diff --git a/.gitignore b/.gitignore index ff0224a..b2767df 100644 --- a/.gitignore +++ b/.gitignore @@ -98,3 +98,5 @@ rsyslog-4.6.3.tar.gz /rsyslog-doc-8.2408.0.tar.gz /rsyslog-8.2412.0.tar.gz /rsyslog-doc-8.2412.0.tar.gz +/rsyslog-8.2506.0.tar.gz +/rsyslog-doc-8.2506.0.tar.gz diff --git a/disable-openssl-engine.patch b/disable-openssl-engine.patch deleted file mode 100644 index 20ba01e..0000000 --- a/disable-openssl-engine.patch +++ /dev/null @@ -1,60 +0,0 @@ -diff -up rsyslog-8.2412.0/runtime/net_ossl.c.orig rsyslog-8.2412.0/runtime/net_ossl.c ---- rsyslog-8.2412.0/runtime/net_ossl.c.orig 2024-11-27 13:05:51.327988286 +0100 -+++ rsyslog-8.2412.0/runtime/net_ossl.c 2024-11-27 13:06:26.806335104 +0100 -@@ -220,6 +220,7 @@ osslGlblInit(void) - ERR_load_crypto_strings(); - #endif - -+#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM - PRAGMA_DIAGNOSTIC_PUSH - PRAGMA_IGNORE_Wdeprecated_declarations - -@@ -244,6 +245,8 @@ PRAGMA_IGNORE_Wdeprecated_declarations - // Free the engine reference when done - ENGINE_free(osslEngine); - PRAGMA_DIAGNOSTIC_POP -+#endif -+ - } - - /* globally de-initialize OpenSSL */ -@@ -251,7 +254,9 @@ void - osslGlblExit(void) - { - DBGPRINTF("openssl: entering osslGlblExit\n"); -+ #ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM - ENGINE_cleanup(); -+ #endif - ERR_free_strings(); - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); -@@ -1149,6 +1154,7 @@ net_ossl_init_engine(__attribute__((unus - const char *engine_id = NULL; - const char *engine_name = NULL; - -+#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM - PRAGMA_DIAGNOSTIC_PUSH - PRAGMA_IGNORE_Wdeprecated_declarations - // Get the default RSA engine -@@ -1189,7 +1195,7 @@ PRAGMA_IGNORE_Wdeprecated_declarations - DBGPRINTF("net_ossl_init_engine: use openssl default Engine"); - } - PRAGMA_DIAGNOSTIC_POP -- -+#endif // ENABLE_OPENSSL_ENGINES_DOWNSTREAM - RETiRet; - } - -diff -up rsyslog-8.2412.0/runtime/net_ossl.h.orig rsyslog-8.2412.0/runtime/net_ossl.h ---- rsyslog-8.2412.0/runtime/net_ossl.h.orig 2024-11-27 13:06:01.138084180 +0100 -+++ rsyslog-8.2412.0/runtime/net_ossl.h 2024-11-27 13:06:30.536372456 +0100 -@@ -31,7 +31,9 @@ - #if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) - # include - #endif -+#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM - #include -+#endif - #include - #include - diff --git a/openssl-disable-engines.patch b/openssl-disable-engines.patch new file mode 100644 index 0000000..877f0a4 --- /dev/null +++ b/openssl-disable-engines.patch @@ -0,0 +1,62 @@ +diff --git a/plugins/imdtls/imdtls.c b/plugins/imdtls/imdtls.c +index f90e8ad61c..bfb63452c7 100644 +--- a/plugins/imdtls/imdtls.c ++++ b/plugins/imdtls/imdtls.c +@@ -41,7 +41,9 @@ + #if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) + # include + #endif +-#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + // --- + + #include "rsyslog.h" +diff --git a/plugins/omdtls/omdtls.c b/plugins/omdtls/omdtls.c +index 2b28908030..693ff99c77 100644 +--- a/plugins/omdtls/omdtls.c ++++ b/plugins/omdtls/omdtls.c +@@ -52,7 +52,9 @@ + #if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) + # include + #endif +-#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + // --- + + // Include rsyslog headers +diff --git a/runtime/net_ossl.h b/runtime/net_ossl.h +index af36ffe488..d66a422d4d 100644 +--- a/runtime/net_ossl.h ++++ b/runtime/net_ossl.h +@@ -31,7 +31,9 @@ + #if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) + # include + #endif +-#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + #include + #include + +diff --git a/tests/tcpflood.c b/tests/tcpflood.c +index 4b2d98b2c8..7322aeb135 100644 +--- a/tests/tcpflood.c ++++ b/tests/tcpflood.c +@@ -129,8 +129,10 @@ + #ifdef ENABLE_OPENSSL + #include + #include +- #include +- #include ++ #include ++# ifndef OPENSSL_NO_ENGINE ++# include ++# endif + + /* OpenSSL API differences */ + #if OPENSSL_VERSION_NUMBER >= 0x10100000L diff --git a/openssl3-compatibility.patch b/openssl3-compatibility.patch deleted file mode 100644 index c86fe23..0000000 --- a/openssl3-compatibility.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c ---- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig 2021-06-01 09:29:27.976842727 +0200 -+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c 2021-06-01 09:31:05.232015887 +0200 -@@ -353,65 +353,6 @@ static int verify_callback(int preverify - return preverify_ok; - } - --// This was introduced in v1.1 --#if OPENSSL_VERSION_NUMBER < 0x10100000 --int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) --{ -- dh->p = p; -- dh->q = q; -- dh->g = g; -- return 1; --} --#endif -- --// this code was generated using the command: --// "openssl dhparam -C -2 2048" --static DH *get_dh2048(void) --{ -- static const unsigned char dhp_2048[]={ -- 0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81, -- 0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9, -- 0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C, -- 0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E, -- 0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2, -- 0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E, -- 0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44, -- 0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF, -- 0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE, -- 0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB, -- 0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2, -- 0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A, -- 0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF, -- 0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88, -- 0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C, -- 0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C, -- 0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9, -- 0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2, -- 0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0, -- 0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B, -- 0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0, -- 0x23,0x1C,0x09,0x33, -- }; -- static const unsigned char dhg_2048[]={ -- 0x02, -- }; -- DH *dh = DH_new(); -- BIGNUM *dhp_bn, *dhg_bn; -- -- if (dh == NULL) -- return NULL; -- dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL); -- dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL); -- if (dhp_bn == NULL || dhg_bn == NULL -- || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { -- DH_free(dh); -- BN_free(dhp_bn); -- BN_free(dhg_bn); -- return NULL; -- } -- return dh; --} -- - typedef struct { - char *id; - SSL_SESSION *session; -@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_ - domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx); - # endif - -- DH *dh = get_dh2048(); -- if (dh) { -- SSL_CTX_set_tmp_dh(domain->ctx, dh); -- DH_free(dh); -- SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE); -- } -- - return true; - } - diff --git a/rsyslog.spec b/rsyslog.spec index 7458fe7..f3beaac 100644 --- a/rsyslog.spec +++ b/rsyslog.spec @@ -36,8 +36,8 @@ Summary: Enhanced system logging and kernel message trapping daemon Name: rsyslog -Version: 8.2412.0 -Release: 2%{?dist} +Version: 8.2506.0 +Release: 1%{?dist} License: GPL-3.0-or-later AND Apache-2.0 URL: http://www.rsyslog.com/ Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz @@ -70,7 +70,7 @@ BuildRequires: systemd-rpm-macros BuildRequires: zlib-devel BuildRequires: libcap-ng-devel -Patch0: disable-openssl-engine.patch +Patch0: openssl-disable-engines.patch Recommends: logrotate Obsoletes: rsyslog-logrotate < 8.2310.0-2 @@ -771,6 +771,13 @@ done %changelog +* Thu Jun 12 2025 Attila Lakatos - 8.2506.0-1 +- Rebase to 8.2506.0 +- imuxsock: track dropped messages by ratelimiting + Resolves: RHEL-96589 +- man page version update + Resolves: RHEL-96592 + * Tue May 06 2025 Attila Lakatos - 8.2412.0-2 - Add tmpfiles.d configuration Resolves: RHEL-89795 diff --git a/sources b/sources index 380a910..2bf3d39 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ +SHA512 (rsyslog-8.2506.0.tar.gz) = 82fd3a3e76217081c7903b0bdb8bdb46c23657593d84d5ff7f836efca4c76d7d2870706150a6473c0667f0c8571a3c8e5d237619a3ad3940701925efaec32941 +SHA512 (rsyslog-doc-8.2506.0.tar.gz) = 49db24f5905e4c48ab198358a646d105d0b10c23c7b9ea27d26baa533506e21420829a62acf52f4d34b56250d30988c1f8ab2d6798b3a416b0692c1fcf3c538d SHA512 (qpid-proton-0.39.0.tar.gz) = df5c5469ee82ba02de62dce15b73b81aab2aae07c7db668182df690cea4ff7584111bd12143fe5e3569469a9ddf4950ac68d60b53d1a7815da4748052948cd1b -SHA512 (rsyslog-8.2412.0.tar.gz) = fdd8bb096c9578fe2c4ed8cdb13179d7b3333d0f9be1b2c921b5b040f1e1414c3f9f8106e44444aaefba22f235a44d17c0c5b80cd114fe540a2aebb30e3eba72 -SHA512 (rsyslog-doc-8.2412.0.tar.gz) = 9b5d453b5774b027a6a4ba232133953d8a8058df4bfff31f835504656d7b01008cec5c0d28667bed0052799cf7389c0bafea7c76c3190bdcdf3d8a2eedf19b4e