aboutsummaryrefslogtreecommitdiff
path: root/net/strongswan/patches
Commit message (Collapse)AuthorAge
* strongswan: Backport upstream fix for RNG definition conflictPhilip Prindeville2024-04-03
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: drop unneeded sleep patchPhilip Prindeville2024-03-27
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: backport upstream MUSL fix for farp_spoofer.cPhilip Prindeville2024-03-27
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: backport upstream MUSL fix for pf_handler.cPhilip Prindeville2024-03-27
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: simplify MUSL patchPhilip Prindeville2024-03-27
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Update to 5.9.14Philip Prindeville2024-03-27
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Update to 5.9.12Philip Prindeville2023-11-26
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Update to 5.9.10Philip Prindeville2023-03-12
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Update to 5.9.9Philip Prindeville2023-03-12
| | | | | | Add patch to remove definition of RNG leaking in from wolfssl.h. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Update to 5.9.8Philip Prindeville2022-11-08
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Update to 5.9.7Philip Prindeville2022-08-08
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Update to 5.9.6Philip Prindeville2022-05-02
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Update to 5.9.5Philip Prindeville2022-02-01
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Bump to 5.9.4Philip Prindeville2021-10-28
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: update to version 5.9.3Noel Kuntze2021-07-18
| | | | Signed-off-by: Noel Kuntze <noel.kuntze@thermi.consulting>
* Merge pull request #6924 from derekyerger/strongswan-lattice-sha3Philip Prindeville2021-04-08
|\ | | | | strongswan: add more crypto plugins
| * strongswan: add more crypto pluginsDerek Yerger2021-04-05
| | | | | | | | | | | | | | | | | | Adds modules for BLISS signature scheme, NTRU and New Hope key exchange algorithms, and dependencies ChaCha20-Poly1305 AEAD, ChaCha20 XOF, MGF1 mask generation function, SHA3 hasher SHAKE XOF, and the Number Theoretic Transform library. Signed-off-by: Derek Yerger <derek@altdevs.net>
* | strongswan: bump to 5.9.2Philip Prindeville2021-04-05
| | | | | | | | | | | | Retire weak algorithms like MD5 and 3DES. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | strongswan: force PIC on all buildsPhilip Prindeville2021-04-05
|/ | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: bump to 5.9.0Stijn Tintel2020-09-02
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.8.4Stijn Tintel2020-05-08
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.8.2Stijn Tintel2020-01-17
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.8.1Stijn Tintel2019-09-16
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: update to 5.8.0Lucian Cristian2019-05-23
| | | | Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* strongswan: bump to 5.7.2Stijn Tintel2019-01-02
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.7.1Stijn Tintel2018-10-19
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.7.0Stijn Tintel2018-10-07
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: backport upstream fixes for CVEs in gmp pluginMagnus Kroken2018-10-06
| | | | | | | | | | | | | This fixes: * CVE-2018-16151 * CVE-2018-16152 * CVE-2018-17540 Details: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html https://strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* strongswan: refresh patchesHans Dedecker2018-09-13
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* strongswan: fix OpenWrt hotplug script handlingHans Dedecker2018-09-13
| | | | | | | | | | | | Commit 6cd8fcabe added ipsec hotplug script support by calling "exec /sbin/hotplug-call ipsec". Using the exec call breaks the insertion of iptables rules by the _updown.in script as hotplug-call just replaces the current shell meaning the commands following exec do not run since the shell is replaced and as a result lead to connectivity issues. Fix this by removing the exec command in front of /sbin/hotplug-call. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* strongswan: add openwrt hotplug script handlingFlorian Eckert2018-07-16
| | | | | | | | Ipsec user script (/etc/ipsec.user) now get called indirectly by openwrt "/sbin/hotplug-call". So other packages could also install their scripts in "/etc/hotplug.d/ipsec". Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* strongswan: bump to 5.5.3Stijn Tintel2017-05-30
| | | | | | Fixes CVE-2017-9022, CVE-2017-9023. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.5.2Stijn Tintel2017-04-26
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: Fix compile error due to __kernel_nlink_t being re-definedHans Dedecker2016-11-09
| | | | | | | | | Patch 101-musl-fixes defines __kernel_nlink_t as void; but using a pre-3.6.11 kernel on an arm cortex defines __kernel_nlink_t as unsigned short using uclibc Fix the compile issue by not redefining __kernel_nlink_t Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* strongswan: Include musl.h after _GNU_SOURCE defineHans Dedecker2016-11-02
| | | | | | | | | | | musl.h was included before _GNU_SOURCE in 101-musl-fixes patch leading to compilation issue on gcc (RTLD_DEFAULT not being defined in dlfcn.h due to __USE_GNU not being set). As described in the feature test macro man page feature macro can be defined in the source code but need to be defined before including any headers. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* strongswan: bump to 5.5.0 (#2976)Stijn Tintel2016-07-18
| | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.4.0Stijn Tintel2016-07-06
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: add forecast pluginStijn Tintel2016-07-06
| | | | | | Closes #1868. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: fix alignment in connmark pluginStijn Tintel2016-07-06
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: run sleep with integer argumentStijn Tintel2016-07-06
| | | | | | | | | | | | The default busybox config used by OpenWrt does not enable floating point number support for the sleep applet. This can cause an error when stopping or restarting strongswan: sleep: invalid number '0.1' Replace the float with an integer to fix this. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.3.5Steven Barth2016-01-20
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* strongswan: add upstream patch for bug in 5.3.4Stijn Tintel2015-11-28
| | | | | | | | | See https://wiki.strongswan.org/issues/1213 Removed the changes to charon-xpc.c because they didn't apply and are only used on OS X anyway. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: gmpdh plugin, package and strongswan-isakmp metapackagebrainsucker-na2015-11-19
| | | | | | | | gmpdh plugin implements DH Groups (same as normal GMP plugin), but links to GMP statically and is stripped of all RSA based stuff. Binary size for plugin is ~20kbytes with no dependency on libgmp (200+ kbytes after squash), easilly fitting into flash space restricted devices. strongswan-isakmp metapackage defines a minimal set of strongswan plugins (including gmpdh) for ISAKMP / IKEv1 PSK tunnels. Will fit even 4mb routers (like tplink wr841n) with disabled IPv6 support and packages (so its a trade - IPv6 or ipsec tunnels). Signed-of-by: Mikalai Miadzvedz <brainsucker.na@gmail.com>
* strongswan: add more exceptions to musl-fixesSteven Barth2015-06-23
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* strongswan: refresh musl compatibility fixesSteven Barth2015-06-22
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* strongswan: fix musl builds, reenable lost modulesSteven Barth2015-06-19
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* strongswan: bump to 5.3.0Steven Barth2015-04-06
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* strongswan: fix IKEv1 supportSteven Barth2015-03-09
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* strongswan: import, update, adoptSteven Barth2014-08-17
Signed-off-by: Steven Barth <steven@midlink.org>
Powered by cgit, Themed by Ted Yin.