[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
This should be fixed with rsyslog 8.2001.0-1ubuntu1.1 in focal-updates. ** Changed in: rsyslog (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: Fix Released Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360 tls.cacert="/etc/rsyslog.tls/chain.pem" tls.mycert="/etc/rsyslog.tls/cert.pem" tls.myprivkey="/etc/rsyslog.tls/privkey.pem" tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). [Risk potential] * No identified as this is a rebuild that should have been done on all reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0 [Fix] Provide a rebuild SRU for focal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Er, actually s/Invalid/Fix Committed/, so to document that this bug (behavior of input parameter 'tls.tlscfgcmd' not supported) will be fixed/gets fixed on rsyslog 8.2001.0-1ubuntu1.1 (in focal-proposed.) ** Changed in: rsyslog (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags removed: sts-sponsor-mfo sts-sru-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: Fix Committed Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360 tls.cacert="/etc/rsyslog.tls/chain.pem" tls.mycert="/etc/rsyslog.tls/cert.pem" tls.myprivkey="/etc/rsyslog.tls/privkey.pem" tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). [Risk potential] * No identified as this is a rebuild that should have been done on all reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0 [Fix] Provide a rebuild SRU for focal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
In an interesting overnight timing event, that rsyslog upload has been accepted to focal-proposed. Sure enough, it built with librelp-dev_1.5.0-1ubuntu2. And the configure stage enables the option: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes And the test-cases pass: PASS: imrelp-tls-cfgcmd.sh PASS: sndrcv_relp_tls-cfgcmd.sh So, that rebuild is sufficient for this LP bug. There's no versioned dependency change to librelp >= 1.5.0, but since librelp will always satisfy that on future builds, it doesn't look like a hard requirement to have that change. If we were to still change it, we'd have to wait for another rsyslog LP bug, that would actually incur runtime changes (the versioned dep change would not anymore, on top of the new upload/rebuild), and tag this as blocks proposed. Jorge, I'll thus mark this bug as Invalid for Focal. Please feel free to reopen should you need it or find other reason the versioned dependency must get in. Thanks! Mauricio -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: Fix Committed Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360 tls.cacert="/etc/rsyslog.tls/chain.pem" tls.mycert="/etc/rsyslog.tls/cert.pem" tls.myprivkey="/etc/rsyslog.tls/privkey.pem" tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). [Risk potential] * No identified as this is a rebuild that should have been done on all reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0 [Fix] Provide a rebuild SRU for focal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to :
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Verification/comparison steps to ensure that the modified rsyslog package is built and working correctly, given its importance in the distribution: 1) Compare test suite results in build logs 2) Compare configuration options in build logs 3) Compare packages' control file and contents All look good. Details: 1) Compare test suite results in build logs --- The build-time test suite runs 550ish tests, which gives us confidence it does look good. There are 20 test files which name includes 'relp', and 2 test files include the option name 'tlscfgcmd'. $ grep -rl tlscfgcmd rsyslog-8.2001.0/tests/ rsyslog-8.2001.0/tests/sndrcv_relp_tls-cfgcmd.sh rsyslog-8.2001.0/tests/imrelp-tls-cfgcmd.sh These 2 are not mentioned in the previous build log, but are mentioned and PASS in the test package's build log, so the option is enabled and good as in tests. Before: # TOTAL: 551 # PASS: 544 # SKIP: 7 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 After: +PASS: imrelp-tls-cfgcmd.sh +PASS: sndrcv_relp_tls-cfgcmd.sh # TOTAL: 553 # PASS: 546 # SKIP: 7 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 2) Compare configuration options in build logs -- Download the old (focal-release) and new (ppa) build logs: $ curl -s https://launchpadlibrarian.net/464664394 /buildlog_ubuntu-focal-amd64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz | gzip -dc > buildlog.old $ curl -s buildlog_modified https://launchpadlibrarian.net/492228312/buildlog_ubuntu-focal- amd64.rsyslog_8.2001.0-1ubuntu1.1_BUILDING.txt.gz | gzip -dc > buildlog.new Filter the section for configure: dh_auto_configure -- \ <...> config.status: executing libtool commands $ sed -n '/^dh_auto_configure --/,/^config.status: executing libtool commands/p' buildlog.old > buildlog.old.configure $ sed -n '/^dh_auto_configure --/,/^config.status: executing libtool commands/p' buildlog.new > buildlog.new.configure The only difference is the new/reported option 'relpSrvSetTlsConfigCmd' $ diff -u buildlog.old.configure buildlog.new.configure --- buildlog.old.configure 2020-08-06 23:44:34.072713719 + +++ buildlog.new.configure 2020-08-06 23:44:38.080688125 + @@ -407,8 +407,8 @@ checking for relpSrvSetOversizeMode... yes checking for relpSrvSetLstnAddr... yes checking for relpEngineSetTLSLibByName... yes -checking for relpSrvSetTlsConfigCmd... no -checking for relpSrvSetTlsConfigCmd... (cached) no +checking for relpSrvSetTlsConfigCmd... yes +checking for relpSrvSetTlsConfigCmd... (cached) yes checking for LIBLOGGING_STDLOG... no configure: liblogging-stdlog not found, parts of the testbench will not run checking for ip... no 3) Compare packages' control file and contents -- Get the old and new packages' control/contents: mkdir debs-old && cd debs-old pull-lp-debs rsyslog focal cd .. mkdir debs-new && cd debs-new pull-ppa-debs --ppa mfo/lp1888926 rsyslog focal cd .. for dir in debs-old debs-new; do pushd $dir for deb in *.deb; do pkg=${deb%%_*} dpkg-deb -e $deb deb_control_$pkg dpkg-deb -c $deb \ | awk '{ $3 = "SIZE"; $4 = "DATE"; $5 = "TIME"; print $0 }' `#normalize` \ | sort \ > deb_content_$pkg done popd done Compare the control files: for dir in debs-old/deb_control_*; do dir="$(basename $dir)" echo "DIR: $dir" diff -U0 debs-old/$dir/control debs-new/$dir/control echo done The only differences are: 1) the Version: bump, 2) the versioned dependency bump on rsyslog, 3) and rsyslog-relp also has versioned dependency bump on librelp0, as expected. DIR: deb_control_rsyslog-relp --- debs-old/deb_control_rsyslog-relp/control 2020-02-11 15:25:29.0 + +++ debs-new/deb_control_rsyslog-relp/control 2020-07-30 19:53:18.0 + @@ -3 +3 @@ -Version: 8.2001.0-1ubuntu1 +Version: 8.2001.0-1ubuntu1.1 @@ -7 +7 @@ -Depends: libc6 (>= 2.14), librelp0 (>= 1.4.0), rsyslog (= 8.2001.0-1ubuntu1) +Depends: libc6 (>= 2.14), librelp0 (>= 1.5.0), rsyslog (= 8.2001.0-1ubuntu1.1) Compare the contents: for file in debs-old/deb_content_*; do file="$(basename $file)" echo "FILE: $file" diff -U0 debs-old/$file debs-new/$file echo done The
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Hi Jorge, Thanks for tracking this down in the build history. > I suspect that the rsyslog package was built against and older librelp version. You're right, the build log shows 'librelp-dev_1.4.0-2' in the package installs/'Build environment' section. I slightly modified the changelog entry, and examined the old/new packages (i.e., pre/post rebuild) for differences, to ensure the changes are what we expect and nothing else. It all looks good. Details in the next comment. However this cannot be uploaded immediately because there is currently another rsyslog upload in focal; fortunately it's from Eric/@slashd and not yet approved, so we likely merge both. I'll email him/you. cheers, Mauricio -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: In Progress Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360 tls.cacert="/etc/rsyslog.tls/chain.pem" tls.mycert="/etc/rsyslog.tls/cert.pem" tls.myprivkey="/etc/rsyslog.tls/privkey.pem" tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). [Risk potential] * No identified as this is a rebuild that should have been done on all reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0 [Fix] Provide a rebuild SRU for focal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Patch added: "lp1888926-focal-v2.debdiff" https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+attachment/5399433/+files/lp1888926-focal-v2.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: In Progress Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360 tls.cacert="/etc/rsyslog.tls/chain.pem" tls.mycert="/etc/rsyslog.tls/cert.pem" tls.myprivkey="/etc/rsyslog.tls/privkey.pem" tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). [Risk potential] * No identified as this is a rebuild that should have been done on all reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0 [Fix] Provide a rebuild SRU for focal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Tags added: sts-sponsor-mfo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: In Progress Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360 tls.cacert="/etc/rsyslog.tls/chain.pem" tls.mycert="/etc/rsyslog.tls/cert.pem" tls.myprivkey="/etc/rsyslog.tls/privkey.pem" tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). [Risk potential] * No identified as this is a rebuild that should have been done on all reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0 [Fix] Provide a rebuild SRU for focal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Hello, I checked the backtrace of a crashed dhcpd running on 4.4.1-2.1ubuntu5. (gdb) info threads Id Target IdFrame * 1Thread 0x7fb4ddecb700 (LWP 3170) __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 2Thread 0x7fb4dd6ca700 (LWP 3171) __lll_lock_wait (futex=futex@entry=0x7fb4de6d2028, private=0) at lowlevellock.c:52 3Thread 0x7fb4de6cc700 (LWP 3169) futex_wake (private=, processes_to_wake=1, futex_word=) at ../sysdeps/nptl/futex-internal.h:364 4Thread 0x7fb4de74f740 (LWP 3148) futex_wait_cancelable (private=, expected=0, futex_word=0x7fb4de6cd0d0) at ../sysdeps/nptl/futex-internal.h:183 (gdb) frame 2 #2 0x7fb4dec85985 in isc_assertion_failed (file=file@entry=0x7fb4decd8878 "../../../../lib/isc/unix/socket.c", line=line@entry=3361, type=type@entry=isc_assertiontype_insist, cond=cond@entry=0x7fb4decda033 "!sock->pending_send") at ../../../lib/isc/assertions.c:52 (gdb) bt #1 0x7fb4deaa7859 in __GI_abort () at abort.c:79 #2 0x7fb4dec85985 in isc_assertion_failed (file=file@entry=0x7fb4decd8878 "../../../../lib/isc/unix/socket.c", line=line@entry=3361, type=type@entry=isc_assertiontype_insist, cond=cond@entry=0x7fb4decda033 "!sock->pending_send") at ../../../lib/isc/assertions.c:52 #3 0x7fb4decc17e1 in dispatch_send (sock=0x7fb4de6d4990) at ../../../../lib/isc/unix/socket.c:4041 #4 process_fd (writeable=, readable=, fd=11, manager=0x7fb4de6d0010) at ../../../../lib/isc/unix/socket.c:4054 #5 process_fds (writefds=, readfds=0x7fb4de6d1090, maxfd=13, manager=0x7fb4de6d0010) at ../../../../lib/isc/unix/socket.c:4211 #6 watcher (uap=0x7fb4de6d0010) at ../../../../lib/isc/unix/socket.c:4397 #7 0x7fb4dea68609 in start_thread (arg=) at pthread_create.c:477 #8 0x7fb4deba4103 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) frame 3 #3 0x7fb4decc17e1 in dispatch_send (sock=0x7fb4de6d4990) at ../../../../lib/isc/unix/socket.c:4041 4041in ../../../../lib/isc/unix/socket.c (gdb) p sock->pending_send $2 = 1 The code is crashing on this assertion: https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11_3/lib/isc/unix/socket.c#L3364 This was already reported and marked as fixed in debian (?) via [0] ""Now if a wakeup event occurres the socket would be dispatched for processing regardless which kind of event (timer?) triggered the wakeup. At least I did not find any sanity checks in process_fds() except SOCK_DEAD(sock). This leads to the following situation: The sock is not dead yet but it is still pending when it is dispatched again. I would now check sock->pending_send before calling dispatch_send().This would at least prevent the assertion failure - well knowing that the situation described above ( not dead but still pending and alerting ) is not a very pleasant one - until someone comes up with a better solution. """ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430065#20 ** Follow up questions: 0) The reproducer doesn't seems consistent and seems to be related to a race condition associated with a internal timer/futex. 1) Can anyone confirm that a pristine upstream 4.4.1 doesn't reproduces the issue? ** Bug watch added: Debian Bug tracker #430065 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430065 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: In Progress Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Patch added: "lp1888926-focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+attachment/5398376/+files/lp1888926-focal.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: In Progress Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360 tls.cacert="/etc/rsyslog.tls/chain.pem" tls.mycert="/etc/rsyslog.tls/cert.pem" tls.myprivkey="/etc/rsyslog.tls/privkey.pem" tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). [Risk potential] * No identified as this is a rebuild that should have been done on all reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0 [Fix] Provide a rebuild SRU for focal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Tags added: sts-sru-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: Fix Released Status in rsyslog source package in Focal: In Progress Status in rsyslog source package in Groovy: Fix Released Bug description: [Description] Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] [Reproducer] Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360 tls.cacert="/etc/rsyslog.tls/chain.pem" tls.mycert="/etc/rsyslog.tls/cert.pem" tls.myprivkey="/etc/rsyslog.tls/privkey.pem" tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). [Risk potential] * No identified as this is a rebuild that should have been done on all reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0 [Fix] Provide a rebuild SRU for focal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Hello, Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies (such as rsyslog) weren't rebuilt after this new version was published # dpkg -l | grep librelp ii librelp-dev:amd641.5.0-1ubuntu2amd64 Reliable Event Logging Protocol (RELP) library - development files ii librelp0:amd64 1.5.0-1ubuntu2amd64 Reliable Event Logging Protocol (RELP) library I'll go ahead and provide a rebuild SRU for focal. ** Description changed: + [Description] + + Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory, + librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies + (such as rsyslog) weren't rebuilt after this new version was published + + # dpkg -l | grep librelp + ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files + ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library + rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] - Here is the config: + [Reproducer] + + Setup a focal machine with rsyslog, using the following configuration: module(load="imrelp" tls.tlslib="openssl") input( - type="imrelp" port="2515" - tls="on" - # This should work in rsyslog 8.2006.0: - #tls.mycert="/etc/rsyslog.tls/fullchain.pem" - # for now we use the work-around discussed in: - # https://github.com/rsyslog/rsyslog/issues/4360 - tls.cacert="/etc/rsyslog.tls/chain.pem" - tls.mycert="/etc/rsyslog.tls/cert.pem" - tls.myprivkey="/etc/rsyslog.tls/privkey.pem" - tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" + type="imrelp" port="2515" + tls="on" + # This should work in rsyslog 8.2006.0: + #tls.mycert="/etc/rsyslog.tls/fullchain.pem" + # for now we use the work-around discussed in: + # https://github.com/rsyslog/rsyslog/issues/4360 + tls.cacert="/etc/rsyslog.tls/chain.pem" + tls.mycert="/etc/rsyslog.tls/cert.pem" + tls.myprivkey="/etc/rsyslog.tls/privkey.pem" + tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) - This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) - inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else - parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " - "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); + parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " + "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no - The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). + + [Risk potential] + + * No identified as this is a rebuild that should have been done on all + reverse
[Touch-packages] [Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
** Also affects: rsyslog (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: rsyslog (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1888926 Title: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0 Status in rsyslog package in Ubuntu: New Status in rsyslog source package in Focal: New Status in rsyslog source package in Groovy: New Bug description: rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or before line 22: imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be fine); ignoring setting now. [v8.2001.0 try https://www.rsyslog.com/e/2207 ] Here is the config: module(load="imrelp" tls.tlslib="openssl") input( type="imrelp" port="2515" tls="on" # This should work in rsyslog 8.2006.0: #tls.mycert="/etc/rsyslog.tls/fullchain.pem" # for now we use the work-around discussed in: # https://github.com/rsyslog/rsyslog/issues/4360 tls.cacert="/etc/rsyslog.tls/chain.pem" tls.mycert="/etc/rsyslog.tls/cert.pem" tls.myprivkey="/etc/rsyslog.tls/privkey.pem" tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2" ) This error comes from this code in plugins/imrelp/imrelp.c: #if defined(HAVE_RELPENGINESETTLSCFGCMD) inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); #else parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; " "it probably is too old (1.5.0 or higher should be fine); ignoring setting now."); #endif The build log for focal: https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... no checking for relpSrvSetTlsConfigCmd... (cached) no The build log for groovy: https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz says: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes If I rebuild the rsyslog package, I get: checking for relpSrvSetTlsConfigCmd... yes checking for relpSrvSetTlsConfigCmd... (cached) yes I suspect that the rsyslog package was built against and older librelp version. A simple rebuild of rsyslog should fix this, though a more complete fix would be to raise the Build-Depends from librelp-dev (>= 1.4.0) to librelp-dev (>= 1.5.0). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp