Hi porters This updates librelp to version 1.4.0. It now supports OpenSSL and GNUtls.
I verified that rsyslog from ports still works with this (imrelp and omrelp). Please have a look at my patch for tcp.c. Is this a good way to deal with LibreSSL not supporting @SECLEVEL? Comments/OKs? Remi Index: Makefile =================================================================== RCS file: /cvs/ports/sysutils/librelp/Makefile,v retrieving revision 1.13 diff -u -p -r1.13 Makefile --- Makefile 13 Aug 2018 22:07:13 -0000 1.13 +++ Makefile 1 May 2019 22:26:44 -0000 @@ -2,9 +2,9 @@ COMMENT = reliable event logging protocol library -DISTNAME = librelp-1.2.16 +DISTNAME = librelp-1.4.0 -SHARED_LIBS += relp 2.0 # 4.0 +SHARED_LIBS += relp 3.0 # 5.0 CATEGORIES = sysutils @@ -16,20 +16,24 @@ MAINTAINER = Remi Locherer <remi@openbsd PERMIT_PACKAGE_CDROM = Yes WANTLIB = ffi gmp gnutls hogweed iconv idn2 intl nettle p11-kit pthread -WANTLIB += tasn1 unistring z +WANTLIB += tasn1 unistring crypto ssl MASTER_SITES = http://download.rsyslog.com/librelp/ LIB_DEPENDS = security/gnutls TEST_DEPENDS = shells/bash \ + lang/python/3.6 \ ${LIB_DEPENDS} SEPARATE_BUILD = Yes CONFIGURE_STYLE = gnu +CONFIGURE_ARGS = --disable-valgrind pre-test: sed -i s,#!/bin/bash,#!${LOCALBASE}/bin/bash, ${WRKSRC}/tests/*.sh + sed -i s,#!/usr/bin/env\ python,#!${LOCALBASE}/bin/python3, \ + ${WRKSRC}/tests/*.py .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/sysutils/librelp/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo 13 Aug 2018 22:07:13 -0000 1.6 +++ distinfo 1 May 2019 06:58:09 -0000 @@ -1,2 +1,2 @@ -SHA256 (librelp-1.2.16.tar.gz) = DCNd0qAQYK1eZEOIebMa5k52QNDiYqoaKHot2bxg/VM= -SIZE (librelp-1.2.16.tar.gz) = 474456 +SHA256 (librelp-1.4.0.tar.gz) = XNAs5+3i/qA35lzFOJ5B3embabHfmEtCwUAp5gu53QU= +SIZE (librelp-1.4.0.tar.gz) = 519235 Index: patches/patch-src_tcp_c =================================================================== RCS file: patches/patch-src_tcp_c diff -N patches/patch-src_tcp_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_tcp_c 2 May 2019 07:58:41 -0000 @@ -0,0 +1,22 @@ +$OpenBSD$ + +LibreSSL has no support for @SECLEVEL + +Index: src/tcp.c +--- src/tcp.c.orig ++++ src/tcp.c +@@ -1183,14 +1183,8 @@ relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis) + /* Compute priority string (in simple cases where the user does not care...) */ + if(pThis->pristring == NULL) { + if (pThis->authmode == eRelpAuthMode_None) { +- #if OPENSSL_VERSION_NUMBER >= 0x10100000L +- /* NOTE: do never use: +eNULL, it DISABLES encryption! */ +- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0", +- sizeof(pristringBuf)); +- #else + strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL", + sizeof(pristringBuf)); +- #endif + } else { + strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf)); + } Index: patches/patch-tests_test-framework_sh =================================================================== RCS file: patches/patch-tests_test-framework_sh diff -N patches/patch-tests_test-framework_sh --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-tests_test-framework_sh 1 May 2019 10:57:02 -0000 @@ -0,0 +1,20 @@ +$OpenBSD$ + +Index: tests/test-framework.sh +--- tests/test-framework.sh.orig ++++ tests/test-framework.sh +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/usr/local/bin/bash + # This file contains the test framework, that is common code + # used by all tests. + # Copyright (C) 2018 by Rainer Gerhards +@@ -18,7 +18,7 @@ export valgrind="valgrind --malloc-fill=ff --free-fill + # to work pretty well. In any case, we should probably call this as + # late as possible before the usage of the port. + get_free_port() { +-python -c 'import socket; s=socket.socket(); s.bind(("", 0)); print(s.getsockname()[1]); s.close()' ++/usr/local/bin/python3 -c 'import socket; s=socket.socket(); s.bind(("", 0)); print(s.getsockname()[1]); s.close()' + } + + # check if command $1 is available - will exit 77 when not OK Index: patches/patch-tests_tls-wrong-signedcert_sh =================================================================== RCS file: patches/patch-tests_tls-wrong-signedcert_sh diff -N patches/patch-tests_tls-wrong-signedcert_sh --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-tests_tls-wrong-signedcert_sh 1 May 2019 21:31:10 -0000 @@ -0,0 +1,15 @@ +$OpenBSD$ + +Index: tests/tls-wrong-signedcert.sh +--- tests/tls-wrong-signedcert.sh.orig ++++ tests/tls-wrong-signedcert.sh +@@ -7,6 +7,7 @@ echo 'Send Message...' + ./send $TLSLIB -t 127.0.0.1 -p $TESTPORT -m "testmessage" -T -a "name" -x ${srcdir}/tls-certs/ca.pem -y ${srcdir}/tls-certs/cert.pem -z ${srcdir}/tls-certs/key.pem -P 'server.testbench.rsyslog.com' --errorfile $TESTDIR/error.out.log $OPT_VERBOSE + + stop_receiver +-# Perform multiline GREP with -z +-check_output "authentication error.*signed certificate in certificate chain" $TESTDIR/error.out.log -z ++tr -d '\n' < $TESTDIR/error.out.log > $TESTDIR/error.out.log.x ++mv -f $TESTDIR/error.out.log.x $TESTDIR/error.out.log ++check_output "authentication error.*signed certificate in certificate chain" $TESTDIR/error.out.log + terminate