From 8c980ea7d23c313a22d6444e3e13db08ec2d33cb Mon Sep 17 00:00:00 2001
From: alakatos <alakatos@redhat.com>
Date: Fri, 28 Jul 2023 11:13:28 +0200
Subject: [PATCH] Add back CAP_NET_RAW capability due to omudpspoof   resolves:
 rhbz#2216919

---
 .gitignore                                    |   1 +
 ...NEW_RAW-capability-due-to-omudpspoof.patch | 217 ++++++++++++++++++
 openssl3-compatibility.patch                  |  83 -------
 ...og-8.2102.0-libcapng-no-cap-support2.patch |  11 +
 rsyslog.spec                                  |  19 +-
 sources                                       |   2 +-
 6 files changed, 240 insertions(+), 93 deletions(-)
 create mode 100644 0001-Add-back-CAP_NEW_RAW-capability-due-to-omudpspoof.patch
 delete mode 100644 openssl3-compatibility.patch
 create mode 100644 rsyslog-8.2102.0-libcapng-no-cap-support2.patch

diff --git a/.gitignore b/.gitignore
index 6f6bb6c..590f63b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -81,3 +81,4 @@ rsyslog-4.6.3.tar.gz
 /rsyslog-8.2102.0.tar.gz
 /rsyslog-doc-8.2102.0.tar.gz
 /qpid-proton-0.34.0.tar.gz
+/qpid-proton-0.39.0.tar.gz
diff --git a/0001-Add-back-CAP_NEW_RAW-capability-due-to-omudpspoof.patch b/0001-Add-back-CAP_NEW_RAW-capability-due-to-omudpspoof.patch
new file mode 100644
index 0000000..77b803d
--- /dev/null
+++ b/0001-Add-back-CAP_NEW_RAW-capability-due-to-omudpspoof.patch
@@ -0,0 +1,217 @@
+From 183c42e488eb15784e26e69daf7041a3cf39d71d Mon Sep 17 00:00:00 2001
+From: alakatos <alakatos@redhat.com>
+Date: Fri, 28 Jul 2023 11:13:28 +0200
+Subject: [PATCH] Add back CAP_NEW_RAW capability due to omudpspoof   resolves:
+ rhbz#2216919
+
+---
+ .gitignore                                    |  1 +
+ openssl3-compatibility.patch                  | 83 -------------------
+ ...og-8.2102.0-libcapng-no-cap-support2.patch | 11 +++
+ rsyslog.spec                                  | 20 +++--
+ sources                                       |  2 +-
+ 5 files changed, 26 insertions(+), 91 deletions(-)
+ delete mode 100644 openssl3-compatibility.patch
+ create mode 100644 rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+
+diff --git a/.gitignore b/.gitignore
+index 6f6bb6c..590f63b 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -81,3 +81,4 @@ rsyslog-4.6.3.tar.gz
+ /rsyslog-8.2102.0.tar.gz
+ /rsyslog-doc-8.2102.0.tar.gz
+ /qpid-proton-0.34.0.tar.gz
++/qpid-proton-0.39.0.tar.gz
+diff --git a/openssl3-compatibility.patch b/openssl3-compatibility.patch
+deleted file mode 100644
+index c86fe23..0000000
+--- a/openssl3-compatibility.patch
++++ /dev/null
+@@ -1,83 +0,0 @@
+-diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c
+---- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig	2021-06-01 09:29:27.976842727 +0200
+-+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c	2021-06-01 09:31:05.232015887 +0200
+-@@ -353,65 +353,6 @@ static int verify_callback(int preverify
+-   return preverify_ok;
+- }
+- 
+--// This was introduced in v1.1
+--#if OPENSSL_VERSION_NUMBER < 0x10100000
+--int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+--{
+--  dh->p = p;
+--  dh->q = q;
+--  dh->g = g;
+--  return 1;
+--}
+--#endif
+--
+--// this code was generated using the command:
+--// "openssl dhparam -C -2 2048"
+--static DH *get_dh2048(void)
+--{
+--  static const unsigned char dhp_2048[]={
+--    0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81,
+--    0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9,
+--    0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C,
+--    0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E,
+--    0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2,
+--    0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E,
+--    0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44,
+--    0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF,
+--    0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE,
+--    0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB,
+--    0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2,
+--    0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A,
+--    0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF,
+--    0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88,
+--    0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C,
+--    0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C,
+--    0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9,
+--    0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2,
+--    0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0,
+--    0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B,
+--    0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0,
+--    0x23,0x1C,0x09,0x33,
+--  };
+--  static const unsigned char dhg_2048[]={
+--    0x02,
+--  };
+--  DH *dh = DH_new();
+--  BIGNUM *dhp_bn, *dhg_bn;
+--
+--  if (dh == NULL)
+--    return NULL;
+--  dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
+--  dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
+--  if (dhp_bn == NULL || dhg_bn == NULL
+--      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+--    DH_free(dh);
+--    BN_free(dhp_bn);
+--    BN_free(dhg_bn);
+--    return NULL;
+--  }
+--  return dh;
+--}
+--
+- typedef struct {
+-   char *id;
+-   SSL_SESSION *session;
+-@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_
+-   domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
+- # endif
+- 
+--  DH *dh = get_dh2048();
+--  if (dh) {
+--    SSL_CTX_set_tmp_dh(domain->ctx, dh);
+--    DH_free(dh);
+--    SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE);
+--  }
+--
+-   return true;
+- }
+- 
+diff --git a/rsyslog-8.2102.0-libcapng-no-cap-support2.patch b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+new file mode 100644
+index 0000000..91ef39c
+--- /dev/null
++++ b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+@@ -0,0 +1,11 @@
++diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
++--- rsyslog-8.2102.0/tools/rsyslogd.c.orig	2023-07-28 11:11:36.253771848 +0200
+++++ rsyslog-8.2102.0/tools/rsyslogd.c	2023-07-28 11:11:57.628795339 +0200
++@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
++ 	capabilities_t capabilities[] = {
++ 		#define CAP_FIELD(code) { code, #code,  0 }
++ 		CAP_FIELD(CAP_BLOCK_SUSPEND),
+++		CAP_FIELD(CAP_NET_RAW),
++ 		CAP_FIELD(CAP_CHOWN),
++ 		CAP_FIELD(CAP_IPC_LOCK),
++ 		CAP_FIELD(CAP_LEASE),
+diff --git a/rsyslog.spec b/rsyslog.spec
+index d1d290c..f5b4183 100644
+--- a/rsyslog.spec
++++ b/rsyslog.spec
+@@ -5,7 +5,7 @@
+ Summary: Enhanced system logging and kernel message trapping daemon
+ Name: rsyslog
+ Version: 8.2102.0
+-Release: 116%{?dist}
++Release: 117%{?dist}
+ License: (GPLv3+ and ASL 2.0)
+ URL: http://www.rsyslog.com/
+ Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
+@@ -16,7 +16,7 @@ Source4: rsyslog.log
+ Source5: rsyslog.service
+ # Add qpid-proton as another source, enable omamqp1 module in a
+ # separatae sub-package with it statically linked(see rhbz#1713427)
+-Source6: qpid-proton-0.34.0.tar.gz
++Source6: qpid-proton-0.39.0.tar.gz
+ 
+ Patch0:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
+ Patch1:  rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
+@@ -50,6 +50,7 @@ Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch
+ Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch
+ Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
+ Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
++Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+ 
+ BuildRequires: make
+ BuildRequires: gcc
+@@ -317,10 +318,11 @@ mv build doc
+ %patch29 -p1 -b .es-doc
+ %patch30 -p1
+ %patch31 -p1
++%patch32 -p1
+ 
+-pushd ..
+-%patch9 -p1 -b .openssl-compatibility
+-popd
++# pushd ..
++# %patch9 -p1 -b .openssl-compatibility
++# popd
+ 
+ %build
+ # Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags
+@@ -338,7 +340,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
+ %endif
+ # build the proton first
+ (
+-	cd %{_builddir}/qpid-proton-0.34.0
++	cd %{_builddir}/qpid-proton-0.39.0
+ 	mkdir bld
+ 	cd bld
+ 
+@@ -370,7 +372,7 @@ autoreconf -if
+ 	--prefix=/usr \
+ 	--disable-static \
+ 	--disable-testbench \
+-	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \
++	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.39.0/bld/c/include" \
+ 	--enable-elasticsearch \
+ 	--enable-generate-man-pages \
+ 	--enable-gnutls \
+@@ -582,6 +584,10 @@ done
+ 
+ 
+ %changelog
++* Fri Jul 28 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-117
++- Add back CAP_NEW_RAW capability due to omudpspoof
++  resolves: rhbz#2216919
++
+ * Tue Jun 27 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-116
+ - libcapng: do not try to drop capabilities that are not present
+ - add global libcapng.default to not abort when libcapng fails
+diff --git a/sources b/sources
+index d12920a..0cb5e41 100644
+--- a/sources
++++ b/sources
+@@ -1,3 +1,3 @@
+-SHA512 (qpid-proton-0.34.0.tar.gz) = 0de6c3d11baeee1d69821a0f1879a61b314f14589e02ea7ed0de8814c741217fdcafdd978b4061f73bc75588886299f4ac6808021506545ec8a883f39ad54fb3
++SHA512 (qpid-proton-0.39.0.tar.gz) = 38659682cc86bf0c910e2a707a5b166b3a7d0fb70fd83d6c5ebcaca53b2cd5a478adf36958d2c4c55a2ea6afcb9b457a12006a7967efae6ca2d0663c0febbc58
+ SHA512 (rsyslog-8.2102.0.tar.gz) = 281b0e5d5cb548c39a6e514e5fd5b1bdbe8ca0bdd9234f4fea581ed7679f76d2d75b65d14c3c5e799f86f91600074ff75b467aa1ff27cdbec0f4197261c5aec0
+ SHA512 (rsyslog-doc-8.2102.0.tar.gz) = a5dc4fb9bd8892fac693c5692b926c8d7d9fa36667d6b4c6eccba750713af88d4317f6232efc2a16de38c2e58c4a8bc4d04c9ebb2e7ebc3b0878d53eef20dd2e
+-- 
+2.41.0
+
diff --git a/openssl3-compatibility.patch b/openssl3-compatibility.patch
deleted file mode 100644
index c86fe23..0000000
--- a/openssl3-compatibility.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c
---- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig	2021-06-01 09:29:27.976842727 +0200
-+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c	2021-06-01 09:31:05.232015887 +0200
-@@ -353,65 +353,6 @@ static int verify_callback(int preverify
-   return preverify_ok;
- }
- 
--// This was introduced in v1.1
--#if OPENSSL_VERSION_NUMBER < 0x10100000
--int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
--{
--  dh->p = p;
--  dh->q = q;
--  dh->g = g;
--  return 1;
--}
--#endif
--
--// this code was generated using the command:
--// "openssl dhparam -C -2 2048"
--static DH *get_dh2048(void)
--{
--  static const unsigned char dhp_2048[]={
--    0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81,
--    0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9,
--    0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C,
--    0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E,
--    0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2,
--    0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E,
--    0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44,
--    0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF,
--    0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE,
--    0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB,
--    0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2,
--    0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A,
--    0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF,
--    0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88,
--    0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C,
--    0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C,
--    0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9,
--    0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2,
--    0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0,
--    0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B,
--    0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0,
--    0x23,0x1C,0x09,0x33,
--  };
--  static const unsigned char dhg_2048[]={
--    0x02,
--  };
--  DH *dh = DH_new();
--  BIGNUM *dhp_bn, *dhg_bn;
--
--  if (dh == NULL)
--    return NULL;
--  dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
--  dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
--  if (dhp_bn == NULL || dhg_bn == NULL
--      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
--    DH_free(dh);
--    BN_free(dhp_bn);
--    BN_free(dhg_bn);
--    return NULL;
--  }
--  return dh;
--}
--
- typedef struct {
-   char *id;
-   SSL_SESSION *session;
-@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_
-   domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
- # endif
- 
--  DH *dh = get_dh2048();
--  if (dh) {
--    SSL_CTX_set_tmp_dh(domain->ctx, dh);
--    DH_free(dh);
--    SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE);
--  }
--
-   return true;
- }
- 
diff --git a/rsyslog-8.2102.0-libcapng-no-cap-support2.patch b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
new file mode 100644
index 0000000..91ef39c
--- /dev/null
+++ b/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
@@ -0,0 +1,11 @@
+diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
+--- rsyslog-8.2102.0/tools/rsyslogd.c.orig	2023-07-28 11:11:36.253771848 +0200
++++ rsyslog-8.2102.0/tools/rsyslogd.c	2023-07-28 11:11:57.628795339 +0200
+@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
+ 	capabilities_t capabilities[] = {
+ 		#define CAP_FIELD(code) { code, #code,  0 }
+ 		CAP_FIELD(CAP_BLOCK_SUSPEND),
++		CAP_FIELD(CAP_NET_RAW),
+ 		CAP_FIELD(CAP_CHOWN),
+ 		CAP_FIELD(CAP_IPC_LOCK),
+ 		CAP_FIELD(CAP_LEASE),
diff --git a/rsyslog.spec b/rsyslog.spec
index d1d290c..d762952 100644
--- a/rsyslog.spec
+++ b/rsyslog.spec
@@ -5,7 +5,7 @@
 Summary: Enhanced system logging and kernel message trapping daemon
 Name: rsyslog
 Version: 8.2102.0
-Release: 116%{?dist}
+Release: 117%{?dist}
 License: (GPLv3+ and ASL 2.0)
 URL: http://www.rsyslog.com/
 Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@@ -16,7 +16,7 @@ Source4: rsyslog.log
 Source5: rsyslog.service
 # Add qpid-proton as another source, enable omamqp1 module in a
 # separatae sub-package with it statically linked(see rhbz#1713427)
-Source6: qpid-proton-0.34.0.tar.gz
+Source6: qpid-proton-0.39.0.tar.gz
 
 Patch0:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
 Patch1:  rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
@@ -27,7 +27,6 @@ Patch5:  rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
 Patch6:  rsyslog-8.2102.0-rhbz1938863-covscan.patch
 Patch7:  rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
 Patch8:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch
-Patch9:  openssl3-compatibility.patch
 Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch
 Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch
 Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
@@ -50,6 +49,7 @@ Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch
 Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch
 Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
 Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
+Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch
 
 BuildRequires: make
 BuildRequires: gcc
@@ -317,10 +317,7 @@ mv build doc
 %patch29 -p1 -b .es-doc
 %patch30 -p1
 %patch31 -p1
-
-pushd ..
-%patch9 -p1 -b .openssl-compatibility
-popd
+%patch32 -p1
 
 %build
 # Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags
@@ -338,7 +335,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
 %endif
 # build the proton first
 (
-	cd %{_builddir}/qpid-proton-0.34.0
+	cd %{_builddir}/qpid-proton-0.39.0
 	mkdir bld
 	cd bld
 
@@ -370,7 +367,7 @@ autoreconf -if
 	--prefix=/usr \
 	--disable-static \
 	--disable-testbench \
-	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \
+	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.39.0/bld/c/include" \
 	--enable-elasticsearch \
 	--enable-generate-man-pages \
 	--enable-gnutls \
@@ -582,6 +579,10 @@ done
 
 
 %changelog
+* Fri Jul 28 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-117
+- Add back CAP_NET_RAW capability due to omudpspoof
+  resolves: rhbz#2216919
+
 * Tue Jun 27 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-116
 - libcapng: do not try to drop capabilities that are not present
 - add global libcapng.default to not abort when libcapng fails
diff --git a/sources b/sources
index d12920a..0cb5e41 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (qpid-proton-0.34.0.tar.gz) = 0de6c3d11baeee1d69821a0f1879a61b314f14589e02ea7ed0de8814c741217fdcafdd978b4061f73bc75588886299f4ac6808021506545ec8a883f39ad54fb3
+SHA512 (qpid-proton-0.39.0.tar.gz) = 38659682cc86bf0c910e2a707a5b166b3a7d0fb70fd83d6c5ebcaca53b2cd5a478adf36958d2c4c55a2ea6afcb9b457a12006a7967efae6ca2d0663c0febbc58
 SHA512 (rsyslog-8.2102.0.tar.gz) = 281b0e5d5cb548c39a6e514e5fd5b1bdbe8ca0bdd9234f4fea581ed7679f76d2d75b65d14c3c5e799f86f91600074ff75b467aa1ff27cdbec0f4197261c5aec0
 SHA512 (rsyslog-doc-8.2102.0.tar.gz) = a5dc4fb9bd8892fac693c5692b926c8d7d9fa36667d6b4c6eccba750713af88d4317f6232efc2a16de38c2e58c4a8bc4d04c9ebb2e7ebc3b0878d53eef20dd2e