openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/0001-Fix-buildpaths-warning.patch Normal file
View File

@@ -0,0 +1,55 @@
From d85a7a3ae2bb9f5267b2af43784633ae8f011f21 Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Mon, 13 Mar 2023 09:50:15 +0800
Subject: [PATCH] Fix buildpaths warning
Fix buildpath warning:
WARNING: syslog-ng-4.0.1-r0 do_package_qa: QA Issue: File /usr/include/syslog-ng/syslog-ng-config-64.h in package syslog-ng-dev contains reference to TMPDIR [buildpaths]
WARNING: syslog-ng-4.0.1-r0 do_package_qa: QA Issue: File /usr/bin/syslog-ng-update-virtualenv in package syslog-ng contains reference to TMPDIR
File /usr/bin/pdbtool in package syslog-ng contains reference to TMPDIR [buildpaths]
WARNING: syslog-ng-4.0.1-r0 do_package_qa: QA Issue: File /usr/lib/syslog-ng/libdbparser.so in package syslog-ng-libs contains reference to TMPDIR [buildpaths]
* SYSLOG_NG_PATH_TOPSRC_DIR is /yocto/build/tmp/work/core2-64-poky-linux/syslog-ng/4.0.1-r0,
which is used to get xsd dir in build SYSLOG_NG_PATH_TOPSRC_DIR/doc/xsd,
which is not suitable for target, set it to "/source" for fixing this buildpath warning
* SYSTEM_PYTHON is /yocto/build/tmp/hosttools/python3, set to python3
for target.
Upstream-Status: Inappropriate [oe specific]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
configure.ac | 2 +-
scripts/syslog-ng-update-virtualenv.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 79a1502..1ad6508 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1930,7 +1930,7 @@ AC_DEFINE_UNQUOTED(PYTHON_SYSCONF_MODULE_DIR, "$python_sysconf_moduledir", [Pyth
AC_DEFINE_UNQUOTED(PATH_LOGGENPLUGINDIR, "$loggenplugindir", [loggenplugin installation directory])
AC_DEFINE_UNQUOTED(MODULE_PATH, "$module_path", [module search path])
AC_DEFINE_UNQUOTED(JAVA_MODULE_PATH, "$java_module_path", [java module search path])
-AC_DEFINE_UNQUOTED(PATH_TOPSRC_DIR, "$abs_topsrcdir", [self-defined top_srcdir path])
+AC_DEFINE_UNQUOTED(PATH_TOPSRC_DIR, "/source", [self-defined top_srcdir path])
AC_DEFINE_UNQUOTED(PACKAGE_NAME, "$PACKAGE_NAME", [package name])
diff --git a/scripts/syslog-ng-update-virtualenv.in b/scripts/syslog-ng-update-virtualenv.in
index ed85baf..b1a9e34 100755
--- a/scripts/syslog-ng-update-virtualenv.in
+++ b/scripts/syslog-ng-update-virtualenv.in
@@ -62,7 +62,7 @@ done
set -e
REQUIREMENTS_FILE=${python_moduledir}/requirements.txt
-SYSTEM_PYTHON=@PYTHON@
+SYSTEM_PYTHON=python3
VENV_PYTHON=${python_venvdir}/bin/python
if [ "$display_prompt" -ne 0 ]; then
--
2.25.1

40
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/0001-macros-guard-ipv6-code-with-SYSLOG_NG_ENABLE_IPV6.patch Normal file
View File

@@ -0,0 +1,40 @@
From 896d77dd949b52d6ea5798e5a038ba97d6b802be Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Thu, 4 Apr 2024 15:44:18 +0200
Subject: [PATCH] macros: guard ipv6 code with SYSLOG_NG_ENABLE_IPV6
With ipv6 disabled, there are linking errors currently.
This fixes it by not using the symbols when IPv6 is disabled.
Solves #4810 with my config options
https://github.com/openembedded/meta-openembedded/blob/2487e65ee3842b6ae0c7a2628985be6189ed9ebf/meta-oe/recipes-support/syslog-ng/syslog-ng_4.6.0.bb
Upstream-Status: Submitted [https://github.com/syslog-ng/syslog-ng/pull/4880]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/template/macros.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/template/macros.c b/lib/template/macros.c
index 54142706c..fcb83637f 100644
--- a/lib/template/macros.c
+++ b/lib/template/macros.c
@@ -277,12 +277,14 @@ _get_originating_ip_protocol(const LogMessage *msg)
return 0;
if (g_sockaddr_inet_check(msg->saddr))
return 4;
+#if SYSLOG_NG_ENABLE_IPV6
if (g_sockaddr_inet6_check(msg->saddr))
{
if (g_sockaddr_inet6_is_v4_mapped(msg->saddr))
return 4;
return 6;
}
+#endif
return 0;
}
--
2.30.2

46
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch Normal file
View File

@@ -0,0 +1,46 @@
From 616446afab61ab98b28c81605e2efd4a689f37d1 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Fri, 20 Jan 2023 14:59:14 +0800
Subject: [PATCH] plugin.c: workaround powerpc64le segfaults error
syslog-ng segfaults on powerpc64le, workaround this error.
See https://github.com/syslog-ng/syslog-ng/issues/4285 and
https://sourceware.org/bugzilla/show_bug.cgi?id=30062 for more details.
This patch should be dropped once the above issues are fixed.
Upstream-Status: Inappropriate [OE Specific]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
lib/plugin.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/lib/plugin.c b/lib/plugin.c
index fbbfb92..3a03617 100644
--- a/lib/plugin.c
+++ b/lib/plugin.c
@@ -528,10 +528,7 @@ plugin_discover_candidate_modules(PluginContext *context)
}
}
g_free(module_name);
- if (mod)
- g_module_close(mod);
- else
- mod = NULL;
+ mod = NULL;
}
}
g_dir_close(dir);
@@ -663,8 +660,7 @@ plugin_list_modules(FILE *out, gboolean verbose)
first = FALSE;
}
g_free(module_name);
- if (mod)
- g_module_close(mod);
+ mod = NULL;
}
}
g_dir_close(dir);
--
2.17.1

292
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2024-47619.patch Normal file
View File

