import keepalived-2.0.10-4.el8_0.2

.gitignore

@@ -0,0 +1 @@
+SOURCES/keepalived-2.0.10.tar.gz

.keepalived.metadata

@@ -0,0 +1 @@
+c0b62f6d20a4a322e4bd67b4ae447bb842c28c4c SOURCES/keepalived-2.0.10.tar.gz

SOURCES/bz1688892-fix-openssl-init-config-check.patch

@@ -0,0 +1,76 @@
+From 1f2b558da9f631a635e9b099b455696b1903bee4 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Fri, 15 Mar 2019 00:12:19 +0000
+Subject: [PATCH 3/3] Fix some configure tested checks for OPENSSL_init_crypto
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ genhash/ssl.c                | 6 +++---
+ keepalived/check/check_ssl.c | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/genhash/ssl.c b/genhash/ssl.c
+index 96f51201..0574675a 100644
+--- a/genhash/ssl.c
++++ b/genhash/ssl.c
+@@ -44,7 +44,7 @@ void
+ init_ssl(void)
+ {
+ 	/* Library initialization */
+-#if HAVE_OPENSSL_INIT_CRYPTO
++#ifdef HAVE_OPENSSL_INIT_CRYPTO
+ #ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
+ 	/* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
+ 	 * It works in v1.1.0h and v1.1.1b.
+@@ -59,7 +59,7 @@ init_ssl(void)
+ #endif
+ 
+ 	/* Initialize SSL context */
+-#if HAVE_TLS_METHOD
++#ifdef HAVE_TLS_METHOD
+ 	req->meth = TLS_method();
+ #else
+ 	req->meth = SSLv23_method();
+@@ -123,7 +123,7 @@ ssl_connect(thread_t * thread)
+ 	}
+ 
+ 	BIO_set_nbio(sock_obj->bio, 1);	/* Set the Non-Blocking flag */
+-#if HAVE_SSL_SET0_RBIO
++#ifdef HAVE_SSL_SET0_RBIO
+ 	BIO_up_ref(sock_obj->bio);
+ 	SSL_set0_rbio(sock_obj->ssl, sock_obj->bio);
+ 	SSL_set0_wbio(sock_obj->ssl, sock_obj->bio);
+diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c
+index 2743ea87..58061b91 100644
+--- a/keepalived/check/check_ssl.c
++++ b/keepalived/check/check_ssl.c
+@@ -68,7 +68,7 @@ build_ssl_ctx(void)
+ 	ssl_data_t *ssl;
+ 
+ 	/* Library initialization */
+-#if HAVE_OPENSSL_INIT_CRYPTO
++#ifdef HAVE_OPENSSL_INIT_CRYPTO
+ #ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
+ 	/* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
+ 	 * It works in v1.1.0h and v1.1.1b.
+@@ -88,7 +88,7 @@ build_ssl_ctx(void)
+ 		ssl = check_data->ssl;
+ 
+ 	/* Initialize SSL context */
+-#if HAVE_TLS_METHOD
++#ifdef HAVE_TLS_METHOD
+ 	ssl->meth = TLS_method();
+ #else
+ 	ssl->meth = SSLv23_method();
+@@ -226,7 +226,7 @@ ssl_connect(thread_t * thread, int new_req)
+ 
+ 		BIO_get_fd(req->bio, &bio_fd);
+ 		fcntl(bio_fd, F_SETFD, fcntl(bio_fd, F_GETFD) | FD_CLOEXEC);
+-#if HAVE_SSL_SET0_RBIO
++#ifdef HAVE_SSL_SET0_RBIO
+ 		BIO_up_ref(req->bio);
+ 		SSL_set0_rbio(req->ssl, req->bio);
+ 		SSL_set0_wbio(req->ssl, req->bio);
+-- 
+2.20.1
+

