aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch20
-rw-r--r--main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch68
-rw-r--r--main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch18
-rw-r--r--main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch16
-rw-r--r--main/strongswan/2001-support-gre-key-in-ikev1.patch220
-rw-r--r--main/strongswan/2002-vici-add-deprecated-async-parameter.patch (renamed from main/strongswan/2002-vici-support-asynchronous-initiation.patch)8
-rw-r--r--main/strongswan/APKBUILD48
7 files changed, 200 insertions, 198 deletions
diff --git a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
index 6f960e2e33..1d13f7dab2 100644
--- a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+++ b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
@@ -1,19 +1,19 @@
-From c36fc076075f94176d0c95bd7437822e07f8c5c0 Mon Sep 17 00:00:00 2001
+From 5a5b26a7dce4c112f62882cfe16dc37659d766e8 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 17 Jul 2015 11:53:58 +0200
-Subject: [PATCH] ike: Adhere to IKE_SA limit when checking out by config
+Subject: [PATCH 1/5] ike: Adhere to IKE_SA limit when checking out by config
This prevents new SAs from getting created if we hit the global IKE_SA
limit (we still allow checkout_new(), which is used for rekeying).
---
- src/libcharon/sa/ike_sa_manager.c | 69 ++++++++++++++++++++-------------------
- 1 file changed, 36 insertions(+), 33 deletions(-)
+ src/libcharon/sa/ike_sa_manager.c | 71 ++++++++++++++++++++-------------------
+ 1 file changed, 37 insertions(+), 34 deletions(-)
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
-index 307ea3b..e8190a9 100644
+index ce44207..37d49da 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
-@@ -1401,47 +1401,50 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1401,48 +1401,51 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
DBG2(DBG_MGR, "checkout IKE_SA by config");
@@ -34,7 +34,8 @@ index 307ea3b..e8190a9 100644
{
- continue;
- }
-- if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING)
+- if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING ||
+- entry->ike_sa->get_state(entry->ike_sa) == IKE_REKEYED)
- { /* skip IKE_SAs which are not usable, wake other waiting threads */
- entry->condvar->signal(entry->condvar);
- continue;
@@ -55,7 +56,8 @@ index 307ea3b..e8190a9 100644
- break;
+ continue;
}
-+ if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING)
++ if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING ||
++ entry->ike_sa->get_state(entry->ike_sa) == IKE_REKEYED)
+ { /* skip IKE_SAs which are not usable, wake other waiting threads */
+ entry->condvar->signal(entry->condvar);
+ continue;
@@ -98,5 +100,5 @@ index 307ea3b..e8190a9 100644
}
charon->bus->set_sa(charon->bus, ike_sa);
--
-2.7.4
+2.5.0
diff --git a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
index b722ad65c6..6d5fa223bf 100644
--- a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
+++ b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
@@ -1,7 +1,8 @@
-From 8cea97341b063bde31cbc4cdf6834fd2a57f609c Mon Sep 17 00:00:00 2001
+From a3e5318ef98f47761ec2c2fc6d106ec9f5dc294b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:41:58 +0300
-Subject: [PATCH] charon: add optional source and remote overrides for initiate
+Subject: [PATCH 2/5] charon: add optional source and remote overrides for
+ initiate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@@ -26,15 +27,15 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi>
src/libcharon/processing/jobs/start_action_job.c | 2 +-
src/libcharon/sa/ike_sa_manager.c | 51 ++++++++++++++++++-
src/libcharon/sa/ike_sa_manager.h | 8 ++-
- src/libcharon/sa/trap_manager.c | 46 +++++++----------
+ src/libcharon/sa/trap_manager.c | 45 +++++++----------
src/swanctl/commands/initiate.c | 40 ++++++++++++++-
- 13 files changed, 220 insertions(+), 49 deletions(-)
+ 13 files changed, 219 insertions(+), 49 deletions(-)
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
-index 0c6a504..dc4eca3 100644
+index 71df92f..13b31de 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
-@@ -434,7 +434,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this)
+@@ -436,7 +436,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this)
child_cfg = create_child_cfg(this, peer_cfg);
if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
@@ -44,7 +45,7 @@ index 0c6a504..dc4eca3 100644
terminate(pid);
}
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
-index fc7e899..4f4461a 100644
+index 5991c24..2d37942 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -579,7 +579,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
@@ -57,7 +58,7 @@ index fc7e899..4f4461a 100644
{
peer_cfg->destroy(peer_cfg);
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
-index 6dd54b4..d0524a5 100644
+index 93ff70b..49ef998 100644
--- a/src/libcharon/control/controller.c
+++ b/src/libcharon/control/controller.c
@@ -15,6 +15,28 @@
@@ -105,8 +106,8 @@ index 6dd54b4..d0524a5 100644
+ /**
* unique ID, used for various methods
*/
- u_int32_t id;
-@@ -355,9 +387,14 @@ METHOD(job_t, initiate_execute, job_requeue_t,
+ uint32_t id;
+@@ -405,9 +437,14 @@ METHOD(job_t, initiate_execute, job_requeue_t,
ike_sa_t *ike_sa;
interface_listener_t *listener = &job->listener;
peer_cfg_t *peer_cfg = listener->peer_cfg;
@@ -122,7 +123,7 @@ index 6dd54b4..d0524a5 100644
if (!ike_sa)
{
listener->child_cfg->destroy(listener->child_cfg);
-@@ -366,6 +403,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
+@@ -416,6 +453,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
listener_done(listener);
return JOB_REQUEUE_NONE;
}
@@ -130,7 +131,7 @@ index 6dd54b4..d0524a5 100644
listener->lock->lock(listener->lock);
listener->ike_sa = ike_sa;
listener->lock->unlock(listener->lock);
-@@ -438,6 +476,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
+@@ -488,6 +526,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
METHOD(controller_t, initiate, status_t,
private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
@@ -138,7 +139,7 @@ index 6dd54b4..d0524a5 100644
controller_cb_t callback, void *param, u_int timeout, bool limits)
{
interface_job_t *job;
-@@ -460,6 +499,8 @@ METHOD(controller_t, initiate, status_t,
+@@ -510,6 +549,8 @@ METHOD(controller_t, initiate, status_t,
.status = FAILED,
.child_cfg = child_cfg,
.peer_cfg = peer_cfg,
@@ -148,7 +149,7 @@ index 6dd54b4..d0524a5 100644
.limits = limits,
},
diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h
-index 5ffeac5..fb2e787 100644
+index 9524f53..7c51ba4 100644
--- a/src/libcharon/control/controller.h
+++ b/src/libcharon/control/controller.h
@@ -79,6 +79,8 @@ struct controller_t {
@@ -169,10 +170,10 @@ index 5ffeac5..fb2e787 100644
bool limits);
diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c
-index 2e96f8f..e594a71 100644
+index 3e5861b..5a6e03d 100644
--- a/src/libcharon/plugins/maemo/maemo_service.c
+++ b/src/libcharon/plugins/maemo/maemo_service.c
-@@ -362,7 +362,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
+@@ -364,7 +364,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
/* get us an IKE_SA */
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
@@ -182,7 +183,7 @@ index 2e96f8f..e594a71 100644
{
peer_cfg->destroy(peer_cfg);
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
-index 36da5ff..f2910ab 100644
+index fb60d39..83f8ae5 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -108,7 +108,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
@@ -205,10 +206,10 @@ index 36da5ff..f2910ab 100644
switch (status)
{
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
-index 6ebbedc..94222cc 100644
+index d919e1d..2cac93f 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
-@@ -1693,7 +1693,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
+@@ -1691,7 +1691,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg));
charon->controller->initiate(charon->controller,
peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg),
@@ -218,7 +219,7 @@ index 6ebbedc..94222cc 100644
case ACTION_ROUTE:
DBG1(DBG_CFG, "installing '%s'", child_cfg->get_name(child_cfg));
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
-index c526d2f..593d3c7 100644
+index 4400381..55b8c99 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -16,6 +16,28 @@
@@ -342,7 +343,7 @@ index 5e88ac2..7043332 100644
case ACTION_ROUTE:
DBG1(DBG_JOB, "start action: route '%s'", name);
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
-index e8190a9..38a6b9d 100644
+index 37d49da..9593356 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -16,6 +16,28 @@
@@ -403,7 +404,7 @@ index e8190a9..38a6b9d 100644
if (this->reuse_ikesa || peer_cfg->get_ike_version(peer_cfg) == IKEV1)
{
-@@ -1415,6 +1448,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1416,6 +1449,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
entry->condvar->signal(entry->condvar);
continue;
}
@@ -420,7 +421,7 @@ index e8190a9..38a6b9d 100644
current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa);
if (current_peer && current_peer->equals(current_peer, peer_cfg))
{
-@@ -1446,6 +1489,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1447,6 +1490,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
return NULL;
}
ike_sa = checkout_new(this, peer_cfg->get_ike_version(peer_cfg), TRUE);
@@ -432,7 +433,7 @@ index e8190a9..38a6b9d 100644
charon->bus->set_sa(charon->bus, ike_sa);
diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
-index f1b7c25..dbe1e7d 100644
+index 4298c54..47d6e6a 100644
--- a/src/libcharon/sa/ike_sa_manager.h
+++ b/src/libcharon/sa/ike_sa_manager.h
@@ -93,7 +93,8 @@ struct ike_sa_manager_t {
@@ -461,10 +462,10 @@ index f1b7c25..dbe1e7d 100644
/**
* Check for duplicates of the given IKE_SA.
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
-index 85e2207..2760f0b 100644
+index 40a0682..ea79d95 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
-@@ -401,7 +401,7 @@ METHOD(trap_manager_t, acquire, void,
+@@ -399,7 +399,7 @@ METHOD(trap_manager_t, acquire, void,
peer_cfg_t *peer;
child_cfg_t *child;
ike_sa_t *ike_sa;
@@ -473,7 +474,7 @@ index 85e2207..2760f0b 100644
bool wildcard, ignore = FALSE;
this->lock->read_lock(this->lock);
-@@ -477,36 +477,28 @@ METHOD(trap_manager_t, acquire, void,
+@@ -475,36 +475,27 @@ METHOD(trap_manager_t, acquire, void,
this->lock->unlock(this->lock);
if (wildcard)
@@ -483,22 +484,21 @@ index 85e2207..2760f0b 100644
- if (ike_sa)
- {
- ike_cfg_t *ike_cfg;
-- u_int16_t port;
-- u_int8_t mask;
+- uint16_t port;
+- uint8_t mask;
-
- ike_sa->set_peer_cfg(ike_sa, peer);
- ike_cfg = ike_sa->get_ike_cfg(ike_sa);
+ {
+ ike_cfg_t *ike_cfg;
-+ u_int16_t port;
-+ u_int8_t mask;
++ uint16_t port;
++ uint8_t mask;
- port = ike_cfg->get_other_port(ike_cfg);
- dst->to_subnet(dst, &host, &mask);
- host->set_port(host, port);
- ike_sa->set_other_host(ike_sa, host);
-+ ike_sa->set_peer_cfg(ike_sa, peer);
-+ ike_cfg = ike_sa->get_ike_cfg(ike_sa);
++ ike_cfg = peer->get_ike_cfg(peer);
- port = ike_cfg->get_my_port(ike_cfg);
- src->to_subnet(src, &host, &mask);
@@ -608,5 +608,5 @@ index eb7b6ad..706fa57 100644
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
--
-2.7.4
+2.5.0
diff --git a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
index f5f5945889..a69d162407 100644
--- a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
+++ b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
@@ -1,7 +1,7 @@
-From 549ee919f0d94d5b2377fc9d5ad7fa6ebbb43374 Mon Sep 17 00:00:00 2001
+From cc2ce031ea6a8b6d85331804b29335a9470765f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:42:05 +0300
-Subject: [PATCH] vici: send certificates for ike-sa events
+Subject: [PATCH 3/5] vici: send certificates for ike-sa events
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@@ -12,7 +12,7 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi>
1 file changed, 41 insertions(+), 7 deletions(-)
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
-index 284c23e..8c538f0 100644
+index 04cea00..89655f1 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -266,7 +266,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b,
@@ -26,7 +26,7 @@ index 284c23e..8c538f0 100644
ike_sa_id_t *id;
@@ -274,6 +274,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
proposal_t *proposal;
- u_int16_t alg, ks;
+ uint16_t alg, ks;
host_t *host;
+ auth_cfg_t *auth_cfg;
+ enumerator_t *enumerator;
@@ -86,7 +86,7 @@ index 284c23e..8c538f0 100644
b->begin_section(b, "child-sas");
csas = ike_sa->create_child_sa_enumerator(ike_sa);
-@@ -1354,7 +1388,7 @@ METHOD(listener_t, ike_updown, bool,
+@@ -1378,7 +1412,7 @@ METHOD(listener_t, ike_updown, bool,
}
b->begin_section(b, ike_sa->get_name(ike_sa));
@@ -95,7 +95,7 @@ index 284c23e..8c538f0 100644
b->end_section(b);
this->dispatcher->raise_event(this->dispatcher,
-@@ -1379,10 +1413,10 @@ METHOD(listener_t, ike_rekey, bool,
+@@ -1403,10 +1437,10 @@ METHOD(listener_t, ike_rekey, bool,
b = vici_builder_create();
b->begin_section(b, old->get_name(old));
b->begin_section(b, "old");
@@ -108,7 +108,7 @@ index 284c23e..8c538f0 100644
b->end_section(b);
b->end_section(b);
-@@ -1412,7 +1446,7 @@ METHOD(listener_t, child_updown, bool,
+@@ -1436,7 +1470,7 @@ METHOD(listener_t, child_updown, bool,
}
b->begin_section(b, ike_sa->get_name(ike_sa));
@@ -117,7 +117,7 @@ index 284c23e..8c538f0 100644
b->begin_section(b, "child-sas");
b->begin_section(b, child_sa->get_name(child_sa));
-@@ -1444,7 +1478,7 @@ METHOD(listener_t, child_rekey, bool,
+@@ -1468,7 +1502,7 @@ METHOD(listener_t, child_rekey, bool,
b = vici_builder_create();
b->begin_section(b, ike_sa->get_name(ike_sa));
@@ -127,5 +127,5 @@ index 284c23e..8c538f0 100644
b->begin_section(b, old->get_name(old));
--
-2.7.4
+2.5.0
diff --git a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
index 779a909b59..ab8f9dda5d 100644
--- a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
+++ b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
@@ -1,7 +1,7 @@
-From edcf42dc988f92161db85898705b9b6d5a56c94e Mon Sep 17 00:00:00 2001
+From a8312ad8f39bba86558602550468ed98ff30da84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:42:11 +0300
-Subject: [PATCH] vici: add support for individual sa state changes
+Subject: [PATCH 4/5] vici: add support for individual sa state changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@@ -14,10 +14,10 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi>
1 file changed, 105 insertions(+)
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
