[syslog-ng/f13] * Update to 3.1.4 + patch for CVE-2011-1951
Jose Pedro Oliveira
jpo at fedoraproject.org
Fri Jun 17 18:48:28 UTC 2011
commit a3bf2c0e1206031d35e046b2f351f0b2ce60fb16
Author: Jose Pedro Oliveira <jpo at di.uminho.pt>
Date: Fri Jun 17 19:47:08 2011 +0100
* Update to 3.1.4 + patch for CVE-2011-1951
.gitignore | 1 +
rsyslog-3.14.1-logrotate.d-rsyslog.log | 6 -
rsyslog-syslog-ng.sysconfig | 3 -
sources | 2 +-
sysklogd-1.4.1-44-logrotate.d-syslog.log | 7 -
sysklogd-1.4.1-logrotate.d-syslog.log | 6 -
sysklogd-syslog-ng.sysconfig | 3 -
syslog-ng-2.1.4-libnet.patch | 12 -
syslog-ng-3.1.4-disable-sql-and-ssl-tests.patch | 19 ++
syslog-ng-3.1.4-pcre-dos.patch | 271 ++++++++++++++++++++
syslog-ng.conf | 8 +-
...-logrotate.d-rsyslog.log => syslog-ng.logrotate | 0
syslog-ng.spec | 234 +++++++++--------
...syslog-ng-fc10.sysconfig => syslog-ng.sysconfig | 0
syslog-ng.vim | 52 ----
15 files changed, 421 insertions(+), 203 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index f9505db..999c77f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
syslog-ng-2.1.4.tar.gz
syslog-ng-2.1.4-libnet.patch
+/syslog-ng_3.1.4.tar.gz
diff --git a/sources b/sources
index 6e8df16..c4b5419 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-17c4c7725d2eab62b588395f1ed93f32 syslog-ng-2.1.4.tar.gz
+48e6646d12d30c655f4391b970d61f56 syslog-ng_3.1.4.tar.gz
diff --git a/syslog-ng-3.1.4-disable-sql-and-ssl-tests.patch b/syslog-ng-3.1.4-disable-sql-and-ssl-tests.patch
new file mode 100644
index 0000000..11e3a76
--- /dev/null
+++ b/syslog-ng-3.1.4-disable-sql-and-ssl-tests.patch
@@ -0,0 +1,19 @@
+diff -ruN syslog-ng-3.1.4/tests/functional/func_test.py syslog-ng-3.1.4-modified/tests/functional/func_test.py
+--- syslog-ng-3.1.4/tests/functional/func_test.py 2009-11-21 15:48:09.000000000 +0000
++++ syslog-ng-3.1.4-modified/tests/functional/func_test.py 2011-06-17 03:44:18.057873606 +0100
+@@ -60,11 +60,12 @@
+ # import test modules
+ import test_file_source
+ import test_filters
+-import test_input_drivers
++#import test_input_drivers
+ import test_performance
+-import test_sql
++#import test_sql
+
+-tests = (test_input_drivers, test_sql, test_file_source, test_filters, test_performance)
++#tests = (test_input_drivers, test_sql, test_file_source, test_filters, test_performance)
++tests = (test_file_source, test_filters, test_performance)
+
+ init_env()
+ seed_rnd()
diff --git a/syslog-ng-3.1.4-pcre-dos.patch b/syslog-ng-3.1.4-pcre-dos.patch
new file mode 100644
index 0000000..08a12f9
--- /dev/null
+++ b/syslog-ng-3.1.4-pcre-dos.patch
@@ -0,0 +1,271 @@
+commit 35de55e53dd653c50c8da5daf41a99ab22e7e8aa
+Author: Balazs Scheidler <bazsi at balabit.hu>
+Date: Tue May 3 20:54:53 2011 +0200
+
+ pcre: fixed a potential resource hogging infinite loop when an error occurs
+
+ Any kind of PCRE error case would cause an infinite loop, when the
+ "global" flag is present and pcre returns an error code.
+
+ The reported problem is that with PCRE 8.12 we indeed get such an error
+ while doing a global replace.
