aboutsummaryrefslogtreecommitdiffstats
path: root/main/strongswan
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2015-07-29 11:05:00 +0300
committerTimo Teräs <timo.teras@iki.fi>2015-07-29 11:05:37 +0300
commit15f7703cfe4b0900545a8b2799889c23d5fd0dda (patch)
tree3704a110ed932fe948d30ab00a096fb8612ebe3a /main/strongswan
parent5b531d3487868051128f1edbc51c4141aa44e945 (diff)
downloadaports-15f7703cfe4b0900545a8b2799889c23d5fd0dda.tar.bz2
aports-15f7703cfe4b0900545a8b2799889c23d5fd0dda.tar.xz
main/strongswan: cherry-pick fix from upstream
Diffstat (limited to 'main/strongswan')
-rw-r--r--main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch30
-rw-r--r--main/strongswan/APKBUILD6
2 files changed, 35 insertions, 1 deletions
diff --git a/main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch b/main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
new file mode 100644
index 0000000000..7f6e176624
--- /dev/null
+++ b/main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
@@ -0,0 +1,30 @@
+From 78bab0b68254accb48f08c5110a904a0dedabc60 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 28 Jul 2015 15:10:17 +0200
+Subject: [PATCH] child-create: Fix crash when retrying CHILD_SA rekeying due
+ to a DH group mismatch
+
+If the responder declines our KE payload during a CHILD_SA rekeying migrate()
+is called to reuse the child-create task. But the child-rekey task then
+calls the same method again.
+
+Fixes: 32df0d81fb46 ("child-create: Destroy nonceg in migrate()")
+---
+ src/libcharon/sa/ikev2/tasks/child_create.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
+index e0f930c..ee5086f 100644
+--- a/src/libcharon/sa/ikev2/tasks/child_create.c
++++ b/src/libcharon/sa/ikev2/tasks/child_create.c
+@@ -1596,6 +1596,7 @@ METHOD(task_t, migrate, void,
+ this->tsi = NULL;
+ this->tsr = NULL;
+ this->dh = NULL;
++ this->nonceg = NULL;
+ this->child_sa = NULL;
+ this->mode = MODE_TUNNEL;
+ this->ipcomp = IPCOMP_NONE;
+--
+2.5.0
+
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 4192088aa3..8992b7d431 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
pkgname=strongswan
pkgver=5.3.2
_pkgver=${pkgver//_rc/rc}
-pkgrel=7
+pkgrel=8
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
@@ -42,6 +42,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
0401-printf-hook-builtin-Fix-invalid-memory-access.patch
+ 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
1001-charon-add-optional-source-and-remote-overrides-for-.patch
1002-vici-send-certificates-for-ike-sa-events.patch
1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
@@ -156,6 +157,7 @@ d57e117d13da147910e2ae09219d2492 0203-vici-Add-get_bool-convenience-getter-for-
c46165934687326a26ec9153a34e2227 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
9b607cf38cff83547368d82fa34d716f 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
c7c0338de6dc4993cb8cb71238fd13dc 0401-printf-hook-builtin-Fix-invalid-memory-access.patch
+2d191d850683a6ed34f171ed64b643f0 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
06607758b690f2db961d84e26ee7d6ea 1001-charon-add-optional-source-and-remote-overrides-for-.patch
1aae491acf4739d871a64cd4481551f6 1002-vici-send-certificates-for-ike-sa-events.patch
b0f2d10bc3dc89f3bba28fead6687311 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
@@ -190,6 +192,7 @@ f81bb1934c67263e0fcb75ffa449f7d663a17ffacc4d76d233acaed54e13b10d 0202-controlle
6ee2826d8f2acf4010886b9990c4fe1f1be99e869144f3dd3705e38184300ca1 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
d5e0fa9012e5d4f35b5fe903fe555019c639000f75cd269acd73126f2105149b 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
74a12c42d63d6e9e920afc976b287144118c79740743beec769e5a9f239acac6 0401-printf-hook-builtin-Fix-invalid-memory-access.patch
+6eec00bdb7778a51d04157ec640394959d599f3b8cef6bad0d875658cace99ea 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
d2f05dc1d3e921358ca2ba8c7c68cbfa3eca3fdc108fd2b89311d8b25ff6f4bc 1001-charon-add-optional-source-and-remote-overrides-for-.patch
b2a6f23ede01b2d24ff973dc6c1466dc5600df259eb35d3ea6efa9a4e322ae34 1002-vici-send-certificates-for-ike-sa-events.patch
c0b39aaaf97f3797ef327a465e1468aa166044875b194e899999dc7c0723fc4c 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
@@ -224,6 +227,7 @@ b81fed84f361862c618fdfd9b2993dac3bcb4b298d806523ee9c8f47b1f5b0b679426eaeed8bc88a
6b01e9810566e4f928fa72f01b5fa6cdbddaf1045433cb5b73b5a3d1cd73260ff195709e4d46384c2aa6540e4e62ad9021d9cad19b2061bc0153581e74cf2d0e 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
8788fb376eaf57d9f277cac785db08578de3992e2484e7ab21ec044bc91000565ecb2adae4d2632f43ca6ed76519fd4422d86a3ba07a499594fbd7a61298458c 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
86f244b3d8b35e8b9e25692554b7e8711bc663843e316e8895b340b3bd567c38543d24367250c93910b5d9462a2901bfc7717b5e3824f4682b4c736d33450834 0401-printf-hook-builtin-Fix-invalid-memory-access.patch
+f0dfb8aee6fd456d5d330d9a1212842ecd7f88b9b76bb1667dacdbbb2c38369fa089df6ce13c6363735012f653df91b4bbb082a970a11ec63e6a2d14ca2b0ec2 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
2522571163b1d6de0aae2e2c1c2db69c52c3ff76e27a383e8a01e0933a0c0a06212168b1356308d6fd548aa7416d88ecd2bcfc79d3391ff17e6c799e83c5f88d 1001-charon-add-optional-source-and-remote-overrides-for-.patch
ccf60c52d75b3f2eff719fbac1403eb141029651fccf2a1927ec4dffc0ccdc49c061a4971c38a0f37a32b2a53aa79422e17f3f993c48ebbcd07840a867c15881 1002-vici-send-certificates-for-ike-sa-events.patch
1ea845551c7da2a7817e34508b0da3f3f0bba879f3b95d08c8db0a6b32adaf50363556daa6ee2e0f11c1ee6c41077d39ba54dbd40e457a02a991add19fe115ef 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch