---- isakmpd-20041012.orig/dpd.c
-+++ isakmpd-20041012/dpd.c
+Index: isakmpd-20041012.orig/dpd.c
+===================================================================
+--- isakmpd-20041012.orig.orig/dpd.c 2007-06-04 13:22:39.088912864 +0200
++++ isakmpd-20041012.orig/dpd.c 2007-06-04 13:22:39.282883376 +0200
@@ -26,6 +26,7 @@
#include <sys/types.h>
}
if (!sa->dpd_event)
log_print("dpd_timer_reset: timer_add_event failed");
---- isakmpd-20041012.orig/ipsec.c
-+++ isakmpd-20041012/ipsec.c
+Index: isakmpd-20041012.orig/ipsec.c
+===================================================================
+--- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.093912104 +0200
++++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200
@@ -1020,6 +1020,52 @@
}
}
type = conf_get_str(section, "ID-type");
if (!type) {
---- isakmpd-20041012.orig/GNUmakefile
-+++ isakmpd-20041012/GNUmakefile
+Index: isakmpd-20041012.orig/GNUmakefile
+===================================================================
+--- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.099911192 +0200
++++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200
@@ -40,12 +40,12 @@
# integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec.
# darwin means MacOS X 10.2 and later with KAME IPsec. linux means Linux-2.5
CFLAGS+= ${IPSEC_CFLAGS}
LDADD+= ${DESLIB}
DPADD+= ${DESLIBDEP}
---- isakmpd-20041012.orig/exchange.h
-+++ isakmpd-20041012/exchange.h
+Index: isakmpd-20041012.orig/exchange.h
+===================================================================
+--- isakmpd-20041012.orig.orig/exchange.h 2007-06-04 13:22:39.104910432 +0200
++++ isakmpd-20041012.orig/exchange.h 2007-06-04 13:22:39.283883224 +0200
@@ -221,6 +221,8 @@
#define EXCHANGE_FLAG_NAT_T_ENABLE 0x10 /* We are doing NAT-T. */
#define EXCHANGE_FLAG_NAT_T_KEEPALIVE 0x20 /* We are the NAT:ed peer. */
extern int exchange_add_certs(struct message *);
extern void exchange_finalize(struct message *);
---- isakmpd-20041012.orig/log.c
-+++ isakmpd-20041012/log.c
+Index: isakmpd-20041012.orig/log.c
+===================================================================
+--- isakmpd-20041012.orig.orig/log.c 2007-06-04 13:22:39.110909520 +0200
++++ isakmpd-20041012.orig/log.c 2007-06-04 13:22:39.284883072 +0200
@@ -79,7 +79,6 @@
struct packhdr {
sum = 0;
for (i = 0; i < hdrlen; i += 2)
---- isakmpd-20041012.orig/nat_traversal.c
-+++ isakmpd-20041012/nat_traversal.c
+Index: isakmpd-20041012.orig/nat_traversal.c
+===================================================================
+--- isakmpd-20041012.orig.orig/nat_traversal.c 2007-06-04 13:22:39.115908760 +0200
++++ isakmpd-20041012.orig/nat_traversal.c 2007-06-04 13:22:39.284883072 +0200
@@ -1,4 +1,4 @@
-/* $OpenBSD: nat_traversal.c,v 1.7 2004/08/08 19:11:06 deraadt Exp $ */
+/* $OpenBSD: nat_traversal.c,v 1.17 2006/06/14 14:03:33 hshoexer Exp $ */
return 1;
hbuf = nat_t_generate_nat_d_hash(msg, sa, &hbuflen);
---- isakmpd-20041012.orig/udp_encap.c
-+++ isakmpd-20041012/udp_encap.c
+Index: isakmpd-20041012.orig/udp_encap.c
+===================================================================
+--- isakmpd-20041012.orig.orig/udp_encap.c 2007-06-04 13:22:39.121907848 +0200
++++ isakmpd-20041012.orig/udp_encap.c 2007-06-04 13:22:39.284883072 +0200
@@ -61,6 +61,11 @@
#define UDP_SIZE 65536
/* Wildcard address ? */
switch (laddr->sa_family) {
case AF_INET:
---- isakmpd-20041012.orig/apps/Makefile
-+++ isakmpd-20041012/apps/Makefile
+Index: isakmpd-20041012.orig/apps/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/apps/Makefile 2007-06-04 13:22:39.126907088 +0200
++++ isakmpd-20041012.orig/apps/Makefile 2007-06-04 13:22:39.285882920 +0200
@@ -31,4 +31,4 @@
SUBDIR= certpatch
-.include <bsd.subdir.mk>
+#.include <bsd.subdir.mk>
---- isakmpd-20041012.orig/apps/certpatch/GNUmakefile
-+++ isakmpd-20041012/apps/certpatch/GNUmakefile
+Index: isakmpd-20041012.orig/apps/certpatch/GNUmakefile
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ isakmpd-20041012.orig/apps/certpatch/GNUmakefile 2007-06-04 13:22:39.285882920 +0200
@@ -0,0 +1,55 @@
+# $OpenBSD: Makefile,v 1.7 2003/06/03 14:35:00 ho Exp $
+# $EOM: Makefile,v 1.6 2000/03/28 21:22:06 ho Exp $
+
+clean:
+ rm -f ${PROG}
---- isakmpd-20041012.orig/pf_key_v2.c
-+++ isakmpd-20041012/pf_key_v2.c
+Index: isakmpd-20041012.orig/pf_key_v2.c
+===================================================================
+--- isakmpd-20041012.orig.orig/pf_key_v2.c 2007-06-04 13:22:39.137905416 +0200
++++ isakmpd-20041012.orig/pf_key_v2.c 2007-06-04 13:22:39.287882616 +0200
@@ -1055,6 +1055,10 @@
#endif
#if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP)
msg.sadb_msg_satype = SADB_SATYPE_UNSPEC;
msg.sadb_msg_seq = 0;
flow = pf_key_v2_msg_new(&msg, 0);
---- isakmpd-20041012.orig/isakmp_num.cst
-+++ isakmpd-20041012/isakmp_num.cst
+Index: isakmpd-20041012.orig/isakmp_num.cst
+===================================================================
+--- isakmpd-20041012.orig.orig/isakmp_num.cst 2007-06-04 13:22:39.143904504 +0200
++++ isakmpd-20041012.orig/isakmp_num.cst 2007-06-04 13:22:39.287882616 +0200
@@ -57,15 +57,18 @@
KD 17 # RFC 3547, Key Download
SEQ 18 # RFC 3547, Sequence Number
.
# ISAKMP exchange types.
---- isakmpd-20041012.orig/ipsec_num.cst
-+++ isakmpd-20041012/ipsec_num.cst
+Index: isakmpd-20041012.orig/ipsec_num.cst
+===================================================================
+--- isakmpd-20041012.orig.orig/ipsec_num.cst 2007-06-04 13:22:39.149903592 +0200
++++ isakmpd-20041012.orig/ipsec_num.cst 2007-06-04 13:22:39.287882616 +0200
@@ -62,10 +62,10 @@
IPSEC_ENCAP
TUNNEL 1
.
# IPSEC authentication algorithm.
---- isakmpd-20041012.orig/nat_traversal.h
-+++ isakmpd-20041012/nat_traversal.h
+Index: isakmpd-20041012.orig/nat_traversal.h
+===================================================================
+--- isakmpd-20041012.orig.orig/nat_traversal.h 2007-06-04 13:22:39.154902832 +0200
++++ isakmpd-20041012.orig/nat_traversal.h 2007-06-04 13:22:39.287882616 +0200
@@ -1,4 +1,4 @@
-/* $OpenBSD: nat_traversal.h,v 1.2 2004/06/21 23:27:10 ho Exp $ */
+/* $OpenBSD: nat_traversal.h,v 1.4 2005/07/25 15:03:47 hshoexer Exp $ */
void nat_t_init(void);
int nat_t_add_vendor_payloads(struct message *);
void nat_t_check_vendor_payload(struct message *, struct payload *);
---- isakmpd-20041012.orig/message.c
-+++ isakmpd-20041012/message.c
+Index: isakmpd-20041012.orig/message.c
+===================================================================
+--- isakmpd-20041012.orig.orig/message.c 2007-06-04 13:22:39.160901920 +0200
++++ isakmpd-20041012.orig/message.c 2007-06-04 13:22:39.288882464 +0200
@@ -112,6 +112,7 @@
message_validate_hash, message_validate_sig, message_validate_nonce,
message_validate_notify, message_validate_delete,
return ISAKMP_NAT_OA_SZ;
#endif
/* Not yet supported and any other unknown payloads. */
---- isakmpd-20041012.orig/policy.c
-+++ isakmpd-20041012/policy.c
+Index: isakmpd-20041012.orig/policy.c
+===================================================================
+--- isakmpd-20041012.orig.orig/policy.c 2007-06-04 13:22:39.165901160 +0200
++++ isakmpd-20041012.orig/policy.c 2007-06-04 13:22:39.289882312 +0200
@@ -511,7 +511,10 @@
break;
}
/* Get policy file from configuration. */
policy_file = conf_get_str("General", "Policy-file");
if (!policy_file)
---- isakmpd-20041012.orig/ike_phase_1.c
-+++ isakmpd-20041012/ike_phase_1.c
+Index: isakmpd-20041012.orig/ike_phase_1.c
+===================================================================
+--- isakmpd-20041012.orig.orig/ike_phase_1.c 2007-06-04 13:22:39.170900400 +0200
++++ isakmpd-20041012.orig/ike_phase_1.c 2007-06-04 13:22:39.290882160 +0200
@@ -1040,9 +1040,9 @@
/* Compare expected/desired and received remote ID */
return -1;
}
free(rid);
---- isakmpd-20041012.orig/x509.c
-+++ isakmpd-20041012/x509.c
+Index: isakmpd-20041012.orig/x509.c
+===================================================================
+--- isakmpd-20041012.orig.orig/x509.c 2007-06-04 13:22:39.176899488 +0200
++++ isakmpd-20041012.orig/x509.c 2007-06-04 13:22:39.290882160 +0200
@@ -910,7 +910,11 @@
X509_STORE_CTX_init(&csc, x509_cas, cert, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
}
---- isakmpd-20041012.orig/sysdep/linux/sysdep.c
-+++ isakmpd-20041012/sysdep/linux/sysdep.c
+Index: isakmpd-20041012.orig/sysdep/linux/sysdep.c
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.182898576 +0200
++++ isakmpd-20041012.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.291882008 +0200
@@ -169,22 +169,22 @@
return 0;
return -1;
}
return 0;
---- isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
-+++ isakmpd-20041012/sysdep/linux/GNUmakefile.sysdep
+Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.187897816 +0200
++++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200
@@ -33,13 +33,13 @@
LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
DPADD+= ${LIBGMP} ${LIBSYSDEP}
CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS}
ifeq ($(findstring clean,$(MAKECMDGOALS)),clean)
---- isakmpd-20041012.orig/sysdep/linux/include/bitstring.h
-+++ isakmpd-20041012/sysdep/linux/include/bitstring.h
+Index: isakmpd-20041012.orig/sysdep/linux/include/bitstring.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ isakmpd-20041012.orig/sysdep/linux/include/bitstring.h 2007-06-04 13:22:39.291882008 +0200
@@ -0,0 +1,132 @@
+/* $OpenBSD: bitstring.h,v 1.4 2002/06/19 02:50:10 millert Exp $ */
+/* $NetBSD: bitstring.h,v 1.5 1997/05/14 15:49:55 pk Exp $ */
+} while(0)
+
+#endif /* !_BITSTRING_H_ */
---- isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h
-+++ isakmpd-20041012/sysdep/linux/include/sys/queue.h
+Index: isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h 2007-06-04 13:22:39.292881856 +0200
@@ -0,0 +1,453 @@
+/*
+ * Copyright (c) 1991, 1993
+#endif /* _KERNEL */
+
+#endif /* !_SYS_QUEUE_H_ */
---- isakmpd-20041012.orig/sysdep/common/pcap.h
-+++ isakmpd-20041012/sysdep/common/pcap.h
+Index: isakmpd-20041012.orig/sysdep/common/pcap.h
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.203895384 +0200
++++ isakmpd-20041012.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.292881856 +0200
@@ -55,8 +55,13 @@
u_int32_t linktype; /* data link type (DLT_*) */
};
u_int32_t caplen; /* length of portion present */
u_int32_t len; /* length this packet (off wire) */
};
---- isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c
-+++ isakmpd-20041012/sysdep/common/libsysdep/arc4random.c
+Index: isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.211894168 +0200
++++ isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.292881856 +0200
@@ -78,7 +78,7 @@
static void
arc4_stir(struct arc4_stream *as)
struct {
struct timeval tv;
u_int8_t rnd[128 - sizeof(struct timeval)];
---- isakmpd-20041012.orig/x509v3.cnf
-+++ isakmpd-20041012/x509v3.cnf
+Index: isakmpd-20041012.orig/x509v3.cnf
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ isakmpd-20041012.orig/x509v3.cnf 2007-06-04 13:22:39.293881704 +0200
@@ -0,0 +1,26 @@
+# default settings
+CERTPATHLEN = 1
+# The address must be provided in the CERTFQDN environment variable
+[x509v3_FQDN]
+subjectAltName=DNS:$ENV::CERTFQDN
-