openSUSE Recommended Update: syslog-ng: update to version 3.3.5 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0563-1 Rating: low References: #747871 #757680 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues for syslog-ng: - 757680: update to syslog-ng 3.3.5 which fixes even more memleaks - 747871: Detect if we have to use the new /run/systemd/journal/syslog socket under newer systemd versions, instead of the default _PATH_LOG (/dev/log) socket. Avoids update problems and the need to adopt config before using init=... boot parameter Fixes for 3.3.1 - Fixed set() and subst() rewrite operations to work properly on the value() parameter specified in the configuration even if they are referenced at multiple spots in the configuration file. Earlier the 2nd and subsequent invocation of the rewrite rule changed $MESSAGE. - Fixed csv-parser() to work even if it is invoked at multiple spots in the configuration file. Earlier, the 2nd and subsequent references of the parser rule forgot the list of column names and the input template. - Fixed the processing of condition() parameter in rewrite rules, which was broken if it contained a filter() function call. - Fixed program() destination to properly kill the child process on reload and shutdown. - Fixed a potential division by zero error which could happen for large data rates due to a race in an unlocked region. - Fixed an assertion failure in mongodb destination that happened due to a race condition at high data rates. - Fixed an fd leak in the control socket code, that caused the control connection file descriptors to be leaked. - Fixed a crash problem in the tcp() destination, that occurred at or after a reload happens. - Fixed a segmentation fault on reload when using the same rewrite rule from multiple log paths. - Fixed a segmentation fault when processing a reload request in case an existing tcp() source is removed from the config and there are open connections. - Fixed a possible segmentation fault in the scalable queue implementation, which happens in case a destination is slower to process messages than syslog-ng would like to send them. - Fixed a possible file() destination issue that could cause syslog-ng to omit data or to write garbage to the log file in case the kernel reports that only a smaller portion of the actual write request could be accomplished. - Fixed an "internal error duplicate config element" error during reload due to an invalid bugfix applied for 3.3.1. Older beta versions of 3.3 were not affected. - Fixed a memory leak that causes macro based file destinations to leak their queue when destination files are closed due to time-reap(). - Fixed the handling of the condition() option for rewrite rules. - Fixed a race condition in value-pairs support, potentially causing heap corruption problems when $(format-json) is used in threaded mode. - Fixed a memory leak in value-pairs template function argument parsing, fixing a leak if $(format-json) is used. - Repeated definitions of source, destination, filter, rewrite, parser and block elements are not allowed by default anymore. These are reported as configuration errors unless @define allow-config-dups 1 is specified in the configuration file. - Fixed pdbtool error reporting in "pdbtool test" to make it easier to understand what went wrong. - Added an SQL connection health check in case an INSERT failed. This way syslog-ng handles SQL server timeouts better. - Fixed support for systemd socket activation. Previously such sockets were not set to non-blocking mode, causing syslog-ng to hang. - Fixed the filter() function in the filter expression to work also when used as a part of an AND or OR construct. - Allow the sql() destination to operate even without an indexes() option. That parameter was meant to be optional, but it wasn't. - Fixed compilation issues if no OpenSSL is present. - Fixed a minor memory leak in the usertty() driver that can increase memory usage on every reload. (The username() parameter wasn't properly freed on reload). - Fixed a minor memory leak in the sql() driver that can increase the memory usage on every reload (indexes() parameter wasn't properly freed on reload). + Changes for 3.3.1 - db-parser() automatically sets a tag named '.classifier.unknown' if the message doesn't match. - The use of actions in db-parser() for messages without a correllation context was inconsistently indexing messages. For actions in rules that had correllation @0 was the new message being generated, and @1 was the message that triggered the rule. Without correllation @0 was used for the triggering message, which is greatly inconsistent and unintuitive. This was fixed by changing the behaviour for rules without correllation, now both correllation and non-correllation rules use @0 for the new message, and @1 for the triggering message. This is an incompatible change in the db-parser() format. - The value of the $TAGS macro is added to pdbtool match output. - unix-dgram() and unix-stream() error logging on systemd failures became more detailed for easier troubleshooting. - fix systemd support for openSUSE > 12.1 - update to 3.3.4 - update to the latest 3.3-git - update to 3.3.3 - remove filter patch - fix afsql related warning - remove call to suse_update_config (very old work around) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-253 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): syslog-ng-3.3.5-7.9.1 syslog-ng-debuginfo-3.3.5-7.9.1 syslog-ng-debugsource-3.3.5-7.9.1 syslog-ng-json-3.3.5-7.9.1 syslog-ng-json-debuginfo-3.3.5-7.9.1 syslog-ng-sql-3.3.5-7.9.1 syslog-ng-sql-debuginfo-3.3.5-7.9.1 References: https://bugzilla.novell.com/747871 https://bugzilla.novell.com/757680