diff options
author | Timo Teräs <timo.teras@iki.fi> | 2015-08-01 01:50:29 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2015-08-01 01:53:37 +0300 |
commit | d634801b2da421730ff3c224c3af3f67193f5f0a (patch) | |
tree | 5c94ce99af348c5f4dadd1d0c904be35a205158f | |
parent | 65e4c60a4f8332d1525882aa8b02db6d3c554ffe (diff) | |
download | aports-d634801b2da421730ff3c224c3af3f67193f5f0a.tar.bz2 aports-d634801b2da421730ff3c224c3af3f67193f5f0a.tar.xz |
main/strongswan: additional fixes
- python is needed to prepare config file templates, ref #4484
- three cherry-picks from upstream git master and merge pending branches
- add patch to fix connection authentication when multiple CAs are allowed
5 files changed, 201 insertions, 1 deletions
diff --git a/main/strongswan/0017-kernel-netlink-unlock-mutex-in-del-policy.patch b/main/strongswan/0017-kernel-netlink-unlock-mutex-in-del-policy.patch new file mode 100644 index 0000000000..63f120d284 --- /dev/null +++ b/main/strongswan/0017-kernel-netlink-unlock-mutex-in-del-policy.patch @@ -0,0 +1,22 @@ +From 1ce32c9cdcb1cfacd4c8389402a24c4ed7cf0109 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Fri, 31 Jul 2015 11:20:24 +0200 +Subject: [PATCH] kernel-netlink: Unlock mutex in del_policy() if mark can't be + added to message + +--- + src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +index a6cf977..e0f1dd7 100644 +--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c ++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +@@ -2562,6 +2562,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, + + if (!add_mark(hdr, sizeof(request), mark)) + { ++ this->mutex->unlock(this->mutex); + return FAILED; + } + diff --git a/main/strongswan/0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch b/main/strongswan/0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch new file mode 100644 index 0000000000..134ce64060 --- /dev/null +++ b/main/strongswan/0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch @@ -0,0 +1,40 @@ +From cd83d5c5e51db6c903496369f6edc74901703eb7 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Wed, 3 Jun 2015 17:31:30 +0200 +Subject: [PATCH] kernel-netlink: When adding a policy do an update if it + already exists + +This may be the case when SAs are reestablished after a crash of the +IKE daemon. +--- + src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +index f22e07d..e41c10a 100644 +--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c ++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +@@ -2057,6 +2057,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, + ipsec_sa_t *ipsec = mapping->sa; + struct xfrm_userpolicy_info *policy_info; + struct nlmsghdr *hdr; ++ status_t status; + int i; + + /* clone the policy so we are able to check it out again later */ +@@ -2151,7 +2152,14 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, + } + this->mutex->unlock(this->mutex); + +- if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) ++ status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr); ++ if (status == ALREADY_DONE && !update) ++ { ++ DBG1(DBG_KNL, "policy already exists, try to update it"); ++ hdr->nlmsg_type = XFRM_MSG_UPDPOLICY; ++ status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr); ++ } ++ if (status != SUCCESS) + { + return FAILED; + } diff --git a/main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch b/main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch new file mode 100644 index 0000000000..a1b696a50c --- /dev/null +++ b/main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch @@ -0,0 +1,69 @@ +From ce1f82060c037eebf0da6de164215d9a06b92c5b Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Fri, 31 Jul 2015 16:51:35 +0200 +Subject: [PATCH] child-sa: Fix refcounting of allocated reqids + +During a rekeying we want to reuse the current reqid, but if the new SA +does not allocate it via kernel-interface the state there will disappear +when the old SA is destroyed after the rekeying. When the IKE_SA is +later reauthenticated with make-before-break reatuhentication the new +CHILD_SAs there will get new reqids as no existing state is found in the +kernel-interface. + +Fixes: a49393954f31 ("child-sa: Use any fixed reqid configured on the CHILD_SA config") +--- + src/libcharon/sa/child_sa.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c +index 94cf07c..73f2ec9 100644 +--- a/src/libcharon/sa/child_sa.c ++++ b/src/libcharon/sa/child_sa.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (C) 2006-2011 Tobias Brunner ++ * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2006 Daniel Roethlisberger + * Copyright (C) 2005 Jan Hutter +@@ -106,6 +106,11 @@ struct private_child_sa_t { + */ + bool reqid_allocated; + ++ /** ++ * Is the reqid statically configured ++ */ ++ bool static_reqid; ++ + /* + * Unique CHILD_SA identifier + */ +@@ -698,7 +703,7 @@ METHOD(child_sa_t, install, status_t, + this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS, + &esn, NULL); + +- if (!this->reqid_allocated && !this->reqid) ++ if (!this->reqid_allocated && !this->static_reqid) + { + status = hydra->kernel_interface->alloc_reqid(hydra->kernel_interface, + my_ts, other_ts, this->mark_in, this->mark_out, +@@ -826,7 +831,7 @@ METHOD(child_sa_t, add_policies, status_t, + traffic_selector_t *my_ts, *other_ts; + status_t status = SUCCESS; + +- if (!this->reqid_allocated && !this->reqid) ++ if (!this->reqid_allocated && !this->static_reqid) + { + /* trap policy, get or confirm reqid */ + status = hydra->kernel_interface->alloc_reqid( +@@ -1305,6 +1310,10 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, + this->reqid = charon->traps->find_reqid(charon->traps, config); + } + } ++ else ++ { ++ this->static_reqid = TRUE; ++ } + + /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */ + if (config->get_mode(config) == MODE_TRANSPORT && diff --git a/main/strongswan/2002-fix-multiple-cacerts.patch b/main/strongswan/2002-fix-multiple-cacerts.patch new file mode 100644 index 0000000000..07a6de929e --- /dev/null +++ b/main/strongswan/2002-fix-multiple-cacerts.patch @@ -0,0 +1,53 @@ +diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c +index 0ca45a1..64155a0 100644 +--- a/src/libstrongswan/credentials/auth_cfg.c ++++ b/src/libstrongswan/credentials/auth_cfg.c +@@ -515,6 +515,7 @@ METHOD(auth_cfg_t, complies, bool, + { + enumerator_t *e1, *e2; + bool success = TRUE, group_match = FALSE, cert_match = FALSE; ++ bool require_ca = FALSE, ca_match = FALSE; + identification_t *require_group = NULL; + certificate_t *require_cert = NULL; + signature_scheme_t scheme = SIGN_UNKNOWN; +@@ -535,22 +536,17 @@ METHOD(auth_cfg_t, complies, bool, + + c1 = (certificate_t*)value; + +- success = FALSE; ++ require_ca = TRUE; + e2 = create_enumerator(this); + while (e2->enumerate(e2, &t2, &c2)) + { + if ((t2 == AUTH_RULE_CA_CERT || t2 == AUTH_RULE_IM_CERT) && + c1->equals(c1, c2)) + { +- success = TRUE; ++ ca_match = TRUE; + } + } + e2->destroy(e2); +- if (!success && log_error) +- { +- DBG1(DBG_CFG, "constraint check failed: peer not " +- "authenticated by CA '%Y'.", c1->get_subject(c1)); +- } + break; + } + case AUTH_RULE_SUBJECT_CERT: +@@ -844,6 +840,15 @@ METHOD(auth_cfg_t, complies, bool, + e2->destroy(e2); + } + ++ if (require_ca && !ca_match) ++ { ++ if (log_error) ++ { ++ DBG1(DBG_CFG, "constraint check failed: no matching CA found"); ++ } ++ return FALSE; ++ } ++ + if (require_group && !group_match) + { + if (log_error) diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index 8992b7d431..a1a36b0923 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -12,7 +12,7 @@ pkggroups="ipsec" license="GPL-2 RSA-MD5 RSA-PKCS11 DES" depends="iproute2 openssl" depends_dev="sqlite-dev openssl-dev curl-dev gmp-dev libcap-dev" -makedepends="$depends_dev linux-headers" +makedepends="$depends_dev linux-headers python" install="$pkgname.pre-install" subpackages="$pkgname-doc $pkgname-dbg" source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 @@ -33,8 +33,10 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 0014-ike-rekey-Reset-IKE_SA-on-bus-before-sending-CREATE_.patch 0015-ike-rekey-Fix-cleanup-call.patch 0016-ike-Fix-memory-leak-if-remote-address-is-kept.patch + 0017-kernel-netlink-unlock-mutex-in-del-policy.patch 0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch 0102-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch + 0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch 0201-ike-Also-track-initiating-IKE_SAs-as-half-open.patch 0202-controller-Optionally-adhere-to-init-limits-also-whe.patch 0203-vici-Add-get_bool-convenience-getter-for-VICI-messag.patch @@ -43,11 +45,13 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch 0401-printf-hook-builtin-Fix-invalid-memory-access.patch 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch + 0601-child-sa-fix-refcounting-of-allocated-reqids.patch 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1002-vici-send-certificates-for-ike-sa-events.patch 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch 1004-vici-support-asynchronous-initiation.patch 2001-support-gre-key-in-ikev1.patch + 2002-fix-multiple-cacerts.patch strongswan.initd charon.initd" @@ -148,8 +152,10 @@ b5f4a1a5cd7e5f10e9487a23078bcbab 0011-shunt-manager-Add-flush-method-to-properl 054b28fd78fccb20b993ec2679f98bc6 0014-ike-rekey-Reset-IKE_SA-on-bus-before-sending-CREATE_.patch 6b57da364f1222eb2a8eda8f146c784b 0015-ike-rekey-Fix-cleanup-call.patch 0941f8e871fff5ab8c984830d23b35a1 0016-ike-Fix-memory-leak-if-remote-address-is-kept.patch +be62ce82080a0b7325709d6fbe0b9e46 0017-kernel-netlink-unlock-mutex-in-del-policy.patch d97c846c00c60a35925662ba551495df 0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch d73abf4c9c3354120152144e7985d428 0102-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch +0800173ace99e4f835365350142cf198 0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch c3f86cc9b0866f2e748f40d3058a5b14 0201-ike-Also-track-initiating-IKE_SAs-as-half-open.patch 55feb2633c42927672113e44465fd824 0202-controller-Optionally-adhere-to-init-limits-also-whe.patch d57e117d13da147910e2ae09219d2492 0203-vici-Add-get_bool-convenience-getter-for-VICI-messag.patch @@ -158,11 +164,13 @@ c46165934687326a26ec9153a34e2227 0205-ike-Adhere-to-IKE_SA-limit-when-checking- 9b607cf38cff83547368d82fa34d716f 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch c7c0338de6dc4993cb8cb71238fd13dc 0401-printf-hook-builtin-Fix-invalid-memory-access.patch 2d191d850683a6ed34f171ed64b643f0 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch +b361ef4d3ed853620febc2117b4aa6cf 0601-child-sa-fix-refcounting-of-allocated-reqids.patch 06607758b690f2db961d84e26ee7d6ea 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1aae491acf4739d871a64cd4481551f6 1002-vici-send-certificates-for-ike-sa-events.patch b0f2d10bc3dc89f3bba28fead6687311 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch ca53b3df714aa588af99d4f720c4318b 1004-vici-support-asynchronous-initiation.patch b9f874287c35cce075b761087c28ab50 2001-support-gre-key-in-ikev1.patch +0aecbf5f7b900f272151363db1a00846 2002-fix-multiple-cacerts.patch 85ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd 7962a720ebef6892d80a3cbdab72c204 charon.initd" sha256sums="a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225 strongswan-5.3.2.tar.bz2 @@ -183,8 +191,10 @@ b8b82e4b99c70cd76b09a2c7d6144e1e572bee6b4c821fcf7338d1692e1843cb 0012-daemon-Fl a1b61e2aafcd502c8398bfefd556dfb1429d862faecc5d6c0c843e7da215abf3 0014-ike-rekey-Reset-IKE_SA-on-bus-before-sending-CREATE_.patch ef5f7d38483909ae3aff5e474ac6f5f20804645ead6a6108f2534408434023ff 0015-ike-rekey-Fix-cleanup-call.patch 257931d4443a4ed2284bf8872e73ab1e93c0d69f490e1b9b3bb2b12210cec677 0016-ike-Fix-memory-leak-if-remote-address-is-kept.patch +02a230822398be1cf04a362163bee03f4c4edd4eb1b622fba8a93f5dcb2fb06d 0017-kernel-netlink-unlock-mutex-in-del-policy.patch 130db52dea23eae4081bf25c5ef050f9dfbaa4e7e99dc0a623fdfc991eb4c5c7 0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch 16a41ef4cf25e3432c8a61aa34ac12d6eccd5796d921c75d72570d4f9fda2717 0102-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch +4b9f8d087ef7e6f9c46fa0d5d687dd99fdbfbef1e871ef451a156474282cfefe 0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch ab4042b193a68d3ff771be006fdea81eb786fee7b7c4c8c24aa60ef3372de9c8 0201-ike-Also-track-initiating-IKE_SAs-as-half-open.patch f81bb1934c67263e0fcb75ffa449f7d663a17ffacc4d76d233acaed54e13b10d 0202-controller-Optionally-adhere-to-init-limits-also-whe.patch 7aac3748cabf9293701924b6e6a3f0bb74c4d4302a019eb8012af48473f35b67 0203-vici-Add-get_bool-convenience-getter-for-VICI-messag.patch @@ -193,11 +203,13 @@ f81bb1934c67263e0fcb75ffa449f7d663a17ffacc4d76d233acaed54e13b10d 0202-controlle d5e0fa9012e5d4f35b5fe903fe555019c639000f75cd269acd73126f2105149b 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch 74a12c42d63d6e9e920afc976b287144118c79740743beec769e5a9f239acac6 0401-printf-hook-builtin-Fix-invalid-memory-access.patch 6eec00bdb7778a51d04157ec640394959d599f3b8cef6bad0d875658cace99ea 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch +a558247c9b6eeabfa2a677440a3e25a0841171347484d624c6c4668f9064b67d 0601-child-sa-fix-refcounting-of-allocated-reqids.patch d2f05dc1d3e921358ca2ba8c7c68cbfa3eca3fdc108fd2b89311d8b25ff6f4bc 1001-charon-add-optional-source-and-remote-overrides-for-.patch b2a6f23ede01b2d24ff973dc6c1466dc5600df259eb35d3ea6efa9a4e322ae34 1002-vici-send-certificates-for-ike-sa-events.patch c0b39aaaf97f3797ef327a465e1468aa166044875b194e899999dc7c0723fc4c 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch cd0de223af1f831232b2339de4ec6f902bf8fbd826aed85aa70aedfb961b1ea1 1004-vici-support-asynchronous-initiation.patch ec58de15c3856a2fd9ea003b7e78a7434dad54f9a4c54d499b09a6eef3761d18 2001-support-gre-key-in-ikev1.patch +fe0f3503c3b42af23a98cec4d0eeb9ab7aae0dc35c70ce9c533307a89fb3ee79 2002-fix-multiple-cacerts.patch ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd 97b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd" sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b9eb89466539c2528756344c2fa969f25ea1cd8856d56c5d55aa78e632e68 strongswan-5.3.2.tar.bz2 @@ -218,8 +230,10 @@ f643be8dbc32c27f2c31ac91612ae7d2f1a34e9387257d1247cd8c7fb8e5b9c58fc0b8448dd69272 bd161f1d4fa2881c8c07c2b7bccc0b9f06a99b12203d00329c8295f8a5ebe49f6cf27eca286ddd3c9e443fe132c64cae6849d691ddeda49b5fe716aebc73441e 0014-ike-rekey-Reset-IKE_SA-on-bus-before-sending-CREATE_.patch 3f8c5ed171eb7c99218005b038ff0e0bc23841aab76cb97fbb7b8a3091b9f5ba318bd23c347de42bd969ac599f3d5f1b6bcf5110d5e23643858b24a719374f50 0015-ike-rekey-Fix-cleanup-call.patch bdc74e2b6f91e94aa0041927ff5cf3f2f5d67d5d37a0c389a2b6328919bd9f2f0376957676fd359009117a1d01cd06ecfadb7151bd7875c1df5cb82e159a378a 0016-ike-Fix-memory-leak-if-remote-address-is-kept.patch +459bfd98c7cbb54bb6b7e95403eb1d62e290ce8ca04f164a49bac8684f8c1c9d4ab88a051e7a0a88fba1b3a5a030cba1aa5b4960a71c1726dbbc512be401cd40 0017-kernel-netlink-unlock-mutex-in-del-policy.patch 2d667eeba6d567008d8fe27d4dafa9a913c7aafa096258d7b5c95e2d8428e9dc8a40ace9e729a3d323e8d639d2ae3dae945904f90a39076c5ca5ddba7d70a0b6 0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch 539bfec16350c035f7ce2f3551b52ba2e22c75146a6c1494f4b25ec283f2245b7a03be9470c0e0cd3e6fc368bcf1bda60ce8166928737ab396e6cf88ffafaf79 0102-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch +a3488021316606e1fdaadfacc86ec8e9bcb741d3ac063498a64594214d97e0193270101388f61e118ec29ccfb8c6314a9fa6f3f8832a4cd8fe6b3f3445529b00 0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch b81fed84f361862c618fdfd9b2993dac3bcb4b298d806523ee9c8f47b1f5b0b679426eaeed8bc88ab1635ba30f9ff0ca9945aa264b3213561548648d64eb25ae 0201-ike-Also-track-initiating-IKE_SAs-as-half-open.patch 9a2cb61c55a03977fc4bce42fdf043706498c86d69ea094852735b2ef525fbc0f81bad33aad7afc29ef301f3e2146746b56f458980529057e05007e0bab7b972 0202-controller-Optionally-adhere-to-init-limits-also-whe.patch 95e3544a87bf503ed17059298ec6330501f39a2210e583fed59c5d03ef25b8d8227317016bf0181e49c87a7e36e1d902b0b24bda184d2166f3ad5b79166ce0dd 0203-vici-Add-get_bool-convenience-getter-for-VICI-messag.patch @@ -228,10 +242,12 @@ b81fed84f361862c618fdfd9b2993dac3bcb4b298d806523ee9c8f47b1f5b0b679426eaeed8bc88a 8788fb376eaf57d9f277cac785db08578de3992e2484e7ab21ec044bc91000565ecb2adae4d2632f43ca6ed76519fd4422d86a3ba07a499594fbd7a61298458c 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch 86f244b3d8b35e8b9e25692554b7e8711bc663843e316e8895b340b3bd567c38543d24367250c93910b5d9462a2901bfc7717b5e3824f4682b4c736d33450834 0401-printf-hook-builtin-Fix-invalid-memory-access.patch f0dfb8aee6fd456d5d330d9a1212842ecd7f88b9b76bb1667dacdbbb2c38369fa089df6ce13c6363735012f653df91b4bbb082a970a11ec63e6a2d14ca2b0ec2 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch +dad393b5d8b5152d7544a42818c446098b748cf4114b544d0bcf6a039c5f9f266ac850f6725b58d653186dcd23cae8a9db627f245412ad1cd3b5a4ccadc90825 0601-child-sa-fix-refcounting-of-allocated-reqids.patch 2522571163b1d6de0aae2e2c1c2db69c52c3ff76e27a383e8a01e0933a0c0a06212168b1356308d6fd548aa7416d88ecd2bcfc79d3391ff17e6c799e83c5f88d 1001-charon-add-optional-source-and-remote-overrides-for-.patch ccf60c52d75b3f2eff719fbac1403eb141029651fccf2a1927ec4dffc0ccdc49c061a4971c38a0f37a32b2a53aa79422e17f3f993c48ebbcd07840a867c15881 1002-vici-send-certificates-for-ike-sa-events.patch 1ea845551c7da2a7817e34508b0da3f3f0bba879f3b95d08c8db0a6b32adaf50363556daa6ee2e0f11c1ee6c41077d39ba54dbd40e457a02a991add19fe115ef 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch e65579093692ca58314245d1dd3e5b4bdbff0603e5dc7baf3f80d7d9f415f62ae1656ef67da8a36efdec58235b6b1862d63c13991f1e5fefc02d8ee39d6dc9b6 1004-vici-support-asynchronous-initiation.patch 723aad9269ae7da54b1d551b290c80951c3b779737353fa845c00d190c9ef6c6bc406d8ed22254a27844985b7ffaa12b99acce91ec0b192caf639c81b06bf771 2001-support-gre-key-in-ikev1.patch +845f414f84984a044f493fd2b4e0deea5e0244938500b5d61f34b7c4ab7896792abf3685d6bf04f28c68261ce8103d1dd14aee82bd9f303ddac8aae24c7ab33a 2002-fix-multiple-cacerts.patch b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd 6f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd" |