[xl2tpd] * Tue Jun 26 2012 Paul Wouters <pwouters at redhat.com> - 1.3.1-8 - The l2tp_ppp kernel module is now i

Paul Wouters pwouters at fedoraproject.org
Tue Jun 26 03:49:50 UTC 2012 

commit 66109b0d4b63335bf566fb19a137c1af3feacab0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jun 25 23:49:17 2012 -0400

    * Tue Jun 26 2012 Paul Wouters <pwouters at redhat.com> - 1.3.1-8
    - The l2tp_ppp kernel module is now in kernel-module-extra
    - Don't insist on openswan, some ISPS use L2TP without IPsec
    - Don't call grantpt(), it's not needed and triggers SElinux
      block (rhbz#834861)

 xl2tpd-1.3.1-pty.patch |   19 +++++++++++++++++++
 xl2tpd.service         |    3 ++-
 xl2tpd.spec            |   12 ++++++++++--
 3 files changed, 31 insertions(+), 3 deletions(-)
---
diff --git a/xl2tpd-1.3.1-pty.patch b/xl2tpd-1.3.1-pty.patch
new file mode 100644
index 0000000..2679873
--- /dev/null
+++ b/xl2tpd-1.3.1-pty.patch
@@ -0,0 +1,19 @@
+diff -aur xl2tpd-1.3.1-orig/pty.c xl2tpd-1.3.1/pty.c
+--- xl2tpd-1.3.1-orig/pty.c	2011-10-06 15:22:05.000000000 -0400
++++ xl2tpd-1.3.1/pty.c	2012-06-25 23:45:51.241543911 -0400
+@@ -87,6 +87,7 @@
+ 	return -EINVAL;
+     }
+ 
++#if 0 /* not needed, triggers SElinux block */
+     /* change the onwership */
+     if (grantpt(fd))
+     {
+@@ -95,6 +96,7 @@
+ 	close(fd);
+ 	return -EINVAL;
+     }
++#endif
+ 
+     if (unlockpt(fd))
+     {
diff --git a/xl2tpd.service b/xl2tpd.service
index d222874..247a2ce 100644
--- a/xl2tpd.service
+++ b/xl2tpd.service
@@ -2,7 +2,8 @@
 Description=Level 2 Tunnel Protocol Daemon (L2TP)
 After=syslog.target network.target
 After=openswan.service
-Wants=openswan.service
+# Some ISPs in Russia use l2tp without IPsec, so don't insist anymore
+#Wants=openswan.service
 
 [Service]
 Type=simple
diff --git a/xl2tpd.spec b/xl2tpd.spec
index 60672d9..aa13150 100644
--- a/xl2tpd.spec
+++ b/xl2tpd.spec
@@ -1,7 +1,7 @@
 Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
 Name: xl2tpd
 Version: 1.3.1
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPL+
 Url: http://www.xelerance.com/software/xl2tpd/
 Group: System Environment/Daemons
@@ -12,8 +12,9 @@ Patch1: xl2tpd-1.3.1-Wunused.patch
 Patch2: xl2tpd-bz80693.patch
 Patch3: xl2tpd-1.3.1-kernelmode.patch
 Patch4: xl2tpd-1.3.1-conf.patch
+Patch5: xl2tpd-1.3.1-pty.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: ppp >= 2.4.5-18
+Requires: ppp >= 2.4.5-18, kernel-modules-extra
 BuildRequires: libpcap-devel
 BuildRequires: systemd-units
 Requires(post): systemd-sysv
@@ -52,6 +53,7 @@ It was de-facto maintained by Jacco de Leeuw <jacco2 at dds.nl> in 2002 and 2003.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 rm linux/include/linux/if_pppol2tp.h 
 
 %build
@@ -118,6 +120,12 @@ fi
 %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control
 
 %changelog
+* Tue Jun 26 2012 Paul Wouters <pwouters at redhat.com> - 1.3.1-8
+- The l2tp_ppp kernel module is now in kernel-module-extra
+- Don't insist on openswan, some ISPS use L2TP without IPsec
+- Don't call grantpt(), it's not needed and triggers SElinux
+  block (rhbz#834861)
+
 * Fri Jun 15 2012 Paul Wouters <pwouters at redhat.com> - 1.3.1-7
 - Moved modprobe code from daemon to initscript/systemd
   (SElinux does not allow a daemon to do this, see rhbz#832149)

More information about the scm-commits mailing list