backport: resolve build failures for CentOS 7 and Windows on 3.0

dockerfiles/Dockerfile.centos7

@@ -4,13 +4,14 @@
 FROM centos:7
 
 # hadolint ignore=DL3032, DL3033
-RUN yum -y update && \
+RUN sed -i -e "s/^mirrorlist=http:\/\/mirrorlist.centos.org/#mirrorlist=http:\/\/mirrorlist.centos.org/g" /etc/yum.repos.d/CentOS-Base.repo && \
+    sed -i -e "s/^#baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault.centos.org/g" /etc/yum.repos.d/CentOS-Base.repo && \
+    yum -y update && \
     yum install -y rpm-build curl ca-certificates gcc gcc-c++ cmake make bash \
     wget unzip systemd-devel wget flex bison \
     cyrus-sasl-lib cyrus-sasl-devel openssl openss-libs openssl-devel \
     postgresql-libs postgresql-devel postgresql-server postgresql libyaml-devel && \
-    wget -q http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
-    rpm -ivh epel-release-latest-7.noarch.rpm && \
+    yum install -y epel-release && \
     yum install -y cmake3
 
 COPY . /src/

packaging/distros/centos/Dockerfile

@@ -13,13 +13,14 @@ FROM multiarch/qemu-user-static:x86_64-aarch64 as multiarch-aarch64
 FROM centos:7 as centos-7-base
 
 # hadolint ignore=DL3033
-RUN yum -y update && \
+RUN sed -i -e "s/^mirrorlist=http:\/\/mirrorlist.centos.org/#mirrorlist=http:\/\/mirrorlist.centos.org/g" /etc/yum.repos.d/CentOS-Base.repo && \
+    sed -i -e "s/^#baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault.centos.org/g" /etc/yum.repos.d/CentOS-Base.repo && \
+    yum -y update && \
     yum install -y rpm-build curl ca-certificates gcc gcc-c++ cmake make bash \
     wget unzip systemd-devel wget flex bison \
     cyrus-sasl-lib cyrus-sasl-devel openssl openss-libs openssl-devel \
     postgresql-libs postgresql-devel postgresql-server postgresql libyaml-devel && \
-    wget -q http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
-    rpm -ivh epel-release-latest-7.noarch.rpm && \
+    yum install -y epel-release && \
     yum install -y cmake3 && \
     yum clean all
 
@@ -32,13 +33,14 @@ FROM arm64v8/centos:7 as centos-7.arm64v8-base
 COPY --from=multiarch-aarch64 /usr/bin/qemu-aarch64-static /usr/bin/qemu-aarch64-static
 
 # hadolint ignore=DL3033
-RUN yum -y update && \
+RUN sed -i -e "s/^mirrorlist=http:\/\/mirrorlist.centos.org/#mirrorlist=http:\/\/mirrorlist.centos.org/g" /etc/yum.repos.d/CentOS-Base.repo && \
+    sed -i -e "s/^#baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault.centos.org/g" /etc/yum.repos.d/CentOS-Base.repo && \
+    yum -y update && \
     yum install -y rpm-build curl ca-certificates gcc gcc-c++ cmake make bash \
     wget unzip systemd-devel wget flex bison \
     cyrus-sasl-lib cyrus-sasl-devel openssl openss-libs openssl-devel \
     postgresql-libs postgresql-devel postgresql-server postgresql libyaml-devel && \
-    wget -q http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
-    rpm -ivh epel-release-latest-7.noarch.rpm && \
+    yum install -y epel-release && \
     yum install -y cmake3 && \
     yum clean all
 

plugins/in_winevtlog/pack.c

@@ -277,12 +277,23 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
 
     if (ConvertSidToStringSidW(sid, &wide_sid)) {
         if (extract_sid == FLB_TRUE) {
+            /* Skip to translate SID for capability SIDs.
+             * ref: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
+             * See also: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/sids-not-resolve-into-friendly-names
+             */
+            if (wcsnicmp(wide_sid, L"S-1-15-3-", 9) == 0) {
+                flb_plg_debug(ctx->ins, "This SID is one of the capability SIDs. Skip.");
+
+                goto not_mapped_error;
+            }
             if (!LookupAccountSidA(NULL, sid,
                                    account, &len, domain,
                                    &len, &sid_type)) {
                 err = GetLastError();
                 if (err == ERROR_NONE_MAPPED) {
-                    strcpy_s(account, MAX_NAME, "NONE_MAPPED");
+                    flb_plg_debug(ctx->ins, "AccountSid is not mapped. code: %u", err);
+
+                    goto not_mapped_error;
                 }
                 else {
                     flb_plg_warn(ctx->ins, "LookupAccountSid Error %u", err);
@@ -296,6 +307,8 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
             if (formatted == NULL) {
                 flb_plg_warn(ctx->ins, "create result buffer failed");
 
+                ret = -1;
+
                 goto error;
             }
 
@@ -327,12 +340,17 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
             return ret;
         }
 
-    error:
+    not_mapped_error:
         ret = pack_wstr(ctx, wide_sid);
 
         LocalFree(wide_sid);
 
-        return -1;
+        return ret;
+
+    error:
+        LocalFree(wide_sid);
+
+        return ret;
     }
 
     return ret;
@@ -432,7 +450,7 @@ static void pack_string_inserts(struct winevtlog_config *ctx, PEVT_VARIANT value
             }
             break;
         case EvtVarTypeEvtXml:
-            if (pack_wstr(ctx, values[i].XmlVal, ctx)) {
+            if (pack_wstr(ctx, values[i].XmlVal)) {
                 pack_nullstr(ctx);
             }
             break;

plugins/out_s3/s3.c

@@ -380,7 +380,11 @@ static int init_seq_index(void *context) {
     }
 
     /* Create directory path if it doesn't exist */
+#ifdef FLB_SYSTEM_WINDOWS
+    ret = mkdir(ctx->metadata_dir);
+#else
     ret = mkdir(ctx->metadata_dir, 0700);
+#endif
     if (ret < 0 && errno != EEXIST) {
         flb_plg_error(ctx->ins, "Failed to create metadata directory");
         return -1;
@@ -921,11 +925,11 @@ static int cb_s3_init(struct flb_output_instance *ins,
         ctx->timer_ms = UPLOAD_TIMER_MIN_WAIT;
     }
 
-    /* 
-     * S3 must ALWAYS use sync mode 
+    /*
+     * S3 must ALWAYS use sync mode
      * In the timer thread we do a mk_list_foreach_safe on the queue of uplaods and chunks
      * Iterating over those lists is not concurrent safe. If a flush call ran at the same time
-     * And deleted an item from the list, this could cause a crash/corruption. 
+     * And deleted an item from the list, this could cause a crash/corruption.
      */
     flb_stream_disable_async_mode(&ctx->s3_client->upstream->base);
 
@@ -1227,6 +1231,8 @@ static int put_all_chunks(struct flb_s3 *ctx)
                     flb_plg_error(ctx->ins, "Failed to compress data, uploading uncompressed data instead to prevent data loss");
                 } else {
                     flb_plg_info(ctx->ins, "Pre-compression chunk size is %zu, After compression, chunk is %zu bytes", buffer_size, payload_size);
+                    flb_free(buffer);
+
                     buffer = (void *) payload_buf;
                     buffer_size = payload_size;
                 }
@@ -1392,7 +1398,6 @@ static int s3_put_object(struct flb_s3 *ctx, const char *tag, time_t file_first_
         ret = write_seq_index(ctx->seq_index_file, ctx->seq_index);
         if (ret < 0 && access(ctx->seq_index_file, F_OK) == 0) {
             ctx->seq_index--;
-            flb_sds_destroy(s3_key);
             flb_plg_error(ctx->ins, "Failed to update sequential index metadata file");
             return -1;
         }