Bug#929839: unblock: syslog-ng/3.19.1-5
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi Release Team,
I would like to update syslog-ng from 3.19.1-3 to 3.19-5 which means
two debdiffs.
The first one is very small, adding a configuration entry which is
chosen automatically but with a warning issued. Explicitly adding the
configuration prevents that extra message issued.
The second one contains several security fixes backported from stable
upstream releases.
Just to be sure, I let it age a week.
Thanks for consideration,
Laszlo/GCS
diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog
--- syslog-ng-3.19.1/debian/changelog 2019-02-04 18:47:26.000000000 +0000
+++ syslog-ng-3.19.1/debian/changelog 2019-04-22 11:02:19.000000000 +0000
@@ -1,3 +1,9 @@
+syslog-ng (3.19.1-4) unstable; urgency=medium
+
+ * Add dns_cache(no) to options (closes: #922524).
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 22 Apr 2019 11:02:19 +0000
+
syslog-ng (3.19.1-3) unstable; urgency=medium
* Correct syslog-ng-mod-examples description (closes: #920846).
diff -Nru syslog-ng-3.19.1/debian/syslog-ng.conf syslog-ng-3.19.1/debian/syslog-ng.conf
--- syslog-ng-3.19.1/debian/syslog-ng.conf 2018-12-25 09:40:28.000000000 +0000
+++ syslog-ng-3.19.1/debian/syslog-ng.conf 2019-04-22 11:02:19.000000000 +0000
@@ -6,8 +6,8 @@
# First, set some global options.
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
- owner("root"); group("adm"); perm(0640); stats_freq(0);
- bad_hostname("^gconfd$");
+ dns_cache(no); owner("root"); group("adm"); perm(0640);
+ stats_freq(0); bad_hostname("^gconfd$");
};
########################
diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog
--- syslog-ng-3.19.1/debian/changelog 2019-04-22 11:02:19.000000000 +0000
+++ syslog-ng-3.19.1/debian/changelog 2019-05-19 11:03:30.000000000 +0000
@@ -1,3 +1,22 @@
+syslog-ng (3.19.1-5) unstable; urgency=high
+
+ * Backport security fixes:
+ - fix app-parser() per reload memory leak,
+ - logger: fix leaking file handlers,
+ - DNS memory leak/segfault fix,
+ - cmake: add missing detection for O_LARGEFILE,
+ - threaded-dest: fix integer overflow,
+ - threaded-dest: move last_worker to DestDriver,
+ - cmake: fix typo in HAVE_STRNLEN,
+ - http: add missing free for self->body_template,
+ - test_pathutils: fix leak,
+ - test_file_list: fix leak,
+ - template: tf_simple_func_prepare leak fix,
+ - gorupingby: fix memory leak,
+ - groupingby: fix invalid memory access.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 19 May 2019 11:03:30 +0000
+
syslog-ng (3.19.1-4) unstable; urgency=medium
* Add dns_cache(no) to options (closes: #922524).
diff -Nru syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch
--- syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,93 @@
+From 8400d4aa419a9fe818d09c0a1fbfff173dbaff38 Mon Sep 17 00:00:00 2001
+From: Balazs Scheidler <balazs.scheidler@oneidentity.com>
+Date: Tue, 18 Dec 2018 09:52:50 +0100
+Subject: [PATCH] cfg-block: make CfgBlockGenerator instances refcounted
+
+Sometimes CfgBlock instances are constructed every time they are
+referenced (e.g. app-parser() in its construct method), in other cases
+the same generator instance is returned (e.g. those created by
+block {} statements).
+
+The shared ones were properly freed, but the dynamic kind were not.
+
+This patch adds reference counting, the followup patch will fix the leak.
