From 4294bae1787dba323da4ddbeab01db83d740f904 Mon Sep 17 00:00:00 2001
From: wangxp006 <wangxp006@163.com>
Date: Thu, 10 Jun 2021 14:44:06 +0800
Subject: [PATCH] add upstream patches

---
 ...coming-up-during-vrrp_script-init-ph.patch | 42 ++++++++++
 ...n-checker-process-terminates-with-SN.patch | 43 ++++++++++
 ...gex-fix-memory-leak-if-not-using-JIT.patch | 26 ++++++
 ...ple-command-line-substitutions-condi.patch | 32 ++++++++
 ...ix-detecting-setsid-error-in-xdaemon.patch | 29 +++++++
 ...ing-if-kernel-netlink-socket-is-open.patch | 28 +++++++
 ...ry-used-for-entries-in-etc-iproute2-.patch | 54 +++++++++++++
 ...-a-file-descriptor-leak-with-SSL_GET.patch | 41 ++++++++++
 ...-file-descriptor-leak-when-reloading.patch | 62 ++++++++++++++
 ...ult-when-a-VRID-is-changed-on-a-VMAC.patch | 81 +++++++++++++++++++
 ...rrp_data-and-old_global_data-when-me.patch | 28 +++++++
 keepalived.spec                               | 23 +++++-
 12 files changed, 487 insertions(+), 2 deletions(-)
 create mode 100644 0001-Fix-interfaaces-coming-up-during-vrrp_script-init-ph.patch
 create mode 100644 0002-Fix-segfault-when-checker-process-terminates-with-SN.patch
 create mode 100644 0003-regex-fix-memory-leak-if-not-using-JIT.patch
 create mode 100644 0004-parser-fix-multiple-command-line-substitutions-condi.patch
 create mode 100644 0005-Fix-detecting-setsid-error-in-xdaemon.patch
 create mode 100644 0006-vrrp-fix-checking-if-kernel-netlink-socket-is-open.patch
 create mode 100644 0007-vrrp-ensure-memory-used-for-entries-in-etc-iproute2-.patch
 create mode 100644 0008-ipvs-fix-a-file-descriptor-leak-with-SSL_GET.patch
 create mode 100644 0009-core-Fix-a-file-descriptor-leak-when-reloading.patch
 create mode 100644 0010-vrrp-Don-t-segfault-when-a-VRID-is-changed-on-a-VMAC.patch
 create mode 100644 0011-vrrp-clear-old_vrrp_data-and-old_global_data-when-me.patch

diff --git a/0001-Fix-interfaaces-coming-up-during-vrrp_script-init-ph.patch b/0001-Fix-interfaaces-coming-up-during-vrrp_script-init-ph.patch
new file mode 100644
index 0000000..74d8875
--- /dev/null
+++ b/0001-Fix-interfaaces-coming-up-during-vrrp_script-init-ph.patch
@@ -0,0 +1,42 @@
+From 1ef6d477f4bd4b8e8c61748205352b6ff34936d3 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 7 Apr 2020 23:47:16 +0100
+Subject: [PATCH 006/691] Fix interfaaces coming up during vrrp_script init
+ phase
+
+Issue #1532 reported that if a tracked interface transitioned from
+down to up while a vrrp_script was running for the first time, the
+tracking vrrp instances would never come up. This commit resolves
+the issue.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/vrrp/vrrp_scheduler.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/keepalived/vrrp/vrrp_scheduler.c b/keepalived/vrrp/vrrp_scheduler.c
+index 6eac8fd..6f3586d 100644
+--- a/keepalived/vrrp/vrrp_scheduler.c
++++ b/keepalived/vrrp/vrrp_scheduler.c
+@@ -623,8 +623,17 @@ try_up_instance(vrrp_t *vrrp, bool leaving_init)
+ 		if (vrrp->num_script_if_fault)
+ 			return;
+ 	}
+-	else if (--vrrp->num_script_if_fault || vrrp->num_script_init)
++	else if (--vrrp->num_script_if_fault || vrrp->num_script_init) {
++		if (!vrrp->num_script_if_fault) {
++			if (vrrp->sync) {
++				vrrp->sync->num_member_fault--;
++				vrrp->sync->state = VRRP_STATE_INIT;
++			}
++			vrrp->wantstate = VRRP_STATE_BACK;
++		}
++
+ 		return;
++	}
+ 
+ 	if (vrrp->wantstate == VRRP_STATE_MAST && vrrp->base_priority == VRRP_PRIO_OWNER) {
+ 		vrrp->wantstate = VRRP_STATE_MAST;
+-- 
+1.8.3.1
+
diff --git a/0002-Fix-segfault-when-checker-process-terminates-with-SN.patch b/0002-Fix-segfault-when-checker-process-terminates-with-SN.patch
