diff --git a/SOURCES/rsyslog-8.24.0-rhbz1944717-large-group.patch b/SOURCES/rsyslog-8.24.0-rhbz1944717-large-group.patch
new file mode 100644
index 0000000..fef079e
--- /dev/null
+++ b/SOURCES/rsyslog-8.24.0-rhbz1944717-large-group.patch
@@ -0,0 +1,42 @@
+diff -up rsyslog-8.24.0/grammar/rainerscript.c.doGetGID_overflow rsyslog-8.24.0/grammar/rainerscript.c
+--- rsyslog-8.24.0/grammar/rainerscript.c.doGetGID_overflow	2021-03-30 15:56:51.605271073 +0200
++++ rsyslog-8.24.0/grammar/rainerscript.c	2021-03-30 15:59:57.758153756 +0200
+@@ -832,12 +832,27 @@ doGetGID(struct nvlst *valnode, struct c
+ {
+ 	char *cstr;
+ 	int r;
+-	struct group *resultBuf;
++	struct group *resultBuf = NULL;
+ 	struct group wrkBuf;
+-	char stringBuf[2048]; /* 2048 has been proven to be large enough */
++	char *stringBuf = NULL;
++	size_t bufSize = 1024;
++	int e;
+ 
+ 	cstr = es_str2cstr(valnode->val.d.estr, NULL);
+-	getgrnam_r(cstr, &wrkBuf, stringBuf, sizeof(stringBuf), &resultBuf);
++	do {
++		char *p;
++
++		/* Increase bufsize and try again.*/
++		bufSize *= 2;
++		p = realloc(stringBuf, bufSize);
++		if(!p) {
++			e = ENOMEM;
++			break;
++		}
++		stringBuf = p;
++		e = getgrnam_r(cstr, &wrkBuf, stringBuf, bufSize, &resultBuf);
++	} while(!resultBuf && (e == ERANGE));
++
+ 	if(resultBuf == NULL) {
+ 		parser_errmsg("parameter '%s': ID for group %s could not "
+ 		  "be found", param->name, cstr);
+@@ -849,6 +864,7 @@ doGetGID(struct nvlst *valnode, struct c
+ 		   param->name, (int) resultBuf->gr_gid, cstr);
+ 		r = 1;
+ 	}
++	free(stringBuf);
+ 	free(cstr);
+ 	return r;
+ }
diff --git a/SPECS/rsyslog.spec b/SPECS/rsyslog.spec
index b5238f5..bc176f7 100644
--- a/SPECS/rsyslog.spec
+++ b/SPECS/rsyslog.spec
@@ -14,7 +14,7 @@
 Summary: Enhanced system logging and kernel message trapping daemon
 Name: rsyslog
 Version: 8.24.0
-Release: 57%{?dist}
+Release: 57%{?dist}.1
 License: (GPLv3+ and ASL 2.0)
 Group: System Environment/Daemons
 URL: http://www.rsyslog.com/
@@ -132,6 +132,8 @@ Patch67: rsyslog-8.24.0-rhbz1806493-imfile-file_id.patch
 Patch68: rsyslog-8.24.0-rhbz1778841-serialize-crash-race.patch
 Patch69: rsyslog-8.24.0-rhbz1858297-buffer-overflow.patch
 
+Patch70: rsyslog-8.24.0-rhbz1944717-large-group.patch
+
 %package crypto
 Summary: Encryption support
 Group: System Environment/Daemons
@@ -455,6 +457,8 @@ mv build doc
 %patch68 -p1 -b .serialize_race
 %patch69 -p1 -b .overflow_sel_poll
 
+%patch70 -p1 -b .large-group-fail
+
 autoreconf 
 
 %build
@@ -713,6 +717,11 @@ done
 %{_libdir}/rsyslog/mmkubernetes.so
 
 %changelog
+* Wed Mar 31 2021 Attila Lakatos <alakatos@redhat.com> - 8.24.0-57.1
+RHEL 7.9.Z ERRATUM
+- added patch resolving theoretically "too large" groups
+  resolves:rhbz#1944717
+
 * Mon Aug 17 2020 Jiri Vymazal <jvymazal@redhat.com> - 8.24.0-57
 RHEL 7.9 ERRATUM
 - added patch resolving buffer overflows in select() function