From 4a8b8bd95f67b5f3ed6a395f1874663f8758313748a0ee437705a689fce5d47d Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Fri, 7 Sep 2012 12:53:09 +0000 Subject: [PATCH] - Applied upstream patch adjusting an internal thread id causing charon keying daemon start failure (bnc#779038,strongswan#198): openssl: Ensure the thread ID is never zero This might otherwise cause problems because OpenSSL tries to lock mutexes recursively if it assumes the lock is held by a different thread e.g. during FIPS initialization. See http://wiki.strongswan.org/issues/198 for more informations. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=48 --- ...l-Ensure-the-thread-ID-is-never-zero.patch | 30 +++++++++++++++++++ strongswan.changes | 11 +++++++ strongswan.spec | 2 ++ 3 files changed, 43 insertions(+) create mode 100644 0001-openssl-Ensure-the-thread-ID-is-never-zero.patch diff --git a/0001-openssl-Ensure-the-thread-ID-is-never-zero.patch b/0001-openssl-Ensure-the-thread-ID-is-never-zero.patch new file mode 100644 index 0000000..c051d0d --- /dev/null +++ b/0001-openssl-Ensure-the-thread-ID-is-never-zero.patch @@ -0,0 +1,30 @@ +From 901dbc1077f6c9bd29369cad848bc79a29c1a65b Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Sat, 30 Jun 2012 10:05:41 +0200 +Subject: [PATCH] openssl: Ensure the thread ID is never zero + +This might otherwise cause problems because OpenSSL tries to lock +mutexes recursively if it assumes the lock is held by a different +thread e.g. during FIPS initialization. +--- + src/libstrongswan/plugins/openssl/openssl_plugin.c | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c +index 5a11412..7daa92b 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c ++++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c +@@ -129,7 +129,9 @@ static void destroy_function(struct CRYPTO_dynlock_value *lock, + */ + static unsigned long id_function(void) + { +- return (unsigned long)thread_current_id(); ++ /* ensure the thread ID is never zero, otherwise OpenSSL might try to ++ * acquire locks recursively */ ++ return 1 + (unsigned long)thread_current_id(); + } + + /** +-- +1.7.7 + diff --git a/strongswan.changes b/strongswan.changes index 55c544b..ce71a37 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Sep 7 08:36:57 UTC 2012 - mt@suse.de + +- Applied upstream patch adjusting an internal thread id causing + charon keying daemon start failure (bnc#779038,strongswan#198): + openssl: Ensure the thread ID is never zero + This might otherwise cause problems because OpenSSL tries to + lock mutexes recursively if it assumes the lock is held by a + different thread e.g. during FIPS initialization. + See http://wiki.strongswan.org/issues/198 for more informations. + ------------------------------------------------------------------- Thu May 31 16:08:43 UTC 2012 - mt@suse.com diff --git a/strongswan.spec b/strongswan.spec index 0ca5be3..a207c0b 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -42,6 +42,7 @@ Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Patch1: %{name}_modprobe_syslog.patch Patch2: %{name}-%{version}-fmt-warnings.patch +Patch3: 0001-openssl-Ensure-the-thread-ID-is-never-zero.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -249,6 +250,7 @@ and the load testing plugin for IKEv2 daemon. %setup -q -n %{name}-%{upstream_version} %patch1 -p0 %patch2 -p0 +%patch3 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init