diff --git a/strongswan-4.3.4-load_secrets-lock-fix.diff b/strongswan-4.3.4-load_secrets-lock-fix.diff new file mode 100644 index 0000000..e20dcaa --- /dev/null +++ b/strongswan-4.3.4-load_secrets-lock-fix.diff @@ -0,0 +1,38 @@ +From: Marius Tomaschewski +Date: Wed, 2 Sep 2009 13:49:39 +0200 +Subject: [PATCH] Fixed load_secrets to acquire/release lock in level 0 only + +The write_lock call fails with EDEADLK and unlocks in the +next recursion level. + +diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c +index 31bcfe9f486f4dac0ae30bc5846ed3d818526dbb..68df7f0b6d709c396d7a572ca4d0198ef12b2446 100644 +--- a/src/charon/plugins/stroke/stroke_cred.c ++++ b/src/charon/plugins/stroke/stroke_cred.c +@@ -722,9 +722,10 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) + fclose(fd); + src = chunk; + +- this->lock->write_lock(this->lock); + if (level == 0) + { ++ this->lock->write_lock(this->lock); ++ + /* flush secrets on non-recursive invocation */ + while (this->shared->remove_last(this->shared, + (void**)&shared) == SUCCESS) +@@ -1019,7 +1020,10 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) + } + } + error: +- this->lock->unlock(this->lock); ++ if (level == 0) ++ { ++ this->lock->unlock(this->lock); ++ } + chunk_clear(&chunk); + } + +-- +1.6.0.2 + diff --git a/strongswan.changes b/strongswan.changes index 17a6739..573e07f 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Sep 3 23:44:37 CEST 2009 - mt@suse.de + +- Applied patch fixing locking in ipsec.secrets inclusion. + ------------------------------------------------------------------- Mon Aug 31 16:06:13 CEST 2009 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index 3edec61..e907fef 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -22,7 +22,7 @@ Name: strongswan %define upstream_version 4.3.4 %define strongswan_docdir %{_docdir}/%{name} Version: 4.3.4 -Release: 1 +Release: 2 License: GPL v2 or later Group: Productivity/Networking/Security Summary: StrongSwan -- OpenSource IPsec-based VPN Solution @@ -38,6 +38,7 @@ Source1: http://download.strongswan.org/strongswan-%{upstream_version}.ta Source2: %{name}.init.in Source3: %{name}-%{version}-rpmlintrc Patch1: %{name}_modprobe_syslog.patch +Patch2: %{name}-4.3.4-load_secrets-lock-fix.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gmp-devel gperf pkg-config BuildRequires: libcap-devel @@ -129,6 +130,7 @@ Authors: %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 +%patch2 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init