[syslog-ng] patches recently backported from PE

Balazs Scheidler bazsi at balabit.hu
Sat Mar 14 10:13:44 CET 2009 

Hi,

As promised earlier, here comes a mail that describes what patches were
ported from syslog-ng Premium Edition to OSE. I find this important
because otherwise these patches would not be mentioned on this mailing
list at all, so I hope to get more transparency in this field.

Since there were some reports recently about bugs that I've previously
fixed in Premium Edition, I went through the complete diff between OSE
and PE (about 20k lines) and resynced the two in order to minimize the
differences.

Here's the list of patches (not necessarily in cronological order, I've
removed references to patches that were already present on the mailing
list), for more information you can always check the git repository at
git.balabit.hu:

Balazs Scheidler:     
      [debian] fixed build-dependencies to work with packages in lenny
      [func_test] use SNDTIMEO on Linux platforms only as it does not work everywhere
      [tgz2build] fixed etc/install.dat generation
      [func_test] enhanced functional test program
      [unit tests] udapted to the changed log_msg_new() prototype
      [init script] balabit-initscripts fixes
      [afsocket] the member used to hold target hostname was moved to afsocket
      [afsocket] properly drop connections in case SSL handshake fails
      [afsocket] clarified log messages
      [afsql] recognize "mssql" as an alias to "freetds"
      [config parser] add an error message if the user requests to rewrite using "glob"
      [child manager] don't call destroy notify if one is not set
      [logmsg] fixed signed comparison problems
      [logmsg] rename log_msg_ack_func and remove static
      [db-parser] move the patterndb file checking into log_db_parser_reload_database()
      [logwriter] fixed write suspend in case the GSource instance is replaced
      [messages] added support for sending the internal messages to syslog()  
      [radix] stylistic changes
      [loggen] readded sequence number & timestamp generation
      [loggen] don't allow message sizes that'd cause stack overflo
      [loggen] report the effective bandwidth used at the end of the run
      [templates] removed dead code
      [func_test] removed time.sleep() calls scattered around the code
      [tgz2build] accept 1 successful "make check" run out of 3 enough for success
      [compat.h] include config.h instead of syslog-ng.h
      updated copyright notices
      [configure] minor updates

As it seems it was worth to review the set of differences as there were 
some important patches missing:

      [afsocket] properly drop connections in case SSL handshake fails
		Without this patch, you can DoS an SSL enabled listener with handshake failures.

      [logmsg] fixed signed comparison problems
		This could cause segfaults on platforms where it is common to have pointer 
		values with the highest bit set (e.g. negative when interpreted as a 
		signed number).

I also find it important that the functional test program (ran when you 
issue "make check") was enhanced significantly.

The other patches mostly move the two codebases in-line to make porting patches 
between the two easier.

-- 
Bazsi

More information about the syslog-ng mailing list