diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..40b5b4c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/librelp-1.2.12.tar.gz
diff --git a/.librelp.metadata b/.librelp.metadata
new file mode 100644
index 0000000..4f85759
--- /dev/null
+++ b/.librelp.metadata
@@ -0,0 +1 @@
+7582992279eb63012e44208813a672a586b5ab55 SOURCES/librelp-1.2.12.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
- 
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
- 
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/librelp-1.2.12-rhbz1561232-snprintf.patch b/SOURCES/librelp-1.2.12-rhbz1561232-snprintf.patch
new file mode 100644
index 0000000..175373e
--- /dev/null
+++ b/SOURCES/librelp-1.2.12-rhbz1561232-snprintf.patch
@@ -0,0 +1,74 @@
+From 2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerhards@adiscon.com>
+Date: Tue, 20 Mar 2018 12:30:12 +0100
+Subject: [PATCH] unify error message generation
+
+---
+ src/tcp.c | 38 +++++++++++++++++++++++++++++++++-----
+ 1 file changed, 33 insertions(+), 5 deletions(-)
+
+diff --git a/src/tcp.c b/src/tcp.c
+index a587627..d2d48f5 100644
+--- a/src/tcp.c
++++ b/src/tcp.c
+@@ -1172,9 +1172,35 @@ relpTcpGetCN(relpTcp_t *pThis, gnutls_x509_crt_t cert, char *namebuf, int lenNam
+ 	return r;
+ }
+ 
++
++/* helper to consistently add names to error message buffer */
++static int
++relpTcpAddToCertNamesBuffer(relpTcp_t *const pThis,
++	char *const buf,
++	const size_t buflen,
++	int *p_currIdx,
++	const char *const certName)
++{
++	int r = 0;
++	assert(buf != NULL);
++	assert(p_currIdx != NULL);
++	const int currIdx = *p_currIdx;
++	const int n = snprintf(buf + currIdx, buflen - currIdx,
++		"DNSname: %s; ", certName);
++	if(n < 0 || n >= (int) (buflen - currIdx)) {
++		callOnAuthErr(pThis, "", "certificate validation failed, names "
++			"inside certifcate are way to long (> 32KiB)",
++			RELP_RET_AUTH_CERT_INVL);
++		r = GNUTLS_E_CERTIFICATE_ERROR;
++	} else {
++		*p_currIdx += n;
++	}
++	return r;
++}
++
+ /* Check the peer's ID in name auth mode. */
+ static int
+-relpTcpChkPeerName(relpTcp_t *pThis, gnutls_x509_crt_t cert)
++relpTcpChkPeerName(relpTcp_t *const pThis, gnutls_x509_crt_t cert)
+ {
+ 	int r = 0;
+ 	int ret;
+@@ -1213,8 +1239,9 @@ relpTcpChkPeerName(relpTcp_t *pThis, gnutls_x509_crt_t cert)
+ 			break;
+ 		else if(gnuRet == GNUTLS_SAN_DNSNAME) {
+ 			pThis->pEngine->dbgprint("librelp: subject alt dnsName: '%s'\n", szAltName);
+-			iAllNames += snprintf(allNames+iAllNames, sizeof(allNames)-iAllNames,
+-					      "DNSname: %s; ", szAltName);
++			r = relpTcpAddToCertNamesBuffer(pThis, allNames, sizeof(allNames),
++				&iAllNames, szAltName);
++			if(r != 0) goto done;
+ 			relpTcpChkOnePeerName(pThis, szAltName, &bFoundPositiveMatch);
+ 			/* do NOT break, because there may be multiple dNSName's! */
+ 		}
+@@ -1225,8 +1252,9 @@ relpTcpChkPeerName(relpTcp_t *pThis, gnutls_x509_crt_t cert)
+ 		/* if we did not succeed so far, we try the CN part of the DN... */
+ 		if(relpTcpGetCN(pThis, cert, cnBuf, sizeof(cnBuf)) == 0) {
+ 			pThis->pEngine->dbgprint("librelp: relpTcp now checking auth for CN '%s'\n", cnBuf);
+-			iAllNames += snprintf(allNames+iAllNames, sizeof(allNames)-iAllNames,
+-					      "CN: %s; ", cnBuf);
