aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2017-08-23 13:06:38 +0000
committerTimo Teräs <timo.teras@iki.fi>2017-08-23 13:08:10 +0000
commitc761864211c650f0e0d344482bc69b319c7ee0d3 (patch)
tree77a3936dfcba20e78f5eec709cafef70c800f09f
parent46b2f52fae679185e9d21306e7c3ae07197d1425 (diff)
downloadaports-c761864211c650f0e0d344482bc69b319c7ee0d3.tar.bz2
aports-c761864211c650f0e0d344482bc69b319c7ee0d3.tar.xz
main/strongswan: security upgrade to 5.6.0
CVE-2017-11185 remove also the ikev1 gre-key patch as obsolete
Diffstat
-rw-r--r--main/strongswan/2001-support-gre-key-in-ikev1.patch507
-rw-r--r--main/strongswan/APKBUILD8
2 files changed, 3 insertions, 512 deletions
diff --git a/main/strongswan/2001-support-gre-key-in-ikev1.patch b/main/strongswan/2001-support-gre-key-in-ikev1.patch
deleted file mode 100644
index e33d997d4b..0000000000
--- a/main/strongswan/2001-support-gre-key-in-ikev1.patch
+++ /dev/null
@@ -1,507 +0,0 @@
-From 9ebc52171e912a58288c24b74668ffa7af61bee8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Mon, 21 Sep 2015 13:42:18 +0300
-Subject: [PATCH] support gre key in ikev1
-
-this implements gre key negotiation in ikev1 similarly to the
-ipsec-tools patch in alpine.
-
-the from/to port pair is internally used as gre key for gre
-protocol traffic selectors. since from/to pairs 0/0xffff and
-0xffff/0 have special meaning, the gre keys 0xffff and 0xffff0000
-will not work.
-
-this is not standard compliant, and should probably not be upstreamed
-or used widely, but it is applied for interoperability with alpine
-racoon for the time being.
----
- src/libcharon/encoding/payloads/id_payload.c | 68 +++++++++++++++++-----
- src/libcharon/encoding/payloads/id_payload.h | 6 +-
- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 40 ++++++++++---
- src/libcharon/plugins/stroke/stroke_config.c | 5 ++
- src/libcharon/plugins/unity/unity_narrow.c | 2 +-
- src/libcharon/plugins/vici/vici_config.c | 9 ++-
- src/libcharon/sa/ikev1/tasks/quick_mode.c | 16 ++---
- src/libstrongswan/selectors/traffic_selector.c | 33 ++++++++++-
- src/libstrongswan/selectors/traffic_selector.h | 31 ++++++++++
- 9 files changed, 171 insertions(+), 39 deletions(-)
-
-diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c
-index ae0b19a..b8a6500 100644
---- a/src/libcharon/encoding/payloads/id_payload.c
-+++ b/src/libcharon/encoding/payloads/id_payload.c
-@@ -245,18 +245,20 @@ METHOD(id_payload_t, get_identification, identification_t*,
- * Create a traffic selector from an range ID
- */
- static traffic_selector_t *get_ts_from_range(private_id_payload_t *this,
-- ts_type_t type)
-+ ts_type_t type,
-+ uint16_t from_port, uint16_t to_port)
- {
- return traffic_selector_create_from_bytes(this->protocol_id, type,
-- chunk_create(this->id_data.ptr, this->id_data.len / 2), this->port,
-- chunk_skip(this->id_data, this->id_data.len / 2), this->port ?: 65535);
-+ chunk_create(this->id_data.ptr, this->id_data.len / 2), from_port,
-+ chunk_skip(this->id_data, this->id_data.len / 2), to_port);
- }
-
- /**
- * Create a traffic selector from an subnet ID
- */
- static traffic_selector_t *get_ts_from_subnet(private_id_payload_t *this,
-- ts_type_t type)
-+ ts_type_t type,
-+ uint16_t from_port, uint16_t to_port)
- {
- traffic_selector_t *ts;
- chunk_t net, netmask;
-@@ -269,7 +271,7 @@ static traffic_selector_t *get_ts_from_subnet(private_id_payload_t *this,
- netmask.ptr[i] = (netmask.ptr[i] ^ 0xFF) | net.ptr[i];
- }
- ts = traffic_selector_create_from_bytes(this->protocol_id, type,
-- net, this->port, netmask, this->port ?: 65535);
-+ net, from_port, netmask, to_port);
- chunk_free(&netmask);
- return ts;
- }