SOURCES/bz1688892-fix-openssl-init-configure.patch

@@ -0,0 +1,409 @@
+--- a/configure	2018-11-12 13:40:33.000000000 -0600
++++ b/configure	2019-03-18 11:29:03.305427768 -0500
+@@ -730,7 +730,6 @@
+ AMDEPBACKSLASH
+ AMDEP_FALSE
+ AMDEP_TRUE
+-am__quote
+ am__include
+ DEPDIR
+ OBJEXT
+@@ -790,7 +789,6 @@
+ docdir
+ oldincludedir
+ includedir
+-runstatedir
+ localstatedir
+ sharedstatedir
+ sysconfdir
+@@ -809,7 +807,8 @@
+ PACKAGE_TARNAME
+ PACKAGE_NAME
+ PATH_SEPARATOR
+-SHELL'
++SHELL
++am__quote'
+ ac_subst_files=''
+ ac_user_opts='
+ enable_option_checking
+@@ -925,7 +924,6 @@
+ sysconfdir='${prefix}/etc'
+ sharedstatedir='${prefix}/com'
+ localstatedir='${prefix}/var'
+-runstatedir='${localstatedir}/run'
+ includedir='${prefix}/include'
+ oldincludedir='/usr/include'
+ docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+@@ -1178,15 +1176,6 @@
+   | -silent | --silent | --silen | --sile | --sil)
+     silent=yes ;;
+ 
+-  -runstatedir | --runstatedir | --runstatedi | --runstated \
+-  | --runstate | --runstat | --runsta | --runst | --runs \
+-  | --run | --ru | --r)
+-    ac_prev=runstatedir ;;
+-  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+-  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+-  | --run=* | --ru=* | --r=*)
+-    runstatedir=$ac_optarg ;;
+-
+   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+     ac_prev=sbindir ;;
+   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+@@ -1324,7 +1313,7 @@
+ for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ 		datadir sysconfdir sharedstatedir localstatedir includedir \
+ 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+-		libdir localedir mandir runstatedir
++		libdir localedir mandir
+ do
+   eval ac_val=\$$ac_var
+   # Remove trailing slashes.
+@@ -1477,7 +1466,6 @@
+   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+-  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
+   --libdir=DIR            object code libraries [EPREFIX/lib]
+   --includedir=DIR        C header files [PREFIX/include]
+   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+@@ -2689,7 +2677,7 @@
+ ac_compiler_gnu=$ac_cv_c_compiler_gnu
+ 
+ 
+-am__api_version='1.15'
++am__api_version='1.16'
+ 
+ ac_aux_dir=
+ for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+@@ -3234,8 +3222,8 @@
+ 
+ # For better backward compatibility.  To be removed once Automake 1.9.x
+ # dies out for good.  For more background, see:
+-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
++# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
++# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+ mkdir_p='$(MKDIR_P)'
+ 
+ # We need awk for the "check" target (and possibly the TAP driver).  The
+@@ -3286,7 +3274,7 @@
+ Aborting the configuration process, to ensure you take notice of the issue.
+ 
+ You can download and install GNU coreutils to get an 'rm' implementation
+-that behaves properly: <http://www.gnu.org/software/coreutils/>.
++that behaves properly: <https://www.gnu.org/software/coreutils/>.
+ 
+ If you want to complete the configuration process using your problematic
+ 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
+@@ -4650,45 +4638,45 @@
+ 
+ ac_config_commands="$ac_config_commands depfiles"
+ 
+-
+-am_make=${MAKE-make}
+-cat > confinc << 'END'
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
++$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; }
++cat > confinc.mk << 'END'
+ am__doit:
+-	@echo this is the am__doit target
++	@echo this is the am__doit target >confinc.out
+ .PHONY: am__doit
+ END
+-# If we don't find an include directive, just comment out the code.
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
+-$as_echo_n "checking for style of include used by $am_make... " >&6; }
+ am__include="#"
+ am__quote=
+-_am_result=none
+-# First try GNU make style include.
+-echo "include confinc" > confmf
+-# Ignore all kinds of additional output from 'make'.
+-case `$am_make -s -f confmf 2> /dev/null` in #(
+-*the\ am__doit\ target*)
+-  am__include=include
+-  am__quote=
+-  _am_result=GNU
+-  ;;
+-esac
+-# Now try BSD make style include.
+-if test "$am__include" = "#"; then
+-   echo '.include "confinc"' > confmf
+-   case `$am_make -s -f confmf 2> /dev/null` in #(
+-   *the\ am__doit\ target*)
+-     am__include=.include
+-     am__quote="\""
+-     _am_result=BSD
++# BSD make does it like this.
++echo '.include "confinc.mk" # ignored' > confmf.BSD
++# Other make implementations (GNU, Solaris 10, AIX) do it like this.
++echo 'include confinc.mk # ignored' > confmf.GNU
++_am_result=no
++for s in GNU BSD; do
++  { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
++   (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
++   ac_status=$?
++   echo "$as_me:$LINENO: \$? = $ac_status" >&5
++   (exit $ac_status); }
++  case $?:`cat confinc.out 2>/dev/null` in #(
++  '0:this is the am__doit target') :
++    case $s in #(
++  BSD) :
++    am__include='.include' am__quote='"' ;; #(
++  *) :
++    am__include='include' am__quote='' ;;
++esac ;; #(
++  *) :
+      ;;
+-   esac
+-fi
+-
+-
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
+-$as_echo "$_am_result" >&6; }
+-rm -f confinc confmf
++esac
++  if test "$am__include" != "#"; then
++    _am_result="yes ($s style)"
++    break
++  fi
++done
++rm -f confinc.* confmf.*
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
++$as_echo "${_am_result}" >&6; }
+ 
+ # Check whether --enable-dependency-tracking was given.
+ if test "${enable_dependency_tracking+set}" = set; then :
+@@ -7506,8 +7494,8 @@
+ done
+ 
+ 
+-# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0
+-for ac_func in SSL_set0_rbio OPENSSL_init_crypto
++# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0
++for ac_func in SSL_set0_rbio OPENSSL_init_crypto TLS_method
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+@@ -7520,19 +7508,62 @@
+ done
+ 
+ 
+-# TLS_method() introduced OpenSSL v1.1.0
+-for ac_func in TLS_method
+-do :
+-  ac_fn_c_check_func "$LINENO" "TLS_method" "ac_cv_func_TLS_method"
+-if test "x$ac_cv_func_TLS_method" = xyes; then :
+-  cat >>confdefs.h <<_ACEOF
+-#define HAVE_TLS_METHOD 1
+-_ACEOF
++# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
++# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
++if test .$ac_cv_func_OPENSSL_init_crypto = .yes; then :
+ 
++        if test .$ac_cv_func_TLS_method = .yes; then :
++  method_func=TLS_method
++else
++  method_func=SSLv23_method
+ fi
+-done
++	if test "$cross_compiling" = yes; then :
++
++	    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&5
++$as_echo "$as_me: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&2;}
++	    openssl_init_no_load_bug=1
++
++
++else
++  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++#include <openssl/ssl.h>
++int
++main ()
++{
++
++	      const SSL_METHOD *meth;
++	      SSL_CTX *ctx;
++
++	      if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
++		return 1;
+ 
++	      /* Initialize SSL context */
++	      meth = $method_func();
++	      if (!(ctx = SSL_CTX_new(meth)))
++		return 1;
++	      return 0;
+ 
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_run "$LINENO"; then :
++  openssl_init_no_load_bug=0
++else
++  openssl_init_no_load_bug=1
++fi
++rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
++  conftest.$ac_objext conftest.beam conftest.$ac_ext
++fi
++
++	if test $openssl_init_no_load_bug -eq 1; then :
++
++$as_echo "#define HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG  1 " >>confdefs.h
++
++fi
++
++fi
+ unset LIBS
+ 
+ if test $BUILD_GENHASH = No; then
+@@ -12695,7 +12726,7 @@
+ #
+ # INIT-COMMANDS
+ #
+-AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
++AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
+ 
+ _ACEOF
+ 
+@@ -13322,29 +13353,35 @@
+   # Older Autoconf quotes --file arguments for eval, but not when files
+   # are listed without --file.  Let's play safe and only enable the eval
+   # if we detect the quoting.
+-  case $CONFIG_FILES in
+-  *\'*) eval set x "$CONFIG_FILES" ;;
+-  *)   set x $CONFIG_FILES ;;
+-  esac
++  # TODO: see whether this extra hack can be removed once we start
++  # requiring Autoconf 2.70 or later.
++  case $CONFIG_FILES in #(
++  *\'*) :
++    eval set x "$CONFIG_FILES" ;; #(
++  *) :
++    set x $CONFIG_FILES ;; #(
++  *) :
++     ;;
++esac
+   shift
+-  for mf
++  # Used to flag and report bootstrapping failures.
++  am_rc=0
++  for am_mf
+   do
+     # Strip MF so we end up with the name of the file.
+-    mf=`echo "$mf" | sed -e 's/:.*$//'`
+-    # Check whether this is an Automake generated Makefile or not.
+-    # We used to match only the files named 'Makefile.in', but
+-    # some people rename them; so instead we look at the file content.
+-    # Grep'ing the first line is not enough: some people post-process
+-    # each Makefile.in and add a new line on top of each file to say so.
+-    # Grep'ing the whole file is not good either: AIX grep has a line
++    am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'`
++    # Check whether this is an Automake generated Makefile which includes
++    # dependency-tracking related rules and includes.
++    # Grep'ing the whole file directly is not great: AIX grep has a line
+     # limit of 2048, but all sed's we know have understand at least 4000.
+-    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+-      dirpart=`$as_dirname -- "$mf" ||
+-$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+-	 X"$mf" : 'X\(//\)[^/]' \| \
+-	 X"$mf" : 'X\(//\)$' \| \
+-	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+-$as_echo X"$mf" |
++    sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
++      || continue
++    am_dirpart=`$as_dirname -- "$am_mf" ||
++$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
++	 X"$am_mf" : 'X\(//\)[^/]' \| \
++	 X"$am_mf" : 'X\(//\)$' \| \
++	 X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
++$as_echo X"$am_mf" |
+     sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ 	    s//\1/
+ 	    q
+@@ -13362,53 +13399,48 @@
+ 	    q
+ 	  }
+ 	  s/.*/./; q'`
+-    else
+-      continue
+-    fi
+-    # Extract the definition of DEPDIR, am__include, and am__quote
+-    # from the Makefile without running 'make'.
+-    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+-    test -z "$DEPDIR" && continue
+-    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+-    test -z "$am__include" && continue
+-    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+-    # Find all dependency output files, they are included files with
+-    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+-    # simplest approach to changing $(DEPDIR) to its actual value in the
+-    # expansion.
+-    for file in `sed -n "
+-      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+-	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
+-      # Make sure the directory exists.
+-      test -f "$dirpart/$file" && continue
+-      fdir=`$as_dirname -- "$file" ||
+-$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+-	 X"$file" : 'X\(//\)[^/]' \| \
+-	 X"$file" : 'X\(//\)$' \| \
+-	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+-$as_echo X"$file" |
+-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+-	    s//\1/
+-	    q
+-	  }
+-	  /^X\(\/\/\)[^/].*/{
++    am_filepart=`$as_basename -- "$am_mf" ||
++$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
++	 X"$am_mf" : 'X\(//\)$' \| \
++	 X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
++$as_echo X/"$am_mf" |
++    sed '/^.*\/\([^/][^/]*\)\/*$/{
+ 	    s//\1/
+ 	    q
+ 	  }
+-	  /^X\(\/\/\)$/{
++	  /^X\/\(\/\/\)$/{
+ 	    s//\1/
+ 	    q
+ 	  }
+-	  /^X\(\/\).*/{
++	  /^X\/\(\/\).*/{
+ 	    s//\1/
+ 	    q
+ 	  }
+ 	  s/.*/./; q'`
+-      as_dir=$dirpart/$fdir; as_fn_mkdir_p
+-      # echo "creating $dirpart/$file"
+-      echo '# dummy' > "$dirpart/$file"
+-    done
++    { echo "$as_me:$LINENO: cd "$am_dirpart" \
++      && sed -e '/# am--include-marker/d' "$am_filepart" \
++        | $MAKE -f - am--depfiles" >&5
++   (cd "$am_dirpart" \
++      && sed -e '/# am--include-marker/d' "$am_filepart" \
++        | $MAKE -f - am--depfiles) >&5 2>&5
++   ac_status=$?
++   echo "$as_me:$LINENO: \$? = $ac_status" >&5
++   (exit $ac_status); } || am_rc=$?
+   done
++  if test $am_rc -ne 0; then
++    { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
++$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
++as_fn_error $? "Something went wrong bootstrapping makefile fragments
++    for automatic dependency tracking.  Try re-running configure with the
++    '--disable-dependency-tracking' option to at least be able to build
++    the package (albeit without support for automatic dependency tracking).
++See \`config.log' for more details" "$LINENO" 5; }
++  fi
++  { am_dirpart=; unset am_dirpart;}
++  { am_filepart=; unset am_filepart;}
++  { am_mf=; unset am_mf;}
++  { am_rc=; unset am_rc;}
++  rm -f conftest-deps.mk
+ }
+  ;;
+ 

SOURCES/bz1688892-fix-openssl-init-failure.patch

@@ -0,0 +1,81 @@
+From aeec0e2cda5c440fdd3c5bea20ed7567bea540e1 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 12 Mar 2019 14:58:38 +0000
+Subject: [PATCH 1/3] Fix OpenSSL init failure with OpenSSL v1.1.1
+
+OpenSSL v1.1.1, but not v1.1.0h or v1.1.1b failed in SSL_CTX_new()
+if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) had previously
+been called.
+
+This commit doesn't call OPENSSL_init_crypto() if doing so causes
+SSL_CTX_new() to fail.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ configure.ac                 | 30 ++++++++++++++++++++++++++++++
+ keepalived/check/check_ssl.c |  6 ++++++
+ 2 files changed, 36 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 89399ca3..504b9b92 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -819,6 +819,36 @@ AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto])
+ # TLS_method() introduced OpenSSL v1.1.0
+ AC_CHECK_FUNCS([TLS_method])
+ 
++# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
++# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
++AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes],
++      [
++	AC_RUN_IFELSE(
++	  [AC_LANG_PROGRAM(
++	    [[#include <openssl/ssl.h>]],
++	    [[
++	      const SSL_METHOD *meth;
++	      SSL_CTX *ctx;
++
++	      if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
++		return 1;
++
++	      /* Initialize SSL context */
++	      meth = TLS_method();
++	      if (!(ctx = SSL_CTX_new(meth)))
++		return 1;
++	      return 0;
++	    ]])],
++	  [openssl_init_no_load_bug=0],
++	  [openssl_init_no_load_bug=1],
++	  [
++	    AC_MSG_WARN([Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety.])
++	    openssl_init_no_load_bug=1
++	  ]
++	)
++	AS_IF([test $openssl_init_no_load_bug -eq 1],
++	      [AC_DEFINE([HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG], [ 1 ], [Define to 1 if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) bug)])])
++      ])
+ unset LIBS
+ 
+ if test $BUILD_GENHASH = No; then
+diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c
+index 6bf6a005..2743ea87 100644
+--- a/keepalived/check/check_ssl.c
++++ b/keepalived/check/check_ssl.c
+@@ -69,8 +69,14 @@ build_ssl_ctx(void)
+ 
+ 	/* Library initialization */
+ #if HAVE_OPENSSL_INIT_CRYPTO
++#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
++	/* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
++	 * It works in v1.1.0h and v1.1.1b.
++	 * It transpires that it works without setting NO_LOAD_CONFIG, but it is
++	 * presumably more efficient not to load it. */
+ 	if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
+ 		log_message(LOG_INFO, "OPENSSL_init_crypto failed");
++#endif
+ #else
+ 	SSL_library_init();
+ 	SSL_load_error_strings();
+-- 
+2.20.1
+

SOURCES/bz1688892-fix-openssl-init-genhash.patch

@@ -0,0 +1,72 @@
+From 5e1a2130340ea4fabc4095b412c8b3836d112828 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Wed, 13 Mar 2019 09:46:27 +0000
+Subject: [PATCH 2/3] Fix genhash re OPENSSL_init_crypto bug and improve
+ configure.ac
+
+Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't
+update the identical code in genhash/ssl.c. Also, an improvement for
+the test in configure.ac was suggested.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ configure.ac  | 12 +++++-------
+ genhash/ssl.c |  6 ++++++
+ 2 files changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 504b9b92..c964a11e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -813,16 +813,14 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+ # SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a
+ AC_CHECK_FUNCS([SSL_CTX_set_verify_depth])
+ 
+-# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0
+-AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto])
+-
+-# TLS_method() introduced OpenSSL v1.1.0
+-AC_CHECK_FUNCS([TLS_method])
++# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0
++AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method])
+ 
+ # In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
+ # OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
+-AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes],
++AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes],
+       [
++        AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method])
+ 	AC_RUN_IFELSE(
+ 	  [AC_LANG_PROGRAM(
+ 	    [[#include <openssl/ssl.h>]],
+@@ -834,7 +832,7 @@ AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method =
+ 		return 1;
+ 
+ 	      /* Initialize SSL context */
+-	      meth = TLS_method();
++	      meth = $method_func();
+ 	      if (!(ctx = SSL_CTX_new(meth)))
+ 		return 1;
+ 	      return 0;
+diff --git a/genhash/ssl.c b/genhash/ssl.c
+index 8e9162c8..96f51201 100644
+--- a/genhash/ssl.c
++++ b/genhash/ssl.c
+@@ -45,8 +45,14 @@ init_ssl(void)
+ {
+ 	/* Library initialization */
+ #if HAVE_OPENSSL_INIT_CRYPTO
++#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
++	/* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
++	 * It works in v1.1.0h and v1.1.1b.
++	 * It transpires that it works without setting NO_LOAD_CONFIG, but it is
++	 * presumably more efficient not to load it. */
+ 	if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
+ 		fprintf(stderr, "OPENSSL_init_crypto failed\n");
++#endif
+ #else
+ 	SSL_library_init();
+ 	SSL_load_error_strings();
+-- 
+2.20.1
+

