!100 同步 pr-89

From: @pengyi37 
Reviewed-by: @foreson, @yanan-rock 
Signed-off-by: @yanan-rock

backport-Deallocate-outchannel-resources-in-rsconf-destructor.patch

@@ -0,0 +1,39 @@
+From 4fc5ed645a125661ce773ecf5376df5062305976 Mon Sep 17 00:00:00 2001
+From: alakatos <alakatos@redhat.com>
+Date: Tue, 30 Nov 2021 18:13:23 +0100
+Subject: [PATCH] Deallocate outchannel resources in rsconf destructor
+
+Conflict:NA
+Reference:https://github.com/rsyslog/rsyslog/commit/4fc5ed645a125661ce773ecf5376df5062305976
+---
+ outchannel.c     | 4 ++++
+ runtime/rsconf.c | 1 +
+ 2 files changed, 5 insertions(+)
+
+diff --git a/outchannel.c b/outchannel.c
+index db78d93763..ba5809f4af 100644
+--- a/outchannel.c
++++ b/outchannel.c
+@@ -272,6 +272,10 @@ void ochDeleteAll(void)
+ 		pOch = pOch->pNext;
+ 		if(pOchDel->pszName != NULL)
+ 			free(pOchDel->pszName);
++		if(pOchDel->pszFileTemplate != NULL)
++			free(pOchDel->pszFileTemplate);
++		if(pOchDel->cmdOnSizeLimit != NULL)
++			free(pOchDel->cmdOnSizeLimit);
+ 		free(pOchDel);
+ 	}
+ }
+diff --git a/runtime/rsconf.c b/runtime/rsconf.c
+index 3042a16849..6eb7042526 100644
+--- a/runtime/rsconf.c
++++ b/runtime/rsconf.c
+@@ -240,6 +240,7 @@ CODESTARTobjDestruct(rsconf)
+ 	tplDeleteAll(pThis);
+ 	dynstats_destroyAllBuckets();
+ 	perctileBucketsDestruct();
++	ochDeleteAll();
+ 	free(pThis->globals.mainQ.pszMainMsgQFName);
+ 	free(pThis->globals.pszConfDAGFile);
+ 	lookupDestroyCnf();

backport-Fix-Segmentation-fault-in-close-journal.patch

@@ -0,0 +1,29 @@
+From eab250be3701b6aa5ccc65f2f79fd5b41f08b2b2 Mon Sep 17 00:00:00 2001
+From: "t.feng" <t.feng94@foxmail.com>
+Date: Mon, 8 Aug 2022 11:36:59 +0800
+Subject: [PATCH] Fix Segmentation fault in close journal
+
+Conflict:NA
+Reference:https://github.com/rsyslog/rsyslog/commit/eab250be3701b6aa5ccc65f2f79fd5b41f08b2b2
+
+---
+ plugins/imjournal/imjournal.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c
+index 53034fe..6fb3b7a 100644
+--- a/plugins/imjournal/imjournal.c
++++ b/plugins/imjournal/imjournal.c
+@@ -1001,7 +1001,9 @@ CODESTARTafterRun
+ 		persistJournalState();
+ 	}
+ 	closeJournal();
+-	ratelimitDestruct(ratelimiter);
++	if (ratelimiter) {
++		ratelimitDestruct(ratelimiter);
++	}
+ ENDafterRun
+ 
+ 
+-- 
+2.23.0

backport-Terminate-all-tcpsrv-threads-properly.patch

@@ -0,0 +1,30 @@
+From 178a36c9b497a78855e1eda03550c3089473ace7 Mon Sep 17 00:00:00 2001
+From: Gabor Orosz <goro@goro.io>
+Date: Fri, 14 Jan 2022 19:58:17 +0000
+Subject: [PATCH] Terminate all tcpsrv threads properly
+
+Graceful shutdown of Rsyslog could lead to segmentation faults when
+multiple imtcp inputs are being used. That is because the rest of the
+tcpsrv threads are left behind running, while their underlying objects
+are being disposed by the main thread as part of the module
+de-initialization.
+
+Signed-off-by: Gabor Orosz <goro@goro.io>
+Conflict:NA
+Reference:https://github.com/rsyslog/rsyslog/commit/178a36c9b497a78855e1eda03550c3089473ace7
+---
+ plugins/imtcp/imtcp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
+index 0e689a28d8..a6256acad8 100644
+--- a/plugins/imtcp/imtcp.c
++++ b/plugins/imtcp/imtcp.c
+@@ -1007,6 +1007,7 @@ CODESTARTrunInput
+ 	iRet = tcpsrv.Run(tcpsrv_root->tcpsrv);
+ 
+ 	/* de-init remaining servers */
++	etry = tcpsrv_root->next;
+ 	while(etry != NULL) {
+ 		stopSrvWrkr(etry);
+ 		etry = etry->next;

