218 lines
8.5 KiB
Diff
218 lines
8.5 KiB
Diff
From 183c42e488eb15784e26e69daf7041a3cf39d71d Mon Sep 17 00:00:00 2001
|
|
From: alakatos <alakatos@redhat.com>
|
|
Date: Fri, 28 Jul 2023 11:13:28 +0200
|
|
Subject: [PATCH] Add back CAP_NEW_RAW capability due to omudpspoof resolves:
|
|
rhbz#2216919
|
|
|
|
---
|
|
.gitignore | 1 +
|
|
openssl3-compatibility.patch | 83 -------------------
|
|
...og-8.2102.0-libcapng-no-cap-support2.patch | 11 +++
|
|
rsyslog.spec | 20 +++--
|
|
sources | 2 +-
|
|
5 files changed, 26 insertions(+), 91 deletions(-)
|
|
delete mode 100644 openssl3-compatibility.patch
|
|
create mode 100644 rsyslog-8.2102.0-libcapng-no-cap-support2.patch
|
|
|
|
diff --git a/.gitignore b/.gitignore
|
|
index 6f6bb6c..590f63b 100644
|
|
--- a/.gitignore
|
|
+++ b/.gitignore
|
|
@@ -81,3 +81,4 @@ rsyslog-4.6.3.tar.gz
|
|
/rsyslog-8.2102.0.tar.gz
|
|
/rsyslog-doc-8.2102.0.tar.gz
|
|
/qpid-proton-0.34.0.tar.gz
|
|
+/qpid-proton-0.39.0.tar.gz
|
|
diff --git a/openssl3-compatibility.patch b/openssl3-compatibility.patch
|
|
deleted file mode 100644
|
|
index c86fe23..0000000
|
|
--- a/openssl3-compatibility.patch
|
|
+++ /dev/null
|
|
@@ -1,83 +0,0 @@
|
|
-diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c
|
|
---- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig 2021-06-01 09:29:27.976842727 +0200
|
|
-+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c 2021-06-01 09:31:05.232015887 +0200
|
|
-@@ -353,65 +353,6 @@ static int verify_callback(int preverify
|
|
- return preverify_ok;
|
|
- }
|
|
-
|
|
--// This was introduced in v1.1
|
|
--#if OPENSSL_VERSION_NUMBER < 0x10100000
|
|
--int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
|
--{
|
|
-- dh->p = p;
|
|
-- dh->q = q;
|
|
-- dh->g = g;
|
|
-- return 1;
|
|
--}
|
|
--#endif
|
|
--
|
|
--// this code was generated using the command:
|
|
--// "openssl dhparam -C -2 2048"
|
|
--static DH *get_dh2048(void)
|
|
--{
|
|
-- static const unsigned char dhp_2048[]={
|
|
-- 0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81,
|
|
-- 0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9,
|
|
-- 0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C,
|
|
-- 0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E,
|
|
-- 0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2,
|
|
-- 0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E,
|
|
-- 0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44,
|
|
-- 0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF,
|
|
-- 0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE,
|
|
-- 0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB,
|
|
-- 0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2,
|
|
-- 0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A,
|
|
-- 0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF,
|
|
-- 0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88,
|
|
-- 0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C,
|
|
-- 0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C,
|
|
-- 0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9,
|
|
-- 0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2,
|
|
-- 0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0,
|
|
-- 0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B,
|
|
-- 0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0,
|
|
-- 0x23,0x1C,0x09,0x33,
|
|
-- };
|
|
-- static const unsigned char dhg_2048[]={
|
|
-- 0x02,
|
|
-- };
|
|
-- DH *dh = DH_new();
|
|
-- BIGNUM *dhp_bn, *dhg_bn;
|
|
--
|
|
-- if (dh == NULL)
|
|
-- return NULL;
|
|
-- dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
|
|
-- dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
|
|
-- if (dhp_bn == NULL || dhg_bn == NULL
|
|
-- || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
|
|
-- DH_free(dh);
|
|
-- BN_free(dhp_bn);
|
|
-- BN_free(dhg_bn);
|
|
-- return NULL;
|
|
-- }
|
|
-- return dh;
|
|
--}
|
|
--
|
|
- typedef struct {
|
|
- char *id;
|
|
- SSL_SESSION *session;
|
|
-@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_
|
|
- domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
|
|
- # endif
|
|
-
|
|
-- DH *dh = get_dh2048();
|
|
-- if (dh) {
|
|
-- SSL_CTX_set_tmp_dh(domain->ctx, dh);
|
|
-- DH_free(dh);
|
|
-- SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE);
|
|
-- }
|
|
--
|
|
- return true;
|
|
- }
|
|
-
|
|
diff --git a/rsyslog-8.2102.0-libcapng-no-cap-support2.patch b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
|
|
new file mode 100644
|
|
index 0000000..91ef39c
|
|
--- /dev/null
|
|
+++ b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
|
|
@@ -0,0 +1,11 @@
|
|
+diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
|
|
+--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-07-28 11:11:36.253771848 +0200
|
|
++++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-07-28 11:11:57.628795339 +0200
|
|
+@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
|
|
+ capabilities_t capabilities[] = {
|
|
+ #define CAP_FIELD(code) { code, #code, 0 }
|
|
+ CAP_FIELD(CAP_BLOCK_SUSPEND),
|
|
++ CAP_FIELD(CAP_NET_RAW),
|
|
+ CAP_FIELD(CAP_CHOWN),
|
|
+ CAP_FIELD(CAP_IPC_LOCK),
|
|
+ CAP_FIELD(CAP_LEASE),
|
|
diff --git a/rsyslog.spec b/rsyslog.spec
|
|
index d1d290c..f5b4183 100644
|
|
--- a/rsyslog.spec
|
|
+++ b/rsyslog.spec
|
|
@@ -5,7 +5,7 @@
|
|
Summary: Enhanced system logging and kernel message trapping daemon
|
|
Name: rsyslog
|
|
Version: 8.2102.0
|
|
-Release: 116%{?dist}
|
|
+Release: 117%{?dist}
|
|
License: (GPLv3+ and ASL 2.0)
|
|
URL: http://www.rsyslog.com/
|
|
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
|
|
@@ -16,7 +16,7 @@ Source4: rsyslog.log
|
|
Source5: rsyslog.service
|
|
# Add qpid-proton as another source, enable omamqp1 module in a
|
|
# separatae sub-package with it statically linked(see rhbz#1713427)
|
|
-Source6: qpid-proton-0.34.0.tar.gz
|
|
+Source6: qpid-proton-0.39.0.tar.gz
|
|
|
|
Patch0: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
|
|
Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
|
|
@@ -50,6 +50,7 @@ Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch
|
|
Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch
|
|
Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
|
|
Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
|
|
+Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch
|
|
|
|
BuildRequires: make
|
|
BuildRequires: gcc
|
|
@@ -317,10 +318,11 @@ mv build doc
|
|
%patch29 -p1 -b .es-doc
|
|
%patch30 -p1
|
|
%patch31 -p1
|
|
+%patch32 -p1
|
|
|
|
-pushd ..
|
|
-%patch9 -p1 -b .openssl-compatibility
|
|
-popd
|
|
+# pushd ..
|
|
+# %patch9 -p1 -b .openssl-compatibility
|
|
+# popd
|
|
|
|
%build
|
|
# Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags
|
|
@@ -338,7 +340,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
|
|
%endif
|
|
# build the proton first
|
|
(
|
|
- cd %{_builddir}/qpid-proton-0.34.0
|
|
+ cd %{_builddir}/qpid-proton-0.39.0
|
|
mkdir bld
|
|
cd bld
|
|
|
|
@@ -370,7 +372,7 @@ autoreconf -if
|
|
--prefix=/usr \
|
|
--disable-static \
|
|
--disable-testbench \
|
|
- --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \
|
|
+ --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.39.0/bld/c/include" \
|
|
--enable-elasticsearch \
|
|
--enable-generate-man-pages \
|
|
--enable-gnutls \
|
|
@@ -582,6 +584,10 @@ done
|
|
|
|
|
|
%changelog
|
|
+* Fri Jul 28 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-117
|
|
+- Add back CAP_NEW_RAW capability due to omudpspoof
|
|
+ resolves: rhbz#2216919
|
|
+
|
|
* Tue Jun 27 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-116
|
|
- libcapng: do not try to drop capabilities that are not present
|
|
- add global libcapng.default to not abort when libcapng fails
|
|
diff --git a/sources b/sources
|
|
index d12920a..0cb5e41 100644
|
|
--- a/sources
|
|
+++ b/sources
|
|
@@ -1,3 +1,3 @@
|
|
-SHA512 (qpid-proton-0.34.0.tar.gz) = 0de6c3d11baeee1d69821a0f1879a61b314f14589e02ea7ed0de8814c741217fdcafdd978b4061f73bc75588886299f4ac6808021506545ec8a883f39ad54fb3
|
|
+SHA512 (qpid-proton-0.39.0.tar.gz) = 38659682cc86bf0c910e2a707a5b166b3a7d0fb70fd83d6c5ebcaca53b2cd5a478adf36958d2c4c55a2ea6afcb9b457a12006a7967efae6ca2d0663c0febbc58
|
|
SHA512 (rsyslog-8.2102.0.tar.gz) = 281b0e5d5cb548c39a6e514e5fd5b1bdbe8ca0bdd9234f4fea581ed7679f76d2d75b65d14c3c5e799f86f91600074ff75b467aa1ff27cdbec0f4197261c5aec0
|
|
SHA512 (rsyslog-doc-8.2102.0.tar.gz) = a5dc4fb9bd8892fac693c5692b926c8d7d9fa36667d6b4c6eccba750713af88d4317f6232efc2a16de38c2e58c4a8bc4d04c9ebb2e7ebc3b0878d53eef20dd2e
|
|
--
|
|
2.41.0
|
|
|