OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=5

2008-07-11 20:15:59 +00:00 · 2008-07-11 20:15:59 +00:00 · 288f1b2851
commit 288f1b2851
parent 0bd5d2a61e
3 changed files with 44 additions and 1 deletions
--- a/strongswan.changes
+++ b/strongswan.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jun 30 22:40:31 CEST 2008 - mt@suse.de
+
+- Added fix that explicitly enables version 1 linux capabilities
+  on version 2 systems to aviod that the charon and pluto daemons
+  exit because of failed capset call (bnc#404989).
+
 -------------------------------------------------------------------
 Mon May 19 16:17:16 CEST 2008 - mt@suse.de

--- a/strongswan.spec
+++ b/strongswan.spec
@ -15,7 +15,7 @@ Name:           strongswan
 %define         upstream_version 4.2.1
 %define         strongswan_docdir %{_docdir}/%{name}
 Version:        4.2.1
-Release:        8
+Release:        16
 License:        GPL v2 or later
 Group:          Productivity/Networking/Security
 Summary:        StrongSwan -- OpenSource IPsec-based VPN Solution
@ -33,6 +33,7 @@ Source3:        %{name}-%{version}-rpmlintrc
 Patch1:         %{name}_modprobe_syslog.dif
 Patch2:         %{name}-%{upstream_version}.dif
 Patch3:         %{name}_crash_badcfg_reload.dif
+Patch4:         %{name}_old-caps-version.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison flex gmp-devel gperf pkg-config
 %if 0%{?suse_version} >= 1030
@ -130,6 +131,7 @@ Authors:
 %patch1 -p0
 %patch2 -p0
 %patch3 -p0
+%patch4 -p2
 sed -e 's|@libexecdir@|%_libexecdir|g'    \
     < $RPM_SOURCE_DIR/strongswan.init.in \
     > strongswan.init
@ -260,6 +262,10 @@ fi
 %{_mandir}/man8/starter.8*

 %changelog
+* Tue Jul 01 2008 mt@suse.de
+- Added fix that explicitly enables version 1 linux capabilities
+  on version 2 systems to aviod that the charon and pluto daemons
+  exit because of failed capset call (bnc#404989).
 * Mon May 19 2008 mt@suse.de
 - Applied fix (strongswan_crash_badcfg_reload.dif) to avoid
  a crash after reloading with bad config (bnc#392062).
--- a/strongswan_old-caps-version.diff
+++ b/strongswan_old-caps-version.diff
@ -0,0 +1,30 @@
+Index: /trunk/src/charon/daemon.c
+===================================================================
+--- /trunk/src/charon/daemon.c (revision 3825)
+++ /trunk/src/charon/daemon.c (revision 3908)
+@@ -267,5 +267,11 @@
+ 	}
+ 
+	/* we use the old capset version for now. For systems with version 2
+	 * available, we specifiy version 1 excplicitly. */
+#ifdef _LINUX_CAPABILITY_VERSION_1
+	hdr.version = _LINUX_CAPABILITY_VERSION_1;
+#else
+ 	hdr.version = _LINUX_CAPABILITY_VERSION;
+#endif
+ 	hdr.pid = 0;
+ 	data.inheritable = data.effective = data.permitted = keep;
+Index: /trunk/src/pluto/plutomain.c
+===================================================================
+--- /trunk/src/pluto/plutomain.c (revision 3253)
+++ /trunk/src/pluto/plutomain.c (revision 3914)
+@@ -618,5 +620,9 @@
+ 
+     /* drop unneeded capabilities and change UID/GID */
+#ifdef _LINUX_CAPABILITY_VERSION_1
+    hdr.version = _LINUX_CAPABILITY_VERSION_1;
+#else
+     hdr.version = _LINUX_CAPABILITY_VERSION;
+#endif
+     hdr.pid = 0;
+     data.inheritable = data.effective = data.permitted =