On Fri, May 03, 2019 at 06:12:55PM +0200, Remi Locherer wrote:
> Hi porters
>
> This updates librelp to version 1.4.0. It now supports OpenSSL and GNUtls.
>
> I verified that rsyslog from ports still works with this (imrelp and omrelp).
>
> Please have a look at my patch for tcp.c. Is this a good way to deal with
> LibreSSL not supporting @SECLEVEL?
>
> Comments/OKs?
>
> Remi
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/sysutils/librelp/Makefile,v
> retrieving revision 1.13
> diff -u -p -r1.13 Makefile
> --- Makefile 13 Aug 2018 22:07:13 -0000 1.13
> +++ Makefile 1 May 2019 22:26:44 -0000
> @@ -2,9 +2,9 @@
>
> COMMENT = reliable event logging protocol library
>
> -DISTNAME = librelp-1.2.16
> +DISTNAME = librelp-1.4.0
>
> -SHARED_LIBS += relp 2.0 # 4.0
> +SHARED_LIBS += relp 3.0 # 5.0
>
> CATEGORIES = sysutils
>
> @@ -16,20 +16,24 @@ MAINTAINER = Remi Locherer <remi@openbsd
> PERMIT_PACKAGE_CDROM = Yes
>
> WANTLIB = ffi gmp gnutls hogweed iconv idn2 intl nettle p11-kit pthread
> -WANTLIB += tasn1 unistring z
> +WANTLIB += tasn1 unistring crypto ssl
>
> MASTER_SITES = http://download.rsyslog.com/librelp/
>
> LIB_DEPENDS = security/gnutls
>
> TEST_DEPENDS = shells/bash \
> + lang/python/3.6 \
I don't think you want to hardcode the python version here.
> ${LIB_DEPENDS}
>
> SEPARATE_BUILD = Yes
>
> CONFIGURE_STYLE = gnu
> +CONFIGURE_ARGS = --disable-valgrind
>
> pre-test:
> sed -i s,#!/bin/bash,#!${LOCALBASE}/bin/bash, ${WRKSRC}/tests/*.sh
> + sed -i s,#!/usr/bin/env\ python,#!${LOCALBASE}/bin/python3, \
> + ${WRKSRC}/tests/*.py
>
> .include <bsd.port.mk>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/sysutils/librelp/distinfo,v
> retrieving revision 1.6
> diff -u -p -r1.6 distinfo
> --- distinfo 13 Aug 2018 22:07:13 -0000 1.6
> +++ distinfo 1 May 2019 06:58:09 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (librelp-1.2.16.tar.gz) = DCNd0qAQYK1eZEOIebMa5k52QNDiYqoaKHot2bxg/VM=
> -SIZE (librelp-1.2.16.tar.gz) = 474456
> +SHA256 (librelp-1.4.0.tar.gz) = XNAs5+3i/qA35lzFOJ5B3embabHfmEtCwUAp5gu53QU=
> +SIZE (librelp-1.4.0.tar.gz) = 519235
> Index: patches/patch-src_tcp_c
> ===================================================================
> RCS file: patches/patch-src_tcp_c
> diff -N patches/patch-src_tcp_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_tcp_c 2 May 2019 07:58:41 -0000
> @@ -0,0 +1,22 @@
> +$OpenBSD$
> +
> +LibreSSL has no support for @SECLEVEL
> +
> +Index: src/tcp.c
> +--- src/tcp.c.orig
> ++++ src/tcp.c
> +@@ -1183,14 +1183,8 @@ relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
> + /* Compute priority string (in simple cases where the user does not
> care...) */
> + if(pThis->pristring == NULL) {
> + if (pThis->authmode == eRelpAuthMode_None) {
> +- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
> +- /* NOTE: do never use: +eNULL, it DISABLES encryption!
> */
> +- strncpy(pristringBuf,
> "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
> +- sizeof(pristringBuf));
> +- #else
> + strncpy(pristringBuf,
> "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",
> + sizeof(pristringBuf));
> +- #endif
> + } else {
> + strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf));
> + }
> Index: patches/patch-tests_test-framework_sh
> ===================================================================
> RCS file: patches/patch-tests_test-framework_sh
> diff -N patches/patch-tests_test-framework_sh
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-tests_test-framework_sh 1 May 2019 10:57:02 -0000
> @@ -0,0 +1,20 @@
> +$OpenBSD$
> +
> +Index: tests/test-framework.sh
> +--- tests/test-framework.sh.orig
> ++++ tests/test-framework.sh
> +@@ -1,4 +1,4 @@
> +-#!/bin/bash
> ++#!/usr/local/bin/bash
> + # This file contains the test framework, that is common code
> + # used by all tests.
> + # Copyright (C) 2018 by Rainer Gerhards
> +@@ -18,7 +18,7 @@ export valgrind="valgrind --malloc-fill=ff --free-fill
> + # to work pretty well. In any case, we should probably call this as
> + # late as possible before the usage of the port.
> + get_free_port() {
> +-python -c 'import socket; s=socket.socket(); s.bind(("", 0));
> print(s.getsockname()[1]); s.close()'
> ++/usr/local/bin/python3 -c 'import socket; s=socket.socket(); s.bind(("",
> 0)); print(s.getsockname()[1]); s.close()'
> + }
> +
> + # check if command $1 is available - will exit 77 when not OK
> Index: patches/patch-tests_tls-wrong-signedcert_sh
> ===================================================================
> RCS file: patches/patch-tests_tls-wrong-signedcert_sh
> diff -N patches/patch-tests_tls-wrong-signedcert_sh
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-tests_tls-wrong-signedcert_sh 1 May 2019 21:31:10
> -0000
> @@ -0,0 +1,15 @@
> +$OpenBSD$
> +
> +Index: tests/tls-wrong-signedcert.sh
> +--- tests/tls-wrong-signedcert.sh.orig
> ++++ tests/tls-wrong-signedcert.sh
> +@@ -7,6 +7,7 @@ echo 'Send Message...'
> + ./send $TLSLIB -t 127.0.0.1 -p $TESTPORT -m "testmessage" -T -a "name" -x
> ${srcdir}/tls-certs/ca.pem -y ${srcdir}/tls-certs/cert.pem -z
> ${srcdir}/tls-certs/key.pem -P 'server.testbench.rsyslog.com' --errorfile
> $TESTDIR/error.out.log $OPT_VERBOSE
> +
> + stop_receiver
> +-# Perform multiline GREP with -z
> +-check_output "authentication error.*signed certificate in certificate
> chain" $TESTDIR/error.out.log -z
> ++tr -d '\n' < $TESTDIR/error.out.log > $TESTDIR/error.out.log.x
> ++mv -f $TESTDIR/error.out.log.x $TESTDIR/error.out.log
> ++check_output "authentication error.*signed certificate in certificate
> chain" $TESTDIR/error.out.log
> + terminate
>
--
Antoine