backport-add-support-for-permittedPeers-setting-at-input.patch

@@ -0,0 +1,210 @@
+From f83306fe2a58708455e5f3b83679aca22f1283d2 Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerhards@adiscon.com>
+Date: Fri, 22 Oct 2021 18:02:23 +0200
+Subject: [PATCH] imtcp: add support for permittedPeers setting at input()
+ level
+
+The permittedPeers settig was actually forgotten during the refactoring
+of TLS input() level settings. This functionality is now added.
+
+closes: https://github.com/rsyslog/rsyslog/issues/4706
+Conflict:NA
+Reference:https://github.com/rsyslog/rsyslog/commit/f83306fe2a58708455e5f3b83679aca22f1283d2
+---
+ plugins/imtcp/imtcp.c | 53 +++++++++++++++++++++++++++----------------
+ runtime/nsd_ossl.c    |  1 +
+ runtime/tcps_sess.c   |  2 ++
+ 3 files changed, 36 insertions(+), 20 deletions(-)
+
+diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
+index 06774069c4..98a060e4c9 100644
+--- a/plugins/imtcp/imtcp.c
++++ b/plugins/imtcp/imtcp.c
+@@ -63,7 +63,7 @@
+ #include "tcpsrv.h"
+ #include "ruleset.h"
+ #include "rainerscript.h"
+-#include "net.h" /* for permittedPeers, may be removed when this is removed */
++#include "net.h"
+ #include "parserif.h"
+ 
+ MODULE_TYPE_INPUT
+@@ -144,6 +144,7 @@ struct instanceConf_s {
+ 	uchar *pszStrmDrvrCAFile;
+ 	uchar *pszStrmDrvrKeyFile;
+ 	uchar *pszStrmDrvrCertFile;
++	permittedPeers_t *pPermPeersRoot;
+ 	uchar *gnutlsPriorityString;
+ 	int iStrmDrvrExtendedCertCheck;
+ 	int iStrmDrvrSANPreference;
+@@ -183,7 +184,7 @@ struct modConfData_s {
+ 	uchar *pszStrmDrvrCAFile;
+ 	uchar *pszStrmDrvrKeyFile;
+ 	uchar *pszStrmDrvrCertFile;
+-	struct cnfarray *permittedPeers;
++	permittedPeers_t *pPermPeersRoot;
+ 	sbool configSetViaV2Method;
+ 	sbool bPreserveCase; /* preserve case of fromhost; true by default */
+ };
+@@ -251,6 +252,7 @@ static struct cnfparamdescr inppdescr[] = {
+ 	{ "streamdriver.cafile", eCmdHdlrString, 0 },
+ 	{ "streamdriver.keyfile", eCmdHdlrString, 0 },
+ 	{ "streamdriver.certfile", eCmdHdlrString, 0 },
++	{ "permittedpeer", eCmdHdlrArray, 0 },
+ 	{ "gnutlsprioritystring", eCmdHdlrString, 0 },
+ 	{ "keepalive", eCmdHdlrBinary, 0 },
+ 	{ "keepalive.probes", eCmdHdlrNonNegInt, 0 },
+@@ -365,6 +367,7 @@ createInstance(instanceConf_t **pinst)
+ 	inst->pszStrmDrvrCAFile = NULL;
+ 	inst->pszStrmDrvrKeyFile = NULL;
+ 	inst->pszStrmDrvrCertFile = NULL;
++	inst->pPermPeersRoot = NULL;
+ 	inst->gnutlsPriorityString = NULL;
+ 	inst->iStrmDrvrMode = loadModConf->iStrmDrvrMode;
+ 	inst->iStrmDrvrExtendedCertCheck = loadModConf->iStrmDrvrExtendedCertCheck;
+@@ -451,6 +454,7 @@ addListner(modConfData_t *modConf, instanceConf_t *inst)
+ {
+ 	DEFiRet;
+ 	uchar *psz;	/* work variable */
++	permittedPeers_t *peers;
+ 
+ 	tcpsrv_t *pOurTcpsrv;
+ 	CHKiRet(tcpsrv.Construct(&pOurTcpsrv));
+@@ -508,8 +512,10 @@ addListner(modConfData_t *modConf, instanceConf_t *inst)
+ 			? modConf->pszStrmDrvrCertFile : inst->pszStrmDrvrCertFile;
+ 	CHKiRet(tcpsrv.SetDrvrCertFile(pOurTcpsrv, psz));
+ 
+-	if(pPermPeersRoot != NULL) {
+-		CHKiRet(tcpsrv.SetDrvrPermPeers(pOurTcpsrv, pPermPeersRoot));
++	peers = (inst->pPermPeersRoot == NULL)
++			? modConf->pPermPeersRoot : inst->pPermPeersRoot;
++	if(peers != NULL) {
++			CHKiRet(tcpsrv.SetDrvrPermPeers(pOurTcpsrv, peers));
+ 	}
+ 
+ 	/* initialized, now add socket and listener params */
+@@ -608,6 +614,12 @@ CODESTARTnewInpInst
+ 			inst->pszStrmDrvrName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ 		} else if(!strcmp(inppblk.descr[i].name, "gnutlsprioritystring")) {
+ 			inst->gnutlsPriorityString = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
++		} else if(!strcmp(inppblk.descr[i].name, "permittedpeer")) {
++			for(int j = 0 ; j <  pvals[i].val.d.ar->nmemb ; ++j) {
++				uchar *const peer = (uchar*) es_str2cstr(pvals[i].val.d.ar->arr[j], NULL);
++				CHKiRet(net.AddPermittedPeer(&inst->pPermPeersRoot, peer));
++				free(peer);
++			}
+ 		} else if(!strcmp(inppblk.descr[i].name, "flowcontrol")) {
+ 			inst->bUseFlowControl = (int) pvals[i].val.d.n;
+ 		} else if(!strcmp(inppblk.descr[i].name, "disablelfdelimiter")) {
+@@ -689,7 +701,7 @@ CODESTARTbeginCnfLoad
+ 	loadModConf->pszStrmDrvrCAFile = NULL;
+ 	loadModConf->pszStrmDrvrKeyFile = NULL;
+ 	loadModConf->pszStrmDrvrCertFile = NULL;
+-	loadModConf->permittedPeers = NULL;
++	loadModConf->pPermPeersRoot = NULL;
+ 	loadModConf->configSetViaV2Method = 0;
+ 	loadModConf->bPreserveCase = 1; /* default to true */
+ 	bLegacyCnfModGlobalsPermitted = 1;
+@@ -780,7 +792,11 @@ CODESTARTsetModCnf
+ 		} else if(!strcmp(modpblk.descr[i].name, "streamdriver.name")) {
+ 			loadModConf->pszStrmDrvrName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ 		} else if(!strcmp(modpblk.descr[i].name, "permittedpeer")) {
+-			loadModConf->permittedPeers = cnfarrayDup(pvals[i].val.d.ar);
++			for(int j = 0 ; j <  pvals[i].val.d.ar->nmemb ; ++j) {
++				uchar *const peer = (uchar*) es_str2cstr(pvals[i].val.d.ar->arr[j], NULL);
++				CHKiRet(net.AddPermittedPeer(&loadModConf->pPermPeersRoot, peer));
++				free(peer);
++			}
+ 		} else if(!strcmp(modpblk.descr[i].name, "preservecase")) {
+ 			loadModConf->bPreserveCase = (int) pvals[i].val.d.n;
+ 		} else {
+@@ -818,6 +834,11 @@ CODESTARTendCnfLoad
+ 		pModConf->iKeepAliveProbes = cs.iKeepAliveProbes;
+ 		pModConf->iKeepAliveIntvl = cs.iKeepAliveIntvl;
+ 		pModConf->iKeepAliveTime = cs.iKeepAliveTime;
++		if(pPermPeersRoot != NULL) {
++			assert(pModConf->pPermPeersRoot == NULL);
++			pModConf->pPermPeersRoot = pPermPeersRoot;
++			pPermPeersRoot = NULL; /* memory handed over! */
++		}
