diff --git a/.gitignore b/.gitignore
index e8746e1..0928bfa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/keepalived-2.0.10.tar.gz
+SOURCES/keepalived-2.1.5.tar.gz
diff --git a/.keepalived.metadata b/.keepalived.metadata
index 027c5be..4e3f4fb 100644
--- a/.keepalived.metadata
+++ b/.keepalived.metadata
@@ -1 +1 @@
-c0b62f6d20a4a322e4bd67b4ae447bb842c28c4c SOURCES/keepalived-2.0.10.tar.gz
+54128bc7b4f8b920028af4691be9013f25393a99 SOURCES/keepalived-2.1.5.tar.gz
diff --git a/SOURCES/bz1683438-fix-vrrp_script-execution.patch b/SOURCES/bz1683438-fix-vrrp_script-execution.patch
deleted file mode 100644
index 3f8519e..0000000
--- a/SOURCES/bz1683438-fix-vrrp_script-execution.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 4e60fead497c9e99953dd6106c6a5869182533cc Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Thu, 9 May 2019 19:23:46 +0100
-Subject: [PATCH] Don't enclose /dev/tcp/127.0.0.1/22 in ' chars when running
- as script
-
-RedHat identified a problem with scripts like:
- vrrp_script {
- script "</dev/tcp/127.0.0.1/22"
- }
-where returning an exit code of 127 (script not found).
-
-This was identified to be due to the "script" being enclosed in '
-characters, so the resulting system call was
-system("'</dev/tcp/127.0.0.1/22'"), which failed. Not adding the leading
-and trailing ' characters when the first character of the script is '<'
-or '>' resolves the problem.
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
----
- lib/notify.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/lib/notify.c b/lib/notify.c
-index 2f60e24c..1984bde3 100644
---- a/lib/notify.c
-+++ b/lib/notify.c
-@@ -130,10 +130,18 @@ cmd_str_r(const notify_script_t *script, char *buf, size_t len)
-
- if (i)
- *str_p++ = ' ';
-- *str_p++ = '\'';
-+
-+ /* Allow special case of bash script which is redirection only to
-+ * test for file existence. */
-+ if (i || (script->args[i][0] != '<' && script->args[i][0] != '>'))
-+ *str_p++ = '\'';
-+
- strcpy(str_p, script->args[i]);
- str_p += str_len;
-- *str_p++ = '\'';
-+
-+ /* Close opening ' if we added one */
-+ if (i || (script->args[i][0] != '<' && script->args[i][0] != '>'))
-+ *str_p++ = '\'';
- }
- *str_p = '\0';
-
---
-2.24.1
-
diff --git a/SOURCES/bz1688892-fix-openssl-init-config-check.patch b/SOURCES/bz1688892-fix-openssl-init-config-check.patch
deleted file mode 100644
index b77f498..0000000
--- a/SOURCES/bz1688892-fix-openssl-init-config-check.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 1f2b558da9f631a635e9b099b455696b1903bee4 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Fri, 15 Mar 2019 00:12:19 +0000
-Subject: [PATCH 3/3] Fix some configure tested checks for OPENSSL_init_crypto
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
----
- genhash/ssl.c | 6 +++---
- keepalived/check/check_ssl.c | 6 +++---
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/genhash/ssl.c b/genhash/ssl.c
-index 96f51201..0574675a 100644
---- a/genhash/ssl.c
-+++ b/genhash/ssl.c
-@@ -44,7 +44,7 @@ void
- init_ssl(void)
- {
- /* Library initialization */
--#if HAVE_OPENSSL_INIT_CRYPTO
-+#ifdef HAVE_OPENSSL_INIT_CRYPTO
- #ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
- /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
- * It works in v1.1.0h and v1.1.1b.