@@ -0,0 +1,292 @@
From 12a0624e4c275f14cee9a6b4f36e714d2ced8544 Mon Sep 17 00:00:00 2001
From: therandomstring <bal.horv.98@gmail.com>
Date: Wed, 07 May 2025 09:30:36 +0530
Subject: [PATCH] Merge commit from fork
Fix transport accepting incorrect wildcards
CVE: CVE-2024-47619
Upstream-Status: Backport [https://github.com/syslog-ng/syslog-ng/commit/12a0624e4c275f14cee9a6b4f36e714d2ced8544]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
lib/transport/tests/CMakeLists.txt | 1 +
lib/transport/tests/Makefile.am | 9 +-
lib/transport/tests/test_tls_wildcard_match.c | 104 ++++++++++++++++++
lib/transport/tls-verifier.c | 86 +++++++++++++--
lib/transport/tls-verifier.h | 2 +
5 files changed, 190 insertions(+), 12 deletions(-)
create mode 100644 lib/transport/tests/test_tls_wildcard_match.c
diff --git a/lib/transport/tests/CMakeLists.txt b/lib/transport/tests/CMakeLists.txt
index 834f456..ce1d033 100644
--- a/lib/transport/tests/CMakeLists.txt
+++ b/lib/transport/tests/CMakeLists.txt
@@ -3,3 +3,4 @@ add_unit_test(CRITERION TARGET test_transport_factory_id)
add_unit_test(CRITERION TARGET test_transport_factory)
add_unit_test(CRITERION TARGET test_transport_factory_registry)
add_unit_test(CRITERION TARGET test_multitransport)
+add_unit_test(CRITERION TARGET test_tls_wildcard_match)
diff --git a/lib/transport/tests/Makefile.am b/lib/transport/tests/Makefile.am
index 7eac994..ae2426c 100644
--- a/lib/transport/tests/Makefile.am
+++ b/lib/transport/tests/Makefile.am
@@ -3,7 +3,8 @@ lib_transport_tests_TESTS = \
lib/transport/tests/test_transport_factory_id \
lib/transport/tests/test_transport_factory \
lib/transport/tests/test_transport_factory_registry \
- lib/transport/tests/test_multitransport
+ lib/transport/tests/test_multitransport \
+ lib/transport/tests/test_tls_wildcard_match
EXTRA_DIST += lib/transport/tests/CMakeLists.txt
@@ -38,3 +39,9 @@ lib_transport_tests_test_multitransport_CFLAGS = $(TEST_CFLAGS) \
lib_transport_tests_test_multitransport_LDADD = $(TEST_LDADD)
lib_transport_tests_test_multitransport_SOURCES = \
lib/transport/tests/test_multitransport.c
+
+lib_transport_tests_test_tls_wildcard_match_CFLAGS = $(TEST_CFLAGS) \
+ -I${top_srcdir}/lib/transport/tests
+lib_transport_tests_test_tls_wildcard_match_LDADD = $(TEST_LDADD)
+lib_transport_tests_test_tls_wildcard_match_SOURCES = \
+ lib/transport/tests/test_tls_wildcard_match.c
diff --git a/lib/transport/tests/test_tls_wildcard_match.c b/lib/transport/tests/test_tls_wildcard_match.c
new file mode 100644
index 0000000..90cecb0
--- /dev/null
+++ b/lib/transport/tests/test_tls_wildcard_match.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2024 One Identity LLC.
+ * Copyright (c) 2024 Franco Fichtner
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * As an additional exemption you are allowed to compile & link against the
+ * OpenSSL libraries as published by the OpenSSL project. See the file
+ * COPYING for details.
+ *
+ */
+
+
+#include <criterion/criterion.h>
+
+#include "transport/tls-verifier.h"
+
+TestSuite(tls_wildcard, .init = NULL, .fini = NULL);
+
+Test(tls_wildcard, test_wildcard_match_pattern_acceptance)
+{
+ cr_assert_eq(tls_wildcard_match("test", "test"), TRUE);
+ cr_assert_eq(tls_wildcard_match("test", "*"), TRUE);
+ cr_assert_eq(tls_wildcard_match("test", "t*t"), TRUE);
+ cr_assert_eq(tls_wildcard_match("test", "t*"), TRUE);
+ cr_assert_eq(tls_wildcard_match("", ""), TRUE);
+ cr_assert_eq(tls_wildcard_match("test.one", "test.one"), TRUE);
+ cr_assert_eq(tls_wildcard_match("test.one.two", "test.one.two"), TRUE);
+ cr_assert_eq(tls_wildcard_match("192.0.2.0", "192.0.2.0"), TRUE);
+ cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0000:130F:0000:0000:09C0:876A:130B"),
+ TRUE);
+ cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0:130F:0:0:9C0:876A:130B"), TRUE);
+ cr_assert_eq(tls_wildcard_match("2001:0:130F:0:0:9C0:876A:130B", "2001:0000:130F:0000:0000:09C0:876A:130B"), TRUE);
+ cr_assert_eq(tls_wildcard_match("2001:0000:130F::09C0:876A:130B", "2001:0000:130F:0000:0000:09C0:876A:130B"), TRUE);
+ cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0000:130F::09C0:876A:130B"), TRUE);
+ cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0:130F::9C0:876A:130B"), TRUE);
+ cr_assert_eq(tls_wildcard_match("2001:0:130F::9C0:876A:130B", "2001:0000:130F:0000:0000:09C0:876A:130B"), TRUE);
+}
+
+Test(tls_wildcard, test_wildcard_match_wildcard_rejection)
+{
+ cr_assert_eq(tls_wildcard_match("test", "**"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test", "*es*"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test", "t*?"), FALSE);
+}
+
+Test(tls_wildcard, test_wildcard_match_pattern_rejection)
+{
+ cr_assert_eq(tls_wildcard_match("test", "tset"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test", "set"), FALSE);
+ cr_assert_eq(tls_wildcard_match("", "*"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test", ""), FALSE);
+ cr_assert_eq(tls_wildcard_match("test.two", "test.one"), FALSE);
+}
+
+Test(tls_wildcard, test_wildcard_match_format_rejection)
+{
+ cr_assert_eq(tls_wildcard_match("test.two", "test.*"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test.two", "test.t*o"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test", "test.two"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test.two", "test"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test.one.two", "test.one"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test.one", "test.one.two"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test.three", "three.test"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test.one.two", "test.one.*"), FALSE);
+}
+
+Test(tls_wildcard, test_wildcard_match_complex_rejection)
+{
+ cr_assert_eq(tls_wildcard_match("test.two", "test.???"), FALSE);
+ cr_assert_eq(tls_wildcard_match("test.one.two", "test.one.?wo"), FALSE);
+}
+
+Test(tls_wildcard, test_ip_wildcard_rejection)
+{
+ cr_assert_eq(tls_wildcard_match("192.0.2.0", "*.0.2.0"), FALSE);
+ cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "*:0000:130F:0000:0000:09C0:876A:130B"),
+ FALSE);
+ cr_assert_eq(tls_wildcard_match("2001:0:130F::9C0:876A:130B", "*:0000:130F:0000:0000:09C0:876A:130B"), FALSE);
+}
+
+Test(tls_wildcard, test_case_insensivity)
+{
+ cr_assert_eq(tls_wildcard_match("test", "TEST"), TRUE);
+ cr_assert_eq(tls_wildcard_match("TEST", "test"), TRUE);
+ cr_assert_eq(tls_wildcard_match("TeST", "TEst"), TRUE);
+ cr_assert_eq(tls_wildcard_match("test.one", "test.ONE"), TRUE);
+ cr_assert_eq(tls_wildcard_match("test.TWO", "test.two"), TRUE);
+ cr_assert_eq(tls_wildcard_match("test.three", "*T.three"), TRUE);
+ cr_assert_eq(tls_wildcard_match("2001:0000:130F:0000:0000:09C0:876A:130B", "2001:0000:130f:0000:0000:09c0:876a:130b"),
+ TRUE);
+}
diff --git a/lib/transport/tls-verifier.c b/lib/transport/tls-verifier.c
index 606ad02..dde00d9 100644
--- a/lib/transport/tls-verifier.c
+++ b/lib/transport/tls-verifier.c
@@ -1,4 +1,6 @@
/*
+ * Copyright (c) 2024 One Identity LLC.
+ * Copyright (c) 2024 Franco Fichtner
* Copyright (c) 2002-2011 Balabit
* Copyright (c) 1998-2011 Balázs Scheidler
*
@@ -75,7 +77,7 @@ tls_verifier_unref(TLSVerifier *self)
/* helper functions */
-static gboolean
+gboolean
tls_wildcard_match(const gchar *host_name, const gchar *pattern)
{
gchar **pattern_parts, **hostname_parts;
@@ -86,22 +88,84 @@ tls_wildcard_match(const gchar *host_name, const gchar *pattern)
pattern_parts = g_strsplit(pattern, ".", 0);
hostname_parts = g_strsplit(host_name, ".", 0);
- for (i = 0; pattern_parts[i]; i++)
+
+ if(g_strrstr(pattern, "\?"))
+ {
+ /* Glib would treat any question marks as jokers */
+ success = FALSE;
+ }
+ else if (g_hostname_is_ip_address(host_name))
+ {
+ /* no wildcards in IP */
+ if (g_strrstr(pattern, "*"))
+ {
+ success = FALSE;
+ }
+ else
+ {
+ struct in6_addr host_buffer, pattern_buffer;
+ gint INET_TYPE, INET_ADDRLEN;
+ if(strstr(host_name, ":"))
+ {
+ INET_TYPE = AF_INET6;
+ INET_ADDRLEN = INET6_ADDRSTRLEN;
+ }
+ else
+ {
+ INET_TYPE = AF_INET;
+ INET_ADDRLEN = INET_ADDRSTRLEN;
+ }
+ char host_ip[INET_ADDRLEN], pattern_ip[INET_ADDRLEN];
+ gint host_ip_ok = inet_pton(INET_TYPE, host_name, &host_buffer);
+ gint pattern_ip_ok = inet_pton(INET_TYPE, pattern, &pattern_buffer);
+ inet_ntop(INET_TYPE, &host_buffer, host_ip, INET_ADDRLEN);
+ inet_ntop(INET_TYPE, &pattern_buffer, pattern_ip, INET_ADDRLEN);
+ success = (host_ip_ok && pattern_ip_ok && strcmp(host_ip, pattern_ip) == 0);
+ }
+ }
+ else
{
- if (!hostname_parts[i])
+ if (pattern_parts[0] == NULL)
{
- /* number of dot separated entries is not the same in the hostname and the pattern spec */
- goto exit;
+ if (hostname_parts[0] == NULL)
+ success = TRUE;
+ else
+ success = FALSE;
}
+ else
+ {
+ success = TRUE;
+ for (i = 0; pattern_parts[i]; i++)
+ {
+ if (hostname_parts[i] == NULL)
+ {
+ /* number of dot separated entries is not the same in the hostname and the pattern spec */
+ success = FALSE;
+ break;
+ }
+ char *wildcard_matched = g_strrstr(pattern_parts[i], "*");
+ if (wildcard_matched && (i != 0 || wildcard_matched != strstr(pattern_parts[i], "*")))
+ {
+ /* wildcard only on leftmost part and never as multiple wildcards as per both RFC 6125 and 9525 */
+ success = FALSE;
+ break;
+ }
- lower_pattern = g_ascii_strdown(pattern_parts[i], -1);
- lower_hostname = g_ascii_strdown(hostname_parts[i], -1);
+ lower_pattern = g_ascii_strdown(pattern_parts[i], -1);
+ lower_hostname = g_ascii_strdown(hostname_parts[i], -1);
- if (!g_pattern_match_simple(lower_pattern, lower_hostname))
- goto exit;
+ if (!g_pattern_match_simple(lower_pattern, lower_hostname))
+ {
+ success = FALSE;
+ break;
+ }
+ }
+ if (hostname_parts[i])
+ /* hostname has more parts than the pattern */
+ success = FALSE;
+ }
}
- success = TRUE;
-exit:
+
g_free(lower_pattern);
g_free(lower_hostname);
g_strfreev(pattern_parts);
diff --git a/lib/transport/tls-verifier.h b/lib/transport/tls-verifier.h
index 5642afa..98ab858 100644
--- a/lib/transport/tls-verifier.h
+++ b/lib/transport/tls-verifier.h
@@ -44,5 +44,7 @@ void tls_verifier_unref(TLSVerifier *self);
gboolean tls_verify_certificate_name(X509 *cert, const gchar *hostname);
+gboolean tls_wildcard_match(const gchar *host_name, const gchar *pattern);
+
#endif
--
2.40.0

62
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/initscript Normal file
View File

@@ -0,0 +1,62 @@
#! /bin/sh
#
# This is an init script for openembedded
# Copy it to /etc/init.d/syslog-ng and type
# > update-rc.d syslog-ng defaults 5
#
# Source function library
. /etc/init.d/functions
syslog_ng=/usr/sbin/syslog-ng
test -x "$syslog_ng" || exit 0
PIDFILE=/var/run/syslog-ng/syslog-ng.pid
create_xconsole() {
test -e /dev/xconsole || mknod -m 640 /dev/xconsole p
test -x /sbin/restorecon && /sbin/restorecon /dev/xconsole
}
RETVAL=0
case "$1" in
start)
[ "${VERBOSE}" != "no" ] && echo -n "Starting syslog-ng:"
create_xconsole
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $syslog_ng
[ "${VERBOSE}" != "no" ] && echo "."
;;
stop)
[ "${VERBOSE}" != "no" ] && echo -n "Stopping syslog-ng:"
start-stop-daemon --stop --quiet --pidfile $PIDFILE
[ "${VERBOSE}" != "no" ] && echo "."
;;
reload|force-reload)
start-stop-daemon --stop --quiet --signal 1 --exec $syslog_ng
;;
restart)
echo "Stopping syslog-ng:"
start-stop-daemon --stop --quiet --pidfile $PIDFILE
echo -n "Waiting for syslog-ng to die off"
for i in 1 2 3 ;
do
sleep 1
echo -n "."
done
echo ""
echo -n "Starting syslog-ng:"
create_xconsole
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $syslog_ng
echo "."
;;
status)
status $syslog_ng
RETVAL=$?
;;
*)
echo "Usage: $0 {start|stop|reload|restart|force-reload|status}"
exit 1
esac
exit $RETVAL

1
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/syslog-ng-tmp.conf Normal file
View File

@@ -0,0 +1 @@
d /var/run/syslog-ng 0755 root root

160
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd Normal file
View File

@@ -0,0 +1,160 @@
@version: 3.36
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation. Originally written by anonymous (I can't find his name)
# Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>)
#
# Move to 3.19
# Only change is to add dns_cache(no) to options to suppress initialization warning.
#
# Joe Slater <joe.slater@windriver.com>
# First, set some global options.
options { chain_hostnames(off); flush_lines(0); use_dns(no); dns_cache(no); use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
};
########################
# Sources
########################
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source s_src { systemd_journal(); internal();
file("/proc/kmsg" program_override("kernel"));
};
# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
#source s_net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); };
########################
# Destinations
########################
# First some standard logfile
#
destination d_auth { file("/var/log/auth.log"); };
destination d_cron { file("/var/log/cron.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kern { file("/var/log/kern.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };
# This files are the log come from the mail subsystem.
#
destination d_mailinfo { file("/var/log/mail/mail.info"); };
destination d_mailwarn { file("/var/log/mail/mail.warn"); };
destination d_mailerr { file("/var/log/mail/mail.err"); };
# Logging for INN news system
#
destination d_newscrit { file("/var/log/news/news.crit"); };
destination d_newserr { file("/var/log/news/news.err"); };
destination d_newsnotice { file("/var/log/news/news.notice"); };
# Some 'catch-all' logfiles.
#
destination d_debug { file("/var/log/debug"); };
destination d_error { file("/var/log/error"); };
destination d_messages { file("/var/log/messages"); };
# The root's console.
#
destination d_console { usertty("root"); };
# Virtual console.
#
destination d_console_all { file("/dev/tty10"); };
# The named pipe /dev/xconsole is for the nsole' utility. To use it,
# you must invoke nsole' with the -file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
destination d_xconsole { pipe("/dev/xconsole"); };
# Send the messages to an other host
#
#destination d_net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); };
# Debian only
destination d_ppp { file("/var/log/ppp.log"); };
########################
# Filters
########################
# Here's come the filter options. With this rules, we can set which
# message go where.
filter f_dbg { level(debug); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_err { level(err); };
filter f_crit { level(crit .. emerg); };
filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
filter f_error { level(err .. emerg) ; };
filter f_messages { level(info,notice,warn) and
not facility(auth,authpriv,cron,daemon,mail,news); };
filter f_auth { facility(auth, authpriv) and not filter(f_debug); };
filter f_cron { facility(cron) and not filter(f_debug); };
filter f_daemon { facility(daemon) and not filter(f_debug); };
filter f_kern { facility(kern) and not filter(f_debug); };
filter f_lpr { facility(lpr) and not filter(f_debug); };
filter f_local { facility(local0, local1, local3, local4, local5,
local6, local7) and not filter(f_debug); };
filter f_mail { facility(mail) and not filter(f_debug); };
filter f_news { facility(news) and not filter(f_debug); };
filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); };
filter f_user { facility(user) and not filter(f_debug); };
filter f_uucp { facility(uucp) and not filter(f_debug); };
filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
filter f_ppp { facility(local2) and not filter(f_debug); };
filter f_console { level(warn .. emerg); };
########################
# Log paths
########################
log { source(s_src); filter(f_auth); destination(d_auth); };
log { source(s_src); filter(f_cron); destination(d_cron); };
log { source(s_src); filter(f_daemon); destination(d_daemon); };
log { source(s_src); filter(f_kern); destination(d_kern); };
log { source(s_src); filter(f_lpr); destination(d_lpr); };
log { source(s_src); filter(f_syslog3); destination(d_syslog); };
log { source(s_src); filter(f_user); destination(d_user); };
log { source(s_src); filter(f_uucp); destination(d_uucp); };
log { source(s_src); filter(f_mail); destination(d_mail); };
#log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };
#log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };
#log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };
log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); };
log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); };
log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };
#log { source(s_src); filter(f_cnews); destination(d_console_all); };
#log { source(s_src); filter(f_cother); destination(d_console_all); };
#log { source(s_src); filter(f_ppp); destination(d_ppp); };
log { source(s_src); filter(f_debug); destination(d_debug); };
log { source(s_src); filter(f_error); destination(d_error); };
log { source(s_src); filter(f_messages); destination(d_messages); };
log { source(s_src); filter(f_console); destination(d_console_all);
destination(d_xconsole); };
log { source(s_src); filter(f_crit); destination(d_console); };
# All messages send to a remote site
#
#log { source(s_src); destination(d_net); };

160
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit Normal file
View File

@@ -0,0 +1,160 @@
@version: 3.36
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation. Originally written by anonymous (I can't find his name)
# Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>)
#
# Move to 3.19
# Only change is to add dns_cache(no) to options to suppress initialization warning.
#
# Joe Slater <joe.slater@windriver.com>
# First, set some global options.
options { chain_hostnames(off); flush_lines(0); use_dns(no); dns_cache(no); use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
};
########################
# Sources
########################
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source s_src { unix-dgram("/dev/log"); internal();
file("/proc/kmsg" program_override("kernel"));
};
# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
#source s_net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); };
########################
# Destinations
########################
# First some standard logfile
#
destination d_auth { file("/var/log/auth.log"); };
destination d_cron { file("/var/log/cron.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kern { file("/var/log/kern.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };
# This files are the log come from the mail subsystem.
#
destination d_mailinfo { file("/var/log/mail/mail.info"); };
destination d_mailwarn { file("/var/log/mail/mail.warn"); };
destination d_mailerr { file("/var/log/mail/mail.err"); };
# Logging for INN news system
#
destination d_newscrit { file("/var/log/news/news.crit"); };
destination d_newserr { file("/var/log/news/news.err"); };
destination d_newsnotice { file("/var/log/news/news.notice"); };
# Some 'catch-all' logfiles.
#
destination d_debug { file("/var/log/debug"); };
destination d_error { file("/var/log/error"); };
destination d_messages { file("/var/log/messages"); };
# The root's console.
#
destination d_console { usertty("root"); };
# Virtual console.
#
destination d_console_all { file("/dev/tty10"); };
# The named pipe /dev/xconsole is for the nsole' utility. To use it,
# you must invoke nsole' with the -file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
destination d_xconsole { pipe("/dev/xconsole"); };
# Send the messages to an other host
#
#destination d_net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); };
# Debian only
destination d_ppp { file("/var/log/ppp.log"); };
########################
# Filters
########################
# Here's come the filter options. With this rules, we can set which
# message go where.
filter f_dbg { level(debug); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_err { level(err); };
filter f_crit { level(crit .. emerg); };
filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
filter f_error { level(err .. emerg) ; };
filter f_messages { level(info,notice,warn) and
not facility(auth,authpriv,cron,daemon,mail,news); };
filter f_auth { facility(auth, authpriv) and not filter(f_debug); };
filter f_cron { facility(cron) and not filter(f_debug); };
filter f_daemon { facility(daemon) and not filter(f_debug); };
filter f_kern { facility(kern) and not filter(f_debug); };
filter f_lpr { facility(lpr) and not filter(f_debug); };
filter f_local { facility(local0, local1, local3, local4, local5,
local6, local7) and not filter(f_debug); };
filter f_mail { facility(mail) and not filter(f_debug); };
filter f_news { facility(news) and not filter(f_debug); };
filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); };
filter f_user { facility(user) and not filter(f_debug); };
filter f_uucp { facility(uucp) and not filter(f_debug); };
filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
filter f_ppp { facility(local2) and not filter(f_debug); };
filter f_console { level(warn .. emerg); };
########################
# Log paths
########################
log { source(s_src); filter(f_auth); destination(d_auth); };
log { source(s_src); filter(f_cron); destination(d_cron); };
log { source(s_src); filter(f_daemon); destination(d_daemon); };
log { source(s_src); filter(f_kern); destination(d_kern); };
log { source(s_src); filter(f_lpr); destination(d_lpr); };
log { source(s_src); filter(f_syslog3); destination(d_syslog); };
log { source(s_src); filter(f_user); destination(d_user); };
log { source(s_src); filter(f_uucp); destination(d_uucp); };
log { source(s_src); filter(f_mail); destination(d_mail); };
#log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };
#log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };
#log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };
log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); };
log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); };
log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };
#log { source(s_src); filter(f_cnews); destination(d_console_all); };
#log { source(s_src); filter(f_cother); destination(d_console_all); };
#log { source(s_src); filter(f_ppp); destination(d_ppp); };
log { source(s_src); filter(f_debug); destination(d_debug); };
log { source(s_src); filter(f_error); destination(d_error); };
log { source(s_src); filter(f_messages); destination(d_messages); };
log { source(s_src); filter(f_console); destination(d_console_all);
destination(d_xconsole); };
log { source(s_src); filter(f_crit); destination(d_console); };
# All messages send to a remote site
#
#log { source(s_src); destination(d_net); };

46
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/syslog-ng.service-the-syslog-ng-service.patch Normal file
View File

