import UBI keepalived-2.2.8-9.el10

2025-05-14 14:59:57 +00:00
14 changed files with 201 additions and 598 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/keepalived-2.1.5.tar.gz
+keepalived-2.2.8.tar.gz
--- a/.keepalived.metadata
+++ b/.keepalived.metadata
@ -1 +0,0 @@
-54128bc7b4f8b920028af4691be9013f25393a99 SOURCES/keepalived-2.1.5.tar.gz
--- a/SOURCES/RHEL-66742.patch
+++ b/SOURCES/RHEL-66742.patch
@ -1,41 +0,0 @@
-commit d2f5e5595a511ff62934c77cb62f82bdb2320e29
-Author: Yonglong Li <liyonglong@chinatelecom.cn>
-Date:   Fri Dec 29 11:03:08 2023 +0800
-
-    lvs: if lost misc check child register checker agagin
-    
-    issue: misc check_child_thread timeout and remove child_pid
-    form rb_data, timeout callback of check_child_thread is not be
-    called, if at this time misc script done and exit, and child
-    termination will do nothing because child_pid was remove form
-    rb_data. in this case timeou callback will not register checker
-    again, the checker will lost.
-    
-    fix: if lost misc check child register checker again
-    
-    Signed-off-by: Yonglong Li <liyonglong@chinatelecom.cn>
-
-diff --git a/keepalived/check/check_misc.c b/keepalived/check/check_misc.c
-index b2260d5f..c388e89d 100644
--- a/keepalived/check/check_misc.c
-+++ b/keepalived/check/check_misc.c
-@@ -337,9 +337,10 @@ misc_check_child_thread(thread_ref_t thread)
- 					/* The process does not exist, and we should
- 					 * have reaped its exit status, otherwise it
- 					 * would exist as a zombie process. */
-					log_message(LOG_INFO, "Misc script %s child (PID %d) lost", misck_checker->script.args[0], pid);
-+					log_message(LOG_INFO, "Misc script %s child (PID %d) lost, register checker again", misck_checker->script.args[0], pid);
- 					misck_checker->state = SCRIPT_STATE_IDLE;
- 					timeout = 0;
-+					goto recheck;
- 				} else {
- 					log_message(LOG_INFO, "kill -%d of process %s(%d) with new state %u failed with errno %d", sig_num, misck_checker->script.args[0], pid, misck_checker->state, errno);
- 					timeout = 1000;
-@@ -488,6 +489,7 @@ misc_check_child_thread(thread_ref_t thread)
- 		}
- 	}
- 
-+recheck:
- 	/* Register next timer checker */
- 	next_time = timer_add_long(misck_checker->last_ran, checker->retry_it ? checker->delay_before_retry : checker->delay_loop);
- 	next_time = timer_sub_now(next_time);
--- a/SOURCES/RHEL-7694-dep.patch
+++ b/SOURCES/RHEL-7694-dep.patch
@ -1,23 +0,0 @@
-commit 4a56ddf74b310d75c31bb98fee6f6789b04f6891
-Author: Quentin Armitage <quentin@armitage.org.uk>
-Date:   Mon Jul 20 07:03:54 2020 +0100
-
-    vrrp: Fix building without VMAC support
-    
-    Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
-
-diff --git a/keepalived/vrrp/vrrp_parser.c b/keepalived/vrrp/vrrp_parser.c
-index 1d19c684..3e05f698 100644
--- a/keepalived/vrrp/vrrp_parser.c
-+++ b/keepalived/vrrp/vrrp_parser.c
-@@ -412,9 +412,9 @@ vrrp_handler(const vector_t *strvec)
- static void
- vrrp_end_handler(void)
- {
-#ifdef _HAVE_VRRP_VMAC_
- 	vrrp_t *vrrp = list_last_entry(&vrrp_data->vrrp, vrrp_t, e_list);
- 
-+#ifdef _HAVE_VRRP_VMAC_
- 	if (!list_empty(&vrrp->unicast_peer) && vrrp->vmac_flags) {
- 		report_config_error(CONFIG_GENERAL_ERROR, "(%s): Cannot use VMAC/ipvlan with unicast peers - clearing use_vmac", vrrp->iname);
- 		vrrp->vmac_flags = 0;
--- a/SOURCES/RHEL-7694.patch
+++ b/SOURCES/RHEL-7694.patch
@ -1,97 +0,0 @@
-commit 97429b3b7e6ec2f5b9c93a5d507b152bab30f919
-Author: Quentin Armitage <quentin@armitage.org.uk>
-Date:   Wed Sep 16 15:35:44 2020 +0100
-
-    vrrp: Fix using VMACs with unicast peers
-    
-    Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
-
-diff --git a/doc/man/man5/keepalived.conf.5 b/doc/man/man5/keepalived.conf.5
-index e6b230c6..83a5915f 100644
--- a/doc/man/man5/keepalived.conf.5
-+++ b/doc/man/man5/keepalived.conf.5
-@@ -1359,6 +1359,8 @@ The syntax for vrrp_instance is :
-     # all.rp_filter, as will default.rp_filter, and all.rp_filter
-     # will be set to 0.
-     # The original settings are restored on termination.
-+    # \fBNOTE 2\fR: If using use_vmac with unicast peers,
-+    # vmac_xmit_base must be set.
-     \fBuse_vmac \fR[<VMAC_INTERFACE>]
- 
-     # Send/Recv VRRP messages from base interface instead of
-diff --git a/keepalived/vrrp/vrrp_parser.c b/keepalived/vrrp/vrrp_parser.c
-index 5cf1eea1..d1e2d8ea 100644
--- a/keepalived/vrrp/vrrp_parser.c
-+++ b/keepalived/vrrp/vrrp_parser.c
-@@ -416,9 +416,14 @@ vrrp_end_handler(void)
- 
- #ifdef _HAVE_VRRP_VMAC_
- 	if (!list_empty(&vrrp->unicast_peer) && vrrp->vmac_flags) {
-		report_config_error(CONFIG_GENERAL_ERROR, "(%s): Cannot use VMAC/ipvlan with unicast peers - clearing use_vmac", vrrp->iname);
-		vrrp->vmac_flags = 0;
-		vrrp->vmac_ifname[0] = '\0';
-+		if (!vrrp->ifp) {
-+			report_config_error(CONFIG_GENERAL_ERROR, "(%s): Cannot use VMAC/ipvlan with unicast peers and no interface - clearing use_vmac", vrrp->iname);
-+			vrrp->vmac_flags = 0;
-+			vrrp->vmac_ifname[0] = '\0';
-+		} else if (!__test_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags)) {
-+			report_config_error(CONFIG_GENERAL_ERROR, "(%s) unicast with use_vmac requires vmac_xmit_base - setting", vrrp->iname);
-+			__set_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags);
-+		}
- 	}
- #endif
- 
-diff --git a/keepalived/vrrp/vrrp_scheduler.c b/keepalived/vrrp/vrrp_scheduler.c
-index 2fb859e1..d9271720 100644
--- a/keepalived/vrrp/vrrp_scheduler.c
-+++ b/keepalived/vrrp/vrrp_scheduler.c
-@@ -459,17 +459,17 @@ vrrp_create_sockpool(list_head_t *l)
- 	struct sockaddr_storage *unicast_src;
- 
- 	list_for_each_entry(vrrp, &vrrp_data->vrrp, e_list) {
-		if (list_empty(&vrrp->unicast_peer)) {
-			ifp =
-#ifdef _HAVE_VRRP_VMAC_
-			      (__test_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags)) ? vrrp->configured_ifp :
-#endif
-											vrrp->ifp;
-+		if (list_empty(&vrrp->unicast_peer))
- 			unicast_src = NULL;
-		} else {
-+		else
- 			unicast_src = &vrrp->saddr;
-			ifp = vrrp->ifp;
-		}
-+
-+		ifp =
-+#ifdef _HAVE_VRRP_VMAC_
-+		      (__test_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags)) ? vrrp->configured_ifp :
-+#endif
-+										vrrp->ifp;
-+
- 		proto = IPPROTO_VRRP;
- #if defined _WITH_VRRP_AUTH_
- 		if (vrrp->auth_type == VRRP_AUTH_AH)
-@@ -607,13 +607,6 @@ vrrp_lower_prio_gratuitous_arp_thread(thread_ref_t thread)
- 	vrrp_send_link_update(vrrp, vrrp->garp_lower_prio_rep);
- }
- 
-static void
-vrrp_master(vrrp_t * vrrp)
-{
-	/* Send the VRRP advert */
-	vrrp_state_master_tx(vrrp);
-}
-
- void
- try_up_instance(vrrp_t *vrrp, bool leaving_init)
- {
-@@ -802,7 +795,7 @@ vrrp_dispatcher_read_timeout(sock_t *sock)
- 			vrrp_goto_master(vrrp);
- 		}
- 		else if (vrrp->state == VRRP_STATE_MAST)
-			vrrp_master(vrrp);
-+			vrrp_state_master_tx(vrrp);
- 
- 		/* handle instance synchronization */
- #ifdef _TSM_DEBUG_
--- a/SOURCES/RHEL-7699.patch
+++ b/SOURCES/RHEL-7699.patch
@ -1,40 +0,0 @@
-commit e2b4d108d68ada3af8ad437e2e291fcac1fd0ff7
-Author: Quentin Armitage <quentin@armitage.org.uk>
-Date:   Tue Oct 20 11:24:48 2020 +0100
-
-    ipvs: Allow real servers to be specified with a weight of 0
-    
-    This currently only really makes sense when also having a FILE_CHECK
-    with non-zero weight configured, or a MISC_CHECK with "misc_dynamic",
-    since otherwise there is no way that the weight of the real server can
-    be changed to be non-zero.
-    
-    Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
-
-diff --git a/keepalived/check/ipwrapper.c b/keepalived/check/ipwrapper.c
-index a4c40d6c..4b9ccb6f 100644
--- a/keepalived/check/ipwrapper.c
-+++ b/keepalived/check/ipwrapper.c
-@@ -410,8 +410,8 @@ init_service_rs(virtual_server_t *vs)
- 					rs->num_failed_checkers++;
- 			}
- 
-			if (rs->effective_weight < 1)
-				rs->weight = 1;
-+			if (rs->effective_weight < 0)
-+				rs->weight = 0;
- 			else if (rs->effective_weight > IPVS_WEIGHT_MAX - 1)
- 				rs->weight = IPVS_WEIGHT_MAX - 1;
- 			else
-@@ -667,9 +667,8 @@ update_svr_wgt(int weight, virtual_server_t * vs, real_server_t * rs
- {
- 	rs->effective_weight = weight;
- 
-/* TODO - handle weight = 0 - ? affects quorum */
-	if (weight <= 0)
-		weight = 1;
-+	if (weight < 0)
-+		weight = 0;
- #if IPVS_WEIGHT_MAX != INT_MAX
- 	else if (weight > IPVS_WEIGHT_MAX)
- 		weight = IPVS_WEIGHT_MAX;
--- a/SOURCES/bz1977716-revert-explicit-set-LOG_USER-facility.patch
+++ b/SOURCES/bz1977716-revert-explicit-set-LOG_USER-facility.patch
@ -1,55 +0,0 @@
-From ff476e860e91c1a814ac038ee16790a2a5b950af Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Mon, 18 Jan 2021 14:38:15 +0000
-Subject: [PATCH 1/2] Revert "Explicitly set LOG_USER log facility when
- syslogging"
-
-This reverts commit db3bcf7b891881e8e70954424f0fe88ec7d37ce0.
-
-This commit was just plain wrong. The facility should default to
-LOG_DAEMON (see keepalived(8) man page), but if --log-facility is
-specified, that is the facility to which log entries should be logged.
---
- lib/logger.c | 5 +----
- lib/logger.h | 2 +-
- 2 files changed, 2 insertions(+), 5 deletions(-)
-
-diff --git a/lib/logger.c b/lib/logger.c
-index a0cc2048..34c83f32 100644
--- a/lib/logger.c
-+++ b/lib/logger.c
-@@ -133,7 +133,7 @@ block_signals(sigset_t *cur_set)
- #endif
- 
- void
-vlog_message(int facility, const char* format, va_list args)
-+vlog_message(const int facility, const char* format, va_list args)
- {
- #ifndef HAVE_SIGNALFD
- 	sigset_t cur_set;
-@@ -213,9 +213,6 @@ vlog_message(int facility, const char* format, va_list args)
- 			restore_signals = true;
- #endif
- 
-		if (!(facility & LOG_FACMASK))
-			facility |= LOG_USER;
-
- #if HAVE_VSYSLOG
- 		vsyslog(facility, format, args);
- #else
-diff --git a/lib/logger.h b/lib/logger.h
-index 7536536a..20b2a7e4 100644
--- a/lib/logger.h
-+++ b/lib/logger.h
-@@ -44,7 +44,7 @@ extern void open_log_file(const char *, const char *, const char *, const char *
- extern void flush_log_file(void);
- extern void update_log_file_perms(mode_t);
- #endif
-extern void vlog_message(int facility, const char* format, va_list args)
-+extern void vlog_message(const int facility, const char* format, va_list args)
- 	__attribute__ ((format (printf, 2, 0)));
- extern void log_message(int priority, const char* format, ...)
- 	__attribute__ ((format (printf, 2, 3)));
-- 
-2.31.1
-
--- a/SOURCES/bz1977716-use-LOG_DAEMON-facility-by-default.patch
+++ b/SOURCES/bz1977716-use-LOG_DAEMON-facility-by-default.patch
@ -1,165 +0,0 @@
-From 75ea1d31c17f4bb3a73590167658310bc9f67149 Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Mon, 18 Jan 2021 14:57:30 +0000
-Subject: [PATCH 2/2] all: log to LOG_DAEMON facility by default
-
-keepalived(8) man page states that the default log facility is LOG_DAEMON.
-Commit db3bcf7 - "Explicitly set LOG_USER log facility when syslogging"
-incorrectly set the facility to LOG_USER, and that has now been reverted.
-However, with that reverted, by default the VRRP process logs to LOG_LOCAL1
-and the checker and BFD processes log to LOG_LOCAL2, contrary to the
-documentation.
-
-Since no-one has commented that logs were not going to LOG_LOCAL1/2 since
-commit db3bcf7 (April 28 2020), it is safe to assume that no-one was relying
-on that. This commit therefore reverts to the documentation and by default
-logs everything to the LOG_DAEMON facility.
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
---
- keepalived/bfd/bfd_daemon.c     |  3 +--
- keepalived/check/check_daemon.c |  3 +--
- keepalived/core/main.c          |  7 +++----
- keepalived/include/main.h       |  1 -
- keepalived/vrrp/vrrp_daemon.c   |  3 +--
- lib/logger.c                    |  2 ++
- lib/logger.h                    | 10 ++++++++++
- 7 files changed, 18 insertions(+), 11 deletions(-)
-
-diff --git a/keepalived/bfd/bfd_daemon.c b/keepalived/bfd/bfd_daemon.c
-index cf74eee3..47d87892 100644
--- a/keepalived/bfd/bfd_daemon.c
-+++ b/keepalived/bfd/bfd_daemon.c
-@@ -396,8 +396,7 @@ start_bfd_child(void)
- 
- 	/* Opening local BFD syslog channel */
- 	if (!__test_bit(NO_SYSLOG_BIT, &debug))
-		openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0)
-				    , (log_facility==LOG_DAEMON) ? LOG_LOCAL2 : log_facility);
-+		open_syslog(syslog_ident);
- 
- #ifdef ENABLE_LOG_TO_FILE
- 	if (log_file_name)
-diff --git a/keepalived/check/check_daemon.c b/keepalived/check/check_daemon.c
-index 5e03cc4c..63bdf07b 100644
--- a/keepalived/check/check_daemon.c
-+++ b/keepalived/check/check_daemon.c
-@@ -689,8 +689,7 @@ start_check_child(void)
- 
- 	/* Opening local CHECK syslog channel */
- 	if (!__test_bit(NO_SYSLOG_BIT, &debug))
-		openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0)
-				    , (log_facility==LOG_DAEMON) ? LOG_LOCAL2 : log_facility);
-+		open_syslog(syslog_ident);
- 
- #ifdef ENABLE_LOG_TO_FILE
- 	if (log_file_name)
-diff --git a/keepalived/core/main.c b/keepalived/core/main.c
-index be4488ea..756b2f12 100644
--- a/keepalived/core/main.c
-+++ b/keepalived/core/main.c
-@@ -149,7 +149,6 @@ static const struct child_term children_term[] = {
- /* global var */
- const char *version_string = VERSION_STRING;		/* keepalived version */
- const char *conf_file = KEEPALIVED_CONFIG_FILE;		/* Configuration file */
-int log_facility = LOG_DAEMON;				/* Optional logging facilities */
- bool reload;						/* Set during a reload */
- const char *main_pidfile;				/* overrule default pidfile */
- static bool free_main_pidfile;
-@@ -2087,7 +2086,7 @@ keepalived_main(int argc, char **argv)
- 	umask(umask_val);
- 
- 	/* Open log with default settings so we can log initially */
-	openlog(PACKAGE_NAME, LOG_PID, log_facility);
-+	open_syslog(PACKAGE_NAME);
- 
- #ifdef _MEM_CHECK_
- 	mem_log_init(PACKAGE_NAME, "Parent process");
-@@ -2128,7 +2127,7 @@ keepalived_main(int argc, char **argv)
- 	if (parse_cmdline(argc, argv)) {
- 		closelog();
- 		if (!__test_bit(NO_SYSLOG_BIT, &debug))
-			openlog(PACKAGE_NAME, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0) , log_facility);
-+			open_syslog(PACKAGE_NAME);
- 	}
- 
- 	if (__test_bit(LOG_CONSOLE_BIT, &debug))
-@@ -2212,7 +2211,7 @@ keepalived_main(int argc, char **argv)
- 		if ((syslog_ident = make_syslog_ident(PACKAGE_NAME))) {
- 			log_message(LOG_INFO, "Changing syslog ident to %s", syslog_ident);
- 			closelog();
-			openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0), log_facility);
-+			open_syslog(syslog_ident);
- 		}
- 		else
- 			log_message(LOG_INFO, "Unable to change syslog ident");
-diff --git a/keepalived/include/main.h b/keepalived/include/main.h
-index 3e013bb6..6a34797b 100644
--- a/keepalived/include/main.h
-+++ b/keepalived/include/main.h
-@@ -51,7 +51,6 @@ enum daemon_bits {
- extern const char *version_string;	/* keepalived version */
- extern unsigned long daemon_mode;	/* Which child processes are run */
- extern const char *conf_file;		/* Configuration file */
-extern int log_facility;		/* Optional logging facilities */
- #ifdef _WITH_VRRP_
- extern pid_t vrrp_child;		/* VRRP child process ID */
- extern const char *vrrp_pidfile;	/* overrule default pidfile */
-diff --git a/keepalived/vrrp/vrrp_daemon.c b/keepalived/vrrp/vrrp_daemon.c
-index baa5f5f2..e22f8a81 100644
--- a/keepalived/vrrp/vrrp_daemon.c
-+++ b/keepalived/vrrp/vrrp_daemon.c
-@@ -974,8 +974,7 @@ start_vrrp_child(void)
- 		syslog_ident = PROG_VRRP;
- 
- 	if (!__test_bit(NO_SYSLOG_BIT, &debug))
-		openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0)
-				    , (log_facility==LOG_DAEMON) ? LOG_LOCAL1 : log_facility);
-+		open_syslog(syslog_ident);
- 
- #ifdef ENABLE_LOG_TO_FILE
- 	if (log_file_name)
-diff --git a/lib/logger.c b/lib/logger.c
-index 34c83f32..7fad8ac6 100644
--- a/lib/logger.c
-+++ b/lib/logger.c
-@@ -40,6 +40,8 @@
- /* Boolean flag - send messages to console as well as syslog */
- static bool log_console = false;
- 
-+int log_facility = LOG_DAEMON;				/* Optional logging facilities */
-+
- #ifdef ENABLE_LOG_TO_FILE
- /* File to write log messages to */
- const char *log_file_name;
-diff --git a/lib/logger.h b/lib/logger.h
-index 20b2a7e4..c6f29138 100644
--- a/lib/logger.h
-+++ b/lib/logger.h
-@@ -30,8 +30,13 @@
- #include <sys/stat.h>
- #endif
- 
-+#include "bitops.h"
-+#include "utils.h"
-+
- #define	MAX_LOG_MSG	255
- 
-+extern int log_facility;		/* Optional logging facilities */
-+
- #ifdef ENABLE_LOG_TO_FILE
- extern const char *log_file_name;
- #endif
-@@ -51,4 +56,9 @@ extern void log_message(int priority, const char* format, ...)
- extern void conf_write(FILE *fp, const char *format, ...)
- 	__attribute__ ((format (printf, 2, 3)));
- 
-+static inline void
-+open_syslog(const char *ident)
-+{
-+	openlog(ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0), log_facility);
-+}
- #endif
-- 
-2.31.1
-
--- a/SOURCES/bz2028350-fix-dbus-policy-restrictions.patch
+++ b/SOURCES/bz2028350-fix-dbus-policy-restrictions.patch
@ -1,41 +0,0 @@
-From 763eaa49343acdda5ff359012e8cc49c9ffc8e81 Mon Sep 17 00:00:00 2001
-From: Vincent Bernat <vincent@bernat.ch>
-Date: Tue, 23 Nov 2021 06:50:59 +0100
-Subject: [PATCH] dbus: fix policy to not be overly broad
-
-The DBus policy did not restrict the message destination, allowing any
-user to inspect and manipulate any property.
-
-Signed-off-by: Vincent Bernat <vincent@bernat.ch>
---
- keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
-index 2b78a575..b5ced608 100644
--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
-+++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
-@@ -3,12 +3,15 @@
-  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
- <busconfig>
- 	<policy user="root">
-		<allow own="org.keepalived.Vrrp1"/>
-		<allow send_destination="org.keepalived.Vrrp1"/>
-+		<allow own="org.keepalived.Vrrp1" />
-+		<allow send_destination="org.keepalived.Vrrp1" />
- 	</policy>
- 	<policy context="default">
-		<allow send_interface="org.freedesktop.DBus.Introspectable" />
-		<allow send_interface="org.freedesktop.DBus.Peer" />
-		<allow send_interface="org.freedesktop.DBus.Properties" />
-+		<allow send_destination="org.keepalived.Vrrp1"
-+		       send_interface="org.freedesktop.DBus.Introspectable" />
-+		<allow send_destination="org.keepalived.Vrrp1"
-+		       send_interface="org.freedesktop.DBus.Peer" />
-+		<allow send_destination="org.keepalived.Vrrp1"
-+		       send_interface="org.freedesktop.DBus.Properties" />
- 	</policy>
- </busconfig>
-- 
-2.33.1
-
--- a/SOURCES/bz2054249-fix-unweighted-track-scripts.patch
+++ b/SOURCES/bz2054249-fix-unweighted-track-scripts.patch
@ -1,41 +0,0 @@
-From d93b2051641ebfc4c5dcdc405ed0f26b9bcaa65a Mon Sep 17 00:00:00 2001
-From: Quentin Armitage <quentin@armitage.org.uk>
-Date: Sat, 25 Jul 2020 10:13:32 +0100
-Subject: [PATCH] vrrp: Don't remove unweighted track scripts from sync group
- members
-
-Commit 3390697 - "vrrp: rewrote framework using list_head_t design"
-cleared the track_script list for any vrrp instance that was in a
-sync group. This was due to the old list structure allocating memory
-which had to be freed if the list was empty, but that is no longer
-the case with list_head.
-
-Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
---
- keepalived/vrrp/vrrp.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/keepalived/vrrp/vrrp.c b/keepalived/vrrp/vrrp.c
-index c8967eef..c7ded6b4 100644
--- a/keepalived/vrrp/vrrp.c
-+++ b/keepalived/vrrp/vrrp.c
-@@ -3406,7 +3406,7 @@ vrrp_complete_instance(vrrp_t * vrrp)
- 		free_track_if_list(&vrrp->track_ifp);
- 
- 		/* Ignore any weighted script */
-		list_for_each_entry_safe(sc, sc_tmp, &vrrp->track_script,e_list) {
-+		list_for_each_entry_safe(sc, sc_tmp, &vrrp->track_script, e_list) {
- 			if (sc->weight) {
- 				report_config_error(CONFIG_GENERAL_ERROR, "(%s) ignoring "
- 									  "tracked script %s with weights due to %s"
-@@ -3417,7 +3417,6 @@ vrrp_complete_instance(vrrp_t * vrrp)
- 				free_track_script(sc);
- 			}
- 		}
-		free_track_script_list(&vrrp->track_script);
- 
- 		/* Set tracking files to unweighted if weight not explicitly set, otherwise ignore */
- 		list_for_each_entry_safe(tfl, tfl_tmp, &vrrp->track_file, e_list) {
-- 
-2.33.1
-
--- a/SOURCES/keepalived.service
+++ b/SOURCES/keepalived.service
@ -4,11 +4,12 @@ After=network-online.target syslog.target
 Wants=network-online.target

 [Service]
-Type=forking
-PIDFile=/var/run/keepalived.pid
+Type=notify
+NotifyAccess=all
+PIDFile=/run/keepalived.pid
 KillMode=process
 EnvironmentFile=-/etc/sysconfig/keepalived
-ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
+ExecStart=/usr/sbin/keepalived --dont-fork $KEEPALIVED_OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID

 [Install]
--- a/SPECS/keepalived.spec
+++ b/SPECS/keepalived.spec
@ -1,7 +1,8 @@
 %bcond_without snmp
 %bcond_without vrrp
 %bcond_without sha1
-%bcond_with iptables
+%bcond_without json
+%bcond_without nftables
 %bcond_with profile
 %bcond_with debug

@ -9,24 +10,15 @@

 Name: keepalived
 Summary: High Availability monitor built upon LVS, VRRP and service pollers
-Version: 2.1.5
-Release: 11%{?dist}
-License: GPLv2+
+Version: 2.2.8
+Release: 9%{?dist}
+License: GPL-2.0-or-later
 URL: http://www.keepalived.org/
-Group: System Environment/Daemons

 Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
 Source1: keepalived.service
-
-Patch1: bz1977716-revert-explicit-set-LOG_USER-facility.patch
-Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch
-Patch3: bz2028350-fix-dbus-policy-restrictions.patch
-Patch4: bz2054249-fix-unweighted-track-scripts.patch
-Patch5: RHEL-49561-validate-ipset-names-better.patch
-Patch6: RHEL-7694-dep.patch
-Patch7: RHEL-7694.patch
-Patch8: RHEL-7699.patch
-Patch9: RHEL-66742.patch
+#Patch0: keepalived-configure-c99.patch
+Patch1: validate-ipset-names-better.patch

 Requires(post): systemd
 Requires(preun): systemd
@ -35,16 +27,21 @@ Requires(postun): systemd
 %if %{with snmp}
 BuildRequires: net-snmp-devel
 %endif
-%if %{with iptables}
+%if %{with nftables}
+BuildRequires: libmnl-devel
+BuildRequires: libnftnl-devel
+%else
 BuildRequires: ipset-devel
 BuildRequires: iptables-devel
 %endif
 BuildRequires: gcc
-BuildRequires: automake
 BuildRequires: systemd-units
+BuildRequires: systemd-devel
 BuildRequires: openssl-devel
 BuildRequires: libnl3-devel
 BuildRequires: libnfnetlink-devel
+BuildRequires: file-devel
+BuildRequires: make

 %description
 Keepalived provides simple and robust facilities for load balancing
@ -61,24 +58,19 @@ can be used independently or all together to provide resilient
 infrastructures.

 %prep
-%setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
+%autosetup -p1
+
+# Prevent re-running autotools.
+touch aclocal.m4 Makefile.in lib/config.h.in configure

 %build
 %configure \
    %{?with_debug:--enable-debug} \
    %{?with_profile:--enable-profile} \
    %{!?with_vrrp:--disable-vrrp} \
-    %{!?with_iptables:--disable-libiptc --disable-ipset} \
    %{?with_snmp:--enable-snmp --enable-snmp-rfc} \
+    %{?with_nftables:--enable-nftables --disable-iptables} \
+    %{?with_json:--enable-json} \
    %{?with_sha1:--enable-sha1} \
    --with-init=systemd
 %{__make} %{?_smp_mflags} STRIP=/bin/true
@ -88,6 +80,8 @@ rm -rf %{buildroot}
 make install DESTDIR=%{buildroot}
 rm -rf %{buildroot}%{_initrddir}/
 rm -rf %{buildroot}%{_sysconfdir}/keepalived/samples/
+mv %{buildroot}%{_sysconfdir}/keepalived/keepalived.conf.sample \
+   %{buildroot}%{_sysconfdir}/keepalived/keepalived.conf
 %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/keepalived.service
 mkdir -p %{buildroot}%{_libexecdir}/keepalived

@ -101,7 +95,6 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
 %systemd_postun_with_restart keepalived.service

 %files
-%defattr(-,root,root,-)
 %attr(0755,root,root) %{_sbindir}/keepalived
 %config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/keepalived
 %config(noreplace) %attr(0644,root,root) %{_sysconfdir}/keepalived/keepalived.conf
@ -121,77 +114,178 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
 %{_mandir}/man8/keepalived.8*

 %changelog
+* Mon Dec  2 2024 Christine Caulfield <ccaulfie@redhat.com> - 2.2.8-9
+  Add gating.yaml from c9s
+  Related: RHEL-49565

-* Fri Jan 31 2025 Christine Caulfield <ccaulfie@redhat.com> - 2.1.5-11
- ipvs: Allow real servers to be specified with a weight of 0
-  Resolves: RHEL-7699
- vrrp: Fix using VMACs with unicast peers
-  Resolves: RHEL-7694
- lvs: if lost misc check child register checker again
-  Resolves: RHEL-66742
+* Fri Nov 29 2024 Christine Caulfield <ccaulfie@redhat.com> - 2.2.8-8
+- Fix name parsing for CVE-2024-41184
+  Resolves: RHEL-49565

-* Mon Dec  2 2024 Christine Caulfield <ccaulfie@redhat.com> - 2.1.5-10
- CVE-2024-41184
-  Resolves: RHEL-49561
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.2.8-7
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018

-* Thu Jul 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-9
- Fix removal of unweighted track scripts from sync group (#2054249)
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.2.8-6
+- Bump release for June 2024 mass rebuild

-* Tue Jan 18 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-8
- Fix DBus policy restrictions (#2028350, CVE-2021-44225)
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.8-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

-* Fri Oct 29 2021 Ryan O'Hara <rohara@redhat.com> - 2.1.5-7
- Fix log-facility option (#197716)
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.8-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

-* Tue Dec 15 2020 Ryan O'Hara <rohara@redhat.com> - 2.1.5-6
- Fix changelog
+* Fri Aug 04 2023 Ryan O'Hara <rohara@redhat.com> - 2.2.8-3
+- Migrate to SPDX license

-* Tue Oct 20 2020 Ryan O'Hara <rohara@redhat.com> - 2.1.5-5
- Update to 2.1.5 (#1889440)
- Fix intermittent child lost messages (#1868077)
-	
-* Tue Jun 16 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-11
- Fix vrrp_script execution (#1683438)
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

-* Mon Feb 24 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-10
- Disable libiptc/ipset (#1806642)
+* Thu Jun 08 2023 Ryan O'Hara <rohara@redhat.com> - 2.2.8-1
+- Update to 2.2.8 (#2211385)

-* Thu Jan 30 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-9
- Fix FAULT state when interface is renamed (#1792160)
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.7-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

-* Mon Jul 08 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-7
- Add gating tests (#1682114)
+* Tue Dec 20 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.7-5
+- Enable JSON support

-* Wed May 01 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-6
- Fix segfault when smtp alerts configured (#1693706)
- Fix double free when smtp_helo_name copied from local_name (#1693706)
+* Wed Dec  7 2022 Florian Weimer <fweimer@redhat.com> - 2.2.7-4
+- Fix spurious implicit function declaration in broken configure check

-* Wed Mar 27 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-5
- Bump release nummber (#1688892)
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

-* Mon Mar 18 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-3
- Rework fix for OpenSSL initialization segfault (#1688892)
+* Thu Jul 07 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.7-2
+- Move keepalived.conf.sample to keepalived.conf

-* Fri Mar 15 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-2
- Fix OpenSSL initialization segfault (#1688892)
+* Mon Feb 14 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.7-1
+- Update to 2.2.7 (#2041231)
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Dec 14 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.4-4
+- Fix dbus policy (#2027158, CVE-2021-44225)
+
+* Sat Nov 27 2021 Kevin Fenzi <kevin@scrye.com> - 2.2.4-3
+- Rebuild for new libnftnl
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.2.4-2
+- Rebuilt with OpenSSL 3.0.0
+
+* Mon Aug 23 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.4-1
+- Update to 2.2.4 (#1996274)
+
+* Sat Aug 14 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.3-1
+- Update to 2.2.3 (#1993601)
+
+* Tue Aug 03 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.2-5
+- Add systemd notify support
+
+* Tue Aug 03 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.2-4
+- Fix build errors (#1987620)
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon Apr 12 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.2-2
+- Add BuildRequires for file-devel
+
+* Wed Apr 07 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.2-1
+- Update to 2.2.2 (#1935590)
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.2.1-3
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jan 18 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.1-1
+- Update to 2.2.1 (#1917152)
+
+* Thu Jan 14 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.0-1
+- Update to 2.2.0 (#1914512)
+
+* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 2.1.5-3
+- Rebuilt for new net-snmp release
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 15 2020 Ryan O'Hara <rohara@redhat.com> - 2.1.5-1
+- Update to 2.1.5 (#1794135)
+
+* Tue Feb 18 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.20-3
+- Build with nftables support instead of iptables
+
+* Thu Feb 13 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.20-2
+- Remove unused patches
+
+* Wed Feb 12 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.20-1
+- Update to 2.0.20 (#1794135)
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.19-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Nov 12 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.19-4
+- Fix file descriptor errors on reload
+
+* Tue Nov 12 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.19-3
+- Fix track_process with PIDs over 32767 (#1770766)
+
+* Wed Nov 06 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.19-2
+- Enable nftables support (#1769278)
+
+* Wed Nov 06 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.19-1
+- Update to 2.0.19 (#1763424)
+
+* Tue Jul 30 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.18-2
+- Change pidfile directory (#1712730)
+
+* Tue Jul 30 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.18-1
+- Update to 2.0.18 (#1678397)
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.12-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jun 25 2019 Björn Esser <besser82@fedoraproject.org> - 2.0.12-2
+- Rebuilt (iptables)
+
+* Mon Feb 04 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.12-1
+- Update to 2.0.12 (#1576138)
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.11-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Jan 09 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.11-1
+- Update to 2.0.11

 * Mon Nov 26 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.10-1
- Update to 2.0.10 (#1631816)
-
-* Mon Oct 08 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.7-2
- Remove BuildRequires for ipset-devel
-
-* Tue Oct 02 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.7-1
- Update to 2.0.7 (#1631816)
-
-* Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 2.0.6-2
- Rebuild for Net-SNMP
+- Update to 2.0.10
+- Fix improper pathname validation (#1651864, CVE-2018-19044)
+- Fix insecure permissions when creating temporary files (#1651868, CVE-2018-19045)
+- Fix insecure use of temporary files (#1651870, CVE-2018-19046)
+- Fix buffer overflow when parsing HTTP status codes (#1651873, CVE-2018-19047)

 * Wed Jul 25 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.6-1
- Update to 2.0.6
+- Update to 2.0.6 (#1576138)
+
+* Tue Jul 24 2018 Adam Williamson <awilliam@redhat.com> - 2.0.5-3
+- Rebuild for new net-snmp
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

 * Tue Jul 03 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.5-1
- Update to 2.0.5
+- Update to 2.0.5 (#1576138)
+
+* Mon Jul 02 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.5-1
+- Update to 1.4.5
+
+* Thu May 10 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.4-1
+- Update to 1.4.4 (#1576138)

 * Thu Apr 19 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.3-1
 - Update to 1.4.3 (#1565388)
--- a/1
+++ b/1
@ -0,0 +1 @@
+SHA512 (keepalived-2.2.8.tar.gz) = dc0ab5b0ef8911a7859422eccc2771a40e942236c855a628158ed748eb5f7dc4b6f4850e9c3057e81fd9d2daa640ab51fb1d7af12748a613280a217b333eb06b
--- a/SOURCES/RHEL-49561-validate-ipset-names-better.patch
+++ b/SOURCES/RHEL-49561-validate-ipset-names-better.patch
@ -1,7 +1,19 @@
-diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patched/keepalived/core/global_parser.c
--- keepalived-2.1.5/keepalived/core/global_parser.c	2020-07-10 17:41:46.000000000 +0100
-+++ keepalived-2.1.5.patched/keepalived/core/global_parser.c	2024-12-02 14:06:44.469215491 +0000
-@@ -955,6 +955,22 @@
+Version of this patch from upstream
+
+--- keepalived-2.2.8/keepalived/core/commit e78513fe0ce5d83c226ea2c0bd222f375c2438e7
+Author: Quentin Armitage <quentin@armitage.org.uk>
+Date:   Fri Jul 12 15:16:47 2024 +0100
+
+    vrrp: Handle empty ipset names with vrrp_ipsets keyword
+    
+    We now handle empty ipset names and return a config error.
+    
+    Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+
+
+global_parser.c	2023-04-01 18:39:25.000000000 +0100
+++ keepalived-2.2.8.patched/keepalived/core/global_parser.c	2024-11-28 08:56:17.445615602 +0000
+@@ -1086,6 +1086,22 @@
 	}
 }
 #ifdef _HAVE_LIBIPSET_
@ -24,7 +36,7 @@ diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patch
 static void
 vrrp_ipsets_handler(const vector_t *strvec)
 {
-@@ -974,17 +990,13 @@
+@@ -1103,17 +1119,13 @@
 		return;
 	}
 
@ -44,7 +56,7 @@ diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patch
 		global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2));
 	}
 	else {
-@@ -995,10 +1007,8 @@
+@@ -1124,10 +1136,8 @@
 		global_data->vrrp_ipset_address6 = STRDUP(set_name);
 	}
 	if (vector_size(strvec) >= 4) {
@ -56,9 +68,9 @@ diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patch
 		global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3));
 	}
 	else {
-@@ -1014,10 +1024,8 @@
+@@ -1142,10 +1152,8 @@
+ 	}
 
- #ifdef HAVE_IPSET_ATTR_IFACE
 	if (vector_size(strvec) >= 5) {
 -		if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) {
 -			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored");
@ -68,7 +80,7 @@ diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patch
 		global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4));
 	}
 	else {
-@@ -1028,10 +1036,8 @@
+@@ -1156,10 +1164,8 @@
 		global_data->vrrp_ipset_igmp = STRDUP(set_name);
 	}
 	if (vector_size(strvec) >= 6) {
@ -80,4 +92,3 @@ diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patch
 		global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5));
 	}
 	else {
-Only in keepalived-2.1.5.patched/keepalived/core: global_parser.c.orig
				`@ -1 +0,0 @@`
				`54128bc7b4f8b920028af4691be9013f25393a99 SOURCES/keepalived-2.1.5.tar.gz`
				`@ -0,0 +1 @@`
				`SHA512 (keepalived-2.2.8.tar.gz) = dc0ab5b0ef8911a7859422eccc2771a40e942236c855a628158ed748eb5f7dc4b6f4850e9c3057e81fd9d2daa640ab51fb1d7af12748a613280a217b333eb06b`