ultrabug 14/05/22 11:15:49
Added: rsyslog.initd-r1 bugfix_73.patch rsyslog.conf
rsyslog.confd-r1 50-default.conf README.gentoo
rsyslog.logrotate-r1 bugfix_52.patch
fix-omruleset-default-value.patch
Log:
version bump fix #501988 #501982 #501986 #490744 thx to @Whissi
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key
B658FA13)
Revision Changes Path
1.1 app-admin/rsyslog/files/7-stable/rsyslog.initd-r1
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1?rev=1.1&content-type=text/plain
Index: rsyslog.initd-r1
===================================================================
#!/sbin/runscript
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header:
/var/cvsroot/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1,v 1.1
2014/05/22 11:15:49 ultrabug Exp $
RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"}
RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"}
command="/usr/sbin/rsyslogd"
command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}"
start_stop_daemon_args="${RSYSLOG_SSDARGS}"
pidfile="${RSYSLOG_PIDFILE}"
retry="${RSYSLOG_TERMTIMEOUT}"
required_files=( "${RSYSLOG_CONFIGFILE}" )
description="RSYSLOG is the rocket-fast system for log processing (syslog
replacement)."
extra_commands="configtest"
extra_started_commands="rotate"
description_configtest="Run rsyslogd's internal config check."
description_rotate="Sends rsyslogd a signal to re-open its log files."
depend() {
need clock hostname localmount
provide logger
}
start_pre() {
if [ "${RC_CMD}" != "restart" ]; then
configtest || return 1
fi
}
stop_pre() {
if [ "${RC_CMD}" = "restart" ]; then
configtest || return 1
fi
}
stop_post() {
rm -f ${RSYSLOG_PIDFILE}
}
configtest() {
# This will currently only detect fatal errors
# See https://github.com/rsyslog/rsyslog/issues/79
local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}"
local _retval=0
ebegin "Checking rsyslogd's configuration"
${_test_command} &>/dev/null
_retval=$?
if [ ${_retval} -ne 0 ]; then
${_test_command}
fi
eend ${_retval} "failed, please correct errors above"
}
rotate() {
ebegin "Re-opening rsyslogd logs"
start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}"
eend $?
}
1.1 app-admin/rsyslog/files/7-stable/bugfix_73.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/bugfix_73.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/bugfix_73.patch?rev=1.1&content-type=text/plain
Index: bugfix_73.patch
===================================================================
This patch will update the pre-generated rscryutil man page from the release
tarball so we don't need to depend on dev-python/docutils.
https://github.com/rsyslog/rsyslog/issues/73
diff -rupN old/rsyslog-7.6.3/tools/rscryutil.1
new/rsyslog-7.6.3/tools/rscryutil.1
--- old/rsyslog-7.6.3/tools/rscryutil.1 2013-10-29 16:31:21.000000000 +0100
+++ new/rsyslog-7.6.3/tools/rscryutil.1 2014-05-03 20:41:46.143825094 +0200
@@ -1,4 +1,4 @@
-.\" Man page generated from reStructeredText.
+.\" Man page generated from reStructuredText.
.
.TH RSCRYUTIL 1 "2013-04-15" "" ""
.SH NAME
@@ -31,12 +31,16 @@ level margin: \\n[rst2man-indent\\n[rst2
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
+.INDENT 0.0
+.INDENT 3.5
.sp
.nf
.ft C
rscryutil [OPTIONS] [FILE] ...
.ft P
.fi
+.UNINDENT
+.UNINDENT
.SH DESCRIPTION
.sp
This tool performs various operations on encrypted log files.
@@ -44,46 +48,46 @@ Most importantly, it provides the abilit
.SH OPTIONS
.INDENT 0.0
.TP
-.B \-d, \-\-decrypt
+.B \-d\fP,\fB \-\-decrypt
Select decryption mode. This is the default mode.
.TP
-.BI \-W, \-\-write\-keyfile \ <file>
+.BI \-W\fP,\fB \-\-write\-keyfile \ <file>
Utility function to write a key to a keyfile. The key can be obtained
via any method.
.TP
-.B \-v, \-\-verbose
+.B \-v\fP,\fB \-\-verbose
Select verbose mode.
.TP
-.B \-f, \-\-force
+.B \-f\fP,\fB \-\-force
Forces operations that otherwise would fail.
.TP
-.BI \-k, \-\-keyfile \ <file>
+.BI \-k\fP,\fB \-\-keyfile \ <file>
Reads the key from <file>. File _must_ contain the key, only, no headers
or other meta information. Keyfiles can be generated via the
\fI\-\-write\-keyfile\fP option.
.TP
-.BI \-p, \-\-key\-program \ <path\-to\-program>
+.BI \-p\fP,\fB \-\-key\-program \ <path\-to\-program>
In this mode, the key is provided by a so\-called "key program". This program
is executed and must return the key to (as well as some meta information)
via stdout. The core idea of key programs is that using this interface the
user can implement as complex (and secure) method to obtain keys as
desired, all without the need to make modifications to rsyslog.
.TP
-.BI \-K, \-\-key \ <KEY>
+.BI \-K\fP,\fB \-\-key \ <KEY>
TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified
on the command line. This is the actual key, and as such this mode
is highly insecure. However, it can be useful for intial testing
steps. This option may be removed in the future.
.TP
-.BI \-a, \-\-algo \ <algo>
+.BI \-a\fP,\fB \-\-algo \ <algo>
Sets the encryption algorightm (cipher) to be used. See below
for supported algorithms. The default is "AES128".
.TP
-.BI \-m, \-\-mode \ <mode>
+.BI \-m\fP,\fB \-\-mode \ <mode>
Sets the ciphermode to be used. See below for supported modes.
The default is "CBC".
.TP
-.BI \-r, \-\-generate\-random\-key \ <bytes>
+.BI \-r\fP,\fB \-\-generate\-random\-key \ <bytes>
Generates a random key of length <bytes>. This option is
meant to be used together with \fI\-\-write\-keyfile\fP (and it is hard
to envision any other valid use for it).
@@ -97,7 +101,7 @@ multiple operations mode are set on the
unpredictable.
.SS decrypt
.sp
-The provided log files are decrypted. Note that the \fI.encinfo\fP side files
+The provided log files are decrypted. Note that the \fI\&.encinfo\fP side files
must exist and be accessible in order for decryption to to work.
.SS write\-keyfile
.sp
@@ -198,5 +202,4 @@ LGPLv2.
.SH AUTHOR
Rainer Gerhards <[email protected]>
.\" Generated by docutils manpage writer.
-.\"
.
1.1 app-admin/rsyslog/files/7-stable/rsyslog.conf
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.conf?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.conf?rev=1.1&content-type=text/plain
Index: rsyslog.conf
===================================================================
# /etc/rsyslog.conf
#
# This configuration is based on RainerScript, the new recommended syntax
# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
# details.
#
# But if you don't want to learn something new at moment, don't worry: The
# legacy syntax is still supported.
#
# You may want to use the new RSYSLOG configuration builder to create your
# own more advanced configuration:
http://www.rsyslog.com/rsyslog-configuration-builder/
# Check config syntax on startup and abort if unclean (default: off)
#$AbortOnUncleanConfig on
###############
### MODULES ###
###############
# Read syslog messages from default Unix socket /dev/log (e.g. via logger
command)
module(load="imuxsock")
# Read messages from the kernel log and submits them to the syslog engine
module(load="imklog")
# Inject "--MARK--" messages every $Interval (seconds)
#module(load="immark" Interval="600")
# Read syslog messages from UDP
#module(load="imudp")
#input(type="imudp" port="514")
# Read syslog messages from TCP
#module(load="imtcp")
#input(type="imtcp" port="514")
#########################
### GLOBAL DIRECTIVES ###
#########################
# Where to place spool and state files
$WorkDirectory /var/spool/rsyslog
# Reduce repeating messages (default: off)
#$RepeatedMsgReduction on
# Set defaults for every output file
$Umask 0022
module(
load="builtin:omfile"
Template="RSYSLOG_TraditionalFileFormat"
FileCreateMode="0644"
DirCreateMode="0755"
)
# Include all conf files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
1.1 app-admin/rsyslog/files/7-stable/rsyslog.confd-r1
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.confd-r1?rev=1.1&content-type=text/plain
Index: rsyslog.confd-r1
===================================================================
# /etc/conf.d/rsyslog
# Configuration file
RSYSLOG_CONFIGFILE="/etc/rsyslog.conf"
# PID file
# If you should ever change this, remember to update
# "/etc/logrotate.d/rsyslog", too.
RSYSLOG_PIDFILE="/run/rsyslogd.pid"
# You can use this configuration option to pass additional options to the
# start-stop-daemon, see start-stop-daemon(8) for more details.
# Per default we wait 1000ms after we have started the service to ensure
# that the daemon is really up and running.
RSYSLOG_SSDARGS="--wait 1000"
# The termination timeout (start-stop-daemon parameter "retry") ensures
# that the service will be terminated within a given time (60 + 5 seconds
# per default) when you are stopping the service.
# You need to increase the value when you are working with a large queue.
# See http://www.rsyslog.com/doc/queues.html for further information.
RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5"
# Options to rsyslogd
# See rsyslogd(8) for more details
# Notes:
# * Do not specify another PIDFILE but use the variable above to change the
location
# * Do not specify another CONFIGFILE but use the variable above to change the
location
RSYSLOG_OPTS=""
1.1 app-admin/rsyslog/files/7-stable/50-default.conf
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/50-default.conf?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/50-default.conf?rev=1.1&content-type=text/plain
Index: 50-default.conf
===================================================================
#######################
### DEFAULT ACTIONS ###
#######################
auth,authpriv.* action(
type="omfile"
File="/var/log/auth.log"
FileCreateMode="0600"
FileOwner="root"
FileGroup="adm"
Sync="off"
)
cron.* action(
type="omfile"
File="/var/log/cron.log"
FileOwner="root"
FileGroup="adm"
)
daemon.* action(
type="omfile"
File="/var/log/daemon.log"
FileOwner="root"
FileGroup="adm"
)
kern.* action(
type="omfile"
File="/var/log/kern.log"
FileOwner="root"
FileGroup="adm"
)
lpr.* action(
type="omfile"
File="/var/log/lpr.log"
FileOwner="root"
FileGroup="adm"
)
mail.* action(
type="omfile"
File="/var/log/mail.log"
FileOwner="root"
FileGroup="adm"
)
news.* action(
type="omfile"
File="/var/log/news.log"
FileOwner="root"
FileGroup="adm"
)
user.* action(
type="omfile"
File="/var/log/user.log"
FileOwner="root"
FileGroup="adm"
)
*.=debug;auth,authpriv,news,mail.none action(
type="omfile"
File="/var/log/debug.log"
FileOwner="root"
FileGroup="adm"
)
*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
type="omfile"
File="/var/log/messages"
FileOwner="root"
FileGroup="adm"
)
# Uncomment the following directive to re-enable the
# deprecated "/var/log/syslog" log file (don't forget to re-enable log
# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
#*.*;auth,authpriv.none action(
# type="omfile"
# File="/var/log/syslog"
# FileOwner="root"
# FileGroup="adm"
#)
*.emerg action(
type="omusrmsg"
Users="*"
action.execOnlyOnceEveryInterval="10"
)
# Create an additional socket for the default chroot location
# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
input(type="imuxsock" Socket="/var/empty/dev/log")
1.1 app-admin/rsyslog/files/7-stable/README.gentoo
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/README.gentoo?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/README.gentoo?rev=1.1&content-type=text/plain
Index: README.gentoo
===================================================================
Introduction
============
Since rsyslog version 7.6 we are shipping a new default Gentoo
configuration. See bug #501982 to learn more about what we were trying to
achieve by rewriting the entire configuration.
Important changes
=================
1. "/var/log/syslog" log file is now deprecated
Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no
longer being written per default. We are considering this file as
deprecated/obsolet for the typical user/system.
The content from this log file is still availble through other
(dedicated) log files, see
- /var/log/cron.log
- /var/log/daemon.log
- /var/log/mail.log
- /var/log/messages
If you really need the old "/var/log/syslog" log file, all you have to
do is uncommenting the corresponding configuration directive in
"/etc/rsyslog.d/50-default.conf".
If you do so, don't forget to re-enable log rotation in
"/etc/logrotate.d/rsyslog", too.
2. An additional input socket in "/var/empty/dev/log" (default chroot
location) will be created per default
See bug #490744 for further details.
1.1 app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.logrotate-r1?rev=1.1&content-type=text/plain
Index: rsyslog.logrotate-r1
===================================================================
# Uncomment the following directive if you have re-enabled
# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf"
#/var/log/syslog
#{
# rotate 7
# daily
# missingok
# notifempty
# delaycompress
# compress
# postrotate
# test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid)
&>/dev/null
# endscript
#}
/var/log/auth.log
/var/log/cron.log
/var/log/daemon.log
/var/log/kern.log
/var/log/lpr.log
/var/log/mail.log
/var/log/news.log
/var/log/user.log
/var/log/debug.log
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid)
&>/dev/null
endscript
}
1.1 app-admin/rsyslog/files/7-stable/bugfix_52.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/bugfix_52.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/bugfix_52.patch?rev=1.1&content-type=text/plain
Index: bugfix_52.patch
===================================================================
>From b017e29aad70702c69e6016b07a932b7825a83e5 Mon Sep 17 00:00:00 2001
From: Thomas D <[email protected]>
Date: Sat, 3 May 2014 14:45:25 +0200
Subject: [PATCH] Remove "--enable-cached-man-pages" switch and make rst2man
optional when required man pages already exist
This commit backports the bugfix for issue #52 for the v7-stable branch.
---
configure.ac | 61 +++++++++++++++++++++++++++++++++++-------------------------
1 file changed, 36 insertions(+), 25 deletions(-)
diff --git a/configure.ac b/configure.ac
index 0dd40c2..07d96dd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1087,30 +1087,6 @@ fi
AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes)
-# Support using cached man file copies, to avoid the need for rst2man
-# in the build environment
-AC_ARG_ENABLE(cached_man_pages,
- [AS_HELP_STRING([--enable-cached-man-pages],[Enable using cached
versions of man files (avoid rst2man) @<:@default=no@:>@])],
- [case "${enableval}" in
- yes) enable_cached_man_pages="yes" ;;
- no) enable_cached_man_pages="no" ;;
- *) AC_MSG_ERROR(bad value ${enableval} for
--enable-cached-man-pages) ;;
- esac],
- [enable_cached_man_pages=no]
-)
-if test "x$enable_cached_man_pages" = "xno"; then
-# obtain path for rst2man
- if test "x$enable_libgcrypt" = "xyes" || \
- test "x$enable_guardtime" = "xyes"; then
- AC_PATH_PROG([RST2MAN], [rst2man])
- if test "x${RST2MAN}" == "x"; then
- AC_MSG_FAILURE([rst2man not found in PATH])
- fi
- fi
-fi
-
-
-
# RFC 3195 support
AC_ARG_ENABLE(rfc3195,
[AS_HELP_STRING([--enable-rfc3195],[Enable RFC3195 support
@<:@default=no@:>@])],
@@ -1519,6 +1495,41 @@ AM_CONDITIONAL(ENABLE_OMHIREDIS, test x$enable_omhiredis
= xyes)
# END HIREDIS SUPPORT
+
+AC_CHECKING([if required man pages already exist])
+have_to_generate_man_pages="no"
+
+# man pages for libgcrypt module
+if test "x$enable_usertools" = "xyes" && test "x$enable_libgcrypt" = "xyes";
then
+ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"],
+ [],
+ [have_to_generate_man_pages="yes"]
+ )
+fi
+
+# man pages for GuardTime module
+if test "x$enable_usertools" = "xyes" && test "x$enable_guardtime" = "xyes";
then
+ AC_CHECK_FILES(["tools/rscryutil.1" "tools/rsgtutil.1"],
+ [],
+ [have_to_generate_man_pages="yes"]
+ )
+fi
+
+if test "x$have_to_generate_man_pages" = "xyes"; then
+ AC_MSG_RESULT([Some man pages are missing. We need rst2man to generate the
missing man pages from source...])
+else
+ AC_MSG_RESULT([All required man pages found. We don't need rst2man!])
+fi
+
+if test "x$have_to_generate_man_pages" = "xyes"; then
+ # We need rst2man to generate our man pages
+ AC_CHECK_PROGS([RST2MAN], [rst2man rst2man.py], [])
+ if test -z "$RST2MAN"; then
+ AC_MSG_ERROR([rst2man is required to build man pages. You can use the
release tarball with pregenerated man pages to avoid this depedency.])
+ fi
+fi
+
+
AC_CONFIG_FILES([Makefile \
runtime/Makefile \
compat/Makefile \
@@ -1594,7 +1605,7 @@ echo " Zlib compression support enabled:
$enable_zlib"
echo " rsyslog runtime will be built: $enable_rsyslogrt"
echo " rsyslogd will be built: $enable_rsyslogd"
echo " GUI components will be built: $enable_gui"
-echo " cached man files will be used: $enable_cached_man_pages"
+echo " have to generate man pages:
$have_to_generate_man_pages"
echo " Unlimited select() support enabled: $enable_unlimited_select"
echo " uuid support enabled: $enable_uuid"
echo " Log file signing support: $enable_guardtime"
--
1.9.2
1.1
app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/fix-omruleset-default-value.patch?rev=1.1&content-type=text/plain
Index: fix-omruleset-default-value.patch
===================================================================
>From 14f3b45151864aa4170de515f406a69ad2931eba Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <[email protected]>
Date: Thu, 31 Oct 2013 18:21:47 +0100
Subject: [PATCH] module omruleset is no longer enabled by default.
Note that it has been deprecated in v7 and been replaced by the "call"
statement. Also, it can still be build without problems, the option must
just explicitely be given.
---
diff --git a/configure.ac b/configure.ac
index 3abd559..de4c3ea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1353,7 +1353,7 @@ AC_ARG_ENABLE(omruleset,
no) enable_omruleset="no" ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-omruleset) ;;
esac],
- [enable_omruleset=yes]
+ [enable_omruleset=no]
)
AM_CONDITIONAL(ENABLE_OMRULESET, test x$enable_omruleset = xyes)
--
1.9.1
