crash strongSwan in Ubuntu Trusty
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Nish Aravamudan |
Bug Description
[Impact]
* Users report a crash when the revocation plugin is loaded, after a few rounds of IKE_SA reauthentication.
* Users do not expect strongswan to crash under valid configurations.
[Test Case]
* While not an explicit testcase, the original bug report indicates all that is needed is a loading of the revocation plugin and several runs of IKE_SA reauthentication. Upstream strongswan fixed this issue and referred to multiple reauthentication rounds being the primary culprit.
[Regression Potential]
* Currently, the code crashes without this fix. Upstream has accepted this fix and applied it all versions. I believe the regression potential is very low, as the bug resulted from a coding error.
---
$ lsb_release -rd
Description: Ubuntu 14.04.5 LTS
Release: 14.04
$ apt-cache policy strongswan
strongswan:
Installé : 5.1.2-0ubuntu2.4
Candidat : 5.1.2-0ubuntu2.4
Table de version :
*** 5.1.2-0ubuntu2.4 0
500 http://
500 http://
100 /var/lib/
5.1.2-0ubuntu2 0
500 http://
We have several production servers running with the same configuration.
When the plugin revocation is loaded, the daemon crashes in most every IKE_SA reauthentication (not each time).
You can see in this thread[1] what Tobias Brunner answers about our problem.
So, we have recompile the source package version including the joined patch (quilt), and all is OK now.
We would be grateful if you provide a new package including this patch.
Regards,
EOLE Team
[1] https:/
[2] https:/
tags: | added: bitesize server-next |
Changed in strongswan (Ubuntu): | |
assignee: | Nish Aravamudan (nacc) → nobody |
description: | updated |
Changed in strongswan (Ubuntu): | |
importance: | Undecided → High |
The attachment "fix-several- auth-crash" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]