diff options
Diffstat (limited to 'import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog')
10 files changed, 617 insertions, 0 deletions
diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/enable_tls_ptests.patch b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/enable_tls_ptests.patch new file mode 100644 index 000000000..c858f32b9 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/enable_tls_ptests.patch @@ -0,0 +1,28 @@ +Enable tls ptest + +Signed-off-by: Tudor Florea <tudor.florea@enea.com> +Upstream-Status: Pending + +--- rsyslog-7.4.4/tests/Makefile.am.orig 2013-08-30 18:30:41.000000000 +0200 ++++ rsyslog-7.4.4/tests/Makefile.am 2015-10-01 09:38:45.176289031 +0200 +@@ -118,15 +118,13 @@ + endif + + if ENABLE_GNUTLS +-# TODO: re-enable in newer version +-#TESTS += \ +- #sndrcv_tls_anon.sh \ +- #sndrcv_tls_anon_rebind.sh \ +- #imtcp-tls-basic.sh ++TESTS += \ ++ imtcp-tls-basic.sh \ ++ imtcp_conndrop_tls.sh + if HAVE_VALGRIND + TESTS += imtcp-tls-basic-vg.sh \ +- imtcp_conndrop_tls-vg.sh +- manytcp-too-few-tls-vg.sh ++ imtcp_conndrop_tls-vg.sh \ ++ manytcp-too-few-tls.sh + endif + endif + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/initscript b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/initscript new file mode 100644 index 000000000..7a8f8f991 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/initscript @@ -0,0 +1,118 @@ +#! /bin/sh +# +# This is an init script for openembedded +# Copy it to /etc/init.d/rsyslog and type +# > update-rc.d rsyslog defaults 5 +# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +NAME=rsyslog +RSYSLOGD=rsyslogd +RSYSLOGD_BIN=/usr/sbin/rsyslogd +RSYSLOGD_OPTIONS="" +RSYSLOGD_PIDFILE=/var/run/rsyslogd.pid +SCRIPTNAME=/etc/init.d/$NAME +# Exit if the package is not installed +[ -x "$RSYSLOGD_BIN" ] || exit 0 +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME +# +# Function that starts the daemon/service +# +do_start() +{ + DAEMON=$1 + DAEMON_ARGS=$2 + PIDFILE=$3 + # Return + # 0 if daemon has been started + # 1 if daemon could not be started + # if daemon had already been started, start-stop-daemon will return 1 + # so add -o/--oknodo(if nothing is done, exit 0) + start-stop-daemon -S --quiet --pidfile $PIDFILE --exec $DAEMON \ + --oknodo -- $DAEMON_ARGS || return 1 +} +# +# Function that stops the daemon/service +# +do_stop() +{ + NAME=$1 + PIDFILE=$2 + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + # QUIT/TERM/INT should work here, but they don't ????? + start-stop-daemon -K --quiet --signal KILL --pidfile $PIDFILE --name $NAME + RETVAL="$?" + rm -f $PIDFILE + return "$RETVAL" +} +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + NAME=$1 + PIDFILE=$2 + start-stop-daemon -K --signal HUP --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +do_status() { + NAME=$1 + PIDFILE=$2 + # -t: test only but not stop + start-stop-daemon -K -t --quiet --pidfile $PIDFILE --name $NAME + # exit with status 0 if process is found + if [ "$?" = "0" ]; then + return 0 + else + return 1 + fi +} + +case "$1" in + start) + echo -n "starting $RSYSLOGD ... " + do_start "$RSYSLOGD_BIN" "$RSYSLOGD_OPTIONS" "$RSYSLOGD_PIDFILE" + case "$?" in + 0) echo "done" ;; + 1) echo "failed" ;; + esac + ;; + stop) + echo -n "stopping $RSYSLOGD ... " + do_stop "$RSYSLOGD" "$RSYSLOGD_PIDFILE" + case "$?" in + 0|1) echo "done" ;; + 2) echo "failed" ;; + esac + ;; + reload|force-reload) + echo -n "reloading $RSYSLOGD ... " + do_reload "$RSYSLOGD" "$RSYSLOGD_PIDFILE" + echo "done" + ;; + restart) + $0 stop + $0 start + ;; + status) + echo -n "status $RSYSLOGD ... " + do_status "$RSYSLOGD" "$RSYSLOGD_PIDFILE" + if [ "$?" = "0" ]; then + echo "running" + exit 0 + else + echo "stopped" + exit 1 + fi + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac +exit 0 diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/json-0.12-fix.patch b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/json-0.12-fix.patch new file mode 100644 index 000000000..3dd85a7bb --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/json-0.12-fix.patch @@ -0,0 +1,47 @@ +json-c-0.12 unlike 0.11 doesn't install json -> json-c symlink in include + +* Resolved in Version 7.6.4 [v7.6-stable] 2014-09-12 + https://github.com/rsyslog/rsyslog/blob/v7-stable/ChangeLog +* permits to build against json-c 0.12 + Unfortunately, json-c had an ABI breakage, so this is necessary. Note + that versions prior to 0.12 had security issues (CVE-2013-6370, + CVE-2013-6371) and so it is desirable to link against the new version. + Thanks to Thomas D. for the patch. Note that at least some distros + have fixed the security issue in older versions of json-c, so this + seems to apply mostly when building from sources. + +Upstream-Status: Backport +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> + +diff --git a/plugins/ommongodb/ommongodb.c b/plugins/ommongodb/ommongodb.c +index 41c0d76..682c40e 100644 +--- a/plugins/ommongodb/ommongodb.c ++++ b/plugins/ommongodb/ommongodb.c +@@ -33,9 +33,9 @@ + #include <stdint.h> + #include <time.h> + #include <mongo.h> +-#include <json.h> ++#include <json-c/json.h> + /* For struct json_object_iter, should not be necessary in future versions */ +-#include <json_object_private.h> ++#include <json-c/json_object_private.h> + + #include "rsyslog.h" + #include "conf.h" +diff --git a/runtime/msg.c b/runtime/msg.c +index d04ce7b..b367e1f 100644 +--- a/runtime/msg.c ++++ b/runtime/msg.c +@@ -41,9 +41,9 @@ + #endif + #include <netdb.h> + #include <libestr.h> +-#include <json.h> ++#include <json-c/json.h> + /* For struct json_object_iter, should not be necessary in future versions */ +-#include <json_object_private.h> ++#include <json-c/json_object_private.h> + #if HAVE_MALLOC_H + # include <malloc.h> + #endif diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/replace_deprecated_GnuTLS_functions.patch b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/replace_deprecated_GnuTLS_functions.patch new file mode 100644 index 000000000..be05eee82 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/replace_deprecated_GnuTLS_functions.patch @@ -0,0 +1,73 @@ +replace deprecated GnuTLS functions with newer ones if available + +closes https://github.com/rsyslog/rsyslog/issues/302 + +Upstream fix https://github.com/rsyslog/rsyslog/commit/b34c35e38f258935c0e92ca754da097d7f3f0f58 + +Upstream-Status: Backport +Signed-off-by: Tudor Florea <tudor.florea@enea.com> + +--- + configure.ac | 2 ++ + runtime/nsd_gtls.c | 21 ++++++++++++++++++--- + 2 files changed, 20 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 643fc94..56835fb 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -763,6 +763,8 @@ AC_ARG_ENABLE(gnutls, + if test "x$enable_gnutls" = "xyes"; then + PKG_CHECK_MODULES(GNUTLS, gnutls >= 1.4.0) + AC_DEFINE([ENABLE_GNUTLS], [1], [Indicator that GnuTLS is present]) ++ AC_CHECK_LIB(gnutls, gnutls_global_init) ++ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,) + fi + AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes) + +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index a763e4b..e127834 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -232,15 +232,26 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis) + */ + static int + gtlsClientCertCallback(gnutls_session session, +- __attribute__((unused)) const gnutls_datum* req_ca_rdn, int __attribute__((unused)) nreqs, +- __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, int __attribute__((unused)) sign_algos_length, +- gnutls_retr_st *st) ++ __attribute__((unused)) const gnutls_datum* req_ca_rdn, ++ int __attribute__((unused)) nreqs, ++ __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, ++ int __attribute__((unused)) sign_algos_length, ++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION ++ gnutls_retr2_st* st ++#else ++ gnutls_retr_st *st ++#endif ++ ) + { + nsd_gtls_t *pThis; + + pThis = (nsd_gtls_t*) gnutls_session_get_ptr(session); + ++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION ++ st->cert_type = GNUTLS_CRT_X509; ++#else + st->type = GNUTLS_CRT_X509; ++#endif + st->ncerts = 1; + st->cert.x509 = &pThis->ourCert; + st->key.x509 = pThis->ourKey; +@@ -1625,7 +1625,11 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) + gnutls_session_set_ptr(pThis->sess, (void*)pThis); + iRet = gtlsLoadOurCertKey(pThis); /* first load .pem files */ + if(iRet == RS_RET_OK) { ++# if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION ++ gnutls_certificate_set_retrieve_function(xcred, gtlsClientCertCallback); ++# else + gnutls_certificate_client_set_retrieve_function(xcred, gtlsClientCertCallback); ++# endif + } else if(iRet != RS_RET_CERTLESS) { + FINALIZE; /* we have an error case! */ + } diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch new file mode 100644 index 000000000..bdcb6e22a --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch @@ -0,0 +1,96 @@ +$MaxMessageSize doesn't work if before $IncludeConfig diag-common.conf, then +test cases fall into infinite loop with error message: + +8062.511110729:4902c480: error: message received is larger than max msg size, we split it +8062.511152265:4902c480: discarding zero-sized message + +Update configure to fix it. + +Upstream-Status: pending + +Kai Kang <kai.kang@windriver.com> +--- +diff -Nru rsyslog-7.4.4/tests/testsuites/complex1.conf rsyslog-7.4.4.new/tests/testsuites/complex1.conf +--- rsyslog-7.4.4/tests/testsuites/complex1.conf 2013-08-31 00:30:41.000000000 +0800 ++++ rsyslog-7.4.4.new/tests/testsuites/complex1.conf 2013-12-18 14:28:10.644004184 +0800 +@@ -1,7 +1,7 @@ + # complex test case with multiple actions in gzip mode + # rgerhards, 2009-05-22 +-$MaxMessageSize 10k + $IncludeConfig diag-common.conf ++$MaxMessageSize 10k + + $MainMsgQueueTimeoutEnqueue 5000 + +diff -Nru rsyslog-7.4.4/tests/testsuites/gzipwr_large.conf rsyslog-7.4.4.new/tests/testsuites/gzipwr_large.conf +--- rsyslog-7.4.4/tests/testsuites/gzipwr_large.conf 2012-04-04 14:29:55.000000000 +0800 ++++ rsyslog-7.4.4.new/tests/testsuites/gzipwr_large.conf 2013-12-18 14:28:10.645004186 +0800 +@@ -1,7 +1,7 @@ + # simple async writing test + # rgerhards, 2010-03-09 +-$MaxMessageSize 10k + $IncludeConfig diag-common.conf ++$MaxMessageSize 10k + + $ModLoad ../plugins/imtcp/.libs/imtcp + $MainMsgQueueTimeoutShutdown 10000 +diff -Nru rsyslog-7.4.4/tests/testsuites/gzipwr_large_dynfile.conf rsyslog-7.4.4.new/tests/testsuites/gzipwr_large_dynfile.conf +--- rsyslog-7.4.4/tests/testsuites/gzipwr_large_dynfile.conf 2012-04-04 14:29:55.000000000 +0800 ++++ rsyslog-7.4.4.new/tests/testsuites/gzipwr_large_dynfile.conf 2013-12-18 14:28:10.645004186 +0800 +@@ -1,7 +1,7 @@ + # simple async writing test + # rgerhards, 2010-03-09 +-$MaxMessageSize 10k + $IncludeConfig diag-common.conf ++$MaxMessageSize 10k + + $ModLoad ../plugins/imtcp/.libs/imtcp + $MainMsgQueueTimeoutShutdown 10000 +diff -Nru rsyslog-7.4.4/tests/testsuites/imptcp_conndrop.conf rsyslog-7.4.4.new/tests/testsuites/imptcp_conndrop.conf +--- rsyslog-7.4.4/tests/testsuites/imptcp_conndrop.conf 2013-08-31 00:30:41.000000000 +0800 ++++ rsyslog-7.4.4.new/tests/testsuites/imptcp_conndrop.conf 2013-12-18 14:28:10.646004189 +0800 +@@ -1,7 +1,7 @@ + # simple async writing test + # rgerhards, 2010-03-09 +-$MaxMessageSize 10k + $IncludeConfig diag-common.conf ++$MaxMessageSize 10k + + $ModLoad ../plugins/imptcp/.libs/imptcp + $MainMsgQueueTimeoutShutdown 10000 +diff -Nru rsyslog-7.4.4/tests/testsuites/imptcp_large.conf rsyslog-7.4.4.new/tests/testsuites/imptcp_large.conf +--- rsyslog-7.4.4/tests/testsuites/imptcp_large.conf 2013-08-31 00:30:41.000000000 +0800 ++++ rsyslog-7.4.4.new/tests/testsuites/imptcp_large.conf 2013-12-18 14:28:10.646004189 +0800 +@@ -1,7 +1,7 @@ + # simple async writing test + # rgerhards, 2010-03-09 +-$MaxMessageSize 10k + $IncludeConfig diag-common.conf ++$MaxMessageSize 10k + + $ModLoad ../plugins/imptcp/.libs/imptcp + $MainMsgQueueTimeoutShutdown 10000 +diff -Nru rsyslog-7.4.4/tests/testsuites/imtcp_conndrop.conf rsyslog-7.4.4.new/tests/testsuites/imtcp_conndrop.conf +--- rsyslog-7.4.4/tests/testsuites/imtcp_conndrop.conf 2013-07-19 20:59:03.000000000 +0800 ++++ rsyslog-7.4.4.new/tests/testsuites/imtcp_conndrop.conf 2013-12-18 14:28:10.646004189 +0800 +@@ -1,7 +1,7 @@ + # simple async writing test + # rgerhards, 2010-03-09 +-$MaxMessageSize 10k + $IncludeConfig diag-common.conf ++$MaxMessageSize 10k + + $ModLoad ../plugins/imtcp/.libs/imtcp + $MainMsgQueueTimeoutShutdown 10000 +diff -Nru rsyslog-7.4.4/tests/testsuites/wr_large.conf rsyslog-7.4.4.new/tests/testsuites/wr_large.conf +--- rsyslog-7.4.4/tests/testsuites/wr_large.conf 2012-04-04 14:29:55.000000000 +0800 ++++ rsyslog-7.4.4.new/tests/testsuites/wr_large.conf 2013-12-18 14:28:10.647004190 +0800 +@@ -1,7 +1,7 @@ + # simple async writing test + # rgerhards, 2010-03-09 +-$MaxMessageSize 10k + $IncludeConfig diag-common.conf ++$MaxMessageSize 10k + + $ModLoad ../plugins/imtcp/.libs/imtcp + $MainMsgQueueTimeoutShutdown 10000 diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf new file mode 100644 index 000000000..324ae6d82 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf @@ -0,0 +1,86 @@ +# if you experience problems, check +# http://www.rsyslog.com/troubleshoot for assistance + +# rsyslog v3: load input modules +# If you do not load inputs, nothing happens! +# You may need to set the module load path if modules are not found. +# +# Ported from debian's sysklogd.conf + +$ModLoad immark # provides --MARK-- message capability +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imklog # kernel logging (formerly provided by rklogd) + +# +# Set the default permissions +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# Logging for INN news system +# +news.crit /var/log/news.crit +news.err /var/log/news.err +news.notice -/var/log/news.notice + +# +# Some `catch-all' logfiles. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* + +# Save boot messages also to boot.log +local7.* /var/log/boot.log + +# Remote Logging (we use TCP for reliable delivery) +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +#$WorkDirectory /var/spool/rsyslog # where to place spool files +#$ActionQueueFileName uniqName # unique name prefix for spool files +$ActionQueueMaxDiskSpace 10m # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down +# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional +#*.* @@remote-host:514 + + +# ######### Receiving Messages from Remote Hosts ########## +# TCP Syslog Server: +# provides TCP syslog reception and GSS-API (if compiled to support it) +#$ModLoad imtcp.so # load module +#$InputTCPServerRun 514 # start up TCP listener at port 514 + +# UDP Syslog Server: +#$ModLoad imudp.so # provides UDP syslog reception +#$UDPServerRun 514 # start a UDP syslog server at standard port 514 diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate new file mode 100644 index 000000000..94ec517b2 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate @@ -0,0 +1,39 @@ +# /etc/logrotate.d/rsyslog - Ported from Debian + +/var/log/syslog +{ + rotate 7 + daily + missingok + notifempty + delaycompress + compress + postrotate + /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true + endscript +} + +/var/log/mail.info +/var/log/mail.warn +/var/log/mail.err +/var/log/mail.log +/var/log/daemon.log +/var/log/kern.log +/var/log/auth.log +/var/log/user.log +/var/log/lpr.log +/var/log/cron.log +/var/log/debug +/var/log/messages +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true + endscript +} diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/run-ptest b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/run-ptest new file mode 100644 index 000000000..3770a7506 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh +# +make -C tests -k check-TESTS diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch new file mode 100644 index 000000000..ebc10707c --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch @@ -0,0 +1,48 @@ +From 5c3ba79177f7d1763db33c4358af2af60ff214b7 Mon Sep 17 00:00:00 2001 +From: Roy Li <rongqing.li@windriver.com> +Date: Wed, 18 Jun 2014 13:46:52 +0800 +Subject: [PATCH] use pkgconfig to check libgcrypt + +Upstream-status: Inappropriate [configuration] + +libgcrypt does no longer provide libgcrypt-config, and provide +*.pc, so we should use pkgconfig to check + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + configure.ac | 19 +------------------ + 1 file changed, 1 insertion(+), 18 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 017116e..1b880f8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -784,24 +784,7 @@ AC_ARG_ENABLE(libgcrypt, + [enable_libgcrypt=yes] + ) + if test "x$enable_libgcrypt" = "xyes"; then +- AC_CHECK_PROG( +- [HAVE_LIBGCRYPT_CONFIG], +- [libgcrypt-config], +- [yes],,, +- ) +- if test "x${HAVE_LIBGCRYPT_CONFIG}" != "xyes"; then +- AC_MSG_FAILURE([libgcrypt-config not found in PATH]) +- fi +- AC_CHECK_LIB( +- [gcrypt], +- [gcry_cipher_open], +- [LIBGCRYPT_CFLAGS="`libgcrypt-config --cflags`" +- LIBGCRYPT_LIBS="`libgcrypt-config --libs`" +- ], +- [AC_MSG_FAILURE([libgcrypt is missing])], +- [`libgcrypt-config --libs --cflags`] +- ) +- AC_DEFINE([ENABLE_LIBGCRYPT], [1], [Indicator that LIBGCRYPT is present]) ++ PKG_CHECK_MODULES(LIBGCRYPT, libgcrypt) + fi + AM_CONDITIONAL(ENABLE_LIBGCRYPT, test x$enable_libgcrypt = xyes) + AC_SUBST(LIBGCRYPT_CFLAGS) +-- +1.7.9.5 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/use_gnutls_certificate_type_set_priority_only_if_available.patch b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/use_gnutls_certificate_type_set_priority_only_if_available.patch new file mode 100644 index 000000000..e1dab759a --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/use_gnutls_certificate_type_set_priority_only_if_available.patch @@ -0,0 +1,79 @@ +From 21674039db99d1067e9df4df04d965297d62c6af Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards <rgerhards@adiscon.com> +Date: Mon, 18 May 2015 09:36:02 +0200 +Subject: [PATCH] use gnutls_certificate_type_set_priority() only if available + +The gnutls_certificate_type_set_priority function is deprecated +and not available in recent GnuTLS versions. However, there is no +doc how to properly replace it with gnutls_priority_set_direct. +A lot of folks have simply removed it, when they also called +gnutls_set_default_priority. This is what we now also do. If +this causes problems or someone has an idea of how to replace +the deprecated function in a better way, please let us know! +In any case, we use it as long as it is available and let +not insult us by the deprecation warnings. + +Upstream-Status: Backport +Signed-off-by: Tudor Florea <tudor.florea@enea.com> + +--- + configure.ac | 1 + + runtime/nsd_gtls.c | 18 ++++++++++++++++-- + 2 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 56835fb..1c2be01 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -765,6 +765,7 @@ if test "x$enable_gnutls" = "xyes"; then + AC_DEFINE([ENABLE_GNUTLS], [1], [Indicator that GnuTLS is present]) + AC_CHECK_LIB(gnutls, gnutls_global_init) + AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,) ++ AC_CHECK_FUNCS(gnutls_certificate_type_set_priority,,) + fi + AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes) + +diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c +index e127834..4b6aab1 100644 +--- a/runtime/nsd_gtls.c ++++ b/runtime/nsd_gtls.c +@@ -1658,8 +1658,9 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + int sock; + int gnuRet; +- /* TODO: later? static const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };*/ ++# if HAVE_GNUTLS_CERTIFICATE_TYPE_SET_PRIORITY + static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 }; ++# endif + DEFiRet; + + ISOBJ_TYPE_assert(pThis, nsd_gtls); +@@ -1688,14 +1689,27 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) + gnutls_certificate_set_retrieve_function(xcred, gtlsClientCertCallback); + # else + gnutls_certificate_client_set_retrieve_function(xcred, gtlsClientCertCallback); +-# endif ++# endif + } else if(iRet != RS_RET_CERTLESS) { + FINALIZE; /* we have an error case! */ + } + + /* Use default priorities */ + CHKgnutls(gnutls_set_default_priority(pThis->sess)); ++# if HAVE_GNUTLS_CERTIFICATE_TYPE_SET_PRIORITY ++ /* The gnutls_certificate_type_set_priority function is deprecated ++ * and not available in recent GnuTLS versions. However, there is no ++ * doc how to properly replace it with gnutls_priority_set_direct. ++ * A lot of folks have simply removed it, when they also called ++ * gnutls_set_default_priority. This is what we now also do. If ++ * this causes problems or someone has an idea of how to replace ++ * the deprecated function in a better way, please let us know! ++ * In any case, we use it as long as it is available and let ++ * not insult us by the deprecation warnings. ++ * 2015-05-18 rgerhards ++ */ + CHKgnutls(gnutls_certificate_type_set_priority(pThis->sess, cert_type_priority)); ++# endif + + /* put the x509 credentials to the current session */ + CHKgnutls(gnutls_credentials_set(pThis->sess, GNUTLS_CRD_CERTIFICATE, xcred)); |