sysutils/rsyslog8: fix build with libressl, add DTLS option

rsyslog8 fails to build with libressl due to lack of support of the
SSL_CONF_CTX type.  This occurs in a block of code only used by the
DTLS input and output modules, which are not enabled by default in the
FreeBSD port.

Therefore solve the build failure by making the problematic function
dependant on LIBRESSL_VERSION_NUMBER being defined (via
files/patch-runtime_net__ossl.c, obtained from github issue 5342 for
rsyslog).  This is similar to previous libressl compatability fixes
from PR 254864.

While here, add a DTLS option to enable building the imdtls and omdtls
modules -- this does require linkage against openssl to compile
successfully.  Additionally required patches are to add the necessary
header files for the pthread_kill(3) and close(2) prototypes.  I have
not been able to test the functionality of the DTLS modules very
effectively and would be glad to hear of anyone's experiences with
them.

PR:		278018
Reported by:	Dave Hayes <dave@jetcafe.org>
Obtained from:	(partly) https://github.com/rsyslog/rsyslog/issues/5342

4 files changed, 45 insertions, 1 deletions

diff --git a/sysutils/rsyslog8/Makefile b/sysutils/rsyslog8/Makefile
index b0b93fe0daa4..40dfc8a7c457 100644
--- a/sysutils/rsyslog8/Makefile
+++ b/sysutils/rsyslog8/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	rsyslog
 PORTVERSION=	8.2402.0
+PORTREVISION=	1
 CATEGORIES=	sysutils
 MASTER_SITES=	http://www.rsyslog.com/files/download/rsyslog/
 
@@ -21,7 +22,7 @@ USES=		cpe libtool pkgconfig autoreconf python:env
 
 PORTSCOUT=	limit:^8\.
 
-OPTIONS_DEFINE=	DBI DOCS ELASTIC GCRYPT GSSAPI HTTP JSONPARSE KAFKA \
+OPTIONS_DEFINE=	DBI DOCS DTLS ELASTIC GCRYPT GSSAPI HTTP JSONPARSE KAFKA \
 		MYSQL NORMALIZE PGSQL RABBITMQ RELP SNMP
 OPTIONS_RADIO=	SSLLIB
 OPTIONS_RADIO_SSLLIB=	GNUTLS OPENSSL
@@ -33,6 +34,11 @@ DBI_LIB_DEPENDS=	libdbi.so:databases/libdbi
 DBI_CONFIGURE_ENABLE=	libdbi
 DBI_PLIST_FILES=	lib/rsyslog/omlibdbi.so
 
+DTLS_DESC=		DTLS input/output modules
+DTLS_CONFIGURE_ENABLE=	imdtls omdtls
+DTLS_PLIST_FILES=	lib/rsyslog/imdtls.so \
+			lib/rsyslog/omdtls.so
+
 ELASTIC_DESC=		Elasticsearch module for rsyslog
 ELASTIC_CONFIGURE_ENABLE=	elasticsearch
 ELASTIC_PLIST_FILES=	lib/rsyslog/omelasticsearch.so
diff --git a/sysutils/rsyslog8/files/patch-plugins_imdtls_imdtls.c b/sysutils/rsyslog8/files/patch-plugins_imdtls_imdtls.c
new file mode 100644
index 000000000000..3d1f95b3447d
--- /dev/null
+++ b/sysutils/rsyslog8/files/patch-plugins_imdtls_imdtls.c
@@ -0,0 +1,10 @@
+--- plugins/imdtls/imdtls.c.orig	2024-03-31 11:10:07 UTC
++++ plugins/imdtls/imdtls.c
+@@ -23,6 +23,7 @@
+  */
+ #include "config.h"
+ 
++#include <signal.h>
+ #include <stdio.h>
+ #include <arpa/inet.h>
+ #include <fcntl.h>
diff --git a/sysutils/rsyslog8/files/patch-plugins_omdtls_omdtls.c b/sysutils/rsyslog8/files/patch-plugins_omdtls_omdtls.c
new file mode 100644
index 000000000000..cd4447416a9a
--- /dev/null
+++ b/sysutils/rsyslog8/files/patch-plugins_omdtls_omdtls.c
@@ -0,0 +1,10 @@
+--- plugins/omdtls/omdtls.c.orig	2024-02-26 08:24:02 UTC
++++ plugins/omdtls/omdtls.c
+@@ -43,6 +43,7 @@
+ #endif
+ #include <sys/time.h>
+ #include <time.h>
++#include <unistd.h>
+ 
+ // --- Include openssl headers as well
+ #include <openssl/ssl.h>
diff --git a/sysutils/rsyslog8/files/patch-runtime_net__ossl.c b/sysutils/rsyslog8/files/patch-runtime_net__ossl.c
new file mode 100644
index 000000000000..22e76aeebaef
--- /dev/null
+++ b/sysutils/rsyslog8/files/patch-runtime_net__ossl.c
@@ -0,0 +1,18 @@
+--- runtime/net_ossl.c.orig	2024-02-26 08:24:02 UTC
++++ runtime/net_ossl.c
+@@ -460,6 +460,7 @@ void net_ossl_lastOpenSSLErrorMsg
+ 
+ /* initialize tls config commands in openssl context
+  */
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd)
+ {
+ 	DEFiRet;
+@@ -543,6 +544,7 @@ finalize_it:
+ finalize_it:
+ 	RETiRet;
+ }
++#endif
+ 
+ 
+ /* Convert a fingerprint to printable data. The  conversion is carried out