From 830c47aebc0e497f28f847b998c27a60370a4c6a Mon Sep 17 00:00:00 2001 From: Jiri Vymazal Date: Wed, 10 Jul 2019 15:10:58 +0200 Subject: [PATCH] rebase to 1.4.0 resolves: rhbz#1425638 --- .gitignore | 1 + librelp-1.2.13-crypto-compliance.patch | 28 ------------- librelp-1.4.0-crypto-compliance.patch | 55 ++++++++++++++++++++++++++ librelp.spec | 14 ++++--- sources | 2 +- 5 files changed, 66 insertions(+), 34 deletions(-) delete mode 100644 librelp-1.2.13-crypto-compliance.patch create mode 100644 librelp-1.4.0-crypto-compliance.patch diff --git a/.gitignore b/.gitignore index e229700..1dfd2b3 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ librelp-1.0.0.tar.gz /librelp-1.2.14.tar.gz /librelp-1.2.15.tar.gz /librelp-1.2.16.tar.gz +/librelp-1.4.0.tar.gz diff --git a/librelp-1.2.13-crypto-compliance.patch b/librelp-1.2.13-crypto-compliance.patch deleted file mode 100644 index d5238d0..0000000 --- a/librelp-1.2.13-crypto-compliance.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -up ./src/tcp.c.fix ./src/tcp.c ---- ./src/tcp.c.fix 2018-03-26 13:44:07.627189911 +0200 -+++ ./src/tcp.c 2018-03-26 13:44:51.051915920 +0200 -@@ -556,23 +556,8 @@ static relpRetVal - relpTcpTLSSetPrio(relpTcp_t *const pThis) - { - int r; -- char pristringBuf[4096]; -- char *pristring; - ENTER_RELPFUNC; -- /* Compute priority string (in simple cases where the user does not care...) */ -- if(pThis->pristring == NULL) { -- if(pThis->bEnableTLSZip) { -- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf)); -- } else { -- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf)); -- } -- pristringBuf[sizeof(pristringBuf)-1] = '\0'; -- pristring = pristringBuf; -- } else { -- pristring = pThis->pristring; -- } -- -- r = gnutls_priority_set_direct(pThis->session, pristring, NULL); -+ r = gnutls_set_default_priority(pThis->session); - if(r == GNUTLS_E_INVALID_REQUEST) { - ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO); - } else if(r != GNUTLS_E_SUCCESS) { diff --git a/librelp-1.4.0-crypto-compliance.patch b/librelp-1.4.0-crypto-compliance.patch new file mode 100644 index 0000000..6c36c4f --- /dev/null +++ b/librelp-1.4.0-crypto-compliance.patch @@ -0,0 +1,55 @@ +From 01bbdc98d6e1a897111a93e0137dc41b0dd4e083 Mon Sep 17 00:00:00 2001 +From: Jiri Vymazal +Date: Wed, 10 Jul 2019 13:49:43 +0200 +Subject: [PATCH] Modified GnuTLS priority according to standard crypto-policy + guideline + +Edited TLS priority string default to conform to system-wide default +and align librelp behavior with other crypto-utilizing packages +--- + src/tcp.c | 25 +++++++++++++++++-------- + 1 file changed, 17 insertions(+), 8 deletions(-) + +diff --git a/src/tcp.c b/src/tcp.c +index bd9bf1d..36e8712 100644 +--- a/src/tcp.c ++++ b/src/tcp.c +@@ -1136,20 +1136,29 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis) + char pristringBuf[4096]; + char *pristring; + ENTER_RELPFUNC; +- /* Compute priority string (in simple cases where the user does not care...) */ ++ /* Set default priority string (in simple cases where the user does not care...) */ + if(pThis->pristring == NULL) { +- if(pThis->bEnableTLSZip) { +- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf)); +- } else { +- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf)); ++ if (pThis->authmode == eRelpAuthMode_None) { ++ if(pThis->bEnableTLSZip) { ++ strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf)); ++ } else { ++ strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf)); + } +- pristringBuf[sizeof(pristringBuf)-1] = '\0'; +- pristring = pristringBuf; ++ pristringBuf[sizeof(pristringBuf)-1] = '\0'; ++ pristring = pristringBuf; ++ r = gnutls_priority_set_direct(pThis->session, pristring, NULL); ++ } else { ++ r = gnutls_set_default_priority(pThis->session); ++ strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf)); ++ pristringBuf[sizeof(pristringBuf)-1] = '\0'; ++ pristring = pristringBuf; ++ } ++ + } else { + pristring = pThis->pristring; ++ r = gnutls_priority_set_direct(pThis->session, pristring, NULL); + } + +- r = gnutls_priority_set_direct(pThis->session, pristring, NULL); + if(r == GNUTLS_E_INVALID_REQUEST) { + ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO); + } else if(r != GNUTLS_E_SUCCESS) { + diff --git a/librelp.spec b/librelp.spec index 686575f..400d7a4 100644 --- a/librelp.spec +++ b/librelp.spec @@ -1,13 +1,13 @@ Summary: The Reliable Event Logging Protocol library Name: librelp -Version: 1.2.16 -Release: 3%{?dist} +Version: 1.4.0 +Release: 1%{?dist} License: GPLv3+ URL: http://www.rsyslog.com/ Source0: http://download.rsyslog.com/librelp/%{name}-%{version}.tar.gz BuildRequires: gnutls-devel >= 1.4.0 -Patch0: librelp-1.2.13-crypto-compliance.patch +Patch0: librelp-1.4.0-crypto-compliance.patch %description Librelp is an easy to use library for the RELP protocol. RELP (stands @@ -29,11 +29,11 @@ to develop applications using librelp. %prep %setup -q -%patch0 -p1 +%patch0 -p1 -b .crypto %build autoreconf -ivf -%configure --disable-static +%configure --disable-static --disable-tls-openssl make %{?_smp_mflags} %install @@ -54,6 +54,10 @@ rm $RPM_BUILD_ROOT/%{_libdir}/*.la %{_libdir}/pkgconfig/relp.pc %changelog +* Wed Jul 10 2019 Jiri Vymazal - 1.4.0-1 +- rebase to 1.4.0 + resolves: rhbz#1425638 + * Fri Feb 01 2019 Fedora Release Engineering - 1.2.16-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/sources b/sources index 148e7f5..4805b1e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (librelp-1.2.16.tar.gz) = 54c101281c94046e4f8d6f77e73ab52874408e62c77f3dfa29ec0b294f39c216637674cc0bf1b7e04173557b3f21bfa74b7be1aafa3ff2771acd41d1d067d3a3 +SHA512 (librelp-1.4.0.tar.gz) = 92d01a51b4ee3c66d1f65d2e26f214646d72b41a8411ab700fe5f9f30f805ef98dec962526ef95c8d8428bf7398d38f656c919f95a3e49382adc745ef9eb4239