ChangeLog for 4.1.5 (devel)
Version 4.1.5 [DEVEL] (rgerhards), 2009-03-11
- bugfix: parser did not correctly parse fields in UDP-received messages
- added ERE support in filter conditions –
new comparison operation “ereregex” - added new config directive $RepeatedMsgContainsOriginalMsg so that the
“last message repeated n times” messages, if generated, may
have an alternate format that contains the message that is being repeated
librelp 0.1.3
librelp 0.1.3 [download]: some bugfixes, interface extension
ChangeLog for 3.20.4 (v3-stable)
Version 3.20.4 [v3-stable] (rgerhards), 2009-02-09
- bugfix: inconsistent use of mutex/atomic operations could cause segfault
details are too many, for full analysis see blog post at:
http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html - bugfix: invalid ./configure settings for RFC3195
thanks to Michael Biebl for the patch - bugfix: invalid mutex access in msg.c
- doc bugfix: dist tarball missed 2 files, had one extra file that no
longer belongs into it. Thanks to Michael Biebl for pointing this out.
ChangeLog for 3.21.10
Version 3.21.10 [BETA] (rgerhards), 2009-02-02
- bugfix: inconsistent use of mutex/atomic operations could cause segfault
details are too many, for full analysis see blog post at:
http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html - the string “Do Die” was accidently emited upon exit in non-debug mode
This has now been corrected. Thanks to varmojfekoj for the patch. - some legacy options were not correctly processed.
Thanks to varmojfekoj for the patch. - doc bugfix: v3-compatiblity document had typo in config directive
thanks to Andrej for reporting this
ChangeLog for 4.1.4 (devel)
Version 4.1.4 [DEVEL] (rgerhards), 2009-01-29
- bugfix: inconsistent use of mutex/atomic operations could cause segfault
details are too many, for full analysis see blog post at:
http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html - bugfix: unitialized mutex was used in msg.c:getPRI
This was subtle, because getPRI is called as part of the debugging code
(always executed) in syslogd.c:logmsg. - bufgix: $PreserveFQDN was not properly handled for locally emitted
messages
Changelog for 3.20.3 (v3-stable)
Version 3.20.3 [v3-stable] (rgerhards), 2009-01-19
- doc bugfix: v3-compatiblity document had typo in config directive
thanks to Andrej for reporting this - fixed a potential segfault condition with $AllowedSender directive
On HUP, the root pointers were not properly cleaned up. Thanks to
Michael Biebel, olgoat, and Juha Koho for reporting and analyzing
the bug.
ChangeLog for 4.1.3 (devel)
Version 4.1.3 [DEVEL] (rgerhards), 2008-12-17
- added $InputTCPServerAddtlFrameDelimiter config directive, which
enables to specify an additional, non-standard message delimiter
for processing plain tcp syslog. This is primarily a fix for the invalid
framing used in Juniper’s NetScreen products. Credit to forum user
Arv for suggesting this solution. - added $InputTCPServerInputName property, which enables a name to be
specified that will be available during message processing in the
inputname property. This is considered useful for logic that treats
messages differently depending on which input received them. - added $PreserveFQDN config file directive
Enables to use FQDNs in sender names where the legacy default
would have stripped the domain part.
Thanks to BlinkMind, Inc. http://www.blinkmind.com for sponsoring this
development. - bugfix: imudp went into an endless loop under some circumstances
(but could also leave it under some other circumstances…)
Thanks to David Lang and speedfox for reporting this issue.
$AllowedSender not honored
A primitive way of access control is offered in rsyslog via the $AllowedSender configuration directive. It permits the operator to specify hosts from which messages are being accepted. If the directive is not specified, messages from all hosts are accepted. If it is, the set is limited to those senders that match the configured criteria (this can be network addresses or host name). Access control can be configured for UDP- based and TCP-based protocols independently.
Note that this directive may be used to simplify firewall setup, where the firewall permits incoming traffic from all remote machines on the port in question. Then rsyslog ACLs are used to control who is actually permitted. The down-side of this approach is that the packets reach rsyslog and any vulnerability in it can be exploited. Please note that UDP addresses can easily be spoofed (though thankfully not as easy any longer on the public Internet thanks to more careful configuration on most ISP’s side). So an IP-based access control does not work very well for UDP (neither at the firewall nor at the rsyslog level – but the firewall may have more options at hand, given its comparatively broad knowledge of the perimeter). Continue reading “$AllowedSender not honored”
ChangeLog for 3.21.8 (beta)
Version 3.21.8 [BETA] (rgerhards), 2008-12-04
- security bugfix: $AllowedSender was not honored, all senders were
permitted instead (see security advisory) - bugfix: imklog did not compile on FreeBSD
- merged in all other changes from 3.20.1 (see there)
ChangeLog for 3.20.2 (v3-stable)
Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04
- re-release of 3.20.1 with an additional fix, that could also lead
to DoS; 3.20.1 has been removed from the official download archives - security fix: imudp emitted a message when a non-permitted sender
tried to send a message to it. This behaviour is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).