File keepalived.changes of Package keepalived

Tue Jan 21 19:23:57 UTC 2020 - Nicolas Bock <>

- update to 2.0.19
- new BR pkgconfig(libnftnl) to fix nftables support
- add nftables to the BR
- added patch
  * linux-4.15.patch
- add buildrequires for file-devel
  - used in the checker to verify scripts
- enable json stats and config dump support
  new BR: pkgconfig(json-c)
- enable http regexp support: new BR pcre2-devel
- disable dbus instance creation support as it is marked as
- Add BFD build option to keepalived.spec rpm file
  Issue #1114 identified that the keepalived.spec file was not being
  generated to build BFD support even if keepalived had been
  configured to support it.
- full changelog

Mon Nov 19 12:28:54 UTC 2018 - Dirk Mueller <>

- update to 1.4.5:
  * Update snapcraft.yaml for 1.4.x+git
  * Fix generation of git-commit.h with git commit number.
  * Set virtual server address family correctly.
  * Set virtual server address family correctly when using tunnelled
    real servers.
  * Fix handling of virtual servers with no real servers at config time.
  * Add warning if virtual and real servers are different address families.
    Although normally the virtual server and real servers must have the
    same address family, if a real server is tunnelled, the address families
    can be different. However, the kernel didn't support that until 3.18,
    so add a check that the address families are the same if different
    address families are not supported by the kernel.
  * Send correct status in Dbus VrrpStatusChange notification.
    When an instance transitioned from BACKUP to FAULT, the Dbus
    status change message reported the old status (BACKUP) rather than
    the new status (FAULT). This commit attempts to resolved that.
  * doc: ipvs schedulers update
  * Fix a couple of typos in
  * Fix namespace collision with musl if_ether.h.
  * Check if return value from read_value_block() is null before using.
  * Fix reporting real server stats via SNMP.
  * Make checker process handle RTM_NEWLINK messages with -a option
    Even though the checker process doesn't subscribe to RTNLGRP_LINK
    messages, it appears that older kernels (certainly 2.6.32) can
    send RTM_NEWLINK (but not RTM_DELLINK) messages. This occurs
    when the link is set to up state.
    Only the VRRP process is interested in link messages, and so the
    checker process doesn't do the necessary initialisation to be able
    to handle RTM_NEWLINK messages.
    This commit makes the checker process simply discard RTM_NEWLINK
    and RTM_DELLINK messages, rather than assuming that if it receives
    an RTM_NEWLINK message it must be the VRRP process.
    This problem was reported in issue #848 since the checker process
    was segfaulting when a new interface was added when the -a command
    line option was specified.
  * Fix handling RTM_NEWLINK when building without VRRP code.
  * Fix building on Fedora 28.
    net-snmp-config output can include compiler and linker flags that
    refer to spec files that were used to build net-snmp but may not
    exist on the system building keepalived. That would cause the build
    done by configure to test for net-snmp support to fail; in particular
    on a Fedora 28 system that doesn't have the redhat-rpm-config package
    This commit checks that any spec files in the compiler and linker
    flags returned by net-snmp-config exist on the system building
    keepalived, and if not it removes the reference(s) to the spec file(s).
  * keepalived-1.4.3 released.
  * vrrp: setting '0' as default value for ifa_flags to make gcc happy.
  * Add additional libraries when testing for presence of SSL_CTX_new().
    It appears that some systems need -lcrypto when linking with -lssl.
  * Sanitise checking of libnl3 in
  * Report and handle missing '}'s in config files.
  * Add missing '\n' in output.
  * Stop backup taking over as master while master reloads.
    If a reload was initiated just before an advert, and since it took
    one advert interval after a reload before an advert was sent, if the
    reload itself took more than one advert interval, the backup could
    time out and take over as master.
    This commit makes keepalived send adverts for all instances that are
    master immediately before a reload, and also sends adverts immediately
    after a reload, thereby trippling the time available for the reload
    to complete.
  * Add route option fastopen_no_cookie and rule option l3mdev.
  * Fix errors in KEEPALIVED-MIB.txt.
  * Simplify setting on IN6_ADDR_GEN_MODE.
  * Cosmetic changes to keepalived(8) man page.
  * Don't set ipvs sync daemon to master state before becoming master
    If a vrrp instance which was the one specified for the ipvs sync
    daemon was configured with initial state master, the sync daemon
    was being set to master mode before the vrrp instance transitioned
    to master mode. This caused an error message when the vrrp instance
    transitioned to master and attempted to make the sync daemon go from
    backup to master mode.
    This commit stops setting the sync daemon to master mode at initialisation
    time, and it is set to master mode when the vrrp instance transitions
    to master.
  * Fix freeing vector which has not had any entries allocated.
  * Add additional mem-check disgnostics
    vector_alloc, vectot_alloc_slot, vector_free and alloc_strvec all
    call MALLOC/FREE but the functions written in the mem_check log
    are vector_alloc etc, not the functions that call them.
    This commit adds logging of the originating calling function.
  * Fix memory leak in parser.c.
  * Improve alignment of new mem-check logging.
  * Disable all checkers on a virtual server when ha_suspend set.
    Only the first checker was being disabled; this commit now disables
    all of them.
    Also, make the decision to disable a checker when starting/reloading
    when scheduling the checker, so that the existance of the required
    address can be checked.
  * Stop genhash segfaulting when built with --enable-mem-check.
  * Fix memory allocation problems in genhash.
  * Properly fix memory allocation problems in genhash.
  * Fix persistence_granularity IPv4 netmask validation.
    The logic test from inet_aton() appears to be inverted.
  * Fix segfault when checker configuration is missing expected parameter
    Issue #806 mentioned as an aside that "nb_get_retry" without a parameter
    was sigfaulting. Commit be7ae80 - "Stop segfaulting when configuration
    keyword is missing its parameter" missed the "hidden" uses of vector_slot()
    (i.e. those used via definitions in header files).
    This commit now updates those uses of vector_slot() to use strvec_slot()
  * Fix compiling on Linux 2.x kernels.
    There were missing checks for HAVE_DECL_CLONE_NEWNET causing
    references to an undeclared variable if CLONE_NEWNET wasn't defined.
  * Improve parsing of kernel release.
    The kernel EXTRAVERSION can start with any character (although
    starting with a digit would be daft), so relax the check for it
    starting with a '-'. Kernels using both '+' and '.' being the
    first character of EXTRAVERSION have been reported.
  * Improve grammer.
  * add support for SNI in SSL_GET check.
    this adds a `enable_sni` parameter to SSL_GET, making sure the check
    passes the virtualhost in the SNI extension during SSL handshake.
  * Optimise setting host name for SSL_GET requests with SNI.
  * Allow SNI to be used with SSL_GET with OpenSSL v1.0.0 and LibreSSL.
  * Use configure to check for SSL_set_tlsext_host_name()
    Rather than checking for a specific version of the OpenSSL library
    (and it would also need checking the version of the LibreSSL library)
    let configure check for the presence of SSL_set_tlsext_host_name().
    Also omit all code related to SNI of SSL_set_tlsext_host_name() is
    not available.
  * Use configure to determine available OpenSSL functionality
    Rather than using version numbers of the OpenSSL library to determine
    what functions are available, let configure determine whether the
    functions are supported.
    The also means that the same tests work for LibreSSL.
  * Add support for gratuitous ARPs for IP over Infiniband.
  * Use system header definition instead of local definition IF_HWADDR_MAX
    linux/netdevice.h has definition MAX_ADDR_LEN, which is 32, whereas
    IF_HWADDR_MAX was locally defined to be 20.
    Unfortunately we end up with more system header file juggling to ensure
    we don't have duplicate definitions.
  * Fix vrrp_script and check_misc scripts of type </dev/tcp/
  * Add the first pre-defined config definition (${_PWD})
    ${_PWD} in a configuration file will be replaced with the full
    path name of the directory that keepalived is reading the current
    configuration file from.
  * Open and run the notify fifo and script if no other fifo
    Due to the way the code was structured the notify_fifo for both
    checker and vrrp messages wasn't run if neither the vrrp or checker
    fifo wasn't configured.
    Also, if all three fifos were configured, the general fifo script
    was executed by both the vrrp and checker process, causing problems.
  * Add support for Infiniband interfaces when dumping configuration.
  * Tidy up layout in vrrp_arp.c.
  * Add configure check for support of position independant executables (PIE).
  * Add check for -pie support, and fix writing to
  * keepalived-1.4.2 released.
  * Make genhash exit with exit code 1 on error.
    Issue #766 identified that genhash always exits with exit code 1
    even if an error has occurred.
  * Rationalise printing of http header in genhash.
  * Use http header Content-Length field in HTTP_CHECK/SSL_CHECK.
    If a Content-Length is supplied in the http header, use that as a
    limit to the data length (as wget does). If the length of data
    received does not match the Content-Length log a warning.
  * Optimise parameter passing to fprintf in genhash.
  * Don't declare mark variable if don't have MARK socket option.
  * Fix sync groups with only one member.
    Commit c88744a0 allowed sync groups with only 1 member again, but
    didn't stop removing the sync group if there was only 1 member.
    This commit now doesn't remove sync groups with only one member.
  * Make track scripts work with --enable-debug config option.
  * Add warning if --enable-debug configure option is used.
  * Allow more flexibility of layout of { and } in config files.
    keepalived was a bit fussy about where '{'s and '}'s (braces) could
    be placed in terms of after the keyword, or on a line on their own.
    It certainly was not possible to have multiple braces on one line.
    This commit now provides complete flexibility of where braces are, so
    long as they occur in the correct order.
  * Make alloc_value_block() report block type if there is an error.
  * Simplify alloc_value_block() by using libc string functions.
  * Add dumping of garp delay config when using -d option.
  * Fix fractions of seconds for garp group garp_interval.
  * Make read_value_block() use alloc_value_block().
    This removes quite a bit of duplication of functionality, and
    ensures the configuration parsing will be more consistent.
  * Fix build with Linux kernel headers v4.15.
    Linux kernel version 4.15 changed the libc/kernel headers suppression
    logic in a way that introduces collisions.
  * Add missing command line options to keepalived(8) man page.
  * Fix --dont-release-vrrp.
    On github, ushuz reported that commit 62e8455 - "Don't delete vmac
    interfaces before dropping multicast membership" broke --dont-release-vrrp.
    This commit restores the correct functionality.
  * Define _GNU_SOURCE for all compilation units.
    Rather than defining _GNU_SOURCE when needed, let configure add
    it to the flags passed to the C compiler, so that it is defined
    for all compilation units. This ensures consistence.
  * Fix new warnings procuded by gcc 8.
  * Fix dumping empty lists.
    Add a check in dump_list() for an empty list, and don't attempt
    to dump it if it is empty.
  * Resolve conversion-check compiler warnings.
  * Add missing content to installing_keepalived.rst documentation.
    Issue #778 identified that there was text missing at the end of
    the document, and that is now added.
  * Fix systemd service to start after
    This fix was merged downstream by RedHat in response to
    RHBZ #1413320.
  * Update INSTALL file to describe packages needed for building
  * INSTALL: note linux distro package that provides 'sphinx_rtd_theme'
  * Clear /proc/sys/net/ipv6/conf/IF/disable_ipv6 when create VMACs.
    An issue was identified where keepalived was reporting permission
    denied when attempting to add an IPv6 address to a VMAC interface.
    It turned out that this was because
    was set to 1, causing IPv6 to be disables on all interfaces that
    keepalived created.
    This commit clears disable_ipv6 on any VMAC interfaces that
    keepalived creates if the vrrp instance is using IPv6.
- remove linux-4.15.patch: does not apply anymore and not needed
  (the distros using 4.15 have moved on to keepalived 2.x)

Mon Apr 30 14:41:46 UTC 2018 -

- Only Require insserv on distributions without systemd.
- Fix systemd related requires/buildRequires
- Do not run scriptlets that use insserv when using systemd

Thu Feb 22 10:07:17 UTC 2018 -

- add linux-4.15.patch

Wed Feb 21 14:52:29 UTC 2018 -

- update to 1.4.1:
    * Improve and fix use of getopt_long().
      We musn't use a long option val of 1, since getopt_long() can return
      that value.
      getopt_long() also returns longindex == 0 when there is no matching
      long option, and there needs to be careful checking if there is an
      error to work out whether a long or short option was used, which is
      needed for meaningful error messages.
    * Write assert() messages to syslog.
      assert()s are nasty things, but at least let's get the benefit of
      them, and write the messages to syslog, rather than losing them down
    * Enable sorry server at startup if quorum down due to alpha mode
      If alpha mode is configured on sufficient checkers so that a
      virtual server doesn't have a quorum, we need to add the sorry
      server at startup, otherwise it won't be added until a quorum has
      been achieved and subsequently lost again. In the case where some
      of the checkers remain in the down state at startup, this would have
      meant that the sorry server never got added.
    * For virtual servers, ensure quorum <= number of real servers
      If the quorum were gigher than the number of real servers, the
      quorum for the real server to come up could never be achieved, so
      if the quorum is greater than the number of real servers, reduce it
      to the number of real servers.
    * Fix some SNMP keepalived checker integer types and default values.
      Some virtual server and real server values were being sent to SNMP
      with a signed type whereas the value is unsigned, so set the type
      field correctly.
      Some virtual server and real server values that apply to checkers
      are set to nonsense default values in order to determine if a
      value has been specified. Handle these values when reporting them
      to SNMP replying with 0 rather than a nonsense value.
    * Fix some MALLOC/FREE issues with notify FIFOs.
    *  Add instance_name/config_id to alert emails' subjects if configured.
      If multiple instances of keepalived are running, either different
      instance_names and/or config_ids, it is useful to know which
      keepalived instance the email relates to.
    * Ensure that email body string isn't unterminated.
      Using strncpy() needs to ensure that there is a nul termination byte,
      so this commits adds always writing a nul byte to the end of the buffer.
    * Remove duplicate fault notification.
    * Fix problem with scripts found via PATH with a '/' in parameters.
      Recent discussions on issue #101 led to discovering that if an
      executable without a fully qualified name was specified as a script
      and there was a '/' character in the parameters, then the path
      resolution would not work.
    * Send SNMP traps when go from backup to fault due to sync group.
      Commit 020a9ab added executing notify_fault for vrrp instances
      transitioning from backup to fault state due to another instance
      in the sync group going to fault state. This commit adds sending
      SNMP traps in the same circumstance.
    * Revert "Add instance_name/config_id to alert emails' subjects if
      configured". This should be handled by setting router_id
    * Add config option to send smtp-alerts to file rather than send emails
      This is useful for debugging purposes.
    * Add additional entry to Travis-CI build matrix.
    * Fix segfault if no sorry server configured for a virtual server.

Mon Jan 22 13:03:55 UTC 2018 -

- enable json stats and config dump support
  new BR: pkgconfig(json-c)
- disable dynamic loading of libipset and link it instead
- enable stacktrace support
- turn on snmp-rfcv2 and snmp-rfcv3 support
- do not reference the keepalived.socket in the rpm scriptlets

Fri Jan 12 08:53:51 UTC 2018 -

- update to 1.4.0
  * Add Linux build and runtime versions to -v output.
  * Log kernel version and build kernel version to log at startup.
  * Don't sleep for 1 send when exiting vrrp process if no vrrp instances.
  * With large configurations the syslog can get flooded and drop output.
    This commit adds options to not log to syslog, and also to log all
    output to files.
  * Add option to only flush log files before forking.
  * Don't poll netlink for all interfaces each time add a VMAC.
    We can poll for the individual interface details which significantly
    reduces what we have to process.
  * Print interface details in output.
  * Add high performace child finder code.
    The code to find the relevant thread to execute afer a child process
    (either a vrrp track script or a misc_check healthchecker) was doing
    a linear search for the matching pid, which if there are a large number
    of child processes running could become time consuming.
    The code now will enable high performance child finding, based on using
    mlists hashed by the pid, if there are 32 or more vrrp track scripts or
    misc check healthcheckers. The size of the mlist is based on the number
    of scripts, with a limit of 256.
  * Improve high performance child termination timeout code.
  * Preserve filename in script path name resolution.
    Some executables change their behaviour depending on the name by
    which they are invoked (e.g. /usr/sbin/pidof when it is a link to
    /usr/sbin/killall5). Using realpath() changes the file name part
    if it is a symbolic link. This commit resolves all symbolic links
    to directories, but leaves the file name part unaltered. It then
    checks the security of both the path to the link and the path to
    the real file.
  * Handle scripts names that are symbolic links properly.
  * Fix some RFC SNMP issues.
  * Fix removing left-over addresses if keepalived aborts.
  * Update openssl use to stop using deprecated functions
    openssl from version 1.1 deprecated certain functions that keepalived
    was using. This commit ceases using those functions if the version
    of openssl is >= 1.1.
  * Allow sync groups with only 1 member, but issue a warning.
  * Add replaceable parameters in configuration files.
  * Add multiline configuration definitions.
  * Fix keepalived.conf(5) man page.
  * Suppress error message when removing leftover addresses at startup.
  => find more changes at /usr/share/doc/packages/keepalived/
- rebase keepalive-init.patch
- use upstream systemd service file instead providing an own one
  => removed keepalived.service
- remove executable bit from samples in docdir
- check that LVS support is enabled
- optionally enable dump configuration and stats as JSON (via bcond)
  => BuildRequire libjson-c-devel
- restrict /etc/keepalived permissions to root 

Mon Nov 27 11:26:58 UTC 2017 -

- Do not suppress errors from useradd.
- Ensure neutrality of description.

Thu Nov 27 09:11:55 UTC 2017 -

- update to 1.3.9:
  Revert using github tarball and use original source again.
  Too many fixes and features to list, refer to
  /usr/share/doc/packages/keepalived/ChangeLog for a detailed list.

Thu Nov 23 13:38:30 UTC 2017 -

- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)

Thu Feb 16 12:27:53 UTC 2017 -

- use tarball from
  the original tarball did not build. This has the necessary fix
  applied. for the 1.3.4 update see the TODO entry in the preamble.

Wed Feb 15 11:38:16 UTC 2017 -

- update to 1.3.3
  Some minor fix, extensions and updates. snapcraft support. Refer
  to /usr/share/doc/packages/keepalived/ChangeLog for more infos.

Mon Dec 12 14:05:25 UTC 2016 -

- fix building with libnfnetlink. the additional include path needs
  to be in CPPFLAGS instead of CFLAGS now.
- enabled a few more features:
  - enhanced snmp support (V2/V3 RFC)
  - make sure we build with ipset/libiptc and routes support
- prepared dbus support: waiting for boo#1015141

Mon Dec 12 12:59:54 UTC 2016 -

- update 1.3.2
    - Security focused on notify heplers. Some minor fix and
  - changes from 1.3.1
    - Quick script fix for regression brought by last release.
  - changes from 1.3.0
    - New MAJOR release with stabilization fixes. Support to DBus.
      Conf extensions. Parser error log. Security extensions to run
      scripts more secure.
  - changes from 1.2.24
    - MAJOR release with stabilization fixes and new features like
      support to network namespace.

  Refer to /usr/share/doc/packages/keepalived/ChangeLog
  for more infos.

Wed Jul 20 09:07:35 UTC 2016 -

- update to 1.2.23
  Some VRRP fixes. Some Healthcheckers fixes.
  Refer to ChangeLog for more infos.

Fri Jul  8 10:32:22 UTC 2016 -

- update to 1.2.22
  Some VRRP fixes. Refer to ChangeLog for more infos.
- update to 1.2.21
  Some fixes for last major release 1.2.20. Extensions on vrrp
  framework. Refer to ChangeLog for more infos.
- update to 1.2.20
  BUNCH of extensions, fixes, cleanup & production considerations.
  Distro packages maintainers are strongly encouraged to upgrade.
- new BR libnfnetlink-devel
- we no longer ship the VRRP-MIB

Thu Feb 11 10:44:31 UTC 2016 -

- enhanced keepalive-init.patch :
  + replace tabs with spaces
  + read /etc/sysconfig/keepalived, if exists and use the settings
    there instead of the default KEEPALIVED_OPTIONS in case the
    user changed them

Thu Jan 28 12:13:36 UTC 2016 -

- use package name buildrequires on sle11 to fix building

Thu Jan 28 11:46:11 UTC 2016 -

- enable snmp for better monitoring
- enable sha1 support

Wed Oct  7 11:45:41 UTC 2015 -

- Update to version 1.2.19:
  + vrrp: fix checksum computation in vrrp v2 for socket family
  + Some cosmetics at Makefile stuff.
- Changes from version 1.2.18:
  + some cosmetics changes (in memory and parser).
  + remove dead/not used code.
  + revert notify script brought by last release.
  + revert VRRP preemption speed up extension.
  + vrrp: ix vrrp removes incorrect IPv4 address when VIPs are
  + vrrp: Re-enable VRRPv2 checksum on inbound pkts.
- Changes from version 1.2.17:
  + zalloc use xalloc for consistency.
  + memory: fix wrong size calculation in zfree.
  + Fix keepalived snmp configuration.
  + Change comments to match kernel style.
  + smtp: Fix wrong algorithm in RCPT-TO building.
  + Lots of vrrp fixes.
- Changes from version 1.2.16:
  + Properly close netlink channel to avoid fd leak.
  + Use getaddrinfo instead of gethostbyname to workaround glibc
    gethostbyname function buffer overflow (boo#949238).
  + Lots of ipvs fixes.

Wed Oct  7 10:31:50 UTC 2015 -

- no longer install the init script on systemd systems

Wed Mar 11 13:21:29 UTC 2015 -

- Update to version 1.2.15:
  + Bugfixes.
- Changes from version 1.2.14:
  + VRRP bugfixes and extensions. IPVS bugfixes and code code
- Changes from version 1.2.13:
  + VRRP fixes and extensions. Extrend and unify checker

Mon Feb  2 01:32:37 UTC 2015 -

- Build with -DOPENSSL_NO_SSL_INTERN, if package starts accessing
  the SSL library internals it must fail to build now, in upcoming
  openSSL versions structures are opaque.
- BuildRequire libnl3
- Do not strip binaries, fix -debuginfo packages.

Sun Nov 09 05:21:00 UTC 2014 - Led <>

- fix bashisms in pre script

Thu Jul 31 14:28:08 UTC 2014 -

- Rename rpmlintrc to %{name}-rpmlintrc.
  Follow the packaging guidelines.

Tue Feb 11 08:12:55 UTC 2014 -

- updated to latest upstream version 1.2.12
  + Fix reallocation issue introduced in last merge.
  + Fix some minor memory leaks.
  + Better libnl support and selection.
  + VRRP unicast TTL fix.
  + Support to newer libnl.
  + More IPv6 support.
  + Fix/extend VRRP gratuitous ARP handling.
  + Support xmit VRRP packets from base VMAC interface.
  + VRRP multicast group tweaking.
  + Fixed VRRP socket sync while leaving FAULT state.
  + Code cleanup and cosmetics.

Tue Jan  7 10:55:42 UTC 2014 -

- Add cyrus-sasl for old distros

Tue Nov 19 14:01:47 UTC 2013 -

- Update to version 1.2.9:
  + Extended VRRP code for faster sync and transition.
  + Fixed VRRP unicast code to support routed packet.
  + Fixed VRRP checksum computation.
  + Extended VRRP code tweaking IPv6 VIP install by disabling DAD algo and setting deprecated flag.
  + Fixed some issues in checker framework while processing hysteresis.
  + Extended checker framework to support use of status_code and digest at a time.
- Changes from version 1.2.8:
  + Add support for VRRP unicast.
  + Add support for VRRP IPv6 routes.
  + Add support to LVS One-Packet Scheduling.
  + Add CLI core framework.
  + Misc bugfixes, typo and cosmetics.
- Drop keepalived_man_fix.patch: merged upstream

Tue Nov 20 16:11:59 UTC 2012 -

- initial package of 1.2.7
openSUSE Build Service is sponsored by