import UBI keepalived-2.2.8-3.el9

2023-11-07 12:00:26 +00:00 · 2023-11-07 12:00:26 +00:00 · 949e105ae6
commit 949e105ae6
parent ae45504c3c
6 changed files with 13 additions and 133 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/keepalived-2.2.4.tar.gz
+SOURCES/keepalived-2.2.8.tar.gz
--- a/.keepalived.metadata
+++ b/.keepalived.metadata
@ -1 +1 @@
-192b7beabeda1c2dabc4830aa104d3e64275e131 SOURCES/keepalived-2.2.4.tar.gz
+e35522125dcadb1f627e63f2be01f269f289c024 SOURCES/keepalived-2.2.8.tar.gz
--- a/SOURCES/bz2028351-fix-dbus-policy-restrictions.patch
+++ b/SOURCES/bz2028351-fix-dbus-policy-restrictions.patch
@ -1,41 +0,0 @@
-From 763eaa49343acdda5ff359012e8cc49c9ffc8e81 Mon Sep 17 00:00:00 2001
-From: Vincent Bernat <vincent@bernat.ch>
-Date: Tue, 23 Nov 2021 06:50:59 +0100
-Subject: [PATCH] dbus: fix policy to not be overly broad
-
-The DBus policy did not restrict the message destination, allowing any
-user to inspect and manipulate any property.
-
-Signed-off-by: Vincent Bernat <vincent@bernat.ch>
---
- keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
-index 2b78a575..b5ced608 100644
--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
-+++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
-@@ -3,12 +3,15 @@
-  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
- <busconfig>
- 	<policy user="root">
-		<allow own="org.keepalived.Vrrp1"/>
-		<allow send_destination="org.keepalived.Vrrp1"/>
-+		<allow own="org.keepalived.Vrrp1" />
-+		<allow send_destination="org.keepalived.Vrrp1" />
- 	</policy>
- 	<policy context="default">
-		<allow send_interface="org.freedesktop.DBus.Introspectable" />
-		<allow send_interface="org.freedesktop.DBus.Peer" />
-		<allow send_interface="org.freedesktop.DBus.Properties" />
-+		<allow send_destination="org.keepalived.Vrrp1"
-+		       send_interface="org.freedesktop.DBus.Introspectable" />
-+		<allow send_destination="org.keepalived.Vrrp1"
-+		       send_interface="org.freedesktop.DBus.Peer" />
-+		<allow send_destination="org.keepalived.Vrrp1"
-+		       send_interface="org.freedesktop.DBus.Properties" />
- 	</policy>
- </busconfig>
-- 
-2.33.1
-
--- a/SOURCES/bz2102493-fix-variable-substitution.patch
+++ b/SOURCES/bz2102493-fix-variable-substitution.patch
@ -1,32 +0,0 @@
-From 332262ec91f85cd4224816d2803d818015239007 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Wed, 29 Jun 2022 09:18:15 +0100
-Subject: [PATCH] parser: optimise fixing recalculating updated line length
-
-Commit 1ffad9a - "recalculate buffer length inside recheck loop"
-resolved the issue but calls strlen(buf) more often than necessary.
-
-This commit only calls strlen(buf) when the line buffer is modified.
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
---
- lib/parser.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/parser.c b/lib/parser.c
-index bcabd07f..2146f38b 100644
--- a/lib/parser.c
-+++ b/lib/parser.c
-@@ -2809,6 +2809,9 @@ read_line(char *buf, size_t size)
- 					recheck = true;
- 				if (strchr(buf, '$'))
- 					recheck = true;
-+
-+				if (recheck)
-+					len = strlen(buf);
- 			}
- 		} while (recheck);
- 	} while (buf[0] == '\0' || check_include(buf));
-- 
-2.38.1
-
--- a/SOURCES/bz2134749-fix-memory-leak-https-checks.patch
+++ b/SOURCES/bz2134749-fix-memory-leak-https-checks.patch
@ -1,48 +0,0 @@
-From b8b463159d9bcb05505ec128b5c2926ace0b3e92 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Thu, 13 Oct 2022 08:32:17 +0100
-Subject: [PATCH] ipvs: Work around OpenSSL memory leak in versions 3.0.0 to
- 3.0.4
-
-The memory leak was observed with OpenSSL 3.0.1, and it is resolved
-by version 3.0.5. Also the leak is not observed in v1.1.1n.
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
---
- keepalived/check/check_ssl.c | 20 +++++++++++++++++++-
- 1 file changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c
-index 917ac0d7..50efa824 100644
--- a/keepalived/check/check_ssl.c
-+++ b/keepalived/check/check_ssl.c
-@@ -229,7 +229,25 @@ ssl_connect(thread_ref_t thread, int new_req)
- 		BIO_get_fd(req->bio, &bio_fd);
- 		if (fcntl(bio_fd, F_SETFD, fcntl(bio_fd, F_GETFD) | FD_CLOEXEC) == -1)
- 			log_message(LOG_INFO, "Setting CLOEXEC failed on ssl socket - errno %d", errno);
-#ifdef HAVE_SSL_SET0_RBIO
-+
-+		/* There is a memory leak in openSSL at least in version 3.0.1, which is fixed
-+		 * by version 3.0.5. It was not present in version 1.1.1n. Since I haven't been
-+		 * able to identify the OpenSSL patch that resolved the leak, we play safe and
-+		 * assume it is in versions 3.0.0 up to 3.0.4.
-+		 * The leak is memory allocated by
-+		 *   p = OPENSSL_malloc(len);
-+		 * in ssl3_setup_write_buffer() in ssl/record/ssl_buffer.c
-+		 *
-+		 * It appears that setting SSL_MODE_RELEASE_BUFFERS causes the memory leak not
-+		 * to occur.
-+		 */
-+#ifdef OPENSSL_VERSION_MAJOR
-+#if OPENSSL_VERSION_MAJOR == 3 && OPENSSL_VERSION_MINOR == 0 && OPENSSL_VERSION_PATCH <= 4
-+		SSL_set_mode(req->ssl, SSL_MODE_RELEASE_BUFFERS);
-+#endif
-+#endif
-+
-+#if defined HAVE_SSL_SET0_RBIO && defined HAVE_SSL_SET0_WBIO
- 		BIO_up_ref(req->bio);
- 		SSL_set0_rbio(req->ssl, req->bio);
- 		SSL_set0_wbio(req->ssl, req->bio);
-- 
-2.38.1
-
--- a/SPECS/keepalived.spec
+++ b/SPECS/keepalived.spec
@ -10,18 +10,14 @@

