++ ++ /* assign the socket to GnuTls */ + gtlsSetTransportPtr(pThis, sock); + ++ + /* we need to store the hostname as an alternate mean of authentication if no + * permitted peer names are given. Using the hostname is quite useful. It permits + * auto-configuration of security if a commen root cert is present. -- rgerhards, 2008-05-26 +-- +2.19.1 + \ No newline at end of file diff --git a/backport-0003-gnutls-bugfix-Add-timeout-to-GnuTLS-handshake.patch b/backport-0003-gnutls-bugfix-Add-timeout-to-GnuTLS-handshake.patch new file mode 100644 index 0000000..8685930 --- /dev/null +++ b/backport-0003-gnutls-bugfix-Add-timeout-to-GnuTLS-handshake.patch @@ -0,0 +1,50 @@ +From 6715fd7c4ead70b513e7f19095463de958c85abe Mon Sep 17 00:00:00 2001 +From: Cropi +Date: Mon, 18 Nov 2024 13:51:02 +0100 +Subject: [PATCH 03/10] gnutls bugfix: Add timeout to GnuTLS handshake + +When forwarding logs to a remote server, it appears that an rsyslog +client with gtls netstream driver will wait forever on TLS handshake +to complete if the server doesn't answer. Adding a timeout fixes +the error. + +Reference:https://github.com/rsyslog/rsyslog/commit/56deafaa49f039ede3f02428c5e8c56e4493cd55 +Conflict:NA +--- + runtime/nsd_gtls.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index 4712be4..6dbebae 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -2193,7 +2193,6 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host, char *device) + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + int sock; + int gnuRet; +- int flags; + const char *error_position; + # ifdef HAVE_GNUTLS_CERTIFICATE_TYPE_SET_PRIORITY + static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 }; +@@ -2296,11 +2295,6 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host, char *device) + } + + CHKiRet(nsd_ptcp.GetSock(pThis->pTcp, &sock)); +- /* Set the socket to non-blocking mode */ +- flags = fcntl(sock, F_GETFL, 0); +- if (flags != -1) { +- fcntl(sock, F_SETFL, flags | O_NONBLOCK); +- } + + /* assign the socket to GnuTls */ + gtlsSetTransportPtr(pThis, sock); +@@ -2313,6 +2307,7 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host, char *device) + CHKmalloc(pThis->pszConnectHost = (uchar*)strdup((char*)host)); + + /* and perform the handshake */ ++ gnutls_handshake_set_timeout(pThis->sess, 3000); + CHKgnutls(gnutls_handshake(pThis->sess)); + dbgprintf("GnuTLS handshake succeeded\n"); + +-- +2.19.1 diff --git a/backport-0004-core-fix-potential-NULL-ptr-access-on-HUP-in-very-ea.patch b/backport-0004-core-fix-potential-NULL-ptr-access-on-HUP-in-very-ea.patch new file mode 100644 index 0000000..f02bb19 --- /dev/null +++ b/backport-0004-core-fix-potential-NULL-ptr-access-on-HUP-in-very-ea.patch @@ -0,0 +1,31 @@ +From 729d246b7bf865e43fb3311ce0e63095469c35af Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Wed, 26 Feb 2025 17:34:03 +0100 +Subject: [PATCH 04/10] core: fix potential NULL ptr access on HUP in very + early startup phase + +found be clang static analyzer, no report from practice. This could +potentially happend during early startup when the config was not +yet full read while