summaryrefslogtreecommitdiff
path: root/debian/patches/series
AgeCommit message (Collapse)Author
2019-01-10Add patches for for dmvpn.Kim Hagen
Use the daemon facility for IPsec logging (fixes T551).
2018-06-04d/p/05_charon-nm-Fix-building-list-of-DNS-MDNS-servers-with removedYves-Alexis Perez
included upstream
2018-02-22charon-nm: Fix building list of DNS/MDNS servers with libnmYves-Alexis Perez
2018-01-03strongswan-libcharon: add bypass-lan pluginYves-Alexis Perez
not loaded by default
2017-09-01remove patch, included upstreamYves-Alexis Perez
2017-06-30Install /etc/strongswan.d/charon-systemd.conf with charon-systemd packageYves-Alexis Perez
* debian/patches: - 02_configure-Install-charon-systemd.conf added, cherry-picked from upstream to install configuration to output logging information to the journal. * debian/charon-systemd.install: - install charon-systemd.conf files, thanks Gerald Tuner. closes: #866325
2016-10-20patch 05_network-manager-strongswan-1.4 dropped, included upstream.Yves-Alexis Perez
2016-09-18backport two upstream patches for n-m-strongswan 1.4Yves-Alexis Perez
2016-07-1605_port-openssl-1.1.0 dropped, included upstream.Yves-Alexis Perez
2016-06-28Add patch to port to OpenSSL 1.1.0Yves-Alexis Perez
* debian/patches: - 05_port-openssl-1.1.0 added, port to OpenSSL 1.1.0. closes: #828561
2016-03-240001-charon-systemd-Inherit-all-settings-from-the-charon- dropped as well, a ↵Yves-Alexis Perez
different version was included upstream.
2016-03-24drop 0001-configure-Support-systemd-209.patchYves-Alexis Perez
* debian/patches - 0001-configure-Support-systemd-209 dropped, included upstream.
2016-02-08Include patch to inherit charon settings in charon-systemdYves-Alexis Perez
* debian/patches - 0001-charon-systemd-Inherit-all-settings-from-the-charon added, inherit charon configuration settings for charon-systemd.
2016-02-05Add patch to fix systemd detectionYves-Alexis Perez
2015-11-18CVE-2015-8023_eap_mschapv2_state droppedYves-Alexis Perez
2015-11-180001-socket-dynamic-Refactor-setting-source-address-when- droppedYves-Alexis Perez
2015-11-180001-socket-default-Refactor-setting-source-address-when- droppedYves-Alexis Perez
2015-11-16Fix CVE-2015-8023Yves-Alexis Perez
* Set urgency=high for security fix. * debian/patches: - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when using EAP MSCHAPv2.
2015-11-03Add source address selection patch for socket-dynamic pluginYves-Alexis Perez
The socket-dynamic plugin has the same issue as the socket-default one so even if few people use it, it's worth fixing there too
2015-11-03Add patch to fix IPv6 source adress selectionYves-Alexis Perez
0001-socket-default-Refactor-setting-source-address-when- added (taken from ab8337b in the socket-default-refactor branch), fix source address selection with IPv6
2015-06-08Remove patches included upstreamYves-Alexis Perez
* debian/patches: - 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream. - CVE-2015-4171_enforce_remote_auth dropped as well.
2015-06-04CVE-2015-4171_enforce_remote_auth added, fix potential leak of ↵Yves-Alexis Perez
authentication credential to rogue server when using PSK or EAP. This is CVE-2015-4171.
2015-06-0405_ivgen-allow-reusing-same-message-id-twice added, allow reusing the same ↵Yves-Alexis Perez
message ID twice in sequential IV gen. strongSwan issue #980.
2015-06-01remove strongswan-5.2.2-5.3.0_unknown_payload.patch, included upstreamYves-Alexis Perez
2015-05-23Fix CVE-2015-3991 (DoS / RCE)Yves-Alexis Perez
* debian/patches: - strongswan-5.2.2-5.3.0_unknown_payload added, fixes a DoS and potential remote code execution vulnerability (CVE-2015-3991).
2015-04-11CVE-2014-9221_modp_custom dropped, included upstream.Yves-Alexis Perez
2015-04-1102_chunk-endianness dropped, included upstream.Yves-Alexis Perez
2015-01-05Fix CVE-2014-9221Yves-Alexis Perez
* debian/patches: - debian/patches/CVE-2014-9221_modp_custom added, fix unauthenticated denial of service in IKEv2 when using custom MODP value.
2014-10-23Disable libtls tests again for 5.2.1-3Romain Francoise
2014-10-22Cherry-pick 701d6ed and 1c70c6e from upstream to fix big-endian FTBFSRomain Francoise
2014-10-22Re-enable libtls test suiteRomain Francoise
2014-07-25Initial systemd integrationRomain Francoise
2014-07-11debian/patches: 03_pfkey-Always-include-stdint.h dropped, included upstream.Yves-Alexis Perez
2014-05-19Fix FTBFS on kFreeBSD by always including stdint.hYves-Alexis Perez
2014-04-19Disable the new libtls test suiteRomain Francoise
It appears to be too slow for some archs, although whether that is because of CPU or entropy usage is not clear.
2014-04-15Drop patches previously from upstreamRomain Francoise
2014-04-08add CVE-2014-2338 patch from upstreamRomain Francoise
2014-04-02Add patch to fix testsuite failure on armelYves-Alexis Perez
2014-04-02debian/patches/ ↵Yves-Alexis Perez
02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b.patch added, fix testsuite failing on 64 bit big-endian platforms (s390x).
2014-03-1102_include-strongswan.conf.d removed, strongswan.d is now supported upstream.Yves-Alexis Perez
2014-01-17Support configuration via /etc/strongswan.conf.d/Raphael Geissert
Upstream's position on this is that packages should ship this configuration, instead of modifying it upstream. See: https://wiki.strongswan.org/issues/475
2013-11-01remove security patches included in upstream release.Yves-Alexis Perez
2013-10-31add patch for CVE-2013-6076Yves-Alexis Perez
fix remote denial of service when using IKEv1
2013-10-31add patch for CVE-2013-6075Yves-Alexis Perez
fixing denial of service and authorization bypass
2013-04-30remove patch for printf fix in DNSsec script, included upstreamYves-Alexis Perez
2013-04-2602_fix-printf-dnssec-script added backported from upstream, fix printf() ↵Yves-Alexis Perez
statements.
2013-01-0204-Fixed-IPv6-source-address-lookup dropped, included upstream.Yves-Alexis Perez
2013-01-0203_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali removed, included ↵Yves-Alexis Perez
upstream.
2013-01-0202_add-LICENSE dropped, included upstream.Yves-Alexis Perez
2012-07-02Fix IPv6 tunnel not workingYves-Alexis Perez
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-23 03:23:39 +0000