.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,2 +1,18 @@
-SOURCES/librelp-1.9.0.tar.gz
+librelp-1.0.0.tar.gz
+/librelp-1.0.1.tar.gz
+/librelp-1.0.2.tar.gz
+/librelp-1.0.3.tar.gz
+/librelp-1.2.0.tar.gz
+/librelp-1.2.5.tar.gz
+/librelp-1.2.7.tar.gz
+/librelp-1.2.12.tar.gz
+/librelp-1.2.13.tar.gz
+/librelp-1.2.14.tar.gz
+/librelp-1.2.15.tar.gz
+/librelp-1.2.16.tar.gz
+/librelp-1.4.0.tar.gz
+/librelp-1.5.0.tar.gz
+/librelp-1.7.0.tar.gz
 /librelp-1.9.0.tar.gz
+/librelp-1.10.0.tar.gz
+/librelp-1.11.0.tar.gz

ci_tests.fmf

@@ -0,0 +1,17 @@
+/e2e:
+  plan:
+    import:
+      url: https://github.com/RedHat-SP-Security/rsyslog-plans.git
+      name: /generic/e2e_ci
+
+/rpmverify:
+  summary: rpmverify test
+  execute:
+      how: tmt
+  discover:
+    - name: test
+      how: shell
+      tests:
+        - name: rpmverify
+          test: 'rpmverify $(rpm -qa | grep librelp)'
+          duration: 2m

disable-openssl-engine.patch

@@ -0,0 +1,21 @@
+diff -up librelp-1.11.0/src/tcp.c.orig librelp-1.11.0/src/tcp.c
+--- librelp-1.11.0/src/tcp.c.orig	2024-08-15 08:31:29.699002010 +0200
++++ librelp-1.11.0/src/tcp.c	2024-08-15 08:31:46.552178361 +0200
+@@ -69,7 +69,7 @@
+ #	if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #		include <openssl/bioerr.h>
+ #	endif
+-#	include <openssl/engine.h>
++// #	include <openssl/engine.h>
+ /* OpenSSL API differences */
+ #	if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ #		define RSYSLOG_X509_NAME_oneline(X509CERT) X509_get_subject_name(X509CERT)
+@@ -1989,7 +1989,7 @@ relpTcpExitTLS_ossl(void)
+ 			SSL_CTX_free(ctx);
+ 			ctx = NULL;
+ 		}
+-		ENGINE_cleanup();
++		// ENGINE_cleanup();
+ 		ERR_free_strings();
+ 		EVP_cleanup();
+ 		CRYPTO_cleanup_all_ex_data();

gating.yaml

@@ -1,6 +1,6 @@
 --- !Policy
 product_versions:
-  - rhel-8
+  - rhel-10
 decision_context: osci_compose_gate
 rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

librelp-1.9.0-crypto-compliance.patch

@@ -1,87 +0,0 @@
-diff -up librelp-1.9.0/src/tcp.c.orig librelp-1.9.0/src/tcp.c
---- librelp-1.9.0/src/tcp.c.orig	2021-04-26 12:50:02.988053548 +0200
-+++ librelp-1.9.0/src/tcp.c	2021-04-26 15:12:58.292600192 +0200
-@@ -1155,32 +1155,8 @@ static relpRetVal LIBRELP_ATTR_NONNULL()
- relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis)
- {
- 	int r;
--	char pristringBuf[4096];
--	char *pristring;
- 	ENTER_RELPFUNC;
--	/* Set default priority string (in simple cases where the user does not care...) */
--	if(pThis->pristring == NULL) {
--		if (pThis->authmode == eRelpAuthMode_None) {
--			if(pThis->bEnableTLSZip) {
--				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
--			} else {
--				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
--			}
--			pristringBuf[sizeof(pristringBuf)-1] = '\0';
--			pristring = pristringBuf;
--			r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
--		} else {
--			r = gnutls_set_default_priority(pThis->session);
--			strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf));
--			pristringBuf[sizeof(pristringBuf)-1] = '\0';
--			pristring = pristringBuf;
--		}
--
--	} else {
--		pristring = pThis->pristring;
--		r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
--	}
--
-+	r = gnutls_set_default_priority(pThis->session);
- 	if(r == GNUTLS_E_INVALID_REQUEST) {
- 		ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
- 	} else if(r != GNUTLS_E_SUCCESS) {
-@@ -1188,7 +1164,7 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const
- 	}
- 
- finalize_it:
--	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
-+	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers to system default iRet=%d\n", iRet);
- 
- 	if(iRet != RELP_RET_OK) {
- 		chkGnutlsCode(pThis, "Failed to set GnuTLS priority", iRet, r);
-@@ -1207,37 +1183,15 @@ relpTcpTLSSetPrio_gtls(LIBRELP_ATTR_UNUS
- static relpRetVal LIBRELP_ATTR_NONNULL()
- relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
- {
--	char pristringBuf[4096];
--	char *pristring;
- 	ENTER_RELPFUNC;
--	/* Compute priority string (in simple cases where the user does not care...) */
--	if(pThis->pristring == NULL) {
--		if (pThis->authmode == eRelpAuthMode_None) {
--			#if OPENSSL_VERSION_NUMBER >= 0x10100000L \
--				&& !defined(LIBRESSL_VERSION_NUMBER)
--			 /* NOTE: do never use: +eNULL, it DISABLES encryption! */
--			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
--				sizeof(pristringBuf));
--			#else
--			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",
--				sizeof(pristringBuf));
--			#endif
--		} else {
--			strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf));
--		}
--		pristringBuf[sizeof(pristringBuf)-1] = '\0';
--		pristring = pristringBuf;
--	} else {
--		pristring = pThis->pristring;
--	}
- 
--	if ( SSL_set_cipher_list(pThis->ssl, pristring) == 0 ){
--		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers '%s'\n", pristring);
-+	if ( SSL_set_cipher_list(pThis->ssl, "PROFILE=SYSTEM") == 0 ){
-+		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers to system default\n");
- 		ABORT_FINALIZE(RELP_RET_ERR_TLS_SETUP);
- 	}
- 
- finalize_it:
--	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
-+	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers to system default iRet=%d\n", iRet);
- 	LEAVE_RELPFUNC;
- }
- #else

