Author: jajcus Date: Sat Nov 26 20:07:10 2011 GMT Module: packages Tag: HEAD ---- Log message: - openl2tp-setkey.patch: proper path to the setkey utility - openl2tp-setkey.patch: insecure temporary file moved from /tmp to /var/run/openl2tp
---- Files affected: packages/openl2tp: openl2tp.spec (1.2 -> 1.3) , openl2tp-setkey.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/openl2tp/openl2tp.spec diff -u packages/openl2tp/openl2tp.spec:1.2 packages/openl2tp/openl2tp.spec:1.3 --- packages/openl2tp/openl2tp.spec:1.2 Sat Nov 26 13:46:18 2011 +++ packages/openl2tp/openl2tp.spec Sat Nov 26 21:07:05 2011 @@ -3,7 +3,7 @@ Summary: An L2TP client/server, designed for VPN use Name: openl2tp Version: 1.8 -Release: 1 +Release: 2 License: GPL Group: Networking/Daemons Source0: http://dl.sourceforge.net//openl2tp/%{name}-%{version}.tar.gz @@ -11,6 +11,7 @@ Source1: %{name}d.init Source2: %{name}d.sysconfig Patch0: %{name}-no_Werror.patch +Patch1: %{name}-setkey.patch URL: http://www.openl2tp.org/ BuildRequires: bison BuildRequires: flex @@ -53,13 +54,14 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %{__make} CFLAGS.optimize="%{rpmcflags}" %install rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,/etc/sysconfig} +install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,/etc/sysconfig,/var/run/%{name}} %{__make} install DESTDIR=$RPM_BUILD_ROOT @@ -88,6 +90,7 @@ %attr(754,root,root) /etc/rc.d/init.d/openl2tpd %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/openl2tpd %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/openl2tpd.conf +%dir /var/run/%{name} %files devel %defattr(644,root,root,755) @@ -102,6 +105,10 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.3 2011/11/26 20:07:05 jajcus +- openl2tp-setkey.patch: proper path to the setkey utility +- openl2tp-setkey.patch: insecure temporary file moved from /tmp to /var/run/openl2tp + Revision 1.2 2011/11/26 12:46:18 jajcus - source URL fixed ================================================================ Index: packages/openl2tp/openl2tp-setkey.patch diff -u /dev/null packages/openl2tp/openl2tp-setkey.patch:1.1 --- /dev/null Sat Nov 26 21:07:10 2011 +++ packages/openl2tp/openl2tp-setkey.patch Sat Nov 26 21:07:05 2011 @@ -0,0 +1,14 @@ +--- openl2tp-1.8/plugins/ipsec.c.orig 2010-01-18 10:00:08.000000000 +0100 ++++ openl2tp-1.8/plugins/ipsec.c 2011-11-26 17:34:54.000000000 +0100 +@@ -31,8 +31,9 @@ + #include "usl.h" + #include "l2tp_private.h" + +-#define IPSEC_SETKEY_CMD "/sbin/setkey" +-#define IPSEC_SETKEY_FILE "/tmp/openl2tpd-tmp" ++#define IPSEC_SETKEY_CMD "/usr/sbin/setkey" ++// not in /tmp to prevent symlink attack ++#define IPSEC_SETKEY_FILE "/var/run/openl2tp/setkey-tmp" + #define IPSEC_SETKEY_ACTION IPSEC_SETKEY_CMD " -f " IPSEC_SETKEY_FILE + + /* We keep a list of every SPD entry that we install */ ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openl2tp/openl2tp.spec?r1=1.2&r2=1.3&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
