On 2020/08/23 22:21, Remi Locherer wrote:
> This is an update for librelp to version 1.6.0 which was released
> 4 months ago. The local patches to make it build with LibreSSL are
> now incorporated into upstream and can be dropped.
btw, @SECLEVEL is nasty because it's a runtime failure rather than a
build one.
> There are two tests that fail (tls-basic-anon.sh and
> tls-wrong-signedcert.sh). Both are related to verifying (or not in
> the anon case) certificates. It also fails with the librelp
> version 1.5.0. Both failures are for tests with LibreSSL. rsyslogd
> (consumer of librelp) is linked against gnutls. I do not remember
> what the state was when I last updated librelp.
>
> I verified that rsyslogd can still send and receive RELP messages
> with and without TLS.
>
> OK?
ok.
> Remi
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/sysutils/librelp/Makefile,v
> retrieving revision 1.16
> diff -u -p -r1.16 Makefile
> --- Makefile 2 Mar 2020 16:41:50 -0000 1.16
> +++ Makefile 23 Aug 2020 14:25:48 -0000
> @@ -2,9 +2,9 @@
>
> COMMENT = reliable event logging protocol library
>
> -DISTNAME = librelp-1.5.0
> +DISTNAME = librelp-1.6.0
>
> -SHARED_LIBS += relp 3.1 # 5.0
> +SHARED_LIBS += relp 4.0 # 5.0
>
> CATEGORIES = sysutils
>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/sysutils/librelp/distinfo,v
> retrieving revision 1.8
> diff -u -p -r1.8 distinfo
> --- distinfo 2 Mar 2020 16:41:50 -0000 1.8
> +++ distinfo 11 Aug 2020 15:23:25 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (librelp-1.5.0.tar.gz) = aShO8aBRqywvd2WVjoR77x/POPR+sbA3LGX2PwPIOV4=
> -SIZE (librelp-1.5.0.tar.gz) = 521793
> +SHA256 (librelp-1.6.0.tar.gz) = z2zJSKWz0eVrMlFYXBG+6hxbKF/L+OKa1olVx+t1+Mo=
> +SIZE (librelp-1.6.0.tar.gz) = 522827
> Index: patches/patch-src_tcp_c
> ===================================================================
> RCS file: patches/patch-src_tcp_c
> diff -N patches/patch-src_tcp_c
> --- patches/patch-src_tcp_c 2 Mar 2020 16:41:50 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,26 +0,0 @@
> -$OpenBSD: patch-src_tcp_c,v 1.2 2020/03/02 16:41:50 remi Exp $
> -
> -LibreSSL has no support for @SECLEVEL and SSL_CONF_CTX_set_flags().
> -
> -Index: src/tcp.c
> ---- src/tcp.c.orig
> -+++ src/tcp.c
> -@@ -1200,7 +1200,8 @@ relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
> - /* Compute priority string (in simple cases where the user does not
> care...) */
> - if(pThis->pristring == NULL) {
> - if (pThis->authmode == eRelpAuthMode_None) {
> -- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
> -+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L \
> -+ && !defined(LIBRESSL_VERSION_NUMBER)
> - /* NOTE: do never use: +eNULL, it DISABLES encryption!
> */
> - strncpy(pristringBuf,
> "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
> - sizeof(pristringBuf));
> -@@ -1578,7 +1579,7 @@ relpTcpSetSslConfCmd_ossl(relpTcp_t *const pThis, char
> - } else {
> - pThis->pEngine->dbgprint("relpTcpSetSslConfCmd_ossl: set to
> '%s'\n", tlsConfigCmd);
> - char errmsg[1424];
> --#if OPENSSL_VERSION_NUMBER >= 0x10020000L
> -+#if OPENSSL_VERSION_NUMBER >= 0x10020000L &&
> !defined(LIBRESSL_VERSION_NUMBER)
> - char *pCurrentPos;
> - char *pNextPos;
> - char *pszCmd;
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/sysutils/librelp/pkg/PLIST,v
> retrieving revision 1.2
> diff -u -p -r1.2 PLIST
> --- pkg/PLIST 16 Mar 2015 18:07:55 -0000 1.2
> +++ pkg/PLIST 11 Aug 2020 15:26:36 -0000
> @@ -1,6 +1,6 @@
> @comment $OpenBSD: PLIST,v 1.2 2015/03/16 18:07:55 naddy Exp $
> include/librelp.h
> -lib/librelp.a
> +@static-lib lib/librelp.a
> lib/librelp.la
> @lib lib/librelp.so.${LIBrelp_VERSION}
> lib/pkgconfig/relp.pc
>
