SHA256
1
0
forked from pool/strongswan

Accepting request 133236 from network:vpn

charon keying daemon start failure with openssl (bnc#779038)

OBS-URL: https://build.opensuse.org/request/show/133236
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=45
This commit is contained in:
Stephan Kulow 2012-09-11 07:20:14 +00:00 committed by Git OBS Bridge
commit b5cb816081
3 changed files with 43 additions and 0 deletions

View File

@ -0,0 +1,30 @@
From 901dbc1077f6c9bd29369cad848bc79a29c1a65b Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Sat, 30 Jun 2012 10:05:41 +0200
Subject: [PATCH] openssl: Ensure the thread ID is never zero
This might otherwise cause problems because OpenSSL tries to lock
mutexes recursively if it assumes the lock is held by a different
thread e.g. during FIPS initialization.
---
src/libstrongswan/plugins/openssl/openssl_plugin.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 5a11412..7daa92b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -129,7 +129,9 @@ static void destroy_function(struct CRYPTO_dynlock_value *lock,
*/
static unsigned long id_function(void)
{
- return (unsigned long)thread_current_id();
+ /* ensure the thread ID is never zero, otherwise OpenSSL might try to
+ * acquire locks recursively */
+ return 1 + (unsigned long)thread_current_id();
}
/**
--
1.7.7

View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Fri Sep 7 08:36:57 UTC 2012 - mt@suse.de
- Applied upstream patch adjusting an internal thread id causing
charon keying daemon start failure (bnc#779038,strongswan#198):
openssl: Ensure the thread ID is never zero
This might otherwise cause problems because OpenSSL tries to
lock mutexes recursively if it assumes the lock is held by a
different thread e.g. during FIPS initialization.
See http://wiki.strongswan.org/issues/198 for more informations.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 31 16:08:43 UTC 2012 - mt@suse.com Thu May 31 16:08:43 UTC 2012 - mt@suse.com

View File

@ -42,6 +42,7 @@ Source3: %{name}-%{version}-rpmlintrc
Source4: README.SUSE Source4: README.SUSE
Patch1: %{name}_modprobe_syslog.patch Patch1: %{name}_modprobe_syslog.patch
Patch2: %{name}-%{version}-fmt-warnings.patch Patch2: %{name}-%{version}-fmt-warnings.patch
Patch3: 0001-openssl-Ensure-the-thread-ID-is-never-zero.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison BuildRequires: bison
BuildRequires: curl-devel BuildRequires: curl-devel
@ -249,6 +250,7 @@ and the load testing plugin for IKEv2 daemon.
%setup -q -n %{name}-%{upstream_version} %setup -q -n %{name}-%{upstream_version}
%patch1 -p0 %patch1 -p0
%patch2 -p0 %patch2 -p0
%patch3 -p1
sed -e 's|@libexecdir@|%_libexecdir|g' \ sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \ < $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init > strongswan.init