diff --git a/SOURCES/bz1683438-fix-vrrp_script-execution.patch b/SOURCES/bz1683438-fix-vrrp_script-execution.patch new file mode 100644 index 0000000..3f8519e --- /dev/null +++ b/SOURCES/bz1683438-fix-vrrp_script-execution.patch @@ -0,0 +1,51 @@ +From 4e60fead497c9e99953dd6106c6a5869182533cc Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Thu, 9 May 2019 19:23:46 +0100 +Subject: [PATCH] Don't enclose /dev/tcp/127.0.0.1/22 in ' chars when running + as script + +RedHat identified a problem with scripts like: + vrrp_script { + script "' resolves the problem. + +Signed-off-by: Quentin Armitage +--- + lib/notify.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/lib/notify.c b/lib/notify.c +index 2f60e24c..1984bde3 100644 +--- a/lib/notify.c ++++ b/lib/notify.c +@@ -130,10 +130,18 @@ cmd_str_r(const notify_script_t *script, char *buf, size_t len) + + if (i) + *str_p++ = ' '; +- *str_p++ = '\''; ++ ++ /* Allow special case of bash script which is redirection only to ++ * test for file existence. */ ++ if (i || (script->args[i][0] != '<' && script->args[i][0] != '>')) ++ *str_p++ = '\''; ++ + strcpy(str_p, script->args[i]); + str_p += str_len; +- *str_p++ = '\''; ++ ++ /* Close opening ' if we added one */ ++ if (i || (script->args[i][0] != '<' && script->args[i][0] != '>')) ++ *str_p++ = '\''; + } + *str_p = '\0'; + +-- +2.24.1 + diff --git a/SOURCES/bz1792160-fix-fault-rename-interface.patch b/SOURCES/bz1792160-fix-fault-rename-interface.patch new file mode 100644 index 0000000..96562c7 --- /dev/null +++ b/SOURCES/bz1792160-fix-fault-rename-interface.patch @@ -0,0 +1,34 @@ +From 30eeb48b1a0737dc7443fd421fd6613e0d55fd17 Mon Sep 17 00:00:00 2001 +From: "Z. Liu" +Date: Tue, 18 Dec 2018 16:38:24 +0800 +Subject: [PATCH] Also skip route not configured with down interface + +Otherwise, if keepalived has virtual_routes configured, we create +a virtual interface and bring it up and down, current code will bring +VRRP state to FAULT and never return. + + # ip tun add test mode ipip remote 10.0.0.1 local 10.0.0.2 + # ip link set test up + # ip link set test down +--- + keepalived/vrrp/vrrp_if.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/keepalived/vrrp/vrrp_if.c b/keepalived/vrrp/vrrp_if.c +index a2087ceb..6ae2666a 100644 +--- a/keepalived/vrrp/vrrp_if.c ++++ b/keepalived/vrrp/vrrp_if.c +@@ -1051,7 +1051,9 @@ interface_down(interface_t *ifp) + /* Any route that has an oif will be tracking the interface, + * so we only need to check for routes that dont specify an + * oif */ +- if (!route->oif && route->configured_ifindex != ifp->ifindex) ++ /* Don't track route if it's not configured with this down ++ * interface. */ ++ if (!route->oif || route->configured_ifindex != ifp->ifindex) + continue; + + route->set = false; +-- +2.24.1 + diff --git a/SPECS/keepalived.spec b/SPECS/keepalived.spec index 4205027..bb6a6ef 100644 --- a/SPECS/keepalived.spec +++ b/SPECS/keepalived.spec @@ -1,6 +1,7 @@ %bcond_without snmp %bcond_without vrrp %bcond_without sha1 +%bcond_with iptables %bcond_with profile %bcond_with debug @@ -9,7 +10,7 @@ Name: keepalived Summary: High Availability monitor built upon LVS, VRRP and service pollers Version: 2.0.10 -Release: 4%{?dist}.2 +Release: 11%{?dist} License: GPLv2+ URL: http://www.keepalived.org/ Group: System Environment/Daemons @@ -23,6 +24,8 @@ Patch3: bz1688892-fix-openssl-init-config-check.patch Patch4: bz1688892-fix-openssl-init-configure.patch Patch5: bz1693706-fix-smtp-alerts-segfault.patch Patch6: bz1693706-fix-smtp_helo_name-double-free.patch +Patch7: bz1792160-fix-fault-rename-interface.patch +Patch8: bz1683438-fix-vrrp_script-execution.patch Requires(post): systemd Requires(preun): systemd @@ -31,13 +34,15 @@ Requires(postun): systemd %if %{with snmp} BuildRequires: net-snmp-devel %endif +%if %{with iptables} +BuildRequires: ipset-devel +BuildRequires: iptables-devel +%endif BuildRequires: gcc BuildRequires: automake BuildRequires: systemd-units BuildRequires: openssl-devel BuildRequires: libnl3-devel -BuildRequires: ipset-devel -BuildRequires: iptables-devel BuildRequires: libnfnetlink-devel %description @@ -62,12 +67,15 @@ infrastructures. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build %configure \ %{?with_debug:--enable-debug} \ %{?with_profile:--enable-profile} \ %{!?with_vrrp:--disable-vrrp} \ + %{!?with_iptables:--disable-libiptc --disable-ipset} \ %{?with_snmp:--enable-snmp --enable-snmp-rfc} \ %{?with_sha1:--enable-sha1} \ --with-init=systemd @@ -111,15 +119,24 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived %{_mandir}/man8/keepalived.8* %changelog -* Wed May 01 2019 Ryan O'Hara - 2.0.10-4.2 +* Tue Jun 16 2020 Ryan O'Hara - 2.0.10-11 +- Fix vrrp_script execution (#1683438) + +* Mon Feb 24 2020 Ryan O'Hara - 2.0.10-10 +- Disable libiptc/ipset (#1806642) + +* Thu Jan 30 2020 Ryan O'Hara - 2.0.10-9 +- Fix FAULT state when interface is renamed (#1792160) + +* Mon Jul 08 2019 Ryan O'Hara - 2.0.10-7 +- Add gating tests (#1682114) + +* Wed May 01 2019 Ryan O'Hara - 2.0.10-6 - Fix segfault when smtp alerts configured (#1693706) - Fix double free when smtp_helo_name copied from local_name (#1693706) -* Thu Apr 04 2019 Ryan O'Hara - 2.0.10-4.1 -- Rebuild for z-stream (#1690306) - -* Wed Mar 27 2019 Ryan O'Hara - 2.0.10-4 -- Bump release number (#1688892) +* Wed Mar 27 2019 Ryan O'Hara - 2.0.10-5 +- Bump release nummber (#1688892) * Mon Mar 18 2019 Ryan O'Hara - 2.0.10-3 - Rework fix for OpenSSL initialization segfault (#1688892)