summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2016-01-11Migrate strongswan to ddebYves-Alexis Perez
* debian/rules: - migrate debug package to ddeb. * debian/control: - drop strongswan-dbg package.
2015-11-28upload to unstableYves-Alexis Perez
2015-11-26New upstream bugfix release.Yves-Alexis Perez
2015-11-19upload to unstableYves-Alexis Perez
2015-11-18CVE-2015-8023_eap_mschapv2_state droppedYves-Alexis Perez
2015-11-180001-socket-dynamic-Refactor-setting-source-address-when- droppedYves-Alexis Perez
2015-11-180001-socket-default-Refactor-setting-source-address-when- droppedYves-Alexis Perez
2015-11-18Refresh 03_systemd-service.patchYves-Alexis Perez
* debian/patches: - 03_systemd-service refreshed for new upstream release.
2015-11-18New upstream release.Yves-Alexis Perez
2015-11-16upload to unstableYves-Alexis Perez
2015-11-16Fix CVE-2015-8023Yves-Alexis Perez
* Set urgency=high for security fix. * debian/patches: - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when using EAP MSCHAPv2.
2015-11-04uploadYves-Alexis Perez
2015-11-04Make dh_install override arch-dependentYves-Alexis Perez
* debian/rules: - make the dh_install override arch-dependent only since it only acts on arch:any packages.
2015-11-03upload to unstableYves-Alexis Perez
2015-11-03update changelog for the source address selection bugYves-Alexis Perez
2015-11-03Add source address selection patch for socket-dynamic pluginYves-Alexis Perez
The socket-dynamic plugin has the same issue as the socket-default one so even if few people use it, it's worth fixing there too
2015-11-03Update source address selection patch to latest versionYves-Alexis Perez
commit log has been updated to provide more meaningful comments
2015-11-03Add patch to fix IPv6 source adress selectionYves-Alexis Perez
0001-socket-default-Refactor-setting-source-address-when- added (taken from ab8337b in the socket-default-refactor branch), fix source address selection with IPv6
2015-11-03add bug closure for new upstream releaseYves-Alexis Perez
2015-11-03install new pki --dn manpage to ipsec-starter package.Yves-Alexis Perez
2015-11-03New upstream releaseYves-Alexis Perez
2015-07-10Enable the connmark pluginYves-Alexis Perez
2015-06-11upload to unstableYves-Alexis Perez
2015-06-08Remove patches included upstreamYves-Alexis Perez
* debian/patches: - 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream. - CVE-2015-4171_enforce_remote_auth dropped as well.
2015-06-08New upstream release.Yves-Alexis Perez
2015-06-04upload to unstableYves-Alexis Perez
2015-06-04CVE-2015-4171_enforce_remote_auth added, fix potential leak of ↵Yves-Alexis Perez
authentication credential to rogue server when using PSK or EAP. This is CVE-2015-4171.
2015-06-0405_ivgen-allow-reusing-same-message-id-twice added, allow reusing the same ↵Yves-Alexis Perez
message ID twice in sequential IV gen. strongSwan issue #980.
2015-06-01remove strongswan-5.2.2-5.3.0_unknown_payload.patch, included upstreamYves-Alexis Perez
2015-06-01New upstream release.Yves-Alexis Perez
2015-06-01uploadYves-Alexis Perez
2015-05-23debian/strongswan-starter.lintian-overrides: add override for ↵Yves-Alexis Perez
command-with-path-in-maintainer-script since it's there to check for file existence.
2015-05-23fix spurious licenseYves-Alexis Perez
2015-05-23Fix CVE-2015-3991 (DoS / RCE)Yves-Alexis Perez
* debian/patches: - strongswan-5.2.2-5.3.0_unknown_payload added, fixes a DoS and potential remote code execution vulnerability (CVE-2015-3991).
2015-04-16Upload to experimentalYves-Alexis Perez
2015-04-15debian/copyright updated.Yves-Alexis Perez
2015-04-11don't install obsolete/removed stuffYves-Alexis Perez
* debian/strongswan-starter.install - don't install the _updown and _updown_espmark manpages anymore, they're gone. - also remove the _updown_espmark script, gone too.
2015-04-11CVE-2014-9221_modp_custom dropped, included upstream.Yves-Alexis Perez
2015-04-1102_chunk-endianness dropped, included upstream.Yves-Alexis Perez
2015-04-1101_fix-manpages refreshed for new upstream release.Yves-Alexis Perez
2015-04-11New upstream release.Yves-Alexis Perez
2015-04-04Fix handling of ipsec name under systemd (#781209)Romain Francoise
We used to make the old ipsec name, which corresponds to the sysvinit init script, available via an Alias directive in the systemd service file (which follows upstream and is named strongswan.service). Unfortunately this results in a situation where the strongswan-starter postinst calls invoke-rc.d using the ipsec name before the service has been installed, and thus uses the sysvinit script instead of systemd's native unit. This results in some confusion later when the unit gets installed. To avoid this, ship a symlink in the package, this way the ipsec name is available as soon as the package has been unpacked. Thanks to Michael Biebl for the suggestion.
2015-01-05upload to unstableYves-Alexis Perez
2015-01-05Fix CVE-2014-9221Yves-Alexis Perez
* debian/patches: - debian/patches/CVE-2014-9221_modp_custom added, fix unauthenticated denial of service in IKEv2 when using custom MODP value.
2014-10-24Run the test suite only on amd64Romain Francoise
If we want to make the cut for the freeze on Nov 5th, the package needs to build on all archs right now, so let's just disable the test suite on buildds and we can experiment later...
2014-10-23Disable libtls tests again for 5.2.1-3Romain Francoise
2014-10-22Upload to unstableRomain Francoise
2014-10-22Cherry-pick 701d6ed and 1c70c6e from upstream to fix big-endian FTBFSRomain Francoise
2014-10-22Run the test suite only on amd64, i386, and s390xRomain Francoise
2014-10-22Re-enable libtls test suiteRomain Francoise
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-25 14:21:24 +0000