diff --git a/ocserv-0.11.4-getrandom.patch b/ocserv-0.11.4-getrandom.patch new file mode 100644 index 0000000..ffe15ea --- /dev/null +++ b/ocserv-0.11.4-getrandom.patch @@ -0,0 +1,24 @@ +From cc1dbf1c246375c175b4392e3c6ca2139b0c355a Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Wed, 14 Sep 2016 10:20:41 +0200 +Subject: [PATCH] seccomp: added getrandom() to the accepted list of calls + +--- + src/worker-privs.c | 1 + + 1 file changed, 1 insertion(+), 0 deletions(-) + +diff --git a/src/worker-privs.c b/src/worker-privs.c +index 1557c59..33dc46c 100644 +--- a/src/worker-privs.c ++++ b/src/worker-privs.c +@@ -61,6 +61,7 @@ int disable_system_calls(struct worker_st *ws) + ADD_SYSCALL(alarm, 0); + ADD_SYSCALL(getpid, 0); + ADD_SYSCALL(brk, 0); ++ ADD_SYSCALL(getrandom, 0); /* used by gnutls 3.5.x */ + + ADD_SYSCALL(recvmsg, 0); + ADD_SYSCALL(sendmsg, 0); +-- +libgit2 0.24.0 + diff --git a/ocserv.spec b/ocserv.spec index 7b89dbe..8bf3700 100644 --- a/ocserv.spec +++ b/ocserv.spec @@ -2,7 +2,7 @@ Name: ocserv Version: 0.11.4 -Release: 2%{?dist} +Release: 3%{?dist} Summary: OpenConnect SSL VPN server # For a breakdown of the licensing, see PACKAGE-LICENSING @@ -19,6 +19,7 @@ Source6: PACKAGE-LICENSING Source8: ocserv-genkey Source9: ocserv-script Source10: gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg +Patch0: ocserv-0.11.4-getrandom.patch # Taken from upstream: # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09 @@ -78,6 +79,8 @@ to provide the secure VPN service. gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} || gpgv2 --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0} %setup -q +%patch0 -p1 -b .getrandom + rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h rm -rf src/protobuf/protobuf-c/ rm -rf src/ccan/talloc @@ -162,6 +165,9 @@ rm -rf %{buildroot} %{_localstatedir}/lib/ocserv/profile.xml %changelog +* Wed Sep 14 2016 Nikos Mavrogiannopoulos - 0.11.4-3 +- Added getrandom to the list of allowed syscalls (#1375851) + * Thu Sep 8 2016 Nikos Mavrogiannopoulos - 0.11.4-2 - Rebuild to address http-parser breakage (#1374081)