Overview Repositories Revisions Requests Users Attributes Meta

Revisions of keepalived

buildservice-autocommit accepted request 691307 from Lars Vogdt's avatar Lars Vogdt (lrupp) (revision 55) 
baserev update by copy to link target
Lars Vogdt's avatar Lars Vogdt (lrupp) accepted request 691260 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 54) 
- add buildrequires for file-devel
  - used in the checker to verify scripts

- update to 2.0.14
buildservice-autocommit accepted request 687165 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 53) 
baserev update by copy to link target
buildservice-autocommit accepted request 667290 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 51) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 667074 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 50) 
- fix build on 42.3/sle12 by disabling http regexp check support
- add nftables to the BR
- cleanup BR support for sle11, moved almost all BR to pkgconfig
  style
- disable dbus instance creation support as it is marked as
  dangerous

- update to 2.0.11
buildservice-autocommit accepted request 652407 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 49) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 652406 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 48) 
- update to 2.0.10
  - Fix compiling on Alpine Linux.
  - Stop printf compiler warning on Alpine Linux due to rlim_t. 
  - manpage cosmetic.
  - Fix removing snmpd read threads when snmpd becomes unavailable.
  - Update to support libipset version 7.
  - Use ipset_printf for ipset messages so can go to log. 
  - When opening files for write, ensure files can only be read by
    root.  Issue #1048 referred to CVE-2018-19046 regarding files
    used for debugging purposes could potentially be read by non
    root users.  This commit ensures that such log files cannot be
    opened by non root users.
  - Disable fopen_safe() append mode by default If a non privileged
    user creates /tmp/keepalived.log and has it open for read (e.g.
    tail -f), then even though keepalived will change the owner to
    root and remove all read/write permissions from non owners, the
    application which already has the file open will be able to
    read the added log entries.  Accordingly, opening a file in
    append mode is disabled by default, and only enabled if
    --enable-smtp-alert-debug or --enable-log-file (which are
    debugging options and unset by default) are enabled.  This
    should further alleviate security concerns related to
    CVE-2018-19046.
  - vrrp: add support to constant time memcmp.  Just an update to
    use best practise security design pattern. While comparing
    password or hmac you need to ensure comparison function is time
    constant in order to figth against any timing attacks. We turn
    off potential compiler optimizations for this particular
    function to avoid any short circuit.
  - Make sure a non privileged user cannot read keepalived file
    output Ensure that when a file such as /tmp/keepalived.data is
    written, no non privileged can have a previous version of that
    file already open, thereby allowing them to read the data.
    This should fully resolve CVE-2018-19046.
- drop b7a98f9265ffb5927c4d54c9a30726c76e65bb52.patch: included in
  update
Lars Vogdt's avatar Lars Vogdt (lrupp) accepted request 648192 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 47) 
- update to 2.0.9
buildservice-autocommit accepted request 602799 from Olaf Hering's avatar Olaf Hering (olh) (revision 46) 
baserev update by copy to link target
Olaf Hering's avatar Olaf Hering (olh) accepted request 602574 from Cristian Rodríguez's avatar Cristian Rodríguez (elvigia) (revision 45) 
- Only Require insserv on distributions without systemd.
- Fix systemd related requires/buildRequires
- Do not run scriptlets that use insserv when using systemd
buildservice-autocommit accepted request 578944 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 44) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 43) 
- add linux-4.15.patch
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 42) 
- update to 1.4.1:
    * Improve and fix use of getopt_long().
      We musn't use a long option val of 1, since getopt_long() can return
      that value.
      getopt_long() also returns longindex == 0 when there is no matching
      long option, and there needs to be careful checking if there is an
      error to work out whether a long or short option was used, which is
      needed for meaningful error messages.
    * Write assert() messages to syslog.
      assert()s are nasty things, but at least let's get the benefit of
      them, and write the messages to syslog, rather than losing them down
      stderr.
    * Enable sorry server at startup if quorum down due to alpha mode
      If alpha mode is configured on sufficient checkers so that a
      virtual server doesn't have a quorum, we need to add the sorry
      server at startup, otherwise it won't be added until a quorum has
      been achieved and subsequently lost again. In the case where some
      of the checkers remain in the down state at startup, this would have
      meant that the sorry server never got added.
    * For virtual servers, ensure quorum <= number of real servers
      If the quorum were gigher than the number of real servers, the
      quorum for the real server to come up could never be achieved, so
      if the quorum is greater than the number of real servers, reduce it
      to the number of real servers.
    * Fix some SNMP keepalived checker integer types and default values.
      Some virtual server and real server values were being sent to SNMP
      with a signed type whereas the value is unsigned, so set the type
      field correctly.
      Some virtual server and real server values that apply to checkers
      are set to nonsense default values in order to determine if a
buildservice-autocommit accepted request 568180 from Lars Vogdt's avatar Lars Vogdt (lrupp) (revision 41) 
baserev update by copy to link target
Lars Vogdt's avatar Lars Vogdt (lrupp) accepted request 568173 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 40) 
- enable json stats and config dump support
  new BR: pkgconfig(json-c)
- disable dynamic loading of libipset and link it instead
- enable stacktrace support
- turn on snmp-rfcv2 and snmp-rfcv3 support
- do not reference the keepalived.socket in the rpm scriptlets
buildservice-autocommit accepted request 565801 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 39) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 563827 from Lars Vogdt's avatar Lars Vogdt (lrupp) (revision 38) 
- update to 1.4.0
  * Add Linux build and runtime versions to -v output.
  * Log kernel version and build kernel version to log at startup.
  * Don't sleep for 1 send when exiting vrrp process if no vrrp instances.
  * With large configurations the syslog can get flooded and drop output.
    This commit adds options to not log to syslog, and also to log all
    output to files.
  * Add option to only flush log files before forking.
  * Don't poll netlink for all interfaces each time add a VMAC.
    We can poll for the individual interface details which significantly
    reduces what we have to process.
  * Print interface details in keepalived.data output.
  * Add high performace child finder code.
    The code to find the relevant thread to execute afer a child process
    (either a vrrp track script or a misc_check healthchecker) was doing
    a linear search for the matching pid, which if there are a large number
    of child processes running could become time consuming.
    The code now will enable high performance child finding, based on using
    mlists hashed by the pid, if there are 32 or more vrrp track scripts or
    misc check healthcheckers. The size of the mlist is based on the number
    of scripts, with a limit of 256.
  * Improve high performance child termination timeout code.
  * Preserve filename in script path name resolution.
    Some executables change their behaviour depending on the name by
    which they are invoked (e.g. /usr/sbin/pidof when it is a link to
    /usr/sbin/killall5). Using realpath() changes the file name part
    if it is a symbolic link. This commit resolves all symbolic links
    to directories, but leaves the file name part unaltered. It then
    checks the security of both the path to the link and the path to
    the real file.
buildservice-autocommit accepted request 546032 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 37) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 545974 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 36) 
- Do not suppress errors from useradd.
- Ensure neutrality of description.
Displaying revisions 41 - 60 of 95
openSUSE Build Service is sponsored by
Places