From ac8b333dec871c4c9131508000f680b988d49ed6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 9 Nov 2021 04:50:52 -0500 Subject: [PATCH] import librelp-1.9.0-1.el8 --- .gitignore | 1 + .librelp.metadata | 1 + SOURCES/librelp-1.9.0-crypto-compliance.patch | 87 +++++++++ SPECS/librelp.spec | 168 ++++++++++++++++++ 4 files changed, 257 insertions(+) create mode 100644 .gitignore create mode 100644 .librelp.metadata create mode 100644 SOURCES/librelp-1.9.0-crypto-compliance.patch create mode 100644 SPECS/librelp.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6c66c4d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/librelp-1.9.0.tar.gz diff --git a/.librelp.metadata b/.librelp.metadata new file mode 100644 index 0000000..33a6638 --- /dev/null +++ b/.librelp.metadata @@ -0,0 +1 @@ +816dffa1484746b18dfb8b9adba7d7b54d5afef3 SOURCES/librelp-1.9.0.tar.gz diff --git a/SOURCES/librelp-1.9.0-crypto-compliance.patch b/SOURCES/librelp-1.9.0-crypto-compliance.patch new file mode 100644 index 0000000..ef054cb --- /dev/null +++ b/SOURCES/librelp-1.9.0-crypto-compliance.patch @@ -0,0 +1,87 @@ +diff -up librelp-1.9.0/src/tcp.c.orig librelp-1.9.0/src/tcp.c +--- librelp-1.9.0/src/tcp.c.orig 2021-04-26 12:50:02.988053548 +0200 ++++ librelp-1.9.0/src/tcp.c 2021-04-26 15:12:58.292600192 +0200 +@@ -1155,32 +1155,8 @@ static relpRetVal LIBRELP_ATTR_NONNULL() + relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis) + { + int r; +- char pristringBuf[4096]; +- char *pristring; + ENTER_RELPFUNC; +- /* Set default priority string (in simple cases where the user does not care...) */ +- if(pThis->pristring == NULL) { +- if (pThis->authmode == eRelpAuthMode_None) { +- if(pThis->bEnableTLSZip) { +- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf)); +- } else { +- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf)); +- } +- pristringBuf[sizeof(pristringBuf)-1] = '\0'; +- pristring = pristringBuf; +- r = gnutls_priority_set_direct(pThis->session, pristring, NULL); +- } else { +- r = gnutls_set_default_priority(pThis->session); +- strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf)); +- pristringBuf[sizeof(pristringBuf)-1] = '\0'; +- pristring = pristringBuf; +- } +- +- } else { +- pristring = pThis->pristring; +- r = gnutls_priority_set_direct(pThis->session, pristring, NULL); +- } +- ++ r = gnutls_set_default_priority(pThis->session); + if(r == GNUTLS_E_INVALID_REQUEST) { + ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO); + } else if(r != GNUTLS_E_SUCCESS) { +@@ -1188,7 +1164,7 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const + } + + finalize_it: +- pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers '%s' iRet=%d\n", pristring, iRet); ++ pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers to system default iRet=%d\n", iRet); + + if(iRet != RELP_RET_OK) { + chkGnutlsCode(pThis, "Failed to set GnuTLS priority", iRet, r); +@@ -1207,37 +1183,15 @@ relpTcpTLSSetPrio_gtls(LIBRELP_ATTR_UNUS + static relpRetVal LIBRELP_ATTR_NONNULL() + relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis) + { +- char pristringBuf[4096]; +- char *pristring; + ENTER_RELPFUNC; +- /* Compute priority string (in simple cases where the user does not care...) */ +- if(pThis->pristring == NULL) { +- if (pThis->authmode == eRelpAuthMode_None) { +- #if OPENSSL_VERSION_NUMBER >= 0x10100000L \ +- && !defined(LIBRESSL_VERSION_NUMBER) +- /* NOTE: do never use: +eNULL, it DISABLES encryption! */ +- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0", +- sizeof(pristringBuf)); +- #else +- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL", +- sizeof(pristringBuf)); +- #endif +- } else { +- strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf)); +- } +- pristringBuf[sizeof(pristringBuf)-1] = '\0'; +- pristring = pristringBuf; +- } else { +- pristring = pThis->pristring; +- } + +- if ( SSL_set_cipher_list(pThis->ssl, pristring) == 0 ){ +- pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers '%s'\n", pristring); ++ if ( SSL_set_cipher_list(pThis->ssl, "PROFILE=SYSTEM") == 0 ){ ++ pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers to system default\n"); + ABORT_FINALIZE(RELP_RET_ERR_TLS_SETUP); + } + + finalize_it: +- pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers '%s' iRet=%d\n", pristring, iRet); ++ pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers to system default iRet=%d\n", iRet); + LEAVE_RELPFUNC; + } + #else diff --git a/SPECS/librelp.spec b/SPECS/librelp.spec new file mode 100644 index 0000000..c46d516 --- /dev/null +++ b/SPECS/librelp.spec @@ -0,0 +1,168 @@ +Summary: The Reliable Event Logging Protocol library +Name: librelp +Version: 1.9.0 +Release: 1%{?dist} +License: GPLv3+ +Group: System Environment/Libraries +URL: http://www.rsyslog.com/ +Source0: http://download.rsyslog.com/librelp/%{name}-%{version}.tar.gz +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig +Requires: openssl-libs +BuildRequires: gnutls-devel >= 1.4.0 +BuildRequires: openssl-devel + +Patch0: librelp-1.9.0-crypto-compliance.patch + +%description +Librelp is an easy to use library for the RELP protocol. RELP (stands +for Reliable Event Logging Protocol) is a general-purpose, extensible +logging protocol. + +%package devel +Summary: Development files for the %{name} package +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool + +%description devel +Librelp is an easy to use library for the RELP protocol. The +librelp-devel package contains the header files and libraries needed +to develop applications using librelp. + +%prep +%setup -q +%patch0 -p1 -b .crypto-compliance + +%build +autoreconf -ivf +%configure --disable-static +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT + +rm $RPM_BUILD_ROOT/%{_libdir}/*.la + +%post -p /sbin/ldconfig + +%postun +if [ "$1" = "0" ] ; then + /sbin/ldconfig +fi + +%files +%defattr(-,root,root,-) +%doc AUTHORS COPYING NEWS README doc/*html +%{_libdir}/librelp.so.* + +%files devel +%defattr(-,root,root) +%{_includedir}/* +%{_libdir}/librelp.so +%{_libdir}/pkgconfig/relp.pc + +%changelog +* Mon Apr 26 2021 Attila Lakatos - 1.9.0-1 +- rebase to 1.9.0 +- add patch to comply with crypto policies +- add support for openssl + resolves: rhbz#1932783 +- Properly end TLS connections + resolves: rhbz#1886400 + +* Wed Aug 08 2018 Jiri Vymazal - 1.2.16-1 +- rebase to 1.2.16 + resolves: rhbz#1613876 + +* Mon Mar 26 2018 Radovan Sroka - 1.2.15-1 +- rebase to 1.2.15 +- fixed CVE-2018-1000140 + +* Wed Feb 07 2018 Fedora Release Engineering - 1.2.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 1.2.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.2.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jun 02 2017 Radovan Sroka - 1.2.14-1 +- rebase to 1.2.14 + +* Thu Feb 23 2017 Jiri Vymazal - 1.2.13-1 +- rebase to 1.2.13 + resolves: rhbz#1425638 +- added patch for GnuTLS crypto-policy adherence + resolves: rhbz#1179317 +- added autoconf, automake and libtool because package + has patches now + +* Fri Feb 10 2017 Fedora Release Engineering - 1.2.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Sep 27 2016 Radovan Sroka 1.2.12-1 +- rebase to 1.2.12 + +* Thu Feb 04 2016 Fedora Release Engineering - 1.2.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 1.2.7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 1.2.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.2.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri May 16 2014 Tomas Heinrich - 1.2.7-1 +- rebase to 1.2.7 + +* Thu Mar 27 2014 François Cami - 1.2.5-1 +- rebase to 1.2.5 + +* Wed Jul 31 2013 Tomas Heinrich - 1.2.0-1 +- rebase to 1.2.0 +- add gnutls-devel to BuildRequires + +* Wed Apr 10 2013 Tomas Heinrich - 1.0.3-1 +- rebase to 1.0.3 + +* Thu Apr 04 2013 Tomas Heinrich - 1.0.2-1 +- rebase to 1.0.2 + +* Thu Feb 14 2013 Fedora Release Engineering - 1.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Nov 21 2012 Tomas Heinrich - 1.0.1-1 +- upgrade to upstream version 1.0.1 + +* Thu Jul 19 2012 Fedora Release Engineering - 1.0.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 1.0.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 1.0.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Jul 15 2010 Tomas Heinrich - 1.0.0-1 +- upgrade to upstream version 1.0.0 + +* Sat Jul 25 2009 Fedora Release Engineering - 0.1.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 0.1.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed May 7 2008 Tomas Heinrich 0.1.1-2 +- removed "BuildRequires: autoconf automake" + +* Tue Apr 29 2008 Tomas Heinrich 0.1.1-1 +- initial build