 Name: keepalived
 Summary: High Availability monitor built upon LVS, VRRP and service pollers
-Version: 2.2.4
-Release: 6%{?dist}
+Version: 2.2.8
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://www.keepalived.org/

 Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
 Source1: keepalived.service

-Patch1: bz2028351-fix-dbus-policy-restrictions.patch
-Patch2: bz2102493-fix-variable-substitution.patch
-Patch3: bz2134749-fix-memory-leak-https-checks.patch
-
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@ -61,9 +57,6 @@ infrastructures.

 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1

 %build
 %configure \
@ -73,7 +66,7 @@ infrastructures.
    %{?with_snmp:--enable-snmp --enable-snmp-rfc} \
    %{?with_nftables:--enable-nftables --disable-iptables} \
    %{?with_sha1:--enable-sha1} \
-    %{?with_sha1:--enable-json} \
+    %{?with_json:--enable-json} \
    --with-init=systemd
 %{__make} %{?_smp_mflags} STRIP=/bin/true

@ -82,6 +75,8 @@ rm -rf %{buildroot}
 make install DESTDIR=%{buildroot}
 rm -rf %{buildroot}%{_initrddir}/
 rm -rf %{buildroot}%{_sysconfdir}/keepalived/samples/
+mv %{buildroot}%{_sysconfdir}/keepalived/keepalived.conf.sample \
+   %{buildroot}%{_sysconfdir}/keepalived/keepalived.conf
 %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/keepalived.service
 mkdir -p %{buildroot}%{_libexecdir}/keepalived

@ -114,6 +109,12 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
 %{_mandir}/man8/keepalived.8*

 %changelog
+* Fri Jun 30 2023 Ryan O'Hara <rohara@redhat.com> - 2.2.8-2
+- Fix keepalived.conf installation (#2215308)
+
+* Thu Jun 15 2023 Ryan O'Hara <rohara@redhat.com> - 2.2.8-1
+- Update to 2.2.8 (#2215308)
+
 * Fri Dec 23 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.4-6
 - Fix unterminated endif in previous patch (#2134749)