Hello community, here is the log from the commit of package rsyslog.3055 for openSUSE:12.3:Update checked in at 2014-10-15 15:59:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/rsyslog.3055 (Old) and /work/SRC/openSUSE:12.3:Update/.rsyslog.3055.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsyslog.3055" Changes: -------- New Changes file: --- /dev/null 2014-09-26 12:09:11.568032006 +0200 +++ /work/SRC/openSUSE:12.3:Update/.rsyslog.3055.new/rsyslog.changes 2014-10-15 15:59:54.000000000 +0200 @@ -0,0 +1,1091 @@ +------------------------------------------------------------------- +Mon Oct 6 12:38:35 UTC 2014 - m...@suse.de + +- Fixed remote PRI DoS vulnerability patch (CVE-2014-3683,bnc#899756) + [* rsyslog-7.2.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch] +- Removed broken, unsupported and dropped by upstream zpipe utility + from rsyslog-diag-tools package (bnc#890228) + +------------------------------------------------------------------- +Mon Sep 29 09:22:15 UTC 2014 - m...@suse.de + +- Remote syslog PRI DoS vulnerability fix (CVE-2014-3634,bnc#897262) + [+ rsyslog-7.2.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch] + +------------------------------------------------------------------- +Fri Aug 22 14:37:57 UTC 2014 - m...@suse.de + +- Stop syslog.socket in %preun to avoid the daemon we uninstall + gets started by a log message due to dependencies (bnc#840815). + +------------------------------------------------------------------- +Fri Apr 19 09:11:23 UTC 2013 - m...@suse.de + +- update to 7.2.7 [v7-stable] 2013-04-17 (bnc#809852): + - rsyslogd startup information is now properly conveyed back to init + when privileges are beging dropped. Actually, we have moved + termination of the parent in front of the priv drop. So it shall + work now in all cases. See code comments in commit for more details. + - If forking, the parent now waits for a maximum of 60 seconds for + termination by the child + - improved debugging support in forked (auto-backgrounding) mode. + The rsyslog debug log file is now continued to be written across the + fork. + - updated systemd files to match current systemd source + - bugfix: failover/action suspend did not work correctly + This was experienced if the retry action took more than one second + to complete. For suspending, a cached timestamp was used, and if the + retry took longer, that timestamp was already in the past. As a + result, the action never was kept in suspended state, and as such no + failover happened. The suspend functionalit now does no longer use + the cached timestamp (should not have any performance implication, + as action suspend occurs very infrequently). + - bugfix: nested if/prifilt conditions did not work properly + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415 + - bugfix: script == comparison did not work properly on JSON objects + [backport from 7.3 branch] + - bugfix: imudp scheduling parameters did affect main thread, not imudp + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409 + - bugfix: imuxsock rate-limiting could not be configured via legacy conf + Rate-limiting for the system socket could not be configured via legacy + configuration directives. However, the new-style RainerScript config + options worked. + Thanks to Milan Bartos for the patch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=390 + - bugfix: using group resolution could lead to endless loop + Thanks to Tomas Heinrich for the patch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310 + - bugfix: $mmnormalizeuseramsg paramter was specified with wrong type + Thank to Renzhong Zhang for alerting us of the problem. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=420 + - bugfix: RainerScript getenv() function caused segfault when var was + not found. + Thanks to Philippe Muller for the patch. + - bugfix: several issues in imkmsg + see bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=421#c8 + - bugfix: imuxsock was missing SysSock.ParseTrusted module parameter + To use that functionality, legacy rsyslog.conf syntax had to be used. + Also, the doc was missing information on the "ParseTrusted" set of + config directives. + - bugfix: parameter action.execOnlyWhenPreviousIsSuspended was + accidently of integer-type. For obvious reasons, it needs to be + boolean. Note that this change can break existing configurations + if they circumvented the problem by using 0/1 values. + - doc bugfix: rsyslog.conf man page had invalid file format info + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418 +- update to 7.2.6 [v7-stable] 2013-03-05: + - slightly improved config parser error messages when invalid escapes + happen + - bugfix: include files got included in the wrong order + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411 + This happens if an $IncludeConfig directive was done on multiple + files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf). + In that case, the order of include file processing is reversed, which + could lead to all sorts of problems. + Thanks to Nathan Stratton Treadway for his great analysis of the + problem, which made bug fixing really easy. + - bugfix: omelasticsearch failed when authentication data was provided + ... at least in most cases it emitted an error message: + "snprintf failed when trying to build auth string" + Thanks to Joerg Heinemann for alerting us. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=404 + - bugfix: some property-based filter were incorrectly parsed + This usually lead to a syntax error on startup and rsyslogd not actually + starting up. The problem was the regex, which did not care for double + quote characters to follow in the action part - unfortunately something + that can frequently happen with v6+ format. An example: + :programname, isequal, "as" {action(type="omfile" ...) } + Here, the part + :programname, isequal, "as" {action(type="omfile" + was treated as the property filter, and the rest as action part. + Obviously, this did not work out. Unfortunately, such situations usually + resulted in very hard to understand error messages. +- Removed rsyslog.conf from doc file list, not shipped any more. + +------------------------------------------------------------------- +Fri Mar 29 11:53:49 UTC 2013 - vci...@suse.com + +- restore SELinux label when creating xconsole (bnc#812447) + +------------------------------------------------------------------- +Tue Feb 19 16:25:03 UTC 2013 - m...@suse.de + +- Fixed rsyslog.service file to support reload (bnc#803994) + +------------------------------------------------------------------- +Tue Jan 15 09:35:07 UTC 2013 - m...@suse.de + +- Fixed relp build requires change, which broke SLE-11 build. + +------------------------------------------------------------------- +Mon Jan 14 21:59:15 UTC 2013 - andreas.stie...@gmx.de + +- update to 7.2.5 [v7-stable]: + - build system cleanup + - bugfix: omelasticsearch did not properly compile on some platforms + due to missing libmath + - bugfix: on termination, actions were incorrectly called + - bugfix: very large memory consumption (and probably out of memory) when + FromPos was specified in template, but ToPos not. + - bugfix: timeval2syslogTime cause problems on some platforms + due to invalid assumption on structure data types. + - bugfix: compile errors in im3195 + - bugfix: doGetFileCreateMode() had invalid validity check + - bugfix: mmjsonparse errornously returned action error when no + CEE cookie was present. + +------------------------------------------------------------------- +Wed Jan 9 14:05:53 UTC 2013 - m...@suse.com + +- Enable rsyslog.service and create the syslog.service alias link + in post install -- regardless of a preset config (bnc#790805). +- Check the existence of /etc/init.d/syslog script before calling + the restart_on_update and stop_on_removal macros to avoid errors + on update. Since openSUSE 12.3, no syslog init script is shipped + (bnc#790298,bnc#750478). + +------------------------------------------------------------------- +Mon Jan 7 10:58:19 UTC 2013 - m...