Hi, this is a long overdue update for rsyslog. The changelog can be found here: https://github.com/rsyslog/rsyslog/blob/v8.2204.1/ChangeLog The last change included is a fix for CVE-2022-24903 which is a heap buffer overflow in modules that receive messages via TCP.
I added a small patch which allows to compile rsyslog with openssl support. I tested with the regress tests from syslogd (4 enabled tests). Additionally I verified that these modules work: omfile, ommysql, imtcp (gtls and ossl). OK? Remi Index: Makefile =================================================================== RCS file: /cvs/ports/sysutils/rsyslog/Makefile,v retrieving revision 1.53 diff -u -p -r1.53 Makefile --- Makefile 31 Mar 2022 13:37:04 -0000 1.53 +++ Makefile 22 May 2022 10:48:28 -0000 @@ -6,7 +6,7 @@ COMMENT-elasticsearch = Elasticsearch pl MULTI_PACKAGES = -main -mysql -normalize -pgsql -elasticsearch -V = 8.2102.0 +V = 8.2204.1 DISTNAME = rsyslog-$V PKGNAME-main = rsyslog-$V PKGNAME-mysql = rsyslog-mysql-$V @@ -15,8 +15,6 @@ PKGNAME-pgsql = rsyslog-pgsql-$V PKGNAME-elasticsearch = rsyslog-elasticsearch-$V CATEGORIES = sysutils -REVISION-main = 0 - HOMEPAGE = https://www.rsyslog.com/ MAINTAINER = Remi Locherer <[email protected]> @@ -27,11 +25,10 @@ PERMIT_PACKAGE = Yes COMPILER = base-clang ports-gcc base-gcc WANTLIB-main += c crypto curl estr fastjson gcrypt gmp gnutls -WANTLIB-main += gpg-error hogweed iconv idn2 intl nettle nghttp2 +WANTLIB-main += gpg-error hogweed iconv idn2 intl m nettle nghttp2 WANTLIB-main += p11-kit pthread relp ssl tasn1 unistring uuid z WANTLIB-main += brotlidec brotlienc execinfo zstd - WANTLIB-mysql += crypto m mariadb pthread ssl z WANTLIB-normalize += estr fastjson lognorm pthread @@ -65,6 +62,7 @@ CONFIGURE_ARGS += --enable-pgsql \ --enable-mail \ --enable-mmnormalize \ --enable-gnutls \ + --enable-openssl \ --enable-relp \ --enable-elasticsearch \ --enable-imfile Index: distinfo =================================================================== RCS file: /cvs/ports/sysutils/rsyslog/distinfo,v retrieving revision 1.11 diff -u -p -r1.11 distinfo --- distinfo 7 Mar 2021 09:28:36 -0000 1.11 +++ distinfo 7 May 2022 09:25:18 -0000 @@ -1,2 +1,2 @@ -SHA256 (rsyslog-8.2102.0.tar.gz) = lO4NAxLC7epzdmVZTL5KlHXk47WT4StbiuOnQ6yccqc= -SIZE (rsyslog-8.2102.0.tar.gz) = 3123684 +SHA256 (rsyslog-8.2204.1.tar.gz) = ptcx5GrT1k9q1LGbvxv1bKR2CkSiS7loIxidwucfcCg= +SIZE (rsyslog-8.2204.1.tar.gz) = 3243183 Index: files/rsyslog.conf =================================================================== RCS file: /cvs/ports/sysutils/rsyslog/files/rsyslog.conf,v retrieving revision 1.3 diff -u -p -r1.3 rsyslog.conf --- files/rsyslog.conf 11 Mar 2022 19:57:57 -0000 1.3 +++ files/rsyslog.conf 23 May 2022 19:38:59 -0000 @@ -4,8 +4,10 @@ # like we have with the default config. For more advanced # things, RainerScript configuration is suggested. # -# For more information see http://www.rsyslog.com/doc/rsyslog_conf.html -# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html +# For more information see +# https://www.rsyslog.com/doc/v8-stable/configuration/index.html +# If you experience problems, see +# https://www.rsyslog.com/doc/v8-stable/troubleshooting/index.html #### MODULES #### Index: patches/patch-runtime_nsd_ossl_c =================================================================== RCS file: patches/patch-runtime_nsd_ossl_c diff -N patches/patch-runtime_nsd_ossl_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-runtime_nsd_ossl_c 7 Mar 2022 09:35:49 -0000 @@ -0,0 +1,13 @@ +Index: runtime/nsd_ossl.c +--- runtime/nsd_ossl.c.orig ++++ runtime/nsd_ossl.c +@@ -1415,7 +1415,8 @@ osslPostHandshakeCheck(nsd_ossl_t *pNsd) + if (SSL_get_shared_ciphers(pNsd->ssl,szDbg, sizeof szDbg) != NULL) + dbgprintf("osslPostHandshakeCheck: Debug Shared ciphers = %s\n", szDbg); + +- #if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ #if OPENSSL_VERSION_NUMBER >= 0x10002000L \ ++ && !defined(LIBRESSL_VERSION_NUMBER) + if(SSL_get_shared_curve(pNsd->ssl, -1) == 0) { + // This is not a failure + LogMsg(0, RS_RET_NO_ERRCODE, LOG_INFO, "nsd_ossl: " Index: pkg/PLIST-main =================================================================== RCS file: /cvs/ports/sysutils/rsyslog/pkg/PLIST-main,v retrieving revision 1.8 diff -u -p -r1.8 PLIST-main --- pkg/PLIST-main 11 Mar 2022 19:57:57 -0000 1.8 +++ pkg/PLIST-main 8 May 2022 07:34:53 -0000 @@ -15,6 +15,7 @@ lib/rsyslog/ @so lib/rsyslog/lmnet.so @so lib/rsyslog/lmnetstrms.so @so lib/rsyslog/lmnsd_gtls.so +@so lib/rsyslog/lmnsd_ossl.so @so lib/rsyslog/lmnsd_ptcp.so @so lib/rsyslog/lmregexp.so @so lib/rsyslog/lmtcpclt.so
