Wednesday, July 31, 2024

Re: [update] rsyslog version 8.24.04.0

On Fri, Jul 19, 2024 at 05:09:15PM +0200, Remi Locherer wrote:
> On Mon, Jul 15, 2024 at 01:45:32PM +0100, Stuart Henderson wrote:
> > On 2024/07/14 21:08, Remi Locherer wrote:
> > > -V = 8.2208.0
> > > +V = 8.2404.0
> > > DISTNAME = rsyslog-$V
> > > PKGNAME-main = rsyslog-$V
> > > PKGNAME-mysql = rsyslog-mysql-$V
> > > @@ -22,8 +22,6 @@ REVISION-pgsql = 0
> >
> > There are some REVISION-* to remove too.
> >
> > > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > > +++ patches/patch-runtime_net_ossl_c 20 May 2024 19:52:41 -0000
> > > @@ -0,0 +1,24 @@
> > > +LibreSSL does not support SSL_CONF_CTX.
> > > +This patch is already present in rsyslog master and will most likely
> > > +ship with a future version.
> >
> > I'm not sure if this is quite enough. It removes the
> > net_ossl_apply_tlscgfcmd function but not the prototype, and it's still
> > referenced later in the BEGINobjQueryInterface(net_ossl) bits below in
> > that file,
> >
> > ...
> > 1196 pIf->osslGetpeercert = net_ossl_getpeercert;
> > 1197 pIf->osslChkpeercertvalidity = net_ossl_chkpeercertvalidity;
> > 1198 pIf->osslApplyTlscgfcmd = net_ossl_apply_tlscgfcmd;
> > 1199 pIf->osslSetBioCallback = net_ossl_set_bio_callback;
> > ...
> >
> > I think rsyslog will probably crash if any functions using that are
> > called.
> >
> > Is there anyone reading who uses the rsyslog port with TLS who could
> > check runtime?
> >
>
> Indeed! Rsyslogd does not crash but it fails to load the lmnsd_ossl module:
>
> 0985.329403000:main thread : modules.c: loading module '/usr/local/lib/rsyslog/lmnsd_ossl.so'
> rsyslogd:/usr/local/lib/rsyslog/lmnsd_ossl.so: undefined symbol 'net_ossl_apply_tlscgfcmd'
>

With the below I could transmit a log message using the ossl module.
I also removed the revision lines from the makefile.

OK?

Remi


--- sysutils/rsyslog/Makefile
+++ sysutils/rsyslog/Makefile
@@ -6,7 +6,7 @@ COMMENT-elasticsearch = Elasticsearch plugin for rsysl

MULTI_PACKAGES = -main -mysql -normalize -pgsql -elasticsearch

-V = 8.2208.0
+V = 8.2404.0
DISTNAME = rsyslog-$V
PKGNAME-main = rsyslog-$V
PKGNAME-mysql = rsyslog-mysql-$V
@@ -14,16 +14,9 @@ PKGNAME-normalize = rsyslog-normalize-$V
PKGNAME-pgsql = rsyslog-pgsql-$V
PKGNAME-elasticsearch = rsyslog-elasticsearch-$V
CATEGORIES = sysutils
-REVISION-elasticsearch =0
-REVISION-main = 0
-REVISION-mysql = 0
-REVISION-normalize = 0
-REVISION-pgsql = 0

HOMEPAGE = https://www.rsyslog.com/

-MAINTAINER = Remi Locherer <remi@openbsd.org>
-
# GPLv3+
PERMIT_PACKAGE = Yes

@@ -32,7 +25,7 @@ COMPILER = base-clang ports-gcc base-gcc
WANTLIB-main += c crypto curl estr fastjson gcrypt gmp gnutls
WANTLIB-main += gpg-error hogweed iconv idn2 intl m nettle nghttp2
WANTLIB-main += p11-kit pthread relp ssl tasn1 unistring uuid z
-WANTLIB-main += brotlidec brotlienc execinfo zstd
+WANTLIB-main += execinfo nghttp3 ngtcp2 ngtcp2_crypto_quictls

WANTLIB-mysql += crypto m mariadb pthread ssl z

@@ -41,6 +34,7 @@ WANTLIB-normalize += estr fastjson lognorm pthread
WANTLIB-pgsql += crypto m pq pthread ssl

WANTLIB-elasticsearch += crypto curl m nghttp2 pthread ssl z
+WANTLIB-elasticsearch += nghttp3 ngtcp2 ngtcp2_crypto_quictls

LIB_DEPENDS-main = devel/libfastjson \
devel/libestr \
--- sysutils/rsyslog/distinfo
+++ sysutils/rsyslog/distinfo
@@ -1,2 +1,2 @@
-SHA256 (rsyslog-8.2208.0.tar.gz) = FN5o57jlqwxdc0+C4tyf/yLNf0cQrWkHJ+sQp7mz314=
-SIZE (rsyslog-8.2208.0.tar.gz) = 3262298
+SHA256 (rsyslog-8.2404.0.tar.gz) = MFKNFA7BsfB5IkCB+jffbgZYf/QrAuPmHy2qBSbFTTM=
+SIZE (rsyslog-8.2404.0.tar.gz) = 3408657
--- /dev/null
+++ sysutils/rsyslog/patches/patch-runtime_net_ossl_c
@@ -0,0 +1,46 @@
+LibreSSL does not support SSL_CONF_cmd.
+This is already present in rsyslog master and will most likely ship
+with a future version.
+https://github.com/rsyslog/rsyslog/commit/b79fd513271bdd02d8a37fa4197d2f293aaf6d11
+
+Index: runtime/net_ossl.c
+--- runtime/net_ossl.c.orig
++++ runtime/net_ossl.c
+@@ -59,7 +59,9 @@ void net_ossl_set_ssl_verify_callback(SSL *pSsl, int f
+ void net_ossl_set_ctx_verify_callback(SSL_CTX *pCtx, int flags);
+ void net_ossl_set_bio_callback(BIO *conn);
+ int net_ossl_verify_callback(int status, X509_STORE_CTX *store);
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd);
++

No comments:

Post a Comment