import librelp-1.10.0-4.el9

3 years ago · 6380997183
commit 6380997183
5 changed files with 309 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 SOURCES/librelp-1.10.0.tar.gz
--- a/.librelp.metadata
+++ b/.librelp.metadata
@ -0,0 +1 @@
 595a718aabe368762d2c14512956bf94364da489 SOURCES/librelp-1.10.0.tar.gz
--- a/SOURCES/librelp-1.10.0-crypto-compliance.patch
+++ b/SOURCES/librelp-1.10.0-crypto-compliance.patch
@ -0,0 +1,88 @@
 diff -up librelp-1.10.0/src/tcp.c.crypto-compliance librelp-1.10.0/src/tcp.c
 --- librelp-1.10.0/src/tcp.c.crypto-compliance	2021-02-16 09:07:24.000000000 +0100
 +++ librelp-1.10.0/src/tcp.c	2021-08-17 10:13:53.368936612 +0200
@@ -1155,32 +1155,8 @@ static relpRetVal LIBRELP_ATTR_NONNULL()
 relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis)
 {
 	int r;
 -	char pristringBuf[4096];
 -	char *pristring;
 	ENTER_RELPFUNC;
 -	/* Set default priority string (in simple cases where the user does not care...) */
 -	if(pThis->pristring == NULL) {
 -		if (pThis->authmode == eRelpAuthMode_None) {
 -			if(pThis->bEnableTLSZip) {
 -				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
 -			} else {
 -				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
 -			}
 -			pristringBuf[sizeof(pristringBuf)-1] = '\0';
 -			pristring = pristringBuf;
 -			r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
 -		} else {
 -			r = gnutls_set_default_priority(pThis->session);
 -			strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf));
 -			pristringBuf[sizeof(pristringBuf)-1] = '\0';
 -			pristring = pristringBuf;
 -		}
 -
 -	} else {
 -		pristring = pThis->pristring;
 -		r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
 -	}
 -
 +	r = gnutls_set_default_priority(pThis->session);
 	if(r == GNUTLS_E_INVALID_REQUEST) {
 		ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
 	} else if(r != GNUTLS_E_SUCCESS) {
@@ -1188,7 +1164,7 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const
 	}
 finalize_it:
 -	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
 +	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers to system default iRet=%d\n", iRet);
 	if(iRet != RELP_RET_OK) {
 		chkGnutlsCode(pThis, "Failed to set GnuTLS priority", iRet, r);
@@ -1207,38 +1183,15 @@ relpTcpTLSSetPrio_gtls(LIBRELP_ATTR_UNUS
 static relpRetVal LIBRELP_ATTR_NONNULL()
 relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
 {
 -	char pristringBuf[4096];
 -	char *pristring;
 	ENTER_RELPFUNC;
 -	/* Compute priority string (in simple cases where the user does not care...) */
 -	if(pThis->pristring == NULL) {
 -		if (pThis->authmode == eRelpAuthMode_None) {
 -			#if OPENSSL_VERSION_NUMBER >= 0x10100000L \
 -				&& !defined(LIBRESSL_VERSION_NUMBER)
 -			 /* NOTE: do never use: +eNULL, it DISABLES encryption! */
 -			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
 -				sizeof(pristringBuf));
 -			#else
 -			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",
 -				sizeof(pristringBuf));
 -			#endif
 -		} else {
 -			strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf));
 -		}
 -		pristringBuf[sizeof(pristringBuf)-1] = '\0';
 -		pristring = pristringBuf;
 -	} else {
 -		/* We use custom CipherString if used sets it by SslConfCmd */
 -		pristring = pThis->pristring;
 -	}
 -	if ( SSL_set_cipher_list(pThis->ssl, pristring) == 0 ){
 -		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers '%s'\n", pristring);
 +	if (SSL_set_cipher_list(pThis->ssl, "PROFILE=SYSTEM") == 0){
 +		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers to system default\n");
 		ABORT_FINALIZE(RELP_RET_ERR_TLS_SETUP);
 	}
 finalize_it:
 -	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
 +	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers to system default iRet=%d\n", iRet);
 	LEAVE_RELPFUNC;
 }
 #else
--- a/SOURCES/librelp-1.10.0-rhbz1972067-relpEngineSetTLSLibByName.patch
+++ b/SOURCES/librelp-1.10.0-rhbz1972067-relpEngineSetTLSLibByName.patch
@ -0,0 +1,15 @@
 diff -up librelp-1.10.0/src/relp.c.orig librelp-1.10.0/src/relp.c
 --- librelp-1.10.0/src/relp.c.orig	2021-08-17 08:33:12.416786299 +0200
 +++ librelp-1.10.0/src/relp.c	2021-08-17 08:33:45.070119507 +0200
@@ -385,9 +385,9 @@ relpEngineSetTLSLibByName(relpEngine_t *
 	}
 	if(!strcasecmp(name, "gnutls")) {
 -		relpEngineSetTLSLib(pThis, RELP_USE_GNUTLS);
 +		CHKRet(relpEngineSetTLSLib(pThis, RELP_USE_GNUTLS));
 	}else if(!strcasecmp(name, "openssl")) {
 -		relpEngineSetTLSLib(pThis, RELP_USE_OPENSSL);
 +		CHKRet(relpEngineSetTLSLib(pThis, RELP_USE_OPENSSL));
 	} else {
 		relpEngineCallOnGenericErr(pThis, "librelp", RELP_RET_PARAM_ERROR,
 				"invalid tls lib '%s' requested; this version of "
--- a/SPECS/librelp.spec
+++ b/SPECS/librelp.spec
@ -0,0 +1,204 @@
 Summary: The Reliable Event Logging Protocol library
 Name: librelp
 Version: 1.10.0
 Release: 4%{?dist}
 License: GPLv3+
 URL: http://www.rsyslog.com/
 Source0: http://download.rsyslog.com/%{name}/%{name}-%{version}.tar.gz
 BuildRequires: gnutls-devel >= 1.4.0
 Patch0: librelp-1.10.0-rhbz1972067-relpEngineSetTLSLibByName.patch
 Patch1: librelp-1.10.0-crypto-compliance.patch
 %description
 Librelp is an easy to use library for the RELP protocol. RELP (stands
 for Reliable Event Logging Protocol) is a general-purpose, extensible
 logging protocol.
