480852 – =net-misc/strongswan-5.1.0 - Add upstream patch to fix IKEv2 segfault case

Bug 480852 - =net-misc/strongswan-5.1.0 - Add upstream patch to fix IKEv2 segfault case

Summary: =net-misc/strongswan-5.1.0 - Add upstream patch to fix IKEv2 segfault case

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Patrick Lauer

URL:	http://git.strongswan.org/?p=strongsw...
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2013-08-13 08:37 UTC by Olipro
Modified:	2014-01-19 11:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Olipro 2013-08-13 08:37:13 UTC

StrongSwan 5.1.0 will segfault if you have any IKEv2 peers with a closeaction of restart or route.

A workaround of course is to disable the closeaction, but that would then result in IKEv2 CHILD_SAs remaining closed if the remote side closes it, which in the vast majority of cases is undesirable, hence making closeaction a rather significant option.

Strongswan 5.1.0 should definitely not be stabilised without this.

Patch upstream is here:
http://git.strongswan.org/?p=strongswan.git;a=commit;h=e42ab08a737b41b3ba56e7db1f8ab719a2d8ae58

Comment 1 Bjarke Istrup Pedersen (RETIRED) gentoo-dev

2014-01-19 11:09:20 UTC

Fixed, since we have 5.1.1 in the tree now.