@suse.com + +- Update to 7.2.4 [v7-stable] with following changes: + - enhance: permit RFC3339 timestamp in local log socket messages + Thanks to Sebastien Ponce for the patch. + - imklog: added ParseKernelTimestamp parameter (import from 5.10.2) + Thanks to Marius Tomaschewski for the patch. + - fix missing functionality: ruleset(){} could not specify ruleset queue + The "queue.xxx" parameter set was not supported, and legacy ruleset + config statements did not work (by intention). The fix introduces the + "queue.xxx" parameter set. It has some regression potential, but only + for the new functionality. Note that using that interface it is possible + to specify duplicate queue file names, which will cause trouble. This + will be solved in v7.3, because there is a too-large regression + potential for the v7.2 stable branch. + - imklog: added KeepKernelTimestamp parameter (import from 5.10.2) + Thanks to Marius Tomaschewski for the patch. + - bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds + ... actually, they are microseconds. So the fractional part of the + timestamp was not properly formatted. (import from 5.10.2) + Thanks to Marius Tomaschewski for the bug report and the patch idea. + - bugfix: supportoctetcountedframing parameter did not work in imptcp + - bugfix: modules not (yet) supporting new conf format were not properly + registered. This lead to a "module not found" error message instead of + the to-be-expected "module does not support new style" error message. + That invalid error message could be quite misleading and actually stop + people from addressing the real problem (aka "go nuts" ;)) + - bugfix: template "type" parameter is mandatory (but was not) + - bugfix: some message properties could be garbled due to race condition + This happened only on very high volume systems, if the same message was + being processed by two different actions. This was a regression caused + by the new config processor, which did no longer properly enable msg + locking in multithreaded cases. The bugfix is actually a refactoring of + the msg locking code - we no longer do unlocked operations, as the use + case for it has mostly gone away. It is potentially possible only at + very low-end systems, and there the small additional overhead of doing + the locking does not really hurt. Instead, the removal of that + capability can actually slightly improve performance in common cases, + as the code path is smaller and requires slightly less memory writes. + That probably outperforms the extra locking overhead (which in the + low-end case always happens in user space, without need for kernel + support as we can always directly aquire the lock - there is no + contention at all). +- Removed imklog-kernel-timestamp-parsing (bnc#783967) patch obsoleted + by this version. + +------------------------------------------------------------------- +Fri Nov 23 01:28:46 UTC 2012 - mrueck...@suse.de + +- fix zeromq support ++++ 894 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.rsyslog.3055.new/rsyslog.changes New: ---- rsyslog-7.2.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch rsyslog-7.2.7.tar.gz rsyslog-service-prepare.in rsyslog.changes rsyslog.conf.in rsyslog.d.remote.conf.in rsyslog.service.in.in rsyslog.spec rsyslog.sysconfig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsyslog.spec ++++++ ++++ 924 lines (skipped) ++++++ rsyslog-7.2.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch ++++++ >From 0624e463f78a924c675f516ee067829ec9dd7484 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <m...@suse.de> Date: Mon, 29 Sep 2014 11:18:55 +0200 Subject: [PATCH] Remote PRI DoS vulnerability fix backport (CVE-2014-3634) References: CVE-2014-3634,bnc#897262 Upstream: yes A backport of v7-stable patch by Rainer Gerhards <rgerha...@adiscon.com>. --- grammar/rainerscript.h | 2 +- plugins/imfile/imfile.c | 4 +-- plugins/imklog/imklog.c | 6 ++-- plugins/imkmsg/imkmsg.c | 2 +- plugins/imsolaris/imsolaris.c | 4 +-- plugins/imuxsock/imuxsock.c | 4 +-- runtime/msg.c | 33 ++++++++++++++-------- runtime/parser.c | 8 +++--- runtime/rsyslog.h | 65 ++++++++++++++++++++++++++++++++++--------- runtime/srutils.c | 1 + runtime/syslogd-types.h | 3 -- runtime/typedefs.h | 4 +++ tools/syslogd.c | 6 ++-- 13 files changed, 97 insertions(+), 45 deletions(-) diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h index c9bcbcc..73573ab 100644 --- a/grammar/rainerscript.h +++ b/grammar/rainerscript.h @@ -5,9 +5,9 @@ #include <typedefs.h> #include <sys/types.h> #include <regex.h> +#include "rsyslog.h" -#define LOG_NFACILITIES 24 /* current number of syslog facilities */ #define CNFFUNC_MAX_ARGS 32 /**< maximum number of arguments that any function can have (among * others, this is used to size data structures). diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c index 188d692..88c4eb7 100644 --- a/plugins/imfile/imfile.c +++ b/plugins/imfile/imfile.c @@ -186,8 +186,8 @@ static rsRetVal enqLine(fileInfo_t *pInfo, cstr_t *cstrLine) MsgSetMSGoffs(pMsg, 0); /* we do not have a header... */ MsgSetHOSTNAME(pMsg, glbl.GetLocalHostName(), ustrlen(glbl.GetLocalHostName())); MsgSetTAG(pMsg, pInfo->pszTag, pInfo->lenTag); - pMsg->iFacility = LOG_FAC(pInfo->iFacility); - pMsg->iSeverity = LOG_PRI(pInfo->iSeverity); + pMsg->iFacility = pri2fac(pInfo->iFacility); + pMsg->iSeverity = pri2sev(pInfo->iSeverity); MsgSetRuleset(pMsg, pInfo->pRuleset); pInfo->multiSub.ppMsgs[pInfo->multiSub.nElem++] = pMsg; if(pInfo->multiSub.nElem == pInfo->multiSub.maxElem) diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c index a24fc63..bd9eece 100644 --- a/plugins/imklog/imklog.c +++ b/plugins/imklog/imklog.c @@ -21,7 +21,7 @@ * To test under Linux: * echo test1 > /dev/kmsg * - * Copyright (C) 2008-2012 Adiscon GmbH + * Copyright (C) 2008-2014 Adiscon GmbH * * This file is part of rsyslog. * @@ -246,10 +246,10 @@ rsRetVal Syslog(int priority, uchar *pMsg, struct timeval *tp) /* if we don't get the pri, we use whatever we were supplied */ /* ignore non-kernel messages if not permitted */ - if(cs.bPermitNonKernel == 0 && LOG_FAC(priority) != LOG_KERN) + if(cs.bPermitNonKernel == 0 && pri2fac(priority) != LOG_KERN) FINALIZE; /* silently ignore */ - iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", LOG_FAC(priority), LOG_PRI(priority), tp); + iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", pri2fac(priority), pri2sev(priority), tp); finalize_it: RETiRet; diff --git a/plugins/imkmsg/imkmsg.c b/plugins/imkmsg/imkmsg.c index 2a97f82..8588223 100644 --- a/plugins/imkmsg/imkmsg.c +++ b/plugins/imkmsg/imkmsg.c @@ -144,7 +144,7 @@ rsRetVal imkmsgLogIntMsg(int priority, char *fmt, ...) rsRetVal Syslog(int priority, uchar *pMsg, struct timeval *tp, struct json_object *json) { DEFiRet; - iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", LOG_FAC(priority), LOG_PRI(priority), tp, json); + iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", pri2fac(priority), pri2sev(priority), tp, json); RETiRet; } diff --git a/plugins/imsolaris/imsolaris.c b/plugins/imsolaris/imsolaris.c index a220e72..36677e7 100644 --- a/plugins/imsolaris/imsolaris.c +++ b/plugins/imsolaris/imsolaris.c @@ -209,8 +209,8 @@ readLog(int fd, uchar *pRcv, int iMaxLine) MsgSetInputName(pMsg, pInputName); MsgSetRawMsg(pMsg, (char*)pRcv, strlen((char*)pRcv)); MsgSetHOSTNAME(pMsg, glbl.GetLocalHostName(), ustrlen(glbl.GetLocalHostName())); - pMsg->iFacility = LOG_FAC(hdr.pri); - pMsg->iSeverity = LOG_PRI(hdr.pri); + pMsg->iFacility = pri2fac(hdr.pri); + pMsg->iSeverity = pri2sev(hdr.pri); pMsg->msgFlags = NEEDS_PARSING | NO_PRI_IN_RAW; CHKiRet(submitMsg(pMsg)); } diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c index 1a2b696..9536e9b 100644 --- a/plugins/imuxsock/imuxsock.c +++ b/plugins/imuxsock/imuxsock.c @@ -828,8 +828,8 @@ SubmitMsg(uchar *pRcv, int lenRcv, lstn_t *pLstn, struct ucred *cred, struct tim ++parse; ++offs; } - facil = LOG_FAC(pri); - sever = LOG_PRI(pri); + facil = pri2fac(pri); + sever = pri2sev(pri); if(sever >= pLstn->ratelimitSev) { /* note: if cred == NULL, then ratelimiter == NULL as well! */ diff --git a/runtime/msg.c b/runtime/msg.c index 32a0242..52206da 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -76,7 +76,7 @@ DEFobjCurrIf(net) static struct { uchar *pszName; short lenName; -} syslog_pri_names[192] = { +} syslog_pri_names[200] = { { UCHAR_CONSTANT("0"), 3}, { UCHAR_CONSTANT("1"), 3}, { UCHAR_CONSTANT("2"), 3}, @@ -268,17 +268,25 @@ static struct { { UCHAR_CONSTANT("188"), 5}, { UCHAR_CONSTANT("189"), 5}, { UCHAR_CONSTANT("190"), 5}, - { UCHAR_CONSTANT("191"), 5} + { UCHAR_CONSTANT("191"), 5}, + { UCHAR_CONSTANT("192"), 5}, + { UCHAR_CONSTANT("193"), 5}, + { UCHAR_CONSTANT("194"), 5}, + { UCHAR_CONSTANT("195"), 5}, + { UCHAR_CONSTANT("196"), 5}, + { UCHAR_CONSTANT("197"), 5}, + { UCHAR_CONSTANT("198"), 5}, + { UCHAR_CONSTANT("199"), 5} }; static char hexdigit[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; /*syslog facility names (as of RFC5424) */ -static char *syslog_fac_names[24] = { "kern", "user", "mail", "daemon", "auth", "syslog", "lpr", +static char *syslog_fac_names[LOG_NFACILITIES] = { "kern", "user", "mail", "daemon", "auth", "syslog", "lpr", "news", "uucp", "cron", "authpriv", "ftp", "ntp", "audit", "alert", "clock", "local0", "local1", "local2", "local3", - "local4", "local5", "local6", "local7" }; + "local4", "local5", "local6", "local7", "invld" }; /* table of severity names (in numerical order)*/ static char *syslog_severity_names[8] = { "emerg", "alert", "crit", "err", "warning", "notice", "info", "debug" }; @@ -287,8 +295,8 @@ static char *syslog_severity_names[8] = { "emerg", "alert", "crit", "err", "warn * and facility values to a numerical string... -- rgerhars, 2009-06-17 */ -static char *syslog_number_names[24] = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", - "15", "16", "17", "18", "19", "20", "21", "22", "23" }; +static char *syslog_number_names[LOG_NFACILITIES] = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", + "15", "16", "17", "18", "19", "20", "21", "22", "23", "24" }; /* global variables */ #if defined(HAVE_MALLOC_TRIM) && !defined(HAVE_ATOMIC_BUILTINS) @@ -620,8 +628,8 @@ static inline rsRetVal msgBaseConstruct(msg_t **ppThis) pM->flowCtlType = 0; pM->bParseSuccess = 0; pM->iRefCount = 1; - pM->iSeverity = -1; - pM->iFacility = -1; + pM->iSeverity = LOG_DEBUG; + pM->iFacility = LOG_INVLD; pM->offAfterPRI = 0; pM->offMSG = -1; pM->iProtocolVersion = 0; @@ -1258,7 +1266,10 @@ uchar *getMSG(msg_t *pM) /* Get PRI value as integer */ static int getPRIi(msg_t *pM) { - return (pM->iFacility << 3) + (pM->iSeverity); + int pri = (pM->iFacility << 3) + (pM->iSeverity); + if(pri > 191) + pri = LOG_PRI_INVLD; + return pri; } @@ -2255,8 +2266,8 @@ char *textpri(char *pRes, size_t pResLen, int pri) assert(pRes != NULL); assert(pResLen > 0); - snprintf(pRes, pResLen, "%s.%s", syslog_fac_names[LOG_FAC(pri)], - syslog_severity_names[LOG_PRI(pri)]); + snprintf(pRes, pResLen, "%s.%s", syslog_fac_names[pri2fac(pri)], + syslog_severity_names[pri2sev(pri)]); return pRes; } diff --git a/runtime/parser.c b/runtime/parser.c index b40edf4..bfcf443 100644 --- a/runtime/parser.c +++ b/runtime/parser.c @@ -463,11 +463,11 @@ ParsePRI(msg_t *pMsg) } if(*msg == '>') ++msg; - if(pri & ~(LOG_FACMASK|LOG_PRIMASK)) - pri = DEFUPRI; + if(pri > LOG_MAXPRI) + pri = LOG_PRI_INVLD; } - pMsg->iFacility = LOG_FAC(pri); - pMsg->iSeverity = LOG_PRI(pri); + pMsg->iFacility = pri2fac(pri); + pMsg->iSeverity = pri2sev(pri); MsgSetAfterPRIOffs(pMsg, msg - pMsg->pszRawMsg); } RETiRet; diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 07d58d6..b5b00fd 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -3,7 +3,7 @@ * * Begun 2005-09-15 RGerhards * - * Copyright (C) 2005-2008 by Rainer Gerhards and Adiscon GmbH + * Copyright (C) 2005-2014 by Rainer Gerhards and Adiscon GmbH * * This file is part of the rsyslog runtime library. * @@ -74,19 +74,58 @@ * # End Config Settings # * * ############################################################# */ -/* portability: not all platforms have these defines, so we - * define them here if they are missing. -- rgerhards, 2008-03-04 +/* make sure we uses consistent macros, no matter what the + * platform gives us. */ -#ifndef LOG_MAKEPRI -# define LOG_MAKEPRI(fac, pri) (((fac) << 3) | (pri)) -#endif -#ifndef LOG_PRI -# define LOG_PRI(p) ((p) & LOG_PRIMASK) -#endif -#ifndef LOG_FAC -# define LOG_FAC(p) (((p) & LOG_FACMASK) >> 3) -#endif - +#define LOG_NFACILITIES 24+1 /* plus one for our special "invld" facility! */ +#define LOG_MAXPRI 191 /* highest supported valid PRI value --> RFC3164, RFC5424 */ +#undef LOG_MAKEPRI +#define LOG_PRI_INVLD LOG_INVLD|LOG_DEBUG /* PRI is invalid --> special "invld.