From d854dd1d59e7d427f5af88ab497d4403dce96279 Mon Sep 17 00:00:00 2001
From: nico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed, 20 Aug 2008 22:00:41 +0000
Subject: [PATCH] move more extra packages from ./trunk to ./packages
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12359 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
package/aodv-uu/Makefile | 105 -
package/aodv-uu/files/aodv-uu.modules | 1 -
package/aodv-uu/patches/001-normalize.patch | 64 -
...nux_2.6.19_ip_route_me_harder_change.patch | 49 -
..._2.6.19_security_netlink_recv_change.patch | 16 -
.../patches/004-linux_2.6.19_includes.patch | 28 -
.../patches/005-linux_2.6.22_skbuff.patch | 164 --
package/gmp/Makefile | 59 -
package/ipsec-tools/Makefile | 86 -
.../ipsec-tools/patches/001-no_libfl.patch | 26 -
.../patches/002-configure_cppflags_typo.patch | 26 -
.../003-linux_2.6.19_rtnetlink_changes.diff | 22 -
package/isakmpd/Makefile | 51 -
package/isakmpd/patches/010-debian_3.patch | 1753 -----------------
package/isakmpd/patches/020-standardize.patch | 154 --
.../isakmpd/patches/030-openssl_hashes.patch | 161 --
.../isakmpd/patches/040-security_fix.patch | 18 -
package/isakmpd/patches/050-ar_cross.patch | 13 -
package/keynote/Makefile | 55 -
package/keynote/patches/001-build.patch | 345 ----
.../keynote/patches/002-cross_compile.patch | 588 ------
package/openswan/Makefile | 96 -
package/openswan/files/ipsec.init | 158 --
package/openswan/patches/110-scripts.patch | 33 -
.../patches/120-use_dev_urandom.patch | 39 -
package/shfs/Makefile | 89 -
package/shfs/patches/100-kmod_build.patch | 100 -
.../patches/101-shfs_0.35_2.6.18_dentry.patch | 166 --
.../102-shfs_0.35_clean_inode_clear.patch | 22 -
package/shfs/patches/103-shfs_0.35_gcc4.patch | 25 -
.../patches/104-shfs_0.35_inode_and_fs.patch | 377 ----
package/shfs/patches/105-space_chars.patch | 70 -
package/shfs/patches/106-uidgid32.patch | 38 -
package/shfs/patches/107-df.patch | 38 -
package/shfs/patches/108-no_update_mtab.patch | 28 -
package/shfs/patches/109-linux_2.6.22.patch | 26 -
package/strongswan/Makefile | 98 -
package/strongswan/files/ipsec.button | 34 -
package/strongswan/files/ipsec.conf | 34 -
package/strongswan/files/ipsec.config | 21 -
package/strongswan/files/ipsec.cron | 2 -
package/strongswan/files/ipsec.iface | 8 -
package/strongswan/files/ipsec.init | 101 -
package/strongswan/patches/100-ar-fixes.patch | 81 -
.../strongswan/patches/110-make-ipsec.patch | 11 -
.../strongswan/patches/120-make-pluto.patch | 13 -
.../strongswan/patches/130-make-starter.patch | 21 -
.../patches/200-wakeup-showstatus.patch | 234 ---
package/strongswan/patches/210-updown.patch | 662 -------
package/strongswan/patches/300-openwrt.patch | 26 -
.../patches/310-make-ipsec-alg.patch | 19 -
.../strongswan/patches/320-no-modprobe.patch | 108 -
.../patches/350-make-programs.patch | 21 -
53 files changed, 6583 deletions(-)
delete mode 100644 package/aodv-uu/Makefile
delete mode 100644 package/aodv-uu/files/aodv-uu.modules
delete mode 100644 package/aodv-uu/patches/001-normalize.patch
delete mode 100644 package/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch
delete mode 100644 package/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch
delete mode 100644 package/aodv-uu/patches/004-linux_2.6.19_includes.patch
delete mode 100644 package/aodv-uu/patches/005-linux_2.6.22_skbuff.patch
delete mode 100644 package/gmp/Makefile
delete mode 100644 package/ipsec-tools/Makefile
delete mode 100644 package/ipsec-tools/patches/001-no_libfl.patch
delete mode 100644 package/ipsec-tools/patches/002-configure_cppflags_typo.patch
delete mode 100644 package/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff
delete mode 100644 package/isakmpd/Makefile
delete mode 100644 package/isakmpd/patches/010-debian_3.patch
delete mode 100644 package/isakmpd/patches/020-standardize.patch
delete mode 100644 package/isakmpd/patches/030-openssl_hashes.patch
delete mode 100644 package/isakmpd/patches/040-security_fix.patch
delete mode 100644 package/isakmpd/patches/050-ar_cross.patch
delete mode 100644 package/keynote/Makefile
delete mode 100644 package/keynote/patches/001-build.patch
delete mode 100644 package/keynote/patches/002-cross_compile.patch
delete mode 100644 package/openswan/Makefile
delete mode 100755 package/openswan/files/ipsec.init
delete mode 100644 package/openswan/patches/110-scripts.patch
delete mode 100644 package/openswan/patches/120-use_dev_urandom.patch
delete mode 100644 package/shfs/Makefile
delete mode 100644 package/shfs/patches/100-kmod_build.patch
delete mode 100644 package/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch
delete mode 100644 package/shfs/patches/102-shfs_0.35_clean_inode_clear.patch
delete mode 100644 package/shfs/patches/103-shfs_0.35_gcc4.patch
delete mode 100644 package/shfs/patches/104-shfs_0.35_inode_and_fs.patch
delete mode 100644 package/shfs/patches/105-space_chars.patch
delete mode 100644 package/shfs/patches/106-uidgid32.patch
delete mode 100644 package/shfs/patches/107-df.patch
delete mode 100644 package/shfs/patches/108-no_update_mtab.patch
delete mode 100644 package/shfs/patches/109-linux_2.6.22.patch
delete mode 100644 package/strongswan/Makefile
delete mode 100644 package/strongswan/files/ipsec.button
delete mode 100644 package/strongswan/files/ipsec.conf
delete mode 100644 package/strongswan/files/ipsec.config
delete mode 100644 package/strongswan/files/ipsec.cron
delete mode 100644 package/strongswan/files/ipsec.iface
delete mode 100644 package/strongswan/files/ipsec.init
delete mode 100644 package/strongswan/patches/100-ar-fixes.patch
delete mode 100644 package/strongswan/patches/110-make-ipsec.patch
delete mode 100644 package/strongswan/patches/120-make-pluto.patch
delete mode 100644 package/strongswan/patches/130-make-starter.patch
delete mode 100644 package/strongswan/patches/200-wakeup-showstatus.patch
delete mode 100644 package/strongswan/patches/210-updown.patch
delete mode 100644 package/strongswan/patches/300-openwrt.patch
delete mode 100644 package/strongswan/patches/310-make-ipsec-alg.patch
delete mode 100644 package/strongswan/patches/320-no-modprobe.patch
delete mode 100644 package/strongswan/patches/350-make-programs.patch
diff --git a/package/aodv-uu/Makefile b/package/aodv-uu/Makefile
deleted file mode 100644
index 9f55194e1..000000000
--- a/package/aodv-uu/Makefile
+++ /dev/null
@@ -1,105 +0,0 @@
-#
-# Copyright (C) 2006-2008 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-# $Id$
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=aodv-uu
-PKG_VERSION:=0.9.3
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://core.it.uu.se/core/files/
-PKG_MD5SUM:=05460543054449cb4b170252a7168c65
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/aodv-uu/Default
- TITLE:=Ad-hoc On-demand Distance Vector Routing
- DEPENDS:=@BROKEN
- URL:=http://core.it.uu.se/core/index.php/AODV-UU
-endef
-
-define Package/aodv-uu/Default/description
- AODV is the Ad-hoc On-demand Distance Vector routing protocol
- implementation created at Uppsala University.
-endef
-
-define Package/aodv-uu
-$(call Package/aodv-uu/Default)
- SECTION:=net
- CATEGORY:=Network
- TITLE+= (daemon)
-endef
-
-define Package/aodv-uu/description
-$(call Package/aodv-uu/Default/description)
- This package contains the AODV userland daemon.
-endef
-
-define KernelPackage/aodv-uu
-$(call Package/aodv-uu/Default)
- TITLE+= (kernel module)
- FILES:=$(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX)
- SUBMENU:=Network Support
- AUTOLOAD:=$(call AutoLoad,80,$(shell cat ./files/aodv-uu.modules))
-endef
-
-define KernelPackage/aodv-uu/description
-$(call Package/aodv-uu/Default/description)
- This package contains the AODV kernel module.
-endef
-
-ifeq ($(CONFIG_LINUX_2_6),y)
- define Build/Compile/linux26
- $(MAKE) -C $(LINUX_DIR) \
- ARCH="$(LINUX_KARCH)" \
- CROSS_COMPILE="$(TARGET_CROSS)" \
- PATCHLEVEL="$(LINUX_VERSION)" \
- KERNDIR="$(LINUX_DIR)" \
- SUBDIRS="$(PKG_BUILD_DIR)/lnx" \
- modules
- endef
-else
- # We assume 2.4 builds are only for brcm-2.4 yet
- define Build/Compile/linux24-brcm
- $(call Build/Compile/Default,\
- KERNEL_DIR="$(LINUX_DIR)" \
- KCC="$(TARGET_CC)" \
- CFLAGS="$(TARGET_CFLAGS)" \
- kaodv-mips \
- )
- cp $(PKG_BUILD_DIR)/lnx/kaodv-mips.$(LINUX_KMOD_SUFFIX) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX)
- endef
-endif
-
-define Build/Compile
- $(call Build/Compile/linux26)
- $(call Build/Compile/linux24-brcm)
- $(call Build/Compile/Default,\
- KERNEL_DIR="$(LINUX_DIR)" \
- KCC="$(TARGET_CC)" \
- CFLAGS="$(TARGET_CFLAGS)" \
- aodvd \
- )
-endef
-
-define Package/aodv-uu/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/aodvd $(1)/usr/sbin
-endef
-
-define Package/kmod-aodv-uu/install
- $(INSTALL_DIR) $(1)/etc/modules.d
- $(INSTALL_DATA) ./files/aodv-uu.modules $(1)/etc/modules.d/80-aodv-uu
- $(INSTALL_DIR) $(1)/lib/modules/$(LINUX_VERSION)
- $(CP) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX) $(1)/lib/modules/$(LINUX_VERSION)/
-endef
-
-$(eval $(call BuildPackage,aodv-uu))
-$(eval $(call KernelPackage,aodv-uu))
diff --git a/package/aodv-uu/files/aodv-uu.modules b/package/aodv-uu/files/aodv-uu.modules
deleted file mode 100644
index 809c4da69..000000000
--- a/package/aodv-uu/files/aodv-uu.modules
+++ /dev/null
@@ -1 +0,0 @@
-kaodv
diff --git a/package/aodv-uu/patches/001-normalize.patch b/package/aodv-uu/patches/001-normalize.patch
deleted file mode 100644
index bdc6fdae4..000000000
--- a/package/aodv-uu/patches/001-normalize.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Index: aodv-uu-0.9.3/lnx/Makefile
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/Makefile 2007-06-04 13:22:19.859836128 +0200
-+++ aodv-uu-0.9.3/lnx/Makefile 2007-06-04 13:22:19.932825032 +0200
-@@ -30,7 +30,7 @@
- KCFLAGS=-Wall -Wno-strict-aliasing -O2 $(KDEFS) $(KINC) $(XDEFS)
- KCFLAGS_ARM=-Wall -O2 -D__KERNEL__ -DMODULE -nostdinc $(shell $(ARM_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC)
- KCFLAGS_MIPS=-Wall -mips2 -O2 -fno-pic -mno-abicalls -mlong-calls -G0 -msoft-float -D__KERNEL__ -DMODULE -nostdinc $(shell $(MIPS_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC) $(XDEFS)
--
-+endif
- .PHONY: clean clean-2.4 clean-2.6 indent default
-
- # Check for kernel version
-@@ -89,5 +89,3 @@
- etags *.c *.h
- indent:
- indent -kr -i8 -ts8 -sob -l80 -ss -ncs *.c *.h
--endif
--
-Index: aodv-uu-0.9.3/Makefile
-===================================================================
---- aodv-uu-0.9.3.orig/Makefile 2007-06-04 13:22:19.866835064 +0200
-+++ aodv-uu-0.9.3/Makefile 2007-06-04 13:22:19.932825032 +0200
-@@ -87,7 +87,7 @@
- mips: aodvd-mips kaodv-mips
-
- endian.h:
-- $(CC) $(CFLAGS) -o endian endian.c
-+ gcc -o endian endian.c
- ./endian > endian.h
-
- $(OBJS): %.o: %.c Makefile
-@@ -143,19 +143,18 @@
- @makedepend -Y./ -- $(DEFS) -- $(SRC) &>/dev/null
- @makedepend -a -Y./ -- $(KDEFS) kaodv.c &>/dev/null
-
--install: default
-- install -s -m 755 aodvd /usr/sbin/aodvd
-- @if [ ! -d /lib/modules/$(KERNEL)/aodv ]; then \
-- mkdir /lib/modules/$(KERNEL)/aodv; \
-- fi
--
-- @echo "Installing kernel module in /lib/modules/$(KERNEL)/aodv/";
-- @if [ -f ./kaodv.ko ]; then \
-- install -m 644 kaodv.ko /lib/modules/$(KERNEL)/aodv/kaodv.ko; \
-- else \
-- install -m 644 kaodv.o /lib/modules/$(KERNEL)/aodv/kaodv.o; \
-- fi
-- /sbin/depmod -a
-+install: install-aodvd install-kaodv
-+
-+install-aodvd:
-+ @echo "Installing aodv in $(DESTDIR)/usr/sbin";
-+ install -d -m0755 $(DESTDIR)/usr/sbin/
-+ install -m0755 aodvd $(DESTDIR)/usr/sbin/aodvd
-+
-+install-kaodv:
-+ @echo "Installing kernel module in $(DESTDIR)/lib/modules/$(KERNEL)/";
-+ install -d -m0644 $(DESTDIR)/lib/modules/$(KERNEL)/
-+ install -m 644 lnx/kaodv.$(KMOD_SUFFIX) $(DESTDIR)/lib/modules/$(KERNEL)/kaodv.$(KMOD_SUFFIX);
-+
- uninstall:
- rm -f /usr/sbin/aodvd
- rm -rf /lib/modules/$(KERNEL)/aodv
diff --git a/package/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch b/package/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch
deleted file mode 100644
index 638de87ff..000000000
--- a/package/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Index: aodv-uu-0.9.3/lnx/kaodv-mod.c
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-04 13:22:19.830840536 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-04 13:22:20.130794936 +0200
-@@ -19,7 +19,7 @@
- * Author: Erik Nordström, <erik.nordstrom@it.uu.se>
- *
- *****************************************************************************/
--#include <linux/config.h>
-+#include <linux/autoconf.h>
- #include <linux/version.h>
-
- #ifdef KERNEL26
-@@ -258,7 +258,11 @@
- if (!(*skb))
- return NF_STOLEN;
-
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
-+ ip_route_me_harder(skb, RTN_UNSPEC);
-+#else
- ip_route_me_harder(skb);
-+#endif
- }
- break;
- case NF_IP_POST_ROUTING:
-Index: aodv-uu-0.9.3/lnx/kaodv-queue.c
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-04 13:22:19.837839472 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-04 13:22:20.130794936 +0200
-@@ -29,6 +29,7 @@
- #include <linux/spinlock.h>
- #include <linux/sysctl.h>
- #include <linux/proc_fs.h>
-+#include <linux/version.h>
- #include <net/sock.h>
- #include <net/route.h>
- #include <net/icmp.h>
-@@ -246,7 +247,11 @@
- if (!entry->skb)
- goto next;
- }
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
-+ ip_route_me_harder(&entry->skb, RTN_UNSPEC);
-+#else
- ip_route_me_harder(&entry->skb);
-+#endif
-
- pkts++;
-
diff --git a/package/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch b/package/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch
deleted file mode 100644
index 53d90643d..000000000
--- a/package/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-04 13:22:19.810843576 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-04 13:22:20.326765144 +0200
-@@ -284,7 +284,11 @@
- /* RCV_SKB_FAIL(-EINVAL); */
-
- #ifdef KERNEL26
-+# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
-+ if (security_netlink_recv(skb, CAP_NET_ADMIN))
-+# else
- if (security_netlink_recv(skb))
-+# endif
- RCV_SKB_FAIL(-EPERM);
- #endif
- //write_lock_bh(&queue_lock);
diff --git a/package/aodv-uu/patches/004-linux_2.6.19_includes.patch b/package/aodv-uu/patches/004-linux_2.6.19_includes.patch
deleted file mode 100644
index 8dc1adf01..000000000
--- a/package/aodv-uu/patches/004-linux_2.6.19_includes.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Index: aodv-uu-0.9.3/main.c
-===================================================================
---- aodv-uu-0.9.3.orig/main.c 2007-06-04 13:22:19.782847832 +0200
-+++ aodv-uu-0.9.3/main.c 2007-06-04 13:22:20.513736720 +0200
-@@ -26,6 +26,8 @@
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <sys/stat.h>
-+#include <linux/types.h>
-+#include <linux/if.h>
- #include <linux/sockios.h>
- #include <linux/wireless.h>
- #include <getopt.h>
-Index: aodv-uu-0.9.3/nl.c
-===================================================================
---- aodv-uu-0.9.3.orig/nl.c 2007-06-04 13:22:19.789846768 +0200
-+++ aodv-uu-0.9.3/nl.c 2007-06-04 13:22:20.513736720 +0200
-@@ -33,6 +33,10 @@
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <linux/rtnetlink.h>
-+#include <linux/version.h>
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
-+#include <linux/if_addr.h>
-+#endif
-
- #include "defs.h"
- #include "lnx/kaodv-netlink.h"
diff --git a/package/aodv-uu/patches/005-linux_2.6.22_skbuff.patch b/package/aodv-uu/patches/005-linux_2.6.22_skbuff.patch
deleted file mode 100644
index 0831c5f75..000000000
--- a/package/aodv-uu/patches/005-linux_2.6.22_skbuff.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-Index: aodv-uu-0.9.3/lnx/kaodv-compat.h
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ aodv-uu-0.9.3/lnx/kaodv-compat.h 2007-06-17 02:49:46.844217144 +0200
-@@ -0,0 +1,15 @@
-+#ifndef __KAODV_COMPAT_H
-+#define __KAODV_COMPAT_H
-+
-+#include <linux/version.h>
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)
-+
-+#define ip_hdr(_skb) (_skb)->nh.iph
-+#define skb_reset_network_header(_skb) do { \
-+ _skb->nh.iph = (struct iphdr *)_skb->data; \
-+ } while (0);
-+
-+
-+#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) */
-+
-+#endif
-Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.c
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.c 2007-06-17 02:31:56.448941960 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-ipenc.c 2007-06-17 02:45:50.420159064 +0200
-@@ -64,7 +64,7 @@
- if (skb->sk != NULL)
- skb_set_owner_w(nskb, skb->sk);
-
-- iph = skb->nh.iph;
-+ iph = ip_hdr(skb);
-
- skb_put(nskb, sizeof(struct min_ipenc_hdr));
-
-@@ -78,7 +78,8 @@
- skb = nskb;
-
- /* Update pointers */
-- iph = skb->nh.iph = (struct iphdr *)skb->data;
-+ skb_reset_network_header(skb);
-+ iph = (struct iphdr *)skb->data;
-
- ipe = (struct min_ipenc_hdr *)(skb->data + (iph->ihl << 2));
-
-@@ -99,8 +100,8 @@
-
- ip_send_check(iph);
-
-- if (skb->nh.iph->id == 0)
-- ip_select_ident(skb->nh.iph, skb->dst, NULL);
-+ if (ip_hdr(skb)->id == 0)
-+ ip_select_ident(ip_hdr(skb), skb->dst, NULL);
-
- return skb;
- }
-@@ -108,9 +109,7 @@
- struct sk_buff *ip_pkt_decapsulate(struct sk_buff *skb)
- {
- struct min_ipenc_hdr *ipe;
-- /* skb->nh.iph is probably not set yet */
-- struct iphdr *iph = skb->nh.iph;
--
-+ struct iphdr *iph = ip_hdr(skb);
-
- ipe = (struct min_ipenc_hdr *)((char *)iph + (iph->ihl << 2));
-
-@@ -123,8 +122,9 @@
- skb->len - (iph->ihl << 2) - sizeof(struct min_ipenc_hdr));
-
- skb_trim(skb, skb->len - sizeof(struct min_ipenc_hdr));
--
-- skb->nh.iph = iph = (struct iphdr *)skb->data;
-+
-+ skb_reset_network_header(skb);
-+ iph = (struct iphdr *)skb->data;
-
- iph->tot_len = htons((ntohs(iph->tot_len) - sizeof(struct min_ipenc_hdr)));
- ip_send_check(iph);
-Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.h
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.h 2007-06-17 02:44:13.881835120 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-ipenc.h 2007-06-17 02:44:16.549429584 +0200
-@@ -27,6 +27,7 @@
- #include <linux/ip.h>
- #include <linux/skbuff.h>
- #include <asm/byteorder.h>
-+#include "kaodv-compat.h"
-
- #define IPPROTO_MIPE 55
-
-Index: aodv-uu-0.9.3/lnx/kaodv-mod.c
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-17 02:43:33.776931992 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-17 02:43:39.008136728 +0200
-@@ -120,7 +120,7 @@
- const struct net_device *out,
- int (*okfn) (struct sk_buff *))
- {
-- struct iphdr *iph = (*skb)->nh.iph;
-+ struct iphdr *iph = ip_hdr(*skb);
- struct expl_entry e;
- struct in_addr ifaddr, bcaddr;
- int res = 0;
-@@ -188,7 +188,7 @@
- if (is_gateway && iph->protocol == IPPROTO_MIPE &&
- iph->daddr == ifaddr.s_addr) {
- ip_pkt_decapsulate(*skb);
-- iph = (*skb)->nh.iph;
-+ iph = ip_hdr(*skb);
- return NF_ACCEPT;
- }
- /* Ignore packets generated locally or that are for this
-Index: aodv-uu-0.9.3/lnx/kaodv-mod.h
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-mod.h 2007-06-17 02:44:32.498005032 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-mod.h 2007-06-17 02:44:34.662675952 +0200
-@@ -5,6 +5,7 @@
- #include <linux/inetdevice.h>
- #include <linux/list.h>
- #include <linux/spinlock.h>
-+#include "kaodv-compat.h"
-
- /* Interface information */
- struct if_info {
-Index: aodv-uu-0.9.3/lnx/kaodv-queue.c
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-17 02:45:01.513593992 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-17 02:45:11.534070648 +0200
-@@ -152,7 +152,7 @@
- {
- int status = -EINVAL;
- struct kaodv_queue_entry *entry;
-- struct iphdr *iph = skb->nh.iph;
-+ struct iphdr *iph = ip_hdr(skb);
-
- entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
-
-Index: aodv-uu-0.9.3/lnx/kaodv-queue.h
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-queue.h 2007-06-17 02:44:50.537262648 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-queue.h 2007-06-17 02:44:53.629792512 +0200
-@@ -21,6 +21,7 @@
- *****************************************************************************/
- #ifndef _KAODV_QUEUE_H
- #define _KAODV_QUEUE_H
-+#include "kaodv-compat.h"
-
- #define KAODV_QUEUE_DROP 1
- #define KAODV_QUEUE_SEND 2
-Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c
-===================================================================
---- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-17 02:47:48.927143264 +0200
-+++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-17 02:49:11.604574384 +0200
-@@ -338,8 +338,10 @@
- netlink_register_notifier(&kaodv_nl_notifier);
- #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,14))
- kaodvnl = netlink_kernel_create(NETLINK_AODV, kaodv_netlink_rcv_sk);
--#else
-+#elif (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22))
- kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, THIS_MODULE);
-+#else
-+ kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, NULL, THIS_MODULE);
- #endif
- if (kaodvnl == NULL) {
- printk(KERN_ERR "kaodv_netlink: failed to create netlink socket\n");
diff --git a/package/gmp/Makefile b/package/gmp/Makefile
deleted file mode 100644
index 59a826bdb..000000000
--- a/package/gmp/Makefile
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# Copyright (C) 2006-2008 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-# $Id$
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=gmp
-PKG_VERSION:=4.2.2
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=@GNU/gmp
-PKG_MD5SUM:=7ce52531644e6d12f16911b7e3151f3f
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/libgmp
- SECTION:=libs
- CATEGORY:=Libraries
- TITLE:=GNU multiprecision arithmetic library
- URL:=http://gmplib.org/
-endef
-
-define Package/libgmp/description
- GMP is a free library for arbitrary precision arithmetic, operating on
- signed integers, rational numbers, and floating point numbers.
-endef
-
-TARGET_CFLAGS += $(FPIC)
-CONFIGURE_VARS += CC="$(TARGET_CROSS)gcc"
-CONFIGURE_ARGS += \
- --enable-shared \
- --enable-static \
-
-define Build/Compile
- $(call Build/Compile/Default, \
- DESTDIR="$(PKG_INSTALL_DIR)" \
- CC="$(TARGET_CC)" \
- all install \
- )
-endef
-
-define Build/InstallDev
- mkdir -p $(1)/usr/include
- $(CP) $(PKG_INSTALL_DIR)/usr/include/gmp* $(1)/usr/include/
- mkdir -p $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.{a,so*} $(1)/usr/lib/
-endef
-
-define Package/libgmp/install
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.so.* $(1)/usr/lib/
-endef
-
-$(eval $(call BuildPackage,libgmp))
diff --git a/package/ipsec-tools/Makefile b/package/ipsec-tools/Makefile
deleted file mode 100644
index 0f24ae12e..000000000
--- a/package/ipsec-tools/Makefile
+++ /dev/null
@@ -1,86 +0,0 @@
-#
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-# $Id$
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=ipsec-tools
-PKG_VERSION:=0.7
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=@SF/ipsec-tools
-PKG_MD5SUM:=c0a586924edde35264ecfe94ad1c261f
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/ipsec-tools
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=@LINUX_2_6 +libopenssl
- TITLE:=IPsec management tools
- URL:=http://ipsec-tools.sourceforge.net/
-endef
-
-CONFIGURE_ARGS += \
- --enable-shared \
- --enable-static \
- --with-kernel-headers="$(LINUX_DIR)/include" \
- --without-readline \
- --with-openssl="$(STAGING_DIR)/usr" \
- --without-libradius \
- --without-libpam \
- --enable-dpd \
- --enable-hybrid \
- --enable-security-context=no \
- --enable-natt \
- --enable-adminport \
- --enable-ipv6
-
-define Build/Configure
- (cd $(PKG_BUILD_DIR); touch \
- configure.ac \
- aclocal.m4 \
- Makefile.in \
- config.h.in \
- configure \
- );
- $(call Build/Configure/Default)
- echo "#undef HAVE_SHADOW_H" >> $(PKG_BUILD_DIR)/config.h
-endef
-
-# override CFLAGS holding "-Werror" that break builds on compile warnings
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- DESTDIR="$(PKG_INSTALL_DIR)" \
- CFLAGS="$(TARGET_CFLAGS)" \
- all install
-endef
-
-define Package/ipsec-tools/install
- $(INSTALL_DIR) $(1)/etc
- $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/racoon.conf $(1)/etc/
- $(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf
- $(INSTALL_DIR) $(1)/etc/racoon
- $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/plainrsa-gen $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoon $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoonctl $(1)/usr/sbin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/setkey $(1)/usr/sbin/
-endef
-
-define Package/ipsec-tools/conffiles
-/etc/racoon.conf
-/etc/racoon/psk.txt
-endef
-
-$(eval $(call BuildPackage,ipsec-tools))
diff --git a/package/ipsec-tools/patches/001-no_libfl.patch b/package/ipsec-tools/patches/001-no_libfl.patch
deleted file mode 100644
index 8abc9a07e..000000000
--- a/package/ipsec-tools/patches/001-no_libfl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Index: ipsec-tools-0.6.6/src/racoon/cftoken.l
-===================================================================
---- ipsec-tools-0.6.6.orig/src/racoon/cftoken.l 2007-06-04 13:22:36.567296208 +0200
-+++ ipsec-tools-0.6.6/src/racoon/cftoken.l 2007-06-04 13:22:36.646284200 +0200
-@@ -105,6 +105,8 @@
- static int incstackp = 0;
-
- static int yy_first_time = 1;
-+
-+int yywrap(void) { return 1; }
- %}
-
- /* common seciton */
-Index: ipsec-tools-0.6.6/src/setkey/token.l
-===================================================================
---- ipsec-tools-0.6.6.orig/src/setkey/token.l 2007-06-04 13:22:36.575294992 +0200
-+++ ipsec-tools-0.6.6/src/setkey/token.l 2007-06-04 13:22:36.646284200 +0200
-@@ -84,6 +84,8 @@
- #ifndef SADB_X_EALG_AESCTR
- #define SADB_X_EALG_AESCTR (-1)
- #endif
-+
-+int yywrap(void) { return 1; }
- %}
-
- /* common section */
diff --git a/package/ipsec-tools/patches/002-configure_cppflags_typo.patch b/package/ipsec-tools/patches/002-configure_cppflags_typo.patch
deleted file mode 100644
index 407c67ece..000000000
--- a/package/ipsec-tools/patches/002-configure_cppflags_typo.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Index: ipsec-tools-0.6.6/configure.ac
-===================================================================
---- ipsec-tools-0.6.6.orig/configure.ac 2007-06-04 13:22:36.540300312 +0200
-+++ ipsec-tools-0.6.6/configure.ac 2007-06-04 13:22:36.841254560 +0200
-@@ -183,7 +183,7 @@
-
- if test "x$crypto_dir" != "x"; then
- LIBS="$LIBS -L${crypto_dir}/lib"
-- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- AC_MSG_CHECKING(openssl version)
-
-Index: ipsec-tools-0.6.6/configure
-===================================================================
---- ipsec-tools-0.6.6.orig/configure 2007-06-04 13:22:36.547299248 +0200
-+++ ipsec-tools-0.6.6/configure 2007-06-04 13:22:36.850253192 +0200
-@@ -23687,7 +23687,7 @@
-
- if test "x$crypto_dir" != "x"; then
- LIBS="$LIBS -L${crypto_dir}/lib"
-- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- echo "$as_me:$LINENO: checking openssl version" >&5
- echo $ECHO_N "checking openssl version... $ECHO_C" >&6
diff --git a/package/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff b/package/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff
deleted file mode 100644
index 52d092e6c..000000000
--- a/package/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff
+++ /dev/null
@@ -1,22 +0,0 @@
-Index: ipsec-tools-0.6.6/src/racoon/grabmyaddr.c
-===================================================================
---- ipsec-tools-0.6.6.orig/src/racoon/grabmyaddr.c 2007-06-04 13:22:36.521303200 +0200
-+++ ipsec-tools-0.6.6/src/racoon/grabmyaddr.c 2007-06-04 13:22:37.064220664 +0200
-@@ -77,10 +77,17 @@
- #ifdef __linux__
- #include <linux/types.h>
- #include <linux/rtnetlink.h>
-+#include <linux/version.h>
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
-+# include <linux/if_addr.h>
-+#endif
- #ifndef HAVE_GETIFADDRS
- #define HAVE_GETIFADDRS
- #define NEED_LINUX_GETIFADDRS
- #endif
-+#ifndef IFA_RTA
-+# define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
-+#endif
- #endif
-
- #ifndef HAVE_GETIFADDRS
diff --git a/package/isakmpd/Makefile b/package/isakmpd/Makefile
deleted file mode 100644
index 4214fdb96..000000000
--- a/package/isakmpd/Makefile
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-# $Id$
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=isakmpd
-PKG_VERSION:=20041012
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
-PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/i/isakmpd/
-PKG_MD5SUM:=e6d25a9e232fb186e1a48dc06453bd57
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION).orig
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-define Package/isakmpd
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=@LINUX_2_6 +libopenssl +keynote +libgmp
- TITLE:=IPsec management tools
- URL:=http://isakmpd.sourceforge.net/
-endef
-
-define Build/Compile
- CFLAGS="$(TARGET_CFLAGS)" \
- $(MAKE) -C $(PKG_BUILD_DIR) \
- $(TARGET_CONFIGURE_OPTS) \
- LINUX_DIR="$(LINUX_DIR)" \
- EXTRA_CPPFLAGS="$(TARGET_CPPFLAGS) -I$(STAGING_DIR)/usr/include/openssl -I$(STAGING_DIR)/usr/include/keynote" \
- EXTRA_LDFLAGS="$(TARGET_LDFLAGS)"
-
- $(MAKE) -C $(PKG_BUILD_DIR) \
- DESTDIR="$(PKG_INSTALL_DIR)" \
- INSTALL="install -c" \
- install-bin
-endef
-
-define Package/isakmpd/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(CP) $(PKG_INSTALL_DIR)/* $(1)/
-endef
-
-$(eval $(call BuildPackage,isakmpd))
diff --git a/package/isakmpd/patches/010-debian_3.patch b/package/isakmpd/patches/010-debian_3.patch
deleted file mode 100644
index 0f50cf9c0..000000000
--- a/package/isakmpd/patches/010-debian_3.patch
+++ /dev/null
@@ -1,1753 +0,0 @@
-Index: isakmpd-20041012.orig/dpd.c
-===================================================================
---- isakmpd-20041012.orig.orig/dpd.c 2007-06-04 13:22:39.088912864 +0200
-+++ isakmpd-20041012.orig/dpd.c 2007-06-04 13:22:39.282883376 +0200
-@@ -26,6 +26,7 @@
-
- #include <sys/types.h>
- #include <stdlib.h>
-+#include <memory.h>
-
- #include "sysdep.h"
-
-@@ -174,6 +175,7 @@
- }
- break;
- default:
-+ ;
- }
-
- /* Mark handled. */
-@@ -223,6 +225,7 @@
- dpd_check_event, sa, &tv);
- break;
- default:
-+ ;
- }
- if (!sa->dpd_event)
- log_print("dpd_timer_reset: timer_add_event failed");
-Index: isakmpd-20041012.orig/ipsec.c
-===================================================================
---- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.093912104 +0200
-+++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200
-@@ -1020,6 +1020,52 @@
- }
- }
-
-+/*
-+ * deal with a NOTIFY of INVALID_SPI
-+ */
-+static void
-+ipsec_invalid_spi (struct message *msg, struct payload *p)
-+{
-+ struct sockaddr *dst;
-+ int invspisz, off;
-+ u_int32_t spi;
-+ u_int16_t totsiz;
-+ u_int8_t spisz;
-+
-+ /* Any notification that make us do something should be protected */
-+ if(!TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_HASH]))
-+ {
-+ LOG_DBG ((LOG_SA, 40,
-+ "ipsec_invalid_spi: missing HASH payload in INVALID_SPI"
-+ " notification"));
-+ return;
-+ }
-+
-+ /*
-+ * get the invalid spi out of the variable sized notification data
-+ * field, which is after the variable sized SPI field [which specifies
-+ * the receiving entity's phase-1 SPI, not the invalid spi]
-+ */
-+ totsiz = GET_ISAKMP_GEN_LENGTH (p->p);
-+ spisz = GET_ISAKMP_NOTIFY_SPI_SZ (p->p);
-+ off = ISAKMP_NOTIFY_SPI_OFF + spisz;
-+ invspisz = totsiz - off;
-+
-+ if (invspisz != sizeof spi)
-+ {
-+ LOG_DBG ((LOG_SA, 40,
-+ "ipsec_invalid_spi: SPI size %d in INVALID_SPI "
-+ "payload unsupported", spisz));
-+ return;
-+ }
-+ memcpy (&spi, p->p + off, sizeof spi);
-+
-+ msg->transport->vtbl->get_dst (msg->transport, &dst);
-+
-+ /* delete matching SPI's from this peer */
-+ ipsec_delete_spi_list (dst, 0, (u_int8_t *)&spi, 1, "INVALID_SPI");
-+}
-+
- static int
- ipsec_responder(struct message *msg)
- {
-@@ -1205,7 +1251,9 @@
- return dv != IPSEC_ENCAP_TUNNEL
- && dv != IPSEC_ENCAP_TRANSPORT
- && dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL
-- && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT;
-+ && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT
-+ && dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT
-+ && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT;
- #else
- return dv < IPSEC_ENCAP_TUNNEL
- || dv > IPSEC_ENCAP_TRANSPORT;
-@@ -1837,7 +1885,7 @@
- ipsec_get_id(char *section, int *id, struct sockaddr **addr,
- struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port)
- {
-- char *type, *address, *netmask;
-+ char *type, *address, *netmask;
-
- type = conf_get_str(section, "ID-type");
- if (!type) {
-Index: isakmpd-20041012.orig/GNUmakefile
-===================================================================
---- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.099911192 +0200
-+++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200
-@@ -40,12 +40,12 @@
- # integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec.
- # darwin means MacOS X 10.2 and later with KAME IPsec. linux means Linux-2.5
- # and later with native IPSec support.
--OS= openbsd
-+#OS= openbsd
- #OS= netbsd
- #OS= freebsd
- #OS= freeswan
- #OS= darwin
--#OS= linux
-+OS= linux
-
- .CURDIR:= $(shell pwd)
- VPATH= ${.CURDIR}/sysdep/${OS}
-@@ -55,9 +55,10 @@
- ifndef BINDIR
- BINDIR= /sbin
- endif
--ifndef LDSTATIC
--LDSTATIC= -static
--endif
-+
-+#ifndef LDSTATIC
-+#LDSTATIC= -static
-+#endif
-
- SRCS= app.c attribute.c cert.c connection.c \
- constants.c conf.c cookie.c crypto.c dh.c doi.c exchange.c \
-@@ -131,11 +132,14 @@
- ifneq ($(findstring install,$(MAKECMDGOALS)),install)
- # Skip 'regress' until the regress/ structure has gmake makefiles for it.
- #SUBDIR:= regress
--SUBDIR:=
-+#SUBDIR:= apps/certpatch
- mksubdirs:
- $(foreach DIR, ${SUBDIR}, \
-- cd ${DIR}; ${MAKE} ${MAKEFLAGS} CFLAGS="${CFLAGS}" \
-- MKDEP="${MKDEP}" ${MAKECMDGOALS})
-+ cd ${.CURDIR}/${DIR}; ${MAKE} ${MAKECMDGOALS};)
-+
-+# $(foreach DIR, ${SUBDIR}, \
-+# cd ${DIR}; ${MAKE} CFLAGS="${CFLAGS}" \
-+# MKDEP="${MKDEP}" ${MAKECMDGOALS})
- else
- mksubdirs:
- endif
-@@ -173,7 +177,7 @@
- endif
-
- SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
-- $(ISAKMP_CFG)
-+ $(ISAKMP_CFG) ${DPD} ${NAT_TRAVERSAL}
- CFLAGS+= ${IPSEC_CFLAGS}
- LDADD+= ${DESLIB}
- DPADD+= ${DESLIBDEP}
-Index: isakmpd-20041012.orig/exchange.h
-===================================================================
---- isakmpd-20041012.orig.orig/exchange.h 2007-06-04 13:22:39.104910432 +0200
-+++ isakmpd-20041012.orig/exchange.h 2007-06-04 13:22:39.283883224 +0200
-@@ -221,6 +221,8 @@
- #define EXCHANGE_FLAG_NAT_T_ENABLE 0x10 /* We are doing NAT-T. */
- #define EXCHANGE_FLAG_NAT_T_KEEPALIVE 0x20 /* We are the NAT:ed peer. */
- #define EXCHANGE_FLAG_DPD_CAP_PEER 0x40 /* Peer is DPD capable. */
-+#define EXCHANGE_FLAG_NAT_T_RFC 0x0080 /* Peer does RFC NAT-T. */
-+#define EXCHANGE_FLAG_NAT_T_DRAFT 0x0100 /* Peer does draft NAT-T.*/
-
- extern int exchange_add_certs(struct message *);
- extern void exchange_finalize(struct message *);
-Index: isakmpd-20041012.orig/log.c
-===================================================================
---- isakmpd-20041012.orig.orig/log.c 2007-06-04 13:22:39.110909520 +0200
-+++ isakmpd-20041012.orig/log.c 2007-06-04 13:22:39.284883072 +0200
-@@ -79,7 +79,6 @@
-
- struct packhdr {
- struct pcap_pkthdr pcap;/* pcap file packet header */
-- u_int32_t sa_family; /* address family */
- union {
- struct ip ip4; /* IPv4 header (w/o options) */
- struct ip6_hdr ip6; /* IPv6 header */
-@@ -97,7 +96,7 @@
- static u_int8_t *packet_buf = NULL;
-
- static int udp_cksum(struct packhdr *, const struct udphdr *,
-- u_int16_t *);
-+ u_int16_t *, int);
- static u_int16_t in_cksum(const u_int16_t *, int);
- #endif /* USE_DEBUG */
-
-@@ -539,11 +538,9 @@
- udp.uh_ulen = htons(datalen);
-
- /* ip */
-- hdr.sa_family = htonl(src->sa_family);
- switch (src->sa_family) {
- default:
- /* Assume IPv4. XXX Can 'default' ever happen here? */
-- hdr.sa_family = htonl(AF_INET);
- hdr.ip.ip4.ip_src.s_addr = 0x02020202;
- hdr.ip.ip4.ip_dst.s_addr = 0x01010101;
- /* The rest of the setup is common to AF_INET. */
-@@ -584,9 +581,7 @@
- }
-
- /* Calculate UDP checksum. */
-- udp.uh_sum = udp_cksum(&hdr, &udp, (u_int16_t *) packet_buf);
-- hdrlen += sizeof hdr.sa_family;
--
-+ udp.uh_sum = udp_cksum(&hdr, &udp, (u_int16_t *) packet_buf, src->sa_family);
- /* pcap file packet header */
- gettimeofday(&tv, 0);
- hdr.pcap.ts.tv_sec = tv.tv_sec;
-@@ -610,7 +605,7 @@
-
- /* Copied from tcpdump/print-udp.c, mostly rewritten. */
- static int
--udp_cksum(struct packhdr *hdr, const struct udphdr *u, u_int16_t *d)
-+udp_cksum(struct packhdr *hdr, const struct udphdr *u, u_int16_t *d, int af)
- {
- struct ip *ip4;
- struct ip6_hdr *ip6;
-@@ -639,7 +634,7 @@
-
- /* Setup pseudoheader. */
- memset(phu.pa, 0, sizeof phu);
-- switch (ntohl(hdr->sa_family)) {
-+ switch (af) {
- case AF_INET:
- ip4 = &hdr->ip.ip4;
- memcpy(&phu.ip4p.src, &ip4->ip_src, sizeof(struct in_addr));
-@@ -664,7 +659,7 @@
-
- /* IPv6 wants a 0xFFFF checksum "on error", not 0x0. */
- if (tlen < 0)
-- return (ntohl(hdr->sa_family) == AF_INET ? 0 : 0xFFFF);
-+ return (af == AF_INET ? 0 : 0xFFFF);
-
- sum = 0;
- for (i = 0; i < hdrlen; i += 2)
-Index: isakmpd-20041012.orig/nat_traversal.c
-===================================================================
---- isakmpd-20041012.orig.orig/nat_traversal.c 2007-06-04 13:22:39.115908760 +0200
-+++ isakmpd-20041012.orig/nat_traversal.c 2007-06-04 13:22:39.284883072 +0200
-@@ -1,4 +1,4 @@
--/* $OpenBSD: nat_traversal.c,v 1.7 2004/08/08 19:11:06 deraadt Exp $ */
-+/* $OpenBSD: nat_traversal.c,v 1.17 2006/06/14 14:03:33 hshoexer Exp $ */
-
- /*
- * Copyright (c) 2004 Håkan Olsson. All rights reserved.
-@@ -48,40 +48,40 @@
- #include "util.h"
- #include "virtual.h"
-
-+int disable_nat_t = 0;
-+
- /*
-- * XXX According to draft-ietf-ipsec-nat-t-ike-07.txt, the NAT-T
-- * capability of the other peer is determined by a particular vendor ID
-- * sent as the first message. This vendor ID string is supposed to be a
-- * MD5 hash of "RFC XXXX", where XXXX is the future RFC number.
-+ * NAT-T capability of the other peer is determined by a particular vendor
-+ * ID sent in the first message. This vendor ID string is supposed to be a
-+ * MD5 hash of "RFC 3947".
- *
- * These seem to be the "well" known variants of this string in use by
- * products today.
- */
--static const char *isakmp_nat_t_cap_text[] = {
-- "draft-ietf-ipsec-nat-t-ike-00", /* V1 (XXX: may be obsolete) */
-- "draft-ietf-ipsec-nat-t-ike-02\n", /* V2 */
-- "draft-ietf-ipsec-nat-t-ike-03", /* V3 */
--#ifdef notyet
-- "RFC XXXX",
--#endif
-+
-+static struct nat_t_cap isakmp_nat_t_cap[] = {
-+ { VID_DRAFT_V2_N, EXCHANGE_FLAG_NAT_T_DRAFT,
-+ "draft-ietf-ipsec-nat-t-ike-02\n", NULL, 0 },
-+ { VID_DRAFT_V3, EXCHANGE_FLAG_NAT_T_DRAFT,
-+ "draft-ietf-ipsec-nat-t-ike-03", NULL, 0 },
-+ { VID_RFC3947, EXCHANGE_FLAG_NAT_T_RFC,
-+ "RFC 3947", NULL, 0 },
- };
-
-+#define NUMNATTCAP (sizeof isakmp_nat_t_cap / sizeof isakmp_nat_t_cap[0])
-+
- /* In seconds. Recommended in draft-ietf-ipsec-udp-encaps-09. */
- #define NAT_T_KEEPALIVE_INTERVAL 20
-
--/* The MD5 hashes of the above strings is put in this array. */
--static char **nat_t_hashes;
--static size_t nat_t_hashsize;
--
- static int nat_t_setup_hashes(void);
--static int nat_t_add_vendor_payload(struct message *, char *);
-+static int nat_t_add_vendor_payload(struct message *, struct nat_t_cap *);
- static int nat_t_add_nat_d(struct message *, struct sockaddr *);
- static int nat_t_match_nat_d_payload(struct message *, struct sockaddr *);
-
- void
- nat_t_init(void)
- {
-- nat_t_hashes = (char **)NULL;
-+ nat_t_setup_hashes();
- }
-
- /* Generate the NAT-T capability marker hashes. Executed only once. */
-@@ -89,7 +89,7 @@
- nat_t_setup_hashes(void)
- {
- struct hash *hash;
-- int n = sizeof isakmp_nat_t_cap_text / sizeof isakmp_nat_t_cap_text[0];
-+ int n = NUMNATTCAP;
- int i;
-
- /* The draft says to use MD5. */
-@@ -100,56 +100,49 @@
- "could not find MD5 hash structure!");
- return -1;
- }
-- nat_t_hashsize = hash->hashsize;
-
-- /* Allocate one more than is necessary, i.e NULL terminated. */
-- nat_t_hashes = (char **)calloc((size_t)(n + 1), sizeof(char *));
-- if (!nat_t_hashes) {
-- log_error("nat_t_setup_hashes: calloc (%lu,%lu) failed",
-- (unsigned long)n, (unsigned long)sizeof(char *));
-- return -1;
-- }
--
-- /* Populate with hashes. */
-+ /* Populate isakmp_nat_t_cap with hashes. */
- for (i = 0; i < n; i++) {
-- nat_t_hashes[i] = (char *)malloc(nat_t_hashsize);
-- if (!nat_t_hashes[i]) {
-+ isakmp_nat_t_cap[i].hashsize = hash->hashsize;
-+ isakmp_nat_t_cap[i].hash = (char *)malloc(hash->hashsize);
-+ if (!isakmp_nat_t_cap[i].hash) {
- log_error("nat_t_setup_hashes: malloc (%lu) failed",
-- (unsigned long)nat_t_hashsize);
-+ (unsigned long)hash->hashsize);
- goto errout;
- }
-
- hash->Init(hash->ctx);
- hash->Update(hash->ctx,
-- (unsigned char *)isakmp_nat_t_cap_text[i],
-- strlen(isakmp_nat_t_cap_text[i]));
-- hash->Final(nat_t_hashes[i], hash->ctx);
-+ (unsigned char *)isakmp_nat_t_cap[i].text,
-+ strlen(isakmp_nat_t_cap[i].text));
-+ hash->Final(isakmp_nat_t_cap[i].hash, hash->ctx);
-
- LOG_DBG((LOG_EXCHANGE, 50, "nat_t_setup_hashes: "
-- "MD5(\"%s\") (%lu bytes)", isakmp_nat_t_cap_text[i],
-- (unsigned long)nat_t_hashsize));
-+ "MD5(\"%s\") (%lu bytes)", isakmp_nat_t_cap[i].text,
-+ (unsigned long)hash->hashsize));
- LOG_DBG_BUF((LOG_EXCHANGE, 50, "nat_t_setup_hashes",
-- nat_t_hashes[i], nat_t_hashsize));
-+ isakmp_nat_t_cap[i].hash, hash->hashsize));
- }
-
- return 0;
-
-- errout:
-+errout:
- for (i = 0; i < n; i++)
-- if (nat_t_hashes[i])
-- free(nat_t_hashes[i]);
-- free(nat_t_hashes);
-- nat_t_hashes = NULL;
-+ if (isakmp_nat_t_cap[i].hash)
-+ free(isakmp_nat_t_cap[i].hash);
- return -1;
- }
-
- /* Add one NAT-T VENDOR payload. */
- static int
--nat_t_add_vendor_payload(struct message *msg, char *hash)
-+nat_t_add_vendor_payload(struct message *msg, struct nat_t_cap *cap)
- {
-- size_t buflen = nat_t_hashsize + ISAKMP_GEN_SZ;
-+ size_t buflen = cap->hashsize + ISAKMP_GEN_SZ;
- u_int8_t *buf;
-
-+ if (disable_nat_t)
-+ return 0;
-+
- buf = malloc(buflen);
- if (!buf) {
- log_error("nat_t_add_vendor_payload: malloc (%lu) failed",
-@@ -158,12 +151,11 @@
- }
-
- SET_ISAKMP_GEN_LENGTH(buf, buflen);
-- memcpy(buf + ISAKMP_VENDOR_ID_OFF, hash, nat_t_hashsize);
-+ memcpy(buf + ISAKMP_VENDOR_ID_OFF, cap->hash, cap->hashsize);
- if (message_add_payload(msg, ISAKMP_PAYLOAD_VENDOR, buf, buflen, 1)) {
- free(buf);
- return -1;
- }
--
- return 0;
- }
-
-@@ -171,16 +163,14 @@
- int
- nat_t_add_vendor_payloads(struct message *msg)
- {
-- int i = 0;
-+ int i;
-
-- if (!nat_t_hashes)
-- if (nat_t_setup_hashes())
-- return 0; /* XXX should this be an error? */
-+ if (disable_nat_t)
-+ return 0;
-
-- while (nat_t_hashes[i])
-- if (nat_t_add_vendor_payload(msg, nat_t_hashes[i++]))
-+ for (i = 0; i < NUMNATTCAP; i++)
-+ if (nat_t_add_vendor_payload(msg, &isakmp_nat_t_cap[i]))
- return -1;
--
- return 0;
- }
-
-@@ -192,36 +182,31 @@
- {
- u_int8_t *pbuf = p->p;
- size_t vlen;
-- int i = 0;
-+ int i;
-
-- /* Already checked? */
-- if (p->flags & PL_MARK ||
-- msg->exchange->flags & EXCHANGE_FLAG_NAT_T_CAP_PEER)
-+ if (disable_nat_t)
- return;
-
-- if (!nat_t_hashes)
-- if (nat_t_setup_hashes())
-- return;
--
- vlen = GET_ISAKMP_GEN_LENGTH(pbuf) - ISAKMP_GEN_SZ;
-- if (vlen != nat_t_hashsize) {
-- LOG_DBG((LOG_EXCHANGE, 50, "nat_t_check_vendor_payload: "
-- "bad size %lu != %lu", (unsigned long)vlen,
-- (unsigned long)nat_t_hashsize));
-- return;
-- }
-
-- while (nat_t_hashes[i])
-- if (memcmp(nat_t_hashes[i++], pbuf + ISAKMP_GEN_SZ,
-+ for (i = 0; i < NUMNATTCAP; i++) {
-+ if (vlen != isakmp_nat_t_cap[i].hashsize) {
-+ LOG_DBG((LOG_EXCHANGE, 50, "nat_t_check_vendor_payload: "
-+ "bad size %lu != %lu", (unsigned long)vlen,
-+ (unsigned long)isakmp_nat_t_cap[i].hashsize));
-+ continue;
-+ }
-+ if (memcmp(isakmp_nat_t_cap[i].hash, pbuf + ISAKMP_GEN_SZ,
- vlen) == 0) {
- /* This peer is NAT-T capable. */
- msg->exchange->flags |= EXCHANGE_FLAG_NAT_T_CAP_PEER;
-+ msg->exchange->flags |= isakmp_nat_t_cap[i].flags;
- LOG_DBG((LOG_EXCHANGE, 10,
- "nat_t_check_vendor_payload: "
- "NAT-T capable peer detected"));
- p->flags |= PL_MARK;
-- return;
- }
-+ }
-
- return;
- }
-@@ -233,10 +218,8 @@
- {
- struct ipsec_exch *ie = (struct ipsec_exch *)msg->exchange->data;
- struct hash *hash;
-- struct prf *prf;
- u_int8_t *res;
- in_port_t port;
-- int prf_type = PRF_HMAC; /* XXX */
-
- hash = hash_get(ie->hash->type);
- if (hash == NULL) {
-@@ -244,31 +227,25 @@
- return NULL;
- }
-
-- prf = prf_alloc(prf_type, hash->type, msg->exchange->cookies,
-- ISAKMP_HDR_COOKIES_LEN);
-- if(!prf) {
-- log_print("nat_t_generate_nat_d_hash: prf_alloc failed");
-- return NULL;
-- }
-+ *hashlen = hash->hashsize;
-
-- *hashlen = prf->blocksize;
- res = (u_int8_t *)malloc((unsigned long)*hashlen);
- if (!res) {
- log_print("nat_t_generate_nat_d_hash: malloc (%lu) failed",
- (unsigned long)*hashlen);
-- prf_free(prf);
- *hashlen = 0;
- return NULL;
- }
-
- port = sockaddr_port(sa);
-- memset(res, 0, *hashlen);
--
-- prf->Update(prf->prfctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa));
-- prf->Update(prf->prfctx, (unsigned char *)&port, sizeof port);
-- prf->Final(res, prf->prfctx);
-- prf_free (prf);
-+ bzero(res, *hashlen);
-
-+ hash->Init(hash->ctx);
-+ hash->Update(hash->ctx, msg->exchange->cookies,
-+ sizeof msg->exchange->cookies);
-+ hash->Update(hash->ctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa));
-+ hash->Update(hash->ctx, (unsigned char *)&port, sizeof port);
-+ hash->Final(res, hash->ctx);
- return res;
- }
-
-@@ -276,6 +253,7 @@
- static int
- nat_t_add_nat_d(struct message *msg, struct sockaddr *sa)
- {
-+ int ret;
- u_int8_t *hbuf, *buf;
- size_t hbuflen, buflen;
-
-@@ -298,11 +276,19 @@
- memcpy(buf + ISAKMP_NAT_D_DATA_OFF, hbuf, hbuflen);
- free(hbuf);
-
-- if (message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D, buf, buflen, 1)) {
-+ if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_RFC)
-+ ret = message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D, buf,
-+ buflen, 1);
-+ else if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_DRAFT)
-+ ret = message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT,
-+ buf, buflen, 1);
-+ else
-+ ret = -1;
-+
-+ if (ret) {
- free(buf);
- return -1;
- }
--
- return 0;
- }
-
-@@ -312,14 +298,14 @@
- {
- struct sockaddr *sa;
-
-- msg->transport->vtbl->get_src(msg->transport, &sa);
-+ /* Remote address first. */
-+ msg->transport->vtbl->get_dst(msg->transport, &sa);
- if (nat_t_add_nat_d(msg, sa))
- return -1;
-
-- msg->transport->vtbl->get_dst(msg->transport, &sa);
-+ msg->transport->vtbl->get_src(msg->transport, &sa);
- if (nat_t_add_nat_d(msg, sa))
- return -1;
--
- return 0;
- }
-
-@@ -336,8 +322,8 @@
- * If there are no NAT-D payloads in the message, return "found"
- * as this will avoid NAT-T (see nat_t_exchange_check_nat_d()).
- */
-- p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D);
-- if (!p)
-+ if ((p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT)) == NULL &&
-+ (p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D)) == NULL)
- return 1;
-
- hbuf = nat_t_generate_nat_d_hash(msg, sa, &hbuflen);
-Index: isakmpd-20041012.orig/udp_encap.c
-===================================================================
---- isakmpd-20041012.orig.orig/udp_encap.c 2007-06-04 13:22:39.121907848 +0200
-+++ isakmpd-20041012.orig/udp_encap.c 2007-06-04 13:22:39.284883072 +0200
-@@ -61,6 +61,11 @@
-
- #define UDP_SIZE 65536
-
-+#if defined(USE_NAT_TRAVERSAL) && defined (LINUX_IPSEC)
-+#include <linux/socket.h>
-+#include <linux/udp.h>
-+#endif
-+
- /* If a system doesn't have SO_REUSEPORT, SO_REUSEADDR will have to do. */
- #ifndef SO_REUSEPORT
- #define SO_REUSEPORT SO_REUSEADDR
-@@ -134,6 +139,18 @@
- if (sysdep_cleartext(s, laddr->sa_family) == -1)
- goto err;
-
-+#if defined(USE_NAT_TRAVERSAL) && defined (LINUX_IPSEC)
-+ {
-+#ifndef SOL_UDP
-+#define SOL_UDP 17
-+#endif
-+ int option = UDP_ENCAP_ESPINUDP;
-+ if(setsockopt(s, SOL_UDP, UDP_ENCAP, &option,
-+ sizeof (option)) < 0)
-+ goto err;
-+ }
-+#endif
-+
- /* Wildcard address ? */
- switch (laddr->sa_family) {
- case AF_INET:
-Index: isakmpd-20041012.orig/apps/Makefile
-===================================================================
---- isakmpd-20041012.orig.orig/apps/Makefile 2007-06-04 13:22:39.126907088 +0200
-+++ isakmpd-20041012.orig/apps/Makefile 2007-06-04 13:22:39.285882920 +0200
-@@ -31,4 +31,4 @@
-
- SUBDIR= certpatch
-
--.include <bsd.subdir.mk>
-+#.include <bsd.subdir.mk>
-Index: isakmpd-20041012.orig/apps/certpatch/GNUmakefile
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ isakmpd-20041012.orig/apps/certpatch/GNUmakefile 2007-06-04 13:22:39.285882920 +0200
-@@ -0,0 +1,55 @@
-+# $OpenBSD: Makefile,v 1.7 2003/06/03 14:35:00 ho Exp $
-+# $EOM: Makefile,v 1.6 2000/03/28 21:22:06 ho Exp $
-+
-+#
-+# Copyright (c) 1999 Niels Provos. All rights reserved.
-+# Copyright (c) 2001 Niklas Hallqvist. All rights reserved.
-+#
-+# Redistribution and use in source and binary forms, with or without
-+# modification, are permitted provided that the following conditions
-+# are met:
-+# 1. Redistributions of source code must retain the above copyright
-+# notice, this list of conditions and the following disclaimer.
-+# 2. Redistributions in binary form must reproduce the above copyright
-+# notice, this list of conditions and the following disclaimer in the
-+# documentation and/or other materials provided with the distribution.
-+#
-+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+#
-+
-+#
-+# This code was written under funding by Ericsson Radio Systems.
-+#
-+
-+PROG= certpatch
-+SRCS= certpatch.c
-+BINDIR?= /usr/sbin
-+TOPSRC= ${.CURDIR}../..
-+TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f-
-+OS= linux
-+FEATURES!= awk '/^FEATURES=/ { print $$0 }' ${.CURDIR}/../../Makefile | sed 's/FEATURES=.//'
-+.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ}
-+CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall
-+LDFLAGS+= -lcrypto -lssl -lgmp
-+MAN= certpatch.8
-+
-+CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP
-+LDADD+= -lgmp
-+DPADD+= ${LIBGMP}
-+
-+# Override LIBSYSDEPDIR definition from Makefile.sysdep
-+LIBSYSDEPDIR= ${TOPSRC}/sysdep/common/libsysdep
-+
-+all: ${PROG}
-+
-+clean:
-+ rm -f ${PROG}
-Index: isakmpd-20041012.orig/pf_key_v2.c
-===================================================================
---- isakmpd-20041012.orig.orig/pf_key_v2.c 2007-06-04 13:22:39.137905416 +0200
-+++ isakmpd-20041012.orig/pf_key_v2.c 2007-06-04 13:22:39.287882616 +0200
-@@ -1055,6 +1055,10 @@
- #endif
- #if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP)
- struct sadb_x_udpencap udpencap;
-+#elif defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_NAT_T_TYPE)
-+ struct sadb_x_nat_t_type nat_t_type;
-+ struct sadb_x_nat_t_port nat_t_sport;
-+ struct sadb_x_nat_t_port nat_t_dport;
- #endif
- #ifdef USE_DEBUG
- char *addr_str;
-@@ -1273,10 +1277,15 @@
- log_print("pf_key_v2_set_spi: invalid proto %d", proto->proto);
- goto cleanup;
- }
-- if (incoming)
-+ if (incoming) {
- sa->transport->vtbl->get_src(sa->transport, &dst);
-- else
-+ sa->transport->vtbl->get_dst(sa->transport, &src);
-+ }
-+ else {
- sa->transport->vtbl->get_dst(sa->transport, &dst);
-+ sa->transport->vtbl->get_src(sa->transport, &src);
-+ }
-+
- #ifdef KAME
- msg.sadb_msg_seq = (incoming ?
- pf_key_v2_seq_by_sa(proto->spi[incoming], sizeof ssa.sadb_sa_spi,
-@@ -1319,12 +1328,13 @@
- ssa.sadb_sa_flags = 0;
- #ifdef SADB_X_SAFLAGS_TUNNEL
- if (iproto->encap_mode == IPSEC_ENCAP_TUNNEL ||
-- iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL)
-+ iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL ||
-+ iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT)
- ssa.sadb_sa_flags = SADB_X_SAFLAGS_TUNNEL;
- #endif
-
--#if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP)
- if (isakmp_sa->flags & SA_FLAG_NAT_T_ENABLE) {
-+#if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP)
- memset(&udpencap, 0, sizeof udpencap);
- ssa.sadb_sa_flags |= SADB_X_SAFLAGS_UDPENCAP;
- udpencap.sadb_x_udpencap_exttype = SADB_X_EXT_UDPENCAP;
-@@ -1334,8 +1344,40 @@
- if (pf_key_v2_msg_add(update, (struct sadb_ext *)&udpencap, 0)
- == -1)
- goto cleanup;
-- }
-+#elif defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_NAT_T_TYPE)
-+#ifndef UDP_ENCAP_ESPINUDP
-+#define UDP_ENCAP_ESPINUDP 2
-+#endif
-+ memset(&nat_t_type, 0, sizeof nat_t_type);
-+ memset(&nat_t_sport, 0, sizeof nat_t_sport);
-+ memset(&nat_t_dport, 0, sizeof nat_t_dport);
-+
-+ /* type = draft-udp-encap-06 */
-+ nat_t_type.sadb_x_nat_t_type_len = sizeof nat_t_type / PF_KEY_V2_CHUNK;
-+ nat_t_type.sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
-+ nat_t_type.sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP;
-+ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_type, 0) == -1)
-+ goto cleanup;
-+
-+ /* source port */
-+ nat_t_sport.sadb_x_nat_t_port_len = sizeof nat_t_sport /
-+ PF_KEY_V2_CHUNK;
-+ nat_t_sport.sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
-+ nat_t_sport.sadb_x_nat_t_port_port = sockaddr_port(src);
-+ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_sport, 0) == -1)
-+ goto cleanup;
-+
-+ /* destination port */
-+ nat_t_dport.sadb_x_nat_t_port_len = sizeof nat_t_dport /
-+ PF_KEY_V2_CHUNK;
-+ nat_t_dport.sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
-+ nat_t_dport.sadb_x_nat_t_port_port = sockaddr_port(dst);
-+ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_dport, 0) == -1)
-+ goto cleanup;
-+
-+ /* original address (transport mode checksum missing info) goes here */
- #endif
-+ }
-
- if (pf_key_v2_msg_add(update, (struct sadb_ext *)&ssa, 0) == -1)
- goto cleanup;
-@@ -1395,10 +1437,6 @@
- /*
- * Setup the ADDRESS extensions.
- */
-- if (incoming)
-- sa->transport->vtbl->get_dst(sa->transport, &src);
-- else
-- sa->transport->vtbl->get_src(sa->transport, &src);
- len = sizeof *addr + PF_KEY_V2_ROUND(sysdep_sa_len(src));
- addr = calloc(1, len);
- if (!addr)
-@@ -2167,7 +2205,7 @@
- pf_key_v2_msg_free(ret);
- return -1;
-
--#elif defined (SADB_X_SPDADD) && defined (SADB_X_SPDDELETE)
-+#elif defined (SADB_X_SPDUPDATE) && defined (SADB_X_SPDDELETE)
- struct sadb_msg msg;
- struct sadb_x_policy *policy = 0;
- struct sadb_x_ipsecrequest *ipsecrequest;
-@@ -2181,7 +2219,7 @@
- struct sockaddr_in *ip4_sa;
- struct sockaddr_in6 *ip6_sa;
-
-- msg.sadb_msg_type = delete ? SADB_X_SPDDELETE : SADB_X_SPDADD;
-+ msg.sadb_msg_type = delete ? SADB_X_SPDDELETE : SADB_X_SPDUPDATE;
- msg.sadb_msg_satype = SADB_SATYPE_UNSPEC;
- msg.sadb_msg_seq = 0;
- flow = pf_key_v2_msg_new(&msg, 0);
-Index: isakmpd-20041012.orig/isakmp_num.cst
-===================================================================
---- isakmpd-20041012.orig.orig/isakmp_num.cst 2007-06-04 13:22:39.143904504 +0200
-+++ isakmpd-20041012.orig/isakmp_num.cst 2007-06-04 13:22:39.287882616 +0200
-@@ -57,15 +57,18 @@
- KD 17 # RFC 3547, Key Download
- SEQ 18 # RFC 3547, Sequence Number
- POP 19 # RFC 3547, Proof of possession
-- RESERVED_MIN 20
-+ NAT_D 20 # RFC 3947, NAT Discovery payload
-+ NAT_OA 21 # RFC 3947, NAT Original Address payload
-+ RESERVED_MIN 22
- RESERVED_MAX 127
- PRIVATE_MIN 128
- # XXX values from draft-ietf-ipsec-nat-t-ike-01,02,03. Later drafts specify
- # XXX NAT_D as payload 15 and NAT_OA as 16, but these are allocated by RFC
- # XXX 3547 as seen above.
-- NAT_D 130 # NAT Discovery payload
-- NAT_OA 131 # NAT Original Address payload
-+ NAT_D_DRAFT 130 # NAT Discovery payload
-+ NAT_OA_DRAFT 131 # NAT Original Address payload
- PRIVATE_MAX 255
-+ MAX 255
- .
-
- # ISAKMP exchange types.
-Index: isakmpd-20041012.orig/ipsec_num.cst
-===================================================================
---- isakmpd-20041012.orig.orig/ipsec_num.cst 2007-06-04 13:22:39.149903592 +0200
-+++ isakmpd-20041012.orig/ipsec_num.cst 2007-06-04 13:22:39.287882616 +0200
-@@ -62,10 +62,10 @@
- IPSEC_ENCAP
- TUNNEL 1
- TRANSPORT 2
-- FUTURE_UDP_ENCAP_TUNNEL 3 # XXX Not yet assigned
-- FUTURE_UDP_ENCAP_TRANSPORT 4 # XXX Not yet assigned
-- UDP_ENCAP_TUNNEL 61443 # draft-ietf-ipsec-nat-t-ike
-- UDP_ENCAP_TRANSPORT 61443 # draft-ietf-ipsec-nat-t-ike
-+ UDP_ENCAP_TUNNEL 3
-+ UDP_ENCAP_TRANSPORT 4
-+ UDP_ENCAP_TUNNEL_DRAFT 61443 # draft-ietf-ipsec-nat-t-ike
-+ UDP_ENCAP_TRANSPORT_DRAFT 61443 # draft-ietf-ipsec-nat-t-ike
- .
-
- # IPSEC authentication algorithm.
-Index: isakmpd-20041012.orig/nat_traversal.h
-===================================================================
---- isakmpd-20041012.orig.orig/nat_traversal.h 2007-06-04 13:22:39.154902832 +0200
-+++ isakmpd-20041012.orig/nat_traversal.h 2007-06-04 13:22:39.287882616 +0200
-@@ -1,4 +1,4 @@
--/* $OpenBSD: nat_traversal.h,v 1.2 2004/06/21 23:27:10 ho Exp $ */
-+/* $OpenBSD: nat_traversal.h,v 1.4 2005/07/25 15:03:47 hshoexer Exp $ */
-
- /*
- * Copyright (c) 2004 Håkan Olsson. All rights reserved.
-@@ -27,6 +27,24 @@
- #ifndef _NAT_TRAVERSAL_H_
- #define _NAT_TRAVERSAL_H_
-
-+#define VID_DRAFT_V2 0
-+#define VID_DRAFT_V2_N 1
-+#define VID_DRAFT_V3 2
-+#define VID_RFC3947 3
-+
-+struct nat_t_cap {
-+ int id;
-+ u_int32_t flags;
-+ const char *text;
-+ char *hash;
-+ size_t hashsize;
-+};
-+
-+/*
-+ * Set if -T is given on the command line to disable NAT-T support.
-+ */
-+extern int disable_nat_t;
-+
- void nat_t_init(void);
- int nat_t_add_vendor_payloads(struct message *);
- void nat_t_check_vendor_payload(struct message *, struct payload *);
-Index: isakmpd-20041012.orig/message.c
-===================================================================
---- isakmpd-20041012.orig.orig/message.c 2007-06-04 13:22:39.160901920 +0200
-+++ isakmpd-20041012.orig/message.c 2007-06-04 13:22:39.288882464 +0200
-@@ -112,6 +112,7 @@
- message_validate_hash, message_validate_sig, message_validate_nonce,
- message_validate_notify, message_validate_delete,
- message_validate_vendor, message_validate_attribute,
-+ message_validate_nat_d, message_validate_nat_oa,
- message_validate_nat_d, message_validate_nat_oa
- };
-
-@@ -120,7 +121,7 @@
- isakmp_id_fld, isakmp_cert_fld, isakmp_certreq_fld, isakmp_hash_fld,
- isakmp_sig_fld, isakmp_nonce_fld, isakmp_notify_fld, isakmp_delete_fld,
- isakmp_vendor_fld, isakmp_attribute_fld, isakmp_nat_d_fld,
-- isakmp_nat_oa_fld
-+ isakmp_nat_oa_fld, isakmp_nat_d_fld, isakmp_nat_oa_fld
- };
-
- /*
-@@ -138,7 +139,8 @@
- ISAKMP_PAYLOAD_SAK, ISAKMP_PAYLOAD_SAT, ISAKMP_PAYLOAD_KD,
- ISAKMP_PAYLOAD_SEQ, ISAKMP_PAYLOAD_POP
- #endif
-- ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA
-+ ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA,
-+ ISAKMP_PAYLOAD_NAT_D_DRAFT, ISAKMP_PAYLOAD_NAT_OA_DRAFT
- };
-
- static u_int8_t payload_map[256];
-@@ -347,8 +349,8 @@
- }
- /* Ignore most private payloads. */
- if (next >= ISAKMP_PAYLOAD_PRIVATE_MIN &&
-- next != ISAKMP_PAYLOAD_NAT_D &&
-- next != ISAKMP_PAYLOAD_NAT_OA) {
-+ next != ISAKMP_PAYLOAD_NAT_D_DRAFT &&
-+ next != ISAKMP_PAYLOAD_NAT_OA_DRAFT) {
- LOG_DBG((LOG_MESSAGE, 30, "message_parse_payloads: "
- "private next payload type %s in payload of "
- "type %d ignored",
-@@ -460,8 +462,10 @@
- return ISAKMP_ATTRIBUTE_SZ;
- #if defined (USE_NAT_TRAVERSAL)
- case ISAKMP_PAYLOAD_NAT_D:
-+ case ISAKMP_PAYLOAD_NAT_D_DRAFT:
- return ISAKMP_NAT_D_SZ;
- case ISAKMP_PAYLOAD_NAT_OA:
-+ case ISAKMP_PAYLOAD_NAT_OA_DRAFT:
- return ISAKMP_NAT_OA_SZ;
- #endif
- /* Not yet supported and any other unknown payloads. */
-Index: isakmpd-20041012.orig/policy.c
-===================================================================
---- isakmpd-20041012.orig.orig/policy.c 2007-06-04 13:22:39.165901160 +0200
-+++ isakmpd-20041012.orig/policy.c 2007-06-04 13:22:39.289882312 +0200
-@@ -511,7 +511,10 @@
- break;
- }
- #if defined (USE_NAT_TRAVERSAL)
-- else if (decode_16(value) == IPSEC_ENCAP_UDP_ENCAP_TUNNEL)
-+ else if (decode_16(value) ==
-+ IPSEC_ENCAP_UDP_ENCAP_TUNNEL ||
-+ decode_16(value) ==
-+ IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT)
- switch (proto->proto) {
- case IPSEC_PROTO_IPSEC_AH:
- ah_encapsulation = "udp-encap-tunnel";
-@@ -1932,7 +1935,7 @@
- void
- policy_init(void)
- {
-- char *ptr, *policy_file;
-+ char *ptr, *policy_file, *use_keynote;
- char **asserts;
- size_t sz, len;
- int fd, i;
-@@ -1940,10 +1943,11 @@
- LOG_DBG((LOG_POLICY, 30, "policy_init: initializing"));
-
- /* Do we want to use the policy modules? */
-- if (ignore_policy ||
-- strncmp("yes", conf_get_str("General", "Use-Keynote"), 3))
-- return;
--
-+ use_keynote = conf_get_str("General", "Use-Keynote");
-+ if (ignore_policy ||
-+ (use_keynote && strncmp("yes", use_keynote, 3)))
-+ return;
-+
- /* Get policy file from configuration. */
- policy_file = conf_get_str("General", "Policy-file");
- if (!policy_file)
-Index: isakmpd-20041012.orig/ike_phase_1.c
-===================================================================
---- isakmpd-20041012.orig.orig/ike_phase_1.c 2007-06-04 13:22:39.170900400 +0200
-+++ isakmpd-20041012.orig/ike_phase_1.c 2007-06-04 13:22:39.290882160 +0200
-@@ -1040,9 +1040,9 @@
-
- /* Compare expected/desired and received remote ID */
- if (bcmp(rid, payload->p + ISAKMP_ID_DATA_OFF, sz)) {
-- free(rid);
- log_print("ike_phase_1_recv_ID: "
-- "received remote ID other than expected %s", p);
-+ "received remote ID other than expected %s - %s", p, payload->p);
-+ free(rid);
- return -1;
- }
- free(rid);
-Index: isakmpd-20041012.orig/x509.c
-===================================================================
---- isakmpd-20041012.orig.orig/x509.c 2007-06-04 13:22:39.176899488 +0200
-+++ isakmpd-20041012.orig/x509.c 2007-06-04 13:22:39.290882160 +0200
-@@ -910,7 +910,11 @@
- X509_STORE_CTX_init(&csc, x509_cas, cert, NULL);
- #if OPENSSL_VERSION_NUMBER >= 0x00907000L
- /* XXX See comment in x509_read_crls_from_dir. */
-+#if OPENSSL_VERSION_NUMBER >= 0x00908000L
-+ if (x509_cas->param->flags & X509_V_FLAG_CRL_CHECK) {
-+#else
- if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) {
-+#endif
- X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
- X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
- }
-Index: isakmpd-20041012.orig/sysdep/linux/sysdep.c
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.182898576 +0200
-+++ isakmpd-20041012.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.291882008 +0200
-@@ -169,22 +169,22 @@
- return 0;
-
- if (!(af == AF_INET || af == AF_INET6))
-- {
-+ {
- log_print ("sysdep_cleartext: unsupported protocol family %d", af);
- return -1;
- }
-
- if (setsockopt (fd, af == AF_INET ? IPPROTO_IP : IPPROTO_IPV6,
-- af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY,
-- &pol_in, sizeof pol_in) < 0 ||
-+ af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY,
-+ &pol_in, sizeof pol_in) < 0 ||
- setsockopt (fd, af == AF_INET ? IPPROTO_IP : IPPROTO_IPV6,
-- af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY,
-- &pol_out, sizeof pol_out) < 0)
-- {
-+ af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY,
-+ &pol_out, sizeof pol_out) < 0)
-+ {
- log_error ("sysdep_cleartext: "
-- "setsockopt (%d, IPPROTO_IP%s, IP%s_IPSEC_POLICY, ...) "
-- "failed", fd, af == AF_INET ? "" : "V6",
-- af == AF_INET ? "" : "V6");
-+ "setsockopt (%d, IPPROTO_IP%s, IP%s_IPSEC_POLICY, ...) "
-+ "failed", fd, af == AF_INET ? "" : "V6",
-+ af == AF_INET ? "" : "V6");
- return -1;
- }
- return 0;
-Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.187897816 +0200
-+++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200
-@@ -33,13 +33,13 @@
- LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
- DPADD+= ${LIBGMP} ${LIBSYSDEP}
-
--CFLAGS+= -DUSE_OLD_SOCKADDR -DHAVE_PCAP \
-- -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP \
-- -I/usr/src/linux/include -I${.CURDIR}/sysdep/common \
-+CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \
-+ -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP -DUSE_AES \
-+ -I${.CURDIR}/sysdep/linux/include -I${.CURDIR}/sysdep/common \
- -I/usr/include/openssl
-
- FEATURES= debug tripledes blowfish cast ec aggressive x509 policy
--FEATURES+= des aes
-+FEATURES+= dpd nat_traversal isakmp_cfg des aes
-
- IPSEC_SRCS= pf_key_v2.c
- IPSEC_CFLAGS= -DUSE_PF_KEY_V2
-@@ -51,7 +51,7 @@
- # hack libsysdep.a dependenc
- ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}:
- cd ${LIBSYSDEPDIR} && \
-- ${MAKE} --no-print-directory ${MAKEFLAGS} \
-+ ${MAKE} --no-print-directory \
- CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS}
-
- ifeq ($(findstring clean,$(MAKECMDGOALS)),clean)
-Index: isakmpd-20041012.orig/sysdep/linux/include/bitstring.h
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ isakmpd-20041012.orig/sysdep/linux/include/bitstring.h 2007-06-04 13:22:39.291882008 +0200
-@@ -0,0 +1,132 @@
-+/* $OpenBSD: bitstring.h,v 1.4 2002/06/19 02:50:10 millert Exp $ */
-+/* $NetBSD: bitstring.h,v 1.5 1997/05/14 15:49:55 pk Exp $ */
-+
-+/*
-+ * Copyright (c) 1989, 1993
-+ * The Regents of the University of California. All rights reserved.
-+ *
-+ * This code is derived from software contributed to Berkeley by
-+ * Paul Vixie.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * This product includes software developed by the University of
-+ * California, Berkeley and its contributors.
-+ * 4. Neither the name of the University nor the names of its contributors
-+ * may be used to endorse or promote products derived from this software
-+ * without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * @(#)bitstring.h 8.1 (Berkeley) 7/19/93
-+ */
-+
-+#ifndef _BITSTRING_H_
-+#define _BITSTRING_H_
-+
-+/* modified for SV/AT and bitstring bugfix by M.R.Murphy, 11oct91
-+ * bitstr_size changed gratuitously, but shorter
-+ * bit_alloc spelling error fixed
-+ * the following were efficient, but didn't work, they've been made to
-+ * work, but are no longer as efficient :-)
-+ * bit_nclear, bit_nset, bit_ffc, bit_ffs
-+ */
-+typedef unsigned char bitstr_t;
-+
-+/* internal macros */
-+ /* byte of the bitstring bit is in */
-+#define _bit_byte(bit) \
-+ ((bit) >> 3)
-+
-+ /* mask for the bit within its byte */
-+#define _bit_mask(bit) \
-+ (1 << ((bit)&0x7))
-+
-+/* external macros */
-+ /* bytes in a bitstring of nbits bits */
-+#define bitstr_size(nbits) \
-+ (((nbits) + 7) >> 3)
-+
-+ /* allocate a bitstring */
-+#define bit_alloc(nbits) \
-+ (bitstr_t *)calloc((size_t)bitstr_size(nbits), sizeof(bitstr_t))
-+
-+ /* allocate a bitstring on the stack */
-+#define bit_decl(name, nbits) \
-+ ((name)[bitstr_size(nbits)])
-+
-+ /* is bit N of bitstring name set? */
-+#define bit_test(name, bit) \
-+ ((name)[_bit_byte(bit)] & _bit_mask(bit))
-+
-+ /* set bit N of bitstring name */
-+#define bit_set(name, bit) \
-+ ((name)[_bit_byte(bit)] |= _bit_mask(bit))
-+
-+ /* clear bit N of bitstring name */
-+#define bit_clear(name, bit) \
-+ ((name)[_bit_byte(bit)] &= ~_bit_mask(bit))
-+
-+ /* clear bits start ... stop in bitstring */
-+#define bit_nclear(name, start, stop) do { \
-+ register bitstr_t *_name = name; \
-+ register int _start = start, _stop = stop; \
-+ while (_start <= _stop) { \
-+ bit_clear(_name, _start); \
-+ _start++; \
-+ } \
-+} while(0)
-+
-+ /* set bits start ... stop in bitstring */
-+#define bit_nset(name, start, stop) do { \
-+ register bitstr_t *_name = name; \
-+ register int _start = start, _stop = stop; \
-+ while (_start <= _stop) { \
-+ bit_set(_name, _start); \
-+ _start++; \
-+ } \
-+} while(0)
-+
-+ /* find first bit clear in name */
-+#define bit_ffc(name, nbits, value) do { \
-+ register bitstr_t *_name = name; \
-+ register int _bit, _nbits = nbits, _value = -1; \
-+ for (_bit = 0; _bit < _nbits; ++_bit) \
-+ if (!bit_test(_name, _bit)) { \
-+ _value = _bit; \
-+ break; \
-+ } \
-+ *(value) = _value; \
-+} while(0)
-+
-+ /* find first bit set in name */
-+#define bit_ffs(name, nbits, value) do { \
-+ register bitstr_t *_name = name; \
-+ register int _bit, _nbits = nbits, _value = -1; \
-+ for (_bit = 0; _bit < _nbits; ++_bit) \
-+ if (bit_test(_name, _bit)) { \
-+ _value = _bit; \
-+ break; \
-+ } \
-+ *(value) = _value; \
-+} while(0)
-+
-+#endif /* !_BITSTRING_H_ */
-Index: isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h 2007-06-04 13:22:39.292881856 +0200
-@@ -0,0 +1,453 @@
-+/*
-+ * Copyright (c) 1991, 1993
-+ * The Regents of the University of California. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * This product includes software developed by the University of
-+ * California, Berkeley and its contributors.
-+ * 4. Neither the name of the University nor the names of its contributors
-+ * may be used to endorse or promote products derived from this software
-+ * without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * @(#)queue.h 8.5 (Berkeley) 8/20/94
-+ * $FreeBSD: src/sys/sys/queue.h,v 1.45 2001/12/11 11:49:58 sheldonh Exp $
-+ */
-+
-+#ifndef _SYS_QUEUE_H_
-+#define _SYS_QUEUE_H_
-+
-+//#include <machine/ansi.h> /* for __offsetof */
-+
-+/*
-+ * This file defines four types of data structures: singly-linked lists,
-+ * singly-linked tail queues, lists and tail queues.
-+ *
-+ * A singly-linked list is headed by a single forward pointer. The elements
-+ * are singly linked for minimum space and pointer manipulation overhead at
-+ * the expense of O(n) removal for arbitrary elements. New elements can be
-+ * added to the list after an existing element or at the head of the list.
-+ * Elements being removed from the head of the list should use the explicit
-+ * macro for this purpose for optimum efficiency. A singly-linked list may
-+ * only be traversed in the forward direction. Singly-linked lists are ideal
-+ * for applications with large datasets and few or no removals or for
-+ * implementing a LIFO queue.
-+ *
-+ * A singly-linked tail queue is headed by a pair of pointers, one to the
-+ * head of the list and the other to the tail of the list. The elements are
-+ * singly linked for minimum space and pointer manipulation overhead at the
-+ * expense of O(n) removal for arbitrary elements. New elements can be added
-+ * to the list after an existing element, at the head of the list, or at the
-+ * end of the list. Elements being removed from the head of the tail queue
-+ * should use the explicit macro for this purpose for optimum efficiency.
-+ * A singly-linked tail queue may only be traversed in the forward direction.
-+ * Singly-linked tail queues are ideal for applications with large datasets
-+ * and few or no removals or for implementing a FIFO queue.
-+ *
-+ * A list is headed by a single forward pointer (or an array of forward
-+ * pointers for a hash table header). The elements are doubly linked
-+ * so that an arbitrary element can be removed without a need to
-+ * traverse the list. New elements can be added to the list before
-+ * or after an existing element or at the head of the list. A list
-+ * may only be traversed in the forward direction.
-+ *
-+ * A tail queue is headed by a pair of pointers, one to the head of the
-+ * list and the other to the tail of the list. The elements are doubly
-+ * linked so that an arbitrary element can be removed without a need to
-+ * traverse the list. New elements can be added to the list before or
-+ * after an existing element, at the head of the list, or at the end of
-+ * the list. A tail queue may be traversed in either direction.