HUP was received. + +Reference:https://github.com/rsyslog/rsyslog/commit/3c00ecb73e72abaa436a06421980cb02de5d0515 +Conflict:NA +--- + tools/rsyslogd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c +index 7b909bc..4a8c3fd 100644 +--- a/tools/rsyslogd.c ++++ b/tools/rsyslogd.c +@@ -1852,7 +1852,7 @@ doHUP(void) + char buf[512]; + + DBGPRINTF("doHUP: doing modules\n"); +- if(ourConf->globals.bLogStatusMsgs) { ++ if(ourConf != NULL && ourConf->globals.bLogStatusMsgs) { + snprintf(buf, sizeof(buf), + "[origin software=\"rsyslogd\" " "swVersion=\"" VERSION + "\" x-pid=\"%d\" x-info=\"https://www.rsyslog.com\"] rsyslogd was HUPed", +-- +2.19.1 diff --git a/backport-0005-omfwd-fix-segfault-in-UDP-freeaddrinfo.patch b/backport-0005-omfwd-fix-segfault-in-UDP-freeaddrinfo.patch new file mode 100644 index 0000000..dd99e96 --- /dev/null +++ b/backport-0005-omfwd-fix-segfault-in-UDP-freeaddrinfo.patch @@ -0,0 +1,32 @@ +From 978b902077042052841ba62037409a3b72e735bc Mon Sep 17 00:00:00 2001 +From: azpema +Date: Thu, 20 Jun 2024 13:39:08 +0200 +Subject: [PATCH 05/10] omfwd: fix segfault in UDP freeaddrinfo + +Reference:https://github.com/rsyslog/rsyslog/commit/0ac9aafb72588ff6c5bc0923fee2dcc7076f4855 +Conflict:NA +--- + tools/omfwd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/omfwd.c b/tools/omfwd.c +index d1eeeff..a47872f 100644 +--- a/tools/omfwd.c ++++ b/tools/omfwd.c +@@ -982,13 +982,13 @@ static rsRetVal doTryResume(wrkrInstanceData_t *pWrkrData) + hints.ai_family = res->ai_family; + hints.ai_flags |= AI_PASSIVE; + iErr = getaddrinfo(pData->address, pData->port, &hints, &addr); +- freeaddrinfo(addr); + if(iErr != 0) { + LogError(0, RS_RET_SUSPENDED, + "omfwd: cannot use bind address '%s' for host '%s': %s", + pData->address, pData->target, gai_strerror(iErr)); + ABORT_FINALIZE(RS_RET_SUSPENDED); + } ++ freeaddrinfo(addr); + bBindRequired = 1; + address = pData->address; + } +-- +2.19.1 diff --git a/backport-0006-gnutls-TLS-driver-fix-small-memory-leak.patch b/backport-0006-gnutls-TLS-driver-fix-small-memory-leak.patch new file mode 100644 index 0000000..0858e35 --- /dev/null +++ b/backport-0006-gnutls-TLS-driver-fix-small-memory-leak.patch @@ -0,0 +1,30 @@ +From 9d46b83abd28aab67b549f957076d86588c2e948 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Wed, 5 Mar 2025 12:13:38 +0100 +Subject: [PATCH 06/10] gnutls TLS driver: fix small memory leak + +found by CoverityScan + +see also https://github.com/rsyslog/rsyslog/pull/5329 + +Reference:https://github.com/rsyslog/rsyslog/commit/ff6f4ceeed8ba715ea0e26d36e2afac2f6c07931 +Conflict:NA +--- + runtime/nsd_gtls.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index 6dbebae..3881444 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -995,6 +995,8 @@ gtlsChkPeerFingerprint(nsd_gtls_t *pThis, gnutls_x509_crt_t *pCert) + finalize_it: + if(pstrFingerprint != NULL) + cstrDestruct(&pstrFingerprint); ++ if(pstrFingerprintSha256 != NULL) ++ cstrDestruct(&pstrFingerprintSha256); + RETiRet; + } + +-- +2.19.1 diff --git a/backport-0007-rsyslog-startup-bugfix-cosmetic-memory-leak.patch b/backport-0007-rsyslog-startup-bugfix-cosmetic-memory-leak.patch new file mode 100644 index 0000000..39e7ecb --- /dev/null +++ b/backport-0007-rsyslog-startup-bugfix-cosmetic-memory-leak.patch @@ -0,0 +1,51 @@ +From 91e2a19a9da84fe12305e35d3853259c57ac2afc Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Wed, 5 Mar 2025 12:20:16 +0100 +Subject: [PATCH 07/10] rsyslog startup bugfix: cosmetic memory leak + +This was detected by Coverity Scan, and we "fix" it to keep Coverity +silent. It is a < 100 byte mem leak that occurs once on startup. + +Reference:https://github.com/rsyslog/rsyslog/commit/6c04651db771fc44f24d3bef499bdf6837633042 +Conflict:NA +--- + tools/rsyslogd.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c +index 4a8c3fd..7994fb9 100644 +--- a/tools/rsyslogd.c ++++ b/tools/rsyslogd.c +@@ -278,7 +278,7 @@ writePidFile(void) + FILE *fp; + DEFiRet; + +- const char *tmpPidFile; ++ const char *tmpPidFile = NULL; + + if(!strcmp(PidFile, NO_PIDFILE)) { + FINALIZE; +@@ -288,6 +288,7 @@ writePidFile(void) + } + if(tmpPidFile == NULL) + tmpPidFile = PidFile; ++ + DBGPRINTF("rsyslogd: writing pidfile '%s'.\n", tmpPidFile); + if((fp = fopen((char*) tmpPidFile, "w")) == NULL) { + perror("rsyslogd: error writing pid file (creation stage)\n"); +@@ -301,9 +302,12 @@ writePidFile(void) + if(rename(tmpPidFile, PidFile) != 0) { + perror("rsyslogd: error writing pid file (rename stage)"); + } +- free((void*)tmpPidFile); + } ++ + finalize_it: ++ if(tmpPidFile != PidFile) { ++ free((void*)tmpPidFile); ++ } + RETiRet; + } + +-- +2.19.1 diff --git a/backport-0008-core-fix-potential-misadressing-in-sigmask.patch b/backport-0008-core-fix-potential-misadressing-in-sigmask.patch new file mode 100644 index 0000000..346a46f --- /dev/null +++ b/backport-0008-core-fix-potential-misadressing-in-sigmask.patch @@ -0,0 +1,29 @@ +From 25418318898ab0d5079ea8808b95382f9b13e966 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Wed, 5 Mar 2025 15:17:56 +0100 +Subject: [PATCH 08/10] core: fix potential misadressing in sigmask + +This code is inside rsyslog for many years w/o any problems, but +during new testing we saw that the signal mask is potentially not +properly initialized. + +Reference:https://github.com/rsyslog/rsyslog/commit/6b1b15842c7bb71948c37c362053bd1a1cec98d8 +Conflict:NA +--- + tools/rsyslogd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c +index 7994fb9..dab336d 100644 +--- a/tools/rsyslogd.c ++++ b/tools/rsyslogd.c +@@ -2054,6 +2054,7 @@ mainloop(void) + #endif + + do { ++ sigemptyset(&origmask); + pthread_sigmask(SIG_BLOCK, &sigblockset, &origmask); + pthread_mutex_lock(&mutChildDied); + need_free_mutex = 1; +-- +2.19.1 diff --git a/backport-0009-covscan-remove-defect-type-of-RESOURCE_LEAK.patch b/backport-0009-covscan-remove-defect-type-of-RESOURCE_LEAK.patch new file mode 100644 index 0000000..f37f43d --- /dev/null +++ b/backport-0009-covscan-remove-defect-type-of-RESOURCE_LEAK.patch @@ -0,0 +1,38 @@ +From 944886eb58a3ff2dbc0b11a02ce989b4be7fe100 Mon Sep 17 00:00:00 2001 +From: alakatos +Date: Thu, 15 Feb 2024 11:03:36 +0100 +Subject: [PATCH 09/10] covscan: remove defect type of RESOURCE_LEAK + +Fix memory leaks when evaluating variable in rainerscript + +Reference:https://github.com/rsyslog/rsyslog/commit/09a3448a3e6ac5aa7065fd56d229a66eacece4db +Conflict:NA +--- + grammar/rainerscript.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c +index 59a033a..48a5174 100644 +--- a/grammar/rainerscript.c ++++ b/grammar/rainerscript.c +@@ -2923,7 +2923,7 @@ evalVar(struct cnfvar *__restrict__ const var, void *__restrict__ const usrptr, + unsigned short bMustBeFreed = 0; + rsRetVal localRet; + struct json_object *json; +- uchar *cstr; ++ uchar *cstr = NULL; + + if(var->prop.id == PROP_CEE || + var->prop.id == PROP_LOCAL_VAR || +@@ -2942,8 +2942,8 @@ evalVar(struct cnfvar *__restrict__ const var, void *__restrict__ const usrptr, + ret->d.estr = (localRet != RS_RET_OK || cstr == NULL) ? + es_newStr(1) + : es_newStrFromCStr((char*) cstr, strlen((char*) cstr)); +- free(cstr); + } ++ free(cstr); + } else { + ret->datatype = 'S'; + pszProp = (uchar*) MsgGetProp((smsg_t*)usrptr, NULL, &var->prop, &propLen, &bMustBeFreed, NULL); +-- +2.19.1 diff --git a/backport-0010-Fix-a-buffer-overflow-when-the-argument-to-replace-i.patch b/backport-0010-Fix-a-buffer-overflow-when-the-argument-to-replace-i.patch new file mode 100644 index 0000000..e0434d5 --- /dev/null +++ b/backport-0010-Fix-a-buffer-overflow-when-the-argument-to-replace-i.patch @@ -0,0 +1,69 @@ +From eb0d9419359c47ead20341d6a506a92bc401ef47 Mon Sep 17 00:00:00 2001 +From: Lincoln Ramsay +Date: Thu, 6 Mar 2025 06:26:47 +0800 +Subject: [PATCH 10/10] Fix a buffer overflow when the argument to replace is + empty + +We have these expressions in rsyslogd.conf. + + set $!rsyslog_FileFormat = exec_template("RSYSLOG_FileFormat") + set $!localheader = re_extract($!rsyslog_FileFormat, "[^ ]+.* +port[0-9]", 0, 0, ""); + set $!localpattern = re_extract($!rsyslog_FileFormat, " [^ ]+ +[^ ]+ +port[0-9]", 0, 0, ""); + set $!localheader = replace($!localheader, $!localpattern, " "); + +We have a message like this arriving. + + <30>Feb 24 22:08:21 hostname port03 'label' RXDATA: \n + +It was observed that when 2 of these messages arrive in a row, rsyslogd +crashes. This is clearly due to memory corruption, as the crash comes +from within calloc. + +Unlike the crash, valgrind only complained about the first message. It +reported that the 'find' variable was being accessed in the replace +function, reading past allocated data. + +The localpattern variable ends up "empty" (null?), because the pattern +fails to match. This ends up passed into the replace function as an +es_str_t with a length and buffer length of 0. There is no string data, +not even a null terminator. + +As a result, the 'find' pointer is invalid, and accessing it is an +error. Protect against accessing the 'find' pointer when the buffer is +empty by exiting the two loops when j == lfind and lfind == 0. + +This removes the report from valgrind, and stops rsyslogd from crashing. + +Reference:https://github.com/rsyslog/rsyslog/commit/e06569ecea1b5c0cd1c35699f31ab3929d431d2a +Conflict:NA +--- + grammar/rainerscript.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c +index 48a5174..bf60426 100644 +--- a/grammar/rainerscript.c ++++ b/grammar/rainerscript.c +@@ -1755,6 +1755,7 @@ doFuncReplace(struct svar *__restrict__ const operandVal, struct svar *__restric + if (j == lfind) { + lDst = lDst - lfind + lReplaceWith; + j = 0; ++ if (lfind == 0) break; + } + if (i == lSrc) break; + if (src_buff[i] == find[j]) { +@@ -1770,9 +1771,10 @@ doFuncReplace(struct svar *__restrict__ const operandVal, struct svar *__restric + uint k, s; + for(i = j = s = 0; i <= lSrc; i++, s++) { + if (j == lfind) { +- s -= j; +- for (k = 0; k < lReplaceWith; k++, s++) dest[s] = replaceWith[k]; ++ s -= j; ++ for (k = 0; k < lReplaceWith; k++, s++) dest[s] = replaceWith[k]; + j = 0; ++ if (lfind == 0) break; + } + if (i == lSrc) break; + if (src_buff[i] == find[j]) { +-- +2.19.1 diff --git a/backport-Do-not-free-the-uninitialized-cstring.patch b/backport-Do-not-free-the-uninitialized-cstring.patch new file mode 100644 index 0000000..0f187c2 --- /dev/null +++ b/backport-Do-not-free-the-uninitialized-cstring.patch @@ -0,0 +1,46 @@ +From 7d8519c92d55f073b4a6cc57e27ea34b5c4dc5d1 Mon Sep 17 00:00:00 2001 +From: Flos Lonicerae +Date: Fri, 19 Apr 2024 16:55:55 +0800 +Subject: [PATCH] Do not free the uninitialized cstring. + + * Better deal with corrupted queue messages + +Reference:https://github.com/rsyslog/rsyslog/commit/7d8519c92d55f073b4a6cc57e27ea34b5c4dc5d1 +Conflict:NA +--- + runtime/obj.c | 6 +++++- + runtime/stringbuf.c | 2 +- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/runtime/obj.c b/runtime/obj.c +index c78b1d27ab..03a56f7a3a 100644 +--- a/runtime/obj.c ++++ b/runtime/obj.c +@@ -518,7 +518,11 @@ static rsRetVal objDeserializeStr(cstr_t **ppCStr, int iLen, strm_t *pStrm) + cstrFinalize(pCStr); + + /* check terminator */ +- if(c != ':') ABORT_FINALIZE(RS_RET_INVALID_DELIMITER); ++ if(c != ':') { ++ /* Initialized to NULL */ ++ *ppCStr = NULL; ++ ABORT_FINALIZE(RS_RET_INVALID_DELIMITER); ++ } + + *ppCStr = pCStr; + +diff --git a/runtime/stringbuf.c b/runtime/stringbuf.c +index ea39b7c821..9c639a04e9 100644 +--- a/runtime/stringbuf.c ++++ b/runtime/stringbuf.c +@@ -219,7 +219,7 @@ rsCStrConstructFromCStr(cstr_t **const ppThis, const cstr_t *const pFrom) + + void rsCStrDestruct(cstr_t **const ppThis) + { +- free((*ppThis)->pBuf); ++ if ((*ppThis)->pBuf) free((*ppThis)->pBuf); + RSFREEOBJ(*ppThis); + *ppThis = NULL; + } +-- +2.19.1 diff --git a/backport-Fix-passing-the-value-to-EscapeChar.patch b/backport-Fix-passing-the-value-to-EscapeChar.patch new file mode 100644 index 0000000..3dfa74c --- /dev/null +++ b/backport-Fix-passing-the-value-to-EscapeChar.patch @@ -0,0 +1,35 @@ +From 8f203bb219e08ec2e685d190ea21d5a7c7cecf44 Mon Sep 17 00:00:00 2001 +From: Flos Lonicerae +Date: Wed, 8 May 2024 16:45:39 +0800 +Subject: [PATCH] Fix passing the value to EscapeChar. + +Reference:https://github.com/rsyslog/rsyslog/commit/8f203bb219e08ec2e685d190ea21d5a7c7cecf44 +Conflict:NA +--- + runtime/cfsysline.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/runtime/cfsysline.c b/runtime/cfsysline.c +index 34b1cd7a38..06fdb4bb05 100644 +--- a/runtime/cfsysline.c ++++ b/runtime/cfsysline.c +@@ -59,7 +59,7 @@ linkedList_t llCmdList; /* this is NOT a pointer - no typo here ;) */ + * HINT: check if char is ' and, if so, use 'c' where c may also be things + * like \t etc. + */ +-static rsRetVal doGetChar(uchar **pp, rsRetVal (*pSetHdlr)(void*, uid_t), void *pVal) ++static rsRetVal doGetChar(uchar **pp, rsRetVal (*pSetHdlr)(void*, uchar*), void *pVal) + { + DEFiRet; + +@@ -78,7 +78,7 @@ static rsRetVal doGetChar(uchar **pp, rsRetVal (*pSetHdlr)(void*, uid_t), void * + *((uchar*)pVal) = **pp; + } else { + /* we set value via a set function */ +- CHKiRet(pSetHdlr(pVal, **pp)); ++ CHKiRet(pSetHdlr(pVal, *pp)); + } + ++(*pp); /* eat processed char */ + } +-- +2.19.1 diff --git a/backport-Fix-runConf-NULL-pointer-refence.patch b/backport-Fix-runConf-NULL-pointer-refence.patch new file mode 100644 index 0000000..07bc9d1 --- /dev/null +++ b/backport-Fix-runConf-NULL-pointer-refence.patch @@ -0,0 +1,31 @@ +From d38e4b7bfc5bd0137914859837dcc04076b9e1ea Mon Sep 17 00:00:00 2001 +From: Wang Haitao <45086632+apple-ouyang@users.noreply.github.com> +Date: Fri, 20 Sep 2024 17:50:37 +0800 +Subject: [PATCH] Fix runConf NULL pointer refence + +`systemd restart rsyslog` in the early start of OS will let rsyslog segmentation fault. +This cmd will send sigTerm to rsylogd, and rsyslogd will handle the signal in rsyslogdDoDie. +If the rsyslogd havn't parse the conf, the runConf will be NULL +So check the pointer before reference it. + +Reference:https://github.com/rsyslog/rsyslog/commit/d38e4b7bfc5bd0137914859837dcc04076b9e1ea +Conflict:NA +--- + tools/rsyslogd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c +index ed81df3a7f..1340b1e629 100644 +--- a/tools/rsyslogd.c ++++ b/tools/rsyslogd.c +@@ -2013,7 +2013,7 @@ rsyslogdDoDie(int sig) + abort(); + } + bFinished = sig; +- if(runConf->globals.debugOnShutdown) { ++ if(runConf && runConf->globals.debugOnShutdown) { + /* kind of hackish - set to 0, so that debug_swith will enable + * and AND emit the "start debug log" message. + */ +-- +2.19.1 diff --git a/backport-Keep-original-free-pattern.patch b/backport-Keep-original-free-pattern.patch new file mode 100644 index 0000000..60474a3 --- /dev/null +++ b/backport-Keep-original-free-pattern.patch @@ -0,0 +1,27 @@ +From 24f7a56dd95851f0417abc256281f641aaace2cc Mon Sep 17 00:00:00 2001 +From: Flos Lonicerae +Date: Wed, 1 May 2024 18:00:46 +0800 +Subject: [PATCH] Keep original free pattern. + +Reference:https://github.com/rsyslog/rsyslog/commit/24f7a56dd95851f0417abc256281f641aaace2cc +Conflict:NA + +--- + runtime/stringbuf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/runtime/stringbuf.c b/runtime/stringbuf.c +index 9c639a04e9..ea39b7c821 100644 +--- a/runtime/stringbuf.c ++++ b/runtime/stringbuf.c +@@ -219,7 +219,7 @@ rsCStrConstructFromCStr(cstr_t **const ppThis, const cstr_t *const pFrom) + + void rsCStrDestruct(cstr_t **const ppThis) + { +- if ((*ppThis)->pBuf) free((*ppThis)->pBuf); ++ free((*ppThis)->pBuf); + RSFREEOBJ(*ppThis); + *ppThis = NULL; + } +-- +2.19.1 diff --git a/backport-network-subsystem-improve-connection-failure-error-message.patch b/backport-network-subsystem-improve-connection-failure-error-message.patch new file mode 100644 index 0000000..53c33d4 --- /dev/null +++ b/backport-network-subsystem-improve-connection-failure-error-message.patch @@ -0,0 +1,56 @@ +From 9ac56b28614f1bdbe147181471a6688f4f418e9f Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Sun, 15 Sep 2024 15:24:28 +0200 +Subject: [PATCH] network subsystem: improve connection failure error message + +If we try to connect via TCP and the connections fails, we now +tell inside the error message how long the connection attempt +took. This is useful to find out if targets connect very +slowly. + +Reference:https://github.com/rsyslog/rsyslog/commit/9ac56b28614f1bdbe147181471a6688f4f418e9f +Conflict:NA +--- + runtime/nsd_ptcp.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c +index e1c1de9576..8549d5aaa3 100644 +--- a/runtime/nsd_ptcp.c ++++ b/runtime/nsd_ptcp.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + + #include "rsyslog.h" + #include "syslogd-types.h" +@@ -73,6 +74,7 @@ DEFobjCurrIf(prop) + static void + sockClose(int *pSock) + { ++ fprintf(stderr, "nsd_ptcp: closing socket %d\n", *pSock); + if(*pSock >= 0) { + close(*pSock); + *pSock = -1; +@@ -956,9 +958,15 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host, char *device) + } + } + ++ struct timeval start, end; ++ long seconds, useconds; ++ gettimeofday(&start, NULL); + if(connect(pThis->sock, res->ai_addr, res->ai_addrlen) != 0) { +- LogError(errno, RS_RET_IO_ERROR, "cannot connect to %s:%s", +- host, port); ++ gettimeofday(&end, NULL); ++ seconds = end.tv_sec - start.tv_sec; ++ useconds = end.tv_usec - start.tv_usec; ++ LogError(errno, RS_RET_IO_ERROR, "cannot connect to %s:%s (took %ld.%ld seconds)", ++ host, port, seconds, useconds / 10000); + ABORT_FINALIZE(RS_RET_IO_ERROR); + } + +-- +2.19.1 diff --git a/backport-nsd_ptcp-regression-fix-remove-debugging-messages-emited-to-stderr.patch b/backport-nsd_ptcp-regression-fix-remove-debugging-messages-emited-to-stderr.patch new file mode 100644 index 0000000..3a46b63 --- /dev/null +++ b/backport-nsd_ptcp-regression-fix-remove-debugging-messages-emited-to-stderr.patch @@ -0,0 +1,31 @@ +From 9bc4c49d0705db2656a56fe14a5a2cfe3f6c9ac2 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Tue, 12 Nov 2024 10:54:00 +0100 +Subject: [PATCH] nsd_ptcp regression fix: remove debugging messages emited to + stderr + +fix regression introduced by 9ac56b286. This spits out a debug message +to stderr. That message is removed by this patch here. + +closes https://github.com/rsyslog/rsyslog/issues/5485 + +Reference:https://github.com/rsyslog/rsyslog/commit/9bc4c49d0705db2656a56fe14a5a2cfe3f6c9ac2 +Conflict:NA +--- + runtime/nsd_ptcp.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c +index 8549d5aaa3..240482b72a 100644 +--- a/runtime/nsd_ptcp.c ++++ b/runtime/nsd_ptcp.c +@@ -74,7 +74,6 @@ DEFobjCurrIf(prop) + static void + sockClose(int *pSock) + { +- fprintf(stderr, "nsd_ptcp: closing socket %d\n", *pSock); + if(*pSock >= 0) { + close(*pSock); + *pSock = -1; +-- +2.19.1 diff --git a/rsyslog.spec b/rsyslog.spec index 90af3bc..365b730 100644 --- a/rsyslog.spec +++ b/rsyslog.spec @@ -7,7 +7,7 @@ Name: rsyslog Version: 8.2210.0 -Release: 9 +Release: 10 Summary: The rocket-fast system for log processing License: (GPLv3+ and ASL 2.0) URL: http://www.rsyslog.com/ @@ -52,6 +52,22 @@ Patch6019: backport-tcp-net-subsystem-handle-data-race-gracefully.patch Patch6020: backport-imfile-remove-state-file-on-file-delete-fix.patch Patch6021: backport-core-bugfix-rsyslog-messages-may-not-always-have-FQD.patch Patch6022: backport-omfile-do-not-carry-out-actual-action-when-writing-t.patch +Patch6023: backport-Fix-passing-the-value-to-EscapeChar.patch +Patch6024: backport-Do-not-free-the-uninitialized-cstring.patch +Patch6025: backport-Keep-original-free-pattern.patch +Patch6026: backport-network-subsystem-improve-connection-failure-error-message.patch +Patch6027: backport-Fix-runConf-NULL-pointer-refence.patch +Patch6028: backport-nsd_ptcp-regression-fix-remove-debugging-messages-emited-to-stderr.patch +Patch6029: backport-0001-rainerscript-do-not-try-to-call-a-function-if-it-doe.patch +Patch6030: backport-0002-gnutls-bugfix-Avoid-blocking-sockets-during-TLS-hand.patch +Patch6031: backport-0003-gnutls-bugfix-Add-timeout-to-GnuTLS-handshake.patch +Patch6032: backport-0004-core-fix-potential-NULL-ptr-access-on-HUP-in-very-ea.patch +Patch6033: backport-0005-omfwd-fix-segfault-in-UDP-freeaddrinfo.patch +Patch6034: backport-0006-gnutls-TLS-driver-fix-small-memory-leak.patch +Patch6035: backport-0007-rsyslog-startup-bugfix-cosmetic-memory-leak.patch +Patch6036: backport-0008-core-fix-potential-misadressing-in-sigmask.patch +Patch6037: backport-0009-covscan-remove-defect-type-of-RESOURCE_LEAK.patch +Patch6038: backport-0010-Fix-a-buffer-overflow-when-the-argument-to-replace-i.patch BuildRequires: gcc autoconf automake bison dos2unix flex pkgconfig python3-docutils libtool BuildRequires: libgcrypt-devel libuuid-devel zlib-devel krb5-devel libnet-devel gnutls-devel @@ -517,6 +533,27 @@ done %{_mandir}/man1/rscryutil.1.gz %changelog +* Mon Sep 29 2025 zhangqiumiao - 8.2210.0-10 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:rainerscript: do not try to call a function if it does not exist + gnutls bugfix: Avoid blocking sockets during TLS handshake + gnutls bugfix: Add timeout to GnuTLS handshake + core: fix potential NULL ptr access on HUP in very early startup phase + omfwd: fix segfault in UDP freeaddrinfo + gnutls TLS driver: fix small memory leak + rsyslog startup bugfix: cosmetic memory leak + core: fix potential misadressing in sigmask + covscan: remove defect type of RESOURCE_LEAK + Fix a buffer overflow when the argument to replace is empty + Fix passing the value to EscapeChar + Do not free the uninitialized cstring + Keep original free pattern + network subsystem: improve connection failure error message + Fix runConf NULL pointer refence + nsd_ptcp regression fix: remove debugging messages emited to stderr + * Tue Jun 18 2024 zhangqiumiao - 8.2210.0-9 - Type:bugfix - CVE:NA -- Gitee