6 changed files with 62 additions and 132 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/librelp-1.10.0.tar.gz
+SOURCES/librelp-1.11.0.tar.gz
--- a/.librelp.metadata
+++ b/.librelp.metadata
@ -1 +1 @@
-595a718aabe368762d2c14512956bf94364da489 SOURCES/librelp-1.10.0.tar.gz
+72b0ffdc57444972e3b5eaf287f1b79f28f7d1be SOURCES/librelp-1.11.0.tar.gz
--- a/SOURCES/disable-openssl-engine.patch
+++ b/SOURCES/disable-openssl-engine.patch
@ -0,0 +1,21 @@
+diff -up librelp-1.11.0/src/tcp.c.orig librelp-1.11.0/src/tcp.c
+--- librelp-1.11.0/src/tcp.c.orig	2024-08-15 08:31:29.699002010 +0200
+++ librelp-1.11.0/src/tcp.c	2024-08-15 08:31:46.552178361 +0200
+@@ -69,7 +69,7 @@
+ #	if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #		include <openssl/bioerr.h>
+ #	endif
+-#	include <openssl/engine.h>
+// #	include <openssl/engine.h>
+ /* OpenSSL API differences */
+ #	if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ #		define RSYSLOG_X509_NAME_oneline(X509CERT) X509_get_subject_name(X509CERT)
+@@ -1989,7 +1989,7 @@ relpTcpExitTLS_ossl(void)
+ 			SSL_CTX_free(ctx);
+ 			ctx = NULL;
+ 		}
+-		ENGINE_cleanup();
+		// ENGINE_cleanup();
+ 		ERR_free_strings();
+ 		EVP_cleanup();
+ 		CRYPTO_cleanup_all_ex_data();
--- a/SOURCES/librelp-1.10.0-crypto-compliance.patch
+++ b/SOURCES/librelp-1.10.0-crypto-compliance.patch
@ -1,88 +0,0 @@
-diff -up librelp-1.10.0/src/tcp.c.crypto-compliance librelp-1.10.0/src/tcp.c
--- librelp-1.10.0/src/tcp.c.crypto-compliance	2021-02-16 09:07:24.000000000 +0100
-+++ librelp-1.10.0/src/tcp.c	2021-08-17 10:13:53.368936612 +0200
-@@ -1155,32 +1155,8 @@ static relpRetVal LIBRELP_ATTR_NONNULL()
- relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis)
- {
- 	int r;
-	char pristringBuf[4096];
-	char *pristring;
- 	ENTER_RELPFUNC;
-	/* Set default priority string (in simple cases where the user does not care...) */
-	if(pThis->pristring == NULL) {
-		if (pThis->authmode == eRelpAuthMode_None) {
-			if(pThis->bEnableTLSZip) {
-				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
-			} else {
-				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
-			}
-			pristringBuf[sizeof(pristringBuf)-1] = '\0';
-			pristring = pristringBuf;
-			r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
-		} else {
-			r = gnutls_set_default_priority(pThis->session);
-			strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf));
-			pristringBuf[sizeof(pristringBuf)-1] = '\0';
-			pristring = pristringBuf;
-		}
-
-	} else {
-		pristring = pThis->pristring;
-		r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
-	}
-
-+	r = gnutls_set_default_priority(pThis->session);
- 	if(r == GNUTLS_E_INVALID_REQUEST) {
- 		ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
- 	} else if(r != GNUTLS_E_SUCCESS) {
-@@ -1188,7 +1164,7 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const
- 	}
- 
- finalize_it:
-	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
-+	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers to system default iRet=%d\n", iRet);
- 
- 	if(iRet != RELP_RET_OK) {
- 		chkGnutlsCode(pThis, "Failed to set GnuTLS priority", iRet, r);
-@@ -1207,38 +1183,15 @@ relpTcpTLSSetPrio_gtls(LIBRELP_ATTR_UNUS
- static relpRetVal LIBRELP_ATTR_NONNULL()
- relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
- {
-	char pristringBuf[4096];
-	char *pristring;
- 	ENTER_RELPFUNC;
-	/* Compute priority string (in simple cases where the user does not care...) */
-	if(pThis->pristring == NULL) {
-		if (pThis->authmode == eRelpAuthMode_None) {
-			#if OPENSSL_VERSION_NUMBER >= 0x10100000L \
-				&& !defined(LIBRESSL_VERSION_NUMBER)
-			 /* NOTE: do never use: +eNULL, it DISABLES encryption! */
-			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
-				sizeof(pristringBuf));
-			#else
-			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",
-				sizeof(pristringBuf));
-			#endif
-		} else {
-			strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf));
-		}
-		pristringBuf[sizeof(pristringBuf)-1] = '\0';
-		pristring = pristringBuf;
-	} else {
-		/* We use custom CipherString if used sets it by SslConfCmd */
-		pristring = pThis->pristring;
-	}
- 
-	if ( SSL_set_cipher_list(pThis->ssl, pristring) == 0 ){
-		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers '%s'\n", pristring);
-+	if (SSL_set_cipher_list(pThis->ssl, "PROFILE=SYSTEM") == 0){
-+		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers to system default\n");
- 		ABORT_FINALIZE(RELP_RET_ERR_TLS_SETUP);
- 	}
- 
- finalize_it:
-	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
-+	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers to system default iRet=%d\n", iRet);
- 	LEAVE_RELPFUNC;
- }
- #else
--- a/SOURCES/librelp-1.10.0-rhbz1972067-relpEngineSetTLSLibByName.patch
+++ b/SOURCES/librelp-1.10.0-rhbz1972067-relpEngineSetTLSLibByName.patch
@ -1,15 +0,0 @@
-diff -up librelp-1.10.0/src/relp.c.orig librelp-1.10.0/src/relp.c
--- librelp-1.10.0/src/relp.c.orig	2021-08-17 08:33:12.416786299 +0200
-+++ librelp-1.10.0/src/relp.c	2021-08-17 08:33:45.070119507 +0200
-@@ -385,9 +385,9 @@ relpEngineSetTLSLibByName(relpEngine_t *
- 	}
- 
- 	if(!strcasecmp(name, "gnutls")) {
-		relpEngineSetTLSLib(pThis, RELP_USE_GNUTLS);
-+		CHKRet(relpEngineSetTLSLib(pThis, RELP_USE_GNUTLS));
- 	}else if(!strcasecmp(name, "openssl")) {
-		relpEngineSetTLSLib(pThis, RELP_USE_OPENSSL);
-+		CHKRet(relpEngineSetTLSLib(pThis, RELP_USE_OPENSSL));
- 	} else {
- 		relpEngineCallOnGenericErr(pThis, "librelp", RELP_RET_PARAM_ERROR,
- 				"invalid tls lib '%s' requested; this version of "
--- a/SPECS/librelp.spec
+++ b/SPECS/librelp.spec
@ -1,14 +1,12 @@
 Summary: The Reliable Event Logging Protocol library
 Name: librelp
-Version: 1.10.0
-Release: 5%{?dist}
-License: GPLv3+
+Version: 1.11.0
+Release: 6%{?dist}
+License: GPL-3.0-or-later
 URL: http://www.rsyslog.com/
 Source0: http://download.rsyslog.com/%{name}/%{name}-%{version}.tar.gz
-BuildRequires: gnutls-devel >= 1.4.0

-Patch0: librelp-1.10.0-rhbz1972067-relpEngineSetTLSLibByName.patch
-Patch1: librelp-1.10.0-crypto-compliance.patch
+Patch0: disable-openssl-engine.patch

 %description
 Librelp is an easy to use library for the RELP protocol. RELP (stands
@ -19,11 +17,11 @@ logging protocol.
 Summary: Development files for the %{name} package
 Requires: %{name} = %{version}-%{release}
 Requires: pkgconfig
-Requires: openssl-libs
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: libtool
 BuildRequires: make
+BuildRequires: gnutls-devel >= 1.4.0
 BuildRequires: openssl-devel

 %description devel
@ -33,12 +31,12 @@ to develop applications using librelp.

 %prep
 %setup -q
-%patch0 -p1 -b .tls-by-name
-%patch1 -p1 -b .crypto-compliance
+
+%patch -P 0 -p1

 %build
 autoreconf -ivf
-%configure --disable-static
+%configure --disable-static --enable-tls --enable-tls-openssl
 make %{?_smp_mflags}

 %install
@ -59,24 +57,38 @@ rm $RPM_BUILD_ROOT/%{_libdir}/*.la
 %{_libdir}/pkgconfig/relp.pc

 %changelog
-* Wed Aug 02 2023 Attila Lakatos <alakatos@redhat.com> - 1.10.0-5
+* Thu Aug 15 2024 Attila Lakatos <alakatos@redhat.com> - 1.11.0-6
 - Rebuild
-  resolves: rhbz#2227723
-
-* Fri Aug 06 2021 Attila Lakatos <alakatos@redhat.com> - 1.10.0-4
- Replace GNUTLS_SHUT_RDWR by GNUTLS_SHUT_WR when ending TLS connections
-  resolves: rhbz#1990735
- Add patch to comply with crypto policies
- Forward return code from relpEngineSetTLSLib to relpEngineSetTLSLibByName
- Enable openssl
-  resolves: rhbz#1972067
-
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.10.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.10.0-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+  Resolves: RHEL-54298
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.11.0-5
+- Bump release for June 2024 mass rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 20 2023 Attila Lakatos <alakatos@redhat.com> - 1.11.0-1
+- rebase to 1.11.0
+  resolves: rhbz#2159703
+- enable openssl
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

 * Mon Mar 08 2021 Attila Lakatos <alakatos@redhat.com> - 1.10.0-1
 - rebase to 1.10.0