net/ipsec-tools: Import net/ipsec-tools from oldpackages

Signed-off-by: Noah Meyerhans <noahm@debian.org>
author: Noah Meyerhans <noahm@debian.org> 2014-08-15 22:01:52 -0700
committer: Noah Meyerhans <noahm@debian.org> 2014-08-16 12:29:38 -0700
commit: 5117da79253c79ad49158d3419e8d87fb1d5ef03 (patch)
tree: 3b5fd3cc35fa286db96561768f0e0b60f8cb59a8 /net/ipsec-tools/patches
parent: 8eb8659e41441c9884304b66c288b790b8d24abd (diff)
6 files changed, 192 insertions, 0 deletions
diff --git a/net/ipsec-tools/patches/001-ipsec-tools-def-psk.patch b/net/ipsec-tools/patches/001-ipsec-tools-def-psk.patch
new file mode 100644
index 000000000..db5b3064d
--- /dev/null
+++ b/net/ipsec-tools/patches/001-ipsec-tools-def-psk.patch
@@ -0,0 +1,24 @@
+--- a/src/racoon/oakley.c
++++ b/src/racoon/oakley.c
+@@ -2424,8 +2424,21 @@ oakley_skeyid(iph1)
+ 				plog(LLV_ERROR, LOCATION, iph1->remote,
+ 					"couldn't find the pskey for %s.\n",
+ 					saddrwop2str(iph1->remote));
++			}
++		}
++		if (iph1->authstr == NULL) {
++			/*
++			 * If we could not locate a psk above try and locate
++			 * the default psk, ie, "*".
++			 */
++			iph1->authstr = privsep_getpsk("*", 1);
++			if (iph1->authstr == NULL) {
++				plog(LLV_ERROR, LOCATION, iph1->remote,
++					"couldn't find the the default pskey either.\n");
+ 				goto end;
+ 			}
++			plog(LLV_NOTIFY, LOCATION, iph1->remote,
++					"Using default PSK.\n");
+ 		}
+ 		plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
+ 		/* should be secret PSK */
diff --git a/net/ipsec-tools/patches/001-no_libfl.patch b/net/ipsec-tools/patches/001-no_libfl.patch
new file mode 100644
index 000000000..b56b596ba
--- /dev/null
+++ b/net/ipsec-tools/patches/001-no_libfl.patch
@@ -0,0 +1,22 @@
+--- a/src/racoon/cftoken.l
++++ b/src/racoon/cftoken.l
+@@ -104,6 +104,8 @@ static struct include_stack {
+ static int incstackp = 0;
+ 
+ static int yy_first_time = 1;
++
++int yywrap(void) { return 1; }
+ %}
+ 
+ /* common seciton */
+--- a/src/setkey/token.l
++++ b/src/setkey/token.l
+@@ -86,6 +86,8 @@
+ #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
+ #define SADB_X_EALG_AESCBC  SADB_X_EALG_AES
+ #endif
++
++int yywrap(void) { return 1; }
+ %}
+ 
+ /* common section */
diff --git a/net/ipsec-tools/patches/002-patch8-utmp.patch b/net/ipsec-tools/patches/002-patch8-utmp.patch
new file mode 100644
index 000000000..16dc9237c
--- /dev/null
+++ b/net/ipsec-tools/patches/002-patch8-utmp.patch
@@ -0,0 +1,72 @@
+--- a/src/racoon/isakmp_cfg.c
++++ b/src/racoon/isakmp_cfg.c
+@@ -38,7 +38,7 @@
+ #include <sys/socket.h>
+ #include <sys/queue.h>
+ 
+-#include <utmpx.h>
++#include <utmp.h>
+ #if defined(__APPLE__) && defined(__MACH__)
+ #include <util.h>
+ #endif
+@@ -1661,7 +1661,8 @@ isakmp_cfg_accounting_system(port, raddr
+ 	int inout;
+ {
+ 	int error = 0;
+-	struct utmpx ut;
++	struct utmp ut;
++	char term[UT_LINESIZE];
+ 	char addr[NI_MAXHOST];
+ 	
+ 	if (usr == NULL || usr[0]=='\0') {
+@@ -1670,34 +1671,37 @@ isakmp_cfg_accounting_system(port, raddr
+ 		return -1;
+ 	}
+ 
+-	memset(&ut, 0, sizeof ut);
+-	gettimeofday((struct timeval *)&ut.ut_tv, NULL);
+-	snprintf(ut.ut_id, sizeof ut.ut_id, TERMSPEC, port);
++	sprintf(term, TERMSPEC, port);
+ 
+ 	switch (inout) {
+ 	case ISAKMP_CFG_LOGIN:
+-		ut.ut_type = USER_PROCESS;
+-		strncpy(ut.ut_user, usr, sizeof ut.ut_user);
++		strncpy(ut.ut_name, usr, UT_NAMESIZE);
++		ut.ut_name[UT_NAMESIZE - 1] = '\0';
++		
++		strncpy(ut.ut_line, term, UT_LINESIZE);
++		ut.ut_line[UT_LINESIZE - 1] = '\0';
+ 
+ 		GETNAMEINFO_NULL(raddr, addr);
+-		strncpy(ut.ut_host, addr, sizeof ut.ut_host);
++		strncpy(ut.ut_host, addr, UT_HOSTSIZE);
++		ut.ut_host[UT_HOSTSIZE - 1] = '\0';
++
++		ut.ut_time = time(NULL);
+ 
+ 		plog(LLV_INFO, LOCATION, NULL,
+ 			"Accounting : '%s' logging on '%s' from %s.\n",
+-			ut.ut_user, ut.ut_id, addr);
+-
+-		pututxline(&ut);
++			ut.ut_name, ut.ut_line, ut.ut_host);
+ 
++		login(&ut);
++		
+ 		break;
+ 	case ISAKMP_CFG_LOGOUT:	
+-		ut.ut_type = DEAD_PROCESS;
+ 
+ 		plog(LLV_INFO, LOCATION, NULL,
+ 			"Accounting : '%s' unlogging from '%s'.\n",
+-			usr, ut.ut_id);
+-
+-		pututxline(&ut);
++			usr, term);
+ 
++		logout(term);
++		
+ 		break;
+ 	default:
+ 		plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");
diff --git a/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch b/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch
new file mode 100644
index 000000000..443d38d5e
--- /dev/null
+++ b/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch
@@ -0,0 +1,13 @@
+--- a/src/racoon/ipsec_doi.c
++++ b/src/racoon/ipsec_doi.c
+@@ -3582,8 +3582,8 @@ ipsecdoi_checkid1(iph1)
+ 	    iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) {
+ 		 if (id_b->type != IPSECDOI_ID_IPV4_ADDR
+ 		  && id_b->type != IPSECDOI_ID_IPV6_ADDR) {
+-			plog(LLV_ERROR, LOCATION, NULL,
+-				"Expecting IP address type in main mode, "
++			plog(LLV_WARNING, LOCATION, NULL,
++				"Expecting IP address type in main mode (RFC2409) , "
+ 				"but %s.\n", s_ipsecdoi_ident(id_b->type));
+ 			return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
+ 		}
diff --git a/net/ipsec-tools/patches/005-isakmp-fix.patch b/net/ipsec-tools/patches/005-isakmp-fix.patch
new file mode 100644
index 000000000..f7aa3c26c
--- /dev/null
+++ b/net/ipsec-tools/patches/005-isakmp-fix.patch
@@ -0,0 +1,11 @@
+--- a/src/racoon/isakmp.c
++++ b/src/racoon/isakmp.c
+@@ -31,6 +31,8 @@
+  * SUCH DAMAGE.
+  */
+ 
++#define __packed __attribute__((__packed__))
++
+ #include "config.h"
+ 
+ #include <sys/types.h>
diff --git a/net/ipsec-tools/patches/006-linux-3.7-compat.patch b/net/ipsec-tools/patches/006-linux-3.7-compat.patch
new file mode 100644
index 000000000..46b11ee51
--- /dev/null
+++ b/net/ipsec-tools/patches/006-linux-3.7-compat.patch
@@ -0,0 +1,50 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -74,9 +74,10 @@ case "$host_os" in
+ 	    [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
+ 
+     AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
+-	[ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
+-	  KERNEL_INCLUDE=/usr/src/linux/include ,
+-	  [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
++	[ AC_CHECK_HEADER($KERNEL_INCLUDE/uapi/linux/pfkeyv2.h, ,
++	  [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
++	    KERNEL_INCLUDE=/usr/src/linux/include ,
++	    [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) ] )
+     AC_SUBST(KERNEL_INCLUDE)
+     # We need the configure script to run with correct kernel headers.
+     # However we don't want to point to kernel source tree in compile time,
+@@ -643,7 +644,14 @@ AC_EGREP_CPP(yes,
+ #ifdef SADB_X_EXT_NAT_T_TYPE
+ yes
+ #endif
+-], [kernel_natt="yes"])
++], [kernel_natt="yes"], [
++  AC_EGREP_CPP(yes,
++  [#include <uapi/linux/pfkeyv2.h>
++  #ifdef SADB_X_EXT_NAT_T_TYPE
++  yes
++  #endif
++  ], [kernel_natt="yes"])
++])
+ 	;;
+ freebsd*|netbsd*)
+ # NetBSD case
+--- a/src/include-glibc/Makefile.am
++++ b/src/include-glibc/Makefile.am
+@@ -1,14 +1,7 @@
+-
+-.includes: ${top_builddir}/config.status
+-	ln -snf $(KERNEL_INCLUDE)/linux
+-	touch .includes
+-
+-all: .includes
+-
+ EXTRA_DIST = \
+   glibc-bugs.h \
+   net/pfkeyv2.h \
+   netinet/ipsec.h \
+   sys/queue.h
+ 
+-DISTCLEANFILES = .includes linux
++DISTCLEANFILES = linux
author	Noah Meyerhans <noahm@debian.org>	2014-08-15 22:01:52 -0700
committer	Noah Meyerhans <noahm@debian.org>	2014-08-16 12:29:38 -0700
commit	5117da79253c79ad49158d3419e8d87fb1d5ef03 (patch)
tree	3b5fd3cc35fa286db96561768f0e0b60f8cb59a8 /net/ipsec-tools/patches
parent	8eb8659e41441c9884304b66c288b790b8d24abd (diff)