SOURCES/bz1693706-fix-smtp-alerts-segfault.patch

@@ -0,0 +1,26 @@
+From fdb1739356f723a4e9e4f8b52c37d193a3a5c6e3 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 27 Nov 2018 10:57:37 +0000
+Subject: [PATCH] Fix segfault when smtp alerts configured
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/core/global_data.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/keepalived/core/global_data.c b/keepalived/core/global_data.c
+index 6e872dcf..cd381d9b 100644
+--- a/keepalived/core/global_data.c
++++ b/keepalived/core/global_data.c
+@@ -253,7 +253,7 @@ init_global_data(data_t * data, data_t *old_global_data)
+ 		if (!data->smtp_connection_to)
+ 			set_default_smtp_connection_timeout(data);
+ 
+-		if (strcmp(data->local_name, unknown_name)) {
++		if (data->local_name && strcmp(data->local_name, unknown_name)) {
+ 			if (!data->email_from)
+ 				set_default_email_from(data, data->local_name);
+ 
+-- 
+2.20.1
+

SOURCES/bz1693706-fix-smtp_helo_name-double-free.patch

@@ -0,0 +1,39 @@
+From e91583fb20b584621dd48031bef68279945f7aa6 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 20 Nov 2018 13:03:55 +0000
+Subject: [PATCH] Fix double free when global data smtp_helo_name copied from
+ local_name
+
+Issue #1071 identified a double free fault. It occurred when smtp_helo_name
+was not set, in which case it was set to point to the same malloc'd memory
+as local_name. At termination keepalived freed both local_name and
+smtp_helo_name.
+
+If keepalived needs to use local_name for smtp_helo_name it now malloc's
+aadditional memory to copy the string into.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/core/global_data.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/keepalived/core/global_data.c b/keepalived/core/global_data.c
+index cd381d9b..be9fecbd 100644
+--- a/keepalived/core/global_data.c
++++ b/keepalived/core/global_data.c
+@@ -257,8 +257,10 @@ init_global_data(data_t * data, data_t *old_global_data)
+ 			if (!data->email_from)
+ 				set_default_email_from(data, data->local_name);
+ 
+-			if (!data->smtp_helo_name)
+-				data->smtp_helo_name = data->local_name;
++			if (!data->smtp_helo_name) {
++				data->smtp_helo_name = MALLOC(strlen(data->local_name) + 1);
++				strcpy(data->smtp_helo_name, data->local_name);
++			}
+ 		}
+ 	}
+ 
+-- 
+2.20.1
+

SOURCES/keepalived.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=LVS and VRRP High Availability Monitor
+After=network-online.target syslog.target
+Wants=network-online.target
+
+[Service]
+Type=forking
+PIDFile=/var/run/keepalived.pid
+KillMode=process
+EnvironmentFile=-/etc/sysconfig/keepalived
+ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

