summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-11-24cert-cache: Prevent crash due to integer overflow/sign change1.2.9-S1cruxTobias Brunner
random() allocates values in the range [0, RAND_MAX], with RAND_MAX usually equaling INT_MAX = 2^31-1. Previously, values between 0 and 31 were added directly to that offset before applying`% CACHE_SIZE` to get an index into the cache array. If the random value was very high, this resulted in an integer overflow and a negative index value and, therefore, an out-of-bounds access of the array and in turn dereferencing invalid pointers when trying to acquire the read lock. This most likely results in a segmentation fault. Fixes: 764e8b2211ce ("reimplemented certificate cache") Fixes: CVE-2021-41991 Signed-off-by: Daniil Baturin <daniil@vyos.io>
2021-11-24Reject RSASSA-PSS params with negative salt lengthTobias Brunner
The `salt_len` member in the struct is of type `ssize_t` because we use negative values for special automatic salt lengths when generating signatures. Not checking this could lead to an integer overflow. The value is assigned to the `len` field of a chunk (`size_t`), which is further used in calculations to check the padding structure and (if that is passed by a matching crafted signature value) eventually a memcpy() that will result in a segmentation fault. Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params") Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification") Fixes: CVE-2021-41990 Signed-off-by: Daniil Baturin <daniil@baturin.org>
2021-02-24Update JenkinsfileDaniil Baturin
2019-10-09Jenkins: import Pipeline from vyos-1x commit b198cc6f065dChristian Poessinger
2019-01-14fixes T1070 - SWANCTL: DMVPN: ALL peers are deleted in swan when opennhrp ↵Kim Hagen
tries to delete ONE peer
2019-01-14restore ability to remove tunnel connection by source and destination ipKim Hagen
T1070 - SWANCTL: DMVPN: ALL peers are deleted in swan when opennhrp tries to delete ONE peer
2019-01-10Add patches for for dmvpn.Kim Hagen
Use the daemon facility for IPsec logging (fixes T551).
2019-01-10Disable building the charon-nm package, which we do not use.Kim Hagen
The practical reason for removing it completely for the time being is that libnm is not in jessie.
2019-01-02upload strongSwan 5.7.2-1 to unstableYves-Alexis Perez
2019-01-02finalize changelogYves-Alexis Perez
2019-01-02d/patches: import patches in gbp pqYves-Alexis Perez
2019-01-02d/u/signing-key.asc: strip signatures from upstream signing keyYves-Alexis Perez
2019-01-02d/libstrongswan.dirs: drop lintian overrides dirYves-Alexis Perez
2019-01-02d/control: update standards version to 4.3.0Yves-Alexis Perez
2019-01-02d/copyright updatedYves-Alexis Perez
2019-01-02New upstream version 5.7.2Yves-Alexis Perez
2019-01-02d/copyright updateYves-Alexis Perez
2018-11-13use a clean export for upstream signing keyYves-Alexis Perez
2018-11-12drop unused debconf templateYves-Alexis Perez
2018-11-12d/control: update standards version to 4.2.1Yves-Alexis Perez
2018-11-12d/watch: use HTTPS protocolYves-Alexis Perez
2018-11-12d/copyright: fix typosYves-Alexis Perez
2018-11-12d/control: remove Rene from Uploaders, thanks!Yves-Alexis Perez
2018-10-01upload strongSwan 5.7.1-1 to unstableYves-Alexis Perez
2018-10-01finalize changelogYves-Alexis Perez
2018-10-01Update upstream source from tag 'upstream/5.7.1'Yves-Alexis Perez
Update to upstream version '5.7.1' with Debian dir 72f82c6dc54a03e0a4ef30d019024a741edf8eb4
2018-10-01New upstream version 5.7.1Yves-Alexis Perez
2018-10-01remove unused lintian overridesYves-Alexis Perez
2018-10-01finalize changelogYves-Alexis Perez
2018-10-01enable chapoly pluginYves-Alexis Perez
closes: #814927
2018-10-01d/control: Remove XS-Testsuite field, not needed anymoreOndřej Nový
2018-10-01d/rules: Remove trailing whitespacesOndřej Nový
2018-10-01d/changelog: Remove trailing whitespacesOndřej Nový
2018-10-01d/copyright: Use https protocol in Format fieldOndřej Nový
2018-09-24Merge branch 'apparmor-cosmetic-fixes' into 'debian/master'Yves-Alexis Perez
Apparmor cosmetic fixes See merge request debian/strongswan!2
2018-09-24Remove redundant capabilities in charon Apparmor profilesSimon Deziel
2018-09-24Fix typo in comment of charon Apparmor profilesSimon Deziel
2018-09-24upload strongSwan 5.7.0-1 to unstableYves-Alexis Perez
2018-09-24finalize changelogYves-Alexis Perez
2018-09-24d/control: fix typo in libstrongswan long descriptionYves-Alexis Perez
2018-09-24finalize changelogYves-Alexis Perez
2018-09-24Update upstream source from tag 'upstream/5.7.0'Yves-Alexis Perez
Update to upstream version '5.7.0' with Debian dir b608300a1e1f88db62d14d08a55ca09f3603f054
2018-09-24New upstream version 5.7.0Yves-Alexis Perez
2018-09-24d/gbp.conf added, following DEP-14Yves-Alexis Perez
2018-08-07update AppArmor templates to handle usr mergeYves-Alexis Perez
Thanks Christian Ehrhardt for the patch closes: #905082
2018-06-04release strongSwan 5.6.3-1Yves-Alexis Perez
2018-06-04update changelog for 5.6.3Yves-Alexis Perez
2018-06-04d/p/05_charon-nm-Fix-building-list-of-DNS-MDNS-servers-with removedYves-Alexis Perez
included upstream
2018-06-04New upstream version 5.6.3Yves-Alexis Perez
2018-06-04Update upstream source from tag 'upstream/5.6.3'Yves-Alexis Perez
Update to upstream version '5.6.3' with Debian dir d2b13199c1ca302286cbf83878342276cb01d710
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-03 16:55:36 +0000