+
+Signed-off-by: Balazs Scheidler <balazs.scheidler@oneidentity.com>
+---
+ lib/cfg-block-generator.c | 19 +++++++++++++++----
+ lib/cfg-block-generator.h | 4 +++-
+ lib/cfg-lexer.c | 2 +-
+ 3 files changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/lib/cfg-block-generator.c b/lib/cfg-block-generator.c
+index 292094cb6a..c096fd38d5 100644
+--- a/lib/cfg-block-generator.c
++++ b/lib/cfg-block-generator.c
+@@ -51,6 +51,7 @@ cfg_block_generator_generate(CfgBlockGenerator *self, GlobalConfig *cfg, CfgArgs
+ void
+ cfg_block_generator_init_instance(CfgBlockGenerator *self, gint context, const gchar *name)
+ {
++ self->ref_cnt = 1;
+ self->context = context;
+ self->name = g_strdup(name);
+ self->format_name = cfg_block_generator_format_name_method;
+@@ -63,10 +64,20 @@ cfg_block_generator_free_instance(CfgBlockGenerator *self)
+ g_free(self->name);
+ }
+
++CfgBlockGenerator *
++cfg_block_generator_ref(CfgBlockGenerator *self)
++{
++ self->ref_cnt++;
++ return self;
++}
++
+ void
+-cfg_block_generator_free(CfgBlockGenerator *self)
++cfg_block_generator_unref(CfgBlockGenerator *self)
+ {
+- if (self->free_fn)
+- self->free_fn(self);
+- g_free(self);
++ if (--self->ref_cnt == 0)
++ {
++ if (self->free_fn)
++ self->free_fn(self);
++ g_free(self);
++ }
+ }
+diff --git a/lib/cfg-block-generator.h b/lib/cfg-block-generator.h
+index f835179d8e..a2717703d7 100644
+--- a/lib/cfg-block-generator.h
++++ b/lib/cfg-block-generator.h
+@@ -41,6 +41,7 @@
+ typedef struct _CfgBlockGenerator CfgBlockGenerator;
+ struct _CfgBlockGenerator
+ {
++ gint ref_cnt;
+ gint context;
+ gchar *name;
+ gboolean suppress_backticks;
+@@ -60,7 +61,8 @@ gboolean cfg_block_generator_generate(CfgBlockGenerator *self, GlobalConfig *cfg
+ const gchar *reference);
+ void cfg_block_generator_init_instance(CfgBlockGenerator *self, gint context, const gchar *name);
+ void cfg_block_generator_free_instance(CfgBlockGenerator *self);
+-void cfg_block_generator_free(CfgBlockGenerator *self);
++CfgBlockGenerator *cfg_block_generator_ref(CfgBlockGenerator *self);
++void cfg_block_generator_unref(CfgBlockGenerator *self);
+
+
+ #endif
+diff --git a/lib/cfg-lexer.c b/lib/cfg-lexer.c
+index cf8a2df6b3..6b7854f284 100644
+--- a/lib/cfg-lexer.c
++++ b/lib/cfg-lexer.c
+@@ -739,7 +739,7 @@ _generator_plugin_free(Plugin *s)
+ {
+ GeneratorPlugin *self = (GeneratorPlugin *) s;
+
+- cfg_block_generator_free(self->gen);
++ cfg_block_generator_unref(self->gen);
+ g_free((gchar *) self->super.name);
+ g_free(s);
+ }
diff -Nru syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch
--- syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,38 @@
+From 1e819fc4b09afca2bf2ff13af5b001f6201f419a Mon Sep 17 00:00:00 2001
+From: Balazs Scheidler <balazs.scheidler@oneidentity.com>
+Date: Tue, 18 Dec 2018 09:53:26 +0100
+Subject: [PATCH] cfg-lexer: fix memory leak for dynamically allocated
+ CfgBlockGenerators
+
+This should fix a memory leak for app-parser() if that is found in the
+configuration.
