rpms/librelp
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c8/librelp-1.2.16-1.el8
Branches Tags
rpms:c8s
rpms:c9s
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c8-beta
rpms:imports/c10s/librelp-1.11.0-7.el10
rpms:imports/c10s/librelp-1.11.0-6.el10
rpms:imports/c10s/librelp-1.11.0-5.el10
rpms:imports/c9/librelp-1.10.0-5.el9
rpms:imports/c9-beta/librelp-1.10.0-5.el9
rpms:imports/c9/librelp-1.10.0-4.el9
rpms:imports/c9-beta/librelp-1.10.0-4.el9
rpms:imports/c8/librelp-1.9.0-1.el8
rpms:imports/c8-beta/librelp-1.9.0-1.el8
rpms:imports/c8-beta/librelp-1.2.16-1.el8
rpms:imports/c8/librelp-1.2.16-1.el8
rpms:imports/c8s/librelp-1.9.0-1.el8
...
compare: rpms:c8s
Branches Tags
rpms:c9s
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8s
rpms:c8
rpms:c8-beta
rpms:imports/c10s/librelp-1.11.0-7.el10
rpms:imports/c10s/librelp-1.11.0-6.el10
rpms:imports/c10s/librelp-1.11.0-5.el10
rpms:imports/c9/librelp-1.10.0-5.el9
rpms:imports/c9-beta/librelp-1.10.0-5.el9
rpms:imports/c9/librelp-1.10.0-4.el9
rpms:imports/c9-beta/librelp-1.10.0-4.el9
rpms:imports/c8/librelp-1.9.0-1.el8
rpms:imports/c8-beta/librelp-1.9.0-1.el8
rpms:imports/c8-beta/librelp-1.2.16-1.el8
rpms:imports/c8/librelp-1.2.16-1.el8
rpms:imports/c8s/librelp-1.9.0-1.el8

No commits in common. "imports/c8/librelp-1.2.16-1.el8" and "c8s" have entirely different histories.
imports/c8 ... c8s

7 changed files with 109 additions and 33 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1 +1,2 @@
SOURCES/librelp-1.2.16.tar.gz
SOURCES/librelp-1.9.0.tar.gz
/librelp-1.9.0.tar.gz

1
.librelp.metadata
View File

@ -1 +0,0 @@
40934dba5ad2cc1184ee0a60acaf2da70dca54f4 SOURCES/librelp-1.2.16.tar.gz

28
SOURCES/librelp-1.2.13-crypto-compliance.patch
View File

@ -1,28 +0,0 @@
diff -up ./src/tcp.c.fix ./src/tcp.c
--- ./src/tcp.c.fix 2018-03-26 13:44:07.627189911 +0200
+++ ./src/tcp.c 2018-03-26 13:44:51.051915920 +0200
@@ -556,23 +556,8 @@ static relpRetVal
relpTcpTLSSetPrio(relpTcp_t *const pThis)
{
int r;
- char pristringBuf[4096];
- char *pristring;
ENTER_RELPFUNC;
- /* Compute priority string (in simple cases where the user does not care...) */
- if(pThis->pristring == NULL) {
- if(pThis->bEnableTLSZip) {
- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
- } else {
- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
- }
- pristringBuf[sizeof(pristringBuf)-1] = '\0';
- pristring = pristringBuf;
- } else {
- pristring = pThis->pristring;
- }
-
- r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
+ r = gnutls_set_default_priority(pThis->session);
if(r == GNUTLS_E_INVALID_REQUEST) {
ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
} else if(r != GNUTLS_E_SUCCESS) {

