| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-06-04 | d/p/05_charon-nm-Fix-building-list-of-DNS-MDNS-servers-with removed | Yves-Alexis Perez | |
| included upstream | |||
| 2018-02-22 | charon-nm: Fix building list of DNS/MDNS servers with libnm | Yves-Alexis Perez | |
| 2018-01-03 | strongswan-libcharon: add bypass-lan plugin | Yves-Alexis Perez | |
| not loaded by default | |||
| 2017-09-01 | remove patch, included upstream | Yves-Alexis Perez | |
| 2017-06-30 | Install /etc/strongswan.d/charon-systemd.conf with charon-systemd package | Yves-Alexis Perez | |
| * debian/patches: - 02_configure-Install-charon-systemd.conf added, cherry-picked from upstream to install configuration to output logging information to the journal. * debian/charon-systemd.install: - install charon-systemd.conf files, thanks Gerald Tuner. closes: #866325 | |||
| 2017-04-01 | debian/patches/03_systemd-service refreshed. | Yves-Alexis Perez | |
| 2016-10-20 | patch 05_network-manager-strongswan-1.4 dropped, included upstream. | Yves-Alexis Perez | |
| 2016-09-18 | backport two upstream patches for n-m-strongswan 1.4 | Yves-Alexis Perez | |
| 2016-07-16 | 05_port-openssl-1.1.0 dropped, included upstream. | Yves-Alexis Perez | |
| 2016-06-29 | update patch to second version | Yves-Alexis Perez | |
| - fix runtime with openssl 1.0 - fix build with openssl 1.1 | |||
| 2016-06-28 | Add patch to port to OpenSSL 1.1.0 | Yves-Alexis Perez | |
| * debian/patches: - 05_port-openssl-1.1.0 added, port to OpenSSL 1.1.0. closes: #828561 | |||
| 2016-03-24 | 0001-charon-systemd-Inherit-all-settings-from-the-charon- dropped as well, a ↵ | Yves-Alexis Perez | |
| different version was included upstream. | |||
| 2016-03-24 | drop 0001-configure-Support-systemd-209.patch | Yves-Alexis Perez | |
| * debian/patches - 0001-configure-Support-systemd-209 dropped, included upstream. | |||
| 2016-02-08 | Include patch to inherit charon settings in charon-systemd | Yves-Alexis Perez | |
| * debian/patches - 0001-charon-systemd-Inherit-all-settings-from-the-charon added, inherit charon configuration settings for charon-systemd. | |||
| 2016-02-05 | Add patch to fix systemd detection | Yves-Alexis Perez | |
| 2015-11-18 | CVE-2015-8023_eap_mschapv2_state dropped | Yves-Alexis Perez | |
| 2015-11-18 | 0001-socket-dynamic-Refactor-setting-source-address-when- dropped | Yves-Alexis Perez | |
| 2015-11-18 | 0001-socket-default-Refactor-setting-source-address-when- dropped | Yves-Alexis Perez | |
| 2015-11-18 | Refresh 03_systemd-service.patch | Yves-Alexis Perez | |
| * debian/patches: - 03_systemd-service refreshed for new upstream release. | |||
| 2015-11-16 | Fix CVE-2015-8023 | Yves-Alexis Perez | |
| * Set urgency=high for security fix. * debian/patches: - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when using EAP MSCHAPv2. | |||
| 2015-11-03 | Add source address selection patch for socket-dynamic plugin | Yves-Alexis Perez | |
| The socket-dynamic plugin has the same issue as the socket-default one so even if few people use it, it's worth fixing there too | |||
| 2015-11-03 | Update source address selection patch to latest version | Yves-Alexis Perez | |
| commit log has been updated to provide more meaningful comments | |||
| 2015-11-03 | Add patch to fix IPv6 source adress selection | Yves-Alexis Perez | |
| 0001-socket-default-Refactor-setting-source-address-when- added (taken from ab8337b in the socket-default-refactor branch), fix source address selection with IPv6 | |||
| 2015-06-08 | Remove patches included upstream | Yves-Alexis Perez | |
| * debian/patches: - 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream. - CVE-2015-4171_enforce_remote_auth dropped as well. | |||
| 2015-06-04 | CVE-2015-4171_enforce_remote_auth added, fix potential leak of ↵ | Yves-Alexis Perez | |
| authentication credential to rogue server when using PSK or EAP. This is CVE-2015-4171. | |||
| 2015-06-04 | 05_ivgen-allow-reusing-same-message-id-twice added, allow reusing the same ↵ | Yves-Alexis Perez | |
| message ID twice in sequential IV gen. strongSwan issue #980. | |||
| 2015-06-01 | remove strongswan-5.2.2-5.3.0_unknown_payload.patch, included upstream | Yves-Alexis Perez | |
| 2015-05-23 | Fix CVE-2015-3991 (DoS / RCE) | Yves-Alexis Perez | |
| * debian/patches: - strongswan-5.2.2-5.3.0_unknown_payload added, fixes a DoS and potential remote code execution vulnerability (CVE-2015-3991). | |||
| 2015-04-11 | CVE-2014-9221_modp_custom dropped, included upstream. | Yves-Alexis Perez | |
| 2015-04-11 | 02_chunk-endianness dropped, included upstream. | Yves-Alexis Perez | |
| 2015-04-11 | 01_fix-manpages refreshed for new upstream release. | Yves-Alexis Perez | |
| 2015-04-04 | Fix handling of ipsec name under systemd (#781209) | Romain Francoise | |
| We used to make the old ipsec name, which corresponds to the sysvinit init script, available via an Alias directive in the systemd service file (which follows upstream and is named strongswan.service). Unfortunately this results in a situation where the strongswan-starter postinst calls invoke-rc.d using the ipsec name before the service has been installed, and thus uses the sysvinit script instead of systemd's native unit. This results in some confusion later when the unit gets installed. To avoid this, ship a symlink in the package, this way the ipsec name is available as soon as the package has been unpacked. Thanks to Michael Biebl for the suggestion. | |||
| 2015-01-05 | Fix CVE-2014-9221 | Yves-Alexis Perez | |
| * debian/patches: - debian/patches/CVE-2014-9221_modp_custom added, fix unauthenticated denial of service in IKEv2 when using custom MODP value. | |||
| 2014-10-23 | Disable libtls tests again for 5.2.1-3 | Romain Francoise | |
| 2014-10-22 | Cherry-pick 701d6ed and 1c70c6e from upstream to fix big-endian FTBFS | Romain Francoise | |
| 2014-10-22 | Re-enable libtls test suite | Romain Francoise | |
| 2014-10-21 | Refresh patches against 5.2.1 | Romain Francoise | |
| 2014-07-26 | Use After=network.target | Romain Francoise | |
| Primarily because otherwise the network may go down before charon gets the opportunity to send deletes on exit, and it matches what the old init script did. Note that in Debian, network.target apparently runs after ifup so the network is in most cases really up, so we don't need network-online.target. (And charon uses rtnetlink to get notified of changes anyway.) | |||
| 2014-07-25 | Initial systemd integration | Romain Francoise | |
| 2014-07-25 | Remove disabled debian/patches/03_include-stdint.patch | Romain Francoise | |
| 2014-07-11 | debian/patches: 03_pfkey-Always-include-stdint.h dropped, included upstream. | Yves-Alexis Perez | |
| 2014-05-19 | Fix FTBFS on kFreeBSD by always including stdint.h | Yves-Alexis Perez | |
| 2014-04-19 | Disable the new libtls test suite | Romain Francoise | |
| It appears to be too slow for some archs, although whether that is because of CPU or entropy usage is not clear. | |||
| 2014-04-15 | debian/patches/01_fix-manpages.patch: refresh against upstream | Romain Francoise | |
| 2014-04-15 | Drop patches previously from upstream | Romain Francoise | |
| 2014-04-08 | add CVE-2014-2338 patch from upstream | Romain Francoise | |
| 2014-04-02 | Add patch to fix testsuite failure on armel | Yves-Alexis Perez | |
| 2014-04-02 | debian/patches/ ↵ | Yves-Alexis Perez | |
| 02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b.patch added, fix testsuite failing on 64 bit big-endian platforms (s390x). | |||
| 2014-03-11 | 02_include-strongswan.conf.d removed, strongswan.d is now supported upstream. | Yves-Alexis Perez | |
| 2014-03-11 | Refresh patches | Yves-Alexis Perez | |
| * debian/patches: - 01_fix-manpages refreshed for new upstream. | |||
 |
index : vyos-strongswan.git | |
| (mirror of https://github.com/vyos/vyos-strongswan.git) |
| summaryrefslogtreecommitdiff |