[Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Mauricio Faria de Oliveira
1888926 at bugs.launchpad.net
Tue Aug 4 13:58:58 UTC 2020
** Tags added: sts-sponsor-mfo
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
In Progress
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
----
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2"
)
----
This error comes from this code in plugins/imrelp/imrelp.c:
----
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher should be fine); ignoring setting now.");
#endif
----
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
More information about the Ubuntu-sponsors
mailing list