+
+ This patch also reworks the way PCRE based replacements are made, that code
+ was hairy, and I just hope this one is one bit less so. One performance
+ related change also made it that improves the speed pcre replacements,
+ which previously zeroed out a 3k array unconditionally in every invocation.
+
+ Also added some additional testcases to be sure I didn't break anything.
+
+ Reported-By: Micah Anderson <micah at riseup.net>
+ Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>
+
+diff --git a/src/logmatcher.c b/src/logmatcher.c
+index 67b6c1b..6b70f13 100644
+--- a/src/logmatcher.c
++++ b/src/logmatcher.c
+@@ -504,7 +504,6 @@ typedef struct _LogMatcherPcreRe
+ pcre *pattern;
+ pcre_extra *extra;
+ gint match_options;
+- int start_offset;
+ } LogMatcherPcreRe;
+
+ static gboolean
+@@ -623,29 +622,37 @@ static gboolean
+ log_matcher_pcre_re_match(LogMatcher *s, LogMessage *msg, gint value_handle, const gchar *value, gssize value_len)
+ {
+ LogMatcherPcreRe *self = (LogMatcherPcreRe *) s;
+- int matches[RE_MAX_MATCHES * 3];
++ gint *matches;
++ gsize matches_size;
++ gint num_matches;
+ gint rc;
+
+- if(value_len == -1)
++ if (value_len == -1)
+ value_len = strlen(value);
+
+- self->start_offset = 0;
+- rc = pcre_exec(self->pattern, self->extra, value, value_len, self->start_offset, self->match_options, matches, (RE_MAX_MATCHES * 3));
++ if (pcre_fullinfo(self->pattern, self->extra, PCRE_INFO_CAPTURECOUNT, &num_matches) < 0)
++ g_assert_not_reached();
++ if (num_matches > RE_MAX_MATCHES)
++ num_matches = RE_MAX_MATCHES;
++
++ matches_size = 3 * (num_matches + 1);
++ matches = g_alloca(matches_size * sizeof(gint));
++
++ rc = pcre_exec(self->pattern, self->extra,
++ value, value_len, 0, self->match_options, matches, matches_size);
+ if (rc < 0)
+ {
+ switch (rc)
+ {
+- case PCRE_ERROR_NOMATCH:
+- /*
+- msg_debug("No match", NULL);
+- */
++ case PCRE_ERROR_NOMATCH:
+ break;
++
++ default:
+ /* Handle other special cases */
+- default:
+- msg_error("Error while matching regexp",
+- evt_tag_int("error_code",rc),
+- NULL);
+- break;
++ msg_error("Error while matching regexp",
++ evt_tag_int("error_code", rc),
++ NULL);
++ break;
+ }
+ return FALSE;
+ }
+@@ -668,78 +675,120 @@ static gchar *
+ log_matcher_pcre_re_replace(LogMatcher *s, LogMessage *msg, gint value_handle, const gchar *value, gssize value_len, LogTemplate *replacement, gssize *new_length)
+ {
+ LogMatcherPcreRe *self = (LogMatcherPcreRe *) s;
+- int matches[RE_MAX_MATCHES * 3];
+- gint rc;
+- gboolean first_round = TRUE;
+ GString *new_value = NULL;
+- gssize last_offset = 0;
+- gint options = 0;
++ gint *matches;
++ gsize matches_size;
++ gint num_matches;
++ gint rc;
++ gint start_offset, last_offset;
++ gint options;
++ gboolean last_match_was_empty;
++
++ if (pcre_fullinfo(self->pattern, self->extra, PCRE_INFO_CAPTURECOUNT, &num_matches) < 0)
++ g_assert_not_reached();
++ if (num_matches > RE_MAX_MATCHES)
++ num_matches = RE_MAX_MATCHES;
++
++ matches_size = 3 * (num_matches + 1);
++ matches = g_alloca(matches_size * sizeof(gint));
++
++ /* we need zero initialized offsets for the last match as the
++ * algorithm tries uses that as the base position */
+
+- memset(matches, 0, sizeof(matches));
++ matches[0] = matches[1] = matches[2] = 0;
+
+ if (value_len == -1)
+ value_len = strlen(value);
+
++ last_offset = start_offset = 0;
++ last_match_was_empty = FALSE;
+ do
+ {
+- options = 0;
+- self->start_offset = matches[1]; /* Start at end of previous match 0 on the first iteration*/
+-
+- /* If the previous match was for an empty string, we are finished if we are
+- at the end of the subject. Otherwise, arrange to run another match at the
+- same point to see if a non-empty match can be found.