-+ *
-+ * For details on the use of these macros, see the queue(3) manual page.
-+ *
-+ *
-+ * SLIST LIST STAILQ TAILQ
-+ * _HEAD + + + +
-+ * _HEAD_INITIALIZER + + + +
-+ * _ENTRY + + + +
-+ * _INIT + + + +
-+ * _EMPTY + + + +
-+ * _FIRST + + + +
-+ * _NEXT + + + +
-+ * _PREV - - - +
-+ * _LAST - - + +
-+ * _FOREACH + + + +
-+ * _FOREACH_REVERSE - - - +
-+ * _INSERT_HEAD + + + +
-+ * _INSERT_BEFORE - + - +
-+ * _INSERT_AFTER + + + +
-+ * _INSERT_TAIL - - + +
-+ * _REMOVE_HEAD + - + -
-+ * _REMOVE + + + +
-+ *
-+ */
-+
-+/*
-+ * Singly-linked List declarations.
-+ */
-+#define SLIST_HEAD(name, type) \
-+struct name { \
-+ struct type *slh_first; /* first element */ \
-+}
-+
-+#define SLIST_HEAD_INITIALIZER(head) \
-+ { NULL }
-+
-+#define SLIST_ENTRY(type) \
-+struct { \
-+ struct type *sle_next; /* next element */ \
-+}
-+
-+/*
-+ * Singly-linked List functions.
-+ */
-+#define SLIST_EMPTY(head) ((head)->slh_first == NULL)
-+
-+#define SLIST_FIRST(head) ((head)->slh_first)
-+
-+#define SLIST_FOREACH(var, head, field) \
-+ for ((var) = SLIST_FIRST((head)); \
-+ (var); \
-+ (var) = SLIST_NEXT((var), field))
-+
-+#define SLIST_INIT(head) do { \
-+ SLIST_FIRST((head)) = NULL; \
-+} while (0)
-+
-+#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \
-+ SLIST_NEXT((elm), field) = SLIST_NEXT((slistelm), field); \
-+ SLIST_NEXT((slistelm), field) = (elm); \
-+} while (0)
-+
-+#define SLIST_INSERT_HEAD(head, elm, field) do { \
-+ SLIST_NEXT((elm), field) = SLIST_FIRST((head)); \
-+ SLIST_FIRST((head)) = (elm); \
-+} while (0)
-+
-+#define SLIST_NEXT(elm, field) ((elm)->field.sle_next)
-+
-+#define SLIST_REMOVE(head, elm, type, field) do { \
-+ if (SLIST_FIRST((head)) == (elm)) { \
-+ SLIST_REMOVE_HEAD((head), field); \
-+ } \
-+ else { \
-+ struct type *curelm = SLIST_FIRST((head)); \
-+ while (SLIST_NEXT(curelm, field) != (elm)) \
-+ curelm = SLIST_NEXT(curelm, field); \
-+ SLIST_NEXT(curelm, field) = \
-+ SLIST_NEXT(SLIST_NEXT(curelm, field), field); \
-+ } \
-+} while (0)
-+
-+#define SLIST_REMOVE_HEAD(head, field) do { \
-+ SLIST_FIRST((head)) = SLIST_NEXT(SLIST_FIRST((head)), field); \
-+} while (0)
-+
-+/*
-+ * Singly-linked Tail queue declarations.
-+ */
-+#define STAILQ_HEAD(name, type) \
-+struct name { \
-+ struct type *stqh_first;/* first element */ \
-+ struct type **stqh_last;/* addr of last next element */ \
-+}
-+
-+#define STAILQ_HEAD_INITIALIZER(head) \
-+ { NULL, &(head).stqh_first }
-+
-+#define STAILQ_ENTRY(type) \
-+struct { \
-+ struct type *stqe_next; /* next element */ \
-+}
-+
-+/*
-+ * Singly-linked Tail queue functions.
-+ */
-+#define STAILQ_EMPTY(head) ((head)->stqh_first == NULL)
-+
-+#define STAILQ_FIRST(head) ((head)->stqh_first)
-+
-+#define STAILQ_FOREACH(var, head, field) \
-+ for((var) = STAILQ_FIRST((head)); \
-+ (var); \
-+ (var) = STAILQ_NEXT((var), field))
-+
-+#define STAILQ_INIT(head) do { \
-+ STAILQ_FIRST((head)) = NULL; \
-+ (head)->stqh_last = &STAILQ_FIRST((head)); \
-+} while (0)
-+
-+#define STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \
-+ if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((tqelm), field)) == NULL)\
-+ (head)->stqh_last = &STAILQ_NEXT((elm), field); \
-+ STAILQ_NEXT((tqelm), field) = (elm); \
-+} while (0)
-+
-+#define STAILQ_INSERT_HEAD(head, elm, field) do { \
-+ if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \
-+ (head)->stqh_last = &STAILQ_NEXT((elm), field); \
-+ STAILQ_FIRST((head)) = (elm); \
-+} while (0)
-+
-+#define STAILQ_INSERT_TAIL(head, elm, field) do { \
-+ STAILQ_NEXT((elm), field) = NULL; \
-+ *(head)->stqh_last = (elm); \
-+ (head)->stqh_last = &STAILQ_NEXT((elm), field); \
-+} while (0)
-+
-+#define STAILQ_LAST(head, type, field) \
-+ (STAILQ_EMPTY(head) ? \
-+ NULL : \
-+ ((struct type *) \
-+ ((char *)((head)->stqh_last) - __offsetof(struct type, field))))
-+
-+#define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next)
-+
-+#define STAILQ_REMOVE(head, elm, type, field) do { \
-+ if (STAILQ_FIRST((head)) == (elm)) { \
-+ STAILQ_REMOVE_HEAD(head, field); \
-+ } \
-+ else { \
-+ struct type *curelm = STAILQ_FIRST((head)); \
-+ while (STAILQ_NEXT(curelm, field) != (elm)) \
-+ curelm = STAILQ_NEXT(curelm, field); \
-+ if ((STAILQ_NEXT(curelm, field) = \
-+ STAILQ_NEXT(STAILQ_NEXT(curelm, field), field)) == NULL)\
-+ (head)->stqh_last = &STAILQ_NEXT((curelm), field);\
-+ } \
-+} while (0)
-+
-+#define STAILQ_REMOVE_HEAD(head, field) do { \
-+ if ((STAILQ_FIRST((head)) = \
-+ STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL) \
-+ (head)->stqh_last = &STAILQ_FIRST((head)); \
-+} while (0)
-+
-+#define STAILQ_REMOVE_HEAD_UNTIL(head, elm, field) do { \
-+ if ((STAILQ_FIRST((head)) = STAILQ_NEXT((elm), field)) == NULL) \
-+ (head)->stqh_last = &STAILQ_FIRST((head)); \
-+} while (0)
-+
-+/*
-+ * List declarations.
-+ */
-+#define LIST_HEAD(name, type) \
-+struct name { \
-+ struct type *lh_first; /* first element */ \
-+}
-+
-+#define LIST_HEAD_INITIALIZER(head) \
-+ { NULL }
-+
-+#define LIST_ENTRY(type) \
-+struct { \
-+ struct type *le_next; /* next element */ \
-+ struct type **le_prev; /* address of previous next element */ \
-+}
-+
-+/*
-+ * List functions.
-+ */
-+
-+#define LIST_EMPTY(head) ((head)->lh_first == NULL)
-+
-+#define LIST_FIRST(head) ((head)->lh_first)
-+
-+#define LIST_FOREACH(var, head, field) \
-+ for ((var) = LIST_FIRST((head)); \
-+ (var); \
-+ (var) = LIST_NEXT((var), field))
-+
-+#define LIST_INIT(head) do { \
-+ LIST_FIRST((head)) = NULL; \
-+} while (0)
-+
-+#define LIST_INSERT_AFTER(listelm, elm, field) do { \
-+ if ((LIST_NEXT((elm), field) = LIST_NEXT((listelm), field)) != NULL)\
-+ LIST_NEXT((listelm), field)->field.le_prev = \
-+ &LIST_NEXT((elm), field); \
-+ LIST_NEXT((listelm), field) = (elm); \
-+ (elm)->field.le_prev = &LIST_NEXT((listelm), field); \
-+} while (0)
-+
-+#define LIST_INSERT_BEFORE(listelm, elm, field) do { \
-+ (elm)->field.le_prev = (listelm)->field.le_prev; \
-+ LIST_NEXT((elm), field) = (listelm); \
-+ *(listelm)->field.le_prev = (elm); \
-+ (listelm)->field.le_prev = &LIST_NEXT((elm), field); \
-+} while (0)
-+
-+#define LIST_INSERT_HEAD(head, elm, field) do { \
-+ if ((LIST_NEXT((elm), field) = LIST_FIRST((head))) != NULL) \
-+ LIST_FIRST((head))->field.le_prev = &LIST_NEXT((elm), field);\
-+ LIST_FIRST((head)) = (elm); \
-+ (elm)->field.le_prev = &LIST_FIRST((head)); \
-+} while (0)
-+
-+#define LIST_NEXT(elm, field) ((elm)->field.le_next)
-+
-+#define LIST_REMOVE(elm, field) do { \
-+ if (LIST_NEXT((elm), field) != NULL) \
-+ LIST_NEXT((elm), field)->field.le_prev = \
-+ (elm)->field.le_prev; \
-+ *(elm)->field.le_prev = LIST_NEXT((elm), field); \
-+} while (0)
-+
-+/*
-+ * Tail queue declarations.
-+ */
-+#define TAILQ_HEAD(name, type) \
-+struct name { \
-+ struct type *tqh_first; /* first element */ \
-+ struct type **tqh_last; /* addr of last next element */ \
-+}
-+
-+#define TAILQ_HEAD_INITIALIZER(head) \
-+ { NULL, &(head).tqh_first }
-+
-+#define TAILQ_ENTRY(type) \
-+struct { \
-+ struct type *tqe_next; /* next element */ \
-+ struct type **tqe_prev; /* address of previous next element */ \
-+}
-+
-+/*
-+ * Tail queue functions.
-+ */
-+#define TAILQ_EMPTY(head) ((head)->tqh_first == NULL)
-+
-+#define TAILQ_FIRST(head) ((head)->tqh_first)
-+
-+#define TAILQ_FOREACH(var, head, field) \
-+ for ((var) = TAILQ_FIRST((head)); \
-+ (var); \
-+ (var) = TAILQ_NEXT((var), field))
-+
-+#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \
-+ for ((var) = TAILQ_LAST((head), headname); \
-+ (var); \
-+ (var) = TAILQ_PREV((var), headname, field))
-+
-+#define TAILQ_INIT(head) do { \
-+ TAILQ_FIRST((head)) = NULL; \
-+ (head)->tqh_last = &TAILQ_FIRST((head)); \
-+} while (0)
-+
-+#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
-+ if ((TAILQ_NEXT((elm), field) = TAILQ_NEXT((listelm), field)) != NULL)\
-+ TAILQ_NEXT((elm), field)->field.tqe_prev = \
-+ &TAILQ_NEXT((elm), field); \
-+ else \
-+ (head)->tqh_last = &TAILQ_NEXT((elm), field); \
-+ TAILQ_NEXT((listelm), field) = (elm); \
-+ (elm)->field.tqe_prev = &TAILQ_NEXT((listelm), field); \
-+} while (0)
-+
-+#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \
-+ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \
-+ TAILQ_NEXT((elm), field) = (listelm); \
-+ *(listelm)->field.tqe_prev = (elm); \
-+ (listelm)->field.tqe_prev = &TAILQ_NEXT((elm), field); \
-+} while (0)
-+
-+#define TAILQ_INSERT_HEAD(head, elm, field) do { \
-+ if ((TAILQ_NEXT((elm), field) = TAILQ_FIRST((head))) != NULL) \
-+ TAILQ_FIRST((head))->field.tqe_prev = \
-+ &TAILQ_NEXT((elm), field); \
-+ else \
-+ (head)->tqh_last = &TAILQ_NEXT((elm), field); \
-+ TAILQ_FIRST((head)) = (elm); \
-+ (elm)->field.tqe_prev = &TAILQ_FIRST((head)); \
-+} while (0)
-+
-+#define TAILQ_INSERT_TAIL(head, elm, field) do { \
-+ TAILQ_NEXT((elm), field) = NULL; \
-+ (elm)->field.tqe_prev = (head)->tqh_last; \
-+ *(head)->tqh_last = (elm); \
-+ (head)->tqh_last = &TAILQ_NEXT((elm), field); \
-+} while (0)
-+
-+#define TAILQ_LAST(head, headname) \
-+ (*(((struct headname *)((head)->tqh_last))->tqh_last))
-+
-+#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next)
-+
-+#define TAILQ_PREV(elm, headname, field) \
-+ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
-+
-+#define TAILQ_REMOVE(head, elm, field) do { \
-+ if ((TAILQ_NEXT((elm), field)) != NULL) \
-+ TAILQ_NEXT((elm), field)->field.tqe_prev = \
-+ (elm)->field.tqe_prev; \
-+ else \
-+ (head)->tqh_last = (elm)->field.tqe_prev; \
-+ *(elm)->field.tqe_prev = TAILQ_NEXT((elm), field); \
-+} while (0)
-+
-+
-+#ifdef _KERNEL
-+
-+/*
-+ * XXX insque() and remque() are an old way of handling certain queues.
-+ * They bogusly assumes that all queue heads look alike.
-+ */
-+
-+struct quehead {
-+ struct quehead *qh_link;
-+ struct quehead *qh_rlink;
-+};
-+
-+#ifdef __GNUC__
-+
-+static __inline void
-+insque(void *a, void *b)
-+{
-+ struct quehead *element = (struct quehead *)a,
-+ *head = (struct quehead *)b;
-+
-+ element->qh_link = head->qh_link;
-+ element->qh_rlink = head;
-+ head->qh_link = element;
-+ element->qh_link->qh_rlink = element;
-+}
-+
-+static __inline void
-+remque(void *a)
-+{
-+ struct quehead *element = (struct quehead *)a;
-+
-+ element->qh_link->qh_rlink = element->qh_rlink;
-+ element->qh_rlink->qh_link = element->qh_link;
-+ element->qh_rlink = 0;
-+}
-+
-+#else /* !__GNUC__ */
-+
-+void insque __P((void *a, void *b));
-+void remque __P((void *a));
-+
-+#endif /* __GNUC__ */
-+
-+#endif /* _KERNEL */
-+
-+#endif /* !_SYS_QUEUE_H_ */
-Index: isakmpd-20041012.orig/sysdep/common/pcap.h
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.203895384 +0200
-+++ isakmpd-20041012.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.292881856 +0200
-@@ -55,8 +55,13 @@
- u_int32_t linktype; /* data link type (DLT_*) */
- };
-
-+struct pcap_timeval {
-+ int32_t tv_sec; /* seconds */
-+ int32_t tv_usec; /* microseconds */
-+};
-+
- struct pcap_pkthdr {
-- struct timeval ts; /* time stamp */
-+ struct pcap_timeval ts; /* time stamp */
- u_int32_t caplen; /* length of portion present */
- u_int32_t len; /* length this packet (off wire) */
- };
-Index: isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.211894168 +0200
-+++ isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.292881856 +0200
-@@ -78,7 +78,7 @@
- static void
- arc4_stir(struct arc4_stream *as)
- {
-- int fd;
-+ int fd, i;
- struct {
- struct timeval tv;
- u_int8_t rnd[128 - sizeof(struct timeval)];
-Index: isakmpd-20041012.orig/x509v3.cnf
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ isakmpd-20041012.orig/x509v3.cnf 2007-06-04 13:22:39.293881704 +0200
-@@ -0,0 +1,26 @@
-+# default settings
-+CERTPATHLEN = 1
-+CERTUSAGE = digitalSignature,keyCertSign
-+CERTIP = 0.0.0.0
-+CERTFQDN = nohost.nodomain
-+
-+# This section should be referenced when building an x509v3 CA
-+# Certificate.
-+# The default path length and the key usage can be overriden
-+# modified by setting the CERTPATHLEN and CERTUSAGE environment
-+# variables.
-+[x509v3_CA]
-+basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN
-+keyUsage=$ENV::CERTUSAGE
-+
-+# This section should be referenced to add an IP Address
-+# as an alternate subject name, needed by isakmpd
-+# The address must be provided in the CERTIP environment variable
-+[x509v3_IPAddr]
-+subjectAltName=IP:$ENV::CERTIP
-+
-+# This section should be referenced to add a FQDN hostname
-+# as an alternate subject name, needed by isakmpd
-+# The address must be provided in the CERTFQDN environment variable
-+[x509v3_FQDN]
-+subjectAltName=DNS:$ENV::CERTFQDN
diff --git a/package/isakmpd/patches/020-standardize.patch b/package/isakmpd/patches/020-standardize.patch
deleted file mode 100644
index 435782b63..000000000
--- a/package/isakmpd/patches/020-standardize.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-Index: isakmpd-20041012.orig/GNUmakefile
-===================================================================
---- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200
-+++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200
-@@ -168,7 +168,6 @@
- X509= x509.c
- CFLAGS+= -DUSE_LIBCRYPTO
- LDADD+= -lcrypto
--DPADD+= ${LIBCRYPTO}
- endif
-
- ifdef USE_RAWKEY
-@@ -242,3 +241,16 @@
-
- realcleandepend:
- rm -f .depend tags
-+
-+# Install rules
-+install: install-bin install-man
-+
-+install-bin: isakmpd
-+ -mkdir -p $(DESTDIR)$(BINDIR)
-+ $(INSTALL) $(INSTALL_OPTS) -m 755 isakmpd $(DESTDIR)$(BINDIR)
-+
-+install-man:
-+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
-+ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.8 $(DESTDIR)$(MANDIR)/man8
-+ -mkdir -p $(DESTDIR)$(MANDIR)/man5
-+ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.conf.5 isakmpd.policy.5 $(DESTDIR)$(MANDIR)/man5
-Index: isakmpd-20041012.orig/samples/Makefile
-===================================================================
---- isakmpd-20041012.orig.orig/samples/Makefile 2007-06-04 13:22:39.015923960 +0200
-+++ isakmpd-20041012.orig/samples/Makefile 2007-06-04 13:22:39.722816496 +0200
-@@ -26,7 +26,7 @@
- #
-
- FILES= VPN-* policy singlehost-*
--TARGETDIR= /usr/share/ipsec/isakmpd
-+TARGETDIR= /usr/share/isakmpd/samples
-
- # The mkdir below is for installation on OpenBSD pre 2.7
- install:
-Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200
-+++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200
-@@ -25,18 +25,18 @@
- # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- #
-
--LIBGMP:= /usr/lib/libgmp.a
--LIBCRYPTO:= /usr/lib/libcrypto.a
-+LIBGMP:=
-+LIBCRYPTO:= -lcrypto
- LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep
- LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a
-
--LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
-+LDADD+= $(EXTRA_LDFLAGS) -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
- DPADD+= ${LIBGMP} ${LIBSYSDEP}
-
- CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \
- -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP -DUSE_AES \
- -I${.CURDIR}/sysdep/linux/include -I${.CURDIR}/sysdep/common \
-- -I/usr/include/openssl
-+ $(EXTRA_CPPFLAGS)
-
- FEATURES= debug tripledes blowfish cast ec aggressive x509 policy
- FEATURES+= dpd nat_traversal isakmp_cfg des aes
-Index: isakmpd-20041012.orig/Makefile
-===================================================================
---- isakmpd-20041012.orig.orig/Makefile 2007-06-04 13:22:39.028921984 +0200
-+++ isakmpd-20041012.orig/Makefile 2007-06-04 13:22:39.723816344 +0200
-@@ -147,7 +147,6 @@
- .ifdef USE_LIBCRYPTO
- CFLAGS+= -DUSE_LIBCRYPTO
- LDADD+= -lcrypto
--DPADD+= ${LIBCRYPTO}
- .endif
-
- .ifdef USE_LIBDES
-Index: isakmpd-20041012.orig/apps/certpatch/Makefile
-===================================================================
---- isakmpd-20041012.orig.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.035920920 +0200
-+++ isakmpd-20041012.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.723816344 +0200
-@@ -40,7 +40,6 @@
- .PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ}
- CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall
- LDADD+= -lcrypto
--DPADD+= ${LIBCRYPTO}
- MAN= certpatch.8
-
- .if ${FEATURES:Mgmp} == "gmp"
-Index: isakmpd-20041012.orig/regress/crypto/Makefile
-===================================================================
---- isakmpd-20041012.orig.orig/regress/crypto/Makefile 2007-06-04 13:22:39.041920008 +0200
-+++ isakmpd-20041012.orig/regress/crypto/Makefile 2007-06-04 13:22:39.723816344 +0200
-@@ -13,7 +13,7 @@
- -DUSE_TRIPLEDES -DUSE_CAST -DUSE_BLOWFISH -DUSE_DES \
- -DUSE_AES
- LDADD+= -lcrypto -ldes
--DPADD+= ${LIBCRYPTO} ${LIBDES}
-+DPADD+= ${LIBDES}
- NOMAN=
- DEBUG= -g
-
-Index: isakmpd-20041012.orig/regress/dh/Makefile
-===================================================================
---- isakmpd-20041012.orig.orig/regress/dh/Makefile 2007-06-04 13:22:39.048918944 +0200
-+++ isakmpd-20041012.orig/regress/dh/Makefile 2007-06-04 13:22:39.726815888 +0200
-@@ -15,7 +15,6 @@
- -DUSE_EC
- NOMAN=
- LDADD+= -lcrypto
--DPADD+= ${LIBCRYPTO}
- DEBUG= -g
-
- .if ${FEATURES:Mgmp} == "gmp"
-Index: isakmpd-20041012.orig/regress/group/Makefile
-===================================================================
---- isakmpd-20041012.orig.orig/regress/group/Makefile 2007-06-04 13:22:39.054918032 +0200
-+++ isakmpd-20041012.orig/regress/group/Makefile 2007-06-04 13:22:39.727815736 +0200
-@@ -15,7 +15,6 @@
- -DUSE_EC
- NOMAN=
- LDADD+= -lcrypto
--DPADD+= ${LIBCRYPTO}
- DEBUG= -g
-
- .if ${FEATURES:Mgmp} == "gmp"
-Index: isakmpd-20041012.orig/regress/rsakeygen/Makefile
-===================================================================
---- isakmpd-20041012.orig.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.060917120 +0200
-+++ isakmpd-20041012.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.727815736 +0200
-@@ -62,7 +62,6 @@
- .ifdef USE_LIBCRYPTO
- CFLAGS+= -DUSE_LIBCRYPTO
- LDADD+= -lcrypto
--DPADD+= ${LIBCRYPTO}
- .endif
-
- .if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO)
-Index: isakmpd-20041012.orig/regress/x509/Makefile
-===================================================================
---- isakmpd-20041012.orig.orig/regress/x509/Makefile 2007-06-04 13:22:39.068915904 +0200
-+++ isakmpd-20041012.orig/regress/x509/Makefile 2007-06-04 13:22:39.727815736 +0200
-@@ -78,7 +78,6 @@
- X509= x509.c
- CFLAGS+= -DUSE_LIBCRYPTO
- LDADD+= -lcrypto ${LIBLWRES}
--DPADD+= ${LIBCRYPTO}
- .endif
-
- .if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) || !defined (USE_KEYNOTE)
diff --git a/package/isakmpd/patches/030-openssl_hashes.patch b/package/isakmpd/patches/030-openssl_hashes.patch
deleted file mode 100644
index f50afc598..000000000
--- a/package/isakmpd/patches/030-openssl_hashes.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-Index: isakmpd-20041012.orig/GNUmakefile
-===================================================================
---- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200
-+++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:40.000774240 +0200
-@@ -76,13 +76,14 @@
- isakmp_fld.c isakmp_fld.h
- MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5
-
--CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \
-+CFLAGS+= ${DEBUG} -Wall -DNEED_SYSDEP_APP \
- -I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \
-
- # Different debugging & profiling suggestions
-
- # Include symbolic debugging info
- DEBUG= -g
-+CFLAGS+= -g
-
- # Do execution time profiles
- #CFLAGS+= -pg
-@@ -175,6 +176,14 @@
- CFLAGS+= -DUSE_RAWKEY
- endif
-
-+ifdef USE_OPENSSL_MD5
-+CFLAGS+= -DUSE_OPENSSL_MD5
-+endif
-+
-+ifdef USE_OPENSSL_SHA1
-+CFLAGS+= -DUSE_OPENSSL_SHA1
-+endif
-+
- SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
- $(ISAKMP_CFG) ${DPD} ${NAT_TRAVERSAL}
- CFLAGS+= ${IPSEC_CFLAGS}
-Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:38.959932472 +0200
-+++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200
-@@ -31,10 +31,18 @@
- .CURDIR:= $(shell pwd)
-
- LIB= sysdep
--SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c
-+SRCS= arc4random.c blowfish.c cast.c strlcat.c strlcpy.c
- NOMAN=
- CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine
-
-+ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS)))
-+SRCS+=md5.c
-+endif
-+
-+ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS)))
-+SRCS+=sha1.c
-+endif
-+
- lib${LIB}.a: ${SRCS:%.c=%.o}
- ar cq $@ ${SRCS:%.c=%.o}
-
-Index: isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:38.964931712 +0200
-+++ isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:40.000774240 +0200
-@@ -5,6 +5,8 @@
- * changes to accommodate it in the kernel by ji.
- */
-
-+#ifndef USE_OPENSSL_MD5
-+
- /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
- */
-
-@@ -390,3 +392,4 @@
- #endif
- #endif
-
-+#endif /* USE_OPENSSL_MD5 */
-Index: isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:38.970930800 +0200
-+++ isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:40.001774088 +0200
-@@ -1,5 +1,7 @@
- /* $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */
-
-+#ifndef USE_OPENSSL_SHA1
-+
- /*
- SHA-1 in C
- By Steve Reid <steve@edmweb.com>
-@@ -171,3 +173,5 @@
- SHA1Transform(context->state, context->buffer);
- #endif
- }
-+
-+#endif /* USE_OPENSSL_SHA1 */
-Index: isakmpd-20041012.orig/sysdep/common/md5.h
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/common/md5.h 2007-06-04 13:22:38.976929888 +0200
-+++ isakmpd-20041012.orig/sysdep/common/md5.h 2007-06-04 13:22:40.001774088 +0200
-@@ -1,5 +1,15 @@
- /* $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
-
-+#ifdef USE_OPENSSL_MD5
-+
-+#include <openssl/md5.h>
-+
-+#define MD5Init MD5_Init
-+#define MD5Update MD5_Update
-+#define MD5Final MD5_Final
-+
-+#else /* USE_OPENSSL_MD5 */
-+
- /* GLOBAL.H - RSAREF types and constants
- */
-
-@@ -71,3 +81,5 @@
- void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
-
- #define _MD5_H_
-+
-+#endif /* USE_OPENSSL_MD5 */
-Index: isakmpd-20041012.orig/sysdep/common/sha1.h
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/common/sha1.h 2007-06-04 13:22:38.982928976 +0200
-+++ isakmpd-20041012.orig/sysdep/common/sha1.h 2007-06-04 13:22:40.001774088 +0200
-@@ -1,5 +1,16 @@
- /* $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
-
-+#ifdef USE_OPENSSL_SHA1
-+
-+#include <openssl/sha.h>
-+
-+typedef SHA_CTX SHA1_CTX;
-+#define SHA1Init SHA1_Init
-+#define SHA1Update SHA1_Update
-+#define SHA1Final SHA1_Final
-+
-+#else /* USE_OPENSSL_SHA1 */
-+
- /*
- SHA-1 in C
- By Steve Reid <steve@edmweb.com>
-@@ -16,3 +27,5 @@
- void SHA1Init(SHA1_CTX* context);
- void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len);
- void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
-+
-+#endif /* USE_OPENSSL_SHA1 */
-Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200
-+++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:40.001774088 +0200
-@@ -47,6 +47,8 @@
- USE_LIBCRYPO= defined
- HAVE_DLOPEN= defined
- USE_KEYNOTE= defined
-+USE_OPENSSL_MD5= defined
-+USE_OPENSSL_SHA1= defined
-
- # hack libsysdep.a dependenc
- ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}:
diff --git a/package/isakmpd/patches/040-security_fix.patch b/package/isakmpd/patches/040-security_fix.patch
deleted file mode 100644
index d70a72245..000000000
--- a/package/isakmpd/patches/040-security_fix.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Index: isakmpd-20041012.orig/ipsec.c
-===================================================================
---- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200
-+++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:40.247736696 +0200
-@@ -2176,9 +2176,10 @@
- {
- struct ipsec_proto *iproto = proto->data;
-
-- if (proto->sa->phase == 2 && section)
-- iproto->replay_window = conf_get_num(section, "ReplayWindow",
-- DEFAULT_REPLAY_WINDOW);
-+ if (proto->sa->phase == 2)
-+ iproto->replay_window = section ? conf_get_num(section,
-+ "ReplayWindow", DEFAULT_REPLAY_WINDOW) :
-+ DEFAULT_REPLAY_WINDOW;
- }
-
- /*
diff --git a/package/isakmpd/patches/050-ar_cross.patch b/package/isakmpd/patches/050-ar_cross.patch
deleted file mode 100644
index 2bac048db..000000000
--- a/package/isakmpd/patches/050-ar_cross.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile
-===================================================================
---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200
-+++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.431708728 +0200
-@@ -44,7 +44,7 @@
- endif
-
- lib${LIB}.a: ${SRCS:%.c=%.o}
-- ar cq $@ ${SRCS:%.c=%.o}
-+ $(AR) cq $@ ${SRCS:%.c=%.o}
-
- clean:
- rm -f lib${LIB}.a ${SRCS:%.c=%.o}
diff --git a/package/keynote/Makefile b/package/keynote/Makefile
deleted file mode 100644
index 5b27257b4..000000000
--- a/package/keynote/Makefile
+++ /dev/null
@@ -1,55 +0,0 @@
-#
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-# $Id$
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=keynote
-PKG_VERSION:=2.3
-PKG_RELEASE:=2
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://downloads.openwrt.org/sources/
-PKG_MD5SUM:=b569066ac2ba1356c2112b118a7d74d0
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/keynote
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=@LINUX_2_6 +libopenssl
- TITLE:=Simple and flexible trust-management system
- URL:=http://www1.cs.columbia.edu/~angelos/keynote.html
-endef
-
-define Package/keynote/description
- KeyNote is a simple and flexible trust-management system designed to work
- well for a variety of large- and small- scale Internet-based applications.
- It provides a single, unified language for both local policies and
- credentials.
-endef
-
-CONFIGURE_ARGS += \
- --enable-static \
- --enable-shared
-
-MAKE_FLAGS += \
- CFLAGS="$(TARGET_CFLAGS)"
-
-define Build/InstallDev
- mkdir -p $(1)/usr/include/keynote
- $(CP) $(PKG_BUILD_DIR)/{assertion,header,keynote,signature}.h $(1)/usr/include/keynote/
- mkdir -p $(1)/usr/lib
- $(CP) $(PKG_BUILD_DIR)/libkeynote.a $(1)/usr/lib/
-endef
-
-define Package/keynote/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/keynote $(1)/usr/sbin/
-endef
-
-$(eval $(call BuildPackage,keynote))
diff --git a/package/keynote/patches/001-build.patch b/package/keynote/patches/001-build.patch
deleted file mode 100644
index 88db37230..000000000
--- a/package/keynote/patches/001-build.patch
+++ /dev/null
@@ -1,345 +0,0 @@
-Index: keynote-2.3/configure.in
-===================================================================
---- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.284579072 +0200
-+++ keynote-2.3/configure.in 2007-06-04 13:22:41.389563112 +0200
-@@ -21,19 +21,13 @@
- AC_PATH_PROG(ECHO, echo, /bin/echo)
- AC_PATH_PROG(SED, sed, /usr/bin/sed)
-
--dnl Checks for libraries.
--LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
-- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
--
- AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm")
- AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref")
- AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto")
- AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
-
- dnl Checks for header files.
--CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
-- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
-- -I/usr/local/openssl/include -I/pkg/include"
-+CPPFLAGS="-I/usr/include/openssl"
-
- AC_HEADER_STDC
- AC_HEADER_TIME
-Index: keynote-2.3/keynote-keygen.c
-===================================================================
---- keynote-2.3.orig/keynote-keygen.c 2007-06-04 13:22:41.290578160 +0200
-+++ keynote-2.3/keynote-keygen.c 2007-06-04 13:22:41.389563112 +0200
-@@ -161,7 +161,7 @@
- if (strlen(algname) + 2 > prlen)
- {
- fprintf(stderr, "Parameter ``print-length'' should be larger "
-- "than the length of AlgorithmName (%d)\n", strlen(algname));
-+ "than the length of AlgorithmName (%lu)\n", strlen(algname));
- exit(-1);
- }
-
-Index: keynote-2.3/keynote.l
-===================================================================
---- keynote-2.3.orig/keynote.l 2007-06-04 13:22:41.295577400 +0200
-+++ keynote-2.3/keynote.l 2007-06-04 13:22:41.390562960 +0200
-@@ -61,7 +61,8 @@
- static struct lex_list *keynote_lex_list = (struct lex_list *) NULL;
- static int keynote_max_lex_list = 32;
- static int keynote_lex_counter = 0;
--static int first_tok = 0;
-+extern int first_tok;
-+int first_tok = 0;
- %}
- digit [0-9]
- specnumber [1-9][0-9]*
-@@ -766,7 +767,7 @@
- if (0)
- {
- yyunput(0, NULL);
-- yy_flex_realloc(0, NULL);
-+ yy_flex_realloc(NULL, 0);
- }
-
- return en;
-Index: keynote-2.3/keynote-ver.l
-===================================================================
---- keynote-2.3.orig/keynote-ver.l 2007-06-04 13:22:41.301576488 +0200
-+++ keynote-2.3/keynote-ver.l 2007-06-04 13:22:41.390562960 +0200
-@@ -267,7 +267,7 @@
- if (0)
- {
- yyunput(0, NULL);
-- yy_flex_realloc(0, NULL);
-+ yy_flex_realloc(NULL, 0);
- }
- }
-
-Index: keynote-2.3/keynote-ver.y
-===================================================================
---- keynote-2.3.orig/keynote-ver.y 2007-06-04 13:22:41.306575728 +0200
-+++ keynote-2.3/keynote-ver.y 2007-06-04 13:22:41.390562960 +0200
-@@ -49,7 +49,7 @@
- return keynote_errno;
- free($1);
- }
--
-+ ;
- expr: VSTRING EQ STRING { int i = kn_add_action(sessid, $1, $3, 0);
-
- if (i != 0)
-@@ -64,6 +64,7 @@
- free($1);
- free($3);
- } expr
-+ ;
- %%
- void
- kverror(char *s)
-Index: keynote-2.3/keynote.y
-===================================================================
---- keynote-2.3.orig/keynote.y 2007-06-04 13:22:41.311574968 +0200
-+++ keynote-2.3/keynote.y 2007-06-04 13:22:41.391562808 +0200
-@@ -73,8 +73,7 @@
- %}
- %%
-
--grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; }
-- localinit
-+grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; } localinit
- | ACTSTR { keynote_exceptionflag = keynote_donteval = 0; } program
- | KEYPRE { keynote_exceptionflag = keynote_donteval = 0; }
- keypredicate
-@@ -91,17 +90,17 @@
- STRING { keynote_lex_remove($3);
- keynote_privkey = $3;
- }
--
-+ ;
- keypredicate: /* Nothing */ { keynote_returnvalue = 0;
- return 0;
- }
- | notemptykeypredicate { keynote_returnvalue = $1;
- return 0;
- }
--
-+ ;
- notemptykeypredicate: key { $$ = $1; }
- | keyexp { $$ = $1; }
--
-+ ;
- keyexp: notemptykeypredicate AND { if (($1 == 0) && !keynote_justrecord)
- keynote_donteval = 1;
- } notemptykeypredicate
-@@ -138,7 +137,7 @@
- else
- $$ = 0;
- } /* K-th */
--
-+ ;
- keylist: key
- { /* Don't do anything if we're just recording */
- if (!keynote_justrecord && !keynote_donteval)
-@@ -155,7 +154,7 @@
-
- keylistcount++;
- }
--
-+ ;
- key: str {
- if (keynote_donteval)
- $$ = 0;
-@@ -193,10 +192,10 @@
- }
- }
- }
--
-+ ;
- localinit: /* Nothing */
- | localconstants
--
-+ ;
- localconstants: VARIABLE EQQ STRING
- {
- int i;
-@@ -265,12 +264,12 @@
- if (i != RESULT_TRUE)
- return -1;
- } localconstants
--
-+ ;
- program: prog {
- keynote_returnvalue = $1;
- return 0;
- }
--
-+ ;
- prog: /* Nada */ { $$ = 0; }
- | notemptyprog {
- /*
-@@ -285,7 +284,7 @@
- else
- $$ = $4;
- }
--
-+ ;
- notemptyprog: expr HINT afterhint
- {
- if (checkexception($1))
-@@ -300,7 +299,7 @@
- else
- $$ = 0;
- }
--
-+ ;
- afterhint: str { if (keynote_exceptionflag || keynote_donteval)
- $$ = 0;
- else
-@@ -315,7 +314,7 @@
- }
- }
- | OPENBLOCK prog CLOSEBLOCK { $$ = $2; }
--
-+ ;
-
- expr: OPENPAREN expr CLOSEPAREN { $$ = $2; }
- | expr AND { if ($1 == 0)
-@@ -334,19 +333,19 @@
- | stringexp { $$ = $1; }
- | TRUE { $$ = 1; }
- | FALSE { $$ = 0; }
--
-+ ;
- numexp: numex LT numex { $$ = $1 < $3; }
- | numex GT numex { $$ = $1 > $3; }
- | numex EQ numex { $$ = $1 == $3; }
- | numex LE numex { $$ = $1 <= $3; }
- | numex GE numex { $$ = $1 >= $3; }
- | numex NE numex { $$ = $1 != $3; }
--
-+ ;
- floatexp: floatex LT floatex { $$ = $1 < $3; }
- | floatex GT floatex { $$ = $1 > $3; }
- | floatex LE floatex { $$ = $1 <= $3; }
- | floatex GE floatex { $$ = $1 >= $3; }
--
-+ ;
- numex: numex PLUS numex { $$ = $1 + $3; }
- | numex MINUS numex { $$ = $1 - $3; }
- | numex MULT numex { $$ = $1 * $3; }
-@@ -384,7 +383,7 @@
- free($2);
- }
- }
--
-+ ;
- floatex: floatex PLUS floatex { $$ = ($1 + $3); }
- | floatex MINUS floatex { $$ = ($1 - $3); }
- | floatex MULT floatex { $$ = ($1 * $3); }
-@@ -418,7 +417,7 @@
- free($2);
- }
- }
--
-+ ;
- stringexp: str EQ str {
- if (keynote_exceptionflag || keynote_donteval)
- $$ = 0;
-@@ -529,9 +528,9 @@
- if (i == 0)
- {
- #if !defined(HAVE_SNPRINTF)
-- sprintf(grp, "%d", preg.re_nsub);
-+ sprintf(grp, "%d", (int)preg.re_nsub);
- #else /* !HAVE_SNPRINTF */
-- snprintf(grp, 3, "%d", preg.re_nsub);
-+ snprintf(grp, 3, "%d", (int)preg.re_nsub);
- #endif /* !HAVE_SNPRINTF */
- if (keynote_env_add("_0", grp, &keynote_temp_list,
- 1, 0) != RESULT_TRUE)
-@@ -579,7 +578,7 @@
- }
- }
- }
--
-+ ;
- str: str DOTT str { if (keynote_exceptionflag || keynote_donteval)
- $$ = (char *) NULL;
- else
-@@ -605,7 +604,7 @@
- }
- }
- | strnotconcat { $$ = $1; }
--
-+ ;
- strnotconcat: STRING { $$ = $1; }
- | OPENPAREN str CLOSEPAREN { $$ = $2; }
- | VARIABLE { if (keynote_exceptionflag || keynote_donteval)
-@@ -660,6 +659,7 @@
- return -1;
- }
- }
-+ ;
- %%
-
- /*
-Index: keynote-2.3/Makefile.in
-===================================================================
---- keynote-2.3.orig/Makefile.in 2007-06-04 13:22:41.317574056 +0200
-+++ keynote-2.3/Makefile.in 2007-06-04 13:22:41.391562808 +0200
-@@ -41,7 +41,8 @@
- YACCFLAGS = -d -p kn -b k
- LEXFLAGS2 = -Pkv -s -i
- LEXFLAGS = -Cr -Pkn -s -i
--CFLAGS = -O2 -Wall # -g
-+CFLAGS = -O2 -Wall -fno-strict-aliasing # -g
-+LDFLAGS = @LDFLAGS@
- RMFLAGS2 = -rf
- RMFLAGS = -f
- NROFFFLAGS = -mandoc
-@@ -83,7 +84,7 @@
- $(RANLIB) $(TARGET)
-
- $(TARGET2): $(TARGET) $(OBJS2)
-- $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS)
-+ $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LDFLAGS) $(LIBS)
-
- k.tab.c: keynote.y header.h keynote.h assertion.h config.h
- $(YACC) $(YACCFLAGS) keynote.y
-Index: keynote-2.3/signature.c
-===================================================================
---- keynote-2.3.orig/signature.c 2007-06-04 13:22:41.323573144 +0200
-+++ keynote-2.3/signature.c 2007-06-04 13:22:41.392562656 +0200
-@@ -515,7 +515,7 @@
- kk = dc->dec_key;
- if (keytype == KEYNOTE_PRIVATE_KEY)
- {
-- if (d2i_DSAPrivateKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
-+ if (d2i_DSAPrivateKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
- {
- if (ptr != (unsigned char *) NULL)
- free(ptr);
-@@ -526,7 +526,7 @@
- }
- else
- {
-- if (d2i_DSAPublicKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
-+ if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
- {
- if (ptr != (unsigned char *) NULL)
- free(ptr);
-@@ -556,7 +556,7 @@
- kk = dc->dec_key;
- if (keytype == KEYNOTE_PRIVATE_KEY)
- {
-- if (d2i_RSAPrivateKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
-+ if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
- {
- if (ptr != (unsigned char *) NULL)
- free(ptr);
-@@ -567,7 +567,7 @@
- }
- else
- {
-- if (d2i_RSAPublicKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
-+ if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
- {
- if (ptr != (unsigned char *) NULL)
- free(ptr);
diff --git a/package/keynote/patches/002-cross_compile.patch b/package/keynote/patches/002-cross_compile.patch
deleted file mode 100644
index 050efbd75..000000000
--- a/package/keynote/patches/002-cross_compile.patch
+++ /dev/null
@@ -1,588 +0,0 @@
-Index: keynote-2.3/configure
-===================================================================
---- keynote-2.3.orig/configure 2007-06-04 13:22:41.259582872 +0200
-+++ keynote-2.3/configure 2007-06-04 13:22:41.658522224 +0200
-@@ -889,52 +889,10 @@
- done
- test -n "$YACC" || YACC="yacc"
-
--for ac_prog in openssl ssleay
--do
--# Extract the first word of "$ac_prog", so it can be a program name with args.
--set dummy $ac_prog; ac_word=$2
--echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:898: checking for $ac_word" >&5
--if eval "test \"`echo '$''{'ac_cv_path_SSLEAY'+set}'`\" = set"; then
-- echo $ac_n "(cached) $ac_c" 1>&6
--else
-- case "$SSLEAY" in
-- /*)
-- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a path.
-- ;;
-- ?:/*)
-- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a dos path.
-- ;;
-- *)
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-- ac_dummy="\
-- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin"
-- for ac_dir in $ac_dummy; do
-- test -z "$ac_dir" && ac_dir=.
-- if test -f $ac_dir/$ac_word; then
-- ac_cv_path_SSLEAY="$ac_dir/$ac_word"
-- break
-- fi
-- done
-- IFS="$ac_save_ifs"
-- ;;
--esac
--fi
--SSLEAY="$ac_cv_path_SSLEAY"
--if test -n "$SSLEAY"; then
-- echo "$ac_t""$SSLEAY" 1>&6
--else
-- echo "$ac_t""no" 1>&6
--fi
--
--test -n "$SSLEAY" && break
--done
--test -n "$SSLEAY" || SSLEAY="/usr/local/bin/ssleay"
--
- # Extract the first word of "rm", so it can be a program name with args.
- set dummy rm; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:938: checking for $ac_word" >&5
-+echo "configure:896: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_RM'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -970,7 +928,7 @@
- # Extract the first word of "ar", so it can be a program name with args.
- set dummy ar; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:974: checking for $ac_word" >&5
-+echo "configure:932: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1006,7 +964,7 @@
- # Extract the first word of "nroff", so it can be a program name with args.
- set dummy nroff; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1010: checking for $ac_word" >&5
-+echo "configure:968: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_NROFF'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1042,7 +1000,7 @@
- # Extract the first word of "tar", so it can be a program name with args.
- set dummy tar; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1046: checking for $ac_word" >&5
-+echo "configure:1004: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_TAR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1078,7 +1036,7 @@
- # Extract the first word of "true", so it can be a program name with args.
- set dummy true; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1082: checking for $ac_word" >&5
-+echo "configure:1040: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_TRUE'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1114,7 +1072,7 @@
- # Extract the first word of "mkdir", so it can be a program name with args.
- set dummy mkdir; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1118: checking for $ac_word" >&5
-+echo "configure:1076: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_MKDIR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1150,7 +1108,7 @@
- # Extract the first word of "tr", so it can be a program name with args.
- set dummy tr; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1154: checking for $ac_word" >&5
-+echo "configure:1112: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_TR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1186,7 +1144,7 @@
- # Extract the first word of "echo", so it can be a program name with args.
- set dummy echo; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1190: checking for $ac_word" >&5
-+echo "configure:1148: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_ECHO'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1222,7 +1180,7 @@
- # Extract the first word of "sed", so it can be a program name with args.
- set dummy sed; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1226: checking for $ac_word" >&5
-+echo "configure:1184: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_SED'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1256,11 +1214,8 @@
- fi
-
-
--LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
-- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
--
- echo $ac_n "checking for floor in -lm""... $ac_c" 1>&6
--echo "configure:1264: checking for floor in -lm" >&5
-+echo "configure:1219: checking for floor in -lm" >&5
- ac_lib_var=`echo m'_'floor | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1268,7 +1223,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lm $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1272 "configure"
-+#line 1227 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1279,7 +1234,7 @@
- floor()
- ; return 0; }
- EOF
--if { (eval echo configure:1283: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1300,7 +1255,7 @@
- fi
-
- echo $ac_n "checking for RSAPrivateDecrypt in -lrsaref""... $ac_c" 1>&6
--echo "configure:1304: checking for RSAPrivateDecrypt in -lrsaref" >&5
-+echo "configure:1259: checking for RSAPrivateDecrypt in -lrsaref" >&5
- ac_lib_var=`echo rsaref'_'RSAPrivateDecrypt | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1308,7 +1263,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lrsaref $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1312 "configure"
-+#line 1267 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1319,7 +1274,7 @@
- RSAPrivateDecrypt()
- ; return 0; }
- EOF
--if { (eval echo configure:1323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1340,7 +1295,7 @@
- fi
-
- echo $ac_n "checking for i2a_ASN1_STRING in -lcrypto""... $ac_c" 1>&6
--echo "configure:1344: checking for i2a_ASN1_STRING in -lcrypto" >&5
-+echo "configure:1299: checking for i2a_ASN1_STRING in -lcrypto" >&5
- ac_lib_var=`echo crypto'_'i2a_ASN1_STRING | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1348,7 +1303,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lcrypto $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1352 "configure"
-+#line 1307 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1359,7 +1314,7 @@
- i2a_ASN1_STRING()
- ; return 0; }
- EOF
--if { (eval echo configure:1363: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1318: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1380,7 +1335,7 @@
- fi
-
- echo $ac_n "checking for RSA_ref_private_encrypt in -lRSAglue""... $ac_c" 1>&6
--echo "configure:1384: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
-+echo "configure:1339: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
- ac_lib_var=`echo RSAglue'_'RSA_ref_private_encrypt | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1388,7 +1343,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lRSAglue $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1392 "configure"
-+#line 1347 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1399,7 +1354,7 @@
- RSA_ref_private_encrypt()
- ; return 0; }
- EOF
--if { (eval echo configure:1403: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1420,12 +1375,9 @@
- fi
-
-
--CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
-- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
-- -I/usr/local/openssl/include -I/pkg/include"
-
- echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
--echo "configure:1429: checking how to run the C preprocessor" >&5
-+echo "configure:1381: checking how to run the C preprocessor" >&5
- # On Suns, sometimes $CPP names a directory.
- if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-@@ -1440,13 +1392,13 @@
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp.
- cat > conftest.$ac_ext <<EOF
--#line 1444 "configure"
-+#line 1396 "configure"
- #include "confdefs.h"
- #include <assert.h>
- Syntax Error
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1450: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1402: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- :
-@@ -1457,13 +1409,13 @@
- rm -rf conftest*
- CPP="${CC-cc} -E -traditional-cpp"
- cat > conftest.$ac_ext <<EOF
--#line 1461 "configure"
-+#line 1413 "configure"
- #include "confdefs.h"
- #include <assert.h>
- Syntax Error
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1467: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- :
-@@ -1474,13 +1426,13 @@
- rm -rf conftest*
- CPP="${CC-cc} -nologo -E"
- cat > conftest.$ac_ext <<EOF
--#line 1478 "configure"
-+#line 1430 "configure"
- #include "confdefs.h"
- #include <assert.h>
- Syntax Error
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1484: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1436: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- :
-@@ -1505,12 +1457,12 @@
- echo "$ac_t""$CPP" 1>&6
-
- echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
--echo "configure:1509: checking for ANSI C header files" >&5
-+echo "configure:1461: checking for ANSI C header files" >&5
- if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1514 "configure"
-+#line 1466 "configure"
- #include "confdefs.h"
- #include <stdlib.h>
- #include <stdarg.h>
-@@ -1518,7 +1470,7 @@
- #include <float.h>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1522: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1474: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
-@@ -1535,7 +1487,7 @@
- if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat > conftest.$ac_ext <<EOF
--#line 1539 "configure"
-+#line 1491 "configure"
- #include "confdefs.h"
- #include <string.h>
- EOF
-@@ -1553,7 +1505,7 @@
- if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat > conftest.$ac_ext <<EOF
--#line 1557 "configure"
-+#line 1509 "configure"
- #include "confdefs.h"
- #include <stdlib.h>
- EOF
-@@ -1574,7 +1526,7 @@
- :
- else
- cat > conftest.$ac_ext <<EOF
--#line 1578 "configure"
-+#line 1530 "configure"
- #include "confdefs.h"
- #include <ctype.h>
- #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-@@ -1585,7 +1537,7 @@
- exit (0); }
-
- EOF
--if { (eval echo configure:1589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
-+if { (eval echo configure:1541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
- then
- :
- else
-@@ -1609,12 +1561,12 @@
- fi
-
- echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
--echo "configure:1613: checking whether time.h and sys/time.h may both be included" >&5
-+echo "configure:1565: checking whether time.h and sys/time.h may both be included" >&5
- if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1618 "configure"
-+#line 1570 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <sys/time.h>
-@@ -1623,7 +1575,7 @@
- struct tm *tp;
- ; return 0; }
- EOF
--if { (eval echo configure:1627: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:1579: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_header_time=yes
- else
-@@ -1647,17 +1599,17 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:1651: checking for $ac_hdr" >&5
-+echo "configure:1603: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1656 "configure"
-+#line 1608 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1613: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
-@@ -1687,17 +1639,17 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:1691: checking for $ac_hdr" >&5
-+echo "configure:1643: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1696 "configure"
-+#line 1648 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1701: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1653: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
-@@ -1726,12 +1678,12 @@
-
-
- echo $ac_n "checking for working const""... $ac_c" 1>&6
--echo "configure:1730: checking for working const" >&5
-+echo "configure:1682: checking for working const" >&5
- if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1735 "configure"
-+#line 1687 "configure"
- #include "confdefs.h"
-
- int main() {
-@@ -1780,7 +1732,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1784: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:1736: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_c_const=yes
- else
-@@ -1801,12 +1753,12 @@
- fi
-
- echo $ac_n "checking for u_int""... $ac_c" 1>&6
--echo "configure:1805: checking for u_int" >&5
-+echo "configure:1757: checking for u_int" >&5
- if eval "test \"`echo '$''{'ac_cv_type_u_int'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1810 "configure"
-+#line 1762 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #if STDC_HEADERS
-@@ -1834,12 +1786,12 @@
- fi
-
- echo $ac_n "checking for u_char""... $ac_c" 1>&6
--echo "configure:1838: checking for u_char" >&5
-+echo "configure:1790: checking for u_char" >&5
- if eval "test \"`echo '$''{'ac_cv_type_u_char'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1843 "configure"
-+#line 1795 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #if STDC_HEADERS
-@@ -1870,12 +1822,12 @@
- for ac_func in regcomp open close read _open _close _read strchr memcpy
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:1874: checking for $ac_func" >&5
-+echo "configure:1826: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1879 "configure"
-+#line 1831 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -1898,7 +1850,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -1925,12 +1877,12 @@
- for ac_func in strcasecmp strncasecmp stricmp strnicmp snprintf __b64_ntop
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:1929: checking for $ac_func" >&5
-+echo "configure:1881: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1934 "configure"
-+#line 1886 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -1953,7 +1905,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1909: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -1980,12 +1932,12 @@
- for ac_func in getopt
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:1984: checking for $ac_func" >&5
-+echo "configure:1936: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1989 "configure"
-+#line 1941 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -2008,7 +1960,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:2012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -2172,7 +2124,6 @@
- s%@CC@%$CC%g
- s%@RANLIB@%$RANLIB%g
- s%@YACC@%$YACC%g
--s%@SSLEAY@%$SSLEAY%g
- s%@RM@%$RM%g
- s%@AR@%$AR%g
- s%@NROFF@%$NROFF%g
-Index: keynote-2.3/configure.in
-===================================================================
---- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.389563112 +0200
-+++ keynote-2.3/configure.in 2007-06-04 13:22:41.658522224 +0200
-@@ -9,8 +9,8 @@
- AC_PROG_CC
- AC_PROG_RANLIB
- AC_PROG_YACC
--AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
-- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
-+dnl AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
-+dnl $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
- AC_PATH_PROG(RM, rm, /bin/rm)
- AC_PATH_PROG(AR, ar, /usr/bin/ar)
- AC_PATH_PROG(NROFF, nroff, /usr/bin/nroff)
-@@ -27,7 +27,7 @@
- AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
-
- dnl Checks for header files.
--CPPFLAGS="-I/usr/include/openssl"
-+dnl CPPFLAGS="-I/usr/include/openssl"
-
- AC_HEADER_STDC
- AC_HEADER_TIME
diff --git a/package/openswan/Makefile b/package/openswan/Makefile
deleted file mode 100644
index 6b6821dcf..000000000
--- a/package/openswan/Makefile
+++ /dev/null
@@ -1,96 +0,0 @@
-#
-# Copyright (C) 2006-2008 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-# $Id$
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=openswan
-PKG_VERSION:=2.4.10
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.openswan.org/download
-PKG_MD5SUM:=2b36785342c74d524d8d86bde89a445f
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/openswan/Default
- TITLE:=Openswan
- URL:=http://www.openswan.org/
- DEPENDS:=@BROKEN
-endef
-
-define Package/openswan/Default/description
- Openswan is an IPsec implementation for Linux.
-endef
-
-define Package/openswan
-$(call Package/openswan/Default)
- SECTION:=net
- CATEGORY:=Network
- DEPENDS+= +kmod-openswan +libgmp +ip
- TITLE+= (daemon)
- URL:=http://www.openswan.org/
-endef
-
-define Package/openswan/description
-$(call Package/openswan/Default/description)
- This package contains the Openswan user-land daemon.
-endef
-
-define KernelPackage/openswan
-$(call Package/openswan/Default)
- SUBMENU:=Network Support
- TITLE+= (kernel module)
- FILES:=$(PKG_BUILD_DIR)/modobj*/ipsec.$(LINUX_KMOD_SUFFIX)
-endef
-
-define KernelPackage/openswan/description
-$(call Package/openswan/Default/description)
- This package contains the Openswan kernel module.
-endef
-
-TARGET_CPPFLAGS = \
- -I$(STAGING_DIR)/usr/include \
- -I$(LINUX_DIR)/include
-
-TARGET_LDFLAGS = \
- -L$(STAGING_DIR)/usr/lib
-
-OPENSWAN_MAKE := $(MAKE) -C $(PKG_BUILD_DIR) \
- $(TARGET_CONFIGURE_OPTS) \
- LINUX_RELEASE="$(LINUX_RELEASE)" \
- KERNELSRC="$(LINUX_DIR)" \
- ARCH="$(LINUX_KARCH)" \
- CROSS_COMPILE="$(TARGET_CROSS)" \
- USERCOMPILE="$(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
- IPSECDIR="/usr/lib/ipsec" \
- INC_USRLOCAL="/usr" \
- INC_RCDEFAULT="/etc/init.d" \
- MODPROBE="/sbin/insmod" \
- LDFLAGS="$(TARGET_LDFLAGS)" \
- DESTDIR="$(PKG_INSTALL_DIR)"
-
-define Build/Compile
- $(OPENSWAN_MAKE) \
- programs module install
-endef
-
-define Package/openswan/install
- $(CP) $(PKG_INSTALL_DIR)/* $(1)
- $(INSTALL_DIR) $(1)/etc/init.d
- $(CP) ./files/ipsec.init $(1)/etc/init.d/ipsec
- rm -rf $(1)/usr/share
- rm -rf $(1)/usr/man
- rm -rf $(1)/var
- rm -rf $(1)/etc/rc.d
- find $(1) -name \*.old | xargs rm -rf
-endef
-
-$(eval $(call BuildPackage,openswan))
-$(eval $(call KernelPackage,openswan))
diff --git a/package/openswan/files/ipsec.init b/package/openswan/files/ipsec.init
deleted file mode 100755
index 33c416351..000000000
--- a/package/openswan/files/ipsec.init
+++ /dev/null
@@ -1,158 +0,0 @@
-#!/bin/sh /etc/rc.common
-# IPsec startup and shutdown script
-# Copyright (C) 1998, 1999, 2001 Henry Spencer.
-# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
-# Copyright (C) 2006 OpenWrt.org
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# for more details.
-#
-# RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $
-#
-# ipsec init.d script for starting and stopping
-# the IPsec security subsystem (KLIPS and Pluto).
-#
-# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
-# and is also accessible as "ipsec setup" (the preferred route for human
-# invocation).
-#
-# The startup and shutdown times are a difficult compromise (in particular,
-# it is almost impossible to reconcile them with the insanely early/late
-# times of NFS filesystem startup/shutdown). Startup is after startup of
-# syslog and pcmcia support; shutdown is just before shutdown of syslog.
-#
-# chkconfig: 2345 47 76
-# description: IPsec provides encrypted and authenticated communications; \
-# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
-
-START=60
-script_init() {
- me='ipsec setup' # for messages
-
- # where the private directory and the config files are
- IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
- IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
- IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
- IPSEC_CONFS="${IPSEC_CONFS-/etc}"
-
- if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
- then
- # we must establish a suitable PATH ourselves
- PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
- export PATH
-
- IPSEC_DIR="$IPSEC_LIBDIR"
- export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
- fi
-
- # Check that the ipsec command is available.
- found=
- for dir in `echo $PATH | tr ':' ' '`
- do
- if test -f $dir/ipsec -a -x $dir/ipsec
- then
- found=yes
- break # NOTE BREAK OUT
- fi
- done
- if ! test "$found"
- then
- echo "cannot find ipsec command -- \`$1' aborted" |
- logger -s -p daemon.error -t ipsec_setup
- exit 1
- fi
-
- # Pick up IPsec configuration (until we have done this, successfully, we
- # do not know where errors should go, hence the explicit "daemon.error"s.)
- # Note the "--export", which exports the variables created.
- eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
-
- if test " $IPSEC_confreadstatus" != " "
- then
- case $1 in
- stop|--stop|_autostop)
- echo "$IPSEC_confreadstatus -- \`$1' may not work" |
- logger -s -p daemon.error -t ipsec_setup;;
-
- *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
- logger -s -p daemon.error -t ipsec_setup;
- exit 1;;
- esac
- fi
-
- IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
- export IPSEC_confreadsection
-
- IPSECsyslog=${IPSECsyslog-daemon.error}
- export IPSECsyslog
-
- # misc setup
- umask 022
-
- mkdir -p /var/run/pluto
-}
-
-script_command() {
- if [ "${USER}" != "root" ]
- then
- echo "permission denied (must be superuser)" |
- logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
- exit 1
- fi
- # make sure all required directories exist
- if [ ! -d /var/run/pluto ]
- then
- mkdir -p /var/run/pluto
- fi
- if [ ! -d /var/lock/subsys ]
- then
- mkdir -p /var/lock/subsys
- fi
- tmp=/var/run/pluto/ipsec_setup.st
- outtmp=/var/run/pluto/ipsec_setup.out
- (
- ipsec _realsetup $1
- echo "$?" >$tmp
- ) > ${outtmp} 2>&1
- st=$?
- if test -f $tmp
- then
- st=`cat $tmp`
- rm -f $tmp
- fi
- if [ -f ${outtmp} ]; then
- cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
- rm -f ${outtmp}
- fi
-}
-
-
-start() {
- script_init start "$@"
- script_command start "$@"
-}
-
-stop() {
- script_init stop "$@"
- script_command stop "$@"
-}
-
-restart() {
- script_init stop "$@"
- script_command stop "$@"
- script_command start "$@"
-}
-
-status() {
- script_init status "$@"
- ipsec _realsetup status
-}
-EXTRA_COMMANDS=status
-EXTRA_HELP=" status Show the status of the service"
diff --git a/package/openswan/patches/110-scripts.patch b/package/openswan/patches/110-scripts.patch
deleted file mode 100644
index d605ceaba..000000000
--- a/package/openswan/patches/110-scripts.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix
---- openswan.old/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
-+++ openswan.dev/programs/loggerfix 2006-10-08 20:41:08.000000000 +0200
-@@ -0,0 +1,5 @@
-+#!/bin/sh
-+# use filename instead of /dev/null to log, but dont log to flash or ram
-+# pref. log to nfs mount
-+echo "$*" >> /dev/null
-+exit 0
-diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in
---- openswan.old/programs/_plutorun/_plutorun.in 2006-10-08 20:43:21.000000000 +0200
-+++ openswan.dev/programs/_plutorun/_plutorun.in 2006-10-08 20:41:08.000000000 +0200
-@@ -147,7 +147,7 @@
- exit 1
- fi
- else
-- if test ! -w "`dirname $stderrlog`"
-+ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
- then
- echo Cannot write to directory to create \"$stderrlog\".
- exit 1
-diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in
---- openswan.old/programs/_realsetup/_realsetup.in 2006-10-08 20:43:21.000000000 +0200
-+++ openswan.dev/programs/_realsetup/_realsetup.in 2006-10-08 20:41:08.000000000 +0200
-@@ -232,7 +232,7 @@
-
- # misc pre-Pluto setup
-
-- perform test -d `dirname $subsyslock` "&&" touch $subsyslock
-+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
-
- if test " $IPSECforwardcontrol" = " yes"
- then
diff --git a/package/openswan/patches/120-use_dev_urandom.patch b/package/openswan/patches/120-use_dev_urandom.patch
deleted file mode 100644
index 6bbcbf164..000000000
--- a/package/openswan/patches/120-use_dev_urandom.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Index: openswan-2.4.8/programs/ranbits/ranbits.c
-===================================================================
---- openswan-2.4.8.orig/programs/ranbits/ranbits.c 2007-06-04 13:22:49.835279168 +0200
-+++ openswan-2.4.8/programs/ranbits/ranbits.c 2007-06-04 13:22:51.648003592 +0200
-@@ -29,7 +29,7 @@
- #include <openswan.h>
-
- #ifndef DEVICE
--#define DEVICE "/dev/random"
-+#define DEVICE "/dev/urandom"
- #endif
- #ifndef QDEVICE
- #define QDEVICE "/dev/urandom"
-Index: openswan-2.4.8/programs/rsasigkey/rsasigkey.c
-===================================================================
---- openswan-2.4.8.orig/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:49.842278104 +0200
-+++ openswan-2.4.8/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:51.649003440 +0200
-@@ -31,7 +31,7 @@
- #include <gmp.h>
-
- #ifndef DEVICE
--#define DEVICE "/dev/random"
-+#define DEVICE "/dev/urandom"
- #endif
- #ifndef MAXBITS
- #define MAXBITS 20000
-Index: openswan-2.4.8/programs/starter/files.h
-===================================================================
---- openswan-2.4.8.orig/programs/starter/files.h 2007-06-04 13:22:49.850276888 +0200
-+++ openswan-2.4.8/programs/starter/files.h 2007-06-04 13:22:51.649003440 +0200
-@@ -36,7 +36,7 @@
-
- #define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid"
-
--#define DEV_RANDOM "/dev/random"
-+#define DEV_RANDOM "/dev/urandom"
- #define DEV_URANDOM "/dev/urandom"
-
- #define PROC_IPSECVERSION "/proc/net/ipsec_version"
diff --git a/package/shfs/Makefile b/package/shfs/Makefile
deleted file mode 100644
index fd507217a..000000000
--- a/package/shfs/Makefile
+++ /dev/null
@@ -1,89 +0,0 @@
-#
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-# $Id$
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=shfs
-PKG_VERSION:=0.35
-PKG_RELEASE:=2
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=@SF/shfs
-PKG_MD5SUM:=016f49d71bc32eee2b5d11fc1600cfbe
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/shfs/Default
- TITLE:=ShFS
- URL:=http://shfs.sourceforge.net/
-endef
-
-define Package/shfs/Default/description
- ShFS is a simple and easy to use Linux kernel module which allows you to
- mount remote filesystems using a plain shell (SSH) connection. When using
- ShFS, you can access all remote files just like the local ones, only the
- access is governed through the transport security of SSH.
-endef
-
-define KernelPackage/shfs
-$(call Package/shfs/Default)
- TITLE+= (kernel module)
- DEPENDS:=@LINUX_2_4
- FILES:=$(PKG_INSTALL_DIR)/lib/modules/$(LINUX_VERSION)/kernel/fs/shfs/shfs.$(LINUX_KMOD_SUFFIX)
- SUBMENU:=Filesystems
- AUTOLOAD:=$(call AutoLoad,40,shfs)
-endef
-
-define KernelPackage/shfs/description
-$(call Package/shfs/Default/description)
- This package contains the ShFS kernel module.
-endef
-
-define Package/shfs-utils
-$(call Package/shfs/Default)
- SECTION:=utils
- CATEGORY:=Utilities
- DEPENDS+=+kmod-shfs
- TITLE+= (utilities)
-endef
-
-define Package/shfs-utils/description
-$(call Package/shfs/Default/description)
- This package contains the ShFS utilities.
-endef
-
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- ARCH="$(LINUX_KARCH)" \
- CROSS_COMPILE="$(TARGET_CROSS)" \
- OFLAGS="$(TARGET_CFLAGS)" \
- CC="$(TARGET_CC)" \
- LINKER="$(TARGET_CC)" \
- KERNEL="$(LINUX_VERSION)" \
- KERNEL_SOURCES="$(LINUX_DIR)" \
- ROOT="$(PKG_INSTALL_DIR)" \
- module module-install
- $(MAKE) -C $(PKG_BUILD_DIR) \
- OFLAGS="$(TARGET_CFLAGS)" \
- CC="$(TARGET_CC)" \
- LINKER="$(TARGET_CC)" \
- KERNEL_SOURCES="$(LINUX_DIR)" \
- ROOT="$(PKG_INSTALL_DIR)" \
- utils utils-install
-endef
-
-define Package/shfs-utils/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/shfs{,u}mount $(1)/usr/bin/
- $(INSTALL_DIR) $(1)/sbin
- ln -sf /usr/bin/shfsmount $(1)/sbin/mount.shfs
-endef
-
-$(eval $(call KernelPackage,shfs))
-$(eval $(call BuildPackage,shfs-utils))
diff --git a/package/shfs/patches/100-kmod_build.patch b/package/shfs/patches/100-kmod_build.patch
deleted file mode 100644
index 16f198c4f..000000000
--- a/package/shfs/patches/100-kmod_build.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-Index: shfs-0.35/shfs/Linux-2.4/Makefile
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.143016200 +0200
-+++ shfs-0.35/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.209006168 +0200
-@@ -1,3 +1,13 @@
-+#
-+# the original Makefile was trashed and replaced by this one
-+# The main reason is that loadable modules should be built with
-+# the same compile flags the kernel was built with, so we'd better
-+# let the kernel tree build the module for us, like that :
-+#
-+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules
-+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules_install
-+#
-+
- ifndef KERNEL
- KERNEL=$(shell uname -r)
- endif
-@@ -10,67 +20,29 @@
- KERNEL_SOURCES=${MODULESDIR}/build
- endif
-
--ifeq (${MODVERSIONS},detect)
-- ifeq ($(shell test -e ${KERNEL_SOURCES}/include/linux/modversions.h; echo $$?),0)
-- MODVERSIONS=yes
-- endif
--endif
--
--ifeq (${MODVERSIONS},yes)
--MVER=-DMODVERSIONS -DEXPORT_SYMTAB
--endif
--
--LINVER=linux-${KERNEL}
--
--ALL_TARGETS := shfs.o
--
--SEARCHDIRS := -I- -I. -I${KERNEL_SOURCES}/include #-I/usr/src/linux/include/
-+all: all-y
-
--CC := gcc
--CFLAGS = -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -Wall ${SEARCHDIRS} -DMODULE ${MVER} -D__KERNEL__ -DLINUX
--LINKER := ld
--LDFLAGS = -r
--LOADLIBES :=
-+O_TARGET := shfs.o
-
--all: ${ALL_TARGETS}
-+shfs-objs := dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
-
--%.o: %.c $(wildcard *.h)
-- ${CC} ${CFLAGS} -c $< -o $@
-+obj-y := $(shfs-objs)
-+obj-m := $(O_TARGET)
-
--shfs.o: dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
-- ${LINKER} ${LDFLAGS} -o $@ ${filter-out %.a %.so, $^} ${LOADLIBES}
--
--tidy:
-- ${RM} core dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
--
--clean: tidy patch-clean
-- ${RM} shfs.o
-+-include $(TOPDIR)/Rules.make
-
-+all-y:
-+ make -C ${KERNEL_SOURCES} TOPDIR="${KERNEL_SOURCES}" SUBDIRS="$(shell pwd)" modules
-+
- install: shfs.o
- rm -f ${MODULESDIR}/kernel/fs/shfs/shfs.o
- install -m644 -b -D shfs.o ${MODULESDIR}/kernel/fs/shfs/shfs.o
-- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
-
- uninstall:
- rm -rf ${MODULESDIR}/kernel/fs/shfs
-- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
-
--patch:
-- rm -rf ${LINVER} ${LINVER}.orig; mkdir ${LINVER};
-- for i in Documentation fs/shfs include/linux; do \
-- mkdir -p ${LINVER}/$$i; \
-- done
-- cp ${KERNEL_SOURCES}/Documentation/Configure.help ${LINVER}/Documentation
-- cp ${KERNEL_SOURCES}/fs/{Makefile,Config.in} ${LINVER}/fs
-- cp -r ${LINVER} ${LINVER}.orig
-- cp ../../Changelog *.c shfs_debug.h proc.h ${LINVER}/fs/shfs/
-- cp shfs.h shfs_fs* ${LINVER}/include/linux/
-- (cd ${LINVER}; patch -p1 <../kernel-config.diff)
-- find . -type f -name "*.orig" -print | xargs rm -f
-- diff -urN ${LINVER}.orig ${LINVER} >${LINVER}.diff; true
--
--patch-clean:
-- rm -rf ${LINVER} ${LINVER}.orig;
-- rm -f ${LINVER}.diff
--
--.PHONY : all tidy clean install uninstall patch patch-clean
-+clean:
-+ rm -f core *.o *.a *.s
-+
-+shfs.o: $(shfs-objs)
-+
diff --git a/package/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch b/package/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch
deleted file mode 100644
index e7754b037..000000000
--- a/package/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-Index: shfs-0.35/shfs/Linux-2.6/inode.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.091024104 +0200
-+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
-@@ -337,12 +337,21 @@
- return -EINVAL;
- }
-
-+#ifdef NEW_VFS_DENTRY_API
-+static int
-+shfs_get_sb(struct file_system_type *fs_type,
-+ int flags, const char *dev_name, void *data, struct vfsmount *mnt)
-+{
-+ return get_sb_nodev(fs_type, flags, data, shfs_read_super, mnt);
-+}
-+#else
- static struct super_block *
- shfs_get_sb(struct file_system_type *fs_type,
- int flags, const char *dev_name, void *data)
- {
- return get_sb_nodev(fs_type, flags, data, shfs_read_super);
- }
-+#endif
-
- static struct file_system_type sh_fs_type = {
- .owner = THIS_MODULE,
-Index: shfs-0.35/shfs/Linux-2.6/file.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.096023344 +0200
-+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
-@@ -199,7 +199,7 @@
- }
-
- static int
--shfs_file_flush(struct file *f)
-+do_file_flush(struct file *f)
- {
- struct dentry *dentry = f->f_dentry;
- struct shfs_sb_info *info = info_from_dentry(dentry);
-@@ -222,6 +222,16 @@
- }
-
- static int
-+#ifdef FLUSH_HAS_LOCK_OWNER
-+shfs_file_flush(struct file *f, fl_owner_t id)
-+#else
-+shfs_file_flush(struct file *f)
-+#endif
-+{
-+ return do_file_flush(f);
-+}
-+
-+static int
- shfs_file_release(struct inode *inode, struct file *f)
- {
- struct dentry *dentry = f->f_dentry;
-@@ -311,7 +321,7 @@
- DEBUG("\n");
- written = generic_file_write(f, buf, count, offset);
- if (written > 0) {
-- result = shfs_file_flush(f);
-+ result = do_file_flush(f);
- written = result < 0 ? result: written;
- }
-
-Index: shfs-0.35/shfs/Linux-2.6/proc.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.102022432 +0200
-+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
-@@ -570,6 +570,16 @@
- return result;
- }
-
-+#ifdef NEW_VFS_DENTRY_API
-+int
-+shfs_statfs(struct dentry *dentry, struct kstatfs *attr)
-+{
-+ struct shfs_sb_info *info = info_from_sb(dentry->d_sb);
-+
-+ DEBUG("\n");
-+ return info->fops.statfs(info, attr);
-+}
-+#else
- int
- shfs_statfs(struct super_block *sb, struct kstatfs *attr)
- {
-@@ -578,4 +588,5 @@
- DEBUG("\n");
- return info->fops.statfs(info, attr);
- }
-+#endif
-
-Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.107021672 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
-@@ -9,6 +9,12 @@
-
- #include <linux/ioctl.h>
- #include <linux/pagemap.h>
-+#include <linux/version.h>
-+
-+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,17)
-+#define NEW_VFS_DENTRY_API
-+#define FLUSH_HAS_LOCK_OWNER
-+#endif
-
- #define SHFS_MAX_AGE(info) (((info)->ttl * HZ) / 1000)
- #define SOCKBUF_SIZE (SHFS_PATH_MAX * 10)
-@@ -101,7 +107,12 @@
- void set_garbage(struct shfs_sb_info *info, int write, int count);
- int get_name(struct dentry *d, char *name);
- int shfs_notify_change(struct dentry *dentry, struct iattr *attr);
-+
-+#ifdef NEW_VFS_DENTRY_API
-+int shfs_statfs(struct dentry *dentry, struct kstatfs *attr);
-+#else
- int shfs_statfs(struct super_block *sb, struct kstatfs *attr);
-+#endif
-
- /* shfs/inode.c */
- void shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr);
-Index: shfs-0.35/shfs/Linux-2.6/symlink.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.113020760 +0200
-+++ shfs-0.35/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.398977288 +0200
-@@ -41,7 +41,7 @@
- return result;
- }
-
--static int
-+static void *
- shfs_follow_link(struct dentry *dentry, struct nameidata *nd)
- {
- struct shfs_sb_info *info = info_from_dentry(dentry);
-@@ -61,7 +61,7 @@
- DEBUG("%s\n", real_name);
- result = vfs_follow_link(nd, real_name);
- error:
-- return result;
-+ return NULL;
- }
-
- struct inode_operations shfs_symlink_inode_operations = {
-Index: shfs-0.35/shfs/Linux-2.6/dcache.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.121019544 +0200
-+++ shfs-0.35/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.398977288 +0200
-@@ -68,7 +68,7 @@
- spin_lock(&dcache_lock);
- next = parent->d_subdirs.next;
- while (next != &parent->d_subdirs) {
-- dentry = list_entry(next, struct dentry, d_child);
-+ dentry = list_entry(next, struct dentry, d_u.d_child);
- dentry->d_fsdata = NULL;
- shfs_age_dentry(info, dentry);
- next = next->next;
-@@ -101,7 +101,7 @@
- spin_lock(&dcache_lock);
- next = parent->d_subdirs.next;
- while (next != &parent->d_subdirs) {
-- dent = list_entry(next, struct dentry, d_child);
-+ dent = list_entry(next, struct dentry, d_u.d_child);
- if ((unsigned long)dent->d_fsdata == fpos) {
- if (dent->d_inode)
- dget_locked(dent);
diff --git a/package/shfs/patches/102-shfs_0.35_clean_inode_clear.patch b/package/shfs/patches/102-shfs_0.35_clean_inode_clear.patch
deleted file mode 100644
index f12fc9650..000000000
--- a/package/shfs/patches/102-shfs_0.35_clean_inode_clear.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Index: shfs-0.35/shfs/Linux-2.6/inode.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
-+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
-@@ -8,6 +8,7 @@
- #include <linux/modversions.h>
- #endif
-
-+#include <linux/version.h>
- #include <linux/kernel.h>
- #include <linux/module.h>
- #include <linux/init.h>
-@@ -118,6 +119,9 @@
- }
- KMEM_FREE("inode", inode_cache, i);
- out:
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,13))
-+ truncate_inode_pages(&inode->i_data, 0);
-+#endif
- clear_inode(inode);
- }
-
diff --git a/package/shfs/patches/103-shfs_0.35_gcc4.patch b/package/shfs/patches/103-shfs_0.35_gcc4.patch
deleted file mode 100644
index e4c13882c..000000000
--- a/package/shfs/patches/103-shfs_0.35_gcc4.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Index: shfs-0.35/shfs/Linux-2.6/dir.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.041031704 +0200
-+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
-@@ -19,6 +19,8 @@
- #include "shfs_debug.h"
- #include "proc.h"
-
-+static struct dentry_operations shfs_dentry_operations;
-+
- static int
- shfs_dir_open(struct inode *inode, struct file *filp)
- {
-Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.823912688 +0200
-@@ -56,7 +56,6 @@
- #define ROUND_TO_MINS(x) do { (x).tv_sec = ((x).tv_sec / 60) * 60; (x).tv_nsec = 0; } while (0)
-
- /* shfs/dir.c */
--extern struct dentry_operations shfs_dentry_operations;
- extern struct file_operations shfs_dir_operations;
- extern struct inode_operations shfs_dir_inode_operations;
- extern void shfs_new_dentry(struct dentry *dentry);
diff --git a/package/shfs/patches/104-shfs_0.35_inode_and_fs.patch b/package/shfs/patches/104-shfs_0.35_inode_and_fs.patch
deleted file mode 100644
index 0953e6b0a..000000000
--- a/package/shfs/patches/104-shfs_0.35_inode_and_fs.patch
+++ /dev/null
@@ -1,377 +0,0 @@
-Index: shfs-0.35/shfs/Linux-2.6/fcache.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:57.997038392 +0200
-+++ shfs-0.35/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:59.019882896 +0200
-@@ -100,7 +100,11 @@
- VERBOSE("dir in file cache?\n");
- return -EINVAL;
- }
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -127,7 +131,11 @@
- VERBOSE("dir in file cache?\n");
- return -EINVAL;
- }
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -160,7 +168,11 @@
- if (result == 0) {
- struct shfs_inode_info *p;
-
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)f->f_dentry->d_inode->i_private;
-+#else
- p = (struct shfs_inode_info *)f->f_dentry->d_inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -184,7 +196,11 @@
- return -EINVAL;
- }
- DEBUG("ino: %lu\n", inode->i_ino);
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -226,7 +242,11 @@
- VERBOSE("dir in file cache?\n");
- return -EINVAL;
- }
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -327,7 +347,11 @@
- VERBOSE("dir in file cache?\n");
- return -EINVAL;
- }
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-Index: shfs-0.35/shfs/Linux-2.6/inode.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
-+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:59.020882744 +0200
-@@ -36,7 +36,11 @@
- shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr)
- {
- struct shfs_sb_info *info = info_from_inode(inode);
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ struct shfs_inode_info *i = inode->i_private;
-+#else
- struct shfs_inode_info *i = inode->u.generic_ip;
-+#endif
- struct timespec last_time = inode->i_mtime;
- loff_t last_size = inode->i_size;
-
-@@ -53,7 +57,9 @@
- inode->i_ctime = fattr->f_ctime;
- inode->i_atime = fattr->f_atime;
- inode->i_mtime = fattr->f_mtime;
-+#ifdef STRUCT_INODE_HAS_I_BLKSIZE
- inode->i_blksize= fattr->f_blksize;
-+#endif
- inode->i_blocks = fattr->f_blocks;
- inode->i_size = fattr->f_size;
-
-@@ -76,7 +82,11 @@
- if (!inode)
- return NULL;
- inode->i_ino = fattr->f_ino;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ i = inode->i_private = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
-+#else
- i = inode->u.generic_ip = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
-+#endif
- if (!i)
- return NULL;
- i->cache = NULL;
-@@ -108,7 +118,11 @@
- struct shfs_inode_info *i;
-
- DEBUG("ino: %lu\n", inode->i_ino);
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ i = (struct shfs_inode_info *)inode->i_private;
-+#else
- i = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!i) {
- VERBOSE("invalid inode\n");
- goto out;
-@@ -176,7 +190,11 @@
- {
- struct shfs_sb_info *info = info_from_dentry(dentry);
- struct inode *inode = dentry->d_inode;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
-+#else
- struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- int result;
-
- DEBUG("%s\n", dentry->d_name.name);
-Index: shfs-0.35/shfs/Linux-2.6/dir.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
-+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:59.020882744 +0200
-@@ -302,8 +302,13 @@
-
- shfs_invalid_dir_cache(dir);
- result = shfs_instantiate(dentry);
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ if (forced_write && dentry->d_inode && dentry->d_inode->i_private)
-+ ((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close = 1;
-+#else
- if (forced_write && dentry->d_inode && dentry->d_inode->u.generic_ip)
- ((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close = 1;
-+#endif
- return result;
- }
-
-Index: shfs-0.35/shfs/Linux-2.6/file.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
-+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:59.020882744 +0200
-@@ -90,7 +90,11 @@
- struct dentry *dentry = f->f_dentry;
- struct shfs_sb_info *info = info_from_dentry(dentry);
- struct inode *inode = p->mapping->host;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
-+#else
- struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- char *buffer = kmap(p) + offset;
- int written = 0, result;
- unsigned count = to - offset;
-@@ -252,8 +256,13 @@
- }
- }
- /* if file was forced to be writeable, change attrs back on close */
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ if (dentry->d_inode && dentry->d_inode->i_private) {
-+ if (((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close) {
-+#else
- if (dentry->d_inode && dentry->d_inode->u.generic_ip) {
- if (((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close) {
-+#endif
- char name[SHFS_PATH_MAX];
-
- if (get_name(dentry, name) < 0)
-@@ -302,7 +311,8 @@
- goto error;
- }
- if (result != 0) {
-- copy_to_user(buf, (char *)page, result);
-+ if (copy_to_user(buf, (char *)page, result))
-+ goto error;
- *ppos += result;
- }
- error:
-@@ -315,11 +325,15 @@
- static ssize_t
- shfs_slow_write(struct file *f, const char *buf, size_t count, loff_t *offset)
- {
-- int written = 0;
-+ ssize_t written = 0;
- int result;
-
- DEBUG("\n");
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ written = do_sync_write(f, buf, count, offset);
-+#else
- written = generic_file_write(f, buf, count, offset);
-+#endif
- if (written > 0) {
- result = do_file_flush(f);
- written = result < 0 ? result: written;
-@@ -330,14 +344,23 @@
-
- struct file_operations shfs_file_operations = {
- .llseek = generic_file_llseek,
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ .read = do_sync_read,
-+ .write = do_sync_write,
-+#else
- .read = generic_file_read,
- .write = generic_file_write,
-+#endif
- .ioctl = shfs_ioctl,
- .mmap = generic_file_mmap,
- .open = shfs_file_open,
- .flush = shfs_file_flush,
- .release = shfs_file_release,
- .fsync = shfs_file_sync,
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ .aio_read = generic_file_aio_read,
-+ .aio_write = generic_file_aio_write,
-+#endif
- };
-
- struct file_operations shfs_slow_operations = {
-Index: shfs-0.35/shfs/Linux-2.6/proc.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
-+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:59.021882592 +0200
-@@ -149,7 +149,12 @@
- {
- struct file *f = info->sock;
- mm_segment_t fs;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ ssize_t result = 0;
-+ loff_t begin;
-+#else
- int c, result = 0;
-+#endif
- unsigned long flags, sigpipe;
- sigset_t old_set;
-
-@@ -161,7 +166,9 @@
- return result;
- }
-
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
- c = count;
-+#endif
-
- fs = get_fs();
- set_fs(get_ds());
-@@ -173,6 +180,16 @@
- SIGRECALC;
- SIGUNLOCK(flags);
-
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ begin = f->f_pos;
-+ result = do_sync_write(f, buffer, count, &f->f_pos);
-+
-+ if (result < 0) {
-+ DEBUG("error: %d\n", result);
-+ fput(f);
-+ info->sock = NULL;
-+ }
-+#else
- do {
- struct iovec vec[1];
-
-@@ -190,6 +207,7 @@
- buffer += result;
- c -= result;
- } while (c > 0);
-+#endif
-
- SIGLOCK(flags);
- if (result == -EPIPE && !sigpipe) {
-@@ -204,7 +222,11 @@
-
- DEBUG(">%d\n", result);
- if (result < 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ set_garbage(info, 1, count - (f->f_pos - begin));
-+#else
- set_garbage(info, 1, c);
-+#endif
- else
- result = count;
- return result;
-@@ -222,6 +244,9 @@
- int c, result = 0;
- unsigned long flags, sigpipe;
- sigset_t old_set;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ loff_t begin;
-+#endif
-
- if (!f)
- return -EIO;
-@@ -256,6 +281,20 @@
- fs = get_fs();
- set_fs(get_ds());
-
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ begin = f->f_pos;
-+ result = do_sync_read(f, buffer, c, &f->f_pos);
-+
-+ if (!result) {
-+ /* peer has closed socket */
-+ result = -EIO;
-+ }
-+ if (result < 0) {
-+ DEBUG("error: %d\n", result);
-+ fput(f);
-+ info->sock = NULL;
-+ }
-+#else
- do {
- struct iovec vec[1];
-
-@@ -277,6 +316,7 @@
- buffer += result;
- c -= result;
- } while (c > 0);
-+#endif
-
- SIGLOCK(flags);
- if (result == -EPIPE && !sigpipe) {
-@@ -291,7 +331,11 @@
-
- DEBUG("<%d\n", result);
- if (result < 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ set_garbage(info, 0, count - (f->f_pos - begin));
-+#else
- set_garbage(info, 0, c);
-+#endif
- else
- result = count;
- return result;
-@@ -316,8 +360,10 @@
- return result;
- }
- while (1) {
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
- struct iovec vec[1];
-
-+#endif
- nl = memchr(BUFFER, '\n', LEN);
- if (nl) {
- *nl = '\0';
-@@ -348,9 +394,13 @@
- fs = get_fs();
- set_fs(get_ds());
-
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ result = do_sync_read(f, BUFFER+LEN, c, &f->f_pos);
-+#else
- vec[0].iov_base = BUFFER+LEN;
- vec[0].iov_len = c;
- result = f->f_op->readv(f, (const struct iovec *)&vec, 1, &f->f_pos);
-+#endif
- SIGLOCK(flags);
- if (result == -EPIPE && !sigpipe) {
- sigdelset(¤t->pending.signal, SIGPIPE);
diff --git a/package/shfs/patches/105-space_chars.patch b/package/shfs/patches/105-space_chars.patch
deleted file mode 100644
index 03ad8328c..000000000
--- a/package/shfs/patches/105-space_chars.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-Index: shfs-0.35/shfs/Linux-2.4/shell.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:57.970042496 +0200
-+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
-@@ -213,6 +213,7 @@
- int c = 0;
- int is_space = 1;
- int device = 0;
-+ char *start = s;
-
- while (*s) {
- if (c == DIR_COLS)
-@@ -227,17 +228,20 @@
- s++;
- }
- *s = '\0';
-+ start = s+1;
- is_space = 1;
-+ } else {
-+ if (c != DIR_NAME)
-+ start = s+1;
- }
- } else {
- if (is_space) {
- /* (b)lock/(c)haracter device hack */
-- col[c++] = s;
-+ col[c++] = start;
- is_space = 0;
- if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
- device = 1;
- }
--
- }
- }
- s++;
-Index: shfs-0.35/shfs/Linux-2.6/shell.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:57.977041432 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
-@@ -225,6 +225,7 @@
- int c = 0;
- int is_space = 1;
- int device = 0;
-+ char *start = s;
-
- while (*s) {
- if (c == DIR_COLS)
-@@ -239,17 +240,20 @@
- s++;
- }
- *s = '\0';
-+ start = s+1;
- is_space = 1;
-+ } else {
-+ if (c != DIR_NAME)
-+ start = s+1;
- }
- } else {
- if (is_space) {
- /* (b)lock/(c)haracter device hack */
-- col[c++] = s;
-+ col[c++] = start;
- is_space = 0;
- if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
- device = 1;
- }
--
- }
- }
- s++;
diff --git a/package/shfs/patches/106-uidgid32.patch b/package/shfs/patches/106-uidgid32.patch
deleted file mode 100644
index 60510a28d..000000000
--- a/package/shfs/patches/106-uidgid32.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Index: shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:57.941046904 +0200
-+++ shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:59.448817688 +0200
-@@ -38,10 +38,10 @@
- struct shfs_fileops fops;
- int version;
- int ttl;
-- __kernel_uid_t uid;
-- __kernel_gid_t gid;
-- __kernel_mode_t root_mode;
-- __kernel_mode_t fmask;
-+ uid_t uid;
-+ gid_t gid;
-+ mode_t root_mode;
-+ mode_t fmask;
- char mount_point[SHFS_PATH_MAX];
- struct semaphore sock_sem; /* next 4 vars are guarded */
- struct file *sock;
-Index: shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:57.949045688 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:59.449817536 +0200
-@@ -38,10 +38,10 @@
- struct shfs_fileops fops;
- int version;
- int ttl;
-- __kernel_uid_t uid;
-- __kernel_gid_t gid;
-- __kernel_mode_t root_mode;
-- __kernel_mode_t fmask;
-+ uid_t uid;
-+ gid_t gid;
-+ mode_t root_mode;
-+ mode_t fmask;
- char mount_point[SHFS_PATH_MAX];
- struct semaphore sock_sem; /* next 4 vars are guarded */
- struct file *sock;
diff --git a/package/shfs/patches/107-df.patch b/package/shfs/patches/107-df.patch
deleted file mode 100644
index ca2c9d079..000000000
--- a/package/shfs/patches/107-df.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Index: shfs-0.35/shfs/Linux-2.4/shell.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
-+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.643788048 +0200
-@@ -961,11 +961,11 @@
-
- s = info->sockbuf;
- if ((p = strsep(&s, " ")))
-- attr->f_blocks = simple_strtoull(p, NULL, 10);
-+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
- if ((p = strsep(&s, " ")))
-- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
-+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
- if ((p = strsep(&s, " ")))
-- attr->f_bavail = simple_strtoull(p, NULL, 10);
-+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
-
- result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
- if (result < 0)
-Index: shfs-0.35/shfs/Linux-2.6/shell.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.643788048 +0200
-@@ -974,11 +974,11 @@
-
- s = info->sockbuf;
- if ((p = strsep(&s, " ")))
-- attr->f_blocks = simple_strtoull(p, NULL, 10);
-+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
- if ((p = strsep(&s, " ")))
-- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
-+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
- if ((p = strsep(&s, " ")))
-- attr->f_bavail = simple_strtoull(p, NULL, 10);
-+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
-
- result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
- if (result < 0)
diff --git a/package/shfs/patches/108-no_update_mtab.patch b/package/shfs/patches/108-no_update_mtab.patch
deleted file mode 100644
index 9b4a9aeeb..000000000
--- a/package/shfs/patches/108-no_update_mtab.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Index: shfs-0.35/shfsmount/shfsmount.c
-===================================================================
---- shfs-0.35.orig/shfsmount/shfsmount.c 2007-06-04 13:22:57.883055720 +0200
-+++ shfs-0.35/shfsmount/shfsmount.c 2007-06-04 13:22:59.838758408 +0200
-@@ -74,7 +74,7 @@
- static int have_uid = 0;
-
- /* do not update /etc/mtab */
--static int nomtab = 0;
-+static int nomtab = 1;
-
- /* preserve owner of files */
- static int preserve = 0;
-Index: shfs-0.35/shfsmount/shfsumount.c
-===================================================================
---- shfs-0.35.orig/shfsmount/shfsumount.c 2007-06-04 13:22:57.890054656 +0200
-+++ shfs-0.35/shfsmount/shfsumount.c 2007-06-04 13:22:59.838758408 +0200
-@@ -67,10 +67,6 @@
- FILE *new_mtab;
- struct mntent *ment;
-
-- if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) {
-- fprintf(stderr, "Can't get "MOUNTED"~ lock file");
-- return 0;
-- }
- close(fd);
- if ((mtab = setmntent(MOUNTED, "r")) == NULL) {
- fprintf(stderr, "Can't open " MOUNTED ": %s\n", strerror(errno));
diff --git a/package/shfs/patches/109-linux_2.6.22.patch b/package/shfs/patches/109-linux_2.6.22.patch
deleted file mode 100644
index c91e0526d..000000000
--- a/package/shfs/patches/109-linux_2.6.22.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Index: shfs-0.35/shfs/Linux-2.6/dir.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-17 04:08:32.449815896 +0200
-+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-17 04:08:41.766399560 +0200
-@@ -13,6 +13,7 @@
- #include <asm/uaccess.h>
- #include <linux/smp_lock.h>
- #include <linux/stat.h>
-+#include <linux/jiffies.h>
-
- #include "shfs_fs.h"
- #include "shfs_fs_i.h"
-Index: shfs-0.35/shfs/Linux-2.6/inode.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-17 04:09:01.961329464 +0200
-+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-17 04:13:08.501849608 +0200
-@@ -15,6 +15,9 @@
- #include <asm/uaccess.h>
- #include <linux/file.h>
- #include <linux/smp_lock.h>
-+#include <linux/jiffies.h>
-+#include <linux/sched.h>
-+#include <asm/current.h>
-
- #include "shfs_fs.h"
- #include "shfs_fs_sb.h"
diff --git a/package/strongswan/Makefile b/package/strongswan/Makefile
deleted file mode 100644
index 65a77bef5..000000000
--- a/package/strongswan/Makefile
+++ /dev/null
@@ -1,98 +0,0 @@
-#
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-# $Id$
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=strongswan
-PKG_VERSION:=2.8.2
-PKG_RELEASE:=2
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://download.strongswan.org/
-PKG_MD5SUM:=57427f5b48123851a73b10d78dd4f8d6
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/strongswan/Default
- TITLE:=strongSwan
- DEPENDS:=@LINUX_2_4
- URL:=http://www.strongswan.org/
-endef
-
-define Package/strongswan/Default/description
- strongSwan is an IPsec implementation for Linux.
-endef
-
-define Package/strongswan
-$(call Package/strongswan/Default)
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=+kmod-strongswan +libgmp @LINUX_2_4
- TITLE+= (daemon)
-endef
-
-define Package/strongswan/description
-$(call Package/strongswan/Default/description)
- This package contains the strongSwan user-land daemon.
-endef
-
-define KernelPackage/strongswan
-$(call Package/strongswan/Default)
- SUBMENU:=Network Support
- TITLE+= (kernel module)
- DEPENDS:=@LINUX_2_4
- FILES:=$(PKG_BUILD_DIR)/linux/net/ipsec/ipsec.$(LINUX_KMOD_SUFFIX)
- AUTOLOAD:=$(call AutoLoad,50,ipsec)
-endef
-
-define KernelPackage/strongswan/description
-$(call Package/strongswan/Default/description)
- This package contains the strongSwan kernel module.
-endef
-
-PKG_MAKE_OPTS:= \
- LINUX_RELEASE="$(LINUX_RELEASE)" \
- KERNELSRC="$(LINUX_DIR)" \
- ARCH="$(LINUX_KARCH)" \
- CROSS_COMPILE="$(TARGET_CROSS)" \
- USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
- IPSECDIR="/usr/lib/ipsec" \
- INC_USRLOCAL="/usr" \
-
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- $(TARGET_CONFIGURE_OPTS) \
- $(PKG_MAKE_OPTS) \
- LDFLAGS="$(TARGET_LDFLAGS)" \
- DESTDIR="$(PKG_INSTALL_DIR)" \
- programs module install
-endef
-
-define Package/strongswan/install
- $(CP) $(PKG_INSTALL_DIR)/* $(1)
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_DIR) $(1)/etc/cron.tick
- $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
- $(INSTALL_DIR) $(1)/etc/hotplug.d/button
- $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
- $(INSTALL_BIN) ./files/ipsec.cron $(1)/etc/cron.tick/ipsec-wakeup
- $(INSTALL_BIN) ./files/ipsec.iface $(1)/etc/hotplug.d/iface/65-ipsec
- $(INSTALL_BIN) ./files/ipsec.button $(1)/etc/hotplug.d/button/65-ipsec
- $(INSTALL_DATA) ./files/ipsec.config $(1)/etc/config/ipsec
- $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf
- rm -rf $(1)/usr/share
- rm -rf $(1)/usr/man
- rm -rf $(1)/var
- rm -rf $(1)/etc/rc.d
- find $(1) -name \*.old | xargs rm -rf
-endef
-
-$(eval $(call BuildPackage,strongswan))
-$(eval $(call KernelPackage,strongswan))
diff --git a/package/strongswan/files/ipsec.button b/package/strongswan/files/ipsec.button
deleted file mode 100644
index 9bd902356..000000000
--- a/package/strongswan/files/ipsec.button
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-
-# snarf the code that loads the config values
-# since we also load the functions, might as well save the shell calls
-. /etc/init.d/ipsec
-
-[ -n "$IPSEC_RESET_BUTTON" -a "$BUTTON" = "$IPSEC_RESET_BUTTON" ] || exit
-
-if [ ! -e /var/run/pluto.pid ] ; then
-
- [ "$ACTION" = "pressed" ] && start
-
-else
-
- if [ "$ACTION" = "pressed" ] ; then
-
- stop
-
- elif [ "$ACTION" = "released" ] ; then
-
- while [ -e /var/run/pluto.pid ] ; do
- sleep 1
- done
-
- while ps auxww | grep ipsec | grep -v grep ; do
- sleep 1
- done
-
- start
-
- fi
-
-fi
-
diff --git a/package/strongswan/files/ipsec.conf b/package/strongswan/files/ipsec.conf
deleted file mode 100644
index 8f5900883..000000000
--- a/package/strongswan/files/ipsec.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-
-version 2.0
-
-config setup
- interfaces=%defaultroute
- nat_traversal=yes # required on both ends
- uniqueids=yes # makes sense on client, not server
- hidetos=no
-
-conn %default
- authby=rsasig
- keyingtries=3
- keyexchange=ike
- left=%defaultroute
- leftrsasigkey=%cert
- rightrsasigkey=%cert
- dpdtimeout=30 # keepalive must arrive within
- dpddelay=5 # secs before keepalives start
- compress=no # breaks double nat installations
- pfs=yes
-
-conn sample
- leftca=%same
- leftcert=my.certificate.crt
- leftsourceip=192.168.10.1
- leftsubnet=192.168.10.0/24
- right=my.vpn.concentrator.net.
- rightca=%same
- rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
- rightsourceip=192.168.11.1
- rightsubnet=192.168.11.0/24
- dpdaction=hold
- auto=start
-
diff --git a/package/strongswan/files/ipsec.config b/package/strongswan/files/ipsec.config
deleted file mode 100644
index b4865e40b..000000000
--- a/package/strongswan/files/ipsec.config
+++ /dev/null
@@ -1,21 +0,0 @@
-
-# Configure button/light behavior here.
-config device
- option reset_button ses
- option status_start ses_orange
- option status_valid ses_white
-
-# iptables setup for traffic to/from this host
-config filter
- option rule_in input_rule
- option dest_in ACCEPT
- option rule_out output_rule
- option dest_out ACCEPT
-
-# iptables setup for traffic to/from another host
-config forward
- option rule_in forwarding_rule
- option dest_in forwarding_vpn_in
- option rule_out forwarding_rule
- option dest_out forwarding_vpn_out
-
diff --git a/package/strongswan/files/ipsec.cron b/package/strongswan/files/ipsec.cron
deleted file mode 100644
index d8c7dccfa..000000000
--- a/package/strongswan/files/ipsec.cron
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-/usr/sbin/ipsec wakeup
diff --git a/package/strongswan/files/ipsec.iface b/package/strongswan/files/ipsec.iface
deleted file mode 100644
index 0716bf79b..000000000
--- a/package/strongswan/files/ipsec.iface
+++ /dev/null
@@ -1,8 +0,0 @@
-NAME=ipsec
-CTLFILE="/var/run/pluto.ctl"
-
-[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] || exit
-
-[ -e "$CTLFILE" ] || exit
-
-/etc/init.d/ipsec update
diff --git a/package/strongswan/files/ipsec.init b/package/strongswan/files/ipsec.init
deleted file mode 100644
index 4e8b8a216..000000000
--- a/package/strongswan/files/ipsec.init
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=65
-
-config_cb() {
- local cfg="$CONFIG_SECTION"
- local cfgt
- config_get cfgt "$cfg" TYPE
-
- case "$cfgt" in
- device)
- config_get IPSEC_RESET_BUTTON $cfg reset_button
- config_get IPSEC_STATUS_LED_START $cfg status_start
- config_get IPSEC_STATUS_LED_VALID $cfg status_valid
- ;;
- filter)
- config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
- config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
- config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
- config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
- ;;
- forward)
- config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
- config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
- config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
- config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
- ;;
- *)
- ;;
- esac
-}
-
-config_load ipsec
-
-export IPSEC_RESET_BUTTON
-export IPSEC_STATUS_LED_START
-export IPSEC_STATUS_LED_VALID
-
-export IPSEC_UPDOWN_RULE_IN
-export IPSEC_UPDOWN_DEST_IN
-export IPSEC_UPDOWN_RULE_OUT
-export IPSEC_UPDOWN_DEST_OUT
-
-export IPSEC_UPDOWN_FWD_RULE_IN
-export IPSEC_UPDOWN_FWD_DEST_IN
-export IPSEC_UPDOWN_FWD_RULE_OUT
-export IPSEC_UPDOWN_FWD_DEST_OUT
-
-
-start() {
-
- [ -f /etc/ipsec.conf ] || exit
- [ -e /var/run/starter.pid ] && exit
-
- /usr/sbin/ipsec _showstatus start
-
- # stuff the dnsmasq cache in case dns is on our own subnet
- for peer in `grep left= /etc/ipsec.conf | \
- cut -f 1 -d% | cut -f 2 -d=` ; do
- ping -c 1 $peer > /dev/null 2>&1
- done
-
- /usr/sbin/ipsec start || exit
-
- # work around broken routing behavior:
- # a route to the local wan segment will appear
- # the need was removed in the patched _updown script
-
- while ! route -n | grep -q ipsec ; do sleep 1 ; done
-
- defint=`route -n | awk '/^0.0.0.0/{print $8}'`
- defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
- dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
- tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
-
- route del -net $defnet netmask $dnmask dev $tundev
-}
-
-
-stop() {
-
- /usr/sbin/ipsec stop 2> /dev/null
-
- # wait until the shutdown actually happens
- while [ -e /var/run/starter.pid ] ; do
- if [ -d /proc/`cat /var/run/starter.pid` ] ; then
- sleep 1
- else
- rm /var/run/starter.pid
- fi
- done
-
- # kill any lingering processes
- while ps auxww | grep -q ipsec | grep -v init.d; do
- kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
- sleep 1
- done
-
- ipsec _showstatus stop
-}
-
diff --git a/package/strongswan/patches/100-ar-fixes.patch b/package/strongswan/patches/100-ar-fixes.patch
deleted file mode 100644
index 2e9d7800e..000000000
--- a/package/strongswan/patches/100-ar-fixes.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-Index: strongswan-2.8.2/lib/libcrypto/libaes/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.777007680 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.873992936 +0200
-@@ -25,10 +25,8 @@
-
- $(BLIB): $(LIBOBJ)
- /bin/rm -f $(BLIB)
-- ar cr $(BLIB) $(LIBOBJ)
-- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-- else exit 0; fi; fi
-+ $(AR) cr $(BLIB) $(LIBOBJ)
-+ $(RANLIB) $(BLIB)
-
- testx: test_main_mac.o $(BLIB)
- $(CC) -o $@ $^
-Index: strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.783006768 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.873992936 +0200
-@@ -58,7 +58,7 @@
- lib: $(LIB)
-
- $(LIB): $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-+ $(AR) -r $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
-
- # elf
-Index: strongswan-2.8.2/lib/libcrypto/libserpent/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.790005704 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.873992936 +0200
-@@ -8,10 +8,8 @@
-
- $(BLIB): $(LIBOBJ)
- /bin/rm -f $(BLIB)
-- ar cr $(BLIB) $(LIBOBJ)
-- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-- else exit 0; fi; fi
-+ $(AR) cr $(BLIB) $(LIBOBJ)
-+ $(RANLIB) $(BLIB)
-
- test: test_main.o $(BLIB)
- $(CC) -o $@ $^
-Index: strongswan-2.8.2/lib/libcrypto/libsha2/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.796004792 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.874992784 +0200
-@@ -9,10 +9,8 @@
-
- $(BLIB): $(LIBOBJ)
- /bin/rm -f $(BLIB)
-- ar cr $(BLIB) $(LIBOBJ)
-- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-- else exit 0; fi; fi
-+ $(AR) cr $(BLIB) $(LIBOBJ)
-+ $(RANLIB) $(BLIB)
-
- test: test_main.o $(BLIB)
- $(CC) -o $@ $^
-Index: strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.804003576 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.874992784 +0200
-@@ -9,10 +9,8 @@
-
- $(BLIB): $(LIBOBJ)
- /bin/rm -f $(BLIB)
-- ar cr $(BLIB) $(LIBOBJ)
-- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-- else exit 0; fi; fi
-+ $(AR) cr $(BLIB) $(LIBOBJ)
-+ $(RANLIB) $(BLIB)
-
- test: test_main.o $(BLIB)
- $(CC) -o $@ $^
diff --git a/package/strongswan/patches/110-make-ipsec.patch b/package/strongswan/patches/110-make-ipsec.patch
deleted file mode 100644
index 0d2a4e6fb..000000000
--- a/package/strongswan/patches/110-make-ipsec.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-Index: strongswan-2.8.2/programs/ipsec/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/ipsec/Makefile 2007-06-04 13:23:04.756010872 +0200
-+++ strongswan-2.8.2/programs/ipsec/Makefile 2007-06-04 13:23:05.227939128 +0200
-@@ -24,5 +24,5 @@
- include ../Makefile.program
-
- install:: ipsec
-- @$(INSTALL) $(INSTBINFLAGS) ipsec $(RCDIR)/ipsec
-+ @$(INSTALL) $(INSTBINFLAGS) -D ipsec $(RCDIR)/ipsec
-
diff --git a/package/strongswan/patches/120-make-pluto.patch b/package/strongswan/patches/120-make-pluto.patch
deleted file mode 100644
index e0dd813bb..000000000
--- a/package/strongswan/patches/120-make-pluto.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: strongswan-2.8.2/programs/pluto/alg/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/pluto/alg/Makefile 2007-06-04 13:23:04.734014216 +0200
-+++ strongswan-2.8.2/programs/pluto/alg/Makefile 2007-06-04 13:23:05.416910400 +0200
-@@ -20,7 +20,7 @@
- include Config.ike_alg
-
- LIBCRYPTO:=../../../lib/libcrypto
--ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO)
-+ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO) $(USERCOMPILE)
- LIBALG := libalg.o
-
- all : $(LIBALG)
diff --git a/package/strongswan/patches/130-make-starter.patch b/package/strongswan/patches/130-make-starter.patch
deleted file mode 100644
index 93888ab6b..000000000
--- a/package/strongswan/patches/130-make-starter.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Index: strongswan-2.8.2/programs/starter/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/starter/Makefile 2007-06-04 13:23:04.711017712 +0200
-+++ strongswan-2.8.2/programs/starter/Makefile 2007-06-04 13:23:06.227787128 +0200
-@@ -16,7 +16,6 @@
- FREESWANSRCDIR?=$(shell cd ../..; pwd)
- include ${FREESWANSRCDIR}/Makefile.inc
-
--LD=$(CC)
- RM=rm
- LEX=flex
- BISON=bison
-@@ -59,7 +58,7 @@
- all: starter
-
- starter: $(OBJS) $(FREESWANLIB)
-- $(LD) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
-+ $(CC) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
-
- lex.yy.c: parser.tab.c parser.l parser.y parser.h
- $(LEX) parser.l
diff --git a/package/strongswan/patches/200-wakeup-showstatus.patch b/package/strongswan/patches/200-wakeup-showstatus.patch
deleted file mode 100644
index 731f83c2e..000000000
--- a/package/strongswan/patches/200-wakeup-showstatus.patch
+++ /dev/null
@@ -1,234 +0,0 @@
-Index: strongswan-2.8.2/programs/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:04.661025312 +0200
-+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
-@@ -22,7 +22,7 @@
- SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
- SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
- SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
--SUBDIRS+=ikeping examples openac scepclient
-+SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
-
- ifeq ($(USE_LWRES),true)
- SUBDIRS+=lwdnsq
-Index: strongswan-2.8.2/programs/_showstatus/Makefile
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/_showstatus/Makefile 2007-06-04 13:23:06.414758704 +0200
-@@ -0,0 +1,22 @@
-+# Makefile for miscelaneous programs
-+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
-+
-+FREESWANSRCDIR=../..
-+include ${FREESWANSRCDIR}/Makefile.inc
-+
-+PROGRAM=_showstatus
-+PROGRAMDIR=${LIBDIR}
-+
-+include ../Makefile.program
-Index: strongswan-2.8.2/programs/_showstatus/_showstatus.8
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/_showstatus/_showstatus.8 2007-06-04 13:23:06.414758704 +0200
-@@ -0,0 +1,23 @@
-+.TH _showstatus 8 "03 Feb 2007"
-+.\"
-+.\" RCSID $Id: _showstatus.8
-+.\"
-+.SH NAME
-+ipsec _showstatus \- give state feedback via led or other method
-+.SH SYNOPSIS
-+.I _showstatus
-+is invoked by _updown to trigger led's, or other distribution
-+or platform specific behavior. Presently, the SES button is
-+supported as a status light on OpenWRT platforms. The button
-+is configurable by environment variable:
-+-B IPSEC_STATUS_LED_START
-+defaults to ses_orange, and
-+-B IPSEC_STATUS_LED_VALID
-+defaults to ses_white.
-+.SH "SEE ALSO"
-+ipsec(8), ipsec_updown(8).
-+.SH HISTORY
-+Man page written for the Linux strongSwan project <http://www.strongswan.org/>
-+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
-+Original program written by Henry Spencer. Extended for the Linux strongSwan
-+project <http://www.strongswan.org/> by Andreas Steffen.
-Index: strongswan-2.8.2/programs/_showstatus/_showstatus.in
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/_showstatus/_showstatus.in 2007-06-04 13:23:06.414758704 +0200
-@@ -0,0 +1,70 @@
-+#! /bin/sh
-+#
-+# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: _showstatus.in
-+
-+
-+LED_START=$IPSEC_STATUS_LED_START
-+LED_VALID=$IPSEC_STATUS_LED_VALID
-+
-+[ -z "$LED_START" ] && LED_START="ses_orange"
-+[ -z "$LED_VALID" ] && LED_VALID="ses_white"
-+
-+
-+setled() {
-+ led=$1
-+ st=$2
-+
-+ [ -n "$led" -a -n "$st" ] || return
-+
-+ if [ -w "/proc/diag/led/$led" ] ; then
-+ echo "$st" > "/proc/diag/led/$led"
-+ fi
-+
-+ # integrate other led control methods here
-+
-+}
-+
-+
-+case "$1" in
-+ 'start')
-+ [ -n "$LED_VALID" ] && setled "$LED_START" 1
-+ [ -z "$LED_VALID" ] && setled "$LED_START" f
-+ setled "$LED_VALID" 0
-+ ;;
-+ 'stop')
-+ setled "$LED_START" 0
-+ setled "$LED_VALID" 0
-+ ;;
-+ 'valid')
-+ setled "$LED_VALID" 1
-+ ;;
-+ 'invalid')
-+ setled "$LED_VALID" 0
-+ ;;
-+ 'up')
-+ [ -n "$LED_VALID" ] && setled "$LED_START" 0
-+ [ -z "$LED_VALID" ] && setled "$LED_START" 1
-+ setled "$LED_VALID" 1
-+ ;;
-+ 'down')
-+ [ -n "$LED_VALID" ] && setled "$LED_START" 1
-+ [ -z "$LED_VALID" ] && setled "$LED_START" f
-+ setled "$LED_VALID" f
-+ ;;
-+ *)
-+ echo "$0: unknown status $status" >&2
-+ ;;
-+esac
-+
-Index: strongswan-2.8.2/programs/wakeup/Makefile
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/wakeup/Makefile 2007-06-04 13:23:06.415758552 +0200
-@@ -0,0 +1,22 @@
-+# Makefile for miscelaneous programs
-+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
-+
-+FREESWANSRCDIR=../..
-+include ${FREESWANSRCDIR}/Makefile.inc
-+
-+PROGRAM=wakeup
-+PROGRAMDIR=${LIBDIR}
-+
-+include ../Makefile.program
-Index: strongswan-2.8.2/programs/wakeup/wakeup.8
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/wakeup/wakeup.8 2007-06-04 13:23:06.415758552 +0200
-@@ -0,0 +1,16 @@
-+.TH wakeup 8 "03 Feb 2007"
-+.\"
-+.\" RCSID $Id: wakeup.8
-+.\"
-+.SH NAME
-+ipsec wakeup \- stalled and down connection detection
-+.SH SYNOPSIS
-+.I wakeup
-+is invoked by cron and checks ipsec status, whacking as necessary.
-+.SH "SEE ALSO"
-+ipsec(8), ipsec_whack(8).
-+.SH HISTORY
-+Man page written for the Linux strongSwan project <http://www.strongswan.org/>
-+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
-+Original program written by Henry Spencer. Extended for the Linux strongSwan
-+project <http://www.strongswan.org/> by Andreas Steffen.
-Index: strongswan-2.8.2/programs/wakeup/wakeup.in
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/wakeup/wakeup.in 2007-06-04 13:23:06.415758552 +0200
-@@ -0,0 +1,38 @@
-+#! /bin/sh
-+# wakeup script
-+#
-+# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+
-+# only applicable when ipsec is running
-+[ -e /var/run/pluto.pid ] || exit
-+
-+# loop through any erouted tunnels in the HOLD state
-+for f in `ipsec status | awk '/erouted HOLD/{ print $2 }' | cut -f1 -d\: | cut -f2 -d\"` ; do
-+
-+ # only whack if no pending events at all exists
-+ ipsec status | grep STATE | grep -q $f ||
-+ ipsec whack --name $f --initiate --asynchronous
-+
-+done
-+
-+# loop through any tunnels that don't quite exist
-+for f in `ipsec status | awk '/prospective erouted/{ print $2 }' | cut -f1 -d: | grep -v \# | cut -f2 -d\"` ; do
-+
-+ ipsec status | grep STATE_QUICK | grep -q $f || {
-+ ipsec status | grep STATE_MAIN | grep -q $f && ipsec down $f
-+ ipsec up $f
-+ }
-+
-+done
-+
diff --git a/package/strongswan/patches/210-updown.patch b/package/strongswan/patches/210-updown.patch
deleted file mode 100644
index d54662531..000000000
--- a/package/strongswan/patches/210-updown.patch
+++ /dev/null
@@ -1,662 +0,0 @@
-Index: strongswan-2.8.2/programs/_updown/_updown.8
-===================================================================
---- strongswan-2.8.2.orig/programs/_updown/_updown.8 2007-06-04 13:23:04.632029720 +0200
-+++ strongswan-2.8.2/programs/_updown/_updown.8 2007-06-04 13:23:06.656721920 +0200
-@@ -8,8 +8,23 @@
- .I _updown
- is invoked by pluto when it has brought up a new connection. This script
- is used to insert the appropriate routing entries for IPsec operation.
--It can also be used to insert and delete dynamic iptables firewall rules.
--The interface to the script is documented in the pluto man page.
-+It also inserts and deletes dynamic iptables firewall rules. IMPORTANT!
-+By default, it will ACCEPT as appropriate on the INPUT, OUTPUT, FORWARD
-+tables. Most distributions will want to change that to provide more
-+flexibility in their firewall configuration.
-+The script looks for the environment variables
-+.B IPSEC_UPDOWN_RULE_IN
-+for the iptables table it should insert into,
-+.B IPSEC_UPDOWN_DEST_IN
-+for where the rule should -j jump to,
-+.B IPSEC_UPDOWN_RULE_OUT
-+.B IPSEC_UPDOWN_DEST_OUT
-+for the same on outgoing packets, and
-+.B IPSEC_UPDOWN_FWD_RULE_IN
-+.B IPSEC_UPDOWN_FWD_DEST_IN
-+.B IPSEC_UPDOWN_FWD_RULE_OUT
-+.B IPSEC_UPDOWN_FWD_DEST_OUT
-+respectively for packets being forwarded to/from the local networks.
- .SH "SEE ALSO"
- ipsec(8), ipsec_pluto(8).
- .SH HISTORY
-Index: strongswan-2.8.2/programs/_updown/_updown.in
-===================================================================
---- strongswan-2.8.2.orig/programs/_updown/_updown.in 2007-06-04 13:23:04.642028200 +0200
-+++ strongswan-2.8.2/programs/_updown/_updown.in 2007-06-04 13:23:06.657721768 +0200
-@@ -5,6 +5,7 @@
- # Copyright (C) 2003-2004 Tuomo Soini
- # Copyright (C) 2002-2004 Michael Richardson
- # Copyright (C) 2005-2006 Andreas Steffen <andreas.steffen@strongswan.org>
-+# Copyright (C) 2007 Kevin Cody Jr <kcody@vegaresearch.com>
- #
- # This program is free software; you can redistribute it and/or modify it
- # under the terms of the GNU General Public License as published by the
-@@ -118,20 +119,61 @@
- # restricted on the peer side.
- #
-
--# uncomment to log VPN connections
--VPN_LOGGING=1
--#
-+# set to /bin/true to silence log messages
-+LOGGER=logger
-+
- # tag put in front of each log entry:
- TAG=vpn
--#
-+
- # syslog facility and priority used:
--FAC_PRIO=local0.notice
--#
--# to create a special vpn logging file, put the following line into
--# the syslog configuration file /etc/syslog.conf:
--#
--# local0.notice -/var/log/vpn
--#
-+FAC_PRIO=authpriv.info
-+
-+
-+# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
-+if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] ; then
-+ IPSEC_POLICY_IN=""
-+ IPSEC_POLICY_OUT=""
-+else
-+ IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
-+ IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
-+ IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
-+fi
-+
-+# are there port numbers?
-+if [ "$PLUTO_MY_PORT" != 0 ] ; then
-+ S_MY_PORT="--sport $PLUTO_MY_PORT"
-+ D_MY_PORT="--dport $PLUTO_MY_PORT"
-+fi
-+
-+if [ "$PLUTO_PEER_PORT" != 0 ] ; then
-+ S_PEER_PORT="--sport $PLUTO_PEER_PORT"
-+ D_PEER_PORT="--dport $PLUTO_PEER_PORT"
-+fi
-+
-+# import firewall behavior
-+IPT_RULE_IN=$IPSEC_UPDOWN_RULE_IN
-+IPT_DEST_IN=$IPSEC_UPDOWN_DEST_IN
-+IPT_RULE_OUT=$IPSEC_UPDOWN_RULE_OUT
-+IPT_DEST_OUT=$IPSEC_UPDOWN_DEST_OUT
-+
-+# import forwarding behavior
-+FWD_RULE_IN=$IPSEC_UPDOWN_FWD_RULE_IN
-+FWD_DEST_IN=$IPSEC_UPDOWN_FWD_DEST_IN
-+FWD_RULE_OUT=$IPSEC_UPDOWN_FWD_RULE_OUT
-+FWD_DEST_OUT=$IPSEC_UPDOWN_FWD_DEST_OUT
-+
-+# default firewall behavior
-+[ -z "$IPT_RULE_IN" ] && IPT_RULE_IN=INPUT
-+[ -z "$IPT_DEST_IN" ] && IPT_DEST_IN=ACCEPT
-+[ -z "$IPT_RULE_OUT" ] && IPT_RULE_OUT=OUTPUT
-+[ -z "$IPT_DEST_OUT" ] && IPT_DEST_OUT=ACCEPT
-+
-+# default forwarding behavior
-+[ -z "$FWD_RULE_IN" ] && FWD_RULE_IN=FORWARD
-+[ -z "$FWD_DEST_IN" ] && FWD_DEST_IN=ACCEPT
-+[ -z "$FWD_RULE_OUT" ] && FWD_RULE_OUT=FORWARD
-+[ -z "$FWD_DEST_OUT" ] && FWD_DEST_OUT=ACCEPT
-+
-
- # check interface version
- case "$PLUTO_VERSION" in
-@@ -150,8 +192,6 @@
- case "$1:$*" in
- ':') # no parameters
- ;;
--iptables:iptables) # due to (left/right)firewall; for default script only
-- ;;
- custom:*) # custom parameters (see above CAUTION comment)
- ;;
- *) echo "$0: unknown parameters \`$*'" >&2
-@@ -159,345 +199,307 @@
- ;;
- esac
-
-+
- # utility functions for route manipulation
- # Meddling with this stuff should not be necessary and requires great care.
-+
- uproute() {
- doroute add
- ip route flush cache
- }
-+
- downroute() {
- doroute delete
- ip route flush cache
- }
-
-+upfirewall() {
-+ in_rule=$1
-+ in_dest=$2
-+ out_rule=$3
-+ out_dest=$4
-+
-+ [ -n "$in_rule" -a -n "$in_dest" ] && \
-+ iptables -I $in_rule 1 \
-+ -i $PLUTO_INTERFACE \
-+ -p $PLUTO_MY_PROTOCOL \
-+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-+ -d $PLUTO_MY_CLIENT $D_MY_PORT \
-+ $IPSEC_POLICY_IN \
-+ -j $in_dest
-+
-+ [ -n "$out_rule" -a -n "$out_dest" ] && \
-+ iptables -I $out_rule 1 \
-+ -o $PLUTO_INTERFACE \
-+ -p $PLUTO_PEER_PROTOCOL \
-+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
-+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
-+ $IPSEC_POLICY_OUT \
-+ -j $out_dest
-+
-+}
-+
-+downfirewall() {
-+ in_rule=$1
-+ in_dest=$2
-+ out_rule=$3
-+ out_dest=$4
-+
-+ [ -n "$in_rule" -a -n "$in_dest" ] && \
-+ iptables -D $in_rule \
-+ -i $PLUTO_INTERFACE \
-+ -p $PLUTO_MY_PROTOCOL \
-+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-+ -d $PLUTO_MY_CLIENT $D_MY_PORT \
-+ $IPSEC_POLICY_IN \
-+ -j $in_dest
-+
-+ [ -n "$out_rule" -a -n "$out_dest" ] && \
-+ iptables -D $out_rule \
-+ -o $PLUTO_INTERFACE \
-+ -p $PLUTO_PEER_PROTOCOL \
-+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
-+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
-+ $IPSEC_POLICY_OUT \
-+ -j $out_dest
-+
-+}
-+
- addsource() {
- st=0
-- if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
-- then
-+
-+ if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local ; then
-+
- it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE"
- oops="`eval $it 2>&1`"
- st=$?
-- if test " $oops" = " " -a " $st" != " 0"
-- then
-+
-+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
- oops="silent error, exit status $st"
- fi
-- if test " $oops" != " " -o " $st" != " 0"
-- then
-+
-+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
- echo "$0: addsource \`$it' failed ($oops)" >&2
- fi
- fi
-+
- return $st
- }
-
- doroute() {
- st=0
- parms="$PLUTO_PEER_CLIENT"
-+ parms2="dev $PLUTO_INTERFACE"
-
-- parms2=
-- if [ -n "$PLUTO_NEXT_HOP" ]
-- then
-- parms2="via $PLUTO_NEXT_HOP"
-- fi
-- parms2="$parms2 dev $PLUTO_INTERFACE"
--
-- if [ -z "$PLUTO_MY_SOURCEIP" ]
-- then
-- if [ -f /etc/sysconfig/defaultsource ]
-- then
-- . /etc/sysconfig/defaultsource
-- fi
-+ if [ -z "$PLUTO_MY_SOURCEIP" ] ; then
-
-- if [ -f /etc/conf.d/defaultsource ]
-- then
-- . /etc/conf.d/defaultsource
-- fi
-+ [ -f /etc/sysconfig/defaultsource ] && \
-+ . /etc/sysconfig/defaultsource
-+
-+ [ -f /etc/conf.d/defaultsource ] && \
-+ . /etc/conf.d/defaultsource
-+
-+ [ -n "$DEFAULTSOURCE" ] && \
-+ PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
-
-- if [ -n "$DEFAULTSOURCE" ]
-- then
-- PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
-- fi
- fi
-
- parms3=
-- if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
-- then
-+ if [ "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" ] ; then
- addsource
- parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
- fi
-
-- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-- "0.0.0.0/0.0.0.0")
-+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
-+ "0.0.0.0/0.0.0.0" ] ; then
- # opportunistic encryption work around
- # need to provide route that eclipses default, without
- # replacing it.
-- it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
-- ip route $1 128.0.0.0/1 $parms2 $parms3"
-- ;;
-- *) it="ip route $1 $parms $parms2 $parms3"
-- ;;
-- esac
-+ it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
-+ ip route $1 128.0.0.0/1 $parms2 $parms3"
-+ else
-+ it="ip route $1 $parms $parms2 $parms3"
-+ fi
-+
- oops="`eval $it 2>&1`"
- st=$?
-- if test " $oops" = " " -a " $st" != " 0"
-- then
-- oops="silent error, exit status $st"
-- fi
-- if test " $oops" != " " -o " $st" != " 0"
-- then
-- echo "$0: doroute \`$it' failed ($oops)" >&2
-+
-+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
-+ oops="silent error, exit status $st"
- fi
-+
-+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
-+ echo "$0: doroute \`$it' failed ($oops)" >&2
-+ fi
-+
- return $st
- }
--
--# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
--if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ]
--then
-- IPSEC_POLICY_IN=""
-- IPSEC_POLICY_OUT=""
--else
-- IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
-- IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
-- IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
--fi
-
--# are there port numbers?
--if [ "$PLUTO_MY_PORT" != 0 ]
--then
-- S_MY_PORT="--sport $PLUTO_MY_PORT"
-- D_MY_PORT="--dport $PLUTO_MY_PORT"
--fi
--if [ "$PLUTO_PEER_PORT" != 0 ]
--then
-- S_PEER_PORT="--sport $PLUTO_PEER_PORT"
-- D_PEER_PORT="--dport $PLUTO_PEER_PORT"
--fi
-+dologentry() {
-+ action=$1
-+
-+ if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] ; then
-+ rem="$PLUTO_PEER"
-+ else
-+ rem="$PLUTO_PEER_CLIENT == $PLUTO_PEER"
-+ fi
-+
-+ if [ "$PLUTO_MY_CLIENT" == "$PLUTO_ME/32" ] ; then
-+ loc="$PLUTO_ME"
-+ else
-+ loc="$PLUTO_ME == $PLUTO_MY_CLIENT"
-+ fi
-+
-+ $LOGGER -t $TAG -p $FAC_PRIO "$action $rem -- $loc ($PLUTO_PEER_ID)"
-+}
-+
-
- # the big choice
-+
- case "$PLUTO_VERB:$1" in
- prepare-host:*|prepare-client:*)
- # delete possibly-existing route (preliminary to adding a route)
-- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-- "0.0.0.0/0.0.0.0")
-- # need to provide route that eclipses default, without
-+
-+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
-+ "0.0.0.0/0.0.0.0" ] ; then
-+ # need to remove the route that eclipses default, without
- # replacing it.
-- parms1="0.0.0.0/1"
-- parms2="128.0.0.0/1"
-- it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1"
-- oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`"
-- ;;
-- *)
-- parms="$PLUTO_PEER_CLIENT"
-- it="ip route delete $parms 2>&1"
-- oops="`ip route delete $parms 2>&1`"
-- ;;
-- esac
-- status="$?"
-- if test " $oops" = " " -a " $status" != " 0"
-- then
-- oops="silent error, exit status $status"
-+ it="( ip route delete 0.0.0.0/1 ;
-+ ip route delete 128.0.0.0/1 )"
-+ else
-+ it="ip route delete $PLUTO_PEER_CLIENT"
-+ fi
-+
-+ oops="`$it 2>&1`"
-+ st="$?"
-+
-+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
-+ oops="silent error, exit status $st"
- fi
-+
- case "$oops" in
- *'RTNETLINK answers: No such process'*)
- # This is what route (currently -- not documented!) gives
- # for "could not find such a route".
- oops=
-- status=0
-+ st=0
- ;;
- esac
-- if test " $oops" != " " -o " $status" != " 0"
-- then
-+
-+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
- echo "$0: \`$it' failed ($oops)" >&2
- fi
-- exit $status
-+
-+ exit $st
-+
- ;;
- route-host:*|route-client:*)
- # connection to me or my client subnet being routed
-+
-+ ipsec _showstatus valid
- uproute
-+
- ;;
- unroute-host:*|unroute-client:*)
- # connection to me or my client subnet being unrouted
-+
-+ ipsec _showstatus invalid
- downroute
-+
- ;;
--up-host:)
-+up-host:*)
- # connection to me coming up
-- # If you are doing a custom version, firewall commands go here.
-+
-+ ipsec _showstatus up
-+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
-+ dologentry "VPN-UP"
-+
- ;;
--down-host:)
-+down-host:*)
- # connection to me going down
-- # If you are doing a custom version, firewall commands go here.
-- ;;
--up-client:)
-- # connection to my client subnet coming up
-- # If you are doing a custom version, firewall commands go here.
-- ;;
--down-client:)
-- # connection to my client subnet going down
-- # If you are doing a custom version, firewall commands go here.
-+
-+ ipsec _showstatus down
-+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
-+ dologentry "VPN-DN"
-+
- ;;
--up-host:iptables)
-- # connection to me, with (left/right)firewall=yes, coming up
-- # This is used only by the default updown script, not by your custom
-- # ones, so do not mess with it; see CAUTION comment up at top.
-- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
-- #
-- # log IPsec host connection setup
-- if [ $VPN_LOGGING ]
-- then
-- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
-- then
-- logger -t $TAG -p $FAC_PRIO \
-- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
-- else
-- logger -t $TAG -p $FAC_PRIO \
-- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
-- fi
-- fi
-- ;;
--down-host:iptables)
-- # connection to me, with (left/right)firewall=yes, going down
-- # This is used only by the default updown script, not by your custom
-- # ones, so do not mess with it; see CAUTION comment up at top.
-- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
-- #
-- # log IPsec host connection teardown
-- if [ $VPN_LOGGING ]
-- then
-- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
-- then
-- logger -t $TAG -p $FAC_PRIO -- \
-- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
-- else
-- logger -t $TAG -p $FAC_PRIO -- \
-- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
-- fi
-- fi
-- ;;
--up-client:iptables)
-- # connection to client subnet, with (left/right)firewall=yes, coming up
-- # This is used only by the default updown script, not by your custom
-- # ones, so do not mess with it; see CAUTION comment up at top.
-- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
-- then
-- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
-- $IPSEC_POLICY_OUT -j ACCEPT
-- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
-- $IPSEC_POLICY_IN -j ACCEPT
-+up-client:*)
-+ # connection to client subnet coming up
-+
-+ ipsec _showstatus up
-+
-+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
-+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
-+ upfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
- fi
-- #
-+
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
-- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
-- then
-- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
-- $IPSEC_POLICY_IN -j ACCEPT
-- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
-- $IPSEC_POLICY_OUT -j ACCEPT
-- fi
-- #
-- # log IPsec client connection setup
-- if [ $VPN_LOGGING ]
-- then
-- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
-- then
-- logger -t $TAG -p $FAC_PRIO \
-- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-- else
-- logger -t $TAG -p $FAC_PRIO \
-- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-- fi
-- fi
-- ;;
--down-client:iptables)
-- # connection to client subnet, with (left/right)firewall=yes, going down
-- # This is used only by the default updown script, not by your custom
-- # ones, so do not mess with it; see CAUTION comment up at top.
-- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
-- then
-- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
-- $IPSEC_POLICY_OUT -j ACCEPT
-- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
-- $IPSEC_POLICY_IN -j ACCEPT
-+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
-+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
-+ fi
-+
-+ dologentry "VPN-UP"
-+
-+ ;;
-+down-client:*)
-+ # connection to client subnet going down
-+
-+ ipsec _showstatus down
-+
-+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
-+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
-+ downfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
- fi
-- #
-+
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
-- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
-- then
-- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
-- $IPSEC_POLICY_IN -j ACCEPT
-- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
-- $IPSEC_POLICY_OUT -j ACCEPT
-- fi
-- #
-- # log IPsec client connection teardown
-- if [ $VPN_LOGGING ]
-- then
-- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
-- then
-- logger -t $TAG -p $FAC_PRIO -- \
-- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-- else
-- logger -t $TAG -p $FAC_PRIO -- \
-- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-- fi
-+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
-+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
- fi
-+
-+ dologentry "VPN-DN"
-+
- ;;
--#
--# IPv6
--#
- prepare-host-v6:*|prepare-client-v6:*)
-+
- ;;
- route-host-v6:*|route-client-v6:*)
- # connection to me or my client subnet being routed
-+
- #uproute_v6
-+
- ;;
- unroute-host-v6:*|unroute-client-v6:*)
- # connection to me or my client subnet being unrouted
-+
- #downroute_v6
-+
- ;;
- up-host-v6:*)
- # connection to me coming up
- # If you are doing a custom version, firewall commands go here.
-+
- ;;
- down-host-v6:*)
- # connection to me going down
- # If you are doing a custom version, firewall commands go here.
-+
- ;;
- up-client-v6:)
- # connection to my client subnet coming up
- # If you are doing a custom version, firewall commands go here.
-+
- ;;
- down-client-v6:)
- # connection to my client subnet going down
- # If you are doing a custom version, firewall commands go here.
-+
- ;;
--*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
-+*)
-+ echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
- exit 1
-+
- ;;
- esac
-+
diff --git a/package/strongswan/patches/300-openwrt.patch b/package/strongswan/patches/300-openwrt.patch
deleted file mode 100644
index e249a8d61..000000000
--- a/package/strongswan/patches/300-openwrt.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Index: strongswan-2.8.2/Makefile.inc
-===================================================================
---- strongswan-2.8.2.orig/Makefile.inc 2007-06-04 13:23:04.604033976 +0200
-+++ strongswan-2.8.2/Makefile.inc 2007-06-04 13:23:06.855691672 +0200
-@@ -123,7 +123,7 @@
- # With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the
- # INC_RCDIRS directories has been pre-created under DESTDIR.
- INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d
--INC_RCDEFAULT=/etc/rc.d/init.d
-+INC_RCDEFAULT=/etc/init.d
-
- # RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think
- # will finally be (so utils/Makefile can create a symlink in BINDIR to the
-Index: strongswan-2.8.2/programs/showhostkey/showhostkey.in
-===================================================================
---- strongswan-2.8.2.orig/programs/showhostkey/showhostkey.in 2007-06-04 13:23:04.612032760 +0200
-+++ strongswan-2.8.2/programs/showhostkey/showhostkey.in 2007-06-04 13:23:06.855691672 +0200
-@@ -62,7 +62,7 @@
- exit 1
- fi
-
--host="`hostname --fqdn`"
-+host="`cat /proc/sys/kernel/hostname`"
-
- awk ' BEGIN {
- inkey = 0
diff --git a/package/strongswan/patches/310-make-ipsec-alg.patch b/package/strongswan/patches/310-make-ipsec-alg.patch
deleted file mode 100644
index d5fad3d3e..000000000
--- a/package/strongswan/patches/310-make-ipsec-alg.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Index: strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi
-===================================================================
---- strongswan-2.8.2.orig/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:04.583037168 +0200
-+++ strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:07.053661576 +0200
-@@ -1,10 +1,10 @@
- MOD_CRYPTOAPI := ipsec_cryptoapi.o
-
- ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),)
--ALG_MODULES += $(MOD_CRYPTOAPI)
--obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
--static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
--alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
-+#ALG_MODULES += $(MOD_CRYPTOAPI)
-+#obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
-+#static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
-+#alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
- else
- $(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o")
- endif
diff --git a/package/strongswan/patches/320-no-modprobe.patch b/package/strongswan/patches/320-no-modprobe.patch
deleted file mode 100644
index d8c3648ba..000000000
--- a/package/strongswan/patches/320-no-modprobe.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-Index: strongswan-2.8.2/programs/starter/klips.c
-===================================================================
---- strongswan-2.8.2.orig/programs/starter/klips.c 2007-06-04 13:23:04.544043096 +0200
-+++ strongswan-2.8.2/programs/starter/klips.c 2007-06-04 13:23:07.238633456 +0200
-@@ -44,7 +44,7 @@
- unsetenv("MODPATH");
- unsetenv("MODULECONF");
- system("depmod -a >/dev/null 2>&1");
-- system("modprobe -qv ipsec");
-+ system("insmod -qv ipsec");
- }
- if (stat(PROC_IPSECVERSION, &stb) == 0)
- {
-@@ -62,11 +62,11 @@
- /* make sure that all available crypto algorithms are loaded */
- if (stat(PROC_MODULES, &stb) == 0)
- {
-- system("modprobe -qv ipsec_aes");
-- system("modprobe -qv ipsec_serpent");
-- system("modprobe -qv ipsec_twofish");
-- system("modprobe -qv ipsec_blowfish");
-- system("modprobe -qv ipsec_sha2");
-+ system("insmod -qv ipsec_aes");
-+ system("insmod -qv ipsec_serpent");
-+ system("insmod -qv ipsec_twofish");
-+ system("insmod -qv ipsec_blowfish");
-+ system("insmod -qv ipsec_sha2");
- }
-
- starter_klips_clear();
-Index: strongswan-2.8.2/programs/starter/netkey.c
-===================================================================
---- strongswan-2.8.2.orig/programs/starter/netkey.c 2007-06-04 13:23:04.551042032 +0200
-+++ strongswan-2.8.2/programs/starter/netkey.c 2007-06-04 13:23:07.238633456 +0200
-@@ -36,7 +36,7 @@
- /* af_key module makes the netkey proc interface visible */
- if (stat(PROC_MODULES, &stb) == 0)
- {
-- system("modprobe -qv af_key");
-+ system("insmod -qv af_key");
- }
-
- /* now test again */
-@@ -52,11 +52,11 @@
- /* make sure that all required IPsec modules are loaded */
- if (stat(PROC_MODULES, &stb) == 0)
- {
-- system("modprobe -qv ah4");
-- system("modprobe -qv esp4");
-- system("modprobe -qv ipcomp");
-- system("modprobe -qv xfrm4_tunnel");
-- system("modprobe -qv xfrm_user");
-+ system("insmod -qv ah4");
-+ system("insmod -qv esp4");
-+ system("insmod -qv ipcomp");
-+ system("insmod -qv xfrm4_tunnel");
-+ system("insmod -qv xfrm_user");
- }
-
- DBG(DBG_CONTROL,
-Index: strongswan-2.8.2/programs/_startklips/_startklips.in
-===================================================================
---- strongswan-2.8.2.orig/programs/_startklips/_startklips.in 2007-06-04 13:23:04.560040664 +0200
-+++ strongswan-2.8.2/programs/_startklips/_startklips.in 2007-06-04 13:23:07.238633456 +0200
-@@ -249,7 +249,7 @@
-
- if test ! -f $ipsecversion && test ! -f $netkey
- then
-- modprobe -v af_key
-+ insmod -v af_key
- fi
-
- if test -f $netkey
-@@ -257,11 +257,11 @@
- klips=false
- if test -f $modules
- then
-- modprobe -qv ah4
-- modprobe -qv esp4
-- modprobe -qv ipcomp
-- modprobe -qv xfrm4_tunnel
-- modprobe -qv xfrm_user
-+ insmod -qv ah4
-+ insmod -qv esp4
-+ insmod -qv ipcomp
-+ insmod -qv xfrm4_tunnel
-+ insmod -qv xfrm_user
- fi
- fi
-
-@@ -272,7 +272,7 @@
- setmodule
- unset MODPATH MODULECONF # no user overrides!
- depmod -a >/dev/null 2>&1
-- modprobe -v ipsec
-+ insmod -v ipsec
- fi
- if test ! -f $ipsecversion
- then
-@@ -288,7 +288,7 @@
- do
- if test -f $moduleinstplace/alg/ipsec_$alg.o
- then
-- modprobe ipsec_$alg
-+ insmod ipsec_$alg
- fi
- done
- fi
diff --git a/package/strongswan/patches/350-make-programs.patch b/package/strongswan/patches/350-make-programs.patch
deleted file mode 100644
index aba957754..000000000
--- a/package/strongswan/patches/350-make-programs.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Index: strongswan-2.8.2/programs/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
-+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:07.444602144 +0200
-@@ -17,12 +17,10 @@
- FREESWANSRCDIR=..
- include ${FREESWANSRCDIR}/Makefile.inc
-
--SUBDIRS=spi eroute spigrp tncfg klipsdebug pf_key proc pluto
--SUBDIRS+=_confread _copyright _include _keycensor _plutoload _plutorun
--SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
--SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
--SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
--SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
-+SUBDIRS=_copyright _updown _showstatus wakeup examples
-+SUBDIRS+=barf calcgoo eroute ikeping klipsdebug look mailkey manual
-+SUBDIRS+=openac pf_key pluto proc ranbits rsasigkey scepclient secrets
-+SUBDIRS+=showdefaults showhostkey spi spigrp starter tncfg ipsec
-
- ifeq ($(USE_LWRES),true)
- SUBDIRS+=lwdnsq
--
2.20.1