packages: openl2tp/openl2tp.spec, openl2tp/openl2tp-setkey.patch (NEW) - op...
jajcus
jajcus at pld-linux.org
Sat Nov 26 21:07:10 CET 2011
Author: jajcus Date: Sat Nov 26 20:07:10 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- openl2tp-setkey.patch: proper path to the setkey utility
- openl2tp-setkey.patch: insecure temporary file moved from /tmp to /var/run/openl2tp
---- Files affected:
packages/openl2tp:
openl2tp.spec (1.2 -> 1.3) , openl2tp-setkey.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/openl2tp/openl2tp.spec
diff -u packages/openl2tp/openl2tp.spec:1.2 packages/openl2tp/openl2tp.spec:1.3
--- packages/openl2tp/openl2tp.spec:1.2 Sat Nov 26 13:46:18 2011
+++ packages/openl2tp/openl2tp.spec Sat Nov 26 21:07:05 2011
@@ -3,7 +3,7 @@
Summary: An L2TP client/server, designed for VPN use
Name: openl2tp
Version: 1.8
-Release: 1
+Release: 2
License: GPL
Group: Networking/Daemons
Source0: http://dl.sourceforge.net//openl2tp/%{name}-%{version}.tar.gz
@@ -11,6 +11,7 @@
Source1: %{name}d.init
Source2: %{name}d.sysconfig
Patch0: %{name}-no_Werror.patch
+Patch1: %{name}-setkey.patch
URL: http://www.openl2tp.org/
BuildRequires: bison
BuildRequires: flex
@@ -53,13 +54,14 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
%{__make} CFLAGS.optimize="%{rpmcflags}"
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,/etc/sysconfig}
+install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,/etc/sysconfig,/var/run/%{name}}
%{__make} install DESTDIR=$RPM_BUILD_ROOT
@@ -88,6 +90,7 @@
%attr(754,root,root) /etc/rc.d/init.d/openl2tpd
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/openl2tpd
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/openl2tpd.conf
+%dir /var/run/%{name}
%files devel
%defattr(644,root,root,755)
@@ -102,6 +105,10 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.3 2011/11/26 20:07:05 jajcus
+- openl2tp-setkey.patch: proper path to the setkey utility
+- openl2tp-setkey.patch: insecure temporary file moved from /tmp to /var/run/openl2tp
+
Revision 1.2 2011/11/26 12:46:18 jajcus
- source URL fixed
================================================================
Index: packages/openl2tp/openl2tp-setkey.patch
diff -u /dev/null packages/openl2tp/openl2tp-setkey.patch:1.1
--- /dev/null Sat Nov 26 21:07:10 2011
+++ packages/openl2tp/openl2tp-setkey.patch Sat Nov 26 21:07:05 2011
@@ -0,0 +1,14 @@
+--- openl2tp-1.8/plugins/ipsec.c.orig 2010-01-18 10:00:08.000000000 +0100
++++ openl2tp-1.8/plugins/ipsec.c 2011-11-26 17:34:54.000000000 +0100
+@@ -31,8 +31,9 @@
+ #include "usl.h"
+ #include "l2tp_private.h"
+
+-#define IPSEC_SETKEY_CMD "/sbin/setkey"
+-#define IPSEC_SETKEY_FILE "/tmp/openl2tpd-tmp"
++#define IPSEC_SETKEY_CMD "/usr/sbin/setkey"
++// not in /tmp to prevent symlink attack
++#define IPSEC_SETKEY_FILE "/var/run/openl2tp/setkey-tmp"
+ #define IPSEC_SETKEY_ACTION IPSEC_SETKEY_CMD " -f " IPSEC_SETKEY_FILE
+
+ /* We keep a list of every SPD entry that we install */
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openl2tp/openl2tp.spec?r1=1.2&r2=1.3&f=u
More information about the pld-cvs-commit
mailing list