aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2015-08-01 01:50:29 +0300
committerTimo Teräs <timo.teras@iki.fi>2015-08-01 01:53:37 +0300
commitd634801b2da421730ff3c224c3af3f67193f5f0a (patch)
tree5c94ce99af348c5f4dadd1d0c904be35a205158f
parent65e4c60a4f8332d1525882aa8b02db6d3c554ffe (diff)
downloadaports-d634801b2da421730ff3c224c3af3f67193f5f0a.tar.bz2
aports-d634801b2da421730ff3c224c3af3f67193f5f0a.tar.xz
main/strongswan: additional fixes
- python is needed to prepare config file templates, ref #4484 - three cherry-picks from upstream git master and merge pending branches - add patch to fix connection authentication when multiple CAs are allowed
-rw-r--r--main/strongswan/0017-kernel-netlink-unlock-mutex-in-del-policy.patch22
-rw-r--r--main/strongswan/0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch40
-rw-r--r--main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch69
-rw-r--r--main/strongswan/2002-fix-multiple-cacerts.patch53
-rw-r--r--main/strongswan/APKBUILD18
5 files changed, 201 insertions, 1 deletions
diff --git a/main/strongswan/0017-kernel-netlink-unlock-mutex-in-del-policy.patch b/main/strongswan/0017-kernel-netlink-unlock-mutex-in-del-policy.patch
new file mode 100644
index 0000000000..63f120d284
--- /dev/null
+++ b/main/strongswan/0017-kernel-netlink-unlock-mutex-in-del-policy.patch
@@ -0,0 +1,22 @@
+From 1ce32c9cdcb1cfacd4c8389402a24c4ed7cf0109 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Fri, 31 Jul 2015 11:20:24 +0200
+Subject: [PATCH] kernel-netlink: Unlock mutex in del_policy() if mark can't be
+ added to message
+
+---
+ src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+index a6cf977..e0f1dd7 100644
+--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+@@ -2562,6 +2562,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
+
+ if (!add_mark(hdr, sizeof(request), mark))
+ {
++ this->mutex->unlock(this->mutex);
+ return FAILED;
+ }
+
diff --git a/main/strongswan/0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch b/main/strongswan/0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch
new file mode 100644
index 0000000000..134ce64060
--- /dev/null
+++ b/main/strongswan/0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch
@@ -0,0 +1,40 @@
+From cd83d5c5e51db6c903496369f6edc74901703eb7 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Wed, 3 Jun 2015 17:31:30 +0200
+Subject: [PATCH] kernel-netlink: When adding a policy do an update if it
+ already exists
+
+This may be the case when SAs are reestablished after a crash of the
+IKE daemon.
+---
+ src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+index f22e07d..e41c10a 100644
+--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+@@ -2057,6 +2057,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
+ ipsec_sa_t *ipsec = mapping->sa;
+ struct xfrm_userpolicy_info *policy_info;
+ struct nlmsghdr *hdr;
++ status_t status;
+ int i;
+
+ /* clone the policy so we are able to check it out again later */
+@@ -2151,7 +2152,14 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
+ }
+ this->mutex->unlock(this->mutex);
+
+- if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
++ status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr);
++ if (status == ALREADY_DONE && !update)
++ {
++ DBG1(DBG_KNL, "policy already exists, try to update it");
++ hdr->nlmsg_type = XFRM_MSG_UPDPOLICY;
++ status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr);
++ }
++ if (status != SUCCESS)
+ {
+ return FAILED;
+ }
diff --git a/main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch b/main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch
new file mode 100644
index 0000000000..a1b696a50c
--- /dev/null
+++ b/main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch
@@ -0,0 +1,69 @@
+From ce1f82060c037eebf0da6de164215d9a06b92c5b Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Fri, 31 Jul 2015 16:51:35 +0200
+Subject: [PATCH] child-sa: Fix refcounting of allocated reqids
+
+During a rekeying we want to reuse the current reqid, but if the new SA
+does not allocate it via kernel-interface the state there will disappear
+when the old SA is destroyed after the rekeying. When the IKE_SA is
+later reauthenticated with make-before-break reatuhentication the new
+CHILD_SAs there will get new reqids as no existing state is found in the
+kernel-interface.
+
+Fixes: a49393954f31 ("child-sa: Use any fixed reqid configured on the CHILD_SA config")
+---
+ src/libcharon/sa/child_sa.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
+index 94cf07c..73f2ec9 100644
+--- a/src/libcharon/sa/child_sa.c
++++ b/src/libcharon/sa/child_sa.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2006-2011 Tobias Brunner
++ * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2006 Daniel Roethlisberger
+ * Copyright (C) 2005 Jan Hutter
+@@ -106,6 +106,11 @@ struct private_child_sa_t {
+ */
+ bool reqid_allocated;
+
++ /**
++ * Is the reqid statically configured
++ */
++ bool static_reqid;
++
+ /*
+ * Unique CHILD_SA identifier
+ */
+@@ -698,7 +703,7 @@ METHOD(child_sa_t, install, status_t,
+ this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS,
+ &esn, NULL);
+
+- if (!this->reqid_allocated && !this->reqid)
++ if (!this->reqid_allocated && !this->static_reqid)
+ {
+ status = hydra->kernel_interface->alloc_reqid(hydra->kernel_interface,
+ my_ts, other_ts, this->mark_in, this->mark_out,
+@@ -826,7 +831,7 @@ METHOD(child_sa_t, add_policies, status_t,
+ traffic_selector_t *my_ts, *other_ts;
+ status_t status = SUCCESS;
+
+- if (!this->reqid_allocated && !this->reqid)
++ if (!this->reqid_allocated && !this->static_reqid)
+ {
+ /* trap policy, get or confirm reqid */
+ status = hydra->kernel_interface->alloc_reqid(
+@@ -1305,6 +1310,10 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
+ this->reqid = charon->traps->find_reqid(charon->traps, config);
+ }
+ }
++ else
++ {
++ this->static_reqid = TRUE;
++ }
+
+ /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */
+ if (config->get_mode(config) == MODE_TRANSPORT &&
diff --git a/main/strongswan/2002-fix-multiple-cacerts.patch b/main/strongswan/2002-fix-multiple-cacerts.patch
new file mode 100644
index 0000000000..07a6de929e
--- /dev/null
+++ b/main/strongswan/2002-fix-multiple-cacerts.patch
@@ -0,0 +1,53 @@
+diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
+index 0ca45a1..64155a0 100644
+--- a/src/libstrongswan/credentials/auth_cfg.c
++++ b/src/libstrongswan/credentials/auth_cfg.c
+@@ -515,6 +515,7 @@ METHOD(auth_cfg_t, complies, bool,
+ {
+ enumerator_t *e1, *e2;
+ bool success = TRUE, group_match = FALSE, cert_match = FALSE;
++ bool require_ca = FALSE, ca_match = FALSE;
+ identification_t *require_group = NULL;
+ certificate_t *require_cert = NULL;
+ signature_scheme_t scheme = SIGN_UNKNOWN;
+@@ -535,22 +536,17 @@ METHOD(auth_cfg_t, complies, bool,
+
+ c1 = (certificate_t*)value;
+
+- success = FALSE;
++ require_ca = TRUE;
+ e2 = create_enumerator(this);
+ while (e2->enumerate(e2, &t2, &c2))
+ {
+ if ((t2 == AUTH_RULE_CA_CERT || t2 == AUTH_RULE_IM_CERT) &&
+ c1->equals(c1, c2))
+ {
+- success = TRUE;
++ ca_match = TRUE;
+ }
+ }
+ e2->destroy(e2);
+- if (!success && log_error)
+- {
+- DBG1(DBG_CFG, "constraint check failed: peer not "
+- "authenticated by CA '%Y'.", c1->get_subject(c1));
+- }
+ break;
+ }
+ case AUTH_RULE_SUBJECT_CERT:
+@@ -844,6 +840,15 @@ METHOD(auth_cfg_t, complies, bool,
+ e2->destroy(e2);
+ }
+
++ if (require_ca && !ca_match)
++ {
++ if (log_error)
++ {
++ DBG1(DBG_CFG, "constraint check failed: no matching CA found");
++ }
++ return FALSE;
++ }
++
+ if (require_group && !group_match)
+ {
+ if (log_error)
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 8992b7d431..a1a36b0923 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -12,7 +12,7 @@ pkggroups="ipsec"
license="GPL-2 RSA-MD5 RSA-PKCS11 DES"
depends="iproute2 openssl"
depends_dev="sqlite-dev openssl-dev curl-dev gmp-dev libcap-dev"
-makedepends="$depends_dev linux-headers"
+makedepends="$depends_dev linux-headers python"
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg"
source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
@@ -33,8 +33,10 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
0014-ike-rekey-Reset-IKE_SA-on-bus-before-sending-CREATE_.patch
0015-ike-rekey-Fix-cleanup-call.patch
0016-ike-Fix-memory-leak-if-remote-address-is-kept.patch
+ 0017-kernel-netlink-unlock-mutex-in-del-policy.patch
0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
0102-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
+ 0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch
0201-ike-Also-track-initiating-IKE_SAs-as-half-open.patch
0202-controller-Optionally-adhere-to-init-limits-also-whe.patch
0203-vici-Add-get_bool-convenience-getter-for-VICI-messag.patch
@@ -43,11 +45,13 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
0401-printf-hook-builtin-Fix-invalid-memory-access.patch
0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
+ 0601-child-sa-fix-refcounting-of-allocated-reqids.patch
1001-charon-add-optional-source-and-remote-overrides-for-.patch
1002-vici-send-certificates-for-ike-sa-events.patch
1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
1004-vici-support-asynchronous-initiation.patch
2001-support-gre-key-in-ikev1.patch
+ 2002-fix-multiple-cacerts.patch
strongswan.initd
charon.initd"
@@ -148,8 +152,10 @@ b5f4a1a5cd7e5f10e9487a23078bcbab 0011-shunt-manager-Add-flush-method-to-properl
054b28fd78fccb20b993ec2679f98bc6 0014-ike-rekey-Reset-IKE_SA-on-bus-before-sending-CREATE_.patch
6b57da364f1222eb2a8eda8f146c784b 0015-ike-rekey-Fix-cleanup-call.patch
0941f8e871fff5ab8c984830d23b35a1 0016-ike-Fix-memory-leak-if-remote-address-is-kept.patch
+be62ce82080a0b7325709d6fbe0b9e46 0017-kernel-netlink-unlock-mutex-in-del-policy.patch
d97c846c00c60a35925662ba551495df 0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
d73abf4c9c3354120152144e7985d428 0102-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
+0800173ace99e4f835365350142cf198 0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch
c3f86cc9b0866f2e748f40d3058a5b14 0201-ike-Also-track-initiating-IKE_SAs-as-half-open.patch
55feb2633c42927672113e44465fd824 0202-controller-Optionally-adhere-to-init-limits-also-whe.patch
d57e117d13da147910e2ae09219d2492 0203-vici-Add-get_bool-convenience-getter-for-VICI-messag.patch
@@ -158,11 +164,13 @@ c46165934687326a26ec9153a34e2227 0205-ike-Adhere-to-IKE_SA-limit-when-checking-
9b607cf38cff83547368d82fa34d716f 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
c7c0338de6dc4993cb8cb71238fd13dc 0401-printf-hook-builtin-Fix-invalid-memory-access.patch
2d191d850683a6ed34f171ed64b643f0 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
+b361ef4d3ed853620febc2117b4aa6cf 0601-child-sa-fix-refcounting-of-allocated-reqids.patch
06607758b690f2db961d84e26ee7d6ea 1001-charon-add-optional-source-and-remote-overrides-for-.patch
1aae491acf4739d871a64cd4481551f6 1002-vici-send-certificates-for-ike-sa-events.patch
b0f2d10bc3dc89f3bba28fead6687311 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
ca53b3df714aa588af99d4f720c4318b 1004-vici-support-asynchronous-initiation.patch
b9f874287c35cce075b761087c28ab50 2001-support-gre-key-in-ikev1.patch
+0aecbf5f7b900f272151363db1a00846 2002-fix-multiple-cacerts.patch
85ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd
7962a720ebef6892d80a3cbdab72c204 charon.initd"
sha256sums="a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225 strongswan-5.3.2.tar.bz2
@@ -183,8 +191,10 @@ b8b82e4b99c70cd76b09a2c7d6144e1e572bee6b4c821fcf7338d1692e1843cb 0012-daemon-Fl
a1b61e2aafcd502c8398bfefd556dfb1429d862faecc5d6c0c843e7da215abf3 0014-ike-rekey-Reset-IKE_SA-on-bus-before-sending-CREATE_.patch
ef5f7d38483909ae3aff5e474ac6f5f20804645ead6a6108f2534408434023ff 0015-ike-rekey-Fix-cleanup-call.patch
257931d4443a4ed2284bf8872e73ab1e93c0d69f490e1b9b3bb2b12210cec677 0016-ike-Fix-memory-leak-if-remote-address-is-kept.patch
+02a230822398be1cf04a362163bee03f4c4edd4eb1b622fba8a93f5dcb2fb06d 0017-kernel-netlink-unlock-mutex-in-del-policy.patch
130db52dea23eae4081bf25c5ef050f9dfbaa4e7e99dc0a623fdfc991eb4c5c7 0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
16a41ef4cf25e3432c8a61aa34ac12d6eccd5796d921c75d72570d4f9fda2717 0102-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
+4b9f8d087ef7e6f9c46fa0d5d687dd99fdbfbef1e871ef451a156474282cfefe 0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch
ab4042b193a68d3ff771be006fdea81eb786fee7b7c4c8c24aa60ef3372de9c8 0201-ike-Also-track-initiating-IKE_SAs-as-half-open.patch
f81bb1934c67263e0fcb75ffa449f7d663a17ffacc4d76d233acaed54e13b10d 0202-controller-Optionally-adhere-to-init-limits-also-whe.patch
7aac3748cabf9293701924b6e6a3f0bb74c4d4302a019eb8012af48473f35b67 0203-vici-Add-get_bool-convenience-getter-for-VICI-messag.patch
@@ -193,11 +203,13 @@ f81bb1934c67263e0fcb75ffa449f7d663a17ffacc4d76d233acaed54e13b10d 0202-controlle
d5e0fa9012e5d4f35b5fe903fe555019c639000f75cd269acd73126f2105149b 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
74a12c42d63d6e9e920afc976b287144118c79740743beec769e5a9f239acac6 0401-printf-hook-builtin-Fix-invalid-memory-access.patch
6eec00bdb7778a51d04157ec640394959d599f3b8cef6bad0d875658cace99ea 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
+a558247c9b6eeabfa2a677440a3e25a0841171347484d624c6c4668f9064b67d 0601-child-sa-fix-refcounting-of-allocated-reqids.patch
d2f05dc1d3e921358ca2ba8c7c68cbfa3eca3fdc108fd2b89311d8b25ff6f4bc 1001-charon-add-optional-source-and-remote-overrides-for-.patch
b2a6f23ede01b2d24ff973dc6c1466dc5600df259eb35d3ea6efa9a4e322ae34 1002-vici-send-certificates-for-ike-sa-events.patch
c0b39aaaf97f3797ef327a465e1468aa166044875b194e899999dc7c0723fc4c 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
cd0de223af1f831232b2339de4ec6f902bf8fbd826aed85aa70aedfb961b1ea1 1004-vici-support-asynchronous-initiation.patch
ec58de15c3856a2fd9ea003b7e78a7434dad54f9a4c54d499b09a6eef3761d18 2001-support-gre-key-in-ikev1.patch
+fe0f3503c3b42af23a98cec4d0eeb9ab7aae0dc35c70ce9c533307a89fb3ee79 2002-fix-multiple-cacerts.patch
ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd
97b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd"
sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b9eb89466539c2528756344c2fa969f25ea1cd8856d56c5d55aa78e632e68 strongswan-5.3.2.tar.bz2
@@ -218,8 +230,10 @@ f643be8dbc32c27f2c31ac91612ae7d2f1a34e9387257d1247cd8c7fb8e5b9c58fc0b8448dd69272
bd161f1d4fa2881c8c07c2b7bccc0b9f06a99b12203d00329c8295f8a5ebe49f6cf27eca286ddd3c9e443fe132c64cae6849d691ddeda49b5fe716aebc73441e 0014-ike-rekey-Reset-IKE_SA-on-bus-before-sending-CREATE_.patch
3f8c5ed171eb7c99218005b038ff0e0bc23841aab76cb97fbb7b8a3091b9f5ba318bd23c347de42bd969ac599f3d5f1b6bcf5110d5e23643858b24a719374f50 0015-ike-rekey-Fix-cleanup-call.patch
bdc74e2b6f91e94aa0041927ff5cf3f2f5d67d5d37a0c389a2b6328919bd9f2f0376957676fd359009117a1d01cd06ecfadb7151bd7875c1df5cb82e159a378a 0016-ike-Fix-memory-leak-if-remote-address-is-kept.patch
+459bfd98c7cbb54bb6b7e95403eb1d62e290ce8ca04f164a49bac8684f8c1c9d4ab88a051e7a0a88fba1b3a5a030cba1aa5b4960a71c1726dbbc512be401cd40 0017-kernel-netlink-unlock-mutex-in-del-policy.patch
2d667eeba6d567008d8fe27d4dafa9a913c7aafa096258d7b5c95e2d8428e9dc8a40ace9e729a3d323e8d639d2ae3dae945904f90a39076c5ca5ddba7d70a0b6 0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
539bfec16350c035f7ce2f3551b52ba2e22c75146a6c1494f4b25ec283f2245b7a03be9470c0e0cd3e6fc368bcf1bda60ce8166928737ab396e6cf88ffafaf79 0102-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
+a3488021316606e1fdaadfacc86ec8e9bcb741d3ac063498a64594214d97e0193270101388f61e118ec29ccfb8c6314a9fa6f3f8832a4cd8fe6b3f3445529b00 0103-kernel-netlink-when-adding-policy-do-an-update-if-it.patch
b81fed84f361862c618fdfd9b2993dac3bcb4b298d806523ee9c8f47b1f5b0b679426eaeed8bc88ab1635ba30f9ff0ca9945aa264b3213561548648d64eb25ae 0201-ike-Also-track-initiating-IKE_SAs-as-half-open.patch
9a2cb61c55a03977fc4bce42fdf043706498c86d69ea094852735b2ef525fbc0f81bad33aad7afc29ef301f3e2146746b56f458980529057e05007e0bab7b972 0202-controller-Optionally-adhere-to-init-limits-also-whe.patch
95e3544a87bf503ed17059298ec6330501f39a2210e583fed59c5d03ef25b8d8227317016bf0181e49c87a7e36e1d902b0b24bda184d2166f3ad5b79166ce0dd 0203-vici-Add-get_bool-convenience-getter-for-VICI-messag.patch
@@ -228,10 +242,12 @@ b81fed84f361862c618fdfd9b2993dac3bcb4b298d806523ee9c8f47b1f5b0b679426eaeed8bc88a
8788fb376eaf57d9f277cac785db08578de3992e2484e7ab21ec044bc91000565ecb2adae4d2632f43ca6ed76519fd4422d86a3ba07a499594fbd7a61298458c 0301-ikev1-Assign-different-job-priorities-for-inbound-IK.patch
86f244b3d8b35e8b9e25692554b7e8711bc663843e316e8895b340b3bd567c38543d24367250c93910b5d9462a2901bfc7717b5e3824f4682b4c736d33450834 0401-printf-hook-builtin-Fix-invalid-memory-access.patch
f0dfb8aee6fd456d5d330d9a1212842ecd7f88b9b76bb1667dacdbbb2c38369fa089df6ce13c6363735012f653df91b4bbb082a970a11ec63e6a2d14ca2b0ec2 0501-child-create-Fix-crash-when-retrying-CHILD_SA-rekeyi.patch
+dad393b5d8b5152d7544a42818c446098b748cf4114b544d0bcf6a039c5f9f266ac850f6725b58d653186dcd23cae8a9db627f245412ad1cd3b5a4ccadc90825 0601-child-sa-fix-refcounting-of-allocated-reqids.patch
2522571163b1d6de0aae2e2c1c2db69c52c3ff76e27a383e8a01e0933a0c0a06212168b1356308d6fd548aa7416d88ecd2bcfc79d3391ff17e6c799e83c5f88d 1001-charon-add-optional-source-and-remote-overrides-for-.patch
ccf60c52d75b3f2eff719fbac1403eb141029651fccf2a1927ec4dffc0ccdc49c061a4971c38a0f37a32b2a53aa79422e17f3f993c48ebbcd07840a867c15881 1002-vici-send-certificates-for-ike-sa-events.patch
1ea845551c7da2a7817e34508b0da3f3f0bba879f3b95d08c8db0a6b32adaf50363556daa6ee2e0f11c1ee6c41077d39ba54dbd40e457a02a991add19fe115ef 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
e65579093692ca58314245d1dd3e5b4bdbff0603e5dc7baf3f80d7d9f415f62ae1656ef67da8a36efdec58235b6b1862d63c13991f1e5fefc02d8ee39d6dc9b6 1004-vici-support-asynchronous-initiation.patch
723aad9269ae7da54b1d551b290c80951c3b779737353fa845c00d190c9ef6c6bc406d8ed22254a27844985b7ffaa12b99acce91ec0b192caf639c81b06bf771 2001-support-gre-key-in-ikev1.patch
+845f414f84984a044f493fd2b4e0deea5e0244938500b5d61f34b7c4ab7896792abf3685d6bf04f28c68261ce8103d1dd14aee82bd9f303ddac8aae24c7ab33a 2002-fix-multiple-cacerts.patch
b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd
6f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd"