[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
This should be fixed with rsyslog 8.2001.0-1ubuntu1.1 in focal-updates.
** Changed in: rsyslog (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
Fix Released
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Er, actually s/Invalid/Fix Committed/, so to document that this bug
(behavior of input parameter 'tls.tlscfgcmd' not supported) will be
fixed/gets fixed on rsyslog 8.2001.0-1ubuntu1.1 (in focal-proposed.)
** Changed in: rsyslog (Ubuntu Focal)
Status: In Progress => Fix Committed
** Tags removed: sts-sponsor-mfo sts-sru-needed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
Fix Committed
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
In an interesting overnight timing event, that rsyslog upload has been
accepted to focal-proposed.
Sure enough, it built with librelp-dev_1.5.0-1ubuntu2.
And the configure stage enables the option:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
And the test-cases pass:
PASS: imrelp-tls-cfgcmd.sh
PASS: sndrcv_relp_tls-cfgcmd.sh
So, that rebuild is sufficient for this LP bug.
There's no versioned dependency change to librelp >= 1.5.0,
but since librelp will always satisfy that on future builds,
it doesn't look like a hard requirement to have that change.
If we were to still change it, we'd have to wait for another rsyslog LP bug,
that would actually incur runtime changes (the versioned dep change would not
anymore, on top of the new upload/rebuild), and tag this as blocks proposed.
Jorge, I'll thus mark this bug as Invalid for Focal.
Please feel free to reopen should you need it or find other reason the
versioned dependency must get in.
Thanks!
Mauricio
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
Fix Committed
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to :
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Verification/comparison steps to ensure that the modified
rsyslog package is built and working correctly, given its
importance in the distribution:
1) Compare test suite results in build logs
2) Compare configuration options in build logs
3) Compare packages' control file and contents
All look good. Details:
1) Compare test suite results in build logs
---
The build-time test suite runs 550ish tests,
which gives us confidence it does look good.
There are 20 test files which name includes 'relp',
and 2 test files include the option name 'tlscfgcmd'.
$ grep -rl tlscfgcmd rsyslog-8.2001.0/tests/
rsyslog-8.2001.0/tests/sndrcv_relp_tls-cfgcmd.sh
rsyslog-8.2001.0/tests/imrelp-tls-cfgcmd.sh
These 2 are not mentioned in the previous build log,
but are mentioned and PASS in the test package's build log,
so the option is enabled and good as in tests.
Before:
# TOTAL: 551
# PASS: 544
# SKIP: 7
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
After:
+PASS: imrelp-tls-cfgcmd.sh
+PASS: sndrcv_relp_tls-cfgcmd.sh
# TOTAL: 553
# PASS: 546
# SKIP: 7
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
2) Compare configuration options in build logs
--
Download the old (focal-release) and new (ppa) build logs:
$ curl -s https://launchpadlibrarian.net/464664394
/buildlog_ubuntu-focal-amd64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz |
gzip -dc > buildlog.old
$ curl -s buildlog_modified
https://launchpadlibrarian.net/492228312/buildlog_ubuntu-focal-
amd64.rsyslog_8.2001.0-1ubuntu1.1_BUILDING.txt.gz | gzip -dc >
buildlog.new
Filter the section for configure:
dh_auto_configure -- \
<...>
config.status: executing libtool commands
$ sed -n '/^dh_auto_configure --/,/^config.status: executing
libtool commands/p' buildlog.old > buildlog.old.configure
$ sed -n '/^dh_auto_configure --/,/^config.status: executing
libtool commands/p' buildlog.new > buildlog.new.configure
The only difference is the new/reported option 'relpSrvSetTlsConfigCmd'
$ diff -u buildlog.old.configure buildlog.new.configure
--- buildlog.old.configure 2020-08-06 23:44:34.072713719 +
+++ buildlog.new.configure 2020-08-06 23:44:38.080688125 +
@@ -407,8 +407,8 @@
checking for relpSrvSetOversizeMode... yes
checking for relpSrvSetLstnAddr... yes
checking for relpEngineSetTLSLibByName... yes
-checking for relpSrvSetTlsConfigCmd... no
-checking for relpSrvSetTlsConfigCmd... (cached) no
+checking for relpSrvSetTlsConfigCmd... yes
+checking for relpSrvSetTlsConfigCmd... (cached) yes
checking for LIBLOGGING_STDLOG... no
configure: liblogging-stdlog not found, parts of the testbench will
not run
checking for ip... no
3) Compare packages' control file and contents
--
Get the old and new packages' control/contents:
mkdir debs-old && cd debs-old
pull-lp-debs rsyslog focal
cd ..
mkdir debs-new && cd debs-new
pull-ppa-debs --ppa mfo/lp1888926 rsyslog focal
cd ..
for dir in debs-old debs-new; do
pushd $dir
for deb in *.deb; do
pkg=${deb%%_*}
dpkg-deb -e $deb deb_control_$pkg
dpkg-deb -c $deb \
| awk '{ $3 = "SIZE"; $4 = "DATE"; $5 = "TIME"; print $0 }'
`#normalize` \
| sort \
> deb_content_$pkg
done
popd
done
Compare the control files:
for dir in debs-old/deb_control_*; do
dir="$(basename $dir)"
echo "DIR: $dir"
diff -U0 debs-old/$dir/control debs-new/$dir/control
echo
done
The only differences are:
1) the Version: bump,
2) the versioned dependency bump on rsyslog,
3) and rsyslog-relp also has versioned dependency bump on librelp0, as expected.
DIR: deb_control_rsyslog-relp
--- debs-old/deb_control_rsyslog-relp/control 2020-02-11
15:25:29.0 +
+++ debs-new/deb_control_rsyslog-relp/control 2020-07-30
19:53:18.0 +
@@ -3 +3 @@
-Version: 8.2001.0-1ubuntu1
+Version: 8.2001.0-1ubuntu1.1
@@ -7 +7 @@
-Depends: libc6 (>= 2.14), librelp0 (>= 1.4.0), rsyslog (=
8.2001.0-1ubuntu1)
+Depends: libc6 (>= 2.14), librelp0 (>= 1.5.0), rsyslog (=
8.2001.0-1ubuntu1.1)
Compare the contents:
for file in debs-old/deb_content_*; do
file="$(basename $file)"
echo "FILE: $file"
diff -U0 debs-old/$file debs-new/$file
echo
done
The
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Hi Jorge,
Thanks for tracking this down in the build history.
> I suspect that the rsyslog package was built against and older librelp
version.
You're right, the build log shows 'librelp-dev_1.4.0-2'
in the package installs/'Build environment' section.
I slightly modified the changelog entry, and examined the
old/new packages (i.e., pre/post rebuild) for differences,
to ensure the changes are what we expect and nothing else.
It all looks good. Details in the next comment.
However this cannot be uploaded immediately because there
is currently another rsyslog upload in focal; fortunately
it's from Eric/@slashd and not yet approved, so we likely
merge both. I'll email him/you.
cheers,
Mauricio
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
In Progress
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Patch added: "lp1888926-focal-v2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+attachment/5399433/+files/lp1888926-focal-v2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
In Progress
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Tags added: sts-sponsor-mfo
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
In Progress
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Hello, I checked the backtrace of a crashed dhcpd running on 4.4.1-2.1ubuntu5. (gdb) info threads Id Target IdFrame * 1Thread 0x7fb4ddecb700 (LWP 3170) __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 2Thread 0x7fb4dd6ca700 (LWP 3171) __lll_lock_wait (futex=futex@entry=0x7fb4de6d2028, private=0) at lowlevellock.c:52 3Thread 0x7fb4de6cc700 (LWP 3169) futex_wake (private=, processes_to_wake=1, futex_word=) at ../sysdeps/nptl/futex-internal.h:364 4Thread 0x7fb4de74f740 (LWP 3148) futex_wait_cancelable (private=, expected=0, futex_word=0x7fb4de6cd0d0) at ../sysdeps/nptl/futex-internal.h:183 (gdb) frame 2 #2 0x7fb4dec85985 in isc_assertion_failed (file=file@entry=0x7fb4decd8878 "../../../../lib/isc/unix/socket.c", line=line@entry=3361, type=type@entry=isc_assertiontype_insist, cond=cond@entry=0x7fb4decda033 "!sock->pending_send") at ../../../lib/isc/assertions.c:52 (gdb) bt #1 0x7fb4deaa7859 in __GI_abort () at abort.c:79 #2 0x7fb4dec85985 in isc_assertion_failed (file=file@entry=0x7fb4decd8878 "../../../../lib/isc/unix/socket.c", line=line@entry=3361, type=type@entry=isc_assertiontype_insist, cond=cond@entry=0x7fb4decda033 "!sock->pending_send") at ../../../lib/isc/assertions.c:52 #3 0x7fb4decc17e1 in dispatch_send (sock=0x7fb4de6d4990) at ../../../../lib/isc/unix/socket.c:4041 #4 process_fd (writeable=, readable=, fd=11, manager=0x7fb4de6d0010) at ../../../../lib/isc/unix/socket.c:4054 #5 process_fds (writefds=, readfds=0x7fb4de6d1090, maxfd=13, manager=0x7fb4de6d0010) at ../../../../lib/isc/unix/socket.c:4211 #6 watcher (uap=0x7fb4de6d0010) at ../../../../lib/isc/unix/socket.c:4397 #7 0x7fb4dea68609 in start_thread (arg=) at pthread_create.c:477 #8 0x7fb4deba4103 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) frame 3 #3 0x7fb4decc17e1 in dispatch_send (sock=0x7fb4de6d4990) at ../../../../lib/isc/unix/socket.c:4041 4041in ../../../../lib/isc/unix/socket.c (gdb) p sock->pending_send $2 = 1 The code is crashing on this assertion: https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11_3/lib/isc/unix/socket.c#L3364 This was already reported and marked as fixed in debian (?) via [0] ""Now if a wakeup event occurres the socket would be dispatched for processing regardless which kind of event (timer?) triggered the wakeup. At least I did not find any sanity checks in process_fds() except SOCK_DEAD(sock). This leads to the following situation: The sock is not dead yet but it is still pending when it is dispatched again. I would now check sock->pending_send before calling dispatch_send().This would at least prevent the assertion failure - well knowing that the situation described above ( not dead but still pending and alerting ) is not a very pleasant one - until someone comes up with a better solution. """ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430065#20 ** Follow up questions: 0) The reproducer doesn't seems consistent and seems to be related to a race condition associated with a internal timer/futex. 1) Can anyone confirm that a pristine upstream 4.4.1 doesn't reproduces the issue? ** Bug watch added: Debian Bug tracker #430065 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430065 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: In Progress Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Patch added: "lp1888926-focal.debdiff"
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+attachment/5398376/+files/lp1888926-focal.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
In Progress
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Tags added: sts-sru-needed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
In Progress
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Hello,
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd641.5.0-1ubuntu2amd64
Reliable Event Logging Protocol (RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2amd64
Reliable Event Logging Protocol (RELP) library
I'll go ahead and provide a rebuild SRU for focal.
** Description changed:
+ [Description]
+
+ Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
+ librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
+ (such as rsyslog) weren't rebuilt after this new version was published
+
+ # dpkg -l | grep librelp
+ ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
+ ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
+
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or
before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
- Here is the config:
+ [Reproducer]
+
+ Setup a focal machine with rsyslog, using the following configuration:
module(load="imrelp" tls.tlslib="openssl")
input(
- type="imrelp" port="2515"
- tls="on"
- # This should work in rsyslog 8.2006.0:
- #tls.mycert="/etc/rsyslog.tls/fullchain.pem"
- # for now we use the work-around discussed in:
- # https://github.com/rsyslog/rsyslog/issues/4360
- tls.cacert="/etc/rsyslog.tls/chain.pem"
- tls.mycert="/etc/rsyslog.tls/cert.pem"
- tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
- tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
+ type="imrelp" port="2515"
+ tls="on"
+ # This should work in rsyslog 8.2006.0:
+ #tls.mycert="/etc/rsyslog.tls/fullchain.pem"
+ # for now we use the work-around discussed in:
+ # https://github.com/rsyslog/rsyslog/issues/4360
+ tls.cacert="/etc/rsyslog.tls/chain.pem"
+ tls.mycert="/etc/rsyslog.tls/cert.pem"
+ tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
+ tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
-
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
- inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
- parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
- "it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
+ parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
+ "it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
-
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
+
+ [Risk potential]
+
+ * No identified as this is a rebuild that should have been done on all
+ reverse
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Also affects: rsyslog (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: rsyslog (Ubuntu Focal)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
New
Status in rsyslog source package in Focal:
New
Status in rsyslog source package in Groovy:
New
Bug description:
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
Here is the config:
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
This error comes from this code in plugins/imrelp/imrelp.c:
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