-@@ -59,7 +59,7 @@ init_ssl(void)
- #endif
-
- /* Initialize SSL context */
--#if HAVE_TLS_METHOD
-+#ifdef HAVE_TLS_METHOD
- req->meth = TLS_method();
- #else
- req->meth = SSLv23_method();
-@@ -123,7 +123,7 @@ ssl_connect(thread_t * thread)
- }
-
- BIO_set_nbio(sock_obj->bio, 1); /* Set the Non-Blocking flag */
--#if HAVE_SSL_SET0_RBIO
-+#ifdef HAVE_SSL_SET0_RBIO
- BIO_up_ref(sock_obj->bio);
- SSL_set0_rbio(sock_obj->ssl, sock_obj->bio);
- SSL_set0_wbio(sock_obj->ssl, sock_obj->bio);
-diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c
-index 2743ea87..58061b91 100644
---- a/keepalived/check/check_ssl.c
-+++ b/keepalived/check/check_ssl.c
-@@ -68,7 +68,7 @@ build_ssl_ctx(void)
- ssl_data_t *ssl;
-
- /* Library initialization */
--#if HAVE_OPENSSL_INIT_CRYPTO
-+#ifdef HAVE_OPENSSL_INIT_CRYPTO
- #ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
- /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
- * It works in v1.1.0h and v1.1.1b.
-@@ -88,7 +88,7 @@ build_ssl_ctx(void)
- ssl = check_data->ssl;
-
- /* Initialize SSL context */
--#if HAVE_TLS_METHOD
-+#ifdef HAVE_TLS_METHOD
- ssl->meth = TLS_method();
- #else
- ssl->meth = SSLv23_method();
-@@ -226,7 +226,7 @@ ssl_connect(thread_t * thread, int new_req)
-
- BIO_get_fd(req->bio, &bio_fd);
- fcntl(bio_fd, F_SETFD, fcntl(bio_fd, F_GETFD) | FD_CLOEXEC);
--#if HAVE_SSL_SET0_RBIO
-+#ifdef HAVE_SSL_SET0_RBIO
- BIO_up_ref(req->bio);
- SSL_set0_rbio(req->ssl, req->bio);
- SSL_set0_wbio(req->ssl, req->bio);
---
-2.20.1
-
diff --git a/SOURCES/bz1688892-fix-openssl-init-configure.patch b/SOURCES/bz1688892-fix-openssl-init-configure.patch
deleted file mode 100644
index 43ec64b..0000000
--- a/SOURCES/bz1688892-fix-openssl-init-configure.patch
+++ /dev/null
@@ -1,409 +0,0 @@
---- a/configure 2018-11-12 13:40:33.000000000 -0600
-+++ b/configure 2019-03-18 11:29:03.305427768 -0500
-@@ -730,7 +730,6 @@
- AMDEPBACKSLASH
- AMDEP_FALSE
- AMDEP_TRUE
--am__quote
- am__include
- DEPDIR
- OBJEXT
-@@ -790,7 +789,6 @@
- docdir
- oldincludedir
- includedir
--runstatedir
- localstatedir
- sharedstatedir
- sysconfdir
-@@ -809,7 +807,8 @@
- PACKAGE_TARNAME
- PACKAGE_NAME
- PATH_SEPARATOR
--SHELL'
-+SHELL
-+am__quote'
- ac_subst_files=''
- ac_user_opts='
- enable_option_checking
-@@ -925,7 +924,6 @@
- sysconfdir='${prefix}/etc'
- sharedstatedir='${prefix}/com'
- localstatedir='${prefix}/var'
--runstatedir='${localstatedir}/run'
- includedir='${prefix}/include'
- oldincludedir='/usr/include'
- docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
-@@ -1178,15 +1176,6 @@
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
-- -runstatedir | --runstatedir | --runstatedi | --runstated \
-- | --runstate | --runstat | --runsta | --runst | --runs \
-- | --run | --ru | --r)
-- ac_prev=runstatedir ;;
-- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-- | --run=* | --ru=* | --r=*)
-- runstatedir=$ac_optarg ;;
--
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
-@@ -1324,7 +1313,7 @@
- for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-- libdir localedir mandir runstatedir
-+ libdir localedir mandir
- do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
-@@ -1477,7 +1466,6 @@
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
-- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
-@@ -2689,7 +2677,7 @@
- ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
--am__api_version='1.15'
-+am__api_version='1.16'
-
- ac_aux_dir=
- for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
-@@ -3234,8 +3222,8 @@
-
- # For better backward compatibility. To be removed once Automake 1.9.x
- # dies out for good. For more background, see:
--# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
--# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
-+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
- mkdir_p='$(MKDIR_P)'
-
- # We need awk for the "check" target (and possibly the TAP driver). The
-@@ -3286,7 +3274,7 @@
- Aborting the configuration process, to ensure you take notice of the issue.