=debug" PRI code (rsyslog-specific) */ + +#define LOG_EMERG 0 /* system is unusable */ +#define LOG_ALERT 1 /* action must be taken immediately */ +#define LOG_CRIT 2 /* critical conditions */ +#define LOG_ERR 3 /* error conditions */ +#define LOG_WARNING 4 /* warning conditions */ +#define LOG_NOTICE 5 /* normal but significant condition */ +#define LOG_INFO 6 /* informational */ +#define LOG_DEBUG 7 /* debug-level messages */ + +#define LOG_KERN (0<<3) /* kernel messages */ +#define LOG_USER (1<<3) /* random user-level messages */ +#define LOG_MAIL (2<<3) /* mail system */ +#define LOG_DAEMON (3<<3) /* system daemons */ +#define LOG_AUTH (4<<3) /* security/authorization messages */ +#define LOG_SYSLOG (5<<3) /* messages generated internally by syslogd */ +#define LOG_LPR (6<<3) /* line printer subsystem */ +#define LOG_NEWS (7<<3) /* network news subsystem */ +#define LOG_UUCP (8<<3) /* UUCP subsystem */ +#define LOG_CRON (9<<3) /* clock daemon */ +#define LOG_AUTHPRIV (10<<3) /* security/authorization messages (private) */ +#define LOG_FTP (11<<3) /* ftp daemon */ +#define LOG_LOCAL0 (16<<3) /* reserved for local use */ +#define LOG_LOCAL1 (17<<3) /* reserved for local use */ +#define LOG_LOCAL2 (18<<3) /* reserved for local use */ +#define LOG_LOCAL3 (19<<3) /* reserved for local use */ +#define LOG_LOCAL4 (20<<3) /* reserved for local use */ +#define LOG_LOCAL5 (21<<3) /* reserved for local use */ +#define LOG_LOCAL6 (22<<3) /* reserved for local use */ +#define LOG_LOCAL7 (23<<3) /* reserved for local use */ +#define LOG_FAC_INVLD 24 +#define LOG_INVLD (LOG_FAC_INVLD<<3) /* invalid facility/PRI code */ + +/* we need to use a function to avoid side-effects. This MUST guard + * against invalid facility values. rgerhards, 2014-09-16 + */ +static inline int pri2fac(const int pri) +{ + unsigned int fac = pri >> 3; + return (fac > 23) ? LOG_FAC_INVLD : fac; +} +static inline int pri2sev(const int pri) +{ + return pri & 0x07; +} /* the rsyslog core provides information about present feature to plugins * asking it. Below are feature-test macros which must be used to query diff --git a/runtime/srutils.c b/runtime/srutils.c index 4ce6196..7a94e83 100644 --- a/runtime/srutils.c +++ b/runtime/srutils.c @@ -103,6 +103,7 @@ syslogName_t syslogFacNames[] = { {"local5", LOG_LOCAL5}, {"local6", LOG_LOCAL6}, {"local7", LOG_LOCAL7}, + {"invld", LOG_INVLD}, {NULL, -1}, }; diff --git a/runtime/syslogd-types.h b/runtime/syslogd-types.h index 6947a11..8aee425 100644 --- a/runtime/syslogd-types.h +++ b/runtime/syslogd-types.h @@ -27,9 +27,6 @@ #include "stringbuf.h" #include <sys/param.h> -#if HAVE_SYSLOG_H -#include <syslog.h> -#endif /* we use RSTRUE/FALSE to prevent name claches with other packages */ #define RSFALSE 0 diff --git a/runtime/typedefs.h b/runtime/typedefs.h index ccae08b..39d3f5f 100644 --- a/runtime/typedefs.h +++ b/runtime/typedefs.h @@ -196,6 +196,10 @@ struct multi_submit_s { msg_t **ppMsgs; }; +/* some forward-definitions from the grammar */ +struct nvlst; +struct cnfobj; + #endif /* multi-include protection */ /* vim:set ai: */ diff --git a/tools/syslogd.c b/tools/syslogd.c index e2776c1..7aa22ac 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -460,8 +460,8 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags) pszTag[32] = '\0'; /* just to make sure... */ MsgSetTAG(pMsg, pszTag, len); } - pMsg->iFacility = LOG_FAC(pri); - pMsg->iSeverity = LOG_PRI(pri); + pMsg->iFacility = pri2fac(pri); + pMsg->iSeverity = pri2sev(pri); flags |= INTERNAL_MSG; pMsg->msgFlags = flags; @@ -474,7 +474,7 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags) * supressor statement. */ if(((Debug == DEBUG_FULL || !doFork) && ourConf->globals.bErrMsgToStderr) || iConfigVerify) { - if(LOG_PRI(pri) == LOG_ERR) + if(pri2sev(pri) == LOG_ERR) fprintf(stderr, "rsyslogd: %s\n", msg); } -- 2.1.0 ++++++ rsyslog-service-prepare.in ++++++ #!