[Bug 1888926] [NEW] tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0

Richard Laager 1888926 at bugs.launchpad.net
Sat Jul 25 08:22:05 UTC 2020 

Public bug reported:

rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or
before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]

Here is the config:

----
module(load="imrelp" tls.tlslib="openssl")

input(
    type="imrelp" port="2515"
    tls="on"
    # This should work in rsyslog 8.2006.0:
    #tls.mycert="/etc/rsyslog.tls/fullchain.pem"
    # for now we use the work-around discussed in:
    # https://github.com/rsyslog/rsyslog/issues/4360
    tls.cacert="/etc/rsyslog.tls/chain.pem"
    tls.mycert="/etc/rsyslog.tls/cert.pem"
    tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
    tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2"
)
----


This error comes from this code in plugins/imrelp/imrelp.c:

----
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
                        inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
                        parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; "
                                "it probably is too old (1.5.0 or higher should be fine); ignoring setting now.");
#endif
----

The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no


The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes

If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes

I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).

** Affects: rsyslog (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926

Title:
  tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0

Status in rsyslog package in Ubuntu:
  New

Bug description:
  rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
  or before line 22: imrelp: librelp does not support input parameter
  'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
  fine); ignoring setting now. [v8.2001.0 try
  https://www.rsyslog.com/e/2207 ]

  Here is the config:

  ----
  module(load="imrelp" tls.tlslib="openssl")

  input(
      type="imrelp" port="2515"
      tls="on"
      # This should work in rsyslog 8.2006.0:
      #tls.mycert="/etc/rsyslog.tls/fullchain.pem"
      # for now we use the work-around discussed in:
      # https://github.com/rsyslog/rsyslog/issues/4360
      tls.cacert="/etc/rsyslog.tls/chain.pem"
      tls.mycert="/etc/rsyslog.tls/cert.pem"
      tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
      tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2"
  )
  ----

  
  This error comes from this code in plugins/imrelp/imrelp.c:

  ----
  #if defined(HAVE_RELPENGINESETTLSCFGCMD)
                          inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
  #else
                          parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; "
                                  "it probably is too old (1.5.0 or higher should be fine); ignoring setting now.");
  #endif
  ----

  The build log for focal:
  https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
  says:
  checking for relpSrvSetTlsConfigCmd... no
  checking for relpSrvSetTlsConfigCmd... (cached) no

  
  The build log for groovy:
  https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
  says:
  checking for relpSrvSetTlsConfigCmd... yes
  checking for relpSrvSetTlsConfigCmd... (cached) yes

  If I rebuild the rsyslog package, I get:
  checking for relpSrvSetTlsConfigCmd... yes
  checking for relpSrvSetTlsConfigCmd... (cached) yes

  I suspect that the rsyslog package was built against and older librelp
  version. A simple rebuild of rsyslog should fix this, though a more
  complete fix would be to raise the Build-Depends from librelp-dev (>=
  1.4.0) to librelp-dev (>= 1.5.0).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions

More information about the foundations-bugs mailing list