Debian Patches
Status for strongswan/6.0.1-6+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 02_disable-bypass-lan.patch | Don't load bypass-lan plugin by default | Yves-Alexis Perez <corsac@debian.org> | no | 2019-01-02 | ||
| 03_systemd-service.patch | Tune the ipsec systemd service file - add a reload argument - don't wait on syslog |
Romain Francoise <rfrancoise@debian.org> | no | 2019-01-02 | ||
| 04_disable-libtls-tests.patch | Disable libtls tests They're too intensive for the buildd network and cause FTBFS |
Romain Francoise <rfrancoise@debian.org> | no | 2019-01-02 | ||
| dont-load-kernel-libipsec-plugin-by-default.patch | dont-load-kernel-libipsec-plugin-by-default | Christian Ehrhardt <christian.ehrhardt@canonical.com> | no | 2020-11-11 | ||
| 0001-openssl-Fix-testing-KDF_PRF-in-the-constructor-with-.patch | [PATCH] openssl: Fix testing KDF_PRF in the constructor with OpenSSL 3.5.1 Setting the salt to NULL now fails, so we set it to hash length's zeroes, which is the default value for HKDF-Extract if no salt is passed. Fixes strongswan/strongswan#2828 |
Tobias Brunner <tobias@strongswan.org> | no | 2025-07-10 | ||
| 0002-openssl-Don-t-allocate-salt-if-PRF-hash-is-unknown.patch | [PATCH] openssl: Don't allocate salt if PRF/hash is unknown This can happen if e.g. AES-XCBC is selected. |
Tobias Brunner <tobias@strongswan.org> | no | 2025-07-11 | ||
| 0007-eap-mschapv2-Fix-length-check-for-Failure-Request-pa.patch | eap-mschapv2: Fix length check for Failure Request packets on the client For message lengths between 6 and 8, subtracting HEADER_LEN (9) causes `message_len` to become negative, which is then used in calls to malloc() and memcpy() that both take size_t arguments, causing an integer underflow. For 6 and 7, the huge size requested from malloc() will fail (it exceeds PTRDIFF_MAX) and the returned NULL pointer will cause a segmentation fault in memcpy(). However, for 8, the allocation is 0, which succeeds. But then the -1 passed to memcpy() causes a heap-based buffer overflow (and possibly a segmentation fault when attempting to read/write that much data). Fortunately, if compiled with -D_FORTIFY_SOURCE=3 (the default on e.g. Ubuntu), the compiler will use __memcpy_chk(), which prevents that buffer overflow and causes the daemon to get aborted immediately instead. |
Tobias Brunner <tobias@strongswan.org> | no | 2025-10-09 |
All known versions for source package 'strongswan'
- 6.0.3-1 (forky, sid)
- 6.0.1-6+deb13u2 (trixie-security)
- 6.0.1-6+deb13u1 (trixie)
- 5.9.8-5+deb12u2 (bookworm-security)
- 5.9.8-5+deb12u1 (bookworm)