diff --git a/keepalived-2.2.4.tar.gz b/keepalived-2.2.4.tar.gz deleted file mode 100644 index 8774576..0000000 --- a/keepalived-2.2.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0138d69087d44beaaa589527f0cfa6885958b320a837147d02b6b7df73ebc1df -size 1151290 diff --git a/keepalived-2.2.7.tar.gz b/keepalived-2.2.7.tar.gz new file mode 100644 index 0000000..f22755f --- /dev/null +++ b/keepalived-2.2.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c61940d874154a560a54627ecf7ef47adebdf832164368d10bf242a4d9b7d49d +size 1180180 diff --git a/keepalived.changes b/keepalived.changes index 483f661..fe6a8de 100644 --- a/keepalived.changes +++ b/keepalived.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Thu Feb 24 18:36:08 UTC 2022 - Ferdinand Thiessen + +- Update to 2.2.7 + * Fix CVE-2021-44225: The D-Bus policy does not sufficiently + restrict the message destination, allowing any user to inspect + and manipulate any property. + * New features: + * global: Don’t assume running as user root. + * ipvs: Add support to twos scheduler. + * vrrp: New features: + * Add vrf option for unicast without specifying an interface. + * Add option unicast_fault_no_peer. + * Allow specification of multicast address to be used. + * Add vrf option to static and vrrp routes. + * Add option to resend vrrp states on fifos after reload. + * Allow duplication of VRIDs on an interface with unicast peers. + * systemd: Add keepalived-non-root.service systemd service file. + * make BFD work when IPv6 disabled on system. + * Fix calculating CLOCK_REALTIME and CLOCK_MONOTONIC offsets. + * bfd: Handle interface down/address missing when keepalived starts. + This resolves a segfault, and also makes bfd retry once per minute + to create send socket if it cannot do so due to no address to bind + to on an interface. + * vrrp: + * Fix configured IPv6 multicast addresses with VMACs. + * Don’t segfault if duplicate VMAC name, but ignore second name. + * Don’t delete and recreate VMAC on reload if only VRID has changed. + * Don’t segfault if don’t have permission for ARP/NDISC socket. + * Fix IPv6 with vmac_xmit_base. + * Fix disabling vmac-xmit-base with VRRPv3 IPv6 use_vmac. + * Fix specifying user/group for vrrp_scripts. + * Various other fixes and improvements + ------------------------------------------------------------------- Thu Dec 9 18:58:23 UTC 2021 - Ferdinand Thiessen diff --git a/keepalived.spec b/keepalived.spec index 26e7680..2364572 100644 --- a/keepalived.spec +++ b/keepalived.spec @@ -1,7 +1,7 @@ # # spec file for package keepalived # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,13 +38,13 @@ %bcond_without systemd Name: keepalived -Version: 2.2.4 +Version: 2.2.7 Release: 0 Summary: A keepalive facility for Linux License: GPL-2.0-or-later Group: Productivity/Networking/Routing -URL: http://www.keepalived.org/ -Source: http://www.keepalived.org/software/%{name}-%{version}.tar.gz +URL: https://www.keepalived.org/ +Source: https://www.keepalived.org/software/%{name}-%{version}.tar.gz Source2: keepalive-rpmlintrc Patch0: keepalive-init.patch Patch1: harden_keepalived.service.patch @@ -208,8 +208,8 @@ getent passwd %{name} >/dev/null || \ %doc %{_defaultdocdir}/%{name}/ %dir %{_sysconfdir}/keepalived %dir %attr(-,keepalived,keepalived) %{_var}/lib/%{name} +%config %{_sysconfdir}/keepalived/keepalived.conf.sample %{_fillupdir}/sysconfig.%{name} -%config(noreplace) %{_sysconfdir}/keepalived/*conf %{_bindir}/genhash %{_sbindir}/rckeepalived %{_sbindir}/keepalived