--- rsyslog-4.2.0.orig/patches/deroot.patch +++ rsyslog-4.2.0/patches/deroot.patch @@ -0,0 +1,318 @@ +Index: rsyslog-4.2.0/plugins/imklog/bsd.c +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/bsd.c 2009-06-14 11:25:11.000000000 +0100 ++++ rsyslog-4.2.0/plugins/imklog/bsd.c 2010-02-24 16:48:14.367293195 +0000 +@@ -83,6 +83,11 @@ + # define _PATH_KLOG "/dev/klog" + #endif + ++static uchar *GetPath(void) ++{ ++ return pszPath ? pszPath : _PATH_KLOG; ++} ++ + /* open the kernel log - will be called inside the willRun() imklog + * entry point. -- rgerhards, 2008-04-09 + */ +@@ -91,9 +96,9 @@ + { + DEFiRet; + +- fklog = open(_PATH_KLOG, O_RDONLY, 0); ++ fklog = open(GetPath(), O_RDONLY, 0); + if (fklog < 0) { +- dbgprintf("can't open %s (%d)\n", _PATH_KLOG, errno); ++ dbgprintf("can't open %s (%d)\n", GetPath(), errno); + iRet = RS_RET_ERR; // TODO: better error code + } + +Index: rsyslog-4.2.0/plugins/imklog/imklog.c +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/imklog.c 2009-06-22 18:11:10.000000000 +0100 ++++ rsyslog-4.2.0/plugins/imklog/imklog.c 2010-02-24 16:48:14.377293072 +0000 +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + + #include "dirty.h" + #include "cfsysline.h" +@@ -68,6 +69,7 @@ + int symbol_lookup = 0; /* on recent kernels > 2.6, the kernel does this */ + int bPermitNonKernel = 0; /* permit logging of messages not having LOG_KERN facility */ + int iFacilIntMsg; /* the facility to use for internal messages (set by driver) */ ++uchar *pszPath = NULL; + /* TODO: configuration for the following directives must be implemented. It + * was not done yet because we either do not yet have a config handler for + * that type or I thought it was acceptable to push it to a later stage when +@@ -244,6 +246,8 @@ + /* release objects we used */ + objRelease(glbl, CORE_COMPONENT); + objRelease(datetime, CORE_COMPONENT); ++ if(pszPath != NULL) ++ free(pszPath); + ENDmodExit + + +@@ -260,6 +264,10 @@ + symfile = NULL; + symbol_lookup = 0; + bPermitNonKernel = 0; ++ if(pszPath != NULL) { ++ free(pszPath); ++ pszPath = NULL; ++ } + iFacilIntMsg = klogFacilIntMsg(); + return RS_RET_OK; + } +@@ -274,6 +282,7 @@ + iFacilIntMsg = klogFacilIntMsg(); + + CHKiRet(omsdRegCFSLineHdlr((uchar *)"debugprintkernelsymbols", 0, eCmdHdlrBinary, NULL, &dbgPrintSymbols, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogpath", 0, eCmdHdlrGetWord, NULL, &pszPath, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbollookup", 0, eCmdHdlrBinary, NULL, &symbol_lookup, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbolstwice", 0, eCmdHdlrBinary, NULL, &symbols_twice, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogusesyscallinterface", 0, eCmdHdlrBinary, NULL, &use_syscall, STD_LOADABLE_MODULE_ID)); +Index: rsyslog-4.2.0/plugins/imklog/imklog.h +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/imklog.h 2009-06-14 11:25:11.000000000 +0100 ++++ rsyslog-4.2.0/plugins/imklog/imklog.h 2010-02-24 16:48:14.377293072 +0000 +@@ -52,6 +52,7 @@ + extern char *symfile; + extern int console_log_level; + extern int dbgPrintSymbols; ++extern uchar *pszPath; + + /* the functions below may be called by the drivers */ + rsRetVal imklogLogIntMsg(int priority, char *fmt, ...) __attribute__((format(printf,2, 3))); +Index: rsyslog-4.2.0/plugins/imklog/linux.c +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/linux.c 2009-06-18 10:11:03.000000000 +0100 ++++ rsyslog-4.2.0/plugins/imklog/linux.c 2010-02-24 17:58:08.107293037 +0000 +@@ -84,6 +84,11 @@ + extern int ksyslog(int type, char *buf, int len); + + ++static uchar *GetPath(void) ++{ ++ return pszPath ? pszPath : _PATH_KLOG; ++} ++ + static void CloseLogSrc(void) + { + /* Turn on logging of messages to console, but only if we had the -c +@@ -114,6 +119,8 @@ + static enum LOGSRC GetKernelLogSrc(void) + { + auto struct stat sb; ++ uid_t iwas; ++ char buf; + + /* Set level of kernel console messaging.. */ + if ( (console_log_level != -1) && +@@ -130,28 +137,32 @@ + "console output."); + } + +- /* +- * First do a stat to determine whether or not the proc based +- * file system is available to get kernel messages from. +- */ +- if ( use_syscall || +- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) ) +- { +- /* Initialize kernel logging. */ +- ksyslog(1, NULL, 0); +- imklogLogIntMsg(LOG_INFO, "imklog %s, log source = ksyslog " +- "started.", VERSION); +- return(kernel); +- } +- +- if ( (kmsg = open(_PATH_KLOG, O_RDONLY|O_CLOEXEC)) < 0 ) ++ if ( (kmsg = open(GetPath(), O_RDONLY|O_CLOEXEC)) < 0 ) + { + imklogLogIntMsg(LOG_ERR, "imklog: Cannot open proc file system, %d.\n", errno); + ksyslog(7, NULL, 0); /* TODO: check this, implement more */ + return(none); + } + +- imklogLogIntMsg(LOG_INFO, "imklog %s, log source = %s started.", VERSION, _PATH_KLOG); ++ iwas = geteuid(); ++ if (seteuid(65534) == 0) ++ { ++ if ((read(kmsg, &buf, 0) < 0) && ++ (errno == EPERM)) ++ { ++ int saved_errno = errno; ++ seteuid(iwas); ++ close(kmsg); ++ errno = saved_errno; ++ imklogLogIntMsg(LOG_ERR, "imklog: Cannot read proc file system, %d.\n", errno); ++ ksyslog(7, NULL, 0); /* TODO: check this, implement more */ ++ return(none); ++ } ++ ++ seteuid(iwas); ++ } ++ ++ imklogLogIntMsg(LOG_INFO, "imklog %s, log source = %s started.", VERSION, GetPath()); + return(proc); + } + +Index: rsyslog-4.2.0/runtime/modules.c +=================================================================== +--- rsyslog-4.2.0.orig/runtime/modules.c 2009-06-22 18:11:10.000000000 +0100 ++++ rsyslog-4.2.0/runtime/modules.c 2010-02-24 16:48:14.387293229 +0000 +@@ -390,6 +390,7 @@ + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"runInput", &pNew->mod.im.runInput)); + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"willRun", &pNew->mod.im.willRun)); + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"afterRun", &pNew->mod.im.afterRun)); ++ pNew->mod.im.bCanRun = 0; + break; + case eMOD_OUT: + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"freeInstance", &pNew->freeInstance)); +Index: rsyslog-4.2.0/runtime/modules.h +=================================================================== +--- rsyslog-4.2.0.orig/runtime/modules.h 2009-06-22 18:11:10.000000000 +0100 ++++ rsyslog-4.2.0/runtime/modules.h 2010-02-24 16:48:14.407293542 +0000 +@@ -106,6 +106,7 @@ + rsRetVal (*runInput)(thrdInfo_t*); /* function to gather input and submit to queue */ + rsRetVal (*willRun)(void); /* function to gather input and submit to queue */ + rsRetVal (*afterRun)(thrdInfo_t*); /* function to gather input and submit to queue */ ++ int bCanRun; /* cached value of whether willRun() succeeded */ + } im; + struct {/* data for output modules */ + /* below: perform the configured action +Index: rsyslog-4.2.0/tools/omfile.c +=================================================================== +--- rsyslog-4.2.0.orig/tools/omfile.c 2009-06-22 18:11:10.000000000 +0100 ++++ rsyslog-4.2.0/tools/omfile.c 2010-02-24 16:48:14.407293542 +0000 +@@ -421,6 +421,7 @@ + */ + pData->fd = open((char*) newFileName, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY|O_CLOEXEC, + pData->fCreateMode); ++ } + if(pData->fd != -1) { + /* check and set uid/gid */ + if(pData->fileUID != (uid_t)-1 || pData->fileGID != (gid_t) -1) { +@@ -438,7 +439,6 @@ + } + } + } +- } + finalize_it: + /* this was "pData->fd != 0", which I think was a bug. I guess 0 was intended to mean + * non-open file descriptor. Anyhow, I leave this comment for the time being to that if +Index: rsyslog-4.2.0/tools/syslogd.c +=================================================================== +--- rsyslog-4.2.0.orig/tools/syslogd.c 2010-02-24 16:48:14.337293284 +0000 ++++ rsyslog-4.2.0/tools/syslogd.c 2010-02-24 16:48:14.347293719 +0000 +@@ -2291,6 +2291,30 @@ + } + + ++/* Actually run the input modules. This happens after privileges are dropped, ++ * if that is requested. ++ */ ++static rsRetVal ++runInputModules(void) ++{ ++ DEFiRet; ++ modInfo_t *pMod; ++ ++ /* loop through all modules and activate them (brr...) */ ++ pMod = module.GetNxtType(NULL, eMOD_IN); ++ while(pMod != NULL) { ++ if(pMod->mod.im.bCanRun) { ++ /* activate here */ ++ thrdCreate(pMod->mod.im.runInput, pMod->mod.im.afterRun); ++ } ++ pMod = module.GetNxtType(pMod, eMOD_IN); ++ } ++ ++ ENDfunc ++ return RS_RET_OK; /* intentional: we do not care about module errors */ ++} ++ ++ + /* Start the input modules. This function will probably undergo big changes + * while we implement the input module interface. For now, it does the most + * important thing to get at least my poor initial input modules up and +@@ -2298,7 +2322,7 @@ + * rgerhards, 2007-12-14 + */ + static rsRetVal +-startInputModules(void) ++startInputModules(int bRunInputModules) + { + DEFiRet; + modInfo_t *pMod; +@@ -2306,15 +2330,18 @@ + /* loop through all modules and activate them (brr...) */ + pMod = module.GetNxtType(NULL, eMOD_IN); + while(pMod != NULL) { +- if((iRet = pMod->mod.im.willRun()) == RS_RET_OK) { +- /* activate here */ +- thrdCreate(pMod->mod.im.runInput, pMod->mod.im.afterRun); +- } else { ++ iRet = pMod->mod.im.willRun(); ++ pMod->mod.im.bCanRun = (iRet == RS_RET_OK); ++ if(!pMod->mod.im.bCanRun) { + dbgprintf("module %lx will not run, iRet %d\n", (unsigned long) pMod, iRet); + } + pMod = module.GetNxtType(pMod, eMOD_IN); + } + ++ if (bRunInputModules) { ++ runInputModules(); ++ } ++ + ENDfunc + return RS_RET_OK; /* intentional: we do not care about module errors */ + } +@@ -2326,7 +2353,7 @@ + * else happens. -- rgerhards, 2008-07-28 + */ + static rsRetVal +-init(void) ++init(int bRunInputModules) + { + DEFiRet; + rsRetVal localRet; +@@ -2521,7 +2548,7 @@ + * shuffled to down here once we have everything in input modules. + * rgerhards, 2007-12-14 + */ +- startInputModules(); ++ startInputModules(bRunInputModules); + + if(Debug) { + dbgPrintInitInfo(); +@@ -2694,7 +2721,7 @@ + + if(glbl.GetHUPisRestart()) { + DBGPRINTF("Received SIGHUP, configured to be restart, reloading rsyslogd.\n"); +- init(); /* main queue is stopped as part of init() */ ++ init(1); /* main queue is stopped as part of init() */ + } else { + DBGPRINTF("Received SIGHUP, configured to be a non-restart type of HUP - notifying actions.\n"); + for(f = Files; f != NULL ; f = f->f_next) { +@@ -2987,7 +3014,7 @@ + pTmp = template_StdPgSQLFmt; + tplLastStaticInit(tplAddLine(" StdPgSQLFmt", &pTmp)); + +- CHKiRet(init()); ++ CHKiRet(init(0)); + + if(Debug && debugging_on) { + dbgprintf("Debugging enabled, SIGUSR1 to turn off debugging.\n"); +@@ -3015,6 +3042,8 @@ + glbl.SetHUPisRestart(0); /* we can not do restart-type HUPs with dropped privs */ + } + ++ runInputModules(); ++ + /* END OF INTIALIZATION + * ... but keep in mind that we might do a restart and thus init() might + * be called again. If that happens, we must shut down the worker thread, --- rsyslog-4.2.0.orig/debian/rsyslog.conf +++ rsyslog-4.2.0/debian/rsyslog.conf @@ -0,0 +1,56 @@ +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html +# +# Default logging rules can be found in /etc/rsyslog.d/50-default.conf + + +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging +$ModLoad imklog # provides kernel logging support (previously done by rklogd) +#$ModLoad immark # provides --MARK-- message capability + +$KLogPath /proc/kmsg + +# provides UDP syslog reception +#$ModLoad imudp +#$UDPServerRun 514 + +# provides TCP syslog reception +#$ModLoad imtcp +#$InputTCPServerRun 514 + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# Filter duplicated messages +$RepeatedMsgReduction on + +# +# Set the default permissions for all log files. +# +$FileOwner syslog +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 +$PrivDropToUser syslog +$PrivDropToGroup syslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + --- rsyslog-4.2.0.orig/debian/rsyslog-gnutls.install +++ rsyslog-4.2.0/debian/rsyslog-gnutls.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/rsyslog/lmnsd_gtls.so --- rsyslog-4.2.0.orig/debian/control +++ rsyslog-4.2.0/debian/control @@ -0,0 +1,95 @@ +Source: rsyslog +Section: admin +Priority: important +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Michael Biebl +Build-Depends: debhelper (>= 7.3.15ubuntu2), quilt, autotools-dev, zlib1g-dev, libmysqlclient-dev, libpq-dev, libkrb5-dev, libgnutls-dev, librelp-dev, pkg-config +Standards-Version: 3.8.2 +XSBC-Original-Vcs-Git: git://git.debian.org/git/collab-maint/rsyslog.git +XSBC-Original-Vcs-Browser: http://git.debian.org/?p=collab-maint/rsyslog.git;a=summary +Homepage: http://www.rsyslog.com/ + +Package: rsyslog +Architecture: any +Priority: important +Conflicts: system-log-daemon, linux-kernel-log-daemon +Provides: system-log-daemon, linux-kernel-log-daemon +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.2-14), adduser, ucf (>= 0.8) +Recommends: logrotate +Suggests: rsyslog-mysql | rsyslog-pgsql, rsyslog-doc, rsyslog-gnutls, rsyslog-gssapi, rsyslog-relp +Description: enhanced multi-threaded syslogd + Rsyslog is an enhanced syslogd supporting, amongst others: + * reliable syslog over TCP and SSL/TLS + * on-demand disk buffering + * email alerting + * writing to MySQL or PostgreSQL databases (via separate output plugins) + * permitted sender lists + * filtering on any part of the syslog message + * on-the-wire message compression + * fine grained output format control + * backup log destinations + . + It is quite compatible to stock sysklogd and can be used as a drop-in + replacement. Its advanced features make it suitable for enterprise-class, + encryption protected syslog relay chains while at the same time being very + easy to setup for the novice user. + +Package: rsyslog-doc +Section: doc +Priority: extra +Architecture: all +Conflicts: rsyslog (<< 2.0.1-2) +Replaces: rsyslog (<< 2.0.1-2) +Depends: ${misc:Depends} +Suggests: doc-base, www-browser +Description: documentation for rsyslog + This package contains detailed HTML documentation of rsyslog. + . + It describes the general configuration file syntax, like filters, actions and + templates and has detailed information for all available configuration + directives. + +Package: rsyslog-mysql +Architecture: any +Priority: extra +Depends: ${shlibs:Depends}, ${misc:Depends}, rsyslog (= ${binary:Version}), dbconfig-common, ucf +Recommends: mysql-server +Description: MySQL output plugin for rsyslog + This plugin allows rsyslog to write the syslog messages into a MySQL database. + +Package: rsyslog-pgsql +Architecture: any +Priority: extra +Depends: ${shlibs:Depends}, ${misc:Depends}, rsyslog (= ${binary:Version}), dbconfig-common, ucf +Recommends: postgresql +Description: PostgreSQL output plugin for rsyslog + This plugin allows rsyslog to write the syslog messages into a PostgreSQL + database. + +Package: rsyslog-gssapi +Architecture: any +Priority: extra +Depends: ${shlibs:Depends}, ${misc:Depends}, rsyslog (= ${binary:Version}) +Suggests: krb5-user +Description: GSSAPI authentication and encryption support for rsyslog + These plugins allow rsyslog to write and/or receive GSSAPI authenticated and + encrypted syslog messages. GSSAPI is commonly used for Kerberos + authentication. + +Package: rsyslog-gnutls +Architecture: any +Priority: extra +Depends: ${shlibs:Depends}, ${misc:Depends}, rsyslog (= ${binary:Version}) +Suggests: gnutls-bin +Description: TLS protocol support for rsyslog + This netstream plugin allows rsyslog to send and receive encrypted syslog + messages via the upcoming syslog-transport-tls IETF standard protocol. + +Package: rsyslog-relp +Architecture: any +Priority: extra +Depends: ${shlibs:Depends}, ${misc:Depends}, rsyslog (= ${binary:Version}) +Description: RELP protocol support for rsyslog + These plugins allows rsyslog to send and receive syslog messages via the + RELP protocol. RELP ensures the reliable transport over the network even on + connection loss or if a peer becomes unavailable. --- rsyslog-4.2.0.orig/debian/rsyslog.dmesg.upstart +++ rsyslog-4.2.0/debian/rsyslog.dmesg.upstart @@ -0,0 +1,14 @@ +# dmesg - save kernel messages +# +# This task saves the initial kernel message log. + +description "save kernel messages" + +start on runlevel [2345] + +task +script + savelog -q -p -c 5 /var/log/dmesg + dmesg -s 524288 > /var/log/dmesg + chgrp adm /var/log/dmesg +end script --- rsyslog-4.2.0.orig/debian/rsyslog-pgsql.postrm +++ rsyslog-4.2.0/debian/rsyslog-pgsql.postrm @@ -0,0 +1,55 @@ +#!/bin/sh + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule +fi +if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/postrm.pgsql + dbc_go rsyslog-pgsql $@ +fi + +case "$1" in + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + purge) + CONFIGFILE=/etc/rsyslog.d/pgsql.conf + + for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do + rm -f $CONFIGFILE$ext + done + + rm -f $CONFIGFILE + + if which ucf >/dev/null; then + ucf --purge $CONFIGFILE + fi + if which ucfr >/dev/null; then + ucfr --purge rsyslog-pgsql $CONFIGFILE + fi + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + + +#DEBHELPER# + +exit 0 --- rsyslog-4.2.0.orig/debian/rsyslog-doc.doc-base +++ rsyslog-4.2.0/debian/rsyslog-doc.doc-base @@ -0,0 +1,9 @@ +Document: rsyslog-doc +Title: Rsyslog Documentation +Author: Rainer Gerhards +Abstract: This documentation covers the configuration of rsyslog. +Section: System/Administration + +Format: HTML +Index: /usr/share/doc/rsyslog-doc/html/manual.html +Files: /usr/share/doc/rsyslog-doc/html/*.html --- rsyslog-4.2.0.orig/debian/sample.conf +++ rsyslog-4.2.0/debian/sample.conf @@ -0,0 +1,284 @@ +# This is a sample configuation file for rsyslogd. See the +# doc/manual.html for details. If you can not find the +# manual set, please visit +# +# http://www.rsyslog.com/doc/ +# +# to obtain it online. +# +# WARNING: We do NOT keep the comments in this file always +# up to date. Be sure to consult the doc set that +# came with your package, especially the file on +# rsyslog.conf - it probably has some better information +# than is provided here in comments. The main purpose +# of sample.conf is to show you some actual directives, +# not to be the authorative doc source. +# +# Please note that rsyslogd by default +# reads /etc/rsyslogd.conf (and NOT /etc/syslogd.conf!). +# +# A commented sample configuration. More a man page than a real +# sample ;) +# +# We try to keep things as consistent with existing syslog implementation +# as possible. We use "$" to start lines that contain new directives. + +# We limit who can send us messages: +$AllowedSender UDP, 192.0.2.0/24, 10.0.0.1 # all machines in 192.0.2 as well as 10.0.0.1 +$AllowedSender TCP, 10.0.0.1 # for TCP, we allow only 10.0.0.1 +# remove the AllowedSender directives if you do not want to limit +# who can send rsyslogd messages (not recommended) + +# Templates are a key feature of rsyslog. They allow to specify any +# format a user might want. Every output in rsyslog uses templates - this +# holds true for files, user messages and so on. The database writer +# expects its template to be a proper SQL statement - so this is highly +# customizable too. You might ask how does all of this work when no templates +# at all are specified. Good question ;) The answer is simple, though. Templates +# compatible with the stock syslogd formats are hardcoded into rsyslog. So if +# no template is specified, we use one of these hardcoded templates. Search for +# "template_" in syslogd.c and you will find the hardcoded ones. +# +# A template consists of a template directive, a name, the actual template text +# and optional options. A sample is: +# +# $template MyTemplateName,"\7Text %property% some more text\n", +# +# The "$template" is the template directive. It tells rsyslog that this +# line contains a template. +# +# "MyTemplateName" is the template name. All other config lines refer to +# this name. +# +# The text within quotes is the actual template text. The backslash is +# a escape character, much as in C. It does all these "cool" things. For +# example, \7 rings the bell (this is an ASCII value), \n is a new line. +# C programmers and perl coders have the advantage of knowing this, but the +# set in rsyslog is a bit restricted currently. All text in the template +# is used literally, except for things within percent signs. These are +# properties and allow you access to the contents of the syslog message. +# Properties are accessed via the property replacer (nice name, huh) and +# it can do cool things, too. For example, it can pick a substring or +# do date-specific formatting. More on this is below, on some lines of the +# property replacer. +# +# The part is optional. It carries options that influence the +# template as whole. Details are below. Be sure NOT to mistake template +# options with property options - the later ones are processed by the +# property replacer and apply to a SINGLE property, only (and not the +# whole template). +# +# Template options are case-insensitive. Currently defined are: +# sql - format the string suitable for a SQL statement. This will replace single +# quotes ("'") by two single quotes ("''") inside each field. This option MUST +# be specified when a template is used for writing to a database, otherwise SQL +# injection might occur. +# +# Please note that the database writer *checks* that the sql option is +# present in the template. If it is not present, the write database action +# is disabled. This is to guard you against accidential forgetting it and +# then becoming vulnerable for SQL injection. +# The sql option can also be useful with files - especially if you want +# to run them on another machine for performance reasons. However, do NOT +# use it if you do not have a real need for it - among others, it takes +# some toll on the processing time. Not much, but on a really busy system +# you might notice it ;) +# +# To escape: +# % = \% +# \ = \\ +# --> '\' is used to escape (as in C) +#$template TraditionalFormat,%timegenerated% %HOSTNAME% %syslogtag%%msg%\n" +# +# Properties can be accessed by the property replacer. They are accessed +# inside the template by putting them between percent signs. Properties +# can be modifed by the property replacer. The full syntax is as follows: +# +# %propname:fromChar:toChar:options% +# +# propname is the name of the property to access. This IS case-sensitive! +# Currently supported are: +# msg the MSG part of the message (aka "the message" ;)) +# rawmsg the message excactly as it was received from the +# socket. Should be useful for debugging. +# UxTradMsg will disappear soon - do NOT use! +# HOSTNAME hostname from the message +# source alias for HOSTNAME +# syslogtag TAG from the message +# PRI PRI part of the message - undecoded (single value) +# IUT the monitorware InfoUnitType - used when talking to a +# MonitorWare backend (also for phpLogCon) +# syslogfacility the facility from the message - in numerical form +# syslogpriority the priority (actully severity!) from the +# message - in numerical form +# timegenerated timestamp when the message was RECEIVED. Always in high +# resolution +# timereported timestamp from the message. Resolution depends on what +# was provided in the message (in most cases, only seconds) +# TIMESTAMP alias for timereported +# +# Other properties might be available at the time you read this. Be sure +# to consult the property replacer documentation in the doc set for all +# properties. +# +# FromChar and toChar are used to build substrings. They specify the +# offset within the string that should be copied. Offset counting +# starts at 1, so if you need to obtain the first 2 characters of the +# message text, you can use this syntax: "%msg:1:2%". +# If you do not whish to specify from and to, but you want to +# specify options, you still need to include the colons. For example, +# if you would like to convert the full message text to lower case +# only, use "%msg:::lowercase%". +# +# property options are case-insensitive, currently defined are: +# uppercase convert property to lowercase only +# lowercase convert property text to uppercase only +# drop-last-lf The last LF in the message (if any), is dropped. +# Especially useful for PIX. +# date-mysql format as mysql date +# date-rfc3164 format as RFC 3164 date +# date-rfc3339 format as RFC 3339 date +# escape-cc NOT yet implemented + +# Below find some samples of what a template can do. Have a good +# time finding out what they do [or just tun them] ;) + +# A template that resambles traditional syslogd file output: +$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n" + +# a template useful for debugging format issues +$template DEBUG,"Debug line with all properties:\nFROMHOST: '%FROMHOST%', HOSTNAME: '%HOSTNAME%', PRI: %PRI%,\nsyslogtag '%syslogtag%', programname: '%programname%', APP-NAME: '%APP-NAME%', PROCID: '%PROCID%', MSGID: '%MSGID%',\nTIMESTAMP: '%TIMESTAMP%', STRUCTURED-DATA: '%STRUCTURED-DATA%',\nmsg: '%msg%'\nescaped msg: '%msg:::drop-cc%'\nrawmsg: '%rawmsg%'\n\n" +# +# A template that resembles RFC 3164 on-the-wire format: +# (yes, there is NO space betwen syslogtag and msg! that's important!) +$template RFC3164fmt,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%" + +# a template resembling traditional wallmessage format: +$template wallmsg,"\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated% ...\r\n %syslogtag%%msg%\n\r" + +# The template below emulates winsyslog format, but we need to check the time +# stamps used. for now, it is good enough ;) This format works best with +# other members of the MonitorWare product family. It is also a good sample +# where you can see the property replacer in action. +$template WinSyslogFmt,"%HOSTNAME%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%syslogfacility%,%syslogpriority%,%syslogtag%%msg%\n" + +# A template used for database writing (notice it *is* an actual +# sql-statement): +$template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",sql + +# Selector lines are somewhat different from stock syslogd. With +# rsyslog, you can add a semicolon ";" after the target and then +# the template name. That will assign this template to the respective +# action. If no template name is given, a hardcoded template is used. +# If a template name is given, but the template was not defined, the +# selector line is DEACTIVATED. +# +# ############# +# # IMPORTANT # +# ############# +# Templates MUST be defined BEFORE they are used! It is OK to +# intermix template definitions and selector lines within the +# config file, but each template MUST be defined before it is +# used the first time! +# + +# We have some very rough samples here - This sample file focusses +# on the new syntax, so we do NOT describe all possible selections. +# Use the syslog.conf if you are interested to see how to select +# based on facility and severits (aka priority). + +*.* /var/log/winsyslog-like.log;WinSyslogFmt + +# A selector using the traditional format defined above: +*.* /var/log/traditionalfile.log;TraditionalFormat + +# And another one using the hardcoded traditional format: +*.* /var/log/anothertraditionalfile.log + +# Templates are also fully supportd for forwarding: +*.* @172.19.2.16;RFC3164fmt + +# And this finally is a database action +# The semicolon at the end is not necessary, +# but some previous versions of rsyslogd had a bug that +# made them abort if it were missing. As Dennis Olvany +# pointed out, it would be extremely nice to have this +# semicolon in the sample conf - so we did in a previous +# version and it still sticks around ;) +*.* >hostname,dbname,userid,password; +# It uses the default schema (MonitorWare format). The parameters +# should be self-explanatory. + +# And this one uses the template defined above: +*.* >hostname,dbname,userid,password;dbFormat + + +# +# Rsyslog supports TCP-based syslog. To enable receiving TCP messages, +# use the -t command line option (where port is the port it +# shall listen to. To forward messages to the remote host, you must +# specify a forwarding action and include the host and port. TCP +# and UDP-based forwarding has basically the same syntax, except that +# TCP delivery is triggered by specifying a second at-sign (@) in the +# message. +# This is UDP forwarding to port 514: +*.* @172.19.2.16 +# This is UDP forwarding to port 1514: +*.* @172.19.2.16:1514 +# This is TCP forwarding to port 1514: +*.* @@172.19.2.16:1514 +# The second @-sign is all you need (except, of course, a tcp-capable +# syslogd like rsyslogd ;)). +# Of course, you can also specify a template with TCP: +*.* @@172.19.2.16:1514;RFC3164Fmt +# There are also some options you can select. These come between +# paranthesis. Available are: +# z - turn on compression, number is compression mode 0 - none, 9 max +# o - (tcp only) use octet counting for framing EXPERIMENTAL +# +# Forward via TCP with maximum compression and octet couting framing: +*.* @@(z9,o)172.19.2.16:1514;RFC3164Fmt +# Forward via UDP with maximum compression to port 1514 +*.* @(z9)172.19.2.16:1514 + +# We also support property-based filters, which allow for nice +# things. Let's for example assume that you receive a lot of +# nonsense messages with "ID-4711" in the message text. You know +# that you will never need these messages. So you simply discard them +:msg, contains, "ID-4711" ~ + +# or you would like to store messages from a specific host to +# a different file: +:FROMHOST, isequal,"myhost.example.com" /var/log/myhost.log + +# everyting that does not contain "error" should also be +# discarded +:msg, !contains, "error" ~ +# and the rest go to a seperate file +*.* /var/log/error +# (keep in mind that the two directives shown immediately +# above must be kept in that order to actually work) + +# you can also execute a script. Let's assume, for example, you need +# to execute "turn-diesel-generator-on" when "power failed" is contained +# in a message... ;) +:msg, contains, "power failed" ^turn-diesel-generator-on +# (The script is passed the syslog message as first and only parameter. +# Other parameters can currently not be specified.) + +# Note that boolean operations (other than not [!]) are not +# currently supported. As such, you can not filter out different +# facilities from different machines - hopefully later ;) + +# +# A final world. rsyslog is considered a part of Adiscon's MonitorWare product line. +# As such, you can find current information as well as information on the +# other product line members on http://www.monitorware.com. Please be warned, there +# are a number of closed-source commercial Windows applications among these products ;) +# +# You might want to check the GPL'ed phpLogCon (http://www.phplogcon.org) +# as a web-based front-end to a syslog message database. +# +# I hope this work is useful. +# 2005-09-27 Rainer Gerhards +# --- rsyslog-4.2.0.orig/debian/rsyslog-mysql.conf.template +++ rsyslog-4.2.0/debian/rsyslog-mysql.conf.template @@ -0,0 +1,5 @@ +### Configuration file for rsyslog-mysql +### Changes are preserved + +$ModLoad ommysql +*.* :ommysql:_DBC_DBSERVER_,_DBC_DBNAME_,_DBC_DBUSER_,_DBC_DBPASS_ --- rsyslog-4.2.0.orig/debian/README.source +++ rsyslog-4.2.0/debian/README.source @@ -0,0 +1,3 @@ +This package uses the quilt patch management system. + +Please refer to /usr/share/doc/quilt/README.source for further information. --- rsyslog-4.2.0.orig/debian/rsyslog-doc.install +++ rsyslog-4.2.0/debian/rsyslog-doc.install @@ -0,0 +1,3 @@ +doc/*.html usr/share/doc/rsyslog-doc/html/ +doc/*.jpg usr/share/doc/rsyslog-doc/html/ +doc/*.conf usr/share/doc/rsyslog-doc/html/ --- rsyslog-4.2.0.orig/debian/rsyslog.upstart +++ rsyslog-4.2.0/debian/rsyslog.upstart @@ -0,0 +1,17 @@ +# rsyslog - system logging daemon +# +# rsyslog is an enhanced multi-threaded replacement for the traditional +# syslog daemon, logging messages from applications + +description "system logging daemon" + +start on filesystem +stop on runlevel [06] + +expect fork +respawn + +script + . /etc/default/rsyslog + exec rsyslogd $RSYSLOGD_OPTIONS +end script --- rsyslog-4.2.0.orig/debian/rsyslog.dirs +++ rsyslog-4.2.0/debian/rsyslog.dirs @@ -0,0 +1 @@ +/etc/rsyslog.d/ --- rsyslog-4.2.0.orig/debian/rsyslog-pgsql.install +++ rsyslog-4.2.0/debian/rsyslog-pgsql.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/rsyslog/ompgsql.so +debian/rsyslog-pgsql.conf.template usr/share/rsyslog-pgsql/ --- rsyslog-4.2.0.orig/debian/changelog +++ rsyslog-4.2.0/debian/changelog @@ -0,0 +1,722 @@ +rsyslog (4.2.0-2ubuntu8.3) lucid-security; urgency=medium + + * SECURITY UPDATE: denial of service and possible code execution via + invalid PRI value + - debian/patches/CVE-2014-3634.patch: limit PRI values in + runtime/rsyslog.h. + - CVE-2014-3634 + - CVE-2014-3683 + + -- Marc Deslauriers Thu, 02 Oct 2014 11:36:23 -0400 + +rsyslog (4.2.0-2ubuntu8.1) lucid-proposed; urgency=low + + * debian/rsyslog.upstart: + - Patch the upstart job to source /etc/default/rsyslog as the old init + script used to. (LP: #570103) + + -- Michael Jeanson Wed, 08 Dec 2010 13:46:31 -0500 + +rsyslog (4.2.0-2ubuntu8) lucid; urgency=low + + * debian/patches/deroot.patch: + - After opening /proc/kmsg, set the effective user to an unprivileged + one and attempt a zero-byte read from the file. If this succeeds, we + know that this will work de-rooted; if this fails, we don't enable + kernel-message logging. LP: #523610. + + -- Scott James Remnant Wed, 24 Feb 2010 18:21:54 +0000 + +rsyslog (4.2.0-2ubuntu7) lucid; urgency=low + + * debian/rules: + - Forgot to commit this change as part of previous upload to not + call dh_installinit + + -- Scott James Remnant Wed, 17 Feb 2010 13:03:31 +0000 + +rsyslog (4.2.0-2ubuntu6) lucid; urgency=low + + * debian/rsyslog.rsyslog-kmsg.upstart: + - Drop this additional job; kernel changes have meant that rsyslog + may read from /proc/kmsg directly after dropping privileges. + LP: #517773 + * debian/rsyslog.preinst: + - Remove on upgrade + * debian/rsyslog.conf: + - Restore to reading from /proc/kmsg + + -- Scott James Remnant Wed, 17 Feb 2010 12:23:01 +0000 + +rsyslog (4.2.0-2ubuntu5.1) karmic-proposed; urgency=low + + * debian/rsyslog.conf: + - enable $RepeatedMsgReduction to avoid bloating the syslog + file (LP: #453444) + + -- Michael Vogt Fri, 23 Oct 2009 17:28:10 +0200 + +rsyslog (4.2.0-2ubuntu5) karmic; urgency=low + + Upstart fixups; LP: #430220 + * debian/rsyslog.logrotate: Use start command to restart rsyslog + * debian/rsyslog.rsyslog-kmsg.upstart: Restore bs=1 parameter to dd + * debian/rsyslog.upstart: Move kmsg fifo creation/deletion to kmsg + upstart script. + + -- Michael Terry Tue, 22 Sep 2009 16:10:24 -0700 + +rsyslog (4.2.0-2ubuntu4) karmic; urgency=low + + * debian/rsyslog.postrm: Don't delete syslog user + * debian/rsyslog.postinst: Stop sysklogd from deleting the syslog user + when removed. LP: #401056 + + -- Michael Terry Mon, 21 Sep 2009 15:38:13 -0700 + +rsyslog (4.2.0-2ubuntu3) karmic; urgency=low + + FFE LP: #427356. + + * Replace init script with multiple Upstart jobs. + * debian/control: + - Bump build-dependency on debhelper for Upstart-aware dh_installinit + + -- Scott James Remnant Tue, 15 Sep 2009 03:26:43 +0100 + +rsyslog (4.2.0-2ubuntu2) karmic; urgency=low + + * Fix log file ownership issues when HUPing an unprivileged rsyslog + LP: #407862 + - debian/rsyslog.conf: Set $FileOwner to syslog + - debian/patches/deroot.patch: Always chown output files, since we may + not be able to read them on a HUP otherwise. + + -- Michael Terry Mon, 31 Aug 2009 14:58:50 -0400 + +rsyslog (4.2.0-2ubuntu1) karmic; urgency=low + + [ Michael Terry ] + * Merge from debian unstable (LP: #413023), remaining changes: + - Run as rsyslog:rsyslog + - Allow reading /proc/kmsg when non-root + - Cleanly upgrade from sysklogd + * debian/patches/deroot.patch: Don't allow using the klogctl function to + read klog messages. Rather, allow /proc/kmsg or nothing, since we have + special support for reading /proc/kmsg while unprivileged. + + [ Neil Wilson ] + * debian/rsyslog.init: Set blocksize for dd (LP: #407862) and restore + reload init argument to original lightweight reload + + -- Michael Terry Thu, 13 Aug 2009 15:43:29 -0400 + +rsyslog (4.2.0-2) unstable; urgency=low + + * debian/rsyslog.logcheck.ignore.server + - Bring the logcheck rules up to date with the new SIGHUP log + message. Thanks to Frédéric Brière for the patch. Closes: #537324 + * debian/patches/close-stdout-stderr.patch + - Close stdout/stderr after forking. Closes: #537182 + * debian/control + - Change Build-Depends: libmysqlclient15-dev → libmysqlclient-dev. + * debian/rsyslog.postrm + - Cleanup /lib/init/rw/sendsigs.omit.d/rsyslog upon remove to avoid false + positives from piuparts. Closes: #539144 + + -- Michael Biebl Wed, 05 Aug 2009 01:12:09 +0200 + +rsyslog (4.2.0-1ubuntu2) karmic; urgency=low + + * Prefix Vcs-* fields with "XSBC-Original-" as we don't use git for the + Ubuntu packages. + * Strip local from rsyslog's postinst as it shouldn't be used outside of + functions; LP: #401060. + + -- Loïc Minier Mon, 20 Jul 2009 14:30:14 +0200 + +rsyslog (4.2.0-1ubuntu1) karmic; urgency=low + + * Run as rsyslog:rsyslog (LP: #250827, LP: #388608) + - debian/control: Depend on adduser + - debian/rsyslog.postinst: Create syslog user + - debian/rsyslog.postrm: Delete syslog user on purge + - debian/rsyslog.conf: Use DropPriv config fields + * Allow reading /proc/kmsg when non-root + - debian/rsyslog.init: Spawn a dd instance that shovels the /proc/kmsg + data to a pipe that rsyslog can read (based on Martin Pitt's similar + change to sysklogd). + - debian/patches/deroot.patch: Support a KLogPath config field + to change where the klog plugin looks and only start input modules + after we drop privileges, as reading when root interferes with + future reads as syslog. + - debian/rsyslog.conf: Use KLogPath field to point to dd pipe + * Cleanly upgrade from sysklogd + - debian/default.conf, debian/rsyslog.conf: + Break out the default rules into their own config file + - debian/rsyslog.install: Install it in /usr/share/rsyslog + - debian/rsyslog.postinst: If present, copy /etc/syslog.conf into + /etc/rsyslog.d/default.conf. Then merge our own default.conf + + -- Michael Terry Mon, 29 Jun 2009 08:37:43 -0400 + +rsyslog (4.2.0-1) unstable; urgency=low + + * New upstream release of the now stable v4 branch. + - Fix warnings when /etc/rsyslog.d/ is empty. Closes: #530228 + * debian/patches/imudp_multiple_udp_sockets.patch + - Removed, merged upstream. + * debian/rsyslog.default + - Set default compat mode to '4'. + * debian/rsyslog.logcheck.ignore.server + - Update logcheck rules files to also ignore rsyslogd and imklog stop + messages. + * debian/control + - Bump Standards-Version to 3.8.2. No further changes. + + -- Michael Biebl Tue, 23 Jun 2009 12:12:43 +0100 + +rsyslog (3.22.0-1) unstable; urgency=low + + * New upstream release. + * debian/rsyslog.init + - Pass proper return code to log_end_msg. + * debian/rsyslog.conf + - Set $Umask to 0022 to enforce that new log files or directories are + always created with the right permissions. Closes: #522297 + * debian/patches/imudp_multiple_udp_sockets.patch + - Fix a segfault in imudp when multiple udp listeners are configured. + Patch cherry-picked from upstream git. Closes: #519073 + * debian/patches/manpage_pidfile.patch + - Fix rsyslogd man page to point to the correct pid file. Closes: #526658 + + -- Michael Biebl Fri, 15 May 2009 23:25:14 +0200 + +rsyslog (3.20.5-1) unstable; urgency=low + + * New upstream release. + * debian/rsyslog.logcheck.ignore.server + - Install a logcheck ignore file for rsyslog (using dh_installlogcheck). + Thanks to Kim Holviala for the patch. Closes: #522164 + + -- Michael Biebl Wed, 08 Apr 2009 00:59:14 +0200 + +rsyslog (3.20.4-3) unstable; urgency=low + + * Enable RELP (reliable event logging protocol) support. + * debian/control + - Add librelp-dev and pkg-config to Build-Depends. + - Add new binary package rsyslog-relp. + - Add rsyslog-relp to rsyslog's list of suggested packages. + * debian/rules + - Add --enable-relp to configure flags. + * debian/rsyslog-relp.install + - Install relp input and output plugin. + * Bump Standards-Version to 3.8.1. No further changes. + + -- Michael Biebl Mon, 23 Mar 2009 09:19:44 +0100 + +rsyslog (3.20.4-2) unstable; urgency=low + + * Merge changes from experimental branch. + * Move Git repository to collab-maint. Update Vcs-* fields. + + -- Michael Biebl Sun, 15 Feb 2009 21:56:23 +0100 + +rsyslog (3.20.4-1) experimental; urgency=low + + * New upstream release. + * Merge changes from unstable branch. + * debian/patches/message_locking_fix.patch + - Removed, fixed upstream. + * debian/compat + - Bump to debhelper v7 compat mode. + * debian/control + - Bump debhelper build dependency to (>= 7.0.9). + - Add rsyslog-gnutls and rsyslog-gssapi to Suggests. + - Improve and update package description for rsyslog, rsyslog-gnutls and + rsyslog-gssapi. + * debian/rules + - Use new dh_installinit "-R" (restart-after-upgrade) option. + - Replace "dh_clean -k" with "dh_prep". + * debian/rsyslog.postinst + - Remove our custom code to stop/start rsyslog on upgrades. This is done + now automatically by dh_installinit. + * debian/rsyslog.docs + - Install AUTHORS file. + + -- Michael Biebl Tue, 10 Feb 2009 01:52:32 +0100 + +rsyslog (3.20.3-1) experimental; urgency=low + + * New upstream release. + * debian/patches/allowed_sender_reload.patch + - Removed, merged upstream. + * debian/patches/manpage_fixes.patch + - Removed, merged upstream. + + -- Michael Biebl Mon, 19 Jan 2009 13:52:31 +0100 + +rsyslog (3.20.2-1) experimental; urgency=low + + * New upstream release. + * Refresh all patches for the new upstream stable branch. + * Enable GSSAPI support + - Add libkrb5-dev to Build-Depends. + - Split files into a separate package named rsyslog-gssapi. + - Add --enable-gssapi-krb5 to configure flags. + Thanks to Ben Poliakoff for the patch. Closes: #493044 + * Enable GnuTLS support + - Add libgnutls-dev to Build-Depends. + - Split files into a separate package named rsyslog-gnutls. + - Add --enable-gnutls to configure flags. + * debian/control + - Add ${misc:Depends} to rsyslog-doc. + * Let rsyslog collect messages as long as possible during shutdown or + reboot. As /usr may be mounted via NFS, the latest possible point is just + before umountnfs. Closes: #474498 + - Update the stop priorities for runlevel 0 and 6 from K90 to S30 for + sysv-rc and migrate existing symlinks. + - Update LSB header to stop after sendsigs and before umountnfs. + - Use the sendsigs process omission interface to avoid being killed by + killall5. + * debian/rsyslog-doc.links + - There is an upstream index.html file now, so we no longer need to create + a symlink. + + -- Michael Biebl Fri, 16 Jan 2009 22:23:40 +0100 + +rsyslog (3.18.6-4) unstable; urgency=medium + + * debian/patches/message_locking_fix.patch + - Proper message locking on message destruct to avoid a race condition + which could lead to a segfault. Closes: #509292 + Patch cherry-picked from upstream git. + * Urgency medium for the RC bug fix. + * Use the dbconfig-common template mechanism to generate the configuration + files for rsyslog-mysql and rsyslog-pgsql. This not only simplifies + postinst quite a bit, but also makes sure we don't read any unset debconf + values. Closes: #513589 + * debian/README.Debian + - Add notes about the Debian specific configuration of rsyslog and outline + some of the changes between rsyslog and sysklogd which should ease the + migration. Closes: #484083 + - Add instructions how to avoid doubled hostname entries when sending + syslog messages from rsyslog to a sysklogd server. Closes: #512663 + + -- Michael Biebl Sun, 08 Feb 2009 00:54:39 +0100 + +rsyslog (3.18.6-3) unstable; urgency=medium + + * debian/rsyslog.conf + - Create new directories with more sane permissions. Closes: #511054 + * debian/rsyslog.init + - Update the LSB header to not provide the reserved 'syslog' facility. Use + 'rsyslog' instead to avoid clashes. Thanks to Petter Reinholdtsen for + the hint. + * debian/patches/allowed_sender_reload.patch + - Fix segfault on reload when using $AllowedSender. Closes: #511562 + Patch cherry picked from upstream git. + + -- Michael Biebl Thu, 15 Jan 2009 17:50:06 +0100 + +rsyslog (3.18.6-2) unstable; urgency=low + + * debian/rsyslog.postinst + - Use $(($var)) syntax for arithmetic expressions, as dash from etch is + not SUSv3 compliant in that regard which leads to failing dist upgrades + when dash is used as /bin/sh. Closes: #508943 + + -- Michael Biebl Wed, 17 Dec 2008 00:29:43 +0100 + +rsyslog (3.18.6-1) unstable; urgency=high + + * New upstream bugfix release. + - Fix "$AllowedSender" security bypass vulnerability. The "$AllowedSender" + configuration directive was not respected, allowing unrestricted network + access to the application. Closes: #508027 + No CVE id yet. + * Urgency high for the security fix. + * debian/patches/manpage_fixes.patch + - Fix typos in rsyslogd man page. Closes: #506925 + Thanks to Geoff Simmons for the patch. + + -- Michael Biebl Fri, 12 Dec 2008 17:36:02 +0100 + +rsyslog (3.18.5-1) unstable; urgency=low + + * New upstream bugfix release. + - Fix potential segfault in imfile on rsyslogd HUP (reload) and + termination (stop). Closes: #503940 + - Disable input throttling for imuxsock as this can lead to denial of + service. Closes: #505991 + * debian/rsyslog-{mysql,pgsql}.config + - Do not ignore errors in config maintainer scripts. + * debian/rsyslog.postinst + - Rotate old .0 log files when migrating from sysklogd. Closes: #491672 + * debian/rules + - Exclude sample conf file from being compressed as it is referenced in + the html documentation with the non-compressed file name. + - Depend on $(QUILT_STAMPFN) instead of patch; patch is a phony target and + thus always out of date. + - Move $(QUILT_STAMPFN) dependency to config.status to avoid potential + issues with parallel make. + * debian/rsyslog-doc.links + - Add a symlink index.html pointing at manual.html. Closes: #494634 + * debian/rsyslog.default + - Fix a few spelling errors. + * Disable the logrotate file when removing the package to avoid log + rotation failures. Closes: #500569 + Thanks to Kobayashi Noritada for the patch + * debian/rsyslog.postrm + - Rename /etc/logrotate.d/rsyslog to /etc/logrotate.d/rsyslog.disabled + when removing the package. + - Remove /etc/logrotate.d/rsyslog.disabled when purging and replacing + the package. + * debian/rsyslog.preinst + - Rename /etc/logrotate.d/rsyslog.disabled to /etc/logrotate.d/rsyslog + when reinstalling. + + -- Michael Biebl Thu, 20 Nov 2008 14:09:10 +0100 + +rsyslog (3.18.2-1) unstable; urgency=low + + * New upstream release. + * debian/rsyslog.init + - Restore default SELinux security context when creating /dev/xconsole. + Closes: #493171 + - Add "status" action. + * debian/control + - Bump dependency on lsb-base to >= 3.2-14, which provides status_of_proc. + + -- Michael Biebl Mon, 11 Aug 2008 00:25:33 +0200 + +rsyslog (3.18.1-1) unstable; urgency=low + + * New upstream release. Closes: #490445 + - List Debian in doc/rsyslog_packages.html. Closes: #488870 + - Fix compilation of imklog module on GNU/kFreeBSD. Closes: #491193 + * debian/rsyslog-doc.install + - Install the example config file. Closes: #488860 + * debian/rules + - Enable mail output plugin. + - Make sure all directories are created by calling dh_installdirs for both + binary-arch and binary-indep. Closes: #491459 + * debian/rsyslog.install + - Install mail output plugin (ommail.so). + * debian/control + - Add Suggests www-browser to rsyslog-doc as the package contains mostly + html documents. + - Update feature list. + - Adjust priorities, set rsyslog priority to important. + + -- Michael Biebl Wed, 23 Jul 2008 02:22:32 +0200 + +rsyslog (3.16.2-1) unstable; urgency=low + + * New upstream release. + + -- Michael Biebl Wed, 25 Jun 2008 15:41:21 +0200 + +rsyslog (3.16.1-2) unstable; urgency=low + + * debian/rules + - Build the doc package in binary-indep. + * Bump Standards-Version to 3.8.0. + - Add debian/README.source as recommended by the new policy. + + -- Michael Biebl Fri, 20 Jun 2008 07:11:24 +0200 + +rsyslog (3.16.1-1) unstable; urgency=low + + * New upstream release. + - Fixes a segfault in the imklog input plugin. Closes: #479117 + + -- Michael Biebl Sat, 03 May 2008 09:59:59 +0200 + +rsyslog (3.14.2-3) unstable; urgency=low + + * debian/rsyslog-doc.install + - Fix a typo in the install path of the dia files. Closes: #477489 + Thanks to Justin B Rye for the patch. + + -- Michael Biebl Wed, 23 Apr 2008 16:46:39 +0200 + +rsyslog (3.14.2-2) unstable; urgency=low + + * debian/rsyslog.conf + - Disable high precision timestamps until other affected packages have + been updated to support them. See bug #475303 for details. + + -- Michael Biebl Tue, 22 Apr 2008 20:02:28 +0200 + +rsyslog (3.14.2-1) unstable; urgency=low + + * New upstream release. + + -- Michael Biebl Thu, 10 Apr 2008 08:32:23 +0200 + +rsyslog (3.14.1-1) unstable; urgency=low + + * First upstream release of the new stable v3 series. + * debian/copyright + - Update copyright notice as rsyslog has been relicensed under GPL3+. + * debian/rsyslog.init + - The kernel logging functionality is now implemented via an input plugin + and has replaced the separate rklogd binary. Remove all traces of rklogd + from the init script. + - General cleanup and simplification. + * debian/rsyslog.default + - Remove obsolete RKLOGD_OPTIONS configuration variable. + - Document deprecated command line options. + - Start rsyslogd in v3 compat mode, its native interface. + * debian/rsyslog.conf + - Load the input modules imuxsock (local system logging) and imklog + (kernel logging) by default. + * debian/rsyslog-doc.install + - Install jpeg images and dia files. + * debian/rsyslog.install + - Install input modules (im*.so) and library plugins (lm*.so). + * debian/rules + - Enable imfile input plugin. + - Use dh_installinit "-r" (no-restart-on-upgrade) option. + * debian/rsyslog.postinst + - Minimize downtime by restarting rsyslog in postinst instead of stop in + prerm and start in postinst. Closes: #471051 + * debian/rsyslog.logrotate + - Group together related log files. + - Rotate daemon.log and kern.log weekly, to match sysklogd behaviour. + - Add options "missingok", "delaycompress" and "sharedscripts" as + suggested by Paul Slootman. Closes: #473546 + + -- Michael Biebl Sun, 06 Apr 2008 16:54:08 +0200 + +rsyslog (2.0.4-1) unstable; urgency=low + + * New upstream release. + * debian/control + - Add Vcs-Git and Vcs-Browser fields. + + -- Michael Biebl Sat, 29 Mar 2008 12:17:22 +0100 + +rsyslog (2.0.3-1) unstable; urgency=low + + * New upstream release. + * debian/patches/man_page_format.patch + - Removed, merged upstream. + + -- Michael Biebl Thu, 13 Mar 2008 14:22:35 +0100 + +rsyslog (2.0.2-2) unstable; urgency=low + + * debian/rsyslog-doc.doc-base + - Update the Section: field to comply with the new doc-base Manual. + * debian/rules + - Don't install rfc3195d and its man page. The rfc3195d binary is + currently only a dummy. + * debian/rsyslog.conf + - Fix the path to the rsyslog documentation which is now in rsyslog-doc. + - Set the default permissions of new log files to 0640 and make them + readable by group adm. + - Include external config files at the beginning. This allows to drop log + messages before they end up in the standard log files. + + -- Michael Biebl Thu, 06 Mar 2008 02:49:17 +0100 + +rsyslog (2.0.2-1) unstable; urgency=low + + * New upstream release. + * debian/rsyslog.init + - Make /dev/xconsole readable by group adm. Closes: #464695 + * debian/control + - Fix a typo in the rsyslog-pgsql package description. + * debian/patches/man_page_format.patch + - Fix a few format errors in the man pages. + + -- Michael Biebl Tue, 12 Feb 2008 19:56:47 +0100 + +rsyslog (2.0.1-2) unstable; urgency=low + + * debian/control + - Drop Replaces: system-log-daemon, linux-kernel-log-daemon. There are no + conflicting files with other syslog packages so this line is not needed. + - Add new package rsyslog-doc. + - Add Suggests: rsyslog-doc to rsyslog. + * debian/rsyslog.install, debian/rsyslog-doc.install + - Move the html files from rsyslog to rsyslog-doc. + * debian/rsyslog-doc.doc-base + - Integrate the documentation with doc-base. + + -- Michael Biebl Sat, 02 Feb 2008 17:00:49 +0100 + +rsyslog (2.0.1-1) unstable; urgency=low + + * New upstream bug fix release. + + -- Michael Biebl Thu, 24 Jan 2008 18:35:20 +0100 + +rsyslog (2.0.0-2) unstable; urgency=low + + * debian/rsyslog.init + - Fix LSB init header. Use $remote_fs instead of $local_fs as the rsyslogd + daemon requires /usr to be mounted. + + -- Michael Biebl Thu, 10 Jan 2008 13:22:42 +0100 + +rsyslog (2.0.0-1) unstable; urgency=low + + * New upstream release of the stable branch of rsyslog v2. + + -- Michael Biebl Wed, 02 Jan 2008 15:39:19 +0100 + +rsyslog (1.21.2-1) unstable; urgency=low + + * New upstream release. + + -- Michael Biebl Sun, 30 Dec 2007 02:11:58 +0100 + +rsyslog (1.21.1-1) unstable; urgency=low + + * New upstream release. + + -- Michael Biebl Sun, 23 Dec 2007 19:02:11 +0100 + +rsyslog (1.21.0-1) unstable; urgency=low + + * New upstream release. + * debian/patches/ignore_non_conf_files.patch + - Dropped. A more powerful alternative has been implemented upstream which + allows to include configuration files based on wildcards. + * debian/rsyslog.conf + - Include all configuration files matching /etc/rsyslog.d/*.conf. + + -- Michael Biebl Wed, 19 Dec 2007 09:54:18 +0100 + +rsyslog (1.20.1-1) unstable; urgency=low + + * New upstream release. + * debian/rules + - Enable the PostgreSQL database support. + - Use "install -D" to install the SQL schema file for MySQL and + PostgreSQL. + * debian/control + - Add a Build-Depends on libpq-dev for the PostgreSQL support. + - Add the binary package rsyslog-pgsql. + * debian/patches/no_create_db.patch + - Updated. Only setup the tables. Leave the database creation to + dbconfig-common. + * debian/rsyslog-pgsql.install + - Install the ompgsql.so plugin. + * debian/rsyslog-pgsql.config + - Preseed the default values for dbconfig-common, database name is + "Syslog", database user "rsyslog". + * debian/rsyslog-pgsql.{postinst,prerm,postrm} + - Use dbconfig-common to setup the PostgreSQL database. + - Generate a configuration file /etc/rsyslog.d/pgsql.conf with the values + provided by dbconfig-common and use ucf and ucfr to manage this file. + * debian/rsyslog-mysql.postinst + - Use the new ":ommysql:" output selector instead of ">". + * debian/rsyslog-mysql.install + - Only install the ommysql.so plugin. + + -- Michael Biebl Wed, 12 Dec 2007 20:54:41 +0100 + +rsyslog (1.19.12-1) unstable; urgency=low + + * New upstream release. + * debian/control + - Add Depends: lsb-base (>= 3.0-6) as the init script uses the LSB logging + functions. + - Bump Standards-Version to 3.7.3. No further changes required. + + -- Michael Biebl Mon, 03 Dec 2007 19:42:19 +0100 + +rsyslog (1.19.10-1) unstable; urgency=low + + * New upstream release. + * debian/patches/man_page_format.patch + - Removed, merged upstream. + + -- Michael Biebl Fri, 19 Oct 2007 17:21:49 +0200 + +rsyslog (1.19.9-1) unstable; urgency=low + + * New upstream release. + * debian/patches/udp_msg_reception.patch + - Deleted, merged upstream. + * The mysql output plugin is now in a separate subdirectory. Change the + path to the createDB.sql script accordingly. + + -- Michael Biebl Sun, 14 Oct 2007 11:55:12 +0200 + +rsyslog (1.19.7-2) unstable; urgency=low + + * debian/patches/udp_msg_reception.patch + - Pull patch from CVS which fixes broken UDP message reception. + * debian/control + - Use the new "Homepage:" field to specify the upstream URL. + + -- Michael Biebl Fri, 28 Sep 2007 15:30:06 +0200 + +rsyslog (1.19.7-1) unstable; urgency=low + + * New upstream release. + * debian/patches/man_page_format.patch + - Fix a formatting glitch in the rsyslog.conf man page. + + -- Michael Biebl Tue, 25 Sep 2007 22:54:04 +0200 + +rsyslog (1.19.3-1) unstable; urgency=low + + * New upstream release. + + -- Michael Biebl Sun, 02 Sep 2007 20:15:02 +0200 + +rsyslog (1.19.2-1) unstable; urgency=low + + * New upstream release. + + * Enable the mysql output plugin and split it into a separate binary package + named rsyslog-mysql. Use the dbconfig-common framework to handle the + database administration. Generate a configuration file + /etc/rsyslog.d/mysql.conf with the values provided by dbconfig-common and + use ucf to manage this file. + * debian/control + - Add a build dependency on quilt and libmysqlclient15-dev. + - Add the binary package rsyslog-mysql. + - Add Suggests: rsyslog-mysql to the rsyslog package. + * debian/rules + - Include the quilt makefile and add calls to the patch/unpatch targets. + - Pass --enable-mysql to ./configure. + - Install the SQL schema file for dbconfig-common. + * debian/rsyslog-mysql.config + - Setup the default values for dbconfig-common. + * debian/rsyslog-mysql.{postinst,prerm,postrm} + - Include the dbconfig-common scripts and call the dbc_go function. + - Use ucf and ucfr to manage the generated configuration file mysql.conf. + * debian/patches/ignore_non_conf_files.patch + - Let rsyslog ignore all configuration files not ending with *.conf. + * debian/patches/no_create_db.patch + - The database creation is handled by dbconfig-common so we only need the + createDB.sql SQL schema file for setting up the tables. + * debian/patches/series + - Added, needed by quilt. Include the two patches above. + * debian/rsyslog-mysql.dirs + - Create the install directory for the SQL schema file. + * debian/rsyslog-mysql.install + - Install the mysql output plugin ommysql.so. + + -- Michael Biebl Sun, 02 Sep 2007 18:39:47 +0200 + +rsyslog (1.19.1-1) unstable; urgency=low + + * New upstream release. + + -- Michael Biebl Mon, 27 Aug 2007 19:17:14 +0200 + +rsyslog (1.18.2-1) unstable; urgency=low + + * Initial release. Closes: #435884 + + -- Michael Biebl Mon, 13 Aug 2007 19:20:48 +0200 + --- rsyslog-4.2.0.orig/debian/rsyslog.default +++ rsyslog-4.2.0/debian/rsyslog.default @@ -0,0 +1,8 @@ +# Options for rsyslogd +# -m 0 disables 'MARK' messages (deprecated, only used in compat mode < 3) +# -r enables logging from remote machines (deprecated, only used in compat mode < 3) +# -x disables DNS lookups on messages received with -r +# -c compatibility mode +# See rsyslogd(8) for more details +RSYSLOGD_OPTIONS="-c4" + --- rsyslog-4.2.0.orig/debian/rsyslog.init +++ rsyslog-4.2.0/debian/rsyslog.init @@ -0,0 +1,151 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: rsyslog +# Required-Start: $remote_fs $time +# Required-Stop: umountnfs $time +# X-Stop-After: sendsigs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: enhanced syslogd +# Description: Rsyslog is an enhanced multi-threaded syslogd. +# It is quite compatible to stock sysklogd and can be +# used as a drop-in replacement. +### END INIT INFO + +# +# Author: Michael Biebl +# + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="enhanced syslogd" +NAME=rsyslog + +RSYSLOGD=rsyslogd +RSYSLOGD_BIN=/usr/sbin/rsyslogd +RSYSLOGD_OPTIONS="-c4" +RSYSLOGD_PIDFILE=/var/run/rsyslogd.pid +KMSG_PIDFILE=/var/run/rsyslog/kmsgpipe.pid +KMSG_PIPE=/var/run/rsyslog/kmsg + +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$RSYSLOGD_BIN" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Define LSB log_* functions. +. /lib/lsb/init-functions + +do_start() +{ + DAEMON="$RSYSLOGD_BIN" + DAEMON_ARGS="$RSYSLOGD_OPTIONS" + PIDFILE="$RSYSLOGD_PIDFILE" + + # create syslog-writeable pid and fifo directory + mkdir -p /var/run/rsyslog + chown syslog:syslog /var/run/rsyslog + mkfifo -m 600 $KMSG_PIPE + chown syslog:syslog $KMSG_PIPE + + # shovel /proc/kmsg to pipe readable by syslog user + start-stop-daemon --start --pidfile $KMSG_PIDFILE --exec /bin/dd -b -m -- bs=1 if=/proc/kmsg of=$KMSG_PIPE + + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # other if daemon could not be started or a failure occured + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_ARGS +} + +do_stop() +{ + NAME="$RSYSLOGD" + PIDFILE="$RSYSLOGD_PIDFILE" + + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # other if daemon could not be stopped or a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + + # stop kmsgpipe + start-stop-daemon --stop --quiet --oknodo --pidfile $KMSG_PIDFILE + rm -f $KMSG_PIDFILE $KMSG_PIPE +} + +# +# Tell rsyslogd to reload its configuration +# +do_reload() { + NAME="$RSYSLOGD" + PIDFILE="$RSYSLOGD_PIDFILE" + + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME +} + +create_xconsole() { + if [ ! -e /dev/xconsole ] + then + mknod -m 640 /dev/xconsole p + chown root:adm /dev/xconsole + [ -x /sbin/restorecon ] && /sbin/restorecon /dev/xconsole + fi +} + +sendsigs_omit() { + OMITDIR=/lib/init/rw/sendsigs.omit.d + mkdir -p $OMITDIR + rm -f $OMITDIR/rsyslog + ln -s $RSYSLOGD_PIDFILE $OMITDIR/rsyslog + rm -f $OMITDIR/rsyslog-kmsg + ln -s $KMSG_PIDFILE $OMITDIR/rsyslog-kmsg +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$RSYSLOGD" + create_xconsole + do_start + case "$?" in + 0) sendsigs_omit + log_end_msg 0 ;; + 1) log_progress_msg "already started" + log_end_msg 0 ;; + *) log_end_msg 1 ;; + esac + + ;; + stop) + log_daemon_msg "Stopping $DESC" "$RSYSLOGD" + do_stop + case "$?" in + 0) log_end_msg 0 ;; + 1) log_progress_msg "already stopped" + log_end_msg 0 ;; + *) log_end_msg 1 ;; + esac + + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$RSYSLOGD" + do_reload + log_end_msg $? + ;; + restart) + $0 stop + $0 start + ;; + status) + status_of_proc -p $RSYSLOGD_PIDFILE $RSYSLOGD_BIN $RSYSLOGD && exit 0 || exit $? + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|status}" >&2 + exit 3 + ;; +esac + +: --- rsyslog-4.2.0.orig/debian/rsyslog.docs +++ rsyslog-4.2.0/debian/rsyslog.docs @@ -0,0 +1 @@ +AUTHORS --- rsyslog-4.2.0.orig/debian/rsyslog-doc.examples +++ rsyslog-4.2.0/debian/rsyslog-doc.examples @@ -0,0 +1 @@ +debian/sample.conf --- rsyslog-4.2.0.orig/debian/compat +++ rsyslog-4.2.0/debian/compat @@ -0,0 +1 @@ +7 --- rsyslog-4.2.0.orig/debian/rsyslog-pgsql.config +++ rsyslog-4.2.0/debian/rsyslog-pgsql.config @@ -0,0 +1,18 @@ +#!/bin/sh +# config maintainer script for rsyslog-pgsql + +set -e + +# source debconf stuff +. /usr/share/debconf/confmodule + +# source dbconfig-common shell library, and call the hook function +if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/config.pgsql + + dbc_dbname="Syslog" + dbc_dbuser="rsyslog" + + dbc_go rsyslog-pgsql $@ +fi + --- rsyslog-4.2.0.orig/debian/rsyslog.logrotate +++ rsyslog-4.2.0/debian/rsyslog.logrotate @@ -0,0 +1,37 @@ +/var/log/syslog +{ + rotate 7 + daily + missingok + notifempty + delaycompress + compress + postrotate + reload rsyslog >/dev/null 2>&1 || true + endscript +} + +/var/log/mail.info +/var/log/mail.warn +/var/log/mail.err +/var/log/mail.log +/var/log/daemon.log +/var/log/kern.log +/var/log/auth.log +/var/log/user.log +/var/log/lpr.log +/var/log/cron.log +/var/log/debug +/var/log/messages +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + reload rsyslog >/dev/null 2>&1 || true + endscript +} --- rsyslog-4.2.0.orig/debian/rsyslog-gssapi.install +++ rsyslog-4.2.0/debian/rsyslog-gssapi.install @@ -0,0 +1,3 @@ +debian/tmp/usr/lib/rsyslog/imgssapi.so +debian/tmp/usr/lib/rsyslog/lmgssutil.so +debian/tmp/usr/lib/rsyslog/omgssapi.so --- rsyslog-4.2.0.orig/debian/rsyslog-mysql.install +++ rsyslog-4.2.0/debian/rsyslog-mysql.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/rsyslog/ommysql.so +debian/rsyslog-mysql.conf.template usr/share/rsyslog-mysql/ --- rsyslog-4.2.0.orig/debian/rsyslog-mysql.postinst +++ rsyslog-4.2.0/debian/rsyslog-mysql.postinst @@ -0,0 +1,45 @@ +#!/bin/sh + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +. /usr/share/debconf/confmodule +. /usr/share/dbconfig-common/dpkg/postinst.mysql + + +dbc_generate_include_args="-o template_infile=/usr/share/rsyslog-mysql/rsyslog-mysql.conf.template" +dbc_generate_include=template:/etc/rsyslog.d/mysql.conf +dbc_go rsyslog-mysql $@ + + +case "$1" in + configure) + ucfr rsyslog-mysql /etc/rsyslog.d/mysql.conf + + invoke-rc.d rsyslog reload + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + + +#DEBHELPER# + +exit 0 --- rsyslog-4.2.0.orig/debian/copyright +++ rsyslog-4.2.0/debian/copyright @@ -0,0 +1,39 @@ +This package was debianized by Michael Biebl on +Wed, 18 Jul 2007 16:22:23 +0200. + +It was downloaded from http://www.rsyslog.com + +Upstream Authors: + + Rainer Gerhards , Adiscon GmbH + Michael Meckelein , Adiscon GmbH + +Copyright: + + Copyright (C) 1995,1996 Dr. G.W. Wettstein + Copyright (C) 1996 Enjellic Systems Development + Copyright (C) 1995 Martin Schulze + Copyright (C) 2003-2007 Rainer Gerhards and Adiscon GmbH + +License: + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +The Debian packaging is (C) 2007, Michael Biebl and +is licensed under the GPL, see above. + --- rsyslog-4.2.0.orig/debian/rsyslog-pgsql.conf.template +++ rsyslog-4.2.0/debian/rsyslog-pgsql.conf.template @@ -0,0 +1,5 @@ +### Configuration file for rsyslog-pgsql +### Changes are preserved + +$ModLoad ompgsql +*.* :ompgsql:_DBC_DBSERVER_,_DBC_DBNAME_,_DBC_DBUSER_,_DBC_DBPASS_ --- rsyslog-4.2.0.orig/debian/watch +++ rsyslog-4.2.0/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://download.rsyslog.com/rsyslog/rsyslog-(.*)\.tar\.gz --- rsyslog-4.2.0.orig/debian/rsyslog-pgsql.prerm +++ rsyslog-4.2.0/debian/rsyslog-pgsql.prerm @@ -0,0 +1,12 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule +. /usr/share/dbconfig-common/dpkg/prerm.pgsql + +dbc_go rsyslog-pgsql $@ + +#DEBHELPER# + +exit 0 --- rsyslog-4.2.0.orig/debian/50-default.conf +++ rsyslog-4.2.0/debian/50-default.conf @@ -0,0 +1,68 @@ +# Default rules for rsyslog. +# +# For more information see rsyslog.conf(5) and /etc/rsyslog.conf + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Logging for INN news system. +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg * + +# +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. +# +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warn /dev/tty8 + +# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, +# you must invoke `xconsole' with the `-file' option: +# +# $ xconsole -file /dev/xconsole [...] +# +# NOTE: adjust the list below, or you'll go crazy if you have a reasonably +# busy site.. +# +daemon.*;mail.*;\ + news.err;\ + *.=debug;*.=info;\ + *.=notice;*.