+
+Signed-off-by: Balazs Scheidler <balazs.scheidler@oneidentity.com>
+---
+ lib/cfg-lexer.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cfg-lexer.c b/lib/cfg-lexer.c
+index 6b7854f284..020607caa7 100644
+--- a/lib/cfg-lexer.c
++++ b/lib/cfg-lexer.c
+@@ -731,7 +731,7 @@ _generator_plugin_construct(Plugin *s)
+ {
+ GeneratorPlugin *self = (GeneratorPlugin *) s;
+
+- return self->gen;
++ return cfg_block_generator_ref(self->gen);
+ }
+
+ static void
+@@ -1023,7 +1023,9 @@ cfg_lexer_preprocess(CfgLexer *self, gint tok, YYSTYPE *yylval, YYLTYPE *yylloc)
+ self->cfg &&
+ (gen = cfg_lexer_find_generator(self, self->cfg, cfg_lexer_get_context_type(self), yylval->cptr)))
+ {
+- if (!cfg_lexer_parse_and_run_block_generator(self, gen, yylval))
++ gboolean success = cfg_lexer_parse_and_run_block_generator(self, gen, yylval);
++ cfg_block_generator_unref(gen);
++ if (!success)
+ return CLPR_ERROR;
+
+ return CLPR_LEX_AGAIN;
diff -Nru syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch
--- syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,31 @@
+From c2010b41253bf46c6d4493233e50b5f0cf1dc478 Mon Sep 17 00:00:00 2001
+From: Andras Mitzki <andras.mitzki@balabit.com>
+Date: Thu, 10 Jan 2019 10:03:16 +0100
+Subject: [PATCH] Logger: Fix leaking file handlers
+
+Signed-off-by: Andras Mitzki <andras.mitzki@balabit.com>
+---
+ tests/pytest_framework/src/logger/logger.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/tests/pytest_framework/src/logger/logger.py b/tests/pytest_framework/src/logger/logger.py
+index 8a1732bef1..3b4a1e9105 100644
+--- a/tests/pytest_framework/src/logger/logger.py
++++ b/tests/pytest_framework/src/logger/logger.py
+@@ -29,12 +29,15 @@
+ class Logger(logging.Logger):
+ def __init__(self, logger_name, report_file, loglevel, use_console_handler=True, use_file_handler=True):
+ super(Logger, self).__init__(logger_name, loglevel)
+- self.handlers = []
+ if use_console_handler:
+ self.__set_console_handler()
+ if use_file_handler:
+ self.__set_file_handler(file_path=report_file)
+
++ def __del__(self):
++ for open_handler in self.handlers:
++ open_handler.close()
++
+ def __set_file_handler(self, file_path=None):
+ # FileHandler can work only with string representation of file_path
+ file_handler = logging.FileHandler(str(file_path))
diff -Nru syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch
--- syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,34 @@
+From 36e8af654182533cee52995a96023ff17b895bff Mon Sep 17 00:00:00 2001
+From: Naveen Revanna <raveenr@gmail.com>
+Date: Thu, 17 Jan 2019 01:47:53 -0800
+Subject: [PATCH] afsocket: Fix to prevent accessing freed up memory.
+
+dest_addr and bind_addr pointers hold an address that was freed up. This results in access violation. This fix adds NULL to those pointers.
+
+Signed-off-by: Naveen Revanna <nrevanna@purestorage.com>
+---
+ modules/afsocket/afinet-dest.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/modules/afsocket/afinet-dest.c b/modules/afsocket/afinet-dest.c
+index 231d5e6bb5..9eb5da269a 100644
+--- a/modules/afsocket/afinet-dest.c
++++ b/modules/afsocket/afinet-dest.c
+@@ -243,6 +243,8 @@ static gboolean
+ _setup_bind_addr(AFInetDestDriver *self)
+ {
+ g_sockaddr_unref(self->super.bind_addr);
++ self->super.bind_addr = NULL;
++
+ if (!resolve_hostname_to_sockaddr(&self->super.bind_addr, self->super.transport_mapper->address_family, self->bind_ip))
+ return FALSE;
+
+@@ -256,6 +258,8 @@ static gboolean
+ _setup_dest_addr(AFInetDestDriver *self)
+ {
+ g_sockaddr_unref(self->super.dest_addr);
