packages/rsyslog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 8.2210 version

Browse Source 
Signed-off-by: pengyi37 <pengyi37@huawei.com>
This commit is contained in:
pengyi37 2023-02-04 16:27:38 +08:00
parent 75bbb262f7
commit 5aabd9b744
27 changed files with 55 additions and 1757 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
backport-Deallocate-outchannel-resources-in-rsconf-destructor.patch
View File

@ -1,39 +0,0 @@
From 4fc5ed645a125661ce773ecf5376df5062305976 Mon Sep 17 00:00:00 2001
From: alakatos <alakatos@redhat.com>
Date: Tue, 30 Nov 2021 18:13:23 +0100
Subject: [PATCH] Deallocate outchannel resources in rsconf destructor
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/4fc5ed645a125661ce773ecf5376df5062305976
---
outchannel.c | 4 ++++
runtime/rsconf.c | 1 +
2 files changed, 5 insertions(+)
diff --git a/outchannel.c b/outchannel.c
index db78d93763..ba5809f4af 100644
--- a/outchannel.c
+++ b/outchannel.c
@@ -272,6 +272,10 @@ void ochDeleteAll(void)
pOch = pOch->pNext;
if(pOchDel->pszName != NULL)
free(pOchDel->pszName);
+ if(pOchDel->pszFileTemplate != NULL)
+ free(pOchDel->pszFileTemplate);
+ if(pOchDel->cmdOnSizeLimit != NULL)
+ free(pOchDel->cmdOnSizeLimit);
free(pOchDel);
}
}
diff --git a/runtime/rsconf.c b/runtime/rsconf.c
index 3042a16849..6eb7042526 100644
--- a/runtime/rsconf.c
+++ b/runtime/rsconf.c
@@ -240,6 +240,7 @@ CODESTARTobjDestruct(rsconf)
tplDeleteAll(pThis);
dynstats_destroyAllBuckets();
perctileBucketsDestruct();
+ ochDeleteAll();
free(pThis->globals.mainQ.pszMainMsgQFName);
free(pThis->globals.pszConfDAGFile);
lookupDestroyCnf();

29
backport-Fix-Segmentation-fault-in-close-journal.patch
View File

@ -1,29 +0,0 @@
From eab250be3701b6aa5ccc65f2f79fd5b41f08b2b2 Mon Sep 17 00:00:00 2001
From: "t.feng" <t.feng94@foxmail.com>
Date: Mon, 8 Aug 2022 11:36:59 +0800
Subject: [PATCH] Fix Segmentation fault in close journal
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/eab250be3701b6aa5ccc65f2f79fd5b41f08b2b2
---
plugins/imjournal/imjournal.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c
index 53034fe..6fb3b7a 100644
--- a/plugins/imjournal/imjournal.c
+++ b/plugins/imjournal/imjournal.c
@@ -1001,7 +1001,9 @@ CODESTARTafterRun
persistJournalState();
}
closeJournal();
- ratelimitDestruct(ratelimiter);
+ if (ratelimiter) {
+ ratelimitDestruct(ratelimiter);
+ }
ENDafterRun
--
2.23.0

32
backport-Fix-memory-leak-when-SetString.patch
View File

@ -1,32 +0,0 @@
From b3ba1d7280bab1b623e1b2aaf390bbae8aa8c484 Mon Sep 17 00:00:00 2001
From: seuzw930 <76191785+seuzw930@users.noreply.github.com>
Date: Sun, 14 Aug 2022 16:52:53 +0800
Subject: [PATCH] Fix memory leak when SetString
During SetString reassign to pThis->szVal.psz, pThis->szVal.psz might not null. It resulted in memory leak and this patch fixes this behaviour.
The problem is mentioned here:
https://github.com/rsyslog/rsyslog/issues/4961From f65b8860358b7aaca76d3abe086ac2bf80e2079b Mon Sep 17 00:00:00 2001
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/b3ba1d7280bab1b623e1b2aaf390bbae8aa8c484
---
runtime/prop.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/runtime/prop.c b/runtime/prop.c
index 866b691..c4de5d7 100644
--- a/runtime/prop.c
+++ b/runtime/prop.c
@@ -84,6 +84,9 @@ static rsRetVal SetString(prop_t *pThis, const uchar *psz, const int len)
if(len < CONF_PROP_BUFSIZE) {
memcpy(pThis->szVal.sz, psz, len + 1);
} else {
+ if(pThis->szVal.psz != NULL) {
+ free(pThis->szVal.psz);
+ }
CHKmalloc(pThis->szVal.psz = malloc(len + 1));
memcpy(pThis->szVal.psz, psz, len + 1);
}
--
2.27.0

50
backport-Fix-memory-leak-when-free-action-worker-data-table.patch
View File

@ -1,50 +0,0 @@
From 63e5d6845aedd649eee1f807e85784a066163ad0 Mon Sep 17 00:00:00 2001
From: seuzw930 <76191785+seuzw930@users.noreply.github.com>
Date: Mon, 18 Jul 2022 15:43:17 +0800
Subject: [PATCH] Fix memory leak when free action worker data table
During free action worker data table when action destruct, worker instance in worker data table were not null. It resulted in memory leak and this patch fixes this behaviour.
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/d59feba46b8d8c2c3c5c25c6fc6e99f93bdae8b9
---
action.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/action.c b/action.c
index e0d05ed..4cea500 100644
--- a/action.c
+++ b/action.c
@@ -326,6 +326,20 @@ actionResetQueueParams(void)
RETiRet;
}
+/* free action worker data table
+*/
+static void freeWrkrDataTable(action_t * const pThis)
+{
+ int freeSpot;
+ for(freeSpot = 0; freeSpot < pThis->wrkrDataTableSize; ++freeSpot) {
+ if(pThis->wrkrDataTable[freeSpot] != NULL) {
+ pThis->pMod->mod.om.freeWrkrInstance(pThis->wrkrDataTable[freeSpot]);
+ pThis->wrkrDataTable[freeSpot] = NULL;
+ }
+ }
+ free(pThis->wrkrDataTable);
+ return;
+}
/* destructs an action descriptor object
* rgerhards, 2007-08-01
@@ -363,7 +377,7 @@ rsRetVal actionDestruct(action_t * const pThis)
free(pThis->pszName);
free(pThis->ppTpl);
free(pThis->peParamPassing);
- free(pThis->wrkrDataTable);
+ freeWrkrDataTable(pThis);
finalize_it:
free(pThis);
--
2.33.0

29
backport-Fix-memory-leak-when-globally-de-initialize-GnuTLS.patch
View File

@ -1,29 +0,0 @@
From 81236d6ec506dd84c78e6c09fc39d5019ea483f2 Mon Sep 17 00:00:00 2001
From: seuzw930 <76191785+seuzw930@users.noreply.github.com>
Date: Thu, 7 Jul 2022 20:47:11 +0800
Subject: [PATCH] Fix memory leak when globally de-initialize GnuTLS
During globally de-initialize GnuTLS, server anon credentials and server DH parameters for anon mode were not null. It resulted in memory leak and this patch fixes this behaviour.
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/8e13d9d718d26b15263ecd53e26fed1a2af3f3e9
---
runtime/nsd_gtls.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 01b0ec6..8f13810 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -1307,6 +1307,8 @@ static rsRetVal
gtlsGlblExit(void)
{
DEFiRet;
+ gnutls_anon_free_server_credentials(anoncredSrv);
+ gnutls_dh_params_deinit(dh_params);
gnutls_global_deinit();
RETiRet;
}
--
2.33.0

35
backport-Fix-non-null-terminated-string-used-with-strlen.patch
View File

@ -1,35 +0,0 @@
From 6aeec7bf83135224400362598f0cc7ebef655195 Mon Sep 17 00:00:00 2001
From: David Buckley <davidbuckley@gambitresearch.com>
Date: Tue, 12 Apr 2022 17:38:49 +0100
Subject: [PATCH] Fix non-null-terminated-string used with strlen
The `failedmsg_entry` expects a null-terminated string in `key`, but
here we allocate with malloc and copy a string-with-length-n into only
the first n bytes. If the final byte is null, this is by coincidence
only.
We've observed this by means of seeing random binary data appended to
keys submitted to kafka apparently at random, and this looks like a
smoking gun.
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/2c8c9db065cef3b5086c90c3782ac48da40c8b2f
---
plugins/omkafka/omkafka.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/omkafka/omkafka.c b/plugins/omkafka/omkafka.c
index 850dfc0..e6cb2ea 100644
--- a/plugins/omkafka/omkafka.c
+++ b/plugins/omkafka/omkafka.c
@@ -350,6 +350,7 @@ const size_t msglen, const char *const topicname)
return NULL;
}
memcpy(etry->key, key, keylen);
+ etry->key[keylen] = '\0';
} else {
etry->key=NULL;
}
--
2.33.0

37
backport-Fixes-4395-by-correctly-checking-for-EPIPE.patch
View File

@ -1,37 +0,0 @@
From 640af90afaf13bef5a99a458ed8e862359588d8f Mon Sep 17 00:00:00 2001
From: Kailash Sethuraman <hsaliak@gmail.com>
Date: Thu, 13 Jan 2022 13:52:46 -0500
Subject: [PATCH] Fixes #4395 by correctly checking for EPIPE.
kmsg is a unique device, which can recover from EPIPE errors.
The original code checked for this, but checked the return value for the libc
read call, which always returns -1 and sets the appropriate errno.
This meant that when an EPIPE error actually happened, the fd was infinitely retried. The 'for loop' was broken out of, but the readikmsg() function is repeatedly called.
Note: there is an additional bug here. The readikmsg function needs better error checking on the fd. I suspect that this was rarely an issue because /dev/kmsg goes truly invalid when the system is actually shutting down.
The fix here is to check the return value as well as the errno.
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/feb6420148c351072a190990622b58124fd44506
---
contrib/imkmsg/kmsg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/contrib/imkmsg/kmsg.c b/contrib/imkmsg/kmsg.c
index beb4076..5a3f45e 100644
--- a/contrib/imkmsg/kmsg.c
+++ b/contrib/imkmsg/kmsg.c
@@ -214,7 +214,7 @@ readkmsg(void)
if (i > 0) {
/* successful read of message of nonzero length */
pRcv[i] = '\0';
- } else if (i == -EPIPE) {
+ } else if (i < 0 && errno == EPIPE) {
imkmsgLogIntMsg(LOG_WARNING,
"imkmsg: some messages in circular buffer got overwritten");
continue;
--
2.33.0