new file mode 100644
index 0000000..976f6b8
--- /dev/null
+++ b/0002-Fix-segfault-when-checker-process-terminates-with-SN.patch
@@ -0,0 +1,43 @@
+From 1a94bcfe23ef9deca79f71769b786d774892bd3a Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 26 May 2020 15:25:11 +0100
+Subject: [PATCH 093/691] Fix segfault when checker process terminates with
+ SNMP
+
+snmp_agent_close() now has to be called before thread_destroy_master()
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/check/check_daemon.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/keepalived/check/check_daemon.c b/keepalived/check/check_daemon.c
+index 7da4061..1ce274d 100644
+--- a/keepalived/check/check_daemon.c
++++ b/keepalived/check/check_daemon.c
+@@ -133,6 +133,11 @@ checker_terminate_phase2(void)
+ 	/* Remove the notify fifo */
+ 	notify_fifo_close(&global_data->notify_fifo, &global_data->lvs_notify_fifo);
+ 
++#ifdef _WITH_SNMP_CHECKER_
++	if (global_data && global_data->enable_snmp_checker)
++		check_snmp_agent_close();
++#endif
++
+ 	/* Destroy master thread */
+ 	checker_dispatcher_release();
+ 	thread_destroy_master(master);
+@@ -141,10 +146,6 @@ checker_terminate_phase2(void)
+ 	free_ssl();
+ 
+ 	ipvs_stop();
+-#ifdef _WITH_SNMP_CHECKER_
+-	if (global_data && global_data->enable_snmp_checker)
+-		check_snmp_agent_close();
+-#endif
+ 
+ 	/* Stop daemon */
+ 	pidfile_rm(checkers_pidfile);
+-- 
+1.8.3.1
+
diff --git a/0003-regex-fix-memory-leak-if-not-using-JIT.patch b/0003-regex-fix-memory-leak-if-not-using-JIT.patch
new file mode 100644
index 0000000..226c9f8
--- /dev/null
+++ b/0003-regex-fix-memory-leak-if-not-using-JIT.patch
@@ -0,0 +1,26 @@
+From 4ab53a9bdac7701900d238574cd86e0a987b8a45 Mon Sep 17 00:00:00 2001
+From: Alexandre Cassen <acassen@gmail.com>
+Date: Fri, 5 Jun 2020 16:40:43 +0200
+Subject: [PATCH 149/691] regex: fix memory leak if not using JIT
+
+---
+ keepalived/check/check_http.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/keepalived/check/check_http.c b/keepalived/check/check_http.c
+index f2f61c9..e14f82d 100644
+--- a/keepalived/check/check_http.c
++++ b/keepalived/check/check_http.c
+@@ -771,6 +771,9 @@ prepare_regex(url_t *url)
+ 		pcre2_get_error_message(pcreErrorNumber, buffer, sizeof buffer);
+ 		log_message(LOG_INFO, "Regex JIT compilation failed: '%s': %s\n", url->regex->pattern, (char *)buffer);
+ 
++		FREE_CONST_PTR(r->pattern);
++		FREE(r);
++
+ 		return;
+ 	}
+ #endif
+-- 
+1.8.3.1
+
diff --git a/0004-parser-fix-multiple-command-line-substitutions-condi.patch b/0004-parser-fix-multiple-command-line-substitutions-condi.patch
new file mode 100644
index 0000000..0bb126f
--- /dev/null
+++ b/0004-parser-fix-multiple-command-line-substitutions-condi.patch
@@ -0,0 +1,32 @@
+From d37b2f4794acf1b0b431110c5e1fb23d652c5962 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 7 Jul 2020 21:16:26 +0100
+Subject: [PATCH 283/691] parser: fix multiple command line
+ substitutions/conditions
+
+For example:
+$NO_STRICT      @high   unicast_src_ip 10.1.5.1
+would cause the parser to enter an infinite loop.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ lib/parser.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/parser.c b/lib/parser.c
+index f6c522c..73911d9 100644
+--- a/lib/parser.c
++++ b/lib/parser.c
+@@ -1826,8 +1826,8 @@ read_line(char *buf, size_t size)
+ 		if (len == 0)
+ 			continue;
+ 
+-		recheck = false;
+ 		do {
++			recheck = false;
+ 			if (buf[0] == '@') {
+ 				/* If the line starts '@', check the following word matches the system id.
+ 				   @^ reverses the sense of the match */
+-- 
+1.8.3.1
+
diff --git a/0005-Fix-detecting-setsid-error-in-xdaemon.patch b/0005-Fix-detecting-setsid-error-in-xdaemon.patch
new file mode 100644
index 0000000..613a130
--- /dev/null
+++ b/0005-Fix-detecting-setsid-error-in-xdaemon.patch
@@ -0,0 +1,29 @@
+From d058988e1f2a67769075066e875cd8b16de931a4 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Thu, 20 Aug 2020 17:06:19 +0100
+Subject: [PATCH 322/691] Fix detecting setsid() error in xdaemon()
+
+setsid() return should be checked for < 0 rather than < -1. This
+error was fixed in the zebra code in 2004!
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/core/daemon.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/keepalived/core/daemon.c b/keepalived/core/daemon.c
+index 0e3621d..3f99d34 100644
+--- a/keepalived/core/daemon.c
++++ b/keepalived/core/daemon.c
+@@ -59,7 +59,7 @@ xdaemon(bool nochdir, bool noclose, bool exitflag)
+ 
+ 	/* Become session leader and get pid. */
+ 	pid = setsid();
+-	if (pid < -1) {
++	if (pid < 0) {
+ 		log_message(LOG_INFO, "xdaemon: setsid error");
+ 		return -1;
+ 	}
+-- 
+1.8.3.1
+
diff --git a/0006-vrrp-fix-checking-if-kernel-netlink-socket-is-open.patch b/0006-vrrp-fix-checking-if-kernel-netlink-socket-is-open.patch
new file mode 100644
index 0000000..7469257
--- /dev/null
+++ b/0006-vrrp-fix-checking-if-kernel-netlink-socket-is-open.patch
@@ -0,0 +1,28 @@
+From 2f7fdfc1a45931753d77a17b1b67c6725a5f6784 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Wed, 14 Oct 2020 16:17:08 +0100
+Subject: [PATCH 380/691] vrrp: fix checking if kernel netlink socket is open
+
+0 is a valid value for a file descriptor.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/core/keepalived_netlink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/keepalived/core/keepalived_netlink.c b/keepalived/core/keepalived_netlink.c
+index 6ac26dc..3169013 100644
+--- a/keepalived/core/keepalived_netlink.c
++++ b/keepalived/core/keepalived_netlink.c
+@@ -2314,7 +2314,7 @@ kernel_netlink(thread_ref_t thread)
+ void
+ kernel_netlink_poll(void)
+ {
+-	if (!nl_kernel.fd)
++	if (nl_kernel.fd < 0)
+ 		return;
+ 
+ 	netlink_parse_info(netlink_broadcast_filter, &nl_kernel, NULL, true);
+-- 
+1.8.3.1
+
diff --git a/0007-vrrp-ensure-memory-used-for-entries-in-etc-iproute2-.patch b/0007-vrrp-ensure-memory-used-for-entries-in-etc-iproute2-.patch
new file mode 100644
index 0000000..1498b8c
--- /dev/null
+++ b/0007-vrrp-ensure-memory-used-for-entries-in-etc-iproute2-.patch
@@ -0,0 +1,54 @@
+From ed07bd83ef06dc33365c286654a9fddc08fbb8f5 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Wed, 14 Oct 2020 16:19:54 +0100
+Subject: [PATCH 381/691] vrrp: ensure memory used for entries in /etc/iproute2
+ is freed
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/vrrp/vrrp_daemon.c | 2 ++
+ keepalived/vrrp/vrrp_data.c   | 2 --
+ lib/parser.c                  | 4 +---
+ 3 files changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/keepalived/vrrp/vrrp_daemon.c b/keepalived/vrrp/vrrp_daemon.c
+index 4533f06..ea950c9 100644
+--- a/keepalived/vrrp/vrrp_daemon.c
++++ b/keepalived/vrrp/vrrp_daemon.c
+@@ -246,6 +246,8 @@ vrrp_terminate_phase2(int exit_status)
+ 		dbus_stop();
+ #endif
+ 
++	clear_rt_names();
++
+ 	if (global_data->vrrp_notify_fifo.fd != -1)
+ 		notify_fifo_close(&global_data->notify_fifo, &global_data->vrrp_notify_fifo);
+ 
+diff --git a/keepalived/vrrp/vrrp_data.c b/keepalived/vrrp/vrrp_data.c
+index 31f4b82..40d10ba 100644
+--- a/keepalived/vrrp/vrrp_data.c
++++ b/keepalived/vrrp/vrrp_data.c
+@@ -1157,6 +1157,4 @@ dump_data_vrrp(FILE *fp)
+ 		conf_write(fp, "------< Interfaces >------");
+ 		dump_list(fp, ifl);
+ 	}
+-
+-	clear_rt_names();
+ }
+diff --git a/lib/parser.c b/lib/parser.c
+index 73911d9..c13e133 100644
+--- a/lib/parser.c
++++ b/lib/parser.c
+@@ -2099,8 +2099,6 @@ init_data(const char *conf_file, const vector_t * (*init_keywords) (void))
+ 
+ 	free_keywords(keywords);
+ 	free_parser_data();
+-#ifdef _WITH_VRRP_
+-	clear_rt_names();
+-#endif
++
+ 	notify_resource_release();
+ }
+-- 
+1.8.3.1
+
diff --git a/0008-ipvs-fix-a-file-descriptor-leak-with-SSL_GET.patch b/0008-ipvs-fix-a-file-descriptor-leak-with-SSL_GET.patch
new file mode 100644
index 0000000..2f6b641
--- /dev/null
+++ b/0008-ipvs-fix-a-file-descriptor-leak-with-SSL_GET.patch
@@ -0,0 +1,41 @@
+From 48d398a186afb0c71eb2fc05328f4fed580f975e Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Wed, 28 Oct 2020 16:10:01 +0000
+Subject: [PATCH 426/691] ipvs: fix a file descriptor leak with SSL_GET
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/check/check_ssl.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/keepalived/check/check_ssl.c b/keepalived/check/check_ssl.c
+index c7fb2ca..2999244 100644
+--- a/keepalived/check/check_ssl.c
++++ b/keepalived/check/check_ssl.c
+@@ -301,8 +301,8 @@ ssl_read_thread(thread_ref_t thread)
+ 	if (req->error == SSL_ERROR_WANT_READ) {
+ 		 /* async read unfinished */
+ 		thread_add_read(thread->master, ssl_read_thread, checker,
+-				thread->u.f.fd, timeout, false);
+-	} else if (r > 0 && req->error == 0) {
++				thread->u.f.fd, timeout, true);
++	} else if (r > 0 && req->error == SSL_ERROR_NONE) {
+ 		/* Handle response stream */
+ 		http_process_response(req, (size_t)r, url);
+ 
+@@ -311,10 +311,9 @@ ssl_read_thread(thread_ref_t thread)
+ 		 * Register itself to not perturbe global I/O multiplexer.
+ 		 */
+ 		thread_add_read(thread->master, ssl_read_thread, checker,
+-				thread->u.f.fd, timeout, false);
++				thread->u.f.fd, timeout, true);
+ 	} else if (req->error) {
+-
+-		/* All the SSL streal has been parsed */
++		/* All the SSL stream has been parsed */
+ 		if (url->digest)
+ 			MD5_Final(digest, &req->context);
+ 		SSL_set_quiet_shutdown(req->ssl, 1);
+-- 
+1.8.3.1
+
diff --git a/0009-core-Fix-a-file-descriptor-leak-when-reloading.patch b/0009-core-Fix-a-file-descriptor-leak-when-reloading.patch
new file mode 100644
index 0000000..fa66984
--- /dev/null
+++ b/0009-core-Fix-a-file-descriptor-leak-when-reloading.patch
@@ -0,0 +1,62 @@
+From ba3ce49606271ec49188b8c73ff341b9f680f254 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Wed, 28 Oct 2020 16:11:37 +0000
+Subject: [PATCH 427/691] core: Fix a file descriptor leak when reloading
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ lib/scheduler.c | 29 +++++++++++++++++++----------
+ 1 file changed, 19 insertions(+), 10 deletions(-)
+
+diff --git a/lib/scheduler.c b/lib/scheduler.c
+index f54e3b4..139b8e5 100644
+--- a/lib/scheduler.c
++++ b/lib/scheduler.c
+@@ -839,10 +839,24 @@ thread_destroy_list(thread_master_t *m, list_head_t *l)
+ 	thread_t *thread, *thread_tmp;
+ 
+ 	list_for_each_entry_safe(thread, thread_tmp, l, next) {
+-		if (thread->event) {
+-			thread_del_read(thread);
+-			thread_del_write(thread);
++		/* The following thread types are relevant for the ready list */
++		if (thread->type == THREAD_READY_READ_FD ||
++		    thread->type == THREAD_READY_WRITE_FD ||
++		    thread->type == THREAD_READ_TIMEOUT ||
++		    thread->type == THREAD_WRITE_TIMEOUT ||
++		    thread->type == THREAD_READ_ERROR ||
++		    thread->type == THREAD_WRITE_ERROR) {
++			/* Do we have a thread_event, and does it need deleting? */
++			if (thread->event) {
++				thread_del_read(thread);
++				thread_del_write(thread);
++			}
++
++			/* Do we have a file descriptor that needs closing ? */
++			if (thread->u.f.close_on_reload)
++				thread_close_fd(thread);
+ 		}
++
+ 		list_head_del(&thread->next);
+ 		thread_add_unuse(m, thread);
+ 	}
+@@ -856,14 +870,9 @@ thread_destroy_rb(thread_master_t *m, rb_root_cached_t *root)
+ 	rb_for_each_entry_safe_cached(thread, thread_tmp, root, n) {
+ 		rb_erase_cached(&thread->n, root);
+ 
++		/* The following are relevant for the read and write rb lists */
+ 		if (thread->type == THREAD_READ ||
+-		    thread->type == THREAD_WRITE ||
+-		    thread->type == THREAD_READY_READ_FD ||
+-		    thread->type == THREAD_READY_WRITE_FD ||
+-		    thread->type == THREAD_READ_TIMEOUT ||
+-		    thread->type == THREAD_WRITE_TIMEOUT ||
+-		    thread->type == THREAD_READ_ERROR ||
+-		    thread->type == THREAD_WRITE_ERROR) {
++		    thread->type == THREAD_WRITE) {
+ 			/* Do we have a thread_event, and does it need deleting? */
+ 			if (thread->type == THREAD_READ)
+ 				thread_del_read(thread);
+-- 
+1.8.3.1
+
diff --git a/0010-vrrp-Don-t-segfault-when-a-VRID-is-changed-on-a-VMAC.patch b/0010-vrrp-Don-t-segfault-when-a-VRID-is-changed-on-a-VMAC.patch
new file mode 100644
index 0000000..ebf3a03
--- /dev/null
+++ b/0010-vrrp-Don-t-segfault-when-a-VRID-is-changed-on-a-VMAC.patch
@@ -0,0 +1,81 @@
+From d00153b11938f973816d39fabfd7edb6c69e46e8 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 17 Nov 2020 16:14:18 +0000
+Subject: [PATCH 447/691] vrrp: Don't segfault when a VRID is changed on a VMAC
+ when reloading
+
+With many thanks to Louis Scalbert (@louis-oui) for identifying the
+issue and providing a patch that formed the basis of this patch.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/vrrp/vrrp_daemon.c | 16 ++++++++--------
+ keepalived/vrrp/vrrp_if.c     | 18 ++++++++++--------
+ 2 files changed, 18 insertions(+), 16 deletions(-)
+
+diff --git a/keepalived/vrrp/vrrp_daemon.c b/keepalived/vrrp/vrrp_daemon.c
+index ea950c9..aa3052d 100644
+--- a/keepalived/vrrp/vrrp_daemon.c
++++ b/keepalived/vrrp/vrrp_daemon.c
+@@ -551,6 +551,14 @@ start_vrrp(data_t *prev_global_data)
+ 		}
+ 	}
+ 
++	/* Init & start the VRRP packet dispatcher */
++	if (!reload && global_data->vrrp_startup_delay) {
++		log_message(LOG_INFO, "Delaying startup for %g seconds", global_data->vrrp_startup_delay / TIMER_HZ_DOUBLE);
++		thread_add_timer(master, vrrp_dispatcher_init, NULL,
++				 global_data->vrrp_startup_delay);
++	} else
++		thread_add_event(master, vrrp_dispatcher_init, NULL, 0);
++
+ 	/* Complete VRRP initialization */
+ 	if (!vrrp_complete_init()) {
+ 		stop_vrrp(KEEPALIVED_EXIT_CONFIG);
+@@ -610,14 +618,6 @@ start_vrrp(data_t *prev_global_data)
+ 	if (__test_bit(DUMP_CONF_BIT, &debug))
+ 		dump_data_vrrp(NULL);
+ 
+-	/* Init & start the VRRP packet dispatcher */
+-	if (!reload && global_data->vrrp_startup_delay) {
+-		log_message(LOG_INFO, "Delaying startup for %g seconds", global_data->vrrp_startup_delay / TIMER_HZ_DOUBLE);
+-		thread_add_timer(master, vrrp_dispatcher_init, NULL,
+-				 global_data->vrrp_startup_delay);
+-	} else
+-		thread_add_event(master, vrrp_dispatcher_init, NULL, 0);
+-
+ 	/* Set the process priority and non swappable if configured */
+ 	set_process_priorities(global_data->vrrp_realtime_priority,
+ #if HAVE_DECL_RLIMIT_RTTIME == 1
+diff --git a/keepalived/vrrp/vrrp_if.c b/keepalived/vrrp/vrrp_if.c
+index 6847df9..d40f9f1 100644
+--- a/keepalived/vrrp/vrrp_if.c
++++ b/keepalived/vrrp/vrrp_if.c
+@@ -1311,14 +1311,16 @@ cleanup_lost_interface(interface_t *ifp)
+ #endif
+ 
+ 		/* Find the sockpool entry. If none, then we have closed the socket */
+-		if (vrrp->sockets->fd_in != -1) {
+-			thread_cancel_read(master, vrrp->sockets->fd_in);
+-			close(vrrp->sockets->fd_in);
+-			vrrp->sockets->fd_in = -1;
+-		}
+-		if (vrrp->sockets->fd_out != -1) {
+-			close(vrrp->sockets->fd_out);
+-			vrrp->sockets->fd_out = -1;
++		if (vrrp->sockets) {
++			if (vrrp->sockets->fd_in != -1) {
++				thread_cancel_read(master, vrrp->sockets->fd_in);
++				close(vrrp->sockets->fd_in);
++				vrrp->sockets->fd_in = -1;
++			}
++			if (vrrp->sockets->fd_out != -1) {
++				close(vrrp->sockets->fd_out);
++				vrrp->sockets->fd_out = -1;
++			}
+ 		}
+ 
+ 		if (IF_ISUP(ifp))
+-- 
+1.8.3.1
+
diff --git a/0011-vrrp-clear-old_vrrp_data-and-old_global_data-when-me.patch b/0011-vrrp-clear-old_vrrp_data-and-old_global_data-when-me.patch
new file mode 100644
index 0000000..879e464
--- /dev/null
+++ b/0011-vrrp-clear-old_vrrp_data-and-old_global_data-when-me.patch
@@ -0,0 +1,28 @@
+From 988fd158b25a5ea08b2bef3bac6d0a2cd7bb53ec Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 15 Dec 2020 15:33:05 +0000
+Subject: [PATCH 483/691] vrrp: clear old_vrrp_data and old_global_data when
+ memory freed
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/vrrp/vrrp_daemon.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/keepalived/vrrp/vrrp_daemon.c b/keepalived/vrrp/vrrp_daemon.c
+index aa3052d..8d0fe70 100644
+--- a/keepalived/vrrp/vrrp_daemon.c
++++ b/keepalived/vrrp/vrrp_daemon.c
+@@ -817,7 +817,9 @@ reload_vrrp_thread(__attribute__((unused)) thread_ref_t thread)
+ 
+ 	/* free backup data */
+ 	free_vrrp_data(old_vrrp_data);
++	old_vrrp_data = NULL;
+ 	free_global_data(old_global_data);
++	old_global_data = NULL;
+ 
+ 	free_old_interface_queue();
+ 
+-- 
+1.8.3.1
+
diff --git a/keepalived.spec b/keepalived.spec
index 2afe1b7..09bc305 100644
--- a/keepalived.spec
+++ b/keepalived.spec
@@ -9,13 +9,26 @@
 
 Name:		keepalived
 Version:	2.0.20
-Release:	17
+Release:	18
 Summary:	High Availability monitor built upon LVS, VRRP and service pollers
 License:	GPLv2+
 URL:		http://www.keepalived.org/
 Source0:	http://www.keepalived.org/software/keepalived-%{version}.tar.gz
 Source1: 	keepalived.service
 
+Patch0001:      0001-Fix-interfaaces-coming-up-during-vrrp_script-init-ph.patch
+Patch0002:      0002-Fix-segfault-when-checker-process-terminates-with-SN.patch
+Patch0003:      0003-regex-fix-memory-leak-if-not-using-JIT.patch
+Patch0004:      0004-parser-fix-multiple-command-line-substitutions-condi.patch
+Patch0005:      0005-Fix-detecting-setsid-error-in-xdaemon.patch
+Patch0006:      0006-vrrp-fix-checking-if-kernel-netlink-socket-is-open.patch
+Patch0007:      0007-vrrp-ensure-memory-used-for-entries-in-etc-iproute2-.patch
+Patch0008:      0008-ipvs-fix-a-file-descriptor-leak-with-SSL_GET.patch
+Patch0009:      0009-core-Fix-a-file-descriptor-leak-when-reloading.patch
+Patch0010:      0010-vrrp-Don-t-segfault-when-a-VRID-is-changed-on-a-VMAC.patch
+Patch0011:      0011-vrrp-clear-old_vrrp_data-and-old_global_data-when-me.patch
+
+
 BuildRequires:	net-snmp-devel gcc systemd-units openssl-devel libnl3-devel
 BuildRequires:  ipset-devel iptables-devel libnfnetlink-devel libnftnl-devel
 Requires:       %{name}-help = %{version}-%{release}
@@ -40,7 +53,7 @@ or all together to provide resilient infrastructures.
 %package_help
 
 %prep
-%autosetup -n %{name}-%{version}
+%autosetup -n %{name}-%{version} -p1
 
 %build
 %configure  %{?with_debug:--enable-debug}  %{?with_profile:--enable-profile} \
@@ -90,6 +103,12 @@ install -Dd -m 0755 %{buildroot}%{_libexecdir}/keepalived
 %{_mandir}/man*
 
 %changelog
+* Wed Jun 10 2021 wangxp006 <wangxp006@163.com> -  2.0.20-18
+- Type:bugfix
+- ID:NA 
+- SUG:NA
+- DESC:backport upstream patches
+
 * Wed Feb 09 2021 kwb0523<kwb0523@163.com> - 2.0.20-17
 - rebuild keepalived
 
-- 
Gitee