/bin/sh test -s "/etc/sysconfig/syslog" && \ . "/etc/sysconfig/syslog" run_dir="RUN_DIR" cfg_file="ADDITIONAL_SOCKETS" umask 0022 /bin/mkdir -p -m 0755 "${run_dir}" # # Prepare include with sockets in chroot's # > "${cfg_file}" for variable in ${!SYSLOGD_ADDITIONAL_SOCKET*}; do eval value=\$$variable test -z "$value" && continue test -d "${value%/*}" || continue echo "\$AddUnixListenSocket $value" done >> "${cfg_file}" # # make sure xconsole exists and is a pipe # if test -e /dev/xconsole -a ! -p /dev/xconsole ; then /bin/rm -f /dev/xconsole fi if test ! -e /dev/xconsole ; then /bin/mknod -m 0600 /dev/xconsole p /bin/chown root:tty /dev/xconsole restorecon /dev/xconsole 2> /dev/null fi exit 0 ++++++ rsyslog.conf.in ++++++ ## ## === When you're using remote logging, enable on-disk queues === ## === in rsyslog.d/remote.conf. When neccesary also set the === ## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, === ## === e.g. when rsyslog has to receive on a specific IP only. === ## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote ## filesystem, except on newer systems where initrd mounts /usr. ## [The modules are linked against libraries installed bellow of ## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## # # if you experience problems, check # http://www.rsyslog.com/troubleshoot for assistance # and report them at http://bugzilla.novell.com/ # # since rsyslog v3: load input modules # If you do not load inputs, nothing happens! # provides --MARK-- message capability (every 1 hour) $ModLoad immark.so $MarkMessagePeriod 3600 # provides support for local system logging (e.g. via logger command) $ModLoad imuxsock.so # reduce dupplicate log messages (last message repeated n times) $RepeatedMsgReduction on # kernel logging (may be also provided by /sbin/klogd) # see also http://www.rsyslog.com/doc-imklog.html. $ModLoad imklog.so # set log level 1 (same as in /etc/sysconfig/syslog). $klogConsoleLogLevel 1 # Use rsyslog native, rfc5424 conform log format as default # ($ActionFileDefaultTemplate RSYSLOG_FileFormat). # # To change a single file to use obsolete BSD syslog format # (rfc 3164, no high-precision timestamps), set the variable # bellow or append ";RSYSLOG_FileFormat" to the filename. # See # http://www.rsyslog.com/doc/rsyslog_conf_templates.html # for more informations. # #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Include config generated by /etc/init.d/syslog script # using the SYSLOGD_ADDITIONAL_SOCKET* variables in the # /etc/sysconfig/syslog file. # $IncludeConfig ADDITIONAL_SOCKETS # # Include config files, that the admin provided? : # $IncludeConfig ETC_RSYSLOG_D_GLOB ### # print most important on tty10 and on the xconsole pipe # if ( \ /* kernel up to warning except of firewall */ \ ($syslogfacility-text == 'kern') and \ ($syslogseverity <= 4 /* warning */ ) and not \ ($msg contains 'IN=' and $msg contains 'OUT=') \ ) or ( \ /* up to errors except of facility authpriv */ \ ($syslogseverity <= 3 /* errors */ ) and not \ ($syslogfacility-text == 'authpriv') \ ) \ then /dev/tty10 & |/dev/xconsole # Emergency messages to everyone logged on (wall) *.emerg :omusrmsg:* # enable this, if you want that root is informed # immediately, e.g. of logins #*.alert root # # firewall messages into separate file and stop their further processing # if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') \ then -/var/log/firewall & ~ # # acpid messages into separate file and stop their further processing # # => all acpid messages for debuging (uncomment if needed): #if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \ # -/var/log/acpid # # => up to notice (skip info and debug) if ($programname == 'acpid' or $syslogtag == '[acpid]:') and \ ($syslogseverity <= 5 /* notice */) \ then -/var/log/acpid & ~ # # NetworkManager into separate file and stop their further processing # if ($programname == 'NetworkManager') or \ ($programname startswith 'nm-') \ then -/var/log/NetworkManager & ~ # # email-messages # mail.* -/var/log/mail mail.info -/var/log/mail.info mail.warning -/var/log/mail.warn mail.err /var/log/mail.err # # news-messages # news.crit -/var/log/news/news.crit news.err -/var/log/news/news.err news.notice -/var/log/news/news.notice # enable this, if you want to keep all news messages # in one file #news.