++ self->super.dest_addr = NULL;
++
+ if (!resolve_hostname_to_sockaddr(&self->super.dest_addr, self->super.transport_mapper->address_family,
+ _afinet_dd_get_hostname(self)))
+ return FALSE;
diff -Nru syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch
--- syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,46 @@
+From 997d1eb069301d0c0dc8ce78a98133c0acb11153 Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Wed, 23 Jan 2019 16:19:35 +0100
+Subject: [PATCH] cmake: add missing detection for O_LARGEFILE
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ CMakeLists.txt | 8 ++++++++
+ syslog-ng-config.h.in | 1 +
+ 2 files changed, 9 insertions(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 1e099f3991..9a0f3cd101 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -73,6 +73,7 @@ include(GenerateYFromYm)
+ include(CheckStructHasMember)
+
+ add_definitions(-D_GNU_SOURCE=1)
++add_definitions(-D_LARGEFILE64_SOURCE=1)
+
+ include(CheckSockaddrStorage)
+ if (HAVE_STRUCT_SOCKADDR_STORAGE)
+@@ -92,6 +93,13 @@ if (ENABLE_IPV6)
+ set(SYSLOG_NG_ENABLE_IPV6 ${HAVE_IPV6})
+ endif()
+
++set(CMAKE_REQUIRED_DEFINITIONS "-D_LARGEFILE64_SOURCE=1")
++set(CMAKE_EXTRA_INCLUDE_FILES "fcntl.h")
++check_type_size(O_LARGEFILE O_LARGEFILE)
++if (HAVE_O_LARGEFILE)
++ set(SYSLOG_NG_HAVE_O_LARGEFILE 1)
++endif()
++
+ check_symbol_exists(strtoll stdlib.h SYSLOG_NG_HAVE_STRTOLL)
+ check_symbol_exists(strnlen string.h SYSLOG_NG_HAVE_STRNLEN)
+ check_symbol_exists(strtok_r string.h SYSLOG_NG_HAVE_STRTOK_R)
+diff --git a/syslog-ng-config.h.in b/syslog-ng-config.h.in
+index 465b7a3622..81e046c25f 100644
+--- a/syslog-ng-config.h.in
++++ b/syslog-ng-config.h.in
+@@ -60,3 +60,4 @@
+ #cmakedefine01 SYSLOG_NG_HAVE_INOTIFY
+ #cmakedefine01 SYSLOG_NG_HAVE_GETRANDOM
+ #cmakedefine01 SYSLOG_NG_USE_CONST_IVYKIS_MOCK
++#cmakedefine01 SYSLOG_NG_HAVE_O_LARGEFILE
diff -Nru syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch
--- syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,27 @@
+From 742a16f5f11f34fa32423bd9b960da7023bdd24e Mon Sep 17 00:00:00 2001
+From: Attila Szakacs <attila.szakacs@balabit.com>
+Date: Thu, 24 Jan 2019 16:12:01 +0100
+Subject: [PATCH] threaded-dest: Fix integer overflow
+
+A negative number's modulo will be negative, which in our
+case pointed to a negative entry of the workers array,
+causing segfault.
+
+Signed-off-by: Attila Szakacs <attila.szakacs@balabit.com>
+---
+ lib/logthrdestdrv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/logthrdestdrv.c b/lib/logthrdestdrv.c
+index 8e8dff6c4b..e160e972fc 100644
+--- a/lib/logthrdestdrv.c
++++ b/lib/logthrdestdrv.c
+@@ -857,7 +857,7 @@ log_threaded_dest_driver_set_max_retries(LogDriver *s, gint max_retries)
+ LogThreadedDestWorker *
+ _lookup_worker(LogThreadedDestDriver *self, LogMessage *msg)
+ {
+- static gint last_worker = 0;
++ static guint last_worker = 0;
+
+ gint worker_index = last_worker % self->num_workers;
+ last_worker++;
diff -Nru syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch
--- syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,53 @@
+From c4157dede3f082c7805c0a7a5f4971b69514e198 Mon Sep 17 00:00:00 2001
+From: Attila Szakacs <attila.szakacs@balabit.com>
+Date: Fri, 25 Jan 2019 09:02:28 +0100
+Subject: [PATCH] threaded-dest: move last_worker to DestDriver
+
+Before this, `last_worker` was a static variable, which meant,
+if we had two http destinations, one message sent to the
+first would step the current worker in the second causing
+uneven load between the workers.
