From 6a7e4c72f66bf5b1b952627764c0aa7fe8e592ab Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 23 2020 22:23:50 +0000 Subject: import keepalived-2.0.10-10.el8 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e8746e1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/keepalived-2.0.10.tar.gz diff --git a/.keepalived.metadata b/.keepalived.metadata new file mode 100644 index 0000000..027c5be --- /dev/null +++ b/.keepalived.metadata @@ -0,0 +1 @@ +c0b62f6d20a4a322e4bd67b4ae447bb842c28c4c SOURCES/keepalived-2.0.10.tar.gz diff --git a/SOURCES/bz1688892-fix-openssl-init-config-check.patch b/SOURCES/bz1688892-fix-openssl-init-config-check.patch new file mode 100644 index 0000000..b77f498 --- /dev/null +++ b/SOURCES/bz1688892-fix-openssl-init-config-check.patch @@ -0,0 +1,76 @@ +From 1f2b558da9f631a635e9b099b455696b1903bee4 Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Fri, 15 Mar 2019 00:12:19 +0000 +Subject: [PATCH 3/3] Fix some configure tested checks for OPENSSL_init_crypto + +Signed-off-by: Quentin Armitage +--- + genhash/ssl.c | 6 +++--- + keepalived/check/check_ssl.c | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/genhash/ssl.c b/genhash/ssl.c +index 96f51201..0574675a 100644 +--- a/genhash/ssl.c ++++ b/genhash/ssl.c +@@ -44,7 +44,7 @@ void + init_ssl(void) + { + /* Library initialization */ +-#if HAVE_OPENSSL_INIT_CRYPTO ++#ifdef HAVE_OPENSSL_INIT_CRYPTO + #ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG + /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails. + * It works in v1.1.0h and v1.1.1b. +@@ -59,7 +59,7 @@ init_ssl(void) + #endif + + /* Initialize SSL context */ +-#if HAVE_TLS_METHOD ++#ifdef HAVE_TLS_METHOD + req->meth = TLS_method(); + #else + req->meth = SSLv23_method(); +@@ -123,7 +123,7 @@ ssl_connect(thread_t * thread) + } + + BIO_set_nbio(sock_obj->bio, 1); /* Set the Non-Blocking flag */ +-#if HAVE_SSL_SET0_RBIO ++#ifdef HAVE_SSL_SET0_RBIO + BIO_up_ref(sock_obj->bio); + SSL_set0_rbio(sock_obj->ssl, sock_obj->bio); + SSL_set0_wbio(sock_obj->ssl, sock_obj->bio); +diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c +index 2743ea87..58061b91 100644 +--- a/keepalived/check/check_ssl.c ++++ b/keepalived/check/check_ssl.c +@@ -68,7 +68,7 @@ build_ssl_ctx(void) + ssl_data_t *ssl; + + /* Library initialization */ +-#if HAVE_OPENSSL_INIT_CRYPTO ++#ifdef HAVE_OPENSSL_INIT_CRYPTO + #ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG + /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails. + * It works in v1.1.0h and v1.1.1b. +@@ -88,7 +88,7 @@ build_ssl_ctx(void) + ssl = check_data->ssl; + + /* Initialize SSL context */ +-#if HAVE_TLS_METHOD ++#ifdef HAVE_TLS_METHOD + ssl->meth = TLS_method(); + #else + ssl->meth = SSLv23_method(); +@@ -226,7 +226,7 @@ ssl_connect(thread_t * thread, int new_req) + + BIO_get_fd(req->bio, &bio_fd); + fcntl(bio_fd, F_SETFD, fcntl(bio_fd, F_GETFD) | FD_CLOEXEC); +-#if HAVE_SSL_SET0_RBIO ++#ifdef HAVE_SSL_SET0_RBIO + BIO_up_ref(req->bio); + SSL_set0_rbio(req->ssl, req->bio); + SSL_set0_wbio(req->ssl, req->bio); +-- +2.20.1 + diff --git a/SOURCES/bz1688892-fix-openssl-init-configure.patch b/SOURCES/bz1688892-fix-openssl-init-configure.patch new file mode 100644 index 0000000..43ec64b --- /dev/null +++ b/SOURCES/bz1688892-fix-openssl-init-configure.patch @@ -0,0 +1,409 @@ +--- a/configure 2018-11-12 13:40:33.000000000 -0600 ++++ b/configure 2019-03-18 11:29:03.305427768 -0500 +@@ -730,7 +730,6 @@ + AMDEPBACKSLASH + AMDEP_FALSE + AMDEP_TRUE +-am__quote + am__include + DEPDIR + OBJEXT +@@ -790,7 +789,6 @@ + docdir + oldincludedir + includedir +-runstatedir + localstatedir + sharedstatedir + sysconfdir +@@ -809,7 +807,8 @@ + PACKAGE_TARNAME + PACKAGE_NAME + PATH_SEPARATOR +-SHELL' ++SHELL ++am__quote' + ac_subst_files='' + ac_user_opts=' + enable_option_checking +@@ -925,7 +924,6 @@ + sysconfdir='${prefix}/etc' + sharedstatedir='${prefix}/com' + localstatedir='${prefix}/var' +-runstatedir='${localstatedir}/run' + includedir='${prefix}/include' + oldincludedir='/usr/include' + docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +@@ -1178,15 +1176,6 @@ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + +- -runstatedir | --runstatedir | --runstatedi | --runstated \ +- | --runstate | --runstat | --runsta | --runst | --runs \ +- | --run | --ru | --r) +- ac_prev=runstatedir ;; +- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ +- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ +- | --run=* | --ru=* | --r=*) +- runstatedir=$ac_optarg ;; +- + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ +@@ -1324,7 +1313,7 @@ + for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ +- libdir localedir mandir runstatedir ++ libdir localedir mandir + do + eval ac_val=\$$ac_var + # Remove trailing slashes. +@@ -1477,7 +1466,6 @@ + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] +- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] +@@ -2689,7 +2677,7 @@ + ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +-am__api_version='1.15' ++am__api_version='1.16' + + ac_aux_dir= + for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do +@@ -3234,8 +3222,8 @@ + + # For better backward compatibility. To be removed once Automake 1.9.x + # dies out for good. For more background, see: +-# +-# ++# ++# + mkdir_p='$(MKDIR_P)' + + # We need awk for the "check" target (and possibly the TAP driver). The +@@ -3286,7 +3274,7 @@ + Aborting the configuration process, to ensure you take notice of the issue. + + You can download and install GNU coreutils to get an 'rm' implementation +-that behaves properly: . ++that behaves properly: . + + If you want to complete the configuration process using your problematic + 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +@@ -4650,45 +4638,45 @@ + + ac_config_commands="$ac_config_commands depfiles" + +- +-am_make=${MAKE-make} +-cat > confinc << 'END' ++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 ++$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } ++cat > confinc.mk << 'END' + am__doit: +- @echo this is the am__doit target ++ @echo this is the am__doit target >confinc.out + .PHONY: am__doit + END +-# If we don't find an include directive, just comment out the code. +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 +-$as_echo_n "checking for style of include used by $am_make... " >&6; } + am__include="#" + am__quote= +-_am_result=none +-# First try GNU make style include. +-echo "include confinc" > confmf +-# Ignore all kinds of additional output from 'make'. +-case `$am_make -s -f confmf 2> /dev/null` in #( +-*the\ am__doit\ target*) +- am__include=include +- am__quote= +- _am_result=GNU +- ;; +-esac +-# Now try BSD make style include. +-if test "$am__include" = "#"; then +- echo '.include "confinc"' > confmf +- case `$am_make -s -f confmf 2> /dev/null` in #( +- *the\ am__doit\ target*) +- am__include=.include +- am__quote="\"" +- _am_result=BSD ++# BSD make does it like this. ++echo '.include "confinc.mk" # ignored' > confmf.BSD ++# Other make implementations (GNU, Solaris 10, AIX) do it like this. ++echo 'include confinc.mk # ignored' > confmf.GNU ++_am_result=no ++for s in GNU BSD; do ++ { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5 ++ (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } ++ case $?:`cat confinc.out 2>/dev/null` in #( ++ '0:this is the am__doit target') : ++ case $s in #( ++ BSD) : ++ am__include='.include' am__quote='"' ;; #( ++ *) : ++ am__include='include' am__quote='' ;; ++esac ;; #( ++ *) : + ;; +- esac +-fi +- +- +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 +-$as_echo "$_am_result" >&6; } +-rm -f confinc confmf ++esac ++ if test "$am__include" != "#"; then ++ _am_result="yes ($s style)" ++ break ++ fi ++done ++rm -f confinc.* confmf.* ++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 ++$as_echo "${_am_result}" >&6; } + + # Check whether --enable-dependency-tracking was given. + if test "${enable_dependency_tracking+set}" = set; then : +@@ -7506,8 +7494,8 @@ + done + + +-# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0 +-for ac_func in SSL_set0_rbio OPENSSL_init_crypto ++# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 ++for ac_func in SSL_set0_rbio OPENSSL_init_crypto TLS_method + do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +@@ -7520,19 +7508,62 @@ + done + + +-# TLS_method() introduced OpenSSL v1.1.0 +-for ac_func in TLS_method +-do : +- ac_fn_c_check_func "$LINENO" "TLS_method" "ac_cv_func_TLS_method" +-if test "x$ac_cv_func_TLS_method" = xyes; then : +- cat >>confdefs.h <<_ACEOF +-#define HAVE_TLS_METHOD 1 +-_ACEOF ++# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with ++# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. ++if test .$ac_cv_func_OPENSSL_init_crypto = .yes; then : + ++ if test .$ac_cv_func_TLS_method = .yes; then : ++ method_func=TLS_method ++else ++ method_func=SSLv23_method + fi +-done ++ if test "$cross_compiling" = yes; then : ++ ++ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&5 ++$as_echo "$as_me: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&2;} ++ openssl_init_no_load_bug=1 ++ ++ ++else ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++#include ++int ++main () ++{ ++ ++ const SSL_METHOD *meth; ++ SSL_CTX *ctx; ++ ++ if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) ++ return 1; + ++ /* Initialize SSL context */ ++ meth = $method_func(); ++ if (!(ctx = SSL_CTX_new(meth))) ++ return 1; ++ return 0; + ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_run "$LINENO"; then : ++ openssl_init_no_load_bug=0 ++else ++ openssl_init_no_load_bug=1 ++fi ++rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ ++ conftest.$ac_objext conftest.beam conftest.$ac_ext ++fi ++ ++ if test $openssl_init_no_load_bug -eq 1; then : ++ ++$as_echo "#define HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG 1 " >>confdefs.h ++ ++fi ++ ++fi + unset LIBS + + if test $BUILD_GENHASH = No; then +@@ -12695,7 +12726,7 @@ + # + # INIT-COMMANDS + # +-AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" ++AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}" + + _ACEOF + +@@ -13322,29 +13353,35 @@ + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. +- case $CONFIG_FILES in +- *\'*) eval set x "$CONFIG_FILES" ;; +- *) set x $CONFIG_FILES ;; +- esac ++ # TODO: see whether this extra hack can be removed once we start ++ # requiring Autoconf 2.70 or later. ++ case $CONFIG_FILES in #( ++ *\'*) : ++ eval set x "$CONFIG_FILES" ;; #( ++ *) : ++ set x $CONFIG_FILES ;; #( ++ *) : ++ ;; ++esac + shift +- for mf ++ # Used to flag and report bootstrapping failures. ++ am_rc=0 ++ for am_mf + do + # Strip MF so we end up with the name of the file. +- mf=`echo "$mf" | sed -e 's/:.*$//'` +- # Check whether this is an Automake generated Makefile or not. +- # We used to match only the files named 'Makefile.in', but +- # some people rename them; so instead we look at the file content. +- # Grep'ing the first line is not enough: some people post-process +- # each Makefile.in and add a new line on top of each file to say so. +- # Grep'ing the whole file is not good either: AIX grep has a line ++ am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` ++ # Check whether this is an Automake generated Makefile which includes ++ # dependency-tracking related rules and includes. ++ # Grep'ing the whole file directly is not great: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. +- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then +- dirpart=`$as_dirname -- "$mf" || +-$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ +- X"$mf" : 'X\(//\)[^/]' \| \ +- X"$mf" : 'X\(//\)$' \| \ +- X"$mf" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X"$mf" | ++ sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ ++ || continue ++ am_dirpart=`$as_dirname -- "$am_mf" || ++$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$am_mf" : 'X\(//\)[^/]' \| \ ++ X"$am_mf" : 'X\(//\)$' \| \ ++ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || ++$as_echo X"$am_mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q +@@ -13362,53 +13399,48 @@ + q + } + s/.*/./; q'` +- else +- continue +- fi +- # Extract the definition of DEPDIR, am__include, and am__quote +- # from the Makefile without running 'make'. +- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` +- test -z "$DEPDIR" && continue +- am__include=`sed -n 's/^am__include = //p' < "$mf"` +- test -z "$am__include" && continue +- am__quote=`sed -n 's/^am__quote = //p' < "$mf"` +- # Find all dependency output files, they are included files with +- # $(DEPDIR) in their names. We invoke sed twice because it is the +- # simplest approach to changing $(DEPDIR) to its actual value in the +- # expansion. +- for file in `sed -n " +- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ +- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do +- # Make sure the directory exists. +- test -f "$dirpart/$file" && continue +- fdir=`$as_dirname -- "$file" || +-$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ +- X"$file" : 'X\(//\)[^/]' \| \ +- X"$file" : 'X\(//\)$' \| \ +- X"$file" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X"$file" | +- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ +- s//\1/ +- q +- } +- /^X\(\/\/\)[^/].*/{ ++ am_filepart=`$as_basename -- "$am_mf" || ++$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ ++ X"$am_mf" : 'X\(//\)$' \| \ ++ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || ++$as_echo X/"$am_mf" | ++ sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } +- /^X\(\/\/\)$/{ ++ /^X\/\(\/\/\)$/{ + s//\1/ + q + } +- /^X\(\/\).*/{ ++ /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` +- as_dir=$dirpart/$fdir; as_fn_mkdir_p +- # echo "creating $dirpart/$file" +- echo '# dummy' > "$dirpart/$file" +- done ++ { echo "$as_me:$LINENO: cd "$am_dirpart" \ ++ && sed -e '/# am--include-marker/d' "$am_filepart" \ ++ | $MAKE -f - am--depfiles" >&5 ++ (cd "$am_dirpart" \ ++ && sed -e '/# am--include-marker/d' "$am_filepart" \ ++ | $MAKE -f - am--depfiles) >&5 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } || am_rc=$? + done ++ if test $am_rc -ne 0; then ++ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++as_fn_error $? "Something went wrong bootstrapping makefile fragments ++ for automatic dependency tracking. Try re-running configure with the ++ '--disable-dependency-tracking' option to at least be able to build ++ the package (albeit without support for automatic dependency tracking). ++See \`config.log' for more details" "$LINENO" 5; } ++ fi ++ { am_dirpart=; unset am_dirpart;} ++ { am_filepart=; unset am_filepart;} ++ { am_mf=; unset am_mf;} ++ { am_rc=; unset am_rc;} ++ rm -f conftest-deps.mk + } + ;; + diff --git a/SOURCES/bz1688892-fix-openssl-init-failure.patch b/SOURCES/bz1688892-fix-openssl-init-failure.patch new file mode 100644 index 0000000..4a8f64a --- /dev/null +++ b/SOURCES/bz1688892-fix-openssl-init-failure.patch @@ -0,0 +1,81 @@ +From aeec0e2cda5c440fdd3c5bea20ed7567bea540e1 Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Tue, 12 Mar 2019 14:58:38 +0000 +Subject: [PATCH 1/3] Fix OpenSSL init failure with OpenSSL v1.1.1 + +OpenSSL v1.1.1, but not v1.1.0h or v1.1.1b failed in SSL_CTX_new() +if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) had previously +been called. + +This commit doesn't call OPENSSL_init_crypto() if doing so causes +SSL_CTX_new() to fail. + +Signed-off-by: Quentin Armitage +--- + configure.ac | 30 ++++++++++++++++++++++++++++++ + keepalived/check/check_ssl.c | 6 ++++++ + 2 files changed, 36 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 89399ca3..504b9b92 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -819,6 +819,36 @@ AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto]) + # TLS_method() introduced OpenSSL v1.1.0 + AC_CHECK_FUNCS([TLS_method]) + ++# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with ++# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. ++AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes], ++ [ ++ AC_RUN_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ]], ++ [[ ++ const SSL_METHOD *meth; ++ SSL_CTX *ctx; ++ ++ if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) ++ return 1; ++ ++ /* Initialize SSL context */ ++ meth = TLS_method(); ++ if (!(ctx = SSL_CTX_new(meth))) ++ return 1; ++ return 0; ++ ]])], ++ [openssl_init_no_load_bug=0], ++ [openssl_init_no_load_bug=1], ++ [ ++ AC_MSG_WARN([Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety.]) ++ openssl_init_no_load_bug=1 ++ ] ++ ) ++ AS_IF([test $openssl_init_no_load_bug -eq 1], ++ [AC_DEFINE([HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG], [ 1 ], [Define to 1 if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) bug)])]) ++ ]) + unset LIBS + + if test $BUILD_GENHASH = No; then +diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c +index 6bf6a005..2743ea87 100644 +--- a/keepalived/check/check_ssl.c ++++ b/keepalived/check/check_ssl.c +@@ -69,8 +69,14 @@ build_ssl_ctx(void) + + /* Library initialization */ + #if HAVE_OPENSSL_INIT_CRYPTO ++#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG ++ /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails. ++ * It works in v1.1.0h and v1.1.1b. ++ * It transpires that it works without setting NO_LOAD_CONFIG, but it is ++ * presumably more efficient not to load it. */ + if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) + log_message(LOG_INFO, "OPENSSL_init_crypto failed"); ++#endif + #else + SSL_library_init(); + SSL_load_error_strings(); +-- +2.20.1 + diff --git a/SOURCES/bz1688892-fix-openssl-init-genhash.patch b/SOURCES/bz1688892-fix-openssl-init-genhash.patch new file mode 100644 index 0000000..a9251f3 --- /dev/null +++ b/SOURCES/bz1688892-fix-openssl-init-genhash.patch @@ -0,0 +1,72 @@ +From 5e1a2130340ea4fabc4095b412c8b3836d112828 Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Wed, 13 Mar 2019 09:46:27 +0000 +Subject: [PATCH 2/3] Fix genhash re OPENSSL_init_crypto bug and improve + configure.ac + +Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't +update the identical code in genhash/ssl.c. Also, an improvement for +the test in configure.ac was suggested. + +Signed-off-by: Quentin Armitage +--- + configure.ac | 12 +++++------- + genhash/ssl.c | 6 ++++++ + 2 files changed, 11 insertions(+), 7 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 504b9b92..c964a11e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -813,16 +813,14 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + # SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a + AC_CHECK_FUNCS([SSL_CTX_set_verify_depth]) + +-# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0 +-AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto]) +- +-# TLS_method() introduced OpenSSL v1.1.0 +-AC_CHECK_FUNCS([TLS_method]) ++# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 ++AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method]) + + # In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with + # OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. +-AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes], ++AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes], + [ ++ AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], +@@ -834,7 +832,7 @@ AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = + return 1; + + /* Initialize SSL context */ +- meth = TLS_method(); ++ meth = $method_func(); + if (!(ctx = SSL_CTX_new(meth))) + return 1; + return 0; +diff --git a/genhash/ssl.c b/genhash/ssl.c +index 8e9162c8..96f51201 100644 +--- a/genhash/ssl.c ++++ b/genhash/ssl.c +@@ -45,8 +45,14 @@ init_ssl(void) + { + /* Library initialization */ + #if HAVE_OPENSSL_INIT_CRYPTO ++#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG ++ /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails. ++ * It works in v1.1.0h and v1.1.1b. ++ * It transpires that it works without setting NO_LOAD_CONFIG, but it is ++ * presumably more efficient not to load it. */ + if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) + fprintf(stderr, "OPENSSL_init_crypto failed\n"); ++#endif + #else + SSL_library_init(); + SSL_load_error_strings(); +-- +2.20.1 + diff --git a/SOURCES/bz1693706-fix-smtp-alerts-segfault.patch b/SOURCES/bz1693706-fix-smtp-alerts-segfault.patch new file mode 100644 index 0000000..35da553 --- /dev/null +++ b/SOURCES/bz1693706-fix-smtp-alerts-segfault.patch @@ -0,0 +1,26 @@ +From fdb1739356f723a4e9e4f8b52c37d193a3a5c6e3 Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Tue, 27 Nov 2018 10:57:37 +0000 +Subject: [PATCH] Fix segfault when smtp alerts configured + +Signed-off-by: Quentin Armitage +--- + keepalived/core/global_data.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/keepalived/core/global_data.c b/keepalived/core/global_data.c +index 6e872dcf..cd381d9b 100644 +--- a/keepalived/core/global_data.c ++++ b/keepalived/core/global_data.c +@@ -253,7 +253,7 @@ init_global_data(data_t * data, data_t *old_global_data) + if (!data->smtp_connection_to) + set_default_smtp_connection_timeout(data); + +- if (strcmp(data->local_name, unknown_name)) { ++ if (data->local_name && strcmp(data->local_name, unknown_name)) { + if (!data->email_from) + set_default_email_from(data, data->local_name); + +-- +2.20.1 + diff --git a/SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch b/SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch new file mode 100644 index 0000000..43d1c0b --- /dev/null +++ b/SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch @@ -0,0 +1,39 @@ +From e91583fb20b584621dd48031bef68279945f7aa6 Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Tue, 20 Nov 2018 13:03:55 +0000 +Subject: [PATCH] Fix double free when global data smtp_helo_name copied from + local_name + +Issue #1071 identified a double free fault. It occurred when smtp_helo_name +was not set, in which case it was set to point to the same malloc'd memory +as local_name. At termination keepalived freed both local_name and +smtp_helo_name. + +If keepalived needs to use local_name for smtp_helo_name it now malloc's +aadditional memory to copy the string into. + +Signed-off-by: Quentin Armitage +--- + keepalived/core/global_data.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/keepalived/core/global_data.c b/keepalived/core/global_data.c +index cd381d9b..be9fecbd 100644 +--- a/keepalived/core/global_data.c ++++ b/keepalived/core/global_data.c +@@ -257,8 +257,10 @@ init_global_data(data_t * data, data_t *old_global_data) + if (!data->email_from) + set_default_email_from(data, data->local_name); + +- if (!data->smtp_helo_name) +- data->smtp_helo_name = data->local_name; ++ if (!data->smtp_helo_name) { ++ data->smtp_helo_name = MALLOC(strlen(data->local_name) + 1); ++ strcpy(data->smtp_helo_name, data->local_name); ++ } + } + } + +-- +2.20.1 + diff --git a/SOURCES/bz1792160-fix-fault-rename-interface.patch b/SOURCES/bz1792160-fix-fault-rename-interface.patch new file mode 100644 index 0000000..96562c7 --- /dev/null +++ b/SOURCES/bz1792160-fix-fault-rename-interface.patch @@ -0,0 +1,34 @@ +From 30eeb48b1a0737dc7443fd421fd6613e0d55fd17 Mon Sep 17 00:00:00 2001 +From: "Z. Liu" +Date: Tue, 18 Dec 2018 16:38:24 +0800 +Subject: [PATCH] Also skip route not configured with down interface + +Otherwise, if keepalived has virtual_routes configured, we create +a virtual interface and bring it up and down, current code will bring +VRRP state to FAULT and never return. + + # ip tun add test mode ipip remote 10.0.0.1 local 10.0.0.2 + # ip link set test up + # ip link set test down +--- + keepalived/vrrp/vrrp_if.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/keepalived/vrrp/vrrp_if.c b/keepalived/vrrp/vrrp_if.c +index a2087ceb..6ae2666a 100644 +--- a/keepalived/vrrp/vrrp_if.c ++++ b/keepalived/vrrp/vrrp_if.c +@@ -1051,7 +1051,9 @@ interface_down(interface_t *ifp) + /* Any route that has an oif will be tracking the interface, + * so we only need to check for routes that dont specify an + * oif */ +- if (!route->oif && route->configured_ifindex != ifp->ifindex) ++ /* Don't track route if it's not configured with this down ++ * interface. */ ++ if (!route->oif || route->configured_ifindex != ifp->ifindex) + continue; + + route->set = false; +-- +2.24.1 + diff --git a/SOURCES/keepalived.service b/SOURCES/keepalived.service new file mode 100644 index 0000000..64c5d3f --- /dev/null +++ b/SOURCES/keepalived.service @@ -0,0 +1,15 @@ +[Unit] +Description=LVS and VRRP High Availability Monitor +After=network-online.target syslog.target +Wants=network-online.target + +[Service] +Type=forking +PIDFile=/var/run/keepalived.pid +KillMode=process +EnvironmentFile=-/etc/sysconfig/keepalived +ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/keepalived.spec b/SPECS/keepalived.spec new file mode 100644 index 0000000..94792e0 --- /dev/null +++ b/SPECS/keepalived.spec @@ -0,0 +1,508 @@ +%bcond_without snmp +%bcond_without vrrp +%bcond_without sha1 +%bcond_with iptables +%bcond_with profile +%bcond_with debug + +%global _hardened_build 1 + +Name: keepalived +Summary: High Availability monitor built upon LVS, VRRP and service pollers +Version: 2.0.10 +Release: 10%{?dist} +License: GPLv2+ +URL: http://www.keepalived.org/ +Group: System Environment/Daemons + +Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz +Source1: keepalived.service + +Patch1: bz1688892-fix-openssl-init-failure.patch +Patch2: bz1688892-fix-openssl-init-genhash.patch +Patch3: bz1688892-fix-openssl-init-config-check.patch +Patch4: bz1688892-fix-openssl-init-configure.patch +Patch5: bz1693706-fix-smtp-alerts-segfault.patch +Patch6: bz1693706-fix-smtp_helo_name-double-free.patch +Patch7: bz1792160-fix-fault-rename-interface.patch + +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%if %{with snmp} +BuildRequires: net-snmp-devel +%endif +%if %{with iptables} +BuildRequires: ipset-devel +BuildRequires: iptables-devel +%endif +BuildRequires: gcc +BuildRequires: automake +BuildRequires: systemd-units +BuildRequires: openssl-devel +BuildRequires: libnl3-devel +BuildRequires: libnfnetlink-devel + +%description +Keepalived provides simple and robust facilities for load balancing +and high availability to Linux system and Linux based infrastructures. +The load balancing framework relies on well-known and widely used +Linux Virtual Server (IPVS) kernel module providing Layer4 load +balancing. Keepalived implements a set of checkers to dynamically and +adaptively maintain and manage load-balanced server pool according +their health. High availability is achieved by VRRP protocol. VRRP is +a fundamental brick for router failover. In addition, keepalived +implements a set of hooks to the VRRP finite state machine providing +low-level and high-speed protocol interactions. Keepalived frameworks +can be used independently or all together to provide resilient +infrastructures. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 + +%build +%configure \ + %{?with_debug:--enable-debug} \ + %{?with_profile:--enable-profile} \ + %{!?with_vrrp:--disable-vrrp} \ + %{!?with_iptables:--disable-libiptc --disable-ipset} \ + %{?with_snmp:--enable-snmp --enable-snmp-rfc} \ + %{?with_sha1:--enable-sha1} \ + --with-init=systemd +%{__make} %{?_smp_mflags} STRIP=/bin/true + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} +rm -rf %{buildroot}%{_initrddir}/ +rm -rf %{buildroot}%{_sysconfdir}/keepalived/samples/ +%{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/keepalived.service +mkdir -p %{buildroot}%{_libexecdir}/keepalived + +%post +%systemd_post keepalived.service + +%preun +%systemd_preun keepalived.service + +%postun +%systemd_postun_with_restart keepalived.service + +%files +%defattr(-,root,root,-) +%attr(0755,root,root) %{_sbindir}/keepalived +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/keepalived +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/keepalived/keepalived.conf +%doc AUTHOR ChangeLog CONTRIBUTORS COPYING README TODO +%doc doc/keepalived.conf.SYNOPSIS doc/samples/keepalived.conf.* +%dir %{_sysconfdir}/keepalived/ +%dir %{_libexecdir}/keepalived/ +%if %{with snmp} +%{_datadir}/snmp/mibs/KEEPALIVED-MIB.txt +%{_datadir}/snmp/mibs/VRRP-MIB.txt +%{_datadir}/snmp/mibs/VRRPv3-MIB.txt +%endif +%{_bindir}/genhash +%{_unitdir}/keepalived.service +%{_mandir}/man1/genhash.1* +%{_mandir}/man5/keepalived.conf.5* +%{_mandir}/man8/keepalived.8* + +%changelog +* Mon Feb 24 2020 Ryan O'Hara - 2.0.10-10 +- Disable libiptc/ipset (#1806642) + +* Thu Jan 30 2020 Ryan O'Hara - 2.0.10-9 +- Fix FAULT state when interface is renamed (#1792160) + +* Mon Jul 08 2019 Ryan O'Hara - 2.0.10-7 +- Add gating tests (#1682114) + +* Wed May 01 2019 Ryan O'Hara - 2.0.10-6 +- Fix segfault when smtp alerts configured (#1693706) +- Fix double free when smtp_helo_name copied from local_name (#1693706) + +* Wed Mar 27 2019 Ryan O'Hara - 2.0.10-5 +- Bump release nummber (#1688892) + +* Mon Mar 18 2019 Ryan O'Hara - 2.0.10-3 +- Rework fix for OpenSSL initialization segfault (#1688892) + +* Fri Mar 15 2019 Ryan O'Hara - 2.0.10-2 +- Fix OpenSSL initialization segfault (#1688892) + +* Mon Nov 26 2018 Ryan O'Hara - 2.0.10-1 +- Update to 2.0.10 (#1631816) + +* Mon Oct 08 2018 Ryan O'Hara - 2.0.7-2 +- Remove BuildRequires for ipset-devel + +* Tue Oct 02 2018 Ryan O'Hara - 2.0.7-1 +- Update to 2.0.7 (#1631816) + +* Thu Aug 09 2018 Josef Ridky - 2.0.6-2 +- Rebuild for Net-SNMP + +* Wed Jul 25 2018 Ryan O'Hara - 2.0.6-1 +- Update to 2.0.6 + +* Tue Jul 03 2018 Ryan O'Hara - 2.0.5-1 +- Update to 2.0.5 + +* Thu Apr 19 2018 Ryan O'Hara - 1.4.3-1 +- Update to 1.4.3 (#1565388) + +* Wed Mar 07 2018 Ryan O'Hara - 1.4.2-1 +- Update to 1.4.2 (#1539269) + +* Mon Jan 29 2018 Ryan O'Hara - 1.4.1-1 +- Update to 1.4.1 (#1539269) + +* Fri Jan 05 2018 Ryan O'Hara - 1.4.0-1 +- Update to 1.4.0 (#1529802) + +* Wed Oct 25 2017 Ryan O'Hara - 1.3.9-1 +- Update to 1.3.9 (#1497576) + +* Mon Sep 11 2017 Ryan O'Hara - 1.3.6-1 +- Update to 1.3.6 (#1481471) + +* Thu Aug 03 2017 Fedora Release Engineering - 1.3.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.3.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sun Mar 26 2017 Ryan O'Hara - 1.3.5-1 +- Update to 1.3.5 (#1422063) + +* Sun Feb 05 2017 Kalev Lember - 1.3.2-2 +- Rebuilt for libxtables soname bump + +* Mon Nov 28 2016 Ryan O'Hara - 1.3.2-1 +- Update to 1.3.2 (#1396857) + +* Fri Sep 16 2016 Ryan O'Hara - 1.2.24-3 +- Add BuildRequires for iptables-devel (#1361686) + +* Fri Sep 16 2016 Ryan O'Hara - 1.2.24-2 +- Fix configure script + +* Thu Sep 15 2016 Ryan O'Hara - 1.2.24-1 +- Update to 1.2.24 (#1376254) + +* Wed Jul 13 2016 Ryan O'Hara - 1.2.23-1 +- Update to 1.2.23 (#1354696) + +* Wed Jun 15 2016 Ryan O'Hara - 1.2.22-1 +- Update to 1.2.22 (#1346509) + +* Tue Jun 14 2016 Ryan O'Hara - 1.2.21-3 +- Remove net-snmp U64 typedef + +* Fri Jun 03 2016 Ryan O'Hara - 1.2.21-2 +- Remove unnecessary BuildRequires (#1327873) + +* Fri Jun 03 2016 Ryan O'Hara - 1.2.21-1 +- Update to 1.2.21 (#1341372) + +* Sun Apr 10 2016 Ryan O'Hara - 1.2.20-2 +- Install VRRP MIB + +* Mon Apr 04 2016 Ryan O'Hara - 1.2.20-1 +- Update to 1.2.20 (#1323526) + +* Thu Feb 04 2016 Fedora Release Engineering - 1.2.19-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Sat Jan 23 2016 Ryan O'Hara - 1.2.19-3 +- Add PIDFile to systemd unit file (#1280437) + +* Wed Jul 29 2015 Zbigniew Jędrzejewski-Szmek - 1.2.19-2 +- Rebuilt for rpm 4.12.90 + +* Wed Jul 15 2015 Ryan O'Hara - 1.2.19-1 +- Update to 1.2.19 (#1240863) + +* Wed Jul 01 2015 Ryan O'Hara - 1.2.18-1 +- Update to 1.2.18 (#1237377) + +* Tue Jun 23 2015 Ryan O'Hara - 1.2.17-5 +- Revert patch that changed VRRP notify scripts to list (#1232073) + +* Wed Jun 17 2015 Ryan O'Hara - 1.2.17-4 +- Fix multiple VRRP instances with same interface (#1232408) + +* Wed Jun 17 2015 Fedora Release Engineering - 1.2.17-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Jun 01 2015 Ryan O'Hara - 1.2.17-2 +- Add VRRP MIB file + +* Mon Jun 01 2015 Ryan O'Hara - 1.2.17-1 +- Update to 1.2.17 + +* Wed Apr 01 2015 Ryan O'Hara - 1.2.16-1 +- Update to 1.2.16 + +* Wed Mar 18 2015 Ryan O'Hara - 1.2.15-3 +- Revert previous preempt extension (#1202584) + +* Tue Jan 13 2015 Ryan O'Hara - 1.2.15-2 +- Depend on network-online.target systemd unit (#1181097) + +* Tue Dec 23 2014 Ryan O'Hara - 1.2.15-1 +- Update to 1.2.15 + +* Tue Dec 16 2014 Ryan O'Hara - 1.2.14-1 +- Update to 1.2.14 + +* Tue Oct 28 2014 Ryan O'Hara - 1.2.13-4 +- Create /usr/libexec/keepalived directory (#1158113) + +* Sat Aug 16 2014 Fedora Release Engineering - 1.2.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 1.2.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 13 2014 Ryan O'Hara - 1.2.13-1 +- Update to 1.2.13 + +* Mon Feb 10 2014 Ryan O'Hara - 1.2.12-1 +- Update to 1.2.12 + +* Mon Feb 03 2014 Ryan O'Hara - 1.2.11-1 +- Update to 1.2.11 + +* Mon Jan 13 2014 Ryan O'Hara - 1.2.10-1 +- Update to 1.2.10 + +* Mon Nov 11 2013 Ryan O'Hara - 1.2.9-1 +- Update to 1.2.9. + +* Thu Sep 19 2013 Ryan O'Hara - 1.2.8-2 +- Bump release and rebuild. + +* Thu Sep 05 2013 Ryan O'Hara - 1.2.8-1 +- Update to 1.2.8. + +* Mon Aug 19 2013 Ryan O'Hara - 1.2.7-10 +- Add To header for SMTP alerts (#967641) + +* Sat Aug 03 2013 Fedora Release Engineering - 1.2.7-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 22 2013 Ryan O'Hara - 1.2.7-8 +- Fix macro in keepalived.conf.5 man page. + +* Mon Jul 22 2013 Ryan O'Hara - 1.2.7-7 +- Fix systemd requirements. + +* Mon Jul 22 2013 Ryan O'Hara - 1.2.7-6 +- Install the systemd unit file, not the init script. + +* Mon Apr 22 2013 Ryan O'Hara - 1.2.7-5 +- Build with PIE flags (#955150) + +* Thu Feb 14 2013 Fedora Release Engineering - 1.2.7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 2 2013 Ryan O'Hara - 1.2.7-3 +- Update spec file. +- Add option to prevent respawn of child processes. +- Remove duplicate command-line option code. +- Use popt to generate usage message. +- Fix pointer arithmetic for VRRP packets. +- Fix comparison of primary IP address. +- Fix loading of SSL certificate. +- Fix typo in error message. +- Update FSF address in GPLv2 license. +- Remove debug message from if_get_by_ifname. + +* Mon Sep 24 2012 Václav Pavlín - 1.2.7-2 +- Scriptlets replaced with new systemd macros (#850173). + +* Tue Sep 04 2012 Ryan O'Hara - 1.2.7-1 +- Update to 1.2.7. +- Fix systemd service file (#769726). + +* Mon Aug 20 2012 Ryan O'Hara - 1.2.6-1 +- Update to 1.2.6. + +* Tue Aug 14 2012 Ryan O'Hara - 1.2.5-2 +- Install KEEPALIVED-MIB as KEEPALIVED-MIB.txt. + +* Mon Aug 13 2012 Ryan O'Hara - 1.2.5-1 +- Update to 1.2.5. + +* Wed Aug 01 2012 Ryan O'Hara - 1.2.4-1 +- Update to 1.2.4. + +* Mon Jul 23 2012 Ryan O'Hara - 1.2.3-1 +- Update to 1.2.3. + +* Thu Jul 19 2012 Fedora Release Engineering - 1.2.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue May 08 2012 Ryan O'Hara - 1.2.2-5 +- Fix IPv4 address comparison (#768119). + +* Fri Jan 13 2012 Fedora Release Engineering - 1.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Sep 19 2011 Tom Callaway - 1.2.2-3 +- convert to systemd +- fix ip_vs.h path searching in configure + +* Tue Jul 12 2011 Matthias Saou 1.2.2-2 +- Build against libnl for Fedora. RHEL's libnl is too old. + +* Sat May 21 2011 Matthias Saou 1.2.2-1 +- Update to 1.2.2. + +* Mon Feb 07 2011 Fedora Release Engineering - 1.1.20-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Jan 16 2011 Dan Horák 1.1.20-2 +- exclude arches where we don't provide 32-bit kernel + +* Tue Jan 11 2011 Matthias Saou 1.2.1-1 +- Update to 1.2.1, now with IPv6 support. + +* Sun May 23 2010 Matthias Saou 1.1.20-1 +- Update to 1.1.20 (#589923). +- Update BR conditional for RHEL6. +- No longer include goodies/arpreset.pl, it's gone from the sources. + +* Tue Dec 8 2009 Matthias Saou 1.1.19-3 +- Update init script to have keepalived start after the local MTA (#526512). +- Simplify the kernel source detection, to avoid running rpm from rpmbuild. + +* Tue Nov 24 2009 Matthias Saou 1.1.19-2 +- Include patch to remove obsolete -k option to modprobe (#528465). + +* Wed Oct 21 2009 Matthias Saou 1.1.19-1 +- Update to 1.1.19. + +* Fri Aug 21 2009 Tomas Mraz - 1.1.17-3 +- rebuilt with new openssl + +* Fri Jul 24 2009 Fedora Release Engineering - 1.1.17-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sun Apr 12 2009 Matthias Saou 1.1.17-1 +- Update to 1.1.17. +- Update init script all the way. + +* Wed Feb 25 2009 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Jan 17 2009 Tomas Mraz 1.1.15-7 +- rebuild with new openssl + +* Mon Dec 22 2008 Matthias Saou 1.1.15-6 +- Fork the init script to be (mostly for now) LSB compliant (#246966). + +* Thu Apr 24 2008 Matthias Saou 1.1.15-5 +- Add glob to the kerneldir location, since it contains the arch for F9+. + +* Tue Feb 19 2008 Fedora Release Engineering +- Autorebuild for GCC 4.3 + +* Wed Dec 05 2007 Release Engineering +- Rebuild for deps + +* Mon Oct 22 2007 Matthias Saou 1.1.15-2 +- Update to latest upstream sources, identical except for the included spec. + +* Mon Sep 17 2007 Matthias Saou 1.1.15-1 +- Update to 1.1.15. +- Remove merged genhashman and include patches. + +* Fri Sep 14 2007 Matthias Saou 1.1.14-2 +- Include patch from Shinji Tanaka to fix conf include from inside some + directives like vrrp_instance. + +* Thu Sep 13 2007 Matthias Saou 1.1.14-1 +- Update to 1.1.14. +- Remove all upstreamed patches. +- Remove our init script and sysconfig files, use the same now provided by the + upstream package (will need to patch for LSB stuff soonish). +- Include new goodies/arpreset.pl in %%doc. +- Add missing scriplet requirements. + +* Wed Aug 22 2007 Matthias Saou 1.1.13-8 +- Rebuild for new BuildID feature. + +* Sun Aug 5 2007 Matthias Saou 1.1.13-7 +- Update License field. + +* Mon Mar 26 2007 Matthias Saou 1.1.13-6 +- Fix doc/samples/sample.misccheck.smbcheck.sh mode (600 -> 644). + +* Thu Mar 22 2007 Matthias Saou 1.1.13-5 +- Include types patch to fix compile on F7 (David Woodhouse). +- Fix up file modes (main binary 700 -> 755 and config 600 -> 640). + +* Tue Feb 13 2007 Matthias Saou 1.1.13-4 +- Add missing \n to the kernel define, for when multiple kernels are installed. +- Pass STRIP=/bin/true to "make" in order to get a useful debuginfo package. + +* Tue Feb 13 2007 Matthias Saou 1.1.13-3 +- Add %%check section to make sure any build without LVS support will fail. + +* Mon Feb 5 2007 Matthias Saou 1.1.13-2 +- Use our own init script, include a sysconfig entry used by it for options. + +* Thu Jan 25 2007 Matthias Saou 1.1.13-1 +- Update to 1.1.13. +- Change mode of configuration file to 0600. +- Don't include all of "doc" since it meant re-including all man pages. +- Don't include samples in the main configuration path, they're in %%doc. +- Include patch to add an optional label to interfaces. + +* Sat Apr 08 2006 Dries Verachtert - 1.1.12-1.2 +- Rebuild for Fedora Core 5. + +* Sun Mar 12 2006 Dag Wieers - 1.1.12-1 +- Updated to release 1.1.12. + +* Fri Mar 04 2005 Dag Wieers - 1.1.11-1 +- Updated to release 1.1.11. + +* Wed Feb 23 2005 Dag Wieers - 1.1.10-2 +- Fixed IPVS/LVS support. (Joe Sauer) + +* Tue Feb 15 2005 Dag Wieers - 1.1.10-1 +- Updated to release 1.1.10. + +* Mon Feb 07 2005 Dag Wieers - 1.1.9-1 +- Updated to release 1.1.9. + +* Sun Oct 17 2004 Dag Wieers - 1.1.7-2 +- Fixes to build with kernel IPVS support. (Tim Verhoeven) + +* Fri Sep 24 2004 Dag Wieers - 1.1.7-1 +- Updated to release 1.1.7. (Mathieu Lubrano) + +* Mon Feb 23 2004 Dag Wieers - 1.1.6-0 +- Updated to release 1.1.6. + +* Mon Jan 26 2004 Dag Wieers - 1.1.5-0 +- Updated to release 1.1.5. + +* Mon Dec 29 2003 Dag Wieers - 1.1.4-0 +- Updated to release 1.1.4. + +* Fri Jun 06 2003 Dag Wieers - 1.0.3-0 +- Initial package. (using DAR) +