main/strongswan: cherry-pick fix from upstream

2 files changed, 35 insertions, 1 deletions

diff --git a/main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch b/main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
new file mode 100644
index 000000000..7f6e17662
--- /dev/null
+++ b/main/strongswan/0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
@@ -0,0 +1,30 @@
+From 78bab0b68254accb48f08c5110a904a0dedabc60 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 28 Jul 2015 15:10:17 +0200
+Subject: [PATCH] child-create: Fix crash when retrying CHILD_SA rekeying due
+ to a DH group mismatch
+
+If the responder declines our KE payload during a CHILD_SA rekeying migrate()
+is called to reuse the child-create task.  But the child-rekey task then
+calls the same method again.
+
+Fixes: 32df0d81fb46 ("child-create: Destroy nonceg in migrate()")
+---
+ src/libcharon/sa/ikev2/tasks/child_create.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
+index e0f930c..ee5086f 100644
+--- a/src/libcharon/sa/ikev2/tasks/child_create.c
++++ b/src/libcharon/sa/ikev2/tasks/child_create.c
+@@ -1596,6 +1596,7 @@ METHOD(task_t, migrate, void,
+ 	this->tsi = NULL;
+ 	this->tsr = NULL;
+ 	this->dh = NULL;
++	this->nonceg = NULL;
+ 	this->child_sa = NULL;
+ 	this->mode = MODE_TUNNEL;
+ 	this->ipcomp = IPCOMP_NONE;
+-- 
+2.5.0
+
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 4192088aa..8992b7d43 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=strongswan
 pkgver=5.3.2
 _pkgver=${pkgver//_rc/rc}
-pkgrel=7
+pkgrel=8
 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
 url="http://www.strongswan.org/"
 arch="all"
@@ -42,6 +42,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
 	0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
 	0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
 	0401-printf-hook-builtin-Fix-invalid-memory-access.patch
+	0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
 	1001-charon-add-optional-source-and-remote-overrides-for-.patch
 	1002-vici-send-certificates-for-ike-sa-events.patch
 	1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
@@ -156,6 +157,7 @@ d57e117d13da147910e2ae09219d2492  0203-vici-Add-get_bool-convenience-getter-for-
 c46165934687326a26ec9153a34e2227  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
 9b607cf38cff83547368d82fa34d716f  0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
 c7c0338de6dc4993cb8cb71238fd13dc  0401-printf-hook-builtin-Fix-invalid-memory-access.patch
+2d191d850683a6ed34f171ed64b643f0  0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
 06607758b690f2db961d84e26ee7d6ea  1001-charon-add-optional-source-and-remote-overrides-for-.patch
 1aae491acf4739d871a64cd4481551f6  1002-vici-send-certificates-for-ike-sa-events.patch
 b0f2d10bc3dc89f3bba28fead6687311  1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
@@ -190,6 +192,7 @@ f81bb1934c67263e0fcb75ffa449f7d663a17ffacc4d76d233acaed54e13b10d  0202-controlle
 6ee2826d8f2acf4010886b9990c4fe1f1be99e869144f3dd3705e38184300ca1  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
 d5e0fa9012e5d4f35b5fe903fe555019c639000f75cd269acd73126f2105149b  0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
 74a12c42d63d6e9e920afc976b287144118c79740743beec769e5a9f239acac6  0401-printf-hook-builtin-Fix-invalid-memory-access.patch
+6eec00bdb7778a51d04157ec640394959d599f3b8cef6bad0d875658cace99ea  0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
 d2f05dc1d3e921358ca2ba8c7c68cbfa3eca3fdc108fd2b89311d8b25ff6f4bc  1001-charon-add-optional-source-and-remote-overrides-for-.patch
 b2a6f23ede01b2d24ff973dc6c1466dc5600df259eb35d3ea6efa9a4e322ae34  1002-vici-send-certificates-for-ike-sa-events.patch
 c0b39aaaf97f3797ef327a465e1468aa166044875b194e899999dc7c0723fc4c  1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
@@ -224,6 +227,7 @@ b81fed84f361862c618fdfd9b2993dac3bcb4b298d806523ee9c8f47b1f5b0b679426eaeed8bc88a
 6b01e9810566e4f928fa72f01b5fa6cdbddaf1045433cb5b73b5a3d1cd73260ff195709e4d46384c2aa6540e4e62ad9021d9cad19b2061bc0153581e74cf2d0e  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
 8788fb376eaf57d9f277cac785db08578de3992e2484e7ab21ec044bc91000565ecb2adae4d2632f43ca6ed76519fd4422d86a3ba07a499594fbd7a61298458c  0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
 86f244b3d8b35e8b9e25692554b7e8711bc663843e316e8895b340b3bd567c38543d24367250c93910b5d9462a2901bfc7717b5e3824f4682b4c736d33450834  0401-printf-hook-builtin-Fix-invalid-memory-access.patch
+f0dfb8aee6fd456d5d330d9a1212842ecd7f88b9b76bb1667dacdbbb2c38369fa089df6ce13c6363735012f653df91b4bbb082a970a11ec63e6a2d14ca2b0ec2  0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
 2522571163b1d6de0aae2e2c1c2db69c52c3ff76e27a383e8a01e0933a0c0a06212168b1356308d6fd548aa7416d88ecd2bcfc79d3391ff17e6c799e83c5f88d  1001-charon-add-optional-source-and-remote-overrides-for-.patch
 ccf60c52d75b3f2eff719fbac1403eb141029651fccf2a1927ec4dffc0ccdc49c061a4971c38a0f37a32b2a53aa79422e17f3f993c48ebbcd07840a867c15881  1002-vici-send-certificates-for-ike-sa-events.patch
 1ea845551c7da2a7817e34508b0da3f3f0bba879f3b95d08c8db0a6b32adaf50363556daa6ee2e0f11c1ee6c41077d39ba54dbd40e457a02a991add19fe115ef  1003-vici-add-support-rekeying-events-and-individual-sa-s.patch