Prior to this update, very large security label strings received from the peer were being truncated. The truncated string was then still used. However, this truncated string could, under rare circumstances, turn out to be a valid string, leading to an incorrect policy. Additionally, erroneous queuing of on-demand requests of setting up an IPsec connection was discovered in the IKEv2 (Internet Key Exchange) code. Although not harmful, it was not the intended design. This update fixes both of these issues, and Openswan now correctly handles the IKE setup.