[xl2tpd: 3/3] - Use relro, pie for compiling - Use openssl's MD5 function instead of private copy, so FIPS restrict
Paul Wouters
pwouters at fedoraproject.org
Mon Apr 1 20:58:27 UTC 2013
commit 6c8bb0513445f9ce36f3eb7d7b06d4b2450b238c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Apr 1 16:58:01 2013 -0400
- Use relro,pie for compiling
- Use openssl's MD5 function instead of private copy, so FIPS restrictions work
xl2tpd-1.3.1-md5-fips.patch | 453 +++++++++++++++++++++++++++++++++++++++++++
xl2tpd.spec | 9 +-
2 files changed, 460 insertions(+), 2 deletions(-)
---
diff --git a/xl2tpd-1.3.1-md5-fips.patch b/xl2tpd-1.3.1-md5-fips.patch
new file mode 100644
index 0000000..6ad39ec
--- /dev/null
+++ b/xl2tpd-1.3.1-md5-fips.patch
@@ -0,0 +1,453 @@
+diff -Naur xl2tpd-1.3.1/aaa.c xl2tpd-1.3.1-fips/aaa.c
+--- xl2tpd-1.3.1/aaa.c 2011-10-06 15:22:05.000000000 -0400
++++ xl2tpd-1.3.1-fips/aaa.c 2013-04-01 16:36:40.929098507 -0400
+@@ -21,6 +21,8 @@
+ #include <errno.h>
+ #include "l2tp.h"
+
++#include <openssl/md5.h>
++
+ extern void bufferDump (char *, int);
+
+ /* FIXME: Accounting? */
+@@ -273,11 +275,11 @@
+ #endif
+
+ memset (chal->response, 0, MD_SIG_SIZE);
+- MD5Init (&chal->md5);
+- MD5Update (&chal->md5, &chal->ss, 1);
+- MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
+- MD5Update (&chal->md5, chal->challenge, chal->chal_len);
+- MD5Final (chal->response, &chal->md5);
++ MD5_Init (&chal->md5);
++ MD5_Update (&chal->md5, &chal->ss, 1);
++ MD5_Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
++ MD5_Update (&chal->md5, chal->challenge, chal->chal_len);
++ MD5_Final (chal->response, &chal->md5);
+ #ifdef DEBUG_AUTH
+ l2tp_log (LOG_DEBUG, "response is %X%X%X%X to '%s' and %X%X%X%X, %d\n",
+ *((int *) &chal->response[0]),
+@@ -392,12 +394,12 @@
+ buf->len += length;
+ /* Back to the beginning of real data, including the original length AVP */
+
+- MD5Init (&t->chal_them.md5);
+- MD5Update (&t->chal_them.md5, (void *) &attr, 2);
+- MD5Update (&t->chal_them.md5, t->chal_them.secret,
++ MD5_Init (&t->chal_them.md5);
++ MD5_Update (&t->chal_them.md5, (void *) &attr, 2);
++ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
+ strlen ((char *)t->chal_them.secret));
+- MD5Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
+- MD5Final (digest, &t->chal_them.md5);
++ MD5_Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
++ MD5_Final (digest, &t->chal_them.md5);
+
+ /* Though not a "MUST" in the spec, our subformat length is always a multiple of 16 */
+ ptr = ((unsigned char *) new_hdr) + sizeof (struct avp_hdr);
+@@ -421,11 +423,11 @@
+ #endif
+ if (ptr < end)
+ {
+- MD5Init (&t->chal_them.md5);
+- MD5Update (&t->chal_them.md5, t->chal_them.secret,
++ MD5_Init (&t->chal_them.md5);
++ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
+ strlen ((char *)t->chal_them.secret));
+- MD5Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
+- MD5Final (digest, &t->chal_them.md5);
++ MD5_Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
++ MD5_Final (digest, &t->chal_them.md5);
+ }
+ previous_segment = ptr;
+ }
+@@ -458,12 +460,12 @@
+ that it will be padded to a 16 byte boundary, so we
+ have to be more careful than when encrypting */
+ attr = ntohs (old_hdr->attr);
+- MD5Init (&t->chal_us.md5);
+- MD5Update (&t->chal_us.md5, (void *) &attr, 2);
