diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 1187 |
1 files changed, 1185 insertions, 2 deletions
@@ -1,4 +1,1184 @@ --------------------------------------------------------------------------- +Version 8.4.1 [v8-stable] 2014-09-30 +- imudp: add for bracketing mode, which makes parsing stats easier +- permit at-sign in variable names + closes: https://github.com/rsyslog/rsyslog/issues/110 +- bugfix: fix syntax error in anon_cc_numbers.py script + Thanks to github user anthcourtney for the patch. + closes: https://github.com/rsyslog/rsyslog/issues/109 +- bugfix: ompgsql: don't loose uncomitted data on retry + Thanks to Jared Johnson and Axel Rau for the patch. +- bugfix: imfile: if a state file for a different file name was set, + that different file (name) was monitored instead of the configured + one. Now, the state file is deleted and the correct file monitored. + closes: https://github.com/rsyslog/rsyslog/issues/103 +- bugfix: omudpspoof: source port was invalid + Thanks to Pavel Levshin for the patch +- bugfix: build failure on systems which don't have json_tokener_errors + Older versions of json-c need to use a different API (which don't exists + on newer versions, unfortunately...) + Thanks to Thomas D. for reporting this problem. +- bugfix: omelasticsearch does not work with broken/changed ES 1.0+ API + closes: https://github.com/rsyslog/rsyslog/issues/104 +- bugfix: mmanon did not properly anonymize IP addresses starting with '9' + Thanks to defa-at-so36.net for reporting this problem. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529 +- bugfix: build problems on SuSe Linux + Thanks Andreas Stieger for the patch +- bugfix: omelasticsearch error file did not work correctly on ES 1.0+ + due to a breaking change in the ElasticSearch API. + see also: https://github.com/rsyslog/rsyslog/issues/104 +- bugfix: potential abort when a message with PRI > 191 was processed + if the "pri-text" property was used in active templates, this could + be abused to a remote denial of service from permitted senders + see also: CVE-2014-3634 +--------------------------------------------------------------------------- +Version 8.4.0 [v8-stable] 2014-08-18 +- this is the new stable branch, which incorporates all enhancements of + rsyslog 8.3. +--------------------------------------------------------------------------- +Version 8.3.5 [v8-devel] 2014-08-05 +- mmjsonparse: support selectable cookie and target containers + This permits to put different meanings into a json formatted syslog + message, e.g. the "traditional" cee or cim data. +- bugfix: mmjsonparse did not build with json-c < 0.10 + This was a regression introduced some time in the past in order to + support API changes in json-c. Now we check for the version and use + proper code. +- omprog: emit error message via syslog() if loading binary fails + This happens after forking, so omprog has no longer access to rsyslog's + regular error reporting functions. Previously, this meant any error + message was lost. Now it is emitted via regular syslog (which may end up + in a different instance, if multiple instances run...) +- couple of patches imported from v7-stable (7.6.4) +--------------------------------------------------------------------------- +Version 8.3.4 [v8-devel] 2014-07-11 +- new pmciscoios parser supporting various Cisco IOS formats +- RFC3164 timestamp parser now accepts timezones and subsecond resolution + ... at least for some common formats and where we could do so without + running risk of breaking proper formats (or introducing regressions) +- new parser config object -- permits to define custom parser definitions +- new tzinfo config object -- permits to define time zone offsets + This is a utility object that currently is being used by some parsers. +- bugfix: mishandling of input modules not supporting new input instances + If they did not support this, accidently the output module part of the + module union was written, leading to unpredictable results. Note: all + core modules do support this interface, but some contributed or very + old ones do not. +- bugfix: double-free when ruleset() parser parameters were used + While unlikely, this could cause stability issues even after the + config phase. +--------------------------------------------------------------------------- +Version 8.3.3 [v8-devel] 2014-06-26 +- unify input object naming + imudp now supports "name" paramter, as other inputs do. "inputname" has + been deprecated, but can still be used. Same applies to "appendport" + subparamter". Thanks to "Nick Syslog" for the suggestion. +- made the missing (contributed) modules build under v8 [import from 8.2.2] + Modules: + * mmrfc5424addhmac + * omrabbitmq + * omgssapi + * omhdfs + * omzmq3 +- added a cleanup process (janitor); permits to close omfile files after a + timeout +- make omgssapi build under v8.3 [import vom v8.2] + note that we could do this to the stable, because there is NO regression + chance at all: only omgssapi was changed, and this module did NOT work + previously. +- removed obsolete --disable-fsstnd configure option + Thanks to Thomas D. for alerting us. + Closes: https://github.com/rsyslog/rsyslog/issues/72 +--------------------------------------------------------------------------- +Version 8.3.2 [v8-devel] 2014-05-02 +- new template options for date extraction: + - year + - month + - day + - wday + - hour + - minute + - second + - tzoffshour + - tzoffsmin + - tzoffsdirection + - wdayname + For string templates, these are property options and they are + prefixed with "date-" (e.g. "date-year", "date-month", ...) + see also: https://github.com/rsyslog/rsyslog/issues/65 +- bugfix: mmexternal remove framing char before processing JSON reply + This did not have any real bad effects, but caused unnecessary + processing, as empty replies were not properly detected. Otherwise, + the bug was not noticible from the user's PoV. +- bugfix: mmexternal segfault due to invalid free in non-json input mode + closes: https://github.com/rsyslog/rsyslog/issues/70 +- bugfix: mmexternal segfault when external plugin sent invalid reply + ... or no reply at all. This happened if the reply was imporper JSON. + Now, we emit an error message in those cases. + see also: https://github.com/rsyslog/rsyslog/issues/69 +- bugfix: mmexternal did potentially pass incomplete data to restarted + external plugin + This could happen if EPIPE was returned "too late", in which case the + beginning of the data could be lost. +- bugfix: mmexternal did not properly process messages over 4KiB + The data to be passed to the external plugin was truncated after 4KiB. + see: https://github.com/rsyslog/rsyslog/issues/64 +- imrelp: added support for per-listener ruleset and inputname + see: https://github.com/rsyslog/rsyslog/pull/63 + Thanks to bobthesecurityguy github user for the patch +--------------------------------------------------------------------------- +Version 8.3.1 [v8-devel] 2014-04-24 +- external message modification interface now support modifying message PRI +- "jsonmesg" property will include uuid only if one was previously generated + This is primarily a performance optimization. Whenever the message uuid + is gotten, it is generated when not already present. As we used the + regular setter, this means that always the uuid was generated, which is + quite time-consuming. This has now been changed so that it only is + generated if it already exists. That also matches more closly the + semantics, as "jsonmesg" should not make modifications to the message. + Note that the same applies to "fulljson" passing mode for external + plugins. +- added plugin to rewrite message facility and/or severity + Name: fac-sever-rewrite.py +- permits to build against json-c 0.12 + Unfortunately, json-c had an ABI breakage, so this is necessary. Note + that versions prior to 0.12 had security issues (CVE-2013-6370, + CVE-2013-6371) and so it is desirable to link against the new version. + Thanks to Thomas D. for the patch. Note that at least some distros + have fixed the security issue in older versions of json-c, so this + seems to apply mostly when building from sources. +- bugfix: using UUID property could cause segfault +- bugfix/mmexternal: memory leak +- bugfix: memory leak when using "jsonmesg" property +- bugfix: mmutf8fix did not detect two invalid sequences + Thanks to Axel Rau for the patch. +- bugfix: build problems with lexer.l on some platforms + For some reason, the strdup() prototype and others are missing. I admit + that I don't know why, as this happens only in 8.3.0+ and there is no + indication of changes to the affected files. In any case, we need to + fix this, and the current solution works at least as an interim one. +--------------------------------------------------------------------------- +Version 8.3.0 [v8-devel] 2014-04-10 +- new plugin for anonymizing credit card numbers + Thanks to Peter Slavov for providing the code. +- external message modification modules are now supported + They are bound via the new native module "mmexternal". Also, a sample + skeleton for an external python message modification module has been + added. +- new $jsonmesg property with JSON representation of whole message object + closes: https://github.com/rsyslog/rsyslog/issues/19 +- improved error message for invalid field extraction in string template + see also: + http://kb.monitorware.com/problem-with-field-based-extraction-t12299.html +- fix build problems on Solaris +- NOTE: a json-c API that we begun to use requires the compiler to be in + c99 mode. By default, we select it automatically. If you modify this and + use gcc, be sure to include "-std=c99" in your compiler flags. This seems + to be necessary only for older versions of gcc. +--------------------------------------------------------------------------- +Version 8.2.3 [v8-stable] 2014-??-?? +- bugfix: ommysql: handle/mem leak upon termination of worker thread + This could become bad if the (instance) worker threads are often + started and terminated. But it takes quite a while to show effect. +--------------------------------------------------------------------------- +Version 8.2.2 [v8-stable] 2014-06-02 +- made the missing (contributed) modules build under v8 + Note that we could do this to the stable, because there is NO regression + chance at all: only the modules themselves were changed, and they did + NOT work at all previously. Please also note that most of these modules + did not yet receive real testing. As we don't have the necessary + environments (easily enough available), we depend on users submitting + error reports and helping to iron out any issues that may arise. + Modules: + * mmrfc5424addhmac + * omrabbitmq + * omgssapi + * omhdfs + * omzmq3 +--------------------------------------------------------------------------- +Version 8.2.1 [v8-stable] 2014-04-17 +- permits to build against json-c 0.12 + Unfortunately, json-c had an ABI breakage, so this is necessary. Note + that versions prior to 0.12 had security issues (CVE-2013-6370, + CVE-2013-6371) and so it is desirable to link against the new version. + Thanks to Thomas D. for the patch. Note that at least some distros + have fixed the security issue in older versions of json-c, so this + seems to apply mostly when building from sources. +- doc is no longer shipped as part of the rsyslog tarball + Instead, the rsyslog-doc project creates its own tarball. This is the + result of a mailing list discussion after the 8.2.0 release with a + tarball-in-tarball approach, which was disliked by almost all distro + maintainers. This move also has the advantage of de-coupling the + release cycles of both projects a bit (which turned out to be a bit + problematic in practice). +- bugfix: mmutf8fix did not detect two invalid sequences + Thanks to Axel Rau for the patch. +--------------------------------------------------------------------------- +Version 8.2.0 [v8-stable] 2014-04-02 +This starts a new stable branch based on 8.1.6 plus the following changes: +- we now use doc from the rsyslog-doc project + As such, the ./doc subtree has been removed. Instead, a cache of the + rsyslog-doc project's files has been included in ./rsyslog-doc.tar.gz. + Note that the exact distribution mode for the doc is still under + discussion and may change in future releases. + This was agreed upon on the rsyslog mailing list. For doc issues + and corrections, be sure to work with the rsyslog-doc project. It is + currently hosted at https://github.com/rsyslog/rsyslog-doc +- add support for specifying the liblogging-stdlog channel spec + new global parameter "stdlog.channelspec" +- add "defaultnetstreamdrivercertfile" global variable to set a default + for the certfile. + Thanks to Radu Gheorghe for the patch. +- omelasticsearch: add new "usehttps" parameter for secured connections + Thanks to Radu Gheorghe for the patch. +- "action resumed" message now also specifies module type + which makes troubleshooting a bit easier. Note that we cannot output all + the config details (like destination etc) as this would require much more + elaborate code changes, which we at least do not like to do in the + stable version. +- add capability to override GnuTLS path in build process + Thanks to Clayton Shotwell for the patch +- better and more consistent action naming, action queues now always + contain the word "queue" after the action name +- bugfix: ompipe did resume itself even when it was still in error + See: https://github.com/rsyslog/rsyslog/issues/35 + Thanks to github user schplat for reporting +- bugfix: ompipe used invalid default template + This is a regression from an old change (didn't track it down precisely, + but over a year ago). It used the Forwarding template instead of + the file template (so we have a full syslog header). This fix corrects + it back to previous behaviour, but new scripts that used the wrong + format may now need to have the RSYSLOG_ForwardingFormat template + explicitely be applied. + closes: https://github.com/rsyslog/rsyslog/issues/50 +--------------------------------------------------------------------------- +Version 8.1.6 [release candidate] 2014-02-20 +- omfile: permit to set global defaults for action parameters + Thanks to Nathan Brown for the patch. + See also: https://github.com/rsyslog/rsyslog/pull/23 +- add capability to escape control characters in the C way of doing it + adds new global parameter "parser.escapeControlCharactersCStyle" + Thanks to Nathan Brown for the patch. + See also: https://github.com/rsyslog/rsyslog/pull/13 +- parser global parameters can now be set using RainerScript global() + Thanks to Nathan Brown for the patch. + See also: https://github.com/rsyslog/rsyslog/pull/23 +- omprog: guard program-to-be-executed against CTL-C + This can frequently happen in debug mode, where rsyslog is terminated + by ctl-c. In any case, SIGINT is not meant to control the child process, + so it should be blocked. +- omprog bugfix: parameter "forceSingleInstance" is NOT mandatory +- add new jsonr property replacer option + Thanks to Nathan Brown for the patch. +- added external plugin interface +- ommongodb: add authentication support (untested) + Thanks to JT for the patch. + See also: https://github.com/rsyslog/rsyslog/pull/17 +- bugfix: json templates are improperly created + Strings miss the terminating NUL character, which obviously can lead + to all sorts of problems. + See also: https://github.com/rsyslog/rsyslog/issues/27 + Thanks to Alain for the analysis and the patch. +- ompgsql bugfix: improper handling of auto-backgrounding mode + If rsyslog was set to auto-background itself (default code behaviour, but + many distros now turn it off for good reason), ompgsql could not + properly connect. This could even lead to a segfault. The core reason + was that a PG session handle was kept open over a fork, something that + is explicitely forbidden in the PG API. + Thanks to Alain for the analysis and the patch. +- bugfix: ommongodb's template parameter was mandatory but should have + been optional + Thanks to Alain for the analysis and the patch. +- bugfix: end of batch processing was not 100% correct. Could lead to + outputs not properly wirting messages. At least omelasticsearch did not + write anything to the database due to this bug. + See: https://github.com/rsyslog/rsyslog/issues/10 + Thanks to Radu Gheorghe for reporting the issue. +--------------------------------------------------------------------------- +Version 8.1.5 [devel] 2014-01-24 +- omprog: ability to execute multiple program instances per action + It can now execute one program instance per worker thread. This is + generally a very good thing the have performance wise. Usually, this + should cause no problems with the invoked program. For that reason, + we have decided to make this the default mode of operation. If not + desired, it can be turned off via the 'forceSingleInstance="on"' + action parameter. + CHANGE OF BEHAVIOUR: previous versions did always execute only one + instance per action, no matter how many workers were active. If + your program has special needs, you need to change your configuration. +- imfile now supports inotify (but must be explicitely turned on) +- imfile no longer has a limit on number of monitored files +- added ProcessInternalMessages global system parameter + This permits to inject rsyslog status messages into *another* main + syslogd or the journal. +- new dependency: liblogging-stdlog (for submitting to external logger) +- bugfix: imuxsock input parameters were not accepted + due to copy&paste error. Thanks to Andy Goldstein for the fix. +--------------------------------------------------------------------------- +Version 8.1.4 [devel] 2014-01-10 +- add exec_template() RainerScript function +- imrelp: support for TCP KEEPALIVE added +- bumped librelp dependency to 1.2.2 to support new KEEPALIVE feature +- Add directives for numerically specifying GIDs/UIDs + The already present directives (FileOwner, FileGroup, DirOwner, + DirGroup) translate names to numerical IDs, which depends on the user + information being available during rsyslog's startup. This can fail if + the information is obtained over a network or from a service such as + SSSD. The new directives provide a way to specify the numerical IDs + directly and bypass the lookup. + Thanks to Tomas Heinrich for the patch. +- bugfix: action commitTransaction() processing did not properly handle + suspended actions +- bugfix: omelasticsearch fail.es stats counter was improperly maitained +--------------------------------------------------------------------------- +Version 8.1.3 [devel] 2013-12-06 + +THIS VERSION CAN BE CONSIDERED A "NORMAL" DEVEL RELEASE. It's no longer +highly experimental. This assertion is based on real-world feedback. + +- changes to the strgen module interface +- new output module interface for transactional modules +- performance improvements + * reduced number of malloc/frees due to further changes to the + output module interface + * reduced number of malloc/frees during string template processing + We now re-use once allocated string template memory for as long + as the worker thread exists. This saves us from doing new memory + allocs (and their free counterpart) when the next message is + processed. The drawback is that the cache always is the size of + the so-far largest message processed. This is not considered a + problem, as in any case a single messages' memory footprint should + be far lower than that of a whole set of messages (especially on + busy servers). + * used variable qualifiers (const, __restrict__) to hopefully help + the compiler generate somewhat faster code +- failed action detection more precisely for a number of actions + If an action uses string parameter passing but is non-transactional + it can be executed immediately, giving a quicker indicatio of + action failure. +- bugfix: limiting queue disk space did not work properly + * queue.maxdiskspace actually initializes queue.maxfilesize + * total size of queue files was not checked against + queue.maxdiskspace for disk assisted queues. + Thanks to Karol Jurak for the patch. +--------------------------------------------------------------------------- +Version 8.1.2 [experimental] 2013-11-28 +- support for liblognorm1 added - results in performance improvements + Thanks to Pavel Levshin for his work in this regard. +- support for jemalloc added via --enable-jemalloc + Thanks to Pavel Levshin for suggesting jemalloc + Note that build system is experimental at this stage. +- queue defaults have changed + * high water mark is now dynamically 90% of queue size + * low water makr is now dynamically 70% of queue size + * queue.discardMark is now dynamically 98% of queue size + * queue.workerThreadMinimumMessage set to queue.size / num workers + For queues with very low queue.maxSize (< 100), "emergency" defaults + will be used. +- bugfix: disk queues created files in wrong working directory + if the $WorkDirectory was changed multiple times, all queues only + used the last value set. +- bugfix: legacy directive $ActionQueueWorkerThreads was not honored +- bugfix: mmrfc5424addhmac: "key" parameter was not properly processed +--------------------------------------------------------------------------- +Version 8.1.1 [experimental] 2013-11-19 +- bugfix: STOP/discard(~) was mostly NOT honored + This lead to execution of config code that was not meant to be executed. +- bugfix: memory leak on worker thread termination +- bugfix: potential segfault in omfile under heavy load + Thanks to Pavel Levshin for alerting us. +- bugfix: mmsequence: instance mode did not work + Thanks to Pavel Levshin for the patch +- bugfix: segfault on startup when certain script constructs are used + e.g. "if not $msg ..." +- omhiredis: now supports v8 output module interface and works again + Thanks to Pavel Levshin for the patch +- mmaudit: now supports v8 output module interface and work again +- bugfix: potential abort on startup in debug mode + This depends on template type being used. The root cause was a + non-necessary debug output, which were at the wrong spot (leftover from + initial testing). + Thanks to Pavel Levshin for alerting us and providing a patch + proposal. +--------------------------------------------------------------------------- +Version 8.1.0 [experimental] 2013-11-15 +- rewritten core engine for higher performance and new features + In detail: + * completely rewritten rule execution engine + * completely changed output module interface + * remodelled output module interface + * enabled important output modules to support full concurrent + operation + The core engine has been considerably changed and must be considered + experimental at this stage. Note that it does not yet include all + features planned for v8, but is close to this goal. In theory, the + engine should perform much better, especially on complex configurations + and busy servers. Most importantly, actions instances can now be called + concurrently from worker threads and many important output modules + support multiple concurrent action instances natively. +- module omruleset is no longer enabled by default. + Note that it has been deprecated in v7 and been replaced by the "call" + statement. Also, it can still be build without problems, the option must + just explicitely be given. +--------------------------------------------------------------------------- +Version 7.6.6 [v7.6-stable] 2014-09-30 +- bugfix: potential abort when a message with PRI > 191 was processed + if the "pri-text" property was used in active templates, this could + be abused to a remote denial of service from permitted senders + see also: CVE-2014-3634 +- bugfix: potential segfault on startup on 64 bit systems + This happened immediately on startup during config processing. Once + rsyslog got past this stage, it could not happen. +- bugfix: build problems on SuSe Linux + Thanks Andreas Stieger for the patch +--------------------------------------------------------------------------- +Version 7.6.5 [v7.6-stable] 2014-09-17 +- bugfix: in 7.6.4, pri-based filters did not work correctly + messages were distributed to the wrong bins. +- bugfix: build problems on systems without atomic instructons + e.g. RHEL 5; backport from v8 +--------------------------------------------------------------------------- +Version 7.6.4 [v7.6-stable] 2014-09-12 +- add --enable-generate-man-pages configure switch (default: enabled) + This forces generation of man pages, even if cached ones exists. This + "fixes" a typical release tarball nit. While it is hackish, the + benefit is clear given the history of failed tarball releases since + we changed the cached man page handling. It was just too easy to get + that wrong. +- removed obsolete --disable-fsstnd configure option + Thanks to Thomas D. for alerting us. + Closes: https://github.com/rsyslog/rsyslog/issues/72 +- permits to build against json-c 0.12 + Unfortunately, json-c had an ABI breakage, so this is necessary. Note + that versions prior to 0.12 had security issues (CVE-2013-6370, + CVE-2013-6371) and so it is desirable to link against the new version. + Thanks to Thomas D. for the patch. Note that at least some distros + have fixed the security issue in older versions of json-c, so this + seems to apply mostly when building from sources. +- new omfile default module parameters + * filecreatemode + * fileowner + * fileownernum + * filegroup + * filegroupnum + * dirowner + * dirownernum + * dirgroup + * dirgroupnum + Thanks to Karol Jurak for the patch. +- bugfix: memory leak in TCP TLS mode +- bugfix: imfile: if a state file for a different file name was set, + that different file (name) was monitored instead of the configured + one. Now, the state file is deleted and the correct file monitored. + closes: https://github.com/rsyslog/rsyslog/issues/103 +- bugfix: using UUID property could cause segfault +- bugfix: mmutf8fix did not detect two invalid sequences + Thanks to Axel Rau for the patch. +- bugfix: file descriptor leak with Guardtime signatures + When a .gtstate file is opened it is never closed. This is especially + bad when dynafiles frequently get evicted from dynafile cache and be + re-opened again. +- bugfix: busy loop in tcp listener when running out of file descriptors + Thanks to Susant Sahani for the patch. +- bugfix: mishandling of input modules not supporting new input instances + If they did not support this, accidently the output module part of the + module union was written, leading to unpredictable results. Note: all + core modules do support this interface, but some contributed or very + old ones do not. +- bugfix: double-free when ruleset() parser parameters were used + While unlikely, this could cause stability issues even after the + config phase. +- bugfix: output modules with parameters with multiple passing modes + could caused strange behaviour including aborts + This was due to the fact that the action module only preserved and + processed the last set passing mode. Note that this was not a problem + for the plugins provided by the rsyslog git: none of them uses different + passing modes. + Thanks to Tomas Heinrich for providing a very detailled bug report. +- various fixes after coverty scan + These do not address issues seen in practice but those seen by the tool. + Some of them may affect practical deployments. + Thanks to Tomas Heinrich for the patches. +- bugfix imuxsock: "Last message repeated..." was not emitted at shutdown + The "Last message repeated..." notice didn't get printed if rsyslog was + shut down before the repetition was broken. + Thanks to Tomas Heinrich for the patch. +- bugfix: make dist failed when GUARDTIME or LIBGCRYPT feature was disabled +- bugfix: mmjsonparse did not build with json-c < 0.10 + This was a regression introduced some time in the past in order to + support API changes in json-c. Now we check for the version and use + proper code. +- bugfix: mmanon did not properly anonymize IP addresses starting with '9' + Thanks to defa-at-so36.net for reporting this problem. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529 +--------------------------------------------------------------------------- +Version 7.6.3 [v7.6-stable] 2014-03-27 +- add capability to override GnuTLS path in build process + Thanks to Clayton Shotwell for the patch +- support for librelp 1.2.5 + Support new return states of librelp 1.2.5 to emit better error messages + For obvious reasons, librelp 1.2.5 is now required. +- bugfix: ompipe used invalid default template + This is a regression from an old change (didn't track it down precisely, + but over a year ago). It used the Forwarding template instead of + the file template (so we have a full syslog header). This fix corrects + it back to previous behaviour, but new scripts that used the wrong + format may now need to have the RSYSLOG_ForwardingFormat template + explicitely be applied. + closes: https://github.com/rsyslog/rsyslog/issues/50 +- bugfix: ompipe did emit many suspension messages for /dev/xconsole + (hopefully now) closes: https://github.com/rsyslog/rsyslog/issues/35 + When it was present, but nobody reading from it. The problem + is the way the rsyslog v7 engine tries to resolve failures in outputs. + It does some retries, and along those lines some state information gets + lost and it is close to impossible to retain it. However, the actual + root problem is that ompipe does not reliably detect if it is able to + recover. The problem here is that it actually does not know this + before it does an actual write. These two things together mess up the + logic that suppresses invalid resumption/suspension messages + (actually, the plugin switches state really that often). + Nevertheless, the prime problem with /dev/xconsole (and probably + most other pipes as well) is that it gets full. So I have now added + code that checks, during resume processing, if the pipe is writable. + If it is not, resume is deferred. That should address the case. +--------------------------------------------------------------------------- +Version 7.6.2 [v7.6-stable] 2014-03-17 +- support for librelp 1.2.4 + This was necessary due to the problems with librelp 1.2.3 API stability. + We now use the new native 1.2.4 APIs to learn about the state of + librelp's TLS support. + For obvious reasons, librelp 1.2.4 is now required. +--------------------------------------------------------------------------- +Version 7.6.1 [v7.6-stable] 2014-03-13 +- added "action.reportSuspension" action parameter + This now permits to control handling on a per-action basis rather to + the previous "global setting only". +- "action resumed" message now also specifies module type + which makes troubleshooting a bit easier. Note that we cannot output all + the config details (like destination etc) as this would require much more + elaborate code changes, which we at least do not like to do in the + stable version. +- better and more consistent action naming, action queues now always + contain the word "queue" after the action name +- add support for "tls-less" librelp + we now require librelp 1.2.3, as we need the new error code definition + See also: https://github.com/rsyslog/librelp/issues/1 +- build system improvements + * autoconf subdir option + * support for newer json-c packages + Thanks to Michael Biebl for the patches. +- imjournal enhancements: + * log entries with empty message field are no longer ignored + * invalid facility and severity values are replaced by defaults + * new config parameters to set default facility and severity + Thanks to Tomas Heinrich for implementing this +- bugfix: ompipe did resume itself even when it was still in error + See: https://github.com/rsyslog/rsyslog/issues/35 + Thanks to github user schplat for reporting +- bugfix: "action xxx suspended" did report incorrect error code +- bugfix: ommongodb's template parameter was mandatory but should have + been optional + Thanks to Alain for the analysis and the patch. +- bugfix: only partial doc was put into distribution tarball + Thanks to Michael Biebl for alerting us. + see also: https://github.com/rsyslog/rsyslog/issues/31 +- bugfix: async ruleset did process already-deleted messages + Thanks to John Novotny for the patch. +--------------------------------------------------------------------------- +Version 7.6.0 [v7.6-stable] 2014-02-12 +This starts a new stable branch based on 7.5.8 plus the following changes: +- bugfix: imuxsock input parameters were not accepted + due to copy&paste error. Thanks to Andy Goldstein for the fix. +- added ProcessInternalMessages global system parameter + This permits to inject rsyslog status messages into *another* main + syslogd or the journal. +- new dependency: liblogging-stdlog (for submitting to external logger) +- bugfix: json templates are improperly created + Strings miss the terminating NUL character, which obviously can lead + to all sorts of problems. + See also: https://github.com/rsyslog/rsyslog/issues/27 + Thanks to Alain for the analysis and the patch. +- ompgsql bugfix: improper handling of auto-backgrounding mode + If rsyslog was set to auto-background itself (default code behaviour, but + many distros now turn it off for good reason), ompgsql could not + properly connect. This could even lead to a segfault. The core reason + was that a PG session handle was kept open over a fork, something that + is explicitely forbidden in the PG API. + Thanks to Alain for the analysis and the patch. +--------------------------------------------------------------------------- +Version 7.5.8 [v7-release candidate] 2014-01-09 +- add exec_template() RainerScript