import UBI rsyslog-8.2102.0-117.el9

2023-11-07 12:02:57 +00:00 · 2023-11-07 12:02:57 +00:00 · adf122f840
parent 9fd4d3e53e
commit adf122f840
19 changed files with 817 additions and 172 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
-SOURCES/qpid-proton-0.34.0.tar.gz
+SOURCES/qpid-proton-0.39.0.tar.gz
 SOURCES/rsyslog-8.2102.0.tar.gz
 SOURCES/rsyslog-doc-8.2102.0.tar.gz
--- a/.rsyslog.metadata
+++ b/.rsyslog.metadata
@ -1,3 +1,3 @@
-390e5cb87a6331cf0ce451d7f6552e2c0d97f706 SOURCES/qpid-proton-0.34.0.tar.gz
+e2fe5aada26415aeb1902435a8acf5ee388cb2cf SOURCES/qpid-proton-0.39.0.tar.gz
 fdda78ed808e7a0dca03ead9227a0a5d913a050f SOURCES/rsyslog-8.2102.0.tar.gz
 9c2188d435cb5f79c1c35749003bd2a61e7f2d07 SOURCES/rsyslog-doc-8.2102.0.tar.gz
--- a/SOURCES/openssl3-compatibility.patch
+++ b/SOURCES/openssl3-compatibility.patch
@ -1,83 +0,0 @@
-diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c
--- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig	2021-06-01 09:29:27.976842727 +0200
-+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c	2021-06-01 09:31:05.232015887 +0200
-@@ -353,65 +353,6 @@ static int verify_callback(int preverify
-   return preverify_ok;
- }
- 
-// This was introduced in v1.1
-#if OPENSSL_VERSION_NUMBER < 0x10100000
-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-{
-  dh->p = p;
-  dh->q = q;
-  dh->g = g;
-  return 1;
-}
-#endif
-
-// this code was generated using the command:
-// "openssl dhparam -C -2 2048"
-static DH *get_dh2048(void)
-{
-  static const unsigned char dhp_2048[]={
-    0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81,
-    0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9,
-    0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C,
-    0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E,
-    0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2,
-    0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E,
-    0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44,
-    0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF,
-    0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE,
-    0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB,
-    0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2,
-    0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A,
-    0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF,
-    0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88,
-    0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C,
-    0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C,
-    0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9,
-    0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2,
-    0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0,
-    0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B,
-    0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0,
-    0x23,0x1C,0x09,0x33,
-  };
-  static const unsigned char dhg_2048[]={
-    0x02,
-  };
-  DH *dh = DH_new();
-  BIGNUM *dhp_bn, *dhg_bn;
-
-  if (dh == NULL)
-    return NULL;
-  dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
-  dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
-  if (dhp_bn == NULL || dhg_bn == NULL
-      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
-    DH_free(dh);
-    BN_free(dhp_bn);
-    BN_free(dhg_bn);
-    return NULL;
-  }
-  return dh;
-}
-
- typedef struct {
-   char *id;
-   SSL_SESSION *session;
-@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_
-   domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
- # endif
- 
-  DH *dh = get_dh2048();
-  if (dh) {
-    SSL_CTX_set_tmp_dh(domain->ctx, dh);
-    DH_free(dh);
-    SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE);
-  }
-
-   return true;
- }
- 
--- a/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+++ b/SOURCES/rsyslog-8.2102.0-libcapng-no-cap-support2.patch
@ -1,6 +1,6 @@
 diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig	2023-07-28 10:58:34.763191141 +0200
-+++ rsyslog-8.2102.0/tools/rsyslogd.c	2023-07-28 10:59:14.867276818 +0200
+--- rsyslog-8.2102.0/tools/rsyslogd.c.orig	2023-07-28 11:11:36.253771848 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c	2023-07-28 11:11:57.628795339 +0200
@@ -1571,6 +1571,7 @@ initAll(int argc, char **argv)
 	capabilities_t capabilities[] = {
 		#define CAP_FIELD(code) { code, #code,  0 }
--- a/SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
@ -0,0 +1,12 @@
+diff -up rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig rsyslog-8.2102.0/plugins/imjournal/imjournal.c
+--- rsyslog-8.2102.0/plugins/imjournal/imjournal.c.orig	2023-05-19 10:32:32.467826852 +0200
+++ rsyslog-8.2102.0/plugins/imjournal/imjournal.c	2023-05-19 10:33:34.426902983 +0200
+@@ -452,6 +452,8 @@ readjournal(void)
+ 	/* Get message identifier, client pid and add ':' */
+ 	if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
+ 		CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
+	} else if (journalGetData("_COMM", &get, &length) >= 0) {
+		CHKiRet(sanitizeValue(((const char *)get) + 6, length - 6, &sys_iden));
+ 	} else {
+ 		CHKmalloc(sys_iden = strdup(cs.dfltTag));
+ 	}
--- a/SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
@ -0,0 +1,72 @@
+diff -up rsyslog-8.2102.0/parse.h.orig rsyslog-8.2102.0/parse.h
+--- rsyslog-8.2102.0/parse.h.orig	2023-05-09 09:10:09.236597063 +0200
+++ rsyslog-8.2102.0/parse.h	2023-05-09 09:10:26.913608034 +0200
+@@ -56,7 +56,7 @@ struct rsParsObject
+ 	rsObjID OID;			/**< object ID */
+ #endif
+ 	cstr_t *pCStr;		/**< pointer to the string object we are parsing */
+-	int iCurrPos;			/**< current parsing position (char offset) */
+	size_t iCurrPos;			/**< current parsing position (char offset) */
+ };
+ typedef struct rsParsObject rsParsObj;
+ 
+diff -up rsyslog-8.2102.0/runtime/stream.c.orig rsyslog-8.2102.0/runtime/stream.c
+--- rsyslog-8.2102.0/runtime/stream.c.orig	2023-05-09 09:10:34.122612508 +0200
+++ rsyslog-8.2102.0/runtime/stream.c	2023-05-09 09:12:47.934640583 +0200
+@@ -1071,7 +1071,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t
+ 	cstr_t *thisLine = NULL;
+ 	rsRetVal readCharRet;
+ 	const time_t tCurr = pThis->readTimeout ? getTime(NULL) : 0;
+-	int maxMsgSize = glblGetMaxLine();
+	size_t maxMsgSize = glblGetMaxLine();
+ 	DEFiRet;
+ 
+ 	do {
+@@ -1132,9 +1132,9 @@ strmReadMultiLine(strm_t *pThis, cstr_t
+ 					}
+ 
+ 
+-					int currLineLen = cstrLen(thisLine);
+					size_t currLineLen = cstrLen(thisLine);
+ 					if(currLineLen > 0) {
+-						int len;
+						size_t len;
+ 						if((len = cstrLen(pThis->prevMsgSegment) + currLineLen) <
+ 						maxMsgSize) {
+ 							CHKiRet(cstrAppendCStr(pThis->prevMsgSegment, thisLine));
+@@ -1144,7 +1144,7 @@ strmReadMultiLine(strm_t *pThis, cstr_t
+ 								len = 0;
+ 							} else {
+ 								len = currLineLen-(len-maxMsgSize);
+-								for(int z=0; z<len; z++) {
+								for(size_t z=0; z<len; z++) {
+ 									cstrAppendChar(pThis->prevMsgSegment,
+ 										thisLine->pBuf[z]);
+ 								}
+diff -up rsyslog-8.2102.0/runtime/stringbuf.c.orig rsyslog-8.2102.0/runtime/stringbuf.c
+--- rsyslog-8.2102.0/runtime/stringbuf.c.orig	2023-05-09 09:09:37.627577446 +0200
+++ rsyslog-8.2102.0/runtime/stringbuf.c	2023-05-09 09:09:59.061590749 +0200
+@@ -474,7 +474,7 @@ finalize_it:
+  * This is due to performance reasons.
+  */
+ #ifndef NDEBUG
+-int cstrLen(cstr_t *pThis)
+size_t cstrLen(cstr_t *pThis)
+ {
+ 	rsCHECKVALIDOBJECT(pThis, OIDrsCStr);
+ 	return(pThis->iStrLen);
+diff -up rsyslog-8.2102.0/runtime/stringbuf.h.orig rsyslog-8.2102.0/runtime/stringbuf.h
+--- rsyslog-8.2102.0/runtime/stringbuf.h.orig	2023-05-09 09:08:05.199520082 +0200
+++ rsyslog-8.2102.0/runtime/stringbuf.h	2023-05-09 09:09:26.924570803 +0200
+@@ -144,9 +144,9 @@ rsRetVal cstrAppendCStr(cstr_t *pThis, c
+ 
+ /* now come inline-like functions */
+ #ifdef NDEBUG
+-#	define cstrLen(x) ((int)((x)->iStrLen))
+#	define cstrLen(x) ((size_t)((x)->iStrLen))
+ #else
+-	int cstrLen(cstr_t *pThis);
+	size_t cstrLen(cstr_t *pThis);
+ #endif
+ #define rsCStrLen(s) cstrLen((s))
+ 
--- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-0.patch
@ -0,0 +1,37 @@
+diff -up rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c
+--- rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c.orig	2023-05-11 14:14:39.778187570 +0200
+++ rsyslog-8.2102.0/plugins/omelasticsearch/omelasticsearch.c	2023-05-11 14:15:36.254234445 +0200
+@@ -232,7 +232,11 @@ static rsRetVal curlSetup(wrkrInstanceDa
+ BEGINcreateInstance
+ CODESTARTcreateInstance
+ 	pData->fdErrFile = -1;
+-	pthread_mutex_init(&pData->mutErrFile, NULL);
+	if(pthread_mutex_init(&pData->mutErrFile, NULL) != 0) {
+		LogError(errno, RS_RET_ERR, "omelasticsearch: cannot create "
+			"error file mutex, failing this action");
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+ 	pData->caCertFile = NULL;
+ 	pData->myCertFile = NULL;
+ 	pData->myPrivKeyFile = NULL;
+@@ -240,6 +244,7 @@ CODESTARTcreateInstance
+ 	pData->retryRulesetName = NULL;
+ 	pData->retryRuleset = NULL;
+ 	pData->rebindInterval = DEFAULT_REBIND_INTERVAL;
+finalize_it:
+ ENDcreateInstance
+ 
+ BEGINcreateWrkrInstance
+@@ -2165,10 +2170,12 @@ ENDfreeCnf
+ 
+ BEGINdoHUP
+ CODESTARTdoHUP
+	pthread_mutex_lock(&pData->mutErrFile);
+ 	if(pData->fdErrFile != -1) {
+ 		close(pData->fdErrFile);
+ 		pData->fdErrFile = -1;
+ 	}
+	pthread_mutex_unlock(&pData->mutErrFile);
+ ENDdoHUP
+ 
+ 
--- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-1.patch
@ -0,0 +1,54 @@
+diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
+index 0808c6054e..d7d6c68e60 100644
+--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
+@@ -116,6 +116,7 @@ typedef struct instanceConf_s {
+ 	uchar **serverBaseUrls;
+ 	int numServers;
+ 	long healthCheckTimeout;
+	long indexTimeout;
+ 	uchar *uid;
+ 	uchar *pwd;
+ 	uchar *authBuf;
+@@ -187,6 +188,7 @@ static struct cnfparamdescr actpdescr[] = {
+ 	{ "server", eCmdHdlrArray, 0 },
+ 	{ "serverport", eCmdHdlrInt, 0 },
+ 	{ "healthchecktimeout", eCmdHdlrInt, 0 },
+	{ "indextimeout", eCmdHdlrInt, 0 },
+ 	{ "uid", eCmdHdlrGetWord, 0 },
+ 	{ "pwd", eCmdHdlrGetWord, 0 },
+ 	{ "searchindex", eCmdHdlrGetWord, 0 },
+@@ -355,6 +357,7 @@ CODESTARTdbgPrintInstInfo
+ 	dbgprintf("\ttemplate='%s'\n", pData->tplName);
+ 	dbgprintf("\tnumServers=%d\n", pData->numServers);
+ 	dbgprintf("\thealthCheckTimeout=%lu\n", pData->healthCheckTimeout);
+	dbgprintf("\tindexTimeout=%lu\n", pData->indexTimeout);
+ 	dbgprintf("\tserverBaseUrls=");
+ 	for(i = 0 ; i < pData->numServers ; ++i)
+ 		dbgprintf("%c'%s'", i == 0 ? '[' : ' ', pData->serverBaseUrls[i]);
+@@ -1768,6 +1771,8 @@ curlPostSetup(wrkrInstanceData_t *const pWrkrData)
+ 	PTR_ASSERT_SET_TYPE(pWrkrData, WRKR_DATA_TYPE_ES);
+ 	curlSetupCommon(pWrkrData, pWrkrData->curlPostHandle);
+ 	curl_easy_setopt(pWrkrData->curlPostHandle, CURLOPT_POST, 1);
+	curl_easy_setopt(pWrkrData->curlPostHandle,
+		CURLOPT_TIMEOUT_MS, pWrkrData->pData->indexTimeout);
+ }
+ 
+ #define CONTENT_JSON "Content-Type: application/json; charset=utf-8"
+@@ -1797,6 +1802,7 @@ setInstParamDefaults(instanceData *const pData)
+ 	pData->serverBaseUrls = NULL;
+ 	pData->defaultPort = 9200;
+ 	pData->healthCheckTimeout = 3500;
+	pData->indexTimeout = 0;
+ 	pData->uid = NULL;
+ 	pData->pwd = NULL;
+ 	pData->authBuf = NULL;
+@@ -1865,6 +1871,8 @@ CODESTARTnewActInst
+ 			pData->defaultPort = (int) pvals[i].val.d.n;
+ 		} else if(!strcmp(actpblk.descr[i].name, "healthchecktimeout")) {
+ 			pData->healthCheckTimeout = (long) pvals[i].val.d.n;
+		} else if(!strcmp(actpblk.descr[i].name, "indextimeout")) {
+			pData->indexTimeout = (long) pvals[i].val.d.n;
+ 		} else if(!strcmp(actpblk.descr[i].name, "uid")) {
+ 			pData->uid = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ 		} else if(!strcmp(actpblk.descr[i].name, "pwd")) {
--- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-2.patch
@ -0,0 +1,43 @@
+diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
+index 0808c6054e..ed9359732c 100644
+--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
+@@ -877,14 +877,6 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p
+ 	int i;
+ 	int numitems;
+ 	fjson_object *items=NULL, *jo_errors = NULL;
+-	int errors = 0;
+-
+-	if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) {
+-		errors = fjson_object_get_boolean(jo_errors);
+-		if (!errors && pWrkrData->pData->retryFailures) {
+-			return RS_RET_OK;
+-		}
+-	}
+ 
+ 	/*iterate over items*/
+ 	if(!fjson_object_object_get_ex(replyRoot, "items", &items)) {
+@@ -897,6 +889,15 @@ parseRequestAndResponseForContext(wrkrInstanceData_t *pWrkrData,fjson_object **p
+ 
+ 	numitems = fjson_object_array_length(items);
+ 
+	int errors = 0;
+	if(fjson_object_object_get_ex(replyRoot, "errors", &jo_errors)) {
+		errors = fjson_object_get_boolean(jo_errors);
+		if (!errors && pWrkrData->pData->retryFailures) {
+			STATSCOUNTER_ADD(indexSuccess, mutIndexSuccess, numitems);
+			return RS_RET_OK;
+		}
+	}
+
+ 	if (reqmsg) {
+ 		DBGPRINTF("omelasticsearch: Entire request %s\n", reqmsg);
+ 	} else {
+@@ -1267,6 +1268,7 @@ getDataRetryFailures(context *ctx,int itemStatus,char *request,char *response,
+ 				response);
+ 		}
+ 	}
+
+ 	need_free_omes = 0;
+ 	CHKiRet(msgAddJSON(msg, (uchar*)".omes", omes, 0, 0));
+ 	MsgSetRuleset(msg, ctx->retryRuleset);
--- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-3.patch
@ -0,0 +1,148 @@
+diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
+index ed9359732c..8200403eaf 100644
+--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
+@@ -86,12 +86,14 @@ STATSCOUNTER_DEF(rebinds, mutRebinds)
+ static prop_t *pInputName = NULL;
+ 
+ #	define META_STRT "{\"index\":{\"_index\": \""
+-#	define META_STRT_CREATE "{\"create\":{\"_index\": \""
+#	define META_STRT_CREATE "{\"create\":{"    /* \"_index\": \" */
+#	define META_IX "\"_index\": \""
+ #	define META_TYPE "\",\"_type\":\""
+ #       define META_PIPELINE "\",\"pipeline\":\""
+ #	define META_PARENT "\",\"_parent\":\""
+ #	define META_ID "\", \"_id\":\""
+ #	define META_END  "\"}}\n"
+#	define META_END_NOQUOTE  " }}\n"
+ 
+ typedef enum {
+ 	ES_WRITE_INDEX,
+@@ -362,8 +364,8 @@ CODESTARTdbgPrintInstInfo
+ 	dbgprintf("\tdefaultPort=%d\n", pData->defaultPort);
+ 	dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid);
+ 	dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : "");
+-	dbgprintf("\tsearch index='%s'\n", pData->searchIndex);
+-	dbgprintf("\tsearch type='%s'\n", pData->searchType);
+	dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex);
+        dbgprintf("\tsearch type='%s'\n",  pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType);
+ 	dbgprintf("\tpipeline name='%s'\n", pData->pipelineName);
+ 	dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName);
+ 	dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty);
+@@ -596,8 +598,8 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls,
+ 	}
+ 
+ done:
+-	assert(srchIndex != NULL);
+-	assert(srchType != NULL);
+	//assert(srchIndex != NULL);
+	//assert(srchType != NULL);
+ 	return;
+ }
+ 
+@@ -633,9 +635,14 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
+ 		parent = NULL;
+ 	} else {
+ 		getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
+-		r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
+-		if(r == 0) r = es_addChar(&url, '/');
+-		if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType));
+		if(searchIndex != NULL) {
+			r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
+			if(r == 0) r = es_addChar(&url, '/');
+			if(searchType != NULL) {
+				if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType));
+			}
+		} else
+			r = 0;
+ 		if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
+ 			if(r == 0) r = es_addChar(&url, separator);
+ 			if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1);
+@@ -692,7 +699,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
+ 	uchar *pipelineName;
+ 
+ 	getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
+-	r += ustrlen((char *)message) + ustrlen(searchIndex) + ustrlen(searchType);
+	r += ustrlen((char *)message);
+        if(searchIndex != NULL)
+                r += ustrlen(searchIndex);
+        if(searchType != NULL)
+                r += ustrlen(searchType);
+ 
+ 	if(parent != NULL) {
+ 		r += sizeof(META_PARENT)-1 + ustrlen(parent);
+@@ -717,6 +728,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
+ {
+ 	int length = strlen((char *)message);
+ 	int r;
+       	int endQuote = 1;
+ 	uchar *searchIndex = NULL;
+ 	uchar *searchType;
+ 	uchar *parent = NULL;
+@@ -725,28 +737,43 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
+ 	DEFiRet;
+ 
+ 	getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
+-	if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE)
+	if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE) {
+ 		r = es_addBuf(&pWrkrData->batch.data, META_STRT_CREATE, sizeof(META_STRT_CREATE)-1);
+-	else
+		endQuote = 0;
+	} else
+ 		r = es_addBuf(&pWrkrData->batch.data, META_STRT, sizeof(META_STRT)-1);
+-	if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex,
+	if(searchIndex != NULL) {
+		endQuote = 1;
+		if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE)
+			if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1);
+		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex,
+ 				 ustrlen(searchIndex));
+-	if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1);
+-	if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType,
+		if(searchType != NULL) {
+			if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1);
+			if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType,
+ 				 ustrlen(searchType));
+		}
+	}
+ 	if(parent != NULL) {
+		endQuote = 1;
+ 		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PARENT, sizeof(META_PARENT)-1);
+ 		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)parent, ustrlen(parent));
+ 	}
+ 	if(pipelineName != NULL && (!pWrkrData->pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
+		endQuote = 1;
+ 		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_PIPELINE, sizeof(META_PIPELINE)-1);
+ 		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)pipelineName, ustrlen(pipelineName));
+ 	}
+ 	if(bulkId != NULL) {
+		endQuote = 1;
+ 		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_ID, sizeof(META_ID)-1);
+ 		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)bulkId, ustrlen(bulkId));
+ 	}
+-	if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1);
+	if(endQuote == 0) {
+		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END_NOQUOTE, sizeof(META_END_NOQUOTE)-1);
+	} else {
+		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_END, sizeof(META_END)-1);
+	}
+ 	if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)message, length);
+ 	if(r == 0) r = es_addBuf(&pWrkrData->batch.data, "\n", sizeof("\n")-1);
+ 	if(r != 0) {
+@@ -2094,6 +2121,8 @@ CODESTARTnewActInst
+ 		CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls));
+ 	}
+ 
+	//Only needed befor ES-Version 7.x
+	/*
+ 	if(pData->searchIndex == NULL)
+ 		pData->searchIndex = (uchar*) strdup("system");
+ 	if(pData->searchType == NULL)
+@@ -2104,6 +2133,7 @@ CODESTARTnewActInst
+ 			"omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation);
+ 		ABORT_FINALIZE(RS_RET_CONFIG_ERROR);
+ 	}
+	*/
+ 
+ 	if (pData->retryFailures) {
+ 		CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL));
--- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-4.patch
@ -0,0 +1,118 @@
+diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
+index 8200403eaf..8b74d610df 100644
+--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
+@@ -130,6 +130,7 @@ typedef struct instanceConf_s {
+ 	uchar *timeout;
+ 	uchar *bulkId;
+ 	uchar *errorFile;
+	int esVersion;
+ 	sbool errorOnly;
+ 	sbool interleaved;
+ 	sbool dynSrchIdx;
+@@ -221,7 +222,8 @@ static struct cnfparamdescr actpdescr[] = {
+ 	{ "ratelimit.interval", eCmdHdlrInt, 0 },
+ 	{ "ratelimit.burst", eCmdHdlrInt, 0 },
+ 	{ "retryruleset", eCmdHdlrString, 0 },
+-	{ "rebindinterval", eCmdHdlrInt, 0 }
+	{ "rebindinterval", eCmdHdlrInt, 0 },
+	{ "esversion.major", eCmdHdlrPositiveInt, 0 }
+ };
+ static struct cnfparamblk actpblk =
+ 	{ CNFPARAMBLK_VERSION,
+@@ -246,6 +248,7 @@ CODESTARTcreateInstance
+ 	pData->retryRulesetName = NULL;
+ 	pData->retryRuleset = NULL;
+ 	pData->rebindInterval = DEFAULT_REBIND_INTERVAL;
+	pData->esVersion = 0;
+ finalize_it:
+ ENDcreateInstance
+ 
+@@ -364,8 +367,10 @@ CODESTARTdbgPrintInstInfo
+ 	dbgprintf("\tdefaultPort=%d\n", pData->defaultPort);
+ 	dbgprintf("\tuid='%s'\n", pData->uid == NULL ? (uchar*)"(not configured)" : pData->uid);
+ 	dbgprintf("\tpwd=(%sconfigured)\n", pData->pwd == NULL ? "not " : "");
+-	dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL ? (uchar*)"(not configured)" : pData->searchIndex);
+-        dbgprintf("\tsearch type='%s'\n",  pData->searchType == NULL ? (uchar*)"(not configured)" : pData->searchType);
+	dbgprintf("\tsearch index='%s'\n", pData->searchIndex == NULL
+			? (uchar*)"(not configured)" : pData->searchIndex);
+	dbgprintf("\tsearch type='%s'\n",  pData->searchType == NULL
+			? (uchar*)"(not configured)" : pData->searchType);
+ 	dbgprintf("\tpipeline name='%s'\n", pData->pipelineName);
+ 	dbgprintf("\tdynamic pipeline name=%d\n", pData->dynPipelineName);
+ 	dbgprintf("\tskipPipelineIfEmpty=%d\n", pData->skipPipelineIfEmpty);
+@@ -598,8 +603,6 @@ getIndexTypeAndParent(const instanceData *const pData, uchar **const tpls,
+ 	}
+ 
+ done:
+-	//assert(srchIndex != NULL);
+-	//assert(srchType != NULL);
+ 	return;
+ }
+ 
+@@ -700,11 +703,12 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
+ 
+ 	getIndexTypeAndParent(pWrkrData->pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
+ 	r += ustrlen((char *)message);
+-        if(searchIndex != NULL)
+-                r += ustrlen(searchIndex);
+-        if(searchType != NULL)
+-                r += ustrlen(searchType);
+-
+	if(searchIndex != NULL) {
+		r += ustrlen(searchIndex);
+	}
+	if(searchType != NULL) {
+		r += ustrlen(searchType);
+	}
+ 	if(parent != NULL) {
+ 		r += sizeof(META_PARENT)-1 + ustrlen(parent);
+ 	}
+@@ -728,7 +732,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
+ {
+ 	int length = strlen((char *)message);
+ 	int r;
+-       	int endQuote = 1;
+	int endQuote = 1;
+ 	uchar *searchIndex = NULL;
+ 	uchar *searchType;
+ 	uchar *parent = NULL;
+@@ -1990,6 +1994,8 @@ CODESTARTnewActInst
+ 			pData->retryRulesetName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+ 		} else if(!strcmp(actpblk.descr[i].name, "rebindinterval")) {
+ 			pData->rebindInterval = (int) pvals[i].val.d.n;
+		} else if(!strcmp(actpblk.descr[i].name, "esversion.major")) {
+			pData->esVersion = pvals[i].val.d.n;
+ 		} else {
+ 			LogError(0, RS_RET_INTERNAL_ERROR, "omelasticsearch: program error, "
+ 				"non-handled param '%s'", actpblk.descr[i].name);
+@@ -2121,19 +2127,18 @@ CODESTARTnewActInst
+ 		CHKiRet(computeBaseUrl("localhost", pData->defaultPort, pData->useHttps, pData->serverBaseUrls));
+ 	}
+ 
+-	//Only needed befor ES-Version 7.x
+-	/*
+-	if(pData->searchIndex == NULL)
+-		pData->searchIndex = (uchar*) strdup("system");
+-	if(pData->searchType == NULL)
+-		pData->searchType = (uchar*) strdup("events");
+	if(pData->esVersion < 8) {
+		if(pData->searchIndex == NULL)
+			pData->searchIndex = (uchar*) strdup("system");
+		if(pData->searchType == NULL)
+			pData->searchType = (uchar*) strdup("events");
+ 
+-	if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) {
+-		LogError(0, RS_RET_CONFIG_ERROR,
+-			"omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation);
+-		ABORT_FINALIZE(RS_RET_CONFIG_ERROR);
+		if ((pData->writeOperation != ES_WRITE_INDEX) && (pData->bulkId == NULL)) {
+			LogError(0, RS_RET_CONFIG_ERROR,
+				"omelasticsearch: writeoperation '%d' requires bulkid", pData->writeOperation);
+			ABORT_FINALIZE(RS_RET_CONFIG_ERROR);
+		}
+ 	}
+-	*/
+ 
+ 	if (pData->retryFailures) {
+ 		CHKiRet(ratelimitNew(&pData->ratelimiter, "omelasticsearch", NULL));
--- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-5.patch
@ -0,0 +1,40 @@
+diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
+index 76d5081d3b..f481ec3f7e 100644
+--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
+@@ -620,6 +620,8 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
+ 	uchar *parent;
+ 	uchar *bulkId;
+ 	char* baseUrl;
+	/* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */
+	uchar* actualSearchType = (uchar*)"_doc";
+ 	es_str_t *url;
+ 	int r;
+ 	DEFiRet;
+@@ -645,11 +647,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
+ 		if(searchIndex != NULL) {
+ 			r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
+ 			if(r == 0) r = es_addChar(&url, '/');
+-			if(searchType != NULL) {
+-				if(r == 0) r = es_addBuf(&url, (char*)searchType, ustrlen(searchType));
+-			}
+-		} else
+-			r = 0;
+
+		if(searchType != NULL) {
+			actualSearchType = searchType;
+		}
+		if(r == 0) r = es_addChar(&url, '/');
+		if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType));
+ 		if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
+ 			if(r == 0) r = es_addChar(&url, separator);
+ 			if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1);
+@@ -693,7 +696,7 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
+ 	const uchar *const message,
+ 	uchar **const tpls)
+ {
+-	size_t r = sizeof(META_TYPE)-1 + sizeof(META_END)-1 + sizeof("\n")-1;
+	size_t r = sizeof(META_END)-1 + sizeof("\n")-1;
+ 	if (pWrkrData->pData->writeOperation == ES_WRITE_CREATE)
+ 		r += sizeof(META_STRT_CREATE)-1;
+ 	else
--- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-6.patch
@ -0,0 +1,53 @@
+diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c
+index f481ec3f7e..b297a9274f 100644
+--- a/plugins/omelasticsearch/omelasticsearch.c
+++ b/plugins/omelasticsearch/omelasticsearch.c
+@@ -623,7 +623,7 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
+ 	/* since 7.0, the API always requires /idx/_doc, so use that if searchType is not explicitly set */
+ 	uchar* actualSearchType = (uchar*)"_doc";
+ 	es_str_t *url;
+-	int r;
+	int r = 0;
+ 	DEFiRet;
+ 	instanceData *const pData = pWrkrData->pData;
+ 	char separator;
+@@ -646,13 +646,12 @@ setPostURL(wrkrInstanceData_t *const pWrkrData, uchar **const tpls)
+ 		getIndexTypeAndParent(pData, tpls, &searchIndex, &searchType, &parent, &bulkId, &pipelineName);
+ 		if(searchIndex != NULL) {
+ 			r = es_addBuf(&url, (char*)searchIndex, ustrlen(searchIndex));
+			if(searchType != NULL && searchType[0] != '\0') {
+				actualSearchType = searchType;
+			}
+ 			if(r == 0) r = es_addChar(&url, '/');
+-
+-		if(searchType != NULL) {
+-			actualSearchType = searchType;
+			if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType));
+ 		}
+-		if(r == 0) r = es_addChar(&url, '/');
+-		if(r == 0) r = es_addBuf(&url, (char*)actualSearchType, ustrlen(actualSearchType));
+ 		if(pipelineName != NULL && (!pData->skipPipelineIfEmpty || pipelineName[0] != '\0')) {
+ 			if(r == 0) r = es_addChar(&url, separator);
+ 			if(r == 0) r = es_addBuf(&url, "pipeline=", sizeof("pipeline=")-1);
+@@ -714,7 +713,11 @@ computeMessageSize(const wrkrInstanceData_t *const pWrkrData,
+ 		r += ustrlen(searchIndex);
+ 	}
+ 	if(searchType != NULL) {
+-		r += ustrlen(searchType);
+		if(searchType[0] == '\0') {
+			r += 4; // "_doc"
+		} else {
+			r += ustrlen(searchType);
+		}
+ 	}
+ 	if(parent != NULL) {
+ 		r += sizeof(META_PARENT)-1 + ustrlen(parent);
+@@ -759,7 +762,7 @@ buildBatch(wrkrInstanceData_t *pWrkrData, uchar *message, uchar **tpls)
+ 			if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_IX, sizeof(META_IX)-1);
+ 		if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchIndex,
+ 				 ustrlen(searchIndex));
+-		if(searchType != NULL) {
+		if(searchType != NULL && searchType[0] != '\0') {
+ 			if(r == 0) r = es_addBuf(&pWrkrData->batch.data, META_TYPE, sizeof(META_TYPE)-1);
+ 			if(r == 0) r = es_addBuf(&pWrkrData->batch.data, (char*)searchType,
+ 				 ustrlen(searchType));
--- a/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2192955-es-doc.patch
@ -0,0 +1,32 @@
+diff -up rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html
+--- rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html.orig	2023-05-11 15:56:24.308601241 +0200
+++ rsyslog-8.2102.0/doc/configuration/modules/omelasticsearch.html	2023-05-11 15:57:11.000662477 +0200
+@@ -156,6 +156,28 @@ this timeframe. Defaults to 3500.</p>
+ <p><em>Note, the health check is verifying connectivity only, not the state of
+ the Elasticsearch cluster.</em></p>
+ </div>
+
+<div class="section" id="esVersion.major">
+  <span id="id2"></span><h4>esVersion.major<a class="headerlink" href="#esVersion.major" title="Permalink to this headline">¶</a></h4>
+  <table border="1" class="colwidths-auto parameter-table docutils">
+  <thead valign="bottom">
+  <tr class="row-odd"><th class="head">type</th>
+  <th class="head">default</th>
+  <th class="head">mandatory</th>
+  <th class="head"><code class="docutils literal notranslate"><span class="pre">obsolete</span> <span class="pre">legacy</span></code> directive</th>
+  </tr>
+  </thead>
+  <tbody valign="top">
+  <tr class="row-even"><td>integer</td>
+  <td>0</td>
+  <td>no</td>
+  <td>none</td>
+  </tr>
+  </tbody>
+  </table>
+  <p>ElasticSearch is notoriously bad at maintaining backwards compatibility. For this reason, the setting can be used to configure the server’s major version number (e.g. 7, 8, …). As far as we know breaking changes only happen with major version changes. As of now, only value 8 triggers API changes. All other values select pre-version-8 API usage.</p>
+  </div>
+
+ <div class="section" id="searchindex">
+ <span id="id3"></span><h4>searchIndex<a class="headerlink" href="#searchindex" title="Permalink to this headline">¶</a></h4>
+ <table border="1" class="colwidths-auto parameter-table docutils">
--- a/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
@ -0,0 +1,109 @@
+diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
+--- rsyslog-8.2102.0/runtime/glbl.c.orig	2023-06-27 08:20:45.265387162 +0200
+++ rsyslog-8.2102.0/runtime/glbl.c	2023-06-27 08:20:45.262387154 +0200
+@@ -230,7 +230,8 @@ static struct cnfparamdescr cnfparamdesc
+ 	{ "reverselookup.cache.ttl.enable", eCmdHdlrBinary, 0 },
+ 	{ "shutdown.queue.doublesize", eCmdHdlrBinary, 0 },
+ 	{ "debug.files", eCmdHdlrArray, 0 },
+-	{ "debug.whitelist", eCmdHdlrBinary, 0 }
+	{ "debug.whitelist", eCmdHdlrBinary, 0 },
+	{ "libcapng.default", eCmdHdlrBinary, 0 }
+ };
+ static struct cnfparamblk paramblk =
+ 	{ CNFPARAMBLK_VERSION,
+@@ -1315,6 +1316,13 @@ glblDoneLoadCnf(void)
+ 		if(!strcmp(paramblk.descr[i].name, "workdirectory")) {
+ 			cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
+ 			setWorkDir(NULL, cstr);
+		} else if(!strcmp(paramblk.descr[i].name, "libcapng.default")) {
+#ifdef ENABLE_LIBCAPNG
+			loadConf->globals.bAbortOnFailedLibcapngSetup = (int) cnfparamvals[i].val.d.n;
+#else
+			LogError(0, RS_RET_ERR, "rsyslog wasn't "
+				"compiled with libcap-ng support.");
+#endif
+ 		} else if(!strcmp(paramblk.descr[i].name, "variables.casesensitive")) {
+ 			const int val = (int) cnfparamvals[i].val.d.n;
+ 			fjson_global_do_case_sensitive_comparison(val);
+diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
+--- rsyslog-8.2102.0/runtime/rsconf.c.orig	2023-06-27 08:20:45.265387162 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.c	2023-06-27 08:20:45.264387159 +0200
+@@ -146,6 +146,9 @@ int rsconfNeedDropPriv(rsconf_t *const c
+ 
+ static void cnfSetDefaults(rsconf_t *pThis)
+ {
+#ifdef ENABLE_LIBCAPNG
+	pThis->globals.bAbortOnFailedLibcapngSetup = 1;
+#endif
+ 	pThis->globals.bAbortOnUncleanConfig = 0;
+ 	pThis->globals.bReduceRepeatMsgs = 0;
+ 	pThis->globals.bDebugPrintTemplateList = 1;
+diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
+--- rsyslog-8.2102.0/runtime/rsconf.h.orig	2023-06-27 08:20:45.265387162 +0200
+++ rsyslog-8.2102.0/runtime/rsconf.h	2023-06-27 08:20:45.260387149 +0200
+@@ -61,6 +61,9 @@ struct queuecnf_s {
+  * be re-set as often as the user likes).
+  */
+ struct globals_s {
+#ifdef ENABLE_LIBCAPNG
+	int bAbortOnFailedLibcapngSetup;
+#endif
+ 	int bDebugPrintTemplateList;
+ 	int bDebugPrintModuleList;
+ 	int bDebugPrintCfSysLineHandlerList;
+diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
+--- rsyslog-8.2102.0/tools/rsyslogd.c.orig	2023-06-27 08:20:45.245387109 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c	2023-06-27 08:31:35.250120215 +0200
+@@ -2151,7 +2151,7 @@ main(int argc, char **argv)
+ 	/*
+ 	 * Drop capabilities to the necessary set
+ 	 */
+-	int capng_rc;
+	int capng_rc, capng_failed = 0;
+ 	capng_clear(CAPNG_SELECT_BOTH);
+ 
+ 	if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+@@ -2161,10 +2161,9 @@ main(int argc, char **argv)
+ 		CAP_LEASE,
+ 		CAP_NET_ADMIN,
+ 		CAP_NET_BIND_SERVICE,
+		CAP_DAC_OVERRIDE,
+ 		CAP_SETGID,
+ 		CAP_SETUID,
+-		CAP_DAC_OVERRIDE,
+-		CAP_NET_RAW,
+ 		CAP_SYS_ADMIN,
+ 		CAP_SYS_CHROOT,
+ 		CAP_SYS_RESOURCE,
+@@ -2173,17 +2172,25 @@ main(int argc, char **argv)
+ 	)) != 0) {
+ 		LogError(0, RS_RET_LIBCAPNG_ERR,
+ 				"could not update the internal posix capabilities settings "
+-				"based on the options passed to it, capng_updatev=%d\n", capng_rc);
+-		exit(-1);
+				"based on the options passed to it, capng_updatev=%d", capng_rc);
+		capng_failed = 1;
+ 	}
+ 
+ 	if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
+ 		LogError(0, RS_RET_LIBCAPNG_ERR,
+-			"could not transfer  the  specified  internal posix  capabilities "
+-			"settings to the kernel, capng_apply=%d\n", capng_rc);
+-		exit(-1);
+			"could not transfer the specified internal posix capabilities "
+			"settings to the kernel, capng_apply=%d", capng_rc);
+		capng_failed = 1;
+	}
+
+	if (capng_failed) {
+		DBGPRINTF("Capabilities were not dropped successfully.\n");
+		if (loadConf->globals.bAbortOnFailedLibcapngSetup) {
+			exit(RS_RET_LIBCAPNG_ERR);
+		}
+	} else {
+		DBGPRINTF("Capabilities were dropped successfully\n");
+ 	}
+-	DBGPRINTF("Capabilities were dropped successfully\n");
+ #endif
+ 
+ 	initAll(argc, argv);
--- a/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
@ -1,64 +1,11 @@
-diff -up rsyslog-8.2102.0/runtime/glbl.c.orig rsyslog-8.2102.0/runtime/glbl.c
--- rsyslog-8.2102.0/runtime/glbl.c.orig	2023-07-14 09:32:51.781256794 +0200
-+++ rsyslog-8.2102.0/runtime/glbl.c	2023-07-14 09:34:34.061315870 +0200
-@@ -230,7 +230,8 @@ static struct cnfparamdescr cnfparamdesc
- 	{ "reverselookup.cache.ttl.enable", eCmdHdlrBinary, 0 },
- 	{ "shutdown.queue.doublesize", eCmdHdlrBinary, 0 },
- 	{ "debug.files", eCmdHdlrArray, 0 },
-	{ "debug.whitelist", eCmdHdlrBinary, 0 }
-+	{ "debug.whitelist", eCmdHdlrBinary, 0 },
-+	{ "libcapng.default", eCmdHdlrBinary, 0 }
- };
- static struct cnfparamblk paramblk =
- 	{ CNFPARAMBLK_VERSION,
-@@ -1315,6 +1316,13 @@ glblDoneLoadCnf(void)
- 		if(!strcmp(paramblk.descr[i].name, "workdirectory")) {
- 			cstr = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
- 			setWorkDir(NULL, cstr);
-+		} else if(!strcmp(paramblk.descr[i].name, "libcapng.default")) {
-+#ifdef ENABLE_LIBCAPNG
-+			loadConf->globals.bAbortOnFailedLibcapngSetup = (int) cnfparamvals[i].val.d.n;
-+#else
-+			LogError(0, RS_RET_ERR, "rsyslog wasn't "
-+				"compiled with libcap-ng support.");
-+#endif
- 		} else if(!strcmp(paramblk.descr[i].name, "variables.casesensitive")) {
- 			const int val = (int) cnfparamvals[i].val.d.n;
- 			fjson_global_do_case_sensitive_comparison(val);
-diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
--- rsyslog-8.2102.0/runtime/rsconf.c.orig	2023-07-14 09:32:56.923259764 +0200
-+++ rsyslog-8.2102.0/runtime/rsconf.c	2023-07-14 09:34:47.722323759 +0200
-@@ -146,6 +146,9 @@ int rsconfNeedDropPriv(rsconf_t *const c
- 
- static void cnfSetDefaults(rsconf_t *pThis)
- {
-+#ifdef ENABLE_LIBCAPNG
-+	pThis->globals.bAbortOnFailedLibcapngSetup = 1;
-+#endif
- 	pThis->globals.bAbortOnUncleanConfig = 0;
- 	pThis->globals.bReduceRepeatMsgs = 0;
- 	pThis->globals.bDebugPrintTemplateList = 1;
-diff -up rsyslog-8.2102.0/runtime/rsconf.h.orig rsyslog-8.2102.0/runtime/rsconf.h
--- rsyslog-8.2102.0/runtime/rsconf.h.orig	2023-07-14 09:33:02.575263028 +0200
-+++ rsyslog-8.2102.0/runtime/rsconf.h	2023-07-14 09:35:29.265347750 +0200
-@@ -61,6 +61,9 @@ struct queuecnf_s {
-  * be re-set as often as the user likes).
-  */
- struct globals_s {
-+#ifdef ENABLE_LIBCAPNG
-+	int bAbortOnFailedLibcapngSetup;
-+#endif
- 	int bDebugPrintTemplateList;
- 	int bDebugPrintModuleList;
- 	int bDebugPrintCfSysLineHandlerList;
 diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
--- rsyslog-8.2102.0/tools/rsyslogd.c.orig	2023-07-14 09:29:13.038130459 +0200
-+++ rsyslog-8.2102.0/tools/rsyslogd.c	2023-07-14 09:31:58.575226065 +0200
+--- rsyslog-8.2102.0/tools/rsyslogd.c.orig	2023-06-27 08:56:27.321174891 +0200
+++ rsyslog-8.2102.0/tools/rsyslogd.c	2023-06-27 08:58:17.977481782 +0200
@@ -1557,6 +1557,88 @@ initAll(int argc, char **argv)
 	resetErrMsgsFlag();
 	localRet = rsconf.Load(&ourConf, ConfFile);
 
-+#ifdef ENABLE_LIBCAPNG
+	#ifdef ENABLE_LIBCAPNG
 +	/*
 +	 * Drop capabilities to the necessary set
 +	 */
@ -143,7 +90,7 @@ diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.
 	if(fp_rs_full_conf_output != NULL) {
 		if(fp_rs_full_conf_output != stdout) {
 			fclose(fp_rs_full_conf_output);
-@@ -2147,45 +2229,6 @@ main(int argc, char **argv)
+@@ -2147,52 +2229,6 @@ main(int argc, char **argv)
 		bProcessInternalMessages = 1;
 	dbgClassInit();
 
@ -151,7 +98,7 @@ diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.
 -	/*
 -	 * Drop capabilities to the necessary set
 -	 */
-	int capng_rc;
+-	int capng_rc, capng_failed = 0;
 -	capng_clear(CAPNG_SELECT_BOTH);
 -
 -	if ((capng_rc = capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
@ -161,10 +108,9 @@ diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.
 -		CAP_LEASE,
 -		CAP_NET_ADMIN,
 -		CAP_NET_BIND_SERVICE,
+-		CAP_DAC_OVERRIDE,
 -		CAP_SETGID,
 -		CAP_SETUID,
-		CAP_DAC_OVERRIDE,
-		CAP_NET_RAW,
 -		CAP_SYS_ADMIN,
 -		CAP_SYS_CHROOT,
 -		CAP_SYS_RESOURCE,
@ -173,17 +119,25 @@ diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.
 -	)) != 0) {
 -		LogError(0, RS_RET_LIBCAPNG_ERR,
 -				"could not update the internal posix capabilities settings "
-				"based on the options passed to it, capng_updatev=%d\n", capng_rc);
-		exit(-1);
+-				"based on the options passed to it, capng_updatev=%d", capng_rc);
+-		capng_failed = 1;
 -	}
 -
 -	if ((capng_rc = capng_apply(CAPNG_SELECT_BOTH)) != 0) {
 -		LogError(0, RS_RET_LIBCAPNG_ERR,
-			"could not transfer  the  specified  internal posix  capabilities "
-			"settings to the kernel, capng_apply=%d\n", capng_rc);
-		exit(-1);
+-			"could not transfer the specified internal posix capabilities "
+-			"settings to the kernel, capng_apply=%d", capng_rc);
+-		capng_failed = 1;
+-	}
+-
+-	if (capng_failed) {
+-		DBGPRINTF("Capabilities were not dropped successfully.\n");
+-		if (loadConf->globals.bAbortOnFailedLibcapngSetup) {
+-			exit(RS_RET_LIBCAPNG_ERR);
+-		}
+-	} else {
+-		DBGPRINTF("Capabilities were dropped successfully\n");
 -	}
-	DBGPRINTF("Capabilities were dropped successfully\n");
 -#endif
 -
 	initAll(argc, argv);
--- a/SOURCES/rsyslog.conf
+++ b/SOURCES/rsyslog.conf
@ -12,19 +12,20 @@ global(workDirectory="/var/lib/rsyslog")
 # Use default timestamp format
 module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")

-# Include all config files in /etc/rsyslog.d/
-include(file="/etc/rsyslog.d/*.conf" mode="optional")
-
 #### MODULES ####

 module(load="imuxsock" 	  # provides support for local system logging (e.g. via logger command)
       SysSock.Use="off") # Turn off message reception via local log socket; 
 			  # local messages are retrieved through imjournal now.
 module(load="imjournal" 	    # provides access to the systemd journal
+       UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from
       StateFile="imjournal.state") # File to store the position in the journal
 #module(load="imklog") # reads kernel messages (the same are read from journald)
 #module(load="immark") # provides --MARK-- message capability

+# Include all config files in /etc/rsyslog.d/
+include(file="/etc/rsyslog.d/*.conf" mode="optional")
+
 # Provides UDP syslog reception
 # for parameters see http://www.rsyslog.com/doc/imudp.html
 #module(load="imudp") # needs to be done just once
--- a/SOURCES/rsyslog.service
+++ b/SOURCES/rsyslog.service
@ -1,6 +1,8 @@
 [Unit]
 Description=System Logging Service
 ;Requires=syslog.socket
+Wants=network.target network-online.target
+After=network.target network-online.target
 Documentation=man:rsyslogd(8)
 Documentation=https://www.rsyslog.com/doc/

@ -12,6 +14,18 @@ ExecReload=/usr/bin/kill -HUP $MAINPID
 UMask=0066
 StandardOutput=null
 Restart=on-failure
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictNamespaces=net
+NoNewPrivileges=yes
+ProtectControlGroups=yes
+ProtectHome=read-only
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=~@clock @debug @module @raw-io @reboot @swap @cpu-emulation @obsolete
+LockPersonality=yes
+MemoryDenyWriteExecute=yes

 # Increase the default a bit in order to allow many simultaneous
 # files to be monitored, we might need a lot of fds.
--- a/SPECS/rsyslog.spec
+++ b/SPECS/rsyslog.spec
@ -5,7 +5,7 @@
 Summary: Enhanced system logging and kernel message trapping daemon
 Name: rsyslog
 Version: 8.2102.0
-Release: 113%{?dist}.1
+Release: 117%{?dist}
 License: (GPLv3+ and ASL 2.0)
 URL: http://www.rsyslog.com/
 Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@ -16,7 +16,7 @@ Source4: rsyslog.log
 Source5: rsyslog.service
 # Add qpid-proton as another source, enable omamqp1 module in a
 # separatae sub-package with it statically linked(see rhbz#1713427)
-Source6: qpid-proton-0.34.0.tar.gz
+Source6: qpid-proton-0.39.0.tar.gz

 Patch0:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize-doc.patch
 Patch1:  rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
@ -27,7 +27,6 @@ Patch5:  rsyslog-8.2102.0-rhbz1984489-remove-abort-on-id-resolution-fail.patch
 Patch6:  rsyslog-8.2102.0-rhbz1938863-covscan.patch
 Patch7:  rsyslog-8.2102.0-rhbz2021076-prioritize-SAN.patch
 Patch8:  rsyslog-8.2102.0-rhbz2064318-errfile-maxsize.patch
-Patch9:  openssl3-compatibility.patch
 Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch
 Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch
 Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
@ -38,8 +37,19 @@ Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch
 Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch
 Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch
 Patch19: rsyslog-8.2102.0-capabilities-capnetraw.patch
-Patch20: rsyslog-8.2102.0-libcapng-no-cap-support.patch
-Patch21: rsyslog-8.2102.0-libcapng-no-cap-support2.patch
+Patch20: rsyslog-8.2102.0-rhbz2157804-cstrlen.patch
+Patch21: rsyslog-8.2102.0-rhbz2129015-journal-COMM.patch
+Patch22: rsyslog-8.2102.0-rhbz2192955-es-0.patch
+Patch23: rsyslog-8.2102.0-rhbz2192955-es-1.patch
+Patch24: rsyslog-8.2102.0-rhbz2192955-es-2.patch
+Patch25: rsyslog-8.2102.0-rhbz2192955-es-3.patch
+Patch26: rsyslog-8.2102.0-rhbz2192955-es-4.patch
+Patch27: rsyslog-8.2102.0-rhbz2192955-es-5.patch
+Patch28: rsyslog-8.2102.0-rhbz2192955-es-6.patch
+Patch29: rsyslog-8.2102.0-rhbz2192955-es-doc.patch
+Patch30: rsyslog-8.2102.0-rhbz2216919-libcapng-default.patch
+Patch31: rsyslog-8.2102.0-rhbz2216919-libcapng-no-drop.patch
+Patch32: rsyslog-8.2102.0-libcapng-no-cap-support2.patch

 BuildRequires: make
 BuildRequires: gcc
@ -295,12 +305,19 @@ mv build doc
 %patch17 -p1 -b .imklog-leak
 %patch18 -p1 -b .capabilities-drop-credential
 %patch19 -p1 -b .capabilities-capnetraw
-%patch20 -p1
-%patch21 -p1
-
-pushd ..
-%patch9 -p1 -b .openssl-compatibility
-popd
+%patch20 -p1 -b .cstrlen
+%patch21 -p1 -b .journalCOMM
+%patch22 -p1 -b .es0
+%patch23 -p1 -b .es1
+%patch24 -p1 -b .es2
+%patch25 -p1 -b .es3
+%patch26 -p1 -b .es4
+%patch27 -p1 -b .es5
+%patch28 -p1 -b .es6
+%patch29 -p1 -b .es-doc
+%patch30 -p1
+%patch31 -p1
+%patch32 -p1

 %build
 # Add additional flags as per https://one.redhat.com/rhel-developer-guide/#_what_are_the_required_flags
@ -318,7 +335,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
 %endif
 # build the proton first
 (
-	cd %{_builddir}/qpid-proton-0.34.0
+	cd %{_builddir}/qpid-proton-0.39.0
 	mkdir bld
 	cd bld

@ -350,7 +367,7 @@ autoreconf -if
 	--prefix=/usr \
 	--disable-static \
 	--disable-testbench \
-	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.34.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.34.0/bld/c/include" \
+	--enable-omamqp1 PROTON_LIBS="%{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-core-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-proactor-static.a %{_builddir}/qpid-proton-0.39.0/bld/c/libqpid-proton-static.a -lssl -lsasl2 -lcrypto" PROTON_CFLAGS="-I%{_builddir}/qpid-proton-0.39.0/bld/c/include" \
 	--enable-elasticsearch \
 	--enable-generate-man-pages \
 	--enable-gnutls \
@ -562,9 +579,33 @@ done


 %changelog
-* Fri Jul 14 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-113.1
- Do not drop capabilities if we don't have any
- resolves: rhbz#2225088
+* Fri Jul 28 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-117
+- Add back CAP_NET_RAW capability due to omudpspoof
+  resolves: rhbz#2216919
+
+* Tue Jun 27 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-116
+- libcapng: do not try to drop capabilities that are not present
+- add global libcapng.default to not abort when libcapng fails
+  resolves: rhbz#2216919
+
+* Mon May 22 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-115
+- omelasticsearch: make compatible with elasticsearch>=8
+- add new action specific parameter esversion.major
+  resolves: rhbz#2209017
+
+* Fri May 19 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-114
+- Fix wrong type conversion in cstrLen()
+  resolves: rhbz#2157805
+- imjournal: by default retrieves _PID from journal as PID number
+  resolves: rhbz#2176397
+- Systemd service file hardening
+  resolves: rhbz#2176403
+- rsyslog.conf: load imuxsock and imjournal before loading rsyslog.d
+  resolves: rhbz#2165899
+- rsyslog is now started after the network service during boot
+  resolves: rhbz#2074318
+- imjournal: add second fallback to the message identifier
+  resolves: rhbv#2129015

 * Tue Mar 07 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-113
 - Do not allow having selinux-policy < 38.1.3-1