+
+Signed-off-by: Attila Szakacs <attila.szakacs@balabit.com>
+---
+ lib/logthrdestdrv.c | 7 +++----
+ lib/logthrdestdrv.h | 1 +
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/logthrdestdrv.c b/lib/logthrdestdrv.c
+index e160e972fc..e55f362248 100644
+--- a/lib/logthrdestdrv.c
++++ b/lib/logthrdestdrv.c
+@@ -857,10 +857,8 @@ log_threaded_dest_driver_set_max_retries(LogDriver *s, gint max_retries)
+ LogThreadedDestWorker *
+ _lookup_worker(LogThreadedDestDriver *self, LogMessage *msg)
+ {
+- static guint last_worker = 0;
+-
+- gint worker_index = last_worker % self->num_workers;
+- last_worker++;
++ gint worker_index = self->last_worker % self->num_workers;
++ self->last_worker++;
+
+ /* here would come the lookup mechanism that maps msg -> worker that doesn't exist yet. */
+ return self->workers[worker_index];
+@@ -1038,6 +1036,7 @@ log_threaded_dest_driver_init_instance(LogThreadedDestDriver *self, GlobalConfig
+ self->batch_lines = -1;
+ self->batch_timeout = -1;
+ self->num_workers = 1;
++ self->last_worker = 0;
+
+ self->retries_max = MAX_RETRIES_OF_FAILED_INSERT_DEFAULT;
+ self->lock = g_mutex_new();
+diff --git a/lib/logthrdestdrv.h b/lib/logthrdestdrv.h
+index b1c87ecd28..394fc9e89f 100644
+--- a/lib/logthrdestdrv.h
++++ b/lib/logthrdestdrv.h
+@@ -117,6 +117,7 @@ struct _LogThreadedDestDriver
+ LogThreadedDestWorker **workers;
+ gint num_workers;
+ gint workers_started;
++ guint last_worker;
+
+ gint stats_source;
+
diff -Nru syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch
--- syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,31 @@
+From 8082c33d3340018edbb7356441cf5301ae0b2ef9 Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Fri, 25 Jan 2019 09:26:11 +0100
+Subject: [PATCH] cmake: fix typo in HAVE_STRNLEN
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ syslog-ng-config.h.in | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/syslog-ng-config.h.in b/syslog-ng-config.h.in
+index 8eec0a15e5..952c22abb2 100644
+--- a/syslog-ng-config.h.in
++++ b/syslog-ng-config.h.in
+@@ -27,7 +27,7 @@
+ #cmakedefine01 SYSLOG_NG_ENABLE_IPV6
+ #cmakedefine01 SYSLOG_NG_HAVE_GETADDRINFO
+ #cmakedefine01 SYSLOG_NG_HAVE_GETNAMEINFO
+-#cmakedefine01 SYSLOG_NG_HAVE_STRNLNE
++#cmakedefine01 SYSLOG_NG_HAVE_STRNLEN
+ #cmakedefine01 SYSLOG_NG_ENABLE_LINUX_CAPS
+ #cmakedefine01 SYSLOG_NG_ENABLE_MEMTRACE
+ #cmakedefine01 SYSLOG_NG_ENABLE_TCP_WRAPPER
+@@ -44,7 +44,6 @@
+ #cmakedefine SYSLOG_NG_ENABLE_IPV6 @SYSLOG_NG_ENABLE_IPV6@
+ #cmakedefine SYSLOG_NG_HAVE_GETADDRINFO @SYSLOG_NG_HAVE_GETADDRINFO@
+ #cmakedefine SYSLOG_NG_HAVE_GETNAMEINFO @SYSLOG_NG_HAVE_GETNAMEINFO@
+-#cmakedefine SYSLOG_NG_HAVE_STRNLEN @SYSLOG_NG_HAVE_STRNLEN@
+ #cmakedefine SYSLOG_NG_JAVA_MODULE_PATH "@SYSLOG_NG_JAVA_MODULE_PATH@"
+ #cmakedefine SYSLOG_NG_ENABLE_DEBUG @SYSLOG_NG_ENABLE_DEBUG@
+ #cmakedefine SYSLOG_NG_ENABLE_FORCED_SERVER_MODE @SYSLOG_NG_ENABLE_FORCED_SERVER_MODE@
diff -Nru syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch
--- syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,22 @@
+From 9632eb8584f791b9ea508ac006a1501875c88b30 Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Tue, 19 Feb 2019 14:17:46 +0100
+Subject: [PATCH] http: add missing free for self->body_template
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ modules/http/http.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/http/http.c b/modules/http/http.c
+index e734d0fb8f..2582df270d 100644
+--- a/modules/http/http.c
++++ b/modules/http/http.c
+@@ -339,6 +339,7 @@ http_dd_free(LogPipe *s)
+ g_string_free(self->delimiter, TRUE);
+ g_string_free(self->body_prefix, TRUE);
+ g_string_free(self->body_suffix, TRUE);
++ log_template_unref(self->body_template);
+
+ curl_global_cleanup();
+
diff -Nru syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch
--- syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,33 @@
+From 76a79cf25ab1bbb011284c4bd50320385b3280c7 Mon Sep 17 00:00:00 2001
+From: Kokan <kokaipeter@gmail.com>
+Date: Thu, 21 Feb 2019 12:06:52 +0100
+Subject: [PATCH] test_pathutils: fix leak
+
+Signed-off-by: Kokan <kokaipeter@gmail.com>
+---
+ lib/tests/test_pathutils.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/lib/tests/test_pathutils.c b/lib/tests/test_pathutils.c
+index 5fe660762b..5662846381 100644
+--- a/lib/tests/test_pathutils.c
++++ b/lib/tests/test_pathutils.c
+@@ -66,9 +66,15 @@ Test(test_pathutils, test_is_file_device)
+
+ Test(test_pathutils, test_find_file_in_path)
+ {
+- cr_assert_str_eq(find_file_in_path("/dev", "null", G_FILE_TEST_EXISTS), "/dev/null", "wrong path returned)");
+- cr_assert_str_eq(find_file_in_path("/home:/dev:/root", "null", G_FILE_TEST_EXISTS), "/dev/null",
+- "wrong path returned");
++ gchar *file;
++
++ file = find_file_in_path("/dev", "null", G_FILE_TEST_EXISTS);
++ cr_assert_str_eq(file, "/dev/null");
++ g_free(file);
++
++ file = find_file_in_path("/home:/dev:/root", "null", G_FILE_TEST_EXISTS);
++ cr_assert_str_eq(file, "/dev/null");
++ g_free(file);
+ }
+
+ Test(test_pathutils, test_get_filename_extension)
diff -Nru syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch
--- syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,22 @@
+From c70ae1a33543a9d9b61dcdf5446832e4d525db53 Mon Sep 17 00:00:00 2001
+From: Kokan <kokaipeter@gmail.com>
+Date: Thu, 21 Feb 2019 12:39:46 +0100
+Subject: [PATCH] test_file_list: fix leak
+
+Signed-off-by: Kokan <kokaipeter@gmail.com>
+---
+ modules/affile/tests/test_file_list.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/affile/tests/test_file_list.c b/modules/affile/tests/test_file_list.c
+index d98fe21b33..474958247c 100644
+--- a/modules/affile/tests/test_file_list.c
++++ b/modules/affile/tests/test_file_list.c
+@@ -122,6 +122,7 @@ Test(hashed_queue, delete_non_existent)
+
+ g_free(f1);
+ g_free(f2);
++ g_free(f3);
+ pending_file_list_free(queue);
+ }
+
diff -Nru syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch
--- syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,29 @@
+From ac6385f23d494bd82a4cb508d0e5164ee3e830b6 Mon Sep 17 00:00:00 2001
+From: Kokan <kokaipeter@gmail.com>
+Date: Thu, 21 Feb 2019 13:49:24 +0100
+Subject: [PATCH] template: tf_simple_func_prepare leak fix
+
+The state object had the array and the argc length, when the proper
+cleanup function is called it checks the argc to free templates.
+
+Signed-off-by: Kokan <kokaipeter@gmail.com>
+---
+ lib/template/simple-function.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/template/simple-function.c b/lib/template/simple-function.c
+index 5f788aed63..ffaa7b7c41 100644
+--- a/lib/template/simple-function.c
++++ b/lib/template/simple-function.c
+@@ -55,7 +55,10 @@ tf_simple_func_prepare(LogTemplateFunction *self, gpointer s, LogTemplate *paren
+ state->argv_templates[i] = log_template_new(parent->cfg, NULL);
+ log_template_set_escape(state->argv_templates[i], parent->escape);
+ if (!log_template_compile(state->argv_templates[i], argv[i + 1], error))
+- goto error;
++ {
++ state->argc = i + 1;
++ goto error;
++ }
+ }
+ state->argc = argc - 1;
+ return TRUE;
diff -Nru syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch
--- syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,43 @@
+From ea62f400dd38db012ed01f16f85a4b928625fa4d Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Tue, 2 Apr 2019 10:24:20 +0200
+Subject: [PATCH] gorupingby: fix memory leak
+
+Due to missing unref, the filter expressions were leaked.
+Also, init functions were not called either.
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ modules/dbparser/groupingby.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/modules/dbparser/groupingby.c b/modules/dbparser/groupingby.c
+index a8509aad86..a96b9a68c1 100644
+--- a/modules/dbparser/groupingby.c
++++ b/modules/dbparser/groupingby.c
+@@ -419,6 +419,14 @@ grouping_by_init(LogPipe *s)
+ self->tick.expires.tv_sec++;
+ self->tick.expires.tv_nsec = 0;
+ iv_timer_register(&self->tick);
++
++ if (self->trigger_condition_expr && !filter_expr_init(self->trigger_condition_expr, cfg))
++ return FALSE;
++ if (self->where_condition_expr && !filter_expr_init(self->where_condition_expr, cfg))
++ return FALSE;
++ if (self->having_condition_expr && !filter_expr_init(self->having_condition_expr, cfg))
++ return FALSE;
++
+ return stateful_parser_init_method(s);
+ }
+
+@@ -463,6 +471,10 @@ grouping_by_free(LogPipe *s)
+ synthetic_message_free(self->synthetic_message);
+ timer_wheel_free(self->timer_wheel);
+ stateful_parser_free_method(s);
++
++ filter_expr_unref(self->trigger_condition_expr);
++ filter_expr_unref(self->where_condition_expr);
++ filter_expr_unref(self->having_condition_expr);
+ }
+
+ LogParser *
diff -Nru syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch
--- syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch 1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch 2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,136 @@
+From 20926fb6ecd4ebfa8a36737cdbc7e8ae639fa085 Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Tue, 2 Apr 2019 19:56:34 +0200
+Subject: [PATCH] groupingby: fix invalid memory access
+
+There was an invalid memory access in groupingby. The TimerWheel
+object stores all timers, however the individual timers are also
+stored inside the contexts.
+
+The original code stores contexts in persist state, however the
+timer_wheel is freed during reload. When the new config starts, and a
+context is fetched, groupingby will access the already freed timer.
+
+This patch stores timerwheel in persist state too.
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ modules/dbparser/groupingby.c | 61 ++++++++++++++++++++++++++++-------
+ 1 file changed, 50 insertions(+), 11 deletions(-)
+
+diff --git a/modules/dbparser/groupingby.c b/modules/dbparser/groupingby.c
+index a96b9a68c1..5a925c4347 100644
+--- a/modules/dbparser/groupingby.c
++++ b/modules/dbparser/groupingby.c
+@@ -46,8 +46,22 @@ typedef struct _GroupingBy
+ FilterExprNode *having_condition_expr;
+ } GroupingBy;
+
++typedef struct
++{
++ CorrellationState *correllation;
++ TimerWheel *timer_wheel;
++} GroupingByPersistData;
++
+ static NVHandle context_id_handle = 0;
+
++static void
++_free_persist_data(GroupingByPersistData *self)
++{
++ correllation_state_free(self->correllation);
++ timer_wheel_free(self->timer_wheel);
++ g_free(self);
++}
++
+ void
+ grouping_by_set_key_template(LogParser *s, LogTemplate *key_template)
+ {
+@@ -381,6 +395,25 @@ grouping_by_process(LogParser *s, LogMessage **pmsg, const LogPathOptions *path_
+ return TRUE;
+ }
+
++static void
++_load_correllation_state(GroupingBy *self, GlobalConfig *cfg)
++{
++ GroupingByPersistData *persist_data = cfg_persist_config_fetch(cfg, grouping_by_format_persist_name(self));
++ if (persist_data)
++ {
++ self->correllation = persist_data->correllation;
++ self->timer_wheel = persist_data->timer_wheel;