function +- add debug.onShutdown and debug.logFile global paramters + These enebale the new "debug on shutdown" mode, which can be used to + track hard to find problems that occur during system shutdown. +- Add directives for numerically specifying GIDs/UIDs + The already present directives (FileOwner, FileGroup, DirOwner, + DirGroup) translate names to numerical IDs, which depends on the user + information being available during rsyslog's startup. This can fail if + the information is obtained over a network or from a service such as + SSSD. The new directives provide a way to specify the numerical IDs + directly and bypass the lookup. + Thanks to Tomas Heinrich for the patch. +- actions now report if they suspend and resume themselves + this is by default on and controllable by the action.reportSuspension + global parameter +- bugfix: omelasticsearch fail.es stats counter was improperly maintained +- bugfix: mmrfc5424addhmac: "key" parameter was not properly processed +- add new impstats action counters: + * suspended + * suspended.duration + * resumed +--------------------------------------------------------------------------- +Version 7.5.7 [v7-devel] 2013-11-25 +- queue defaults have changed + * high water mark is now dynamically 90% of queue size + * low water makr is now dynamically 70% of queue size + * queue.discardMark is now dynamically 98% of queue size + * queue.workerThreadMinimumMessage set to queue.size / num workers + For queues with very low queue.maxSize (< 100), "emergency" defaults + will be used. +- worker thread pool handling has been improved + Among others, permits pool to actually shrink (was quite hard with + previous implementation. This will also improve performance and/or + lower system overhead on busy systems. + Thanks to Pavel Levshin for the enhancement. +- bugfix: mmpstrucdata generated inaccessible properties +- bugfix: RainerScript optimizer did not optimize PRI filters + things like "if $syslogfacility-text == "local3"" were not converted + to PRIFILT. This was a regression introduced in 7.5.6. +- bugfix: legacy directive $ActionQueueWorkerThreads was not honored +- bugfix: segfault on startup when certain script constructs are used + e.g. "if not $msg ..." +- bugfix: ommysql lost configfile/section parameters after first close + This means that when a connection was broken, it was probably + re-instantiated with different parameters than configured. +- bugfix: regression in template processing with subtrees in templates + Thanks to Pavel Levshin for the fix +- bugfix: regular worker threads are not properly (re)started if DA + mode is active. + This occurs only under rare conditions, but definitely is a bug that + needed to be addressed. It probably is present since version 4. + Note that this patch has not been applied to v7.4-stable, as it + is very unlikely to happen and the fix itself has some regression + potential (the fix looks very solid, but it addresses a core component). + Thanks to Pavel Levshin for the fix +- now emit warning message if om with msg passing mode uses action queue + These can modify the message, and this causes races. +- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work + Thanks to Tomas Heinrich for the patch. +--------------------------------------------------------------------------- +Version 7.5.6 [devel] 2013-10-29 +- impstats: add capability to bind to a ruleset +- improved performance of RainerScript variable access + by refactoring the whole body of variable handling code. This also + solves some of the anomalies experienced in some versions of rsyslog. + All variable types are now handled in unified code, including + access via templates. +- RainerScript: make use of 64 bit for numbers where available + Thanks to Pavel Levshin for enhancement. +- slight performance optimization if GCC is used + We give branch prediction hints for the frequent RETiRet macro which is + used for error handling. Some slight performance gain is to be expected + from that. +- removed global variable support + The original idea was not well thought out and global variables, as + implemented, worked far different from what anybody would expect. As + such, we consider the current approach as an experiment that did not + work out and opt to removing it, clearing the way for a better future + solution. Note: global vars were introduced in 7.5.3 on Sept, 11th 2013. +- new module mmsequence, primarily used for action load balancing + Thanks to Pavel Levshin for contributing this module. +- bugfix: unset statement always worked on message var, even if local + var was given +- imudp: support for binding to ruleset added +- bugfix: segfault if variable was assigned to non-container subtree + Thanks to Pavel Levshin for the fix +- bugfix: imuxsock did not suport addtl sockets if syssock was disabled + Thanks to Pavel Levshin for the fix +- bugfix: running imupd on multiple threads lead to segfault if recvmmsg + is available +- bugfix: imudp when using recvmmsg could report wrong sender IP +- bugfix: segfault if re_extract() function was used and no match found +- bugfix: omelasticsearch did not compile on platforms without atomic + instructions +- bugfix: potential misadressing on startup if property-filter was used + This could happen if the property name was longer than 127 chars, a case + that would not happen in practice. +- bugfix: invalid property filter was not properly disabled in ruleset + Note: the cosmetic memory leak introduced with that patch in 7.4.5 is + now also fixed. +- imported bugfixes from 7.4.6 stable release +--------------------------------------------------------------------------- +Version 7.5.5 [devel] 2013-10-16 +- imfile: permit to monitor an unlimited number of files +- imptcp: add "defaultTZ" input parameter +- imudp: support for multiple receiver threads added +- imudp: add "dfltTZ" input config parameter +- bugfix: memory leak in mmnormalize +- bugfix: mmutf8fix did not properly handle invalid UTF-8 at END of message + if the very last character sequence was too long, this was not detected + Thanks to Risto Vaarandi for reporting this problem. +- mmanon: removed the check for specific "terminator characters" after + last octet. As it turned out, this didn't work in practice as there + was an enormous set of potential terminator chars -- so removing + them was the best thing to do. Note that this may change behaviour of + existing installations. Yet, we still consider this an important + bugfix, that should be applied to the stable branch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477 + Thanks to Muri Cicanor for initiating the discussion +- now requires libestr 0.1.7 as early versions had a nasty bug in + string comparisons +- bugfix: mmanon did not detect all IP addresses in rewrite mode + The problem occured if two IPs were close to each other and the first one + was shrunk. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: mmanon sometimes used invalid replacement char in simple mode + depending on configuration sequence, the replacement character was set + to 's' instead of the correct value. Most importantly, it was set to + 's' if simple mode was selected and no replacement char set. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: memory leak in mmnormalize +- bugfix: array-based ==/!= comparisions lead to invalid results + This was a regression introduced in 7.3.5 bei the PRI optimizer +--------------------------------------------------------------------------- +Version 7.5.4 [devel] 2013-10-07 +- mmpstrucdata: new module to parse RFC5424 structured data into json + message properties +- change main/ruleset queue defaults to be more enterprise-like + new defaults are queue.size 100,000 max workers 2, worker + activation after 40,000 msgs are queued, batch size 256. These settings + are much more useful for enterprises and will not hurt low-end systems + that much. This is part of our re-focus on enterprise needs. +- omfwd: new action parameter "maxErrorMessages" added +- omfile: new module parameters to set action defaults added + * dirCreateMode + * fileCreateMode +- mmutf8fix: new module to fix invalid UTF-8 sequences +- imuxsock: handle unlimited number of additional listen sockets +- doc: improve usability by linking to relevant web ressources + The idea is to enable users to quickly find additional information, + samples, HOWTOs and the like on the main site. + At the same time, (very) slightly remove memory footprint when + few listeners are monitored. +- bugfix: omfwd parameter streamdrivermmode was not properly handled + it was always overwritten by whatever value was set via the + legacy directive $ActionSendStreamDriverMode +- imtcp: add streamdriver.name module parameter + permits overriding the system default stream driver (gtls, ptcp) +- bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled + Thanks to Jonny Törnbom for reporting this problem +- imported bugfixes from 7.4.4 +--------------------------------------------------------------------------- +Version 7.5.3 [devel] 2013-09-11 +- imfile: support for escaping LF characters added + embedded LF in syslog messages cause a lot of trouble. imfile now has + the capability to escape them to "#012" (just like the regular control + character escape option). This requires new-style input statements to be + used. If legacy configuration statements are used, LF escaping is always + turned off to preserve compatibility. + NOTE: if input() statements were already used, there is a CHANGE OF + BEHAVIOUR: starting with this version, escaping is enabled by + default. So if you do not want it, you need to add + escapeLF="off" + to the input statement. Given the trouble LFs cause and the fact + that the majority of installations still use legacy config, we + considered this behaviour change acceptable and useful. + see also: http://blog.gerhards.net/2013/09/imfile-multi-line-messages.html +- add support for global and local variables +- bugfix: queue file size was not correctly processed + this could lead to using one queue file per message for sizes >2GiB + Thanks to Tomas Heinrich for the patch. +- add main_queue() configuration object to configure main message queue +- bugfix: stream compression in imptcp caused timestamp to be corrupted +- imudp: add ability to specify SO_RCVBUF size (rcvbufSize parameter) +- imudp: use inputname for statistics, if configured +- impstats: add process resource usage counters [via getrusage()] +- impstats: add paramter "resetCounters" to report delta values + possible for most, but not all, counters. See doc for details. +- librelp 1.2.0 is now required +- make use of new librelp generic error reporting facility + This leads to more error messages being passed to the user and + thus simplified troubleshooting. +- bugfix: very small memory leak in imrelp + more or less cosmetic, a single memory block was not freed, but this + only happens immediately before termination (when the OS automatically + frees all memory). Still an annoyance e.g. in valgrind. +- fix compile problem in debug build +- imported fixes from 7.4.4 +--------------------------------------------------------------------------- +Version 7.5.2 [devel] 2013-07-04 +- librelp 1.1.4 is now required + We use API extensions for better error reporting and higher performance. +- omrelp: use transactional mode to make imrelp emit bulk sends +- omrelp: add "windowSize" parameter to set custom RELP window size +- bugfix: double-free in omelasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 + a security advisory for this bug is available at: + http://www.lsexperts.de/advisories/lse-2013-07-03.txt + CVE: CVE-2013-4758 + PLEASE NOTE: This issue only existed if omelasticsearch was used + in a non-default configuration, where the "errorfile" parameter + was specified. Without that parameter set, the bug could not + be triggered. + Thanks to Markus Vervier and Marius Ionescu for providing a detailled + bug report. Special thanks to Markus for coordinating his security + advisory with us. +- doc: fixed various typos + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=391 + Thanks to Georgi Georgiev for the patch. +--------------------------------------------------------------------------- +Version 7.5.1 [devel] 2013-06-26 +- librelp 1.1.3 is required - older versions can lead to a segfault +- add mmfields, which among others supports easy parsing of CEF messages +- omrelp: + * new parameter "compression.prioritystring" to control encryption + parameters used by GnuTLS +- imrelp: + * new parameter "compression.dhbits" to control the number of + bits being used for Diffie-Hellman key generation + * new parameter "compression.prioritystring" to control encryption + parameters used by GnuTLS + * support for impstats added + * support for setting permitted peers (client authentication) added + * bugfix: potential segfault at startup on invalid config parameters +- imjournal: imported patches from 7.4.1 +- omprog: add support for command line parameters +- added experimental TCP stream compression (imptcp only, currently) +- added BSD-specific syslog facilities + * "console" + * "bsd_security" - this is called "security" under BSD, but that name + was unfortunately already taken by some standard facility. So I + did the (hopefully) second-best thing and renamed it a little. +- imported fixes from 7.4.2 (especially build problems on FreeBSD) +- bugfix: imptcp did not properly initialize compression status variable + could lead to segfault if stream:always compression mode was selected +--------------------------------------------------------------------------- +Version 7.5.0 [devel] 2013-06-11 +- imrelp: implement "ruleset" module parameter +- imrelp/omrelp: add TLS & compression (zip) support +- omrelp: add "rebindInterval" parameter +- add -S command line option to specify IP address to use for RELP client + connections + Thanks to Axel Rau for the patch. +--------------------------------------------------------------------------- +Version 7.4.11 [v7.4-stable] *never released* +- imjournal enhancements: + * log entries with empty message field are no longer ignored + * invalid facility and severity values are replaced by defaults + * new config parameters to set default facility and severity + Thanks to Tomas Heinrich for implementing this +--------------------------------------------------------------------------- +Version 7.4.10 [v7.4-stable] 2014-02-12 +- bugfix: json templates are improperly created + Strings miss the terminating NUL character, which obviously can lead + to all sorts of problems. + See also: https://github.com/rsyslog/rsyslog/issues/27 + Thanks to Alain for the analysis and the patch. +- ompgsql bugfix: improper handling of auto-backgrounding mode + If rsyslog was set to auto-background itself (default code behaviour, but + many distros now turn it off for good reason), ompgsql could not + properly connect. This could even lead to a segfault. The core reason + was that a PG session handle was kept open over a fork, something that + is explicitely forbidden in the PG API. + Thanks to Alain for the analysis and the patch. +--------------------------------------------------------------------------- +Version 7.4.9 [v7.4-stable] 2014-01-22 +- added ProcessInternalMessages global system parameter + This permits to inject rsyslog status messages into *another* main + syslogd or the journal. +- new dependency: liblogging-stdlog (for submitting to external logger) +- bugfix: imuxsock input parameters were not accepted + due to copy&paste error. Thanks to Andy Goldstein for the fix. +- bugfix: potential double-free in RainerScript equal comparison + happens if the left-hand operand is JSON object and the right-hand + operand is a non-string that does not convert to a number (for + example, it can be another JSON object, probably the only case that + could happen in practice). This is very unlikely to be triggered. +- bugfix: some RainerScript Json(Variable)/string comparisons were wrong +--------------------------------------------------------------------------- +Version 7.4.8 [v7.4-stable] 2014-01-08 +- rsgtutil provides better error messages on unfinished signature blocks +- bugfix: guard against control characters in internal (error) messages + Thanks to Ahto Truu for alerting us. +- bugfix: immark did emit messages under kern.=info instead of syslog.=info + Note that his can potentially break exisiting configurations that + rely on immark sending as kern.=info. Unfortunately, we cannot leave + this unfixed as we never should emit messages under the kern facility. +--------------------------------------------------------------------------- +Version 7.4.7 [v7.4-stable] 2013-12-10 +- bugfix: limiting queue disk space did not work properly + * queue.maxdiskspace actually initializes queue.maxfilesize + * total size of queue files was not checked against + queue.maxdiskspace for disk assisted queues. + Thanks to Karol Jurak for the patch. +- bugfix: linux kernel-like ratelimiter did not work properly with all + inputs (for example, it did not work with imdup). The reason was that + the PRI value was used, but that needed parsing of the message, which + was done too late. +- bugfix: disk queues created files in wrong working directory + if the $WorkDirectory was changed multiple times, all queues only + used the last value set. +- bugfix: legacy directive $ActionQueueWorkerThreads was not honored +- bugfix: segfault on startup when certain script constructs are used + e.g. "if not $msg ..." +- bugfix: imuxsock: UseSysTimeStamp config parameter did not work correctly + Thanks to Tomas Heinrich for alerting us and provinding a solution + suggestion. +- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work + Thanks to Tomas Heinrich for the patch. +- improved checking of queue config parameters on startup +- bugfix: call to ruleset with async queue did not use the queue + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=443 +- bugfix: if imtcp is loaded and no listeners are configured (which is + uncommon), rsyslog crashes during shutdown. +--------------------------------------------------------------------------- +Version 7.4.6 [v7.4-stable] 2013-10-31 +- bugfix: potential abort during HUP + This could happen when one of imklog, imzmq3, imkmsg, impstats, + imjournal, or imuxsock were under heavy load during a HUP. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=489 + Thanks to Guy Rozendorn for reporting the problem and Peval Levhshin for + his analysis. +- bugfix: imtcp flowControl parameter incorrectly defaulted to "off" + This could cause message loss on systems under heavy load and was + a change-of-behaviour to previous version. This is a regression + most probably introduced in 5.9.0 (but did not try hard to find the + exact point of its introduction). +- now requires libestr 0.1.9 as earlier versions lead to problems with + number handling in RainerScript +- bugfix: memory leak in strlen() RainerScript function + Thanks to Gregoire Seux for reportig this bug. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=486 +- bugfix: buffer overrun if re_extract function was called for submatch 50 + Thanks to Pavel Levshin for reporting the problem and its location. +- bugfix: memleak in re_extract() function + Thanks to Pavel Levshin for reporting this problem. +- bugfix: potential abort in RainerScript optimizer + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=488 + Thanks to Thomas Doll for reporting the problem and Pavel Levshin for + fixing it. +- bugfix: memory leak in omhiredis + Thanks to Pavel Levshin for the fix +- bugfix: segfault if variable was assigned to non-container subtree + Thanks to Pavel Levshin for the fix +--------------------------------------------------------------------------- +Version 7.4.5 [v7.4-stable] 2013-10-22 +- mmanon: removed the check for specific "terminator characters" after + last octet. As it turned out, this didn't work in practice as there + was an enormous set of potential terminator chars -- so removing + them was the best thing to do. Note that this may change behaviour of + existing installations. Yet, we still consider this an important + bugfix, that should be applied to the stable branch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477 + Thanks to Muri Cicanor for initiating the discussion +- now requires libestr 0.1.8 as early versions had a nasty bug in + string comparisons +- omelasticsearch: add failed.httprequests stats counter +- bugfix: invalid property filter was not properly disabled in ruleset + Note that this bugfix introduces a very slight memory leak, which is + cosmetic, as it just holds data until termination that is no longer + needed. It is just the part of the config that was invalid. We will + "fix" this "issue" in the devel version first, as the fix is a bit + too intrusive to do without hard need in the stable version. +- bugfix: segfault if re_extract() function was used and no match found +- bugfix: potential misadressing on startup if property-filter was used + This could happen if the property name was longer than 127 chars, a case + that would not happen in practice. +- bugfix: omelasticsearch: correct failed.http stats counter +- bugfix: omelasticsearch: did not correctly initialize stats counters +- bugfix: omelasticsearch: failed.es counter was only maintained in bulk mode + This usually did not lead to any problems, because they are in static + memory, which is initialized to zero by the OS when the plugin is + loaded. But it may cause problems especially on systems that do not + support atomic instructions - in this case the associated mutexes also + did not get properly initialized. +- bugfix: mmanon did not detect all IP addresses in rewrite mode + The problem occured if two IPs were close to each other and the first one + was shrunk. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: mmanon sometimes used invalid replacement char in simple mode + depending on configuration sequence, the replacement character was set + to 's' instead of the correct value. Most importantly, it was set to + 's' if simple mode was selected and no replacement char set. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: memory leak in mmnormalize +- bugfix: array-based ==/!= comparisions lead to invalid results + This was a regression introduced in 7.3.5 bei the PRI optimizer +- bugfix: omprog blocked signals to executed programs + The made it impossible to send signals to programs executed via + omprog. + Thanks to Risto Vaarandi for the analysis and a patch. +- bugfix: doc: imuxsock legacy param $SystemLogSocketParseTrusted was + misspelled + Thanks to David Lang for alerting us +- bugfix: imfile "facility" input parameter improperly handled + caused facility not to be set, and severity to be overwritten with + the facility value. + Thanks to forum user dmunny for reporting this bug. +- bugfix: small memory leak in imfile when $ResetConfigVariables was used + Thanks to Grégory Nuyttens for reporting this bug and providig a fix +- bugfix: segfault on startup if TLS was used but no CA cert set +- bugfix: segfault on startup if TCP TLS was used but no cert or key set +- bugfix: some more build problems with newer json-c versions + Thanks to Michael Biebl for mentioning the problem. +- bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled + Thanks to Jonny Törnbom for reporting this problem +--------------------------------------------------------------------------- +Version 7.4.4 [v7.4-stable] 2013-09-03 +- better error messages in GuardTime signature provider + Thanks to Ahto Truu for providing the patch. +- make rsyslog use the new json-c pkgconfig file if available + Thanks to the Gentoo team for the patches. +- bugfix: imfile parameter "persistStateInterval" was unusable + due to a case typo in imfile; work-around was to use legacy config + Thanks to Brandon Murphy for reporting this bug. +- bugfix: TLV16 flag encoding error in signature files from GT provider + This fixes a problem where the TLV16 flag was improperly encoded. + Unfortunately, existing files already have the bug and may not properly + be processed. The fix uses constants from the GuardTime API lib to + prevent such problems in the future. + Thanks to Ahto Truu for providing the patch. +- bugfix: slightly malformed SMTP handling in ommail +- bugfix: segfault in omprog if no template was provided (now dflt is used) +- bugfix: segfault in ompipe if no template was provided (now dflt is used) +- bugfix: segfault in omsnmp if no template was provided (now dflt is used) +- bugfix: some omsnmp optional config params were flagged as mandatory +- bugfix: segfault in omelasticsearch when resuming queued messages + after restarting Elasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=464 +- bugfix: imtcp addtlframedelimiter could not be set to zero + Thanks to Chris Norton for alerting us. +- doc bugfix: remove no-longer existing omtemplate from developer doc + was specifically mentioned as a sample for creating new plugins + Thanks to Yannick Brosseau for alerting us of this problem. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=473 +--------------------------------------------------------------------------- +Version 7.4.3 [v7.4-stable] 2013-07-18 +- bugfix: queue file size was not correctly processed + this could lead to using one queue file per message for sizes >2GiB + Thanks to Tomas Heinrich for the patch. +- bugfix: $QHOUR/$HHOUR were always "00" or "01" + regression some time between v5 and here + Thanks to forum user rjmcinty for reporting this bug +- bugfix: testbench tool chkseq did improperly report invalid file + This happened when permitted duplicate values existed in the very + last lines, right before end-of-file. + Thanks to Radu Gheorghe for reporting this bug. +--------------------------------------------------------------------------- +Version 7.4.3 [v7.4-stable] 2013-07-18 +- bugfix: memory leak if disk queues were used and json data present +- bugfix: CEE/json data was lost during disk queue operation +- bugfix: potential segfault during startup on invalid config + could happen if invalid actions were present, which could lead + to improper handling in optimizer. +- bugfix: 100% CPU utilization when DA queue became full +- bugfix: omlibdbi did not properly close connection on some errors + This happened to errors occuring in Begin/End Transaction entry + points. +- cosmetic bugfix: file name buffer was not freed on disk queue destruction + This was an extremely small one-time per run memleak, so nothing of + concern. However, it bugs under valgrind and similar memory debuggers. +- fix build on FreeBSD + Thanks to Christiano Rolim for the patch +--------------------------------------------------------------------------- +Version 7.4.2 [v7.4-stable] 2013-07-04 +- bugfix: in RFC5425 TLS, multiple wildcards in auth could cause segfault +- bugfix: RainerScript object required parameters were not properly + checked - this clould result to segfaults on startup if parameters + were missing. +- bugfix: double-free in omelasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 + a security advisory for this bug is available at: + http://www.lsexperts.de/advisories/lse-2013-07-03.txt + CVE: CVE-2013-4758 + PLEASE NOTE: This issue only existed if omelasticsearch was used + in a non-default configuration, where the "errorfile" parameter + was specified. Without that parameter set, the bug could not + be triggered. + Thanks to Markus Vervier and Marius Ionescu for providing a detailled + bug report. Special thanks to Markus for coordinating his security + advisory with us. +- bugfix: omrelp potential segfault at startup on invalid config parameters +- bugfix: small memory leak when $uptime property was used +- bugfix: potential segfault on rsyslog termination in imudp + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=456 +- bugfix: lmsig_gt abort on invalid configuration parameters + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=448 + Thanks to Risto Laanoja for the patch. +- imtcp: fix typo in "listner" parameter, which is "listener" + Currently, both names are accepted. +- solved build problems on FreeBSD + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=457 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=458 + Thanks to Christiano for reproting and suggesting patches +- solved build problems on CENTOS5 +--------------------------------------------------------------------------- +Version 7.4.1 [v7.4-stable] 2013-06-17 +- imjournal: add ratelimiting capability + The original imjournal code did not support ratelimiting at all. We + now have our own ratelimiter. This can mitigate against journal + database corruption, when the journal re-sends old data. This is a + current bug in systemd journal, but we won't outrule this to happen + in the future again. So it is better to have a safeguard in place. + By default, we permit 20,000 messages witin 10 minutes. This may + be a bit restrictive, but given the risk potential it seems reasonable. + Users requiring larger traffic flows can always adjust the value. +- bugfix: potential loop in rate limiting + if the message that tells about rate-limiting gets rate-limited itself, + it will potentially create and endless loop +- bugfix: potential segfault in imjournal if journal DB is corrupted +- bugfix: prevent a segfault in imjournal if state file is not defined +- bugfix imzmq3: potential segfault on startup + if no problem happend at startup, everything went fine + Thanks to Hongfei Cheng and Brian Knox for the patch +--------------------------------------------------------------------------- +Version 7.4.0 [v7.4-stable] 2013-06-06 +This starts a new stable branch based on 7.3.15 plus the following changes: +- add --enable-cached-man-pages ./configure option + permits to build rsyslog on a system where rst2man is not installed. In + that case, cached versions of the man pages are used (they were built + during "make dist", so they should be current for the version in + question. +- doc bugfix: ReadMode wrong in imfile doc, two values were swapped + Thanks to jokajak@gmail.com for mentioning this + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=450 +- imjournal: no longer do periodic wakeup +- bugfix: potential hang *in debug mode* on rsyslogd termination + This ONLY affected rsyslogd if it were running with debug output + enabled. +- bugfix: $template statement with multiple spaces lead to invalid tpl name + If multiple spaces were used in front of the template name, all but one + of them became actually part of the template name. So + $template a,"..." would be name " a", and as such "a" was not + available, e.g. in + *.* /var/log/file;a + This is a legacy config problem. As it was unreported for many years, + no backport of the fix to old versions will happen. + This is a long-standing bug that was only recently reported by forum + user mc-sim. + Reference: http://kb.monitorware.com/post23448.html +- 0mq fixes; credits to Hongfei Cheng and Brian Knox +--------------------------------------------------------------------------- +Version 7.3.15 [beta] 2013-05-15 +- bugfix: problem in build system (especially when cross-compiling) + Thanks to Tomas Heinrich and winfried_mb2@xmsnet.nl for the patch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=445 +- bugfix: imjournal had problem with systemd journal API change +- imjournal: now obtain and include PID +- bugfix: .logsig files had tlv16 indicator bit at wrong offset +- bugfix: omrelp legacy config parameters set a timeout of zero + which lead the legacy config to be unusable. +- bugfix: segfault on startup if a disk queue was configure without file + name + Now this triggers an error message and the queue is changed to + linkedList type. +- bugfix: invalid addressing in string class (recent regression) +--------------------------------------------------------------------------- Version 7.3.14 [beta] 2013-05-06 - bugfix: some man pages were not properly installed either rscryutil or rsgtutil man was installed, but not both @@ -1133,8 +2313,6 @@ Version 6.2.0 [v6-stable], 2012-01-09 - bugfix: omfile returns fatal error code for things that go really wrong previously, RS_RET_RESUME was returned, which lead to a loop inside the rule engine as omfile could not really recover. -- bugfix: rsyslogd -v always said 64 atomics were not present - thanks to mono_matsuko for the patch - bugfix: potential abort after reading invalid X.509 certificate closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 Thanks to Tomas Heinrich for the patch @@ -1363,6 +2541,9 @@ expected that interfaces, even new ones, break during the initial [ported from v4] --------------------------------------------------------------------------- Version 5.10.2 [V5-STABLE], 201?-??-?? +- bugfix: queue file size was not correctly processed + this could lead to using one queue file per message for sizes >2GiB + Thanks to Tomas Heinrich for the patch. - updated systemd files to match current systemd source - bugfix: spurios error messages from imuxsock about (non-error) EAGAIN Thanks to Marius Tomaschewski for the patch. @@ -3394,6 +4575,8 @@ Version 3.22.4 [v3-stable] (rgerhards), 2010-??-?? closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 - improved some code based on clang static analyzer results - bugfix: potential misadressing in property replacer +- bugfix: improper handling of invalid PRI values + references: CVE-2014-3634 --------------------------------------------------------------------------- Version 3.22.3 [v3-stable] (rgerhards), 2010-11-24 - bugfix(important): problem in TLS handling could cause rsyslog to loop |