Update SRC_URI because the previous one became inaccessible.
Slightly update do_install - now it is in line with the installation
script from the project's own RPM file (previous some files were not
installed)
Shortlog:
[logwatch] Preparation for Release 7.13
[rsyslogd] De-duplicate lines with time calculations
[sendmail] Removed invalid commented-out code.
[logstash] Remove script - needs update to Logwatph.pm
[sendmail] Improved detection of "Command unrecognized" strings.
[rsyslogd] Ignore "GnuTLS error: Error in the push function" - paired with other errors
[omsa] Handle peak power and new Unexpected sense messages
[systemd] Add ignore_messages option to ignore messages matching a regex
[kernel] Fix EDAC regex
[rsyslogd] Ignore additional rate-limiting message paired with other messages
[rsyslogd] Ignore additional omfwd messages paired with other messages
[nut] Ignore upsnotify message about tech that we already know about
[pam_unix] Add nx to services; Allow for username in session opened by messages for cron
[pam_unix] Add kde to dektop services; Hande "User info message"
[systemd] Update for newer systemd
[logstash] Initial version
[systemd] Ignore "Unnecessary job was removed for .*" - appears informational
[systemd] Ignore State timed out messages - followed by a failed message
[named] No need for unconfineds variable, not used
[clam-update] Added comments about syslog format.
[logwatch.8] Clarified use of debug.
Fix Dir glob issue Iridos2 bug report.
[postfix] Added support for postfix version 3.10
[zypp] Added support for patch statements; reported by leithh.
[dovecot] Added better detail granularity, and support logformat 2.3
[systemd] Relax LSM BPF program attached regex
[dirsrv] Relax ACL target does not exist regex; Ignore schema-compat-plugin info messages that are at ERR level
[dovecot] Script and configuration file updated with granular detail options and improved report grouping
[clam-update] Fixed typo.
[clam-update] Check for empty LogFile strings and adjust error messages
[onlyservice,removeheaders] Allow RFC 3164 Log Format with named facility.severity
[http] Setting default http_rc code for when not specified in LogFormat
[logwatch.pl,syslog-ng] Removed HTML Entity encoding for xml, as all strings are now UTF-8
(tag: 7.12) [logwatch] Updating release version
[http] Replace hyphen with "Unidentified agent,"
[named] Handle "zone not loaded due to errors; Handle "journal file is out of date; removed" separately; Ignore "New key observered for zone"
[named] handle "TCP client quota reached" messages; Expand limit regex
Remove trailing whitespace
[nut] Handle battery needs to be replaced message
[nut] Update for 2.8.2
[postfix] Support for aliased mailboxes
[zz-zfs] Added 'Cap' column header
[sudo] Add sudo_detail
[omsa] Ignored Administrator stopped message
[omsa] Update Patrol Read regex
[sssd] Ignore "exec_child_ex command" messages
[secure] relax regex around "gkr-pam: no password is available for user"
[secure] Ignore sshd-session messages
[sendmail] Added filter for new pre-greeting message.
[postfix] Added DNSBL rank display
[sshd] Added 'drop connection' counter.
[rsyslogd] Handle stdout/stderr sent to journal which ends up with an extra prefix
[named] Add option to ignore denied zone trasfter; Move limit reporting to detail >= 1
[systemd] Handle new Watchdog and Reexecuting requested messages
[dnf-automatic] New script contributed by Clive Lin.
[mdadm] Check if hash of 'good devices' is undefined or empty.
[sshd,secure] Added support for OpenSSH 9.8 (sshd-session, port number), per tomop.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- build fix with newer compilers
- builds again on Solaris
- some code cleanup, which prevented build with newer compilers
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-src-config.h-Enable-HAVE_ARM_NEON-on-AArch64.patch
removed since it's included in 9.0.1
Changelog:
===========
- Authenticate slot migration client on source node to internal user
- Bug fix: reset io_last_written on c->buf resize to prevent stale pointers
- Sentinel: fix regression requiring "+failover" ACL in failover path
- Cluster: Avoid usage of light weight messages to nodes with not ready bidirectional links
- Send duplicate multi meet packet only for node which supports it in mixed clusters
- Fix: LTRIM should not call signalModifiedKey when no elements are removed
- Fix build on some 32-bit ARM by only using NEON on AArch64
- Fix deadlock in IO-thread shutdown during panic
- Fix COMMANDLOG large-reply when using reply copy avoidance
- Fix CLUSTER SLOTS crash when called from module timer callback
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The minio umbrella covers multiple projects. The recipe itself builds
"minio client", which is a set of basic tools to query data from
"minio server" - like ls, mv, find...
