summaryrefslogtreecommitdiff
path: root/debian/patches
AgeCommit message (Collapse)Author
2020-06-12dmvpn: add required patches for FRR NHRP implementationChristian Poessinger
Patches are not active. To activate bth patches add their corresponding file name to debian/patches/series. From FRR docs: nhrpd needs tight integration with IKE daemon for various reasons. Currently only strongSwan is supported as IKE daemon. nhrpd connects to strongSwan using VICI protocol based on UNIX socket (hardcoded now as /var/run/charon.vici). strongSwan currently needs few patches applied. Please check out bot git - https://git.alpinelinux.org/user/tteras/strongswan/log/?h=tteras-release - https://git.alpinelinux.org/user/tteras/strongswan/log/?h=tteras repositories for the patches.
2019-01-14fixes T1070 - SWANCTL: DMVPN: ALL peers are deleted in swan when opennhrp ↵Kim Hagen
tries to delete ONE peer
2019-01-14restore ability to remove tunnel connection by source and destination ipKim Hagen
T1070 - SWANCTL: DMVPN: ALL peers are deleted in swan when opennhrp tries to delete ONE peer
2019-01-10Add patches for for dmvpn.Kim Hagen
Use the daemon facility for IPsec logging (fixes T551).
2019-01-02d/patches: import patches in gbp pqYves-Alexis Perez
2018-06-04d/p/05_charon-nm-Fix-building-list-of-DNS-MDNS-servers-with removedYves-Alexis Perez
included upstream
2018-02-22charon-nm: Fix building list of DNS/MDNS servers with libnmYves-Alexis Perez
2018-01-03strongswan-libcharon: add bypass-lan pluginYves-Alexis Perez
not loaded by default
2017-09-01remove patch, included upstreamYves-Alexis Perez
2017-06-30Install /etc/strongswan.d/charon-systemd.conf with charon-systemd packageYves-Alexis Perez
* debian/patches: - 02_configure-Install-charon-systemd.conf added, cherry-picked from upstream to install configuration to output logging information to the journal. * debian/charon-systemd.install: - install charon-systemd.conf files, thanks Gerald Tuner. closes: #866325
2017-04-01debian/patches/03_systemd-service refreshed.Yves-Alexis Perez
2016-10-20patch 05_network-manager-strongswan-1.4 dropped, included upstream.Yves-Alexis Perez
2016-09-18backport two upstream patches for n-m-strongswan 1.4Yves-Alexis Perez
2016-07-1605_port-openssl-1.1.0 dropped, included upstream.Yves-Alexis Perez
2016-06-29update patch to second versionYves-Alexis Perez
- fix runtime with openssl 1.0 - fix build with openssl 1.1
2016-06-28Add patch to port to OpenSSL 1.1.0Yves-Alexis Perez
* debian/patches: - 05_port-openssl-1.1.0 added, port to OpenSSL 1.1.0. closes: #828561
2016-03-240001-charon-systemd-Inherit-all-settings-from-the-charon- dropped as well, a ↵Yves-Alexis Perez
different version was included upstream.
2016-03-24drop 0001-configure-Support-systemd-209.patchYves-Alexis Perez
* debian/patches - 0001-configure-Support-systemd-209 dropped, included upstream.
2016-02-08Include patch to inherit charon settings in charon-systemdYves-Alexis Perez
* debian/patches - 0001-charon-systemd-Inherit-all-settings-from-the-charon added, inherit charon configuration settings for charon-systemd.
2016-02-05Add patch to fix systemd detectionYves-Alexis Perez
2015-11-18CVE-2015-8023_eap_mschapv2_state droppedYves-Alexis Perez
2015-11-180001-socket-dynamic-Refactor-setting-source-address-when- droppedYves-Alexis Perez
2015-11-180001-socket-default-Refactor-setting-source-address-when- droppedYves-Alexis Perez
2015-11-18Refresh 03_systemd-service.patchYves-Alexis Perez
* debian/patches: - 03_systemd-service refreshed for new upstream release.
2015-11-16Fix CVE-2015-8023Yves-Alexis Perez
* Set urgency=high for security fix. * debian/patches: - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when using EAP MSCHAPv2.
2015-11-03Add source address selection patch for socket-dynamic pluginYves-Alexis Perez
The socket-dynamic plugin has the same issue as the socket-default one so even if few people use it, it's worth fixing there too
2015-11-03Update source address selection patch to latest versionYves-Alexis Perez
commit log has been updated to provide more meaningful comments
2015-11-03Add patch to fix IPv6 source adress selectionYves-Alexis Perez
0001-socket-default-Refactor-setting-source-address-when- added (taken from ab8337b in the socket-default-refactor branch), fix source address selection with IPv6
2015-06-08Remove patches included upstreamYves-Alexis Perez
* debian/patches: - 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream. - CVE-2015-4171_enforce_remote_auth dropped as well.
2015-06-04CVE-2015-4171_enforce_remote_auth added, fix potential leak of ↵Yves-Alexis Perez
authentication credential to rogue server when using PSK or EAP. This is CVE-2015-4171.
2015-06-0405_ivgen-allow-reusing-same-message-id-twice added, allow reusing the same ↵Yves-Alexis Perez
message ID twice in sequential IV gen. strongSwan issue #980.
2015-06-01remove strongswan-5.2.2-5.3.0_unknown_payload.patch, included upstreamYves-Alexis Perez
2015-05-23Fix CVE-2015-3991 (DoS / RCE)Yves-Alexis Perez
* debian/patches: - strongswan-5.2.2-5.3.0_unknown_payload added, fixes a DoS and potential remote code execution vulnerability (CVE-2015-3991).
2015-04-11CVE-2014-9221_modp_custom dropped, included upstream.Yves-Alexis Perez
2015-04-1102_chunk-endianness dropped, included upstream.Yves-Alexis Perez
2015-04-1101_fix-manpages refreshed for new upstream release.Yves-Alexis Perez
2015-04-04Fix handling of ipsec name under systemd (#781209)Romain Francoise
We used to make the old ipsec name, which corresponds to the sysvinit init script, available via an Alias directive in the systemd service file (which follows upstream and is named strongswan.service). Unfortunately this results in a situation where the strongswan-starter postinst calls invoke-rc.d using the ipsec name before the service has been installed, and thus uses the sysvinit script instead of systemd's native unit. This results in some confusion later when the unit gets installed. To avoid this, ship a symlink in the package, this way the ipsec name is available as soon as the package has been unpacked. Thanks to Michael Biebl for the suggestion.
2015-01-05Fix CVE-2014-9221Yves-Alexis Perez
* debian/patches: - debian/patches/CVE-2014-9221_modp_custom added, fix unauthenticated denial of service in IKEv2 when using custom MODP value.
2014-10-23Disable libtls tests again for 5.2.1-3Romain Francoise
2014-10-22Cherry-pick 701d6ed and 1c70c6e from upstream to fix big-endian FTBFSRomain Francoise
2014-10-22Re-enable libtls test suiteRomain Francoise
2014-10-21Refresh patches against 5.2.1Romain Francoise
2014-07-26Use After=network.targetRomain Francoise
Primarily because otherwise the network may go down before charon gets the opportunity to send deletes on exit, and it matches what the old init script did. Note that in Debian, network.target apparently runs after ifup so the network is in most cases really up, so we don't need network-online.target. (And charon uses rtnetlink to get notified of changes anyway.)
2014-07-25Initial systemd integrationRomain Francoise
2014-07-25Remove disabled debian/patches/03_include-stdint.patchRomain Francoise
2014-07-11debian/patches: 03_pfkey-Always-include-stdint.h dropped, included upstream.Yves-Alexis Perez
2014-05-19Fix FTBFS on kFreeBSD by always including stdint.hYves-Alexis Perez
2014-04-19Disable the new libtls test suiteRomain Francoise
It appears to be too slow for some archs, although whether that is because of CPU or entropy usage is not clear.
2014-04-15debian/patches/01_fix-manpages.patch: refresh against upstreamRomain Francoise
2014-04-15Drop patches previously from upstreamRomain Francoise
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-13 21:52:42 +0000