[Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Mauricio Faria de Oliveira
1888926 at bugs.launchpad.net
Fri Aug 7 00:22:03 UTC 2020
Hi Jorge,
Thanks for tracking this down in the build history.
> I suspect that the rsyslog package was built against and older librelp
version.
You're right, the build log shows 'librelp-dev_1.4.0-2'
in the package installs/'Build environment' section.
I slightly modified the changelog entry, and examined the
old/new packages (i.e., pre/post rebuild) for differences,
to ensure the changes are what we expect and nothing else.
It all looks good. Details in the next comment.
However this cannot be uploaded immediately because there
is currently another rsyslog upload in focal; fortunately
it's from Eric/@slashd and not yet approved, so we likely
merge both. I'll email him/you.
cheers,
Mauricio
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
Status in rsyslog package in Ubuntu:
Fix Released
Status in rsyslog source package in Focal:
In Progress
Status in rsyslog source package in Groovy:
Fix Released
Bug description:
[Description]
Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
or before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
[Reproducer]
Setup a focal machine with rsyslog, using the following configuration:
----
module(load="imrelp" tls.tlslib="openssl")
input(
type="imrelp" port="2515"
tls="on"
# This should work in rsyslog 8.2006.0:
#tls.mycert="/etc/rsyslog.tls/fullchain.pem"
# for now we use the work-around discussed in:
# https://github.com/rsyslog/rsyslog/issues/4360
tls.cacert="/etc/rsyslog.tls/chain.pem"
tls.mycert="/etc/rsyslog.tls/cert.pem"
tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2"
)
----
This error comes from this code in plugins/imrelp/imrelp.c:
----
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; "
"it probably is too old (1.5.0 or higher should be fine); ignoring setting now.");
#endif
----
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
[Risk potential]
* No identified as this is a rebuild that should have been done on all
reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
[Fix]
Provide a rebuild SRU for focal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
More information about the Ubuntu-sponsors
mailing list