---
- branch: MAIN
  date: Sun Oct 26 21:11:09 UTC 2014
  files:
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/sysutils/rsyslog/Makefile.common
    pathrev: pkgsrc/sysutils/rsyslog/Makefile.common@1.3
    type: modified
  - new: '1.2'
    old: '1.1'
    path: pkgsrc/sysutils/rsyslog/distinfo
    pathrev: pkgsrc/sysutils/rsyslog/distinfo@1.2
    type: modified
  - new: '1.2'
    old: '1.1'
    path: pkgsrc/sysutils/rsyslog/patches/patch-grammar_lexer.l
    pathrev: pkgsrc/sysutils/rsyslog/patches/patch-grammar_lexer.l@1.2
    type: modified
  - new: '0'
    old: '1.1'
    path: pkgsrc/sysutils/rsyslog/patches/patch-runtime_msg.c
    pathrev: pkgsrc/sysutils/rsyslog/patches/patch-runtime_msg.c@0
    type: deleted
  id: 20141026T211109Z.60fb709009b6cf5f8a2468ae6b24f1511a9fea3a
  log: |
    Update rsyslog to 8.4.2.

    Version 8.4.2 [v8-stable] 2014-10-02
    - bugfix: the fix for CVE-2014-3634 did not handle all cases. This is
      corrected now. see also: CVE-2014-3683
    - fixed a build problem on some platforms. Thanks to Olaf for the patch
    - behaviour change: "msg" of messages with invalid PRI set to "rawmsg"
      When the PRI is invalid, the rest of the header cannot be valid. So
      we move all of it to MSG and do not try to parse it out. Note that
      this is not directly related to the security issue but rather done
      because it makes most sense.

    Version 8.4.1 [v8-stable] 2014-09-30
    - imudp: add for bracketing mode, which makes parsing stats easier
    - permit at-sign in variable names
      closes: https://github.com/rsyslog/rsyslog/issues/110
    - bugfix: fix syntax error in anon_cc_numbers.py script
      Thanks to github user anthcourtney for the patch.
      closes: https://github.com/rsyslog/rsyslog/issues/109
    - bugfix: ompgsql: don't loose uncomitted data on retry
      Thanks to Jared Johnson and Axel Rau for the patch.
    - bugfix: imfile: if a state file for a different file name was set,
      that different file (name) was monitored instead of the configured
      one. Now, the state file is deleted and the correct file monitored.
      closes: https://github.com/rsyslog/rsyslog/issues/103
    - bugfix: omudpspoof: source port was invalid
      Thanks to Pavel Levshin for the patch
    - bugfix: build failure on systems which don't have json_tokener_errors
      Older versions of json-c need to use a different API (which don't
      exists on newer versions, unfortunately...)
      Thanks to Thomas D. for reporting this problem.
    - bugfix: omelasticsearch does not work with broken/changed ES 1.0+ API
      closes: https://github.com/rsyslog/rsyslog/issues/104
    - bugfix: mmanon did not properly anonymize IP addresses starting with '9'
      Thanks to defa-at-so36.net for reporting this problem.
      closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529
    - bugfix: build problems on SuSe Linux
      Thanks Andreas Stieger for the patch
    - bugfix: omelasticsearch error file did not work correctly on ES 1.0+
      due to a breaking change in the ElasticSearch API.
      see also: https://github.com/rsyslog/rsyslog/issues/104
    - bugfix: potential abort when a message with PRI > 191 was processed
      if the "pri-text" property was used in active templates, this could be
      abused to a remote denial of service from permitted senders
      see also: CVE-2014-3634
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/sysutils/rsyslog'
  unixtime: '1414357869'
  user: fhajny