- Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set

xl2tpd-1.3.6-saref.patch

@@ -0,0 +1,36 @@
+diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c
+--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c	2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c	2014-06-14 12:34:06.422355636 -0400
+@@ -42,6 +42,8 @@
+ 
+     gconfig.port = UDP_LISTEN_PORT;
+     gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */
++    gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */
++    gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */
+     gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */
+     gconfig.debug_avp = 0;
+     gconfig.debug_network = 0;
+diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c
+--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c	2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c	2014-06-14 12:37:06.953574143 -0400
+@@ -78,6 +78,12 @@
+      * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO
+      * values.
+      */
++    if (!gconfig.ipsecsaref)
++    {
++        l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n");
++    }
++    else
++    { 
+     arg=1;
+     if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum,
+ 		  &arg, sizeof(arg)) != 0) {
+@@ -85,6 +91,7 @@
+ 
+ 	    gconfig.ipsecsaref=0;
+     }
++    }
+     
+     arg=1;
+     if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) {

xl2tpd.spec

@@ -3,7 +3,7 @@
 Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
 Name: xl2tpd
 Version: 1.3.6
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL+
 Url: https://github.com/xelerance/%{name}/
 Group: System Environment/Daemons
@@ -12,6 +12,7 @@ Source1: xl2tpd.service
 Source2: tmpfiles-xl2tpd.conf
 Patch1: xl2tpd-1.3.6-conf.patch
 Patch2: xl2tpd-1.3.6-md5-fips.patch
+Patch3: xl2tpd-1.3.6-saref.patch
 
 Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko)
 # If you want to authenticate against a Microsoft PDC/Active Directory
@@ -52,6 +53,7 @@ It was de-facto maintained by Jacco de Leeuw <jacco2@dds.nl> in 2002 and 2003.
 %setup -qn %{name}-%{commit}
 %patch1 -p1 
 %patch2 -p1
+%patch3 -p1
 
 %build
 #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH"
@@ -109,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
 %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control
 
 %changelog
+* Sat Jun 14 2014 Paul Wouters <pwouters@redhat.com> - 1.3.6-4
+- Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set
+
 * Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild