diff options
author | Timo Teräs <timo.teras@iki.fi> | 2015-07-29 11:05:00 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2015-07-29 11:05:37 +0300 |
commit | 15f7703cfe4b0900545a8b2799889c23d5fd0dda (patch) | |
tree | 3704a110ed932fe948d30ab00a096fb8612ebe3a /main/strongswan | |
parent | 5b531d3487868051128f1edbc51c4141aa44e945 (diff) | |
download | aports-15f7703cfe4b0900545a8b2799889c23d5fd0dda.tar.bz2 aports-15f7703cfe4b0900545a8b2799889c23d5fd0dda.tar.xz |
main/strongswan: cherry-pick fix from upstream
Diffstat (limited to 'main/strongswan')
-rw-r--r-- | main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch | 30 | ||||
-rw-r--r-- | main/strongswan/APKBUILD | 6 |
2 files changed, 35 insertions, 1 deletions
diff --git a/main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch b/main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch new file mode 100644 index 0000000000..7f6e176624 --- /dev/null +++ b/main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch @@ -0,0 +1,30 @@ +From 78bab0b68254accb48f08c5110a904a0dedabc60 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Tue, 28 Jul 2015 15:10:17 +0200 +Subject: [PATCH] child-create: Fix crash when retrying CHILD_SA rekeying due + to a DH group mismatch + +If the responder declines our KE payload during a CHILD_SA rekeying migrate() +is called to reuse the child-create task. But the child-rekey task then +calls the same method again. + +Fixes: 32df0d81fb46 ("child-create: Destroy nonceg in migrate()") +--- + src/libcharon/sa/ikev2/tasks/child_create.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c +index e0f930c..ee5086f 100644 +--- a/src/libcharon/sa/ikev2/tasks/child_create.c ++++ b/src/libcharon/sa/ikev2/tasks/child_create.c +@@ -1596,6 +1596,7 @@ METHOD(task_t, migrate, void, + this->tsi = NULL; + this->tsr = NULL; + this->dh = NULL; ++ this->nonceg = NULL; + this->child_sa = NULL; + this->mode = MODE_TUNNEL; + this->ipcomp = IPCOMP_NONE; +-- +2.5.0 + diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index 4192088aa3..8992b7d431 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -3,7 +3,7 @@ pkgname=strongswan pkgver=5.3.2 _pkgver=${pkgver//_rc/rc} -pkgrel=7 +pkgrel=8 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="http://www.strongswan.org/" arch="all" @@ -42,6 +42,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch 0401-printf-hook-builtin-Fix-invalid-memory-access.patch + 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1002-vici-send-certificates-for-ike-sa-events.patch 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch @@ -156,6 +157,7 @@ d57e117d13da147910e2ae09219d2492 0203-vici-Add-get_bool-convenience-getter-for- c46165934687326a26ec9153a34e2227 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch 9b607cf38cff83547368d82fa34d716f 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch c7c0338de6dc4993cb8cb71238fd13dc 0401-printf-hook-builtin-Fix-invalid-memory-access.patch +2d191d850683a6ed34f171ed64b643f0 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch 06607758b690f2db961d84e26ee7d6ea 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1aae491acf4739d871a64cd4481551f6 1002-vici-send-certificates-for-ike-sa-events.patch b0f2d10bc3dc89f3bba28fead6687311 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch @@ -190,6 +192,7 @@ f81bb1934c67263e0fcb75ffa449f7d663a17ffacc4d76d233acaed54e13b10d 0202-controlle 6ee2826d8f2acf4010886b9990c4fe1f1be99e869144f3dd3705e38184300ca1 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch d5e0fa9012e5d4f35b5fe903fe555019c639000f75cd269acd73126f2105149b 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch 74a12c42d63d6e9e920afc976b287144118c79740743beec769e5a9f239acac6 0401-printf-hook-builtin-Fix-invalid-memory-access.patch +6eec00bdb7778a51d04157ec640394959d599f3b8cef6bad0d875658cace99ea 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch d2f05dc1d3e921358ca2ba8c7c68cbfa3eca3fdc108fd2b89311d8b25ff6f4bc 1001-charon-add-optional-source-and-remote-overrides-for-.patch b2a6f23ede01b2d24ff973dc6c1466dc5600df259eb35d3ea6efa9a4e322ae34 1002-vici-send-certificates-for-ike-sa-events.patch c0b39aaaf97f3797ef327a465e1468aa166044875b194e899999dc7c0723fc4c 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch @@ -224,6 +227,7 @@ b81fed84f361862c618fdfd9b2993dac3bcb4b298d806523ee9c8f47b1f5b0b679426eaeed8bc88a 6b01e9810566e4f928fa72f01b5fa6cdbddaf1045433cb5b73b5a3d1cd73260ff195709e4d46384c2aa6540e4e62ad9021d9cad19b2061bc0153581e74cf2d0e 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch 8788fb376eaf57d9f277cac785db08578de3992e2484e7ab21ec044bc91000565ecb2adae4d2632f43ca6ed76519fd4422d86a3ba07a499594fbd7a61298458c 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch 86f244b3d8b35e8b9e25692554b7e8711bc663843e316e8895b340b3bd567c38543d24367250c93910b5d9462a2901bfc7717b5e3824f4682b4c736d33450834 0401-printf-hook-builtin-Fix-invalid-memory-access.patch +f0dfb8aee6fd456d5d330d9a1212842ecd7f88b9b76bb1667dacdbbb2c38369fa089df6ce13c6363735012f653df91b4bbb082a970a11ec63e6a2d14ca2b0ec2 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch 2522571163b1d6de0aae2e2c1c2db69c52c3ff76e27a383e8a01e0933a0c0a06212168b1356308d6fd548aa7416d88ecd2bcfc79d3391ff17e6c799e83c5f88d 1001-charon-add-optional-source-and-remote-overrides-for-.patch ccf60c52d75b3f2eff719fbac1403eb141029651fccf2a1927ec4dffc0ccdc49c061a4971c38a0f37a32b2a53aa79422e17f3f993c48ebbcd07840a867c15881 1002-vici-send-certificates-for-ike-sa-events.patch 1ea845551c7da2a7817e34508b0da3f3f0bba879f3b95d08c8db0a6b32adaf50363556daa6ee2e0f11c1ee6c41077d39ba54dbd40e457a02a991add19fe115ef 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch |