diff options
| author | Michael Biebl <biebl@debian.org> | 2009-01-19 13:34:43 +0100 |
|---|---|---|
| committer | Michael Biebl <biebl@debian.org> | 2009-01-19 13:34:43 +0100 |
| commit | a9a14cc4ca04738ea56eee92c98a63829bdbd438 (patch) | |
| tree | 1595de69e42dbcbbf38079a2f70391d491f8ebea | |
| parent | 84080b58f8c6c5c040723a02503ddd90f02b5898 (diff) | |
| download | rsyslog-a9a14cc4ca04738ea56eee92c98a63829bdbd438.tar.gz | |
Imported Upstream version 3.20.3upstream/3.20.3
| -rw-r--r-- | ChangeLog | 30 | ||||
| -rwxr-xr-x | configure | 20 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | doc/manual.html | 2 | ||||
| -rw-r--r-- | doc/v3compatibility.html | 6 | ||||
| -rw-r--r-- | runtime/net.c | 29 | ||||
| -rw-r--r-- | tools/omfile.c | 42 | ||||
| -rw-r--r-- | tools/rsyslogd.8 | 18 | ||||
| -rw-r--r-- | tools/syslogd.c | 7 |
9 files changed, 109 insertions, 47 deletions
@@ -1,4 +1,12 @@ --------------------------------------------------------------------------- +Version 3.20.3 [v3-stable] (rgerhards), 2009-01-19 +- doc bugfix: v3-compatiblity document had typo in config directive + thanks to Andrej for reporting this +- fixed a potential segfault condition with $AllowedSender directive + On HUP, the root pointers were not properly cleaned up. Thanks to + Michael Biebel, olgoat, and Juha Koho for reporting and analyzing + the bug. +--------------------------------------------------------------------------- Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04 - re-release of 3.20.1 with an additional fix, that could also lead to DoS; 3.20.1 has been removed from the official download archives @@ -206,6 +214,23 @@ Version 3.19.0 (rgerhards), 2008-05-06 - -c option no longer must be the first option - thanks to varmjofekoj for the patch --------------------------------------------------------------------------- +Version 3.18.7 (rgerhards), 2008-12-?? +======= +- fixed a potential segfault condition with $AllowedSender directive + On HUP, the root pointers were not properly cleaned up. Thanks to + Michael Biebel, olgoat, and Juha Koho for reporting and analyzing + the bug. +- some legacy options were not correctly processed. + Thanks to varmojfekoj for the patch. +- doc bugfix: some spelling errors in man pages corrected. Thanks to + Geoff Simmons for the patch. +--------------------------------------------------------------------------- +Version 3.18.6 (rgerhards), 2008-12-08 +- security bugfix: $AllowedSender was not honored, all senders were + permitted instead (see http://www.rsyslog.com/Article322.phtml) + (backport from v3-stable, v3.20.9) +- minor bugfix: dual close() call on tcp session closure +--------------------------------------------------------------------------- Version 3.18.5 (rgerhards), 2008-10-09 - bugfix: imudp input module could cause segfault on HUP It did not properly de-init a variable acting as a linked list head. @@ -877,10 +902,13 @@ Version 3.10.0 (rgerhards), 2008-01-07 mode --------------------------------------------------------------------------- Version 2.0.7 V2-STABLE (rgerhards), 2008-??-?? +- bugfix: "$CreateDirs off" also disabled file creation + Thanks to William Tisater for analyzing this bug and providing a patch. + The actual code change is heavily based on William's patch. - bugfix: memory leak in ompgsql Thanks to Ken for providing the patch --------------------------------------------------------------------------- -Version 2.0.6 V2-STABLE (rgerhards), 2008-??-?? +Version 2.0.6 V2-STABLE (rgerhards), 2008-08-07 - bugfix: memory leaks in rsyslogd, primarily in singlethread mode Thanks to Frederico Nunez for providing the fix - bugfix: copy&paste error lead to dangling if - this caused a very minor @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.63 for rsyslog 3.20.2. +# Generated by GNU Autoconf 2.63 for rsyslog 3.20.3. # # Report bugs to <rsyslog@lists.adiscon.com>. # @@ -750,8 +750,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='rsyslog' PACKAGE_TARNAME='rsyslog' -PACKAGE_VERSION='3.20.2' -PACKAGE_STRING='rsyslog 3.20.2' +PACKAGE_VERSION='3.20.3' +PACKAGE_STRING='rsyslog 3.20.3' PACKAGE_BUGREPORT='rsyslog@lists.adiscon.com' ac_unique_file="ChangeLog" @@ -1570,7 +1570,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures rsyslog 3.20.2 to adapt to many kinds of systems. +\`configure' configures rsyslog 3.20.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1640,7 +1640,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of rsyslog 3.20.2:";; + short | recursive ) echo "Configuration of rsyslog 3.20.3:";; esac cat <<\_ACEOF @@ -1776,7 +1776,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -rsyslog configure 3.20.2 +rsyslog configure 3.20.3 generated by GNU Autoconf 2.63 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1790,7 +1790,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by rsyslog $as_me 3.20.2, which was +It was created by rsyslog $as_me 3.20.3, which was generated by GNU Autoconf 2.63. Invocation command line was $ $0 $@ @@ -2506,7 +2506,7 @@ fi # Define the identity of the package. PACKAGE='rsyslog' - VERSION='3.20.2' + VERSION='3.20.3' cat >>confdefs.h <<_ACEOF @@ -29021,7 +29021,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by rsyslog $as_me 3.20.2, which was +This file was extended by rsyslog $as_me 3.20.3, which was generated by GNU Autoconf 2.63. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -29084,7 +29084,7 @@ Report bugs to <bug-autoconf@gnu.org>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -rsyslog config.status 3.20.2 +rsyslog config.status 3.20.3 configured by $0, generated by GNU Autoconf 2.63, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/configure.ac b/configure.ac index 7fa5901..7af05e4 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[3.20.2],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[3.20.3],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([ChangeLog]) AC_CONFIG_HEADERS([config.h]) diff --git a/doc/manual.html b/doc/manual.html index 12020fb..1d6f795 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -16,7 +16,7 @@ relay chains while at the same time being very easy to setup for the novice user. And as we know what enterprise users really need, there is also <a href="professional_support.html">professional rsyslog support</a> available directly from the source!</p> -<p><b>This documentation is for version 3.20.2 (v3-stable branch) of rsyslog.</b> +<p><b>This documentation is for version 3.20.3 (v3-stable branch) of rsyslog.</b> Visit the <i> <a href="http://www.rsyslog.com/doc-status.html">rsyslog status page</a></i></b> to obtain current version information and project status. </p><p><b>If you like rsyslog, you might diff --git a/doc/v3compatibility.html b/doc/v3compatibility.html index 5161994..ad8776b 100644 --- a/doc/v3compatibility.html +++ b/doc/v3compatibility.html @@ -95,7 +95,7 @@ set the local address the server should listen to via <b>$UDPServerAddress <p>The following example configures an UDP syslog server at the local address 192.0.2.1 on port 514:</p> <p><b>$ModLoad imudp<br> -$UDPSeverAddress 192.0.2.1 # this MUST be before the $UDPServerRun +$UDPServerAddress 192.0.2.1 # this MUST be before the $UDPServerRun directive!<br> $UDPServerRun 514</b></p> <p>"$UDPServerAddress *" means listen on all local interfaces. @@ -103,10 +103,10 @@ This is the default if no directive is specified.</p> <p>Please note that now multiple listeners are supported. For example, you can do the following:</p> <p><b>$ModLoad imudp<br> -$UDPSeverAddress 192.0.2.1 # this MUST be before the $UDPServerRun +$UDPServerAddress 192.0.2.1 # this MUST be before the $UDPServerRun directive!<br> $UDPServerRun 514<br> -$UDPSeverAddress * # all local interfaces<br> +$UDPServerAddress * # all local interfaces<br> $UDPServerRun 1514</b></p> <p>These config file settings run two listeners: one at 192.0.2.1:514 and one on port 1514, which listens on all local diff --git a/runtime/net.c b/runtime/net.c index ac13597..c5fa771 100644 --- a/runtime/net.c +++ b/runtime/net.c @@ -116,6 +116,30 @@ setAllowRoot(struct AllowedSenders **ppAllowRoot, uchar *pszType) finalize_it: RETiRet; } +/* re-initializes (sets to NULL) the correct allow root pointer + * rgerhards, 2009-01-12 + */ +static inline rsRetVal +reinitAllowRoot(uchar *pszType) +{ + DEFiRet; + + if(!strcmp((char*)pszType, "UDP")) + pAllowedSenders_UDP = NULL; + else if(!strcmp((char*)pszType, "TCP")) + pAllowedSenders_TCP = NULL; +#ifdef USE_GSSAPI + else if(!strcmp((char*)pszType, "GSS")) + pAllowedSenders_GSS = NULL; +#endif + else { + dbgprintf("program error: invalid allowed sender ID '%s', denying...\n", pszType); + ABORT_FINALIZE(RS_RET_CODE_ERR); /* everything is invalid for an invalid type */ + } + +finalize_it: + RETiRet; +} /* add a wildcard entry to this permitted peer. Entries are always @@ -556,6 +580,11 @@ clearAllowedSenders(uchar *pszType) free(pPrev->allowedSender.addr.NetAddr); free(pPrev); } + + /* indicate root pointer is de-init (was forgotten previously, resulting in + * all kinds of interesting things) -- rgerhards, 2009-01-12 + */ + reinitAllowRoot(pszType); } diff --git a/tools/omfile.c b/tools/omfile.c index 8144386..d76e24a 100644 --- a/tools/omfile.c +++ b/tools/omfile.c @@ -385,26 +385,30 @@ static void prepareFile(instanceData *pData, uchar *newFileName) */ if(makeFileParentDirs(newFileName, strlen((char*)newFileName), pData->fDirCreateMode, pData->dirUID, - pData->dirGID, pData->bFailOnChown) == 0) { - pData->fd = open((char*) newFileName, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY, - pData->fCreateMode); - if(pData->fd != -1) { - /* check and set uid/gid */ - if(pData->fileUID != (uid_t)-1 || pData->fileGID != (gid_t) -1) { - /* we need to set owner/group */ - if(fchown(pData->fd, pData->fileUID, - pData->fileGID) != 0) { - if(pData->bFailOnChown) { - int eSave = errno; - close(pData->fd); - pData->fd = -1; - errno = eSave; - } - /* we will silently ignore the chown() failure - * if configured to do so. - */ - } + pData->dirGID, pData->bFailOnChown) != 0) { + return; /* we give up */ + } + } + /* no matter if we needed to create directories or not, we now try to create + * the file. -- rgerhards, 2008-12-18 (based on patch from William Tisater) + */ + pData->fd = open((char*) newFileName, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY, + pData->fCreateMode); + if(pData->fd != -1) { + /* check and set uid/gid */ + if(pData->fileUID != (uid_t)-1 || pData->fileGID != (gid_t) -1) { + /* we need to set owner/group */ + if(fchown(pData->fd, pData->fileUID, + pData->fileGID) != 0) { + if(pData->bFailOnChown) { + int eSave = errno; + close(pData->fd); + pData->fd = -1; + errno = eSave; } + /* we will silently ignore the chown() failure + * if configured to do so. + */ } } } diff --git a/tools/rsyslogd.8 b/tools/rsyslogd.8 index fd7a537..ecf2635 100644 --- a/tools/rsyslogd.8 +++ b/tools/rsyslogd.8 @@ -68,7 +68,7 @@ are in order. First of all there has been a systematic attempt to ensure that rsyslogd follows its default, standard BSD behavior. Of course, some configuration file changes are necessary in order to support the template system. However, rsyslogd should be able to use a standard -syslog.conf and act like the orginal syslogd. However, an original syslogd +syslog.conf and act like the original syslogd. However, an original syslogd will not work correctly with a