[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#929839: marked as done (unblock: syslog-ng/3.19.1-5)

Your message dated Sat, 15 Jun 2019 19:42:59 +0200
with message-id <2fe27633-1a3c-ece3-e2a1-c4dce92740b5@debian.org>
and subject line Re: Bug#929839: unblock: syslog-ng/3.19.1-5
has caused the Debian Bug report #929839,
regarding unblock: syslog-ng/3.19.1-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
929839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929839
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi Release Team,

I would like to update syslog-ng from 3.19.1-3 to 3.19-5 which means
two debdiffs.
The first one is very small, adding a configuration entry which is
chosen automatically but with a warning issued. Explicitly adding the
configuration prevents that extra message issued.
The second one contains several security fixes backported from stable
upstream releases.
Just to be sure, I let it age a week.

Thanks for consideration,
Laszlo/GCS

diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog
--- syslog-ng-3.19.1/debian/changelog	2019-02-04 18:47:26.000000000 +0000
+++ syslog-ng-3.19.1/debian/changelog	2019-04-22 11:02:19.000000000 +0000
@@ -1,3 +1,9 @@
+syslog-ng (3.19.1-4) unstable; urgency=medium
+
+  * Add dns_cache(no) to options (closes: #922524).
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 22 Apr 2019 11:02:19 +0000
+
 syslog-ng (3.19.1-3) unstable; urgency=medium
 
   * Correct syslog-ng-mod-examples description (closes: #920846).
diff -Nru syslog-ng-3.19.1/debian/syslog-ng.conf syslog-ng-3.19.1/debian/syslog-ng.conf
--- syslog-ng-3.19.1/debian/syslog-ng.conf	2018-12-25 09:40:28.000000000 +0000
+++ syslog-ng-3.19.1/debian/syslog-ng.conf	2019-04-22 11:02:19.000000000 +0000
@@ -6,8 +6,8 @@
 
 # First, set some global options.
 options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
-	  owner("root"); group("adm"); perm(0640); stats_freq(0);
-	  bad_hostname("^gconfd$");
+	  dns_cache(no); owner("root"); group("adm"); perm(0640);
+	  stats_freq(0); bad_hostname("^gconfd$");
 };
 
 ########################

diff -Nru syslog-ng-3.19.1/debian/changelog syslog-ng-3.19.1/debian/changelog
--- syslog-ng-3.19.1/debian/changelog	2019-04-22 11:02:19.000000000 +0000
+++ syslog-ng-3.19.1/debian/changelog	2019-05-19 11:03:30.000000000 +0000
@@ -1,3 +1,22 @@
+syslog-ng (3.19.1-5) unstable; urgency=high
+
+  * Backport security fixes:
+    - fix app-parser() per reload memory leak,
+    - logger: fix leaking file handlers,
+    - DNS memory leak/segfault fix,
+    - cmake: add missing detection for O_LARGEFILE,
+    - threaded-dest: fix integer overflow,
+    - threaded-dest: move last_worker to DestDriver,
+    - cmake: fix typo in HAVE_STRNLEN,
+    - http: add missing free for self->body_template,
+    - test_pathutils: fix leak,
+    - test_file_list: fix leak,
+    - template: tf_simple_func_prepare leak fix,
+    - gorupingby: fix memory leak,
+    - groupingby: fix invalid memory access.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 19 May 2019 11:03:30 +0000
+
 syslog-ng (3.19.1-4) unstable; urgency=medium
 
   * Add dns_cache(no) to options (closes: #922524).
diff -Nru syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch
--- syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0010-Fix_app-parser_per_reload_memory_leak_part1.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,93 @@
+From 8400d4aa419a9fe818d09c0a1fbfff173dbaff38 Mon Sep 17 00:00:00 2001
+From: Balazs Scheidler <balazs.scheidler@oneidentity.com>
+Date: Tue, 18 Dec 2018 09:52:50 +0100
+Subject: [PATCH] cfg-block: make CfgBlockGenerator instances refcounted
+
+Sometimes CfgBlock instances are constructed every time they are
+referenced (e.g. app-parser() in its construct method), in other cases
+the same generator instance is returned (e.g. those created by
+block {} statements).
+
+The shared ones were properly freed, but the dynamic kind were not.
+
+This patch adds reference counting, the followup patch will fix the leak.
+
+Signed-off-by: Balazs Scheidler <balazs.scheidler@oneidentity.com>
+---
+ lib/cfg-block-generator.c | 19 +++++++++++++++----
+ lib/cfg-block-generator.h |  4 +++-
+ lib/cfg-lexer.c           |  2 +-
+ 3 files changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/lib/cfg-block-generator.c b/lib/cfg-block-generator.c
+index 292094cb6a..c096fd38d5 100644
+--- a/lib/cfg-block-generator.c
++++ b/lib/cfg-block-generator.c
+@@ -51,6 +51,7 @@ cfg_block_generator_generate(CfgBlockGenerator *self, GlobalConfig *cfg, CfgArgs
+ void
+ cfg_block_generator_init_instance(CfgBlockGenerator *self, gint context, const gchar *name)
+ {
++  self->ref_cnt = 1;
+   self->context = context;
+   self->name = g_strdup(name);
+   self->format_name = cfg_block_generator_format_name_method;
+@@ -63,10 +64,20 @@ cfg_block_generator_free_instance(CfgBlockGenerator *self)
+   g_free(self->name);
+ }
+ 
++CfgBlockGenerator *
++cfg_block_generator_ref(CfgBlockGenerator *self)
++{
++  self->ref_cnt++;
++  return self;
++}
++
+ void
+-cfg_block_generator_free(CfgBlockGenerator *self)
++cfg_block_generator_unref(CfgBlockGenerator *self)
+ {
+-  if (self->free_fn)
+-    self->free_fn(self);
+-  g_free(self);
++  if (--self->ref_cnt == 0)
++    {
++      if (self->free_fn)
++        self->free_fn(self);
++      g_free(self);
++    }
+ }
+diff --git a/lib/cfg-block-generator.h b/lib/cfg-block-generator.h
+index f835179d8e..a2717703d7 100644
+--- a/lib/cfg-block-generator.h
++++ b/lib/cfg-block-generator.h
+@@ -41,6 +41,7 @@
+ typedef struct _CfgBlockGenerator CfgBlockGenerator;
+ struct _CfgBlockGenerator
+ {
++  gint ref_cnt;
+   gint context;
+   gchar *name;
+   gboolean suppress_backticks;
+@@ -60,7 +61,8 @@ gboolean cfg_block_generator_generate(CfgBlockGenerator *self, GlobalConfig *cfg
+                                       const gchar *reference);
+ void cfg_block_generator_init_instance(CfgBlockGenerator *self, gint context, const gchar *name);
+ void cfg_block_generator_free_instance(CfgBlockGenerator *self);
+-void cfg_block_generator_free(CfgBlockGenerator *self);
++CfgBlockGenerator *cfg_block_generator_ref(CfgBlockGenerator *self);
++void cfg_block_generator_unref(CfgBlockGenerator *self);
+ 
+ 
+ #endif
+diff --git a/lib/cfg-lexer.c b/lib/cfg-lexer.c
+index cf8a2df6b3..6b7854f284 100644
+--- a/lib/cfg-lexer.c
++++ b/lib/cfg-lexer.c
+@@ -739,7 +739,7 @@ _generator_plugin_free(Plugin *s)
+ {
+   GeneratorPlugin *self = (GeneratorPlugin *) s;
+ 
+-  cfg_block_generator_free(self->gen);
++  cfg_block_generator_unref(self->gen);
+   g_free((gchar *) self->super.name);
+   g_free(s);
+ }
diff -Nru syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch
--- syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0011-Fix_app-parser_per_reload_memory_leak_part2.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,38 @@
+From 1e819fc4b09afca2bf2ff13af5b001f6201f419a Mon Sep 17 00:00:00 2001
+From: Balazs Scheidler <balazs.scheidler@oneidentity.com>
+Date: Tue, 18 Dec 2018 09:53:26 +0100
+Subject: [PATCH] cfg-lexer: fix memory leak for dynamically allocated
+ CfgBlockGenerators
+
+This should fix a memory leak for app-parser() if that is found in the
+configuration.
+
+Signed-off-by: Balazs Scheidler <balazs.scheidler@oneidentity.com>
+---
+ lib/cfg-lexer.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cfg-lexer.c b/lib/cfg-lexer.c
+index 6b7854f284..020607caa7 100644
+--- a/lib/cfg-lexer.c
++++ b/lib/cfg-lexer.c
+@@ -731,7 +731,7 @@ _generator_plugin_construct(Plugin *s)
+ {
+   GeneratorPlugin *self = (GeneratorPlugin *) s;
+ 
+-  return self->gen;
++  return cfg_block_generator_ref(self->gen);
+ }
+ 
+ static void
+@@ -1023,7 +1023,9 @@ cfg_lexer_preprocess(CfgLexer *self, gint tok, YYSTYPE *yylval, YYLTYPE *yylloc)
+       self->cfg &&
+       (gen = cfg_lexer_find_generator(self, self->cfg, cfg_lexer_get_context_type(self), yylval->cptr)))
+     {
+-      if (!cfg_lexer_parse_and_run_block_generator(self, gen, yylval))
++      gboolean success = cfg_lexer_parse_and_run_block_generator(self, gen, yylval);
++      cfg_block_generator_unref(gen);
++      if (!success)
+         return CLPR_ERROR;
+ 
+       return CLPR_LEX_AGAIN;
diff -Nru syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch
--- syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0012-Fix_leaking_file_handlers.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,31 @@
+From c2010b41253bf46c6d4493233e50b5f0cf1dc478 Mon Sep 17 00:00:00 2001
+From: Andras Mitzki <andras.mitzki@balabit.com>
+Date: Thu, 10 Jan 2019 10:03:16 +0100
+Subject: [PATCH] Logger: Fix leaking file handlers
+
+Signed-off-by: Andras Mitzki <andras.mitzki@balabit.com>
+---
+ tests/pytest_framework/src/logger/logger.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/tests/pytest_framework/src/logger/logger.py b/tests/pytest_framework/src/logger/logger.py
+index 8a1732bef1..3b4a1e9105 100644
+--- a/tests/pytest_framework/src/logger/logger.py
++++ b/tests/pytest_framework/src/logger/logger.py
+@@ -29,12 +29,15 @@
+ class Logger(logging.Logger):
+     def __init__(self, logger_name, report_file, loglevel, use_console_handler=True, use_file_handler=True):
+         super(Logger, self).__init__(logger_name, loglevel)
+-        self.handlers = []
+         if use_console_handler:
+             self.__set_console_handler()
+         if use_file_handler:
+             self.__set_file_handler(file_path=report_file)
+ 
++    def __del__(self):
++        for open_handler in self.handlers:
++            open_handler.close()
++
+     def __set_file_handler(self, file_path=None):
+         # FileHandler can work only with string representation of file_path
+         file_handler = logging.FileHandler(str(file_path))
diff -Nru syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch
--- syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0013-DNS_memory_leak_segfault_fix.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,34 @@
+From 36e8af654182533cee52995a96023ff17b895bff Mon Sep 17 00:00:00 2001
+From: Naveen Revanna <raveenr@gmail.com>
+Date: Thu, 17 Jan 2019 01:47:53 -0800
+Subject: [PATCH] afsocket: Fix to prevent accessing freed up memory.
+
+dest_addr and bind_addr pointers hold an address that was freed up. This results in access violation. This fix adds NULL to those pointers.
+
+Signed-off-by: Naveen Revanna <nrevanna@purestorage.com>
+---
+ modules/afsocket/afinet-dest.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/modules/afsocket/afinet-dest.c b/modules/afsocket/afinet-dest.c
+index 231d5e6bb5..9eb5da269a 100644
+--- a/modules/afsocket/afinet-dest.c
++++ b/modules/afsocket/afinet-dest.c
+@@ -243,6 +243,8 @@ static gboolean
+ _setup_bind_addr(AFInetDestDriver *self)
+ {
+   g_sockaddr_unref(self->super.bind_addr);
++  self->super.bind_addr = NULL;
++
+   if (!resolve_hostname_to_sockaddr(&self->super.bind_addr, self->super.transport_mapper->address_family, self->bind_ip))
+     return FALSE;
+ 
+@@ -256,6 +258,8 @@ static gboolean
+ _setup_dest_addr(AFInetDestDriver *self)
+ {
+   g_sockaddr_unref(self->super.dest_addr);