SPECS/keepalived.spec

@@ -0,0 +1,496 @@
+%bcond_without snmp
+%bcond_without vrrp
+%bcond_without sha1
+%bcond_with profile
+%bcond_with debug
+
+%global _hardened_build 1
+
+Name: keepalived
+Summary: High Availability monitor built upon LVS, VRRP and service pollers
+Version: 2.0.10
+Release: 4%{?dist}.2
+License: GPLv2+
+URL: http://www.keepalived.org/
+Group: System Environment/Daemons
+
+Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
+Source1: keepalived.service
+
+Patch1: bz1688892-fix-openssl-init-failure.patch
+Patch2: bz1688892-fix-openssl-init-genhash.patch
+Patch3: bz1688892-fix-openssl-init-config-check.patch
+Patch4: bz1688892-fix-openssl-init-configure.patch
+Patch5: bz1693706-fix-smtp-alerts-segfault.patch
+Patch6: bz1693706-fix-smtp_helo_name-double-free.patch
+
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+
+%if %{with snmp}
+BuildRequires: net-snmp-devel
+%endif
+BuildRequires: gcc
+BuildRequires: automake
+BuildRequires: systemd-units
+BuildRequires: openssl-devel
+BuildRequires: libnl3-devel
+BuildRequires: ipset-devel
+BuildRequires: iptables-devel
+BuildRequires: libnfnetlink-devel
+
+%description
+Keepalived provides simple and robust facilities for load balancing
+and high availability to Linux system and Linux based infrastructures.
+The load balancing framework relies on well-known and widely used
+Linux Virtual Server (IPVS) kernel module providing Layer4 load
+balancing. Keepalived implements a set of checkers to dynamically and
+adaptively maintain and manage load-balanced server pool according
+their health. High availability is achieved by VRRP protocol. VRRP is
+a fundamental brick for router failover. In addition, keepalived
+implements a set of hooks to the VRRP finite state machine providing
+low-level and high-speed protocol interactions. Keepalived frameworks
+can be used independently or all together to provide resilient
+infrastructures.
+
+%prep
+%setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+
+%build
+%configure \
+    %{?with_debug:--enable-debug} \
+    %{?with_profile:--enable-profile} \
+    %{!?with_vrrp:--disable-vrrp} \
+    %{?with_snmp:--enable-snmp --enable-snmp-rfc} \
+    %{?with_sha1:--enable-sha1} \
+    --with-init=systemd
+%{__make} %{?_smp_mflags} STRIP=/bin/true
+
+%install
+rm -rf %{buildroot}
+make install DESTDIR=%{buildroot}
+rm -rf %{buildroot}%{_initrddir}/
+rm -rf %{buildroot}%{_sysconfdir}/keepalived/samples/
+%{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/keepalived.service
+mkdir -p %{buildroot}%{_libexecdir}/keepalived
+
+%post
+%systemd_post keepalived.service
+
+%preun
+%systemd_preun keepalived.service
+
+%postun
+%systemd_postun_with_restart keepalived.service
+
+%files
+%defattr(-,root,root,-)
+%attr(0755,root,root) %{_sbindir}/keepalived
+%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/keepalived
+%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/keepalived/keepalived.conf
+%doc AUTHOR ChangeLog CONTRIBUTORS COPYING README TODO
+%doc doc/keepalived.conf.SYNOPSIS doc/samples/keepalived.conf.*
+%dir %{_sysconfdir}/keepalived/
+%dir %{_libexecdir}/keepalived/
+%if %{with snmp}
+%{_datadir}/snmp/mibs/KEEPALIVED-MIB.txt
+%{_datadir}/snmp/mibs/VRRP-MIB.txt
+%{_datadir}/snmp/mibs/VRRPv3-MIB.txt
+%endif
+%{_bindir}/genhash
+%{_unitdir}/keepalived.service
+%{_mandir}/man1/genhash.1*
+%{_mandir}/man5/keepalived.conf.5*
+%{_mandir}/man8/keepalived.8*
+
+%changelog
+* Wed May 01 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-4.2
+- Fix segfault when smtp alerts configured (#1693706)
+- Fix double free when smtp_helo_name copied from local_name (#1693706)
+
+* Thu Apr 04 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-4.1
+- Rebuild for z-stream (#1690306)
+
+* Wed Mar 27 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-4
+- Bump release number (#1688892)
+
+* Mon Mar 18 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-3
+- Rework fix for OpenSSL initialization segfault (#1688892)
+
+* Fri Mar 15 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-2
+- Fix OpenSSL initialization segfault (#1688892)
+
+* Mon Nov 26 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.10-1
+- Update to 2.0.10 (#1631816)
+
+* Mon Oct 08 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.7-2
+- Remove BuildRequires for ipset-devel
+
+* Tue Oct 02 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.7-1
+- Update to 2.0.7 (#1631816)
+
+* Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 2.0.6-2
+- Rebuild for Net-SNMP
+
+* Wed Jul 25 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.6-1
+- Update to 2.0.6
+
+* Tue Jul 03 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.5-1
+- Update to 2.0.5
+
+* Thu Apr 19 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.3-1
+- Update to 1.4.3 (#1565388)
+
+* Wed Mar 07 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.2-1
+- Update to 1.4.2 (#1539269)
+
+* Mon Jan 29 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.1-1
+- Update to 1.4.1 (#1539269)
+
+* Fri Jan 05 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.0-1
+- Update to 1.4.0 (#1529802)
+
+* Wed Oct 25 2017 Ryan O'Hara <rohara@redhat.com> - 1.3.9-1
+- Update to 1.3.9 (#1497576)
+
+* Mon Sep 11 2017 Ryan O'Hara <rohara@redhat.com> - 1.3.6-1
+- Update to 1.3.6 (#1481471)
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sun Mar 26 2017 Ryan O'Hara <rohara@redhat.com> - 1.3.5-1
+- Update to 1.3.5 (#1422063)
+
+* Sun Feb 05 2017 Kalev Lember <klember@redhat.com> - 1.3.2-2
+- Rebuilt for libxtables soname bump
+
+* Mon Nov 28 2016 Ryan O'Hara <rohara@redhat.com> - 1.3.2-1
+- Update to 1.3.2 (#1396857)
+
+* Fri Sep 16 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.24-3
+- Add BuildRequires for iptables-devel (#1361686)
+
+* Fri Sep 16 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.24-2
+- Fix configure script
+
+* Thu Sep 15 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.24-1
+- Update to 1.2.24 (#1376254)
+
+* Wed Jul 13 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.23-1
+- Update to 1.2.23 (#1354696)
+
+* Wed Jun 15 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.22-1
+- Update to 1.2.22 (#1346509)
+
+* Tue Jun 14 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.21-3
+- Remove net-snmp U64 typedef
+
+* Fri Jun 03 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.21-2
+- Remove unnecessary BuildRequires (#1327873)
+
+* Fri Jun 03 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.21-1
+- Update to 1.2.21 (#1341372)
+
+* Sun Apr 10 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.20-2
+- Install VRRP MIB
+
+* Mon Apr 04 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.20-1
+- Update to 1.2.20 (#1323526)
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.19-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Sat Jan 23 2016 Ryan O'Hara <rohara@redhat.com> - 1.2.19-3
+- Add PIDFile to systemd unit file (#1280437)
+
+* Wed Jul 29 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.2.19-2
+- Rebuilt for rpm 4.12.90
+
+* Wed Jul 15 2015 Ryan O'Hara <rohara@redhat.com> - 1.2.19-1
+- Update to 1.2.19 (#1240863)
+
+* Wed Jul 01 2015 Ryan O'Hara <rohara@redhat.com> - 1.2.18-1
+- Update to 1.2.18 (#1237377)
+
+* Tue Jun 23 2015 Ryan O'Hara <rohara@redhat.com> - 1.2.17-5
+- Revert patch that changed VRRP notify scripts to list (#1232073)
+
+* Wed Jun 17 2015 Ryan O'Hara <rohara@redhat.com> - 1.2.17-4
+- Fix multiple VRRP instances with same interface (#1232408)
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.17-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Jun 01 2015 Ryan O'Hara <rohara@redhat.com> - 1.2.17-2
+- Add VRRP MIB file
+
+* Mon Jun 01 2015 Ryan O'Hara <rohara@redhat.com> - 1.2.17-1
+- Update to 1.2.17
+
+* Wed Apr 01 2015 Ryan O'Hara <rohara@redhat.com> - 1.2.16-1
+- Update to 1.2.16
+
+* Wed Mar 18 2015 Ryan O'Hara <rohara@redhat.com> - 1.2.15-3
+- Revert previous preempt extension (#1202584)
+
+* Tue Jan 13 2015 Ryan O'Hara <rohara@redhat.com> - 1.2.15-2
+- Depend on network-online.target systemd unit (#1181097)
+
+* Tue Dec 23 2014 Ryan O'Hara <rohara@redhat.com> - 1.2.15-1
+- Update to 1.2.15
+
+* Tue Dec 16 2014 Ryan O'Hara <rohara@redhat.com> - 1.2.14-1
+- Update to 1.2.14
+
+* Tue Oct 28 2014 Ryan O'Hara <rohara@redhat.com> - 1.2.13-4
+- Create /usr/libexec/keepalived directory (#1158113)
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.13-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue May 13 2014 Ryan O'Hara <rohara@redhat.com> - 1.2.13-1
+- Update to 1.2.13
+
+* Mon Feb 10 2014 Ryan O'Hara <rohara@redhat.com> - 1.2.12-1
+- Update to 1.2.12
+
+* Mon Feb 03 2014 Ryan O'Hara <rohara@redhat.com> - 1.2.11-1
+- Update to 1.2.11
+
+* Mon Jan 13 2014 Ryan O'Hara <rohara@redhat.com> - 1.2.10-1
+- Update to 1.2.10
+
+* Mon Nov 11 2013 Ryan O'Hara <rohara@redhat.com> - 1.2.9-1
+- Update to 1.2.9.
+
+* Thu Sep 19 2013 Ryan O'Hara <rohara@redhat.com> - 1.2.8-2
+- Bump release and rebuild.
+
+* Thu Sep 05 2013 Ryan O'Hara <rohara@redhat.com> - 1.2.8-1
+- Update to 1.2.8.
+
+* Mon Aug 19 2013 Ryan O'Hara <rohara@redhat.com> - 1.2.7-10
+- Add To header for SMTP alerts (#967641)
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.7-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Mon Jul 22 2013 Ryan O'Hara <rohara@redhat.com> - 1.2.7-8
+- Fix macro in keepalived.conf.5 man page.
+
+* Mon Jul 22 2013 Ryan O'Hara <rohara@redhat.com> - 1.2.7-7
+- Fix systemd requirements.
+
+* Mon Jul 22 2013 Ryan O'Hara <rohara@redhat.com> - 1.2.7-6
+- Install the systemd unit file, not the init script.
+
+* Mon Apr 22 2013 Ryan O'Hara <rohara@redhat.com> - 1.2.7-5
+- Build with PIE flags (#955150)
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.7-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Jan 2 2013 Ryan O'Hara <rohara@redhat.com> - 1.2.7-3
+- Update spec file.
+- Add option to prevent respawn of child processes.
+- Remove duplicate command-line option code.
+- Use popt to generate usage message.
+- Fix pointer arithmetic for VRRP packets.
+- Fix comparison of primary IP address.
+- Fix loading of SSL certificate.
+- Fix typo in error message.
+- Update FSF address in GPLv2 license.
+- Remove debug message from if_get_by_ifname.
+
+* Mon Sep 24 2012 Václav Pavlín <vpavlin@redhat.com> - 1.2.7-2
+- Scriptlets replaced with new systemd macros (#850173).
+
+* Tue Sep 04 2012 Ryan O'Hara <rohara@redhat.com> - 1.2.7-1
+- Update to 1.2.7.
+- Fix systemd service file (#769726).
+
+* Mon Aug 20 2012 Ryan O'Hara <rohara@redhat.com> - 1.2.6-1
+- Update to 1.2.6.
+
+* Tue Aug 14 2012 Ryan O'Hara <rohara@redhat.com> - 1.2.5-2
+- Install KEEPALIVED-MIB as KEEPALIVED-MIB.txt.
+
+* Mon Aug 13 2012 Ryan O'Hara <rohara@redhat.com> - 1.2.5-1
+- Update to 1.2.5.
+
+* Wed Aug 01 2012 Ryan O'Hara <rohara@redhat.com> - 1.2.4-1
+- Update to 1.2.4.
+
+* Mon Jul 23 2012 Ryan O'Hara <rohara@redhat.com> - 1.2.3-1
+- Update to 1.2.3.
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue May 08 2012 Ryan O'Hara <rohara@redhat.com> - 1.2.2-5
+- Fix IPv4 address comparison (#768119).
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Sep 19 2011 Tom Callaway <spot@fedoraproject.org> - 1.2.2-3
+- convert to systemd
+- fix ip_vs.h path searching in configure
+
+* Tue Jul 12 2011 Matthias Saou <http://freshrpms.net/> 1.2.2-2
+- Build against libnl for Fedora. RHEL's libnl is too old.
+
+* Sat May 21 2011 Matthias Saou <http://freshrpms.net/> 1.2.2-1
+- Update to 1.2.2.
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.20-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Sun Jan 16 2011 Dan Horák <dan[at]danny.cz> 1.1.20-2
+- exclude arches where we don't provide 32-bit kernel
+
+* Tue Jan 11 2011 Matthias Saou <http://freshrpms.net/> 1.2.1-1
+- Update to 1.2.1, now with IPv6 support.
+
+* Sun May 23 2010 Matthias Saou <http://freshrpms.net/> 1.1.20-1
+- Update to 1.1.20 (#589923).
+- Update BR conditional for RHEL6.
+- No longer include goodies/arpreset.pl, it's gone from the sources.
+
+* Tue Dec  8 2009 Matthias Saou <http://freshrpms.net/> 1.1.19-3
+- Update init script to have keepalived start after the local MTA (#526512).
+- Simplify the kernel source detection, to avoid running rpm from rpmbuild.
+
+* Tue Nov 24 2009 Matthias Saou <http://freshrpms.net/> 1.1.19-2
+- Include patch to remove obsolete -k option to modprobe (#528465).
+
+* Wed Oct 21 2009 Matthias Saou <http://freshrpms.net/> 1.1.19-1
+- Update to 1.1.19.
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.1.17-3
+- rebuilt with new openssl
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.17-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Sun Apr 12 2009 Matthias Saou <http://freshrpms.net/> 1.1.17-1
+- Update to 1.1.17.
+- Update init script all the way.
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 1.1.15-7
+- rebuild with new openssl
+
+* Mon Dec 22 2008 Matthias Saou <http://freshrpms.net/> 1.1.15-6
+- Fork the init script to be (mostly for now) LSB compliant (#246966).
+
+* Thu Apr 24 2008 Matthias Saou <http://freshrpms.net/> 1.1.15-5
+- Add glob to the kerneldir location, since it contains the arch for F9+.
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org>
+- Autorebuild for GCC 4.3
+
+* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org>
+- Rebuild for deps
+
+* Mon Oct 22 2007 Matthias Saou <http://freshrpms.net/> 1.1.15-2
+- Update to latest upstream sources, identical except for the included spec.
+
+* Mon Sep 17 2007 Matthias Saou <http://freshrpms.net/> 1.1.15-1
+- Update to 1.1.15.
+- Remove merged genhashman and include patches.
+
+* Fri Sep 14 2007 Matthias Saou <http://freshrpms.net/> 1.1.14-2
+- Include patch from Shinji Tanaka to fix conf include from inside some
+  directives like vrrp_instance.
+
+* Thu Sep 13 2007 Matthias Saou <http://freshrpms.net/> 1.1.14-1
+- Update to 1.1.14.
+- Remove all upstreamed patches.
+- Remove our init script and sysconfig files, use the same now provided by the
+  upstream package (will need to patch for LSB stuff soonish).
+- Include new goodies/arpreset.pl in %%doc.
+- Add missing scriplet requirements.
+
+* Wed Aug 22 2007 Matthias Saou <http://freshrpms.net/> 1.1.13-8
+- Rebuild for new BuildID feature.
+
+* Sun Aug  5 2007 Matthias Saou <http://freshrpms.net/> 1.1.13-7
+- Update License field.
+
+* Mon Mar 26 2007 Matthias Saou <http://freshrpms.net/> 1.1.13-6
+- Fix doc/samples/sample.misccheck.smbcheck.sh mode (600 -> 644).
+
+* Thu Mar 22 2007 Matthias Saou <http://freshrpms.net/> 1.1.13-5
+- Include types patch to fix compile on F7 (David Woodhouse).
+- Fix up file modes (main binary 700 -> 755 and config 600 -> 640).
+
+* Tue Feb 13 2007 Matthias Saou <http://freshrpms.net/> 1.1.13-4
+- Add missing \n to the kernel define, for when multiple kernels are installed.
+- Pass STRIP=/bin/true to "make" in order to get a useful debuginfo package.
+
+* Tue Feb 13 2007 Matthias Saou <http://freshrpms.net/> 1.1.13-3
+- Add %%check section to make sure any build without LVS support will fail.
+
+* Mon Feb  5 2007 Matthias Saou <http://freshrpms.net/> 1.1.13-2
+- Use our own init script, include a sysconfig entry used by it for options.
+
+* Thu Jan 25 2007 Matthias Saou <http://freshrpms.net/> 1.1.13-1
+- Update to 1.1.13.
+- Change mode of configuration file to 0600.
+- Don't include all of "doc" since it meant re-including all man pages.
+- Don't include samples in the main configuration path, they're in %%doc.
+- Include patch to add an optional label to interfaces.
+
+* Sat Apr 08 2006 Dries Verachtert <dries@ulyssis.org> - 1.1.12-1.2
+- Rebuild for Fedora Core 5.
+
+* Sun Mar 12 2006 Dag Wieers <dag@wieers.com> - 1.1.12-1
+- Updated to release 1.1.12.
+
+* Fri Mar 04 2005 Dag Wieers <dag@wieers.com> - 1.1.11-1
+- Updated to release 1.1.11.
+
+* Wed Feb 23 2005 Dag Wieers <dag@wieers.com> - 1.1.10-2
+- Fixed IPVS/LVS support. (Joe Sauer)
+
+* Tue Feb 15 2005 Dag Wieers <dag@wieers.com> - 1.1.10-1
+- Updated to release 1.1.10.
+
+* Mon Feb 07 2005 Dag Wieers <dag@wieers.com> - 1.1.9-1
+- Updated to release 1.1.9.
+
+* Sun Oct 17 2004 Dag Wieers <dag@wieers.com> - 1.1.7-2
+- Fixes to build with kernel IPVS support. (Tim Verhoeven)
+
+* Fri Sep 24 2004 Dag Wieers <dag@wieers.com> - 1.1.7-1
+- Updated to release 1.1.7. (Mathieu Lubrano)
+
+* Mon Feb 23 2004 Dag Wieers <dag@wieers.com> - 1.1.6-0
+- Updated to release 1.1.6.
+
+* Mon Jan 26 2004 Dag Wieers <dag@wieers.com> - 1.1.5-0
+- Updated to release 1.1.5.
+
+* Mon Dec 29 2003 Dag Wieers <dag@wieers.com> - 1.1.4-0
+- Updated to release 1.1.4.
+
+* Fri Jun 06 2003 Dag Wieers <dag@wieers.com> - 1.0.3-0
+- Initial package. (using DAR)
+