rpms/keepalived
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:c8s
rpms:c10s
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c9/keepalived-2.2.8-4.el9_5
rpms:imports/c8/keepalived-2.1.5-10.el8_10
rpms:imports/c10s/keepalived-2.2.8-9.el10
rpms:imports/c10s/keepalived-2.2.8-7.el10
rpms:imports/c10s/keepalived-2.2.8-6.el10
rpms:imports/c9/keepalived-2.2.8-3.el9
rpms:imports/c9-beta/keepalived-2.2.8-3.el9
rpms:imports/c9/keepalived-2.2.4-6.el9
rpms:imports/c9-beta/keepalived-2.2.4-6.el9
rpms:imports/c8/keepalived-2.1.5-9.el8
rpms:imports/c9-beta/keepalived-2.2.4-2.el9
rpms:imports/c8-beta/keepalived-2.1.5-9.el8
rpms:imports/c8s/keepalived-2.1.5-9.el8
rpms:imports/c9/keepalived-2.2.4-2.el9
rpms:imports/c8/keepalived-2.1.5-8.el8
rpms:imports/c8-beta/keepalived-2.1.5-8.el8
rpms:imports/c8s/keepalived-2.1.5-8.el8
rpms:imports/c9-beta/keepalived-2.2.4-1.el9
rpms:imports/c8-beta/keepalived-2.1.5-6.el8
rpms:imports/c8-beta/keepalived-2.0.10-11.el8
rpms:imports/c8-beta/keepalived-2.0.10-4.el8_0.2
rpms:imports/c8s/keepalived-2.1.5-6.el8
rpms:imports/c8s/keepalived-2.0.10-11.el8_3.1
rpms:imports/c8s/keepalived-2.0.10-11.el8
rpms:imports/c8s/keepalived-2.0.10-10.el8
rpms:imports/c8/keepalived-2.1.5-6.el8
rpms:imports/c8/keepalived-2.0.10-11.el8_3.1
rpms:imports/c8/keepalived-2.0.10-11.el8
rpms:imports/c8/keepalived-2.0.10-10.el8
rpms:imports/c8/keepalived-2.0.10-4.el8_0.2
..
compare: rpms:c8-beta
Branches Tags
rpms:c9
rpms:c8s
rpms:c8
rpms:c10s
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c9/keepalived-2.2.8-4.el9_5
rpms:imports/c8/keepalived-2.1.5-10.el8_10
rpms:imports/c10s/keepalived-2.2.8-9.el10
rpms:imports/c10s/keepalived-2.2.8-7.el10
rpms:imports/c10s/keepalived-2.2.8-6.el10
rpms:imports/c9/keepalived-2.2.8-3.el9
rpms:imports/c9-beta/keepalived-2.2.8-3.el9
rpms:imports/c9/keepalived-2.2.4-6.el9
rpms:imports/c9-beta/keepalived-2.2.4-6.el9
rpms:imports/c8/keepalived-2.1.5-9.el8
rpms:imports/c9-beta/keepalived-2.2.4-2.el9
rpms:imports/c8-beta/keepalived-2.1.5-9.el8
rpms:imports/c8s/keepalived-2.1.5-9.el8
rpms:imports/c9/keepalived-2.2.4-2.el9
rpms:imports/c8/keepalived-2.1.5-8.el8
rpms:imports/c8-beta/keepalived-2.1.5-8.el8
rpms:imports/c8s/keepalived-2.1.5-8.el8
rpms:imports/c9-beta/keepalived-2.2.4-1.el9
rpms:imports/c8-beta/keepalived-2.1.5-6.el8
rpms:imports/c8-beta/keepalived-2.0.10-11.el8
rpms:imports/c8-beta/keepalived-2.0.10-4.el8_0.2
rpms:imports/c8s/keepalived-2.1.5-6.el8
rpms:imports/c8s/keepalived-2.0.10-11.el8_3.1
rpms:imports/c8s/keepalived-2.0.10-11.el8
rpms:imports/c8s/keepalived-2.0.10-10.el8
rpms:imports/c8/keepalived-2.1.5-6.el8
rpms:imports/c8/keepalived-2.0.10-11.el8_3.1
rpms:imports/c8/keepalived-2.0.10-11.el8
rpms:imports/c8/keepalived-2.0.10-10.el8
rpms:imports/c8/keepalived-2.0.10-4.el8_0.2

No commits in common. "c8" and "c8-beta" have entirely different histories.
c8 ... c8-beta

2 changed files with 1 additions and 90 deletions
Show Stats Expand all files Collapse all files

83
SOURCES/RHEL-49561-validate-ipset-names-better.patch
View File

@ -1,83 +0,0 @@
diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patched/keepalived/core/global_parser.c
--- keepalived-2.1.5/keepalived/core/global_parser.c 2020-07-10 17:41:46.000000000 +0100
+++ keepalived-2.1.5.patched/keepalived/core/global_parser.c 2024-12-02 14:06:44.469215491 +0000
@@ -955,6 +955,22 @@
}
}
#ifdef _HAVE_LIBIPSET_
+static bool
+check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name)
+{
+ if (strlen(strvec_slot(strvec, entry)) >= IPSET_MAXNAMELEN - 1) {
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name too long - ignored", log_name);
+ return false;
+ }
+
+ if (strlen(strvec_slot(strvec, entry)) == 0) {
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name empty - ignored", log_name);
+ return false;
+ }
+
+ return true;
+}
+
static void
vrrp_ipsets_handler(const vector_t *strvec)
{
@@ -974,17 +990,13 @@
return;
}
- if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 1, "address"))
return;
- }
global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1));
if (vector_size(strvec) >= 3) {
- if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 2, "IPv6 address"))
return;
- }
global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2));
}
else {
@@ -995,10 +1007,8 @@
global_data->vrrp_ipset_address6 = STRDUP(set_name);
}
if (vector_size(strvec) >= 4) {
- if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 3, "IPv6 address_iface"))
return;
- }
global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3));
}
else {
@@ -1014,10 +1024,8 @@
#ifdef HAVE_IPSET_ATTR_IFACE
if (vector_size(strvec) >= 5) {
- if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 4, "IGMP"))
return;
- }
global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4));
}
else {
@@ -1028,10 +1036,8 @@
global_data->vrrp_ipset_igmp = STRDUP(set_name);
}
if (vector_size(strvec) >= 6) {
- if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 5, "MLD"))
return;
- }
global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5));
}
else {
Only in keepalived-2.1.5.patched/keepalived/core: global_parser.c.orig

8
SPECS/keepalived.spec
View File

@ -10,7 +10,7 @@
Name: keepalived Name: keepalived
Summary: High Availability monitor built upon LVS, VRRP and service pollers Summary: High Availability monitor built upon LVS, VRRP and service pollers
Version: 2.1.5 Version: 2.1.5
Release: 10%{?dist} Release: 9%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://www.keepalived.org/ URL: http://www.keepalived.org/
Group: System Environment/Daemons Group: System Environment/Daemons
@ -22,7 +22,6 @@ Patch1: bz1977716-revert-explicit-set-LOG_USER-facility.patch
Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch
Patch3: bz2028350-fix-dbus-policy-restrictions.patch Patch3: bz2028350-fix-dbus-policy-restrictions.patch
Patch4: bz2054249-fix-unweighted-track-scripts.patch Patch4: bz2054249-fix-unweighted-track-scripts.patch
Patch5: RHEL-49561-validate-ipset-names-better.patch
Requires(post): systemd Requires(post): systemd
Requires(preun): systemd Requires(preun): systemd
@ -62,7 +61,6 @@ infrastructures.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%build %build
%configure \ %configure \
@ -113,10 +111,6 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
%{_mandir}/man8/keepalived.8* %{_mandir}/man8/keepalived.8*
%changelog %changelog
* Mon Dec 2 2024 Christine Caulfield <ccaulfie@redhat.com> - 2.1.5-10
- CVE-2024-41184
Resolves: RHEL-49561
* Thu Jul 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-9 * Thu Jul 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-9
- Fix removal of unweighted track scripts from sync group (#2054249) - Fix removal of unweighted track scripts from sync group (#2054249)