summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/strongswan/files
Commit message (Collapse)AuthorAgeFilesLines
* strongswan: Backport fix for CVE-2023-41913Vijay Anusuri2024-01-161-0/+46
| | | | | | | | | Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.3.0-5.9.6_charon_tkm_dh_len.patch] Reference: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Fix CVE-2022-40617Ranjitsinh Rathod2022-11-251-0/+210
| | | | | | | | | | | | | Add a patch to fix CVE-2022-40617 issue which allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. Link: https://nvd.nist.gov/vuln/detail/CVE-2022-40617 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Add fix of CVE-2021-45079Ranjitsinh Rathod2022-02-131-0/+156
| | | | | | | | Add a patch to fix CVE-2021-45079 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Fix for CVE-2021-41990 and CVE-2021-41991Virendra Thakur2022-01-222-0/+103
| | | | | | | Add patch to fix CVE-2021-41990 and CVE-2021-41991 Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Remove obsolete setting regarding the Standard OutputMingli Yu2020-10-041-0/+34
| | | | | | | | | | | | | | The Standard output type "syslog" is obsolete, causing a warning since systemd version 246 [1]. Please consider using "journal" or "journal+console" [1] https://github.com/systemd/systemd/blob/master/NEWS#L202 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e61b73e6d388006375c6fe84cc194299c094a526) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: Fix do_patch fuzzKhem Raj2019-09-071-5/+3
| | | | | | | | | | | | Refresh the patch to apply cleanly Fixes Applying patch 0001-memory.h-Include-stdint.h-for-uintptr_t.patch patching file src/libstrongswan/utils/utils/memory.h Hunk #1 succeeded at 26 with fuzz 2 (offset 4 lines). Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.6.2 -> 5.6.3Yi Zhao2018-07-031-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: refresh patchesArmin Kuster2018-04-132-20/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | WARNING: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: checking file src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c Hunk #1 succeeded at 192 (offset 50 lines). Hunk #2 succeeded at 255 with fuzz 1 (offset 58 lines). checking file src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h Hunk #1 succeeded at 43 (offset -1 lines). checking file src/libstrongswan/plugins/openssl/openssl_plugin.c Hunk #1 succeeded at 609 (offset 221 lines). Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: 5.5.3 -> 5.6.2Huang Qiyu2018-04-091-3/+3
| | | | | | | | 1.Upgrade strongswan from 5.5.3 to 5.6.2. 2.Modify fix-funtion-parameter.patch, since the data has been changed. Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* strongswan: Include stdint.h for uintptr_tKhem Raj2017-09-081-0/+26
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* strongswan: delete obsolete patchesOleksandr Kravchuk2017-01-192-91/+0
| | | | | Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* strongswan: install strongswan-swanctl systemd service by default.Chris Patterson2016-01-051-0/+22
| | | | | | | | Matches start-on-boot behaviour of current strongswan.service. Signed-off-by: Chris Patterson <pattersonc@ainfosec.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* strongswan: add configure patch fix for systemdChris Patterson2016-01-051-0/+69
| | | | | | | | | | Fixes strongswan configure script for systemd >= 209, where it merged libsystemd-journal and libsystemd-daemon into libsystemd. Signed-off-by: Chris Patterson <pattersonc@ainfosec.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* strongswan: uprev to version 5.2.0Jackie Huang2014-08-212-64/+0
| | | | | | | | | * removed two patches which were already integrated in 5.2.0: strongswan-4.3.3-5.1.1_asn1_unwrap.patch strongswan-5.0.0-5.1.2_reject_child_sa.patch Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* strongswan: Security Advisory - strongswan - CVE-2014-2891Yue Tao2014-08-051-0/+28
| | | | | | | | | | | | strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2891 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* strongswan: Security Advisory - strongswan - CVE-2014-2338Yue Tao2014-05-091-0/+36
| | | | | | | | | | | | | IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2338 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* strongswan: update verion to 5.1.1Jackie Huang2014-03-141-0/+98
* Add a patch to fix the function parameter. * Add PACKAGECONFIG for optional packages instead of explicitly disable, and set sqlite and curl as default. * Remove the split package strongswan-plugins. * Add configure option --without-lib-prefix so it doesn't search for libraries in includedir and libdir to avoid QA error. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-19 22:30:48 +0000