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

87
librelp-1.9.0-crypto-compliance.patch Normal file
View File

@ -0,0 +1,87 @@
diff -up librelp-1.9.0/src/tcp.c.orig librelp-1.9.0/src/tcp.c
--- librelp-1.9.0/src/tcp.c.orig 2021-04-26 12:50:02.988053548 +0200
+++ librelp-1.9.0/src/tcp.c 2021-04-26 15:12:58.292600192 +0200
@@ -1155,32 +1155,8 @@ static relpRetVal LIBRELP_ATTR_NONNULL()
relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis)
{
int r;
- char pristringBuf[4096];
- char *pristring;
ENTER_RELPFUNC;
- /* Set default priority string (in simple cases where the user does not care...) */
- if(pThis->pristring == NULL) {
- if (pThis->authmode == eRelpAuthMode_None) {
- if(pThis->bEnableTLSZip) {
- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
- } else {
- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
- }
- pristringBuf[sizeof(pristringBuf)-1] = '\0';
- pristring = pristringBuf;
- r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
- } else {
- r = gnutls_set_default_priority(pThis->session);
- strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf));
- pristringBuf[sizeof(pristringBuf)-1] = '\0';
- pristring = pristringBuf;
- }
-
- } else {
- pristring = pThis->pristring;
- r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
- }
-
+ r = gnutls_set_default_priority(pThis->session);
if(r == GNUTLS_E_INVALID_REQUEST) {
ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
} else if(r != GNUTLS_E_SUCCESS) {
@@ -1188,7 +1164,7 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const
}
finalize_it:
- pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
+ pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers to system default iRet=%d\n", iRet);
if(iRet != RELP_RET_OK) {
chkGnutlsCode(pThis, "Failed to set GnuTLS priority", iRet, r);
@@ -1207,37 +1183,15 @@ relpTcpTLSSetPrio_gtls(LIBRELP_ATTR_UNUS
static relpRetVal LIBRELP_ATTR_NONNULL()
relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
{
- char pristringBuf[4096];
- char *pristring;
ENTER_RELPFUNC;
- /* Compute priority string (in simple cases where the user does not care...) */
- if(pThis->pristring == NULL) {
- if (pThis->authmode == eRelpAuthMode_None) {
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L \
- && !defined(LIBRESSL_VERSION_NUMBER)
- /* NOTE: do never use: +eNULL, it DISABLES encryption! */
- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
- sizeof(pristringBuf));
- #else
- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",
- sizeof(pristringBuf));
- #endif
- } else {
- strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf));
- }
- pristringBuf[sizeof(pristringBuf)-1] = '\0';
- pristring = pristringBuf;
- } else {
- pristring = pThis->pristring;
- }
- if ( SSL_set_cipher_list(pThis->ssl, pristring) == 0 ){
- pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers '%s'\n", pristring);
+ if ( SSL_set_cipher_list(pThis->ssl, "PROFILE=SYSTEM") == 0 ){
+ pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers to system default\n");
ABORT_FINALIZE(RELP_RET_ERR_TLS_SETUP);
}
finalize_it:
- pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
+ pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers to system default iRet=%d\n", iRet);
LEAVE_RELPFUNC;
}
#else

16
SPECS/librelp.spec → librelp.spec
View File

@ -1,6 +1,6 @@
Summary: The Reliable Event Logging Protocol library
Name: librelp
Version: 1.2.16
Version: 1.9.0
Release: 1%{?dist}
License: GPLv3+
Group: System Environment/Libraries
@ -8,9 +8,11 @@ URL: http://www.rsyslog.com/
Source0: http://download.rsyslog.com/librelp/%{name}-%{version}.tar.gz
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
Requires: openssl-libs
BuildRequires: gnutls-devel >= 1.4.0
BuildRequires: openssl-devel
Patch0: librelp-1.2.13-crypto-compliance.patch
Patch0: librelp-1.9.0-crypto-compliance.patch
%description
Librelp is an easy to use library for the RELP protocol. RELP (stands
@ -33,7 +35,7 @@ to develop applications using librelp.
%prep
%setup -q
%patch0 -p1
%patch0 -p1 -b .crypto-compliance
%build
autoreconf -ivf
@ -65,6 +67,14 @@ fi
%{_libdir}/pkgconfig/relp.pc
%changelog
* Mon Apr 26 2021 Attila Lakatos <alakatos@redhat.com> - 1.9.0-1
- rebase to 1.9.0
- add patch to comply with crypto policies
- add support for openssl
resolves: rhbz#1932783
- Properly end TLS connections
resolves: rhbz#1886400
* Wed Aug 08 2018 Jiri Vymazal <jvymazal@redhat.com> - 1.2.16-1
- rebase to 1.2.16
resolves: rhbz#1613876

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (librelp-1.9.0.tar.gz) = 3cb8cf2707cff662bd0b9100c737458b6b96820db7e362094c77cdb50455fcb944d7760921e0b758a3a6cd15d685f488a976fe909de034c289635c660caae723