[syslog-ng] syslog-ng 3.7.0beta2
Budai, László
laszlo.budai at balabit.com
Fri Jun 26 15:28:45 CEST 2015
3.7.0beta2
This is the second beta release of the upcoming syslog-ng OSE 3.7
branch.
Changes compared to the previous alpha release:
Features
-
Added a geoip parser.
-
ssl_options inside tls() extended with the following set:
no-sslv2, no-sslv3, no-tlsv1, no-tlsv11, no-tlsv12
-
minimal libriemann-client version bumped from 1.0.0 to 1.6.0
-
TLS support added to Riemann destination
-
timeout() option added to Riemann destination
Fixes
-
SyslogNg.jar removed from the release tarball.
-
When the configured host was not available during the initialization of
afsocket destination syslog-ng just didn't start. From now, syslog-ng
starts in that case and will retry connecting to the host periodically.
-
When a not writeable file becomes writeable later, syslog-ng recognize it
(with the help of reopen-timer) and delivers messages to the file without
dropping those which were received during the file was not available.
-
Fixed a configure error around libsystemd-journal.
-
--disable-python option and other Python related fixes addded to
configure
-
Retries fixed in SQL destination. In some circumstances when
retry_sql_inserts was set to 1, after an insertion failure all incoming
messages were dropped.
-
Added DOS/Windows line ending support in config.
-
Parallel build is supported for Python and Java destination drivers.
-
Fixed compilation failure on OpenBSD
-
Memory leak around reload and internal queueing mechanism has been fixed.
-
AMQP connection process fixed.
-
Fixed a potential abort when the localhost name cannot be detected.
-
Security issue fixed around $HOST.
Tech details:
When the name of the host is too long, the buffer we use to format the
chained hostname is truncated. However snprintf() returns the length the
result would be if no truncation happened, thus we will read
uninitialized
bytes off the stack when we use that pointer to set $HOST
with log_msg_set_value().
There can be some security implications, like reading values from the
stack
that can help to craft further exploits, especially in the presense of
address space randomization. It can also cause a DoS if the hostname
length
is soo large that we would read over the top-of-the-stack, which is
probably
not mmapped causing a SIGSEGV.
-
Journal entries containing name-value pairs without '=' caused syslog-ng
to crash. Instead of crashing, syslog-ng just drop these nv pairs.
Credits
syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Alex Badics, Andras Mitzki, Balazs Scheidler, Bence Tamas Gedai,
Fabien Wernli, Gergely Nagy, Gergo Nagy, Gyorgy Pasztor, Istvan Adam Mozes,
Laszlo Budai, Peter Czanik, Robert Fekete, Tibor Benke, Viktor Juhasz,
Zoltan Pallagi.
—
View it on GitHub
<https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.7.0beta2>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150626/d5849009/attachment.htm
More information about the syslog-ng
mailing list