diff --git a/strongswan.changes b/strongswan.changes index aa65fac..82f439f 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jun 30 22:40:31 CEST 2008 - mt@suse.de + +- Added fix that explicitly enables version 1 linux capabilities + on version 2 systems to aviod that the charon and pluto daemons + exit because of failed capset call (bnc#404989). + ------------------------------------------------------------------- Mon May 19 16:17:16 CEST 2008 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index 5d24569..7a69cd6 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -15,7 +15,7 @@ Name: strongswan %define upstream_version 4.2.1 %define strongswan_docdir %{_docdir}/%{name} Version: 4.2.1 -Release: 8 +Release: 16 License: GPL v2 or later Group: Productivity/Networking/Security Summary: StrongSwan -- OpenSource IPsec-based VPN Solution @@ -33,6 +33,7 @@ Source3: %{name}-%{version}-rpmlintrc Patch1: %{name}_modprobe_syslog.dif Patch2: %{name}-%{upstream_version}.dif Patch3: %{name}_crash_badcfg_reload.dif +Patch4: %{name}_old-caps-version.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gmp-devel gperf pkg-config %if 0%{?suse_version} >= 1030 @@ -130,6 +131,7 @@ Authors: %patch1 -p0 %patch2 -p0 %patch3 -p0 +%patch4 -p2 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -260,6 +262,10 @@ fi %{_mandir}/man8/starter.8* %changelog +* Tue Jul 01 2008 mt@suse.de +- Added fix that explicitly enables version 1 linux capabilities + on version 2 systems to aviod that the charon and pluto daemons + exit because of failed capset call (bnc#404989). * Mon May 19 2008 mt@suse.de - Applied fix (strongswan_crash_badcfg_reload.dif) to avoid a crash after reloading with bad config (bnc#392062). diff --git a/strongswan_old-caps-version.diff b/strongswan_old-caps-version.diff new file mode 100644 index 0000000..1cb2b3d --- /dev/null +++ b/strongswan_old-caps-version.diff @@ -0,0 +1,30 @@ +Index: /trunk/src/charon/daemon.c +=================================================================== +--- /trunk/src/charon/daemon.c (revision 3825) ++++ /trunk/src/charon/daemon.c (revision 3908) +@@ -267,5 +267,11 @@ + } + ++ /* we use the old capset version for now. For systems with version 2 ++ * available, we specifiy version 1 excplicitly. */ ++#ifdef _LINUX_CAPABILITY_VERSION_1 ++ hdr.version = _LINUX_CAPABILITY_VERSION_1; ++#else + hdr.version = _LINUX_CAPABILITY_VERSION; ++#endif + hdr.pid = 0; + data.inheritable = data.effective = data.permitted = keep; +Index: /trunk/src/pluto/plutomain.c +=================================================================== +--- /trunk/src/pluto/plutomain.c (revision 3253) ++++ /trunk/src/pluto/plutomain.c (revision 3914) +@@ -618,5 +620,9 @@ + + /* drop unneeded capabilities and change UID/GID */ ++#ifdef _LINUX_CAPABILITY_VERSION_1 ++ hdr.version = _LINUX_CAPABILITY_VERSION_1; ++#else + hdr.version = _LINUX_CAPABILITY_VERSION; ++#endif + hdr.pid = 0; + data.inheritable = data.effective = data.permitted =