Add deleteStateOnFileMove imfile module option

resolves: rhbz#2069664
Add inotify_rm_watch() inotify API call when object needs to be destroyed
  resolves: rhbz#2070528
Fix error handling in gtlsRecordRecv, which can cause full CPU usage

rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch

@@ -0,0 +1,47 @@
+diff -up rsyslog-8.2102.0/doc/configuration/modules/imfile.html.state-file-leaking-doc rsyslog-8.2102.0/doc/configuration/modules/imfile.html
+--- rsyslog-8.2102.0/doc/configuration/modules/imfile.html.state-file-leaking-doc	2021-02-15 12:53:31.000000000 +0100
++++ rsyslog-8.2102.0/doc/configuration/modules/imfile.html	2022-03-29 10:35:07.187827004 +0200
+@@ -294,6 +294,28 @@ rsyslog needs write permissions to work
+ also might require SELinux definitions (or similar for other enhanced security
+ systems).</p>
+ </div>
++<div class="section" id="deletestateonfilemove">
++<h4>deleteStateOnFileMove<a class="headerlink" href="#deletestateonfilemove" title="Permalink to this headline">¶</a></h4>
++<table border="1" class="colwidths-auto parameter-table docutils">
++<thead valign="bottom">
++<tr class="row-odd"><th class="head">type</th>
++<th class="head">default</th>
++<th class="head">mandatory</th>
++<th class="head"><code class="docutils literal notranslate"><span class="pre">obsolete</span> <span class="pre">legacy</span></code> directive</th>
++</tr>
++</thead>
++<tbody valign="top">
++<tr class="row-even"><td>binary</td>
++<td>off</td>
++<td>no</td>
++<td>none</td>
++</tr>
++</tbody>
++</table>
++<p>This parameter controls if state files are deleted if their associated main file is rotated via move. Usually, this is a good idea, because otherwise state files are not deleted when log rotation occurs.</p>
++
++<p>However, there is one situation where not deleting associated state file after log rotation makes sense: this is the case if a monitored file is later moved back to the same location as it was before.</p>
++</div>
+ </div>
+ <div class="section" id="input-parameters">
+ <h3>Input Parameters<a class="headerlink" href="#input-parameters" title="Permalink to this headline">¶</a></h3>
+@@ -1214,6 +1236,7 @@ and Others.</p>
+ <li><a class="reference internal" href="#sortfiles">sortFiles</a></li>
+ <li><a class="reference internal" href="#pollinginterval">PollingInterval</a></li>
+ <li><a class="reference internal" href="#statefile-directory">statefile.directory</a></li>
++<li><a class="reference internal" href="#deletestateonfilemove">deleteStateOnFileMove</a></li>
+ </ul>
+ </li>
+ <li><a class="reference internal" href="#input-parameters">Input Parameters</a><ul>
+@@ -1311,4 +1334,4 @@ and Others.</p>
+     <div class="footer" role="contentinfo">
+     </div>
+   </body>
+-</html>
+\ No newline at end of file
++</html>

rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch

@@ -0,0 +1,162 @@
+diff -up rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking rsyslog-8.2102.0/plugins/imfile/imfile.c
+--- rsyslog-8.2102.0/plugins/imfile/imfile.c.state-file-leaking	2021-01-18 11:21:14.000000000 +0100
++++ rsyslog-8.2102.0/plugins/imfile/imfile.c	2022-03-28 12:51:03.572554843 +0200
+@@ -259,6 +259,7 @@ struct modConfData_s {
+ 				   Must be manually reset to 0 if desired. Helper for
+ 				   polling mode.
+ 				 */
++	sbool deleteStateOnFileMove;
+ };
+ static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
+ static modConfData_t *runModConf = NULL;/* modConf ptr to use for run process */
+@@ -305,7 +306,8 @@ static struct cnfparamdescr modpdescr[]
+ 	{ "sortfiles", eCmdHdlrBinary, 0 },
+ 	{ "statefile.directory", eCmdHdlrString, 0 },
+ 	{ "normalizepath", eCmdHdlrBinary, 0 },
+-	{ "mode", eCmdHdlrGetWord, 0 }
++	{ "mode", eCmdHdlrGetWord, 0 },
++	{ "deletestateonfilemove", eCmdHdlrBinary, 0 }
+ };
+ static struct cnfparamblk modpblk =
+ 	{ CNFPARAMBLK_VERSION,
+@@ -545,11 +547,20 @@ static int
+ in_setupWatch(act_obj_t *const act, const int is_file)
+ {
+ 	int wd = -1;
++	int flags;
+ 	if(runModConf->opMode != OPMODE_INOTIFY)
+ 		goto done;
+ 
+-	wd = inotify_add_watch(ino_fd, act->name,
+-		(is_file) ? IN_MODIFY|IN_DONT_FOLLOW : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO);
++	// wd = inotify_add_watch(ino_fd, act->name,
++	// 	(is_file) ? IN_MODIFY|IN_DONT_FOLLOW : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO);
++	if(is_file)
++		flags = IN_MODIFY|IN_DONT_FOLLOW;
++	else if(runModConf->deleteStateOnFileMove)
++		flags = IN_CREATE|IN_DELETE|IN_MOVED_TO;
++	else
++		flags = IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO;
++	wd = inotify_add_watch(ino_fd, act->name, flags);
++
+ 	if(wd < 0) {
+ 		if (errno == EACCES) { /* There is high probability of selinux denial on top-level paths */
+ 			DBGPRINTF("imfile: permission denied when adding watch for '%s'\n", act->name);
+@@ -713,7 +724,7 @@ act_obj_add(fs_edge_t *const edge, const
+ 	char basename[MAXFNAME];
+ 	DEFiRet;
+ 	int fd = -1;
+-	
++
+ 	DBGPRINTF("act_obj_add: edge %p, name '%s' (source '%s')\n", edge, name, source? source : "---");
+ 	for(act = edge->active ; act != NULL ; act = act->next) {
+ 		if(!strcmp(act->name, name)) {
+@@ -977,9 +988,18 @@ act_obj_destroy(act_obj_t *const act, co
+ 	if(act == NULL)
+ 		return;
+ 
+-	DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
+-		act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted,
+-		act->in_move);
++	// DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
++	// 	act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted,
++	// 	act->in_move);
++	if (runModConf->deleteStateOnFileMove) {
++		DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d\n",
++			act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted);
++	} else {
++		DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
++			act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm,
++			is_deleted, act->in_move);
++	}
++
+ 	if(act->is_symlink && is_deleted) {
+ 		act_obj_t *target_act;
+ 		for(target_act = act->edge->active ; target_act != NULL ; target_act = target_act->next) {
+@@ -996,13 +1016,15 @@ act_obj_destroy(act_obj_t *const act, co
+ 		pollFile(act); /* get any left-over data */
+ 		if(inst->bRMStateOnDel) {
+ 			statefn = getStateFileName(act, statefile, sizeof(statefile));
+-			getFullStateFileName(statefn, "", toDel, sizeof(toDel)); // TODO: check!
++			// getFullStateFileName(statefn, "", toDel, sizeof(toDel)); // TODO: check!
++			getFullStateFileName(statefn, act->file_id, toDel, sizeof(toDel)); // TODO: check!
+ 			statefn = toDel;
+ 		}
+ 		persistStrmState(act);
+ 		strm.Destruct(&act->pStrm);
+ 		/* we delete state file after destruct in case strm obj initiated a write */
+-		if(is_deleted && !act->in_move && inst->bRMStateOnDel) {
++		// if(is_deleted && !act->in_move && inst->bRMStateOnDel) {
++		if(is_deleted && inst->bRMStateOnDel && (runModConf->deleteStateOnFileMove || !act->in_move)) {
+ 			DBGPRINTF("act_obj_destroy: deleting state file %s\n", statefn);
+ 			unlink((char*)statefn);
+ 		}
+@@ -1012,6 +1034,7 @@ act_obj_destroy(act_obj_t *const act, co
+ 	}
+ 	#ifdef HAVE_INOTIFY_INIT
+ 	if(act->wd != -1) {
++		inotify_rm_watch(ino_fd, act->wd);
+ 		wdmapDel(act->wd);
+ 	}
+ 	#endif
+@@ -2026,6 +2049,7 @@ CODESTARTbeginCnfLoad
+ 	loadModConf->timeoutGranularity = 1000; /* default: 1 second */
+ 	loadModConf->haveReadTimeouts = 0; /* default: no timeout */
+ 	loadModConf->normalizePath = 1;
++	loadModConf->deleteStateOnFileMove = 0;
+ 	loadModConf->sortFiles = GLOB_NOSORT;
+ 	loadModConf->stateFileDirectory = NULL;
+ 	loadModConf->conf_tree = calloc(sizeof(fs_node_t), 1);
+@@ -2085,6 +2109,8 @@ CODESTARTsetModCnf
+ 			loadModConf->stateFileDirectory = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ 		} else if(!strcmp(modpblk.descr[i].name, "normalizepath")) {
+ 			loadModConf->normalizePath = (sbool) pvals[i].val.d.n;
++		} else if(!strcmp(modpblk.descr[i].name, "deletestateonfilemove")) {
++			loadModConf->deleteStateOnFileMove = (sbool) pvals[i].val.d.n;
+ 		} else if(!strcmp(modpblk.descr[i].name, "mode")) {
+ 			if(!es_strconstcmp(pvals[i].val.d.estr, "polling"))
+ 				loadModConf->opMode = OPMODE_POLLING;
+@@ -2388,16 +2414,35 @@ in_processEvent(struct inotify_event *ev
+ 	DBGPRINTF("in_processEvent process Event %x is_file %d, act->name '%s'\n",
+ 		ev->mask, etry->act->edge->is_file, etry->act->name);
+ 
+-	if((ev->mask & IN_MOVED_FROM)) {
+-		flag_in_move(etry->act->edge->node->edges, ev->name);
+-	}
+-	if(ev->mask & (IN_MOVED_FROM | IN_MOVED_TO))  {
+-		fs_node_walk(etry->act->edge->node, poll_tree);
+-	} else if(etry->act->edge->is_file && !(etry->act->is_symlink)) {
+-		in_handleFileEvent(ev, etry); // esentially poll_file()!
++	// if((ev->mask & IN_MOVED_FROM)) {
++	// 	flag_in_move(etry->act->edge->node->edges, ev->name);
++	// }
++	// if(ev->mask & (IN_MOVED_FROM | IN_MOVED_TO))  {
++	// 	fs_node_walk(etry->act->edge->node, poll_tree);
++	// } else if(etry->act->edge->is_file && !(etry->act->is_symlink)) {
++	// 	in_handleFileEvent(ev, etry); // esentially poll_file()!
++	// } else {
++	// 	fs_node_walk(etry->act->edge->node, poll_tree);
++	// }
++	if(!runModConf->deleteStateOnFileMove) {
++		if((ev->mask & IN_MOVED_FROM)) {
++			flag_in_move(etry->act->edge->node->edges, ev->name);
++		}
++		if(ev->mask & (IN_MOVED_FROM | IN_MOVED_TO))  {
++			fs_node_walk(etry->act->edge->node, poll_tree);
++		} else if(etry->act->edge->is_file && !(etry->act->is_symlink)) {
++			in_handleFileEvent(ev, etry); // esentially poll_file()!
++		} else {
++			fs_node_walk(etry->act->edge->node, poll_tree);
++		}
+ 	} else {
+-		fs_node_walk(etry->act->edge->node, poll_tree);
++		if((ev->mask & IN_MODIFY) && etry->act->edge->is_file && !(etry->act->is_symlink)) {
++			in_handleFileEvent(ev, etry); // esentially poll_file()!
++		} else {
++			fs_node_walk(etry->act->edge->node, poll_tree);
++		}
+ 	}
++
+ done:	return;
+ }
+ 

rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch

@@ -0,0 +1,215 @@
+diff -up rsyslog-8.2102.0/runtime/nsd_gtls.c.orig rsyslog-8.2102.0/runtime/nsd_gtls.c
+--- rsyslog-8.2102.0/runtime/nsd_gtls.c.orig	2022-04-11 09:26:17.826271989 +0200
++++ rsyslog-8.2102.0/runtime/nsd_gtls.c	2022-04-11 09:33:28.702012052 +0200
+@@ -556,7 +556,9 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
+ 	DEFiRet;
+ 
+ 	ISOBJ_TYPE_assert(pThis, nsd_gtls);
+-	DBGPRINTF("gtlsRecordRecv: start\n");
++	DBGPRINTF("gtlsRecordRecv: start (Pending Data: %zd | Wanted Direction: %s)\n",
++		gnutls_record_check_pending(pThis->sess),
++		(gnutls_record_get_direction(pThis->sess) == gtlsDir_READ ? "READ" : "WRITE") );
+ 
+ 	lenRcvd = gnutls_record_recv(pThis->sess, pThis->pszRcvBuf, NSD_GTLS_MAX_RCVBUF);
+ 	if(lenRcvd >= 0) {
+@@ -581,14 +583,30 @@ gtlsRecordRecv(nsd_gtls_t *pThis)
+ 					(NSD_GTLS_MAX_RCVBUF+lenRcvd));
+ 				pThis->lenRcvBuf = NSD_GTLS_MAX_RCVBUF+lenRcvd;
+ 			} else {
+-				goto sslerr;
++				if (lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
++					goto sslerragain;	/* Go to ERR AGAIN handling */
++				} else {
++					/* Do all other error handling */
++					int gnuRet = lenRcvd;
++					ABORTgnutls;
++				}
+ 			}
+ 		}
+ 	} else if(lenRcvd == GNUTLS_E_AGAIN || lenRcvd == GNUTLS_E_INTERRUPTED) {
+-sslerr:
+-		pThis->rtryCall = gtlsRtry_recv;
+-		dbgprintf("GnuTLS receive requires a retry (this most probably is OK and no error condition)\n");
+-		ABORT_FINALIZE(RS_RET_RETRY);
++sslerragain:
++		/* Check if the underlaying file descriptor needs to read or write data!*/
++		if (gnutls_record_get_direction(pThis->sess) == gtlsDir_READ) {
++			pThis->rtryCall = gtlsRtry_recv;
++			dbgprintf("GnuTLS receive requires a retry, this most probably is OK and no error condition\n");
++			ABORT_FINALIZE(RS_RET_RETRY);
++		} else {
++			uchar *pErr = gtlsStrerror(lenRcvd);
++			LogError(0, RS_RET_GNUTLS_ERR, "GnuTLS receive error %zd has wrong read direction(wants write) "
++				"- this could be caused by a broken connection. GnuTLS reports: %s\n",
++				lenRcvd, pErr);
++			free(pErr);
++			ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
++		}
+ 	} else {
+ 		int gnuRet = lenRcvd;
+ 		ABORTgnutls;
+@@ -1978,6 +1996,7 @@ static rsRetVal
+ Send(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
+ {
+ 	int iSent;
++	int wantsWriteData = 0;
+ 	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+ 	DEFiRet;
+ 	ISOBJ_TYPE_assert(pThis, nsd_gtls);
+@@ -1998,10 +2017,12 @@ Send(nsd_t *pNsd, uchar *pBuf, ssize_t *
+ 			break;
+ 		}
+ 		if(iSent != GNUTLS_E_INTERRUPTED && iSent != GNUTLS_E_AGAIN) {
++			/* Check if the underlaying file descriptor needs to read or write data!*/
++			wantsWriteData = gnutls_record_get_direction(pThis->sess);
+ 			uchar *pErr = gtlsStrerror(iSent);
+-			LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d - this "
+-				"could be caused by a broken connection. GnuTLS reports: %s \n",
+-				iSent, pErr);
++			LogError(0, RS_RET_GNUTLS_ERR, "unexpected GnuTLS error %d, wantsWriteData=%d - this "
++				"could be caused by a broken connection. GnuTLS reports: %s\n",