=warn |/dev/xconsole --- rsyslog-4.2.0.orig/debian/README.Debian +++ rsyslog-4.2.0/debian/README.Debian @@ -0,0 +1,83 @@ +rsyslog for Debian +================== + +Configuration file(s) +--------------------- +The default configuration file for rsyslog is /etc/rsyslog.conf. + +Its format is based on the standard syslog.conf format. As rsyslog +has a lot more advanced features than sysklogd, it extends this format +with special configuration directives which all start with the '$' +prefix. See the rsyslogd(8) and rsyslog.conf(5) man pages for further +information or install the rsyslog-doc package which provides much +more detailed documentation. + +The Debian default configuration for rsyslog uses: + + $IncludeConfig /etc/rsyslog.d/*.conf + +That means, all configuration files in /etc/rsyslog.d/ with a .conf file +extension are read by rsyslog. This allows to easily extend the rsyslog +configuration (either by package maintainers or local administrators). + + +Command line arguments, modules and compatibility levels +-------------------------------------------------------- +With version 3, rsyslog became much more modular. A lot of +functionality has been moved into loadable modules, e.g. udp reception, +which must be loaded explicitly. +To keep compatibility with sysklogd, rsyslog introduced the concept of +compatibility modes, which can be selected with the -c command line +argument. E.g. with -c0, rsyslog becomes command line compatible with +sysklogd and loads a default set of modules automatically. + +The default in Debian is -c3, i.e. command line arguments like -r or +-m 0 have no effect and instead have to be configured via special +configuration directives in rsyslog.conf. + +The options that are passed to rsyslog can be changed easily by +modifying the RSYSLOGD_OPTIONS variable in /etc/default/rsyslog. + +If you have an existing, customized syslog.conf, it is recommended that +you migrate your custom logging rules to rsyslog.conf or into a separate +configuration file in /etc/rsyslog.d (in most cases it should be as +simple as copy&paste). + +To read more about this topic please see +/usr/share/doc/rsyslog-doc/html/v3compatibility.html or +http://www.rsyslog.com/doc-v3compatibility.html. + + +Log rotation +------------ +Rsyslog uses the logrotate(8) utilitiy to rotate the standard Debian +log files. The configuration file can be found at +/etc/logrotate.d/rsyslog. + +The rotation cycle starts with .1, as this is the logrotate default. +In contrast to sysklogd, which starts with .0. + +When upgrading from sysklogd, the postinst script will automatically +rotate the existing standard Debian log files, if it is safe to do so +(i.e. only if .0 is newer than .1). + + +Forwarding messages to sysklogd +------------------------------- +If you are forwarding messages from a rsyslog client to a sysklogd +server, it can lead to doubled hostnames in the syslog message on the +server side. The reason is a limitation in sysklogd which does not parse +the hostname in the syslog header (as defined by RFC 3164). See Debian +bug #514051 for more details. + +A simple workaround in rsyslog is, to define a custom template, which +does not include the hostname: + + $template sysklogd,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%" + *.* @remote-host;sysklogd + +This creates a template called "sysklogd" and assigns it to the forward +rule when logging to "remote-host". + + + -- Michael Biebl Sat, 07 Feb 2009 18:54:37 +0100 --- rsyslog-4.2.0.orig/debian/rsyslog.install +++ rsyslog-4.2.0/debian/rsyslog.install @@ -0,0 +1,17 @@ +debian/rsyslog.conf /etc/ +debian/50-default.conf /usr/share/rsyslog +debian/tmp/usr/sbin/ +debian/tmp/usr/share/man/ +debian/tmp/usr/lib/rsyslog/imfile.so +debian/tmp/usr/lib/rsyslog/imklog.so +debian/tmp/usr/lib/rsyslog/immark.so +debian/tmp/usr/lib/rsyslog/imtcp.so +debian/tmp/usr/lib/rsyslog/imudp.so +debian/tmp/usr/lib/rsyslog/imuxsock.so +debian/tmp/usr/lib/rsyslog/lmnet.so +debian/tmp/usr/lib/rsyslog/lmnetstrms.so +debian/tmp/usr/lib/rsyslog/lmnsd_ptcp.so +debian/tmp/usr/lib/rsyslog/lmregexp.so +debian/tmp/usr/lib/rsyslog/lmtcpclt.so +debian/tmp/usr/lib/rsyslog/lmtcpsrv.so +debian/tmp/usr/lib/rsyslog/ommail.so --- rsyslog-4.2.0.orig/debian/rsyslog.postrm +++ rsyslog-4.2.0/debian/rsyslog.postrm @@ -0,0 +1,34 @@ +#!/bin/sh + +set -e + +if [ "$1" = "remove" ]; then + [ -f /etc/logrotate.d/rsyslog ] && mv -f /etc/logrotate.d/rsyslog /etc/logrotate.d/rsyslog.disabled +fi + +if [ "$1" = "purge" -o "$1" = "dissappear" ]; then + [ -f /etc/logrotate.d/rsyslog.disabled ] && rm -f /etc/logrotate.d/rsyslog.disabled +fi + +if [ "$1" = "remove" ]; then + # Cleanup sendsigs omit file to avoid false positives from piuparts + rm -f /lib/init/rw/sendsigs.omit.d/rsyslog + rm -f /lib/init/rw/sendsigs.omit.d/rsyslog-kmsg +fi + +if [ "$1" = "purge" ]; then + if which ucfr >/dev/null; then + ucfr --purge rsyslog /etc/rsyslog.d/50-default.conf + fi + if which ucf >/dev/null; then + ucf --purge /etc/rsyslog.d/50-default.conf + fi + if [ -d /etc/rsyslog.d ]; then + rm -f /etc/rsyslog.d/50-default.conf + rmdir --ignore-fail-on-non-empty /etc/rsyslog.d + fi +fi + +#DEBHELPER# + +exit 0 --- rsyslog-4.2.0.orig/debian/rsyslog-relp.install +++ rsyslog-4.2.0/debian/rsyslog-relp.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/rsyslog/imrelp.so +debian/tmp/usr/lib/rsyslog/omrelp.so --- rsyslog-4.2.0.orig/debian/gbp.conf +++ rsyslog-4.2.0/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +pristine-tar = True --- rsyslog-4.2.0.orig/debian/rsyslog.preinst +++ rsyslog-4.2.0/debian/rsyslog.preinst @@ -0,0 +1,24 @@ +#!/bin/sh + +set -e + +if [ "$1" = "install" -a -n "$2" ] ; then + [ -f /etc/logrotate.d/rsyslog.disabled ] && mv -f /etc/logrotate.d/rsyslog.disabled /etc/logrotate.d/rsyslog +fi + +if [ "$1" = install ] || [ "$1" = upgrade ]; then + if [ -e "/etc/init/rsyslog-kmsg.conf" ] && [ ! -L "/etc/init/rsyslog-kmsg.conf" ]; then + if [ "`md5sum \"/etc/init/rsyslog-kmsg.conf\" | sed -e \"s/ .*//\"`" != \ + "`dpkg-query -W -f='${Conffiles}' rsyslog | sed -n -e \"\\\\' /etc/init/rsyslog-kmsg.conf '{s/ obsolete$//;s/.* //p}\"`" ] + then + echo "Obsolete conffile /etc/init/rsyslog-kmsg.conf has been modified by you, renaming to .dpkg-bak" + mv -f "/etc/init/rsyslog-kmsg.conf" "/etc/init/rsyslog-kmsg.conf.dpkg-bak" + else + rm -f "/etc/init/rsyslog-kmsg.conf" + fi + fi +fi + +#DEBHELPER# + +exit 0 --- rsyslog-4.2.0.orig/debian/rsyslog.logcheck.ignore.server +++ rsyslog-4.2.0/debian/rsyslog.logcheck.ignore.server @@ -0,0 +1,5 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: imklog [0-9.]+, log source = /proc/kmsg started.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Kernel logging \(proc\) stopped.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] \(re\)start$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] exiting on signal [0-9]+.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed, type '(restart|lightweight)'\.$ --- rsyslog-4.2.0.orig/debian/rsyslog-mysql.config +++ rsyslog-4.2.0/debian/rsyslog-mysql.config @@ -0,0 +1,18 @@ +#!/bin/sh +# config maintainer script for rsyslog-mysql + +set -e + +# source debconf stuff +. /usr/share/debconf/confmodule + +# source dbconfig-common shell library, and call the hook function +if [ -f /usr/share/dbconfig-common/dpkg/config.mysql ]; then + . /usr/share/dbconfig-common/dpkg/config.mysql + + dbc_dbname="Syslog" + dbc_dbuser="rsyslog" + + dbc_go rsyslog-mysql $@ +fi + --- rsyslog-4.2.0.orig/debian/rsyslog-pgsql.postinst +++ rsyslog-4.2.0/debian/rsyslog-pgsql.postinst @@ -0,0 +1,45 @@ +#!/bin/sh + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +. /usr/share/debconf/confmodule +. /usr/share/dbconfig-common/dpkg/postinst.pgsql + + +dbc_generate_include_args="-o template_infile=/usr/share/rsyslog-pgsql/rsyslog-pgsql.conf.template" +dbc_generate_include=template:/etc/rsyslog.d/pgsql.conf +dbc_go rsyslog-pgsql $@ + + +case "$1" in + configure) + ucfr rsyslog-pgsql /etc/rsyslog.d/pgsql.conf + + invoke-rc.d rsyslog reload + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + + +#DEBHELPER# + +exit 0 --- rsyslog-4.2.0.orig/debian/rsyslog-mysql.postrm +++ rsyslog-4.2.0/debian/rsyslog-mysql.postrm @@ -0,0 +1,55 @@ +#!/bin/sh + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule +fi +if [ -f /usr/share/dbconfig-common/dpkg/postrm.mysql ]; then + . /usr/share/dbconfig-common/dpkg/postrm.mysql + dbc_go rsyslog-mysql $@ +fi + +case "$1" in + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + purge) + CONFIGFILE=/etc/rsyslog.d/mysql.conf + + for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do + rm -f $CONFIGFILE$ext + done + + rm -f $CONFIGFILE + + if which ucf >/dev/null; then + ucf --purge $CONFIGFILE + fi + if which ucfr >/dev/null; then + ucfr --purge rsyslog-mysql $CONFIGFILE + fi + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + + +#DEBHELPER# + +exit 0 --- rsyslog-4.2.0.orig/debian/rules +++ rsyslog-4.2.0/debian/rules @@ -0,0 +1,130 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# debian/rules file for the rsyslog package. +# Author: Michael Biebl + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +# For quilt patch management. +include /usr/share/quilt/quilt.make + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +config.status: $(QUILT_STAMPFN) configure + dh_testdir + # Add here commands to configure the package. +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess config.guess +endif + ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \ + --prefix=/usr \ + --mandir=\$${prefix}/share/man \ + --infodir=\$${prefix}/share/info \ + --enable-mysql \ + --enable-pgsql \ + --enable-mail \ + --enable-imfile \ + --enable-gssapi-krb5 \ + --enable-gnutls \ + --enable-relp \ + CFLAGS="$(CFLAGS)" + + +build: build-stamp + +build-stamp: config.status + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + + touch $@ + +clean: clean-source unpatch +clean-source: + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + [ ! -f Makefile ] || $(MAKE) distclean + rm -f config.sub config.guess + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + + # Add here commands to install the package into debian/rsyslog. + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + + install --mode=644 -D plugins/ommysql/createDB.sql debian/rsyslog-mysql/usr/share/dbconfig-common/data/rsyslog-mysql/install/mysql + install --mode=644 -D plugins/ompgsql/createDB.sql debian/rsyslog-pgsql/usr/share/dbconfig-common/data/rsyslog-pgsql/install/pgsql + +# Build architecture-independent files here. +binary-indep: DH_OPTIONS=-i +binary-indep: build install + dh_testdir + dh_testroot + dh_installdirs + dh_installchangelogs + dh_installdocs + dh_installexamples + dh_install + dh_link + dh_compress -X .conf + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: DH_OPTIONS=-a +binary-arch: build install + dh_testdir + dh_testroot + dh_installdirs + dh_installchangelogs + dh_installdocs + dh_installexamples + dh_installlogcheck + dh_install + dh_installlogrotate + dh_installinit -R -- start 10 2 3 4 5 . start 30 0 6 . stop 90 1 . + dh_installinit --upstart-only --name=dmesg --no-start + dh_installman + dh_installdebconf + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- rsyslog-4.2.0.orig/debian/rsyslog.postinst +++ rsyslog-4.2.0/debian/rsyslog.postinst @@ -0,0 +1,106 @@ +#!/bin/sh + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +rotate_old_log_files() +{ + log_files="syslog mail.info mail.warn mail.err mail.log daemon.log \ + kern.log auth.log user.log lpr.log cron.log debug messages" + skipped_files="" + dir=/var/log + + for f in $log_files; do + if [ -e $dir/$f.0 ]; then + rotate="yes" + if [ -e $dir/$f.1.gz ]; then + date0=$(stat --format=%Y $dir/$f.0) + date1=$(stat --format=%Y $dir/$f.1.gz) + if [ $date0 -lt $date1 ] ; then + # .0 log file is older than .1 + skipped_files="$dir/$f.0\n$skipped_files" + rotate="no" + fi + fi + if [ "$rotate" = "yes" ] ; then + for s in $(seq 9 -1 1) ; do + if [ -e $dir/$f.$s.gz ]; then + mv $dir/$f.$s.gz $dir/$f.$(($s+1)).gz + fi + done + mv $dir/$f.0 $dir/$f.1 + fi + fi + done + if [ -n "$skipped_files" ]; then + printf "The following old log files were found which could not be rotated safely.\n" + printf "\n$skipped_files\n" + printf "Please inspect them manually and delete them, if no longer required.\n" + fi +} + + +case "$1" in + configure) + # Rotate .0 log files when migrating from sysklogd + if dpkg --compare-versions "$2" lt "3.18.5-1"; then + rotate_old_log_files + fi + + user_conf=/etc/rsyslog.d/50-default.conf + default_conf=/usr/share/rsyslog/50-default.conf + + # Upgrade handling for config file. We copy syslog.conf if it exists and + # is modified, else use our default fresh-install config. + if dpkg --compare-versions "$2" lt "3.22.0-1ubuntu1"; then + pkg_name=sysklogd + old_conf=/etc/syslog.conf + if [ -e $old_conf ]; then + md5sum="`md5sum \"$old_conf\" | sed -e \"s/ .*//\"`" + old_md5sum="$(dpkg-query -W -f='${Conffiles}' $pkg_name | \ + sed -n -e "\' $old_conf ' { s/ obsolete$//; s/.* //; p }")" + if [ "$md5sum" != "$old_md5sum" ]; then + cp -n $old_conf $user_conf + fi + fi + fi + + ucf --three-way --debconf-ok $default_conf $user_conf + ucfr rsyslog $user_conf + + adduser --system --group --no-create-home --quiet syslog || true + + # Gross hack to stop an error when upgrading from sysklogd to rsyslog. + # sysklogd tries to 'deluser syslog' but rsyslog will be running by then. + # It was decided sysklogd should not be trying to delete the user at all. + # So we correct that mistake by sed'ing sysklogd's postrm script. + # See LP: #401056 + if [ -e /var/lib/dpkg/info/sysklogd.postrm ]; then + sed -i -e '/deluser/d' /var/lib/dpkg/info/sysklogd.postrm + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + + +#DEBHELPER# + +exit 0 --- rsyslog-4.2.0.orig/debian/rsyslog-mysql.prerm +++ rsyslog-4.2.0/debian/rsyslog-mysql.prerm @@ -0,0 +1,12 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule +. /usr/share/dbconfig-common/dpkg/prerm.mysql + +dbc_go rsyslog-mysql $@ + +#DEBHELPER# + +exit 0 --- rsyslog-4.2.0.orig/debian/patches/deroot.patch +++ rsyslog-4.2.0/debian/patches/deroot.patch @@ -0,0 +1,318 @@ +Index: rsyslog-4.2.0/tools/syslogd.c +=================================================================== +--- rsyslog-4.2.0.orig/tools/syslogd.c 2010-02-24 16:48:14.337293284 +0000 ++++ rsyslog-4.2.0/tools/syslogd.c 2010-02-24 16:48:14.347293719 +0000 +@@ -2291,6 +2291,30 @@ + } + + ++/* Actually run the input modules. This happens after privileges are dropped, ++ * if that is requested. ++ */ ++static rsRetVal ++runInputModules(void) ++{ ++ DEFiRet; ++ modInfo_t *pMod; ++ ++ /* loop through all modules and activate them (brr...) */ ++ pMod = module.GetNxtType(NULL, eMOD_IN); ++ while(pMod != NULL) { ++ if(pMod->mod.im.bCanRun) { ++ /* activate here */ ++ thrdCreate(pMod->mod.im.runInput, pMod->mod.im.afterRun); ++ } ++ pMod = module.GetNxtType(pMod, eMOD_IN); ++ } ++ ++ ENDfunc ++ return RS_RET_OK; /* intentional: we do not care about module errors */ ++} ++ ++ + /* Start the input modules. This function will probably undergo big changes + * while we implement the input module interface. For now, it does the most + * important thing to get at least my poor initial input modules up and +@@ -2298,7 +2322,7 @@ + * rgerhards, 2007-12-14 + */ + static rsRetVal +-startInputModules(void) ++startInputModules(int bRunInputModules) + { + DEFiRet; + modInfo_t *pMod; +@@ -2306,15 +2330,18 @@ + /* loop through all modules and activate them (brr...) */ + pMod = module.GetNxtType(NULL, eMOD_IN); + while(pMod != NULL) { +- if((iRet = pMod->mod.im.willRun()) == RS_RET_OK) { +- /* activate here */ +- thrdCreate(pMod->mod.im.runInput, pMod->mod.im.afterRun); +- } else { ++ iRet = pMod->mod.im.willRun(); ++ pMod->mod.im.bCanRun = (iRet == RS_RET_OK); ++ if(!pMod->mod.im.bCanRun) { + dbgprintf("module %lx will not run, iRet %d\n", (unsigned long) pMod, iRet); + } + pMod = module.GetNxtType(pMod, eMOD_IN); + } + ++ if (bRunInputModules) { ++ runInputModules(); ++ } ++ + ENDfunc + return RS_RET_OK; /* intentional: we do not care about module errors */ + } +@@ -2326,7 +2353,7 @@ + * else happens. -- rgerhards, 2008-07-28 + */ + static rsRetVal +-init(void) ++init(int bRunInputModules) + { + DEFiRet; + rsRetVal localRet; +@@ -2521,7 +2548,7 @@ + * shuffled to down here once we have everything in input modules. + * rgerhards, 2007-12-14 + */ +- startInputModules(); ++ startInputModules(bRunInputModules); + + if(Debug) { + dbgPrintInitInfo(); +@@ -2694,7 +2721,7 @@ + + if(glbl.GetHUPisRestart()) { + DBGPRINTF("Received SIGHUP, configured to be restart, reloading rsyslogd.\n"); +- init(); /* main queue is stopped as part of init() */ ++ init(1); /* main queue is stopped as part of init() */ + } else { + DBGPRINTF("Received SIGHUP, configured to be a non-restart type of HUP - notifying actions.\n"); + for(f = Files; f != NULL ; f = f->f_next) { +@@ -2987,7 +3014,7 @@ + pTmp = template_StdPgSQLFmt; + tplLastStaticInit(tplAddLine(" StdPgSQLFmt", &pTmp)); + +- CHKiRet(init()); ++ CHKiRet(init(0)); + + if(Debug && debugging_on) { + dbgprintf("Debugging enabled, SIGUSR1 to turn off debugging.\n"); +@@ -3015,6 +3042,8 @@ + glbl.SetHUPisRestart(0); /* we can not do restart-type HUPs with dropped privs */ + } + ++ runInputModules(); ++ + /* END OF INTIALIZATION + * ... but keep in mind that we might do a restart and thus init() might + * be called again. If that happens, we must shut down the worker thread, +Index: rsyslog-4.2.0/plugins/imklog/bsd.c +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/bsd.c 2009-06-14 11:25:11.000000000 +0100 ++++ rsyslog-4.2.0/plugins/imklog/bsd.c 2010-02-24 16:48:14.367293195 +0000 +@@ -83,6 +83,11 @@ + # define _PATH_KLOG "/dev/klog" + #endif + ++static uchar *GetPath(void) ++{ ++ return pszPath ? pszPath : _PATH_KLOG; ++} ++ + /* open the kernel log - will be called inside the willRun() imklog + * entry point. -- rgerhards, 2008-04-09 + */ +@@ -91,9 +96,9 @@ + { + DEFiRet; + +- fklog = open(_PATH_KLOG, O_RDONLY, 0); ++ fklog = open(GetPath(), O_RDONLY, 0); + if (fklog < 0) { +- dbgprintf("can't open %s (%d)\n", _PATH_KLOG, errno); ++ dbgprintf("can't open %s (%d)\n", GetPath(), errno); + iRet = RS_RET_ERR; // TODO: better error code + } + +Index: rsyslog-4.2.0/plugins/imklog/imklog.c +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/imklog.c 2009-06-22 18:11:10.000000000 +0100 ++++ rsyslog-4.2.0/plugins/imklog/imklog.c 2010-02-24 16:48:14.377293072 +0000 +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + + #include "dirty.h" + #include "cfsysline.h" +@@ -68,6 +69,7 @@ + int symbol_lookup = 0; /* on recent kernels > 2.6, the kernel does this */ + int bPermitNonKernel = 0; /* permit logging of messages not having LOG_KERN facility */ + int iFacilIntMsg; /* the facility to use for internal messages (set by driver) */ ++uchar *pszPath = NULL; + /* TODO: configuration for the following directives must be implemented. It + * was not done yet because we either do not yet have a config handler for + * that type or I thought it was acceptable to push it to a later stage when +@@ -244,6 +246,8 @@ + /* release objects we used */ + objRelease(glbl, CORE_COMPONENT); + objRelease(datetime, CORE_COMPONENT); ++ if(pszPath != NULL) ++ free(pszPath); + ENDmodExit + + +@@ -260,6 +264,10 @@ + symfile = NULL; + symbol_lookup = 0; + bPermitNonKernel = 0; ++ if(pszPath != NULL) { ++ free(pszPath); ++ pszPath = NULL; ++ } + iFacilIntMsg = klogFacilIntMsg(); + return RS_RET_OK; + } +@@ -274,6 +282,7 @@ + iFacilIntMsg = klogFacilIntMsg(); + + CHKiRet(omsdRegCFSLineHdlr((uchar *)"debugprintkernelsymbols", 0, eCmdHdlrBinary, NULL, &dbgPrintSymbols, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogpath", 0, eCmdHdlrGetWord, NULL, &pszPath, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbollookup", 0, eCmdHdlrBinary, NULL, &symbol_lookup, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbolstwice", 0, eCmdHdlrBinary, NULL, &symbols_twice, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogusesyscallinterface", 0, eCmdHdlrBinary, NULL, &use_syscall, STD_LOADABLE_MODULE_ID)); +Index: rsyslog-4.2.0/plugins/imklog/imklog.h +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/imklog.h 2009-06-14 11:25:11.000000000 +0100 ++++ rsyslog-4.2.0/plugins/imklog/imklog.h 2010-02-24 16:48:14.377293072 +0000 +@@ -52,6 +52,7 @@ + extern char *symfile; + extern int console_log_level; + extern int dbgPrintSymbols; ++extern uchar *pszPath; + + /* the functions below may be called by the drivers */ + rsRetVal imklogLogIntMsg(int priority, char *fmt, ...) __attribute__((format(printf,2, 3))); +Index: rsyslog-4.2.0/plugins/imklog/linux.c +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/linux.c 2009-06-18 10:11:03.000000000 +0100 ++++ rsyslog-4.2.0/plugins/imklog/linux.c 2010-02-24 17:58:08.107293037 +0000 +@@ -84,6 +84,11 @@ + extern int ksyslog(int type, char *buf, int len); + + ++static uchar *GetPath(void) ++{ ++ return pszPath ? pszPath : _PATH_KLOG; ++} ++ + static void CloseLogSrc(void) + { + /* Turn on logging of messages to console, but only if we had the -c +@@ -114,6 +119,8 @@ + static enum LOGSRC GetKernelLogSrc(void) + { + auto struct stat sb; ++ uid_t iwas; ++ char buf; + + /* Set level of kernel console messaging.. */ + if ( (console_log_level != -1) && +@@ -130,28 +137,32 @@ + "console output."); + } + +- /* +- * First do a stat to determine whether or not the proc based +- * file system is available to get kernel messages from. +- */ +- if ( use_syscall || +- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) ) +- { +- /* Initialize kernel logging. */ +- ksyslog(1, NULL, 0); +- imklogLogIntMsg(LOG_INFO, "imklog %s, log source = ksyslog " +- "started.", VERSION); +- return(kernel); +- } +- +- if ( (kmsg = open(_PATH_KLOG, O_RDONLY|O_CLOEXEC)) < 0 ) ++ if ( (kmsg = open(GetPath(), O_RDONLY|O_CLOEXEC)) < 0 ) + { + imklogLogIntMsg(LOG_ERR, "imklog: Cannot open proc file system, %d.\n", errno); + ksyslog(7, NULL, 0); /* TODO: check this, implement more */ + return(none); + } + +- imklogLogIntMsg(LOG_INFO, "imklog %s, log source = %s started.", VERSION, _PATH_KLOG); ++ iwas = geteuid(); ++ if (seteuid(65534) == 0) ++ { ++ if ((read(kmsg, &buf, 0) < 0) && ++ (errno == EPERM)) ++ { ++ int saved_errno = errno; ++ seteuid(iwas); ++ close(kmsg); ++ errno = saved_errno; ++ imklogLogIntMsg(LOG_ERR, "imklog: Cannot read proc file system, %d.\n", errno); ++ ksyslog(7, NULL, 0); /* TODO: check this, implement more */ ++ return(none); ++ } ++ ++ seteuid(iwas); ++ } ++ ++ imklogLogIntMsg(LOG_INFO, "imklog %s, log source = %s started.", VERSION, GetPath()); + return(proc); + } + +Index: rsyslog-4.2.0/runtime/modules.c +=================================================================== +--- rsyslog-4.2.0.orig/runtime/modules.c 2009-06-22 18:11:10.000000000 +0100 ++++ rsyslog-4.2.0/runtime/modules.c 2010-02-24 16:48:14.387293229 +0000 +@@ -390,6 +390,7 @@ + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"runInput", &pNew->mod.im.runInput)); + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"willRun", &pNew->mod.im.willRun)); + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"afterRun", &pNew->mod.im.afterRun)); ++ pNew->mod.im.bCanRun = 0; + break; + case eMOD_OUT: + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"freeInstance", &pNew->freeInstance)); +Index: rsyslog-4.2.0/runtime/modules.h +=================================================================== +--- rsyslog-4.2.0.orig/runtime/modules.h 2009-06-22 18:11:10.000000000 +0100 ++++ rsyslog-4.2.0/runtime/modules.h 2010-02-24 16:48:14.407293542 +0000 +@@ -106,6 +106,7 @@ + rsRetVal (*runInput)(thrdInfo_t*); /* function to gather input and submit to queue */ + rsRetVal (*willRun)(void); /* function to gather input and submit to queue */ + rsRetVal (*afterRun)(thrdInfo_t*); /* function to gather input and submit to queue */ ++ int bCanRun; /* cached value of whether willRun() succeeded */ + } im; + struct {/* data for output modules */ + /* below: perform the configured action +Index: rsyslog-4.2.0/tools/omfile.c +=================================================================== +--- rsyslog-4.2.0.orig/tools/omfile.c 2009-06-22 18:11:10.000000000 +0100 ++++ rsyslog-4.2.0/tools/omfile.c 2010-02-24 16:48:14.407293542 +0000 +@@ -421,6 +421,7 @@ + */ + pData->fd = open((char*) newFileName, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY|O_CLOEXEC, + pData->fCreateMode); ++ } + if(pData->fd != -1) { + /* check and set uid/gid */ + if(pData->fileUID != (uid_t)-1 || pData->fileGID != (gid_t) -1) { +@@ -438,7 +439,6 @@ + } + } + } +- } + finalize_it: + /* this was "pData->fd != 0", which I think was a bug. I guess 0 was intended to mean + * non-open file descriptor. Anyhow, I leave this comment for the time being to that if --- rsyslog-4.2.0.orig/debian/patches/CVE-2014-3634.patch +++ rsyslog-4.2.0/debian/patches/CVE-2014-3634.patch @@ -0,0 +1,37 @@ +Description: fix denial of service and possible code execution via + invalid PRI value +Origin: prifix.v3.22.4 patch by Rainer Gerhards, and updated for + the CVE-2014-3683 fix + +Index: rsyslog-4.2.0/runtime/rsyslog.h +=================================================================== +--- rsyslog-4.2.0.orig/runtime/rsyslog.h 2009-06-22 13:11:10.000000000 -0400 ++++ rsyslog-4.2.0/runtime/rsyslog.h 2014-10-01 09:46:24.028313322 -0400 +@@ -3,7 +3,7 @@ + * + * Begun 2005-09-15 RGerhards + * +- * Copyright (C) 2005-2008 by Rainer Gerhards and Adiscon GmbH ++ * Copyright (C) 2005-2014 by Rainer Gerhards and Adiscon GmbH + * + * This file is part of the rsyslog runtime library. + * +@@ -53,9 +53,15 @@ + #ifndef LOG_PRI + # define LOG_PRI(p) ((p) & LOG_PRIMASK) + #endif +-#ifndef LOG_FAC +-# define LOG_FAC(p) (((p) & LOG_FACMASK) >> 3) +-#endif ++#undef LOG_FAC ++/* we need to use a function to avoid side-effects. This MUST guard ++ * against invalid facility values. rgerhards, 2014-09-16 ++ */ ++static inline int LOG_FAC(int pri) ++{ ++ int fac = pri >> 3; ++ return (fac > 23) ? 