rsyslog-enhanced configuration file. At best, it will generate funny looking file names. The second important concept to note is that this version of rsyslogd @@ -92,13 +92,13 @@ the error element is ignored. It is tried to parse the rest of the line. .B -c option controls the backward compatibility mode in use. .TP .BI "\-A" -When sending UDP messages, there are potentially multiple pathes to +When sending UDP messages, there are potentially multiple paths to the target destination. By default, .B rsyslogd only sends to the first target it can successfully send to. If -A is given, messages are sent to all targets. This may improve -reliability, but may also cause message duplicaton. This option -should enabled only if it is fully understood. +reliability, but may also cause message duplication. This option +should be enabled only if it is fully understood. .TP .BI "\-4" Causes @@ -129,7 +129,7 @@ to sysklogd, which is the default if -c is not given. .B Please note that rsyslogd issues warning messages if the -c3 .B command line option is not given. This is to alert you that your are running in compatibility -mode. Compatibility mode interfers with you rsyslog.conf commands and +mode. Compatibility mode interferes with your rsyslog.conf commands and may cause some undesired side-effects. It is meant to be used with a plain old rsyslog.conf - if you use new features, things become messy. So the best advice is to work through this document, convert @@ -167,7 +167,7 @@ is started and controlled by .BR init (8). .TP .BI "\-q " "add hostname if DNS fails during ACL processing" -During ACL processing, hostnames are resolved to IP addreses for +During ACL processing, hostnames are resolved to IP addresses for performance reasons. If DNS fails during that process, the hostname is added as wildcard text, which results in proper, but somewhat slower operation once DNS is up again. @@ -190,7 +190,7 @@ no domain would be cut, you will have to specify two domains like: Print version and exit. .TP .B "\-w" -Supress warnings issued when messages are received from non-authorized +Suppress warnings issued when messages are received from non-authorized machines (those, that are in no AllowedSender list). .TP .B "\-x" @@ -344,7 +344,7 @@ you can't access the documentation... .TP .B RSYSLOG_DEBUGLOG -If set, writes (allmost) all debug message to the specified log file +If set, writes (almost) all debug message to the specified log file in addition to stdout. .TP .B RSYSLOG_MODDIR @@ -352,7 +352,7 @@ Provides the default directory in which loadable modules reside. .PD .SH BUGS Please review the file BUGS for up-to-date information on known -bugs and annouyances. +bugs and annoyances. .SH Further Information Please visit .BR http://www.rsyslog.com/doc diff --git a/tools/syslogd.c b/tools/syslogd.c index 439ca30..b32ce02 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -417,8 +417,9 @@ static void processImInternal(void); static int usage(void) { - fprintf(stderr, "usage: rsyslogd [-cversion] [-46AdnqQvwx] [-lhostlist] [-sdomainlist]\n" - " [-fconffile] [-ipidfile]\n" + fprintf(stderr, "usage: rsyslogd [-c<version>] [-46AdnqQvwx] [-l<hostlist>] [-s<domainlist>]\n" + " [-f<conffile>] [-i<pidfile>] [-M<module load path>]\n" + " [-u<number>]\n" "To run rsyslogd in native mode, use \"rsyslogd -c3 <other options>\"\n\n" "For further information see http://www.rsyslog.com/doc\n"); exit(1); /* "good" exit - done to terminate usage() */ @@ -3008,7 +3009,7 @@ int realMain(int argc, char **argv) * only when actually neeeded. * rgerhards, 2008-04-04 */ - while ((ch = getopt(argc, argv, "46a:Ac:def:g:hi:l:m:M:nopqQr::s:t:u:vwx")) != EOF) { + while ((ch = getopt(argc, argv, "46a:Ac:def:g:hi:l:m:M:nop:qQr::s:t:u:vwx")) != EOF) { switch((char)ch) { case '4': case '6': |