-@@ -278,51 +280,76 @@ static traffic_selector_t *get_ts_from_subnet(private_id_payload_t *this,
- * Create a traffic selector from an IP ID
- */
- static traffic_selector_t *get_ts_from_ip(private_id_payload_t *this,
-- ts_type_t type)
-+ ts_type_t type,
-+ uint16_t from_port, uint16_t to_port)
- {
- return traffic_selector_create_from_bytes(this->protocol_id, type,
-- this->id_data, this->port, this->id_data, this->port ?: 65535);
-+ this->id_data, from_port, this->id_data, to_port);
- }
-
- METHOD(id_payload_t, get_ts, traffic_selector_t*,
-- private_id_payload_t *this)
-+ private_id_payload_t *this, id_payload_t *other_, bool initiator)
- {
-+ private_id_payload_t *other = (private_id_payload_t *) other_;
-+ uint16_t from_port, to_port;
-+
-+ if (other && this->protocol_id == IPPROTO_GRE && other->protocol_id == IPPROTO_GRE)
-+ {
-+ if (initiator)
-+ {
-+ from_port = this->port;
-+ to_port = other->port;
-+ }
-+ else
-+ {
-+ from_port = other->port;
-+ to_port = this->port;
-+ }
-+ if (from_port == 0 && to_port == 0)
-+ to_port = 0xffff;
-+ }
-+ else
-+ {
-+ from_port = this->port;
-+ to_port = this->port ?: 0xffff;
-+ }
-+
- switch (this->id_type)
- {
- case ID_IPV4_ADDR_SUBNET:
- if (this->id_data.len == 8)
- {
-- return get_ts_from_subnet(this, TS_IPV4_ADDR_RANGE);
-+ return get_ts_from_subnet(this, TS_IPV4_ADDR_RANGE, from_port, to_port);
- }
- break;
- case ID_IPV6_ADDR_SUBNET:
- if (this->id_data.len == 32)
- {
-- return get_ts_from_subnet(this, TS_IPV6_ADDR_RANGE);
-+ return get_ts_from_subnet(this, TS_IPV6_ADDR_RANGE, from_port, to_port);
- }
- break;
- case ID_IPV4_ADDR_RANGE:
- if (this->id_data.len == 8)
- {
-- return get_ts_from_range(this, TS_IPV4_ADDR_RANGE);
-+ return get_ts_from_range(this, TS_IPV4_ADDR_RANGE, from_port, to_port);
- }
- break;
- case ID_IPV6_ADDR_RANGE:
- if (this->id_data.len == 32)
- {
-- return get_ts_from_range(this, TS_IPV6_ADDR_RANGE);
-+ return get_ts_from_range(this, TS_IPV6_ADDR_RANGE, from_port, to_port);
- }
- break;
- case ID_IPV4_ADDR:
- if (this->id_data.len == 4)
- {
-- return get_ts_from_ip(this, TS_IPV4_ADDR_RANGE);
-+ return get_ts_from_ip(this, TS_IPV4_ADDR_RANGE, from_port, to_port);
- }
- break;
- case ID_IPV6_ADDR:
- if (this->id_data.len == 16)
- {
-- return get_ts_from_ip(this, TS_IPV6_ADDR_RANGE);
-+ return get_ts_from_ip(this, TS_IPV6_ADDR_RANGE, from_port, to_port);
- }
- break;
- default:
-@@ -397,7 +424,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type,
- /*
- * Described in header.
- */
--id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts)
-+id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts, bool initiator)
- {
- private_id_payload_t *this;
- uint8_t mask;
-@@ -460,8 +487,17 @@ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts)
- ts->get_from_address(ts), ts->get_to_address(ts));
- net->destroy(net);
- }
-- this->port = ts->get_from_port(ts);
- this->protocol_id = ts->get_protocol(ts);
-+ if (initiator || this->protocol_id != IPPROTO_GRE)
-+ {
-+ this->port = ts->get_from_port(ts);
-+ }
-+ else
-+ {
-+ this->port = ts->get_to_port(ts);
-+ if (this->port == 0xffff && ts->get_from_port(ts) == 0)
-+ this->port = 0;
-+ }
- this->payload_length += this->id_data.len;
-
- return &this->public;
-diff --git a/src/libcharon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h
-index df1d075..7558e91 100644
---- a/src/libcharon/encoding/payloads/id_payload.h
-+++ b/src/libcharon/encoding/payloads/id_payload.h
-@@ -48,11 +48,11 @@ struct id_payload_t {
- identification_t *(*get_identification) (id_payload_t *this);
-
- /**
-- * Creates a traffic selector form a ID_ADDR_SUBNET/RANGE identity.
-+ * Creates a traffic selector form a ID_ADDR_SUBNET/RANGE identity pair.
- *
- * @return traffic selector, NULL on failure
- */
-- traffic_selector_t* (*get_ts)(id_payload_t *this);
-+ traffic_selector_t* (*get_ts)(id_payload_t *this, id_payload_t *other, bool initiator);
-
- /**
- * Get encoded payload without fixed payload header (used for IKEv1).
-@@ -91,6 +91,6 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type,
- * @param ts traffic selector
- * @return PLV1_ID id_paylad_t object.
- */
--id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts);
-+id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts, bool initiator);
-
- #endif /** ID_PAYLOAD_H_ @}*/
-diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
-index 9c2a7c3..c39db9d 100644
---- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
-+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
-@@ -812,7 +812,18 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
- ts2subnet(src, &sel.saddr, &sel.prefixlen_s);
- ts2ports(dst, &sel.dport, &sel.dport_mask);
- ts2ports(src, &sel.sport, &sel.sport_mask);
-- if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) &&
-+ if (sel.proto == IPPROTO_GRE)
-+ {
-+ sel.sport = htons(src->get_from_port(src));
-+ sel.dport = htons(src->get_to_port(src));
-+ sel.sport_mask = ~0;
-+ sel.dport_mask = ~0;
-+ if (sel.sport == htons(0) && sel.dport == htons(0xffff))
-+ {
-+ sel.sport = sel.dport = sel.sport_mask = sel.dport_mask = 0;
-+ }
-+ }
-+ else if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) &&
- (sel.dport || sel.sport))
- {
- /* the kernel expects the ICMP type and code in the source and
-@@ -836,7 +847,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
- {
- u_char *addr;
- uint8_t prefixlen;
-- uint16_t port = 0;
-+ uint16_t from_port = 0, to_port = 65535;
- host_t *host = NULL;
-
- if (src)
-@@ -845,7 +856,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
- prefixlen = sel->prefixlen_s;
- if (sel->sport_mask)
- {
-- port = ntohs(sel->sport);
-+ from_port = to_port = ntohs(sel->sport);
- }
- }
- else
-@@ -854,14 +865,27 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
- prefixlen = sel->prefixlen_d;
- if (sel->dport_mask)
- {
-- port = ntohs(sel->dport);
-+ from_port = to_port = ntohs(sel->dport);
-+ }
-+ }
-+ if (sel->proto == IPPROTO_GRE)
-+ {
-+ if (sel->sport_mask)
-+ {
-+ from_port = ntohs(sel->sport);
-+ to_port = ntohs(sel->dport);
-+ }
-+ else
-+ {
-+ from_port = 0;
-+ to_port = 0xffff;
- }
- }
-- if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6)
-+ else if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6)
- { /* convert ICMP[v6] message type and code as supplied by the kernel in
- * source and destination ports (both in network order) */
-- port = (sel->sport >> 8) | (sel->dport & 0xff00);
-- port = ntohs(port);
-+ from_port = (sel->sport >> 8) | (sel->dport & 0xff00);
-+ from_port = to_port = ntohs(from_port);
- }
- /* The Linux 2.6 kernel does not set the selector's family field,
- * so as a kludge we additionally test the prefix length.
-@@ -878,7 +902,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
- if (host)
- {
- return traffic_selector_create_from_subnet(host, prefixlen,
-- sel->proto, port, port ?: 65535);
-+ sel->proto, from_port, to_port);
- }
- return NULL;
- }
-diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
-index f2d1104..9caf12e 100644
---- a/src/libcharon/plugins/stroke/stroke_config.c
-+++ b/src/libcharon/plugins/stroke/stroke_config.c
-@@ -941,6 +941,11 @@ static bool parse_protoport(char *token, uint16_t *from_port,
- *from_port = 0xffff;
- *to_port = 0;
- }
-+ else if (*port && *protocol == IPPROTO_GRE)
-+ {
-+ p = strtol(port, &endptr, 0);
-+ traffic_selector_split_grekey(p, from_port, to_port);
-+ }
- else if (*port)
- {
- svc = getservbyname(port, NULL);
-diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
-index 227d24b..7749d8c 100644
---- a/src/libcharon/plugins/unity/unity_narrow.c
-+++ b/src/libcharon/plugins/unity/unity_narrow.c
-@@ -247,7 +247,7 @@ METHOD(listener_t, message, bool,
- if (!first)
- {
- id_payload = (id_payload_t*)payload;
-- tsr = id_payload->get_ts(id_payload);
-+ tsr = id_payload->get_ts(id_payload, NULL, FALSE);
- break;
- }
- first = FALSE;
-diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
-index 30e3484..553f04c 100644
---- a/src/libcharon/plugins/vici/vici_config.c
-+++ b/src/libcharon/plugins/vici/vici_config.c
-@@ -626,8 +626,13 @@ CALLBACK(parse_ts, bool,
- }
- else if (*port && !streq(port, "any"))
- {
-- svc = getservbyname(port, NULL);
-- if (svc)
-+ if (proto == IPPROTO_GRE)
-+ {
-+ p = strtol(port, &end, 0);
-+ if (*end) return FALSE;
-+ traffic_selector_split_grekey(p, &from, &to);
-+ }
-+ else if ((svc = getservbyname(port, NULL)) != NULL)
- {
- from = to = ntohs(svc->s_port);
- }
-diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
-index bbd1cb0..fe5d33d 100644
---- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
-+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
-@@ -555,9 +555,9 @@ static void add_ts(private_quick_mode_t *this, message_t *message)
- {
- id_payload_t *id_payload;
-
-- id_payload = id_payload_create_from_ts(this->tsi);
-+ id_payload = id_payload_create_from_ts(this->tsi, TRUE);
- message->add_payload(message, &id_payload->payload_interface);
-- id_payload = id_payload_create_from_ts(this->tsr);
-+ id_payload = id_payload_create_from_ts(this->tsr, FALSE);
- message->add_payload(message, &id_payload->payload_interface);
- }
-
-@@ -568,7 +568,7 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
- {
- traffic_selector_t *tsi = NULL, *tsr = NULL;
- enumerator_t *enumerator;
-- id_payload_t *id_payload;
-+ id_payload_t *idi = NULL, *idr = NULL;
- payload_t *payload;
- host_t *hsi, *hsr;
- bool first = TRUE;
-@@ -578,20 +578,22 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
- {
- if (payload->get_type(payload) == PLV1_ID)
- {
-- id_payload = (id_payload_t*)payload;
--
- if (first)
- {
-- tsi = id_payload->get_ts(id_payload);
-+ idi = (id_payload_t*)payload;
- first = FALSE;
- }
- else
- {
-- tsr = id_payload->get_ts(id_payload);
-+ idr = (id_payload_t*)payload;
- break;
- }
- }
- }
-+ if (idi && idr) {
-+ tsi = idi->get_ts(idi, idr, TRUE);
-+ tsr = idr->get_ts(idr, idi, FALSE);
-+ }
- enumerator->destroy(enumerator);
-
- /* create host2host selectors if ID payloads missing */
-diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
-index da3ba97..ee2af19 100644
---- a/src/libstrongswan/selectors/traffic_selector.c
-+++ b/src/libstrongswan/selectors/traffic_selector.c
-@@ -209,6 +209,14 @@ static int print_icmp(printf_hook_data_t *data, uint16_t port)
- }
-
- /**
-+ * Print GRE key
-+ */
-+static int print_grekey(printf_hook_data_t *data, uint16_t from_port, uint16_t to_port)
-+{
-+ return print_in_hook(data, "%d", traffic_selector_grekey(from_port, to_port));
-+}
-+
-+/**
- * Described in header.
- */
- int traffic_selector_printf_hook(printf_hook_data_t *data,
-@@ -312,7 +320,11 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
- /* build port string */
- if (has_ports)
- {
-- if (this->from_port == this->to_port)
-+ if (this->protocol == IPPROTO_GRE)
-+ {
-+ written += print_grekey(data, this->from_port, this->to_port);
-+ }
-+ else if (this->from_port == this->to_port)
- {
- struct servent *serv;
-
-@@ -397,7 +409,24 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*,
- /* select protocol, which is not zero */
- protocol = max(this->protocol, other->protocol);
-
-- if ((is_opaque(this) && is_opaque(other)) ||
-+ if (this->protocol == IPPROTO_GRE)
-+ {
-+ if (is_any(this))
-+ {
-+ from_port = other->from_port;
-+ to_port = other->to_port;
-+ }
-+ else if (is_any(other) ||
-+ (this->from_port == other->from_port &&
-+ this->to_port == other->to_port))
-+ {
-+ from_port = this->from_port;
-+ to_port = this->to_port;
-+ }
-+ else
-+ return NULL;
-+ }
-+ else if ((is_opaque(this) && is_opaque(other)) ||
- (is_opaque(this) && is_any(other)) ||
- (is_opaque(other) && is_any(this)))
- {
-diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h
-index cc66c34..a2a95b9 100644
---- a/src/libstrongswan/selectors/traffic_selector.h
-+++ b/src/libstrongswan/selectors/traffic_selector.h
-@@ -120,6 +120,9 @@ struct traffic_selector_t {
- * 8 bits and the code in the least significant 8 bits. Use the utility
- * functions to extract them.
- *
-+ * If the protocol is GRE, the high 16-bits of the 32-bit GRE key is stored
-+ * in the from port. Use the utility function to merge and split them.
-+ *
- * @return port
- */
- uint16_t (*get_from_port) (traffic_selector_t *this);
-@@ -134,6 +137,9 @@ struct traffic_selector_t {
- * 8 bits and the code in the least significant 8 bits. Use the utility
- * functions to extract them.
- *
-+ * If the protocol is GRE, the low 16-bits of the 32-bit GRE key is stored
-+ * in the to port. Use the utility function to merge and split them.
-+ *
- * @return port
- */
- uint16_t (*get_to_port) (traffic_selector_t *this);
-@@ -268,6 +274,31 @@ int traffic_selector_cmp(traffic_selector_t *a, traffic_selector_t *b,
- void *opts);
-
- /**
-+ * Reconstruct the 32-bit GRE KEY in host order from a from/to ports.
-+ *
-+ * @param from_port port number in host order
-+ * @param to_port port number in host order
-+ * @return GRE KEY in host order
-+ */
-+static inline uint32_t traffic_selector_grekey(uint16_t from_port, uint16_t to_port)
-+{
-+ return (from_port << 16) | to_port;
-+}
-+
-+/**
-+ * Split 32-bit GRE KEY in host order to from/to ports.
-+ *
-+ * @param grekey grekey in host order
-+ * @param from_port from port in host order
-+ * @param to_port to port in host order
-+ */
-+static inline void traffic_selector_split_grekey(uint32_t grekey, uint16_t *from_port, uint16_t *to_port)
-+{
-+ *from_port = grekey >> 16;
-+ *to_port = grekey & 0xffff;
-+}
-+
-+/**
- * Create a new traffic selector using human readable params.
- *
- * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
---
-2.9.1
-
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index a61b2d5755..c2c2d17e34 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -1,9 +1,9 @@
# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
-pkgver=5.5.3
+pkgver=5.6.0
_pkgver=${pkgver//_rc/rc}
-pkgrel=1
+pkgrel=0
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
@@ -21,7 +21,6 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
1001-charon-add-optional-source-and-remote-overrides-for-.patch
1002-vici-send-certificates-for-ike-sa-events.patch
1003-vici-add-support-for-individual-sa-state-changes.patch
- 2001-support-gre-key-in-ikev1.patch
libressl.patch
strongswan.initd
@@ -117,12 +116,11 @@ package() {
install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon"
}
-sha512sums="0b0b25d2102c98cda54300dc8c3c3a49a55e64f7c695dda65a24f2194f19bce0b7aab9e4f7486c243b552f9d1a94867d6a8782ee504aad1c9973809706d599ac strongswan-5.5.3.tar.bz2
+sha512sums="9362069a01c3642e62864d88fdb409a3c7514bf7c92cbe36e552c6a80915119cf5bb91c39592aab2d15b562684a0628a764e4fa7636d3b5fd2ebaf165c0ce649 strongswan-5.6.0.tar.bz2
768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
df5673107ea15dae28276b1cbc2a0d995d9a210c9c73ee478cb0f4eba0e3ef76856708119a5ebdf59637c2830ca8e30adf294d09e3eeef5514890d8ebc7c47b4 1001-charon-add-optional-source-and-remote-overrides-for-.patch
0dd637cc6ee89646c05d0345757fbfb26f4c0e2103d8eaafeb248b98bcc972ce5171081b7da7c9b974c92abb3f452180271767fb997171ac08b73880650e566b 1002-vici-send-certificates-for-ike-sa-events.patch
d92ec44ac03c3eabe7583c01b15c66c9286681f42cf1d6ced3e1096c27c174014e14112610d2e12c8ccf6c2d8c1a5242e10e2520d41995f8aac145bd603facfc 1003-vici-add-support-for-individual-sa-state-changes.patch
-1544a409ad08f46a5dffbe3b4e8cf0e973c58140bf225f7c4e9b29be7fe6178f63d73730d1b2f7a755ed0d5dc09ee9fa0a08ac35761b01c5914d9bde1044ce7a 2001-support-gre-key-in-ikev1.patch
8cc4e28a07c4f206d7838a20cd1fdab7cd82bc19a3916ed65f1c5acf6acecd7ea54f582f7b2f164aded96e49fdc2db5ace70f426a93fcc08f29d658c79069ad4 libressl.patch
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd
1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd"
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 14:58:58 +0000