+ 		if((cs.pszStrmDrvrAuthMode == NULL) || (cs.pszStrmDrvrAuthMode[0] == '\0')) {
+ 			loadModConf->pszStrmDrvrAuthMode = NULL;
+ 		} else {
+@@ -860,15 +881,8 @@ ENDcheckCnf
+ 
+ BEGINactivateCnfPrePrivDrop
+ 	instanceConf_t *inst;
+-	int i;
+ CODESTARTactivateCnfPrePrivDrop
+ 	runModConf = pModConf;
+-	if(runModConf->permittedPeers != NULL) {
+-		for(i = 0 ; i <  runModConf->permittedPeers->nmemb ; ++i) {
+-			setPermittedPeer(NULL, (uchar*)
+-			    es_str2cstr(runModConf->permittedPeers->arr[i], NULL));
+-		}
+-	}
+ 	for(inst = runModConf->root ; inst != NULL ; inst = inst->next) {
+ 		addListner(runModConf, inst);
+ 	}
+@@ -899,10 +913,10 @@ CODESTARTfreeCnf
+ 	free(pModConf->pszStrmDrvrCAFile);
+ 	free(pModConf->pszStrmDrvrKeyFile);
+ 	free(pModConf->pszStrmDrvrCertFile);
+-	if(pModConf->permittedPeers != NULL) {
+-		cnfarrayContentDestruct(pModConf->permittedPeers);
+-		free(pModConf->permittedPeers);
++	if(pModConf->pPermPeersRoot != NULL) {
++		net.DestructPermittedPeers(&pModConf->pPermPeersRoot);
+ 	}
++
+ 	for(inst = pModConf->root ; inst != NULL ; ) {
+ 		free((void*)inst->pszBindRuleset);
+ 		free((void*)inst->pszStrmDrvrAuthMode);
+@@ -914,6 +928,9 @@ CODESTARTfreeCnf
+ 		free((void*)inst->gnutlsPriorityString);
+ 		free((void*)inst->pszInputName);
+ 		free((void*)inst->dfltTZ);
++		if(inst->pPermPeersRoot != NULL) {
++			net.DestructPermittedPeers(&inst->pPermPeersRoot);
++		}
+ 		del = inst;
+ 		inst = inst->next;
+ 		free(del);
+@@ -1026,10 +1043,6 @@ ENDisCompatibleWithFeature
+ 
+ BEGINmodExit
+ CODESTARTmodExit
+-	if(pPermPeersRoot != NULL) {
+-		net.DestructPermittedPeers(&pPermPeersRoot);
+-	}
+-
+ 	/* release objects we used */
+ 	objRelease(net, LM_NET_FILENAME);
+ 	objRelease(netstrm, LM_NETSTRMS_FILENAME);
+diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c
+index 110e11038b..03ebc0ab33 100644
+--- a/runtime/nsd_ossl.c
++++ b/runtime/nsd_ossl.c
+@@ -612,6 +612,7 @@ osslChkPeerFingerprint(nsd_ossl_t *pThis, X509 *pCert)
+ 			dbgprintf("osslChkPeerFingerprint: peer's certificate MATCH found: %s\n", pPeer->pszID);
+ 			bFoundPositiveMatch = 1;
+ 		} else {
++			dbgprintf("osslChkPeerFingerprint: NOMATCH peer certificate: %s\n", pPeer->pszID);
+ 			pPeer = pPeer->pNext;
+ 		}
+ 	}
+diff --git a/runtime/tcps_sess.c b/runtime/tcps_sess.c
+index b12d873019..9e5dbcc5cb 100644
+--- a/runtime/tcps_sess.c
++++ b/runtime/tcps_sess.c
+@@ -444,8 +444,10 @@ processDataRcvd(tcps_sess_t *pThis,
+ 		}
+ 	} else {
+ 		assert(pThis->inputState == eInMsg);
++		#if 0 // set to 1 for ultra-verbose
+ 		DBGPRINTF("DEBUG: processDataRcvd c=%c remain=%d\n",
+ 			c, pThis->iOctetsRemain);
++		#endif
+ 
+ 		if((   ((c == '\n') && !pThis->pSrv->bDisableLFDelim)
+ 		   || ((pThis->pSrv->addtlFrameDelim != TCPSRV_NO_ADDTL_DELIMITER)

backport-add-test-for-legacy-permittedPeer-statement.patch

@@ -0,0 +1,78 @@
+From 202e10e24ca658f91c3aef87c017e8f0525744b5 Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerhards@adiscon.com>
+Date: Mon, 25 Oct 2021 09:18:44 +0200
+Subject: [PATCH] testbench: add test for legacy permittedPeer statement
+
+This is required to ensure backwards compatibility when doing changes
+to the networking subsystem. So far this was not covered by any test.
+
+Conflict:NA
+Reference:https://github.com/rsyslog/rsyslog/commit/202e10e24ca658f91c3aef87c017e8f0525744b5
+---
+ tests/Makefile.am                       |  2 ++
+ tests/imtcp-tls-gtls-x509name-legacy.sh | 33 +++++++++++++++++++++++++
+ 2 files changed, 35 insertions(+)
+ create mode 100755 tests/imtcp-tls-gtls-x509name-legacy.sh
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index a68b6eb..9cc18a4 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -1267,6 +1267,7 @@ TESTS +=  \
+ 	imtcp-tls-gtls-x509fingerprint.sh \
+ 	imtcp-tls-gtls-x509name-invld.sh \
+ 	imtcp-tls-gtls-x509name.sh \
++	imtcp-tls-gtls-x509name-legacy.sh \
+ 	imtcp-drvr-in-input-basic.sh \
+ 	imtcp-multi-drvr-basic.sh \
+ 	imtcp-multi-drvr-basic-parallel.sh
+@@ -2130,6 +2131,7 @@ EXTRA_DIST= \
+ 	imtcp-tls-gtls-x509fingerprint.sh \
+ 	imtcp-tls-gtls-x509name-invld.sh \
+ 	imtcp-tls-gtls-x509name.sh \
++	imtcp-tls-gtls-x509name-legacy.sh \
+ 	imtcp-drvr-in-input-basic.sh \
+ 	imtcp-multi-drvr-basic.sh \
+ 	imtcp-multi-drvr-basic-parallel.sh \
+diff --git a/tests/imtcp-tls-gtls-x509name-legacy.sh b/tests/imtcp-tls-gtls-x509name-legacy.sh
+new file mode 100755
+index 0000000..c2c9bdd
+--- /dev/null
++++ b/tests/imtcp-tls-gtls-x509name-legacy.sh
+@@ -0,0 +1,33 @@
++#!/bin/bash
++# This file is part of the rsyslog project, released under ASL 2.0
++. ${srcdir:=.}/diag.sh init
++export NUMMESSAGES=1
++generate_conf
++add_conf '
++global(	defaultNetstreamDriverCAFile="'$srcdir/tls-certs/ca.pem'"
++	defaultNetstreamDriverCertFile="'$srcdir/tls-certs/cert.pem'"
++	defaultNetstreamDriverKeyFile="'$srcdir/tls-certs/key.pem'"
++)
++
++
++# NOTE: we intentionally use legacy statements here! This *IS* what we want to test!
++$ModLoad ../plugins/imtcp/.libs/imtcp
++$inputTcpserverStreamdriverPermittedPeer rsyslog-client
++
++input(type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port"
++	StreamDriver.Name="gtls"
++	StreamDriver.Mode="1"
++	StreamDriver.AuthMode="x509/name")
++
++template(name="outfmt" type="string" string="%msg:F,58:2%\n")
++:msg, contains, "msgnum:" action(	type="omfile" 
++					template="outfmt"
++					file=`echo $RSYSLOG_OUT_LOG`)
++'
++startup
++tcpflood -p'$TCPFLOOD_PORT' -m$NUMMESSAGES -Ttls -x$srcdir/tls-certs/ca.pem -Z$srcdir/tls-certs/cert.pem -z$srcdir/tls-certs/key.pem
++wait_file_lines
++shutdown_when_empty
++wait_shutdown
++seq_check
++exit_test
+-- 
+2.27.0
+

backport-fix-memory-leak-in-afterRun-Code.patch

@@ -0,0 +1,96 @@
+From 1ac3312e5a1e809158a0cccd5a332d3a67562a4f Mon Sep 17 00:00:00 2001
+From: Andre lorbach <alorbach@adiscon.com>
+Date: Mon, 22 Nov 2021 23:08:08 +0100
+Subject: [PATCH] imtcp: fix memory leak in afterRun Code
+
+- tcpsrv_etry_t was left in memory, is now freed
+- Fix copy&paste error for pszLstnPortFileName init
+- Free cnf_params if createInstance init fails
+
+closes: https://github.com/rsyslog/rsyslog/issues/4646
+Conflict:NA
+Reference:https://github.com/rsyslog/rsyslog/commit/1ac3312e5a1e809158a0cccd5a332d3a67562a4f
+---
+ plugins/imtcp/imtcp.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
+index 98a060e4c9..0e689a28d8 100644
+--- a/plugins/imtcp/imtcp.c
++++ b/plugins/imtcp/imtcp.c
+@@ -350,7 +350,7 @@ createInstance(instanceConf_t **pinst)
+ 	instanceConf_t *inst = NULL;
+ 
+ 	DEFiRet;
+-	CHKmalloc(inst = malloc(sizeof(instanceConf_t)));
++	CHKmalloc(inst = (instanceConf_t*) calloc(1, sizeof(instanceConf_t)));
+ 	CHKmalloc(inst->cnf_params = (tcpLstnParams_t*) calloc(1, sizeof(tcpLstnParams_t)));
+ 	inst->next = NULL;
+ 	inst->pszBindRuleset = NULL;
+@@ -400,6 +400,7 @@ createInstance(instanceConf_t **pinst)
+ 	*pinst = inst;
+ finalize_it:
+ 	if(iRet != RS_RET_OK) {
++		free(inst->cnf_params);
+ 		free(inst);
+ 	}
+ 	RETiRet;
+@@ -431,7 +432,7 @@ static rsRetVal addInstance(void __attribute__((unused)) *pVal, uchar *pNewVal)
+ 		CHKmalloc(inst->cnf_params->pszAddr = ustrdup(cs.lstnIP));
+ 	}
+ 	if((cs.lstnPortFile == NULL) || (cs.lstnPortFile[0] == '\0')) {
+-		inst->cnf_params->pszAddr = NULL;
++		inst->cnf_params->pszLstnPortFileName = NULL;
+ 	} else {
+ 		CHKmalloc(inst->cnf_params->pszLstnPortFileName = ustrdup(cs.lstnPortFile));
+ 	}
+@@ -706,7 +707,6 @@ CODESTARTbeginCnfLoad
+ 	loadModConf->bPreserveCase = 1; /* default to true */
+ 	bLegacyCnfModGlobalsPermitted = 1;
+ 	/* init legacy config variables */
+-	cs.pszStrmDrvrAuthMode = NULL;
+ 	resetConfigVariables(NULL, NULL); /* dummy parameters just to fulfill interface def */
+ ENDbeginCnfLoad
+ 
+@@ -906,9 +906,9 @@ ENDactivateCnf
+ BEGINfreeCnf
+ 	instanceConf_t *inst, *del;
+ CODESTARTfreeCnf
++	free(pModConf->gnutlsPriorityString);
+ 	free(pModConf->pszStrmDrvrName);
+ 	free(pModConf->pszStrmDrvrAuthMode);
+-	free(pModConf->gnutlsPriorityString);
+ 	free(pModConf->pszStrmDrvrPermitExpiredCerts);
+ 	free(pModConf->pszStrmDrvrCAFile);
+ 	free(pModConf->pszStrmDrvrKeyFile);
+@@ -1024,12 +1024,14 @@ ENDwillRun
+ BEGINafterRun
+ CODESTARTafterRun
+ 	tcpsrv_etry_t *etry = tcpsrv_root;
++	tcpsrv_etry_t *del;
+ 	while(etry != NULL) {
+ 		iRet = tcpsrv.Destruct(&etry->tcpsrv);
+ 		// TODO: check iRet, reprot error
++		del = etry;
+ 		etry = etry->next;
++		free(del);
+ 	}
+-
+ 	net.clearAllowedSenders(UCHAR_CONSTANT("TCP"));
+ ENDafterRun
+ 
+@@ -1068,11 +1070,11 @@ resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unus
+ 	cs.iAddtlFrameDelim = TCPSRV_NO_ADDTL_DELIMITER;
+ 	cs.maxFrameSize = 200000;
+ 	cs.bDisableLFDelim = 0;
+-	free(cs.pszInputName);
+-	cs.pszInputName = NULL;
++	cs.bPreserveCase = 1;
+ 	free(cs.pszStrmDrvrAuthMode);
+ 	cs.pszStrmDrvrAuthMode = NULL;
+-	cs.bPreserveCase = 1;
++	free(cs.pszInputName);
++	cs.pszInputName = NULL;
+ 	free(cs.lstnPortFile);
+ 	cs.lstnPortFile = NULL;
+ 	return RS_RET_OK;

backport-imtcp-bugfix-legacy-config-directives-did-no-longer-work.patch

@@ -0,0 +1,98 @@
+From 2623a89a0c66cced8fc37ac1daa0da936005bad6 Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerhards@adiscon.com>
+Date: Tue, 15 Nov 2022 15:11:50 +0100
+Subject: [PATCH] imtcp bugfix: legacy config directives did no longer work
+
+Many "$InputTCPServer..." config directives did no longer work
+and were completely ignored (e.g. "$InputTCPServerStreamDriverMode").
+
+This was a regression from a08591be5d9 (May, 5th 2021).
+
+closes https://github.com/rsyslog/rsyslog/issues/5021
+
+Conflict:NA
+Reference:https://github.com/rsyslog/rsyslog/commit/2623a89a0c66cced8fc37ac1daa0da936005bad6
+---
+ plugins/imtcp/imtcp.c                   | 15 ++++++++++++++-
+ runtime/nsd_gtls.c                      |  3 ++-
+ tests/imtcp-tls-gtls-x509name-legacy.sh | 10 ++++++----
+ 3 files changed, 22 insertions(+), 6 deletions(-)
+
+diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
+index ccc99b0..e275750 100644
+--- a/plugins/imtcp/imtcp.c
++++ b/plugins/imtcp/imtcp.c
+@@ -446,6 +446,20 @@ static rsRetVal addInstance(void __attribute__((unused)) *pVal, uchar *pNewVal)
+ 		CHKmalloc(inst->pszInputName = ustrdup(cs.pszInputName));
+ 	}
+ 	inst->cnf_params->bSuppOctetFram = cs.bSuppOctetFram;
++	inst->iStrmDrvrMode = cs.iStrmDrvrMode;
++	inst->bKeepAlive = cs.bKeepAlive ;
++	inst->bUseFlowControl = cs.bUseFlowControl;
++	inst->bDisableLFDelim = cs.bDisableLFDelim;
++	inst->bEmitMsgOnClose = cs.bEmitMsgOnClose;
++	inst->bPreserveCase = cs.bPreserveCase;
++	inst->iKeepAliveProbes = cs.iKeepAliveProbes;
++	inst->iKeepAliveIntvl = cs.iKeepAliveIntvl;
++	inst->iKeepAliveTime = cs.iKeepAliveTime;
++	inst->iKeepAliveTime = cs.iKeepAliveTime;
++	inst->iAddtlFrameDelim = cs.iAddtlFrameDelim;
++	inst->iTCPLstnMax = cs.iTCPLstnMax;
++	inst->iTCPSessMax = cs.iTCPSessMax;
++	inst->iStrmDrvrMode = cs.iStrmDrvrMode;
+ 
+ finalize_it:
+ 	free(pNewVal);
+@@ -952,7 +966,6 @@ RunServerThread(void *myself)
+ {
+ 	tcpsrv_etry_t *const etry = (tcpsrv_etry_t*) myself;
+ 	rsRetVal iRet;
+-	dbgprintf("RGER: running ety %p\n", etry);
+ 	iRet = tcpsrv.Run(etry->tcpsrv);
+ 	if(iRet != RS_RET_OK) {
+ 		LogError(0, iRet, "imtcp: error while terminating server; rsyslog may hang on shutdown");
+diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
+index 65e492d..378febb 100644
+--- a/runtime/nsd_gtls.c
++++ b/runtime/nsd_gtls.c
+@@ -1430,12 +1430,13 @@ ENDobjDestruct(nsd_gtls)
+  * rgerhards, 2008-04-28
+  */
+ static rsRetVal
+-SetMode(nsd_t *pNsd, int mode)
++SetMode(nsd_t *const pNsd, const int mode)
+ {
+ 	DEFiRet;
+ 	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+ 
+ 	ISOBJ_TYPE_assert((pThis), nsd_gtls);
++	dbgprintf("(tls) mode: %d\n", mode);
+ 	if(mode != 0 && mode != 1) {
+ 		LogError(0, RS_RET_INVALID_DRVR_MODE, "error: driver mode %d not supported by "
+ 				"gtls netstream driver", mode);
+diff --git a/tests/imtcp-tls-gtls-x509name-legacy.sh b/tests/imtcp-tls-gtls-x509name-legacy.sh
+index c2c9bdd..4e8878c 100755
+--- a/tests/imtcp-tls-gtls-x509name-legacy.sh
++++ b/tests/imtcp-tls-gtls-x509name-legacy.sh
+@@ -12,12 +12,14 @@ global(	defaultNetstreamDriverCAFile="'$srcdir/tls-certs/ca.pem'"
+ 
+ # NOTE: we intentionally use legacy statements here! This *IS* what we want to test!
+ $ModLoad ../plugins/imtcp/.libs/imtcp
++$DefaultNetstreamDriver gtls
+ $inputTcpserverStreamdriverPermittedPeer rsyslog-client
+ 
+-input(type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port"
+-	StreamDriver.Name="gtls"
+-	StreamDriver.Mode="1"
+-	StreamDriver.AuthMode="x509/name")
++$InputTCPServerStreamDriverAuthMode x509/name
++$InputTCPServerStreamDriverPermittedPeer Log_Streaming_Client
++$InputTCPServerStreamDriverMode 1
++$InputTCPServerListenPortFile '$RSYSLOG_DYNNAME'.tcpflood_port
++$InputTCPServerRun 0
+ 
+ template(name="outfmt" type="string" string="%msg:F,58:2%\n")
+ :msg, contains, "msgnum:" action(	type="omfile" 
+-- 
+2.27.0
+

rsyslog-8.24.0-set-permission-of-syslogd-dot-pid-to-0644.patch

@@ -1,52 +0,0 @@
-From 1b1efc640a57a757d1c7c64fd60d2187e3940060 Mon Sep 17 00:00:00 2001
-From: guoxiaoqi <guoxiaoqi2@huawei.com>
-Date: Sat, 26 Jan 2019 15:27:29 +0000
-Subject: [PATCH] rsyslog-8.24.0, set permission of syslogd dot pid to 0644
-
-reason: rsyslog-8.24.0, set permission of syslogd dot pid to 0644
-
-Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
----
- tools/rsyslogd.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/tools/rsyslogd.c b/tools/rsyslogd.c
-index d2e4833..834fc08 100644
---- a/tools/rsyslogd.c
-+++ b/tools/rsyslogd.c
-@@ -28,6 +28,7 @@
- #include <sys/types.h>
- #include <sys/wait.h>
- #include <unistd.h>
-+#include <fcntl.h>
- #include <errno.h>
- #ifdef ENABLE_LIBLOGGING_STDLOG
- #  include <liblogging/stdlog.h>
-@@ -265,6 +266,7 @@ static rsRetVal
- writePidFile(void)
- {
- 	FILE *fp;
-+	int fd;
- 	DEFiRet;
- 
- 	const char *tmpPidFile;
-@@ -278,10 +280,15 @@ writePidFile(void)
- 	if(tmpPidFile == NULL)
- 		tmpPidFile = PidFile;
- 	DBGPRINTF("rsyslogd: writing pidfile '%s'.\n", tmpPidFile);
--	if((fp = fopen((char*) tmpPidFile, "w")) == NULL) {
-+	if ( (fd = open(tmpPidFile, O_WRONLY|O_CREAT|O_CLOEXEC, 0644)) == -1) {
- 		perror("rsyslogd: error writing pid file (creation stage)\n");
- 		ABORT_FINALIZE(RS_RET_ERR);
- 	}
-+	if ((fp = fdopen(fd, "w")) == NULL) {
-+		close(fd);
-+		perror("rsyslogd: error writing pid file (fp binding stage)\n");
-+		ABORT_FINALIZE(RS_RET_ERR);
-+	}
- 	if(fprintf(fp, "%d", (int) glblGetOurPid()) < 0) {
- 		LogError(errno, iRet, "rsyslog: error writing pid file");
- 	}
--- 
-1.8.3.1
-

rsyslog.spec

@@ -7,7 +7,7 @@
 
 Name:           rsyslog
 Version:        8.2110.0
-Release:        13
+Release:        14
 Summary:        The rocket-fast system for log processing
 License:        (GPLv3+ and ASL 2.0)
 URL:            http://www.rsyslog.com/
@@ -46,6 +46,13 @@ Patch6010:      backport-core-bugfix-correct-local-host-name-after-config-proces
 Patch6011:      backport-core-bugfix-local-hostname-invalid-if-no-global-config-object-given.patch 
 Patch6012:      backport-Simplified-and-fixed-IPv4-digit-detection.patch 
 Patch6013:      backport-tcpsrv-cleanup-remove-commented-out-code.patch 
+Patch6014:      backport-add-support-for-permittedPeers-setting-at-input.patch 
+Patch6015:      backport-fix-memory-leak-in-afterRun-Code.patch 
+Patch6016:      backport-Terminate-all-tcpsrv-threads-properly.patch 
+Patch6017:      backport-Deallocate-outchannel-resources-in-rsconf-destructor.patch 
+Patch6018:      backport-Fix-Segmentation-fault-in-close-journal.patch 
+Patch6019:      backport-add-test-for-legacy-permittedPeer-statement.patch 
+Patch6020:      backport-imtcp-bugfix-legacy-config-directives-did-no-longer-work.patch 
 
 BuildRequires:  gcc autoconf automake bison dos2unix flex pkgconfig python3-docutils libtool
 BuildRequires:  libgcrypt-devel libuuid-devel zlib-devel krb5-devel libnet-devel gnutls-devel
@@ -520,6 +527,12 @@ done
 %{_mandir}/man1/rscryutil.1.gz
 
 %changelog
+* Sat Dec 24 2022 pengyi <pengyi37@huawei.com> - 8.2110.0-14
+- Type:NA
+- ID:NA
+- SUG:NA
+- DESC: backport patches from upstream
+
 * Sat Dec 17 2022 pengyi <pengyi37@huawei.com> - 8.2110.0-13
 - Type:NA
 - ID:NA