++			r = relpTcpAddToCertNamesBuffer(pThis, allNames, sizeof(allNames),
++				&iAllNames, cnBuf);
++			if(r != 0) goto done;
+ 			relpTcpChkOnePeerName(pThis, cnBuf, &bFoundPositiveMatch);
+ 		}
+ 	}
diff --git a/SPECS/librelp.spec b/SPECS/librelp.spec
new file mode 100644
index 0000000..ab80d6e
--- /dev/null
+++ b/SPECS/librelp.spec
@@ -0,0 +1,126 @@
+Summary: The Reliable Event Logging Protocol library
+Name: librelp
+Version: 1.2.12
+Release: 1%{?dist}.1
+License: GPLv3+
+Group: System Environment/Libraries
+URL: http://www.rsyslog.com/
+Source0: http://download.rsyslog.com/librelp/%{name}-%{version}.tar.gz
+Requires(post): /sbin/ldconfig
+Requires(postun): /sbin/ldconfig
+BuildRequires: gnutls-devel >= 1.4.0
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+Patch1: librelp-1.2.12-rhbz1561232-snprintf.patch
+
+%description
+Librelp is an easy to use library for the RELP protocol. RELP (stands
+for Reliable Event Logging Protocol) is a general-purpose, extensible
+logging protocol.
+
+%package devel
+Summary: Development files for the %{name} package
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+Requires: pkgconfig
+
+%description devel
+Librelp is an easy to use library for the RELP protocol. The
+librelp-devel package contains the header files and libraries needed
+to develop applications using librelp.
+
+%prep
+%setup -q
+
+%patch1 -p1 -b .snprintf
+
+%build
+%configure --disable-static
+make %{?_smp_mflags}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT
+
+rm $RPM_BUILD_ROOT/%{_libdir}/*.la
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post -p /sbin/ldconfig
+
+%postun
+if [ "$1" = "0" ] ; then
+    /sbin/ldconfig
+fi
+
+%files
+%defattr(-,root,root,-)
+%doc AUTHORS COPYING NEWS README doc/*html
+%{_libdir}/librelp.so.*
+
+%files devel
+%defattr(-,root,root)
+%{_includedir}/*
+%{_libdir}/librelp.so
+%{_libdir}/pkgconfig/relp.pc
+
+%changelog
+* Wed Mar 28 2018 Radovan Sroka <rsroka@redhat.com> 1.2.12-1.1
+- fixed bad NVR
+- resolves rhbz#1561232
+
+* Wed Mar 28 2018 Radovan Sroka <rsroka@redhat.com> 1.2.12-2
+- fixed CVE-2018-1000140
+- resolves rhbz#1561232
+
+* Mon Feb 13 2017 Radovan Sroka <rsroka@redhat.com> 1.2.12-1
+- rebase to 1.2.12
+- inevitable update due to rsyslog rebase 
+- resolves rhbz#1420716
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.2.0-3
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.2.0-2
+- Mass rebuild 2013-12-27
+
+* Wed Jul 31 2013 Tomas Heinrich <theinric@redhat.com> - 1.2.0-1
+- rebase to 1.2.0
+- add gnutls-devel to BuildRequires
+
+* Wed Apr 10 2013 Tomas Heinrich <theinric@redhat.com> - 1.0.3-1
+- rebase to 1.0.3
+
+* Thu Apr 04 2013 Tomas Heinrich <theinric@redhat.com> - 1.0.2-1
+- rebase to 1.0.2
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Nov 21 2012 Tomas Heinrich <theinric@redhat.com> - 1.0.1-1
+- upgrade to upstream version 1.0.1
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Thu Jul 15 2010 Tomas Heinrich <theinric@redhat.com> - 1.0.0-1
+- upgrade to upstream version 1.0.0
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Wed May  7 2008 Tomas Heinrich <theinric@redhat.com> 0.1.1-2
+- removed "BuildRequires: autoconf automake"
+
+* Tue Apr 29 2008 Tomas Heinrich <theinric@redhat.com> 0.1.1-1
+- initial build