++ /* loop over the string, replacing one occurence at a time. */
++
++ /* NOTE: zero length matches need special care, as we could spin
++ * forever otherwise (since the current position wouldn't be
++ * advanced).
++ *
++ * A zero-length match can be as simple as "a*" which will be
++ * returned unless PCRE_NOTEMPTY is specified.
++ *
++ * By supporting zero-length matches, we basically make it
++ * possible to insert replacement between each incoming
++ * character.
++ *
++ * For example:
++ * pattern: a*
++ * replacement: #
++ * input: message
++ * result: #m#e#s#s#a#g#e#
++ *
++ * This mimics Perl behaviour.
+ */
+
+- if (matches[0] == matches[1] && !first_round)
++ if (last_match_was_empty)
+ {
+- if (matches[0] == value_len)
+- break;
++ /* Otherwise, arrange to run another match at the same point
++ * to see if a non-empty match can be found.
++ */
++
+ options = PCRE_NOTEMPTY | PCRE_ANCHORED;
+ }
++ else
++ {
++ options = 0;
++ }
+
+- rc = pcre_exec(self->pattern, self->extra, value, value_len, self->start_offset/*start offset*/, (self->match_options | options) , matches, (RE_MAX_MATCHES * 3) );
+- if (rc < 0)
++ rc = pcre_exec(self->pattern, self->extra,
++ value, value_len,
++ start_offset, (self->match_options | options), matches, matches_size);
++ if (rc < 0 && rc != PCRE_ERROR_NOMATCH)
+ {
+- if(rc == PCRE_ERROR_NOMATCH)
+- {
+- /* msg_debug("No match", NULL); */
+- if(!first_round)
+- {
+- if (options == 0)
+- break;
+- else
+- matches[1] = self->start_offset + 1;
+- continue; /* Go round the loop again */
+- }
+- }
+- else
+- {
+- /* Handle other special cases */
+- msg_error("Error while matching regexp",
+- evt_tag_int("error_code",rc),
+- NULL);
+- }
++ msg_error("Error while matching regexp",
++ evt_tag_int("error_code", rc),
++ NULL);
++ break;
+ }
+- else if (rc == 0)
++ else if (rc < 0)
+ {
+- msg_error("Error while storing matching substrings", NULL);
++ if ((options & PCRE_NOTEMPTY) == 0)
++ {
++ /* we didn't match, even when we permitted to match the
++ * empty string. Nothing to find here, bail out */
++ break;
++ }
++
++ /* we didn't match, quite possibly because the empty match
++ * was not permitted. Skip one character in order to avoid
++ * infinite loop over the same zero-length match. */
++
++ start_offset = start_offset + 1;
++ /* FIXME: handle complex sequences like utf8 and newline characters */
++ last_match_was_empty = FALSE;
++ continue;
+ }
+ else
+ {
++ /* if the output array was too small, truncate the number of
++ captures to RE_MAX_MATCHES */
++
++ if (rc == 0)
++ rc = matches_size / 3;
++
+ log_matcher_pcre_re_feed_backrefs(s, msg, value_handle, matches, rc, value);
+ log_matcher_pcre_re_feed_named_substrings(s, msg, matches, value);
+
+ if (!new_value)
+ new_value = g_string_sized_new(value_len);
+- /* literal */
++ /* append non-matching portion */
+ g_string_append_len(new_value, &value[last_offset], matches[0] - last_offset);
+ /* replacement */
+ log_template_append_format(replacement, msg, 0, TS_FMT_BSD, NULL, 0, 0, new_value);