23 : fac; ++} + + + /* define some base data types */ --- rsyslog-4.2.0.orig/debian/patches/series +++ rsyslog-4.2.0/debian/patches/series @@ -0,0 +1,5 @@ +no_create_db.patch +manpage_pidfile.patch +close-stdout-stderr.patch +deroot.patch +CVE-2014-3634.patch --- rsyslog-4.2.0.orig/debian/patches/deroot.patch.old +++ rsyslog-4.2.0/debian/patches/deroot.patch.old @@ -0,0 +1,291 @@ +Index: rsyslog-4.2.0/tools/syslogd.c +=================================================================== +--- rsyslog-4.2.0.orig/tools/syslogd.c 2009-08-31 14:47:13.000000000 -0400 ++++ rsyslog-4.2.0/tools/syslogd.c 2009-08-31 14:47:13.000000000 -0400 +@@ -2291,6 +2291,30 @@ + } + + ++/* Actually run the input modules. This happens after privileges are dropped, ++ * if that is requested. ++ */ ++static rsRetVal ++runInputModules(void) ++{ ++ DEFiRet; ++ modInfo_t *pMod; ++ ++ /* loop through all modules and activate them (brr...) */ ++ pMod = module.GetNxtType(NULL, eMOD_IN); ++ while(pMod != NULL) { ++ if(pMod->mod.im.bCanRun) { ++ /* activate here */ ++ thrdCreate(pMod->mod.im.runInput, pMod->mod.im.afterRun); ++ } ++ pMod = module.GetNxtType(pMod, eMOD_IN); ++ } ++ ++ ENDfunc ++ return RS_RET_OK; /* intentional: we do not care about module errors */ ++} ++ ++ + /* Start the input modules. This function will probably undergo big changes + * while we implement the input module interface. For now, it does the most + * important thing to get at least my poor initial input modules up and +@@ -2298,7 +2322,7 @@ + * rgerhards, 2007-12-14 + */ + static rsRetVal +-startInputModules(void) ++startInputModules(int bRunInputModules) + { + DEFiRet; + modInfo_t *pMod; +@@ -2306,15 +2330,18 @@ + /* loop through all modules and activate them (brr...) */ + pMod = module.GetNxtType(NULL, eMOD_IN); + while(pMod != NULL) { +- if((iRet = pMod->mod.im.willRun()) == RS_RET_OK) { +- /* activate here */ +- thrdCreate(pMod->mod.im.runInput, pMod->mod.im.afterRun); +- } else { ++ iRet = pMod->mod.im.willRun(); ++ pMod->mod.im.bCanRun = (iRet == RS_RET_OK); ++ if(!pMod->mod.im.bCanRun) { + dbgprintf("module %lx will not run, iRet %d\n", (unsigned long) pMod, iRet); + } + pMod = module.GetNxtType(pMod, eMOD_IN); + } + ++ if (bRunInputModules) { ++ runInputModules(); ++ } ++ + ENDfunc + return RS_RET_OK; /* intentional: we do not care about module errors */ + } +@@ -2326,7 +2353,7 @@ + * else happens. -- rgerhards, 2008-07-28 + */ + static rsRetVal +-init(void) ++init(int bRunInputModules) + { + DEFiRet; + rsRetVal localRet; +@@ -2521,7 +2548,7 @@ + * shuffled to down here once we have everything in input modules. + * rgerhards, 2007-12-14 + */ +- startInputModules(); ++ startInputModules(bRunInputModules); + + if(Debug) { + dbgPrintInitInfo(); +@@ -2694,7 +2721,7 @@ + + if(glbl.GetHUPisRestart()) { + DBGPRINTF("Received SIGHUP, configured to be restart, reloading rsyslogd.\n"); +- init(); /* main queue is stopped as part of init() */ ++ init(1); /* main queue is stopped as part of init() */ + } else { + DBGPRINTF("Received SIGHUP, configured to be a non-restart type of HUP - notifying actions.\n"); + for(f = Files; f != NULL ; f = f->f_next) { +@@ -2987,7 +3014,7 @@ + pTmp = template_StdPgSQLFmt; + tplLastStaticInit(tplAddLine(" StdPgSQLFmt", &pTmp)); + +- CHKiRet(init()); ++ CHKiRet(init(0)); + + if(Debug && debugging_on) { + dbgprintf("Debugging enabled, SIGUSR1 to turn off debugging.\n"); +@@ -3015,6 +3042,8 @@ + glbl.SetHUPisRestart(0); /* we can not do restart-type HUPs with dropped privs */ + } + ++ runInputModules(); ++ + /* END OF INTIALIZATION + * ... but keep in mind that we might do a restart and thus init() might + * be called again. If that happens, we must shut down the worker thread, +Index: rsyslog-4.2.0/plugins/imklog/bsd.c +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/bsd.c 2009-06-14 06:25:11.000000000 -0400 ++++ rsyslog-4.2.0/plugins/imklog/bsd.c 2009-08-31 14:47:13.000000000 -0400 +@@ -83,6 +83,11 @@ + # define _PATH_KLOG "/dev/klog" + #endif + ++static uchar *GetPath(void) ++{ ++ return pszPath ? pszPath : _PATH_KLOG; ++} ++ + /* open the kernel log - will be called inside the willRun() imklog + * entry point. -- rgerhards, 2008-04-09 + */ +@@ -91,9 +96,9 @@ + { + DEFiRet; + +- fklog = open(_PATH_KLOG, O_RDONLY, 0); ++ fklog = open(GetPath(), O_RDONLY, 0); + if (fklog < 0) { +- dbgprintf("can't open %s (%d)\n", _PATH_KLOG, errno); ++ dbgprintf("can't open %s (%d)\n", GetPath(), errno); + iRet = RS_RET_ERR; // TODO: better error code + } + +Index: rsyslog-4.2.0/plugins/imklog/imklog.c +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/imklog.c 2009-06-22 13:11:10.000000000 -0400 ++++ rsyslog-4.2.0/plugins/imklog/imklog.c 2009-08-31 14:47:13.000000000 -0400 +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + + #include "dirty.h" + #include "cfsysline.h" +@@ -68,6 +69,7 @@ + int symbol_lookup = 0; /* on recent kernels > 2.6, the kernel does this */ + int bPermitNonKernel = 0; /* permit logging of messages not having LOG_KERN facility */ + int iFacilIntMsg; /* the facility to use for internal messages (set by driver) */ ++uchar *pszPath = NULL; + /* TODO: configuration for the following directives must be implemented. It + * was not done yet because we either do not yet have a config handler for + * that type or I thought it was acceptable to push it to a later stage when +@@ -244,6 +246,8 @@ + /* release objects we used */ + objRelease(glbl, CORE_COMPONENT); + objRelease(datetime, CORE_COMPONENT); ++ if(pszPath != NULL) ++ free(pszPath); + ENDmodExit + + +@@ -260,6 +264,10 @@ + symfile = NULL; + symbol_lookup = 0; + bPermitNonKernel = 0; ++ if(pszPath != NULL) { ++ free(pszPath); ++ pszPath = NULL; ++ } + iFacilIntMsg = klogFacilIntMsg(); + return RS_RET_OK; + } +@@ -274,6 +282,7 @@ + iFacilIntMsg = klogFacilIntMsg(); + + CHKiRet(omsdRegCFSLineHdlr((uchar *)"debugprintkernelsymbols", 0, eCmdHdlrBinary, NULL, &dbgPrintSymbols, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogpath", 0, eCmdHdlrGetWord, NULL, &pszPath, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbollookup", 0, eCmdHdlrBinary, NULL, &symbol_lookup, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbolstwice", 0, eCmdHdlrBinary, NULL, &symbols_twice, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogusesyscallinterface", 0, eCmdHdlrBinary, NULL, &use_syscall, STD_LOADABLE_MODULE_ID)); +Index: rsyslog-4.2.0/plugins/imklog/imklog.h +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/imklog.h 2009-06-14 06:25:11.000000000 -0400 ++++ rsyslog-4.2.0/plugins/imklog/imklog.h 2009-08-31 14:47:13.000000000 -0400 +@@ -52,6 +52,7 @@ + extern char *symfile; + extern int console_log_level; + extern int dbgPrintSymbols; ++extern uchar *pszPath; + + /* the functions below may be called by the drivers */ + rsRetVal imklogLogIntMsg(int priority, char *fmt, ...) __attribute__((format(printf,2, 3))); +Index: rsyslog-4.2.0/plugins/imklog/linux.c +=================================================================== +--- rsyslog-4.2.0.orig/plugins/imklog/linux.c 2009-06-18 05:11:03.000000000 -0400 ++++ rsyslog-4.2.0/plugins/imklog/linux.c 2009-08-31 14:47:13.000000000 -0400 +@@ -84,6 +84,11 @@ + extern int ksyslog(int type, char *buf, int len); + + ++static uchar *GetPath(void) ++{ ++ return pszPath ? pszPath : _PATH_KLOG; ++} ++ + static void CloseLogSrc(void) + { + /* Turn on logging of messages to console, but only if we had the -c +@@ -130,28 +135,14 @@ + "console output."); + } + +- /* +- * First do a stat to determine whether or not the proc based +- * file system is available to get kernel messages from. +- */ +- if ( use_syscall || +- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) ) +- { +- /* Initialize kernel logging. */ +- ksyslog(1, NULL, 0); +- imklogLogIntMsg(LOG_INFO, "imklog %s, log source = ksyslog " +- "started.", VERSION); +- return(kernel); +- } +- +- if ( (kmsg = open(_PATH_KLOG, O_RDONLY|O_CLOEXEC)) < 0 ) ++ if ( (kmsg = open(GetPath(), O_RDONLY|O_CLOEXEC)) < 0 ) + { + imklogLogIntMsg(LOG_ERR, "imklog: Cannot open proc file system, %d.\n", errno); + ksyslog(7, NULL, 0); /* TODO: check this, implement more */ + return(none); + } + +- imklogLogIntMsg(LOG_INFO, "imklog %s, log source = %s started.", VERSION, _PATH_KLOG); ++ imklogLogIntMsg(LOG_INFO, "imklog %s, log source = %s started.", VERSION, GetPath()); + return(proc); + } + +Index: rsyslog-4.2.0/runtime/modules.c +=================================================================== +--- rsyslog-4.2.0.orig/runtime/modules.c 2009-06-22 13:11:10.000000000 -0400 ++++ rsyslog-4.2.0/runtime/modules.c 2009-08-31 14:47:13.000000000 -0400 +@@ -390,6 +390,7 @@ + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"runInput", &pNew->mod.im.runInput)); + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"willRun", &pNew->mod.im.willRun)); + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"afterRun", &pNew->mod.im.afterRun)); ++ pNew->mod.im.bCanRun = 0; + break; + case eMOD_OUT: + CHKiRet((*pNew->modQueryEtryPt)((uchar*)"freeInstance", &pNew->freeInstance)); +Index: rsyslog-4.2.0/runtime/modules.h +=================================================================== +--- rsyslog-4.2.0.orig/runtime/modules.h 2009-06-22 13:11:10.000000000 -0400 ++++ rsyslog-4.2.0/runtime/modules.h 2009-08-31 14:47:13.000000000 -0400 +@@ -106,6 +106,7 @@ + rsRetVal (*runInput)(thrdInfo_t*); /* function to gather input and submit to queue */ + rsRetVal (*willRun)(void); /* function to gather input and submit to queue */ + rsRetVal (*afterRun)(thrdInfo_t*); /* function to gather input and submit to queue */ ++ int bCanRun; /* cached value of whether willRun() succeeded */ + } im; + struct {/* data for output modules */ + /* below: perform the configured action +Index: rsyslog-4.2.0/tools/omfile.c +=================================================================== +--- rsyslog-4.2.0.orig/tools/omfile.c 2009-08-31 14:47:37.000000000 -0400 ++++ rsyslog-4.2.0/tools/omfile.c 2009-08-31 14:48:30.000000000 -0400 +@@ -421,6 +421,7 @@ + */ + pData->fd = open((char*) newFileName, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY|O_CLOEXEC, + pData->fCreateMode); ++ } + if(pData->fd != -1) { + /* check and set uid/gid */ + if(pData->fileUID != (uid_t)-1 || pData->fileGID != (gid_t) -1) { +@@ -438,7 +439,6 @@ + } + } + } +- } + finalize_it: + /* this was "pData->fd != 0", which I think was a bug. I guess 0 was intended to mean + * non-open file descriptor. Anyhow, I leave this comment for the time being to that if --- rsyslog-4.2.0.orig/debian/patches/no_create_db.patch +++ rsyslog-4.2.0/debian/patches/no_create_db.patch @@ -0,0 +1,31 @@ +Index: rsyslog/plugins/ommysql/createDB.sql +=================================================================== +--- rsyslog.orig/plugins/ommysql/createDB.sql 2007-12-12 18:18:29.000000000 +0100 ++++ rsyslog/plugins/ommysql/createDB.sql 2008-02-12 16:03:04.000000000 +0100 +@@ -1,6 +1,4 @@ +-CREATE DATABASE Syslog; +-USE Syslog; +-CREATE TABLE SystemEvents ++CREATE TABLE IF NOT EXISTS SystemEvents + ( + ID int unsigned not null auto_increment primary key, + CustomerID bigint, +@@ -28,7 +26,7 @@ + SystemID int NULL + ); + +-CREATE TABLE SystemEventsProperties ++CREATE TABLE IF NOT EXISTS SystemEventsProperties + ( + ID int unsigned not null auto_increment primary key, + SystemEventID int NULL , +Index: rsyslog/plugins/ompgsql/createDB.sql +=================================================================== +--- rsyslog.orig/plugins/ompgsql/createDB.sql 2007-12-12 18:18:29.000000000 +0100 ++++ rsyslog/plugins/ompgsql/createDB.sql 2008-02-12 16:03:04.000000000 +0100 +@@ -1,5 +1,3 @@ +-CREATE DATABASE "Syslog"; +-\c Syslog; + CREATE TABLE SystemEvents + ( + ID serial not null primary key, --- rsyslog-4.2.0.orig/debian/patches/manpage_pidfile.patch +++ rsyslog-4.2.0/debian/patches/manpage_pidfile.patch @@ -0,0 +1,21 @@ +diff --git a/tools/rsyslogd.8 b/tools/rsyslogd.8 +index 7abcf97..7d4b5e0 100644 +--- a/tools/rsyslogd.8 ++++ b/tools/rsyslogd.8 +@@ -234,14 +234,14 @@ reacts to a set of signals. You may easily send a signal to + using the following: + .IP + .nf +-kill -SIGNAL $(cat /var/run/syslogd.pid) ++kill -SIGNAL $(cat /var/run/rsyslogd.pid) + .fi + .PP + Note that -SIGNAL must be replaced with the actual signal + you are trying to send, e.g. with HUP. So it then becomes: + .IP + .nf +-kill -HUP $(cat /var/run/syslogd.pid) ++kill -HUP $(cat /var/run/rsyslogd.pid) + .fi + .PP + .TP --- rsyslog-4.2.0.orig/debian/patches/close-stdout-stderr.patch +++ rsyslog-4.2.0/debian/patches/close-stdout-stderr.patch @@ -0,0 +1,43 @@ +commit 6511278082a7e1e9602385cd24cdb5e363cb702f +Author: Rainer Gerhards +Date: Mon Jun 29 12:40:41 2009 +0200 + + bugfix: ssh session hangs after rsyslgod is started from it + + stderr/stdout were not closed to be able to emit error messages, + but this caused ssh sessions to hang. Now we close them after the + initial initialization. See forum thread: + http://kb.monitorware.com/controlling-terminal-issues-t9875.html + +diff --git a/tools/syslogd.c b/tools/syslogd.c +index 77273be..45c5566 100644 +--- a/tools/syslogd.c ++++ b/tools/syslogd.c +@@ -3015,7 +3015,6 @@ static rsRetVal mainThread() + glbl.SetHUPisRestart(0); /* we can not do restart-type HUPs with dropped privs */ + } + +- + /* END OF INTIALIZATION + * ... but keep in mind that we might do a restart and thus init() might + * be called again. If that happens, we must shut down the worker thread, +@@ -3024,6 +3023,19 @@ static rsRetVal mainThread() + */ + dbgprintf("initialization completed, transitioning to regular run mode\n"); + ++ /* close stderr and stdout if they are kept open during a fork. Note that this ++ * may introduce subtle security issues: if we are in a jail, one may break out of ++ * it via these descriptors. But if I close them earlier, error messages will (once ++ * again) not be emitted to the user that starts the daemon. As root jail support ++ * is still in its infancy (and not really done), we currently accept this issue. ++ * rgerhards, 2009-06-29 ++ */ ++ if(!(Debug || NoFork)) { ++ close(1); ++ close(2); ++ bErrMsgToStderr = 0; ++ } ++ + mainloop(); + + finalize_it: