Sync from SUSE:SLFO:1.1 keepalived revision 7472fd12686fea55d7c3faa8452fac76

2025-04-15 20:06:26 +02:00
7 changed files with 115 additions and 115 deletions
--- a/22
+++ b/22
@@ -1,22 +0,0 @@
-<services>
-  <service name="tar_scm" mode="manual">
-    <param name="url">https://github.com/acassen/keepalived</param>
-    <param name="scm">git</param>
-    <param name="exclude">.git</param>
-    <param name="filename">keepalived</param>
-    <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
-    <param name="versionrewrite-pattern">v(.*)</param>
-    <param name="revision">master</param>
-    <param name="changesgenerate">enable</param>
-  </service>
-
-  <service name="recompress" mode="manual">
-    <param name="file">keepalived*.tar</param>
-    <param name="compression">xz</param>
-  </service>
-
-  <service name="set_version" mode="manual">
-    <param name="basename">keepalived</param>
-  </service>
-</services>
-
--- a/4
+++ b/4
@@ -1,4 +0,0 @@
-<servicedata>
-<service name="tar_scm">
-                <param name="url">https://github.com/acassen/keepalived</param>
-              <param name="changesrevision">6f9ace3c1033d38fe282e6959e78ce58e02135ab</param></service></servicedata>
--- a/bsc-1228123.patch
+++ b/bsc-1228123.patch
@@ -0,0 +1,100 @@
+--- keepalived-2.2.8/keepalived/core/global_parser.c.orig	2024-08-13 17:40:38.518069630 +0200
+++ keepalived-2.2.8/keepalived/core/global_parser.c	2024-08-13 17:49:03.202203154 +0200
+@@ -1091,12 +1091,26 @@ vrrp_ipsets_handler(const vector_t *strv
+ {
+ 	size_t len;
+ 	char set_name[IPSET_MAXNAMELEN];
+	unsigned sn0, sn1;
+        const char **set_names[] = {
+                &global_data->vrrp_ipset_address,
+                &global_data->vrrp_ipset_address6,
+                &global_data->vrrp_ipset_address_iface6,
+                &global_data->vrrp_ipset_igmp,
+                &global_data->vrrp_ipset_mld,
+#ifdef _HAVE_VRRP_VMAC_
+                &global_data->vrrp_ipset_vmac_nd
+#endif
+ 
+ 	FREE_CONST_PTR(global_data->vrrp_ipset_address);
+ 	FREE_CONST_PTR(global_data->vrrp_ipset_address6);
+ 	FREE_CONST_PTR(global_data->vrrp_ipset_address_iface6);
+ 	FREE_CONST_PTR(global_data->vrrp_ipset_igmp);
+ 	FREE_CONST_PTR(global_data->vrrp_ipset_mld);
+#ifdef _HAVE_VRRP_VMAC_
+        FREE_CONST_PTR(global_data->vrrp_ipset_vmac_nd);
+#endif
+	global_data->using_ipsets = PARAMETER_UNSET;
+ 
+ 	if (vector_size(strvec) < 2) {
+ 		global_data->using_ipsets = false;
+@@ -1105,14 +1119,14 @@ vrrp_ipsets_handler(const vector_t *strv
+ 
+ 	if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) {
+ 		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored");
+-		return;
+		goto ipset_error;
+ 	}
+ 	global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1));
+ 
+ 	if (vector_size(strvec) >= 3) {
+ 		if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) {
+ 			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored");
+-			return;
+			goto ipset_error;
+ 		}
+ 		global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2));
+ 	}
+@@ -1126,7 +1140,7 @@ vrrp_ipsets_handler(const vector_t *strv
+ 	if (vector_size(strvec) >= 4) {
+ 		if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) {
+ 			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored");
+-			return;
+			goto ipset_error;
+ 		}
+ 		global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3));
+ 	}
+@@ -1144,7 +1158,7 @@ vrrp_ipsets_handler(const vector_t *strv
+ 	if (vector_size(strvec) >= 5) {
+ 		if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) {
+ 			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored");
+-			return;
+			goto ipset_error;
+ 		}
+ 		global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4));
+ 	}
+@@ -1158,7 +1172,7 @@ vrrp_ipsets_handler(const vector_t *strv
+ 	if (vector_size(strvec) >= 6) {
+ 		if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) {
+ 			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored");
+-			return;
+			goto ipset_error;
+ 		}
+ 		global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5));
+ 	}
+@@ -1169,6 +1183,26 @@ vrrp_ipsets_handler(const vector_t *strv
+ 		strcat(set_name, "_mld");
+ 		global_data->vrrp_ipset_mld = STRDUP(set_name);
+ 	}
+	/* Ensure all the set names are different */
+        for (sn0 = 0; sn0 < sizeof(set_names) / sizeof(set_names[0]) - 1; sn0++) {
+                for (sn1 = sn0 + 1; sn1 < sizeof(set_names) / sizeof(set_names[0]); sn1++) {
+                        if (!strcmp(*set_names[sn0], *set_names[sn1])) {
+                                report_config_error(CONFIG_GENERAL_ERROR, "vrrp_ipsets: set name %s used more than once", *set_names[sn0]);
+                                goto ipset_error;
+                        }
+                }
+        }
+	global_data->using_ipsets = true;
+	return;
+ipset_error:
+        FREE_CONST_PTR(global_data->vrrp_ipset_address);
+        FREE_CONST_PTR(global_data->vrrp_ipset_address6);
+        FREE_CONST_PTR(global_data->vrrp_ipset_address_iface6);
+        FREE_CONST_PTR(global_data->vrrp_ipset_igmp);
+        FREE_CONST_PTR(global_data->vrrp_ipset_mld);
+#ifdef _HAVE_VRRP_VMAC_
+        FREE_CONST_PTR(global_data->vrrp_ipset_vmac_nd);
+#endif
+ }
+ #endif
+ #elif defined _WITH_NFTABLES_
--- a/keepalived-2.2.8.tar.gz
+++ b/keepalived-2.2.8.tar.gz
--- a/keepalived-2.3.1+git86.59c39afe.tar.xz
+++ b/keepalived-2.3.1+git86.59c39afe.tar.xz
--- a/keepalived.changes
+++ b/keepalived.changes
@@ -1,80 +1,9 @@
 -------------------------------------------------------------------
-Mon Oct 14 13:14:53 UTC 2024 - varkoly@suse.com
+Tue Aug 13 15:17:02 UTC 2024 - Peter Varkoly <varkoly@suse.com>

- Update to version 2.3.1+git86.59c39afe:
-  * vrrp: allow specifing interval amd timeout to milli-second resolution
-  * vrrp: on reload only configured track_script name was checked
-  * lib: fix corruption of master-child_pid red black tree
-  * lib: add micro-second timers to memory allocation debugging
-  * core: update addattr_l to match current iproute2 code - almost
-  * lib: add file missing from previous commit
-  * all: suppress an increases alignment warning
-  * core: use /* FALLTHROUGH */ rather than __fallthrough;
-  * ipvs: resolve a "cast increases required alignment" warning
-  * build: don't redefine FORTIFY_SOURCE if host environment defines it
-  * vrrp ipvs: remove unused definition of XENFS_SUPER_MAGIC
-  * vrrp ipvs: fix warnings related to signedness of statfs() f_flags
-  * all: use correct format specifier for time fields
-  * bfd: make alloc_bfd() return NULL rather than false on error
-  * all: make min_auto_priority delay variable an unsigned
-  * configure: explicitly set language to C for configure
-  * itest: Warn if close after send not set in tcp_server for http
-  * test: Make tcp_server use of SO_LINGER optional
-  * core: remove diagnostic message accidently added in commit 7cb09b2
-  * vrrp ipvs: Stop setting SO_LINGER on TCP sockets
-  * test: update tcp_server and tcp_client
-  * bfd: use time_t to avoid implicit ptr type casting
-  * VRRP: add thread_timer_expired keyword as a synonym of timer_expired_backup
-
-------------------------------------------------------------------
-Wed Sep 11 07:57:00 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
-
- Update service file to use manual mode as disabled is deprecated
- switch to TAG_OFFSET for a more readable version
-
-------------------------------------------------------------------
-Wed Sep 11 07:56:20 UTC 2024 - mrueckert@suse.de
-
- Update to version 2.3.1+git59.b6681f98:
-  * all: update how pidfile handled after reload with new configuration
-  * Revert "all: ensure pidfile is created if a reload causes child to start"
-  * Revert "all: update how pidfile handled after reload with new configuration"
-  * all: update how pidfile handled after reload with new configuration
-  * all: ensure pidfile is created if a reload causes child to start
-
-------------------------------------------------------------------
-Wed Aug 14 10:23:05 UTC 2024 - varkoly@suse.com
-
- Update to version 2.3.1+git.1723301895.df93f341:
-  * all: Ensure pid file exists when respawning child process
-  * vrrp: check ifindex != 0 before using the interface
-  * vrrp: Duplicate/drop MLDv1 listener reports on VMACs
-  * core: ensure only one instance of keepalived can run per config_id
-  * configure: add --enable-(cflags,cppflags,ldflags) options
-  * configure: add --enable-sanitize-(undefined,leak,memory,scudo,hwaddress) options
-  * vrrp: change vrrp_in_chk_vips to return bool rather than int
-  * core: cosmetic code layout change
-  * core: remove some duplicate include files
-  * vrrp: stop memory leak when error in configuring vrrp_iptables
-    (bsc#1228123) VUL-0: CVE-2024-41184: keepalived: integer overflow in vrrp_ipsets_handler
-
-------------------------------------------------------------------
-Fri Jul 19 21:36:49 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
-
- Update to 2.3.1
-  https://www.keepalived.org/release-notes/Release-2.3.0.html
-  https://www.keepalived.org/release-notes/Release-2.3.1.html
-
-------------------------------------------------------------------
-Thu Feb 22 12:48:24 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
-
- Use %autosetup macro. Allows to eliminate the usage of deprecated
-  %patchN
-
-------------------------------------------------------------------
-Mon Feb  5 09:16:05 UTC 2024 - Marcus Meissner <meissner@suse.com>
-
- provide user(keepalived) and group(keepalived)
+- VUL-0: CVE-2024-41184: keepalived: integer overflow in vrrp_ipsets_handler
+  (bsc#1228123) Apply upstream patches:
+    bsc-1228123.patch

 -------------------------------------------------------------------
 Wed May 31 21:32:46 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
--- a/keepalived.spec
+++ b/keepalived.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package keepalived
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -38,21 +38,18 @@
 %bcond_without systemd

 Name:           keepalived
-Version:        2.3.1+git86.59c39afe
+Version:        2.2.8
 Release:        0
 Summary:        A keepalive facility for Linux
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Routing
 URL:            https://www.keepalived.org/
-Source:         %{name}-%{version}.tar.xz
+Source:         https://www.keepalived.org/software/%{name}-%{version}.tar.gz
 Source2:        keepalive-rpmlintrc
 Patch0:         keepalive-init.patch
 Patch1:         harden_keepalived.service.patch
-BuildRequires:  autoconf
-BuildRequires:  automake
+Patch2:		bsc-1228123.patch
 BuildRequires:  file-devel
-BuildRequires:  libtool
-BuildRequires:  make
 BuildRequires:  net-snmp-devel
 BuildRequires:  pkgconfig
 BuildRequires:  snmp-mibs
@@ -84,8 +81,6 @@ BuildRequires:  pkgconfig(libsystemd)
 %else
 Requires(pre):  %insserv_prereq
 %endif
-Provides:       group(keepalived)
-Provides:       user(keepalived)

 %description
 This project provides facilities for load balancing and high-availability to
@@ -100,14 +95,16 @@ Keepalived frameworks can be used independently or all together to provide
 resilient infrastructures.

 %prep
-%autosetup -p1  -n %{name}-%{version}
+%setup -q
+%patch0 -p1
 chmod 644 doc/samples/*
+%patch1 -p1
+%patch2 -p1

 %build
 export STRIP=true
 export CPPFLAGS="$(pkg-config --cflags libnfnetlink libiptc libipset xtables)"
 export CFLAGS="%optflags -DOPENSSL_NO_SSL_INTERN"
-./autogen.sh
 #  --enable-dbus-create-instance \
 %configure \
  --disable-silent-rules \