-
- You can download and install GNU coreutils to get an 'rm' implementation
--that behaves properly: <http://www.gnu.org/software/coreutils/>.
-+that behaves properly: <https://www.gnu.org/software/coreutils/>.
-
- If you want to complete the configuration process using your problematic
- 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
-@@ -4650,45 +4638,45 @@
-
- ac_config_commands="$ac_config_commands depfiles"
-
--
--am_make=${MAKE-make}
--cat > confinc << 'END'
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
-+$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; }
-+cat > confinc.mk << 'END'
- am__doit:
-- @echo this is the am__doit target
-+ @echo this is the am__doit target >confinc.out
- .PHONY: am__doit
- END
--# If we don't find an include directive, just comment out the code.
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
--$as_echo_n "checking for style of include used by $am_make... " >&6; }
- am__include="#"
- am__quote=
--_am_result=none
--# First try GNU make style include.
--echo "include confinc" > confmf
--# Ignore all kinds of additional output from 'make'.
--case `$am_make -s -f confmf 2> /dev/null` in #(
--*the\ am__doit\ target*)
-- am__include=include
-- am__quote=
-- _am_result=GNU
-- ;;
--esac
--# Now try BSD make style include.
--if test "$am__include" = "#"; then
-- echo '.include "confinc"' > confmf
-- case `$am_make -s -f confmf 2> /dev/null` in #(
-- *the\ am__doit\ target*)
-- am__include=.include
-- am__quote="\""
-- _am_result=BSD
-+# BSD make does it like this.
-+echo '.include "confinc.mk" # ignored' > confmf.BSD
-+# Other make implementations (GNU, Solaris 10, AIX) do it like this.
-+echo 'include confinc.mk # ignored' > confmf.GNU
-+_am_result=no
-+for s in GNU BSD; do
-+ { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
-+ (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
-+ ac_status=$?
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); }
-+ case $?:`cat confinc.out 2>/dev/null` in #(
-+ '0:this is the am__doit target') :
-+ case $s in #(
-+ BSD) :
-+ am__include='.include' am__quote='"' ;; #(
-+ *) :
-+ am__include='include' am__quote='' ;;
-+esac ;; #(
-+ *) :
- ;;
-- esac
--fi
--
--
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
--$as_echo "$_am_result" >&6; }
--rm -f confinc confmf
-+esac
-+ if test "$am__include" != "#"; then
-+ _am_result="yes ($s style)"
-+ break
-+ fi
-+done
-+rm -f confinc.* confmf.*
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
-+$as_echo "${_am_result}" >&6; }
-
- # Check whether --enable-dependency-tracking was given.