librelp.spec

@@ -1,18 +1,12 @@
 Summary: The Reliable Event Logging Protocol library
 Name: librelp
-Version: 1.9.0
-Release: 1%{?dist}
-License: GPLv3+
-Group: System Environment/Libraries
+Version: 1.11.0
+Release: 7%{?dist}
+License: GPL-3.0-or-later
 URL: http://www.rsyslog.com/
-Source0: http://download.rsyslog.com/librelp/%{name}-%{version}.tar.gz
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
-Requires: openssl-libs
-BuildRequires: gnutls-devel >= 1.4.0
-BuildRequires: openssl-devel
+Source0: http://download.rsyslog.com/%{name}/%{name}-%{version}.tar.gz
 
-Patch0: librelp-1.9.0-crypto-compliance.patch
+Patch0: disable-openssl-engine.patch
 
 %description
 Librelp is an easy to use library for the RELP protocol. RELP (stands
@@ -21,12 +15,14 @@ logging protocol.
 
 %package devel
 Summary: Development files for the %{name} package
-Group: Development/Libraries
 Requires: %{name} = %{version}-%{release}
 Requires: pkgconfig
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: libtool
+BuildRequires: make
+BuildRequires: gnutls-devel >= 1.4.0
+BuildRequires: openssl-devel
 
 %description devel
 Librelp is an easy to use library for the RELP protocol. The
@@ -35,11 +31,12 @@ to develop applications using librelp.
 
 %prep
 %setup -q
-%patch0 -p1 -b .crypto-compliance
+
+%patch -P 0 -p1
 
 %build
 autoreconf -ivf
-%configure --disable-static
+%configure --disable-static --enable-tls --enable-tls-openssl
 make %{?_smp_mflags}
 
 %install
@@ -48,36 +45,95 @@ make install DESTDIR=$RPM_BUILD_ROOT
 
 rm $RPM_BUILD_ROOT/%{_libdir}/*.la
 
-%post -p /sbin/ldconfig
-
-%postun
-if [ "$1" = "0" ] ; then
-    /sbin/ldconfig
-fi
+%ldconfig_scriptlets
 
 %files
-%defattr(-,root,root,-)
 %doc AUTHORS COPYING NEWS README doc/*html
 %{_libdir}/librelp.so.*
 
 %files devel
-%defattr(-,root,root)
 %{_includedir}/*
 %{_libdir}/librelp.so
 %{_libdir}/pkgconfig/relp.pc
 
 %changelog
-* Mon Apr 26 2021 Attila Lakatos <alakatos@redhat.com> - 1.9.0-1
-- rebase to 1.9.0
-- add patch to comply with crypto policies
-- add support for openssl
-  resolves: rhbz#1932783
-- Properly end TLS connections
-  resolves: rhbz#1886400
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.11.0-7
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
 
-* Wed Aug 08 2018 Jiri Vymazal <jvymazal@redhat.com> - 1.2.16-1
+* Thu Aug 15 2024 Attila Lakatos <alakatos@redhat.com> - 1.11.0-6
+- Rebuild
+  Resolves: RHEL-54298
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.11.0-5
+- Bump release for June 2024 mass rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 20 2023 Attila Lakatos <alakatos@redhat.com> - 1.11.0-1
+- rebase to 1.11.0
+  resolves: rhbz#2159703
+- enable openssl
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon Mar 08 2021 Attila Lakatos <alakatos@redhat.com> - 1.10.0-1
+- rebase to 1.10.0
+  resolves: rhbz#1929153
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Sep 18 2020 Attila Lakatos <alakatos@redhat.com> - 1.9.0-1
+- rebase to 1.9.0
+  resolves: rhbz#1883471
+
+* Tue Sep 08 2020 Attila Lakatos <alakatos@redhat.com> - 1.7.0-1
+- rebase to 1.7.0
+  resolves: rhbz#1826269
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Feb 03 2020 Jiri Vymazal <jvymazal@redhat.com> - 1.5.0-1
+- rebase to 1.5.0
+  resolves: rhbz#1790820
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed Jul 10 2019 Jiri Vymazal <jvymazal@redhat.com> - 1.4.0-1
+- rebase to 1.4.0
+  resolves: rhbz#1425638
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jul 02 2018 Radovan Sroka <rsroka@redhat.com> - 1.2.16-1
 - rebase to 1.2.16
-  resolves: rhbz#1613876
 
 * Mon Mar 26 2018 Radovan Sroka <rsroka@redhat.com> - 1.2.15-1
 - rebase to 1.2.15

sources

@@ -1 +1 @@
-SHA512 (librelp-1.9.0.tar.gz) = 3cb8cf2707cff662bd0b9100c737458b6b96820db7e362094c77cdb50455fcb944d7760921e0b758a3a6cd15d685f488a976fe909de034c289635c660caae723
+SHA512 (librelp-1.11.0.tar.gz) = e93cbc12fb6e596762c351cdfa3293fea89dd8cf90de4f890771216b56c3f66e3578fefea447d4ca9f754f146712481e7bab9a831f16fcf0cd15b10d475925bc