On Sat, Feb 29, 2020 at 10:44:31PM +0000, Stuart Henderson wrote:
> On 2020/02/29 22:04, Remi Locherer wrote:
> > librelp version 1.5.0 was released in January 2020. According to the
> > changelog it contains mostly bug fixes.
> > --> https://github.com/rsyslog/librelp/blob/master/ChangeLog
> >
> > This release also introduces the usage of OpenSSL's SSL_CONF_cmd API.
> > --> https://github.com/rsyslog/librelp/blob/master/ChangeLog
> > This is a bit problematic since LibreSSL is not providing this API.
> > Are there better approaches for this issue than my patch?
> >
> > I verified on amd64 that rsyslog from ports can send and receive messages
> > via imrelp and omrelp with librelp 1.5.0.
> >
> > Comments? OKs?
>
> The common (and more easily greppable) way to do this is to use
> "&& !defined(LIBRESSL_VERSION_NUMBER)" in the patch rather than replacing
> with #if 0.
>
Ah yes, that looks better. Updated diff below.
Index: Makefile
===================================================================
RCS file: /cvs/ports/sysutils/librelp/Makefile,v
retrieving revision 1.15
diff -u -p -r1.15 Makefile
--- Makefile 12 Jul 2019 20:49:45 -0000 1.15
+++ Makefile 29 Feb 2020 18:52:48 -0000
@@ -2,9 +2,9 @@
COMMENT = reliable event logging protocol library
-DISTNAME = librelp-1.4.0
+DISTNAME = librelp-1.5.0
-SHARED_LIBS += relp 3.0 # 5.0
+SHARED_LIBS += relp 3.1 # 5.0
CATEGORIES = sysutils
Index: distinfo
===================================================================
RCS file: /cvs/ports/sysutils/librelp/distinfo,v
retrieving revision 1.7
diff -u -p -r1.7 distinfo
--- distinfo 4 May 2019 20:16:42 -0000 1.7
+++ distinfo 29 Feb 2020 13:47:21 -0000
@@ -1,2 +1,2 @@
-SHA256 (librelp-1.4.0.tar.gz) = XNAs5+3i/qA35lzFOJ5B3embabHfmEtCwUAp5gu53QU=
-SIZE (librelp-1.4.0.tar.gz) = 519235
+SHA256 (librelp-1.5.0.tar.gz) = aShO8aBRqywvd2WVjoR77x/POPR+sbA3LGX2PwPIOV4=
+SIZE (librelp-1.5.0.tar.gz) = 521793
Index: patches/patch-src_tcp_c
===================================================================
RCS file: /cvs/ports/sysutils/librelp/patches/patch-src_tcp_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-src_tcp_c
--- patches/patch-src_tcp_c 4 May 2019 20:16:42 -0000 1.1
+++ patches/patch-src_tcp_c 1 Mar 2020 13:50:02 -0000
@@ -1,22 +1,26 @@
$OpenBSD: patch-src_tcp_c,v 1.1 2019/05/04 20:16:42 remi Exp $
-LibreSSL has no support for @SECLEVEL
+LibreSSL has no support for @SECLEVEL and SSL_CONF_CTX_set_flags().
Index: src/tcp.c
--- src/tcp.c.orig
+++ src/tcp.c
-@@ -1183,14 +1183,8 @@ relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
+@@ -1200,7 +1200,8 @@ relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
/* Compute priority string (in simple cases where the user does not care...) */
if(pThis->pristring == NULL) {
if (pThis->authmode == eRelpAuthMode_None) {
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
-- /* NOTE: do never use: +eNULL, it DISABLES encryption! */
-- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
-- sizeof(pristringBuf));
-- #else
- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",
++ #if OPENSSL_VERSION_NUMBER >= 0x10100000L \
++ && !defined(LIBRESSL_VERSION_NUMBER)
+ /* NOTE: do never use: +eNULL, it DISABLES encryption! */
+ strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
sizeof(pristringBuf));
--
No comments:
Post a Comment