summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--metadata/md5-cache/sys-cluster/keepalived-1.2.92
-rw-r--r--sys-cluster/keepalived/ChangeLog6
-rw-r--r--sys-cluster/keepalived/Manifest5
-rw-r--r--sys-cluster/keepalived/files/keepalived-1.2.9-vrrp-disable-TTL-sanity-check-for-unicast-use-case.patch34
-rw-r--r--sys-cluster/keepalived/keepalived-1.2.9.ebuild1
5 files changed, 45 insertions, 3 deletions
diff --git a/metadata/md5-cache/sys-cluster/keepalived-1.2.9 b/metadata/md5-cache/sys-cluster/keepalived-1.2.9
index e8461ec7..4206e2b8 100644
--- a/metadata/md5-cache/sys-cluster/keepalived-1.2.9
+++ b/metadata/md5-cache/sys-cluster/keepalived-1.2.9
@@ -10,4 +10,4 @@ RDEPEND=dev-libs/popt sys-apps/iproute2 dev-libs/libnl:1.1 dev-libs/openssl snmp
SLOT=0
SRC_URI=http://www.keepalived.org/software/keepalived-1.2.9.tar.gz
_eclasses_=autotools 16761a2f972abd686713e5967ff3c754 base ec46b36a6f6fd1d0b505a33e0b74e413 eutils 4878e7f88afc0ba0866ac112190b0fd4 libtool b1c8688e60f9580bcb9bb46e08737eb1 multilib 892e597faee02a5b94eb02ab512e7622 multiprocessing 89580da5ec17ad687fcde876c542b91e toolchain-funcs 51e6c948e72c43bcc8edc7544411c953 user d0a4d0735a6c0183d707ca919bd72f28
-_md5_=f9e0cc1154ca478d1a37d5abc26a024c
+_md5_=17df1227dc8508ba0b2259265c9de4c4
diff --git a/sys-cluster/keepalived/ChangeLog b/sys-cluster/keepalived/ChangeLog
index ff8301e3..03c85bb1 100644
--- a/sys-cluster/keepalived/ChangeLog
+++ b/sys-cluster/keepalived/ChangeLog
@@ -1,3 +1,9 @@
+ 15 Nov 2013; Bertrand Jacquin <beber@meleeweb.net> +files/keepalived-1.2.9-vrr
+ p-disable-TTL-sanity-check-for-unicast-use-case.patch,
+ keepalived-1.2.9.ebuild:
+ sys-cluster/keepalived: Import upstream patch "vrrp: disable TTL sanity check
+ for unicast use-case"
+
*keepalived-1.2.9 (15 Nov 2013)
15 Nov 2013; Bertrand Jacquin <beber@meleeweb.net>
diff --git a/sys-cluster/keepalived/Manifest b/sys-cluster/keepalived/Manifest
index a3a6475c..8caedd6b 100644
--- a/sys-cluster/keepalived/Manifest
+++ b/sys-cluster/keepalived/Manifest
@@ -1,8 +1,9 @@
AUX keepalived-1.2.2-libipvs-fix-backup-daemon.patch 1929 SHA256 4a67e2910cf21dbd662b1004f26a0d02c48d3864ecfacbb0c6f3d5865b648341 WHIRLPOOL c4cc9419ea66011ff6a42e655715233fece6e882289810d8ac4f29d2c609902512ba7b8cfdc4a627c2ce008ec4ad0d8d297b618b08feccba2d21fb911fd188da
AUX keepalived-1.2.2-libipvs-fix-ipv6.patch 1036 SHA256 1f4b1c3b74537b2cd47052a068ee9a71131e14e851952c28d79ef027631f1347 WHIRLPOOL 75b62c97875d318ab3ced208f8b8e0c66d459164f2928a0907281fa93800b20ff953831c2dc4203bd7cb15f31cb2e14e79b7200052a032d466bbe3f69e591fc7
+AUX keepalived-1.2.9-vrrp-disable-TTL-sanity-check-for-unicast-use-case.patch 1395 SHA256 ae70383af18623b4c975892362eb0eba7b25c4c9d3f9d2282241e715d73f5ddb WHIRLPOOL 912c2cd685cc111f677381085869a5000e75153e7cb881f8dc0ac68e75585b6ad6ec18f4979df96a9d61f5894cc686485e9654d351999dd710554897ccf12869
AUX keepalived.confd 290 SHA256 e24b65e5c4ec5d37802db1d85aa5aac8f2fcef94a58db6b52d72da6286556c07 WHIRLPOOL 5b9747fc5fb25081f681c76acd6b8b5c13268f09398241d533f8ed153d0b5c5d9c8c08d77ef394268a64321352d4b17e2cb4dffe6c29198a8883519382a4ef51
AUX keepalived.init 912 SHA256 44fe841fa059c8d9a02f9f9b6d3dd6d12bcc42f83ed818795913cdcdcf6c3da7 WHIRLPOOL 67db38df631eab9aafcbc6dbf7534d9a8d307d82fa676b80a0bf23dda9fdda7be6fa40b3f7b841600e6e58b789e9e2ab236d7d2d1d71aa7fa968a089d6d1e12c
DIST keepalived-1.2.9.tar.gz 330779 SHA256 fb711dacce95b60eee18f2b89938a9fbebc5096022f17850fd2284f207e41d9d WHIRLPOOL 255887a26f9c561f9229961c835edf3e22563def594ce55af6d81105db5512ea31484efbfc0fb77234368f55bbbb4994edecf6b00af8399c3fc10f6903e1b6d2
-EBUILD keepalived-1.2.9.ebuild 1690 SHA256 91330f9f665a996af2b1e4208759d3ee3ec4eef494cb25bec6ab9b9c7a9dd52e WHIRLPOOL 52e2947aaccaa64d81da48266e591fb06e67eeadfb04d3ff3a8bbce20ded40fdf546c33902dc5709fe9c9ac2e215cbe3bda07ede1362e0bca00024d285311973
-MISC ChangeLog 339 SHA256 18c7c2217692a30b4662028ebfa0caf290148073e34c90bf3ee8f2e623bff33b WHIRLPOOL 5bee00e52beb45c0a2d66ce3a08fa0652f699028923c668d2d93f41b225022a3c3bf074362e7c942d5db4fcf77076c1e189744fdfd9bc04a2674d4f40c0a36dc
+EBUILD keepalived-1.2.9.ebuild 1768 SHA256 cf57e7537f535c1cdb6b81056a29a8ecb35adc842129fb6d83ab5171407bba02 WHIRLPOOL 5aeb867ad9e120b85de4af35cb4a6c9d7c34190553ecc4c30a18c0f3f8a45aba32e50f1a3acd5001d1608fc24d5a11ea023b4a0de901fd82318adf860b987ed0
+MISC ChangeLog 609 SHA256 ff59afbf5e782cd13d042ac4935e5ed5cda0c6579f2b05a788e42c372227ef06 WHIRLPOOL 454e493f3d8abfc9e95a2f418cc72e6fd21ccc883f2427694b9caeee0909e5065d0f7461f2bee54d1fa9536054516adc7d66e43da70789c6340aa42563f25100
MISC metadata.xml 272 SHA256 7fde2180ebedf6971ce9767ab11e619ca60ade87b6c32b37c8fbf3a5442d56b1 WHIRLPOOL ed96940f240f8e6fc1c4e2bf8d9b2064ade28255ef6238e048b3d80d8f9334b101e19deb5c1f89f83016c042bbc533b7855d02e3e0d19c5e2582d93fe416a80f
diff --git a/sys-cluster/keepalived/files/keepalived-1.2.9-vrrp-disable-TTL-sanity-check-for-unicast-use-case.patch b/sys-cluster/keepalived/files/keepalived-1.2.9-vrrp-disable-TTL-sanity-check-for-unicast-use-case.patch
new file mode 100644
index 00000000..7c9dd71a
--- /dev/null
+++ b/sys-cluster/keepalived/files/keepalived-1.2.9-vrrp-disable-TTL-sanity-check-for-unicast-use-case.patch
@@ -0,0 +1,34 @@
+From 3d9f6a44b07c049e5b8b03f55a5cefcc5753a679 Mon Sep 17 00:00:00 2001
+From: Alexandre Cassen <acassen@gmail.com>
+Date: Fri, 15 Nov 2013 15:51:10 +0100
+Subject: [PATCH] vrrp: disable TTL sanity check for unicast use-case
+
+In order to protect against any packet injection, VRRP provides
+sanity check over IP header TTL. This TTL MUST be equal to 255 and
+means both sender and receiver are attached on the same ethernet
+segment. Now with unicast extension this protection MUST be disabled
+since VRRP adverts will mostly traverse different network segments.
+
+!!! WARNING !!! When using VRRP in unicast use-case in order to protect
+against any packet injection the best practice is to use IPSEC-AH auth
+method otherwise you are exposed to potential attackers !
+---
+ keepalived/vrrp/vrrp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/keepalived/vrrp/vrrp.c b/keepalived/vrrp/vrrp.c
+index ca1827e..19a52d1 100644
+--- a/keepalived/vrrp/vrrp.c
++++ b/keepalived/vrrp/vrrp.c
+@@ -247,7 +247,7 @@ vrrp_in_chk(vrrp_t * vrrp, char *buffer)
+ vips = (unsigned char *) ((char *) hd + sizeof(vrrphdr_t));
+
+ /* MUST verify that the IP TTL is 255 */
+- if (ip->ttl != VRRP_IP_TTL) {
++ if (LIST_ISEMPTY(vrrp->unicast_peer) && ip->ttl != VRRP_IP_TTL) {
+ log_message(LOG_INFO, "invalid ttl. %d and expect %d", ip->ttl,
+ VRRP_IP_TTL);
+ return VRRP_PACKET_KO;
+--
+1.8.4.3
+
diff --git a/sys-cluster/keepalived/keepalived-1.2.9.ebuild b/sys-cluster/keepalived/keepalived-1.2.9.ebuild
index 76601fb4..a62cc7bd 100644
--- a/sys-cluster/keepalived/keepalived-1.2.9.ebuild
+++ b/sys-cluster/keepalived/keepalived-1.2.9.ebuild
@@ -26,6 +26,7 @@ DEPEND="${RDEPEND}
PATCHES=(
"${FILESDIR}"/${PN}-1.2.2-libipvs-fix-backup-daemon.patch
"${FILESDIR}"/${PN}-1.2.2-libipvs-fix-ipv6.patch
+ "${FILESDIR}"/${PV}-vrrp-disable-TTL-sanity-check-for-unicast-use-case.patch
)
DOCS=( README CONTRIBUTORS INSTALL VERSION ChangeLog AUTHOR TODO
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-26 08:14:14 +0000