fix for SIGSEGV when using mysql plugin

Thank you for taking the time to report this bug and helping to make Ubuntu better.

If someone can prepare a backport, please follow the steps at https://wiki.ubuntu.com/StableReleaseUpdates#Procedure to have Bionic updated.

All the steps documented there need to be followed. In particular, I'm concerned that we have a test case that can be followed by someone not familiar with the package for SRU verification purposes.

Via code inspection, it looks like this affects cosmic as well:

/**
 * Release a mysql connection
 */
static void conn_release(private_mysql_database_t *this, conn_t *conn)
{
    this->mutex->lock(this->mutex);
    conn->in_use = FALSE;
    this->mutex->unlock(this->mutex);
}

The diff that was committed is:
--- a/src/libstrongswan/plugins/mysql/mysql_database.c
+++ b/src/libstrongswan/plugins/mysql/mysql_database.c
@@ -131,9 +131,13 @@ typedef struct {
  */
 static void conn_release(private_mysql_database_t *this, conn_t *conn)
 {
- this->mutex->lock(this->mutex);
- conn->in_use = FALSE;
- this->mutex->unlock(this->mutex);
+ /* do not release the connection while transactions are using it */
+ if (!this->transaction->get(this->transaction))
+ {
+ this->mutex->lock(this->mutex);
+ conn->in_use = FALSE;
+ this->mutex->unlock(this->mutex);
+ }
 }

 /**

FYI, this

$ git tag --contains a61b1a6ee480ee12c3d91a303f918257d4966f13
5.7.2dr1
5.7.2dr2
5.7.2dr3

But the current version I merge is only 5.7.1
I'll try to add this on top for now ...

This bug was fixed in the package strongswan - 5.7.1-1ubuntu1

---------------
strongswan (5.7.1-1ubuntu1) disco; urgency=medium

  * Merge with Debian unstable (LP: #1806401). Remaining changes:
    - Clean up d/strongswan-starter.postinst: section about runlevel changes
    - Clean up d/strongswan-starter.postinst: Removed entire section on
      opportunistic encryption disabling - this was never in strongSwan and
      won't be see upstream issue #2160.
    - d/rules: Removed patching ipsec.conf on build (not using the
      debconf-managed config.)
    - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
      used for debconf-managed include of private key).
    - Mass enablement of extra plugins and features to allow a user to use
      strongswan for a variety of extra use cases without having to rebuild.
      + d/control: Add required additional build-deps
      + d/control: Mention addtionally enabled plugins
      + d/rules: Enable features at configure stage
      + d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
      + d/libstrongswan.install: Add plugins (so, conf)
    - d/strongswan-starter.install: Install pool feature, which is useful since
      we have attr-sql plugin enabled as well using it.
    - Add plugin kernel-libipsec to allow the use of strongswan in containers
      via this userspace implementation (please do note that this is still
      considered experimental by upstream).
      + d/libcharon-extra-plugins.install: Add kernel-libipsec components
      + d/control: List kernel-libipsec plugin at extra plugins description
      + d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
        upstream recommends to not load kernel-libipsec by default.
    - Relocate tnc plugin
      + debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
      + Add new subpackage for TNC in d/strongswan-tnc-* and d/control
    - d/libstrongswan.install: Reorder conf and .so alphabetically
    - d/libstrongswan.install: Add kernel-netlink configuration files
    - Complete the disabling of libfast; This was partially accepted in Debian,
      it is no more packaging medcli and medsrv, but still builds and
      mentions it.
      + d/rules: Add --disable-fast to avoid build time and dependencies
      + d/control: Remove medcli, medsrv from package description
    - d/control: Mention mgf1 plugin which is in libstrongswan now
    - Add now built (since 5.5.1) libraries libtpmtss and nttfft to
      libstrongswan-extra-plugins (no deps from default plugins).
    - d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
      plugins for the most common use cases from extra-plugins into a new
      standard-plugins package. This will allow those use cases without pulling
      in too much more plugins (a bit like the tnc package). Recommend that
      package from strongswan-libcharon.
    - d/usr.sbin.charon-systemd: allow to contact mysql for sql and
      attr-sql plugins (LP #1766240)
    - d/usr.lib.ipsec.charon: allow reading of own FDs (LP #1786250)
  * Added Changes:
    - d/p/lp1795813-mysql-Don-t-release-the-connection-if-transactions-a.patch:
      fix SIG...