Resolves: rhbz#048108 - segfault at 18 ip 00007f4c7c0d841c sp 00007ffe49f61b70 error 4 in libc.so.6

2022-03-04 23:44:00 +01:00
parent e2ccbbed7e
commit 29f8c752f8
2 changed files with 76 additions and 1 deletions
--- a/strongswan-5.9.5-atexit-handlers.patch
+++ b/strongswan-5.9.5-atexit-handlers.patch
@@ -0,0 +1,71 @@
+--- strongswan-5.9.5-orig/src/libstrongswan/plugins/openssl/openssl_plugin.c	2022-01-08 12:54:02.000000000 +0100
+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c	2022-02-23 23:12:03.685111475 +0100
+@@ -16,7 +16,6 @@
+ 
+ #include <library.h>
+ #include <utils/debug.h>
+-#include <collections/array.h>
+ #include <threading/thread.h>
+ #include <threading/mutex.h>
+ #include <threading/thread_value.h>
+@@ -74,13 +73,6 @@
+ 	 * public functions
+ 	 */
+ 	openssl_plugin_t public;
+-
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	/**
+-	 * Loaded providers
+-	 */
+-	array_t *providers;
+-#endif
+ };
+ 
+ /**
+@@ -881,21 +873,12 @@
+ #endif
+ 	}
+ 	*features = f;
+-	return countof(f);
+	return count;
+ }
+ 
+ METHOD(plugin_t, destroy, void,
+ 	private_openssl_plugin_t *this)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	OSSL_PROVIDER *provider;
+-	while (array_remove(this->providers, ARRAY_TAIL, &provider))
+-	{
+-		OSSL_PROVIDER_unload(provider);
+-	}
+-	array_destroy(this->providers);
+-#endif /* OPENSSL_VERSION_NUMBER */
+-
+ /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
+  * can't call it as we couldn't re-initialize the library (as required by the
+  * unit tests and the Android app) */
+@@ -1009,20 +992,16 @@
+ 			DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
+ 			return NULL;
+ 		}
+-		array_insert_create(&this->providers, ARRAY_TAIL, fips);
+ 		/* explicitly load the base provider containing encoding functions */
+-		array_insert_create(&this->providers, ARRAY_TAIL,
+-							OSSL_PROVIDER_load(NULL, "base"));
+		OSSL_PROVIDER_load(NULL, "base");
+ 	}
+ 	else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
+ 									 TRUE, lib->ns))
+ 	{
+ 		/* load the legacy provider for algorithms like MD4, DES, BF etc. */
+-		array_insert_create(&this->providers, ARRAY_TAIL,
+-							OSSL_PROVIDER_load(NULL, "legacy"));
+		OSSL_PROVIDER_load(NULL, "legacy");
+ 		/* explicitly load the default provider, as mentioned by crypto(7) */
+-		array_insert_create(&this->providers, ARRAY_TAIL,
+-							OSSL_PROVIDER_load(NULL, "default"));
+		OSSL_PROVIDER_load(NULL, "default");
+ 	}
+ 	ossl_provider_names_t data = {};
+ 	OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -14,7 +14,7 @@

 Name:           strongswan
 Version:        5.9.5
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
@@ -23,6 +23,7 @@ Source1:        http://download.strongswan.org/strongswan-%{version}%{?prereleas
 Source2:        https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
 Source3:        tmpfiles-strongswan.conf
 Patch0:         strongswan-5.6.0-uintptr_t.patch
+Patch1:         strongswan-5.9.5-atexit-handlers.patch

 # only needed for pre-release versions
 #BuildRequires:  autoconf automake
@@ -410,6 +411,9 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %endif

 %changelog
+* Sat Feb 25 2022 Arne Reiter <redhat@arnereiter.de> - 5.9.5-3
+- Resolves: rhbz#048108 - segfault at 18 ip 00007f4c7c0d841c sp 00007ffe49f61b70 error 4 in libc.so.6
+
 * Tue Jan 25 2022 Paul Wouters <paul.wouters@aiven.io> - 5.9.5-2
 - Use newly published/cleaned strongswan gpg key