When the main thread cancel imjournal thread, the thread exits without
setting sd_journal to NULL because sd_journal_close() contain cancel point.
This leads to a double free scenario where:
1. The thread cancel occurs during sd_journal_close()
2. The main thread then calls imjournal's afterrun function
3. sd_journal_close() is called again on the already-freed sd_journal
This modernizes contributor experience by simplifying PR templates and
removing the lengthy GDPR disclaimer that often discouraged or confused
new contributors. The update encourages more participation and shows how
responsible AI can be used to improve open source workflows.
Impact: none on runtime behavior; contributor workflow improved.
Before: PR template included long GDPR block; commit message rules were
scattered and partly implicit.
After: PR template is concise, GDPR text removed, and commit assistant
usage is documented across README, CONTRIBUTING, and AGENTS.md.
Technical changes include:
- PR template: drop GDPR notice, add commit-assistant references.
- CONTRIBUTING.md: add explicit commit rules and workflow guidance.
- AGENTS.md: require canonical base prompt and commit-first workflow.
- README.md: point to assistant and updated guidance.
- base_prompt.txt: enforce "Findings:" colon format.
- Minor formatting corrections in comments.
This introduces the first building block of our "responsible AI First"
approach. The base prompt defines how the rsyslog commit assistant
supports contributors in crafting consistent, high-quality commit
messages, thereby lowering entry barriers and improving project-wide
quality.
Impact: contributor workflow only, no runtime effect.
Technically this adds a structured prompt file under
ai/rsyslog_commit_assistant/. It codifies message format, workflow
checks, and error handling guidance. No rsyslog core code, config, or
tests are affected. This is a purely contributor-facing addition that
can evolve independently of runtime behavior.
Refs: https://www.rsyslog.com/clarifying-ai-first-what-it-really-means-for-rsyslog/
Why: Modernize omhttp so HTTP forwarding is viable and maintainable in
current deployments (incl. Docker). Align the module with core-supported
interfaces, reduce maintenance risk, and pave the way to promote it from
contrib to an officially supported module.
Technical overview (conceptual):
- Switch plugin API from legacy TXIF (doAction) to OMODTX
(commitTransaction). Update query entry points accordingly.
- Keep beginTransaction for batch init; fold the final flush from
endTransaction into commitTransaction per OMODTX.
- Preserve external behavior: batching thresholds (maxBatchSize and
maxBatchBytes), dynRestPath handling, statistics, and HUP behavior.
- In commitTransaction, process all records in one pass and submit
batches when thresholds are crossed; non-batch mode posts per record.
- Retry test adjusted to tolerate duplicates during migration
(omhttp-retry.sh), reflecting current OMODTX replay characteristics.
Addresses from #5957:
- Core modernization of omhttp to the project’s current module
interface, suitable for containerized use cases.
- First step toward “project-supported” status by aligning with the
supported core API and updating tests.
Planned follow-ups (separate commits):
- Fix dynRestPath after a batch flush (set new path right after
initializeBatch).
- Revisit commit/replay semantics to minimize duplicates under retry, or
document dup-tolerant behavior and test both modes.
- Verify and free batch.restPath and headerBuf; add focused tests (path
change mid-batch, maxBatchBytes edges, TLS/gzip, HUP reinit).
- Documentation and packaging steps required for “project-supported”
status (module docs, release notes, CI/packaging policy).
- Evaluate if a compatibility query hook is needed for older cores.
see also: https://github.com/rsyslog/rsyslog/issues/5957
tcpflood opens TLS connections in parallel. OpenSSL updates internal X509 structures during the handshake, which leads ThreadSanitizer to report races when multiple handshakes run concurrently. Protect the handshake with a mutex and guard the error counter with its own lock.
AI-Agent: ChatGPT
replace outdated container docs with descriptions of user-focused images and development/CI containers; update install instructions to point to new content.
AI-Agent: ChatGPT
Add html_baseurl to Sphinx config; set to
'https://www.rsyslog.com/doc/'.
Sphinx will add a canonical link per page, reducing duplicate
content in search and consolidating ranking.
The URL matches the production docs root (trailing slash kept). No
behavior change for local/offline builds.
These cause mayor confusion for rsyslog users. Ensure they know
the need to go to the source.
This is probabaly only an interim solution until we have found
better ways to address the core issue.
- omkafka.rst: add “Set SASL password from an environment variable”
section with two paths:
* v8.2508.0+: inline `${VAR}` with adjacency via backticks
(`echo sasl.password=${KAFKA_PASSWORD}`)
* pre-8.2508.0: pre-compose `SASL_PWDPARAM` and echo that
- Clarify security notes (env files, /proc visibility) and add anchor
label :ref:`omkafka-sasl-password-from-env`
- constant_strings.rst: restructure and expand
* document `${VAR}` support, unbraced `$VAR` termination rules, and
adjacency to static text (v8.2508.0)
* keep scope explicit: only `echo`/`cat`, no `$(...)`
* add clear examples and use `rsyslog` lexer for code blocks
* add compatibility guidance for older versions
* add note: backticks can toggle boolean flags such as `config.enabled`
- Motivation: addresses confusion seen in omkafka SASL cases (e.g. #5827)
No behavioral changes to code; documentation only.
- remove duplicate case-insensitivity note\n- clarify AddtlFrameDelimiter description\n- document module+input scope and usage for flowControl, keepAlive, and related parameters\n\nAI-Agent: ChatGPT
This implements brace-style env vars inside backticks with `echo` and
fixes termination of unbraced `$VAR`. Most importantly, variables can
now be adjacent to static text (e.g., `foo${ENV}bar`), which previously
did not work and caused confusion. This aligns behavior with common
bash expectations.
Why
- Users expect `${VAR}` and `$VAR!` to expand while keeping punctuation.
- Concatenations like `foo${ENV}bar` are common and should be valid.
What
- Add support for braced variables `${VAR}` with proper `}` handling.
- For unbraced `$VAR`, stop the name at the first non `[A-Za-z0-9_]`
char and emit that char (e.g., `!`, `.`) as literal output.
- Improve error handling for overlong env var names.
- Keep other shell features (e.g., `$(pwd)`) unsupported by design.
Docs
- Update `constant_strings.rst` to document `${VAR}`, the new
termination rules, and examples including `foo${ENV}bar` and `$VAR!`.
Tests
- Add `rscript_backticks_braces_envvar.sh` for `${VAR}` support.
- Add `rscript_backticks_static_text.sh` for `$VAR!` and adjacency.
- Convert `rscript_backticks_empty_envvar-vg.sh` to non-VG variant and
adjust `tests/Makefile.am`.
Compatibility
- Backward compatible. Changes affect only previously broken edge cases.
Misc
- Refresh lexer copyright years.
- action.c: Add iSuspended flag to prevent infinite loops when transactions
are suspended multiple times. Retry on first suspension
and abort with RS_RET_SUSPENDED on subsequent suspensions.
- tests/omprog-transactions-failed-messages.sh: Remove TODO comment and
workaround code related to issue #2420 (deferred messages within
transactions not being retried), as the underlying issue appears to
be resolved.
- tests/omprog-feedback-timeout.sh: Update expected output to reflect
improved transaction handling behavior. The test now expects additional
message processing cycles and proper timeout handling when the omprog
action is suspended and restarted.
- tests/omprog-feedback.sh: Make robust against timing variations from
new action.c retry logic by replacing exact sequence matching with
pattern-based validation to ensure cross-system compatibility.
- tests/omhttp-retry-timeout.sh: Optimize test parameters for better
reliability by reducing message count from 10000 to 5000, adding
sequence check options, and reducing queue batch size from 2048 to 500
to prevent test timeouts and improve stability.
- omhttp-batch-fail-with-400.sh test: resolve queue growth issue with
HTTP 400 errors. The test was experiencing a queue growth issue where
the queue size was increasing. This was caused by the omhttp module
incorrectly treating HTTP 400 errors as retriable when they should be
treated as permanent failures.
FIX: Added httpretrycodes=["500", "502", "503", "504"] configuration.
This explicitly specifies that only 5xx server errors should be retried.
HTTP 400 errors are now properly treated as permanent failures.
Some tests needed to be adapted, because they expected an "exactly once"
paradigm, which the fixed bug seemed to provide in some cases (but not
reliably). Actually, rsyslog guarantees "at least once", so duplicates
can occur and are typical if transaction-like logic is used with
non-transactional outputs.
This addresses the transaction suspension edge case and cleans up
temporary workaround code that is no longer needed. The test updates
ensure that the improved transaction handling behavior is properly
validated across different scenarios and that tests correctly reflect
rsyslog's actual delivery semantics.
closes https://github.com/rsyslog/rsyslog/issues/2420
If the srcdir variable was not defined, all tests initialize it
to ".". While this is fine, if srcdrv was not previously exported
the newly set variable was local to the execution shell and did
not promote to rsyslog environment.
However, srcdir is granted to be in environment, many processes
in testbench depend on this. We now ensure this by doing an
explicit export of srcdir during script init phase.
This item was create in 2007 and has proven in ~20yrs of practice
to be no issue. Even more so, this is now in legacy code that will
no longer be updated at all. So the TODO no longer applies and could
be removed.
Explain that TTL settings only affect reverse lookups for inbound messages. Forward lookups for outbound connections rely on the system resolver and are not cached. Remove ChangeLog entry per project policy.
AI-Agent: ChatGPT
Removed the global pthread_rwlock_t rwlock_hmysql and related locking
around worker-local MYSQL *hmysql handles. Each worker owns its handle
exclusively, so no cross-thread access occurs and the global lock adds
unnecessary overhead.
Commit a3b2983 (2021) introduced this lock without clearly stating the
underlying issue. A thorough architectural review and targeted analysis
found no flaw in rsyslog’s code or in the mariadb/mysql client libraries.
Web research also showed no known relevant defects. The most plausible
explanation is that the original change addressed a CI-induced race,
which would be consistent with other CI flake fixes we have made in
recent years.
Given the absence of a reproducible problem and the fact that the
locking code itself introduced theoretical races (never observed in
practice), we are reverting a3b2983’s behavior. We will monitor for
any regressions.
closes https://github.com/rsyslog/rsyslog/issues/5890