+- MD5Update (&t->chal_us.md5, t->chal_us.secret,
++ MD5_Init (&t->chal_us.md5);
++ MD5_Update (&t->chal_us.md5, (void *) &attr, 2);
++ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
+ strlen ((char *)t->chal_us.secret));
+- MD5Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
+- MD5Final (digest, &t->chal_us.md5);
++ MD5_Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
++ MD5_Final (digest, &t->chal_us.md5);
+ #ifdef DEBUG_HIDDEN
+ l2tp_log (LOG_DEBUG, "attribute is %d and challenge is: ", attr);
+ print_challenge (&t->chal_us);
+@@ -474,11 +476,11 @@
+ {
+ if (cnt >= MD_SIG_SIZE)
+ {
+- MD5Init (&t->chal_us.md5);
+- MD5Update (&t->chal_us.md5, t->chal_us.secret,
++ MD5_Init (&t->chal_us.md5);
++ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
+ strlen ((char *)t->chal_us.secret));
+- MD5Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
+- MD5Final (digest, &t->chal_us.md5);
++ MD5_Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
++ MD5_Final (digest, &t->chal_us.md5);
+ cnt = 0;
+ }
+ /* at the beginning of each segment, we save the current segment (16 octets or less) of cipher
+diff -Naur xl2tpd-1.3.1/aaa.h xl2tpd-1.3.1-fips/aaa.h
+--- xl2tpd-1.3.1/aaa.h 2011-10-06 15:22:05.000000000 -0400
++++ xl2tpd-1.3.1-fips/aaa.h 2013-04-01 16:46:39.532823130 -0400
+@@ -15,7 +15,7 @@
+
+ #ifndef _AAA_H
+ #define _AAA_H
+-#include "md5.h"
++#include <openssl/md5.h>
+
+ #define ADDR_HASH_SIZE 256
+ #define MD_SIG_SIZE 16
+@@ -34,7 +43,8 @@
+
+ struct challenge
+ {
+- struct MD5Context md5;
++ /* struct MD5Context md5; */
++ MD5_CTX md5;
+ unsigned char ss; /* State we're sending in */
+ unsigned char secret[MAXSTRLEN]; /* The shared secret */
+ unsigned char *challenge; /* The original challenge */
+diff -Naur xl2tpd-1.3.1/Makefile xl2tpd-1.3.1-fips/Makefile
+--- xl2tpd-1.3.1/Makefile 2013-04-01 16:40:44.576870296 -0400
++++ xl2tpd-1.3.1-fips/Makefile 2013-04-01 16:48:30.405039381 -0400
+@@ -91,8 +91,8 @@
+ IPFLAGS?= -DIP_ALLOCATION
+
+ CFLAGS+= $(DFLAGS) -O2 -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS)
+-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
+-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
++HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h
++OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o
+ SRCS=${OBJS:.o=.c} ${HDRS}
+ CONTROL_SRCS=xl2tpd-control.c
+ #LIBS= $(OSLIBS) # -lefence # efence for malloc checking
+@@ -112,7 +112,7 @@
+ rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC)
+
+ $(EXEC): $(OBJS) $(HDRS)
+- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
++ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS)
+
+ $(CONTROL_EXEC): $(CONTROL_SRCS)
+ $(CC) $(CFLAGS) -c $(CONTROL_SRCS)
+diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c
+--- xl2tpd-1.3.1/md5.c 2011-10-06 15:22:05.000000000 -0400
++++ xl2tpd-1.3.1-fips/md5.c 1969-12-31 19:00:00.000000000 -0500
+@@ -1,275 +0,0 @@
+-#ifdef FREEBSD
+-# include <machine/endian.h>
+-#elif defined(OPENBSD)
+-# define __BSD_VISIBLE 0
+-# include <machine/endian.h>
+-#elif defined(LINUX)
+-# include <endian.h>
+-#elif defined(SOLARIS)
+-# include <sys/isa_defs.h>
+-#endif
+-#if __BYTE_ORDER == __BIG_ENDIAN
+-#define HIGHFIRST 1
+-#endif
+-
+-/*
+- * This code implements the MD5 message-digest algorithm.
