From 29f8c752f8ce83e7f7f6cda568d9fc7f517ebc26 Mon Sep 17 00:00:00 2001 From: reitear Date: Fri, 4 Mar 2022 23:44:00 +0100 Subject: [PATCH] Resolves: rhbz#048108 - segfault at 18 ip 00007f4c7c0d841c sp 00007ffe49f61b70 error 4 in libc.so.6 --- strongswan-5.9.5-atexit-handlers.patch | 71 ++++++++++++++++++++++++++ strongswan.spec | 6 ++- 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 strongswan-5.9.5-atexit-handlers.patch diff --git a/strongswan-5.9.5-atexit-handlers.patch b/strongswan-5.9.5-atexit-handlers.patch new file mode 100644 index 0000000..b3b2739 --- /dev/null +++ b/strongswan-5.9.5-atexit-handlers.patch @@ -0,0 +1,71 @@ +--- strongswan-5.9.5-orig/src/libstrongswan/plugins/openssl/openssl_plugin.c 2022-01-08 12:54:02.000000000 +0100 ++++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c 2022-02-23 23:12:03.685111475 +0100 +@@ -16,7 +16,6 @@ + + #include + #include +-#include + #include + #include + #include +@@ -74,13 +73,6 @@ + * public functions + */ + openssl_plugin_t public; +- +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- /** +- * Loaded providers +- */ +- array_t *providers; +-#endif + }; + + /** +@@ -881,21 +873,12 @@ + #endif + } + *features = f; +- return countof(f); ++ return count; + } + + METHOD(plugin_t, destroy, void, + private_openssl_plugin_t *this) + { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- OSSL_PROVIDER *provider; +- while (array_remove(this->providers, ARRAY_TAIL, &provider)) +- { +- OSSL_PROVIDER_unload(provider); +- } +- array_destroy(this->providers); +-#endif /* OPENSSL_VERSION_NUMBER */ +- + /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we + * can't call it as we couldn't re-initialize the library (as required by the + * unit tests and the Android app) */ +@@ -1009,20 +992,16 @@ + DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider"); + return NULL; + } +- array_insert_create(&this->providers, ARRAY_TAIL, fips); + /* explicitly load the base provider containing encoding functions */ +- array_insert_create(&this->providers, ARRAY_TAIL, +- OSSL_PROVIDER_load(NULL, "base")); ++ OSSL_PROVIDER_load(NULL, "base"); + } + else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy", + TRUE, lib->ns)) + { + /* load the legacy provider for algorithms like MD4, DES, BF etc. */ +- array_insert_create(&this->providers, ARRAY_TAIL, +- OSSL_PROVIDER_load(NULL, "legacy")); ++ OSSL_PROVIDER_load(NULL, "legacy"); + /* explicitly load the default provider, as mentioned by crypto(7) */ +- array_insert_create(&this->providers, ARRAY_TAIL, +- OSSL_PROVIDER_load(NULL, "default")); ++ OSSL_PROVIDER_load(NULL, "default"); + } + ossl_provider_names_t data = {}; + OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data); diff --git a/strongswan.spec b/strongswan.spec index 3df1eff..898b126 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -14,7 +14,7 @@ Name: strongswan Version: 5.9.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: An OpenSource IPsec-based VPN and TNC solution License: GPLv2+ URL: http://www.strongswan.org/ @@ -23,6 +23,7 @@ Source1: http://download.strongswan.org/strongswan-%{version}%{?prereleas Source2: https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY Source3: tmpfiles-strongswan.conf Patch0: strongswan-5.6.0-uintptr_t.patch +Patch1: strongswan-5.9.5-atexit-handlers.patch # only needed for pre-release versions #BuildRequires: autoconf automake @@ -410,6 +411,9 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co %endif %changelog +* Sat Feb 25 2022 Arne Reiter - 5.9.5-3 +- Resolves: rhbz#048108 - segfault at 18 ip 00007f4c7c0d841c sp 00007ffe49f61b70 error 4 in libc.so.6 + * Tue Jan 25 2022 Paul Wouters - 5.9.5-2 - Use newly published/cleaned strongswan gpg key