+- last_offset = matches[1];
++ last_match_was_empty = (matches[0] == matches[1]);
++ start_offset = last_offset = matches[1];
+ }
+- first_round = FALSE;
+ }
+- while (TRUE && (self->super.flags & LMF_GLOBAL));
++ while (self->super.flags & LMF_GLOBAL && start_offset < value_len);
+
+ if (new_value)
+ {
+diff --git a/tests/unit/test_matcher.c b/tests/unit/test_matcher.c
+index 3df98e5..95866b3 100644
+--- a/tests/unit/test_matcher.c
++++ b/tests/unit/test_matcher.c
+@@ -144,9 +144,18 @@ main()
+ /* empty match with global flag*/
+ testcase_replace("<155>2006-02-11T10:34:56+01:00 bzorp syslog-ng[23323]: aa bb", 0, "c*", "#", "#a#a# #b#b#", LMF_GLOBAL, log_matcher_pcre_re_new());
+ testcase_replace("<155>2006-02-11T10:34:56+01:00 bzorp syslog-ng[23323]: aa bb", 0, "a*", "?", "?? ?b?b?", LMF_GLOBAL, log_matcher_pcre_re_new());
++ testcase_replace("<155>2006-02-11T10:34:56+01:00 bzorp syslog-ng[23323]: aa", 0, "aa|b*", "@", "@@", LMF_GLOBAL, log_matcher_pcre_re_new());
++ testcase_replace("<155>2006-02-11T10:34:56+01:00 bzorp syslog-ng[23323]: aa", 0, "aa|b*", "@", "@", 0, log_matcher_pcre_re_new());
++ testcase_replace("<155>2006-02-11T10:34:56+01:00 bzorp syslog-ng[23323]: aa", 0, "b*|aa", "@", "@@@", LMF_GLOBAL, log_matcher_pcre_re_new());
++ testcase_replace("<155>2006-02-11T10:34:56+01:00 bzorp syslog-ng[23323]: aa", 0, "b*|aa", "@", "@aa", 0, log_matcher_pcre_re_new());
+
+ testcase_replace("<155>2006-02-11T10:34:56+01:00 bzorp syslog-ng[23323]: wikiwiki", 0, "wi", "", "kiki", LMF_GLOBAL, log_matcher_pcre_re_new());
+ testcase_replace("<155>2006-02-11T10:34:56+01:00 bzorp syslog-ng[23323]: wikiwiki", 0, "wi", "kuku", "kukukikukuki", LMF_GLOBAL, log_matcher_pcre_re_new());
++
++ /* this tests a pcre 8.12 incompatibility */
++
++ testcase_replace("<155>2006-02-11T10:34:56+01:00 bzorp syslog-ng[23323]: wikiwiki", 0, "([[:digit:]]{1,3}\\.){3}[[:digit:]]{1,3}", "foo", "wikiwiki", LMF_GLOBAL, log_matcher_pcre_re_new());
++
+ #endif
+
+ return 0;
diff --git a/syslog-ng.conf b/syslog-ng.conf
index d5d554e..11bc10a 100644
--- a/syslog-ng.conf
+++ b/syslog-ng.conf
@@ -1,3 +1,5 @@
+ at version:3.0
+
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
@@ -7,7 +9,7 @@
#
options {
- sync (0);
+ flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
@@ -18,7 +20,7 @@ options {
};
source s_sys {
- file ("/proc/kmsg" log_prefix("kernel: "));
+ file ("/proc/kmsg" program_override("kernel: "));
unix-stream ("/dev/log");
internal();
# udp(ip(0.0.0.0) port(514));
@@ -27,7 +29,7 @@ source s_sys {
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
-destination d_mail { file("/var/log/maillog" sync(10)); };
+destination d_mail { file("/var/log/maillog" flush_lines(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
diff --git a/rsyslog-3.21.9-logrotate.d-rsyslog.log b/syslog-ng.logrotate
similarity index 100%
rename from rsyslog-3.21.9-logrotate.d-rsyslog.log
rename to syslog-ng.logrotate
diff --git a/syslog-ng.spec b/syslog-ng.spec
index d7feef2..f2cb74e 100644
--- a/syslog-ng.spec
+++ b/syslog-ng.spec
@@ -1,120 +1,77 @@
-%{?_with_spoofsource:%define spoofsource 1}
-%define evtlog_ver 0.2.7-1
+%define evtlog_ver 0.2.12
%define _sbindir /sbin
-%define _localstatedir /var/lib/syslog-ng
Name: syslog-ng
-Version: 2.1.4
-Release: 8%{?dist}
+Version: 3.1.4
+Release: 4%{?dist}.1
Summary: Next-generation syslog server
Group: System Environment/Daemons
License: GPLv2+
Url: http://www.balabit.com/products/syslog_ng/
-Source0: http://www.balabit.com/downloads/files/syslog-ng/sources/2.1/src/%{name}-%{version}.tar.gz
+Source0: http://www.balabit.com/downloads/files?path=/syslog-ng/sources/%{version}/source/%{name}_%{version}.tar.gz
Source1: syslog-ng.conf
Source2: syslog-ng.init.d
-Source10: sysklogd-syslog-ng.sysconfig
-Source11: sysklogd-1.4.1-logrotate.d-syslog.log
-Source12: sysklogd-1.4.1-44-logrotate.d-syslog.log
-Source20: rsyslog-syslog-ng.sysconfig
-Source21: rsyslog-3.14.1-logrotate.d-rsyslog.log
-Source30: rsyslog-syslog-ng-fc10.sysconfig
-Source31: rsyslog-3.21.9-logrotate.d-rsyslog.log
+Source3: syslog-ng.sysconfig
+Source4: syslog-ng.logrotate
-Patch0: syslog-ng-2.1.4-libnet.patch
+Patch0: syslog-ng-3.1.4-disable-sql-and-ssl-tests.patch
+Patch1: syslog-ng-3.1.4-pcre-dos.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: eventlog-devel >= %{evtlog_ver}
BuildRequires: pkgconfig
-BuildRequires: glib2-devel
-%if 0%{?fedora}
-BuildRequires: glib2-static
-%endif
-%if 0%{?rhel}
-BuildRequires: tcp_wrappers
-BuildRequires: eventlog-static >= %{evtlog_ver}
-BuildRequires: automake
-%else
+BuildRequires: eventlog-devel >= %{evtlog_ver}
+BuildRequires: glib2-devel >= 2.10.1
+BuildRequires: libnet-devel >= 1.1.4-3
+BuildRequires: pcre-devel >= 7.3
BuildRequires: tcp_wrappers-devel
-%endif
-BuildRequires: libnet-devel
+BuildRequires: python
+
Requires: logrotate
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
Requires(postun): /sbin/service
+
Provides: syslog
-%if 0%{?rhel} == 4
-# makes vixie-cron and initscripts happy
-Provides: sysklogd = 1.3.33-6
-%endif
# merge separate syslog-vim package into one
Provides: syslog-ng-vim = %{version}-%{release}
Obsoletes: syslog-ng-vim < 2.0.8-1
%description
-syslog-ng, as the name shows, is a syslogd replacement, but with new
-functionality for the new generation. The original syslogd allows
-messages only to be sorted based on priority/facility pairs; syslog-ng
-adds the possibility to filter based on message contents using regular
-expressions. The new configuration scheme is intuitive and powerful.
-Forwarding logs over TCP and remembering all forwarding hops makes it
+syslog-ng, as the name shows, is a syslogd replacement, but with new
+functionality for the new generation. The original syslogd allows
+messages only to be sorted based on priority/facility pairs; syslog-ng
+adds the possibility to filter based on message contents using regular
+expressions. The new configuration scheme is intuitive and powerful.
+Forwarding logs over TCP and remembering all forwarding hops makes it
ideal for firewalled environments.
%prep
%setup -q
-%if 0%{?rhel}
-%patch0 -p1 -b .libnet
-%endif
+%patch0 -p1
+%patch1 -p1
# fix perl path
%{__sed} -i 's|^#!/usr/local/bin/perl|#!%{__perl}|' contrib/relogger.pl
-# force regeneration to avoid broken paths from upstream (#265221)
-touch src/cfg-grammar.c src/cfg-lex.c
-
-%define logrotated_dst syslog
-%if 0%{?rhel}
- %if 0%{?rhel} <= 4
- %define sysconfig_src %{SOURCE10}
- %define logrotated_src %{SOURCE11}
- %endif
- %if 0%{?rhel} >= 5
- %define sysconfig_src %{SOURCE10}
- %define logrotated_src %{SOURCE12}
- %endif
-%endif
-%if 0%{?fedora}
- %if 0%{?fedora} <= 9
- %define sysconfig_src %{SOURCE20}
- %define logrotated_src %{SOURCE21}
- %endif
- %if 0%{?fedora} >= 10
- %define sysconfig_src %{SOURCE30}
- %define logrotated_src %{SOURCE31}
- %endif
-%endif
+# fix executable perms on contrib files
+%{__chmod} -c a-x contrib/syslog2ng
%build
%configure \
- --enable-ipv6 \
- --sysconfdir=%{_sysconfdir}/%{name} \
- --enable-tcp-wrapper \
-%if 0%{?spoofsource}
- --enable-spoof-source \
-%endif
-%if 0%{?rhel}
- --enable-mixed-linking
-%else
- --enable-dynamic-linking
-%endif
-
+ --sysconfdir=%{_sysconfdir}/%{name} \
+ --localstatedir=%{_sharedstatedir}/%{name} \
+ --enable-ipv6 \
+ --enable-tcp-wrapper \
+ --enable-pcre \
+ --enable-spoof-source \
+ --enable-dynamic-linking
make %{_smp_mflags}
@@ -130,37 +87,38 @@ make DESTDIR=%{buildroot} install
%{__install} -p -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/init.d/%{name}
%{__install} -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
-%{__install} -p -m 644 %{sysconfig_src} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
+%{__install} -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
%{__install} -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
-%{__install} -p -m 644 %{logrotated_src} \
- %{buildroot}%{_sysconfdir}/logrotate.d/%{logrotated_dst}
+%{__install} -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/syslog
# make local state dir
-%{__install} -d -m 755 %{buildroot}/%{_localstatedir}
+%{__install} -d -m 755 %{buildroot}/%{_sharedstatedir}/%{name}
+
+# create the patterndb.d configuration directory (should be fixed in 3.2.4)
+%{__install} -d -m 755 %{buildroot}/%{_sysconfdir}/%{name}/patterndb.d
+
# fix authors file
/usr/bin/iconv -f iso8859-1 -t utf-8 AUTHORS > AUTHORS.conv && \
- %{__mv} -f AUTHORS.conv AUTHORS
-
-# fix executable perms on contrib files
-%{__chmod} -x contrib/relogger.pl
-%{__chmod} -x contrib/syslog2ng
+ %{__mv} -f AUTHORS.conv AUTHORS
-# fix script interpreter
-sed -i 's/\/usr\/local\/bin\/perl/\/usr\/bin\/perl/' contrib/relogger.pl
# install vim files
%{__install} -d -m 755 %{buildroot}%{_datadir}/%{name}
%{__install} -p -m 644 contrib/syslog-ng.vim %{buildroot}%{_datadir}/%{name}
-for vimver in 63 64 70 71 ; do
- %{__install} -d -m 755 %{buildroot}%{_datadir}/vim/vim$vimver/syntax
- cd %{buildroot}%{_datadir}/vim/vim$vimver/syntax
- ln -s ../../../%{name}/syslog-ng.vim .
- cd -
+for vimver in 70 71 72 73 ; do
+ %{__install} -d -m 755 %{buildroot}%{_datadir}/vim/vim$vimver/syntax
+ cd %{buildroot}%{_datadir}/vim/vim$vimver/syntax
+ ln -s ../../../%{name}/syslog-ng.vim .
+ cd -
done
+%check
+make check
+
+
%clean
rm -rf %{buildroot}
@@ -170,23 +128,25 @@ rm -rf %{buildroot}
%preun
-if [ "$1" = 0 ]; then
- /sbin/service %{name} stop > /dev/null 2>&1
- /sbin/chkconfig --del %{name}
+if [ $1 -eq 0 ] ; then
+ # Package removal, not upgrade
+ /sbin/service %{name} stop > /dev/null 2>&1
+ /sbin/chkconfig --del %{name}
fi
%postun
-if [ "$1" -ge 1 ]; then
- /sbin/service %{name} condrestart >/dev/null 2>&1
+if [ $1 -ge 1 ] ; then
+ # Package upgrade, not uninstall
+ /sbin/service %{name} condrestart >/dev/null 2>&1
fi
%triggerin -- vim-common
VIMVERNEW=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | tail -n 1 | sed -e 's/[0-9]*://' | sed -e 's/\.[0-9]*$//' | sed -e 's/\.//'`
[ -d %{_datadir}/vim/vim${VIMVERNEW}/syntax ] && \
- cd %{_datadir}/vim/vim${VIMVERNEW}/syntax && \
- ln -sf ../../../%{name}/syslog-ng.vim . || :
+ cd %{_datadir}/vim/vim${VIMVERNEW}/syntax && \
+ ln -sf ../../../%{name}/syslog-ng.vim . || :
%triggerun -- vim-common
VIMVEROLD=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | head -n 1 | sed -e 's/[0-9]*://' | sed -e 's/\.[0-9]*$//' | sed -e 's/\.//'`
@@ -196,36 +156,89 @@ VIMVEROLD=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | head -n 1 |
VIMVEROLD=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | head -n 1 | sed -e 's/[0-9]*://' | sed -e 's/\.[0-9]*$//' | sed -e 's/\.//'`
VIMVERNEW=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | tail -n 1 | sed -e 's/[0-9]*://' | sed -e 's/\.[0-9]*$//' | sed -e 's/\.//'`
if [ $1 = 1 ]; then
- rm -f %{_datadir}/vim/vim${VIMVEROLD}/syntax/syslog-ng.vim || :
- [ -d %{_datadir}/vim/vim${VIMVERNEW}/syntax ] && \
- cd %{_datadir}/vim/vim${VIMVERNEW}/syntax && \
- ln -sf ../../../%{name}/syslog-ng.vim . || :
+ rm -f %{_datadir}/vim/vim${VIMVEROLD}/syntax/syslog-ng.vim || :
+ [ -d %{_datadir}/vim/vim${VIMVERNEW}/syntax ] && \
+ cd %{_datadir}/vim/vim${VIMVERNEW}/syntax && \
+ ln -sf ../../../%{name}/syslog-ng.vim . || :
fi
-
%files
-%defattr(-,root,root)
+%defattr(-,root,root,-)
%doc AUTHORS COPYING README ChangeLog NEWS
-%doc doc/reference/syslog-ng.txt
%doc doc/security/*.txt
%doc doc/examples/syslog-ng.conf.sample
%doc contrib/{relogger.pl,syslog2ng,syslog-ng.conf.doc}
%dir %{_sysconfdir}/%{name}
+%dir %{_sysconfdir}/%{name}/patterndb.d
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
-%config(noreplace) %{_sysconfdir}/logrotate.d/%{logrotated_dst}
+%config(noreplace) %{_sysconfdir}/logrotate.d/syslog
%{_sysconfdir}/init.d/%{name}
-%dir %{_localstatedir}
+%dir %{_sharedstatedir}/%{name}
%{_sbindir}/%{name}
+%{_sbindir}/syslog-ng-ctl
%{_bindir}/loggen
+%{_bindir}/pdbtool
+%{_bindir}/update-patterndb
%{_datadir}/%{name}
+%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%ghost %{_datadir}/vim/
%changelog
+* Fri Jun 17 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-4.fc13.1
+- Added python to the build requirements (not present in the Fedora 13 build
+ environment; needed by the test suite)
+
+* Fri Jun 17 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-4
+- Patch for CVE-2011-1951: syslog-ng-3.1.4-pcre-dos.patch (#709088)
+- Enabled the test suite
+
+* Mon May 9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-3
+- Bumped the eventlog version to match the latest upstream version (0.2.12)
+- Overrided the default _localstatedir value (configure --localstatedir)
+ (value hardcoded in update-patterndb)
+- Manually created the patterndb.d configuration directory (update-patterndb)
+ (see also https://bugzilla.balabit.com/show_bug.cgi?id=119 comments >= 4)
+- Minor modifications of the %%post, %%preun and %%postun scripts
+- Corrected a couple of macro references in changelog entries (rpmlint)
+- Expanded tabs to spaces (also added a vim modeline)
+
+* Mon Apr 25 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-2
+- cleans the sysconfig and logrotate file mess (#651823 comments 17, 20 and 21)
+- add support for vim versions 72 and 73; drop support for versions 6.2 and 6.3
+- clean the spoofsource conditional logical: libnet resides in /lib{,64}
+ since 2009
+
+* Wed Apr 13 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-1
+- update for syslog-ng 3.1.4
+- updated the source URL
+- versioned some of the build requirements
+- dropped the libnet patch (syslog-ng-2.1.4-libnet.patch)
+- dropped support for EPEL-4 and EPEL-5 (syslog-ng 3.x requires pcre >= 7.3)
+- new file: update-patterndb
+
+* Sat Jul 24 2010 Doug Warner <silfreed at fedoraproject.org> - 3.1.1-1
+- update for syslog-ng 3.1.1
+- supports the new syslog protocol standards
+- log statements can be embedded into each other
+- the encoding of source files can be set for proper character conversion
+- can read, process, and rewrite structured messages (e.g., Apache webserver
+ logs) using templates and regular expressions
+- support for patterndb v2 and v3 format, along with a bunch of new
+ parsers: ANYSTRING, IPv6, IPvANY and FLOAT.
+- added a new "pdbtool" utility to manage patterndb files: convert them
+ from v1 or v2 format, merge mulitple patterndb files into one and look
+ up matching patterns given a specific message.
+- support for message tags: tags can be assigned to log messages as they
+ enter syslog-ng: either by the source driver or via patterndb.
+ Later it these tags can be used for efficient filtering.
+- added support for rewriting structured data
+- added pcre support in the binary packages of syslog-ng
+
* Tue Sep 15 2009 Ray Van Dolson <rayvd at fedoraproject.org> - 2.1.4-8
- Adjust eventlog build requirement
@@ -269,7 +282,7 @@ fi
- fix for CVE-2008-5110
* Mon Sep 15 2008 Peter Vrabec <pvrabec at redhat.com> 2.0.8-3
-- do not conflicts with rsyslog, both rsyslog and syslog-ng use
+- do not conflicts with rsyslog, both rsyslog and syslog-ng use
same pidfile and logrotate file (#441664)
* Sat Sep 6 2008 Tom "spot" Callaway <tcallawa at redhat.com> 2.0.8-2
@@ -446,7 +459,7 @@ fi
* Wed Apr 21 2004 Jose Pedro Oliveira <jpo at di.uminho.pt> 0:1.6.2-0.fdr.3
- removed Conflits:
-- changed the %post and %preun scripts
+- changed the %%post and %%preun scripts
- splitted Requires( ... , ... ) into Requires( ... )
* Fri Mar 5 2004 Jose Pedro Oliveira <jpo at di.uminho.pt> 0:1.6.2-0.fdr.2
@@ -487,7 +500,7 @@ fi
* Sat Apr 12 2003 Jose Pedro Oliveira <jpo at di.uminho.pt> 1.6.0rc2 snapshot
- Reorganized specfile
-- Corrected the scripts (%post, %postun, and %preun)
+- Corrected the scripts (%%post, %%postun, and %%preun)
- Commented the mysql related lines; create an option for future inclusion
* Thu Feb 27 2003 Richard E. Perlotto II <richard at perlotto.com> 1.6.0rc1-1
@@ -506,3 +519,4 @@ fi
* Sun Dec 08 2002 Richard E. Perlotto II <richard at perlotto.com> 1.5.23-1
- Updated file with notes and PGP signatures
+# vim:set ai ts=4 sw=4 sts=4 et:
diff --git a/rsyslog-syslog-ng-fc10.sysconfig b/syslog-ng.sysconfig
similarity index 100%
rename from rsyslog-syslog-ng-fc10.sysconfig
rename to syslog-ng.sysconfig
More information about the scm-commits
mailing list