@@ -0,0 +1,46 @@
Subject: [PATCH] syslog-ng.service: the syslog-ng service can not start
successfully,so modify it.
Upstream-Status: Pending
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Updated-by: Andrej Valek <andrej.valek@siemens.com>
Update for 3.24.1
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
---
contrib/systemd/syslog-ng@.service | 4 ++--
contrib/systemd/syslog-ng@default | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/contrib/systemd/syslog-ng@.service b/contrib/systemd/syslog-ng@.service
index a28640e..93aec94 100644
--- a/contrib/systemd/syslog-ng@.service
+++ b/contrib/systemd/syslog-ng@.service
@@ -7,8 +7,8 @@ Conflicts=emergency.service emergency.target
Type=notify
EnvironmentFile=-/etc/default/syslog-ng@%i
EnvironmentFile=-/etc/sysconfig/syslog-ng@%i
-ExecStart=/usr/sbin/syslog-ng -F $OTHER_OPTIONS --cfgfile $CONFIG_FILE --control $CONTROL_FILE --persist-file $PERSIST_FILE --pidfile $PID_FILE
-ExecReload=/bin/kill -HUP $MAINPID
+ExecStart=@SBINDIR@/syslog-ng -F $OTHER_OPTIONS --cfgfile $CONFIG_FILE --control $CONTROL_FILE --persist-file $PERSIST_FILE --pidfile $PID_FILE
+ExecReload=@BASEBINDIR@/kill -HUP $MAINPID
StandardOutput=journal
StandardError=journal
Restart=on-failure
diff --git a/contrib/systemd/syslog-ng@default b/contrib/systemd/syslog-ng@default
index 0ccc2b9..7f08c0e 100644
--- a/contrib/systemd/syslog-ng@default
+++ b/contrib/systemd/syslog-ng@default
@@ -1,5 +1,5 @@
CONFIG_FILE=/etc/syslog-ng/syslog-ng.conf
-PERSIST_FILE=/var/lib/syslog-ng/syslog-ng.persist
-CONTROL_FILE=/var/run/syslog-ng.ctl
-PID_FILE=/var/run/syslog-ng.pid
+PERSIST_FILE=@LOCALSTATEDIR@/lib/syslog-ng/syslog-ng.persist
+CONTROL_FILE=@LOCALSTATEDIR@/run/syslog-ng/syslog-ng.ctl
+PID_FILE=@LOCALSTATEDIR@/run/syslog-ng.pid
OTHER_OPTIONS="--enable-core"
--
2.7.4

1
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/volatiles.03_syslog-ng Normal file
View File

@@ -0,0 +1 @@
d root root 0755 /var/run/syslog-ng none

150
sources/meta-openembedded/meta-oe/recipes-support/syslog-ng/syslog-ng_4.6.0.bb Normal file
View File

@@ -0,0 +1,150 @@
SUMMARY = "Alternative system logger daemon"
DESCRIPTION = "syslog-ng, as the name shows, is a syslogd replacement, \
but with new functionality for the new generation. The original syslogd \
allows messages only to be sorted based on priority/facility pairs; \
syslog-ng adds the possibility to filter based on message contents using \
regular expressions. The new configuration scheme is intuitive and powerful. \
Forwarding logs over TCP and remembering all forwarding hops makes it \
ideal for firewalled environments. \
"
HOMEPAGE = "http://www.balabit.com/network-security/syslog-ng/opensource-logging-system"
LICENSE = "GPL-2.0-only & LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=924958cefc9f7de3e0b818832b8a1cec"
# util-linux added to get libuuid
DEPENDS = "libpcre flex glib-2.0 openssl util-linux bison-native curl"
SRC_URI = "https://github.com/balabit/syslog-ng/releases/download/${BP}/${BP}.tar.gz \
file://syslog-ng.conf.systemd \
file://syslog-ng.conf.sysvinit \
file://initscript \
file://volatiles.03_syslog-ng \
file://syslog-ng-tmp.conf \
file://syslog-ng.service-the-syslog-ng-service.patch \
file://0001-Fix-buildpaths-warning.patch \
file://0001-macros-guard-ipv6-code-with-SYSLOG_NG_ENABLE_IPV6.patch \
file://CVE-2024-47619.patch \
"
SRC_URI:append:powerpc64le = " file://0001-plugin.c-workaround-powerpc64le-segfaults-error.patch"
SRC_URI[sha256sum] = "b69e3360dfb96a754a4e1cbead4daef37128b1152a23572356db4ab64a475d4f"
UPSTREAM_CHECK_URI = "https://github.com/balabit/syslog-ng/releases"
CVE_STATUS[CVE-2022-38725] = "cpe-incorrect: cve-check wrongly matches cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32"
inherit autotools gettext systemd pkgconfig update-rc.d multilib_header
EXTRA_OECONF = " \
--enable-dynamic-linking \
--disable-sub-streams \
--disable-pacct \
--localstatedir=${localstatedir}/lib/${BPN} \
--sysconfdir=${sysconfdir}/${BPN} \
--with-module-dir=${libdir}/${BPN} \
--with-sysroot=${STAGING_DIR_HOST} \
--without-mongoc --disable-mongodb \
--with-librabbitmq-client=no \
--disable-python \
--disable-java --disable-java-modules \
--with-pidfile-dir=${localstatedir}/run/${BPN} \
"
PACKAGECONFIG ??= " \
${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} \
"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,,"
PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/,--disable-systemd --without-systemdsystemunitdir,systemd,"
PACKAGECONFIG[linux-caps] = "--enable-linux-caps,--disable-linux-caps,libcap,"
PACKAGECONFIG[dbi] = "--enable-sql,--disable-sql,libdbi,"
PACKAGECONFIG[spoof-source] = "--enable-spoof-source --with-libnet=${STAGING_BINDIR_CROSS},--disable-spoof-source,libnet,"
PACKAGECONFIG[http] = "--enable-http,--disable-http,curl,"
PACKAGECONFIG[smtp] = "--enable-smtp --with-libesmtp=${STAGING_LIBDIR},--disable-smtp,libesmtp,"
PACKAGECONFIG[json] = "--enable-json,--disable-json,json-c,"
PACKAGECONFIG[tcp-wrapper] = "--enable-tcp-wrapper,--disable-tcp-wrapper,tcp-wrappers,"
PACKAGECONFIG[geoip] = "--enable-geoip,--disable-geoip,geoip,"
PACKAGECONFIG[native] = "--enable-native,--disable-native,,"
do_configure:prepend() {
olddir=$(pwd)
cd ${AUTOTOOLS_SCRIPT_PATH}
ACLOCAL="$ACLOCAL" autoreconf -Wcross --verbose --install --force ${EXTRA_AUTORECONF} -I ${S}/m4 ${ACLOCALEXTRAPATH} || die "extra autoreconf execution failed."
cd $olddir
}
do_install:append() {
install -d ${D}${sysconfdir}/${BPN}
install -d ${D}${sysconfdir}/init.d
install -m 755 ${WORKDIR}/initscript ${D}${sysconfdir}/init.d/syslog
install -d ${D}${sysconfdir}/default/volatiles/
install -m 644 ${WORKDIR}/volatiles.03_syslog-ng ${D}${sysconfdir}/default/volatiles/03_syslog-ng
install -d ${D}${sysconfdir}/tmpfiles.d/
install -m 644 ${WORKDIR}/syslog-ng-tmp.conf ${D}${sysconfdir}/tmpfiles.d/syslog-ng.conf
install -d ${D}${localstatedir}/lib/${BPN}
# Remove /var/run as it is created on startup
rm -rf ${D}${localstatedir}/run
# it causes install conflict when multilib enabled
# since python support is disabled, not deliver it
rm -f ${D}${bindir}/syslog-ng-update-virtualenv
# support for systemd
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
install -m 644 ${WORKDIR}/syslog-ng.conf.systemd ${D}${sysconfdir}/${BPN}/${BPN}.conf
install -d ${D}${systemd_unitdir}/system/
install -m 644 ${S}/contrib/systemd/${BPN}@.service ${D}${systemd_unitdir}/system/${BPN}@.service
install -m 644 ${S}/contrib/systemd/${BPN}@default ${D}${sysconfdir}/default/${BPN}@default
sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/${BPN}@.service ${D}${sysconfdir}/default/${BPN}@default
sed -i -e 's,@LOCALSTATEDIR@,${localstatedir},g' ${D}${systemd_unitdir}/system/${BPN}@.service ${D}${sysconfdir}/default/${BPN}@default
sed -i -e 's,@BASEBINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/${BPN}@.service ${D}${sysconfdir}/default/${BPN}@default
install -d ${D}${systemd_unitdir}/system/multi-user.target.wants
ln -sf ../${BPN}@.service ${D}${systemd_unitdir}/system/multi-user.target.wants/${BPN}@default.service
else
install -m 644 ${WORKDIR}/syslog-ng.conf.sysvinit ${D}${sysconfdir}/${BPN}/${BPN}.conf
fi
oe_multilib_header syslog-ng/syslog-ng-config.h
}
FILES:${PN} += "${datadir}/include/scl/ ${datadir}/xsd ${datadir}/tools ${systemd_unitdir}/system/multi-user.target.wants/*"
RDEPENDS:${PN} += "gawk ${@bb.utils.contains('PACKAGECONFIG','json','${PN}-jconf','',d)}"
FILES:${PN}-jconf += " \
${datadir}/${BPN}/include/scl/cim \
${datadir}/${BPN}/include/scl/elasticsearch \
${datadir}/${BPN}/include/scl/ewmm \
${datadir}/${BPN}/include/scl/graylog2 \
${datadir}/${BPN}/include/scl/loggly \
${datadir}/${BPN}/include/scl/logmatic \
"
# This overcomes the syslog-ng rdepends on syslog-ng-dev QA Error
PACKAGES =+ "${PN}-jconf ${PN}-libs ${PN}-libs-dev"
RPROVIDES:${PN}-dbg += "${PN}-libs-dbg"
FILES:${PN}-libs = "${libdir}/${BPN}/*.so ${libdir}/libsyslog-ng-*.so*"
FILES:${PN}-libs-dev = "${libdir}/${BPN}/lib*.la"
FILES:${PN}-staticdev += "${libdir}/${BPN}/libtest/*.a"
FILES:${PN} += "${systemd_unitdir}/system/*.service"
INSANE_SKIP:${PN}-libs = "dev-so"
RDEPENDS:${PN} += "${PN}-libs"
CONFFILES:${PN} = "${sysconfdir}/${BPN}.conf ${sysconfdir}/scl.conf"
RCONFLICTS:${PN} = "busybox-syslog sysklogd rsyslog"
RCONFLICTS:${PN}-libs = "busybox-syslog sysklogd rsyslog"
RPROVIDES:${PN} += "${PN}-systemd"
RREPLACES:${PN} += "${PN}-systemd"
RCONFLICTS:${PN} += "${PN}-systemd"
SYSTEMD_SERVICE:${PN} = "${BPN}@.service"
INITSCRIPT_NAME = "syslog"
INITSCRIPT_PARAMS = "start 20 2 3 4 5 . stop 90 0 1 6 ."