Add back CAP_NET_RAW capability due to omudpspoof

resolves: rhbz#2216919
2023-07-28 11:13:28 +02:00 · 2023-07-28 11:13:28 +02:00 · 8c980ea7d2
parent 2f5a1a9930
commit 8c980ea7d2
6 changed files with 240 additions and 93 deletions
--- a/.gitignore
+++ b/.gitignore
@ -81,3 +81,4 @@ rsyslog-4.6.3.tar.gz
 /rsyslog-8.2102.0.tar.gz
 /rsyslog-doc-8.2102.0.tar.gz
 /qpid-proton-0.34.0.tar.gz
+/qpid-proton-0.39.0.tar.gz
--- a/0001-Add-back-CAP_NEW_RAW-capability-due-to-omudpspoof.patch
+++ b/0001-Add-back-CAP_NEW_RAW-capability-due-to-omudpspoof.patch
@ -0,0 +1,217 @@
+From 183c42e488eb15784e26e69daf7041a3cf39d71d Mon Sep 17 00:00:00 2001
+From: alakatos <alakatos@redhat.com>
+Date: Fri, 28 Jul 2023 11:13:28 +0200
+Subject: [PATCH] Add back CAP_NEW_RAW capability due to omudpspoof   resolves:
+ rhbz#2216919
+
+---
+ .gitignore                                    |  1 +
+ openssl3-compatibility.patch                  | 83 -------------------
+ ...og-8.2102.0-libcapng-no-cap-support2.patch | 11 +++
+ rsyslog.spec                                  | 20 +++--
+ sources                                       |  2 +-
+ 5 files changed, 26 insertions(+), 91 deletions(-)
+ delete mode 100644 openssl3-compatibility.patch
+ create mode 100644 rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+
+diff --git a/.gitignore b/.gitignore
+index 6f6bb6c..590f63b 100644
+--- a/.gitignore
+++ b/.gitignore
+@@ -81,3 +81,4 @@ rsyslog-4.6.3.tar.gz
+ /rsyslog-8.2102.0.tar.gz
+ /rsyslog-doc-8.2102.0.tar.gz
+ /qpid-proton-0.34.0.tar.gz
+/qpid-proton-0.39.0.tar.gz
+diff --git a/openssl3-compatibility.patch b/openssl3-compatibility.patch
+deleted file mode 100644
+index c86fe23..0000000
+--- a/openssl3-compatibility.patch
+++ /dev/null
+@@ -1,83 +0,0 @@
+-diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c
+---- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig	2021-06-01 09:29:27.976842727 +0200
+-+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c	2021-06-01 09:31:05.232015887 +0200
+-@@ -353,65 +353,6 @@ static int verify_callback(int preverify
+-   return preverify_ok;
+- }
+- 
+--// This was introduced in v1.1
+--#if OPENSSL_VERSION_NUMBER < 0x10100000
+--int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+--{
+--  dh->p = p;
+--  dh->q = q;
+--  dh->g = g;
+--  return 1;
+--}
+--#endif
+--
+--// this code was generated using the command:
+--// "openssl dhparam -C -2 2048"
+--static DH *get_dh2048(void)
+--{
+--  static const unsigned char dhp_2048[]={
+--    0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81,
+--    0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9,
+--    0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C,
+--    0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E,
+--    0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2,
+--    0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E,
+--    0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44,
+--    0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF,
+--    0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE,
+--    0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB,
+--    0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2,
+--    0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A,
+--    0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF,
+--    0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88,
+--    0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C,
+--    0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C,
+--    0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9,
+--    0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2,
+--    0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0,
+--    0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B,
+--    0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0,
+--    0x23,0x1C,0x09,0x33,
+--  };
+--  static const unsigned char dhg_2048[]={
+--    0x02,
+--  };
+--  DH *dh = DH_new();
+--  BIGNUM *dhp_bn, *dhg_bn;
+--
+--  if (dh == NULL)
+--    return NULL;
+--  dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
+--  dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
+--  if (dhp_bn == NULL || dhg_bn == NULL
+--      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+--    DH_free(dh);
+--    BN_free(dhp_bn);
+--    BN_free(dhg_bn);
+--    return NULL;
+--  }
+--  return dh;
+--}
+--
+- typedef struct {
+-   char *id;
+-   SSL_SESSION *session;
+-@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_
+-   domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
+- # endif
+- 
+--  DH *dh = get_dh2048();
+--  if (dh) {
+--    SSL_CTX_set_tmp_dh(domain->ctx, dh);
+--    DH_free(dh);
+--    SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE);
+--  }
+--
+-   return true;
+- }
+- 
+diff --git a/rsyslog-8.2102.0-libcapng-no-cap-support2.patch b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+new file mode 100644
+index 0000000..91ef39c
+--- /dev/null
+++ b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+@@ -0,0 +1,11 @@
+diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
+--- rsyslog-8.2102.0/tools/rsyslogd.c.orig	2023-07-28 11:11:36.253771848 +0200
++++ rsyslog-8.2102.0/tools/rsyslogd.c	2023-07-28 11:11:57.628795339 +0200
+@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
+ 	capabilities_t capabilities[] = {
+ 		#define CAP_FIELD(code) { code, #code,  0 }
+ 		CAP_FIELD(CAP_BLOCK_SUSPEND),
++		CAP_FIELD(CAP_NET_RAW),
+ 		CAP_FIELD(CAP_CHOWN),
+ 		CAP_FIELD(CAP_IPC_LOCK),
+ 		CAP_FIELD(CAP_LEASE),
+diff --git a/rsyslog.spec b/rsyslog.spec
+index d1d290c..f5b4183 100644
+--- a/rsyslog.spec
+++ b/rsyslog.spec
+@@ -5,7 +5,7 @@
+ Summary: Enhanced system logging and kernel message trapping daemon
+ Name: rsyslog
+ Version: 8.2102.0
+-Release: 116%{?dist}
+Release: 117%{?dist}
+ License: (GPLv3+ and ASL 2.0)
+ URL: http://www.rsyslog.com/
+ Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
+@@ -16,7 +16,7 @@ Source4: rsyslog.log
+ Source5: rsyslog.service
+ # Add qpid-proton as another source, enable omamqp1 module in a
+ # separatae sub-package with it statically linked(see rhbz#1713427)
+-Source6: qpid-proton-0.34.0.tar.gz
+Source6: qpid-proton-0.39.0.tar.gz
+ 
+ Patch0:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
+ Patch1:  rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
+@@ -50,6 +50,7 @@ Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch
+ Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch
+ Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
+ Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
+Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+ 
+ BuildRequires: make
+ BuildRequires: gcc
+@@ -317,10 +318,11 @@ mv build doc
+ %patch29 -p1 -b .es-doc
+ %patch30 -p1
+ %patch31 -p1
+%patch32 -p1
+ 
+-pushd ..
+-%patch9 -p1 -b .openssl-compatibility
+-popd
+# pushd ..
+# %patch9 -p1 -b .openssl-compatibility
+# popd
+ 
+ %build
+ # Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags
+@@ -338,7 +340,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
+ %endif
+ # build the proton first
+ (
+-	cd %{_builddir}/qpid-proton-0.34.0
+	cd %{_builddir}/qpid-proton-0.39.0
+ 	mkdir bld
+ 	cd bld
+ 
+@@ -370,7 +372,7 @@ autoreconf -if
+ 	--prefix=/usr \
+ 	--disable-static \
+ 	--disable-testbench \
+-	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \
+	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.39.0/bld/c/include" \
+ 	--enable-elasticsearch \
+ 	--enable-generate-man-pages \
+ 	--enable-gnutls \
+@@ -582,6 +584,10 @@ done
+ 
+ 
+ %changelog
+* Fri Jul 28 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-117
+- Add back CAP_NEW_RAW capability due to omudpspoof
+  resolves: rhbz#2216919
+
+ * Tue Jun 27 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-116
+ - libcapng: do not try to drop capabilities that are not present
+ - add global libcapng.default to not abort when libcapng fails
+diff --git a/sources b/sources
+index d12920a..0cb5e41 100644
+--- a/sources
+++ b/sources
+@@ -1,3 +1,3 @@
+-SHA512 (qpid-proton-0.34.0.tar.gz) = 0de6c3d11baeee1d69821a0f1879a61b314f14589e02ea7ed0de8814c741217fdcafdd978b4061f73bc75588886299f4ac6808021506545ec8a883f39ad54fb3
+SHA512 (qpid-proton-0.39.0.tar.gz) = 38659682cc86bf0c910e2a707a5b166b3a7d0fb70fd83d6c5ebcaca53b2cd5a478adf36958d2c4c55a2ea6afcb9b457a12006a7967efae6ca2d0663c0febbc58
+ SHA512 (rsyslog-8.2102.0.tar.gz) = 281b0e5d5cb548c39a6e514e5fd5b1bdbe8ca0bdd9234f4fea581ed7679f76d2d75b65d14c3c5e799f86f91600074ff75b467aa1ff27cdbec0f4197261c5aec0
+ SHA512 (rsyslog-doc-8.2102.0.tar.gz) = a5dc4fb9bd8892fac693c5692b926c8d7d9fa36667d6b4c6eccba750713af88d4317f6232efc2a16de38c2e58c4a8bc4d04c9ebb2e7ebc3b0878d53eef20dd2e
+-- 
+2.41.0
+
--- a/openssl3-compatibility.patch
+++ b/openssl3-compatibility.patch
@ -1,83 +0,0 @@
-diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c
--- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig	2021-06-01 09:29:27.976842727 +0200
-+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c	2021-06-01 09:31:05.232015887 +0200
-@@ -353,65 +353,6 @@ static int verify_callback(int preverify
-   return preverify_ok;
- }
- 
-// This was introduced in v1.1
-#if OPENSSL_VERSION_NUMBER < 0x10100000
-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-{
-  dh->p = p;
-  dh->q = q;
-  dh->g = g;
-  return 1;
-}
-#endif
-
-// this code was generated using the command:
-// "openssl dhparam -C -2 2048"
-static DH *get_dh2048(void)
-{
-  static const unsigned char dhp_2048[]={
-    0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81,
-    0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9,
-    0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C,
-    0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E,
-    0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2,
-    0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E,
-    0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44,
-    0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF,
-    0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE,
-    0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB,
-    0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2,
-    0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A,
-    0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF,
-    0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88,
-    0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C,
-    0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C,
-    0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9,
-    0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2,
-    0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0,
-    0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B,
-    0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0,
-    0x23,0x1C,0x09,0x33,
-  };
-  static const unsigned char dhg_2048[]={
-    0x02,
-  };
-  DH *dh = DH_new();
-  BIGNUM *dhp_bn, *dhg_bn;
-
-  if (dh == NULL)
-    return NULL;
-  dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
-  dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
-  if (dhp_bn == NULL || dhg_bn == NULL
-      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
-    DH_free(dh);
-    BN_free(dhp_bn);
-    BN_free(dhg_bn);
-    return NULL;
-  }
-  return dh;
-}
-
- typedef struct {
-   char *id;
-   SSL_SESSION *session;
-@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_
-   domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
- # endif
- 
-  DH *dh = get_dh2048();
-  if (dh) {
-    SSL_CTX_set_tmp_dh(domain->ctx, dh);
-    DH_free(dh);
-    SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE);
-  }
-
-   return true;
- }
- 
--- a/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+++ b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
@ -0,0 +1,11 @@
+diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
+--- rsyslog-8.2102.0/tools/rsyslogd.c.orig	2023-07-28 11:11:36.253771848 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c	2023-07-28 11:11:57.628795339 +0200
+@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
+ 	capabilities_t capabilities[] = {
+ 		#define CAP_FIELD(code) { code, #code,  0 }
+ 		CAP_FIELD(CAP_BLOCK_SUSPEND),
+		CAP_FIELD(CAP_NET_RAW),
+ 		CAP_FIELD(CAP_CHOWN),
+ 		CAP_FIELD(CAP_IPC_LOCK),
+ 		CAP_FIELD(CAP_LEASE),
--- a/rsyslog.spec
+++ b/rsyslog.spec
@ -5,7 +5,7 @@
 Summary: Enhanced system logging and kernel message trapping daemon
 Name: rsyslog
 Version: 8.2102.0
-Release: 116%{?dist}
+Release: 117%{?dist}
 License: (GPLv3+ and ASL 2.0)
 URL: http://www.rsyslog.com/
 Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@ -16,7 +16,7 @@ Source4: rsyslog.log
 Source5: rsyslog.service
 # Add qpid-proton as another source, enable omamqp1 module in a
 # separatae sub-package with it statically linked(see rhbz#1713427)
-Source6: qpid-proton-0.34.0.tar.gz
+Source6: qpid-proton-0.39.0.tar.gz

 Patch0:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
 Patch1:  rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
@ -27,7 +27,6 @@ Patch5:  rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
 Patch6:  rsyslog-8.2102.0-rhbz1938863-covscan.patch
 Patch7:  rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
 Patch8:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch
-Patch9:  openssl3-compatibility.patch
 Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch
 Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch
 Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
@ -50,6 +49,7 @@ Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch
 Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch
 Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
 Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
+Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch

 BuildRequires: make
 BuildRequires: gcc
@ -317,10 +317,7 @@ mv build doc
 %patch29 -p1 -b .es-doc
 %patch30 -p1
 %patch31 -p1
-
-pushd ..
-%patch9 -p1 -b .openssl-compatibility
-popd
+%patch32 -p1

 %build
 # Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags
@ -338,7 +335,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
 %endif
 # build the proton first
 (
-	cd %{_builddir}/qpid-proton-0.34.0
+	cd %{_builddir}/qpid-proton-0.39.0
 	mkdir bld
 	cd bld

@ -370,7 +367,7 @@ autoreconf -if
 	--prefix=/usr \
 	--disable-static \
 	--disable-testbench \
-	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \
+	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.39.0/bld/c/include" \
 	--enable-elasticsearch \
 	--enable-generate-man-pages \
 	--enable-gnutls \
@ -582,6 +579,10 @@ done


 %changelog
+* Fri Jul 28 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-117
+- Add back CAP_NET_RAW capability due to omudpspoof
+  resolves: rhbz#2216919
+
 * Tue Jun 27 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-116
 - libcapng: do not try to drop capabilities that are not present
 - add global libcapng.default to not abort when libcapng fails
--- a/2
+++ b/2
@ -1,3 +1,3 @@
-SHA512 (qpid-proton-0.34.0.tar.gz) = 0de6c3d11baeee1d69821a0f1879a61b314f14589e02ea7ed0de8814c741217fdcafdd978b4061f73bc75588886299f4ac6808021506545ec8a883f39ad54fb3
+SHA512 (qpid-proton-0.39.0.tar.gz) = 38659682cc86bf0c910e2a707a5b166b3a7d0fb70fd83d6c5ebcaca53b2cd5a478adf36958d2c4c55a2ea6afcb9b457a12006a7967efae6ca2d0663c0febbc58
 SHA512 (rsyslog-8.2102.0.tar.gz) = 281b0e5d5cb548c39a6e514e5fd5b1bdbe8ca0bdd9234f4fea581ed7679f76d2d75b65d14c3c5e799f86f91600074ff75b467aa1ff27cdbec0f4197261c5aec0
 SHA512 (rsyslog-doc-8.2102.0.tar.gz) = a5dc4fb9bd8892fac693c5692b926c8d7d9fa36667d6b4c6eccba750713af88d4317f6232efc2a16de38c2e58c4a8bc4d04c9ebb2e7ebc3b0878d53eef20dd2e