rebase to 1.4.0
resolves: rhbz#1425638
This commit is contained in:
Jiri Vymazal
parent
8891408e92
commit
830c47aebc
1
.gitignore
vendored
1
.gitignore
vendored
@ -10,3 +10,4 @@ librelp-1.0.0.tar.gz
|
||||
/librelp-1.2.14.tar.gz
|
||||
/librelp-1.2.15.tar.gz
|
||||
/librelp-1.2.16.tar.gz
|
||||
/librelp-1.4.0.tar.gz
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
diff -up ./src/tcp.c.fix ./src/tcp.c
|
||||
--- ./src/tcp.c.fix 2018-03-26 13:44:07.627189911 +0200
|
||||
+++ ./src/tcp.c 2018-03-26 13:44:51.051915920 +0200
|
||||
@@ -556,23 +556,8 @@ static relpRetVal
|
||||
relpTcpTLSSetPrio(relpTcp_t *const pThis)
|
||||
{
|
||||
int r;
|
||||
- char pristringBuf[4096];
|
||||
- char *pristring;
|
||||
ENTER_RELPFUNC;
|
||||
- /* Compute priority string (in simple cases where the user does not care...) */
|
||||
- if(pThis->pristring == NULL) {
|
||||
- if(pThis->bEnableTLSZip) {
|
||||
- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
|
||||
- } else {
|
||||
- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
|
||||
- }
|
||||
- pristringBuf[sizeof(pristringBuf)-1] = '\0';
|
||||
- pristring = pristringBuf;
|
||||
- } else {
|
||||
- pristring = pThis->pristring;
|
||||
- }
|
||||
-
|
||||
- r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
|
||||
+ r = gnutls_set_default_priority(pThis->session);
|
||||
if(r == GNUTLS_E_INVALID_REQUEST) {
|
||||
ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
|
||||
} else if(r != GNUTLS_E_SUCCESS) {
|
||||
55
librelp-1.4.0-crypto-compliance.patch
Normal file
55
librelp-1.4.0-crypto-compliance.patch
Normal file
@ -0,0 +1,55 @@
|
||||
From 01bbdc98d6e1a897111a93e0137dc41b0dd4e083 Mon Sep 17 00:00:00 2001
|
||||
From: Jiri Vymazal <jvymazal@redhat.com>
|
||||
Date: Wed, 10 Jul 2019 13:49:43 +0200
|
||||
Subject: [PATCH] Modified GnuTLS priority according to standard crypto-policy
|
||||
guideline
|
||||
|
||||
Edited TLS priority string default to conform to system-wide default
|
||||
and align librelp behavior with other crypto-utilizing packages
|
||||
---
|
||||
src/tcp.c | 25 +++++++++++++++++--------
|
||||
1 file changed, 17 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/tcp.c b/src/tcp.c
|
||||
index bd9bf1d..36e8712 100644
|
||||
--- a/src/tcp.c
|
||||
+++ b/src/tcp.c
|
||||
@@ -1136,20 +1136,29 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis)
|
||||
char pristringBuf[4096];
|
||||
char *pristring;
|
||||
ENTER_RELPFUNC;
|
||||
- /* Compute priority string (in simple cases where the user does not care...) */
|
||||
+ /* Set default priority string (in simple cases where the user does not care...) */
|
||||
if(pThis->pristring == NULL) {
|
||||
- if(pThis->bEnableTLSZip) {
|
||||
- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
|
||||
- } else {
|
||||
- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
|
||||
+ if (pThis->authmode == eRelpAuthMode_None) {
|
||||
+ if(pThis->bEnableTLSZip) {
|
||||
+ strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
|
||||
+ } else {
|
||||
+ strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
|
||||
}
|
||||
- pristringBuf[sizeof(pristringBuf)-1] = '\0';
|
||||
- pristring = pristringBuf;
|
||||
+ pristringBuf[sizeof(pristringBuf)-1] = '\0';
|
||||
+ pristring = pristringBuf;
|
||||
+ r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
|
||||
+ } else {
|
||||
+ r = gnutls_set_default_priority(pThis->session);
|
||||
+ strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf));
|
||||
+ pristringBuf[sizeof(pristringBuf)-1] = '\0';
|
||||
+ pristring = pristringBuf;
|
||||
+ }
|
||||
+
|
||||
} else {
|
||||
pristring = pThis->pristring;
|
||||
+ r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
|
||||
}
|
||||
|
||||
- r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
|
||||
if(r == GNUTLS_E_INVALID_REQUEST) {
|
||||
ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
|
||||
} else if(r != GNUTLS_E_SUCCESS) {
|
||||
|
||||
14
librelp.spec
14
librelp.spec
@ -1,13 +1,13 @@
|
||||
Summary: The Reliable Event Logging Protocol library
|
||||
Name: librelp
|
||||
Version: 1.2.16
|
||||
Release: 3%{?dist}
|
||||
Version: 1.4.0
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://www.rsyslog.com/
|
||||
Source0: http://download.rsyslog.com/librelp/%{name}-%{version}.tar.gz
|
||||
BuildRequires: gnutls-devel >= 1.4.0
|
||||
|
||||
Patch0: librelp-1.2.13-crypto-compliance.patch
|
||||
Patch0: librelp-1.4.0-crypto-compliance.patch
|
||||
|
||||
%description
|
||||
Librelp is an easy to use library for the RELP protocol. RELP (stands
|
||||
@ -29,11 +29,11 @@ to develop applications using librelp.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch0 -p1 -b .crypto
|
||||
|
||||
%build
|
||||
autoreconf -ivf
|
||||
%configure --disable-static
|
||||
%configure --disable-static --disable-tls-openssl
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
@ -54,6 +54,10 @@ rm $RPM_BUILD_ROOT/%{_libdir}/*.la
|
||||
%{_libdir}/pkgconfig/relp.pc
|
||||
|
||||
%changelog
|
||||
* Wed Jul 10 2019 Jiri Vymazal <jvymazal@redhat.com> - 1.4.0-1
|
||||
- rebase to 1.4.0
|
||||
resolves: rhbz#1425638
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (librelp-1.2.16.tar.gz) = 54c101281c94046e4f8d6f77e73ab52874408e62c77f3dfa29ec0b294f39c216637674cc0bf1b7e04173557b3f21bfa74b7be1aafa3ff2771acd41d1d067d3a3
|
||||
SHA512 (librelp-1.4.0.tar.gz) = 92d01a51b4ee3c66d1f65d2e26f214646d72b41a8411ab700fe5f9f30f805ef98dec962526ef95c8d8428bf7398d38f656c919f95a3e49382adc745ef9eb4239
|
||||
|
||||
Loading…
Reference in New Issue
Block a user