diff --git a/xl2tpd-1.3.1-pty.patch b/xl2tpd-1.3.1-pty.patch new file mode 100644 index 0000000..2679873 --- /dev/null +++ b/xl2tpd-1.3.1-pty.patch @@ -0,0 +1,19 @@ +diff -aur xl2tpd-1.3.1-orig/pty.c xl2tpd-1.3.1/pty.c +--- xl2tpd-1.3.1-orig/pty.c 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/pty.c 2012-06-25 23:45:51.241543911 -0400 +@@ -87,6 +87,7 @@ + return -EINVAL; + } + ++#if 0 /* not needed, triggers SElinux block */ + /* change the onwership */ + if (grantpt(fd)) + { +@@ -95,6 +96,7 @@ + close(fd); + return -EINVAL; + } ++#endif + + if (unlockpt(fd)) + { diff --git a/xl2tpd.service b/xl2tpd.service index d222874..247a2ce 100644 --- a/xl2tpd.service +++ b/xl2tpd.service @@ -2,7 +2,8 @@ Description=Level 2 Tunnel Protocol Daemon (L2TP) After=syslog.target network.target After=openswan.service -Wants=openswan.service +# Some ISPs in Russia use l2tp without IPsec, so don't insist anymore +#Wants=openswan.service [Service] Type=simple diff --git a/xl2tpd.spec b/xl2tpd.spec index 60672d9..aa13150 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -12,8 +12,9 @@ Patch1: xl2tpd-1.3.1-Wunused.patch Patch2: xl2tpd-bz80693.patch Patch3: xl2tpd-1.3.1-kernelmode.patch Patch4: xl2tpd-1.3.1-conf.patch +Patch5: xl2tpd-1.3.1-pty.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: ppp >= 2.4.5-18 +Requires: ppp >= 2.4.5-18, kernel-modules-extra BuildRequires: libpcap-devel BuildRequires: systemd-units Requires(post): systemd-sysv @@ -52,6 +53,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 rm linux/include/linux/if_pppol2tp.h %build @@ -118,6 +120,12 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Tue Jun 26 2012 Paul Wouters - 1.3.1-8 +- The l2tp_ppp kernel module is now in kernel-module-extra +- Don't insist on openswan, some ISPS use L2TP without IPsec +- Don't call grantpt(), it's not needed and triggers SElinux + block (rhbz#834861) + * Fri Jun 15 2012 Paul Wouters - 1.3.1-7 - Moved modprobe code from daemon to initscript/systemd (SElinux does not allow a daemon to do this, see rhbz#832149)