diff --git a/.gitignore b/.gitignore index e8746e1..0928bfa 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/keepalived-2.0.10.tar.gz +SOURCES/keepalived-2.1.5.tar.gz diff --git a/.keepalived.metadata b/.keepalived.metadata index 027c5be..4e3f4fb 100644 --- a/.keepalived.metadata +++ b/.keepalived.metadata @@ -1 +1 @@ -c0b62f6d20a4a322e4bd67b4ae447bb842c28c4c SOURCES/keepalived-2.0.10.tar.gz +54128bc7b4f8b920028af4691be9013f25393a99 SOURCES/keepalived-2.1.5.tar.gz diff --git a/SOURCES/bz1683438-fix-vrrp_script-execution.patch b/SOURCES/bz1683438-fix-vrrp_script-execution.patch deleted file mode 100644 index 3f8519e..0000000 --- a/SOURCES/bz1683438-fix-vrrp_script-execution.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 4e60fead497c9e99953dd6106c6a5869182533cc Mon Sep 17 00:00:00 2001 -From: Quentin Armitage -Date: Thu, 9 May 2019 19:23:46 +0100 -Subject: [PATCH] Don't enclose /dev/tcp/127.0.0.1/22 in ' chars when running - as script - -RedHat identified a problem with scripts like: - vrrp_script { - script "' resolves the problem. - -Signed-off-by: Quentin Armitage ---- - lib/notify.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/lib/notify.c b/lib/notify.c -index 2f60e24c..1984bde3 100644 ---- a/lib/notify.c -+++ b/lib/notify.c -@@ -130,10 +130,18 @@ cmd_str_r(const notify_script_t *script, char *buf, size_t len) - - if (i) - *str_p++ = ' '; -- *str_p++ = '\''; -+ -+ /* Allow special case of bash script which is redirection only to -+ * test for file existence. */ -+ if (i || (script->args[i][0] != '<' && script->args[i][0] != '>')) -+ *str_p++ = '\''; -+ - strcpy(str_p, script->args[i]); - str_p += str_len; -- *str_p++ = '\''; -+ -+ /* Close opening ' if we added one */ -+ if (i || (script->args[i][0] != '<' && script->args[i][0] != '>')) -+ *str_p++ = '\''; - } - *str_p = '\0'; - --- -2.24.1 - diff --git a/SOURCES/bz1688892-fix-openssl-init-config-check.patch b/SOURCES/bz1688892-fix-openssl-init-config-check.patch deleted file mode 100644 index b77f498..0000000 --- a/SOURCES/bz1688892-fix-openssl-init-config-check.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 1f2b558da9f631a635e9b099b455696b1903bee4 Mon Sep 17 00:00:00 2001 -From: Quentin Armitage -Date: Fri, 15 Mar 2019 00:12:19 +0000 -Subject: [PATCH 3/3] Fix some configure tested checks for OPENSSL_init_crypto - -Signed-off-by: Quentin Armitage ---- - genhash/ssl.c | 6 +++--- - keepalived/check/check_ssl.c | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/genhash/ssl.c b/genhash/ssl.c -index 96f51201..0574675a 100644 ---- a/genhash/ssl.c -+++ b/genhash/ssl.c -@@ -44,7 +44,7 @@ void - init_ssl(void) - { - /* Library initialization */ --#if HAVE_OPENSSL_INIT_CRYPTO -+#ifdef HAVE_OPENSSL_INIT_CRYPTO - #ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG - /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails. - * It works in v1.1.0h and v1.1.1b. -@@ -59,7 +59,7 @@ init_ssl(void) - #endif - - /* Initialize SSL context */ --#if HAVE_TLS_METHOD -+#ifdef HAVE_TLS_METHOD - req->meth = TLS_method(); - #else - req->meth = SSLv23_method(); -@@ -123,7 +123,7 @@ ssl_connect(thread_t * thread) - } - - BIO_set_nbio(sock_obj->bio, 1); /* Set the Non-Blocking flag */ --#if HAVE_SSL_SET0_RBIO -+#ifdef HAVE_SSL_SET0_RBIO - BIO_up_ref(sock_obj->bio); - SSL_set0_rbio(sock_obj->ssl, sock_obj->bio); - SSL_set0_wbio(sock_obj->ssl, sock_obj->bio); -diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c -index 2743ea87..58061b91 100644 ---- a/keepalived/check/check_ssl.c -+++ b/keepalived/check/check_ssl.c -@@ -68,7 +68,7 @@ build_ssl_ctx(void) - ssl_data_t *ssl; - - /* Library initialization */ --#if HAVE_OPENSSL_INIT_CRYPTO -+#ifdef HAVE_OPENSSL_INIT_CRYPTO - #ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG - /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails. - * It works in v1.1.0h and v1.1.1b. -@@ -88,7 +88,7 @@ build_ssl_ctx(void) - ssl = check_data->ssl; - - /* Initialize SSL context */ --#if HAVE_TLS_METHOD -+#ifdef HAVE_TLS_METHOD - ssl->meth = TLS_method(); - #else - ssl->meth = SSLv23_method(); -@@ -226,7 +226,7 @@ ssl_connect(thread_t * thread, int new_req) - - BIO_get_fd(req->bio, &bio_fd); - fcntl(bio_fd, F_SETFD, fcntl(bio_fd, F_GETFD) | FD_CLOEXEC); --#if HAVE_SSL_SET0_RBIO -+#ifdef HAVE_SSL_SET0_RBIO - BIO_up_ref(req->bio); - SSL_set0_rbio(req->ssl, req->bio); - SSL_set0_wbio(req->ssl, req->bio); --- -2.20.1 - diff --git a/SOURCES/bz1688892-fix-openssl-init-configure.patch b/SOURCES/bz1688892-fix-openssl-init-configure.patch deleted file mode 100644 index 43ec64b..0000000 --- a/SOURCES/bz1688892-fix-openssl-init-configure.patch +++ /dev/null @@ -1,409 +0,0 @@ ---- a/configure 2018-11-12 13:40:33.000000000 -0600 -+++ b/configure 2019-03-18 11:29:03.305427768 -0500 -@@ -730,7 +730,6 @@ - AMDEPBACKSLASH - AMDEP_FALSE - AMDEP_TRUE --am__quote - am__include - DEPDIR - OBJEXT -@@ -790,7 +789,6 @@ - docdir - oldincludedir - includedir --runstatedir - localstatedir - sharedstatedir - sysconfdir -@@ -809,7 +807,8 @@ - PACKAGE_TARNAME - PACKAGE_NAME - PATH_SEPARATOR --SHELL' -+SHELL -+am__quote' - ac_subst_files='' - ac_user_opts=' - enable_option_checking -@@ -925,7 +924,6 @@ - sysconfdir='${prefix}/etc' - sharedstatedir='${prefix}/com' - localstatedir='${prefix}/var' --runstatedir='${localstatedir}/run' - includedir='${prefix}/include' - oldincludedir='/usr/include' - docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' -@@ -1178,15 +1176,6 @@ - | -silent | --silent | --silen | --sile | --sil) - silent=yes ;; - -- -runstatedir | --runstatedir | --runstatedi | --runstated \ -- | --runstate | --runstat | --runsta | --runst | --runs \ -- | --run | --ru | --r) -- ac_prev=runstatedir ;; -- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ -- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ -- | --run=* | --ru=* | --r=*) -- runstatedir=$ac_optarg ;; -- - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) - ac_prev=sbindir ;; - -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ -@@ -1324,7 +1313,7 @@ - for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ - datadir sysconfdir sharedstatedir localstatedir includedir \ - oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ -- libdir localedir mandir runstatedir -+ libdir localedir mandir - do - eval ac_val=\$$ac_var - # Remove trailing slashes. -@@ -1477,7 +1466,6 @@ - --sysconfdir=DIR read-only single-machine data [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] - --localstatedir=DIR modifiable single-machine data [PREFIX/var] -- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] - --libdir=DIR object code libraries [EPREFIX/lib] - --includedir=DIR C header files [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc [/usr/include] -@@ -2689,7 +2677,7 @@ - ac_compiler_gnu=$ac_cv_c_compiler_gnu - - --am__api_version='1.15' -+am__api_version='1.16' - - ac_aux_dir= - for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do -@@ -3234,8 +3222,8 @@ - - # For better backward compatibility. To be removed once Automake 1.9.x - # dies out for good. For more background, see: --# --# -+# -+# - mkdir_p='$(MKDIR_P)' - - # We need awk for the "check" target (and possibly the TAP driver). The -@@ -3286,7 +3274,7 @@ - Aborting the configuration process, to ensure you take notice of the issue. - - You can download and install GNU coreutils to get an 'rm' implementation --that behaves properly: . -+that behaves properly: . - - If you want to complete the configuration process using your problematic - 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM -@@ -4650,45 +4638,45 @@ - - ac_config_commands="$ac_config_commands depfiles" - -- --am_make=${MAKE-make} --cat > confinc << 'END' -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 -+$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } -+cat > confinc.mk << 'END' - am__doit: -- @echo this is the am__doit target -+ @echo this is the am__doit target >confinc.out - .PHONY: am__doit - END --# If we don't find an include directive, just comment out the code. --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 --$as_echo_n "checking for style of include used by $am_make... " >&6; } - am__include="#" - am__quote= --_am_result=none --# First try GNU make style include. --echo "include confinc" > confmf --# Ignore all kinds of additional output from 'make'. --case `$am_make -s -f confmf 2> /dev/null` in #( --*the\ am__doit\ target*) -- am__include=include -- am__quote= -- _am_result=GNU -- ;; --esac --# Now try BSD make style include. --if test "$am__include" = "#"; then -- echo '.include "confinc"' > confmf -- case `$am_make -s -f confmf 2> /dev/null` in #( -- *the\ am__doit\ target*) -- am__include=.include -- am__quote="\"" -- _am_result=BSD -+# BSD make does it like this. -+echo '.include "confinc.mk" # ignored' > confmf.BSD -+# Other make implementations (GNU, Solaris 10, AIX) do it like this. -+echo 'include confinc.mk # ignored' > confmf.GNU -+_am_result=no -+for s in GNU BSD; do -+ { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5 -+ (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); } -+ case $?:`cat confinc.out 2>/dev/null` in #( -+ '0:this is the am__doit target') : -+ case $s in #( -+ BSD) : -+ am__include='.include' am__quote='"' ;; #( -+ *) : -+ am__include='include' am__quote='' ;; -+esac ;; #( -+ *) : - ;; -- esac --fi -- -- --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 --$as_echo "$_am_result" >&6; } --rm -f confinc confmf -+esac -+ if test "$am__include" != "#"; then -+ _am_result="yes ($s style)" -+ break -+ fi -+done -+rm -f confinc.* confmf.* -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 -+$as_echo "${_am_result}" >&6; } - - # Check whether --enable-dependency-tracking was given. - if test "${enable_dependency_tracking+set}" = set; then : -@@ -7506,8 +7494,8 @@ - done - - --# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0 --for ac_func in SSL_set0_rbio OPENSSL_init_crypto -+# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 -+for ac_func in SSL_set0_rbio OPENSSL_init_crypto TLS_method - do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` - ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -@@ -7520,19 +7508,62 @@ - done - - --# TLS_method() introduced OpenSSL v1.1.0 --for ac_func in TLS_method --do : -- ac_fn_c_check_func "$LINENO" "TLS_method" "ac_cv_func_TLS_method" --if test "x$ac_cv_func_TLS_method" = xyes; then : -- cat >>confdefs.h <<_ACEOF --#define HAVE_TLS_METHOD 1 --_ACEOF -+# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with -+# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. -+if test .$ac_cv_func_OPENSSL_init_crypto = .yes; then : - -+ if test .$ac_cv_func_TLS_method = .yes; then : -+ method_func=TLS_method -+else -+ method_func=SSLv23_method - fi --done -+ if test "$cross_compiling" = yes; then : -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&5 -+$as_echo "$as_me: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&2;} -+ openssl_init_no_load_bug=1 -+ -+ -+else -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include -+int -+main () -+{ -+ -+ const SSL_METHOD *meth; -+ SSL_CTX *ctx; -+ -+ if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) -+ return 1; - -+ /* Initialize SSL context */ -+ meth = $method_func(); -+ if (!(ctx = SSL_CTX_new(meth))) -+ return 1; -+ return 0; - -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_run "$LINENO"; then : -+ openssl_init_no_load_bug=0 -+else -+ openssl_init_no_load_bug=1 -+fi -+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ -+ conftest.$ac_objext conftest.beam conftest.$ac_ext -+fi -+ -+ if test $openssl_init_no_load_bug -eq 1; then : -+ -+$as_echo "#define HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG 1 " >>confdefs.h -+ -+fi -+ -+fi - unset LIBS - - if test $BUILD_GENHASH = No; then -@@ -12695,7 +12726,7 @@ - # - # INIT-COMMANDS - # --AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" -+AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}" - - _ACEOF - -@@ -13322,29 +13353,35 @@ - # Older Autoconf quotes --file arguments for eval, but not when files - # are listed without --file. Let's play safe and only enable the eval - # if we detect the quoting. -- case $CONFIG_FILES in -- *\'*) eval set x "$CONFIG_FILES" ;; -- *) set x $CONFIG_FILES ;; -- esac -+ # TODO: see whether this extra hack can be removed once we start -+ # requiring Autoconf 2.70 or later. -+ case $CONFIG_FILES in #( -+ *\'*) : -+ eval set x "$CONFIG_FILES" ;; #( -+ *) : -+ set x $CONFIG_FILES ;; #( -+ *) : -+ ;; -+esac - shift -- for mf -+ # Used to flag and report bootstrapping failures. -+ am_rc=0 -+ for am_mf - do - # Strip MF so we end up with the name of the file. -- mf=`echo "$mf" | sed -e 's/:.*$//'` -- # Check whether this is an Automake generated Makefile or not. -- # We used to match only the files named 'Makefile.in', but -- # some people rename them; so instead we look at the file content. -- # Grep'ing the first line is not enough: some people post-process -- # each Makefile.in and add a new line on top of each file to say so. -- # Grep'ing the whole file is not good either: AIX grep has a line -+ am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` -+ # Check whether this is an Automake generated Makefile which includes -+ # dependency-tracking related rules and includes. -+ # Grep'ing the whole file directly is not great: AIX grep has a line - # limit of 2048, but all sed's we know have understand at least 4000. -- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then -- dirpart=`$as_dirname -- "$mf" || --$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -- X"$mf" : 'X\(//\)[^/]' \| \ -- X"$mf" : 'X\(//\)$' \| \ -- X"$mf" : 'X\(/\)' \| . 2>/dev/null || --$as_echo X"$mf" | -+ sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ -+ || continue -+ am_dirpart=`$as_dirname -- "$am_mf" || -+$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$am_mf" : 'X\(//\)[^/]' \| \ -+ X"$am_mf" : 'X\(//\)$' \| \ -+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || -+$as_echo X"$am_mf" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q -@@ -13362,53 +13399,48 @@ - q - } - s/.*/./; q'` -- else -- continue -- fi -- # Extract the definition of DEPDIR, am__include, and am__quote -- # from the Makefile without running 'make'. -- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` -- test -z "$DEPDIR" && continue -- am__include=`sed -n 's/^am__include = //p' < "$mf"` -- test -z "$am__include" && continue -- am__quote=`sed -n 's/^am__quote = //p' < "$mf"` -- # Find all dependency output files, they are included files with -- # $(DEPDIR) in their names. We invoke sed twice because it is the -- # simplest approach to changing $(DEPDIR) to its actual value in the -- # expansion. -- for file in `sed -n " -- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ -- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do -- # Make sure the directory exists. -- test -f "$dirpart/$file" && continue -- fdir=`$as_dirname -- "$file" || --$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -- X"$file" : 'X\(//\)[^/]' \| \ -- X"$file" : 'X\(//\)$' \| \ -- X"$file" : 'X\(/\)' \| . 2>/dev/null || --$as_echo X"$file" | -- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)[^/].*/{ -+ am_filepart=`$as_basename -- "$am_mf" || -+$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ -+ X"$am_mf" : 'X\(//\)$' \| \ -+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || -+$as_echo X/"$am_mf" | -+ sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } -- /^X\(\/\/\)$/{ -+ /^X\/\(\/\/\)$/{ - s//\1/ - q - } -- /^X\(\/\).*/{ -+ /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` -- as_dir=$dirpart/$fdir; as_fn_mkdir_p -- # echo "creating $dirpart/$file" -- echo '# dummy' > "$dirpart/$file" -- done -+ { echo "$as_me:$LINENO: cd "$am_dirpart" \ -+ && sed -e '/# am--include-marker/d' "$am_filepart" \ -+ | $MAKE -f - am--depfiles" >&5 -+ (cd "$am_dirpart" \ -+ && sed -e '/# am--include-marker/d' "$am_filepart" \ -+ | $MAKE -f - am--depfiles) >&5 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); } || am_rc=$? - done -+ if test $am_rc -ne 0; then -+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "Something went wrong bootstrapping makefile fragments -+ for automatic dependency tracking. Try re-running configure with the -+ '--disable-dependency-tracking' option to at least be able to build -+ the package (albeit without support for automatic dependency tracking). -+See \`config.log' for more details" "$LINENO" 5; } -+ fi -+ { am_dirpart=; unset am_dirpart;} -+ { am_filepart=; unset am_filepart;} -+ { am_mf=; unset am_mf;} -+ { am_rc=; unset am_rc;} -+ rm -f conftest-deps.mk - } - ;; - diff --git a/SOURCES/bz1688892-fix-openssl-init-failure.patch b/SOURCES/bz1688892-fix-openssl-init-failure.patch deleted file mode 100644 index 4a8f64a..0000000 --- a/SOURCES/bz1688892-fix-openssl-init-failure.patch +++ /dev/null @@ -1,81 +0,0 @@ -From aeec0e2cda5c440fdd3c5bea20ed7567bea540e1 Mon Sep 17 00:00:00 2001 -From: Quentin Armitage -Date: Tue, 12 Mar 2019 14:58:38 +0000 -Subject: [PATCH 1/3] Fix OpenSSL init failure with OpenSSL v1.1.1 - -OpenSSL v1.1.1, but not v1.1.0h or v1.1.1b failed in SSL_CTX_new() -if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) had previously -been called. - -This commit doesn't call OPENSSL_init_crypto() if doing so causes -SSL_CTX_new() to fail. - -Signed-off-by: Quentin Armitage ---- - configure.ac | 30 ++++++++++++++++++++++++++++++ - keepalived/check/check_ssl.c | 6 ++++++ - 2 files changed, 36 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 89399ca3..504b9b92 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -819,6 +819,36 @@ AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto]) - # TLS_method() introduced OpenSSL v1.1.0 - AC_CHECK_FUNCS([TLS_method]) - -+# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with -+# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. -+AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes], -+ [ -+ AC_RUN_IFELSE( -+ [AC_LANG_PROGRAM( -+ [[#include ]], -+ [[ -+ const SSL_METHOD *meth; -+ SSL_CTX *ctx; -+ -+ if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) -+ return 1; -+ -+ /* Initialize SSL context */ -+ meth = TLS_method(); -+ if (!(ctx = SSL_CTX_new(meth))) -+ return 1; -+ return 0; -+ ]])], -+ [openssl_init_no_load_bug=0], -+ [openssl_init_no_load_bug=1], -+ [ -+ AC_MSG_WARN([Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety.]) -+ openssl_init_no_load_bug=1 -+ ] -+ ) -+ AS_IF([test $openssl_init_no_load_bug -eq 1], -+ [AC_DEFINE([HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG], [ 1 ], [Define to 1 if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) bug)])]) -+ ]) - unset LIBS - - if test $BUILD_GENHASH = No; then -diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c -index 6bf6a005..2743ea87 100644 ---- a/keepalived/check/check_ssl.c -+++ b/keepalived/check/check_ssl.c -@@ -69,8 +69,14 @@ build_ssl_ctx(void) - - /* Library initialization */ - #if HAVE_OPENSSL_INIT_CRYPTO -+#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG -+ /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails. -+ * It works in v1.1.0h and v1.1.1b. -+ * It transpires that it works without setting NO_LOAD_CONFIG, but it is -+ * presumably more efficient not to load it. */ - if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) - log_message(LOG_INFO, "OPENSSL_init_crypto failed"); -+#endif - #else - SSL_library_init(); - SSL_load_error_strings(); --- -2.20.1 - diff --git a/SOURCES/bz1688892-fix-openssl-init-genhash.patch b/SOURCES/bz1688892-fix-openssl-init-genhash.patch deleted file mode 100644 index a9251f3..0000000 --- a/SOURCES/bz1688892-fix-openssl-init-genhash.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 5e1a2130340ea4fabc4095b412c8b3836d112828 Mon Sep 17 00:00:00 2001 -From: Quentin Armitage -Date: Wed, 13 Mar 2019 09:46:27 +0000 -Subject: [PATCH 2/3] Fix genhash re OPENSSL_init_crypto bug and improve - configure.ac - -Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't -update the identical code in genhash/ssl.c. Also, an improvement for -the test in configure.ac was suggested. - -Signed-off-by: Quentin Armitage ---- - configure.ac | 12 +++++------- - genhash/ssl.c | 6 ++++++ - 2 files changed, 11 insertions(+), 7 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 504b9b92..c964a11e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -813,16 +813,14 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - # SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a - AC_CHECK_FUNCS([SSL_CTX_set_verify_depth]) - --# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0 --AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto]) -- --# TLS_method() introduced OpenSSL v1.1.0 --AC_CHECK_FUNCS([TLS_method]) -+# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 -+AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method]) - - # In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with - # OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. --AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes], -+AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes], - [ -+ AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM( - [[#include ]], -@@ -834,7 +832,7 @@ AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = - return 1; - - /* Initialize SSL context */ -- meth = TLS_method(); -+ meth = $method_func(); - if (!(ctx = SSL_CTX_new(meth))) - return 1; - return 0; -diff --git a/genhash/ssl.c b/genhash/ssl.c -index 8e9162c8..96f51201 100644 ---- a/genhash/ssl.c -+++ b/genhash/ssl.c -@@ -45,8 +45,14 @@ init_ssl(void) - { - /* Library initialization */ - #if HAVE_OPENSSL_INIT_CRYPTO -+#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG -+ /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails. -+ * It works in v1.1.0h and v1.1.1b. -+ * It transpires that it works without setting NO_LOAD_CONFIG, but it is -+ * presumably more efficient not to load it. */ - if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) - fprintf(stderr, "OPENSSL_init_crypto failed\n"); -+#endif - #else - SSL_library_init(); - SSL_load_error_strings(); --- -2.20.1 - diff --git a/SOURCES/bz1693706-fix-smtp-alerts-segfault.patch b/SOURCES/bz1693706-fix-smtp-alerts-segfault.patch deleted file mode 100644 index 35da553..0000000 --- a/SOURCES/bz1693706-fix-smtp-alerts-segfault.patch +++ /dev/null @@ -1,26 +0,0 @@ -From fdb1739356f723a4e9e4f8b52c37d193a3a5c6e3 Mon Sep 17 00:00:00 2001 -From: Quentin Armitage -Date: Tue, 27 Nov 2018 10:57:37 +0000 -Subject: [PATCH] Fix segfault when smtp alerts configured - -Signed-off-by: Quentin Armitage ---- - keepalived/core/global_data.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/keepalived/core/global_data.c b/keepalived/core/global_data.c -index 6e872dcf..cd381d9b 100644 ---- a/keepalived/core/global_data.c -+++ b/keepalived/core/global_data.c -@@ -253,7 +253,7 @@ init_global_data(data_t * data, data_t *old_global_data) - if (!data->smtp_connection_to) - set_default_smtp_connection_timeout(data); - -- if (strcmp(data->local_name, unknown_name)) { -+ if (data->local_name && strcmp(data->local_name, unknown_name)) { - if (!data->email_from) - set_default_email_from(data, data->local_name); - --- -2.20.1 - diff --git a/SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch b/SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch deleted file mode 100644 index 43d1c0b..0000000 --- a/SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e91583fb20b584621dd48031bef68279945f7aa6 Mon Sep 17 00:00:00 2001 -From: Quentin Armitage -Date: Tue, 20 Nov 2018 13:03:55 +0000 -Subject: [PATCH] Fix double free when global data smtp_helo_name copied from - local_name - -Issue #1071 identified a double free fault. It occurred when smtp_helo_name -was not set, in which case it was set to point to the same malloc'd memory -as local_name. At termination keepalived freed both local_name and -smtp_helo_name. - -If keepalived needs to use local_name for smtp_helo_name it now malloc's -aadditional memory to copy the string into. - -Signed-off-by: Quentin Armitage ---- - keepalived/core/global_data.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/keepalived/core/global_data.c b/keepalived/core/global_data.c -index cd381d9b..be9fecbd 100644 ---- a/keepalived/core/global_data.c -+++ b/keepalived/core/global_data.c -@@ -257,8 +257,10 @@ init_global_data(data_t * data, data_t *old_global_data) - if (!data->email_from) - set_default_email_from(data, data->local_name); - -- if (!data->smtp_helo_name) -- data->smtp_helo_name = data->local_name; -+ if (!data->smtp_helo_name) { -+ data->smtp_helo_name = MALLOC(strlen(data->local_name) + 1); -+ strcpy(data->smtp_helo_name, data->local_name); -+ } - } - } - --- -2.20.1 - diff --git a/SOURCES/bz1792160-fix-fault-rename-interface.patch b/SOURCES/bz1792160-fix-fault-rename-interface.patch deleted file mode 100644 index 96562c7..0000000 --- a/SOURCES/bz1792160-fix-fault-rename-interface.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 30eeb48b1a0737dc7443fd421fd6613e0d55fd17 Mon Sep 17 00:00:00 2001 -From: "Z. Liu" -Date: Tue, 18 Dec 2018 16:38:24 +0800 -Subject: [PATCH] Also skip route not configured with down interface - -Otherwise, if keepalived has virtual_routes configured, we create -a virtual interface and bring it up and down, current code will bring -VRRP state to FAULT and never return. - - # ip tun add test mode ipip remote 10.0.0.1 local 10.0.0.2 - # ip link set test up - # ip link set test down ---- - keepalived/vrrp/vrrp_if.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/keepalived/vrrp/vrrp_if.c b/keepalived/vrrp/vrrp_if.c -index a2087ceb..6ae2666a 100644 ---- a/keepalived/vrrp/vrrp_if.c -+++ b/keepalived/vrrp/vrrp_if.c -@@ -1051,7 +1051,9 @@ interface_down(interface_t *ifp) - /* Any route that has an oif will be tracking the interface, - * so we only need to check for routes that dont specify an - * oif */ -- if (!route->oif && route->configured_ifindex != ifp->ifindex) -+ /* Don't track route if it's not configured with this down -+ * interface. */ -+ if (!route->oif || route->configured_ifindex != ifp->ifindex) - continue; - - route->set = false; --- -2.24.1 - diff --git a/SPECS/keepalived.spec b/SPECS/keepalived.spec index bb6a6ef..b719d6c 100644 --- a/SPECS/keepalived.spec +++ b/SPECS/keepalived.spec @@ -9,8 +9,8 @@ Name: keepalived Summary: High Availability monitor built upon LVS, VRRP and service pollers -Version: 2.0.10 -Release: 11%{?dist} +Version: 2.1.5 +Release: 6%{?dist} License: GPLv2+ URL: http://www.keepalived.org/ Group: System Environment/Daemons @@ -18,15 +18,6 @@ Group: System Environment/Daemons Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz Source1: keepalived.service -Patch1: bz1688892-fix-openssl-init-failure.patch -Patch2: bz1688892-fix-openssl-init-genhash.patch -Patch3: bz1688892-fix-openssl-init-config-check.patch -Patch4: bz1688892-fix-openssl-init-configure.patch -Patch5: bz1693706-fix-smtp-alerts-segfault.patch -Patch6: bz1693706-fix-smtp_helo_name-double-free.patch -Patch7: bz1792160-fix-fault-rename-interface.patch -Patch8: bz1683438-fix-vrrp_script-execution.patch - Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -61,14 +52,6 @@ infrastructures. %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 %build %configure \ @@ -119,6 +102,13 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived %{_mandir}/man8/keepalived.8* %changelog +* Tue Dec 15 2020 Ryan O'Hara - 2.1.5-6 +- Fix changelog + +* Tue Oct 20 2020 Ryan O'Hara - 2.1.5-5 +- Update to 2.1.5 (#1889440) +- Fix intermittent child lost messages (#1868077) + * Tue Jun 16 2020 Ryan O'Hara - 2.0.10-11 - Fix vrrp_script execution (#1683438)