import keepalived-2.0.10-11.el8

SOURCES/bz1683438-fix-vrrp_script-execution.patch

@@ -0,0 +1,51 @@
+From 4e60fead497c9e99953dd6106c6a5869182533cc Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Thu, 9 May 2019 19:23:46 +0100
+Subject: [PATCH] Don't enclose /dev/tcp/127.0.0.1/22 in ' chars when running
+ as script
+
+RedHat identified a problem with scripts like:
+    vrrp_script {
+        script "</dev/tcp/127.0.0.1/22"
+    }
+where returning an exit code of 127 (script not found).
+
+This was identified to be due to the "script" being enclosed in '
+characters, so the resulting system call was
+system("'</dev/tcp/127.0.0.1/22'"), which failed. Not adding the leading
+and trailing ' characters when the first character of the script is '<'
+or '>' resolves the problem.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ lib/notify.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/lib/notify.c b/lib/notify.c
+index 2f60e24c..1984bde3 100644
+--- a/lib/notify.c
++++ b/lib/notify.c
+@@ -130,10 +130,18 @@ cmd_str_r(const notify_script_t *script, char *buf, size_t len)
+ 
+ 		if (i)
+ 			*str_p++ = ' ';
+-		*str_p++ = '\'';
++
++		/* Allow special case of bash script which is redirection only to
++		 * test for file existence. */
++		if (i || (script->args[i][0] != '<' && script->args[i][0] != '>'))
++			*str_p++ = '\'';
++
+ 		strcpy(str_p, script->args[i]);
+ 		str_p += str_len;
+-		*str_p++ = '\'';
++
++		/* Close opening ' if we added one */
++		if (i || (script->args[i][0] != '<' && script->args[i][0] != '>'))
++			*str_p++ = '\'';
+ 	}
+ 	*str_p = '\0';
+ 
+-- 
+2.24.1
+

SOURCES/bz1792160-fix-fault-rename-interface.patch

@@ -0,0 +1,34 @@
+From 30eeb48b1a0737dc7443fd421fd6613e0d55fd17 Mon Sep 17 00:00:00 2001
+From: "Z. Liu" <liuzx@knownsec.com>
+Date: Tue, 18 Dec 2018 16:38:24 +0800
+Subject: [PATCH] Also skip route not configured with down interface
+
+Otherwise, if keepalived has virtual_routes configured, we create
+a virtual interface and bring it up and down, current code will bring
+VRRP state to FAULT and never return.
+
+ # ip tun add test mode ipip remote 10.0.0.1 local 10.0.0.2
+ # ip link set test up
+ # ip link set test down
+---
+ keepalived/vrrp/vrrp_if.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/keepalived/vrrp/vrrp_if.c b/keepalived/vrrp/vrrp_if.c
+index a2087ceb..6ae2666a 100644
+--- a/keepalived/vrrp/vrrp_if.c
++++ b/keepalived/vrrp/vrrp_if.c
+@@ -1051,7 +1051,9 @@ interface_down(interface_t *ifp)
+ 			/* Any route that has an oif will be tracking the interface,
+ 			 * so we only need to check for routes that dont specify an
+ 			 * oif */
+-			if (!route->oif && route->configured_ifindex != ifp->ifindex)
++			/* Don't track route if it's not configured with this down
++			 * interface. */
++			if (!route->oif || route->configured_ifindex != ifp->ifindex)
+ 				continue;
+ 
+ 			route->set = false;
+-- 
+2.24.1
+

SPECS/keepalived.spec

@@ -1,6 +1,7 @@
 %bcond_without snmp
 %bcond_without vrrp
 %bcond_without sha1
+%bcond_with iptables
 %bcond_with profile
 %bcond_with debug
 
@@ -9,7 +10,7 @@
 Name: keepalived
 Summary: High Availability monitor built upon LVS, VRRP and service pollers
 Version: 2.0.10
-Release: 4%{?dist}.2
+Release: 11%{?dist}
 License: GPLv2+
 URL: http://www.keepalived.org/
 Group: System Environment/Daemons
@@ -23,6 +24,8 @@ Patch3: bz1688892-fix-openssl-init-config-check.patch
 Patch4: bz1688892-fix-openssl-init-configure.patch
 Patch5: bz1693706-fix-smtp-alerts-segfault.patch
 Patch6: bz1693706-fix-smtp_helo_name-double-free.patch
+Patch7: bz1792160-fix-fault-rename-interface.patch
+Patch8: bz1683438-fix-vrrp_script-execution.patch
 
 Requires(post): systemd
 Requires(preun): systemd
@@ -31,13 +34,15 @@ Requires(postun): systemd
 %if %{with snmp}
 BuildRequires: net-snmp-devel
 %endif
+%if %{with iptables}
+BuildRequires: ipset-devel
+BuildRequires: iptables-devel
+%endif
 BuildRequires: gcc
 BuildRequires: automake
 BuildRequires: systemd-units
 BuildRequires: openssl-devel
 BuildRequires: libnl3-devel
-BuildRequires: ipset-devel
-BuildRequires: iptables-devel
 BuildRequires: libnfnetlink-devel
 
 %description
@@ -62,12 +67,15 @@ infrastructures.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
+%patch8 -p1
 
 %build
 %configure \
     %{?with_debug:--enable-debug} \
     %{?with_profile:--enable-profile} \
     %{!?with_vrrp:--disable-vrrp} \
+    %{!?with_iptables:--disable-libiptc --disable-ipset} \
     %{?with_snmp:--enable-snmp --enable-snmp-rfc} \
     %{?with_sha1:--enable-sha1} \
     --with-init=systemd
@@ -111,15 +119,24 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
 %{_mandir}/man8/keepalived.8*
 
 %changelog
-* Wed May 01 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-4.2
+* Tue Jun 16 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-11
+- Fix vrrp_script execution (#1683438)
+
+* Mon Feb 24 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-10
+- Disable libiptc/ipset (#1806642)
+
+* Thu Jan 30 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-9
+- Fix FAULT state when interface is renamed (#1792160)
+
+* Mon Jul 08 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-7
+- Add gating tests (#1682114)
+
+* Wed May 01 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-6
 - Fix segfault when smtp alerts configured (#1693706)
 - Fix double free when smtp_helo_name copied from local_name (#1693706)
 
-* Thu Apr 04 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-4.1
+* Wed Mar 27 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-5
-- Rebuild for z-stream (#1690306)
+- Bump release nummber (#1688892)
-
-* Wed Mar 27 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-4
-- Bump release number (#1688892)
 
 * Mon Mar 18 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-3
 - Rework fix for OpenSSL initialization segfault (#1688892)