218
backport-Simplified-and-fixed-IPv4-digit-detection.patch
View File

@ -1,218 +0,0 @@
From a335ec06f0897a71356afee3362f67e68b91a3de Mon Sep 17 00:00:00 2001
From: Andre lorbach <alorbach@adiscon.com>
Date: Thu, 28 Jul 2022 16:17:41 +0200
Subject: [PATCH] mmanon: Simplified and fixed IPv4 digit detection.
- Fixed an issue with numbers above int64 in syntax_ipv4.
Numbers that were up to 256 above the max of an int64
could incorrectly be detected as valid ipv4 digit.
- Simplified the IPv4 digit detection function and renamed
to isPosByte.
- added testcasse for malformed IPvc4 addresses
closes: https://github.com/rsyslog/rsyslog/issues/4940
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/a335ec06f0897a71356afee3362f67e68b91a3de
---
plugins/mmanon/mmanon.c | 55 ++++++++++++++------------
tests/Makefile.am | 2 +
tests/mmanon_recognize_ipv4.sh | 4 ++
tests/mmanon_simple_mallformed_ipv4.sh | 37 +++++++++++++++++
4 files changed, 73 insertions(+), 25 deletions(-)
create mode 100755 tests/mmanon_simple_mallformed_ipv4.sh
diff --git a/plugins/mmanon/mmanon.c b/plugins/mmanon/mmanon.c
index a2ebd7b..4f83076 100644
--- a/plugins/mmanon/mmanon.c
+++ b/plugins/mmanon/mmanon.c
@@ -22,6 +22,7 @@
#include "config.h"
#include "rsyslog.h"
#include <stdio.h>
+#include <ctype.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
@@ -388,72 +389,76 @@ getHexVal(char c)
}
-/* returns -1 if no integer found, else integer */
-static int64_t
-getPosInt(const uchar *const __restrict__ buf,
+/* returns 1 if valid IPv4 digit, 0 if not */
+static int
+isPosByte(const uchar *const __restrict__ buf,
const size_t buflen,
size_t *const __restrict__ nprocessed)
{
- int64_t val = 0;
+ int val = 0; /* Default means no byte found */
size_t i;
- for(i = 0 ; i < buflen ; i++) {
- if('0' <= buf[i] && buf[i] <= '9')
- val = val*10 + buf[i]-'0';
- else
+ for(i = 0 ; i < buflen; i++) {
+ if('0' <= buf[i] && buf[i] <= '9') {
+ /* Maximum 3 digits for single IPv4 Number, we only copy up to 4 numbers
+ * but process forward to non digits */
+ if (i < 4) {
+ val = val*10 + buf[i]-'0';
+ }
+ } else
break;
}
*nprocessed = i;
- if(i == 0)
- val = -1;
- return val;
+ /* Return 1 if more than 1 and less the 4 digits and between 0 and 255 */
+ if( i > 0 &&
+ i < 4 &&
+ (val >= 0 && val <= 255)) {
+ return 1;
+ } else {
+ return 0;
+ }
}
/* 1 - is IPv4, 0 not */
-
static int
syntax_ipv4(const uchar *const __restrict__ buf,
const size_t buflen,
size_t *const __restrict__ nprocessed)
{
- int64_t val;
- size_t nproc;
+ size_t nproc = 0;
size_t i;
int r = 0;
-
- val = getPosInt(buf, buflen, &i);
- if(val < 0 || val > 255)
+ if(isPosByte(buf, buflen, &i) == 0) {
goto done;
-
+ }
if(i >= buflen || buf[i] != '.') {
goto done;
}
i++;
- val = getPosInt(buf+i, buflen-i, &nproc);
- if(val < 0 || val > 255)
+ if(isdigit(buf[i]) == 0 || isPosByte(buf+i, buflen-i, &nproc) == 0) {
goto done;
+ }
i += nproc;
if(i >= buflen || buf[i] != '.') {
goto done;
}
i++;
- val = getPosInt(buf+i, buflen-i, &nproc);
- if(val < 0 || val > 255)
+ if(isdigit(buf[i]) == 0 || isPosByte(buf+i, buflen-i, &nproc) == 0) {
goto done;
+ }
i += nproc;
if(i >= buflen || buf[i] != '.') {
goto done;
}
i++;
- val = getPosInt(buf+i, buflen-i, &nproc);
- if(val < 0 || val > 255)
+ if(isdigit(buf[i]) == 0 || isPosByte(buf+i, buflen-i, &nproc) == 0) {
goto done;
+ }
i += nproc;
*nprocessed = i;
r = 1;
-
done:
return r;
}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index d3b040b..5e4f4fe 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -587,6 +587,7 @@ TESTS += \
mmanon_simple_12_ipv4.sh \
mmanon_simple_33_ipv4.sh \
mmanon_simple_8_ipv4.sh \
+ mmanon_simple_mallformed_ipv4.sh \
mmanon_random_128_ipv6.sh \
mmanon_zero_128_ipv6.sh \
mmanon_zero_96_ipv6.sh \
@@ -1872,6 +1873,7 @@ EXTRA_DIST= \
mmanon_simple_12_ipv4.sh \
mmanon_simple_33_ipv4.sh \
mmanon_simple_8_ipv4.sh \
+ mmanon_simple_mallformed_ipv4.sh \
mmanon_random_128_ipv6.sh \
mmanon_zero_128_ipv6.sh \
mmanon_zero_96_ipv6.sh \
diff --git a/tests/mmanon_recognize_ipv4.sh b/tests/mmanon_recognize_ipv4.sh
index fb7eb9f..cd9dcca 100755
--- a/tests/mmanon_recognize_ipv4.sh
+++ b/tests/mmanon_recognize_ipv4.sh
@@ -2,6 +2,10 @@
# add 2016-11-22 by Jan Gerhards, released under ASL 2.0
. ${srcdir:=.}/diag.sh init
+
+#export RSYSLOG_DEBUG="debug nostdout noprintmutexaction"
+#export RSYSLOG_DEBUGLOG="$RSYSLOG_DYNNAME.debuglog"
+
generate_conf
add_conf '
template(name="outfmt" type="string" string="%msg%\n")
diff --git a/tests/mmanon_simple_mallformed_ipv4.sh b/tests/mmanon_simple_mallformed_ipv4.sh
new file mode 100755
index 0000000..7ef8899
--- /dev/null
+++ b/tests/mmanon_simple_mallformed_ipv4.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+# add 2022-07-28 by Andre Lorbach, released under ASL 2.0
+
+. ${srcdir:=.}/diag.sh init
+#export USE_VALGRIND="YES" # this test only makes sense with valgrind enabled
+#export RS_TEST_VALGRIND_EXTRA_OPTS="--keep-debuginfo=yes"
+
+#export RSYSLOG_DEBUG="debug nostdout noprintmutexaction"
+#export RSYSLOG_DEBUGLOG="$RSYSLOG_DYNNAME.debuglog"
+
+generate_conf
+add_conf '
+template(name="outfmt" type="string" string="%msg%\n")
+
+module(load="../plugins/mmanon/.libs/mmanon")
+module(load="../plugins/imtcp/.libs/imtcp")
+input(type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port" ruleset="testing")
+
+ruleset(name="testing") {
+ action(type="mmanon" ipv4.bits="32" ipv4.mode="simple")
+ action(type="omfile" file=`echo $RSYSLOG_OUT_LOG` template="outfmt")
+}'
+
+startup
+tcpflood -m1 -M "\"<129>Mar 10 01:00:00 172.20.245.8 tag: 165874883373.1.15599155266856607338.91@whatever
+<129>Mar 10 01:00:00 172.20.245.8 tag: 1.165874883373.15599155266856607338.91@whatever
+<129>Mar 10 01:00:00 172.20.245.8 tag: 15599155266856607338.165874883373.1.91@whatever
+<129>Mar 10 01:00:00 172.20.245.8 tag: 91.165874883373.1.15599155266856607338.@whatever\""
+
+shutdown_when_empty
+wait_shutdown
+export EXPECTED=' 165874883373.1.15599155266856607338.91@whatever
+ 1.165874883373.15599155266856607338.91@whatever
+ 15599155266856607338.165874883373.1.91@whatever
+ 91.165874883373.1.15599155266856607338.@whatever'
+cmp_exact
+exit_test
--
2.27.0

30
backport-Terminate-all-tcpsrv-threads-properly.patch
View File

@ -1,30 +0,0 @@
From 178a36c9b497a78855e1eda03550c3089473ace7 Mon Sep 17 00:00:00 2001
From: Gabor Orosz <goro@goro.io>
Date: Fri, 14 Jan 2022 19:58:17 +0000
Subject: [PATCH] Terminate all tcpsrv threads properly
Graceful shutdown of Rsyslog could lead to segmentation faults when
multiple imtcp inputs are being used. That is because the rest of the
tcpsrv threads are left behind running, while their underlying objects
are being disposed by the main thread as part of the module
de-initialization.
Signed-off-by: Gabor Orosz <goro@goro.io>
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/178a36c9b497a78855e1eda03550c3089473ace7
---
plugins/imtcp/imtcp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
index 0e689a28d8..a6256acad8 100644
--- a/plugins/imtcp/imtcp.c
+++ b/plugins/imtcp/imtcp.c
@@ -1007,6 +1007,7 @@ CODESTARTrunInput
iRet = tcpsrv.Run(tcpsrv_root->tcpsrv);
/* de-init remaining servers */
+ etry = tcpsrv_root->next;
while(etry != NULL) {
stopSrvWrkr(etry);
etry = etry->next;

210
backport-add-support-for-permittedPeers-setting-at-input.patch
View File

@ -1,210 +0,0 @@
From f83306fe2a58708455e5f3b83679aca22f1283d2 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 22 Oct 2021 18:02:23 +0200
Subject: [PATCH] imtcp: add support for permittedPeers setting at input()
level
The permittedPeers settig was actually forgotten during the refactoring
of TLS input() level settings. This functionality is now added.
closes: https://github.com/rsyslog/rsyslog/issues/4706
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/f83306fe2a58708455e5f3b83679aca22f1283d2
---
plugins/imtcp/imtcp.c | 53 +++++++++++++++++++++++++++----------------
runtime/nsd_ossl.c | 1 +
runtime/tcps_sess.c | 2 ++
3 files changed, 36 insertions(+), 20 deletions(-)
diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
index 06774069c4..98a060e4c9 100644
--- a/plugins/imtcp/imtcp.c
+++ b/plugins/imtcp/imtcp.c
@@ -63,7 +63,7 @@
#include "tcpsrv.h"
#include "ruleset.h"
#include "rainerscript.h"
-#include "net.h" /* for permittedPeers, may be removed when this is removed */
+#include "net.h"
#include "parserif.h"
MODULE_TYPE_INPUT
@@ -144,6 +144,7 @@ struct instanceConf_s {
uchar *pszStrmDrvrCAFile;
uchar *pszStrmDrvrKeyFile;
uchar *pszStrmDrvrCertFile;
+ permittedPeers_t *pPermPeersRoot;
uchar *gnutlsPriorityString;
int iStrmDrvrExtendedCertCheck;
int iStrmDrvrSANPreference;
@@ -183,7 +184,7 @@ struct modConfData_s {
uchar *pszStrmDrvrCAFile;
uchar *pszStrmDrvrKeyFile;
uchar *pszStrmDrvrCertFile;
- struct cnfarray *permittedPeers;
+ permittedPeers_t *pPermPeersRoot;
sbool configSetViaV2Method;
sbool bPreserveCase; /* preserve case of fromhost; true by default */
};
@@ -251,6 +252,7 @@ static struct cnfparamdescr inppdescr[] = {
{ "streamdriver.cafile", eCmdHdlrString, 0 },
{ "streamdriver.keyfile", eCmdHdlrString, 0 },
{ "streamdriver.certfile", eCmdHdlrString, 0 },
+ { "permittedpeer", eCmdHdlrArray, 0 },
{ "gnutlsprioritystring", eCmdHdlrString, 0 },
{ "keepalive", eCmdHdlrBinary, 0 },
{ "keepalive.probes", eCmdHdlrNonNegInt, 0 },
@@ -365,6 +367,7 @@ createInstance(instanceConf_t **pinst)
inst->pszStrmDrvrCAFile = NULL;
inst->pszStrmDrvrKeyFile = NULL;
inst->pszStrmDrvrCertFile = NULL;
+ inst->pPermPeersRoot = NULL;
inst->gnutlsPriorityString = NULL;
inst->iStrmDrvrMode = loadModConf->iStrmDrvrMode;
inst->iStrmDrvrExtendedCertCheck = loadModConf->iStrmDrvrExtendedCertCheck;
@@ -451,6 +454,7 @@ addListner(modConfData_t *modConf, instanceConf_t *inst)
{
DEFiRet;
uchar *psz; /* work variable */
+ permittedPeers_t *peers;
tcpsrv_t *pOurTcpsrv;
CHKiRet(tcpsrv.Construct(&pOurTcpsrv));
@@ -508,8 +512,10 @@ addListner(modConfData_t *modConf, instanceConf_t *inst)
? modConf->pszStrmDrvrCertFile : inst->pszStrmDrvrCertFile;
CHKiRet(tcpsrv.SetDrvrCertFile(pOurTcpsrv, psz));
- if(pPermPeersRoot != NULL) {
- CHKiRet(tcpsrv.SetDrvrPermPeers(pOurTcpsrv, pPermPeersRoot));
+ peers = (inst->pPermPeersRoot == NULL)
+ ? modConf->pPermPeersRoot : inst->pPermPeersRoot;
+ if(peers != NULL) {
+ CHKiRet(tcpsrv.SetDrvrPermPeers(pOurTcpsrv, peers));
}
/* initialized, now add socket and listener params */
@@ -608,6 +614,12 @@ CODESTARTnewInpInst
inst->pszStrmDrvrName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(inppblk.descr[i].name, "gnutlsprioritystring")) {
inst->gnutlsPriorityString = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ } else if(!strcmp(inppblk.descr[i].name, "permittedpeer")) {
+ for(int j = 0 ; j < pvals[i].val.d.ar->nmemb ; ++j) {
+ uchar *const peer = (uchar*) es_str2cstr(pvals[i].val.d.ar->arr[j], NULL);
+ CHKiRet(net.AddPermittedPeer(&inst->pPermPeersRoot, peer));
+ free(peer);
+ }
} else if(!strcmp(inppblk.descr[i].name, "flowcontrol")) {
inst->bUseFlowControl = (int) pvals[i].val.d.n;
} else if(!strcmp(inppblk.descr[i].name, "disablelfdelimiter")) {
@@ -689,7 +701,7 @@ CODESTARTbeginCnfLoad
loadModConf->pszStrmDrvrCAFile = NULL;
loadModConf->pszStrmDrvrKeyFile = NULL;
loadModConf->pszStrmDrvrCertFile = NULL;
- loadModConf->permittedPeers = NULL;
+ loadModConf->pPermPeersRoot = NULL;
loadModConf->configSetViaV2Method = 0;
loadModConf->bPreserveCase = 1; /* default to true */
bLegacyCnfModGlobalsPermitted = 1;
@@ -780,7 +792,11 @@ CODESTARTsetModCnf
} else if(!strcmp(modpblk.descr[i].name, "streamdriver.name")) {
loadModConf->pszStrmDrvrName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
} else if(!strcmp(modpblk.descr[i].name, "permittedpeer")) {
- loadModConf->permittedPeers = cnfarrayDup(pvals[i].val.d.ar);
+ for(int j = 0 ; j < pvals[i].val.d.ar->nmemb ; ++j) {
+ uchar *const peer = (uchar*) es_str2cstr(pvals[i].val.d.ar->arr[j], NULL);
+ CHKiRet(net.AddPermittedPeer(&loadModConf->pPermPeersRoot, peer));
+ free(peer);
+ }
} else if(!strcmp(modpblk.descr[i].name, "preservecase")) {
loadModConf->bPreserveCase = (int) pvals[i].val.d.n;
} else {
@@ -818,6 +834,11 @@ CODESTARTendCnfLoad
pModConf->iKeepAliveProbes = cs.iKeepAliveProbes;
pModConf->iKeepAliveIntvl = cs.iKeepAliveIntvl;
pModConf->iKeepAliveTime = cs.iKeepAliveTime;
+ if(pPermPeersRoot != NULL) {
+ assert(pModConf->pPermPeersRoot == NULL);
+ pModConf->pPermPeersRoot = pPermPeersRoot;
+ pPermPeersRoot = NULL; /* memory handed over! */
+ }
if((cs.pszStrmDrvrAuthMode == NULL) || (cs.pszStrmDrvrAuthMode[0] == '\0')) {
loadModConf->pszStrmDrvrAuthMode = NULL;
} else {
@@ -860,15 +881,8 @@ ENDcheckCnf
BEGINactivateCnfPrePrivDrop
instanceConf_t *inst;
- int i;
CODESTARTactivateCnfPrePrivDrop
runModConf = pModConf;
- if(runModConf->permittedPeers != NULL) {
- for(i = 0 ; i < runModConf->permittedPeers->nmemb ; ++i) {
- setPermittedPeer(NULL, (uchar*)
- es_str2cstr(runModConf->permittedPeers->arr[i], NULL));
- }
- }
for(inst = runModConf->root ; inst != NULL ; inst = inst->next) {
addListner(runModConf, inst);
}
@@ -899,10 +913,10 @@ CODESTARTfreeCnf
free(pModConf->pszStrmDrvrCAFile);
free(pModConf->pszStrmDrvrKeyFile);
free(pModConf->pszStrmDrvrCertFile);
- if(pModConf->permittedPeers != NULL) {
- cnfarrayContentDestruct(pModConf->permittedPeers);
- free(pModConf->permittedPeers);
+ if(pModConf->pPermPeersRoot != NULL) {
+ net.DestructPermittedPeers(&pModConf->pPermPeersRoot);
}
+
for(inst = pModConf->root ; inst != NULL ; ) {
free((void*)inst->pszBindRuleset);
free((void*)inst->pszStrmDrvrAuthMode);
@@ -914,6 +928,9 @@ CODESTARTfreeCnf
free((void*)inst->gnutlsPriorityString);
free((void*)inst->pszInputName);
free((void*)inst->dfltTZ);
+ if(inst->pPermPeersRoot != NULL) {
+ net.DestructPermittedPeers(&inst->pPermPeersRoot);
+ }
del = inst;
inst = inst->next;
free(del);
@@ -1026,10 +1043,6 @@ ENDisCompatibleWithFeature
BEGINmodExit
CODESTARTmodExit
- if(pPermPeersRoot != NULL) {
- net.DestructPermittedPeers(&pPermPeersRoot);
- }
-
/* release objects we used */
objRelease(net, LM_NET_FILENAME);
objRelease(netstrm, LM_NETSTRMS_FILENAME);
diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c
index 110e11038b..03ebc0ab33 100644
--- a/runtime/nsd_ossl.c
+++ b/runtime/nsd_ossl.c
@@ -612,6 +612,7 @@ osslChkPeerFingerprint(nsd_ossl_t *pThis, X509 *pCert)
dbgprintf("osslChkPeerFingerprint: peer's certificate MATCH found: %s\n", pPeer->pszID);
bFoundPositiveMatch = 1;
} else {
+ dbgprintf("osslChkPeerFingerprint: NOMATCH peer certificate: %s\n", pPeer->pszID);
pPeer = pPeer->pNext;
}
}
diff --git a/runtime/tcps_sess.c b/runtime/tcps_sess.c
index b12d873019..9e5dbcc5cb 100644
--- a/runtime/tcps_sess.c
+++ b/runtime/tcps_sess.c
@@ -444,8 +444,10 @@ processDataRcvd(tcps_sess_t *pThis,
}
} else {
assert(pThis->inputState == eInMsg);
+ #if 0 // set to 1 for ultra-verbose
DBGPRINTF("DEBUG: processDataRcvd c=%c remain=%d\n",
c, pThis->iOctetsRemain);
+ #endif
if(( ((c == '\n') && !pThis->pSrv->bDisableLFDelim)
|| ((pThis->pSrv->addtlFrameDelim != TCPSRV_NO_ADDTL_DELIMITER)

78
backport-add-test-for-legacy-permittedPeer-statement.patch
View File

@ -1,78 +0,0 @@
From 202e10e24ca658f91c3aef87c017e8f0525744b5 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 25 Oct 2021 09:18:44 +0200
Subject: [PATCH] testbench: add test for legacy permittedPeer statement
This is required to ensure backwards compatibility when doing changes
to the networking subsystem. So far this was not covered by any test.
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/202e10e24ca658f91c3aef87c017e8f0525744b5
---
tests/Makefile.am | 2 ++
tests/imtcp-tls-gtls-x509name-legacy.sh | 33 +++++++++++++++++++++++++
2 files changed, 35 insertions(+)
create mode 100755 tests/imtcp-tls-gtls-x509name-legacy.sh
diff --git a/tests/Makefile.am b/tests/Makefile.am
index a68b6eb..9cc18a4 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1267,6 +1267,7 @@ TESTS += \
imtcp-tls-gtls-x509fingerprint.sh \
imtcp-tls-gtls-x509name-invld.sh \
imtcp-tls-gtls-x509name.sh \
+ imtcp-tls-gtls-x509name-legacy.sh \
imtcp-drvr-in-input-basic.sh \
imtcp-multi-drvr-basic.sh \
imtcp-multi-drvr-basic-parallel.sh
@@ -2130,6 +2131,7 @@ EXTRA_DIST= \
imtcp-tls-gtls-x509fingerprint.sh \
imtcp-tls-gtls-x509name-invld.sh \
imtcp-tls-gtls-x509name.sh \
+ imtcp-tls-gtls-x509name-legacy.sh \
imtcp-drvr-in-input-basic.sh \
imtcp-multi-drvr-basic.sh \
imtcp-multi-drvr-basic-parallel.sh \
diff --git a/tests/imtcp-tls-gtls-x509name-legacy.sh b/tests/imtcp-tls-gtls-x509name-legacy.sh
new file mode 100755
index 0000000..c2c9bdd
--- /dev/null
+++ b/tests/imtcp-tls-gtls-x509name-legacy.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+# This file is part of the rsyslog project, released under ASL 2.0
+. ${srcdir:=.}/diag.sh init
+export NUMMESSAGES=1
+generate_conf
+add_conf '
+global( defaultNetstreamDriverCAFile="'$srcdir/tls-certs/ca.pem'"
+ defaultNetstreamDriverCertFile="'$srcdir/tls-certs/cert.pem'"
+ defaultNetstreamDriverKeyFile="'$srcdir/tls-certs/key.pem'"
+)
+
+
+# NOTE: we intentionally use legacy statements here! This *IS* what we want to test!
+$ModLoad ../plugins/imtcp/.libs/imtcp
+$inputTcpserverStreamdriverPermittedPeer rsyslog-client
+
+input(type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port"
+ StreamDriver.Name="gtls"
+ StreamDriver.Mode="1"
+ StreamDriver.AuthMode="x509/name")
+
+template(name="outfmt" type="string" string="%msg:F,58:2%\n")
+:msg, contains, "msgnum:" action( type="omfile"
+ template="outfmt"
+ file=`echo $RSYSLOG_OUT_LOG`)
+'
+startup
+tcpflood -p'$TCPFLOOD_PORT' -m$NUMMESSAGES -Ttls -x$srcdir/tls-certs/ca.pem -Z$srcdir/tls-certs/cert.pem -z$srcdir/tls-certs/key.pem
+wait_file_lines
+shutdown_when_empty
+wait_shutdown
+seq_check
+exit_test
--
2.27.0

258
backport-core-bugfix-correct-local-host-name-after-config-processing.patch
View File

@ -1,258 +0,0 @@
From ba00a9f25293f72137c9a85010276cca014ae7f0 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 31 Aug 2022 17:37:07 +0200
Subject: [PATCH] core bugfix: correct local host name after config processing
rsyslog.conf may affect the host's local name. These changes were
so far only activated after the first HUP. This patch now ensures
that the configured local host name is applied correctly throughout
all processing, including early startup.
This patch causes a slight change of behaviour. However, the behaviour
was inconsitent before. Now it is consistent and according to the config.
Please note: this patch also exposes a global entry point via "regular"
dynamic loading as this makes things much easier to do. This is in-line
with ongoing simplification effort.
Finally, we also remove a CI test that we do no longer need because
the problem covered is now addressed differently and the original issue
can no longer occur.
closes https://github.com/rsyslog/rsyslog/issues/4975
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/ba00a9f25293f72137c9a85010276cca014ae7f0
---
runtime/glbl.c | 16 +++++++++++---
runtime/glbl.h | 3 ++-
runtime/rsyslog.h | 2 +-
tests/Makefile.am | 6 ------
tests/hostname-getaddrinfo-fail.sh | 34 ------------------------------
tools/iminternal.c | 7 +++++-
tools/rsyslogd.c | 10 ++-------
7 files changed, 24 insertions(+), 54 deletions(-)
delete mode 100755 tests/hostname-getaddrinfo-fail.sh
diff --git a/runtime/glbl.c b/runtime/glbl.c
index 52a598f..4feefc4 100644
--- a/runtime/glbl.c
+++ b/runtime/glbl.c
@@ -619,8 +619,8 @@ SetLocalHostName(uchar *const newname)
/* return our local hostname. if it is not set, "[localhost]" is returned
*/
-static uchar*
-GetLocalHostName(void)
+uchar*
+glblGetLocalHostName(void)
{
uchar *pszRet;
@@ -910,6 +910,8 @@ CODESTARTobjQueryInterface(glbl)
pIf->GetOption_DisallowWarning = getOption_DisallowWarning;
pIf->SetParseHOSTNAMEandTAG = setParseHOSTNAMEandTAG;
pIf->GetParseHOSTNAMEandTAG = getParseHOSTNAMEandTAG;
+ pIf->GetLocalHostName = glblGetLocalHostName;
+ pIf->SetLocalHostName = SetLocalHostName;
#define SIMP_PROP(name) \
pIf->Get##name = Get##name; \
pIf->Set##name = Set##name;
@@ -917,7 +919,6 @@ CODESTARTobjQueryInterface(glbl)
SIMP_PROP(DropMalPTRMsgs);
SIMP_PROP(mainqCnfObj);
SIMP_PROP(LocalFQDNName)
- SIMP_PROP(LocalHostName)
SIMP_PROP(LocalDomain)
SIMP_PROP(StripDomains)
SIMP_PROP(LocalHosts)
@@ -1541,6 +1542,15 @@ glblDoneLoadCnf(void)
stddbg = -1;
}
+ /* we have now read the config. We need to query the local host name now
+ * as it was set by the config.
+ *
+ * Note: early messages are already emited, and have "[localhost]" as
+ * hostname. These messages are currently in iminternal queue. Once they
+ * are taken from that queue, the hostname will be adapted.
+ */
+ queryLocalHostname();
+
finalize_it: RETiRet;
}
diff --git a/runtime/glbl.h b/runtime/glbl.h
index 9ccf7b6..4cb5770 100644
--- a/runtime/glbl.h
+++ b/runtime/glbl.h
@@ -8,7 +8,7 @@
* Please note that there currently is no glbl.c file as we do not yet
* have any implementations.
*
- * Copyright 2008-2019 Rainer Gerhards and Adiscon GmbH.
+ * Copyright 2008-2022 Rainer Gerhards and Adiscon GmbH.
*
* This file is part of the rsyslog runtime library.
*
@@ -162,5 +162,6 @@ const uchar* glblGetOperatingStateFile(void);
int glblGetOversizeMsgInputMode(void);
int glblReportOversizeMessage(void);
void glblReportChildProcessExit(const uchar *name, pid_t pid, int status);
+uchar *glblGetLocalHostName(void);
#endif /* #ifndef GLBL_H_INCLUDED */
diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
index 6492eea..58f8219 100644
--- a/runtime/rsyslog.h
+++ b/runtime/rsyslog.h
@@ -757,8 +757,8 @@ rsRetVal rsrtInit(const char **ppErrObj, obj_if_t *pObjIF);
rsRetVal rsrtExit(void);
int rsrtIsInit(void);
void rsrtSetErrLogger(void (*errLogger)(const int, const int, const uchar*));
-
void dfltErrLogger(const int, const int, const uchar *errMsg);
+rsRetVal queryLocalHostname(void);
/* this define below is (later) intended to be used to implement empty
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 5e4f4fe..34b5b38 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -175,7 +175,6 @@ TESTS += \
timestamp-mysql.sh \
timestamp-pgsql.sh \
timestamp-subseconds.sh \
- hostname-getaddrinfo-fail.sh \
msleep_usage_output.sh \
mangle_qi_usage_output.sh \
minitcpsrv_usage_output.sh \
@@ -1608,10 +1607,6 @@ TESTS += \
endif
endif # ENABLE_OMAMQP1
-# test samples...
-#empty-hostname.log: hostname-getaddrinfo-fail.log
-#hostname-getaddrinfo-fail.log: empty-hostname.log
-
endif # if ENABLE_TESTBENCH
TESTS_ENVIRONMENT = RSYSLOG_MODDIR='$(abs_top_builddir)'/runtime/.libs/
@@ -1648,7 +1643,6 @@ EXTRA_DIST= \
config_enabled-off.sh \
empty-app-name.sh \
empty-hostname.sh \
- hostname-getaddrinfo-fail.sh \
hostname-with-slash-pmrfc5424.sh \
hostname-with-slash-pmrfc3164.sh \
pmrfc3164-msgFirstSpace.sh \
diff --git a/tests/hostname-getaddrinfo-fail.sh b/tests/hostname-getaddrinfo-fail.sh
deleted file mode 100755
index d14a1c3..0000000
--- a/tests/hostname-getaddrinfo-fail.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-# This test check what happens if we cannot doe getaddrinfo early
-# in rsyslog startup (this has caused an error in the past). Even more
-# importantly, it checks that error messages can be issued very early
-# during startup.
-# Note that we use the override of the hostname to ensure we do not
-# accidentally get an acceptable FQDN-type hostname during testing.
-#
-# IMPORTANT: We cannot use the regular plumbing here, as our preload
-# interferes with socket operations (we cannot bind the port for some
-# reason). As we do not necessarily need the full plumbing for this
-# simple test, we emulate what we need. It's a bit ugly, but actually
-# the simplest way forward.
-#
-# This is part of the rsyslog testbench, licensed under ASL 2.0
-. ${srcdir:=.}/diag.sh init
-skip_platform "AIX" "we cannot preload required dummy lib"
-
-echo 'action(type="omfile" file="'$RSYSLOG_DYNNAME'.out.log")' > ${RSYSLOG_DYNNAME}.conf
-LD_PRELOAD=".libs/liboverride_gethostname_nonfqdn.so:.libs/liboverride_getaddrinfo.so" \
- ../tools/rsyslogd -C -n -i$RSYSLOG_DYNNAME.pid -M../runtime/.libs:../.libs -f${RSYSLOG_DYNNAME}.conf &
-wait_process_startup $RSYSLOG_DYNNAME
-sleep 1 # wait a bit so that rsyslog can do some processing...
-kill $(cat $RSYSLOG_DYNNAME.pid )
-
-grep " nonfqdn " < $RSYSLOG_DYNNAME.out.log
-if [ ! $? -eq 0 ]; then
- echo "expected hostname \"nonfqdn\" not found in logs, $RSYSLOG_DYNNAME.out.log is:"
- cat $RSYSLOG_DYNNAME.out.log
- error_exit 1
-fi;
-
-echo EVERYTHING OK - error messages are just as expected!
-exit_test
diff --git a/tools/iminternal.c b/tools/iminternal.c
index 52e9df8..c4dd548 100644
--- a/tools/iminternal.c
+++ b/tools/iminternal.c
@@ -6,7 +6,7 @@
*
* File begun on 2007-08-03 by RGerhards
*
- * Copyright 2007-2017 Rainer Gerhards and Adiscon GmbH.
+ * Copyright 2007-2022 Rainer Gerhards and Adiscon GmbH.
*
* This file is part of rsyslog.
*
@@ -37,6 +37,7 @@
#include "syslogd.h"
#include "linkedlist.h"
#include "iminternal.h"
+#include "unicode-helper.h"
static linkedList_t llMsgs;
static pthread_mutex_t mutList = PTHREAD_MUTEX_INITIALIZER;
@@ -137,6 +138,10 @@ rsRetVal iminternalRemoveMsg(smsg_t **ppMsg)
pthread_mutex_lock(&mutList);
CHKiRet(llGetNextElt(&llMsgs, &llCookie, (void*)&pThis));
+ if(!strcmp((char*)pThis->pMsg->pszHOSTNAME, "[localhost]")) {
+ /* early (pre-conf) startup message detected, need to set real hostname now */
+ MsgSetHOSTNAME(pThis->pMsg, glblGetLocalHostName(), ustrlen(glblGetLocalHostName()));
+ }
*ppMsg = pThis->pMsg;
pThis->pMsg = NULL; /* we do no longer own it - important for destructor */
diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c
index 8410d44..9dedd2f 100644
--- a/tools/rsyslogd.c
+++ b/tools/rsyslogd.c
@@ -3,7 +3,7 @@
* because it was either written from scratch by me (rgerhards) or
* contributors who agreed to ASL 2.0.
*
- * Copyright 2004-2019 Rainer Gerhards and Adiscon
+ * Copyright 2004-2022 Rainer Gerhards and Adiscon
*
* This file is part of rsyslog.
*
@@ -231,7 +231,7 @@ setsid(void)
#endif
-static rsRetVal
+rsRetVal
queryLocalHostname(void)
{
uchar *LocalHostName = NULL;
@@ -1384,12 +1384,6 @@ initAll(int argc, char **argv)
exit(1); /* "good" exit, leaving at init for fatal error */
}
- /* get our host and domain names - we need to do this early as we may emit
- * error log messages, which need the correct hostname. -- rgerhards, 2008-04-04
- * But we need to have imInternal up first!
- */
- queryLocalHostname();
-
/* we now can emit error messages "the regular way" */
if(getenv("TZ") == NULL) {
--
2.27.0

96
backport-fix-memory-leak-in-afterRun-Code.patch
View File

@ -1,96 +0,0 @@
From 1ac3312e5a1e809158a0cccd5a332d3a67562a4f Mon Sep 17 00:00:00 2001
From: Andre lorbach <alorbach@adiscon.com>
Date: Mon, 22 Nov 2021 23:08:08 +0100
Subject: [PATCH] imtcp: fix memory leak in afterRun Code
- tcpsrv_etry_t was left in memory, is now freed
- Fix copy&paste error for pszLstnPortFileName init
- Free cnf_params if createInstance init fails
closes: https://github.com/rsyslog/rsyslog/issues/4646
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/1ac3312e5a1e809158a0cccd5a332d3a67562a4f
---
plugins/imtcp/imtcp.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
index 98a060e4c9..0e689a28d8 100644
--- a/plugins/imtcp/imtcp.c
+++ b/plugins/imtcp/imtcp.c
@@ -350,7 +350,7 @@ createInstance(instanceConf_t **pinst)
instanceConf_t *inst = NULL;
DEFiRet;
- CHKmalloc(inst = malloc(sizeof(instanceConf_t)));
+ CHKmalloc(inst = (instanceConf_t*) calloc(1, sizeof(instanceConf_t)));
CHKmalloc(inst->cnf_params = (tcpLstnParams_t*) calloc(1, sizeof(tcpLstnParams_t)));
inst->next = NULL;
inst->pszBindRuleset = NULL;
@@ -400,6 +400,7 @@ createInstance(instanceConf_t **pinst)
*pinst = inst;
finalize_it:
if(iRet != RS_RET_OK) {
+ free(inst->cnf_params);
free(inst);
}
RETiRet;
@@ -431,7 +432,7 @@ static rsRetVal addInstance(void __attribute__((unused)) *pVal, uchar *pNewVal)
CHKmalloc(inst->cnf_params->pszAddr = ustrdup(cs.lstnIP));
}
if((cs.lstnPortFile == NULL) || (cs.lstnPortFile[0] == '\0')) {
- inst->cnf_params->pszAddr = NULL;
+ inst->cnf_params->pszLstnPortFileName = NULL;
} else {
CHKmalloc(inst->cnf_params->pszLstnPortFileName = ustrdup(cs.lstnPortFile));
}
@@ -706,7 +707,6 @@ CODESTARTbeginCnfLoad
loadModConf->bPreserveCase = 1; /* default to true */
bLegacyCnfModGlobalsPermitted = 1;
/* init legacy config variables */
- cs.pszStrmDrvrAuthMode = NULL;
resetConfigVariables(NULL, NULL); /* dummy parameters just to fulfill interface def */
ENDbeginCnfLoad
@@ -906,9 +906,9 @@ ENDactivateCnf
BEGINfreeCnf
instanceConf_t *inst, *del;
CODESTARTfreeCnf
+ free(pModConf->gnutlsPriorityString);
free(pModConf->pszStrmDrvrName);
free(pModConf->pszStrmDrvrAuthMode);
- free(pModConf->gnutlsPriorityString);
free(pModConf->pszStrmDrvrPermitExpiredCerts);
free(pModConf->pszStrmDrvrCAFile);
free(pModConf->pszStrmDrvrKeyFile);
@@ -1024,12 +1024,14 @@ ENDwillRun
BEGINafterRun
CODESTARTafterRun
tcpsrv_etry_t *etry = tcpsrv_root;
+ tcpsrv_etry_t *del;
while(etry != NULL) {
iRet = tcpsrv.Destruct(&etry->tcpsrv);
// TODO: check iRet, reprot error
+ del = etry;
etry = etry->next;
+ free(del);
}
-
net.clearAllowedSenders(UCHAR_CONSTANT("TCP"));
ENDafterRun
@@ -1068,11 +1070,11 @@ resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unus
cs.iAddtlFrameDelim = TCPSRV_NO_ADDTL_DELIMITER;
cs.maxFrameSize = 200000;
cs.bDisableLFDelim = 0;
- free(cs.pszInputName);
- cs.pszInputName = NULL;
+ cs.bPreserveCase = 1;
free(cs.pszStrmDrvrAuthMode);
cs.pszStrmDrvrAuthMode = NULL;
- cs.bPreserveCase = 1;
+ free(cs.pszInputName);
+ cs.pszInputName = NULL;
free(cs.lstnPortFile);
cs.lstnPortFile = NULL;
return RS_RET_OK;

268
backport-gnutls-bugfix-Fix-error-handling-in-gtlsRecordRecv.patch
View File

@ -1,268 +0,0 @@
From 325203e4e2b2cc53283d9dbdff0aa677aded1e0d Mon Sep 17 00:00:00 2001
From: Andre lorbach <alorbach@adiscon.com>
Date: Wed, 9 Mar 2022 17:58:05 +0100
Subject: [PATCH] gnutls bugfix: Fix error handling in gtlsRecordRecv
There was a rare possibility that the E_AGAIN/E_INTERRUPT handling
could cause an infinite loop (100% CPU Usage), for example when a TLS
handshake is interrupted at a certain stage.
- After gnutls_record_recv is called, and E_AGAIN/E_INTERRUPT error
occurs, we need to do additional read/write direction handling
with gnutls_record_get_direction.
- After the second call of gnutls_record_recv (Expand buffer)
we needed to also check the eror codes for E_AGAIN/E_INTERRUPT
to do propper errorhandling.
- Add extra debug output based on ossl driver.
- Potential fix for 100% CPU Loop Receiveloop after gtlsRecordRecv
in doRetry call.
see also: https://github.com/rsyslog/rsyslog/issues/4818
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/aefcfa4d0f6e213c9fac814c3e6bd53970b7e90e
---
runtime/nsd_gtls.c | 39 ++++++++++++++++++++++++++++++---------
runtime/nsd_gtls.h | 5 +++++
runtime/nsdsel_gtls.c | 28 +++++++++++++++++++++-------
runtime/tcpsrv.c | 11 +++++++----
tests/imtcp-tls-basic.sh | 3 +++
5 files changed, 66 insertions(+), 20 deletions(-)
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 6fc300c..01b0ec6 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -550,8 +550,10 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
DEFiRet;
ISOBJ_TYPE_assert(pThis, nsd_gtls);
- DBGPRINTF("gtlsRecordRecv: start\n");
+ DBGPRINTF("gtlsRecordRecv: start (Pending Data: %zd | Wanted Direction: %s)\n",
+ gnutls_record_check_pending(pThis->sess),
+ (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ ? "READ" : "WRITE") );
lenRcvd = gnutls_record_recv(pThis->sess, pThis->pszRcvBuf, NSD_GTLS_MAX_RCVBUF);
if(lenRcvd >= 0) {
DBGPRINTF("gtlsRecordRecv: gnutls_record_recv received %zd bytes\n", lenRcvd);
@@ -575,14 +577,30 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
(NSD_GTLS_MAX_RCVBUF+lenRcvd));
pThis->lenRcvBuf = NSD_GTLS_MAX_RCVBUF+lenRcvd;
} else {
- goto sslerr;
+ if (lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
+ goto sslerragain; /* Go to ERR AGAIN handling */
+ } else {
+ /* Do all other error handling */
+ int gnuRet = lenRcvd;
+ ABORTgnutls;
+ }
}
}
} else if(lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
-sslerr:
- pThis->rtryCall = gtlsRtry_recv;
- dbgprintf("GnuTLS receive requires a retry (this most probably is OK and no error condition)\n");
- ABORT_FINALIZE(RS_RET_RETRY);
+sslerragain:
+ /* Check if the underlaying file descriptor needs to read or write data!*/
+ if (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ) {
+ pThis->rtryCall = gtlsRtry_recv;
+ dbgprintf("GnuTLS receive requires a retry, this most probably is OK and no error condition\n");
+ ABORT_FINALIZE(RS_RET_RETRY);
+ } else {
+ uchar *pErr = gtlsStrerror(lenRcvd);
+ LogError(0, RS_RET_GNUTLS_ERR, "GnuTLS receive error %zd has wrong read direction(wants write) "
+ "- this could be caused by a broken connection. GnuTLS reports: %s\n",
+ lenRcvd, pErr);
+ free(pErr);
+ ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
+ }
} else {
int gnuRet = lenRcvd;
ABORTgnutls;
@@ -2031,6 +2049,7 @@ static rsRetVal
Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
{
int iSent;
+ int wantsWriteData = 0;
nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
DEFiRet;
ISOBJ_TYPE_assert(pThis, nsd_gtls);
@@ -2051,10 +2070,12 @@ Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
break;
}
if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN) {
+ /* Check if the underlaying file descriptor needs to read or write data!*/
+ wantsWriteData = gnutls_record_get_direction(pThis->sess);
uchar *pErr = gtlsStrerror(iSent);
- LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d - this "
- "could be caused by a broken connection. GnuTLS reports: %s \n",
- iSent, pErr);
+ LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d, wantsWriteData=%d - this "
+ "could be caused by a broken connection. GnuTLS reports: %s\n",
+ iSent, wantsWriteData, pErr);
free(pErr);
gnutls_perror(iSent);
ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
diff --git a/runtime/nsd_gtls.h b/runtime/nsd_gtls.h
index a3ef59f..b9988ae 100644
--- a/runtime/nsd_gtls.h
+++ b/runtime/nsd_gtls.h
@@ -33,6 +33,11 @@ typedef enum {
gtlsRtry_recv = 2
} gtlsRtryCall_t; /**< IDs of calls that needs to be retried */
+typedef enum {
+ gtlsDir_READ = 0, /**< GNUTLS wants READ */
+ gtlsDir_WRITE = 1 /**< GNUTLS wants WRITE */
+} gtlsDirection_t;
+
typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */
/* the nsd_gtls object */
diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c
index 6ed7187..01cfb05 100644
--- a/runtime/nsdsel_gtls.c
+++ b/runtime/nsdsel_gtls.c
@@ -81,6 +81,7 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp)
ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls);
+ DBGPRINTF("Add on nsd %p:\n", pNsdGTLS);
if(pNsdGTLS->iMode == 1) {
if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
++pThis->iBufferRcvReady;
@@ -99,6 +100,7 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp)
}
}
+ dbgprintf("nsdsel_gtls: reached end on nsd %p, calling nsdsel_ptcp.Add with waitOp %d... \n", pNsdGTLS, waitOp);
/* if we reach this point, we need no special handling */
CHKiRet(nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp));
@@ -120,7 +122,8 @@ Select(nsdsel_t *pNsdsel, int *piNumReady)
if(pThis->iBufferRcvReady > 0) {
/* we still have data ready! */
*piNumReady = pThis->iBufferRcvReady;
- dbgprintf("nsdsel_gtls: doing dummy select, data present\n");
+ dbgprintf("nsdsel_gtls: doing dummy select for %p->iBufferRcvReady=%d, data present\n",
+ pThis, pThis->iBufferRcvReady);
} else {
iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
}
@@ -138,7 +141,7 @@ doRetry(nsd_gtls_t *pNsd)
DEFiRet;
int gnuRet;
- dbgprintf("GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
+ dbgprintf("doRetry: GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
/* We follow a common scheme here: first, we do the systen call and
* then we check the result. So far, the result is checked after the
@@ -151,7 +154,7 @@ doRetry(nsd_gtls_t *pNsd)
case gtlsRtry_handshake:
gnuRet = gnutls_handshake(pNsd->sess);
if(gnuRet == GNUTLS_E_AGAIN || gnuRet == GNUTLS_E_INTERRUPTED) {
- dbgprintf("GnuTLS handshake retry did not finish - "
+ dbgprintf("doRetry: GnuTLS handshake retry did not finish - "
"setting to retry (this is OK and can happen)\n");
FINALIZE;
} else if(gnuRet == 0) {
@@ -167,9 +170,20 @@ doRetry(nsd_gtls_t *pNsd)
}
break;
case gtlsRtry_recv:
- dbgprintf("retrying gtls recv, nsd: %p\n", pNsd);
- CHKiRet(gtlsRecordRecv(pNsd));
- pNsd->rtryCall = gtlsRtry_None; /* we are done */
+ dbgprintf("doRetry: retrying gtls recv, nsd: %p\n", pNsd);
+ iRet = gtlsRecordRecv(pNsd);
+ if (iRet == RS_RET_RETRY) {
+ // Check if there is pending data
+ size_t stBytesLeft = gnutls_record_check_pending(pNsd->sess);
+ if (stBytesLeft > 0) {
+ // We are in retry and more data waiting, finalize it
+ goto finalize_it;
+ } else {
+ dbgprintf("doRetry: gtlsRecordRecv returned RETRY, but there is no pending"
+ "data on nsd: %p\n", pNsd);
+ }
+ }
+ pNsd->rtryCall = gtlsRtry_None; /* no more data, we are done */
gnuRet = 0;
break;
case gtlsRtry_None:
@@ -241,7 +255,7 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady)
* socket. -- rgerhards, 2010-11-20
*/
if(pThis->iBufferRcvReady) {
- dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n");
+ dbgprintf("nsd_gtls: dummy read, %p->buffer not available for this FD\n", pThis);
*pbIsReady = 0;
FINALIZE;
}
diff --git a/runtime/tcpsrv.c b/runtime/tcpsrv.c
index 61c9444..06b9abe 100644
--- a/runtime/tcpsrv.c
+++ b/runtime/tcpsrv.c
@@ -596,14 +596,15 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t **ppSess, nspoll_t *pPoll)
int oserr = 0;
ISOBJ_TYPE_assert(pThis, tcpsrv);
- DBGPRINTF("netstream %p with new data\n", (*ppSess)->pStrm);
+ prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ DBGPRINTF("netstream %p with new data from remote peer %s\n", (*ppSess)->pStrm, pszPeer);
/* Receive message */
iRet = pThis->pRcvData(*ppSess, buf, sizeof(buf), &iRcvd, &oserr);
switch(iRet) {
case RS_RET_CLOSED:
if(pThis->bEmitMsgOnClose) {
errno = 0;
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(0, RS_RET_PEER_CLOSED_CONN, "Netstream session %p closed by remote "
"peer %s.\n", (*ppSess)->pStrm, pszPeer);
}
@@ -619,13 +620,13 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t **ppSess, nspoll_t *pPoll)
/* in this case, something went awfully wrong.
* We are instructed to terminate the session.
*/
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(oserr, localRet, "Tearing down TCP Session from %s", pszPeer);
CHKiRet(closeSess(pThis, ppSess, pPoll));
}
break;
default:
- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(oserr, iRet, "netstream session %p from %s will be closed due to error",
(*ppSess)->pStrm, pszPeer);
CHKiRet(closeSess(pThis, ppSess, pPoll));
@@ -835,6 +836,8 @@ RunSelect(tcpsrv_t *pThis, nsd_epworkset_t workset[], size_t sizeWorkset)
while(iTCPSess != -1) {
/* TODO: access to pNsd is NOT really CLEAN, use method... */
CHKiRet(nssel.Add(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD));
+ DBGPRINTF("tcpsrv process session %d:\n", iTCPSess);
+
/* now get next... */
iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess);
}
diff --git a/tests/imtcp-tls-basic.sh b/tests/imtcp-tls-basic.sh
index 8643389..58c5946 100755
--- a/tests/imtcp-tls-basic.sh
+++ b/tests/imtcp-tls-basic.sh
@@ -4,6 +4,9 @@
. ${srcdir:=.}/diag.sh init
export NUMMESSAGES=50000
export QUEUE_EMPTY_CHECK_FUNC=wait_seq_check
+# uncomment for debugging support:
+#export RSYSLOG_DEBUG="debug nostdout noprintmutexaction"
+#export RSYSLOG_DEBUGLOG="$RSYSLOG_DYNNAME.debuglog"
generate_conf
add_conf '
global( defaultNetstreamDriverCAFile="'$srcdir'/tls-certs/ca.pem"
--
2.33.0

65
backport-imptcp-bugfix-worker-thread-starvation-on-extreme-tr.patch
View File

@ -1,65 +0,0 @@
From 54cbda6cde9bf667d699f7b0093d48a3983edb42 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 4 Mar 2022 11:39:11 +0100
Subject: [PATCH] imptcp bugfix: worker thread starvation on extreme traffic
When connectes were totally busy, without any pause, the assigened worker
did never terminate its reading loop. As such, it could not service any
other conenctions. If this happened multiple time and to all configured
workers, all other connections could not be processed at all. This extreme
scenario is very unlikely, as the whole issue is relatively unlikely.
In practice, the issue could lead to somewhat degraded performance and
resolved itself after some time (in practice no connection is 100% busy
for an extended period of time).
Note that this patch sets a fixed limit of 16 iterations for very busy
connections. This sounds like a good compromise between non-starvation
and performance. The exact number may be made configurable if there
is really need to.
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/34e72ced504458d804f8d1049be67ea8cc00a4b4
---
plugins/imptcp/imptcp.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c
index e47a7c9..72e32dd 100644
--- a/plugins/imptcp/imptcp.c
+++ b/plugins/imptcp/imptcp.c
@@ -10,7 +10,7 @@
*
* File begun on 2010-08-10 by RGerhards
*
- * Copyright 2007-2018 Rainer Gerhards and Adiscon GmbH.
+ * Copyright 2007-2022 Rainer Gerhards and Adiscon GmbH.
*
* This file is part of rsyslog.
*
@@ -1391,7 +1391,7 @@ addEPollSock(epolld_type_t typ, void *ptr, int sock, epolld_t **pEpd)
epd->ptr = ptr;
epd->sock = sock;
*pEpd = epd;
- epd->ev.events = EPOLLIN|EPOLLET|EPOLLONESHOT;
+ epd->ev.events = EPOLLIN|EPOLLONESHOT;
epd->ev.data.ptr = (void*) epd;
if(epoll_ctl(epollfd, EPOLL_CTL_ADD, sock, &(epd->ev)) != 0) {
@@ -1938,11 +1938,12 @@ sessActivity(ptcpsess_t *const pSess, int *const continue_polling)
int remsock = 0; /* init just to keep compiler happy... :-( */
sbool bEmitOnClose = 0;
char rcvBuf[128*1024];
+ int runs = 0;
DEFiRet;
DBGPRINTF("imptcp: new activity on session socket %d\n", pSess->sock);
- while(1) {
+ while(runs++ < 16) {
lenBuf = sizeof(rcvBuf);
lenRcv = recv(pSess->sock, rcvBuf, lenBuf, 0);
--
2.33.0

46
backport-rsyslogd-adjust-the-order-of-doHUP-and-processImInte.patch
View File

@ -1,46 +0,0 @@
From e2d129880b6830bf7d26ab46d957b944f73f96e1 Mon Sep 17 00:00:00 2001
From: Yun Zhou <yun.zhou@windriver.com>
Date: Thu, 24 Mar 2022 16:34:09 +0800
Subject: [PATCH] rsyslogd: adjust the order of doHUP() and processImInternal()
After call doHUP(), probably there is a internal log in the list. However, it
will not be wrote out immediately, because the mainloop will be blocked at
pselect in wait_timeout() until a long timeout or next message occur.
More deadly, the log may be lost if the deamon exits unexpectedly.
We might as well put processImInternal() after doHUP(), so that the message
will be flushed out immediately.
Fixes: 723f6fdfa6(rsyslogd: Fix race between signals and main loop timeout)
Signed-off-by: Yun Zhou <yun.zhou@windriver.com>
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/857f77906f95681aa15c7ba3f88cbda8952f7e5f
---
tools/rsyslogd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c
index 9a126dd..8410d44 100644
--- a/tools/rsyslogd.c
+++ b/tools/rsyslogd.c
@@ -1966,8 +1966,6 @@ mainloop(void)
sigaddset(&sigblockset, SIGUSR1);
do {
- processImInternal();
-
pthread_sigmask(SIG_BLOCK, &sigblockset, &origmask);
if(bChildDied) {
reapChild();
@@ -1988,6 +1986,8 @@ mainloop(void)
g_bRecordQueue = 0;
}
+ processImInternal();
+
if(bFinished)
break; /* exit as quickly as possible */
--
2.33.0

39
backport-tcpsrv-cleanup-remove-commented-out-code.patch
View File

@ -1,39 +0,0 @@
From 22bef1c86200e594fd6d5d42fb10647d1303874f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 23 Aug 2022 14:45:11 +0200
Subject: [PATCH] tcpsrv: cleanup - remove commented out code
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/22bef1c86200e594fd6d5d42fb10647d1303874f
---
runtime/tcpsrv.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/runtime/tcpsrv.c b/runtime/tcpsrv.c
index 2c91c2e..2feb2cc 100644
--- a/runtime/tcpsrv.c
+++ b/runtime/tcpsrv.c
@@ -604,7 +604,6 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t **ppSess, nspoll_t *pPoll)
case RS_RET_CLOSED:
if(pThis->bEmitMsgOnClose) {
errno = 0;
- // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(0, RS_RET_PEER_CLOSED_CONN, "Netstream session %p closed by remote "
"peer %s.\n", (*ppSess)->pStrm, pszPeer);
}
@@ -620,13 +619,11 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t **ppSess, nspoll_t *pPoll)
/* in this case, something went awfully wrong.
* We are instructed to terminate the session.
*/
- // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(oserr, localRet, "Tearing down TCP Session from %s", pszPeer);
CHKiRet(closeSess(pThis, ppSess, pPoll));
}
break;
default:
- // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
LogError(oserr, iRet, "netstream session %p from %s will be closed due to error",
(*ppSess)->pStrm, pszPeer);
CHKiRet(closeSess(pThis, ppSess, pPoll));
--
2.27.0

32
backport-tcpsrv-do-not-decrease-number-of-to-be-processed-fds.patch
View File

@ -1,32 +0,0 @@
From d909290dc2d9ffab86409e054abd1abaaf998571 Mon Sep 17 00:00:00 2001
From: Iwan Timmer <iwan.timmer@northwave.nl>
Date: Fri, 29 Apr 2022 15:14:27 +0200
Subject: [PATCH] tcpsrv: do not decrease number of to be processed fds on
error
nfds should only be decreased for processed streams and not for
streams returning an error code, like RS_RET_RETRY.
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/6ffc14fd450b90872272871130d29ab3ecf85f6f
---
runtime/tcpsrv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/runtime/tcpsrv.c b/runtime/tcpsrv.c
index 06b9abe..2c91c2e 100644
--- a/runtime/tcpsrv.c
+++ b/runtime/tcpsrv.c
@@ -880,7 +880,8 @@ RunSelect(tcpsrv_t *pThis, nsd_epworkset_t workset[], size_t sizeWorkset)
processWorkset(pThis, NULL, iWorkset, workset);
iWorkset = 0;
}
- --nfds; /* indicate we have processed one */
+ if(bIsReady)
+ --nfds; /* indicate we have processed one */
}
iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess);
}
--
2.33.0

35
backport-testbench-skip-omfwd_fast_imuxsock.sh-if-liblogging-stdlog-is-not-available.patch
View File

@ -1,35 +0,0 @@
From 62167fe37ee7af43d9eca49c8e025fa89959db20 Mon Sep 17 00:00:00 2001
From: Michael Biebl <biebl@debian.org>
Date: Tue, 19 Oct 2021 23:00:50 +0200
Subject: [PATCH] testbench: skip omfwd_fast_imuxsock.sh if liblogging-stdlog
is not available
Fixes #4712
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/440fd1d51c5aa7763d3d810b542a7e373a6738eb
---
tests/omfwd_fast_imuxsock.sh | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/tests/omfwd_fast_imuxsock.sh b/tests/omfwd_fast_imuxsock.sh
index bb35b58..10f9f19 100755
--- a/tests/omfwd_fast_imuxsock.sh
+++ b/tests/omfwd_fast_imuxsock.sh
@@ -4,6 +4,13 @@
. ${srcdir:=.}/diag.sh init
skip_platform "SunOS" "We have no ATOMIC BUILTINS, so OverallQueueSize counting of imdiag is NOT threadsafe and the counting will fail on SunOS"
+./syslog_caller -fsyslog_inject-l -m0 > /dev/null 2>&1
+no_liblogging_stdlog=$?
+if [ $no_liblogging_stdlog -ne 0 ];then
+ echo "liblogging-stdlog not available - skipping test"
+ exit 77
+fi
+
# export RSYSLOG_DEBUG="debug nologfuncflow noprintmutexaction nostdout"
export NUMMESSAGES=100000
--
2.33.0

61
bugfix-CVE-2022-24903.patch
View File

@ -1,61 +0,0 @@
From 66c63027b95dce0fcfe50fa8baf2366ac83b340d Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 22 Apr 2022 09:49:46 +0200
Subject: [PATCH] net bugfix: potential buffer overrun
Conflict:NA
Reference:https://github.com/rsyslog/rsyslog/commit/89955b0bcb1ff105e1374aad7e0e993faa6a038f
---
contrib/imhttp/imhttp.c | 4 +++-
plugins/imptcp/imptcp.c | 4 +++-
runtime/tcps_sess.c | 4 +++-
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/contrib/imhttp/imhttp.c b/contrib/imhttp/imhttp.c
index f09260b..95704af 100644
--- a/contrib/imhttp/imhttp.c
+++ b/contrib/imhttp/imhttp.c
@@ -487,7 +487,9 @@ processOctetMsgLen(const instanceConf_t *const inst, struct conn_wrkr_s *connWrk
connWrkr->parseState.iOctetsRemain = connWrkr->parseState.iOctetsRemain * 10 + ch - '0';
}
// temporarily save this character into the message buffer
- connWrkr->pMsg[connWrkr->iMsg++] = ch;
+ if(connWrkr->iMsg + 1 < s_iMaxLine) {
+ connWrkr->pMsg[connWrkr->iMsg++] = ch;
+ }
} else {
const char *remoteAddr = "";
if (connWrkr->propRemoteAddr) {
diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c
index cdd29d4..e47a7c9 100644
--- a/plugins/imptcp/imptcp.c
+++ b/plugins/imptcp/imptcp.c
@@ -1107,7 +1107,9 @@ processDataRcvd(ptcpsess_t *const __restrict__ pThis,
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->peerName, &propPeerName, &lenPeerName);
diff --git a/runtime/tcps_sess.c b/runtime/tcps_sess.c
index b12d873..0831192 100644
--- a/runtime/tcps_sess.c
+++ b/runtime/tcps_sess.c
@@ -389,7 +389,9 @@ processDataRcvd(tcps_sess_t *pThis,
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->fromHost, &propPeerName, &lenPeerName);
--
2.27.0

49
bugfix-rsyslog-7.4.7-add-configuration-to-avoid-memory-leak.patch
View File

@ -1,11 +1,16 @@
From 71e9b4eda329fc9e59fbbcdc86353a7609f8d383 Mon Sep 17 00:00:00 2001
From 71e9b4eda329fc9e59fbbcdc86353a7690f8d383 Mon Spe 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Tue, 26 Feb 2019 23:33:08 +0000
Subject: [PATCH] add configuration to avoid memory leak for bugfix of rsyslog-7.4.7
Subject: [PATCH] bugfix-rsyslog-7.4.7-add-configuration-to-avoid-memory-leak
reason: add configuration to avoid memory leak for bugfix of rsyslog-7.4.7
reason: add configuration to avoid memory leak for bugfix of rsyslog-7.4.7i
---
From a633ee629468562499ead31e26c8dfca5a5f3293 Mon Sep 17 00:00:00 2001
From: pengyi <pengyi37@huawei.com>
Date: Fri, 3 Feb 2023 15:26:23 +0800
Subject: [PATCH] bugfix-rsyslog-7.4.7-add-configuration-to-avoid-memory-leak
Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
V-2: adapt due to line mismatch
---
action.c | 7 ++++++-
runtime/queue.c | 30 +++++++++++++++++++++++++++++-
@ -13,10 +18,10 @@ Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
3 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/action.c b/action.c
index 1bc0ad2..e973f72 100644
index 4c3b581..4fa53ed 100644
--- a/action.c
+++ b/action.c
@@ -174,6 +174,7 @@ typedef struct configSettings_s {
@@ -176,6 +176,7 @@ typedef struct configSettings_s {
int iActionQWrkMinMsgs; /* minimum messages per worker needed to start a new one */
int bActionQSaveOnShutdown; /* save queue on shutdown (when DA enabled)? */
int64 iActionQueMaxDiskSpace; /* max disk space allocated 0 ==> unlimited */
@ -24,7 +29,7 @@ index 1bc0ad2..e973f72 100644
int iActionQueueDeqSlowdown; /* dequeue slowdown (simple rate limiting) */
int iActionQueueDeqtWinFromHr; /* hour begin of time frame when queue is to be dequeued */
int iActionQueueDeqtWinToHr; /* hour begin of time frame when queue is to be dequeued */
@@ -309,7 +310,8 @@ actionResetQueueParams(void)
@@ -303,7 +304,8 @@ actionResetQueueParams(void)
cs.iActionQtoWrkShutdown = 60000; /* timeout for worker thread shutdown */
cs.iActionQWrkMinMsgs = -1; /* minimum messages per worker needed to start a new one */
cs.bActionQSaveOnShutdown = 1; /* save queue on shutdown (when DA enabled)? */
@ -34,7 +39,7 @@ index 1bc0ad2..e973f72 100644
cs.iActionQueueDeqSlowdown = 0;
cs.iActionQueueDeqtWinFromHr = 0;
cs.iActionQueueDeqtWinToHr = 25; /* 25 disables time windowed dequeuing */
@@ -543,6 +545,7 @@ actionConstructFinalize(action_t *__restrict__ const pThis, struct nvlst *lst)
@@ -539,6 +541,7 @@ actionConstructFinalize(action_t *__restrict__ const pThis, struct nvlst *lst)
error %d. Ignored, running with default setting", iRet); \
}
setQPROP(qqueueSetsizeOnDiskMax, "$ActionQueueMaxDiskSpace", cs.iActionQueMaxDiskSpace);
@ -42,7 +47,7 @@ index 1bc0ad2..e973f72 100644
setQPROP(qqueueSetiDeqBatchSize, "$ActionQueueDequeueBatchSize", cs.iActionQueueDeqBatchSize);
setQPROP(qqueueSetMaxFileSize, "$ActionQueueFileSize", cs.iActionQueMaxFileSize);
setQPROPstr(qqueueSetFilePrefix, "$ActionQueueFileName", cs.pszActionQFName);
@@ -2229,6 +2232,8 @@ rsRetVal actionClassInit(void)
@@ -2318,6 +2321,8 @@ rsRetVal actionClassInit(void)
&cs.iActionQueueDeqBatchSize, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuemaxdiskspace", 0, eCmdHdlrSize, NULL,
&cs.iActionQueMaxDiskSpace, NULL));
@ -52,7 +57,7 @@ index 1bc0ad2..e973f72 100644
&cs.iActionQHighWtrMark, NULL));
CHKiRet(regCfSysLineHdlr((uchar *)"actionqueuelowwatermark", 0, eCmdHdlrInt, NULL,
diff --git a/runtime/queue.c b/runtime/queue.c
index 23de366..0c2485c 100644
index bd3fb8e..de9c619 100644
--- a/runtime/queue.c
+++ b/runtime/queue.c
@@ -46,6 +46,7 @@
@ -63,7 +68,7 @@ index 23de366..0c2485c 100644
#include "rsyslog.h"
#include "queue.h"
@@ -125,6 +126,7 @@ static struct cnfparamdescr cnfpdescr[] = {
@@ -115,6 +116,7 @@ static struct cnfparamdescr cnfpdescr[] = {
{ "queue.mindequeuebatchsize", eCmdHdlrInt, 0 },
{ "queue.mindequeuebatchsize.timeout", eCmdHdlrInt, 0 },
{ "queue.maxdiskspace", eCmdHdlrSize, 0 },
@ -71,7 +76,7 @@ index 23de366..0c2485c 100644
{ "queue.highwatermark", eCmdHdlrInt, 0 },
{ "queue.lowwatermark", eCmdHdlrInt, 0 },
{ "queue.fulldelaymark", eCmdHdlrInt, 0 },
@@ -472,6 +474,7 @@ StartDA(qqueue_t *pThis)
@@ -464,6 +466,7 @@ StartDA(qqueue_t *pThis)
CHKiRet(qqueueSetpAction(pThis->pqDA, pThis->pAction));
CHKiRet(qqueueSetsizeOnDiskMax(pThis->pqDA, pThis->sizeOnDiskMax));
@ -79,7 +84,7 @@ index 23de366..0c2485c 100644
CHKiRet(qqueueSetiDeqSlowdown(pThis->pqDA, pThis->iDeqSlowdown));
CHKiRet(qqueueSetMaxFileSize(pThis->pqDA, pThis->iMaxFileSize));
CHKiRet(qqueueSetFilePrefix(pThis->pqDA, pThis->pszFilePrefix, pThis->lenFilePrefix));
@@ -1016,6 +1019,20 @@ qAddDisk(qqueue_t *const pThis, smsg_t* pMsg)
@@ -1019,6 +1022,20 @@ qAddDisk(qqueue_t *const pThis, smsg_t* pMsg)
ISOBJ_TYPE_assert(pMsg, msg);
number_t nWriteCount;
const int oldfile = strmGetCurrFileNum(pThis->tVars.disk.pWrite);
@ -100,7 +105,7 @@ index 23de366..0c2485c 100644
CHKiRet(strm.SetWCntr(pThis->tVars.disk.pWrite, &nWriteCount));
CHKiRet((objSerialize(pMsg))(pMsg, pThis->tVars.disk.pWrite));
@@ -1047,6 +1064,13 @@ qAddDisk(qqueue_t *const pThis, smsg_t* pMsg)
@@ -1050,6 +1067,13 @@ qAddDisk(qqueue_t *const pThis, smsg_t* pMsg)
}
finalize_it:
@ -114,8 +119,8 @@ index 23de366..0c2485c 100644
RETiRet;
}
@@ -1544,7 +1568,8 @@ qqueueSetDefaultsActionQueue(qqueue_t *pThis)
pThis->toWrkShutdown = actq_dflt_toWrkShutdown; /* timeout for worker thread shutdown */
@@ -1546,7 +1570,8 @@ qqueueSetDefaultsActionQueue(qqueue_t *pThis)
pThis->toWrkShutdown = loadConf->globals.actq_dflt_toWrkShutdown; /* timeout for worker thread shutdown */
pThis->iMinMsgsPerWrkr = -1; /* minimum messages per worker needed to start a new one */
pThis->bSaveOnShutdown = 1; /* save queue on shutdown (when DA enabled)? */
- pThis->sizeOnDiskMax = 0; /* unlimited */
@ -124,7 +129,7 @@ index 23de366..0c2485c 100644
pThis->iDeqSlowdown = 0;
pThis->iDeqtWinFromHr = 0;
pThis->iDeqtWinToHr = 25; /* disable time-windowed dequeuing by default */
@@ -3355,6 +3380,8 @@ qqueueApplyCnfParam(qqueue_t *pThis, struct nvlst *lst)
@@ -3401,6 +3426,8 @@ qqueueApplyCnfParam(qqueue_t *pThis, struct nvlst *lst)
pThis->toMinDeqBatchSize = pvals[i].val.d.n;
} else if(!strcmp(pblk.descr[i].name, "queue.maxdiskspace")) {
pThis->sizeOnDiskMax = pvals[i].val.d.n;
@ -133,7 +138,7 @@ index 23de366..0c2485c 100644
} else if(!strcmp(pblk.descr[i].name, "queue.highwatermark")) {
pThis->iHighWtrMrk = pvals[i].val.d.n;
} else if(!strcmp(pblk.descr[i].name, "queue.lowwatermark")) {
@@ -3455,6 +3482,7 @@ DEFpropSetMeth(qqueue, iDeqBatchSize, int)
@@ -3555,6 +3582,7 @@ DEFpropSetMeth(qqueue, iDeqBatchSize, int)
DEFpropSetMeth(qqueue, iMinDeqBatchSize, int)
DEFpropSetMeth(qqueue, sizeOnDiskMax, int64)
DEFpropSetMeth(qqueue, iSmpInterval, int)
@ -142,10 +147,10 @@ index 23de366..0c2485c 100644
/* This function can be used as a generic way to set properties. Only the subset
diff --git a/runtime/queue.h b/runtime/queue.h
index 5f91c58..f01c325 100644
index dd989bd..2264f08 100644
--- a/runtime/queue.h
+++ b/runtime/queue.h
@@ -143,6 +143,7 @@ struct queue_s {
@@ -144,6 +144,7 @@ struct queue_s {
int iNumberFiles; /* how many files make up the queue? */
int64 iMaxFileSize; /* max size for a single queue file */
int64 sizeOnDiskMax; /* maximum size on disk allowed */
@ -153,7 +158,7 @@ index 5f91c58..f01c325 100644
qDeqID deqIDAdd; /* next dequeue ID to use during add to queue store */
qDeqID deqIDDel; /* queue store delete position */
int bIsDA; /* is this queue disk assisted? */
@@ -233,6 +234,7 @@ PROTOTYPEpropSetMeth(qqueue, bSaveOnShutdown, int);
@@ -237,6 +238,7 @@ PROTOTYPEpropSetMeth(qqueue, bSaveOnShutdown, int);
PROTOTYPEpropSetMeth(qqueue, pAction, action_t*);
PROTOTYPEpropSetMeth(qqueue, iDeqSlowdown, int);
PROTOTYPEpropSetMeth(qqueue, sizeOnDiskMax, int64);
@ -162,5 +167,5 @@ index 5f91c58..f01c325 100644
#define qqueueGetID(pThis) ((unsigned long) pThis)
--
2.19.1
2.23.0

40
print-main-queue-info-to-journal-when-receive-USR1-signal.patch
View File

@ -7,12 +7,14 @@ Signed-off-by: wangshouping <wangshouping@huawei.com>
V-2: add macro control for systemd/sd-journal.h
Signed-off-by: pengyi37 <pengyi37@huawei.com>
V-3: adapt pMsgQueue to runConf->pMsgQueue
Signed-off-by: pengyi37 <pengyi37@huawei.com>
---
tools/rsyslogd.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
tools/rsyslogd.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c
index f1eea07..657f4de 100644
index 31b91a1..8be2032 100644
--- a/tools/rsyslogd.c
+++ b/tools/rsyslogd.c
@@ -36,6 +36,7 @@
@ -23,15 +25,15 @@ index f1eea07..657f4de 100644
#endif
#include "rsyslog.h"
@@ -180,6 +181,7 @@ void rsyslogdDoDie(int sig);
/* global data items */
static int bChildDied;
@@ -182,6 +183,7 @@ static pthread_mutex_t mutChildDied;
static int bChildDied = 0;
static pthread_mutex_t mutHadHUP;
static int bHadHUP;
+static int g_bRecordQueue;
static int doFork = 1; /* fork - run in daemon mode - read-only after startup */
int bFinished = 0; /* used by termination signal handler, read-only except there
* is either 0 or the number of the signal that requested the
@@ -1269,8 +1271,13 @@ rsyslogdDebugSwitch(void)
@@ -1294,8 +1296,13 @@ rsyslogdDebugSwitch(void)
dbgprintf("\n");
debugging_on = 0;
}
@ -45,7 +47,7 @@ index f1eea07..657f4de 100644
/* This is the main entry point into rsyslogd. Over time, we should try to
* modularize it a bit more...
@@ -1618,7 +1625,7 @@ initAll(int argc, char **argv)
@@ -1629,7 +1636,7 @@ initAll(int argc, char **argv)
hdlr_enable(SIGINT, rsyslogdDoDie);
hdlr_enable(SIGQUIT, rsyslogdDoDie);
} else {
@ -54,30 +56,22 @@ index f1eea07..657f4de 100644
hdlr_enable(SIGINT, SIG_IGN);
hdlr_enable(SIGQUIT, SIG_IGN);
}
@@ -1956,6 +1963,7 @@ mainloop(void)
sigaddset(&sigblockset, SIGTERM);
sigaddset(&sigblockset, SIGCHLD);
sigaddset(&sigblockset, SIGHUP);
+ sigaddset(&sigblockset, SIGUSR1);
do {
processImInternal();
@@ -1970,6 +1978,15 @@ mainloop(void)
doHUP();
bHadHUP = 0;
@@ -1997,6 +2004,15 @@ mainloop(void)
if(need_free_mutex) {
pthread_mutex_unlock(&mutHadHUP);
}
+ if (g_bRecordQueue) {
+ if (pMsgQueue != NULL) {
+ if(runConf->pMsgQueue != NULL) {
+ sd_journal_print(LOG_NOTICE, "main queue size information: current QueueSize=%d MaxQueueSize=%d\n",
+ pMsgQueue->iQueueSize, pMsgQueue->iMaxQueueSize);
+ runConf->pMsgQueue->iQueueSize, runConf->pMsgQueue->iMaxQueueSize);
+ } else {
+ sd_journal_print(LOG_NOTICE, "main queue size information: pMsgQueue is NULL!\n");
+ }
+ g_bRecordQueue = 0;
+ }
if(bFinished)
break; /* exit as quickly as possible */
processImInternal();
--
2.23.0

BIN
rsyslog-8.2110.0.tar.gz
View File

Binary file not shown.

BIN
rsyslog-8.2210.0.tar.gz Normal file
View File

Binary file not shown.

BIN
rsyslog-doc-8.2110.0.tar.gz
View File

Binary file not shown.

BIN
rsyslog-doc-8.2210.0.tar.gz Normal file
View File

Binary file not shown.

36
rsyslog.spec
View File

@ -6,8 +6,8 @@
%define systemd_lived 1
Name: rsyslog
Version: 8.2110.0
Release: 14
Version: 8.2210.0
Release: 1
Summary: The rocket-fast system for log processing
License: (GPLv3+ and ASL 2.0)
URL: http://www.rsyslog.com/
@ -30,29 +30,9 @@ Patch9003: rsyslog-8.37.0-initialize-variables-and-check-return-value.patch
Patch9004: print-main-queue-info-to-journal-when-queue-full.patch
Patch9005: print-main-queue-info-to-journal-when-receive-USR1-signal.patch
%endif
Patch9006: bugfix-CVE-2022-24903.patch
Patch6000: backport-testbench-skip-omfwd_fast_imuxsock.sh-if-liblogging-stdlog-is-not-available.patch
Patch6001: backport-Fixes-4395-by-correctly-checking-for-EPIPE.patch
Patch6002: backport-rsyslogd-adjust-the-order-of-doHUP-and-processImInte.patch
Patch6003: backport-gnutls-bugfix-Fix-error-handling-in-gtlsRecordRecv.patch
Patch6004: backport-Fix-non-null-terminated-string-used-with-strlen.patch
Patch6005: backport-tcpsrv-do-not-decrease-number-of-to-be-processed-fds.patch
Patch6006: backport-imptcp-bugfix-worker-thread-starvation-on-extreme-tr.patch
Patch6007: backport-Fix-memory-leak-when-globally-de-initialize-GnuTLS.patch
Patch6008: backport-Fix-memory-leak-when-free-action-worker-data-table.patch
Patch6009: backport-Fix-memory-leak-when-SetString.patch
Patch6010: backport-core-bugfix-correct-local-host-name-after-config-processing.patch
Patch6011: backport-core-bugfix-local-hostname-invalid-if-no-global-config-object-given.patch
Patch6012: backport-Simplified-and-fixed-IPv4-digit-detection.patch
Patch6013: backport-tcpsrv-cleanup-remove-commented-out-code.patch
Patch6014: backport-add-support-for-permittedPeers-setting-at-input.patch
Patch6015: backport-fix-memory-leak-in-afterRun-Code.patch
Patch6016: backport-Terminate-all-tcpsrv-threads-properly.patch
Patch6017: backport-Deallocate-outchannel-resources-in-rsconf-destructor.patch
Patch6018: backport-Fix-Segmentation-fault-in-close-journal.patch
Patch6019: backport-add-test-for-legacy-permittedPeer-statement.patch
Patch6020: backport-imtcp-bugfix-legacy-config-directives-did-no-longer-work.patch
Patch6000: backport-core-bugfix-local-hostname-invalid-if-no-global-config-object-given.patch
Patch6001: backport-imtcp-bugfix-legacy-config-directives-did-no-longer-work.patch
BuildRequires: gcc autoconf automake bison dos2unix flex pkgconfig python3-docutils libtool
BuildRequires: libgcrypt-devel libuuid-devel zlib-devel krb5-devel libnet-devel gnutls-devel
@ -527,6 +507,12 @@ done
%{_mandir}/man1/rscryutil.1.gz
%changelog
* Sat Feb 4 2023 pengyi <pengyi37@huawei.com> - 8.2210.0-1
- Type:NA
- ID:NA
- SUG:NA
- DESC: update to 8.2210 version
* Sat Dec 24 2022 pengyi <pengyi37@huawei.com> - 8.2110.0-14
- Type:NA
- ID:NA