New utf8 string sanitizers instead of old broken one.
syslog-ng won't send SIGTERM when getpgid() fails in program destination
In some cases program destination respawned during syslog-ng stop/restart
syslog-ng generates mark messages when mark-mode is set
Using msg_control only when credential passing is supported in socket
Writer is replaced only when protocol changed during reload in socket
Fix spinning on EOF for unix-stream() sockets. Root cause of the spinning
was that a unix-dgram socket was created even in case of unix-stream.
When the configured host was not available during the initialization of
afsocket destination syslog-ng just didn't start. From now, syslog-ng
starts in that case and will retry connecting to the host periodically.
Fixed BSD year inference in syslogformat. When the difference between the
current month and the month part of the timestamp of an incoming logmessage
in BSD format (which has no year part) was greater than 1 then syslog-ng
computed the year badly.
In some cases, localtime related macros had a wrong value(eg.:$YEAR).
TLS support added to Riemann destination
Excluded "tags" from Riemann destination driver as an attribute which
conflicts with reserved keyword
When a not writeable/non-existent file becomes writeable/exists later,
syslog-ng recognize it (with the help of reopen-timer) and delivers messages
to the file without dropping those which were received while the file was
not available (affile).
Fixed a crash around affile at the first message delivery when templates
were used (affile).
Fixed a configure error around libsystemd-journal.
Removed syslog.socket from service file on systems using systemd.
Syslog-ng reads the messages directly from journal on systems with systemd.
Fixed compilation where the monolitic libsystemd was not available.
Fixed compilation failure on OpenBSD.
AMQP connection process fixed.
Added DOS/Windows line ending support in config.
Retries fixed in SQL destination. In some circumstances when
retry_sql_inserts was set to 1, after an insertion failure all incoming
messages were dropped.
Transaction handling fixed in SQL destination. In some circumstances when
both select and insert commands were run within a single transaction and
the select failed (eg.: in case of mssql), the log messages related to
the insert commands, broken by the invalid transaction, were lost.
Fixed a memleak in SQL destination driver.
The memleak occured during one of the transaction failures.
Memory leak around reload and internal queueing mechanism has been fixed.
Fixed a potential abort when the localhost name cannot be detected.
Security issue fixed around $HOST.
When the name of the host is too long, the buffer we use to format the
chained hostname is truncated. However snprintf() returns the length the
result would be if no truncation happened, thus we will read uninitialized
bytes off the stack when we use that pointer to set $HOST
There can be some security implications, like reading values from the stack
that can help to craft further exploits, especially in the presense of
address space randomization. It can also cause a DoS if the hostname length
is soo large that we would read over the top-of-the-stack, which is probably
not mmapped causing a SIGSEGV.
Journal entries containing name-value pairs without '=' caused syslog-ng
to crash. Instead of crashing, syslog-ng just drop these nv pairs.
Fixed the encoding of characters below 32 if escaping is enabled in
templates. Templated outputs never contained references to characters below
32, essentially they were dropped from the output for two reasons:
- the prefixing backslash was removed from the code
- the format_uint32_padded() function produced no outputs in base 8
Fixed afstomp destination port issue. It always tried to connect to the port 0.
Fixed memleak in db-parser which could happen at every reload.
Fixed a class of rule conflicts in db-parser:
Because an error in the pdb load algorithms, some rules would conflict which
shouldn't have done that. The problem was that several programs would use
the same RADIX tree to store their patterns. Merging independent programs
meant that if they the same pattern listed, it would clash, even though
their $PROGRAM is different.
There were multiple issues:
we looked up pattern string directly, even they might have contained
<at> parser <at> references. It was simply not designed that way and only
worked as long as we didn't have the possibility to use parsers
in program names
we could merge programs with the same prefix, e.g.
su, supervise/syslog-ng and supervise/logindexd would clash, on "su",
which is a common prefix for all three.
The solution involved in using a separate hash table for loading, which
at the end is turned into the radix tree.
pdbtool match when used with the --debug-pattern option used a low-level
lookup function, that didn't perform all the db-parser actions specified
in the rule
Max packet length for spoof source is set to 1024 (previously : 256).
A certificate which is not contained by the list of fingerprints is
rejected from now.
Hostname check in tls certificate is case insensitive from now.
There is a use-case where user wants to ignore an assignment to a name-value
pair. (eg.: when using csv-parser(), sometimes we get a column we really
want to drop instead of adding it to the message). In previous versions an
error message was printed out:
'Name-value pairs cannot have a zero-length name'.
That error message has been removed.
Fixed a docbook related compilation error: there was a hardcoded path that
caused build to fail if docbook is not on that path. Debian based
platforms did not affected by this problem.
Now a new option was created for ./configure that is --enable-manpages
that enables the generation of manpages using docbook from online source.
'--with-docbook=PATH' gives you the opportunity to specify the path for
your own installed docbook.