Hello community, here is the log from the commit of package rsyslog.15195 for openSUSE:Leap:15.2:Update checked in at 2020-12-04 06:24:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/rsyslog.15195 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.rsyslog.15195.new.5913 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsyslog.15195" Fri Dec 4 06:24:56 2020 rev:1 rq:851968 version:8.39.0 Changes: -------- New Changes file: --- /dev/null 2020-11-18 17:46:03.679371574 +0100 +++ /work/SRC/openSUSE:Leap:15.2:Update/.rsyslog.15195.new.5913/rsyslog.changes 2020-12-04 06:24:57.307120427 +0100 @@ -0,0 +1,2670 @@ +------------------------------------------------------------------- +Mon Nov 9 08:33:56 UTC 2020 - Thomas Blume <thomas.bl...@suse.com> + +- fix location and naming of journald dropin (bsc#1178288) + +------------------------------------------------------------------- +Tue Sep 8 07:26:59 UTC 2020 - Thomas Blume <thomas.bl...@suse.com> + +- rsyslog.conf.in: Fix the URL for bug reporting (bsc#1173433) + +------------------------------------------------------------------- +Thu Jul 25 13:20:58 UTC 2019 - matthias.gerst...@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +------------------------------------------------------------------- +Tue Mar 5 09:45:52 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org> + +- Add rsyslog-pgsql-pkg-config.patch: use pkgconfig to find the + right libraries/directories for postgresql. According to pgsql + upstream, pg_config must only be used to buildpgsql modules. + +------------------------------------------------------------------- +Fri Feb 22 11:47:22 UTC 2019 - thomas.bl...@suse.com + +- set default permissions before include directives (bsc#1126233) + * Logfile open modes depend on position in the config file, see + https://www.rsyslog.com/doc/rsconf1_filecreatemode.html + +------------------------------------------------------------------- +Wed Nov 21 15:49:02 UTC 2018 - Enno Gotthold <egotth...@suse.com> + +- Upgrade to rsyslog 8.39.0 + * imfile: improve truncation detection + * imjournal: work around journald excessive reloading behavior + * errmsg: remove no longer needed code + * queue bugfix: invalid error message on queue startup + * bugfix imrelp: regression with legacy configuration startup fail + * bugfix imudp: stall of connection and/or potential segfault + * bugfix gcry crypto driver: small memleak + * fix potential misadressing in encryption subsystem + * ksi subsystem changes + * bugfix core: regex compile error messages could be incorrect + * bugfix core: potential hang on rsyslog termination + * bugfix imkafka: system hang when backgrounded + * bugfix imfile: file change was not reliably detected + * bugfix imrelp: do not fail build if librelp does not have relpSrvSetLstnAddr + * bugfix queue subsystem: DA queue did ignore encryption settings + * bugfix KSI: lmsig-ksils12 module skips signing the last block + * bugfix fmhash: function hash64mod sometimes returned wrong result + * bugfix core/debug: data written to random fd 2 under some debug settings + +------------------------------------------------------------------- +Tue Oct 16 14:07:14 UTC 2018 - thomas.bl...@suse.com + +- rsyslog configuration cleanup by filter rules in separate files (bug#1102720) + * add parsing of additional filter rules in /etc/rsyslog.d/*.frule + * add acpid.frule, firewall.frule, NetworkManager.frule + +------------------------------------------------------------------- +Wed Oct 10 16:16:55 CEST 2018 - ku...@suse.de + +- Enable ForwardToSyslog for journald to get syslog messages + [bsc#1110456] + +------------------------------------------------------------------- +Tue Sep 18 17:34:53 UTC 2018 - Michael Ströder <mich...@stroeder.com> + +- Update to rsyslog 8.38.0: + * imfile: support for endmsg.regex + * omhttp: new contribued module + * imrelp: add support for seting address to bind to (#894) + * ommysql: support mysql unix domain socket + * omusrmsg: do not fall back to max username length of 8 + * various bug fixes and minor updates to other modules and core + * various fixes for memory leaks + +------------------------------------------------------------------- +Thu Jul 19 12:54:37 UTC 2018 - thomas.bl...@suse.com + +- remove references to obsolete SYSLOG_REQUIRES_NETWORK + variable (bsc#1101642) + +------------------------------------------------------------------- +Wed Jun 27 18:54:51 UTC 2018 - astie...@suse.com + +- rsyslog 8.36.0: + * Liblogging-stdlog deprecated + * OpenSSL based TLS driver added in addition to GnuTLS + * GnuTLS TLS driver: support intermediate certificates + * imptcp: add ability to configure socket backlog + * fmhash: new hash function module + * updates and fixes to various modules + * omfwd: add support for bind-to-address for UDP + * mmkubernetes: new module +- updates and fixes to various modules + +------------------------------------------------------------------- +Tue Jun 26 07:43:50 UTC 2018 - thomas.bl...@suse.com + +- fix CVE-2015-3243 rsyslog: some log files are created world-readable + (bsc#935393) + +------------------------------------------------------------------- +Sat Mar 24 18:47:34 UTC 2018 - astie...@suse.com + +- rsyslog 8.33.1: + * devcontainer: use some more sensible defaults + * auto-detect if running inside a container (as pid 1) + * config: add include() script object + * template: add option to generate json "container" + * core/template: add format jsonf to constant template entries + * config: add ability to disable config parameter ("config.enable") + * script: permit to use environment variables during configuration + * new global config parameter "shutdown.enable.ctlc" + * config optimizer: detect totally empty "if" statements and optimize them out + * template: constant entry can now also be formatted as json field + * omstdout: support for new-style configuration parameters added + * core: set TZ on startup if not already set + * imjournal bugfix: file handle leak during journal rotation + * lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected + * script bugfix: replace() function worked incorrectly in some cases + * core bugfix: misadressing in external command parser + * core bugfix: small memory leak in external command parser + * core bugfix: string not properly terminated when RFC5424 MSGID is used + * bugfix: strndup() compatibility layer func copies too much +- the upstream systemd unit file was changed to no longer write the + rsyslog pid, as it is no longer required for tracking under + systemd (-iNONE). Adjust rsyslog-unit.patch to match. + +------------------------------------------------------------------- +Mon Mar 19 11:43:55 CET 2018 - ku...@suse.de + +- Use %license instead of %doc [bsc#1082318] + +------------------------------------------------------------------- +Mon Feb 19 09:16:20 UTC 2018 - thomas.bl...@suse.com + +- fix includes for apparmor profile (bsc#1080238) + +------------------------------------------------------------------- +Fri Jan 26 14:47:16 UTC 2018 - astie...@suse.com + +- rsyslog 8.32.0 + * libfastjson 0.99.8 required + * libczmq >= 3.0.2 is now required for omczmq + * libcurl is now needed for rsyslog core + * rsyslogd: add capability to specify that no pid file shall be written + * core improvements and bug fixes + * RainerScript improvements and bug fixes + * build fixes, including gcc7 fixes + drop 0001-imgssapi-fix-compiler-warnings.patch + * various bug fixes in multiple modules + +------------------------------------------------------------------- +Fri Jan 19 08:48:59 UTC 2018 - rgerha...@adiscon.com + +- remove build dependency on libee + +------------------------------------------------------------------- +Thu Dec 7 14:56:03 CET 2017 - ku...@suse.de + +- Disable news by default, we don't need to clobber all systems + with this for the very few remaining news servers + +------------------------------------------------------------------- +Thu Nov 23 13:41:39 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Fri Nov 17 15:34:42 UTC 2017 - astie...@suse.com + +- Ensure user "news" exists - bsc#1068678 + +------------------------------------------------------------------- +Tue Nov 14 15:33:34 UTC 2017 - astie...@suse.com + +- rsyslog 8.30.0 + * changed behaviour: all variables are now case-insensitive by default + * core: handle (JSON) variables in case-insensitive way + * imjournal: made switching to persistent journal in runtime possible + * mmanon: complete refactor and enhancements + * imfile: add "fileoffset" metadata + * RainerScript: add ltrim and rtrim functions + * core: report module name when suspending action + * core: add ability to limit number of error messages going to stderr + * tcpsrv subsystem: improvate clarity of some error messages + * imptcp: include module name in error msg + * imtcp: include module name in error msg + * tls improvement: better error message if certificate file cannot be read + * omfwd: slightly improved error messages during config parsing + * ommysql improvements ++++ 2473 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.rsyslog.15195.new.5913/rsyslog.changes New: ---- NetworkManager.frule acpid.frule firewall.frule journald-rsyslog.conf module-mysql module-snmp module-udpspoof rsyslog-8.39.0.tar.gz rsyslog-doc-8.39.0.tar.gz rsyslog-pgsql-pkg-config.patch rsyslog-service-prepare.in rsyslog-unit.patch rsyslog.changes rsyslog.conf.in rsyslog.d.remote.conf.in rsyslog.spec rsyslog.sysconfig usr.sbin.rsyslogd ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsyslog.spec ++++++ ++++ 1215 lines (skipped) ++++++ NetworkManager.frule ++++++ # # NetworkManager into separate file and stop their further processing # if ($programname == 'NetworkManager') or \ ($programname startswith 'nm-') \ then { -/var/log/NetworkManager stop } ++++++ acpid.frule ++++++ # # acpid messages into separate file and stop their further processing # # => all acpid messages for debuging (uncomment if needed): #if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \ # -/var/log/acpid # # => up to notice (skip info and debug) if ($programname == 'acpid' or $syslogtag == '[acpid]:') and \ ($syslogseverity <= 5 /* notice */) \ then { -/var/log/acpid stop } ++++++ firewall.frule ++++++ # # firewall messages into separate file and stop their further processing # if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') \ then { -/var/log/firewall stop } ++++++ journald-rsyslog.conf ++++++ [Journal] ForwardToSyslog=yes ++++++ module-mysql ++++++ # for logging to mysql DB (rsyslog-module-mysql) #include <abstractions/mysql> #include <abstractions/p11-kit> /etc/my.cnf r, /etc/my.cnf.d/ r, /etc/my.cnf.d/* r, ++++++ module-snmp ++++++ # for logging to (rsyslog-module-snmp) #include <abstractions/wutmp> /proc/uptime r, /usr/share/snmp/mibs/ r, /usr/share/snmp/mibs/*.txt r, /var/lib/net-snmp/mib_indexes/ rw, /var/lib/net-snmp/mib_indexes/* rw, ++++++ module-udpspoof ++++++ # for logging with omudpspoof (rsyslog-module-udpspoof) capability net_raw, network inet raw, ++++++ rsyslog-pgsql-pkg-config.patch ++++++ Index: rsyslog-8.39.0/configure.ac =================================================================== --- rsyslog-8.39.0.orig/configure.ac +++ rsyslog-8.39.0/configure.ac @@ -794,24 +794,7 @@ AC_ARG_ENABLE(pgsql, [enable_pgsql=no] ) if test "x$enable_pgsql" = "xyes"; then - AC_CHECK_PROG( - [PG_CONFIG], - [pg_config], - [pg_config], - [no],,, - ) - if test "x${PG_CONFIG}" = "xno"; then - AC_MSG_FAILURE([pg_config not found]) - fi - AC_CHECK_LIB( - [pq], - [PQconnectdb], - [PGSQL_CFLAGS="-I`$PG_CONFIG --includedir`" - PGSQL_LIBS="-L`$PG_CONFIG --libdir` -lpq" - ], - [AC_MSG_FAILURE([PgSQL library is missing])], - [-L`$PG_CONFIG --libdir`] - ) + PKG_CHECK_MODULES([PGSQL], [libpq]) fi AM_CONDITIONAL(ENABLE_PGSQL, test x$enable_pgsql = xyes) AC_SUBST(PGSQL_CFLAGS) ++++++ rsyslog-service-prepare.in ++++++ #!/bin/bash test -s "/etc/sysconfig/syslog" && \ . "/etc/sysconfig/syslog" run_dir="RUN_DIR" cfg_file="ADDITIONAL_SOCKETS" umask 0022 /bin/mkdir -p -m 0755 "${run_dir}" # # Prepare include with sockets in chroot's # > "${cfg_file}" for variable in ${!SYSLOGD_ADDITIONAL_SOCKET*}; do eval value=\$$variable test -z "$value" && continue test -d "${value%/*}" || continue echo "\$AddUnixListenSocket $value" done >> "${cfg_file}" # # make sure xconsole exists and is a pipe # if test -e /dev/xconsole -a ! -p /dev/xconsole ; then /bin/rm -f /dev/xconsole fi if test ! -e /dev/xconsole ; then /bin/mknod -m 0600 /dev/xconsole p /bin/chown root:tty /dev/xconsole restorecon /dev/xconsole 2> /dev/null fi exit 0 ++++++ rsyslog-unit.patch ++++++ --- rsyslog-8.36.0.orig/rsyslog.service.in 2018-06-25 17:20:38.000000000 +0200 +++ rsyslog-8.36.0/rsyslog.service.in 2018-06-26 21:03:46.788972908 +0200 @@ -1,14 +1,21 @@ [Unit] Description=System Logging Service Requires=syslog.socket +Requires=var-run.mount +After=var-run.mount +Conflicts=syslog-ng.service syslogd.service Documentation=man:rsyslogd(8) Documentation=http://www.rsyslog.com/doc/ [Service] Type=notify -ExecStart=@sbindir@/rsyslogd -n -iNONE +Environment=RSYSLOGD_PARAMS= +EnvironmentFile=-/etc/sysconfig/syslog +ExecStartPre=@sbindir@/rsyslog-service-prepare +ExecStart=@sbindir@/rsyslogd -n -iNONE $RSYSLOGD_PARAMS +ExecReload=/bin/kill -HUP $MAINPID StandardOutput=null -Restart=on-failure +Restart=on-abort # Increase the default a bit in order to allow many simultaneous # files to be monitored, we might need a lot of fds. ++++++ rsyslog.conf.in ++++++ ## ## === When you're using remote logging, enable on-disk queues === ## === in rsyslog.d/remote.conf. === ## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote ## filesystem, except on newer systems where initrd mounts /usr. ## [The modules are linked against libraries installed bellow of ## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## # # if you experience problems, check # http://www.rsyslog.com/troubleshoot for assistance # and report them at https://bugzilla.suse.com/ for SUSE Linux Enterprise # or https://bugzilla.opensuse.org/ for openSUSE # # since rsyslog v3: load input modules # If you do not load inputs, nothing happens! # provides --MARK-- message capability (every 1 hour) $ModLoad immark.so $MarkMessagePeriod 3600 # provides support for local system logging (e.g. via logger command) $ModLoad imuxsock.so # reduce dupplicate log messages (last message repeated n times) $RepeatedMsgReduction on # kernel logging (may be also provided by /sbin/klogd) # see also http://www.rsyslog.com/doc-imklog.html. $ModLoad imklog.so # set log level 1 (same as in /etc/sysconfig/syslog). $klogConsoleLogLevel 1 # # Set the default permissions for all log files. # $FileOwner root $FileGroup root $FileCreateMode 0640 $DirCreateMode 0750 $Umask 0022 # Use rsyslog native, rfc5424 conform log format as default # ($ActionFileDefaultTemplate RSYSLOG_FileFormat). # # To change a single file to use obsolete BSD syslog format # (rfc 3164, no high-precision timestamps), set the variable # bellow or append ";RSYSLOG_FileFormat" to the filename. # See # http://www.rsyslog.com/doc/rsyslog_conf_templates.html # for more informations. # #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Include config generated by /etc/init.d/syslog script # using the SYSLOGD_ADDITIONAL_SOCKET* variables in the # /etc/sysconfig/syslog file. # $IncludeConfig ADDITIONAL_SOCKETS # # Include config files, that the admin provided? : # $IncludeConfig ETC_RSYSLOG_D_GLOB ### # print most important on tty10 and on the xconsole pipe # if ( \ /* kernel up to warning except of firewall */ \ ($syslogfacility-text == 'kern') and \ ($syslogseverity <= 4 /* warning */ ) and not \ ($msg contains 'IN=' and $msg contains 'OUT=') \ ) or ( \ /* up to errors except of facility authpriv */ \ ($syslogseverity <= 3 /* errors */ ) and not \ ($syslogfacility-text == 'authpriv') \ ) \ then { /dev/tty10 |/dev/xconsole } # Emergency messages to everyone logged on (wall) *.emerg :omusrmsg:* # enable this, if you want that root is informed # immediately, e.g. of logins #*.alert root # # Additional filter rules # $IncludeConfig /etc/rsyslog.d/*.frule # # email-messages # mail.* -/var/log/mail mail.info -/var/log/mail.info mail.warning -/var/log/mail.warn mail.err /var/log/mail.err # # news-messages # #news.crit -/var/log/news/news.crit #news.err -/var/log/news/news.err #news.notice -/var/log/news/news.notice # enable this, if you want to keep all news messages # in one file #news.* -/var/log/news.all # # Warnings in one file # *.=warning;*.=err -/var/log/warn *.crit /var/log/warn # # the rest in one file # *.*;mail.none;news.none -/var/log/messages # # enable this, if you want to keep all messages # in one file #*.* -/var/log/allmessages # # Some foreign boot scripts require local7 # local0.*;local1.* -/var/log/localmessages local2.*;local3.* -/var/log/localmessages local4.*;local5.* -/var/log/localmessages local6.*;local7.* -/var/log/localmessages ### ++++++ rsyslog.d.remote.conf.in ++++++ ## ## === When you're using remote logging, enable on-disk queues === ## === in rsyslog.d/remote.conf. === ## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote ## filesystem, except on newer systems where initrd mounts /usr. ## [The modules are linked against libraries installed bellow of ## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## # ######### Enable On-Disk queues for remote logging ########## # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. # #$WorkDirectory RSYSLOG_SPOOL_DIR # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # ######### Sending Messages to Remote Hosts ########## # Remote Logging using TCP for reliable delivery # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host # Remote Logging using UDP # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @remote-host # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API (if compiled to support it) #$ModLoad imtcp.so # load module ##$UDPServerAddress 10.10.0.1 # force to listen on this IP only #$InputTCPServerRun <port> # Starts a TCP server on selected port # UDP Syslog Server: #$ModLoad imudp.so # provides UDP syslog reception ##$UDPServerAddress 10.10.0.1 # force to listen on this IP only #$UDPServerRun 514 # start a UDP syslog server at standard port 514 ########### Encrypting Syslog Traffic with TLS ########## # -- TLS Syslog Server: ## make gtls driver the default #$DefaultNetstreamDriver gtls # ## certificate files #$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem #$DefaultNetstreamDriverCertFile ETC_RSYSLOG_D_DIR/server_cert.pem #$DefaultNetstreamDriverKeyFile ETC_RSYSLOG_D_DIR/server_key.pem # #$ModLoad imtcp # load TCP listener # #$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode #$InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated #$InputTCPServerRun 10514 # start up listener at port 10514 # # -- TLS Syslog Client: ## certificate files - just CA for a client #$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem # ## set up the action #$DefaultNetstreamDriver gtls # use gtls netstream driver #$ActionSendStreamDriverMode 1 # require TLS for the connection #$ActionSendStreamDriverAuthMode anon # server is NOT authenticated #*.* @@(o)server.example.net:10514 # send (all) messages ++++++ rsyslog.sysconfig ++++++ ## Type: string ## Default: "" ## Config: "" ## ServiceRestart: syslog # # Parameters for rsyslogd, except of the version compatibility (-c) # and the config file (-f), because they're used by sysconfig and # earlysysconfig init scripts. # # See also the RSYSLOGD_COMPAT_VERSION variable in this file, the # documentation provided in /usr/share/doc/packages/rsyslog/doc by # the rsyslog-doc package and the rsyslogd(8) and rsyslog.conf(5) # manual pages. # RSYSLOGD_PARAMS="" ++++++ usr.sbin.rsyslogd ++++++ # ------------------------------------------------------------------ # # Copyright (C) 2014 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/rsyslogd { #include <abstractions/base> #include <abstractions/consoles> # general networking is allowed here #include <abstractions/nameservice> capability dac_override, capability sys_nice, capability sys_tty_config, capability syslog, deny capability block_suspend, /dev/tty* w, /dev/xconsole rw, /etc/rsyslog.conf r, /etc/rsyslog.d/ r, /etc/rsyslog.d/* r, /usr/lib{,32,64}/rsyslog/* mr, /usr/sbin/rsyslogd mr, /var/log/** rw, /var/lib/*/dev/log w, /proc/kmsg r, /{var/,}run/rsyslog/* r, /{var/,}run/rsyslogd.pid rwk, /{var/,}run/systemd/journal/syslog w, # include rules for rsyslog-module-* packages #include "/usr/share/apparmor/extra-profiles/rsyslog.d" # for logging via TLS (rsyslog-module-gtls) # keys/certificates need to be located under /etc/rsyslog.d or permissions need to be adjusted here # rsyslog tries to write to the certificates for no reason, so deny this quietly deny /etc/rsyslog.d/* w, } _______________________________________________ openSUSE Commits mailing list -- commit@lists.opensuse.org To unsubscribe, email commit-le...@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/commit@lists.opensuse.org