++  self->super.dest_addr = NULL;
++
+   if (!resolve_hostname_to_sockaddr(&self->super.dest_addr, self->super.transport_mapper->address_family,
+                                     _afinet_dd_get_hostname(self)))
+     return FALSE;
diff -Nru syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch
--- syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0014-cmake_add_missing_detection_for_O_LARGEFILE.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,46 @@
+From 997d1eb069301d0c0dc8ce78a98133c0acb11153 Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Wed, 23 Jan 2019 16:19:35 +0100
+Subject: [PATCH] cmake: add missing detection for O_LARGEFILE
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ CMakeLists.txt        | 8 ++++++++
+ syslog-ng-config.h.in | 1 +
+ 2 files changed, 9 insertions(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 1e099f3991..9a0f3cd101 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -73,6 +73,7 @@ include(GenerateYFromYm)
+ include(CheckStructHasMember)
+ 
+ add_definitions(-D_GNU_SOURCE=1)
++add_definitions(-D_LARGEFILE64_SOURCE=1)
+ 
+ include(CheckSockaddrStorage)
+ if (HAVE_STRUCT_SOCKADDR_STORAGE)
+@@ -92,6 +93,13 @@ if (ENABLE_IPV6)
+     set(SYSLOG_NG_ENABLE_IPV6 ${HAVE_IPV6})
+ endif()
+ 
++set(CMAKE_REQUIRED_DEFINITIONS "-D_LARGEFILE64_SOURCE=1")
++set(CMAKE_EXTRA_INCLUDE_FILES "fcntl.h")
++check_type_size(O_LARGEFILE O_LARGEFILE)
++if (HAVE_O_LARGEFILE)
++  set(SYSLOG_NG_HAVE_O_LARGEFILE 1)
++endif()
++
+ check_symbol_exists(strtoll stdlib.h SYSLOG_NG_HAVE_STRTOLL)
+ check_symbol_exists(strnlen string.h SYSLOG_NG_HAVE_STRNLEN)
+ check_symbol_exists(strtok_r string.h SYSLOG_NG_HAVE_STRTOK_R)
+diff --git a/syslog-ng-config.h.in b/syslog-ng-config.h.in
+index 465b7a3622..81e046c25f 100644
+--- a/syslog-ng-config.h.in
++++ b/syslog-ng-config.h.in
+@@ -60,3 +60,4 @@
+ #cmakedefine01 SYSLOG_NG_HAVE_INOTIFY
+ #cmakedefine01 SYSLOG_NG_HAVE_GETRANDOM
+ #cmakedefine01 SYSLOG_NG_USE_CONST_IVYKIS_MOCK
++#cmakedefine01 SYSLOG_NG_HAVE_O_LARGEFILE
diff -Nru syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch
--- syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0015-threaded-dest_Fix_integer_overflow.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,27 @@
+From 742a16f5f11f34fa32423bd9b960da7023bdd24e Mon Sep 17 00:00:00 2001
+From: Attila Szakacs <attila.szakacs@balabit.com>
+Date: Thu, 24 Jan 2019 16:12:01 +0100
+Subject: [PATCH] threaded-dest: Fix integer overflow
+
+A negative number's modulo will be negative, which in our
+case pointed to a negative entry of the workers array,
+causing segfault.
+
+Signed-off-by: Attila Szakacs <attila.szakacs@balabit.com>
+---
+ lib/logthrdestdrv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/logthrdestdrv.c b/lib/logthrdestdrv.c
+index 8e8dff6c4b..e160e972fc 100644
+--- a/lib/logthrdestdrv.c
++++ b/lib/logthrdestdrv.c
+@@ -857,7 +857,7 @@ log_threaded_dest_driver_set_max_retries(LogDriver *s, gint max_retries)
+ LogThreadedDestWorker *
+ _lookup_worker(LogThreadedDestDriver *self, LogMessage *msg)
+ {
+-  static gint last_worker = 0;
++  static guint last_worker = 0;
+ 
+   gint worker_index = last_worker % self->num_workers;
+   last_worker++;
diff -Nru syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch
--- syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0016-threaded-dest_move_last_worker_to_DestDriver.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,53 @@
+From c4157dede3f082c7805c0a7a5f4971b69514e198 Mon Sep 17 00:00:00 2001
+From: Attila Szakacs <attila.szakacs@balabit.com>
+Date: Fri, 25 Jan 2019 09:02:28 +0100
+Subject: [PATCH] threaded-dest: move last_worker to DestDriver
+
+Before this, `last_worker` was a static variable, which meant,
+if we had two http destinations, one message sent to the
+first would step the current worker in the second causing
+uneven load between the workers.
+
+Signed-off-by: Attila Szakacs <attila.szakacs@balabit.com>
+---
+ lib/logthrdestdrv.c | 7 +++----
+ lib/logthrdestdrv.h | 1 +
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/logthrdestdrv.c b/lib/logthrdestdrv.c
+index e160e972fc..e55f362248 100644
+--- a/lib/logthrdestdrv.c
++++ b/lib/logthrdestdrv.c
+@@ -857,10 +857,8 @@ log_threaded_dest_driver_set_max_retries(LogDriver *s, gint max_retries)
+ LogThreadedDestWorker *
+ _lookup_worker(LogThreadedDestDriver *self, LogMessage *msg)
+ {
+-  static guint last_worker = 0;
+-
+-  gint worker_index = last_worker % self->num_workers;
+-  last_worker++;
++  gint worker_index = self->last_worker % self->num_workers;
++  self->last_worker++;
+ 
+   /* here would come the lookup mechanism that maps msg -> worker that doesn't exist yet. */
+   return self->workers[worker_index];
+@@ -1038,6 +1036,7 @@ log_threaded_dest_driver_init_instance(LogThreadedDestDriver *self, GlobalConfig
+   self->batch_lines = -1;
+   self->batch_timeout = -1;
+   self->num_workers = 1;
++  self->last_worker = 0;
+ 
+   self->retries_max = MAX_RETRIES_OF_FAILED_INSERT_DEFAULT;
+   self->lock = g_mutex_new();
+diff --git a/lib/logthrdestdrv.h b/lib/logthrdestdrv.h
+index b1c87ecd28..394fc9e89f 100644
+--- a/lib/logthrdestdrv.h
++++ b/lib/logthrdestdrv.h
+@@ -117,6 +117,7 @@ struct _LogThreadedDestDriver
+   LogThreadedDestWorker **workers;
+   gint num_workers;
+   gint workers_started;
++  guint last_worker;
+ 
+   gint stats_source;
+ 
diff -Nru syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch
--- syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0017-cmake_fix_typo_in_HAVE_STRNLEN.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,31 @@
+From 8082c33d3340018edbb7356441cf5301ae0b2ef9 Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Fri, 25 Jan 2019 09:26:11 +0100
+Subject: [PATCH] cmake: fix typo in HAVE_STRNLEN
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ syslog-ng-config.h.in | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/syslog-ng-config.h.in b/syslog-ng-config.h.in
+index 8eec0a15e5..952c22abb2 100644
+--- a/syslog-ng-config.h.in
++++ b/syslog-ng-config.h.in
+@@ -27,7 +27,7 @@
+ #cmakedefine01 SYSLOG_NG_ENABLE_IPV6
+ #cmakedefine01 SYSLOG_NG_HAVE_GETADDRINFO
+ #cmakedefine01 SYSLOG_NG_HAVE_GETNAMEINFO
+-#cmakedefine01 SYSLOG_NG_HAVE_STRNLNE
++#cmakedefine01 SYSLOG_NG_HAVE_STRNLEN
+ #cmakedefine01 SYSLOG_NG_ENABLE_LINUX_CAPS
+ #cmakedefine01 SYSLOG_NG_ENABLE_MEMTRACE
+ #cmakedefine01 SYSLOG_NG_ENABLE_TCP_WRAPPER
+@@ -44,7 +44,6 @@
+ #cmakedefine SYSLOG_NG_ENABLE_IPV6 @SYSLOG_NG_ENABLE_IPV6@
+ #cmakedefine SYSLOG_NG_HAVE_GETADDRINFO @SYSLOG_NG_HAVE_GETADDRINFO@
+ #cmakedefine SYSLOG_NG_HAVE_GETNAMEINFO @SYSLOG_NG_HAVE_GETNAMEINFO@
+-#cmakedefine SYSLOG_NG_HAVE_STRNLEN @SYSLOG_NG_HAVE_STRNLEN@
+ #cmakedefine SYSLOG_NG_JAVA_MODULE_PATH "@SYSLOG_NG_JAVA_MODULE_PATH@"
+ #cmakedefine SYSLOG_NG_ENABLE_DEBUG @SYSLOG_NG_ENABLE_DEBUG@
+ #cmakedefine SYSLOG_NG_ENABLE_FORCED_SERVER_MODE @SYSLOG_NG_ENABLE_FORCED_SERVER_MODE@
diff -Nru syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch
--- syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0018-http_add_missing_free_for_self-body_template.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,22 @@
+From 9632eb8584f791b9ea508ac006a1501875c88b30 Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Tue, 19 Feb 2019 14:17:46 +0100
+Subject: [PATCH] http: add missing free for self->body_template
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ modules/http/http.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/http/http.c b/modules/http/http.c
+index e734d0fb8f..2582df270d 100644
+--- a/modules/http/http.c
++++ b/modules/http/http.c
+@@ -339,6 +339,7 @@ http_dd_free(LogPipe *s)
+   g_string_free(self->delimiter, TRUE);
+   g_string_free(self->body_prefix, TRUE);
+   g_string_free(self->body_suffix, TRUE);
++  log_template_unref(self->body_template);
+ 
+   curl_global_cleanup();
+ 
diff -Nru syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch
--- syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0019-test_pathutils_fix_leak.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,33 @@
+From 76a79cf25ab1bbb011284c4bd50320385b3280c7 Mon Sep 17 00:00:00 2001
+From: Kokan <kokaipeter@gmail.com>
+Date: Thu, 21 Feb 2019 12:06:52 +0100
+Subject: [PATCH] test_pathutils: fix leak
+
+Signed-off-by: Kokan <kokaipeter@gmail.com>
+---
+ lib/tests/test_pathutils.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/lib/tests/test_pathutils.c b/lib/tests/test_pathutils.c
+index 5fe660762b..5662846381 100644
+--- a/lib/tests/test_pathutils.c
++++ b/lib/tests/test_pathutils.c
+@@ -66,9 +66,15 @@ Test(test_pathutils, test_is_file_device)
+ 
+ Test(test_pathutils, test_find_file_in_path)
+ {
+-  cr_assert_str_eq(find_file_in_path("/dev", "null", G_FILE_TEST_EXISTS), "/dev/null", "wrong path returned)");
+-  cr_assert_str_eq(find_file_in_path("/home:/dev:/root", "null", G_FILE_TEST_EXISTS),  "/dev/null",
+-                   "wrong path returned");
++  gchar *file;
++
++  file = find_file_in_path("/dev", "null", G_FILE_TEST_EXISTS);
++  cr_assert_str_eq(file, "/dev/null");
++  g_free(file);
++
++  file = find_file_in_path("/home:/dev:/root", "null", G_FILE_TEST_EXISTS);
++  cr_assert_str_eq(file, "/dev/null");
++  g_free(file);
+ }
+ 
+ Test(test_pathutils, test_get_filename_extension)
diff -Nru syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch
--- syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0020-test_file_list_fix_leak.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,22 @@
+From c70ae1a33543a9d9b61dcdf5446832e4d525db53 Mon Sep 17 00:00:00 2001
+From: Kokan <kokaipeter@gmail.com>
+Date: Thu, 21 Feb 2019 12:39:46 +0100
+Subject: [PATCH] test_file_list: fix leak
+
+Signed-off-by: Kokan <kokaipeter@gmail.com>
+---
+ modules/affile/tests/test_file_list.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/affile/tests/test_file_list.c b/modules/affile/tests/test_file_list.c
+index d98fe21b33..474958247c 100644
+--- a/modules/affile/tests/test_file_list.c
++++ b/modules/affile/tests/test_file_list.c
+@@ -122,6 +122,7 @@ Test(hashed_queue, delete_non_existent)
+ 
+   g_free(f1);
+   g_free(f2);
++  g_free(f3);
+   pending_file_list_free(queue);
+ }
+ 
diff -Nru syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch
--- syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0021-template_tf_simple_func_prepare_leak_fix.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,29 @@
+From ac6385f23d494bd82a4cb508d0e5164ee3e830b6 Mon Sep 17 00:00:00 2001
+From: Kokan <kokaipeter@gmail.com>
+Date: Thu, 21 Feb 2019 13:49:24 +0100
+Subject: [PATCH] template: tf_simple_func_prepare leak fix
+
+The state object had the array and the argc length, when the proper
+cleanup function is called it checks the argc to free templates.
+
+Signed-off-by: Kokan <kokaipeter@gmail.com>
+---
+ lib/template/simple-function.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/template/simple-function.c b/lib/template/simple-function.c
+index 5f788aed63..ffaa7b7c41 100644
+--- a/lib/template/simple-function.c
++++ b/lib/template/simple-function.c
+@@ -55,7 +55,10 @@ tf_simple_func_prepare(LogTemplateFunction *self, gpointer s, LogTemplate *paren
+       state->argv_templates[i] = log_template_new(parent->cfg, NULL);
+       log_template_set_escape(state->argv_templates[i], parent->escape);
+       if (!log_template_compile(state->argv_templates[i], argv[i + 1], error))
+-        goto error;
++        {
++          state->argc = i + 1;
++          goto error;
++        }
+     }
+   state->argc = argc - 1;
+   return TRUE;
diff -Nru syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch
--- syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0022-gorupingby_fix_memory_leak.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,43 @@
+From ea62f400dd38db012ed01f16f85a4b928625fa4d Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Tue, 2 Apr 2019 10:24:20 +0200
+Subject: [PATCH] gorupingby: fix memory leak
+
+Due to missing unref, the filter expressions were leaked.
+Also, init functions were not called either.
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ modules/dbparser/groupingby.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/modules/dbparser/groupingby.c b/modules/dbparser/groupingby.c
+index a8509aad86..a96b9a68c1 100644
+--- a/modules/dbparser/groupingby.c
++++ b/modules/dbparser/groupingby.c
+@@ -419,6 +419,14 @@ grouping_by_init(LogPipe *s)
+   self->tick.expires.tv_sec++;
+   self->tick.expires.tv_nsec = 0;
+   iv_timer_register(&self->tick);
++
++  if (self->trigger_condition_expr && !filter_expr_init(self->trigger_condition_expr, cfg))
++    return FALSE;
++  if (self->where_condition_expr && !filter_expr_init(self->where_condition_expr, cfg))
++    return FALSE;
++  if (self->having_condition_expr && !filter_expr_init(self->having_condition_expr, cfg))
++    return FALSE;
++
+   return stateful_parser_init_method(s);
+ }
+ 
+@@ -463,6 +471,10 @@ grouping_by_free(LogPipe *s)
+     synthetic_message_free(self->synthetic_message);
+   timer_wheel_free(self->timer_wheel);
+   stateful_parser_free_method(s);
++
++  filter_expr_unref(self->trigger_condition_expr);
++  filter_expr_unref(self->where_condition_expr);
++  filter_expr_unref(self->having_condition_expr);
+ }
+ 
+ LogParser *
diff -Nru syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch
--- syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch	1970-01-01 00:00:00.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/0023-groupingby_fix_invalid_memory_access.patch	2019-05-19 11:03:30.000000000 +0000
@@ -0,0 +1,136 @@
+From 20926fb6ecd4ebfa8a36737cdbc7e8ae639fa085 Mon Sep 17 00:00:00 2001
+From: Antal Nemes <antal.nemes@balabit.com>
+Date: Tue, 2 Apr 2019 19:56:34 +0200
+Subject: [PATCH] groupingby: fix invalid memory access
+
+There was an invalid memory access in groupingby. The TimerWheel
+object stores all timers, however the individual timers are also
+stored inside the contexts.
+
+The original code stores contexts in persist state, however the
+timer_wheel is freed during reload. When the new config starts, and a
+context is fetched, groupingby will access the already freed timer.
+
+This patch stores timerwheel in persist state too.
+
+Signed-off-by: Antal Nemes <antal.nemes@balabit.com>
+---
+ modules/dbparser/groupingby.c | 61 ++++++++++++++++++++++++++++-------
+ 1 file changed, 50 insertions(+), 11 deletions(-)
+
+diff --git a/modules/dbparser/groupingby.c b/modules/dbparser/groupingby.c
+index a96b9a68c1..5a925c4347 100644
+--- a/modules/dbparser/groupingby.c
++++ b/modules/dbparser/groupingby.c
+@@ -46,8 +46,22 @@ typedef struct _GroupingBy
+   FilterExprNode *having_condition_expr;
+ } GroupingBy;
+ 
++typedef struct
++{
++  CorrellationState *correllation;
++  TimerWheel *timer_wheel;
++} GroupingByPersistData;
++
+ static NVHandle context_id_handle = 0;
+ 
++static void
++_free_persist_data(GroupingByPersistData *self)
++{
++  correllation_state_free(self->correllation);
++  timer_wheel_free(self->timer_wheel);
++  g_free(self);
++}
++
+ void
+ grouping_by_set_key_template(LogParser *s, LogTemplate *key_template)
+ {
+@@ -381,6 +395,25 @@ grouping_by_process(LogParser *s, LogMessage **pmsg, const LogPathOptions *path_
+   return TRUE;
+ }
+ 
++static void
++_load_correllation_state(GroupingBy *self, GlobalConfig *cfg)
++{
++  GroupingByPersistData *persist_data = cfg_persist_config_fetch(cfg, grouping_by_format_persist_name(self));
++  if (persist_data)
++    {
++      self->correllation = persist_data->correllation;
++      self->timer_wheel = persist_data->timer_wheel;
++      timer_wheel_set_associated_data(self->timer_wheel, log_pipe_ref((LogPipe *)self), (GDestroyNotify)log_pipe_unref);
++    }
++  else
++    {
++      self->correllation = correllation_state_new();
++      self->timer_wheel = timer_wheel_new();
++      timer_wheel_set_associated_data(self->timer_wheel, log_pipe_ref((LogPipe *)self), (GDestroyNotify)log_pipe_unref);
++    }
++  g_free(persist_data);
++}
++
+ static gboolean
+ grouping_by_init(LogPipe *s)
+ {
+@@ -406,11 +439,8 @@ grouping_by_init(LogPipe *s)
+       return FALSE;
+     }
+ 
+-  self->correllation = cfg_persist_config_fetch(cfg, grouping_by_format_persist_name(self));
+-  if (!self->correllation)
+-    {
+-      self->correllation = correllation_state_new();
+-    }
++  _load_correllation_state(self, cfg);
++
+   iv_validate_now();
+   IV_TIMER_INIT(&self->tick);
+   self->tick.cookie = self;
+@@ -430,6 +460,19 @@ grouping_by_init(LogPipe *s)
+   return stateful_parser_init_method(s);
+ }
+ 
++static void
++_store_data_in_persist(GroupingBy *self, GlobalConfig *cfg)
++{
++  GroupingByPersistData *persist_data = g_new0(GroupingByPersistData, 1);
++  persist_data->correllation = self->correllation;
++  persist_data->timer_wheel = self->timer_wheel;
++
++  cfg_persist_config_add(cfg, grouping_by_format_persist_name(self), persist_data,
++                         (GDestroyNotify) _free_persist_data, FALSE);
++  self->correllation = NULL;
++  self->timer_wheel = NULL;
++}
++
+ static gboolean
+ grouping_by_deinit(LogPipe *s)
+ {
+@@ -441,9 +484,8 @@ grouping_by_deinit(LogPipe *s)
+       iv_timer_unregister(&self->tick);
+     }
+ 
+-  cfg_persist_config_add(cfg, grouping_by_format_persist_name(self), self->correllation,
+-                         (GDestroyNotify) correllation_state_free, FALSE);
+-  self->correllation = NULL;
++  _store_data_in_persist(self, cfg);
++
+   return stateful_parser_deinit_method(s);
+ }
+ 
+@@ -469,7 +511,6 @@ grouping_by_free(LogPipe *s)
+   log_template_unref(self->key_template);
+   if (self->synthetic_message)
+     synthetic_message_free(self->synthetic_message);
+-  timer_wheel_free(self->timer_wheel);
+   stateful_parser_free_method(s);
+ 
+   filter_expr_unref(self->trigger_condition_expr);
+@@ -490,8 +531,6 @@ grouping_by_new(GlobalConfig *cfg)
+   self->super.super.process = grouping_by_process;
+   g_static_mutex_init(&self->lock);
+   self->scope = RCS_GLOBAL;
+-  self->timer_wheel = timer_wheel_new();
+-  timer_wheel_set_associated_data(self->timer_wheel, self, NULL);
+   cached_g_current_time(&self->last_tick);
+   self->timeout = -1;
+   return &self->super.super;
diff -Nru syslog-ng-3.19.1/debian/patches/series syslog-ng-3.19.1/debian/patches/series
--- syslog-ng-3.19.1/debian/patches/series	2018-12-25 09:40:28.000000000 +0000
+++ syslog-ng-3.19.1/debian/patches/series	2019-05-19 11:03:30.000000000 +0000
@@ -1,2 +1,16 @@
 0001-Remove-outdated-documentation.patch
 0007-Ignore-PEP8-W504-warning.patch
+0010-Fix_app-parser_per_reload_memory_leak_part1.patch
+0011-Fix_app-parser_per_reload_memory_leak_part2.patch
+0012-Fix_leaking_file_handlers.patch
+0013-DNS_memory_leak_segfault_fix.patch
+0014-cmake_add_missing_detection_for_O_LARGEFILE.patch
+0015-threaded-dest_Fix_integer_overflow.patch
+0016-threaded-dest_move_last_worker_to_DestDriver.patch
+0017-cmake_fix_typo_in_HAVE_STRNLEN.patch
+0018-http_add_missing_free_for_self-body_template.patch
+0019-test_pathutils_fix_leak.patch
+0020-test_file_list_fix_leak.patch
+0021-template_tf_simple_func_prepare_leak_fix.patch
+0022-gorupingby_fix_memory_leak.patch
+0023-groupingby_fix_invalid_memory_access.patch

--- End Message ---
--- Begin Message --- 
Hi László,

On 01-06-2019 16:12, László Böszörményi (GCS) wrote:
> I would like to update syslog-ng from 3.19.1-3 to 3.19-5 which means
> two debdiffs.

No, it still means one debdiff :).

> The first one is very small, adding a configuration entry which is
> chosen automatically but with a warning issued. Explicitly adding the
> configuration prevents that extra message issued.

I'm slightly annoyed that this fix is in the debdiff at this moment of
the freeze.

> The second one contains several security fixes backported from stable
> upstream releases.

Is this something the release team should be aware of (for stable)?

Unblocked.

Paul

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
Reply to: