Dear stable release team, I have now integrated the cherry-picked upstream patch into my strongswan-sqeeze branch at the alioth git repository (ssh://alioth.debian.org/git/pkg-swan/strongswan.git). As mentioned in the bug report, it applies cleanly and is an isolated fix for a bug in version 4.4.1 that impacts some clients. We will integrate this patched version into our Gibraltar firewall release and will therefore test this package update for regressions within the next few days. I would then prepare an upload to "stable" to make it into squeeze proposed updates. Is this ok for you? If you can't directly look at the strongswan-squeeze git branch, I could send you the most current 4.4.1-7 package diff.
best regards, Rene
--- Begin Message ---Package: strongswan-ikev1 Version: 4.4.1-5.1 Severity: normal Tags: patch upstream In Strongswan version 4.4.1 as shipped in stable there is a known bug which prevents a virtual ip assigned via mode config to be released if the XAUTH name send from the peer does not match the peers id. Clients which offer no control over which peer id is send or extract it from the certificates subject will not be able to aquire a virtual ip after their first disconnect. One particular example of this peer behaviour are iphones. For theses clients the current strongswan-ikev1 package is not usable with the xauthrsasig method. Upstream has a patch for this at http://git.strongswan.org/?p=strongswan.git;h=2b3124c76d3897bccb4aa616fca1f7393f1b284e The patch applies cleanly to the debian source package and solves the problem described. -- System Information: Debian Release: 6.0 APT prefers squeeze-updates APT policy: (500, 'squeeze-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages strongswan-ikev1 depends on: ii bind9-host [host] 1:9.7.2.dfsg.P3-1.1 Version of 'host' bundled with BIN ii bsdmainutils 8.0.13 collection of more utilities from ii debconf [debconf-2.0 1.5.36.1 Debian configuration management sy ii debianutils 3.4 Miscellaneous utilities specific t ii iproute 20100519-3 networking and traffic control too ii ipsec-tools 1:0.7.3-12 IPsec tools for Linux ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libstrongswan 4.4.1-5.1 strongSwan utility and crypto libr ii strongswan-starter 4.4.1-5.1 strongSwan daemon starter and conf strongswan-ikev1 recommends no packages. Versions of packages strongswan-ikev1 suggests: pn curl <none> (no description available) -- no debconf information
--- End Message ---
signature.asc
Description: This is a digitally signed message part.