- if test "${enable_dependency_tracking+set}" = set; then :
-@@ -7506,8 +7494,8 @@
- done
-
-
--# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0
--for ac_func in SSL_set0_rbio OPENSSL_init_crypto
-+# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0
-+for ac_func in SSL_set0_rbio OPENSSL_init_crypto TLS_method
- do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-@@ -7520,19 +7508,62 @@
- done
-
-
--# TLS_method() introduced OpenSSL v1.1.0
--for ac_func in TLS_method
--do :
-- ac_fn_c_check_func "$LINENO" "TLS_method" "ac_cv_func_TLS_method"
--if test "x$ac_cv_func_TLS_method" = xyes; then :
-- cat >>confdefs.h <<_ACEOF
--#define HAVE_TLS_METHOD 1
--_ACEOF
-+# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
-+# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
-+if test .$ac_cv_func_OPENSSL_init_crypto = .yes; then :
-
-+ if test .$ac_cv_func_TLS_method = .yes; then :
-+ method_func=TLS_method
-+else
-+ method_func=SSLv23_method
- fi
--done
-+ if test "$cross_compiling" = yes; then :
-+
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&5
-+$as_echo "$as_me: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&2;}
-+ openssl_init_no_load_bug=1
-+
-+
-+else
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-+#include <openssl/ssl.h>
-+int
-+main ()
-+{
-+
-+ const SSL_METHOD *meth;
-+ SSL_CTX *ctx;
-+
-+ if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
-+ return 1;
-
-+ /* Initialize SSL context */
-+ meth = $method_func();
-+ if (!(ctx = SSL_CTX_new(meth)))
-+ return 1;
-+ return 0;
-
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_run "$LINENO"; then :
-+ openssl_init_no_load_bug=0
-+else
-+ openssl_init_no_load_bug=1
-+fi
-+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-+ conftest.$ac_objext conftest.beam conftest.$ac_ext
-+fi
-+
-+ if test $openssl_init_no_load_bug -eq 1; then :
-+
-+$as_echo "#define HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG 1 " >>confdefs.h
-+
-+fi
-+
-+fi
- unset LIBS
-
- if test $BUILD_GENHASH = No; then
-@@ -12695,7 +12726,7 @@
- #
- # INIT-COMMANDS
- #
--AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
-+AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
-
- _ACEOF
-
-@@ -13322,29 +13353,35 @@
- # Older Autoconf quotes --file arguments for eval, but not when files
- # are listed without --file. Let's play safe and only enable the eval
- # if we detect the quoting.
-- case $CONFIG_FILES in
-- *\'*) eval set x "$CONFIG_FILES" ;;
-- *) set x $CONFIG_FILES ;;
-- esac
-+ # TODO: see whether this extra hack can be removed once we start
-+ # requiring Autoconf 2.70 or later.
-+ case $CONFIG_FILES in #(
-+ *\'*) :
-+ eval set x "$CONFIG_FILES" ;; #(
-+ *) :
-+ set x $CONFIG_FILES ;; #(
-+ *) :
-+ ;;
-+esac
- shift
-- for mf
-+ # Used to flag and report bootstrapping failures.
-+ am_rc=0
-+ for am_mf
- do
- # Strip MF so we end up with the name of the file.
-- mf=`echo "$mf" | sed -e 's/:.*$//'`
-- # Check whether this is an Automake generated Makefile or not.
-- # We used to match only the files named 'Makefile.in', but
-- # some people rename them; so instead we look at the file content.
-- # Grep'ing the first line is not enough: some people post-process
-- # each Makefile.in and add a new line on top of each file to say so.
-- # Grep'ing the whole file is not good either: AIX grep has a line
-+ am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'`
-+ # Check whether this is an Automake generated Makefile which includes
-+ # dependency-tracking related rules and includes.
-+ # Grep'ing the whole file directly is not great: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
-- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
-- dirpart=`$as_dirname -- "$mf" ||
--$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-- X"$mf" : 'X\(//\)[^/]' \| \
-- X"$mf" : 'X\(//\)$' \| \
-- X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$mf" |
-+ sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
-+ || continue
-+ am_dirpart=`$as_dirname -- "$am_mf" ||
-+$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-+ X"$am_mf" : 'X\(//\)[^/]' \| \
-+ X"$am_mf" : 'X\(//\)$' \| \
-+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-+$as_echo X"$am_mf" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
-@@ -13362,53 +13399,48 @@
- q
- }
- s/.*/./; q'`
-- else
-- continue
-- fi
-- # Extract the definition of DEPDIR, am__include, and am__quote
-- # from the Makefile without running 'make'.
-- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
-- test -z "$DEPDIR" && continue
-- am__include=`sed -n 's/^am__include = //p' < "$mf"`
-- test -z "$am__include" && continue
-- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
-- # Find all dependency output files, they are included files with
-- # $(DEPDIR) in their names. We invoke sed twice because it is the
-- # simplest approach to changing $(DEPDIR) to its actual value in the
-- # expansion.
-- for file in `sed -n "
-- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
-- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
-- # Make sure the directory exists.
-- test -f "$dirpart/$file" && continue
-- fdir=`$as_dirname -- "$file" ||
--$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-- X"$file" : 'X\(//\)[^/]' \| \
-- X"$file" : 'X\(//\)$' \| \
-- X"$file" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$file" |
-- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-- s//\1/
-- q
-- }
-- /^X\(\/\/\)[^/].*/{
-+ am_filepart=`$as_basename -- "$am_mf" ||
-+$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
-+ X"$am_mf" : 'X\(//\)$' \| \
-+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-+$as_echo X/"$am_mf" |
-+ sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
-- /^X\(\/\/\)$/{
-+ /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
-- /^X\(\/\).*/{
-+ /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-- as_dir=$dirpart/$fdir; as_fn_mkdir_p
-- # echo "creating $dirpart/$file"
-- echo '# dummy' > "$dirpart/$file"
-- done
-+ { echo "$as_me:$LINENO: cd "$am_dirpart" \
-+ && sed -e '/# am--include-marker/d' "$am_filepart" \
-+ | $MAKE -f - am--depfiles" >&5
-+ (cd "$am_dirpart" \
-+ && sed -e '/# am--include-marker/d' "$am_filepart" \
-+ | $MAKE -f - am--depfiles) >&5 2>&5
-+ ac_status=$?
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } || am_rc=$?
- done
-+ if test $am_rc -ne 0; then
-+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-+as_fn_error $? "Something went wrong bootstrapping makefile fragments
-+ for automatic dependency tracking. Try re-running configure with the
-+ '--disable-dependency-tracking' option to at least be able to build
-+ the package (albeit without support for automatic dependency tracking).
-+See \`config.log' for more details" "$LINENO" 5; }
-+ fi
-+ { am_dirpart=; unset am_dirpart;}
-+ { am_filepart=; unset am_filepart;}
-+ { am_mf=; unset am_mf;}
-+ { am_rc=; unset am_rc;}
-+ rm -f conftest-deps.mk
- }
- ;;
-
diff --git a/SOURCES/bz1688892-fix-openssl-init-failure.patch b/SOURCES/bz1688892-fix-openssl-init-failure.patch
deleted file mode 100644
index 4a8f64a..0000000
--- a/SOURCES/bz1688892-fix-openssl-init-failure.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From aeec0e2cda5c440fdd3c5bea20ed7567bea540e1 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Tue, 12 Mar 2019 14:58:38 +0000
-Subject: [PATCH 1/3] Fix OpenSSL init failure with OpenSSL v1.1.1
-
-OpenSSL v1.1.1, but not v1.1.0h or v1.1.1b failed in SSL_CTX_new()
-if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) had previously
-been called.
-
-This commit doesn't call OPENSSL_init_crypto() if doing so causes
-SSL_CTX_new() to fail.
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
----
- configure.ac | 30 ++++++++++++++++++++++++++++++
- keepalived/check/check_ssl.c | 6 ++++++
- 2 files changed, 36 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index 89399ca3..504b9b92 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -819,6 +819,36 @@ AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto])
- # TLS_method() introduced OpenSSL v1.1.0
- AC_CHECK_FUNCS([TLS_method])
-
-+# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
-+# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
-+AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes],
-+ [
-+ AC_RUN_IFELSE(
-+ [AC_LANG_PROGRAM(
-+ [[#include <openssl/ssl.h>]],
-+ [[
-+ const SSL_METHOD *meth;
-+ SSL_CTX *ctx;
-+
-+ if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
-+ return 1;
-+
-+ /* Initialize SSL context */
-+ meth = TLS_method();
-+ if (!(ctx = SSL_CTX_new(meth)))
-+ return 1;
-+ return 0;
-+ ]])],
-+ [openssl_init_no_load_bug=0],
-+ [openssl_init_no_load_bug=1],
-+ [
-+ AC_MSG_WARN([Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety.])
-+ openssl_init_no_load_bug=1
-+ ]
-+ )
-+ AS_IF([test $openssl_init_no_load_bug -eq 1],
-+ [AC_DEFINE([HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG], [ 1 ], [Define to 1 if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) bug)])])
-+ ])
- unset LIBS
-
- if test $BUILD_GENHASH = No; then
-diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c
-index 6bf6a005..2743ea87 100644
---- a/keepalived/check/check_ssl.c
-+++ b/keepalived/check/check_ssl.c
-@@ -69,8 +69,14 @@ build_ssl_ctx(void)
-
- /* Library initialization */
- #if HAVE_OPENSSL_INIT_CRYPTO
-+#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
-+ /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
-+ * It works in v1.1.0h and v1.1.1b.
-+ * It transpires that it works without setting NO_LOAD_CONFIG, but it is
-+ * presumably more efficient not to load it. */
- if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
- log_message(LOG_INFO, "OPENSSL_init_crypto failed");
-+#endif
- #else
- SSL_library_init();
- SSL_load_error_strings();
---
-2.20.1
-
diff --git a/SOURCES/bz1688892-fix-openssl-init-genhash.patch b/SOURCES/bz1688892-fix-openssl-init-genhash.patch
deleted file mode 100644
index a9251f3..0000000
--- a/SOURCES/bz1688892-fix-openssl-init-genhash.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 5e1a2130340ea4fabc4095b412c8b3836d112828 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Wed, 13 Mar 2019 09:46:27 +0000
-Subject: [PATCH 2/3] Fix genhash re OPENSSL_init_crypto bug and improve
- configure.ac
-
-Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't
-update the identical code in genhash/ssl.c. Also, an improvement for
-the test in configure.ac was suggested.
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
----
- configure.ac | 12 +++++-------
- genhash/ssl.c | 6 ++++++
- 2 files changed, 11 insertions(+), 7 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 504b9b92..c964a11e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -813,16 +813,14 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
- # SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a
- AC_CHECK_FUNCS([SSL_CTX_set_verify_depth])
-
--# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0
--AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto])
--
--# TLS_method() introduced OpenSSL v1.1.0
--AC_CHECK_FUNCS([TLS_method])
-+# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0
-+AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method])
-
- # In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
- # OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
--AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes],
-+AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes],
- [
-+ AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method])
- AC_RUN_IFELSE(
- [AC_LANG_PROGRAM(
- [[#include <openssl/ssl.h>]],
-@@ -834,7 +832,7 @@ AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method =
- return 1;
-
- /* Initialize SSL context */
-- meth = TLS_method();
-+ meth = $method_func();
- if (!(ctx = SSL_CTX_new(meth)))
- return 1;
- return 0;
-diff --git a/genhash/ssl.c b/genhash/ssl.c
-index 8e9162c8..96f51201 100644
---- a/genhash/ssl.c
-+++ b/genhash/ssl.c
-@@ -45,8 +45,14 @@ init_ssl(void)
- {
- /* Library initialization */
- #if HAVE_OPENSSL_INIT_CRYPTO
-+#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
-+ /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
-+ * It works in v1.1.0h and v1.1.1b.
-+ * It transpires that it works without setting NO_LOAD_CONFIG, but it is
-+ * presumably more efficient not to load it. */
- if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
- fprintf(stderr, "OPENSSL_init_crypto failed\n");
-+#endif
- #else
- SSL_library_init();
- SSL_load_error_strings();
---
-2.20.1
-
diff --git a/SOURCES/bz1693706-fix-smtp-alerts-segfault.patch b/SOURCES/bz1693706-fix-smtp-alerts-segfault.patch
deleted file mode 100644
index 35da553..0000000
--- a/SOURCES/bz1693706-fix-smtp-alerts-segfault.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From fdb1739356f723a4e9e4f8b52c37d193a3a5c6e3 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Tue, 27 Nov 2018 10:57:37 +0000
-Subject: [PATCH] Fix segfault when smtp alerts configured
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
----
- keepalived/core/global_data.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/keepalived/core/global_data.c b/keepalived/core/global_data.c
-index 6e872dcf..cd381d9b 100644
---- a/keepalived/core/global_data.c
-+++ b/keepalived/core/global_data.c
-@@ -253,7 +253,7 @@ init_global_data(data_t * data, data_t *old_global_data)
- if (!data->smtp_connection_to)
- set_default_smtp_connection_timeout(data);
-
-- if (strcmp(data->local_name, unknown_name)) {
-+ if (data->local_name && strcmp(data->local_name, unknown_name)) {
- if (!data->email_from)
- set_default_email_from(data, data->local_name);
-
---
-2.20.1
-
diff --git a/SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch b/SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch
deleted file mode 100644
index 43d1c0b..0000000
--- a/SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From e91583fb20b584621dd48031bef68279945f7aa6 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Tue, 20 Nov 2018 13:03:55 +0000
-Subject: [PATCH] Fix double free when global data smtp_helo_name copied from
- local_name
-
-Issue #1071 identified a double free fault. It occurred when smtp_helo_name
-was not set, in which case it was set to point to the same malloc'd memory
-as local_name. At termination keepalived freed both local_name and
-smtp_helo_name.
-
-If keepalived needs to use local_name for smtp_helo_name it now malloc's
-aadditional memory to copy the string into.
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
----
- keepalived/core/global_data.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/keepalived/core/global_data.c b/keepalived/core/global_data.c
-index cd381d9b..be9fecbd 100644
---- a/keepalived/core/global_data.c
-+++ b/keepalived/core/global_data.c
-@@ -257,8 +257,10 @@ init_global_data(data_t * data, data_t *old_global_data)
- if (!data->email_from)
- set_default_email_from(data, data->local_name);
-
-- if (!data->smtp_helo_name)
-- data->smtp_helo_name = data->local_name;
-+ if (!data->smtp_helo_name) {
-+ data->smtp_helo_name = MALLOC(strlen(data->local_name) + 1);
-+ strcpy(data->smtp_helo_name, data->local_name);
-+ }
- }
- }
-
---
-2.20.1
-
diff --git a/SOURCES/bz1792160-fix-fault-rename-interface.patch b/SOURCES/bz1792160-fix-fault-rename-interface.patch
deleted file mode 100644
index 96562c7..0000000
--- a/SOURCES/bz1792160-fix-fault-rename-interface.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 30eeb48b1a0737dc7443fd421fd6613e0d55fd17 Mon Sep 17 00:00:00 2001
-From: "Z. Liu" <liuzx@knownsec.com>
-Date: Tue, 18 Dec 2018 16:38:24 +0800
-Subject: [PATCH] Also skip route not configured with down interface
-
-Otherwise, if keepalived has virtual_routes configured, we create
-a virtual interface and bring it up and down, current code will bring
-VRRP state to FAULT and never return.
-
- # ip tun add test mode ipip remote 10.0.0.1 local 10.0.0.2
- # ip link set test up
- # ip link set test down
----
- keepalived/vrrp/vrrp_if.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/keepalived/vrrp/vrrp_if.c b/keepalived/vrrp/vrrp_if.c
-index a2087ceb..6ae2666a 100644
---- a/keepalived/vrrp/vrrp_if.c
-+++ b/keepalived/vrrp/vrrp_if.c
-@@ -1051,7 +1051,9 @@ interface_down(interface_t *ifp)
- /* Any route that has an oif will be tracking the interface,
- * so we only need to check for routes that dont specify an
- * oif */
-- if (!route->oif && route->configured_ifindex != ifp->ifindex)
-+ /* Don't track route if it's not configured with this down
-+ * interface. */
-+ if (!route->oif || route->configured_ifindex != ifp->ifindex)
- continue;
-
- route->set = false;
---
-2.24.1
-
diff --git a/SOURCES/bz1868077-fix-intermittent-child-lost-messages.patch b/SOURCES/bz1868077-fix-intermittent-child-lost-messages.patch
deleted file mode 100644
index f562eec..0000000
--- a/SOURCES/bz1868077-fix-intermittent-child-lost-messages.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 21482202567979b8a17cc750b095272b3270ee76 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Wed, 13 Nov 2019 10:37:38 +0000
-Subject: [PATCH] Fix intermittent "child lost" messages
-
-Issue #1364 identified that occassionaly a "child lost" message could
-be logged. Although keepalived continued working as expected, the
-"child lost" message indicated that something wasn't working properly.
-
-If a vrrp track script had a timeout in the script that was the
-same as the script timeout configured in keepalived, when the system
-was heavily loaded it was possible for the timeout to occur, followed
-by the termination before the timeout thread was run, in which case
-the termination would be lost because the child thread was no longer
-on the child_pid queue, but on the ready queue.
-
-This commit leaves threads on the child_pid queue after a timeout, and
-only removes it when the timeout thread is run. That means that if the
-termination is received before the timeout thread is run, the thread
-(now on the ready queue) can be updated to be a termination rather than
-a timeout.
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
----
- lib/scheduler.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/lib/scheduler.c b/lib/scheduler.c
-index 0a1c334c..f6d9bad1 100644
---- a/lib/scheduler.c
-+++ b/lib/scheduler.c
-@@ -1708,6 +1708,14 @@ process_threads(thread_master_t *m)
- * We only want timer and signal fd, and don't want inotify, vrrp socket,
- * snmp_read, bfd_receiver, bfd pipe in vrrp/check, dbus pipe or netlink fds. */
- thread = thread_trim_head(thread_list);
-+
-+ if (thread && thread->type == THREAD_CHILD_TIMEOUT) {
-+ /* We remove the thread from the child_pid queue here so that
-+ * if the termination arrives before we processed the timeout
-+ * we can still handle the termination. */
-+ rb_erase(&thread->rb_data, &master->child_pid);
-+ }
-+
- if (!shutting_down ||
- (thread->type == THREAD_READY_FD &&
- (thread->u.fd == m->timer_fd || thread->u.fd == m->signal_fd)) ||
-@@ -1773,6 +1781,12 @@ process_child_termination(pid_t pid, int status)
-
- thread_add_terminate_event(m);
- }
-+ else if (thread->type == THREAD_CHILD_TIMEOUT) {
-+ /* The child had been timed out, but we have not processed the timeout
-+ * and it is still on the thread->ready queue. Since we have now got
-+ * the termination, just handle the termination instead. */
-+ thread->type = THREAD_CHILD_TERMINATED;
-+ }
- else
- thread_move_ready(m, &m->child, thread, THREAD_CHILD_TERMINATED);
- }
---
-2.26.2
-
diff --git a/SPECS/keepalived.spec b/SPECS/keepalived.spec
index 4a6ada6..b719d6c 100644
--- a/SPECS/keepalived.spec
+++ b/SPECS/keepalived.spec
@@ -9,8 +9,8 @@
Name: keepalived
Summary: High Availability monitor built upon LVS, VRRP and service pollers
-Version: 2.0.10
-Release: 11%{?dist}.1
+Version: 2.1.5
+Release: 6%{?dist}
License: GPLv2+
URL: http://www.keepalived.org/
Group: System Environment/Daemons
@@ -18,16 +18,6 @@ Group: System Environment/Daemons
Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
Source1: keepalived.service
-Patch1: bz1688892-fix-openssl-init-failure.patch
-Patch2: bz1688892-fix-openssl-init-genhash.patch
-Patch3: bz1688892-fix-openssl-init-config-check.patch
-Patch4: bz1688892-fix-openssl-init-configure.patch
-Patch5: bz1693706-fix-smtp-alerts-segfault.patch
-Patch6: bz1693706-fix-smtp_helo_name-double-free.patch
-Patch7: bz1792160-fix-fault-rename-interface.patch
-Patch8: bz1683438-fix-vrrp_script-execution.patch
-Patch9: bz1868077-fix-intermittent-child-lost-messages.patch
-
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
@@ -62,15 +52,6 @@ infrastructures.
%prep
%setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
%build
%configure \
@@ -121,9 +102,13 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
%{_mandir}/man8/keepalived.8*
%changelog
-* Fri Oct 23 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-11.1
-- Fix intermittent child lost messages (#1890625)
+* Tue Dec 15 2020 Ryan O'Hara <rohara@redhat.com> - 2.1.5-6
+- Fix changelog
+* Tue Oct 20 2020 Ryan O'Hara <rohara@redhat.com> - 2.1.5-5
+- Update to 2.1.5 (#1889440)
+- Fix intermittent child lost messages (#1868077)
+
* Tue Jun 16 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-11
- Fix vrrp_script execution (#1683438)