-index 8c538f0..b49f65b 100644
+index 89655f1..bec9c94 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
-@@ -1356,8 +1356,16 @@ static void manage_commands(private_vici_query_t *this, bool reg)
+@@ -1380,8 +1380,16 @@ static void manage_commands(private_vici_query_t *this, bool reg)
this->dispatcher->manage_event(this->dispatcher, "list-cert", reg);
this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg);
this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg);
@@ -34,7 +34,7 @@ index 8c538f0..b49f65b 100644
manage_command(this, "list-sas", list_sas, reg);
manage_command(this, "list-policies", list_policies, reg);
manage_command(this, "list-conns", list_conns, reg);
-@@ -1426,6 +1434,45 @@ METHOD(listener_t, ike_rekey, bool,
+@@ -1450,6 +1458,45 @@ METHOD(listener_t, ike_rekey, bool,
return TRUE;
}
@@ -80,7 +80,7 @@ index 8c538f0..b49f65b 100644
METHOD(listener_t, child_updown, bool,
private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
{
-@@ -1501,6 +1548,62 @@ METHOD(listener_t, child_rekey, bool,
+@@ -1525,6 +1572,62 @@ METHOD(listener_t, child_rekey, bool,
return TRUE;
}
@@ -143,7 +143,7 @@ index 8c538f0..b49f65b 100644
METHOD(vici_query_t, destroy, void,
private_vici_query_t *this)
{
-@@ -1520,8 +1623,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
+@@ -1544,8 +1647,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
.listener = {
.ike_updown = _ike_updown,
.ike_rekey = _ike_rekey,
@@ -155,5 +155,5 @@ index 8c538f0..b49f65b 100644
.destroy = _destroy,
},
--
-2.7.4
+2.5.0
diff --git a/main/strongswan/2001-support-gre-key-in-ikev1.patch b/main/strongswan/2001-support-gre-key-in-ikev1.patch
index 00d8d3cc7d..e33d997d4b 100644
--- a/main/strongswan/2001-support-gre-key-in-ikev1.patch
+++ b/main/strongswan/2001-support-gre-key-in-ikev1.patch
@@ -1,4 +1,4 @@
-From 8addb45c033b13f3063ece56823a925c2b8bf9a8 Mon Sep 17 00:00:00 2001
+From 9ebc52171e912a58288c24b74668ffa7af61bee8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:42:18 +0300
Subject: [PATCH] support gre key in ikev1
@@ -17,17 +17,17 @@ racoon for the time being.
---
src/libcharon/encoding/payloads/id_payload.c | 68 +++++++++++++++++-----
src/libcharon/encoding/payloads/id_payload.h | 6 +-
+ .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 40 ++++++++++---
src/libcharon/plugins/stroke/stroke_config.c | 5 ++
src/libcharon/plugins/unity/unity_narrow.c | 2 +-
src/libcharon/plugins/vici/vici_config.c | 9 ++-
src/libcharon/sa/ikev1/tasks/quick_mode.c | 16 ++---
- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 40 ++++++++++---
src/libstrongswan/selectors/traffic_selector.c | 33 ++++++++++-
src/libstrongswan/selectors/traffic_selector.h | 31 ++++++++++
9 files changed, 171 insertions(+), 39 deletions(-)
diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c
-index bb8aab7..2cf08e9 100644
+index ae0b19a..b8a6500 100644
--- a/src/libcharon/encoding/payloads/id_payload.c
+++ b/src/libcharon/encoding/payloads/id_payload.c
@@ -245,18 +245,20 @@ METHOD(id_payload_t, get_identification, identification_t*,
@@ -36,7 +36,7 @@ index bb8aab7..2cf08e9 100644
static traffic_selector_t *get_ts_from_range(private_id_payload_t *this,
- ts_type_t type)
+ ts_type_t type,
-+ u_int16_t from_port, u_int16_t to_port)
++ uint16_t from_port, uint16_t to_port)
{
return traffic_selector_create_from_bytes(this->protocol_id, type,
- chunk_create(this->id_data.ptr, this->id_data.len / 2), this->port,
@@ -51,7 +51,7 @@ index bb8aab7..2cf08e9 100644
static traffic_selector_t *get_ts_from_subnet(private_id_payload_t *this,
- ts_type_t type)
+ ts_type_t type,
-+ u_int16_t from_port, u_int16_t to_port)
++ uint16_t from_port, uint16_t to_port)
{
traffic_selector_t *ts;
chunk_t net, netmask;
@@ -70,7 +70,7 @@ index bb8aab7..2cf08e9 100644
static traffic_selector_t *get_ts_from_ip(private_id_payload_t *this,
- ts_type_t type)
+ ts_type_t type,
-+ u_int16_t from_port, u_int16_t to_port)
++ uint16_t from_port, uint16_t to_port)
{
return traffic_selector_create_from_bytes(this->protocol_id, type,
- this->id_data, this->port, this->id_data, this->port ?: 65535);
@@ -82,7 +82,7 @@ index bb8aab7..2cf08e9 100644
+ private_id_payload_t *this, id_payload_t *other_, bool initiator)
{
+ private_id_payload_t *other = (private_id_payload_t *) other_;
-+ u_int16_t from_port, to_port;
++ uint16_t from_port, to_port;
+
+ if (other && this->protocol_id == IPPROTO_GRE && other->protocol_id == IPPROTO_GRE)
+ {
@@ -158,7 +158,7 @@ index bb8aab7..2cf08e9 100644
+id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts, bool initiator)
{
private_id_payload_t *this;
- u_int8_t mask;
+ uint8_t mask;
@@ -460,8 +487,17 @@ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts)
ts->get_from_address(ts), ts->get_to_address(ts));
net->destroy(net);
@@ -204,11 +204,94 @@ index df1d075..7558e91 100644
+id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts, bool initiator);
#endif /** ID_PAYLOAD_H_ @}*/
+diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+index 9c2a7c3..c39db9d 100644
+--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
++++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+@@ -812,7 +812,18 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
+ ts2subnet(src, &sel.saddr, &sel.prefixlen_s);
+ ts2ports(dst, &sel.dport, &sel.dport_mask);
+ ts2ports(src, &sel.sport, &sel.sport_mask);
+- if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) &&
++ if (sel.proto == IPPROTO_GRE)
++ {
++ sel.sport = htons(src->get_from_port(src));
++ sel.dport = htons(src->get_to_port(src));
++ sel.sport_mask = ~0;
++ sel.dport_mask = ~0;
++ if (sel.sport == htons(0) && sel.dport == htons(0xffff))
++ {
++ sel.sport = sel.dport = sel.sport_mask = sel.dport_mask = 0;
++ }
++ }
++ else if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) &&
+ (sel.dport || sel.sport))
+ {
+ /* the kernel expects the ICMP type and code in the source and
+@@ -836,7 +847,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
+ {
+ u_char *addr;
+ uint8_t prefixlen;
+- uint16_t port = 0;
++ uint16_t from_port = 0, to_port = 65535;
+ host_t *host = NULL;
+
+ if (src)
+@@ -845,7 +856,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
+ prefixlen = sel->prefixlen_s;
+ if (sel->sport_mask)
+ {
+- port = ntohs(sel->sport);
++ from_port = to_port = ntohs(sel->sport);
+ }
+ }
+ else
+@@ -854,14 +865,27 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
+ prefixlen = sel->prefixlen_d;
+ if (sel->dport_mask)
+ {
+- port = ntohs(sel->dport);
++ from_port = to_port = ntohs(sel->dport);
++ }
++ }
++ if (sel->proto == IPPROTO_GRE)
++ {
++ if (sel->sport_mask)
++ {
++ from_port = ntohs(sel->sport);
++ to_port = ntohs(sel->dport);
++ }
++ else
++ {
++ from_port = 0;
++ to_port = 0xffff;
+ }
+ }
+- if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6)
++ else if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6)
+ { /* convert ICMP[v6] message type and code as supplied by the kernel in
+ * source and destination ports (both in network order) */
+- port = (sel->sport >> 8) | (sel->dport & 0xff00);
+- port = ntohs(port);
++ from_port = (sel->sport >> 8) | (sel->dport & 0xff00);
++ from_port = to_port = ntohs(from_port);
+ }
+ /* The Linux 2.6 kernel does not set the selector's family field,
+ * so as a kludge we additionally test the prefix length.
+@@ -878,7 +902,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
+ if (host)
+ {
+ return traffic_selector_create_from_subnet(host, prefixlen,
+- sel->proto, port, port ?: 65535);
++ sel->proto, from_port, to_port);
+ }
+ return NULL;
+ }
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
-index f717194..cde175f 100644
+index f2d1104..9caf12e 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
-@@ -1049,6 +1049,11 @@ static bool parse_protoport(char *token, u_int16_t *from_port,
+@@ -941,6 +941,11 @@ static bool parse_protoport(char *token, uint16_t *from_port,
*from_port = 0xffff;
*to_port = 0;
}
@@ -234,10 +317,10 @@ index 227d24b..7749d8c 100644
}
first = FALSE;
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
-index 5537ed9..70c83d4 100644
+index 30e3484..553f04c 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
-@@ -596,8 +596,13 @@ CALLBACK(parse_ts, bool,
+@@ -626,8 +626,13 @@ CALLBACK(parse_ts, bool,
}
else if (*port && !streq(port, "any"))
{
@@ -254,10 +337,10 @@ index 5537ed9..70c83d4 100644
from = to = ntohs(svc->s_port);
}
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
-index d6a3f2c..8533112 100644
+index bbd1cb0..fe5d33d 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
-@@ -541,9 +541,9 @@ static void add_ts(private_quick_mode_t *this, message_t *message)
+@@ -555,9 +555,9 @@ static void add_ts(private_quick_mode_t *this, message_t *message)
{
id_payload_t *id_payload;
@@ -269,7 +352,7 @@ index d6a3f2c..8533112 100644
message->add_payload(message, &id_payload->payload_interface);
}
-@@ -554,7 +554,7 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
+@@ -568,7 +568,7 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
{
traffic_selector_t *tsi = NULL, *tsr = NULL;
enumerator_t *enumerator;
@@ -278,7 +361,7 @@ index d6a3f2c..8533112 100644
payload_t *payload;
host_t *hsi, *hsr;
bool first = TRUE;
-@@ -564,20 +564,22 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
+@@ -578,20 +578,22 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
{
if (payload->get_type(payload) == PLV1_ID)
{
@@ -305,100 +388,17 @@ index d6a3f2c..8533112 100644
enumerator->destroy(enumerator);
/* create host2host selectors if ID payloads missing */
-diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
-index 605476e..ef94c26 100644
---- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
-+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
-@@ -745,7 +745,18 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
- ts2subnet(src, &sel.saddr, &sel.prefixlen_s);
- ts2ports(dst, &sel.dport, &sel.dport_mask);
- ts2ports(src, &sel.sport, &sel.sport_mask);
-- if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) &&
-+ if (sel.proto == IPPROTO_GRE)
-+ {
-+ sel.sport = htons(src->get_from_port(src));
-+ sel.dport = htons(src->get_to_port(src));
-+ sel.sport_mask = ~0;
-+ sel.dport_mask = ~0;
-+ if (sel.sport == htons(0) && sel.dport == htons(0xffff))
-+ {
-+ sel.sport = sel.dport = sel.sport_mask = sel.dport_mask = 0;
-+ }
-+ }
-+ else if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) &&
- (sel.dport || sel.sport))
- {
- /* the kernel expects the ICMP type and code in the source and
-@@ -769,7 +780,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
- {
- u_char *addr;
- u_int8_t prefixlen;
-- u_int16_t port = 0;
-+ u_int16_t from_port = 0, to_port = 65535;
- host_t *host = NULL;
-
- if (src)
-@@ -778,7 +789,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
- prefixlen = sel->prefixlen_s;
- if (sel->sport_mask)
- {
-- port = ntohs(sel->sport);
-+ from_port = to_port = ntohs(sel->sport);
- }
- }
- else
-@@ -787,14 +798,27 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
- prefixlen = sel->prefixlen_d;
- if (sel->dport_mask)
- {
-- port = ntohs(sel->dport);
-+ from_port = to_port = ntohs(sel->dport);
-+ }
-+ }
-+ if (sel->proto == IPPROTO_GRE)
-+ {
-+ if (sel->sport_mask)
-+ {
-+ from_port = ntohs(sel->sport);
-+ to_port = ntohs(sel->dport);
-+ }
-+ else
-+ {
-+ from_port = 0;
-+ to_port = 0xffff;
- }
- }
-- if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6)
-+ else if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6)
- { /* convert ICMP[v6] message type and code as supplied by the kernel in
- * source and destination ports (both in network order) */
-- port = (sel->sport >> 8) | (sel->dport & 0xff00);
-- port = ntohs(port);
-+ from_port = (sel->sport >> 8) | (sel->dport & 0xff00);
-+ from_port = to_port = ntohs(from_port);
- }
- /* The Linux 2.6 kernel does not set the selector's family field,
- * so as a kludge we additionally test the prefix length.
-@@ -811,7 +835,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
- if (host)
- {
- return traffic_selector_create_from_subnet(host, prefixlen,
-- sel->proto, port, port ?: 65535);
-+ sel->proto, from_port, to_port);
- }
- return NULL;
- }
diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
-index 6686324..776c765 100644
+index da3ba97..ee2af19 100644
--- a/src/libstrongswan/selectors/traffic_selector.c
+++ b/src/libstrongswan/selectors/traffic_selector.c
-@@ -209,6 +209,14 @@ static int print_icmp(printf_hook_data_t *data, u_int16_t port)
+@@ -209,6 +209,14 @@ static int print_icmp(printf_hook_data_t *data, uint16_t port)
}
/**
+ * Print GRE key
+ */
-+static int print_grekey(printf_hook_data_t *data, u_int16_t from_port, u_int16_t to_port)
++static int print_grekey(printf_hook_data_t *data, uint16_t from_port, uint16_t to_port)
+{
+ return print_in_hook(data, "%d", traffic_selector_grekey(from_port, to_port));
+}
@@ -407,7 +407,7 @@ index 6686324..776c765 100644
* Described in header.
*/
int traffic_selector_printf_hook(printf_hook_data_t *data,
-@@ -313,7 +321,11 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
+@@ -312,7 +320,11 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
/* build port string */
if (has_ports)
{
@@ -420,7 +420,7 @@ index 6686324..776c765 100644
{
struct servent *serv;
-@@ -398,7 +410,24 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*,
+@@ -397,7 +409,24 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*,
/* select protocol, which is not zero */
protocol = max(this->protocol, other->protocol);
@@ -447,7 +447,7 @@ index 6686324..776c765 100644
(is_opaque(other) && is_any(this)))
{
diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h
-index cf9a286..d458c68 100644
+index cc66c34..a2a95b9 100644
--- a/src/libstrongswan/selectors/traffic_selector.h
+++ b/src/libstrongswan/selectors/traffic_selector.h
@@ -120,6 +120,9 @@ struct traffic_selector_t {
@@ -459,7 +459,7 @@ index cf9a286..d458c68 100644
+ *
* @return port
*/
- u_int16_t (*get_from_port) (traffic_selector_t *this);
+ uint16_t (*get_from_port) (traffic_selector_t *this);
@@ -134,6 +137,9 @@ struct traffic_selector_t {
* 8 bits and the code in the least significant 8 bits. Use the utility
* functions to extract them.
@@ -469,7 +469,7 @@ index cf9a286..d458c68 100644
+ *
* @return port
*/
- u_int16_t (*get_to_port) (traffic_selector_t *this);
+ uint16_t (*get_to_port) (traffic_selector_t *this);
@@ -268,6 +274,31 @@ int traffic_selector_cmp(traffic_selector_t *a, traffic_selector_t *b,
void *opts);
@@ -480,7 +480,7 @@ index cf9a286..d458c68 100644
+ * @param to_port port number in host order
+ * @return GRE KEY in host order
+ */
-+static inline u_int32_t traffic_selector_grekey(u_int16_t from_port, u_int16_t to_port)
++static inline uint32_t traffic_selector_grekey(uint16_t from_port, uint16_t to_port)
+{
+ return (from_port << 16) | to_port;
+}
@@ -492,7 +492,7 @@ index cf9a286..d458c68 100644
+ * @param from_port from port in host order
+ * @param to_port to port in host order
+ */
-+static inline void traffic_selector_split_grekey(u_int32_t grekey, u_int16_t *from_port, u_int16_t *to_port)
++static inline void traffic_selector_split_grekey(uint32_t grekey, uint16_t *from_port, uint16_t *to_port)
+{
+ *from_port = grekey >> 16;
+ *to_port = grekey & 0xffff;
@@ -503,5 +503,5 @@ index cf9a286..d458c68 100644
*
* If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
--
-2.5.3
+2.9.1
diff --git a/main/strongswan/2002-vici-support-asynchronous-initiation.patch b/main/strongswan/2002-vici-add-deprecated-async-parameter.patch
index a5fec12019..577532867c 100644
--- a/main/strongswan/2002-vici-support-asynchronous-initiation.patch
+++ b/main/strongswan/2002-vici-add-deprecated-async-parameter.patch
@@ -1,7 +1,7 @@
-From 9694c2dd70aeb1ea43754490f4ed038da7245887 Mon Sep 17 00:00:00 2001
+From d3c1585742909cbf306da1bf489b7f1560e8dab5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:42:15 +0300
-Subject: [PATCH] vici: add (deprecated) async parameter
+Subject: [PATCH 5/5] vici: add (deprecated) async parameter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@@ -15,7 +15,7 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi>
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
-index 593d3c7..b93d4ef 100644
+index 55b8c99..eba7640 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -195,7 +195,7 @@ CALLBACK(initiate, vici_message_t*,
@@ -45,5 +45,5 @@ index 593d3c7..b93d4ef 100644
log_cb = (controller_cb_t)log_vici;
}
--
-2.7.4
+2.5.0
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index fd4a6c6a73..8c1b019069 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -1,9 +1,9 @@
# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
-pkgver=5.4.0
+pkgver=5.5.0
_pkgver=${pkgver//_rc/rc}
-pkgrel=1
+pkgrel=0
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
@@ -22,7 +22,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
1002-vici-send-certificates-for-ike-sa-events.patch
1003-vici-add-support-for-individual-sa-state-changes.patch
2001-support-gre-key-in-ikev1.patch
- 2002-vici-support-asynchronous-initiation.patch
+ 2002-vici-add-deprecated-async-parameter.patch
strongswan.initd
charon.initd"
@@ -112,30 +112,30 @@ package() {
install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon" || return 1
}
-md5sums="9d7c77b0da9b69f859624897e5e9ebbf strongswan-5.4.0.tar.bz2
-9285f6edb3efcd6bf61ed6da982bdbc8 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
-6df5e2362a275b552747928e83842c5c 1001-charon-add-optional-source-and-remote-overrides-for-.patch
-d4c5facf86f02ecd50288e16633d80c8 1002-vici-send-certificates-for-ike-sa-events.patch
-3fc0bb2d80ffc4cca0db5fe2e29dec35 1003-vici-add-support-for-individual-sa-state-changes.patch
-6ace16d48653028ec1982e6940fd2b1d 2001-support-gre-key-in-ikev1.patch
-6cc10c571ee50199e741f7d5ce9bcc85 2002-vici-support-asynchronous-initiation.patch
+md5sums="a96fa7eb6c62b40143dadb064b6bd586 strongswan-5.5.0.tar.bz2
+0a82059a9bd45d7a189864843560afe9 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+6e596d747a158bf6760aa85490f368b1 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+1d174dd2c9fcfdc9e2260a249395ab8d 1002-vici-send-certificates-for-ike-sa-events.patch
+167c525d4945d4e9a36fe75aabbbb895 1003-vici-add-support-for-individual-sa-state-changes.patch
+97bb0e061ba1576bab0e053afc2a4a72 2001-support-gre-key-in-ikev1.patch
+31f4bda273d364095e9e6167da417e08 2002-vici-add-deprecated-async-parameter.patch
72a956819c451931d3d31a528a0d1b9c strongswan.initd
a7993f28e4eacc61f51722044645587e charon.initd"
-sha256sums="f8288faaea6a9cd8a7d413c0b76b7922be5da3dfcd01fd05cb30d2c55d3bbe89 strongswan-5.4.0.tar.bz2
-1ce5125db88c815e9daece12a9bffade46e104fb4faeb2a3f4fa9935a3a6fd1d 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
-3e250759b05738884a933f31bd9eacc32ad6a5b913298f533b4d4ebe3fa636ca 1001-charon-add-optional-source-and-remote-overrides-for-.patch
-4dcb0e4a5456773a8d1ab474403812172bc82408a47fe2fbf1bc7199a2bf5682 1002-vici-send-certificates-for-ike-sa-events.patch
-8ea09e018c860121a3bc67ae74f98276af1184928507bcb99c87db7e588366ed 1003-vici-add-support-for-individual-sa-state-changes.patch
-db5a6474de0727ea6c10550358f1dda7a849a9729f93d26db351e35df14a3962 2001-support-gre-key-in-ikev1.patch
-ed40940d6208f5bbe5104d55d53cdfbcad1ca6ac190c81279dcd78dbbb460c21 2002-vici-support-asynchronous-initiation.patch
+sha256sums="58463998ac6725eac3687e8a20c1f69803c3772657076d06c43386a24b4c8454 strongswan-5.5.0.tar.bz2
+89934062b4d400019752bb8140a60dacd832e4be7e86e7f573397bc56f87109e 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+b8a7a12582329244bb28b41d52e8f52cdcde84722c9c00d72ed1c799ad575011 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+e2de070bdb5fd9e19d02d18829ad9684e3a9fa64f0bc45015249c7f1f738f7be 1002-vici-send-certificates-for-ike-sa-events.patch
+c92a8641093e343f1f652213fb4469622a82f9f3c759e065b2b553ef3cf8cfec 1003-vici-add-support-for-individual-sa-state-changes.patch
+f038cadddde9f0ea2f36df03f81445b2f6a6d6b09cf4a21bfcdb61c62706a66b 2001-support-gre-key-in-ikev1.patch
+fec398ec01dbc3f10693ec128b0f39b90284c89ae65cad6230fd277e6f67e023 2002-vici-add-deprecated-async-parameter.patch
fdb781fa59700ca83b9fd2f2ff0b9c45467448ebd82da96286b3e2aa477ef7f4 strongswan.initd
7bcc57e4a778f87645c6b9d76ba2c04e1c11c326bc9a4968561788711c7fe58a charon.initd"
-sha512sums="633d17ac0a55d333b358a538a47c53077bcc462e2a64af6643b2fe4f777184bd81fc7e4c384e8da81326834f571bf4c0a6caff1ec773043f471a82ea06d97459 strongswan-5.4.0.tar.bz2
-4e3f86d4cc67aa5e498b1c02f0590ba0bb8033a6fb0b0ad56d19168d46e5db3853652510c7473e44f2df7054c92e8d28c8d95db112a1c1f62b4969e2679a16f9 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
-78f2f1a5bc490d788ce13a82aea821507f4e7b1dc74bdbc154f27a1629ccee59025604552651054b176a30fa1568486d58ab78fff6086d9ed56fef257736633f 1001-charon-add-optional-source-and-remote-overrides-for-.patch
-4d9a999b9684c100d850d290e95aaadc330b144c049d585cbbfa09b1f58e2a09c95ed96d959d90264efdf9fd66085625c28e75393af12e139b5c7d39b3a9fb84 1002-vici-send-certificates-for-ike-sa-events.patch
-abea53573a95ae6599b6f60851ca11d4d3dd30367fd995a1d07284f5f02b491b10d7fafb32389bf38d177835fed6796aba99541e187731333bec191de467f669 1003-vici-add-support-for-individual-sa-state-changes.patch
-2d1ff7f48f652e489ddb0c54f8f15fb4fedb188de35a7028335dde5e623077ef7adc2fad4484330acc26db3f5fa0479cd0bebeeb75ecc5e61bf361d837c259f5 2001-support-gre-key-in-ikev1.patch
-f5e244b44e1682ddc2175c35a39c4b33b8ec4983a7b7da5df2b5a103841b0826c919817b685f1959e783e19434558d75e15b353b43ad7b020d122721cd96a4f2 2002-vici-support-asynchronous-initiation.patch
+sha512sums="dbbd26fa21f940e8b959387f174084c811bb6af6950295be724bd8507713918ffda931a65a5db00f2a4611ee4edf893e55ca56cfd5d4efb394eeeb8968c889d4 strongswan-5.5.0.tar.bz2
+768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+66fcaaf19ed17472b52ed178ffdd7454dce80849d4ebaafb8ab3f2d4119bfbc975f7854709c45cec7dfc6f6060834c840da683f45ac1de71688a1ff731564c24 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+f1aa4eed2258527dcc787ef41af7fdb9d6eb83e18d1ac2d8eebace47d0f41d5b719f80508691f271e67f2fac2f041b57a02cfea4a289eb38b3619c3ae2e18b9a 1002-vici-send-certificates-for-ike-sa-events.patch
+9c94dd2063265581aff60960f795e7e5a7f8992dfb875d2bceff8028ae1c45afd6ec48a0729a0da14e86245b5017c85cdd33b1baa5b7faff4edc1783b5ffedcc 1003-vici-add-support-for-individual-sa-state-changes.patch
+1544a409ad08f46a5dffbe3b4e8cf0e973c58140bf225f7c4e9b29be7fe6178f63d73730d1b2f7a755ed0d5dc09ee9fa0a08ac35761b01c5914d9bde1044ce7a 2001-support-gre-key-in-ikev1.patch
+769536476e941882c3a244b3c47eb4cc8ab1ec026862acfa1e00469114b532f8965890b21ff2e9e129778ead9b273ce47923b9bc0e788be3c0292023f5a32ee5 2002-vici-add-deprecated-async-parameter.patch
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd
1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd"