diff --git a/.gitignore b/.gitignore
index 590f63b..240a87a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -82,3 +82,5 @@ rsyslog-4.6.3.tar.gz
/rsyslog-doc-8.2102.0.tar.gz
/qpid-proton-0.34.0.tar.gz
/qpid-proton-0.39.0.tar.gz
+/rsyslog-8.2310.0.tar.gz
+/rsyslog-doc-8.2310.0.tar.gz
diff --git a/0001-Add-back-CAP_NEW_RAW-capability-due-to-omudpspoof.patch b/0001-Add-back-CAP_NEW_RAW-capability-due-to-omudpspoof.patch
deleted file mode 100644
index 77b803d..0000000
--- a/0001-Add-back-CAP_NEW_RAW-capability-due-to-omudpspoof.patch
+++ /dev/null
@@ -1,217 +0,0 @@
-From 183c42e488eb15784e26e69daf7041a3cf39d71d Mon Sep 17 00:00:00 2001
-From: alakatos
-Date: Fri, 28 Jul 2023 11:13:28 +0200
-Subject: [PATCH] Add back CAP_NEW_RAW capability due to omudpspoof resolves:
- rhbz#2216919
-
----
- .gitignore | 1 +
- openssl3-compatibility.patch | 83 -------------------
- ...og-8.2102.0-libcapng-no-cap-support2.patch | 11 +++
- rsyslog.spec | 20 +++--
- sources | 2 +-
- 5 files changed, 26 insertions(+), 91 deletions(-)
- delete mode 100644 openssl3-compatibility.patch
- create mode 100644 rsyslog-8.2102.0-libcapng-no-cap-support2.patch
-
-diff --git a/.gitignore b/.gitignore
-index 6f6bb6c..590f63b 100644
---- a/.gitignore
-+++ b/.gitignore
-@@ -81,3 +81,4 @@ rsyslog-4.6.3.tar.gz
- /rsyslog-8.2102.0.tar.gz
- /rsyslog-doc-8.2102.0.tar.gz
- /qpid-proton-0.34.0.tar.gz
-+/qpid-proton-0.39.0.tar.gz
-diff --git a/openssl3-compatibility.patch b/openssl3-compatibility.patch
-deleted file mode 100644
-index c86fe23..0000000
---- a/openssl3-compatibility.patch
-+++ /dev/null
-@@ -1,83 +0,0 @@
--diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c
----- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig 2021-06-01 09:29:27.976842727 +0200
--+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c 2021-06-01 09:31:05.232015887 +0200
--@@ -353,65 +353,6 @@ static int verify_callback(int preverify
-- return preverify_ok;
-- }
--
---// This was introduced in v1.1
---#if OPENSSL_VERSION_NUMBER < 0x10100000
---int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
---{
--- dh->p = p;
--- dh->q = q;
--- dh->g = g;
--- return 1;
---}
---#endif
---
---// this code was generated using the command:
---// "openssl dhparam -C -2 2048"
---static DH *get_dh2048(void)
---{
--- static const unsigned char dhp_2048[]={
--- 0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81,
--- 0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9,
--- 0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C,
--- 0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E,
--- 0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2,
--- 0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E,
--- 0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44,
--- 0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF,
--- 0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE,
--- 0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB,
--- 0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2,
--- 0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A,
--- 0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF,
--- 0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88,
--- 0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C,
--- 0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C,
--- 0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9,
--- 0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2,
--- 0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0,
--- 0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B,
--- 0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0,
--- 0x23,0x1C,0x09,0x33,
--- };
--- static const unsigned char dhg_2048[]={
--- 0x02,
--- };
--- DH *dh = DH_new();
--- BIGNUM *dhp_bn, *dhg_bn;
---
--- if (dh == NULL)
--- return NULL;
--- dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
--- dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
--- if (dhp_bn == NULL || dhg_bn == NULL
--- || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
--- DH_free(dh);
--- BN_free(dhp_bn);
--- BN_free(dhg_bn);
--- return NULL;
--- }
--- return dh;
---}
---
-- typedef struct {
-- char *id;
-- SSL_SESSION *session;
--@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_
-- domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
-- # endif
--
--- DH *dh = get_dh2048();
--- if (dh) {
--- SSL_CTX_set_tmp_dh(domain->ctx, dh);
--- DH_free(dh);
--- SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE);
--- }
---
-- return true;
-- }
--
-diff --git a/rsyslog-8.2102.0-libcapng-no-cap-support2.patch b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
-new file mode 100644
-index 0000000..91ef39c
---- /dev/null
-+++ b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
-@@ -0,0 +1,11 @@
-+diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
-+--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-07-28 11:11:36.253771848 +0200
-++++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-07-28 11:11:57.628795339 +0200
-+@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
-+ capabilities_t capabilities[] = {
-+ #define CAP_FIELD(code) { code, #code, 0 }
-+ CAP_FIELD(CAP_BLOCK_SUSPEND),
-++ CAP_FIELD(CAP_NET_RAW),
-+ CAP_FIELD(CAP_CHOWN),
-+ CAP_FIELD(CAP_IPC_LOCK),
-+ CAP_FIELD(CAP_LEASE),
-diff --git a/rsyslog.spec b/rsyslog.spec
-index d1d290c..f5b4183 100644
---- a/rsyslog.spec
-+++ b/rsyslog.spec
-@@ -5,7 +5,7 @@
- Summary: Enhanced system logging and kernel message trapping daemon
- Name: rsyslog
- Version: 8.2102.0
--Release: 116%{?dist}
-+Release: 117%{?dist}
- License: (GPLv3+ and ASL 2.0)
- URL: http://www.rsyslog.com/
- Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
-@@ -16,7 +16,7 @@ Source4: rsyslog.log
- Source5: rsyslog.service
- # Add qpid-proton as another source, enable omamqp1 module in a
- # separatae sub-package with it statically linked(see rhbz#1713427)
--Source6: qpid-proton-0.34.0.tar.gz
-+Source6: qpid-proton-0.39.0.tar.gz
-
- Patch0: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
- Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
-@@ -50,6 +50,7 @@ Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch
- Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch
- Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
- Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
-+Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch
-
- BuildRequires: make
- BuildRequires: gcc
-@@ -317,10 +318,11 @@ mv build doc
- %patch29 -p1 -b .es-doc
- %patch30 -p1
- %patch31 -p1
-+%patch32 -p1
-
--pushd ..
--%patch9 -p1 -b .openssl-compatibility
--popd
-+# pushd ..
-+# %patch9 -p1 -b .openssl-compatibility
-+# popd
-
- %build
- # Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags
-@@ -338,7 +340,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
- %endif
- # build the proton first
- (
-- cd %{_builddir}/qpid-proton-0.34.0
-+ cd %{_builddir}/qpid-proton-0.39.0
- mkdir bld
- cd bld
-
-@@ -370,7 +372,7 @@ autoreconf -if
- --prefix=/usr \
- --disable-static \
- --disable-testbench \
-- --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \
-+ --enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.39.0/bld/c/include" \
- --enable-elasticsearch \
- --enable-generate-man-pages \
- --enable-gnutls \
-@@ -582,6 +584,10 @@ done
-
-
- %changelog
-+* Fri Jul 28 2023 Attila Lakatos - 8.2102.0-117
-+- Add back CAP_NEW_RAW capability due to omudpspoof
-+ resolves: rhbz#2216919
-+
- * Tue Jun 27 2023 Attila Lakatos - 8.2102.0-116
- - libcapng: do not try to drop capabilities that are not present
- - add global libcapng.default to not abort when libcapng fails
-diff --git a/sources b/sources
-index d12920a..0cb5e41 100644
---- a/sources
-+++ b/sources
-@@ -1,3 +1,3 @@
--SHA512 (qpid-proton-0.34.0.tar.gz) = 0de6c3d11baeee1d69821a0f1879a61b314f14589e02ea7ed0de8814c741217fdcafdd978b4061f73bc75588886299f4ac6808021506545ec8a883f39ad54fb3
-+SHA512 (qpid-proton-0.39.0.tar.gz) = 38659682cc86bf0c910e2a707a5b166b3a7d0fb70fd83d6c5ebcaca53b2cd5a478adf36958d2c4c55a2ea6afcb9b457a12006a7967efae6ca2d0663c0febbc58
- SHA512 (rsyslog-8.2102.0.tar.gz) = 281b0e5d5cb548c39a6e514e5fd5b1bdbe8ca0bdd9234f4fea581ed7679f76d2d75b65d14c3c5e799f86f91600074ff75b467aa1ff27cdbec0f4197261c5aec0
- SHA512 (rsyslog-doc-8.2102.0.tar.gz) = a5dc4fb9bd8892fac693c5692b926c8d7d9fa36667d6b4c6eccba750713af88d4317f6232efc2a16de38c2e58c4a8bc4d04c9ebb2e7ebc3b0878d53eef20dd2e
---
-2.41.0
-
diff --git a/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch b/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch
similarity index 66%
rename from rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
rename to rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch
index e9a188d..2d0d51d 100644
--- a/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
+++ b/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag-v2.patch
@@ -1,7 +1,7 @@
-diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjournal.c
---- ./plugins/imjournal/imjournal.c.default-tag 2018-05-17 08:50:11.416418022 -0400
-+++ ./plugins/imjournal/imjournal.c 2018-05-17 08:53:02.884418022 -0400
-@@ -78,6 +78,7 @@ static struct configSettings_s {
+diff -up rsyslog-8.2310.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2310.0/plugins/imjournal/imjournal.c
+--- rsyslog-8.2310.0/plugins/imjournal/imjournal.c.orig 2023-10-10 16:42:39.771369418 +0200
++++ rsyslog-8.2310.0/plugins/imjournal/imjournal.c 2023-10-10 16:51:39.839133580 +0200
+@@ -87,6 +87,7 @@ static struct configSettings_s {
int bWorkAroundJournalBug; /* deprecated, left for backwards compatibility only */
int bFsync;
int bRemote;
@@ -9,7 +9,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
} cs;
static rsRetVal facilityHdlr(uchar **pp, void *pVal);
-@@ -93,7 +94,8 @@ static struct cnfparamdescr modpdescr[]
+@@ -106,7 +107,8 @@ static struct cnfparamdescr modpdescr[]
{ "usepid", eCmdHdlrString, 0 },
{ "workaroundjournalbug", eCmdHdlrBinary, 0 },
{ "fsync", eCmdHdlrBinary, 0 },
@@ -19,7 +19,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
};
static struct cnfparamblk modpblk =
{ CNFPARAMBLK_VERSION,
-@@ -104,6 +106,7 @@ static struct cnfparamblk modpblk =
+@@ -117,6 +119,7 @@ static struct cnfparamblk modpblk =
#define DFLT_persiststateinterval 10
#define DFLT_SEVERITY pri2sev(LOG_NOTICE)
#define DFLT_FACILITY pri2fac(LOG_USER)
@@ -27,37 +27,27 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
static int bLegacyCnfModGlobalsPermitted = 1;/* are legacy module-global config parameters permitted? */
-@@ -268,7 +271,7 @@ readjournal(void)
-
- /* Information from messages */
- char *message = NULL;
-- char *sys_iden;
-+ char *sys_iden = NULL;
- char *sys_iden_help = NULL;
-
- const void *get;
-@@ -331,7 +334,7 @@ readjournal(void)
- if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
- CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
+@@ -458,7 +461,7 @@ readjournal(void)
+ } else if (journalGetData("_COMM", &get, &length) >= 0) {
+ CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden));
} else {
- CHKmalloc(sys_iden = strdup("journal"));
+ CHKmalloc(sys_iden = strdup(cs.dfltTag));
}
/* trying to get PID, default is "SYSLOG_PID" property */
-@@ -654,6 +657,11 @@ CODESTARTrunInput
- "\"usepidfromsystem\" is depricated, use \"usepid\" instead");
+@@ -826,6 +829,10 @@ CODESTARTrunInput
+ "\"usepidfromsystem\" is deprecated, use \"usepid\" instead");
}
+ if (cs.dfltTag == NULL) {
+ cs.dfltTag = strdup(DFLT_TAG);
+ }
-+
+
if (cs.usePid && (strcmp(cs.usePid, "system") == 0)) {
pidFieldName = "_PID";
bPidFallBack = 0;
-@@ -732,6 +740,7 @@ CODESTARTbeginCnfLoad
+@@ -914,6 +921,7 @@ CODESTARTbeginCnfLoad
cs.bWorkAroundJournalBug = 1;
cs.bFsync = 0;
cs.bRemote = 0;
@@ -65,7 +55,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
ENDbeginCnfLoad
-@@ -754,6 +763,7 @@ BEGINfreeCnf
+@@ -983,6 +991,7 @@ BEGINfreeCnf
CODESTARTfreeCnf
free(cs.stateFile);
free(cs.usePid);
@@ -73,7 +63,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
free(journalContext.cursor);
statsobj.Destruct(&(statsCounter.stats));
ENDfreeCnf
-@@ -832,6 +842,8 @@ CODESTARTsetModCnf
+@@ -1077,6 +1086,8 @@ CODESTARTsetModCnf
cs.bFsync = (int) pvals[i].val.d.n;
} else if (!strcmp(modpblk.descr[i].name, "remote")) {
cs.bRemote = (int) pvals[i].val.d.n;
@@ -82,7 +72,7 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
} else {
dbgprintf("imjournal: program error, non-handled "
"param '%s' in beginCnfLoad\n", modpblk.descr[i].name);
-@@ -799,6 +820,8 @@ CODEmodInit_QueryRegCFSLineHdlr
+@@ -1144,6 +1155,8 @@ CODEmodInit_QueryRegCFSLineHdlr
facilityHdlr, &cs.iDfltFacility, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"imjournalusepidfromsystem", 0, eCmdHdlrBinary,
NULL, &cs.bUseJnlPID, STD_LOADABLE_MODULE_ID));
diff --git a/rsyslog-8.2102.0-capabilities-capnetraw.patch b/rsyslog-8.2102.0-capabilities-capnetraw.patch
deleted file mode 100644
index 0857463..0000000
--- a/rsyslog-8.2102.0-capabilities-capnetraw.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-03-06 09:33:13.969300666 +0100
-+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-03-06 09:33:35.089326502 +0100
-@@ -2164,6 +2164,7 @@ main(int argc, char **argv)
- CAP_SETGID,
- CAP_SETUID,
- CAP_DAC_OVERRIDE,
-+ CAP_NET_RAW,
- CAP_SYS_ADMIN,
- CAP_SYS_CHROOT,
- CAP_SYS_RESOURCE,
diff --git a/rsyslog-8.2102.0-capabilities-drop-credential.patch b/rsyslog-8.2102.0-capabilities-drop-credential.patch
deleted file mode 100644
index 2faf05c..0000000
--- a/rsyslog-8.2102.0-capabilities-drop-credential.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
---- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-02-17 11:52:17.460043970 +0100
-+++ rsyslog-8.2102.0/runtime/rsconf.c 2023-02-17 12:00:49.881602881 +0100
-@@ -33,9 +33,6 @@
- #include
- #include
- #include
--#ifdef ENABLE_LIBCAPNG
-- #include
--#endif
-
- #include "rsyslog.h"
- #include "obj.h"
-@@ -549,7 +546,7 @@ rsRetVal doDropPrivGid(void)
- uchar szBuf[1024];
- DEFiRet;
-
--#ifndef ENABLE_LIBCAPNG
-+
- if(!ourConf->globals.gidDropPrivKeepSupplemental) {
- res = setgroups(0, NULL); /* remove all supplemental group IDs */
- if(res) {
-@@ -567,15 +564,6 @@ rsRetVal doDropPrivGid(void)
- "could not set requested group id: %s via setgid()", szBuf);
- ABORT_FINALIZE(RS_RET_ERR_DROP_PRIV);
- }
--#else
-- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
-- res = capng_change_id(-1, ourConf->globals.gidDropPriv, capng_flags);
-- if (res) {
-- LogError(0, RS_RET_LIBCAPNG_ERR,
-- "could not set requested group id %d via capng_change_id()", ourConf->globals.gidDropPriv);
-- ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR);
-- }
--#endif
-
- DBGPRINTF("setgid(%d): %d\n", ourConf->globals.gidDropPriv, res);
- snprintf((char*)szBuf, sizeof(szBuf), "rsyslogd's groupid changed to %d",
-@@ -613,13 +601,8 @@ static void doDropPrivUid(int iUid)
- iUid, szBuf);
- }
-
--#ifndef ENABLE_LIBCAPNG
-+
- res = setuid(iUid);
-- // res = setuid(cnf->globals.uidDropPriv);
--#else
-- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
-- res = capng_change_id(iUid, -1, capng_flags);
--#endif
-
- if(res) {
- /* if we can not set the userid, this is fatal, so let's unconditionally abort */
-diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-02-17 11:52:00.011011019 +0100
-+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-02-17 11:58:37.322491823 +0100
-@@ -2161,9 +2161,9 @@ main(int argc, char **argv)
- CAP_LEASE,
- CAP_NET_ADMIN,
- CAP_NET_BIND_SERVICE,
-- CAP_PERFMON,
- CAP_SETGID,
- CAP_SETUID,
-+ CAP_DAC_OVERRIDE,
- CAP_SYS_ADMIN,
- CAP_SYS_CHROOT,
- CAP_SYS_RESOURCE,
diff --git a/rsyslog-8.2102.0-libcapng-no-cap-support2.patch b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
deleted file mode 100644
index 91ef39c..0000000
--- a/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
---- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-07-28 11:11:36.253771848 +0200
-+++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-07-28 11:11:57.628795339 +0200
-@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
- capabilities_t capabilities[] = {
- #define CAP_FIELD(code) { code, #code, 0 }
- CAP_FIELD(CAP_BLOCK_SUSPEND),
-+ CAP_FIELD(CAP_NET_RAW),
- CAP_FIELD(CAP_CHOWN),
- CAP_FIELD(CAP_IPC_LOCK),
- CAP_FIELD(CAP_LEASE),
diff --git a/rsyslog-8.2102.0-rhbz1938863-covscan.patch b/rsyslog-8.2102.0-rhbz1938863-covscan.patch
deleted file mode 100644
index 931987a..0000000
--- a/rsyslog-8.2102.0-rhbz1938863-covscan.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-diff -up rsyslog-8.2102.0/contrib/imdocker/imdocker.c.covscan rsyslog-8.2102.0/contrib/imdocker/imdocker.c
---- rsyslog-8.2102.0/contrib/imdocker/imdocker.c.covscan 2021-01-18 11:21:14.000000000 +0100
-+++ rsyslog-8.2102.0/contrib/imdocker/imdocker.c 2021-07-22 14:10:31.877231143 +0200
-@@ -1527,6 +1527,7 @@ process_json(sbool isInit, const char* j
- pInstances->last_container_id,
- (unsigned)pInstances->last_container_created);
- }
-+ // coverity[leaked_storage : FALSE]
- CHKiRet(dockerContLogsInstSetUrlById(isInit, pInst,
- pInstances->curlm, containerId));
- CHKiRet(dockerContLogReqsAdd(pInstances, pInst));
-diff -up rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c.covscan rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c
---- rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c.covscan 2020-10-03 19:06:47.000000000 +0200
-+++ rsyslog-8.2102.0/contrib/omhiredis/omhiredis.c 2021-07-22 14:10:31.877231143 +0200
-@@ -324,7 +324,6 @@ BEGINnewActInst
- struct cnfparamvals *pvals;
- int i;
- int iNumTpls;
-- uchar *keydup = NULL;
- CODESTARTnewActInst
- if((pvals = nvlstGetParams(lst, &actpblk, NULL)) == NULL)
- ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
-@@ -417,14 +416,11 @@ CODESTARTnewActInst
- CHKiRet(OMSRsetEntry(*ppOMSR, 0, (uchar*)pData->tplName, OMSR_NO_RQD_TPL_OPTS));
-
- if (pData->dynaKey) {
-- CHKmalloc(keydup = ustrdup(pData->key));
- CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(pData->key), OMSR_NO_RQD_TPL_OPTS));
-- keydup = NULL; /* handed over */
- }
-
- CODE_STD_FINALIZERnewActInst
- cnfparamvalsDestruct(pvals, &actpblk);
-- free(keydup);
- ENDnewActInst
-
-
-diff -up rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c.covscan rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c
---- rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c.covscan 2021-01-18 11:21:14.000000000 +0100
-+++ rsyslog-8.2102.0/contrib/omrabbitmq/omrabbitmq.c 2021-07-22 14:10:31.877231143 +0200
-@@ -778,6 +778,7 @@ static rsRetVal publishRabbitMQ(wrkrInst
- ABORT_FINALIZE(RS_RET_RABBITMQ_CONN_ERR);
- }
-
-+ // coverity[identical_branches : FALSE]
- if (manage_error(amqp_basic_publish(self->a_conn, 1, exchange, routing_key,
- 0, 0, p_amqp_props, body_bytes), "amqp_basic_publish")) {
- /* error already notified */
-diff -up rsyslog-8.2102.0/grammar/rainerscript.c.covscan rsyslog-8.2102.0/grammar/rainerscript.c
---- rsyslog-8.2102.0/grammar/rainerscript.c.covscan 2021-02-15 12:06:16.000000000 +0100
-+++ rsyslog-8.2102.0/grammar/rainerscript.c 2021-07-22 14:10:31.878231140 +0200
-@@ -2814,7 +2814,7 @@ evalVar(struct cnfvar *__restrict__ cons
- if(bMustBeFreed)
- free(pszProp);
- }
--
-+ // coverity[leaked_storage : FALSE]
- }
-
- /* perform a string comparision operation against a while array. Semantic is
-diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.covscan rsyslog-8.2102.0/plugins/imfile/imfile.c
---- rsyslog-8.2102.0/plugins/imfile/imfile.c.covscan 2021-01-18 11:21:14.000000000 +0100
-+++ rsyslog-8.2102.0/plugins/imfile/imfile.c 2021-07-22 14:10:31.878231140 +0200
-@@ -1278,6 +1278,7 @@ static void ATTR_NONNULL(1)
- getFileID(act_obj_t *const act)
- {
- char tmp_id[FILE_ID_HASH_SIZE];
-+ // coverity[buffer_size_warning : FALSE]
- strncpy(tmp_id, (const char*)act->file_id, FILE_ID_HASH_SIZE);
- act->file_id[0] = '\0';
- assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */
-@@ -1290,6 +1291,7 @@ getFileID(act_obj_t *const act)
- DBGPRINTF("getFileID partial or error read, ret %d\n", r);
- }
- if (strncmp(tmp_id, act->file_id, FILE_ID_HASH_SIZE)) {/* save the old id for cleaning purposes */
-+ // coverity[buffer_size_warning : FALSE]
- strncpy(act->file_id_prev, tmp_id, FILE_ID_HASH_SIZE);
- }
- DBGPRINTF("getFileID for '%s', file_id_hash '%s'\n", act->name, act->file_id);
-@@ -1544,6 +1546,7 @@ openFileWithoutStateFile(act_obj_t *cons
- const int fd = open(act->name, O_RDONLY | O_CLOEXEC);
- if(fd >= 0) {
- act->pStrm->iCurrOffs = lseek64(fd, 0, SEEK_END);
-+ close(fd);
- if(act->pStrm->iCurrOffs < 0) {
- act->pStrm->iCurrOffs = 0;
- LogError(errno, RS_RET_ERR, "imfile: could not query current "
-diff -up rsyslog-8.2102.0/plugins/imptcp/imptcp.c.covscan rsyslog-8.2102.0/plugins/imptcp/imptcp.c
---- rsyslog-8.2102.0/plugins/imptcp/imptcp.c.covscan 2021-01-18 11:21:14.000000000 +0100
-+++ rsyslog-8.2102.0/plugins/imptcp/imptcp.c 2021-07-22 14:10:31.878231140 +0200
-@@ -1920,6 +1920,7 @@ lstnActivity(ptcplstn_t *const pLstn)
- }
-
- finalize_it:
-+ // coverity[leaked_handle : FALSE]
- RETiRet;
- }
-
-diff -up rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c.covscan rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c
---- rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c.covscan 2020-10-03 19:06:47.000000000 +0200
-+++ rsyslog-8.2102.0/plugins/mmjsonparse/mmjsonparse.c 2021-07-22 14:10:31.879231138 +0200
-@@ -394,7 +394,7 @@ CODEmodInit_QueryRegCFSLineHdlr
- ABORT_FINALIZE(RS_RET_NO_MSG_PASSING);
- }
-
--
-+ // coverity[identical_branches : FALSE]
- CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler,
- resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID));
- ENDmodInit
-diff -up rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c.covscan rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c
---- rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c.covscan 2020-10-03 19:06:47.000000000 +0200
-+++ rsyslog-8.2102.0/plugins/omclickhouse/omclickhouse.c 2021-07-22 14:10:31.879231138 +0200
-@@ -368,6 +368,7 @@ writeDataError(wrkrInstanceData_t *const
- }
-
- finalize_it:
-+ // coverity[leaked_storage : FALSE]
- RETiRet;
- }
-
-diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.covscan rsyslog-8.2102.0/runtime/nsd_gtls.c
---- rsyslog-8.2102.0/runtime/nsd_gtls.c.covscan 2021-01-18 11:21:14.000000000 +0100
-+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2021-07-22 14:17:06.183174167 +0200
-@@ -227,7 +227,7 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis)
- pThis->bOurKeyIsInit = 1;
- CHKgnutls(gnutls_x509_privkey_import(pThis->ourKey, &data, GNUTLS_X509_FMT_PEM));
- free(data.data);
--
-+ data.data = NULL;
-
- finalize_it:
- if(iRet == RS_RET_CERTLESS) {
-diff -up rsyslog-8.2102.0/runtime/nsd_ptcp.c.covscan rsyslog-8.2102.0/runtime/nsd_ptcp.c
---- rsyslog-8.2102.0/runtime/nsd_ptcp.c.covscan 2021-02-15 08:20:04.000000000 +0100
-+++ rsyslog-8.2102.0/runtime/nsd_ptcp.c 2021-07-22 14:10:31.879231138 +0200
-@@ -191,6 +191,7 @@ SetTlsVerifyDepth(nsd_t __attribute__((u
- nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
- DEFiRet;
- ISOBJ_TYPE_assert((pThis), nsd_ptcp);
-+ // coverity[identical_branches : FALSE]
- if (verifyDepth == 0) {
- FINALIZE;
- }
-diff -up rsyslog-8.2102.0/tools/rsyslogd.c.covscan rsyslog-8.2102.0/tools/rsyslogd.c
---- rsyslog-8.2102.0/tools/rsyslogd.c.covscan 2021-01-18 11:21:14.000000000 +0100
-+++ rsyslog-8.2102.0/tools/rsyslogd.c 2021-07-22 14:10:31.879231138 +0200
-@@ -293,6 +293,7 @@ writePidFile(void)
- free((void*)tmpPidFile);
- }
- finalize_it:
-+ // coverity[leaked_storage : FALSE]
- RETiRet;
- }
-
-@@ -1026,6 +1027,7 @@ splitOversizeMessage(smsg_t *const pMsg)
- /* if necessary, write partial last segment */
- if(len_last_segment != 0) {
- CHKmalloc(pMsg_seg = MsgDup(pMsg));
-+ // coverity[copy_paste_error : FALSE]
- MsgSetRawMsg(pMsg_seg, rawmsg + (nsegments * maxlen), len_last_segment);
- submitMsg2(pMsg_seg);
- }
diff --git a/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch b/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
deleted file mode 100644
index f95dd5a..0000000
--- a/rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
---- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig 2021-06-15 12:30:35.238832058 +0200
-+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c 2021-06-15 12:32:04.699721356 +0200
-@@ -565,6 +565,8 @@ persistJournalState(void)
- ABORT_FINALIZE(RS_RET_IO_ERROR);
- }
-
-+ fflush(sf);
-+
- /* change the name of the file to the configured one */
- if (rename(tmp_sf, cs.stateFile) < 0) {
- LogError(errno, iRet, "imjournal: rename() failed for new path: '%s'", cs.stateFile);
-@@ -586,6 +588,7 @@ persistJournalState(void)
- LogError(errno, RS_RET_IO_ERROR, "imjournal: fsync on '%s' failed", glbl.GetWorkDir());
- ABORT_FINALIZE(RS_RET_IO_ERROR);
- }
-+ closedir(wd);
- }
-
- DBGPRINTF("Persisted journal to '%s'\n", cs.stateFile);
diff --git a/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch b/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
deleted file mode 100644
index 344eef6..0000000
--- a/rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-diff -up rsyslog-8.2102.0/runtime/cfsysline.c.orig rsyslog-8.2102.0/runtime/cfsysline.c
---- rsyslog-8.2102.0/runtime/cfsysline.c.orig 2021-08-04 07:16:02.663163106 +0200
-+++ rsyslog-8.2102.0/runtime/cfsysline.c 2021-08-04 07:18:05.952490008 +0200
-@@ -353,13 +353,8 @@ static rsRetVal doGetGID(uchar **pp, rsR
- assert(*pp != NULL);
-
- if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
-- if(loadConf->globals.abortOnIDResolutionFail) {
-- fprintf(stderr, "could not extract group name: %s\n", (char*)szName);
-- exit(1); /* good exit */
-- } else {
-- LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
-- ABORT_FINALIZE(RS_RET_NOT_FOUND);
-- }
-+ LogError(0, RS_RET_NOT_FOUND, "could not extract group name");
-+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
- }
-
- do {
-@@ -380,10 +375,6 @@ static rsRetVal doGetGID(uchar **pp, rsR
- LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", szName);
- }
- iRet = RS_RET_NOT_FOUND;
-- if(loadConf->globals.abortOnIDResolutionFail) {
-- fprintf(stderr, "ID for group '%s' could not be found or error\n", szName);
-- exit(1); /* good exit */
-- }
- } else {
- if(pSetHdlr == NULL) {
- /* we should set value directly to var */
-@@ -418,25 +409,15 @@ static rsRetVal doGetUID(uchar **pp, rsR
- assert(*pp != NULL);
-
- if(getSubString(pp, (char*) szName, sizeof(szName), ' ') != 0) {
-- if(loadConf->globals.abortOnIDResolutionFail) {
-- fprintf(stderr, "could not extract user name: %s\n", (char*)szName);
-- exit(1); /* good exit */
-- } else {
-- LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
-- ABORT_FINALIZE(RS_RET_NOT_FOUND);
-- }
-+ LogError(0, RS_RET_NOT_FOUND, "could not extract user name");
-+ ABORT_FINALIZE(RS_RET_NOT_FOUND);
- }
-
- getpwnam_r((char*)szName, &pwBuf, stringBuf, sizeof(stringBuf), &ppwBuf);
-
- if(ppwBuf == NULL) {
-- if(loadConf->globals.abortOnIDResolutionFail) {
-- fprintf(stderr, "ID for user '%s' could not be found or error\n", (char*)szName);
-- exit(1); /* good exit */
-- } else {
-- LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
-- iRet = RS_RET_NOT_FOUND;
-- }
-+ LogError(0, RS_RET_NOT_FOUND, "ID for user '%s' could not be found or error", (char*)szName);
-+ iRet = RS_RET_NOT_FOUND;
- } else {
- if(pSetHdlr == NULL) {
- /* we should set value directly to var */
-diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
---- rsyslog-8.2102.0/runtime/glbl.c.orig 2021-08-04 07:18:19.301633677 +0200
-+++ rsyslog-8.2102.0/runtime/glbl.c 2021-08-04 07:19:02.409019106 +0200
-@@ -210,7 +210,6 @@ static struct cnfparamdescr cnfparamdesc
- { "environment", eCmdHdlrArray, 0 },
- { "processinternalmessages", eCmdHdlrBinary, 0 },
- { "umask", eCmdHdlrFileCreateMode, 0 },
-- { "security.abortonidresolutionfail", eCmdHdlrBinary, 0 },
- { "internal.developeronly.options", eCmdHdlrInt, 0 },
- { "internalmsg.ratelimit.interval", eCmdHdlrPositiveInt, 0 },
- { "internalmsg.ratelimit.burst", eCmdHdlrPositiveInt, 0 },
-@@ -1443,8 +1442,6 @@ glblDoneLoadCnf(void)
- glblInputTimeoutShutdown = (int) cnfparamvals[i].val.d.n;
- } else if(!strcmp(paramblk.descr[i].name, "privdrop.group.keepsupplemental")) {
- loadConf->globals.gidDropPrivKeepSupplemental = (int) cnfparamvals[i].val.d.n;
-- } else if(!strcmp(paramblk.descr[i].name, "security.abortonidresolutionfail")) {
-- loadConf->globals.abortOnIDResolutionFail = (int) cnfparamvals[i].val.d.n;
- } else if(!strcmp(paramblk.descr[i].name, "net.acladdhostnameonfail")) {
- *(net.pACLAddHostnameOnFail) = (int) cnfparamvals[i].val.d.n;
- } else if(!strcmp(paramblk.descr[i].name, "net.aclresolvehostname")) {
-diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
---- rsyslog-8.2102.0/runtime/rsconf.c.orig 2021-08-04 07:19:13.103104854 +0200
-+++ rsyslog-8.2102.0/runtime/rsconf.c 2021-08-04 07:19:44.635357684 +0200
-@@ -156,7 +156,6 @@ static void cnfSetDefaults(rsconf_t *pTh
- pThis->globals.maxErrMsgToStderr = -1;
- pThis->globals.umask = -1;
- pThis->globals.gidDropPrivKeepSupplemental = 0;
-- pThis->globals.abortOnIDResolutionFail = 1;
- pThis->templates.root = NULL;
- pThis->templates.last = NULL;
- pThis->templates.lastStatic = NULL;
-diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
---- rsyslog-8.2102.0/runtime/rsconf.h.orig 2021-08-04 07:20:15.848607958 +0200
-+++ rsyslog-8.2102.0/runtime/rsconf.h 2021-08-04 07:20:42.782823920 +0200
-@@ -73,7 +73,6 @@ struct globals_s {
- int uidDropPriv; /* user-id to which priveleges should be dropped to */
- int gidDropPriv; /* group-id to which priveleges should be dropped to */
- int gidDropPrivKeepSupplemental; /* keep supplemental groups when dropping? */
-- int abortOnIDResolutionFail;
- int umask; /* umask to use */
- uchar *pszConfDAGFile; /* name of config DAG file, non-NULL means generate one */
-
diff --git a/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch b/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
deleted file mode 100644
index 710f48c..0000000
--- a/rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -up rsyslog-8.2102.0/runtime/ratelimit.c.orig rsyslog-8.2102.0/runtime/ratelimit.c
---- rsyslog-8.2102.0/runtime/ratelimit.c.orig 2021-07-27 10:37:50.972903104 +0200
-+++ rsyslog-8.2102.0/runtime/ratelimit.c 2021-07-27 10:38:26.141002988 +0200
-@@ -235,7 +235,6 @@ ratelimitMsg(ratelimit_t *__restrict__ c
- {
- DEFiRet;
- rsRetVal localRet;
-- int severity = 0;
-
- *ppRepMsg = NULL;
-
-@@ -246,13 +245,12 @@ ratelimitMsg(ratelimit_t *__restrict__ c
- DBGPRINTF("Message discarded, parsing error %d\n", localRet);
- ABORT_FINALIZE(RS_RET_DISCARDMSG);
- }
-- severity = pMsg->iSeverity;
- }
- }
-
- /* Only the messages having severity level at or below the
- * treshold (the value is >=) are subject to ratelimiting. */
-- if(ratelimit->interval && (severity >= ratelimit->severity)) {
-+ if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) {
- char namebuf[512]; /* 256 for FGDN adn 256 for APPNAME should be enough */
- snprintf(namebuf, sizeof namebuf, "%s:%s", getHOSTNAME(pMsg),
- getAPPNAME(pMsg, 0));
diff --git a/rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch b/rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
deleted file mode 100644
index 20817c6..0000000
--- a/rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up ./rsyslog-8.2102.0/runtime/nsd_gtls.c.ori ./rsyslog-8.2102.0/runtime/nsd_gtls.c
---- rsyslog-8.2102.0/runtime/nsd_gtls.c.ori 2022-01-17 15:50:08.285827256 +0100
-+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2022-01-17 15:52:33.282594512 +0100
-@@ -1791,6 +1791,7 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew
- pNew->gnutlsPriorityString = pThis->gnutlsPriorityString;
- pNew->DrvrVerifyDepth = pThis->DrvrVerifyDepth;
- pNew->dataTypeCheck = pThis->dataTypeCheck;
-+ pNew->bSANpriority = pThis->bSANpriority;
-
- /* if we reach this point, we are in TLS mode */
- iRet = gtlsInitSession(pNew);
diff --git a/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch b/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
deleted file mode 100644
index 0c3a3a7..0000000
--- a/rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.orig rsyslog-8.2102.0/runtime/nsd_gtls.c
---- rsyslog-8.2102.0/runtime/nsd_gtls.c.orig 2022-04-11 09:26:17.826271989 +0200
-+++ rsyslog-8.2102.0/runtime/nsd_gtls.c 2022-04-11 09:33:28.702012052 +0200
-@@ -556,7 +556,9 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
- DEFiRet;
-
- ISOBJ_TYPE_assert(pThis, nsd_gtls);
-- DBGPRINTF("gtlsRecordRecv: start\n");
-+ DBGPRINTF("gtlsRecordRecv: start (Pending Data: %zd | Wanted Direction: %s)\n",
-+ gnutls_record_check_pending(pThis->sess),
-+ (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ ? "READ" : "WRITE") );
-
- lenRcvd = gnutls_record_recv(pThis->sess, pThis->pszRcvBuf, NSD_GTLS_MAX_RCVBUF);
- if(lenRcvd >= 0) {
-@@ -581,14 +583,30 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
- (NSD_GTLS_MAX_RCVBUF+lenRcvd));
- pThis->lenRcvBuf = NSD_GTLS_MAX_RCVBUF+lenRcvd;
- } else {
-- goto sslerr;
-+ if (lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
-+ goto sslerragain; /* Go to ERR AGAIN handling */
-+ } else {
-+ /* Do all other error handling */
-+ int gnuRet = lenRcvd;
-+ ABORTgnutls;
-+ }
- }
- }
- } else if(lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
--sslerr:
-- pThis->rtryCall = gtlsRtry_recv;
-- dbgprintf("GnuTLS receive requires a retry (this most probably is OK and no error condition)\n");
-- ABORT_FINALIZE(RS_RET_RETRY);
-+sslerragain:
-+ /* Check if the underlaying file descriptor needs to read or write data!*/
-+ if (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ) {
-+ pThis->rtryCall = gtlsRtry_recv;
-+ dbgprintf("GnuTLS receive requires a retry, this most probably is OK and no error condition\n");
-+ ABORT_FINALIZE(RS_RET_RETRY);
-+ } else {
-+ uchar *pErr = gtlsStrerror(lenRcvd);
-+ LogError(0, RS_RET_GNUTLS_ERR, "GnuTLS receive error %zd has wrong read direction(wants write) "
-+ "- this could be caused by a broken connection. GnuTLS reports: %s\n",
-+ lenRcvd, pErr);
-+ free(pErr);
-+ ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
-+ }
- } else {
- int gnuRet = lenRcvd;
- ABORTgnutls;
-@@ -1978,6 +1996,7 @@ static rsRetVal
- Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
- {
- int iSent;
-+ int wantsWriteData = 0;
- nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
- DEFiRet;
- ISOBJ_TYPE_assert(pThis, nsd_gtls);
-@@ -1998,10 +2017,12 @@ Send(nsd_t *pNsd, uchar *pBuf, ssize_t *
- break;
- }
- if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN) {
-+ /* Check if the underlaying file descriptor needs to read or write data!*/
-+ wantsWriteData = gnutls_record_get_direction(pThis->sess);
- uchar *pErr = gtlsStrerror(iSent);
-- LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d - this "
-- "could be caused by a broken connection. GnuTLS reports: %s \n",
-- iSent, pErr);
-+ LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d, wantsWriteData=%d - this "
-+ "could be caused by a broken connection. GnuTLS reports: %s\n",
-+ iSent, wantsWriteData, pErr);
- free(pErr);
- gnutls_perror(iSent);
- ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
-diff -up rsyslog-8.2102.0/runtime/nsd_gtls.h.orig rsyslog-8.2102.0/runtime/nsd_gtls.h
---- rsyslog-8.2102.0/runtime/nsd_gtls.h.orig 2022-04-11 09:26:32.744262781 +0200
-+++ rsyslog-8.2102.0/runtime/nsd_gtls.h 2022-04-11 09:34:29.909982895 +0200
-@@ -33,6 +33,11 @@ typedef enum {
- gtlsRtry_recv = 2
- } gtlsRtryCall_t; /**< IDs of calls that needs to be retried */
-
-+typedef enum {
-+ gtlsDir_READ = 0, /**< GNUTLS wants READ */
-+ gtlsDir_WRITE = 1 /**< GNUTLS wants WRITE */
-+} gtlsDirection_t;
-+
- typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */
-
- /* the nsd_gtls object */
-diff -up rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig rsyslog-8.2102.0/runtime/nsdsel_gtls.c
---- rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig 2022-04-11 09:26:42.529256742 +0200
-+++ rsyslog-8.2102.0/runtime/nsdsel_gtls.c 2022-04-11 09:38:27.425869737 +0200
-@@ -81,6 +81,7 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
-
- ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
- ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls);
-+ DBGPRINTF("Add on nsd %p:\n", pNsdGTLS);
- if(pNsdGTLS->iMode == 1) {
- if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
- ++pThis->iBufferRcvReady;
-@@ -99,6 +100,8 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
- }
- }
-
-+ dbgprintf("nsdsel_gtls: reached end on nsd %p, calling nsdsel_ptcp.Add with waitOp %d... \n", pNsdGTLS, waitOp);
-+
- /* if we reach this point, we need no special handling */
- CHKiRet(nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp));
-
-@@ -120,7 +123,8 @@ Select(nsdsel_t *pNsdsel, int *piNumRead
- if(pThis->iBufferRcvReady > 0) {
- /* we still have data ready! */
- *piNumReady = pThis->iBufferRcvReady;
-- dbgprintf("nsdsel_gtls: doing dummy select, data present\n");
-+ dbgprintf("nsdsel_gtls: doing dummy select for %p->iBufferRcvReady=%d, data present\n",
-+ pThis, pThis->iBufferRcvReady);
- } else {
- iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
- }
-@@ -138,7 +142,7 @@ doRetry(nsd_gtls_t *pNsd)
- DEFiRet;
- int gnuRet;
-
-- dbgprintf("GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
-+ dbgprintf("doRetry: GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
-
- /* We follow a common scheme here: first, we do the systen call and
- * then we check the result. So far, the result is checked after the
-@@ -151,7 +155,7 @@ doRetry(nsd_gtls_t *pNsd)
- case gtlsRtry_handshake:
- gnuRet = gnutls_handshake(pNsd->sess);
- if(gnuRet == GNUTLS_E_AGAIN || gnuRet == GNUTLS_E_INTERRUPTED) {
-- dbgprintf("GnuTLS handshake retry did not finish - "
-+ dbgprintf("doRetry: GnuTLS handshake retry did not finish - "
- "setting to retry (this is OK and can happen)\n");
- FINALIZE;
- } else if(gnuRet == 0) {
-@@ -167,9 +171,20 @@ doRetry(nsd_gtls_t *pNsd)
- }
- break;
- case gtlsRtry_recv:
-- dbgprintf("retrying gtls recv, nsd: %p\n", pNsd);
-- CHKiRet(gtlsRecordRecv(pNsd));
-- pNsd->rtryCall = gtlsRtry_None; /* we are done */
-+ dbgprintf("doRetry: retrying gtls recv, nsd: %p\n", pNsd);
-+ iRet = gtlsRecordRecv(pNsd);
-+ if (iRet == RS_RET_RETRY) {
-+ // Check if there is pending data
-+ size_t stBytesLeft = gnutls_record_check_pending(pNsd->sess);
-+ if (stBytesLeft > 0) {
-+ // We are in retry and more data waiting, finalize it
-+ goto finalize_it;
-+ } else {
-+ dbgprintf("doRetry: gtlsRecordRecv returned RETRY, but there is no pending"
-+ "data on nsd: %p\n", pNsd);
-+ }
-+ }
-+ pNsd->rtryCall = gtlsRtry_None; /* no more data, we are done */
- gnuRet = 0;
- break;
- case gtlsRtry_None:
-@@ -241,7 +256,7 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd,
- * socket. -- rgerhards, 2010-11-20
- */
- if(pThis->iBufferRcvReady) {
-- dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n");
-+ dbgprintf("nsd_gtls: dummy read, %p->buffer not available for this FD\n", pThis);
- *pbIsReady = 0;
- FINALIZE;
- }
-diff -up rsyslog-8.2102.0/runtime/tcpsrv.c.orig rsyslog-8.2102.0/runtime/tcpsrv.c
---- rsyslog-8.2102.0/runtime/tcpsrv.c.orig 2022-04-11 09:27:00.376245726 +0200
-+++ rsyslog-8.2102.0/runtime/tcpsrv.c 2022-04-11 09:41:57.885777708 +0200
-@@ -609,14 +609,15 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
- int oserr = 0;
-
- ISOBJ_TYPE_assert(pThis, tcpsrv);
-- DBGPRINTF("netstream %p with new data\n", (*ppSess)->pStrm);
-+ prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
-+ DBGPRINTF("netstream %p with new data from remote peer %s\n", (*ppSess)->pStrm, pszPeer);
- /* Receive message */
- iRet = pThis->pRcvData(*ppSess, buf, sizeof(buf), &iRcvd, &oserr);
- switch(iRet) {
- case RS_RET_CLOSED:
- if(pThis->bEmitMsgOnClose) {
- errno = 0;
-- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
-+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
- LogError(0, RS_RET_PEER_CLOSED_CONN, "Netstream session %p closed by remote "
- "peer %s.\n", (*ppSess)->pStrm, pszPeer);
- }
-@@ -632,13 +633,13 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
- /* in this case, something went awfully wrong.
- * We are instructed to terminate the session.
- */
-- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
-+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
- LogError(oserr, localRet, "Tearing down TCP Session from %s", pszPeer);
- CHKiRet(closeSess(pThis, ppSess, pPoll));
- }
- break;
- default:
-- prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
-+ // prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
- LogError(oserr, iRet, "netstream session %p from %s will be closed due to error",
- (*ppSess)->pStrm, pszPeer);
- CHKiRet(closeSess(pThis, ppSess, pPoll));
-@@ -838,6 +839,7 @@ RunSelect(tcpsrv_t *pThis, nsd_epworkset
- while(iTCPSess != -1) {
- /* TODO: access to pNsd is NOT really CLEAN, use method... */
- CHKiRet(nssel.Add(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD));
-+ DBGPRINTF("tcpsrv process session %d:\n", iTCPSess);
- /* now get next... */
- iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess);
- }
diff --git a/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch b/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
deleted file mode 100644
index 01a6fc4..0000000
--- a/rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
+++ /dev/null
@@ -1,51 +0,0 @@
---- a/source/configuration/actions.rst 2020-01-13 09:35:54.000000000 +0100
-+++ b/source/configuration/actions.rst 2022-03-09 10:46:23.945881936 +0100
-@@ -90,6 +90,12 @@
- provided to the action in question, the action name as well as
- the rsyslog status code roughly explaining why it failed.
-
-+- **action.errorfile.maxsize** integer
-+
-+ In some cases, error file needs to be limited in size.
-+ This option allows specifying a maximum size, in bytes, for the error file.
-+ When error file reaches that size, no more errors are written to it.
-+
- - **action.execOnlyOnceEveryInterval** integer
-
- Execute action only if the last execute is at last seconds in the
---- a/build/_sources/configuration/actions.rst.txt 2020-01-13 09:35:54.000000000 +0100
-+++ b/build/_sources/configuration/actions.rst.txt 2022-03-09 11:17:44.391213038 +0100
-@@ -90,6 +90,12 @@
- provided to the action in question, the action name as well as
- the rsyslog status code roughly explaining why it failed.
-
-+- **action.errorfile.maxsize** integer
-+
-+ In some cases, error file needs to be limited in size.
-+ This option allows specifying a maximum size, in bytes, for the error file.
-+ When error file reaches that size, no more errors are written to it.
-+
- - **action.execOnlyOnceEveryInterval** integer
-
- Execute action only if the last execute is at last seconds in the
---- a/build/configuration/actions.html 2021-02-15 12:53:30.000000000 +0100
-+++ b/build/configuration/actions.html 2022-03-09 11:27:04.035799702 +0100
-@@ -122,6 +122,11 @@
- provided to the action in question, the action name as well as
- the rsyslog status code roughly explaining why it failed.
-
-+action.errorfile.maxsize integer
-+In some cases, error file needs to be limited in size.
-+This option allows specifying a maximum size, in bytes, for the error file.
-+When error file reaches that size, no more errors are written to it.
-+
- action.execOnlyOnceEveryInterval integer
- Execute action only if the last execute is at last seconds in the
- past (more info in ommail, but may be used with any action)
-@@ -672,4 +677,4 @@
-
-