The CVEs were files against minio server. Looking at the go mod list,
this recipe doesn't use minio server even as a build dependency - so ignore
the CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ripgrep is a fast, line-oriented search tool written in Rust.
Add recipe for the latest release (15.1.0)
- Recursively searches the current directory using a regex pattern
- Respects .gitignore rules
- Provides first-class support on Linux
- 'rg' is significantly faster than grep
More information: https://crates.io/crates/ripgrep
Upstream Benchmarks:
Task ripgrep GNU grep Speedup vs grep
Basic search (Unicode) 536 lines, 0.082s 536 lines, 0.273s ripgrep ~3.3× faster
Ignoring gitignore files 447 lines, 0.063s 447 lines, 0.674s ripgrep ~10× faster
Large single file (~13GB) 7882 lines, 1.042s 7882 lines, 6.577s ripgrep ~6.3× faster
Bechmarks inside qemu (ripgrep built from this recipe):
Tool & Command Real Time User Time Sys Time Speedup vs grep
ripgrep (rg "printf" /usr) 0.496 s 0.511 s 0.604 s 3.1× faster
grep (grep -R "printf" /usr) 1.533 s 0.633 s 0.897 s —
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fd is a simple, fast and user-friendly alternative to 'find' written in rust.
Add recipe for the latest release (10.3.0)
- Ignores hidden and .gitignore files by default
- Supports regular expressions and highlights matches
- Faster and easier to use than traditional 'find'
More information: https://crates.io/crates/fd-find
Upstream Benchmarks:
Tool & Command Time (mean ± σ) Range (min … max) Speedup vs find
fd -u '[0-9]\.jpg$' ~ 854.8 ms ± 10.0 ms 839.2 ms … 868.9 ms ~13x faster
find ~ -iname '*[0-9].jpg' 11.226 s ± 0.104 s 11.119 s … 11.466 s —
Bechmarks inside qemu (fd built from this recipe):
Tool & Command Real Time User Time Sys Time Speedup vs find
fd (fd /path/to/search) 2.115 s 2.660 s 5.083 s ≈2.1× faster
find (find /path/to/search) 4.401 s 1.607 s 2.788 s —
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change log
==========
Version 2.0.8, 2025-12-04
- fix potential segfault on some platforms
Thanks to Julian Thomas for a fix
- fix memory leak when a custom type in rules does not match
Thanks to Meric Sentunali for the fix and Julian Thomas for alerting
me of the missing merge.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refine the CVE_STATUS description for CVE-2022-0543 to provide
a more precise explanation of this Debian-specific vulnerability.
The vulnerability originates from Debian's packaging methodology,
which loads system-wide Lua libraries (lua-cjson, lua-cmsgpack),
enabling Lua sandbox escape. Upstream Redis builds, including
those built by Yocto/OpenEmbedded, utilize embedded Lua from the
deps/ directory and are therefore not affected by this issue.
It is also fixed in Debian with this commit:
c7fd665150
References:
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://nvd.nist.gov/vuln/detail/CVE-2022-0543
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Colortails is like the tail command line utility but with colors.
Add recipe for the latest release 0.3.5:
- Print error messages to stderr
- Fix memory leaks and Valgrind warnings
- Improve detection of file truncation due to log rotation
- Fix ./autogen.sh on macOS
- Avoid emitting excessive color sequences
- Output ansi reset code when the program is interrupted
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade is mostly bug fixes according to:
https://github.com/rsyslog/librelp/blob/master/ChangeLog
but there is one new API:
add ability to communicate source port back to caller
Drop the backported patch:
0001-Fix-function-inline-errors-in-debug-optimization-Og.patch
Drop patches merged upstream:
0001-tests-Include-missing-sys-time.h.patch
-> 8c96857 tests: Include missing sys/time.h
0001-relp-fix-build-against-upcoming-gcc-14-Werror-calloc.patch
-> baf992f relp: fix build against upcoming `gcc-14` ...
0001-tests-Fix-callback-prototype.patch
-> a4cb0bd tests: Fix callback prototype
0001-tcp-fix-some-compiler-warnings-with-enable-tls-opens.patch
-> 6e9b27f tcp: fix some compiler warnings with enable-tls-openssl
Ptest for qemux86-64, qemuarm64 with glibc and musl:
TOTAL: 30
PASS: 27
SKIP: 3
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 9.0.0:
- HSETEX with FXX should not create an object if it does not exist
- Fix crash when aborting a slot migration while child snapshot is
active
- Fix double MOVED reply on unblock at failover
- Fix memory leak with CLIENT LIST/KILL duplicate filters
- Fix incorrect accounting after completed atomic slot migration
- Fix Lua VM crash after FUNCTION FLUSH ASYNC + FUNCTION LOAD
- Fix invalid memory address caused by hashtable shrinking during
safe iteration
Replace dependency hiredis with libvalkey.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Full Changelog:
https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
Avoid buildpath error:
QA Issue: File /usr/lib/rsyslog/ptest/tests/.deps/liboverride_getaddrinfo_la-override_getaddrinfo.Plo
These .deps directories are created at configure time and mainly used
in an interactive development environment. Remove test/.deps to eliminate
the error.
Drop: use-pkgconfig-to-check-libgcrypt.patch
since it's implemented upstream by:
85e03c0e8 Replace libgcrypt-config with pkg-config
8ba35bf6c Add missing libraries to pkg-config call
as per: https://github.com/rsyslog/rsyslog/pull/5406/commits
For musl, drop: 0001-Include-sys-time-h.patch
which oddly doesn't seem to be required to build any of: qemux86-64, qemuarm64,
and qemuarm.
Rebase other patches as needed.
ptest results for qemux86-64/kvm with extra FS space and 2 GB RAM:
Version | Total | Passed | Failed | Skipped
8.2506 | 485 | 479 | 0 | 6
8.2510 | 497 | 491 | 0 | 6
rsyslog works when built with musl but there are lots of ptest failures:
Version | Total | Passed | Failed | Skipped
8.2506 | 485 | 306 | 172 | 7
8.2510 | 497 | 310 | 180 | 7
Note that with this update the results are similarily bad. If someone is
interested and has time, they can work on improving the musl ptest results.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This avoid overridding the original PACKAGE_BEFORE_PN value could be
set in bbclasses.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.4.0:
- bd_nvme_connect() now defaults to port 4420 or 8009 for discovery
NQN respectively when
- configure.ac: fix bashism
- smart: Use drive self-assessment as an overall status
- nvme: Default to well-known tr_svcid values when not specified
- nvme: Handle memory allocation failures from _nvme_alloc()
- crypto: Add a function to set persistent flags for LUKS
- tests: Various minor mptovements
Drop CVE-2025-6019.patch because the change has been merged in
the upstream and it is included in version 3.4.0.
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-checkpc-Do-not-define-Mail_fd-multiple-times.patch
removed since it's included in 3.9.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-3243
The issue is about file permissions: by default rsyslog creates world-readable
files. In case a log message contains some sensitive information, then that's
exposed to every user on the system.
However the rsyslog.conf file that is shipped with the recipe solves it: it
already sets non-world-readable default permissions on all files, so this
vulnerability is fixed in the default OE recipe.
See also this package in OpenSuse[1], where it is solved the same way.
[1]: https://build.opensuse.org/requests/619439/changes (rsyslog.conf.in)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to check the correct
latest stable verison.
Before the patch:
$ devtool latest-version smartmontools
INFO: Current version: 7.5
INFO: Latest version:
After the patch:
$ devtool latest-version smartmontools
INFO: Current version: 7.5
INFO: Latest version: 7.5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Replace '/usr/bin/env python' with '/usr/bin/env python3' in the scripts
under ${libexecdir}/minifi-python-examples.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