* -/var/log/news.all # # Warnings in one file # *.=warning;*.=err -/var/log/warn *.crit /var/log/warn # # the rest in one file # *.*;mail.none;news.none -/var/log/messages # # enable this, if you want to keep all messages # in one file #*.* -/var/log/allmessages # # Some foreign boot scripts require local7 # local0.*;local1.* -/var/log/localmessages local2.*;local3.* -/var/log/localmessages local4.*;local5.* -/var/log/localmessages local6.*;local7.* -/var/log/localmessages ### ++++++ rsyslog.d.remote.conf.in ++++++ ## ## === When you're using remote logging, enable on-disk queues === ## === in rsyslog.d/remote.conf. When neccesary also set the === ## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, === ## === e.g. when rsyslog has to receive on a specific IP only. === ## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote ## filesystem, except on newer systems where initrd mounts /usr. ## [The modules are linked against libraries installed bellow of ## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## # ######### Enable On-Disk queues for remote logging ########## # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. # #$WorkDirectory RSYSLOG_SPOOL_DIR # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # ######### Sending Messages to Remote Hosts ########## # Remote Logging using TCP for reliable delivery # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host # Remote Logging using UDP # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @remote-host # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API (if compiled to support it) #$ModLoad imtcp.so # load module ##$UDPServerAddress 10.10.0.1 # force to listen on this IP only, ## # needs SYSLOG_REQUIRES_NETWORK=yes. #$InputTCPServerRun <port> # Starts a TCP server on selected port # UDP Syslog Server: #$ModLoad imudp.so # provides UDP syslog reception ##$UDPServerAddress 10.10.0.1 # force to listen on this IP only, ## # needs SYSLOG_REQUIRES_NETWORK=yes. #$UDPServerRun 514 # start a UDP syslog server at standard port 514 ########### Encrypting Syslog Traffic with TLS ########## # -- TLS Syslog Server: ## make gtls driver the default #$DefaultNetstreamDriver gtls # ## certificate files #$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem #$DefaultNetstreamDriverCertFile ETC_RSYSLOG_D_DIR/server_cert.pem #$DefaultNetstreamDriverKeyFile ETC_RSYSLOG_D_DIR/server_key.pem # #$ModLoad imtcp # load TCP listener # #$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode #$InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated #$InputTCPServerRun 10514 # start up listener at port 10514 # # -- TLS Syslog Client: ## certificate files - just CA for a client #$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem # ## set up the action #$DefaultNetstreamDriver gtls # use gtls netstream driver #$ActionSendStreamDriverMode 1 # require TLS for the connection #$ActionSendStreamDriverAuthMode anon # server is NOT authenticated #*.* @@(o)server.example.net:10514 # send (all) messages ++++++ rsyslog.service.in.in ++++++ [Unit] Description=System Logging Service Requires=var-run.mount syslog.target After=var-run.mount Before=syslog.target Conflicts=syslog-ng.service syslogd.service [Service] Environment=RSYSLOGD_PARAMS= ExecStartPre=@sbindir@/rsyslog-service-prepare EnvironmentFile=-/etc/sysconfig/syslog ExecStart=@sbindir@/rsyslogd -n $RSYSLOGD_PARAMS ExecReload=/bin/kill -HUP $MAINPID Sockets=syslog.socket StandardOutput=null [Install] WantedBy=multi-user.target Alias=syslog.service ++++++ rsyslog.sysconfig ++++++ ## Type: string ## Default: "" ## Config: "" ## ServiceRestart: syslog # # Parameters for rsyslogd, except of the version compatibility (-c) # and the config file (-f), because they're used by sysconfig and # earlysysconfig init scripts. # # See also the RSYSLOGD_COMPAT_VERSION variable in this file, the # documentation provided in /usr/share/doc/packages/rsyslog/doc by # the rsyslog-doc package and the rsyslogd(8) and rsyslog.conf(5) # manual pages. # RSYSLOGD_PARAMS="" -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