 %package devel
 Summary: Development files for the %{name} package
 Requires: %{name} = %{version}-%{release}
 Requires: pkgconfig
 Requires: openssl-libs
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: libtool
 BuildRequires: make
 BuildRequires: openssl-devel
 %description devel
 Librelp is an easy to use library for the RELP protocol. The
 librelp-devel package contains the header files and libraries needed
 to develop applications using librelp.
 %prep
 %setup -q
 %patch0 -p1 -b .tls-by-name
 %patch1 -p1 -b .crypto-compliance
 %build
 autoreconf -ivf
 %configure --disable-static
 make %{?_smp_mflags}
 %install
 rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=$RPM_BUILD_ROOT
 rm $RPM_BUILD_ROOT/%{_libdir}/*.la
 %ldconfig_scriptlets
 %files
 %doc AUTHORS COPYING NEWS README doc/*html
 %{_libdir}/librelp.so.*
 %files devel
 %{_includedir}/*
 %{_libdir}/librelp.so
 %{_libdir}/pkgconfig/relp.pc
 %changelog
 * Fri Aug 06 2021 Attila Lakatos <alakatos@redhat.com> - 1.10.0-4
 - Replace GNUTLS_SHUT_RDWR by GNUTLS_SHUT_WR when ending TLS connections
  resolves: rhbz#1990735
 - Add patch to comply with crypto policies
 - Forward return code from relpEngineSetTLSLib to relpEngineSetTLSLibByName
 - Enable openssl
  resolves: rhbz#1972067
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.10.0-3
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.10.0-2
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Mon Mar 08 2021 Attila Lakatos <alakatos@redhat.com> - 1.10.0-1
 - rebase to 1.10.0
  resolves: rhbz#1929153
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Fri Sep 18 2020 Attila Lakatos <alakatos@redhat.com> - 1.9.0-1
 - rebase to 1.9.0
  resolves: rhbz#1883471
 * Tue Sep 08 2020 Attila Lakatos <alakatos@redhat.com> - 1.7.0-1
 - rebase to 1.7.0
  resolves: rhbz#1826269
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Feb 03 2020 Jiri Vymazal <jvymazal@redhat.com> - 1.5.0-1
 - rebase to 1.5.0
  resolves: rhbz#1790820
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Wed Jul 10 2019 Jiri Vymazal <jvymazal@redhat.com> - 1.4.0-1
 - rebase to 1.4.0
  resolves: rhbz#1425638
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Mon Jul 02 2018 Radovan Sroka <rsroka@redhat.com> - 1.2.16-1
 - rebase to 1.2.16
 * Mon Mar 26 2018 Radovan Sroka <rsroka@redhat.com> - 1.2.15-1
 - rebase to 1.2.15
 - fixed CVE-2018-1000140
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Fri Jun 02 2017 Radovan Sroka <rsroka@redhat.com> - 1.2.14-1
 - rebase to 1.2.14
 * Thu Feb 23 2017 Jiri Vymazal <jvymazal@redhat.com> - 1.2.13-1
 - rebase to 1.2.13
  resolves: rhbz#1425638
 - added patch for GnuTLS crypto-policy adherence
  resolves: rhbz#1179317
 - added autoconf, automake and libtool because package
  has patches now
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.12-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 * Tue Sep 27 2016 Radovan Sroka <rsroka@redhat.com> 1.2.12-1
 - rebase to 1.2.12
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.7-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.7-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.7-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.7-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 * Fri May 16 2014 Tomas Heinrich <theinric@redhat.com> - 1.2.7-1
 - rebase to 1.2.7
 * Thu Mar 27 2014 François Cami <fcami@fedoraproject.org> - 1.2.5-1
 - rebase to 1.2.5
 * Wed Jul 31 2013 Tomas Heinrich <theinric@redhat.com> - 1.2.0-1
 - rebase to 1.2.0
 - add gnutls-devel to BuildRequires
 * Wed Apr 10 2013 Tomas Heinrich <theinric@redhat.com> - 1.0.3-1
 - rebase to 1.0.3
 * Thu Apr 04 2013 Tomas Heinrich <theinric@redhat.com> - 1.0.2-1
 - rebase to 1.0.2
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 * Wed Nov 21 2012 Tomas Heinrich <theinric@redhat.com> - 1.0.1-1
 - upgrade to upstream version 1.0.1
 * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 * Thu Jul 15 2010 Tomas Heinrich <theinric@redhat.com> - 1.0.0-1
 - upgrade to upstream version 1.0.0
 * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
 * Wed May  7 2008 Tomas Heinrich <theinric@redhat.com> 0.1.1-2
 - removed "BuildRequires: autoconf automake"
 * Tue Apr 29 2008 Tomas Heinrich <theinric@redhat.com> 0.1.1-1
 - initial build
		`@ -0,0 +1 @@`
							`595a718aabe368762d2c14512956bf94364da489 SOURCES/librelp-1.10.0.tar.gz`