Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi Release Team, I would like to update syslog-ng from 3.19.1-3 to 3.19-5 which means two debdiffs. The first one is very small, adding a configuration entry which is chosen automatically but with a warning issued. Explicitly adding the configuration prevents that extra message issued. The second one contains several security fixes backported from stable upstream releases. Just to be sure, I let it age a week. Thanks for consideration, Laszlo/GCS
diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog --- syslog-ng-3.19.1/debian/changelog 2019-02-04 18:47:26.000000000 +0000 +++ syslog-ng-3.19.1/debian/changelog 2019-04-22 11:02:19.000000000 +0000 @@ -1,3 +1,9 @@ +syslog-ng (3.19.1-4) unstable; urgency=medium + + * Add dns_cache(no) to options (closes: #922524). + + -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 22 Apr 2019 11:02:19 +0000 + syslog-ng (3.19.1-3) unstable; urgency=medium * Correct syslog-ng-mod-examples description (closes: #920846). diff -Nru syslog-ng-3.19.1/debian/syslog-ng.conf syslog-ng-3.19.1/debian/syslog-ng.conf --- syslog-ng-3.19.1/debian/syslog-ng.conf 2018-12-25 09:40:28.000000000 +0000 +++ syslog-ng-3.19.1/debian/syslog-ng.conf 2019-04-22 11:02:19.000000000 +0000 @@ -6,8 +6,8 @@ # First, set some global options. options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); - owner("root"); group("adm"); perm(0640); stats_freq(0); - bad_hostname("^gconfd$"); + dns_cache(no); owner("root"); group("adm"); perm(0640); + stats_freq(0); bad_hostname("^gconfd$"); }; ########################
diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog --- syslog-ng-3.19.1/debian/changelog 2019-04-22 11:02:19.000000000 +0000 +++ syslog-ng-3.19.1/debian/changelog 2019-05-19 11:03:30.000000000 +0000 @@ -1,3 +1,22 @@ +syslog-ng (3.19.1-5) unstable; urgency=high + + * Backport security fixes: + - fix app-parser() per reload memory leak, + - logger: fix leaking file handlers, + - DNS memory leak/segfault fix, + - cmake: add missing detection for O_LARGEFILE, + - threaded-dest: fix integer overflow, + - threaded-dest: move last_worker to DestDriver, + - cmake: fix typo in HAVE_STRNLEN, + - http: add missing free for self->body_template, + - test_pathutils: fix leak, + - test_file_list: fix leak, + - template: tf_simple_func_prepare leak fix, + - gorupingby: fix memory leak, + - groupingby: fix invalid memory access. + + -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 19 May 2019 11:03:30 +0000 + syslog-ng (3.19.1-4) unstable; urgency=medium * Add dns_cache(no) to options (closes: #922524). diff -Nru syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch --- syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,93 @@ +From 8400d4aa419a9fe818d09c0a1fbfff173dbaff38 Mon Sep 17 00:00:00 2001 +From: Balazs Scheidler <balazs.scheidler@oneidentity.com> +Date: Tue, 18 Dec 2018 09:52:50 +0100 +Subject: [PATCH] cfg-block: make CfgBlockGenerator instances refcounted + +Sometimes CfgBlock instances are constructed every time they are +referenced (e.g. app-parser() in its construct method), in other cases +the same generator instance is returned (e.g. those created by +block {} statements). + +The shared ones were properly freed, but the dynamic kind were not. + +This patch adds reference counting, the followup patch will fix the leak. + +Signed-off-by: Balazs Scheidler <balazs.scheidler@oneidentity.com> +--- + lib/cfg-block-generator.c | 19 +++++++++++++++---- + lib/cfg-block-generator.h | 4 +++- + lib/cfg-lexer.c | 2 +- + 3 files changed, 19 insertions(+), 6 deletions(-) + +diff --git a/lib/cfg-block-generator.c b/lib/cfg-block-generator.c +index 292094cb6a..c096fd38d5 100644 +--- a/lib/cfg-block-generator.c ++++ b/lib/cfg-block-generator.c +@@ -51,6 +51,7 @@ cfg_block_generator_generate(CfgBlockGenerator *self, GlobalConfig *cfg, CfgArgs + void + cfg_block_generator_init_instance(CfgBlockGenerator *self, gint context, const gchar *name) + { ++ self->ref_cnt = 1; + self->context = context; + self->name = g_strdup(name); + self->format_name = cfg_block_generator_format_name_method; +@@ -63,10 +64,20 @@ cfg_block_generator_free_instance(CfgBlockGenerator *self) + g_free(self->name); + } + ++CfgBlockGenerator * ++cfg_block_generator_ref(CfgBlockGenerator *self) ++{ ++ self->ref_cnt++; ++ return self; ++} ++ + void +-cfg_block_generator_free(CfgBlockGenerator *self) ++cfg_block_generator_unref(CfgBlockGenerator *self) + { +- if (self->free_fn) +- self->free_fn(self); +- g_free(self); ++ if (--self->ref_cnt == 0) ++ { ++ if (self->free_fn) ++ self->free_fn(self); ++ g_free(self); ++ } + } +diff --git a/lib/cfg-block-generator.h b/lib/cfg-block-generator.h +index f835179d8e..a2717703d7 100644 +--- a/lib/cfg-block-generator.h ++++ b/lib/cfg-block-generator.h +@@ -41,6 +41,7 @@ + typedef struct _CfgBlockGenerator CfgBlockGenerator; + struct _CfgBlockGenerator + { ++ gint ref_cnt; + gint context; + gchar *name; + gboolean suppress_backticks; +@@ -60,7 +61,8 @@ gboolean cfg_block_generator_generate(CfgBlockGenerator *self, GlobalConfig *cfg + const gchar *reference); + void cfg_block_generator_init_instance(CfgBlockGenerator *self, gint context, const gchar *name); + void cfg_block_generator_free_instance(CfgBlockGenerator *self); +-void cfg_block_generator_free(CfgBlockGenerator *self); ++CfgBlockGenerator *cfg_block_generator_ref(CfgBlockGenerator *self); ++void cfg_block_generator_unref(CfgBlockGenerator *self); + + + #endif +diff --git a/lib/cfg-lexer.c b/lib/cfg-lexer.c +index cf8a2df6b3..6b7854f284 100644 +--- a/lib/cfg-lexer.c ++++ b/lib/cfg-lexer.c +@@ -739,7 +739,7 @@ _generator_plugin_free(Plugin *s) + { + GeneratorPlugin *self = (GeneratorPlugin *) s; + +- cfg_block_generator_free(self->gen); ++ cfg_block_generator_unref(self->gen); + g_free((gchar *) self->super.name); + g_free(s); + } diff -Nru syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch --- syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,38 @@ +From 1e819fc4b09afca2bf2ff13af5b001f6201f419a Mon Sep 17 00:00:00 2001 +From: Balazs Scheidler <balazs.scheidler@oneidentity.com> +Date: Tue, 18 Dec 2018 09:53:26 +0100 +Subject: [PATCH] cfg-lexer: fix memory leak for dynamically allocated + CfgBlockGenerators + +This should fix a memory leak for app-parser() if that is found in the +configuration. + +Signed-off-by: Balazs Scheidler <balazs.scheidler@oneidentity.com> +--- + lib/cfg-lexer.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/lib/cfg-lexer.c b/lib/cfg-lexer.c +index 6b7854f284..020607caa7 100644 +--- a/lib/cfg-lexer.c ++++ b/lib/cfg-lexer.c +@@ -731,7 +731,7 @@ _generator_plugin_construct(Plugin *s) + { + GeneratorPlugin *self = (GeneratorPlugin *) s; + +- return self->gen; ++ return cfg_block_generator_ref(self->gen); + } + + static void +@@ -1023,7 +1023,9 @@ cfg_lexer_preprocess(CfgLexer *self, gint tok, YYSTYPE *yylval, YYLTYPE *yylloc) + self->cfg && + (gen = cfg_lexer_find_generator(self, self->cfg, cfg_lexer_get_context_type(self), yylval->cptr))) + { +- if (!cfg_lexer_parse_and_run_block_generator(self, gen, yylval)) ++ gboolean success = cfg_lexer_parse_and_run_block_generator(self, gen, yylval); ++ cfg_block_generator_unref(gen); ++ if (!success) + return CLPR_ERROR; + + return CLPR_LEX_AGAIN; diff -Nru syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch --- syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,31 @@ +From c2010b41253bf46c6d4493233e50b5f0cf1dc478 Mon Sep 17 00:00:00 2001 +From: Andras Mitzki <andras.mitzki@balabit.com> +Date: Thu, 10 Jan 2019 10:03:16 +0100 +Subject: [PATCH] Logger: Fix leaking file handlers + +Signed-off-by: Andras Mitzki <andras.mitzki@balabit.com> +--- + tests/pytest_framework/src/logger/logger.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/tests/pytest_framework/src/logger/logger.py b/tests/pytest_framework/src/logger/logger.py +index 8a1732bef1..3b4a1e9105 100644 +--- a/tests/pytest_framework/src/logger/logger.py ++++ b/tests/pytest_framework/src/logger/logger.py +@@ -29,12 +29,15 @@ + class Logger(logging.Logger): + def __init__(self, logger_name, report_file, loglevel, use_console_handler=True, use_file_handler=True): + super(Logger, self).__init__(logger_name, loglevel) +- self.handlers = [] + if use_console_handler: + self.__set_console_handler() + if use_file_handler: + self.__set_file_handler(file_path=report_file) + ++ def __del__(self): ++ for open_handler in self.handlers: ++ open_handler.close() ++ + def __set_file_handler(self, file_path=None): + # FileHandler can work only with string representation of file_path + file_handler = logging.FileHandler(str(file_path)) diff -Nru syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch --- syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,34 @@ +From 36e8af654182533cee52995a96023ff17b895bff Mon Sep 17 00:00:00 2001 +From: Naveen Revanna <raveenr@gmail.com> +Date: Thu, 17 Jan 2019 01:47:53 -0800 +Subject: [PATCH] afsocket: Fix to prevent accessing freed up memory. + +dest_addr and bind_addr pointers hold an address that was freed up. This results in access violation. This fix adds NULL to those pointers. + +Signed-off-by: Naveen Revanna <nrevanna@purestorage.com> +--- + modules/afsocket/afinet-dest.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/modules/afsocket/afinet-dest.c b/modules/afsocket/afinet-dest.c +index 231d5e6bb5..9eb5da269a 100644 +--- a/modules/afsocket/afinet-dest.c ++++ b/modules/afsocket/afinet-dest.c +@@ -243,6 +243,8 @@ static gboolean + _setup_bind_addr(AFInetDestDriver *self) + { + g_sockaddr_unref(self->super.bind_addr); ++ self->super.bind_addr = NULL; ++ + if (!resolve_hostname_to_sockaddr(&self->super.bind_addr, self->super.transport_mapper->address_family, self->bind_ip)) + return FALSE; + +@@ -256,6 +258,8 @@ static gboolean + _setup_dest_addr(AFInetDestDriver *self) + { + g_sockaddr_unref(self->super.dest_addr); ++ self->super.dest_addr = NULL; ++ + if (!resolve_hostname_to_sockaddr(&self->super.dest_addr, self->super.transport_mapper->address_family, + _afinet_dd_get_hostname(self))) + return FALSE; diff -Nru syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch --- syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,46 @@ +From 997d1eb069301d0c0dc8ce78a98133c0acb11153 Mon Sep 17 00:00:00 2001 +From: Antal Nemes <antal.nemes@balabit.com> +Date: Wed, 23 Jan 2019 16:19:35 +0100 +Subject: [PATCH] cmake: add missing detection for O_LARGEFILE + +Signed-off-by: Antal Nemes <antal.nemes@balabit.com> +--- + CMakeLists.txt | 8 ++++++++ + syslog-ng-config.h.in | 1 + + 2 files changed, 9 insertions(+) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 1e099f3991..9a0f3cd101 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -73,6 +73,7 @@ include(GenerateYFromYm) + include(CheckStructHasMember) + + add_definitions(-D_GNU_SOURCE=1) ++add_definitions(-D_LARGEFILE64_SOURCE=1) + + include(CheckSockaddrStorage) + if (HAVE_STRUCT_SOCKADDR_STORAGE) +@@ -92,6 +93,13 @@ if (ENABLE_IPV6) + set(SYSLOG_NG_ENABLE_IPV6 ${HAVE_IPV6}) + endif() + ++set(CMAKE_REQUIRED_DEFINITIONS "-D_LARGEFILE64_SOURCE=1") ++set(CMAKE_EXTRA_INCLUDE_FILES "fcntl.h") ++check_type_size(O_LARGEFILE O_LARGEFILE) ++if (HAVE_O_LARGEFILE) ++ set(SYSLOG_NG_HAVE_O_LARGEFILE 1) ++endif() ++ + check_symbol_exists(strtoll stdlib.h SYSLOG_NG_HAVE_STRTOLL) + check_symbol_exists(strnlen string.h SYSLOG_NG_HAVE_STRNLEN) + check_symbol_exists(strtok_r string.h SYSLOG_NG_HAVE_STRTOK_R) +diff --git a/syslog-ng-config.h.in b/syslog-ng-config.h.in +index 465b7a3622..81e046c25f 100644 +--- a/syslog-ng-config.h.in ++++ b/syslog-ng-config.h.in +@@ -60,3 +60,4 @@ + #cmakedefine01 SYSLOG_NG_HAVE_INOTIFY + #cmakedefine01 SYSLOG_NG_HAVE_GETRANDOM + #cmakedefine01 SYSLOG_NG_USE_CONST_IVYKIS_MOCK ++#cmakedefine01 SYSLOG_NG_HAVE_O_LARGEFILE diff -Nru syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch --- syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,27 @@ +From 742a16f5f11f34fa32423bd9b960da7023bdd24e Mon Sep 17 00:00:00 2001 +From: Attila Szakacs <attila.szakacs@balabit.com> +Date: Thu, 24 Jan 2019 16:12:01 +0100 +Subject: [PATCH] threaded-dest: Fix integer overflow + +A negative number's modulo will be negative, which in our +case pointed to a negative entry of the workers array, +causing segfault. + +Signed-off-by: Attila Szakacs <attila.szakacs@balabit.com> +--- + lib/logthrdestdrv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/logthrdestdrv.c b/lib/logthrdestdrv.c +index 8e8dff6c4b..e160e972fc 100644 +--- a/lib/logthrdestdrv.c ++++ b/lib/logthrdestdrv.c +@@ -857,7 +857,7 @@ log_threaded_dest_driver_set_max_retries(LogDriver *s, gint max_retries) + LogThreadedDestWorker * + _lookup_worker(LogThreadedDestDriver *self, LogMessage *msg) + { +- static gint last_worker = 0; ++ static guint last_worker = 0; + + gint worker_index = last_worker % self->num_workers; + last_worker++; diff -Nru syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch --- syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,53 @@ +From c4157dede3f082c7805c0a7a5f4971b69514e198 Mon Sep 17 00:00:00 2001 +From: Attila Szakacs <attila.szakacs@balabit.com> +Date: Fri, 25 Jan 2019 09:02:28 +0100 +Subject: [PATCH] threaded-dest: move last_worker to DestDriver + +Before this, `last_worker` was a static variable, which meant, +if we had two http destinations, one message sent to the +first would step the current worker in the second causing +uneven load between the workers. + +Signed-off-by: Attila Szakacs <attila.szakacs@balabit.com> +--- + lib/logthrdestdrv.c | 7 +++---- + lib/logthrdestdrv.h | 1 + + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/logthrdestdrv.c b/lib/logthrdestdrv.c +index e160e972fc..e55f362248 100644 +--- a/lib/logthrdestdrv.c ++++ b/lib/logthrdestdrv.c +@@ -857,10 +857,8 @@ log_threaded_dest_driver_set_max_retries(LogDriver *s, gint max_retries) + LogThreadedDestWorker * + _lookup_worker(LogThreadedDestDriver *self, LogMessage *msg) + { +- static guint last_worker = 0; +- +- gint worker_index = last_worker % self->num_workers; +- last_worker++; ++ gint worker_index = self->last_worker % self->num_workers; ++ self->last_worker++; + + /* here would come the lookup mechanism that maps msg -> worker that doesn't exist yet. */ + return self->workers[worker_index]; +@@ -1038,6 +1036,7 @@ log_threaded_dest_driver_init_instance(LogThreadedDestDriver *self, GlobalConfig + self->batch_lines = -1; + self->batch_timeout = -1; + self->num_workers = 1; ++ self->last_worker = 0; + + self->retries_max = MAX_RETRIES_OF_FAILED_INSERT_DEFAULT; + self->lock = g_mutex_new(); +diff --git a/lib/logthrdestdrv.h b/lib/logthrdestdrv.h +index b1c87ecd28..394fc9e89f 100644 +--- a/lib/logthrdestdrv.h ++++ b/lib/logthrdestdrv.h +@@ -117,6 +117,7 @@ struct _LogThreadedDestDriver + LogThreadedDestWorker **workers; + gint num_workers; + gint workers_started; ++ guint last_worker; + + gint stats_source; + diff -Nru syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch --- syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,31 @@ +From 8082c33d3340018edbb7356441cf5301ae0b2ef9 Mon Sep 17 00:00:00 2001 +From: Antal Nemes <antal.nemes@balabit.com> +Date: Fri, 25 Jan 2019 09:26:11 +0100 +Subject: [PATCH] cmake: fix typo in HAVE_STRNLEN + +Signed-off-by: Antal Nemes <antal.nemes@balabit.com> +--- + syslog-ng-config.h.in | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/syslog-ng-config.h.in b/syslog-ng-config.h.in +index 8eec0a15e5..952c22abb2 100644 +--- a/syslog-ng-config.h.in ++++ b/syslog-ng-config.h.in +@@ -27,7 +27,7 @@ + #cmakedefine01 SYSLOG_NG_ENABLE_IPV6 + #cmakedefine01 SYSLOG_NG_HAVE_GETADDRINFO + #cmakedefine01 SYSLOG_NG_HAVE_GETNAMEINFO +-#cmakedefine01 SYSLOG_NG_HAVE_STRNLNE ++#cmakedefine01 SYSLOG_NG_HAVE_STRNLEN + #cmakedefine01 SYSLOG_NG_ENABLE_LINUX_CAPS + #cmakedefine01 SYSLOG_NG_ENABLE_MEMTRACE + #cmakedefine01 SYSLOG_NG_ENABLE_TCP_WRAPPER +@@ -44,7 +44,6 @@ + #cmakedefine SYSLOG_NG_ENABLE_IPV6 @SYSLOG_NG_ENABLE_IPV6@ + #cmakedefine SYSLOG_NG_HAVE_GETADDRINFO @SYSLOG_NG_HAVE_GETADDRINFO@ + #cmakedefine SYSLOG_NG_HAVE_GETNAMEINFO @SYSLOG_NG_HAVE_GETNAMEINFO@ +-#cmakedefine SYSLOG_NG_HAVE_STRNLEN @SYSLOG_NG_HAVE_STRNLEN@ + #cmakedefine SYSLOG_NG_JAVA_MODULE_PATH "@SYSLOG_NG_JAVA_MODULE_PATH@" + #cmakedefine SYSLOG_NG_ENABLE_DEBUG @SYSLOG_NG_ENABLE_DEBUG@ + #cmakedefine SYSLOG_NG_ENABLE_FORCED_SERVER_MODE @SYSLOG_NG_ENABLE_FORCED_SERVER_MODE@ diff -Nru syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch --- syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,22 @@ +From 9632eb8584f791b9ea508ac006a1501875c88b30 Mon Sep 17 00:00:00 2001 +From: Antal Nemes <antal.nemes@balabit.com> +Date: Tue, 19 Feb 2019 14:17:46 +0100 +Subject: [PATCH] http: add missing free for self->body_template + +Signed-off-by: Antal Nemes <antal.nemes@balabit.com> +--- + modules/http/http.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/http/http.c b/modules/http/http.c +index e734d0fb8f..2582df270d 100644 +--- a/modules/http/http.c ++++ b/modules/http/http.c +@@ -339,6 +339,7 @@ http_dd_free(LogPipe *s) + g_string_free(self->delimiter, TRUE); + g_string_free(self->body_prefix, TRUE); + g_string_free(self->body_suffix, TRUE); ++ log_template_unref(self->body_template); + + curl_global_cleanup(); + diff -Nru syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch --- syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,33 @@ +From 76a79cf25ab1bbb011284c4bd50320385b3280c7 Mon Sep 17 00:00:00 2001 +From: Kokan <kokaipeter@gmail.com> +Date: Thu, 21 Feb 2019 12:06:52 +0100 +Subject: [PATCH] test_pathutils: fix leak + +Signed-off-by: Kokan <kokaipeter@gmail.com> +--- + lib/tests/test_pathutils.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/lib/tests/test_pathutils.c b/lib/tests/test_pathutils.c +index 5fe660762b..5662846381 100644 +--- a/lib/tests/test_pathutils.c ++++ b/lib/tests/test_pathutils.c +@@ -66,9 +66,15 @@ Test(test_pathutils, test_is_file_device) + + Test(test_pathutils, test_find_file_in_path) + { +- cr_assert_str_eq(find_file_in_path("/dev", "null", G_FILE_TEST_EXISTS), "/dev/null", "wrong path returned)"); +- cr_assert_str_eq(find_file_in_path("/home:/dev:/root", "null", G_FILE_TEST_EXISTS), "/dev/null", +- "wrong path returned"); ++ gchar *file; ++ ++ file = find_file_in_path("/dev", "null", G_FILE_TEST_EXISTS); ++ cr_assert_str_eq(file, "/dev/null"); ++ g_free(file); ++ ++ file = find_file_in_path("/home:/dev:/root", "null", G_FILE_TEST_EXISTS); ++ cr_assert_str_eq(file, "/dev/null"); ++ g_free(file); + } + + Test(test_pathutils, test_get_filename_extension) diff -Nru syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch --- syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,22 @@ +From c70ae1a33543a9d9b61dcdf5446832e4d525db53 Mon Sep 17 00:00:00 2001 +From: Kokan <kokaipeter@gmail.com> +Date: Thu, 21 Feb 2019 12:39:46 +0100 +Subject: [PATCH] test_file_list: fix leak + +Signed-off-by: Kokan <kokaipeter@gmail.com> +--- + modules/affile/tests/test_file_list.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/affile/tests/test_file_list.c b/modules/affile/tests/test_file_list.c +index d98fe21b33..474958247c 100644 +--- a/modules/affile/tests/test_file_list.c ++++ b/modules/affile/tests/test_file_list.c +@@ -122,6 +122,7 @@ Test(hashed_queue, delete_non_existent) + + g_free(f1); + g_free(f2); ++ g_free(f3); + pending_file_list_free(queue); + } + diff -Nru syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch --- syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,29 @@ +From ac6385f23d494bd82a4cb508d0e5164ee3e830b6 Mon Sep 17 00:00:00 2001 +From: Kokan <kokaipeter@gmail.com> +Date: Thu, 21 Feb 2019 13:49:24 +0100 +Subject: [PATCH] template: tf_simple_func_prepare leak fix + +The state object had the array and the argc length, when the proper +cleanup function is called it checks the argc to free templates. + +Signed-off-by: Kokan <kokaipeter@gmail.com> +--- + lib/template/simple-function.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lib/template/simple-function.c b/lib/template/simple-function.c +index 5f788aed63..ffaa7b7c41 100644 +--- a/lib/template/simple-function.c ++++ b/lib/template/simple-function.c +@@ -55,7 +55,10 @@ tf_simple_func_prepare(LogTemplateFunction *self, gpointer s, LogTemplate *paren + state->argv_templates[i] = log_template_new(parent->cfg, NULL); + log_template_set_escape(state->argv_templates[i], parent->escape); + if (!log_template_compile(state->argv_templates[i], argv[i + 1], error)) +- goto error; ++ { ++ state->argc = i + 1; ++ goto error; ++ } + } + state->argc = argc - 1; + return TRUE; diff -Nru syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch --- syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,43 @@ +From ea62f400dd38db012ed01f16f85a4b928625fa4d Mon Sep 17 00:00:00 2001 +From: Antal Nemes <antal.nemes@balabit.com> +Date: Tue, 2 Apr 2019 10:24:20 +0200 +Subject: [PATCH] gorupingby: fix memory leak + +Due to missing unref, the filter expressions were leaked. +Also, init functions were not called either. + +Signed-off-by: Antal Nemes <antal.nemes@balabit.com> +--- + modules/dbparser/groupingby.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/modules/dbparser/groupingby.c b/modules/dbparser/groupingby.c +index a8509aad86..a96b9a68c1 100644 +--- a/modules/dbparser/groupingby.c ++++ b/modules/dbparser/groupingby.c +@@ -419,6 +419,14 @@ grouping_by_init(LogPipe *s) + self->tick.expires.tv_sec++; + self->tick.expires.tv_nsec = 0; + iv_timer_register(&self->tick); ++ ++ if (self->trigger_condition_expr && !filter_expr_init(self->trigger_condition_expr, cfg)) ++ return FALSE; ++ if (self->where_condition_expr && !filter_expr_init(self->where_condition_expr, cfg)) ++ return FALSE; ++ if (self->having_condition_expr && !filter_expr_init(self->having_condition_expr, cfg)) ++ return FALSE; ++ + return stateful_parser_init_method(s); + } + +@@ -463,6 +471,10 @@ grouping_by_free(LogPipe *s) + synthetic_message_free(self->synthetic_message); + timer_wheel_free(self->timer_wheel); + stateful_parser_free_method(s); ++ ++ filter_expr_unref(self->trigger_condition_expr); ++ filter_expr_unref(self->where_condition_expr); ++ filter_expr_unref(self->having_condition_expr); + } + + LogParser * diff -Nru syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch --- syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch 1970-01-01 00:00:00.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch 2019-05-19 11:03:30.000000000 +0000 @@ -0,0 +1,136 @@ +From 20926fb6ecd4ebfa8a36737cdbc7e8ae639fa085 Mon Sep 17 00:00:00 2001 +From: Antal Nemes <antal.nemes@balabit.com> +Date: Tue, 2 Apr 2019 19:56:34 +0200 +Subject: [PATCH] groupingby: fix invalid memory access + +There was an invalid memory access in groupingby. The TimerWheel +object stores all timers, however the individual timers are also +stored inside the contexts. + +The original code stores contexts in persist state, however the +timer_wheel is freed during reload. When the new config starts, and a +context is fetched, groupingby will access the already freed timer. + +This patch stores timerwheel in persist state too. + +Signed-off-by: Antal Nemes <antal.nemes@balabit.com> +--- + modules/dbparser/groupingby.c | 61 ++++++++++++++++++++++++++++------- + 1 file changed, 50 insertions(+), 11 deletions(-) + +diff --git a/modules/dbparser/groupingby.c b/modules/dbparser/groupingby.c +index a96b9a68c1..5a925c4347 100644 +--- a/modules/dbparser/groupingby.c ++++ b/modules/dbparser/groupingby.c +@@ -46,8 +46,22 @@ typedef struct _GroupingBy + FilterExprNode *having_condition_expr; + } GroupingBy; + ++typedef struct ++{ ++ CorrellationState *correllation; ++ TimerWheel *timer_wheel; ++} GroupingByPersistData; ++ + static NVHandle context_id_handle = 0; + ++static void ++_free_persist_data(GroupingByPersistData *self) ++{ ++ correllation_state_free(self->correllation); ++ timer_wheel_free(self->timer_wheel); ++ g_free(self); ++} ++ + void + grouping_by_set_key_template(LogParser *s, LogTemplate *key_template) + { +@@ -381,6 +395,25 @@ grouping_by_process(LogParser *s, LogMessage **pmsg, const LogPathOptions *path_ + return TRUE; + } + ++static void ++_load_correllation_state(GroupingBy *self, GlobalConfig *cfg) ++{ ++ GroupingByPersistData *persist_data = cfg_persist_config_fetch(cfg, grouping_by_format_persist_name(self)); ++ if (persist_data) ++ { ++ self->correllation = persist_data->correllation; ++ self->timer_wheel = persist_data->timer_wheel; ++ timer_wheel_set_associated_data(self->timer_wheel, log_pipe_ref((LogPipe *)self), (GDestroyNotify)log_pipe_unref); ++ } ++ else ++ { ++ self->correllation = correllation_state_new(); ++ self->timer_wheel = timer_wheel_new(); ++ timer_wheel_set_associated_data(self->timer_wheel, log_pipe_ref((LogPipe *)self), (GDestroyNotify)log_pipe_unref); ++ } ++ g_free(persist_data); ++} ++ + static gboolean + grouping_by_init(LogPipe *s) + { +@@ -406,11 +439,8 @@ grouping_by_init(LogPipe *s) + return FALSE; + } + +- self->correllation = cfg_persist_config_fetch(cfg, grouping_by_format_persist_name(self)); +- if (!self->correllation) +- { +- self->correllation = correllation_state_new(); +- } ++ _load_correllation_state(self, cfg); ++ + iv_validate_now(); + IV_TIMER_INIT(&self->tick); + self->tick.cookie = self; +@@ -430,6 +460,19 @@ grouping_by_init(LogPipe *s) + return stateful_parser_init_method(s); + } + ++static void ++_store_data_in_persist(GroupingBy *self, GlobalConfig *cfg) ++{ ++ GroupingByPersistData *persist_data = g_new0(GroupingByPersistData, 1); ++ persist_data->correllation = self->correllation; ++ persist_data->timer_wheel = self->timer_wheel; ++ ++ cfg_persist_config_add(cfg, grouping_by_format_persist_name(self), persist_data, ++ (GDestroyNotify) _free_persist_data, FALSE); ++ self->correllation = NULL; ++ self->timer_wheel = NULL; ++} ++ + static gboolean + grouping_by_deinit(LogPipe *s) + { +@@ -441,9 +484,8 @@ grouping_by_deinit(LogPipe *s) + iv_timer_unregister(&self->tick); + } + +- cfg_persist_config_add(cfg, grouping_by_format_persist_name(self), self->correllation, +- (GDestroyNotify) correllation_state_free, FALSE); +- self->correllation = NULL; ++ _store_data_in_persist(self, cfg); ++ + return stateful_parser_deinit_method(s); + } + +@@ -469,7 +511,6 @@ grouping_by_free(LogPipe *s) + log_template_unref(self->key_template); + if (self->synthetic_message) + synthetic_message_free(self->synthetic_message); +- timer_wheel_free(self->timer_wheel); + stateful_parser_free_method(s); + + filter_expr_unref(self->trigger_condition_expr); +@@ -490,8 +531,6 @@ grouping_by_new(GlobalConfig *cfg) + self->super.super.process = grouping_by_process; + g_static_mutex_init(&self->lock); + self->scope = RCS_GLOBAL; +- self->timer_wheel = timer_wheel_new(); +- timer_wheel_set_associated_data(self->timer_wheel, self, NULL); + cached_g_current_time(&self->last_tick); + self->timeout = -1; + return &self->super.super; diff -Nru syslog-ng-3.19.1/debian/patches/series syslog-ng-3.19.1/debian/patches/series --- syslog-ng-3.19.1/debian/patches/series 2018-12-25 09:40:28.000000000 +0000 +++ syslog-ng-3.19.1/debian/patches/series 2019-05-19 11:03:30.000000000 +0000 @@ -1,2 +1,16 @@ 0001-Remove-outdated-documentation.patch 0007-Ignore-PEP8-W504-warning.patch +0010-Fix_app-parser_per_reload_memory_leak_part1.patch +0011-Fix_app-parser_per_reload_memory_leak_part2.patch +0012-Fix_leaking_file_handlers.patch +0013-DNS_memory_leak_segfault_fix.patch +0014-cmake_add_missing_detection_for_O_LARGEFILE.patch +0015-threaded-dest_Fix_integer_overflow.patch +0016-threaded-dest_move_last_worker_to_DestDriver.patch +0017-cmake_fix_typo_in_HAVE_STRNLEN.patch +0018-http_add_missing_free_for_self-body_template.patch +0019-test_pathutils_fix_leak.patch +0020-test_file_list_fix_leak.patch +0021-template_tf_simple_func_prepare_leak_fix.patch +0022-gorupingby_fix_memory_leak.patch +0023-groupingby_fix_invalid_memory_access.patch