+- * The algorithm is due to Ron Rivest. This code was
+- * written by Colin Plumb in 1993, no copyright is claimed.
+- * This code is in the public domain; do with it what you wish.
+- *
+- * Equivalent code is available from RSA Data Security, Inc.
+- * This code has been tested against that, and is equivalent,
+- * except that you don't need to include two pages of legalese
+- * with every copy.
+- *
+- * To compute the message digest of a chunk of bytes, declare an
+- * MD5Context structure, pass it to MD5Init, call MD5Update as
+- * needed on buffers full of bytes, and then call MD5Final, which
+- * will fill a supplied 16-byte array with the digest.
+- */
+-#include <string.h> /* for memcpy() */
+-#include "md5.h"
+-
+-#ifndef HIGHFIRST
+-#define byteReverse(buf, len) /* Nothing */
+-#else
+-void byteReverse (unsigned char *buf, unsigned longs);
+-
+-#ifndef ASM_MD5
+-/*
+- * Note: this code is harmless on little-endian machines.
+- */
+-void byteReverse (unsigned char *buf, unsigned longs)
+-{
+- uint32 t;
+- do
+- {
+- t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
+- ((unsigned) buf[1] << 8 | buf[0]);
+- *(uint32 *) buf = t;
+- buf += 4;
+- }
+- while (--longs);
+-}
+-#endif
+-#endif
+-
+-/*
+- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
+- * initialization constants.
+- */
+-void MD5Init (struct MD5Context *ctx)
+-{
+- ctx->buf[0] = 0x67452301;
+- ctx->buf[1] = 0xefcdab89;
+- ctx->buf[2] = 0x98badcfe;
+- ctx->buf[3] = 0x10325476;
+-
+- ctx->bits[0] = 0;
+- ctx->bits[1] = 0;
+-}
+-
+-/*
+- * Update context to reflect the concatenation of another buffer full
+- * of bytes.
+- */
+-void MD5Update (struct MD5Context *ctx, unsigned char const *buf,
+- unsigned len)
+-{
+- uint32 t;
+-
+- /* Update bitcount */
+-
+- t = ctx->bits[0];
+- if ((ctx->bits[0] = t + ((uint32) len << 3)) < t)
+- ctx->bits[1]++; /* Carry from low to high */
+- ctx->bits[1] += len >> 29;
+-
+- t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
+-
+- /* Handle any leading odd-sized chunks */
+-
+- if (t)
+- {
+- unsigned char *p = (unsigned char *) ctx->in + t;
+-
+- t = 64 - t;
+- if (len < t)
+- {
+- memcpy (p, buf, len);
+- return;
+- }
+- memcpy (p, buf, t);
+- byteReverse (ctx->in, 16);
+- MD5Transform (ctx->buf, (uint32 *) ctx->in);
+- buf += t;
+- len -= t;
+- }
+- /* Process data in 64-byte chunks */
+-
+- while (len >= 64)
+- {
+- memcpy (ctx->in, buf, 64);
+- byteReverse (ctx->in, 16);
+- MD5Transform (ctx->buf, (uint32 *) ctx->in);
+- buf += 64;
+- len -= 64;
+- }
+-
+- /* Handle any remaining bytes of data. */
+-
+- memcpy (ctx->in, buf, len);
+-}
+-
+-/*
+- * Final wrapup - pad to 64-byte boundary with the bit pattern
+- * 1 0* (64-bit count of bits processed, MSB-first)
+- */
+-void MD5Final (unsigned char digest[16], struct MD5Context *ctx)
+-{
+- unsigned count;
+- unsigned char *p;
+-
+- /* Compute number of bytes mod 64 */
+- count = (ctx->bits[0] >> 3) & 0x3F;
+-
+- /* Set the first char of padding to 0x80. This is safe since there is
+- always at least one byte free */
+- p = ctx->in + count;
+- *p++ = 0x80;
+-
+- /* Bytes of padding needed to make 64 bytes */
+- count = 64 - 1 - count;
+-
+- /* Pad out to 56 mod 64 */
+- if (count < 8)
+- {
+- /* Two lots of padding: Pad the first block to 64 bytes */
+- memset (p, 0, count);
+- byteReverse (ctx->in, 16);
+- MD5Transform (ctx->buf, (uint32 *) ctx->in);
+-
+- /* Now fill the next block with 56 bytes */
+- memset (ctx->in, 0, 56);
+- }
+- else
+- {
+- /* Pad block to 56 bytes */
+- memset (p, 0, count - 8);
+- }
+- byteReverse (ctx->in, 14);
+-
+- /* Append length in bits and transform */
+- ((uint32 *) ctx->in)[14] = ctx->bits[0];
+- ((uint32 *) ctx->in)[15] = ctx->bits[1];
+-
+- MD5Transform (ctx->buf, (uint32 *) ctx->in);
+- byteReverse ((unsigned char *) ctx->buf, 4);
+- memcpy (digest, ctx->buf, 16);
+- memset (ctx, 0, sizeof (ctx)); /* In case it's sensitive */
+-}
+-
+-#ifndef ASM_MD5
+-
+-/* The four core functions - F1 is optimized somewhat */
+-
+-/* #define F1(x, y, z) (x & y | ~x & z) */
+-#define F1(x, y, z) (z ^ (x & (y ^ z)))
+-#define F2(x, y, z) F1(z, x, y)
+-#define F3(x, y, z) (x ^ y ^ z)
+-#define F4(x, y, z) (y ^ (x | ~z))
+-
+-/* This is the central step in the MD5 algorithm. */
+-#define MD5STEP(f, w, x, y, z, data, s) \
+- ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
+-
+-/*
+- * The core of the MD5 algorithm, this alters an existing MD5 hash to
+- * reflect the addition of 16 longwords of new data. MD5Update blocks
+- * the data and converts bytes into longwords for this routine.
+- */
+-void MD5Transform (uint32 buf[4], uint32 const in[16])
+-{
+- register uint32 a, b, c, d;
+-
+- a = buf[0];
+- b = buf[1];
+- c = buf[2];
+- d = buf[3];
+-
+- MD5STEP (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
+- MD5STEP (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
+- MD5STEP (F1, c, d, a, b, in[2] + 0x242070db, 17);
+- MD5STEP (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
+- MD5STEP (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
+- MD5STEP (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
+- MD5STEP (F1, c, d, a, b, in[6] + 0xa8304613, 17);
+- MD5STEP (F1, b, c, d, a, in[7] + 0xfd469501, 22);
+- MD5STEP (F1, a, b, c, d, in[8] + 0x698098d8, 7);
+- MD5STEP (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
+- MD5STEP (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
+- MD5STEP (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
+- MD5STEP (F1, a, b, c, d, in[12] + 0x6b901122, 7);
+- MD5STEP (F1, d, a, b, c, in[13] + 0xfd987193, 12);
+- MD5STEP (F1, c, d, a, b, in[14] + 0xa679438e, 17);
+- MD5STEP (F1, b, c, d, a, in[15] + 0x49b40821, 22);
+-
+- MD5STEP (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
+- MD5STEP (F2, d, a, b, c, in[6] + 0xc040b340, 9);
+- MD5STEP (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
+- MD5STEP (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
+- MD5STEP (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
+- MD5STEP (F2, d, a, b, c, in[10] + 0x02441453, 9);
+- MD5STEP (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
+- MD5STEP (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
+- MD5STEP (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
+- MD5STEP (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
+- MD5STEP (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
+- MD5STEP (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
+- MD5STEP (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
+- MD5STEP (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
+- MD5STEP (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
+- MD5STEP (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
+-
+- MD5STEP (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
+- MD5STEP (F3, d, a, b, c, in[8] + 0x8771f681, 11);
+- MD5STEP (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
+- MD5STEP (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
+- MD5STEP (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
+- MD5STEP (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
+- MD5STEP (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
+- MD5STEP (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
+- MD5STEP (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
+- MD5STEP (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
+- MD5STEP (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
+- MD5STEP (F3, b, c, d, a, in[6] + 0x04881d05, 23);
+- MD5STEP (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
+- MD5STEP (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
+- MD5STEP (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
+- MD5STEP (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
+-
+- MD5STEP (F4, a, b, c, d, in[0] + 0xf4292244, 6);
+- MD5STEP (F4, d, a, b, c, in[7] + 0x432aff97, 10);
+- MD5STEP (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
+- MD5STEP (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
+- MD5STEP (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
+- MD5STEP (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
+- MD5STEP (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
+- MD5STEP (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
+- MD5STEP (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
+- MD5STEP (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
+- MD5STEP (F4, c, d, a, b, in[6] + 0xa3014314, 15);
+- MD5STEP (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
+- MD5STEP (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
+- MD5STEP (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
+- MD5STEP (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
+- MD5STEP (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
+-
+- buf[0] += a;
+- buf[1] += b;
+- buf[2] += c;
+- buf[3] += d;
+-}
+-
+-#endif
+diff -Naur xl2tpd-1.3.1/md5.h xl2tpd-1.3.1-fips/md5.h
+--- xl2tpd-1.3.1/md5.h 2011-10-06 15:22:05.000000000 -0400
++++ xl2tpd-1.3.1-fips/md5.h 1969-12-31 19:00:00.000000000 -0500
+@@ -1,28 +0,0 @@
+-#ifndef MD5_H
+-#define MD5_H
+-
+-#ifdef __alpha
+-typedef unsigned int uint32;
+-#else
+-typedef unsigned long uint32;
+-#endif
+-
+-struct MD5Context
+-{
+- uint32 buf[4];
+- uint32 bits[2];
+- unsigned char in[64];
+-};
+-
+-void MD5Init (struct MD5Context *context);
+-void MD5Update (struct MD5Context *context, unsigned char const *buf,
+- unsigned len);
+-void MD5Final (unsigned char digest[16], struct MD5Context *context);
+-void MD5Transform (uint32 buf[4], uint32 const in[16]);
+-
+-/*
+- * This is needed to make RSAREF happy on some MS-DOS compilers.
+- */
+-typedef struct MD5Context MD5_CTX;
+-
+-#endif /* !MD5_H */
diff --git a/xl2tpd.spec b/xl2tpd.spec
index 6023f6a..94a84b0 100644
--- a/xl2tpd.spec
+++ b/xl2tpd.spec
@@ -5,7 +5,7 @@
Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
Name: xl2tpd
Version: 1.3.1
-Release: 12%{?dist}
+Release: 13%{?dist}
License: GPL+
Url: https://github.com/xelerance/xl2tpd
Group: System Environment/Daemons
@@ -21,12 +21,14 @@ Patch4: xl2tpd-1.3.1-conf.patch
Patch5: xl2tpd-1.3.1-pty.patch
Patch6: xl2tpd-1.3.1-ipparam-to-remotenumber.patch
Patch7: xl2tpd-1.3.1-Makefile
+Patch8: xl2tpd-1.3.1-md5-fips.patch
Requires: ppp >= 2.4.5-18, kernel-modules-extra
# If you want to authenticate against a Microsoft PDC/Active Directory
# Requires: samba-winbind
BuildRequires: libpcap-devel
BuildRequires: systemd-units
+BuildRequires: openssl-devel
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
@@ -67,6 +69,7 @@ It was de-facto maintained by Jacco de Leeuw <jacco2 at dds.nl> in 2002 and 2003.
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
rm linux/include/linux/if_pppol2tp.h
@@ -126,9 +129,11 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
%ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control
%changelog
-* Mon Apr 01 2013 Paul Wouters <pwouters at redhat.com> - 1.3.1-12
+* Mon Apr 01 2013 Paul Wouters <pwouters at redhat.com> - 1.3.1-13
- rhbz#929447 - Fix ipparam so ipv6-up does not fail (Michal Bruncko)
- rhbz#850372 - Introduce new systemd-rpm macros in xl2tpd spec file
+- Use relro,pie for compiling
+- Use openssl's MD5 function instead of private copy, so FIPS restrictions work
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
More information about the scm-commits
mailing list