import rsyslog-8.2102.0-5.el8

.gitignore

@@ -1,3 +1,3 @@
-SOURCES/qpid-proton-0.31.0.tar.gz
+SOURCES/qpid-proton-0.34.0.tar.gz
-SOURCES/rsyslog-8.1911.0.tar.gz
+SOURCES/rsyslog-8.2102.0.tar.gz
-SOURCES/rsyslog-doc-8.1911.0.tar.gz
+SOURCES/rsyslog-doc-8.2102.0.tar.gz

.rsyslog.metadata

@@ -1,3 +1,3 @@
-8714235747ec8947648448eecda57e97d3a733ce SOURCES/qpid-proton-0.31.0.tar.gz
+390e5cb87a6331cf0ce451d7f6552e2c0d97f706 SOURCES/qpid-proton-0.34.0.tar.gz
-30dfc2b99d73598788e2bd0d0ac45e16e7c3a3d5 SOURCES/rsyslog-8.1911.0.tar.gz
+fdda78ed808e7a0dca03ead9227a0a5d913a050f SOURCES/rsyslog-8.2102.0.tar.gz
-8bcb23571ab8011b712ccf52acee20f8940b7f03 SOURCES/rsyslog-doc-8.1911.0.tar.gz
+9c2188d435cb5f79c1c35749003bd2a61e7f2d07 SOURCES/rsyslog-doc-8.2102.0.tar.gz

SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch

@@ -1,123 +0,0 @@
-From ba5b68be84888b24918dd019b87ed9f62d7fa988 Mon Sep 17 00:00:00 2001
-From: Jiri Vymazal <jvymazal@redhat.com>
-Date: Tue, 11 Feb 2020 13:46:23 +0100
-Subject: [PATCH] Fixed processing of 'cofig.enabled' directive
-
-Previously the directive was processed way too late which caused
-false errors whenever it was set to 'off' and possibly other
-problems.
----
- grammar/rainerscript.c | 43+++++++++++++++++++++++----------------
- grammar/rainerscript.h |  1 +
- runtime/rsconf.c       | 10 +++++++++
- 3 files changed, 38 insertions(+), 18 deletions(-)
-
-diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
-index 8f14bbe319..4398e6011a 100644
---- a/grammar/rainerscript.c
-+++ b/grammar/rainerscript.c
-@@ -699,6 +699,22 @@ nvlstFindNameCStr(struct nvlst *lst, const char *const __restrict__ name)
- 	return lst;
- }
- 
-+/* check if the nvlst is disabled, and mark config.enabled directive
-+ * as used if it is not. Returns 1 if block is disabled, 0 otherwise.
-+ */
-+int nvlstChkDisabled(struct nvlst *lst)
-+{
-+	struct nvlst *valnode;
-+
-+	if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) {
-+		lst->bUsed = 1;
-+		if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) {
-+			return 1;
-+		}
-+	}
-+	return 0;
-+}
-+
- 
- /* check if there are duplicate names inside a nvlst and emit
-  * an error message, if so.
-@@ -1207,21 +1224,6 @@ nvlstGetParams(struct nvlst *lst, struct cnfparamblk *params,
- 		}
- 	}
- 
--	/* now config-system parameters (currently a bit hackish, as we
--	 * only have one...). -- rgerhards, 2018-01-24
--	 */
--	if((valnode = nvlstFindNameCStr(lst, "config.enabled")) != NULL) {
--		if(es_strbufcmp(valnode->val.d.estr, (unsigned char*) "on", 2)) {
--			dbgprintf("config object disabled by configuration\n");
--			/* flag all params as used to not emit error mssages */
--			bInError = 1;
--			struct nvlst *val;
--			for(val = lst; val != NULL ; val = val->next) {
--				val->bUsed = 1;
--			}
--		}
--	}
--
- 	/* done parameter processing */
- 	if(bInError) {
- 		if(bValsWasNULL)
-@@ -4418,8 +4418,13 @@ cnfstmtNewAct(struct nvlst *lst)
- 	struct cnfstmt* cnfstmt;
- 	char namebuf[256];
- 	rsRetVal localRet;
--	if((cnfstmt = cnfstmtNew(S_ACT)) == NULL)
-+	if((cnfstmt = cnfstmtNew(S_ACT)) == NULL) {
- 		goto done;
-+	}
-+	if (nvlstChkDisabled(lst)) {
-+		dbgprintf("action disabled by configuration\n");
-+		cnfstmt->nodetype = S_NOP;
-+	}
- 	localRet = actionNewInst(lst, &cnfstmt->d.act);
- 	if(localRet == RS_RET_OK_WARN) {
- 		parser_errmsg("warnings occured in file '%s' around line %d",
-@@ -5284,6 +5289,11 @@ includeProcessCnf(struct nvlst *const lst)
- 		goto done;
- 	}
- 
-+	if (nvlstChkDisabled(lst)) {
-+		DBGPRINTF("include statement disabled\n");
-+		goto done;
-+	}
-+
- 	pvals = nvlstGetParams(lst, &incpblk, NULL);
- 	if(pvals == NULL) {
- 		goto done;
-diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h
-index bfa8ee6cb9..0f8128861b 100644
---- a/grammar/rainerscript.h
-+++ b/grammar/rainerscript.h
-@@ -340,6 +340,7 @@ void nvlstDestruct(struct nvlst *lst);
- void nvlstPrint(struct nvlst *lst);
- void nvlstChkUnused(struct nvlst *lst);
- struct nvlst* nvlstFindName(struct nvlst *lst, es_str_t *name);
-+int nvlstChkDisabled(struct nvlst *lst);
- struct cnfobj* cnfobjNew(enum cnfobjType objType, struct nvlst *lst);
- void cnfobjDestruct(struct cnfobj *o);
- void cnfobjPrint(struct cnfobj *o);
-diff --git a/runtime/rsconf.c b/runtime/rsconf.c
-index fc0863a738..303e06365b 100644
---- a/runtime/rsconf.c
-+++ b/runtime/rsconf.c
-@@ -438,6 +438,16 @@ cnfDoObj(struct cnfobj *const o)
- 
- 	dbgprintf("cnf:global:obj: ");
- 	cnfobjPrint(o);
-+
-+	/* We need to check for object disabling as early as here to cover most
-+	 * of them at once and avoid needless initializations
-+	 * - jvymazal 2020-02-12
-+	 */
-+	if (nvlstChkDisabled(o->nvlst)) {
-+		dbgprintf("object disabled by configuration\n");
-+		return;
-+	}
-+
- 	switch(o->objType) {
- 	case CNFOBJ_GLOBAL:
- 		glblProcessCnf(o);

SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch

@@ -1,142 +0,0 @@
-From ac30968b7858d4ca3743d2b4d296eca543864fe2 Mon Sep 17 00:00:00 2001
-From: Jiri Vymazal <jvymazal@redhat.com>
-Date: Fri, 22 Nov 2019 14:25:59 +0100
-Subject: [PATCH] Thorougher state-file renaming and cleaning
-
-Now checking if file-id changes and reanming - cleaning state file
-accordingly and always checking and cleaning old inode-only style
-state files.
----
- plugins/imfile/imfile.c | 66 +++++++++++++++++++++++++++--------------
- 1 file changed, 43 insertions(+), 23 deletions(-)
-
-diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
-index d9bf0fbb6d..9db2b47ac9 100644
---- a/plugins/imfile/imfile.c
-+++ b/plugins/imfile/imfile.c
-@@ -182,6 +182,7 @@ struct act_obj_s {
- 	time_t timeoutBase; /* what time to calculate the timeout against? */
- 	/* file dynamic data */
- 	char file_id[FILE_ID_HASH_SIZE]; /* file id for this entry, once we could obtain it */
-+	char file_id_prev[FILE_ID_HASH_SIZE]; /* previous file id for this entry, set if changed */
- 	int in_move;	/* workaround for inotify move: if set, state file must not be deleted */
- 	ino_t ino;	/* current inode nbr */
- 	int fd;		/* fd to file in order to obtain file_id (needs to be preserved across move) */
-@@ -711,7 +712,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file,
- 		if (is_file) {
- 			LogError(errno, RS_RET_ERR, "imfile: error accessing file '%s'", name);
- 		} else { /* reporting only in debug for dirs as higher lvl paths are likely blocked by selinux */
--			DBGPRINTF("imfile: error accessing file '%s'", name);
-+			DBGPRINTF("imfile: error accessing directory '%s'", name);
- 		}
- 		FINALIZE;
- 	}
-@@ -727,6 +728,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file,
- 	act->ino = ino;
- 	act->fd = fd;
- 	act->file_id[0] = '\0';
-+	act->file_id_prev[0] = '\0';
- 	act->is_symlink = is_symlink;
- 	if (source) { /* we are target of symlink */
- 		CHKmalloc(act->source_name = strdup(source));
-@@ -1256,17 +1258,15 @@ get_file_id_hash(const char *data, size_t lendata,
- static void ATTR_NONNULL(1)
- getFileID(act_obj_t *const act)
- {
--	if(act->file_id[0] != '\0') {
--		return; /* everything already done */
--	}
-+	/* save the old id for cleaning purposes */
-+	strncpy(act->file_id_prev, (const char*)act->file_id, FILE_ID_HASH_SIZE);
-+	act->file_id[0] = '\0';
- 	assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */
- 	char filedata[FILE_ID_SIZE];
-+	lseek(act->fd, 0, SEEK_SET); /* Seek to beginning of file so we have correct id */
- 	const int r = read(act->fd, filedata, FILE_ID_SIZE);
- 	if(r == FILE_ID_SIZE) {
- 		get_file_id_hash(filedata, sizeof(filedata), act->file_id, sizeof(act->file_id));
--		dbgprintf("file_id '%s' obtained, closing monitoring file handle\n", act->file_id);
--		close(act->fd); /* we will never go here! */
--		act->fd = -1;
- 	} else {
- 		DBGPRINTF("getFileID partial or error read, ret %d\n", r);
- 	}
-@@ -1378,28 +1378,13 @@ openFileWithStateFile(act_obj_t *const act)
- 	if(fd < 0) {
- 		if(errno == ENOENT) {
- 			if(act->file_id[0] != '\0') {
--				const char *pszSFNamHash = strdup((const char*)pszSFNam);
--				CHKmalloc(pszSFNamHash);
- 				DBGPRINTF("state file %s for %s does not exist - trying to see if "
- 					"inode-only file exists\n", pszSFNam, act->name);
- 				getFullStateFileName(statefn, "", pszSFNam, sizeof(pszSFNam));
- 				fd = open((char*)pszSFNam, O_CLOEXEC | O_NOCTTY | O_RDONLY, 0600);
- 				if(fd >= 0) {
--					dbgprintf("found inode-only state file, renaming it now that we "
--						"know the file_id, new name: %s\n", pszSFNamHash);
--					/* we now can use identify the file, so let's rename it */
--					if(rename((const char*)pszSFNam, pszSFNamHash) != 0) {
--						LogError(errno, RS_RET_IO_ERROR,
--							"imfile error trying to rename state file for '%s' - "
--							"ignoring this error, usually this means a file no "
--							"longer file is left over, but this may also cause "
--							"some real trouble. Still the best we can do ",
--							act->name);
--						free((void*) pszSFNamHash);
--						ABORT_FINALIZE(RS_RET_IO_ERROR);
--					}
-+					dbgprintf("found inode-only state file, will be renamed at next persist\n");
- 				}
--				free((void*) pszSFNamHash);
- 			}
- 			if(fd < 0) {
- 				DBGPRINTF("state file %s for %s does not exist - trying to see if "
-@@ -2609,6 +2594,36 @@ atomicWriteStateFile(const char *fn, const char *content)
- 	RETiRet;
- }
- 
-+/* This function should be called after any file ID change - that is if
-+ * file grown from hash-only statefile, or was truncated, this will ensure
-+ * we delete the old file so we do not make garbage in our working dir and
-+ * there are no leftover statefiles which can in theory later bind to something
-+ * and cause data loss.
-+ * jvymazal 2019-11-27
-+ */
-+static void
-+removeOldStatefile(const uchar *statefn, const char *hashToDelete)
-+{
-+	int ret;
-+	uchar statefname[MAXFNAME];
-+
-+	getFullStateFileName(statefn, hashToDelete, statefname, sizeof(statefname));
-+	DBGPRINTF("removing old state file: '%s'\n", statefname);
-+	ret = unlink((const char*)statefname);
-+	if(ret != 0) {
-+		if (errno != ENOENT) {
-+			LogError(errno, RS_RET_IO_ERROR,
-+				"imfile error trying to delete old state file: '%s' - ignoring this "
-+				"error, usually this means a file no longer file is left over, but "
-+				"this may also cause some real trouble. Still the best we can do ",
-+				statefname);
-+		} else {
-+			DBGPRINTF("trying to delete no longer valid statefile '%s' which no "
-+					  "longer exists (probably already deleted)\n", statefname);
-+		}
-+	}
-+}
-+
- 
- /* This function persists information for a specific file being monitored.
-  * To do so, it simply persists the stream object. We do NOT abort on error
-@@ -2660,6 +2675,11 @@ persistStrmState(act_obj_t *const act)
- 	CHKiRet(atomicWriteStateFile((const char*)statefname, jstr));
- 	json_object_put(json);
- 
-+	/* file-id changed remove the old statefile */
-+	if (strncmp((const char *)act->file_id_prev, (const char *)act->file_id, FILE_ID_HASH_SIZE)) {
-+		removeOldStatefile(statefn, act->file_id_prev);
-+	}
-+
- finalize_it:
- 	if(iRet != RS_RET_OK) {
- 		LogError(0, iRet, "imfile: could not persist state "

SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch

@@ -1,58 +0,0 @@
-From 0de93c9e1597b20f71bb61d5375ded546cfd2fa8 Mon Sep 17 00:00:00 2001
-From: Jiri Vymazal <jvymazal@redhat.com>
-Date: Wed, 11 Dec 2019 15:35:26 +0100
-Subject: [PATCH] Changed default for permitExpiredCerts to "off"
-
-This is to be conssitent with rsyslog's prior behavior where
-expired certs were automatically rejected
----
- runtime/nsd_gtls.c | 10 +++++-----
- runtime/nsd_ossl.c |  8 ++++----
- 2 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
-index 5df12994d1..2be0ca9c92 100644
---- a/runtime/nsd_gtls.c
-+++ b/runtime/nsd_gtls.c
-@@ -1461,16 +1461,16 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode)
- 	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
- 
- 	ISOBJ_TYPE_assert((pThis), nsd_gtls);
--	/* default is set to warn! */
--	if(mode == NULL || !strcasecmp((char*)mode, "warn")) {
--		pThis->permitExpiredCerts = GTLS_EXPIRED_WARN;
--	} else if(!strcasecmp((char*) mode, "off")) {
-+	/* default is set to off! */
-+	if(mode == NULL || !strcasecmp((char*)mode, "off")) {
- 		pThis->permitExpiredCerts = GTLS_EXPIRED_DENY;
-+	} else if(!strcasecmp((char*) mode, "warn")) {
-+		pThis->permitExpiredCerts = GTLS_EXPIRED_WARN;
- 	} else if(!strcasecmp((char*) mode, "on")) {
- 		pThis->permitExpiredCerts = GTLS_EXPIRED_PERMIT;
- 	} else {
- 		LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: permitexpiredcerts mode '%s' not supported by "
--				"ossl netstream driver", mode);
-+				"gtls netstream driver", mode);
- 		ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
- 	}
- 
-diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c
-index 4f8dd845ab..ebb2537d72 100644
---- a/runtime/nsd_ossl.c
-+++ b/runtime/nsd_ossl.c
-@@ -1130,11 +1130,11 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode)
- 	nsd_ossl_t *pThis = (nsd_ossl_t*) pNsd;
- 
- 	ISOBJ_TYPE_assert((pThis), nsd_ossl);
--	/* default is set to warn! */
--	if(mode == NULL || !strcasecmp((char*)mode, "warn")) {
--		pThis->permitExpiredCerts = OSSL_EXPIRED_WARN;
--	} else if(!strcasecmp((char*) mode, "off")) {
-+	/* default is set to off! */
-+	if(mode == NULL || !strcasecmp((char*)mode, "off")) {
- 		pThis->permitExpiredCerts = OSSL_EXPIRED_DENY;
-+	} else if(!strcasecmp((char*) mode, "warn")) {
-+		pThis->permitExpiredCerts = OSSL_EXPIRED_WARN;
- 	} else if(!strcasecmp((char*) mode, "on")) {
- 		pThis->permitExpiredCerts = OSSL_EXPIRED_PERMIT;
- 	} else {

SOURCES/rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch

@@ -1,33 +0,0 @@
-From: Jiri Vymazal <jvymazal@redhat.com>
-Date: Wed, 18 Dec 2019 09:48:15 +0100
-Subject: [PATCH] Fix race condition related to libfastjson when using DA queue
-
-Rsyslogd aborts when writing to disk queue from multiple workers simultaneously.
-It is assumed that libfastjson is not thread-safe.
-Resolve libfastjson race condition when writing to disk queue.
-
-see also https://github.com/rsyslog/rsyslog/issues/4099
----
- runtime/msg.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/runtime/msg.c b/runtime/msg.c
-index b5c17cfdd4..f9da40005f 100644
---- a/runtime/msg.c
-+++ b/runtime/msg.c
-@@ -1242,11 +1242,15 @@ static rsRetVal MsgSerialize(smsg_t *pThis, strm_t *pStrm)
- 	psz = pThis->pszStrucData;
- 	CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("pszStrucData"), PROPTYPE_PSZ, (void*) psz));
- 	if(pThis->json != NULL) {
-+		MsgLock(pThis);
- 		psz = (uchar*) json_object_get_string(pThis->json);
-+		MsgUnlock(pThis);
- 		CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("json"), PROPTYPE_PSZ, (void*) psz));
- 	}
- 	if(pThis->localvars != NULL) {
-+		MsgLock(pThis);
- 		psz = (uchar*) json_object_get_string(pThis->localvars);
-+		MsgUnlock(pThis);
- 		CHKiRet(obj.SerializeProp(pStrm, UCHAR_CONSTANT("localvars"), PROPTYPE_PSZ, (void*) psz));
- 	}
- 

SOURCES/rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch

@@ -1,37 +0,0 @@
-From 0c69ec76d8cac47bcfa78abae86229ad63c92b0b Mon Sep 17 00:00:00 2001
-From: Jiri Vymazal <jvymazal@redhat.com>
-Date: Tue, 21 Jan 2020 13:58:14 +0100
-Subject: [PATCH] Fixed saving of old file_id for statefiles
-
-Previously we saved old file_id unconditionally, which led to not
-deleting old statefiles if files changes without rsyslog running.
-Now it should work correctly.
----
- plugins/imfile/imfile.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
-index 908bb5901c..5ad44f6c59 100644
---- a/plugins/imfile/imfile.c
-+++ b/plugins/imfile/imfile.c
-@@ -1258,8 +1258,8 @@ get_file_id_hash(const char *data, size_t lendata,
- static void ATTR_NONNULL(1)
- getFileID(act_obj_t *const act)
- {
--	/* save the old id for cleaning purposes */
--	strncpy(act->file_id_prev, (const char*)act->file_id, FILE_ID_HASH_SIZE);
-+	char tmp_id[FILE_ID_HASH_SIZE];
-+	strncpy(tmp_id, (const char*)act->file_id, FILE_ID_HASH_SIZE);
- 	act->file_id[0] = '\0';
- 	assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */
- 	char filedata[FILE_ID_SIZE];
-@@ -1270,6 +1270,9 @@ getFileID(act_obj_t *const act)
- 	} else {
- 		DBGPRINTF("getFileID partial or error read, ret %d\n", r);
- 	}
-+	if (strncmp(tmp_id, act->file_id, FILE_ID_HASH_SIZE)) {/* save the old id for cleaning purposes */
-+		strncpy(act->file_id_prev, tmp_id, FILE_ID_HASH_SIZE);
-+	}
- 	DBGPRINTF("getFileID for '%s', file_id_hash '%s'\n", act->name, act->file_id);
- }
- 

SOURCES/rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch

@@ -1,24 +0,0 @@
-From 89ff6436b55cd81c54dcb076490b0c4de98d508d Mon Sep 17 00:00:00 2001
-From: Jiri Vymazal <jvymazal@redhat.com>
-Date: Tue, 9 Jun 2020 12:09:59 +0200
-Subject: [PATCH] Fixing imfile segfaulting on selinux denial
-
-If imfile is denied access to file watched trough symlink there is
-unchecked condition resulting in access to not initialized memory.
----
- plugins/imfile/imfile.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
-index f360bd290b..21d6546552 100644
---- a/plugins/imfile/imfile.c
-+++ b/plugins/imfile/imfile.c
-@@ -732,7 +732,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file,
- 		} else { /* reporting only in debug for dirs as higher lvl paths are likely blocked by selinux */
- 			DBGPRINTF("imfile: error accessing directory '%s'", name);
- 		}
--		FINALIZE;
-+		ABORT_FINALIZE(RS_RET_NO_FILE_ACCESS);
- 	}
- 	DBGPRINTF("add new active object '%s' in '%s'\n", name, edge->path);
- 	CHKmalloc(act = calloc(sizeof(act_obj_t), 1));

SOURCES/rsyslog-8.1911.0-rhbz1944756-large-group.patch

@@ -1,49 +0,0 @@
-diff -up rsyslog-8.1911.0/grammar/rainerscript.c.orig rsyslog-8.1911.0/grammar/rainerscript.c
---- rsyslog-8.1911.0/grammar/rainerscript.c.orig	2021-04-06 13:43:55.366523373 +0200
-+++ rsyslog-8.1911.0/grammar/rainerscript.c	2021-04-06 13:44:40.039239056 +0200
-@@ -905,15 +905,29 @@ static int
- doGetGID(struct nvlst *valnode, struct cnfparamdescr *param,
- 	  struct cnfparamvals *val)
- {
--	char *cstr;
--	int r;
--	struct group *resultBuf;
--	struct group wrkBuf;
--	char stringBuf[2048]; /* 2048 has been proven to be large enough */
-+        char *cstr;
-+        int r;
-+        struct group *resultBuf = NULL;
-+        struct group wrkBuf;
-+        char *stringBuf = NULL;
-+        size_t bufSize = 1024;
-+        int e;
-+
-+        cstr = es_str2cstr(valnode->val.d.estr, NULL);
-+        do {
-+                char *p;
-+
-+                /* Increase bufsize and try again.*/
-+                bufSize *= 2;
-+                p = realloc(stringBuf, bufSize);
-+                if(!p) {
-+                        e = ENOMEM;
-+                        break;
-+                }
-+                stringBuf = p; 
-+                e = getgrnam_r(cstr, &wrkBuf, stringBuf, bufSize, &resultBuf);
-+        } while(!resultBuf && (e == ERANGE));
- 
--	cstr = es_str2cstr(valnode->val.d.estr, NULL);
--	const int e = getgrnam_r(cstr, &wrkBuf, stringBuf,
--		sizeof(stringBuf), &resultBuf);
- 	if(resultBuf == NULL) {
- 		if(e != 0) {
- 			LogError(e, RS_RET_ERR, "parameter '%s': error to "
-@@ -929,6 +943,7 @@ doGetGID(struct nvlst *valnode, struct c
- 		   param->name, (int) resultBuf->gr_gid, cstr);
- 		r = 1;
- 	}
-+	free(stringBuf);
- 	free(cstr);
- 	return r;
- }

SOURCES/rsyslog-8.1911.0-service.patch

@@ -1,21 +0,0 @@
-diff -up ./rsyslog.service.in.service ./rsyslog.service.in
---- ./rsyslog.service.in.service	2018-03-01 13:58:11.480598935 +0100
-+++ ./rsyslog.service.in	2018-03-01 13:58:25.433518607 +0100
-@@ -1,12 +1,16 @@
- [Unit]
- Description=System Logging Service
- Requires=syslog.socket
-+Wants=network.target network-online.target
-+After=network.target network-online.target
- Documentation=man:rsyslogd(8)
- Documentation=https://www.rsyslog.com/doc/
- 
- [Service]
- Type=notify
--ExecStart=@sbindir@/rsyslogd -n -iNONE
-+EnvironmentFile=-/etc/sysconfig/rsyslog
-+ExecStart=@sbindir@/rsyslogd -n $SYSLOGD_OPTIONS
-+UMask=0066
- StandardOutput=null
- Restart=on-failure
- 

SOURCES/rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch

@@ -0,0 +1,14 @@
+diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
+--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig	2021-06-28 09:05:23.283262154 +0200
++++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c	2021-06-28 09:10:05.858381106 +0200
+@@ -424,8 +424,8 @@ readjournal(void)
+ 				severity = cs.iDfltSeverity;
+ 			}
+ 		} else {
+-			LogError(0, RS_RET_ERR, "The value of the 'PRIORITY' field has an "
+-				"unexpected length: %zu\n", length);
++			DBGPRINTF("The value of the 'PRIORITY' field has an "
++				"unexpected length: %zu value: '%s'\n", length, (const char*)get);
+ 		}
+ 	}
+ 

SOURCES/rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch

@@ -0,0 +1,21 @@
+diff -up rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig rsyslog-8.2102.0/plugins/omrelp/omrelp.c
+--- rsyslog-8.2102.0/plugins/omrelp/omrelp.c.orig	2021-06-15 12:46:14.758589030 +0200
++++ rsyslog-8.2102.0/plugins/omrelp/omrelp.c	2021-06-15 12:47:08.130516632 +0200
+@@ -303,7 +303,7 @@ ENDfreeCnf
+ BEGINcreateInstance
+ CODESTARTcreateInstance
+ 	pData->sizeWindow = 0;
+-	pData->timeout = 90;
++	pData->timeout = 5;
+ 	pData->connTimeout = 10;
+ 	pData->rebindInterval = 0;
+ 	pData->bEnableTLS = DFLT_ENABLE_TLS;
+@@ -365,7 +365,7 @@ setInstParamDefaults(instanceData *pData
+ 	pData->target = NULL;
+ 	pData->port = NULL;
+ 	pData->tplName = NULL;
+-	pData->timeout = 90;
++	pData->timeout = 5;
+ 	pData->connTimeout = 10;
+ 	pData->sizeWindow = 0;
+ 	pData->rebindInterval = 0;

SOURCES/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch

@@ -0,0 +1,20 @@
+diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
+--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig	2021-06-15 12:30:35.238832058 +0200
++++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c	2021-06-15 12:32:04.699721356 +0200
+@@ -565,6 +565,8 @@ persistJournalState(void)
+ 		ABORT_FINALIZE(RS_RET_IO_ERROR);
+ 	}
+ 
++	fflush(sf);
++
+ 	/* change the name of the file to the configured one */
+ 	if (rename(tmp_sf, cs.stateFile) < 0) {
+ 		LogError(errno, iRet, "imjournal: rename() failed for new path: '%s'", cs.stateFile);
+@@ -586,6 +588,7 @@ persistJournalState(void)
+ 			LogError(errno, RS_RET_IO_ERROR, "imjournal: fsync on '%s' failed", glbl.GetWorkDir());
+ 			ABORT_FINALIZE(RS_RET_IO_ERROR);
+ 		}
++		closedir(wd);
+ 	}
+ 
+ 	DBGPRINTF("Persisted journal to '%s'\n", cs.stateFile);

SOURCES/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch

@@ -0,0 +1,102 @@
+diff -up rsyslog-8.2102.0/runtime/cfsysline.c.orig rsyslog-8.2102.0/runtime/cfsysline.c
+--- rsyslog-8.2102.0/runtime/cfsysline.c.orig	2021-08-04 07:16:02.663163106 +0200
++++ rsyslog-8.2102.0/runtime/cfsysline.c	2021-08-04 07:18:05.952490008 +0200
+@@ -353,13 +353,8 @@ static rsRetVal doGetGID(uchar **pp, rsR
+ 	assert(*pp != NULL);
+ 
+ 	if(getSubString(pp, (char*) szName, sizeof(szName), ' ')  != 0) {
+-		if(loadConf->globals.abortOnIDResolutionFail) {
+-			fprintf(stderr, "could not extract group name: %s\n", (char*)szName);
+-			exit(1); /* good exit */
+-		} else {
+-			LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
+-			ABORT_FINALIZE(RS_RET_NOT_FOUND);
+-		}
++		LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
++		ABORT_FINALIZE(RS_RET_NOT_FOUND);
+ 	}
+ 
+ 	do {
+@@ -380,10 +375,6 @@ static rsRetVal doGetGID(uchar **pp, rsR
+ 			LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", szName);
+ 		}
+ 		iRet = RS_RET_NOT_FOUND;
+-		if(loadConf->globals.abortOnIDResolutionFail) {
+-			fprintf(stderr, "ID for group '%s' could not be found or error\n", szName);
+-			exit(1); /* good exit */
+-		}
+ 	} else {
+ 		if(pSetHdlr == NULL) {
+ 			/* we should set value directly to var */
+@@ -418,25 +409,15 @@ static rsRetVal doGetUID(uchar **pp, rsR
+ 	assert(*pp != NULL);
+ 
+ 	if(getSubString(pp, (char*) szName, sizeof(szName), ' ')  != 0) {
+-		if(loadConf->globals.abortOnIDResolutionFail) {
+-			fprintf(stderr, "could not extract user name: %s\n", (char*)szName);
+-			exit(1); /* good exit */
+-		} else {
+-			LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
+-			ABORT_FINALIZE(RS_RET_NOT_FOUND);
+-		}
++		LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
++		ABORT_FINALIZE(RS_RET_NOT_FOUND);
+ 	}
+ 
+ 	getpwnam_r((char*)szName, &pwBuf, stringBuf, sizeof(stringBuf), &ppwBuf);
+ 
+ 	if(ppwBuf == NULL) {
+-		if(loadConf->globals.abortOnIDResolutionFail) {
+-			fprintf(stderr, "ID for user '%s' could not be found or error\n", (char*)szName);
+-			exit(1); /* good exit */
+-		} else {
+-			LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
+-			iRet = RS_RET_NOT_FOUND;
+-		}
++		LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
++		iRet = RS_RET_NOT_FOUND;
+ 	} else {
+ 		if(pSetHdlr == NULL) {
+ 			/* we should set value directly to var */
+diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
+--- rsyslog-8.2102.0/runtime/glbl.c.orig	2021-08-04 07:18:19.301633677 +0200
++++ rsyslog-8.2102.0/runtime/glbl.c	2021-08-04 07:19:02.409019106 +0200
+@@ -210,7 +210,6 @@ static struct cnfparamdescr cnfparamdesc
+ 	{ "environment", eCmdHdlrArray, 0 },
+ 	{ "processinternalmessages", eCmdHdlrBinary, 0 },
+ 	{ "umask", eCmdHdlrFileCreateMode, 0 },
+-	{ "security.abortonidresolutionfail", eCmdHdlrBinary, 0 },
+ 	{ "internal.developeronly.options", eCmdHdlrInt, 0 },
+ 	{ "internalmsg.ratelimit.interval", eCmdHdlrPositiveInt, 0 },
+ 	{ "internalmsg.ratelimit.burst", eCmdHdlrPositiveInt, 0 },
+@@ -1443,8 +1442,6 @@ glblDoneLoadCnf(void)
+ 			glblInputTimeoutShutdown = (int) cnfparamvals[i].val.d.n;
+ 		} else if(!strcmp(paramblk.descr[i].name, "privdrop.group.keepsupplemental")) {
+ 			loadConf->globals.gidDropPrivKeepSupplemental = (int) cnfparamvals[i].val.d.n;
+-		} else if(!strcmp(paramblk.descr[i].name, "security.abortonidresolutionfail")) {
+-			loadConf->globals.abortOnIDResolutionFail = (int) cnfparamvals[i].val.d.n;
+ 		} else if(!strcmp(paramblk.descr[i].name, "net.acladdhostnameonfail")) {
+ 			*(net.pACLAddHostnameOnFail) = (int) cnfparamvals[i].val.d.n;
+ 		} else if(!strcmp(paramblk.descr[i].name, "net.aclresolvehostname")) {
+diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
+--- rsyslog-8.2102.0/runtime/rsconf.c.orig	2021-08-04 07:19:13.103104854 +0200
++++ rsyslog-8.2102.0/runtime/rsconf.c	2021-08-04 07:19:44.635357684 +0200
+@@ -156,7 +156,6 @@ static void cnfSetDefaults(rsconf_t *pTh
+ 	pThis->globals.maxErrMsgToStderr = -1;
+ 	pThis->globals.umask = -1;
+ 	pThis->globals.gidDropPrivKeepSupplemental = 0;
+-	pThis->globals.abortOnIDResolutionFail = 1;
+ 	pThis->templates.root = NULL;
+ 	pThis->templates.last = NULL;
+ 	pThis->templates.lastStatic = NULL;
+diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
+--- rsyslog-8.2102.0/runtime/rsconf.h.orig	2021-08-04 07:20:15.848607958 +0200
++++ rsyslog-8.2102.0/runtime/rsconf.h	2021-08-04 07:20:42.782823920 +0200
+@@ -73,7 +73,6 @@ struct globals_s {
+ 	int uidDropPriv;	/* user-id to which priveleges should be dropped to */
+ 	int gidDropPriv;	/* group-id to which priveleges should be dropped to */
+ 	int gidDropPrivKeepSupplemental; /* keep supplemental groups when dropping? */
+-	int abortOnIDResolutionFail;
+ 	int umask;		/* umask to use */
+ 	uchar *pszConfDAGFile;	/* name of config DAG file, non-NULL means generate one */
+ 

SOURCES/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch

@@ -0,0 +1,26 @@
+diff -up rsyslog-8.2102.0/runtime/ratelimit.c.orig rsyslog-8.2102.0/runtime/ratelimit.c
+--- rsyslog-8.2102.0/runtime/ratelimit.c.orig	2021-07-27 10:37:50.972903104 +0200
++++ rsyslog-8.2102.0/runtime/ratelimit.c	2021-07-27 10:38:26.141002988 +0200
+@@ -235,7 +235,6 @@ ratelimitMsg(ratelimit_t *__restrict__ c
+ {
+ 	DEFiRet;
+ 	rsRetVal localRet;
+-	int severity = 0;
+ 
+ 	*ppRepMsg = NULL;
+ 
+@@ -246,13 +245,12 @@ ratelimitMsg(ratelimit_t *__restrict__ c
+ 				DBGPRINTF("Message discarded, parsing error %d\n", localRet);
+ 				ABORT_FINALIZE(RS_RET_DISCARDMSG);
+ 			}
+-			severity = pMsg->iSeverity;
+ 		}
+ 	}
+ 
+ 	/* Only the messages having severity level at or below the
+ 	 * treshold (the value is >=) are subject to ratelimiting. */
+-	if(ratelimit->interval && (severity >= ratelimit->severity)) {
++	if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) {
+ 		char namebuf[512]; /* 256 for FGDN adn 256 for APPNAME should be enough */
+ 		snprintf(namebuf, sizeof namebuf, "%s:%s", getHOSTNAME(pMsg),
+ 			getAPPNAME(pMsg, 0));

SOURCES/rsyslog.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=System Logging Service
+;Requires=syslog.socket
+Wants=network.target network-online.target
+After=network.target network-online.target
+Documentation=man:rsyslogd(8)
+Documentation=https://www.rsyslog.com/doc/
+
+[Service]
+Type=notify
+EnvironmentFile=-/etc/sysconfig/rsyslog
+ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS
+UMask=0066
+StandardOutput=null
+Restart=on-failure
+
+# Increase the default a bit in order to allow many simultaneous
+# files to be monitored, we might need a lot of fds.
+LimitNOFILE=16384
+
+[Install]
+WantedBy=multi-user.target
+;Alias=syslog.service

SPECS/rsyslog.spec

@@ -5,8 +5,8 @@
 
 Summary: Enhanced system logging and kernel message trapping daemon
 Name: rsyslog
-Version: 8.1911.0
+Version: 8.2102.0
-Release: 7%{?dist}.2
+Release: 5%{?dist}
 License: (GPLv3+ and ASL 2.0)
 Group: System Environment/Daemons
 ExcludeArch: i686
@@ -16,7 +16,8 @@ Source1: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.ta
 Source2: rsyslog.conf
 Source3: rsyslog.sysconfig
 Source4: rsyslog.log
-Source5: qpid-proton-0.31.0.tar.gz
+Source5: qpid-proton-0.34.0.tar.gz
+Source6: rsyslog.service
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -33,7 +34,9 @@ BuildRequires: python3-docutils
 # it depens on rhbz#1419228
 BuildRequires: systemd-devel >= 219-39
 BuildRequires: zlib-devel
+BuildRequires: openssl-devel
 
+Requires: openssl-libs
 Requires: logrotate >= 3.5.2
 Requires: bash >= 2.0
 Requires: libestr >= 0.1.9
@@ -44,17 +47,13 @@ Requires(postun): systemd
 Provides: syslog
 Obsoletes: sysklogd < 1.5-11
 
-# tweak the upstream service file to honour configuration from /etc/sysconfig/rsyslog
-Patch0: rsyslog-8.1911.0-service.patch
 # imjournal: adds "journal" when tag/process name is missing
-Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
+Patch0: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
-Patch2: rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch
+Patch1: rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
-Patch3: rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch
+Patch2: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
-Patch4: rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch
+Patch3: rsyslog-8.2102.0-rhbz1866877-unexpected-length.patch
-Patch5: rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch
+Patch4: rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
-Patch6: rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch
+Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
-Patch7: rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch
-Patch8: rsyslog-8.1911.0-rhbz1944756-large-group.patch
 
 %package crypto
 Summary: Encryption support
@@ -73,11 +72,17 @@ Group: System Environment/Daemons
 Requires: %name = %version-%release
 
 %package gnutls
-Summary: TLS protocol support for rsyslog
+Summary: TLS protocol support for rsyslog via GnuTLS library
 Group: System Environment/Daemons
 Requires: %name = %version-%release
 BuildRequires: gnutls-devel
 
+%package openssl
+Summary: TLS protocol support for rsyslog via OpenSSL library
+Group: System Environment/Daemons
+Requires: %name = %version-%release
+BuildRequires: openssl-devel
+
 %package gssapi
 Summary: GSSAPI authentication and encryption support for rsyslog
 Group: System Environment/Daemons
@@ -183,7 +188,14 @@ Elasticsearch.
 %description gnutls
 The rsyslog-gnutls package contains the rsyslog plugins that provide the
 ability to send and receive syslog messages via TCP or RELP using TLS
-encryption. For details refer to rsyslog doc on imtcp and omfwd modules.
+encryption via GnuTLS library. For details refer to rsyslog doc on imtcp
+and omfwd modules.
+
+%description openssl
+The rsyslog-openssl package contains the rsyslog plugins that provide the
+ability to send and receive syslog messages via TCP or RELP using TLS
+encryption via OpenSSL library. For details refer to rsyslog doc on imtcp
+and omfwd modules.
 
 %description gssapi
 The rsyslog-gssapi package contains the rsyslog plugins which support GSSAPI
@@ -256,15 +268,12 @@ mv build doc
 %setup -q -D
 %setup -q -D -T -b 5
 
-%patch0 -p1 -b .service
+%patch0 -p1 -b .default-tag
-%patch1 -p1 -b .default-tag
+%patch1 -p1 -b .fd-leak-on-fsync
-%patch2 -p1 -b .imfile-statefiles
+%patch2 -p1 -b .timeout
-%patch3 -p1 -b .deny-expired-certs
+%patch3 -p1 -b .unexpected-priority-length
-%patch4 -p1 -b .config-enabled-on
+%patch4 -p1 -b .imuxsock-rate-limit
-%patch5 -p1 -b .serialize-json
+%patch5 -p1 -b .abort-on-id-resolution-fail
-%patch6 -p1 -b .imfile-id
-%patch7 -p1 -b .imfile-selinux-symlink
-%patch8 -p1 -b .large-groups
 
 %build
 %ifarch sparc64
@@ -275,7 +284,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
 %endif
 # build the proton first
 (
-	cd %{_builddir}/qpid-proton-0.31.0
+	cd %{_builddir}/qpid-proton-0.34.0
 	mkdir bld
 	cd bld
 
@@ -308,6 +317,7 @@ autoreconf -if
 	--enable-elasticsearch \
 	--enable-generate-man-pages \
 	--enable-gnutls \
+	--enable-openssl \
 	--enable-gssapi-krb5 \
 	--enable-imdiag \
 	--enable-imfile \
@@ -325,7 +335,7 @@ autoreconf -if
 	--enable-mmsnmptrapd \
 	--enable-mmutf8fix \
 	--enable-mysql \
-	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.31.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.31.0/bld/c/include" \
+	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \
 	--enable-omhttp \
 	--enable-omjournal \
 	--enable-omkafka \
@@ -350,6 +360,7 @@ make DESTDIR=%{buildroot} install
 
 install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
 install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
+install -d -m 755 %{buildroot}%{_unitdir}
 install -d -m 755 %{buildroot}%{_sysconfdir}/rsyslog.d
 install -d -m 700 %{buildroot}%{rsyslog_statedir}
 install -d -m 700 %{buildroot}%{rsyslog_pkidir}
@@ -358,6 +369,7 @@ install -d -m 755 %{buildroot}%{rsyslog_docdir}/html
 install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rsyslog.conf
 install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog
 install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/syslog
+install -p -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/rsyslog.service
 install -p -m 644 plugins/ommysql/createDB.sql %{buildroot}%{rsyslog_docdir}/mysql-createDB.sql
 install -p -m 644 plugins/ompgsql/createDB.sql %{buildroot}%{rsyslog_docdir}/pgsql-createDB.sql
 install -p -m 644 contrib/mmkubernetes/*.rulebase %{buildroot}%{rsyslog_docdir}
@@ -365,8 +377,6 @@ install -p -m 644 contrib/mmkubernetes/*.rulebase %{buildroot}%{rsyslog_docdir}
 cp -r doc/* %{buildroot}%{rsyslog_docdir}/html
 # get rid of libtool libraries
 rm -f %{buildroot}%{_libdir}/rsyslog/*.la
-# get rid of socket activation by default
-sed -i '/^Alias/s/^/;/;/^Requires=syslog.socket/s/^/;/' %{buildroot}%{_unitdir}/rsyslog.service
 
 # convert line endings from "\r\n" to "\n"
 cat tools/recover_qi.pl | tr -d '\r' > %{buildroot}%{_bindir}/rsyslog-recover-qi.pl
@@ -457,6 +467,9 @@ done
 %files gnutls
 %{_libdir}/rsyslog/lmnsd_gtls.so
 
+%files openssl
+%{_libdir}/rsyslog/lmnsd_ossl.so
+
 %files kafka
 %{_libdir}/rsyslog/imkafka.so
 %{_libdir}/rsyslog/omkafka.so
@@ -501,9 +514,35 @@ done
 %{_libdir}/rsyslog/omudpspoof.so
 
 %changelog
-* Tue Apr 06 2021 Attila Lakatos <alakatos@redhat.com> - 8.1911.0-7.2
+* Wed Aug 04 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-5
-- added patch resolving theoretically "too large" groups
+- Do not exit when user/group can not be found
-  resolves:rhbz#1944756
+  resolves: rhbz#1984489
+- Remove abortOnIDResolution fail
+
+* Tue Jul 27 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-4
+- Allways use message severity when comparing with ratelimit severity
+  resolves: rhbz#1984616
+
+* Mon Jun 28 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-3
+- Priority field must have valid length
+  resolves: rhbz#1866877
+- Allocate more memory on too large groups
+  resolves: rhbz#1944718
+
+* Tue May 18 2021 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-2
+  RHEL 8.5.0 ERRATUM
+- rebase to 8.2102.0
+  resolves: rhbz#1932795
+- Enable openssl
+  resolves: rhbz#1891458
+- EKU check for client cert on server side
+  resolves: rhbz#1783348
+- Use GNUTLS_SHUT_WR when ending TLS connections
+  resolves: rhbz#1880434
+- Use librelp with openssl enabled
+  resolves: rhbz#1795607
+- Close dir when fsync=on
+  resolves: rhbz#1960536
 
 * Wed Nov 18 2020 Attila Lakatos <alakatos@redhat.com> - 8.1911.0-7
 - add back rsyslog-udpspoof package