* Tue Jun 26 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-8

- The l2tp_ppp kernel module is now in kernel-module-extra - Don't insist on openswan, some ISPS use L2TP without IPsec - Don't call grantpt(), it's not needed and triggers SElinux block (rhbz#834861)
13 years ago · 66109b0d4b
parent c73b62ee6c
commit 66109b0d4b
3 changed files with 31 additions and 3 deletions
--- a/xl2tpd-1.3.1-pty.patch
+++ b/xl2tpd-1.3.1-pty.patch
@ -0,0 +1,19 @@
+diff -aur xl2tpd-1.3.1-orig/pty.c xl2tpd-1.3.1/pty.c
+--- xl2tpd-1.3.1-orig/pty.c	2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/pty.c	2012-06-25 23:45:51.241543911 -0400
+@@ -87,6 +87,7 @@
+ 	return -EINVAL;
+     }
+ 
+#if 0 /* not needed, triggers SElinux block */
+     /* change the onwership */
+     if (grantpt(fd))
+     {
+@@ -95,6 +96,7 @@
+ 	close(fd);
+ 	return -EINVAL;
+     }
+#endif
+ 
+     if (unlockpt(fd))
+     {
--- a/xl2tpd.service
+++ b/xl2tpd.service
@ -2,7 +2,8 @@
 Description=Level 2 Tunnel Protocol Daemon (L2TP)
 After=syslog.target network.target
 After=openswan.service
-Wants=openswan.service
+# Some ISPs in Russia use l2tp without IPsec, so don't insist anymore
+#Wants=openswan.service

 [Service]
 Type=simple
--- a/xl2tpd.spec
+++ b/xl2tpd.spec
@ -1,7 +1,7 @@
 Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
 Name: xl2tpd
 Version: 1.3.1
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPL+
 Url: http://www.xelerance.com/software/xl2tpd/
 Group: System Environment/Daemons
@ -12,8 +12,9 @@ Patch1: xl2tpd-1.3.1-Wunused.patch
 Patch2: xl2tpd-bz80693.patch
 Patch3: xl2tpd-1.3.1-kernelmode.patch
 Patch4: xl2tpd-1.3.1-conf.patch
+Patch5: xl2tpd-1.3.1-pty.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: ppp >= 2.4.5-18
+Requires: ppp >= 2.4.5-18, kernel-modules-extra
 BuildRequires: libpcap-devel
 BuildRequires: systemd-units
 Requires(post): systemd-sysv
@ -52,6 +53,7 @@ It was de-facto maintained by Jacco de Leeuw <jacco2@dds.nl> in 2002 and 2003.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 rm linux/include/linux/if_pppol2tp.h 

 %build
@ -118,6 +120,12 @@ fi
 %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control

 %changelog
+* Tue Jun 26 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-8
+- The l2tp_ppp kernel module is now in kernel-module-extra
+- Don't insist on openswan, some ISPS use L2TP without IPsec
+- Don't call grantpt(), it's not needed and triggers SElinux
+  block (rhbz#834861)
+
 * Fri Jun 15 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-7
 - Moved modprobe code from daemon to initscript/systemd
  (SElinux does not allow a daemon to do this, see rhbz#832149)