++ timer_wheel_set_associated_data(self->timer_wheel, log_pipe_ref((LogPipe *)self), (GDestroyNotify)log_pipe_unref);
++ }
++ else
++ {
++ self->correllation = correllation_state_new();
++ self->timer_wheel = timer_wheel_new();
++ timer_wheel_set_associated_data(self->timer_wheel, log_pipe_ref((LogPipe *)self), (GDestroyNotify)log_pipe_unref);
++ }
++ g_free(persist_data);
++}
++
+ static gboolean
+ grouping_by_init(LogPipe *s)
+ {
+@@ -406,11 +439,8 @@ grouping_by_init(LogPipe *s)
+ return FALSE;
+ }
+
+- self->correllation = cfg_persist_config_fetch(cfg, grouping_by_format_persist_name(self));
+- if (!self->correllation)
+- {
+- self->correllation = correllation_state_new();
+- }
++ _load_correllation_state(self, cfg);
++
+ iv_validate_now();
+ IV_TIMER_INIT(&self->tick);
+ self->tick.cookie = self;
+@@ -430,6 +460,19 @@ grouping_by_init(LogPipe *s)
+ return stateful_parser_init_method(s);
+ }
+
++static void
++_store_data_in_persist(GroupingBy *self, GlobalConfig *cfg)
++{
++ GroupingByPersistData *persist_data = g_new0(GroupingByPersistData, 1);
++ persist_data->correllation = self->correllation;
++ persist_data->timer_wheel = self->timer_wheel;
++
++ cfg_persist_config_add(cfg, grouping_by_format_persist_name(self), persist_data,
++ (GDestroyNotify) _free_persist_data, FALSE);
++ self->correllation = NULL;
++ self->timer_wheel = NULL;
++}
++
+ static gboolean
+ grouping_by_deinit(LogPipe *s)
+ {
+@@ -441,9 +484,8 @@ grouping_by_deinit(LogPipe *s)
+ iv_timer_unregister(&self->tick);
+ }
+
+- cfg_persist_config_add(cfg, grouping_by_format_persist_name(self), self->correllation,
+- (GDestroyNotify) correllation_state_free, FALSE);
+- self->correllation = NULL;
++ _store_data_in_persist(self, cfg);
++
+ return stateful_parser_deinit_method(s);
+ }
+
+@@ -469,7 +511,6 @@ grouping_by_free(LogPipe *s)
+ log_template_unref(self->key_template);
+ if (self->synthetic_message)
+ synthetic_message_free(self->synthetic_message);
+- timer_wheel_free(self->timer_wheel);
+ stateful_parser_free_method(s);
+
+ filter_expr_unref(self->trigger_condition_expr);
+@@ -490,8 +531,6 @@ grouping_by_new(GlobalConfig *cfg)
+ self->super.super.process = grouping_by_process;
+ g_static_mutex_init(&self->lock);
+ self->scope = RCS_GLOBAL;
+- self->timer_wheel = timer_wheel_new();
+- timer_wheel_set_associated_data(self->timer_wheel, self, NULL);
+ cached_g_current_time(&self->last_tick);
+ self->timeout = -1;
+ return &self->super.super;
diff -Nru syslog-ng-3.19.1/debian/patches/series syslog-ng-3.19.1/debian/patches/series
--- syslog-ng-3.19.1/debian/patches/series 2018-12-25 09:40:28.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/series 2019-05-19 11:03:30.000000000 +0000
@@ -1,2 +1,16 @@
0001-Remove-outdated-documentation.patch
0007-Ignore-PEP8-W504-warning.patch
+0010-Fix_app-parser_per_reload_memory_leak_part1.patch
+0011-Fix_app-parser_per_reload_memory_leak_part2.patch
+0012-Fix_leaking_file_handlers.patch
+0013-DNS_memory_leak_segfault_fix.patch
+0014-cmake_add_missing_detection_for_O_LARGEFILE.patch
+0015-threaded-dest_Fix_integer_overflow.patch
+0016-threaded-dest_move_last_worker_to_DestDriver.patch
+0017-cmake_fix_typo_in_HAVE_STRNLEN.patch
+0018-http_add_missing_free_for_self-body_template.patch
+0019-test_pathutils_fix_leak.patch
+0020-test_file_list_fix_leak.patch
+0021-template_tf_simple_func_prepare_leak_fix.patch
+0022-gorupingby_fix_memory_leak.patch
+0023-groupingby_fix_invalid_memory_access.patch
Reply to: