Hello,
Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
(such as rsyslog) weren't rebuilt after this new version was published
# dpkg -l | grep librelp
ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64
Reliable Event Logging Protocol (RELP) library - development files
ii librelp0:amd64 1.5.0-1ubuntu2 amd64
Reliable Event Logging Protocol (RELP) library
I'll go ahead and provide a rebuild SRU for focal.
** Description changed:
+ [Description]
+
+ Problem is according to
https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
+ librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse
dependencies
+ (such as rsyslog) weren't rebuilt after this new version was published
+
+ # dpkg -l | grep librelp
+ ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol
(RELP) library - development files
+ ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP)
library
+
rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on or
before line 22: imrelp: librelp does not support input parameter
'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
fine); ignoring setting now. [v8.2001.0 try
https://www.rsyslog.com/e/2207 ]
- Here is the config:
+ [Reproducer]
+
+ Setup a focal machine with rsyslog, using the following configuration:
----
module(load="imrelp" tls.tlslib="openssl")
input(
- type="imrelp" port="2515"
- tls="on"
- # This should work in rsyslog 8.2006.0:
- #tls.mycert="/etc/rsyslog.tls/fullchain.pem"
- # for now we use the work-around discussed in:
- # https://github.com/rsyslog/rsyslog/issues/4360
- tls.cacert="/etc/rsyslog.tls/chain.pem"
- tls.mycert="/etc/rsyslog.tls/cert.pem"
- tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
- tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
+ type="imrelp" port="2515"
+ tls="on"
+ # This should work in rsyslog 8.2006.0:
+ #tls.mycert="/etc/rsyslog.tls/fullchain.pem"
+ # for now we use the work-around discussed in:
+ # https://github.com/rsyslog/rsyslog/issues/4360
+ tls.cacert="/etc/rsyslog.tls/chain.pem"
+ tls.mycert="/etc/rsyslog.tls/cert.pem"
+ tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
+ tls.tlscfgcmd="ServerPreference
CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
MinProtocol=TLSv1.2"
)
----
-
This error comes from this code in plugins/imrelp/imrelp.c:
----
#if defined(HAVE_RELPENGINESETTLSCFGCMD)
- inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ inst->tlscfgcmd =
(uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
#else
- parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
- "it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
+ parser_errmsg("imrelp: librelp does not support input
parameter 'tls.tlscfgcmd'; "
+ "it probably is too old (1.5.0 or higher
should be fine); ignoring setting now.");
#endif
----
The build log for focal:
https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... no
checking for relpSrvSetTlsConfigCmd... (cached) no
-
The build log for groovy:
https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
says:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
If I rebuild the rsyslog package, I get:
checking for relpSrvSetTlsConfigCmd... yes
checking for relpSrvSetTlsConfigCmd... (cached) yes
I suspect that the rsyslog package was built against and older librelp
version. A simple rebuild of rsyslog should fix this, though a more
complete fix would be to raise the Build-Depends from librelp-dev (>=
1.4.0) to librelp-dev (>= 1.5.0).
+
+ [Risk potential]
+
+ * No identified as this is a rebuild that should have been done on all
+ reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0
+
+
+ [Fix]
+
+ Provide a rebuild SRU for focal.
** Changed in: rsyslog (Ubuntu Groovy)
Status: New => Fix Released
** Changed in: rsyslog (Ubuntu Focal)
Status: New => In Progress
** Changed in: rsyslog (Ubuntu Focal)
Assignee: (unassigned) => Jorge Niedbalski (niedbalski)
** Changed in: rsyslog (Ubuntu Focal)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1888926
Title:
tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