++				iSent, wantsWriteData, pErr);
+ 			free(pErr);
+ 			gnutls_perror(iSent);
+ 			ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
+diff -up rsyslog-8.2102.0/runtime/nsd_gtls.h.orig rsyslog-8.2102.0/runtime/nsd_gtls.h
+--- rsyslog-8.2102.0/runtime/nsd_gtls.h.orig	2022-04-11 09:26:32.744262781 +0200
++++ rsyslog-8.2102.0/runtime/nsd_gtls.h	2022-04-11 09:34:29.909982895 +0200
+@@ -33,6 +33,11 @@ typedef enum {
+ 	gtlsRtry_recv = 2
+ } gtlsRtryCall_t;		/**< IDs of calls that needs to be retried */
+ 
++typedef enum {
++	gtlsDir_READ = 0,	/**< GNUTLS wants READ */
++	gtlsDir_WRITE = 1	/**< GNUTLS wants WRITE */
++} gtlsDirection_t;
++
+ typedef nsd_if_t nsd_gtls_if_t; /* we just *implement* this interface */
+ 
+ /* the nsd_gtls object */
+diff -up rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig rsyslog-8.2102.0/runtime/nsdsel_gtls.c
+--- rsyslog-8.2102.0/runtime/nsdsel_gtls.c.orig	2022-04-11 09:26:42.529256742 +0200
++++ rsyslog-8.2102.0/runtime/nsdsel_gtls.c	2022-04-11 09:38:27.425869737 +0200
+@@ -81,6 +81,7 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
+ 
+ 	ISOBJ_TYPE_assert(pThis, nsdsel_gtls);
+ 	ISOBJ_TYPE_assert(pNsdGTLS, nsd_gtls);
++	DBGPRINTF("Add on nsd %p:\n", pNsdGTLS);
+ 	if(pNsdGTLS->iMode == 1) {
+ 		if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
+ 			++pThis->iBufferRcvReady;
+@@ -99,6 +100,8 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsds
+ 		}
+ 	}
+ 
++	dbgprintf("nsdsel_gtls: reached end on nsd %p, calling nsdsel_ptcp.Add with waitOp %d... \n", pNsdGTLS, waitOp);
++
+ 	/* if we reach this point, we need no special handling */
+ 	CHKiRet(nsdsel_ptcp.Add(pThis->pTcp, pNsdGTLS->pTcp, waitOp));
+ 
+@@ -120,7 +123,8 @@ Select(nsdsel_t *pNsdsel, int *piNumRead
+ 	if(pThis->iBufferRcvReady > 0) {
+ 		/* we still have data ready! */
+ 		*piNumReady = pThis->iBufferRcvReady;
+-		dbgprintf("nsdsel_gtls: doing dummy select, data present\n");
++		dbgprintf("nsdsel_gtls: doing dummy select for %p->iBufferRcvReady=%d, data present\n",
++			pThis, pThis->iBufferRcvReady);
+ 	} else {
+ 		iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
+ 	}
+@@ -138,7 +142,7 @@ doRetry(nsd_gtls_t *pNsd)
+ 	DEFiRet;
+ 	int gnuRet;
+ 
+-	dbgprintf("GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
++	dbgprintf("doRetry: GnuTLS requested retry of %d operation - executing\n", pNsd->rtryCall);
+ 
+ 	/* We follow a common scheme here: first, we do the systen call and
+ 	 * then we check the result. So far, the result is checked after the
+@@ -151,7 +155,7 @@ doRetry(nsd_gtls_t *pNsd)
+ 		case gtlsRtry_handshake:
+ 			gnuRet = gnutls_handshake(pNsd->sess);
+ 			if(gnuRet == GNUTLS_E_AGAIN || gnuRet == GNUTLS_E_INTERRUPTED) {
+-				dbgprintf("GnuTLS handshake retry did not finish - "
++				dbgprintf("doRetry: GnuTLS handshake retry did not finish - "
+ 					"setting to retry (this is OK and can happen)\n");
+ 				FINALIZE;
+ 			} else if(gnuRet == 0) {
+@@ -167,9 +171,20 @@ doRetry(nsd_gtls_t *pNsd)
+ 			}
+ 			break;
+ 		case gtlsRtry_recv:
+-			dbgprintf("retrying gtls recv, nsd: %p\n", pNsd);
+-			CHKiRet(gtlsRecordRecv(pNsd));
+-			pNsd->rtryCall = gtlsRtry_None; /* we are done */
++			dbgprintf("doRetry: retrying gtls recv, nsd: %p\n", pNsd);
++			iRet = gtlsRecordRecv(pNsd);
++			if (iRet == RS_RET_RETRY) {
++				// Check if there is pending data
++				size_t stBytesLeft = gnutls_record_check_pending(pNsd->sess);
++				if (stBytesLeft > 0) {
++					// We are in retry and more data waiting, finalize it
++					goto finalize_it;
++				} else {
++					dbgprintf("doRetry: gtlsRecordRecv returned RETRY, but there is no pending"
++						"data on nsd: %p\n", pNsd);
++				}
++			}
++			pNsd->rtryCall = gtlsRtry_None; /* no more data, we are done */
+ 			gnuRet = 0;
+ 			break;
+ 		case gtlsRtry_None:
+@@ -241,7 +256,7 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd,
+ 		 * socket. -- rgerhards, 2010-11-20
+ 		 */
+ 		if(pThis->iBufferRcvReady) {
+-			dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n");
++			dbgprintf("nsd_gtls: dummy read, %p->buffer not available for this FD\n", pThis);
+ 			*pbIsReady = 0;
+ 			FINALIZE;
+ 		}
+diff -up rsyslog-8.2102.0/runtime/tcpsrv.c.orig rsyslog-8.2102.0/runtime/tcpsrv.c
+--- rsyslog-8.2102.0/runtime/tcpsrv.c.orig	2022-04-11 09:27:00.376245726 +0200
++++ rsyslog-8.2102.0/runtime/tcpsrv.c	2022-04-11 09:41:57.885777708 +0200
+@@ -609,14 +609,15 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
+ 	int oserr = 0;
+ 
+ 	ISOBJ_TYPE_assert(pThis, tcpsrv);
+-	DBGPRINTF("netstream %p with new data\n", (*ppSess)->pStrm);
++	prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
++	DBGPRINTF("netstream %p with new data from remote peer %s\n", (*ppSess)->pStrm, pszPeer);
+ 	/* Receive message */
+ 	iRet = pThis->pRcvData(*ppSess, buf, sizeof(buf), &iRcvd, &oserr);
+ 	switch(iRet) {
+ 	case RS_RET_CLOSED:
+ 		if(pThis->bEmitMsgOnClose) {
+ 			errno = 0;
+-			prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
++			// prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ 			LogError(0, RS_RET_PEER_CLOSED_CONN, "Netstream session %p closed by remote "
+ 				"peer %s.\n", (*ppSess)->pStrm, pszPeer);
+ 		}
+@@ -632,13 +633,13 @@ doReceive(tcpsrv_t *pThis, tcps_sess_t *
+ 			/* in this case, something went awfully wrong.
+ 			 * We are instructed to terminate the session.
+ 			 */
+-			prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
++			// prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ 			LogError(oserr, localRet, "Tearing down TCP Session from %s", pszPeer);
+ 			CHKiRet(closeSess(pThis, ppSess, pPoll));
+ 		}
+ 		break;
+ 	default:
+-		prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
++		// prop.GetString((*ppSess)->fromHostIP, &pszPeer, &lenPeer);
+ 		LogError(oserr, iRet, "netstream session %p from %s will be closed due to error",
+ 				(*ppSess)->pStrm, pszPeer);
+ 		CHKiRet(closeSess(pThis, ppSess, pPoll));
+@@ -838,6 +839,7 @@ RunSelect(tcpsrv_t *pThis, nsd_epworkset
+ 		while(iTCPSess != -1) {
+ 			/* TODO: access to pNsd is NOT really CLEAN, use method... */
+ 			CHKiRet(nssel.Add(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD));
++			DBGPRINTF("tcpsrv process session %d:\n", iTCPSess);
+ 			/* now get next... */
+ 			iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess);
+ 		}

rsyslog.spec

@@ -5,7 +5,7 @@
 Summary: Enhanced system logging and kernel message trapping daemon
 Name: rsyslog
 Version: 8.2102.0
-Release: 102%{?dist}
+Release: 103%{?dist}
 License: (GPLv3+ and ASL 2.0)
 URL: http://www.rsyslog.com/
 Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@@ -18,16 +18,19 @@ Source5: rsyslog.service
 # separatae sub-package with it statically linked(see rhbz#1713427)
 Source6: qpid-proton-0.34.0.tar.gz
 
-Patch0: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
+Patch0:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
-Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
+Patch1:  rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
-Patch2: rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
+Patch2:  rsyslog-8.2102.0-rhbz1960536-fdleak-on-fsync.patch
-Patch3: rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
+Patch3:  rsyslog-8.2102.0-rhbz1886400-reduce-default-timeout.patch
-Patch4: rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
+Patch4:  rsyslog-8.2102.0-rhbz1984616-imuxsock-ratelimit.patch
-Patch5: rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
+Patch5:  rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
-Patch6: rsyslog-8.2102.0-rhbz1938863-covscan.patch
+Patch6:  rsyslog-8.2102.0-rhbz1938863-covscan.patch
-Patch7: rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
+Patch7:  rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
-Patch8: rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch
+Patch8:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch
-Patch9: openssl3-compatibility.patch
+Patch9:  openssl3-compatibility.patch
+Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch
+Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch
+Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
 
 BuildRequires: make
 BuildRequires: gcc
@@ -261,14 +264,17 @@ mv build doc
 # Unpack qpid-proton for rhel
 %setup -q -D -T -b 6
 
-%patch1 -p1 -b .default-tag
+%patch1  -p1 -b .default-tag
-%patch2 -p1 -b .fd-leak-on-fsync
+%patch2  -p1 -b .fd-leak-on-fsync
-%patch3 -p1 -b .timeout
+%patch3  -p1 -b .timeout
-%patch4 -p1 -b .imuxsock-rate-limit
+%patch4  -p1 -b .imuxsock-rate-limit
-%patch5 -p1 -b .abort-on-id-resolution-fail
+%patch5  -p1 -b .abort-on-id-resolution-fail
-%patch6 -p1 -b .covscan
+%patch6  -p1 -b .covscan
-%patch7 -p1 -b .prioritize-SAN
+%patch7  -p1 -b .prioritize-SAN
-%patch8 -p1 -b .errfile-maxsize
+%patch8  -p1 -b .errfile-maxsize
+%patch10 -p1 -b .statefile-fix
+%patch11 -p1 -b .statefile-doc
+%patch12 -p1 -b .gnutls-broken-connection
 
 pushd ..
 %patch9 -p1 -b .openssl-compatibility
@@ -533,6 +539,13 @@ done
 
 
 %changelog
+* Tue Apr 05 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-103
+Add deleteStateOnFileMove imfile module option
+  resolves: rhbz#2069664
+Add inotify_rm_watch() inotify API call when object needs to be destroyed
+  resolves: rhbz#2070528
+Fix error handling in gtlsRecordRecv, which can cause full CPU usage
+
 * Fri Mar 11 2022 Sergio Arroutbi <sarroutb@redhat.com> - 8.2102.0-102
 - Add action.errorfile.maxsize parameter
   resolves: rhbz#2064318