Hello community, here is the log from the commit of package rsyslog.3054 for openSUSE:13.1:Update checked in at 2014-10-15 16:00:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/rsyslog.3054 (Old) and /work/SRC/openSUSE:13.1:Update/.rsyslog.3054.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsyslog.3054" Changes: -------- New Changes file: --- /dev/null 2014-09-26 12:09:11.568032006 +0200 +++ /work/SRC/openSUSE:13.1:Update/.rsyslog.3054.new/rsyslog.changes 2014-10-15 16:00:02.000000000 +0200 @@ -0,0 +1,1380 @@ +------------------------------------------------------------------- +Mon Oct 6 12:33:14 UTC 2014 - [email protected] + +- Fixed PRI DoS vulnerability patch (CVE-2014-3683,bnc#899756) + [* rsyslog-7.4.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch] +- Removed broken, unsupported and dropped by upstream zpipe utility + from rsyslog-diag-tools package (bnc#890228) + +------------------------------------------------------------------- +Mon Sep 29 09:22:15 UTC 2014 - [email protected] + +- Remote syslog PRI DoS vulnerability fix (CVE-2014-3634,bnc#897262) + [+ rsyslog-7.4.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch] + +------------------------------------------------------------------- +Wed Sep 17 11:28:48 UTC 2014 - [email protected] + +- added template file for fast firewall config + +------------------------------------------------------------------- +Fri Aug 22 14:37:57 UTC 2014 - [email protected] + +- Stop syslog.socket in %preun to avoid the daemon we uninstall + gets started by a log message due to dependencies (bnc#840815). + +------------------------------------------------------------------- +Wed Dec 11 22:53:14 UTC 2013 - [email protected] + +- update to 7.4.7 [v7.4-stable] [bnc#855058] +- bugfix: limiting queue disk space did not work properly +- bugfix: linux kernel-like ratelimiter did not work properly with all + inputs (for example, it did not work with imdup). +- bugfix: disk queues created files in wrong working directory +- bugfix: legacy directive $ActionQueueWorkerThreads was not honored +- bugfix: segfault on startup when certain script constructs are used + e.g. "if not $msg ..." +- bugfix: imuxsock: UseSysTimeStamp config parameter did not work correctly +- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work +- improved checking of queue config parameters on startup +- bugfix: call to ruleset with async queue did not use the queue +- bugfix: if imtcp is loaded and no listeners are configured (which is + uncommon), rsyslog crashes during shutdown. + +------------------------------------------------------------------- +Mon Nov 4 20:18:45 UTC 2013 - [email protected] + +- update to 7.4.6 [v7.4-stable] [bnc#848574] + Fixes various segfault, memory leak and buffer overrun fixes and + a selection of application bugs + - bugfix: potential abort during HUP + - bugfix: imtcp flowControl parameter incorrectly defaulted to "off" + - now requires libestr 0.1.9 for number handling in RainerScript + - bugfix: memory leak in strlen() RainerScript function + - bugfix: buffer overrun if re_extract function was called for submatch 50 + - bugfix: memleak in re_extract() function + - bugfix: potential abort in RainerScript optimizer + - bugfix: memory leak in omhiredis + - bugfix: segfault if variable was assigned to non-container subtree +- also contains changes from 7.4.5 + - mmanon: removed the check for specific "terminator characters" + - omelasticsearch: add failed.httprequests stats counter + - bugfix: invalid property filter was not properly disabled in ruleset + - bugfix: segfault if re_extract() function was used and no match found + - bugfix: potential misadressing on startup if property-filter was used + - bugfix: omelasticsearch: correct failed.http stats counter + - bugfix: omelasticsearch: did not correctly initialize stats counters + - bugfix: omelasticsearch: failed.es counter was only maintained in bulk mode + - bugfix: mmanon did not detect all IP addresses in rewrite mode + - bugfix: mmanon sometimes used invalid replacement char in simple mode + - bugfix: memory leak in mmnormalize + - bugfix: array-based ==/!= comparisions lead to invalid results + - bugfix: omprog blocked signals to executed programs + - bugfix: doc: imuxsock legacy param $SystemLogSocketParseTrusted was + misspelled + - bugfix: imfile "facility" input parameter improperly handled + - bugfix: small memory leak in imfile when $ResetConfigVariables was used + - bugfix: segfault on startup if TLS was used but no CA cert set + - bugfix: segfault on startup if TCP TLS was used but no cert or key set + - bugfix: some more build problems with newer json-c versions + - bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled +- fix ppc build, add patch from upstream to fix build on platforms + without atomic instructions + rsyslog-7.4.6-omelasticsearch-atomic-instructions-ppc.patch +------------------------------------------------------------------- +Thu Sep 12 21:42:29 UTC 2013 - [email protected] + +- update to 7.4.4 [v7.4-stable] +- better error messages in GuardTime signature provider +- make rsyslog use the new json-c pkgconfig file if available +- bugfix: imfile parameter "persistStateInterval" was unusable + due to a case typo in imfile; work-around was to use legacy config +- bugfix: TLV16 flag encoding error in signature files from GT provider + This fixes a problem where the TLV16 flag was improperly encoded. + Unfortunately, existing files already have the bug and may not properly + be processed. The fix uses constants from the GuardTime API lib to + prevent such problems in the future. +- bugfix: slightly malformed SMTP handling in ommail +- bugfix: segfault in omprog if no template was provided (now dflt is used) +- bugfix: segfault in ompipe if no template was provided (now dflt is used) +- bugfix: segfault in omsnmp if no template was provided (now dflt is used) +- bugfix: some omsnmp optional config params were flagged as mandatory +- bugfix: segfault in omelasticsearch when resuming queued messages + after restarting Elasticsearch +- bugfix: imtcp addtlframedelimiter could not be set to zero +- doc bugfix: remove no-longer existing omtemplate from developer doc + was specifically mentioned as a sample for creating new plugins + +------------------------------------------------------------------- +Sat Jul 20 12:52:05 UTC 2013 - [email protected] + +- update to 7.4.3 [v7.4-stable] + - bugfix: memory leak if disk queues were used and json data + rresent + - bugfix: CEE/json data was lost during disk queue operation + - bugfix: potential segfault during startup on invalid config + - bugfix: 100% CPU utilization when DA queue became full + - bugfix: omlibdbi did not properly close connection on some + errors + - cosmetic bugfix: file name buffer was not freed on disk queue + destruction + +------------------------------------------------------------------- +Fri Jul 5 08:25:02 UTC 2013 - [email protected] + +- Update to 7.4.2 [v7.4-stable] (bnc#828140,CVE-2013-4758): + - bugfix: in RFC5425 TLS, multiple wildcards in auth could cause + segfault + - bugfix: RainerScript object required parameters were not properly + checked - this clould result to segfaults on startup if parameters + were missing. + - bugfix: double-free in omelasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 + a security advisory for this bug is available at: + http://www.lsexperts.de/advisories/lse-2013-07-03.txt + PLEASE NOTE: This issue only existed if omelasticsearch was used + in a non-default configuration, where the "errorfile" parameter + was specified. Without that parameter set, the bug could not be + triggered. Thanks to Markus Vervier and Marius Ionescu for providing + a detailled bug report. Special thanks to Markus for coordinating + his security advisory with us. + - bugfix: omrelp potential segfault at startup on invalid config + parameters + - bugfix: small memory leak when $uptime property was used + - bugfix: potential segfault on rsyslog termination in imudp + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=456 + - bugfix: lmsig_gt abort on invalid configuration parameters + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=448 + Thanks to Risto Laanoja for the patch. + - imtcp: fix typo in "listner" parameter, which is "listener" + Currently, both names are accepted. + - solved build problems on FreeBSD + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=457 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=458 + Thanks to Christiano for reproting and suggesting patches + - solved build problems on CENTOS5 + +------------------------------------------------------------------- +Wed Jun 26 10:48:34 UTC 2013 - [email protected] + +- Use --enable-cached-man-pages configure option on SLES-11, where + rst2man is not available and removed prebuilt man pages. + +------------------------------------------------------------------- +Sat Jun 22 20:54:14 UTC 2013 - [email protected] + +- update to 7.4.1 [v7.4-stable]: + - imjournal: add ratelimiting capability + - bugfix imzmq3: potential segfault on startup +- includes changes from 7.4.0 [v7.4-stable]: + - doc bugfix: ReadMode wrong in imfile doc, two values were swapped + - imjournal: no longer do periodic wakeup + - bugfix: potential hang *in debug mode* on rsyslogd termination + - bugfix: $template statement with multiple spaces lead to invalid tpl name + - 0mq fixes +- includes changes from version 7.3.15 + - bugfix: problem in build system (especially when cross-compiling) + - bugfix: imjournal had problem with systemd journal API change + - imjournal: now obtain and include PID + - bugfix: .logsig files had tlv16 indicator bit at wrong offset + - bugfix: omrelp legacy config parameters set a timeout of zero + which lead the legacy config to be unusable. + - bugfix: segfault on startup if a disk queue was configure without file + name + - bugfix: invalid addressing in string class (recent regression) +- packaging changes: + - rebase rsyslog-unit.patch + - move libee/liblognorm dependencies to mmnormalize conditional + +------------------------------------------------------------------- +Fri Jun 14 04:17:57 UTC 2013 - [email protected] + +- Required version of pkgconfig(relp) is >= 1.0.3 +- Requires version of libsystemd-journal is >= 197 +- Notify systemd on sucessful startup of the daemon to avoid + confusing behaviour such as : + http://lists.opensuse.org/opensuse/2013-06/msg00603.html + ++++ 1183 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.rsyslog.3054.new/rsyslog.changes New: ---- rsyslog-7.4.6-omelasticsearch-atomic-instructions-ppc.patch rsyslog-7.4.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch rsyslog-7.4.7.tar.gz rsyslog-service-prepare.in rsyslog-unit.patch rsyslog.changes rsyslog.conf.in rsyslog.d.remote.conf.in rsyslog.firewall rsyslog.spec rsyslog.sysconfig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsyslog.spec ++++++ ++++ 1039 lines (skipped) ++++++ rsyslog-7.4.6-omelasticsearch-atomic-instructions-ppc.patch ++++++ From: Rainer Gerhards <[email protected]> Date: Fri, 18 Oct 2013 05:11:44 +0000 (+0200) Subject: bugfix: omelasticsearch did not compile on platforms without atomic instructions X-Git-Url: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff_plain;h=16207e3d55ac6bb15af6d50791d2c7462816de57 References: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=16207e3d55ac6bb15af6d50791d2c7462816de57#patch2 Fixes build on ppc. [ 249s] In file included from ../../runtime/prop.h:25:0, [ 249s] from ../../runtime/glbl.h:35, [ 249s] from ../../runtime/stream.h:70, [ 249s] from ../../runtime/obj.h:48, [ 249s] from ../../runtime/rsyslog.h:525, [ 249s] from omelasticsearch.c:26: [ 249s] omelasticsearch.c: In function 'curlPost': [ 249s] omelasticsearch.c:611:39: error: 'mutHTTPReqFail' undeclared (first use in this function) [ 249s] STATSCOUNTER_INC(indexHTTPReqFail, mutHTTPReqFail); and similar --- plugins/omelasticsearch/omelasticsearch.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) Index: rsyslog-7.4.6/plugins/omelasticsearch/omelasticsearch.c =================================================================== --- rsyslog-7.4.6.orig/plugins/omelasticsearch/omelasticsearch.c 2013-10-29 15:08:48.000000000 +0000 +++ rsyslog-7.4.6/plugins/omelasticsearch/omelasticsearch.c 2013-11-04 20:00:38.000000000 +0000 @@ -608,7 +608,7 @@ curlPost(instanceData *pData, uchar *mes case CURLE_COULDNT_RESOLVE_PROXY: case CURLE_COULDNT_CONNECT: case CURLE_WRITE_ERROR: - STATSCOUNTER_INC(indexHTTPReqFail, mutHTTPReqFail); + STATSCOUNTER_INC(indexHTTPReqFail, mutIndexHTTPReqFail); indexHTTPFail += nmsgs; DBGPRINTF("omelasticsearch: we are suspending ourselfs due " "to failure %lld of curl_easy_perform()\n", @@ -1001,16 +1001,16 @@ CODEmodInit_QueryRegCFSLineHdlr /* support statistics gathering */ CHKiRet(statsobj.Construct(&indexStats)); CHKiRet(statsobj.SetName(indexStats, (uchar *)"omelasticsearch")); - STATSCOUNTER_INIT(indexSubmit, mutCtrIndexSubmit); + STATSCOUNTER_INIT(indexSubmit, mutIndexSubmit); CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"submitted", ctrType_IntCtr, &indexSubmit)); - STATSCOUNTER_INIT(indexHTTPFail, mutCtrIndexHTTPFail); + STATSCOUNTER_INIT(indexHTTPFail, mutIndexHTTPFail); CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.http", ctrType_IntCtr, &indexHTTPFail)); - STATSCOUNTER_INIT(indexHTTPReqFail, mutCtrIndexHTTPReqFail); + STATSCOUNTER_INIT(indexHTTPReqFail, mutIndexHTTPReqFail); CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.httprequests", ctrType_IntCtr, &indexHTTPReqFail)); - STATSCOUNTER_INIT(indexESFail, mutCtrIndexESFail); + STATSCOUNTER_INIT(indexESFail, mutIndexESFail); CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.es", ctrType_IntCtr, &indexESFail)); CHKiRet(statsobj.ConstructFinalize(indexStats)); ++++++ rsyslog-7.4.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch ++++++ >From e898a8abc0f0412e0fb4b8574caf5c161def1445 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <[email protected]> Date: Mon, 29 Sep 2014 10:45:08 +0200 Subject: [PATCH] Remote PRI DoS vulnerability fix backport (CVE-2014-3683) References: CVE-2014-3683, CVE-2014-3634, bnc#899756, bnc#897262 Upstream: yes A backport of v7-stable patch by Rainer Gerhards <[email protected]>. --- grammar/rainerscript.h | 2 +- plugins/imfile/imfile.c | 4 +-- plugins/imklog/imklog.c | 6 ++-- plugins/imkmsg/imkmsg.c | 2 +- plugins/imsolaris/imsolaris.c | 4 +-- plugins/imuxsock/imuxsock.c | 6 ++-- runtime/msg.c | 43 +++++++++++++++++----------- runtime/parser.c | 8 +++--- runtime/rsyslog.h | 65 ++++++++++++++++++++++++++++++++++--------- runtime/srutils.c | 1 + runtime/syslogd-types.h | 5 +--- runtime/typedefs.h | 4 +++ tools/syslogd.c | 6 ++-- 13 files changed, 104 insertions(+), 52 deletions(-) diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h index 0657330..02aad22 100644 --- a/grammar/rainerscript.h +++ b/grammar/rainerscript.h @@ -5,10 +5,10 @@ #include <typedefs.h> #include <sys/types.h> #include <regex.h> +#include "rsyslog.h" #include "typedefs.h" -#define LOG_NFACILITIES 24 /* current number of syslog facilities */ #define CNFFUNC_MAX_ARGS 32 /**< maximum number of arguments that any function can have (among * others, this is used to size data structures). diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c index 9c824c1..5e46ff0 100644 --- a/plugins/imfile/imfile.c +++ b/plugins/imfile/imfile.c @@ -188,8 +188,8 @@ static rsRetVal enqLine(fileInfo_t *pInfo, cstr_t *cstrLine) MsgSetMSGoffs(pMsg, 0); /* we do not have a header... */ MsgSetHOSTNAME(pMsg, glbl.GetLocalHostName(), ustrlen(glbl.GetLocalHostName())); MsgSetTAG(pMsg, pInfo->pszTag, pInfo->lenTag); - pMsg->iFacility = LOG_FAC(pInfo->iFacility); - pMsg->iSeverity = LOG_PRI(pInfo->iSeverity); + pMsg->iFacility = pri2fac(pInfo->iFacility); + pMsg->iSeverity = pri2sev(pInfo->iSeverity); MsgSetRuleset(pMsg, pInfo->pRuleset); ratelimitAddMsg(pInfo->ratelimiter, &pInfo->multiSub, pMsg); finalize_it: diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c index 810ac26..4a76340 100644 --- a/plugins/imklog/imklog.c +++ b/plugins/imklog/imklog.c @@ -21,7 +21,7 @@ * To test under Linux: * echo test1 > /dev/kmsg * - * Copyright (C) 2008-2012 Adiscon GmbH + * Copyright (C) 2008-2014 Adiscon GmbH * * This file is part of rsyslog. * @@ -247,10 +247,10 @@ rsRetVal Syslog(int priority, uchar *pMsg, struct timeval *tp) /* if we don't get the pri, we use whatever we were supplied */ /* ignore non-kernel messages if not permitted */ - if(cs.bPermitNonKernel == 0 && LOG_FAC(priority) != LOG_KERN) + if(cs.bPermitNonKernel == 0 && pri2fac(priority) != LOG_KERN) FINALIZE; /* silently ignore */ - iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", LOG_FAC(priority), LOG_PRI(priority), tp); + iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", pri2fac(priority), pri2sev(priority), tp); finalize_it: RETiRet; diff --git a/plugins/imkmsg/imkmsg.c b/plugins/imkmsg/imkmsg.c index 2a97f82..8588223 100644 --- a/plugins/imkmsg/imkmsg.c +++ b/plugins/imkmsg/imkmsg.c @@ -144,7 +144,7 @@ rsRetVal imkmsgLogIntMsg(int priority, char *fmt, ...) rsRetVal Syslog(int priority, uchar *pMsg, struct timeval *tp, struct json_object *json) { DEFiRet; - iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", LOG_FAC(priority), LOG_PRI(priority), tp, json); + iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", pri2fac(priority), pri2sev(priority), tp, json); RETiRet; } diff --git a/plugins/imsolaris/imsolaris.c b/plugins/imsolaris/imsolaris.c index a220e72..36677e7 100644 --- a/plugins/imsolaris/imsolaris.c +++ b/plugins/imsolaris/imsolaris.c @@ -209,8 +209,8 @@ readLog(int fd, uchar *pRcv, int iMaxLine) MsgSetInputName(pMsg, pInputName); MsgSetRawMsg(pMsg, (char*)pRcv, strlen((char*)pRcv)); MsgSetHOSTNAME(pMsg, glbl.GetLocalHostName(), ustrlen(glbl.GetLocalHostName())); - pMsg->iFacility = LOG_FAC(hdr.pri); - pMsg->iSeverity = LOG_PRI(hdr.pri); + pMsg->iFacility = pri2fac(hdr.pri); + pMsg->iSeverity = pri2sev(hdr.pri); pMsg->msgFlags = NEEDS_PARSING | NO_PRI_IN_RAW; CHKiRet(submitMsg(pMsg)); } diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c index df504dd..0cb9e95 100644 --- a/plugins/imuxsock/imuxsock.c +++ b/plugins/imuxsock/imuxsock.c @@ -6,7 +6,7 @@ * * File begun on 2007-12-20 by RGerhards (extracted from syslogd.c) * - * Copyright 2007-2013 Rainer Gerhards and Adiscon GmbH. + * Copyright 2007-2014 Rainer Gerhards and Adiscon GmbH. * * This file is part of rsyslog. * @@ -776,8 +776,8 @@ SubmitMsg(uchar *pRcv, int lenRcv, lstn_t *pLstn, struct ucred *cred, struct tim ++parse; ++offs; } - facil = LOG_FAC(pri); - sever = LOG_PRI(pri); + facil = pri2fac(pri); + sever = pri2sev(pri); findRatelimiter(pLstn, cred, &ratelimiter); /* ignore error, better so than others... */ diff --git a/runtime/msg.c b/runtime/msg.c index 10ecf48..a6f65da 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -90,7 +90,7 @@ static char *two_digits[100] = { static struct { uchar *pszName; short lenName; -} syslog_pri_names[192] = { +} syslog_pri_names[200] = { { UCHAR_CONSTANT("0"), 3}, { UCHAR_CONSTANT("1"), 3}, { UCHAR_CONSTANT("2"), 3}, @@ -282,22 +282,30 @@ static struct { { UCHAR_CONSTANT("188"), 5}, { UCHAR_CONSTANT("189"), 5}, { UCHAR_CONSTANT("190"), 5}, - { UCHAR_CONSTANT("191"), 5} + { UCHAR_CONSTANT("191"), 5}, + { UCHAR_CONSTANT("192"), 5}, + { UCHAR_CONSTANT("193"), 5}, + { UCHAR_CONSTANT("194"), 5}, + { UCHAR_CONSTANT("195"), 5}, + { UCHAR_CONSTANT("196"), 5}, + { UCHAR_CONSTANT("197"), 5}, + { UCHAR_CONSTANT("198"), 5}, + { UCHAR_CONSTANT("199"), 5} }; static char hexdigit[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; /*syslog facility names (as of RFC5424) */ -static char *syslog_fac_names[24] = { "kern", "user", "mail", "daemon", "auth", "syslog", "lpr", +static char *syslog_fac_names[LOG_NFACILITIES] = { "kern", "user", "mail", "daemon", "auth", "syslog", "lpr", "news", "uucp", "cron", "authpriv", "ftp", "ntp", "audit", "alert", "clock", "local0", "local1", "local2", "local3", - "local4", "local5", "local6", "local7" }; + "local4", "local5", "local6", "local7", "invld" }; /* length of the facility names string (for optimizatiions) */ -static short len_syslog_fac_names[24] = { 4, 4, 4, 6, 4, 6, 3, +static short len_syslog_fac_names[LOG_NFACILITIES] = { 4, 4, 4, 6, 4, 6, 3, 4, 4, 4, 8, 3, 3, 5, 5, 5, 6, 6, 6, 6, - 6, 6, 6, 6 }; + 6, 6, 6, 6, 5 }; /* table of severity names (in numerical order)*/ static char *syslog_severity_names[8] = { "emerg", "alert", "crit", "err", "warning", "notice", "info", "debug" }; @@ -307,8 +315,8 @@ static short len_syslog_severity_names[8] = { 5, 5, 4, 3, 7, 6, 4, 5 }; * and facility values to a numerical string... -- rgerhars, 2009-06-17 */ -static char *syslog_number_names[24] = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", - "15", "16", "17", "18", "19", "20", "21", "22", "23" }; +static char *syslog_number_names[LOG_NFACILITIES] = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", + "15", "16", "17", "18", "19", "20", "21", "22", "23", "24" }; /* global variables */ #if defined(HAVE_MALLOC_TRIM) && !defined(HAVE_ATOMIC_BUILTINS) @@ -678,8 +686,8 @@ static inline rsRetVal msgBaseConstruct(msg_t **ppThis) pM->flowCtlType = 0; pM->bParseSuccess = 0; pM->iRefCount = 1; - pM->iSeverity = -1; - pM->iFacility = -1; + pM->iSeverity = LOG_DEBUG; + pM->iFacility = LOG_INVLD; pM->iLenPROGNAME = -1; pM->offAfterPRI = 0; pM->offMSG = -1; @@ -1499,7 +1507,10 @@ uchar *getMSG(msg_t *pM) /* Get PRI value as integer */ static int getPRIi(msg_t *pM) { - return (pM->iFacility << 3) + (pM->iSeverity); + int pri = (pM->iFacility << 3) + (pM->iSeverity); + if(pri > 191) + pri = LOG_PRI_INVLD; + return pri; } @@ -2442,11 +2453,11 @@ void MsgSetRawMsgWOSize(msg_t *pMsg, char* pszRawMsg) char *textpri(char *pRes, int pri) { assert(pRes != NULL); - memcpy(pRes, syslog_fac_names[LOG_FAC(pri)], len_syslog_fac_names[LOG_FAC(pri)]); - pRes[len_syslog_fac_names[LOG_FAC(pri)]] = '.'; - memcpy(pRes+len_syslog_fac_names[LOG_FAC(pri)]+1, - syslog_severity_names[LOG_PRI(pri)], - len_syslog_severity_names[LOG_PRI(pri)]+1 /* for \0! */); + memcpy(pRes, syslog_fac_names[pri2fac(pri)], len_syslog_fac_names[pri2fac(pri)]); + pRes[len_syslog_fac_names[pri2fac(pri)]] = '.'; + memcpy(pRes+len_syslog_fac_names[pri2fac(pri)]+1, + syslog_severity_names[pri2sev(pri)], + len_syslog_severity_names[pri2sev(pri)]+1 /* for \0! */); return pRes; } diff --git a/runtime/parser.c b/runtime/parser.c index 74b28f4..0161727 100644 --- a/runtime/parser.c +++ b/runtime/parser.c @@ -468,11 +468,11 @@ ParsePRI(msg_t *pMsg) } if(*msg == '>') ++msg; - if(pri & ~(LOG_FACMASK|LOG_PRIMASK)) - pri = DEFUPRI; + if(pri > LOG_MAXPRI) + pri = LOG_PRI_INVLD; } - pMsg->iFacility = LOG_FAC(pri); - pMsg->iSeverity = LOG_PRI(pri); + pMsg->iFacility = pri2fac(pri); + pMsg->iSeverity = pri2sev(pri); MsgSetAfterPRIOffs(pMsg, msg - pMsg->pszRawMsg); } RETiRet; diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index e62ba86..2fad28f 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -3,7 +3,7 @@ * * Begun 2005-09-15 RGerhards * - * Copyright (C) 2005-2013 by Rainer Gerhards and Adiscon GmbH + * Copyright (C) 2005-2014 by Rainer Gerhards and Adiscon GmbH * * This file is part of the rsyslog runtime library. * @@ -76,19 +76,58 @@ * # End Config Settings # * * ############################################################# */ -/* portability: not all platforms have these defines, so we - * define them here if they are missing. -- rgerhards, 2008-03-04 +/* make sure we uses consistent macros, no matter what the + * platform gives us. */ -#ifndef LOG_MAKEPRI -# define LOG_MAKEPRI(fac, pri) (((fac) << 3) | (pri)) -#endif -#ifndef LOG_PRI -# define LOG_PRI(p) ((p) & LOG_PRIMASK) -#endif -#ifndef LOG_FAC -# define LOG_FAC(p) (((p) & LOG_FACMASK) >> 3) -#endif - +#define LOG_NFACILITIES 24+1 /* plus one for our special "invld" facility! */ +#define LOG_MAXPRI 191 /* highest supported valid PRI value --> RFC3164, RFC5424 */ +#undef LOG_MAKEPRI +#define LOG_PRI_INVLD LOG_INVLD|LOG_DEBUG /* PRI is invalid --> special "invld.=debug" PRI code (rsyslog-specific) */ + +#define LOG_EMERG 0 /* system is unusable */ +#define LOG_ALERT 1 /* action must be taken immediately */ +#define LOG_CRIT 2 /* critical conditions */ +#define LOG_ERR 3 /* error conditions */ +#define LOG_WARNING 4 /* warning conditions */ +#define LOG_NOTICE 5 /* normal but significant condition */ +#define LOG_INFO 6 /* informational */ +#define LOG_DEBUG 7 /* debug-level messages */ + +#define LOG_KERN (0<<3) /* kernel messages */ +#define LOG_USER (1<<3) /* random user-level messages */ +#define LOG_MAIL (2<<3) /* mail system */ +#define LOG_DAEMON (3<<3) /* system daemons */ +#define LOG_AUTH (4<<3) /* security/authorization messages */ +#define LOG_SYSLOG (5<<3) /* messages generated internally by syslogd */ +#define LOG_LPR (6<<3) /* line printer subsystem */ +#define LOG_NEWS (7<<3) /* network news subsystem */ +#define LOG_UUCP (8<<3) /* UUCP subsystem */ +#define LOG_CRON (9<<3) /* clock daemon */ +#define LOG_AUTHPRIV (10<<3) /* security/authorization messages (private) */ +#define LOG_FTP (11<<3) /* ftp daemon */ +#define LOG_LOCAL0 (16<<3) /* reserved for local use */ +#define LOG_LOCAL1 (17<<3) /* reserved for local use */ +#define LOG_LOCAL2 (18<<3) /* reserved for local use */ +#define LOG_LOCAL3 (19<<3) /* reserved for local use */ +#define LOG_LOCAL4 (20<<3) /* reserved for local use */ +#define LOG_LOCAL5 (21<<3) /* reserved for local use */ +#define LOG_LOCAL6 (22<<3) /* reserved for local use */ +#define LOG_LOCAL7 (23<<3) /* reserved for local use */ +#define LOG_FAC_INVLD 24 +#define LOG_INVLD (LOG_FAC_INVLD<<3) /* invalid facility/PRI code */ + +/* we need to use a function to avoid side-effects. This MUST guard + * against invalid facility values. rgerhards, 2014-09-16 + */ +static inline int pri2fac(const int pri) +{ + unsigned int fac = pri >> 3; + return (fac > 23) ? LOG_FAC_INVLD : fac; +} +static inline int pri2sev(const int pri) +{ + return pri & 0x07; +} /* the rsyslog core provides information about present feature to plugins * asking it. Below are feature-test macros which must be used to query diff --git a/runtime/srutils.c b/runtime/srutils.c index 6a509b4..4f9f6c1 100644 --- a/runtime/srutils.c +++ b/runtime/srutils.c @@ -103,6 +103,7 @@ syslogName_t syslogFacNames[] = { {"local5", LOG_LOCAL5}, {"local6", LOG_LOCAL6}, {"local7", LOG_LOCAL7}, + {"invld", LOG_INVLD}, {NULL, -1}, }; diff --git a/runtime/syslogd-types.h b/runtime/syslogd-types.h index 6947a11..2f1addd 100644 --- a/runtime/syslogd-types.h +++ b/runtime/syslogd-types.h @@ -4,7 +4,7 @@ * * File begun on 2007-07-13 by RGerhards (extracted from syslogd.c) * - * Copyright 2007-2012 Adiscon GmbH. + * Copyright 2007-2014 Adiscon GmbH. * * This file is part of the rsyslog runtime library. * @@ -27,9 +27,6 @@ #include "stringbuf.h" #include <sys/param.h> -#if HAVE_SYSLOG_H -#include <syslog.h> -#endif /* we use RSTRUE/FALSE to prevent name claches with other packages */ #define RSFALSE 0 diff --git a/runtime/typedefs.h b/runtime/typedefs.h index d3f68b4..6d5f1cd 100644 --- a/runtime/typedefs.h +++ b/runtime/typedefs.h @@ -209,6 +209,10 @@ struct multi_submit_s { msg_t **ppMsgs; }; +/* some forward-definitions from the grammar */ +struct nvlst; +struct cnfobj; + #endif /* multi-include protection */ /* vim:set ai: */ diff --git a/tools/syslogd.c b/tools/syslogd.c index a8a733d..23f6192 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -459,8 +459,8 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags) pszTag[32] = '\0'; /* just to make sure... */ MsgSetTAG(pMsg, pszTag, len); } - pMsg->iFacility = LOG_FAC(pri); - pMsg->iSeverity = LOG_PRI(pri); + pMsg->iFacility = pri2fac(pri); + pMsg->iSeverity = pri2sev(pri); flags |= INTERNAL_MSG; pMsg->msgFlags = flags; @@ -473,7 +473,7 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags) * supressor statement. */ if(((Debug == DEBUG_FULL || !doFork) && ourConf->globals.bErrMsgToStderr) || iConfigVerify) { - if(LOG_PRI(pri) == LOG_ERR) + if(pri2sev(pri) == LOG_ERR) fprintf(stderr, "rsyslogd: %s\n", msg); } -- 2.1.0 ++++++ rsyslog-service-prepare.in ++++++ #!/bin/sh test -s "/etc/sysconfig/syslog" && \ . "/etc/sysconfig/syslog" run_dir="RUN_DIR" cfg_file="ADDITIONAL_SOCKETS" umask 0022 /bin/mkdir -p -m 0755 "${run_dir}" # # Prepare include with sockets in chroot's # > "${cfg_file}" for variable in ${!SYSLOGD_ADDITIONAL_SOCKET*}; do eval value=\$$variable test -z "$value" && continue test -d "${value%/*}" || continue echo "\$AddUnixListenSocket $value" done >> "${cfg_file}" # # make sure xconsole exists and is a pipe # if test -e /dev/xconsole -a ! -p /dev/xconsole ; then /bin/rm -f /dev/xconsole fi if test ! -e /dev/xconsole ; then /bin/mknod -m 0600 /dev/xconsole p /bin/chown root:tty /dev/xconsole restorecon /dev/xconsole 2> /dev/null fi exit 0 ++++++ rsyslog-unit.patch ++++++ --- rsyslog.service.in | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) Index: rsyslog-7.4.1/rsyslog.service.in =================================================================== --- rsyslog-7.4.1.orig/rsyslog.service.in 2013-06-17 06:50:28.000000000 +0100 +++ rsyslog-7.4.1/rsyslog.service.in 2013-06-22 21:41:46.000000000 +0100 @@ -1,11 +1,18 @@ [Unit] Description=System Logging Service Requires=syslog.socket +Requires=var-run.mount +After=var-run.mount +Conflicts=syslog-ng.service syslogd.service [Service] Type=notify -ExecStart=@sbindir@/rsyslogd -n +ExecStart=@sbindir@/rsyslogd -n $RSYSLOGD_PARAMS StandardOutput=null +Environment=RSYSLOGD_PARAMS= +ExecStartPre=@sbindir@/rsyslog-service-prepare +EnvironmentFile=-/etc/sysconfig/syslog +ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target ++++++ rsyslog.conf.in ++++++ ## ## === When you're using remote logging, enable on-disk queues === ## === in rsyslog.d/remote.conf. When neccesary also set the === ## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, === ## === e.g. when rsyslog has to receive on a specific IP only. === ## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote ## filesystem, except on newer systems where initrd mounts /usr. ## [The modules are linked against libraries installed bellow of ## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## # # if you experience problems, check # http://www.rsyslog.com/troubleshoot for assistance # and report them at http://bugzilla.novell.com/ # # since rsyslog v3: load input modules # If you do not load inputs, nothing happens! # provides --MARK-- message capability (every 1 hour) $ModLoad immark.so $MarkMessagePeriod 3600 # provides support for local system logging (e.g. via logger command) $ModLoad imuxsock.so # reduce dupplicate log messages (last message repeated n times) $RepeatedMsgReduction on # kernel logging (may be also provided by /sbin/klogd) # see also http://www.rsyslog.com/doc-imklog.html. $ModLoad imklog.so # set log level 1 (same as in /etc/sysconfig/syslog). $klogConsoleLogLevel 1 # Use rsyslog native, rfc5424 conform log format as default # ($ActionFileDefaultTemplate RSYSLOG_FileFormat). # # To change a single file to use obsolete BSD syslog format # (rfc 3164, no high-precision timestamps), set the variable # bellow or append ";RSYSLOG_FileFormat" to the filename. # See # http://www.rsyslog.com/doc/rsyslog_conf_templates.html # for more informations. # #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Include config generated by /etc/init.d/syslog script # using the SYSLOGD_ADDITIONAL_SOCKET* variables in the # /etc/sysconfig/syslog file. # $IncludeConfig ADDITIONAL_SOCKETS # # Include config files, that the admin provided? : # $IncludeConfig ETC_RSYSLOG_D_GLOB ### # print most important on tty10 and on the xconsole pipe # if ( \ /* kernel up to warning except of firewall */ \ ($syslogfacility-text == 'kern') and \ ($syslogseverity <= 4 /* warning */ ) and not \ ($msg contains 'IN=' and $msg contains 'OUT=') \ ) or ( \ /* up to errors except of facility authpriv */ \ ($syslogseverity <= 3 /* errors */ ) and not \ ($syslogfacility-text == 'authpriv') \ ) \ then /dev/tty10 & |/dev/xconsole # Emergency messages to everyone logged on (wall) *.emerg :omusrmsg:* # enable this, if you want that root is informed # immediately, e.g. of logins #*.alert root # # firewall messages into separate file and stop their further processing # if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') \ then -/var/log/firewall & stop # # acpid messages into separate file and stop their further processing # # => all acpid messages for debuging (uncomment if needed): #if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \ # -/var/log/acpid # # => up to notice (skip info and debug) if ($programname == 'acpid' or $syslogtag == '[acpid]:') and \ ($syslogseverity <= 5 /* notice */) \ then -/var/log/acpid & stop # # NetworkManager into separate file and stop their further processing # if ($programname == 'NetworkManager') or \ ($programname startswith 'nm-') \ then -/var/log/NetworkManager & stop # # email-messages # mail.* -/var/log/mail mail.info -/var/log/mail.info mail.warning -/var/log/mail.warn mail.err /var/log/mail.err # # news-messages # news.crit -/var/log/news/news.crit news.err -/var/log/news/news.err news.notice -/var/log/news/news.notice # enable this, if you want to keep all news messages # in one file #news.* -/var/log/news.all # # Warnings in one file # *.=warning;*.=err -/var/log/warn *.crit /var/log/warn # # the rest in one file # *.*;mail.none;news.none -/var/log/messages # # enable this, if you want to keep all messages # in one file #*.* -/var/log/allmessages # # Some foreign boot scripts require local7 # local0.*;local1.* -/var/log/localmessages local2.*;local3.* -/var/log/localmessages local4.*;local5.* -/var/log/localmessages local6.*;local7.* -/var/log/localmessages ### ++++++ rsyslog.d.remote.conf.in ++++++ ## ## === When you're using remote logging, enable on-disk queues === ## === in rsyslog.d/remote.conf. When neccesary also set the === ## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, === ## === e.g. when rsyslog has to receive on a specific IP only. === ## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote ## filesystem, except on newer systems where initrd mounts /usr. ## [The modules are linked against libraries installed bellow of ## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## # ######### Enable On-Disk queues for remote logging ########## # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. # #$WorkDirectory RSYSLOG_SPOOL_DIR # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # ######### Sending Messages to Remote Hosts ########## # Remote Logging using TCP for reliable delivery # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host # Remote Logging using UDP # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @remote-host # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API (if compiled to support it) #$ModLoad imtcp.so # load module ##$UDPServerAddress 10.10.0.1 # force to listen on this IP only, ## # needs SYSLOG_REQUIRES_NETWORK=yes. #$InputTCPServerRun <port> # Starts a TCP server on selected port # UDP Syslog Server: #$ModLoad imudp.so # provides UDP syslog reception ##$UDPServerAddress 10.10.0.1 # force to listen on this IP only, ## # needs SYSLOG_REQUIRES_NETWORK=yes. #$UDPServerRun 514 # start a UDP syslog server at standard port 514 ########### Encrypting Syslog Traffic with TLS ########## # -- TLS Syslog Server: ## make gtls driver the default #$DefaultNetstreamDriver gtls # ## certificate files #$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem #$DefaultNetstreamDriverCertFile ETC_RSYSLOG_D_DIR/server_cert.pem #$DefaultNetstreamDriverKeyFile ETC_RSYSLOG_D_DIR/server_key.pem # #$ModLoad imtcp # load TCP listener # #$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode #$InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated #$InputTCPServerRun 10514 # start up listener at port 10514 # # -- TLS Syslog Client: ## certificate files - just CA for a client #$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem # ## set up the action #$DefaultNetstreamDriver gtls # use gtls netstream driver #$ActionSendStreamDriverMode 1 # require TLS for the connection #$ActionSendStreamDriverAuthMode anon # server is NOT authenticated #*.* @@(o)server.example.net:10514 # send (all) messages ++++++ rsyslog.firewall ++++++ # Do not edit this file as it's just a template and will be # overwritten on package updates! Copy to a new file instead. # Fill in the required variables and delete the unused ones. # If in doubt ask [email protected] # # Only the variables TCP, UDP, RPC, IP, BROADCAST, RELATED and # MODULES are allowed. More may be supported in the future. # # For a more detailed description of the individual variables see # the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2 # ## Name: Syslog Server ## Description: Opens ports to accept remote syslog clients. # space separated list of allowed TCP ports TCP="" # space separated list of allowed UDP ports UDP="syslog" # space separated list of allowed RPC services RPC="" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP ports that accept broadcasts BROADCAST="" ### variables below are only needed in very special cases # space separated list of net,protocol[,sport[,dport]] # see FW_SERVICES_ACCEPT_RELATED_EXT # net 0/0 means IPv4 and IPv6. If this sevice should only work for # IPv4 use 0.0.0.0/0 RELATED="" # additional kernel modules needed for this service # see FW_LOAD_MODULES MODULES="" ++++++ rsyslog.sysconfig ++++++ ## Type: string ## Default: "" ## Config: "" ## ServiceRestart: syslog # # Parameters for rsyslogd, except of the version compatibility (-c) # and the config file (-f), because they're used by sysconfig and # earlysysconfig init scripts. # # See also the RSYSLOGD_COMPAT_VERSION variable in this file, the # documentation provided in /usr/share/doc/packages/rsyslog/doc by # the rsyslog-doc package and the rsyslogd(8) and rsyslog.conf(5) # manual pages. # RSYSLOGD_PARAMS="" -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
