Hi, please bump app-admin/rsyslog to the final 7.4.x series release v7.4.10. Changelogs: =========== 7.4.8: ------ * rsgtutil provides better error messages on unfinished signature blocks * bugfix: guard against control characters in internal (error) messages Thanks to Ahto Truu for alerting us. * bugfix: immark did emit messages under kern.=info instead of syslog.=info Note that his can potentially break exisiting configurations that rely on immark sending as kern.=info. Unfortunately, we cannot leave this unfixed as we never should emit messages under the kern facilit 7.4.9: ------ * added ProcessInternalMessages global system parameter This permits to inject rsyslog status messages into *another* main syslogd or the journal. * bugfix: imuxsock input parameters were not accepted due to copy&paste error. Thanks to Andy Goldstein for the fix. * bugfix: potential double-free in RainerScript equal comparison happens if the left-hand operand is JSON object and the right-hand operand is a non-string that does not convert to a number (for example, it can be another JSON object, probably the only case that could happen in practice). This is very unlikely to be triggered. * bugfix: some RainerScript Json(Variable)/string comparisons were wrong 7.4.10: ------- * bugfix: json templates are improperly created Strings miss the terminating NUL character, which obviously can lead to all sorts of problems. See also: https://github.com/rsyslog/rsyslog/issues/27 Thanks to Alain for the analysis and the patch. * ompgsql bugfix: improper handling of auto-backgrounding mode If rsyslog was set to auto-background itself (default code behaviour, but many distros now turn it off for good reason), ompgsql could not properly connect. This could even lead to a segfault. The core reason was that a PG session handle was kept open over a fork, something that is explicitely forbidden in the PG API. Thanks to Alain for the analysis and the patch. @security-team: As you can see, 7.4.9 closed an potential double-free bug but upstream says it is very unlikely that this can be triggered. CVE wasn't requested for this bug. So I am not sure if you want to create a GLSA for that. @Maintainer: This release is the final 7.4.10 release (upstream moved to 7.6.x series). Please be aware that this release introduced a new dependency on dev-lib/liblogging (see bug 501976). Reproducible: Always
Thanks for your work Thomas, it's in tree now (your version of the ebuild) ! You're also proxy-maintainer of this package, congratulations :) +*rsyslog-7.4.10 (10 Mar 2014) + + 10 Mar 2014; Ultrabug <ultrabug@gentoo.org> +rsyslog-7.4.10.ebuild, + metadata.xml: + version bump fix #501978 thx to Thomas D., add Thomas D. as proxy-maintainer +