--- ipsec-tools-0.7.1.orig/configure
+++ ipsec-tools-0.7.1/configure
@@ -1071,6 +1071,12 @@
| --ht=*)
htmldir=$ac_optarg ;;
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
-includedir | --includedir | --includedi | --included | --include \
| --includ | --inclu | --incl | --inc)
ac_prev=includedir ;;
@@ -1179,6 +1185,16 @@
-psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
psdir=$ac_optarg ;;
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
@@ -1882,6 +1898,7 @@
. "$ac_site_file"
fi
done
+IFS=$as_save_IFS
if test -r "$cache_file"; then
# Some versions of bash will fail to source /dev/null (special
@@ -4594,11 +4611,6 @@
{ (exit 1); exit 1; }; }
fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5
@@ -5119,6 +5131,7 @@
fi
done
done
+IFS=$as_save_IFS
fi
@@ -6052,6 +6065,7 @@
test -n "$ac_ct_CXX" && break
done
+IFS=$as_save_IFS
if test "x$ac_ct_CXX" = x; then
CXX="g++"
@@ -10052,6 +10066,11 @@
hardcode_into_libs=yes
;;
+interix3*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+ ;;
+
irix5* | irix6* | nonstopux*)
case $host_os in
nonstopux*) version_type=nonstopux ;;
@@ -14967,6 +14986,11 @@
# Instead, we relocate shared libraries at runtime.
;;
+ interix3*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
msdosdjgpp*)
# Just because we use GCC doesn't mean we suddenly get shared libraries
# on systems that don't support them.
@@ -15025,6 +15049,16 @@
# built for inclusion in a dll (and should export symbols for example).
lt_prog_compiler_pic_F77='-DDLL_EXPORT'
;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic='-qnocommon'
+ lt_prog_compiler_wl='-Wl,'
+ ;;
+ esac
+ ;;
hpux9* | hpux10* | hpux11*)
lt_prog_compiler_wl_F77='-Wl,'
@@ -15142,6 +15176,17 @@
lt_prog_compiler_can_build_shared_F77=no
;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_can_build_shared=no
+ ;;
+
uts4*)
lt_prog_compiler_pic_F77='-pic'
lt_prog_compiler_static_F77='-Bstatic'
@@ -15399,6 +15444,10 @@
# we just hope/assume this is gcc and not c89 (= MSVC++)
with_gnu_ld=yes
;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
openbsd*)
with_gnu_ld=no
;;
@@ -15430,6 +15479,27 @@
*) supports_anon_versioning=yes ;;
esac
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
# See if GNU ld supports shared libraries.
case $host_os in
aix[3-9]*)
@@ -15612,6 +15682,33 @@
esac
;;
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+
sunos4*)
archive_cmds_F77='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
wlarc=
@@ -16664,6 +16761,18 @@
hardcode_into_libs=yes
;;
+interix3*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
irix5* | irix6* | nonstopux*)
case $host_os in
nonstopux*) version_type=nonstopux ;;
@@ -16914,6 +17023,29 @@
sys_lib_dlsearch_path_spec='/usr/lib'
;;
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ shlibpath_overrides_runpath=no
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ shlibpath_overrides_runpath=yes
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
uts4*)
version_type=linux
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -20242,6 +20374,9 @@
# LTCC compiler flags.
LTCFLAGS=$lt_LTCFLAGS
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
# A language-specific compiler.
CC=$lt_compiler_RC
--- ipsec-tools-0.7.1.orig/config.guess
+++ ipsec-tools-0.7.1/config.guess
@@ -1,10 +1,10 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
-# Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012 Free Software Foundation, Inc.
-timestamp='2008-01-23'
+timestamp='2012-02-10'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -17,9 +17,7 @@
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-# 02110-1301, USA.
+# along with this program; if not, see .
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -27,16 +25,16 @@
# the same distribution terms that you use for the rest of that program.
-# Originally written by Per Bothner .
-# Please send patches to . Submit a context
-# diff and a properly formatted ChangeLog entry.
+# Originally written by Per Bothner. Please send patches (context
+# diff format) to and include a ChangeLog
+# entry.
#
# This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1.
#
-# The plan is that this can be called by configure scripts if you
-# don't specify an explicit build system type.
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
me=`echo "$0" | sed -e 's,.*/,,'`
@@ -56,8 +54,9 @@
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
-2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
+Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -144,7 +143,7 @@
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
# switched to ELF, *-*-netbsd* would select the old
# object file format. This provides both forward
@@ -170,7 +169,7 @@
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
- | grep __ELF__ >/dev/null
+ | grep -q __ELF__
then
# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
# Return netbsd for either. FIX?
@@ -180,7 +179,7 @@
fi
;;
*)
- os=netbsd
+ os=netbsd
;;
esac
# The OS release
@@ -223,7 +222,7 @@
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
;;
*5.*)
- UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
;;
esac
# According to Compaq, /usr/sbin/psrinfo has been available on
@@ -269,7 +268,10 @@
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- exit ;;
+ # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+ exitcode=$?
+ trap '' 0
+ exit $exitcode ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
@@ -295,7 +297,7 @@
echo s390-ibm-zvmoe
exit ;;
*:OS400:*:*)
- echo powerpc-ibm-os400
+ echo powerpc-ibm-os400
exit ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
@@ -324,14 +326,33 @@
case `/usr/bin/uname -p` in
sparc) echo sparc-icl-nx7; exit ;;
esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+ echo i386-pc-auroraux${UNAME_RELEASE}
+ exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
- echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
@@ -375,23 +396,23 @@
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
+ echo m68k-atari-mint${UNAME_RELEASE}
exit ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
- exit ;;
+ exit ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
+ echo m68k-atari-mint${UNAME_RELEASE}
exit ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- echo m68k-milan-mint${UNAME_RELEASE}
- exit ;;
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- echo m68k-hades-mint${UNAME_RELEASE}
- exit ;;
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- echo m68k-unknown-mint${UNAME_RELEASE}
- exit ;;
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
m68k:machten:*:*)
echo m68k-apple-machten${UNAME_RELEASE}
exit ;;
@@ -461,8 +482,8 @@
echo m88k-motorola-sysv3
exit ;;
AViiON:dgux:*:*)
- # DG/UX returns AViiON for all architectures
- UNAME_PROCESSOR=`/usr/bin/uname -p`
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
@@ -475,7 +496,7 @@
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
- exit ;;
+ exit ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit ;;
@@ -532,7 +553,7 @@
echo rs6000-ibm-aix3.2
fi
exit ;;
- *:AIX:*:[456])
+ *:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
@@ -575,52 +596,52 @@
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
- sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
- case "${sc_cpu_version}" in
- 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
- 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
- 532) # CPU_PA_RISC2_0
- case "${sc_kernel_bits}" in
- 32) HP_ARCH="hppa2.0n" ;;
- 64) HP_ARCH="hppa2.0w" ;;
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
- esac ;;
- esac
+ esac ;;
+ esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
+ sed 's/^ //' << EOF >$dummy.c
- #define _HPUX_SOURCE
- #include
- #include
-
- int main ()
- {
- #if defined(_SC_KERNEL_BITS)
- long bits = sysconf(_SC_KERNEL_BITS);
- #endif
- long cpu = sysconf (_SC_CPU_VERSION);
-
- switch (cpu)
- {
- case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
- case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
- case CPU_PA_RISC2_0:
- #if defined(_SC_KERNEL_BITS)
- switch (bits)
- {
- case 64: puts ("hppa2.0w"); break;
- case 32: puts ("hppa2.0n"); break;
- default: puts ("hppa2.0"); break;
- } break;
- #else /* !defined(_SC_KERNEL_BITS) */
- puts ("hppa2.0"); break;
- #endif
- default: puts ("hppa1.0"); break;
- }
- exit (0);
- }
+ #define _HPUX_SOURCE
+ #include
+ #include
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
@@ -640,7 +661,7 @@
# => hppa64-hp-hpux11.23
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
- grep __LP64__ >/dev/null
+ grep -q __LP64__
then
HP_ARCH="hppa2.0w"
else
@@ -711,22 +732,22 @@
exit ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
- exit ;;
+ exit ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
- exit ;;
+ exit ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
- exit ;;
+ exit ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
- exit ;;
+ exit ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
- exit ;;
+ exit ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
@@ -750,14 +771,14 @@
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit ;;
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
5000:UNIX_System_V:4.*:*)
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
- echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
@@ -769,13 +790,12 @@
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit ;;
*:FreeBSD:*:*)
- case ${UNAME_MACHINE} in
- pc98)
- echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ case ${UNAME_PROCESSOR} in
amd64)
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
*)
- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
esac
exit ;;
i*:CYGWIN*:*)
@@ -784,19 +804,22 @@
*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit ;;
+ i*:MSYS*:*)
+ echo ${UNAME_MACHINE}-pc-msys
+ exit ;;
i*:windows32*:*)
- # uname -m includes "-pc" on this system.
- echo ${UNAME_MACHINE}-mingw32
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
exit ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit ;;
- *:Interix*:[3456]*)
- case ${UNAME_MACHINE} in
+ *:Interix*:*)
+ case ${UNAME_MACHINE} in
x86)
echo i586-pc-interix${UNAME_RELEASE}
exit ;;
- EM64T | authenticamd)
+ authenticamd | genuineintel | EM64T)
echo x86_64-unknown-interix${UNAME_RELEASE}
exit ;;
IA64)
@@ -806,6 +829,9 @@
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
@@ -835,6 +861,27 @@
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit ;;
+ aarch64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ aarch64_be:Linux:*:*)
+ UNAME_MACHINE=aarch64_be
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
arm*:Linux:*:*)
eval $set_cc_for_build
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
@@ -842,20 +889,40 @@
then
echo ${UNAME_MACHINE}-unknown-linux-gnu
else
- echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
+ fi
fi
exit ;;
avr32*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
cris:Linux:*:*)
- echo cris-axis-linux-gnu
+ echo ${UNAME_MACHINE}-axis-linux-gnu
exit ;;
crisv32:Linux:*:*)
- echo crisv32-axis-linux-gnu
+ echo ${UNAME_MACHINE}-axis-linux-gnu
exit ;;
frv:Linux:*:*)
- echo frv-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ hexagon:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ LIBC=gnu
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
exit ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
@@ -866,74 +933,33 @@
m68*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
- mips:Linux:*:*)
+ mips:Linux:*:* | mips64:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
- #undef mips
- #undef mipsel
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mipsel
+ CPU=${UNAME_MACHINE}el
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips
+ CPU=${UNAME_MACHINE}
#else
CPU=
#endif
#endif
EOF
- eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
- /^CPU/{
- s: ::g
- p
- }'`"
- test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
- ;;
- mips64:Linux:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #undef CPU
- #undef mips64
- #undef mips64el
- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mips64el
- #else
- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips64
- #else
- CPU=
- #endif
- #endif
-EOF
- eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
- /^CPU/{
- s: ::g
- p
- }'`"
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
;;
or32:Linux:*:*)
- echo or32-unknown-linux-gnu
- exit ;;
- ppc:Linux:*:*)
- echo powerpc-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
- ppc64:Linux:*:*)
- echo powerpc64-unknown-linux-gnu
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
exit ;;
- alpha:Linux:*:*)
- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
- EV5) UNAME_MACHINE=alphaev5 ;;
- EV56) UNAME_MACHINE=alphaev56 ;;
- PCA56) UNAME_MACHINE=alphapca56 ;;
- PCA57) UNAME_MACHINE=alphapca56 ;;
- EV6) UNAME_MACHINE=alphaev6 ;;
- EV67) UNAME_MACHINE=alphaev67 ;;
- EV68*) UNAME_MACHINE=alphaev68 ;;
- esac
- objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
- if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
- echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
@@ -943,14 +969,17 @@
*) echo hppa-unknown-linux-gnu ;;
esac
exit ;;
- parisc64:Linux:*:* | hppa64:Linux:*:*)
- echo hppa64-unknown-linux-gnu
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
exit ;;
sh64*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
@@ -958,78 +987,18 @@
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
+ tile*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
vax:Linux:*:*)
echo ${UNAME_MACHINE}-dec-linux-gnu
exit ;;
x86_64:Linux:*:*)
- echo x86_64-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
xtensa*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
- i*86:Linux:*:*)
- # The BFD linker knows what the default object file format is, so
- # first see if it will tell us. cd to the root directory to prevent
- # problems with other programs or directories called `ld' in the path.
- # Set LC_ALL=C to ensure ld outputs messages in English.
- ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
- | sed -ne '/supported targets:/!d
- s/[ ][ ]*/ /g
- s/.*supported targets: *//
- s/ .*//
- p'`
- case "$ld_supported_targets" in
- elf32-i386)
- TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
- ;;
- a.out-i386-linux)
- echo "${UNAME_MACHINE}-pc-linux-gnuaout"
- exit ;;
- coff-i386)
- echo "${UNAME_MACHINE}-pc-linux-gnucoff"
- exit ;;
- "")
- # Either a pre-BFD a.out linker (linux-gnuoldld) or
- # one that does not give us useful --help.
- echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
- exit ;;
- esac
- # Determine whether the default compiler is a.out or elf
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #include
- #ifdef __ELF__
- # ifdef __GLIBC__
- # if __GLIBC__ >= 2
- LIBC=gnu
- # else
- LIBC=gnulibc1
- # endif
- # else
- LIBC=gnulibc1
- # endif
- #else
- #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
- LIBC=gnu
- #else
- LIBC=gnuaout
- #endif
- #endif
- #ifdef __dietlibc__
- LIBC=dietlibc
- #endif
-EOF
- eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
- /^LIBC/{
- s: ::g
- p
- }'`"
- test x"${LIBC}" != x && {
- echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
- exit
- }
- test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
- ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# earlier versions are messed up and put the nodename in both
@@ -1037,11 +1006,11 @@
echo i386-sequent-sysv4
exit ;;
i*86:UNIX_SV:4.2MP:2.*)
- # Unixware is an offshoot of SVR4, but it has its own version
- # number series starting with 2...
- # I am not positive that other SVR4 systems won't match this,
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
- # Use sysv4.2uw... so that sysv4* matches it.
+ # Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
exit ;;
i*86:OS/2:*:*)
@@ -1058,7 +1027,7 @@
i*86:syllable:*:*)
echo ${UNAME_MACHINE}-pc-syllable
exit ;;
- i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
exit ;;
i*86:*DOS:*:*)
@@ -1073,7 +1042,7 @@
fi
exit ;;
i*86:*:5:[678]*)
- # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
case `/bin/uname -X | grep "^Machine"` in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;
@@ -1101,10 +1070,13 @@
exit ;;
pc:*:*:*)
# Left here for compatibility:
- # uname -m prints for DJGPP always 'pc', but it prints nothing about
- # the processor, so we play safe by assuming i386.
- echo i386-pc-msdosdjgpp
- exit ;;
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
+ exit ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit ;;
@@ -1139,8 +1111,18 @@
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && { echo i486-ncr-sysv4; exit; } ;;
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit ;;
@@ -1153,7 +1135,7 @@
rs6000:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
exit ;;
- PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
echo powerpc-unknown-lynxos${UNAME_RELEASE}
exit ;;
SM[BE]S:UNIX_SV:*:*)
@@ -1173,10 +1155,10 @@
echo ns32k-sni-sysv
fi
exit ;;
- PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
- # says
- echo i586-unisys-sysv4
- exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says
+ echo i586-unisys-sysv4
+ exit ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes .
# How about differentiating between stratus architectures? -djm
@@ -1202,11 +1184,11 @@
exit ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
- echo mips-nec-sysv${UNAME_RELEASE}
+ echo mips-nec-sysv${UNAME_RELEASE}
else
- echo mips-unknown-sysv${UNAME_RELEASE}
+ echo mips-unknown-sysv${UNAME_RELEASE}
fi
- exit ;;
+ exit ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
exit ;;
@@ -1216,6 +1198,9 @@
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit ;;
@@ -1243,6 +1228,16 @@
*:Darwin:*:*)
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
case $UNAME_PROCESSOR in
+ i386)
+ eval $set_cc_for_build
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ UNAME_PROCESSOR="x86_64"
+ fi
+ fi ;;
unknown) UNAME_PROCESSOR=powerpc ;;
esac
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
@@ -1258,6 +1253,9 @@
*:QNX:*:4*)
echo i386-pc-qnx
exit ;;
+ NEO-?:NONSTOP_KERNEL:*:*)
+ echo neo-tandem-nsk${UNAME_RELEASE}
+ exit ;;
NSE-?:NONSTOP_KERNEL:*:*)
echo nse-tandem-nsk${UNAME_RELEASE}
exit ;;
@@ -1303,13 +1301,13 @@
echo pdp10-unknown-its
exit ;;
SEI:*:*:SEIUX)
- echo mips-sei-seiux${UNAME_RELEASE}
+ echo mips-sei-seiux${UNAME_RELEASE}
exit ;;
*:DragonFly:*:*)
echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
exit ;;
*:*VMS:*:*)
- UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
case "${UNAME_MACHINE}" in
A*) echo alpha-dec-vms ; exit ;;
I*) echo ia64-dec-vms ; exit ;;
@@ -1324,6 +1322,12 @@
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
+ x86_64:VMkernel:*:*)
+ echo ${UNAME_MACHINE}-unknown-esx
+ exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
@@ -1346,11 +1350,11 @@
#include
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
- "4"
+ "4"
#else
- ""
+ ""
#endif
- ); exit (0);
+ ); exit (0);
#endif
#endif
--- ipsec-tools-0.7.1.orig/config.sub
+++ ipsec-tools-0.7.1/config.sub
@@ -1,10 +1,10 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
-# Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012 Free Software Foundation, Inc.
-timestamp='2008-01-16'
+timestamp='2012-02-10'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -21,9 +21,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-# 02110-1301, USA.
+# along with this program; if not, see .
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -32,13 +30,16 @@
# Please send patches to . Submit a context
-# diff and a properly formatted ChangeLog entry.
+# diff and a properly formatted GNU ChangeLog entry.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
# If it is invalid, we print an error message on stderr and exit with code 1.
# Otherwise, we print the canonical config type on stdout and succeed.
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
# that are meaningful with *any* GNU software.
@@ -72,8 +73,9 @@
version="\
GNU config.sub ($timestamp)
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
-2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
+Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -120,12 +122,18 @@
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
- nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
- uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+ linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
+ android-linux)
+ os=-linux-android
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
+ ;;
*)
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
if [ $basic_machine != $1 ]
@@ -148,10 +156,13 @@
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis | -knuth | -cray)
+ -apple | -axis | -knuth | -cray | -microblaze)
os=
basic_machine=$1
;;
+ -bluegene*)
+ os=-cnk
+ ;;
-sim | -cisco | -oki | -wec | -winbond)
os=
basic_machine=$1
@@ -166,10 +177,10 @@
os=-chorusos
basic_machine=$1
;;
- -chorusrdb)
- os=-chorusrdb
+ -chorusrdb)
+ os=-chorusrdb
basic_machine=$1
- ;;
+ ;;
-hiux*)
os=-hiuxwe2
;;
@@ -238,24 +249,32 @@
# Some are omitted here because they have special meanings below.
1750a | 580 \
| a29k \
+ | aarch64 | aarch64_be \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | be32 | be64 \
| bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
+ | epiphany \
| fido | fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | hexagon \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
+ | le32 | le64 \
+ | lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
- | maxq | mb | microblaze | mcore | mep \
+ | maxq | mb | microblaze | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
- | mips64vr | mips64vrel \
+ | mips64octeon | mips64octeonel \
| mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
@@ -268,29 +287,42 @@
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
+ | moxie \
| mt \
| msp430 \
+ | nds32 | nds32le | nds32be \
| nios | nios2 \
| ns16k | ns32k \
+ | open8 \
| or32 \
| pdp10 | pdp11 | pj | pjl \
- | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
+ | rl78 | rx \
| score \
- | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
- | spu | strongarm \
- | tahoe | thumb | tic4x | tic80 | tron \
- | v850 | v850e \
+ | spu \
+ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| we32k \
- | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
- | z8k)
+ | x86 | xc16x | xstormy16 | xtensa \
+ | z8k | z80)
basic_machine=$basic_machine-unknown
;;
- m6811 | m68hc11 | m6812 | m68hc12)
- # Motorola 68HC11/12.
+ c54x)
+ basic_machine=tic54x-unknown
+ ;;
+ c55x)
+ basic_machine=tic55x-unknown
+ ;;
+ c6x)
+ basic_machine=tic6x-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
basic_machine=$basic_machine-unknown
os=-none
;;
@@ -300,6 +332,21 @@
basic_machine=mt-unknown
;;
+ strongarm | thumb | xscale)
+ basic_machine=arm-unknown
+ ;;
+ xgate)
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ xscaleeb)
+ basic_machine=armeb-unknown
+ ;;
+
+ xscaleel)
+ basic_machine=armel-unknown
+ ;;
+
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
# (2) the word "unknown" tends to confuse beginning users.
@@ -314,29 +361,36 @@
# Recognize the basic CPU types with company name.
580-* \
| a29k-* \
+ | aarch64-* | aarch64_be-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
+ | be32-* | be64-* \
| bfin-* | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* \
| clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | hexagon-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
+ | le32-* | le64-* \
+ | lm32-* \
| m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | maxq-* | mcore-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
- | mips64vr-* | mips64vrel-* \
+ | mips64octeon-* | mips64octeonel-* \
| mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
@@ -351,27 +405,32 @@
| mmix-* \
| mt-* \
| msp430-* \
+ | nds32-* | nds32le-* | nds32be-* \
| nios-* | nios2-* \
| none-* | np1-* | ns16k-* | ns32k-* \
+ | open8-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
- | romp-* | rs6000-* \
- | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | rl78-* | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
- | tahoe-* | thumb-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tile*-* \
| tron-* \
- | v850-* | v850e-* | vax-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
+ | vax-* \
| we32k-* \
- | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \
| ymp-* \
- | z8k-*)
+ | z8k-* | z80-*)
;;
# Recognize the basic CPU types without company name, with glob match.
xtensa*)
@@ -393,7 +452,7 @@
basic_machine=a29k-amd
os=-udi
;;
- abacus)
+ abacus)
basic_machine=abacus-unknown
;;
adobe68k)
@@ -439,6 +498,10 @@
basic_machine=m68k-apollo
os=-bsd
;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
aux)
basic_machine=m68k-apple
os=-aux
@@ -455,10 +518,27 @@
basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
os=-linux
;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c54x-*)
+ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c55x-*)
+ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c6x-*)
+ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
c90)
basic_machine=c90-cray
os=-unicos
;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
convex-c1)
basic_machine=c1-convex
os=-bsd
@@ -487,7 +567,7 @@
basic_machine=craynv-cray
os=-unicosmp
;;
- cr16)
+ cr16 | cr16-*)
basic_machine=cr16-unknown
os=-elf
;;
@@ -526,6 +606,10 @@
basic_machine=m88k-motorola
os=-sysv3
;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
djgpp)
basic_machine=i586-pc
os=-msdosdjgpp
@@ -641,7 +725,6 @@
i370-ibm* | ibm*)
basic_machine=i370-ibm
;;
-# I'm not sure what "Sysv32" means. Should this be sysv3.2?
i*86v32)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv32
@@ -699,6 +782,9 @@
basic_machine=ns32k-utek
os=-sysv
;;
+ microblaze)
+ basic_machine=microblaze-xilinx
+ ;;
mingw32)
basic_machine=i386-pc
os=-mingw32
@@ -735,10 +821,18 @@
ms1-*)
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
;;
+ msys)
+ basic_machine=i386-pc
+ os=-msys
+ ;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
+ nacl)
+ basic_machine=le32-unknown
+ os=-nacl
+ ;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
@@ -803,6 +897,12 @@
np1)
basic_machine=np1-gould
;;
+ neo-tandem)
+ basic_machine=neo-tandem
+ ;;
+ nse-tandem)
+ basic_machine=nse-tandem
+ ;;
nsr-tandem)
basic_machine=nsr-tandem
;;
@@ -885,9 +985,10 @@
;;
power) basic_machine=power-ibm
;;
- ppc) basic_machine=powerpc-unknown
+ ppc | ppcbe) basic_machine=powerpc-unknown
;;
- ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ppc-* | ppcbe-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
@@ -981,6 +1082,9 @@
basic_machine=i860-stratus
os=-sysv4
;;
+ strongarm-* | thumb-*)
+ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
sun2)
basic_machine=m68000-sun
;;
@@ -1037,20 +1141,8 @@
basic_machine=t90-cray
os=-unicos
;;
- tic54x | c54x*)
- basic_machine=tic54x-unknown
- os=-coff
- ;;
- tic55x | c55x*)
- basic_machine=tic55x-unknown
- os=-coff
- ;;
- tic6x | c6x*)
- basic_machine=tic6x-unknown
- os=-coff
- ;;
tile*)
- basic_machine=tile-unknown
+ basic_machine=$basic_machine-unknown
os=-linux-gnu
;;
tx39)
@@ -1120,6 +1212,9 @@
xps | xps100)
basic_machine=xps100-honeywell
;;
+ xscale-* | xscalee[bl]-*)
+ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ;;
ymp)
basic_machine=ymp-cray
os=-unicos
@@ -1128,6 +1223,10 @@
basic_machine=z8k-unknown
os=-sim
;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
none)
basic_machine=none-none
os=-none
@@ -1166,7 +1265,7 @@
we32k)
basic_machine=we32k-att
;;
- sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
@@ -1213,9 +1312,12 @@
if [ x"$os" != x"" ]
then
case $os in
- # First match some system type aliases
- # that might get confused with valid system types.
+ # First match some system type aliases
+ # that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
+ -auroraux)
+ os=-auroraux
+ ;;
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
;;
@@ -1236,10 +1338,11 @@
# Each alternative MUST END IN A *, to match a version number.
# -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
- | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+ | -sym* | -kopensolaris* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* \
+ | -aos* | -aros* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
@@ -1248,9 +1351,10 @@
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
- | -chorusos* | -chorusrdb* \
- | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
+ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -linux-android* \
+ | -linux-newlib* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
@@ -1258,7 +1362,7 @@
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
- | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@@ -1297,7 +1401,7 @@
-opened*)
os=-openedition
;;
- -os400*)
+ -os400*)
os=-os400
;;
-wince*)
@@ -1346,7 +1450,7 @@
-sinix*)
os=-sysv4
;;
- -tpf*)
+ -tpf*)
os=-tpf
;;
-triton*)
@@ -1388,6 +1492,11 @@
-zvmoe)
os=-zvmoe
;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -nacl*)
+ ;;
-none)
;;
*)
@@ -1410,10 +1519,10 @@
# system, and we'll never get to this point.
case $basic_machine in
- score-*)
+ score-*)
os=-elf
;;
- spu-*)
+ spu-*)
os=-elf
;;
*-acorn)
@@ -1425,8 +1534,17 @@
arm*-semi)
os=-aout
;;
- c4x-* | tic4x-*)
- os=-coff
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ tic54x-*)
+ os=-coff
+ ;;
+ tic55x-*)
+ os=-coff
+ ;;
+ tic6x-*)
+ os=-coff
;;
# This must come before the *-dec entry.
pdp10-*)
@@ -1446,14 +1564,11 @@
;;
m68000-sun)
os=-sunos3
- # This also exists in the configure program, but was not the
- # default.
- # os=-sunos4
;;
m68*-cisco)
os=-aout
;;
- mep-*)
+ mep-*)
os=-elf
;;
mips*-cisco)
@@ -1480,7 +1595,7 @@
*-ibm)
os=-aix
;;
- *-knuth)
+ *-knuth)
os=-mmixware
;;
*-wec)
@@ -1585,7 +1700,7 @@
-sunos*)
vendor=sun
;;
- -aix*)
+ -cnk*|-aix*)
vendor=ibm
;;
-beos*)
--- ipsec-tools-0.7.1.orig/debian/ipsec-tools.conf
+++ ipsec-tools-0.7.1/debian/ipsec-tools.conf
@@ -0,0 +1,20 @@
+#!/usr/sbin/setkey -f
+
+# NOTE: Do not use this file if you use racoon with racoon-tool
+# utility. racoon-tool will setup SAs and SPDs automatically using
+# /etc/racoon/racoon-tool.conf configuration.
+#
+
+## Flush the SAD and SPD
+#
+# flush;
+# spdflush;
+
+## Some sample SPDs for use racoon
+#
+# spdadd 10.10.100.1 10.10.100.2 any -P out ipsec
+# esp/transport//require;
+#
+# spdadd 10.10.100.2 10.10.100.1 any -P in ipsec
+# esp/transport//require;
+#
--- ipsec-tools-0.7.1.orig/debian/racoon.postrm
+++ ipsec-tools-0.7.1/debian/racoon.postrm
@@ -0,0 +1,30 @@
+#! /bin/sh
+# postrm script for ipsec-tools
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * `remove'
+# * `purge'
+# * `upgrade'
+# * `failed-upgrade'
+# * `abort-install'
+# * `abort-install'
+# * `abort-upgrade'
+# * `disappear' overwrit>r>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+if [ "$1" = purge ]; then
+ rm -f /etc/default/racoon
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- ipsec-tools-0.7.1.orig/debian/ipsec-tools.setkey.init
+++ ipsec-tools-0.7.1/debian/ipsec-tools.setkey.init
@@ -0,0 +1,61 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: setkey
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Default-Start: S
+# Default-Stop:
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+SETKEY=/usr/sbin/setkey
+SETKEY_CONF=/etc/ipsec-tools.conf
+NAME=setkey
+
+test -x $SETKEY -a -f $SETKEY_CONF || exit 0
+
+RUN_SETKEY="yes"
+if [ -f /etc/default/setkey ] ; then
+ . /etc/default/setkey
+fi
+
+if [ $RUN_SETKEY != "yes" ] ; then
+ exit 0
+fi
+
+set -e
+
+. /lib/lsb/init-functions
+
+case "$1" in
+ start)
+ log_begin_msg "Loading IPsec SA/SP database from $SETKEY_CONF: "
+ if $SETKEY -f $SETKEY_CONF; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+ stop)
+ log_begin_msg "Flushing IPsec SA/SP database: "
+ if $SETKEY -F -FP; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+ restart|force-reload)
+ echo -n "Reloading IPsec SA/SP database: "
+ $SETKEY -F
+ $SETKEY -FP
+ $SETKEY -f $SETKEY_CONF
+ echo "done."
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ log_success_msg "Usage: $N {start|stop|restart|force-reload}"
+ exit 1
+ ;;
+esac
+
+exit 0
--- ipsec-tools-0.7.1.orig/debian/ipsec-tools.postinst
+++ ipsec-tools-0.7.1/debian/ipsec-tools.postinst
@@ -0,0 +1,43 @@
+#! /bin/sh
+# postinst script for ipsec-tools
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * `configure'
+# * `abort-upgrade'
+# * `abort-remove' `in-favour'
+#
+# * `abort-deconfigure' `in-favour'
+# `removing'
+#
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure)
+ if [ -L /etc/rc2.d/S20setkey -o -L /etc/rc0.d/K37setkey ]; then
+ # remove this old entry, we'll add correct one below
+ update-rc.d -f setkey remove > /dev/null || exit 0
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ exit 0
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+
+#DEBHELPER#
+
+exit 0
+
+
--- ipsec-tools-0.7.1.orig/debian/racoon.postinst
+++ ipsec-tools-0.7.1/debian/racoon.postinst
@@ -0,0 +1,102 @@
+#! /bin/sh
+# postinst script for racoon
+#
+# see: dh_installdeb(1)
+
+set -e
+
+update_param() {
+ eval old=\"'$'$1\"
+ eval new=\"'$'new_$1\"
+
+ if test "$old" = "$new"; then
+ return
+ fi
+
+ if test -z "$old"; then
+ grep -Eq "^ *$1=" "$INITCONFFILE" || echo "$1=" \
+ >> "$INITCONFFILE"
+ fi
+
+ sed -e "s/^ *$1=.*/$1=\"$new\"/" < $INITCONFFILE > $INITCONFFILE.$$
+ mv -f $INITCONFFILE.$$ $INITCONFFILE
+}
+
+# summary of how this script can be called:
+# * `configure'
+# * `abort-upgrade'
+# * `abort-remove' `in-favour'
+#
+# * `abort-deconfigure' `in-favour'
+# `removing'
+#
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure)
+ if [ -L /etc/rc2.d/S20racoon ]; then
+ # remove this old entry, we'll add correct one below
+ update-rc.d -f racoon remove > /dev/null || exit 0
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ exit 0
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# Handle debconf
+. /usr/share/debconf/confmodule
+
+INITCONFFILE=/etc/default/racoon
+
+# We generate several files during the postinst, and we don't want
+# them to be readable only by root.
+umask 022
+
+# Generate configuration file if it does not exist, using default values.
+[ -r "${INITCONFFILE}" ] || {
+ echo Generating ${INITCONFFILE}... >&2
+ cat >${INITCONFFILE} <<'EOFMAGICNUMBER1234'
+# Defaults for racoon initscript
+# sourced by /etc/init.d/racoon
+# installed at /etc/default/racoon by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Which configuration mode shall we use for racoon?
+# Should be either "direct" (edit racoon.conf by hand)
+# or "racoon-tool" (use this tool to do it).
+# Unknown values are treated as if "direct" was given.
+CONFIG_MODE=""
+# Arguments to pass to racoon (ignored when config mode is racoon-tool)
+RACOON_ARGS=""
+EOFMAGICNUMBER1234
+}
+
+# ------------------------- Debconf questions start ---------------------
+
+db_get racoon/config_mode || true
+new_CONFIG_MODE="${RET}"
+update_param CONFIG_MODE
+db_stop
+
+# ------------------------- Debconf questions end ---------------------
+
+# Fix psk.txt permissions
+[ -f /etc/racoon/psk.txt ] && chmod 0600 /etc/racoon/psk.txt
+
+#DEBHELPER#
+
+exit 0
+
+
--- ipsec-tools-0.7.1.orig/debian/watch
+++ ipsec-tools-0.7.1/debian/watch
@@ -0,0 +1,6 @@
+# Example watch control file for uscan
+# Rename this file to "watch" and then you can run the "uscan" command
+# to check for upstream updates and more.
+# URL Version Script
+version=3
+http://sf.net/ipsec-tools/ipsec-tools-([0-9.]+)\.tar\.gz debian uupdate
--- ipsec-tools-0.7.1.orig/debian/racoon.init
+++ ipsec-tools-0.7.1/debian/racoon.init
@@ -0,0 +1,101 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: racoon
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Default-Start: S
+# Default-Stop: 1
+### END INIT INFO
+#
+# netscript script to fire up netscript network configuration system
+#
+# Written by Miquel van Smoorenburg .
+# Modified for Debian GNU/Linux
+# by Ian Murdock .
+# Modified from /etc/init.d/skeleton
+# by Matthew Grant
+#
+
+set -e
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+TOOL=/usr/sbin/racoon-tool
+DAEMON=/usr/sbin/racoon
+NAME=racoon
+DESC="racoon"
+DEF_CFG="/etc/default/racoon"
+PID_FILE="/var/run/racoon.pid"
+PROC_FILE="/proc/net/pfkey"
+
+test -f $TOOL || exit 0
+test -f $DAEMON || exit 0
+
+CONFIG_MODE="direct"
+RACOON_ARGS=""
+
+[ -f "$DEF_CFG" ] && . $DEF_CFG
+
+if [ ! -d /var/run/racoon ]; then
+ mkdir -p /var/run/racoon
+fi
+
+check_kernel () {
+ local MOD_DIR=/lib/modules/`uname -r`
+ local FOUT
+
+ [ -f "$PROC_FILE" ] && return 0
+ [ ! -d "$MOD_DIR" ] && return 1
+ FOUT=`find $MOD_DIR -name "*af_key*"`
+ [ -z "$FOUT" ] && return 1
+ return 0
+}
+
+if ! check_kernel ; then
+ echo "racoon - IKE keying daemon will not be started as $PROC_FILE is not" 1>&2
+ echo " available or a suitable 2.6 (or 2.4 with IPSEC backport)" 1>&2
+ echo " kernel with af_key.[k]o module is not installed." 1>&2
+ exit 0
+fi
+
+case $CONFIG_MODE in
+ racoon-tool)
+ # /usr/sbin/racoon-tool command complies with Debian Policy so just do this:
+ # NB the following makes lintian happy
+ case "$1" in
+ start|stop|reload|force-reload|restart)
+ $TOOL $*
+ ;;
+ *)
+ $TOOL $*
+ ;;
+ esac
+ ;;
+ *)
+ case "$1" in
+ start)
+ echo -n "Starting IKE (ISAKMP/Oakley) server: racoon"
+ start-stop-daemon --start --quiet --exec /usr/sbin/racoon -- ${RACOON_ARGS}
+ echo "."
+ ;;
+
+ stop)
+ echo -n "Stopping IKE (ISAKMP/Oakley) server: racoon"
+ start-stop-daemon --stop --retry 25 --quiet --oknodo \
+ --pidfile $PID_FILE --name racoon
+ rm -f $PID_FILE /var/run/racoon/racoon.sock
+ echo "."
+ ;;
+
+ reload|force-reload|restart)
+ $0 stop
+ $0 start
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|reload|force-reload|restart}" >&2
+ exit 1
+ esac
+ ;;
+esac
+
+exit 0
--- ipsec-tools-0.7.1.orig/debian/racoon.dirs
+++ ipsec-tools-0.7.1/debian/racoon.dirs
@@ -0,0 +1,3 @@
+usr/sbin
+usr/lib
+
--- ipsec-tools-0.7.1.orig/debian/racoon-tool.pl
+++ ipsec-tools-0.7.1/debian/racoon-tool.pl
@@ -0,0 +1,2469 @@
+#!/usr/bin/perl -w
+#
+# Script for configuring linux 2.6.x IPSEC
+#
+# Copyright 2004 Matthew Grant, Catalyst IT Ltd, GPL2
+#
+
+# Loads and unloads all modules needed for IPSEC
+
+# Writes configuration files for racoon
+
+# Administers SPD in kernel using setkey program
+
+# Basically imitates Free S/WAN without all the kludgy garbage...
+
+# We are only dealing with IP addresses
+use integer;
+
+sub mod_ls ();
+sub mod_load ($);
+sub mod_unload ($);
+sub usage ();
+sub mod_start();
+sub mod_stop();
+sub sad_flush();
+sub spd_flush();
+sub parse_config();
+sub ipsec_start();
+sub ipsec_stop();
+sub ipsec_load();
+sub spd_show();
+sub sad_show();
+sub parse_spd(\@\%);
+sub conn_dump_list();
+sub peer_dump_list();
+sub global_dump_list();
+sub spd_dump_list(\@\%);
+sub prog_warn($$;$);
+sub prog_die($;$);
+sub match_spd_connection(\@\%);
+sub conn_down_handle($);
+sub conn_down (\@\%$;$$);
+sub conn_list($);
+sub log_backend();
+sub conn_up_handle($);
+sub conn_menu($);
+sub racoon_write_config($$);
+sub racoon_configure(;$);
+sub peer_get_indexes (\%);
+sub conn_reload_handle($);
+sub check_if_running ();
+sub racoon_start();
+sub racoon_stop();
+sub basename($$);
+sub openlog($$$);
+sub syslog($$);
+
+$proc_modules = "/proc/modules";
+$kver = `uname -r`; chomp $kver;
+$modpath = "/lib/modules/" . $kver;
+$modpath_ipsec = "$modpath/kernel/net/ipv4";
+$modpath_ipsec6 = "$modpath/kernel/net/ipv6";
+$modpath_xfrm = "$modpath/kernel/net/xfrm";
+$modpath_key = "$modpath/kernel/net/key";
+$modpath_crypto = "$modpath/kernel/crypto";
+$modpath_zlib = "$modpath/kernel/lib/zlib_deflate";
+$modext = ( $kver =~ /^2\.6\./ ? ".ko" : ".o" );
+$progname = basename($0, "");
+$proc_ipv4 = "/proc/sys/net/ipv4";
+$proc_ipv6 = "/proc/sys/net/ipv6";
+
+$setkey_cmd = "/usr/sbin/setkey";
+$confdir = "/etc/racoon";
+$vardir = "/var/lib/racoon";
+$conffile = "${confdir}/racoon-tool.conf";
+$less_cmd = "/usr/bin/less";
+$more_cmd = "/bin/more";
+$pager_cmd = ( -x $less_cmd ? $less_cmd : $more_cmd );
+@pager_flags = ( -x $less_cmd ? ( '-MMXEi' ): ());
+# Handle BSD and SYSV ps...
+$ps_cmd = ($^O =~ /bsd/i ? "ps axc" : "ps -e");
+$psf_cmd = ($^O =~ /bsd/i ? "ps axw" : "ps -eo pid,cmd");
+$racoon_cmd = "/usr/sbin/racoon";
+%fmt = ( 'normal' => 1, 'brief' => 2, 'comma' => 3 );
+$global_format = $fmt{'normal'};
+local $proc_id = $$;
+$racoon_kill_delay = 25; # seconds
+
+# global settings hash
+my $global_proplist = 'path_pre_shared_key|path_certificate|path_racoon_conf|racoon_command|racoon_pid_file|log|listen\[[0-9a-z]\]|complex_bundle';
+my %global = (
+ 'path_pre_shared_key' => "$confdir/psk.txt",
+ 'path_certificate' => "$confdir/certs",
+ 'path_racoon_conf' => "${vardir}/racoon.conf",
+ 'racoon_command' => "${racoon_cmd} -f ___path_racoon_conf___",
+ 'racoon_pid_file' => "/var/run/racoon.pid",
+ );
+
+# Peer related stuff
+my $peer_proplist = 'exchange_mode|encryption_algorithm\[[0-9a-z]\]|hash_algorithm\[[0-9a-z]\]|dh_group\[[0-9a-z]\]|authentication_method\[[0-9a-z]\]|remote_template|lifetime|verify_identifier|verify_cert|passive|generate_policy|my_identifier|peers_identifier|certificate_type|peers_certfile|support_mip6|send_cr|send_cert|initial_contact|proposal_check|nat_traversal|nonce_size';
+my %peer_list = ( '%default' => {
+ 'exchange_mode' => 'main',
+ 'encryption_algorithm[0]' => '3des',
+ 'hash_algorithm[0]' => 'sha1',
+ 'dh_group[0]' => 'modp1024',
+ 'authentication_method[0]' => 'pre_shared_key',
+ 'remote_template' => '%default'
+ },
+ '%anonymous' => {
+ 'passive' => 'on',
+ 'generate_policy' => 'on'
+ } );
+
+# Connection related stuff
+my $conn_proplist = 'src_range|dst_range|src_ip|dst_ip|upperspec|encap|mode|level|admin_status|spdadd_template|sadadd_template|sainfo_template|pfs_group|lifetime|encryption_algorithm|authentication_algorithm|compression';
+my @conn_required_props = ( 'src_ip', 'dst_ip');
+my %connection_list = ( '%default' => {
+ 'admin_status' => 'disabled',
+ 'upperspec' => 'any',
+ 'encap' => 'esp',
+ 'level' => 'unique',
+ 'spdadd_template' => '%default',
+ 'sadadd_template' => '%default',
+ 'sainfo_template' => '%default',
+ 'pfs_group' => 'modp1024',
+ 'encryption_algorithm' => 'aes,3des',
+ 'authentication_algorithm' => 'hmac_sha1,hmac_md5'
+ },
+ '%anonymous' => {
+ 'admin_status' => 'disabled'
+ } );
+
+my %prop_typehash = ( 'connection' => {
+ 'src_range' => 'range',
+ 'dst_range' => 'range',
+ 'src_ip' => 'ip',
+ 'dst_ip' => 'ip',
+ 'upperspec' => 'upperspec',
+ 'encap' => 'encap',
+ 'level' => 'level',
+ 'mode' => 'mode',
+ 'admin_status' => 'boolean',
+ 'spdadd_template' => 'template_name',
+ 'sadadd_template' => 'template_name',
+ 'sainfo_template' => 'template_name',
+ 'pfs_group' => 'pfs_group',
+ 'lifetime' => 'lifetime',
+ 'encryption_algorithm' => 'phase2_encryption',
+ 'authentication_algorithm' => 'phase2_auth_algorithm',
+ 'compression' => 'boolean'
+ },
+ 'peer' => {
+ 'exchange_mode' => 'phase1_exchange_mode',
+ 'encryption_algorithm' => 'phase1_encryption',
+ 'hash_algorithm' => 'hash_algorithm',
+ 'dh_group' => 'dh_group',
+ 'authentication_method' => 'phase1_auth_method',
+ 'remote_template' => 'template_name',
+ 'lifetime' => 'lifetime',
+ 'verify_identifier' => 'switch',
+ 'verify_cert' => 'switch',
+ 'passive' => 'switch',
+ 'generate_policy' => 'switch',
+ 'initial_contact' => 'switch',
+ 'send_cr' => 'switch',
+ 'send_cert' => 'switch',
+ 'support_mip6' => 'switch',
+ 'my_identifier' => 'identifier',
+ 'peers_identifier' => 'identifier',
+ 'certificate_type' => 'certificate',
+ 'peers_certfile' => 'peers_certfile',
+ 'nonce_size' => 'nonce_size',
+ 'proposal_check' => 'proposal_check',
+ 'nat_traversal' => 'nat_traversal'
+ },
+ 'global' => {
+ 'racoon_command' => 'shell_command',
+ 'racoon_pid_file' => 'path_generated_file',
+ 'path_pre_shared_key' => 'path_conf_file',
+ 'path_racoon_conf' => 'path_generated_file',
+ 'path_certificate' => 'path_certificate',
+ 'log' => 'log',
+ 'listen' => 'listen',
+ 'complex_bundle' => 'switch'
+ }
+ );
+
+my %prop_syntaxhash = ( 'range' => '{ip-address|ip-address/masklen|ip-address[port]|ip-address/masklen[port]}',
+ 'ip' => '{ip-address} - IPv4 or IPv6',
+ 'uppserspec' => '{protocol} - number or /etc/protocols or any or icmp6',
+ 'encap' => '{ah|esp}',
+ 'mode' => '{tunnel|transport}',
+ 'boolean' => '{enabled|disabled|true|false|yes|no|up|down|on|off|0|1}',
+ 'template_name' => '{template-name} - can be %default or ^[-a-zA-Z0-9_]+',
+ 'level' => '{default|use|require|unique}',
+ 'phase1_exchange_mode' => '{main|aggressive|base}',
+ 'phase1_encryption' => '{aes|des|3des|blowfish|cast128}',
+ 'hash_algorithm' => '{md5|sha1}',
+ 'dh_group' => '{modp768|modp1024|modp1536|1|2|5}',
+ 'pfs_group' => '{none|modp768|modp1024|modp1536|1|2|5}',
+ 'phase1_auth_method' => '{pre_shared_key|rsasig}',
+ 'switch' => '{on|off}',
+ 'lifetime' => '{time} {integer} {hour|hours|min|mins|minutes|sec|secs|seconds}',
+ 'phase2_encryption' => '{aes|des|3des|des_iv64|des_iv32|rc5|rc4|idea|3idea|cast128|blowfish|null_enc|twofish|rijndael}',
+ 'phase2_auth_algorithm' => '{aes|des|3des|des_iv64|des_iv32|hmac_md5|hmac_sha1|non_auth}',
+ 'identifier' => '{address [ip-address]|fqdn dns-name|user_fqdn user@dns-name|keyid file-name|asn1dn [asn1-name]}',
+ 'certificate' => '{x509 cert-file privkey-file}',
+ 'peers_certfile' => '{x509|plain_rsa|dnssec} {cert-file}',
+ 'path_conf_file' => '{full-path-file-name}',
+ 'shell_command' => '{shell-command}',
+ 'path_generated_file' => '{full-path-file-name}',
+ 'path_certificate' => '{full-path-dir}',
+ 'log' => '{notify|debug|debug2}',
+ 'listen' => '{ip-address} [[port]]',
+ 'proposal_check' => '{obey|strict|claim|exact}',
+ 'nat_traversal' => '{on|off|force}',
+ 'nonce_size' => '{number} - between 8 and 256'
+ );
+
+my %bool_val = ( 'enabled' => 1,
+ 'disabled' => 0,
+ 'true' => 1,
+ 'false' => 0,
+ 'yes' => 1,
+ 'no' => 0,
+ 'up' => 1,
+ 'down' => 0,
+ 'on' => 1,
+ 'off' => 0,
+ '0' => 0,
+ '1' =>1 );
+
+# Default templates for spdadd and sadadd defined here
+my $sadadd_default = "";
+my $spdadd_default = <<'EOF';
+spdadd ___src_range___ ___dst_range___ ___upperspec___ -P out ipsec
+ ___encap___/___mode___/___src_ip___-___dst_ip___/___level___;
+
+spdadd ___dst_range___ ___src_range___ ___upperspec___ -P in ipsec
+ ___encap___/___mode___/___dst_ip___-___src_ip___/___level___;
+
+EOF
+%spdadd_addons = ( 'ipcomp_in' => 'ipcomp/___mode___/___dst_ip___-___src_ip___/use',
+ 'ipcomp_out' => 'ipcomp/___mode___/___src_ip___-___dst_ip___/use'
+ );
+
+my $racoon_init_default = <<"EOF";
+path pre_shared_key ___path_pre_shared_key___;
+path certificate ___path_certificate___;
+
+EOF
+%init_addons = ('log' => 'log ___log___;',
+ 'listen' => "listen {\n\tstrict_address;\n}",
+ 'isakmp' => 'isakmp ___listen___;',
+ 'complex_bundle' => 'complex_bundle ___complex_bundle___;'
+ );
+
+
+my $remote_default = <<'EOF';
+remote ___dst_ip___ {
+ exchange_mode ___exchange_mode___;
+}
+
+EOF
+my $remote_proposal = <<'EOF';
+ proposal {
+ encryption_algorithm ___encryption_algorithm___;
+ hash_algorithm ___hash_algorithm___;
+ authentication_method ___authentication_method___;
+ dh_group ___dh_group___;
+ }
+EOF
+
+%remote_addons = ( 'verify_identifier' => 'verify_identifier ___verify_identifier___;',
+ 'verify_cert' => 'verify_cert ___verify_cert___;',
+ 'passive' => 'passive ___passive___;',
+ 'generate_policy' => 'generate_policy ___generate_policy___;',
+ 'my_identifier' => 'my_identifier ___my_identifier___;',
+ 'peers_identifier' => 'peers_identifier ___peers_identifier___;',
+ 'peers_certfile' => 'peers_certfile ___peers_certfile___;',
+ 'certificate_type' => 'certificate_type ___certificate_type___;',
+ 'lifetime' => 'lifetime ___lifetime___;',
+ 'initial_contact' => 'initial_contact ___initial_contact___;',
+ 'send_cr' => 'send_cr ___send_cr___;',
+ 'send_cert' => 'send_cert ___send_cert___;',
+ 'support_mip6' => 'support_mip6 ___support_mip6___;',
+ 'nonce_size' => 'nonce_size ___nonce_size___;',
+ 'proposal_check' => 'proposal_check ___proposal_check___;',
+ 'nat_traversal' => 'nat_traversal ___nat_traversal___;'
+ );
+
+my $sainfo_default = <<'EOF';
+sainfo address ___src_range___ ___upperspec___ address ___dst_range___ ___upperspec___ {
+ encryption_algorithm ___encryption_algorithm___;
+ authentication_algorithm ___authentication_algorithm___;
+ compression_algorithm deflate;
+}
+
+EOF
+%sainfo_addons = ( 'pfs_group' => 'pfs_group ___pfs_group___;',
+ 'lifetime' => 'lifetime ___lifetime___;'
+ );
+
+@modules = ();
+@modules_ipsec = ('ah4', 'esp4', 'ipcomp');
+@modules_ipsec6 = ('ah6', 'esp6', 'ipcomp6');
+
+# Make stdout and stderr unbuffered
+select STDERR;
+$| = 1;
+select STDOUT;
+$| = 1;
+
+# Make sure we are running as root
+if ( $> != 0 ) {
+ print STDERR "$progname: must be root to run this.\n";
+ exit 1;
+}
+
+# 'Open' syslog
+openlog ($progname, 'pid', 'daemon');
+
+# Handle logging backend if '-l' switch given
+log_backend ();
+
+# See if we are already running...
+check_if_running();
+
+mod_ls();
+
+parse_config();
+
+$have_1arg = "vpndown|vpnup|vpnreload|vpnlist|vpnmenu|vdown|vup|vreload|vlist|vmenu";
+
+# Process command line...
+foreach my $i ( 0..$#ARGV ) {
+ $ARGV[$i] = lc $ARGV[$i];
+}
+
+SWITCH: {
+ !defined $ARGV[0] && do {
+ usage ();
+ exit 1;
+ };
+ $ARGV[0] =~ /^(${have_1arg})$/ && @ARGV > 2 && do {
+ usage ();
+ exit 1;
+ };
+ $ARGV[0] !~ /^(${have_1arg})$/ && @ARGV > 1 && do {
+ usage ();
+ exit 1;
+ };
+
+ $ARGV[0] =~ /^start$/ && do {
+
+ ipsec_start ();
+
+ last SWITCH;
+ };
+ $ARGV[0] =~ /^stop$/ && do {
+
+ ipsec_stop ();
+
+ last SWITCH;
+ };
+ $ARGV[0] =~ /^reload$/ && do {
+
+ ipsec_load ();
+
+ last SWITCH;
+ };
+ $ARGV[0] =~ /^(restart|force-reload)$/ && do {
+
+ ipsec_stop ();
+
+ @modules = ();
+ ipsec_start ();
+
+ last SWITCH;
+ };
+
+ $ARGV[0] =~ /^(sadshow|saddump|dump)$/ && do {
+ # Show the SAD
+ sad_show ();
+ last SWITCH;
+ };
+ $ARGV[0] =~ /^(spdshow|spddump)$/ && do {
+ # Show the SPD
+ spd_show ();
+ last SWITCH;
+ };
+
+ $ARGV[0] =~ /^(sadflush|flush)$/ && do {
+
+ # Flush the SAD
+ print "Flushing SAD...\n";
+ sad_flush ();
+ print "SAD flushed.\n";
+ prog_warn 'info', "manually flushed SAD";
+
+ last SWITCH;
+ };
+
+ $ARGV[0] =~ /^spdflush$/ && do {
+
+ # Flush the SPD
+ print "Flushing SPD...\n";
+ spd_flush ();
+ print "SPD flushed.\n";
+ prog_warn 'info', "manually flushed SPD";
+
+ last SWITCH;
+ };
+
+ $ARGV[0] =~ /^(vpndown|vdown)$/ && do {
+
+ # Go and do it
+ conn_down_handle ($ARGV[1]);
+
+ last SWITCH;
+ };
+
+ $ARGV[0] =~ /^(vpnmenu|vmenu)$/ && do {
+
+ # Go and do it
+ conn_menu ($ARGV[1]);
+
+ last SWITCH;
+ };
+
+
+ $ARGV[0] =~ /^(vpnup|vup)$/ && do {
+
+ # Go and do it
+ conn_up_handle ($ARGV[1]);
+
+ last SWITCH;
+ };
+
+ $ARGV[0] =~ /^(vpnreload|vreload)$/ && do {
+
+ # Go and do it
+ conn_reload_handle ($ARGV[1]);
+
+ last SWITCH;
+ };
+
+ $ARGV[0] =~ /^(vpnlist|vlist)$/ && do {
+
+ # Go and do it
+ conn_list ($ARGV[1]);
+
+ last SWITCH;
+ };
+
+ $ARGV[0] =~ /^(racoonstart|rstart)$/ && do {
+
+ # Go and do it
+ racoon_start();
+
+ last SWITCH;
+ };
+
+ $ARGV[0] =~ /^(racoonstop|rstop)$/ && do {
+
+ # Go and do it
+ racoon_stop();
+
+ last SWITCH;
+ };
+
+ usage ();
+ exit 1;
+};
+
+exit 0;
+
+# Functions start here
+
+sub usage () {
+ print STDERR "\n";
+ print STDERR " Usage: $progname [-h] sadflush|spdflush|saddump|spddump\n";
+ print STDERR " |reload|restart|force-reload|start|stop\n";
+ print STDERR " $progname [-h] vpndown|vdown|vpnup|vup\n";
+ print STDERR " |vpnreload|vreload connection-name|all\n";
+ print STDERR " $progname [-h] vpnlist|vlist [connection-name|all]\n";
+ print STDERR " $progname [-h] vpnmenu|vmenu\n";
+ print STDERR " $progname [-h] racoonstart|racoonstop|rstart|rstop\n";
+ print STDERR "\n";
+};
+
+sub basename ($$) {
+ my $name = shift;
+ my $ext = shift;
+ $name =~ s/^.*\/(.*)$/$1/;
+ $name =~ s/^(.*)${ext}$/$1/;
+ return $name;
+}
+
+sub openlog ($$$) {
+ $log{'ident'} = shift;
+ $log{'logopt'} = shift;
+ $log{'facility'} = shift;
+ my $logger;
+
+ $logger = "/usr/bin/logger";
+ if ( ! -x $logger ) {
+ $logger = "/bin/logger";
+ } elsif ( ! -x $logger ) {
+ die "$progname: cannot run $logger.\n";
+ }
+
+ $log{'logger'} = $logger;
+
+}
+
+sub syslog ($$) {
+ my $priority = shift;
+ my $msg = shift;
+
+ system("$log{'logger'}", '-p', "$log{'facility'}.${priority}", '-t', "$log{'ident'}\[${proc_id}\]", "$msg");
+}
+
+sub check_if_running () {
+ my @pids = ();
+ my @procs = grep /\b${progname}$/, (grep ! /^\s*${proc_id}\b/, `$ps_cmd`);
+ foreach (@procs) {
+ my @fields = split;
+ if (!$fields[0]) {
+ next;
+ }
+ push @pids, $fields[0];
+ }
+
+ if (@pids) {
+ print STDERR "$progname: process(es) @pids are already running.\n";
+ exit 2;
+ }
+}
+
+sub racoon_get_pids () {
+ my @pids = ();
+ my $cmd = '';
+ my $pid_file = $global{'racoon_pid_file'};
+
+ $cmd = $global{'racoon_command'};
+ if ( $cmd =~ m/^(\S+).*$/ ) {
+ $cmd = $1;
+ }
+
+ if ( -f $pid_file ) {
+ if ( ! open PID, "$pid_file" ) {
+ prog_die "cannot open $pid_file - $!";
+ }
+ @pids = ( );
+ close PID;
+ } elsif ( scalar(@pids = grep m#${cmd}[\s\n]#s, (split /^/m, `$psf_cmd`)) ) {
+ grep { s/^\s*([0-9]+)\s+.*$/$1/; } @pids;
+ }
+
+ return @pids;
+}
+
+
+sub racoon_fill_command ($) {
+ my $stuff = shift;
+ foreach my $key (keys %global) {
+ my $key_reg = $key;
+ $key_reg =~ s/\[/\\[/g;
+ $key_reg =~ s/\]/\\]/g;
+ $stuff =~ s/___${key_reg}___/$global{"$key"}/img;
+ }
+ return $stuff;
+}
+
+sub racoon_start () {
+ my $running;
+ my @pids = ();
+
+ print "Starting IKE (ISAKMP/Oakley) server: ";
+
+ # see if it is already running
+ @pids = racoon_get_pids();
+
+ if ( $running = kill ( '0', @pids ) ) {
+ prog_warn 'warning', "racoon already running - exiting.", $fmt{'brief'};
+ exit 10;
+ }
+
+ # Start it.
+ my $stuff = racoon_fill_command ($global{'racoon_command'});
+ system "$stuff";
+
+ # See if it started
+ @pids = racoon_get_pids();
+ $running = @pids;
+ if ( ! $running ) {
+ prog_die "racoon did not start.";
+ }
+
+ print "racoon.\n";
+ prog_warn 'info', "racoon started.";
+}
+
+sub racoon_stop () {
+ my @pids = ();
+ my $running;
+
+ print "Stopping IKE (ISAKMP/Oakley) server: ";
+
+ # Find PIDs to use
+ @pids = racoon_get_pids();
+
+ # see if it is running
+ $running = kill ('0', @pids );
+ if ( ! $running ) {
+ print "not found running.\n";
+ return;
+ }
+
+ # kill -15 it
+ $running = kill ( 'TERM', @pids );
+
+ my $delay = $racoon_kill_delay;
+ # Check if any still running
+ while ( ($running = kill ( '0', @pids )) && $delay) {
+ sleep 1;
+ $delay--;
+ # see if still running, and loop back to wait upto 25 secs
+ }
+
+ # kill -9 it
+ kill ( 'KILL', @pids );
+
+ print "racoon.\n";
+ prog_warn 'info', "racoon stopped.";
+}
+
+sub racoon_configure (;$) {
+ my $format = shift;
+ my @pids;
+ my @new;
+ my $running = 0;
+
+ # Prepare new config file
+ racoon_write_config ($global{'path_racoon_conf'}, $format);
+
+ # HUP racoon to reconfigure it
+ @pids = racoon_get_pids();
+ $running = @pids;
+
+ sad_flush();
+ kill ( 'HUP', @pids );
+ @pids = racoon_get_pids();
+ if ($running && @pids < 1 ) {
+ prog_warn 'err', "reconfiguring racoon failed - racoon died, check system logs.", $format;
+ return -1;
+ } elsif ( ! $running && @pids < 1) {
+ prog_warn 'warning', "racoon not running.", $format;
+ return 0;
+ }
+ return 1;
+}
+
+sub racoon_fill_remote ($) {
+ my $peer = shift;
+ my $stuff;
+
+ my $hndl = $peer_list{$peer};
+ my $template = $hndl->{'remote_template'};
+ $stuff = $remote{$template};
+ if ( $template eq '%default' ) {
+ foreach my $property ( keys %remote_addons ) {
+ if (defined $hndl->{"$property"}) {
+ $stuff =~ s/^(\s*remote.*{\s*)$/${1}\n\t${remote_addons{"$property"}}/m;
+ }
+ }
+ my @pindexes = peer_get_indexes ( %$hndl );
+ foreach my $ind ( @pindexes ) {
+ my $to_add = $remote_proposal;
+ $to_add =~ s/___(\S+)___/___$1\[$ind\]___/gm;
+ $stuff =~ s/^(\s*remote.*{\s*)$/${1}\n${to_add}/m
+ }
+ }
+
+
+ foreach my $key (keys %$hndl) {
+ my $key_reg = $key;
+ $key_reg =~ s/\[/\\[/g;
+ $key_reg =~ s/\]/\\]/g;
+ $stuff =~ s/___${key_reg}___/$$hndl{"$key"}/img;
+ }
+
+ if ($peer eq '%anonymous' && $template eq '%default' ) {
+ $stuff =~ s/(remote\s+)\%anonymous/remote anonymous/
+ }
+
+ return $stuff;
+}
+
+sub racoon_fill_sainfo ($) {
+ my $connection = shift;
+ my $stuff;
+
+ my $hndl = $connection_list{$connection};
+ my $template = $hndl->{'sainfo_template'};
+ $stuff = $sainfo{$template};
+ if ( $template eq '%default' ) {
+ foreach my $property ( keys %sainfo_addons ) {
+ next if $property eq "pfs_group" &&
+ defined $hndl->{'pfs_group'} && $hndl->{'pfs_group'} eq 'none';
+ if ( defined $hndl->{"$property"} ) {
+ $stuff =~ s/^(\s*sainfo.*)$/${1}\n\t${sainfo_addons{"$property"}}/m;
+ }
+ }
+ }
+
+ foreach my $key (keys %$hndl) {
+ $stuff =~ s/___${key}___/$$hndl{$key}/img;
+ }
+
+ if ($connection eq '%anonymous' && $template eq '%default' ) {
+ $stuff =~ s/sainfo.*{/sainfo anonymous {/
+ }
+
+ return $stuff;
+}
+
+sub racoon_fill_init () {
+ my $stuff = $racoon_init;
+
+ foreach my $key ( keys %global ) {
+ $key =~ s/^(\S+)\[[0-9a-z]\]$/$1/i;
+ if ( defined $init_addons{"$key"} ) {
+ $stuff =~ s/^(\s*path certificate.*)$/${1}\n${init_addons{"$key"}}/m;
+ }
+ }
+ my @indexes = peer_get_indexes ( %global );
+ foreach my $ind ( @indexes ) {
+ my $to_add = $init_addons{'isakmp'};
+ $to_add =~ s/___(\S+)___/___$1\[$ind\]___/gm;
+ $stuff =~ s/^(\s*listen.*{\s*)$/${1}\n\t${to_add}/m
+ }
+
+ foreach my $key (keys %global) {
+ my $key_reg = $key;
+ $key_reg =~ s/\[/\\[/g;
+ $key_reg =~ s/\]/\\]/g;
+ $stuff =~ s/___${key_reg}___/$global{"$key"}/img;
+ }
+
+ return $stuff;
+}
+
+sub racoon_write_config ($$) {
+ my $file = shift;
+ my $format = shift;
+ my @spd_list;
+ my %conn_spd_hash;
+ my @remote_done = ();
+
+ parse_spd (@spd_list, %conn_spd_hash);
+
+ open (RCF, ">$file")
+ or prog_die "can't open $file - $!", $format;
+
+ # Pretty print comments...
+ my $hostname = `/bin/hostname`;
+ my $date = scalar localtime;
+ print RCF <<"EOF";
+#
+# Racoon configuration for $hostname
+# Generated on $date by $progname
+#
+
+EOF
+ # Print out the racoon header
+ print RCF "#\n# Global items\n#\n";
+ my $stuff = racoon_fill_init();
+ print RCF $stuff;
+
+ foreach my $connection ( keys %conn_spd_hash ) {
+ my $stuff = '';
+ my $hndl = $connection_list{$connection};
+
+ print RCF "#\n# Connection $connection\n#\n";
+ # print remote clauses needed...
+ my $dst_ip = $hndl->{'dst_ip'};
+ if ( ! grep { $dst_ip eq $_ } @remote_done ) {
+ push @remote_done, $dst_ip;
+ $stuff = racoon_fill_remote($dst_ip);
+ print RCF $stuff;
+ }
+
+ # print sainfo clauses needed...
+ $stuff = racoon_fill_sainfo($connection);
+ print RCF $stuff;
+ }
+
+ # Handle anonymous connection
+ my $hndl = $connection_list{'%anonymous'};
+ my $phndl = $peer_list{'%anonymous'};
+
+ if ( defined $hndl && $hndl
+ && defined $hndl->{'admin_status'}
+ && $bool_val{"$hndl->{'admin_status'}"} != 0
+ && $hndl->{'makelive'} != 0
+ && defined $phndl
+ && $phndl
+ && $phndl->{'makelive'} != 0 ) {
+ my $stuff = '';
+ print RCF "#\n# Anonymous connection section\n#\n";
+ $stuff = racoon_fill_remote('%anonymous');
+ print RCF $stuff;
+ $stuff = racoon_fill_sainfo('%anonymous');
+ print RCF $stuff;
+ }
+
+ close RCF;
+}
+
+sub log_backend () {
+foreach my $arg ( @ARGV ) {
+ next if $arg ne '-l';
+
+ my $error = 0;
+ while ( ) {
+ chomp;
+ prog_warn 0, "setkey said: $_";
+ $error = 1;
+ }
+
+ exit $error;
+}
+
+
+}
+
+# List all connections
+sub conn_list ($) {
+ my $connection = shift;
+
+ my $exit_code = 1;
+
+ if ( ! defined $connection || $connection eq 'all' ) {
+ $connection = '.*';
+ }
+
+ my @conns = grep /${connection}/, keys(%connection_list);
+ @conns = grep !/^%default$/, @conns;
+ open( PAGER, '|-' )
+ || exec ("$pager_cmd", @pager_flags);
+ foreach my $conn ( @conns ) {
+ print PAGER "$conn\n";
+ }
+ close PAGER or die "$progname: conn_list () - $pager_cmd failed - exit code " . ($? >> 8) . "\n";
+
+ exit ( scalar(@conns) == 0 );
+}
+
+# Connection up
+sub conn_up_handle ($) {
+ my $connection = shift;
+
+ if (! defined $connection ) {
+ usage ();
+ exit 1;
+ }
+
+ if ( $connection eq 'all' ) {
+ # Flush SPD and SAD
+ ipsec_flush ();
+
+ # Load the SPD
+ spd_load();
+
+ # Do dee racoon...
+ exit 1 if racoon_configure() < 0;
+
+ exit 0;
+ }
+
+ print "Starting VPN $connection...";
+ if ((my $ret = spd_load($connection)) <= 0 ) {
+ print "not found in configuration\n" if $ret == 0;
+ print "syntax problem in configuration.\n" if $ret == -1;
+ print "already in SPD.\n" if $ret == -2;
+ exit 1;
+ }
+
+ # Do dee racoon...
+ exit 1 if racoon_configure($fmt{'brief'}) < 0;
+
+ print "done.\n";
+ prog_warn 'info', "$connection started.";
+
+
+ exit 0;
+}
+
+# Connection down
+sub conn_down_handle ($) {
+ my $connection = shift;
+ my @spd_list;
+ my %conn_spd_hash;
+
+ if ( ! defined $connection ) {
+ usage ();
+ exit 1;
+ }
+
+ if ( $connection eq 'all' ) {
+ # Flush SPD and SAD
+ ipsec_flush ();
+
+ # Do dee racoon...
+ exit 1 if racoon_configure() < 0;
+
+ exit 0;
+ }
+
+ print "Shutting down VPN $connection...";
+ if ( ! grep /^${connection}$/, keys %connection_list) {
+ print "not found in configuration.\n";
+ exit 1;
+ }
+ # Read SPD list from kernel...
+ parse_spd(@spd_list, %conn_spd_hash);
+ if ( ! conn_down (@spd_list, %conn_spd_hash, $connection, 1) ) {
+ print "not found in SPD.\n";
+ exit 0;
+ }
+ print "done.\n";
+ prog_warn 'info', "$connection shutdown.";
+
+ exit 0
+}
+
+sub conn_reload_handle ($) {
+ my $connection = shift;
+ my @spd_list;
+ my %conn_spd_hash;
+
+ if ( ! defined $connection ) {
+ usage ();
+ exit 1;
+ }
+
+ if ( $connection eq 'all' ) {
+ ipsec_load();
+
+ exit 0;
+ }
+
+ print "Reloading VPN $connection...";
+ if ( ! grep /^${connection}$/, keys %connection_list) {
+ print "not found in configuration.\n";
+ exit 1;
+ }
+ # Read SPD list from kernel...
+ parse_spd(@spd_list, %conn_spd_hash);
+ if ( ! conn_down (@spd_list, %conn_spd_hash, $connection, 1, 1) ) {
+ print "not found in SPD, ";
+ }
+
+ if ((my $ret = spd_load($connection)) <= 0 ) {
+ print "not found in configuration.\n" if $ret == 0;
+ print "syntax problem in configuration.\n" if $ret == -1;
+ print "already in SPD.\n" if $ret == -2;
+ exit 1;
+ }
+
+ # Do dee racoon...
+ exit 1 if racoon_configure($fmt{'brief'}) < 0;
+
+ print "done.\n";
+ prog_warn 'info', "$connection reloaded.";
+
+ exit 0;
+}
+
+sub spd_show_header () {
+ print "Number Connection Name UpperSpec DirN\n";
+ print " src_range\n";
+ print " dst_range\n";
+}
+
+sub spd_show_entry ($) {
+ my $entry = shift;
+ my $conn_name;
+
+ if (defined $$entry{'connection'}) {
+ $conn_name = $$entry{'connection'};
+ } else {
+ $conn_name = '';
+ }
+
+ printf " %3.1d %-50s %-9s %-3s\n",
+ $$entry{'index'}, $conn_name,
+ $$entry{'upperspec'}, $$entry{'direction'};
+ print " $$entry{'src_range'}\n";
+ print " $$entry{'dst_range'}\n";
+}
+
+sub spd_show_footer () {
+ print "\n";
+ print "Press for more, or enter number or VPN-name > ";
+}
+
+sub conn_menu ($) {
+ my $term = shift;
+ my @spd_list;
+ my %conn_spd_hash;
+
+ # Initialise the SPD data structure
+ parse_spd(@spd_list, %conn_spd_hash);
+
+ my ($pos,$rows,$cols,$do_fill) = 0;
+ $term = '.*' if ! defined $term;
+ my @spd = grep { ( defined $$_{'connection'} && $$_{'connection'} =~ m/${term}/ )
+ || $$_{'src_range'} =~ m/${term}/
+ || $$_{'dst_range'} =~ m/${term}/ } @spd_list;
+
+ if ( ! @spd ) {
+ print "No SPD entries found.\n";
+ return;
+ }
+
+REDRAW: while ($pos < @spd_list) {
+ # get terminal size
+ ($rows, $cols) = split ' ', `stty size`;
+ my $ntoshow = ($rows - 6) / 3;
+ my $fill = $rows % $ntoshow;
+ if ( ($pos +$ntoshow) > @spd) {
+ $fill += 3*($pos + $ntoshow - @spd);
+ }
+ # display SPD list
+ if ( $do_fill ) {
+ foreach (0..$fill) { print "\n" };
+ }
+ $do_fill = 1;
+ spd_show_header ();
+ for ($i=$pos; $i < ($pos + $ntoshow) && $i < @spd; $i++) {
+
+ spd_show_entry ($spd[$i]);
+ }
+ spd_show_footer ();
+
+ # wait for keypress
+ while ( my $chars = ) {
+ last if $chars =~ /^$/;
+ $chars = lc $chars;
+ exit 0 if $chars =~ /^q$/;
+ chomp $chars;
+ my @deleted = conn_down(@spd_list, %conn_spd_hash, $chars) if $chars =~ /^[-0-9a-z_]+$/;
+ if (! @deleted) {
+ print "$chars does not exist or cannot be deleted.\n";
+ }
+ else {
+ foreach my $i ( @deleted ) {
+ @spd = grep { $i != $$_{'index'} } @spd;
+ $pos -= 1 if $pos > 0;
+ }
+ }
+ if ( ! @spd ) {
+ print "No selected SPD entries left.\n";
+ last REDRAW;
+ }
+ sleep 2;
+ next REDRAW;
+ }
+
+ $pos += $ntoshow;
+ }
+
+
+}
+
+sub conn_down (\@\%$;$$) {
+ my $spd_list = shift;
+ my $conn_spd_hash = shift;
+ my $spd = shift;
+ my $conn_force = shift;
+ my $no_racoon = shift;
+
+ my @ret = ();
+ my @spd_to_del = ();
+ if ( $conn_force || $spd !~ m/^[0-9]+$/ ) {
+ # Deal with a connection name
+ @spd_to_del = keys %$conn_spd_hash;
+ return @ret if @spd_to_del <= 0;
+ return @ret if ! grep /^$spd$/, keys %$conn_spd_hash;
+ @spd_to_del = @{ $conn_spd_hash->{$spd} };
+ return @ret if @spd_to_del <= 0;
+ }
+ else {
+ # Handle a connection number
+ # Check that it exists
+ return @ret if ! grep { $$_{'index'} == $spd } @$spd_list;
+
+ # Follow up any connection name and add that one to
+ my ($spdentry) = grep { $$_{'index'} == $spd } @$spd_list;
+ goto GO if ! defined $$spdentry{'connection'};
+ $connection = $$spdentry{'connection'};
+ goto GO if @{ $conn_spd_hash->{$connection} } <= 0;
+ push @spd_to_del, @{ $conn_spd_hash->{$connection} };
+ }
+
+GO:
+ # Delete entries from SPD
+ open( SETKEY, '|-')
+ || exec ("$setkey_cmd", '-c');
+
+ foreach my $spdnum ( @spd_to_del ) {
+ my ($spdentry) = grep { $$_{'index'} == $spdnum } @$spd_list;
+ print SETKEY <<"EOF";
+spddelete -n $$spdentry{'src_range'} $$spdentry{'dst_range'} $$spdentry{'upperspec'} -P $$spdentry{'direction'};
+EOF
+ push @ret, $spdnum;
+ }
+
+ close SETKEY
+ or prog_die ("conn_down() - setkey connection deletion failed - exit code ". ($? >> 8) );
+
+ # Deal with racoon
+ if ( ! $no_racoon ) {
+ racoon_configure();
+ }
+
+ return @ret;
+}
+
+# Process warning message
+
+sub prog_warn($$;$) {
+ my $level = shift;
+ my $msg = shift;
+ my $format = shift;
+
+ $format = $global_format if ! $format;
+ $level = 'warning' if ! $level;
+ $msg =~ s/\t/ /g;
+ if ( $level ne 'info' ) {
+ if ( $format == $fmt{'normal'} ) {
+ print STDERR "$progname: $msg\n"
+ } elsif ( $format == $fmt{'brief'} ) {
+ print STDOUT "${msg}\n";
+ } elsif ( $format == $fmt{'comma'} ) {
+ $msg =~ s/\.$//;
+ print STDOUT "${msg}, ";
+ }
+ }
+ $msg =~ s/%/%%/g;
+ syslog ($level, "$msg");
+}
+
+sub prog_die($;$) {
+ my $msg = shift;
+ my $format = shift;
+ prog_warn 'err', $msg, $format;
+ exit 255;
+}
+
+# Dump read in SPD list
+sub spd_dump_list (\@\%) {
+ my $spd_list = shift;
+ my $conn_spd_hash = shift;
+
+ for my $spd ( @$spd_list ) {
+ print "{ ";
+ for $val ( keys %$spd ) {
+ print "$val=$spd->{$val} ";
+ }
+ print "}\n";
+ }
+
+ for my $conn ( keys(%$conn_spd_hash) ) {
+ print "$conn: @{ $conn_spd_hash->{$conn} }\n";
+ }
+}
+
+# Parse SPD to produce SPD list
+sub parse_spd (\@\%) {
+ my $spd_list = shift;
+ my $conn_spd_hash = shift;
+ my $src_range;
+ my $dst_range;
+ my $upperspec;
+ my $direction;
+ my $onespd_flag = 0;
+
+ @$spd_list = ();
+
+ open (SETKEY, '-|')
+ || exec ($setkey_cmd, '-PD');
+
+ while (my $line = ) {
+ # print "$line";
+ if ( $line =~ m/^\s*([0-9a-fny\.\:\/\[\]]+)\s+([0-9a-fny\.\:\/\[\]]+)\s+([0-9a-z]+)\s*$/ ){
+ $src_range = $1;
+ $dst_range = $2;
+ $upperspec = $3;
+ $onespd_flag = 1
+ }
+ elsif ($onespd_flag > 0) {
+ $onespd_flag = 0;
+ $line =~ m/^\s*(in|out)\s+(prio def)?\s?(ipsec|none|discard)\s*$/;
+ $direction = $1;
+ push @$spd_list, { 'src_range', $src_range, 'dst_range', $dst_range,
+ 'upperspec', $upperspec, 'direction', $direction };
+ # print "[ src_range=$src_range, dst_range=$dst_range, upperspec=$upperspec, direction=$direction ]\n";
+ }
+ }
+
+ close (SETKEY)
+ or prog_die "parse_spd() - can't parse SPD - exit code " . ($? >> 8);
+
+ # match the SPD policies to configuration data.
+ match_spd_connection (@$spd_list, %$conn_spd_hash);
+
+}
+
+
+sub match_spd_connection (\@\%) {
+ my $spd_list = shift;
+ my $conn_spd_hash = shift;
+ my $index = 0;
+
+ %$conn_spd_hash = ();
+
+ foreach my $spd ( @$spd_list ) {
+ $spd->{'index'} = $index;
+
+ # Loop over connection list to find connection name
+ foreach my $connection ( keys %connection_list ) {
+ next if "$connection" eq '%default';
+ next if ! defined $connection_list{$connection}{'src_ip'};
+ next if ! defined $connection_list{$connection}{'dst_ip'};
+
+ # Quick handle - read only
+ my $conn = $connection_list{$connection};
+
+ if ( ($spd->{'src_range' } eq $conn->{'src_range'}
+ && $spd->{'dst_range'} eq $conn->{'dst_range'}
+ && $spd->{'direction'} eq 'out'
+ || $spd->{'dst_range'} eq $conn->{'src_range'}
+ && $spd->{'src_range'} eq $conn->{'dst_range'}
+ && $spd->{'direction'} eq 'in')
+ && $spd->{'upperspec'} eq $conn->{'upperspec'} ) {
+ $spd->{'connection'} = $connection;
+ push @{ $conn_spd_hash->{$connection} }, $index;
+ }
+ }
+
+ $index ++;
+ }
+
+}
+
+# start
+sub ipsec_start () {
+ mod_start ();
+ ipsec_flush ();
+ ipsec_load ();
+ racoon_start();
+}
+
+# stop
+sub ipsec_stop () {
+ racoon_stop();
+ ipsec_flush ();
+ mod_stop ();
+}
+
+# load
+sub ipsec_load () {
+ print "Loading SAD and SPD...\n";
+ sad_init ();
+ spd_init ();
+ spd_load();
+ print "SAD and SPD loaded.\n";
+ prog_warn 'info', "loaded SAD and SPD.";
+ print "Configuring racoon...";
+ exit 1 if racoon_configure($fmt{'brief'}) < 0;
+ print "done.\n";
+ prog_warn 'info', "configured racoon.";
+ return 1;
+}
+
+# flush
+sub ipsec_flush () {
+ print "Flushing SAD and SPD...\n";
+ # Flush the SAD
+ sad_flush ();
+
+ # Flush the SPD
+ spd_flush ();
+ print "SAD and SPD flushed.\n";
+ prog_warn 'info', "flushed SAD and SPD.";
+}
+
+# Read configuration
+sub parse_config () {
+ my $line = 0;
+ my $barf = 0;
+ my $section = "";
+ my $connection = "";
+ my $peer = "";
+ my $stuff = "";
+
+ open(CONF, "< $conffile")
+ || prog_die "can't open $conffile - $!";
+
+ LINE: while () {
+ $line +=1;
+
+ # Deal with blank lines
+ if ( m/^\s*$/) {
+ next LINE;
+ }
+
+ # Comments
+ if ( m/^[ \t]*#.*$/ ) {
+ next LINE;
+ }
+ # Comments at the end of lines
+ if ( m/^([^#]*)#.*$/ ) {
+ $_ = $1;
+ }
+
+ chomp;
+
+ if (! m/^[-\"{}()\[\]_;\%\@\w\s.:\/=]+$/) {
+ prog_warn 0, "bad data in $conffile, line $line:";
+ prog_warn 0, $_;
+ # $barf = 1;
+ next LINE;
+ }
+
+ if ( m/^\s*SPDADD\((\%default|[-_a-z0-9]+)\):([\S \t]*)$/i ) {
+ $name = $1;
+ $stuff = $2 . "\n";
+ if ( defined $spdadd{"$name"} ) {
+ $spdadd{"$name"} .= $stuff;
+ } else {
+ $spdadd{"$name"} = $stuff;
+ }
+ next LINE;
+ } elsif ( m/^\s*SADADD\((\%default|[-_a-z0-9]+)\):([\S \t]*)$/i ) {
+ $name = $1;
+ $stuff = $2 . "\n";
+ if ( defined $sadadd{"$name"} ) {
+ $sadadd{"$name" } .= $stuff;
+ } else {
+ $sadadd{"$name"} = $stuff;
+ }
+ next LINE;
+ } elsif ( m/^\s*REMOTE\((\%default|[-_a-z0-9]+)\):([\S \t]*)$/i ) {
+ $name = $1;
+ $stuff = $2 . "\n";
+ if ( defined $remote{"$name"} ) {
+ $remote{"$name" } .= $stuff;
+ } else {
+ $remote{"$name"} = $stuff;
+ }
+ next LINE;
+
+ } elsif ( m/^\s*SAINFO\((\%default|[-_a-z0-9]+)\):([\S \t]*)$/i ) {
+ $name = $1;
+ $stuff = $2 . "\n";
+ if ( defined $sainfo{"$name"} ) {
+ $sainfo{"$name" } .= $stuff;
+ } else {
+ $sainfo{"$name"} = $stuff;
+ }
+ next LINE;
+
+ } elsif ( m/^\s*SADINIT:([\S \t]*)$/i ) {
+ $name = '';
+ $stuff = $1 . "\n";
+ if ( defined $sadinit ) {
+ $sadinit .= $stuff;
+ } else {
+ $sadinit = $stuff;
+ }
+ next LINE;
+ } elsif ( m/^\s*SPDINIT:([\S \t]*)$/i ) {
+ $name = '';
+ $stuff = $1 . "\n";
+ if ( defined $spdinit ) {
+ $spdinit .= $stuff;
+ } else {
+ $spdinit = $stuff;
+ }
+ next LINE;
+ } elsif ( m/^\s*RACOONINIT:([\S \t]*)$/i ) {
+ $name = '';
+ $stuff = $1 . "\n";
+ if ( defined $racoon_init ) {
+ $racoon_init .= $stuff;
+ } else {
+ $racoon_init = $stuff;
+ }
+ next LINE;
+
+ } elsif ( m/^\s*CONNECTION\((\%default|\%anonymous|[-_a-z0-9]+)\):\s*$/i ) {
+ $section = 'connection';
+ $connection = lc $1;
+ # Make place holder so that error message gets generated
+ $connection_list{$connection}{'makelive'} = 0;
+ next LINE;
+ }
+
+ elsif ( m/^\s*PEER\((\%default|\%anonymous|[a-f0-9:\.]+)\):\s*$/i ) {
+ $peer = lc $1;
+ if ( $peer ne '%default' && $peer ne '%anonymous' && ! ip_check_syntax ($peer)) {
+ prog_warn 0, "unrecognised tag in $conffile, line $line:";
+ prog_warn 0, "$_";
+ prog_warn 0, "invalid peer name - $peer";
+ next LINE;
+ }
+ $section = 'peer';
+ # Make place holder so that error message gets generated
+ $peer_list{$peer}{'makelive'} = 0;
+ next LINE;
+ }
+
+ elsif ( m/^\s*GLOBAL:\s*$/i ) {
+ $section = 'global';
+ next LINE;
+ }
+
+ elsif ( $section eq 'connection' && m/^\s*($conn_proplist):\s*(.+)\s*$/i ) {
+ my $property = lc $1;
+ my $value = $2;
+ $value =~ s/^(.*\S)\s*$/$1/;
+
+ if ( ! check_property_syntax($section, $property, $value) ) {
+ prog_warn 0, "$connection - unrecognised connection property syntax.";
+ prog_warn 0, "$connection - file $conffile, line $line:";
+ prog_warn 0, error_getmsg($section, $property);
+ prog_warn 0, $_;
+ $connection_list{$connection}{'syntax_error'} = 1;
+ next LINE;
+ }
+ $value = value_lc($section, $property, $value);
+ $connection_list{$connection}{$property} = $value;
+ } elsif ( $section eq 'connection' ) {
+ prog_warn 0, "$connection - unrecognised tag in $conffile, line $line:";
+ prog_warn 0, $_;
+ prog_warn 0, "$connection - allowed tags are $conn_proplist";
+ $connection_list{$connection}{'syntax_error'} = 1;
+ next LINE;
+ }
+
+ elsif ( $section eq 'peer' && m/^\s*($peer_proplist):\s*(.+)\s*$/i ) {
+ my $property = lc $1;
+ my $value = $2;
+ $value =~ s/^(.*\S)\s*$/$1/;
+
+ if ( ! check_property_syntax($section, $property, $value) ) {
+ prog_warn 0, "$peer - unrecognised peer property syntax or unreadable file(s).";
+ prog_warn 0, "$peer - file $conffile, line $line:";
+ prog_warn 0, error_getmsg($section, $property);
+ prog_warn 0, $_;
+ $peer_list{$peer}{'syntax_error'} = 1;
+ next LINE;
+ }
+ # $value = value_lc($section, $property, $value);
+ $peer_list{$peer}{$property} = $value;
+ } elsif ( $section eq 'peer' ) {
+ prog_warn 0, "$peer - unrecognised tag in $conffile, line $line:";
+ prog_warn 0, $_;
+ prog_warn 0, "$peer - allowed tags are $peer_proplist";
+ $peer_list{$peer}{'syntax_error'} = 1;
+ next LINE;
+ }
+
+ elsif ( $section eq 'global' && m /^\s*($global_proplist):\s*(.+)\s*$/i ) {
+ my $property = lc $1;
+ my $value = $2;
+ $value =~ s/^(.*\S)\s*$/$1/;
+
+ if (! check_property_syntax($section, $property, $value)) {
+ prog_warn 0, "global - unrecognised global property syntax or unreadable file(s).";
+ prog_warn 0, "global - file $conffile, line $line:";
+ prog_warn 0, error_getmsg($section, $property);
+ prog_warn 0, $_;
+ prog_warn 0, "global - allowed tags are $global_proplist";
+ $global{'deadly_error'} = 1;
+ next LINE;
+ }
+ $value = value_lc($section, $property, $value);
+ $global{$property} = $value;
+
+ } elsif ( $section eq 'global' ) {
+ prog_warn 0, "$global - unrecognised tag in $conffile, line $line:";
+ prog_warn 0, $_;
+ prog_warn 0, "$global - allowed tags are $global_proplist";
+ }
+
+ else {
+ prog_warn 0, "unrecognised tag in $conffile, line $line:";
+ prog_warn 0, $_;
+ next LINE;
+ }
+
+ }
+ close (CONF);
+
+ if ( $barf ) {
+ exit 1;
+ }
+
+ # apply defaults
+ $spdadd{'%default'} = $spdadd_default if ( ! defined $spdadd{'%default'} );
+ $sadadd{'%default'} = $sadadd_default if ( ! defined $sadadd{'%default'} );
+ $remote{'%default'} = $remote_default if ( ! defined $remote{'%default'} );
+ $sainfo{'%default'} = $sainfo_default if ( ! defined $sainfo{'%default'} );
+ $racoon_init = $racoon_init_default if ( ! defined $racoon_init );
+ global_fillin_defaults();
+ conn_fillin_defaults();
+ peer_fillin_defaults();
+ peer_check_required();
+ conn_check_required();
+ global_check_required();
+};
+
+# Lower case value function
+sub value_lc ($$$) {
+ my $section = shift;
+ my $property = shift;
+ my $value = shift;
+
+ my $ptype = get_proptype($section, $property);
+
+ if ( $ptype eq 'path_conf_file' ) {
+ $value = $value;
+ } elsif ( $ptype eq 'path_generated_file' ) {
+ $value = $value;
+ } elsif ( $ptype eq 'shell_command' ) {
+ $value = $value;
+ } elsif ( $ptype eq 'path_certificate' ) {
+ $value = $value;
+ } elsif ( $ptype eq 'certificate' ) {
+ if ( $value =~ m/^\s*x509\s+(\S+)\s+(\S+)\s*$/i ) {
+ $value = "x509 $1 $2";
+ }
+ } elsif ( $ptype =~ 'peers_certfile' ) {
+ if ( $value =~ m/^\s*dnssec\s*$/i ) {
+ $value = "dnssec";
+ } elsif ( $value =~ m/^\s*(plain_rsa|x509)\s+(\S+)\s*$/i ) {
+ $value = "$1 $2";
+ }
+ } elsif ( $ptype eq 'identity' ) {
+ if ( $value =~ m/^\s*keyid\s+(\S+)\s*$/i ) {
+ $value = "keyid $1"
+ }
+ } else {
+ $value = lc $value;
+ }
+ return $value;
+}
+
+# Error mesage lookups
+sub error_getmsg ($$) {
+ my $section = shift;
+ my $property = shift;
+ my $ptype = get_proptype($section, $property);
+
+ return "$property only takes $prop_syntaxhash{$ptype}";
+}
+
+#Fill in global defaults
+sub global_fillin_defaults () {
+ foreach $prop ('path_pre_shared_key', 'path_certificate') {
+ if ( defined $global{$prop} && $global{$prop} =~ m/^"?(\S+)"?$/i ) {
+ $global{$prop} = "\"${1}\"";
+ }
+ }
+ foreach $prop ('path_racoon_conf', 'racoon_command', 'racoon_pid_file') {
+ if ( defined $global{$prop} && $global{$prop} =~ m/^"(\S+)"$/i ) {
+ $global{$prop} = "${1}";
+ }
+ }
+}
+
+sub global_check_required () {
+ if ( $global{'deadly_error'} ) {
+ prog_warn 'err', "deadly error in global configuration - exiting.";
+ exit 10;
+ }
+}
+
+#Check synax of IP address
+sub ip_check_syntax ($) {
+ my $ip = shift;
+ if ( $ip =~ m/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/ ) {
+ return 1 if ( $1 >=0 && $1 <= 255 && $2 >= 0 && $2 <= 255
+ && $3 >= 0 && $3 <= 255 && $4 >= 0 && $4 <= 255 );
+ } elsif ( $ip =~ m/^[0-9a-f]{1,4}:[0-9a-f:]*:[0-9a-f]{0,4}$/i ) {
+ my @dbytes = split /:/, $ip;
+ my $valid = 1;
+ foreach my $v ( @dbytes ) {
+ if ( $v ne '' && $v !~ m/^[0-9a-f]{1,4}$/i && $v < 0 && $v > 0xffff )
+ { $valid = 0; }
+ }
+ return 1 if $valid;
+ }
+ return 0;
+}
+
+
+# Check syntax
+
+sub get_proptype($$) {
+ my $section = shift;
+ my $property = shift;
+ my $ptype;
+
+ if ( $property =~ m/^(.*)\[[0-9a-z]+\]$/ ) {
+ $property = $1;
+ }
+ $ptype = $prop_typehash{$section}{$property};
+
+ return $ptype;
+}
+
+sub check_property_syntax ($$$) {
+ my $section = shift;
+ my $property = shift;
+ my $value = shift;
+ my ($protoname, $protoaliases, $protonumber);
+ my $ptype;
+
+ $ptype = get_proptype($section,$property);
+
+ if ( $ptype eq 'boolean' ) {
+ $value =~ m/^(enabled|disabled|true|false|up|down|on|off|yes|no|0|1)$/i && return 1;
+ } elsif ( $ptype eq 'encap' ) {
+ $value =~ m/^(ah|esp)$/i && return 1;
+ } elsif ( $ptype eq 'mode' ) {
+ $value =~ m/^(transport|tunnel)$/i && return 1;
+ } elsif ( $ptype eq 'template_name' ) {
+ $value =~ m/^(%default|[-a-z0-9_]+)$/i && return 1;
+ } elsif ( $ptype eq 'phase1_exchange_mode' ) {
+ $value =~ m/^((main|aggressive|base),? ?){1,3}$/i && return 1;
+ } elsif ( $ptype eq 'phase1_encryption' ) {
+ $value =~ m/^(aes|des|3des|blowfish|cast128)$/i && return 1;
+ } elsif ( $ptype eq 'hash_algorithm' ) {
+ $value =~ m/^(md5|sha1)$/i && return 1;
+ } elsif ( $ptype eq 'phase1_auth_method' ) {
+ $value =~ m/^(pre_shared_key|rsasig)$/i && return 1;
+ } elsif ( $ptype eq 'switch' ) {
+ $value =~ m/^(on|off)$/i && return 1;
+ } elsif ( $ptype eq 'lifetime' ) {
+ $value =~ m/^time\s+[0-9]+\s+(hour|hours|min|mins|minutes|sec|secs|seconds)$/i && return 1;
+ } elsif ( $ptype eq 'phase2_encryption' ) {
+ $value =~ m/^((aes|des|3des|des_iv64|des_iv32|rc5|rc4|idea|3idea|cast128|blowfish|null_enc|twofish|rijndael),? ?)+$/i && return 1;
+ } elsif ( $ptype eq 'phase2_auth_algorithm' ) {
+ $value =~ m/^((des|3des|des_iv64|des_iv32|hmac_md5|hmac_sha1|non_auth),? ?)+$/i && return 1;
+ } elsif ( $ptype eq 'dh_group' ) {
+ $value =~ m/^(modp768|modp1024|modp1536|1|2|5)$/i && return 1;
+ } elsif ( $ptype eq 'pfs_group' ) {
+ $value =~ m/^(none|modp768|modp1024|modp1536|1|2|5)$/i && return 1;
+ } elsif ( $ptype eq 'level') {
+ $value =~ m/^(default|use|require|unique)$/i && return 1;
+ } elsif ( $ptype eq 'log') {
+ $value =~ m/^(notify|debug|debug2)$/i && return 1;
+ } elsif ( $ptype eq 'proposal_check' ) {
+ $value =~ m/^(obey|strict|claim|exact)$/i && return 1;
+ } elsif ( $ptype eq 'nat_traversal' ) {
+ $value =~ m/^(on|off|force)$/i && return 1;
+ } elsif ( $ptype =~ 'nonce_size' ) {
+ $value =~ m/^[0-9]{1,3}$/ && $value >= 8 && $value <= 256 && return 1;
+ } elsif ( $ptype eq 'listen' ) {
+ if ( $value =~ m/^[0-9a-f:\.]+$/i ) {
+ return ip_check_syntax( $value );
+ }
+ if ( $value =~ m/^([0-9a-f:\.]+)\s+\[([0-9]{1,5})\]$/i ) {
+ my $ip = $1;
+ my $port = $2;
+ return 0 if ! ip_check_syntax ( $ip );
+ return 0 if $port !~ m/^[0-9]{1,5}$/;
+ return 1;
+ }
+ return 0;
+ } elsif ( $ptype eq 'shell_command' ) {
+ if ( $value =~ m/^"?([\S]+)\s+.*"?$/i ) {
+ if ( ! -x $1 ) {
+ prog_warn 'err', "$property - cannot execute $1";
+ return 0;
+ }
+ return 1;
+ }
+ return 0;
+ } elsif ( $ptype eq 'path_conf_file' ) {
+ if ( $value =~ m/^\"?([^\"\s]+)\"?$/i ) {
+ if ( ! -r $1 ) {
+ prog_warn 0, "$property - cannot read file $1";
+ return 0;
+ }
+ return 1;
+ }
+ return 0;
+ } elsif ( $ptype eq 'path_generated_file' ) {
+ if ( $value =~ m/^\"?([^\"\s]+)\"?$/i ) {
+ my $dir = dirname($1);
+ if ( ! defined $dir || $dir == '' ) {
+ prog_warn 0, "$property - directory does not exist";
+ return 0;
+ }
+ if ( ! -r $dir ) {
+ prog_warn 0, "$property - cannot access directory $dir";
+ return 0;
+ }
+ return 1;
+ }
+ return 0;
+ } elsif ( $ptype eq 'path_certificate' ) {
+ if ( $value =~ m/^\"?([^\"\s]+)\"?$/i ) {
+ if ( ! -r $1 ) {
+ prog_warn 0, "$property - cannot read directory $1";
+ return 0;
+ }
+ return 1;
+ }
+ return 0;
+ } elsif ( $ptype eq 'peers_certfile' ){
+ # TODO - do we need do something extra for plain_rsa?
+ $value =~ m/^(dnssec|plain_rsa)$/i && return 1;
+ if ( $value =~ m/^x509\s+\"?([^\"\s]+)\"?\s*$/i ) {
+ if (-r "$global{'path_certificate'}/$1") {
+ return 1;
+ } else {
+ prog_warn 0, "$property - cannot read $global{'path_certificate'}/$1";
+ return 0;
+ }
+ }
+ return 0;
+ } elsif ( $ptype eq 'certificate' ) {
+ if ( $value =~ m/^x509\s+\"?([^\"\s]+)\"?\s+\"?([^\"\s]+)\"?\s*$/i ) {
+ if ( ! -r "$global{'path_certificate'}/$1" ) {
+ prog_warn 0, "$property - cannot read $global{'path_certificate'}/$1";
+ return 0;
+ }
+ if ( ! -r "$global{'path_certificate'}/$2" ) {
+ prog_warn 0, "$property - cannot read $global{'path_certificate'}/$2";
+ return 0;
+ }
+ return 1;
+ }
+ return 0;
+ } elsif ( $ptype eq 'identifier' ) {
+ if ( $value =~ m/^address\s*$/i ) {
+ return 1;
+ }
+ if ( $value =~ m/^address\s+([0-9a-f:\.]+)\s*$/i ) {
+ local $ip = $1;
+ return ip_check_syntax($ip);
+ }
+ if ( $value =~ m/^fqdn\s+"?([-a-z0-9\._]+)"?\s*$/i ) {
+ return 1;
+ }
+ if ( $value =~ m/^user_fqdn\s+"?([-a-z0-9\.\@_]+)"?\s*$/i ) {
+ return 1;
+ }
+ if ( $value =~ m/^asn1dn\s+"?([-a-z0-9\.\@_\s\\\/='\[\]]+)"?\s*$/i ) {
+ return 1;
+ }
+ if ( $value =~ m/^asn1dn\s*$/i ) {
+ return 1;
+ }
+ if ( $value =~ m/^keyid\s+\"?(\/[^\"\s]+)\"?$/i ) {
+ if ( -r $1 ) {
+ return 1;
+ } else {
+ prog_warn 0, "$property - cannot read $1";
+ return 0;
+ }
+ }
+ return 0;
+ } elsif ( $ptype eq 'upperspec' ) {
+ if ( ($protoname, $protoaliases, $protonumber )
+ = getprotobyname $value ) {
+ return 1;
+ }
+ $value =~ m/^(any|icmp6)$/i && return 1;
+ if ( $value =~ m/^icmp6[ \t]+([0-9]{1,3})$/i ) {
+ return 1 if ( $1 >= 0 && $1 <= 255 );
+ }
+ if ( $value =~ m/^icmp6[ \t]+([0-9]{1,3}),([0-9]{1,3})$/i ) {
+ return 1 if ( $1 >= 0 && $1 <= 255 && $2 >= 0 && $2 <= 255 );
+ }
+ if ( $value =~ m/[0-9]{1,5}/ && $value > 0 && $value <= 65535 ) {
+ return 1;
+ }
+ return 0
+ } elsif ( $ptype eq 'ip' ) {
+ return ip_check_syntax($value);
+ } elsif ( $ptype eq 'range' ) {
+ my $valid = 1;
+ my ($ip, $mask, $port, $type);
+
+ # make sure we have only 1 slash;
+ return 0 if $value =~ m/^.*\/.*\/.*$/;
+
+ # Split range into address, mask and port
+ if ( $value !~ m/^.*\[(any|[0-9]{1,5})\]$/i ) {
+ $value .= "[any]";
+ }
+ if ( $value =~ m/^(.*)\/([0-9]{1,5})\[(any|[0-9]{1,5})\]$/i ) {
+ $ip = $1;
+ $mask = $2;
+ $port = $3;
+ } elsif ( $value =~ m/^(.*)\[(any|[0-9]{1,5})\]$/i ) {
+ $ip = $1;
+ $mask = 255;
+ $port = $2;
+ } elsif ( $value =~ m/^(.*)$/i ) {
+ $ip = $1;
+ $mask = 255;
+ $port = 'any';
+ } else {
+ return 0;
+ }
+
+ # Work out type of IP address
+ if ( $ip =~ m/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/ ) {
+ $type = 'ipv4';
+ } elsif ( $ip =~ m/^::$|^[0-9a-f]{1,4}:[0-9a-f:]*:[0-9a-f]{0,4}$/i ) {
+ $type = 'ipv6';
+ } else {
+ return 0;
+ }
+
+ # Check IP address
+ if ( ! ip_check_syntax($ip) && $ip ne '::' ) {
+ $valid = 0;
+ }
+
+ # Check mask
+ if ( $mask != 255 ) {
+ if ( $type eq 'ipv4') {
+ $valid = 0 if ( $mask < 0 || $mask > 32 );
+ } else {
+ $valid = 0 if ( $mask < 0 || $mask > 128 );
+ }
+ }
+
+ # Check port
+ if ( $port ne 'any' ) {
+ $valid = 0 if ( $port < 0 || $port > 65535 );
+ }
+
+ return $valid;
+ }
+ else {
+ return 0;
+ }
+ return 0;
+}
+
+# Check for required paarameters for activation
+sub conn_check_required () {
+ foreach my $connection ( keys %connection_list ) {
+ my $makelive = 1;
+ next if $connection eq '%default';
+ if ( $connection ne '%anonymous' ) {
+ foreach my $property ( @conn_required_props ) {
+ $makelive = 0 if ! defined $connection_list{$connection}{$property};
+ }
+ my $dst_ip = $connection_list{$connection}{'dst_ip'};
+ if ( ! defined $dst_ip
+ || ! defined $peer_list{$dst_ip}
+ || ! defined $peer_list{$dst_ip}{'makelive'}
+ || $peer_list{$dst_ip}{'makelive'} == 0 ) {
+ $makelive = 0;
+ }
+ }
+ $makelive = 0 if ( $connection_list{$connection}{'syntax_error'} );
+ if (! $makelive) {
+ prog_warn 0, "$connection - required parameters missing, peer missing or syntax error.";
+ prog_warn 0, "$connection - not activating.";
+ $connection_list{$connection}{'makelive'} = 0;
+ next;
+ }
+ $connection_list{$connection}{'makelive'} = 1;
+ }
+}
+
+# Fill in default missing parameters
+sub conn_fillin_defaults () {
+ foreach my $connection ( keys %connection_list ) {
+ next if $connection eq '%default';
+ foreach my $property ( keys %{ $connection_list{'%default'} } ) {
+ if ( ! defined $connection_list{$connection}{$property} ) {
+ $connection_list{$connection}{$property} = $connection_list{'%default'}{$property};
+ }
+ }
+ next if ! defined $connection_list{$connection}{'src_ip'};
+ next if ! defined $connection_list{$connection}{'dst_ip'};
+
+ # Set up default values for range and ID if they do not exist already
+ foreach my $p ( 'src', 'dst' ) {
+ if ( ! defined $connection_list{$connection}{"${p}_range"} ) {
+ $connection_list{$connection}{"${p}_range"}
+ = $connection_list{$connection}{"${p}_ip"};
+ }
+ if ( $connection_list{$connection}{"${p}_range"}
+ !~ m/^.*\[(any|[0-9]{1,5})\]$/ ) {
+ $connection_list{$connection}{"${p}_range"} .= "[any]";
+ }
+ # Remove full length netmasks to avoid confusing things...
+ $connection_list{$connection}{"${p}_range"} =~ s/\/32//;
+ $connection_list{$connection}{"${p}_range"} =~ s/\/128//;
+
+ }
+
+ # Set the mode appropriately if not already set
+ if ( !defined $connection_list{$connection}{'mode'} ) {
+ if ( $connection_list{$connection}{'src_range'}
+ eq $connection_list{$connection}{'src_ip'} . "[any]"
+ && $connection_list{$connection}{'dst_range'}
+ eq $connection_list{$connection}{'dst_ip'} . "[any]" ) {
+ $connection_list{$connection}{'mode'} = 'transport';
+ } else {
+ $connection_list{$connection}{'mode'} = 'tunnel';
+ }
+ }
+
+ }
+}
+
+sub peer_get_indexes (\%) {
+ my $hndl = shift;
+ my %tmp;
+
+ my @keys = keys %$hndl;
+ @keys = grep /^.*\[[0-9]+\]$/, @keys;
+ map { s/^.*\[([0-9]+)\]$/$1/; } @keys;
+ $tmp{$_} = 1 foreach (@keys);
+ @keys = reverse (sort (keys (%tmp)));
+
+ return @keys;
+}
+
+sub peer_fillin_defaults () {
+
+ # Copy default to defined peers
+ my $dhndl = $peer_list{'%default'};
+ foreach my $peer ( keys %peer_list ) {
+ next if $peer eq '%default';
+ my $phndl = $peer_list{$peer};
+
+ foreach my $property ( keys %{ $dhndl } ) {
+ if ( ! defined $phndl->{$property} ) {
+ $phndl->{$property} = $dhndl->{$property};
+ }
+ }
+ }
+
+ foreach my $peer ( keys %peer_list ) {
+ my $phndl = $peer_list{$peer};
+ # Fill in all proposals...
+ my @pindexes = peer_get_indexes ( %$phndl );
+ foreach my $property ( grep { $_ = $1 if /^(.*)\[[0-9]+\]$/; } keys %$dhndl ) {
+ foreach my $ind ( @pindexes ) {
+ next if $peer eq '%default' && $ind == 0;
+ my $name = "$property" . '[' . "$ind" . "]";
+ my $dname = "$property" . '[0]';
+ if ( ! defined $phndl->{"$name"} ) {
+ $phndl->{"$name"} = $dhndl->{"$dname"}
+ }
+ }
+ }
+
+ }
+
+ # If a peer does not exist, create it from %default
+ my @peers = keys %peer_list;
+ foreach my $connection ( keys %connection_list ) {
+ next if $connection eq '%default';
+ my $conn_hndl = $connection_list{$connection};
+ next if ! defined $conn_hndl->{'dst_ip'};
+ my $ip_addr = $conn_hndl->{'dst_ip'};
+ next if grep { $ip_addr eq $_ } @peers;
+
+ foreach my $element ( keys %{ $peer_list{'%default'} } ) {
+ $peer_list{$ip_addr}{$element} = $peer_list{'%default'}{$element};
+ }
+ }
+
+ # fill in dst_ip property if not already done...
+ foreach my $peer ( keys %peer_list ) {
+ next if $peer eq '%default';
+ $peer_list{$peer}{'dst_ip'} = $peer;
+ }
+
+ # Fix up missing " ...
+ foreach my $peer ( keys %peer_list ) {
+ my $phndl = $peer_list{$peer};
+ foreach my $prop ( 'my_identifier', 'peers_identifier', 'certificate_type', 'peers_certfile') {
+ my $ptype = get_proptype('peer', "$prop");
+ next if ! defined $phndl->{"$prop"};
+ my $value = $phndl->{"$prop"};
+ if ( $ptype eq 'peers_certfile' ){
+ next if $value =~ m/^dnssec$/i;
+ if ( $value =~ m/^(x509|plain_rsa)\s+\"?(\S+)\"?\s*$/i ) {
+ $phndl->{"$prop"} = "$1" . ' "' . "$2" . '"';
+ }
+ } elsif ( $ptype eq 'certificate' ) {
+ if ( $value =~ m/^x509\s+\"?(\S+)\"?\s+\"?(\S+)\"?\s*$/ ) {
+ $phndl->{"$prop"} = "x509 " . '"' . $1 . '" "' . $2 . '"';
+ }
+ } elsif ( $ptype eq 'identifier' ) {
+ next if $value =~ m/^address\s*$/i;
+ next if $value =~ m/^asn1dn\s*$/i;
+ if ( $value =~ m/^address\s+([0-9a-f:\.]+)\s*$/i ) {
+ $phndl->{"$prop"} = "address $1";
+ }
+ if ( $value =~ m/^fqdn\s+"?([-a-z0-9\._]+)"?\s*$/i ) {
+ $phndl->{"$prop"} = "fqdn " . '"' . $1 . '"';
+ }
+ if ( $value =~ m/^user_fqdn\s+"?([-a-z0-9\.\@_]+)"?\s*$/i ) {
+ $phndl->{"$prop"} = "user_fqdn " . '"' . $1 . '"';
+ }
+ if ( $value =~ m/^asn1dn\s+"?([-a-z0-9\.\@_\s\\\/='\[\]]+)"?\s*$/i ) {
+ $phndl->{"$prop"} = "asn1dn " . '"' . $1 . '"';
+ }
+ if ( $value =~ m/^keyid\s+"?(\/\S+)"?$/i ) {
+ $phndl->{"$prop"} = "keyid " . '"' . $1 . '"';
+ }
+ }
+ }
+ }
+
+}
+
+sub peer_check_required () {
+
+ # For now, every peer has required values...
+PEER: foreach my $peer ( keys %peer_list ) {
+ my $makelive = 1;
+ next PEER if $peer eq '%default';
+
+ $makelive = 0 if ( $peer_list{$peer}{'syntax_error'} );
+ if (! $makelive) {
+ prog_warn 0, "$peer - required parameters missing or syntax error.";
+ prog_warn 0, "$peer - not activating.";
+ $peer_list{$peer}{'makelive'} = 0;
+ next PEER;
+ }
+
+ $peer_list{$peer}{'makelive'} = 1;
+ }
+}
+
+
+
+# print connection output
+sub global_dump_list () {
+ print "global: ";
+ foreach my $prop ( keys %global ) {
+ print "$prop=$global{$prop} ";
+ }
+ print "\n";
+}
+
+sub peer_dump_list () {
+ foreach my $peer ( keys %peer_list ) {
+ print "$peer: ";
+ foreach my $property ( keys %{ $peer_list{$peer} } ) {
+ print "$property=$peer_list{$peer}{$property} ";
+ }
+ print "\n";
+ }
+}
+
+sub conn_dump_list () {
+ foreach my $connection ( keys %connection_list ) {
+ print "$connection: ";
+ foreach my $property ( keys %{ $connection_list{$connection} } ) {
+ print "$property=$connection_list{$connection}{$property} ";
+ }
+ print "\n";
+ }
+}
+
+# setup the kernel
+sub setkey_start () {
+ # Flush and reinit kernel
+ sadspd_reset();
+
+ # Load all peers
+}
+
+sub setkey_stop () {
+ # Flush kernel
+ spd_flush();
+ sad_flush();
+}
+
+# Reset SAD and SPD
+sub spd_reset () {
+ spd_flush ();
+ spd_init ();
+}
+
+sub sad_reset () {
+ sad_flush ();
+ sad_init ();
+}
+
+# Fill in spdadd command
+sub spd_fill_add ($) {
+ my $connection = shift;
+ my $stuff;
+
+ my $hndl = $connection_list{$connection};
+ $stuff = $spdadd{$$hndl{'spdadd_template'}};
+
+ if ($hndl->{'spdadd_template'} eq '%default') {
+ # Do fill in values for compression
+ if (defined $hndl->{'compression'}
+ && $bool_val{"$hndl->{'compression'}"} != 0) {
+ $stuff =~ s/^(\s*spdadd.*out ipsec\s*)$/${1}\n${spdadd_addons{'ipcomp_out'}}/m;
+ $stuff =~ s/^(\s*spdadd.*in ipsec\s*)$/${1}\n${spdadd_addons{'ipcomp_in'}}/m;
+ }
+ }
+
+ foreach my $key (keys %$hndl) {
+ $stuff =~ s/___${key}___/$$hndl{$key}/img;
+ }
+
+
+ return $stuff;
+}
+
+# Load the SPD
+sub spd_load (;$) {
+ my $conn = shift;
+ my $setkey_buffer = '';
+ my @conns = ();
+ my @spd_list;
+ my %conn_spd_hash;
+
+ parse_spd(@spd_list, %conn_spd_hash);
+ if ( defined $conn ) {
+ return 0 if ( ! grep /^${conn}$/, (keys %connection_list) );
+ return -1 if ( ! $connection_list{$conn}{'makelive'} );
+ return -2 if ( grep /^${conn}$/, keys %conn_spd_hash );
+ @conns = ( $conn );
+ } else {
+ @conns = keys %connection_list;
+ }
+
+ open ( SETKEY, '|-' )
+ || exec ("$setkey_cmd -c 2>&1 | $0 -l" );
+ for my $connection ( @conns ) {
+ next if $connection eq '%default';
+ next if $connection eq '%anonymous';
+ next if grep /^${connection}$/, keys %conn_spd_hash;
+ my $hndl = $connection_list{$connection};
+ next if ! $$hndl{'makelive'};
+ next if ! $bool_val{$$hndl{'admin_status'}};
+ my $stuff = spd_fill_add ($connection);
+ $setkey_buffer .= $stuff. "\n";
+ print SETKEY <<"EOF";
+$stuff
+EOF
+ }
+ close SETKEY;
+ my $err = $?;
+ if ( $err ) {
+ my $i = 1;
+ foreach my $line ( split /^/m, $setkey_buffer ) {
+ chomp $line;
+ prog_warn 0, "setkey input: $i $line";
+ $i++;
+ }
+ prog_die "loading SPD failed - exit code " . ($err >> 8);
+ }
+ return 1;
+}
+
+# Initialise the SPD
+sub spd_init() {
+ open ( SETKEY, '|-' )
+ || exec ($setkey_cmd, '-c');
+ $spdinit = '' if ! defined $spdinit;
+ print SETKEY <<"EOF";
+spdflush;
+$spdinit
+EOF
+
+ close SETKEY or prog_die "initialising SPD failed - exit code " . ($? >> 8);
+ return 1;
+}
+
+# Initialise the SAD
+sub sad_init() {
+ open ( SETKEY, '|-' )
+ || exec ($setkey_cmd, '-c');
+ $sadinit = '' if ! defined $sadinit;
+ print SETKEY <<"EOF";
+$sadinit
+EOF
+
+ close SETKEY or prog_die "initialising SPD failed - exit code " . ($? >> 8);
+ return 1;
+}
+
+
+# Flush the SAD
+sub sad_flush () {
+ setkey_flush('SAD');
+}
+
+# Flush the SPD
+sub spd_flush() {
+ setkey_flush('SPD');
+}
+
+sub setkey_flush ($) {
+ my $table = shift;
+ my $cleanret = 0;
+ my $arg = "";
+
+ if ( $table =~ /SAD/ ) {
+ $arg = "";
+ }
+ elsif ( $table =~ /SPD/ ) {
+ $arg = "-P";
+ } else {
+ prog_die "setkey_flush() - wrong arg $table";
+ }
+
+ open ( SETKEY, '-|' )
+ || exec ("$setkey_cmd $arg -F 2>&1");
+ while ( ) {
+ if ( m/pfkey_open: Address family not supported by protocol/ ) {
+ $cleanret = 1;
+ next;
+ }
+ chomp;
+ prog_warn 0, "setkey said: $_";
+ # print "$_\n";
+ }
+
+ close SETKEY;
+ prog_die ("flushing $table failed - exit code " . ($? >> 8))
+ if ( $? && ! $cleanret);
+ return 0
+}
+
+sub spd_show () {
+ setkey_show('SPD');
+}
+
+sub sad_show () {
+ setkey_show('SAD');
+}
+
+sub setkey_show ($) {
+ my $table = shift;
+ my $cleanret = 0;
+ my $arg = "";
+
+ if ( $table =~ /SAD/ ) {
+ $arg = "";
+ }
+ elsif ( $table =~ /SPD/ ) {
+ $arg = "-P";
+ } else {
+ prog_die "setkey_show() - wrong arg $table";
+ }
+
+ system ("$setkey_cmd $arg -D | $pager_cmd @pager_flags");
+
+ return 0
+}
+
+sub mod_start () {
+
+ print "Loading IPSEC/crypto modules...\n";
+
+ # Load cryptographic modules
+ mod_start_crypto ();
+
+ # Load xfrm and af_key
+ mod_load "$modpath_xfrm/xfrm_user${modext}";
+ mod_load "$modpath_key/af_key${modext}";
+
+ # Load IPv4 IPSEC
+ mod_start_ipsec ();
+
+ # Load IPv6 IPSEC
+ mod_start_ipsec6 ();
+
+ print "IPSEC/crypto modules loaded.\n";
+ prog_warn 'info', "loaded IPSEC/crypto modules.";
+
+ return 0;
+}
+
+sub mod_stop () {
+
+ print "Unloading IPSEC/crypto modules...\n";
+
+ # Unload crypto modules
+ mod_stop_crypto ();
+
+ # Unload xfrm and af_key
+ mod_unload "$modpath_xfrm/xfrm_user${modext}";
+ mod_unload "$modpath_key/af_key${modext}";
+
+ # Unload IPv4 IPSEC
+ mod_stop_ipsec ();
+
+ # Unload IPv6 IPSEC
+ mod_stop_ipsec6 ();
+
+ print "IPSEC/crypto modules unloaded.\n";
+ prog_warn 'info', "unloaded IPSEC/crypto modules";
+
+ return 0;
+}
+
+sub mod_start_ipsec6 () {
+
+ return 0 if ! -d $proc_ipv6;
+
+ for my $mod ( @modules_ipsec6 ) {
+ mod_load "${modpath_ipsec6}/${mod}${modext}";
+ }
+
+ return 0;
+}
+
+sub mod_stop_ipsec6 () {
+
+ for my $mod ( @modules_ipsec6 ) {
+ mod_unload $mod;
+ }
+
+ return 0;
+}
+
+
+sub mod_start_ipsec () {
+
+ return 0 if ! -d $proc_ipv4;
+
+ for my $mod ( @modules_ipsec ) {
+ mod_load "${modpath_ipsec}/${mod}${modext}";
+ }
+
+ return 0;
+}
+
+sub mod_stop_ipsec () {
+
+ for my $mod ( @modules_ipsec ) {
+ mod_unload $mod;
+ }
+
+ return 0;
+}
+
+sub mod_start_crypto () {
+ local @modfiles;
+
+ return 0 if ( ! -d $modpath_crypto );
+
+ # Load zlib_deflate if present
+ mod_load "$modpath_zlib/zlib_deflate${modext}";
+
+ opendir DIR, $modpath_crypto or prog_die "$modpath_crypto - $!";
+ @modfiles = grep /${modext}$/, readdir DIR;
+ closedir DIR;
+
+ for my $mod ( @modfiles ) {
+ next if ( $mod =~ /tcrypt${modext}$/ );
+ mod_load "$modpath_crypto/$mod";
+ }
+
+ return 0
+}
+
+sub mod_stop_crypto () {
+ local @modfiles;
+
+ return 0 if ( ! -d $modpath_crypto );
+
+ opendir DIR, $modpath_crypto or prog_die "$modpath_crypto - $!";
+ @modfiles = grep /${modext}$/, readdir DIR;
+ closedir DIR;
+ for my $mod ( @modfiles ) {
+ mod_unload $mod;
+ }
+
+ # Unload zlib_deflate if present
+ mod_unload "$modpath_zlib/zlib_deflate${modext}";
+
+ return 0
+}
+
+sub mod_load ($) {
+ local $modtoload = shift;
+ local $modname;
+
+ # Check that kernel supports modules
+ return 1 if ( ! -f $proc_modules );
+
+ return 1 if ( ! -f $modtoload );
+
+ return 1 if ( ! -f "/sbin/modprobe" );
+
+ $modname = basename("$modtoload", "$modext");
+
+ if ( ! grep /^${modname}$/, @modules ) {
+ system ( "/sbin/modprobe $modname" );
+ }
+
+ return 0
+
+}
+
+sub mod_unload ($) {
+ my $modname = shift;
+
+ $modname = basename("$modname", "$modext");
+
+ if ( ! grep /^${modname}$/, @modules ) {
+ return 0;
+ }
+
+ system ( "/sbin/modprobe -r $modname > /dev/null 2>&1" );
+
+ return 0;
+}
+
+sub mod_ls () {
+ local $module;
+
+ if (@modules > 0) {
+ return 0
+ }
+
+ # Check that kernel supports modules
+ if ( ! -f $proc_modules ) {
+ return 1;
+ }
+
+ open MOD, "<$proc_modules";
+ while ($module = ) {
+ chomp $module;
+ next if ($module =~ /^Module\s+Size/);
+ $module =~ s/^([a-zA-Z0-9_\-]+)\s+.*$/$1/;
+ push @modules, $module;
+ }
+ close MOD;
+
+ return 0;
+}
+
+
+
--- ipsec-tools-0.7.1.orig/debian/racoon.config
+++ ipsec-tools-0.7.1/debian/racoon.config
@@ -0,0 +1,25 @@
+#!/bin/sh -e
+CONFFILE=/etc/default/racoon
+
+# Source debconf library.
+. /usr/share/debconf/confmodule
+
+CONFIG_MODE=""
+
+if test -e "$CONFFILE"; then
+ . "$CONFFILE"
+
+ # Guard against admin writing silly things into the
+ # config file...
+ if test "$CONFIG_MODE" != "racoon-tool"; then
+ db_set racoon/config_mode "direct"
+ else
+ db_set racoon/config_mode "racoon-tool"
+ fi
+
+fi
+
+# Setup and select the configuration mode
+db_input high racoon/config_mode || true
+db_go
+
--- ipsec-tools-0.7.1.orig/debian/compat
+++ ipsec-tools-0.7.1/debian/compat
@@ -0,0 +1 @@
+4
--- ipsec-tools-0.7.1.orig/debian/rules
+++ ipsec-tools-0.7.1/debian/rules
@@ -0,0 +1,139 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+#
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+#
+# Modified to make a template file for a multi-binary package with separated
+# build-arch and build-indep targets by Bill Allombert 2001
+
+# Uncomment this to turn on verbose mode.
+export DH_VERBOSE=1
+export DEB_BUILD_HARDENING=1
+
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+# These are used for cross-compiling and for saving the configure script
+# from having to guess our platform (since we know it already)
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+
+
+CFLAGS = -Wall -g -fno-strict-aliasing
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O0
+else
+ CFLAGS += -O2
+endif
+
+config.status: configure
+ dh_testdir
+ # Add here commands to configure the package.
+ CFLAGS="$(CFLAGS)" ./configure --verbose --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --sysconfdir=/etc/racoon --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --localstatedir=/var/run --enable-shared --disable-static --enable-frag --enable-gssapi --enable-hybrid --enable-xauth --enable-dpd --enable-adminport --enable-natt --with-kernel-headers=/usr/include --with-libpam --without-readline --disable-security-context
+
+#Architecture
+build: build-arch build-indep
+
+build-arch: build-arch-stamp
+build-arch-stamp: config.status
+
+ # Add here commands to compile the arch part of the package.
+ #$(MAKE)
+ touch build-arch-stamp
+
+build-indep: build-indep-stamp
+build-indep-stamp: config.status
+
+ # Add here commands to compile the indep part of the package.
+ #$(MAKE) doc
+ touch build-indep-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-arch-stamp build-indep-stamp #CONFIGURE-STAMP#
+
+ # Add here commands to clean up after the build process.
+ rm -f config.log
+ [ ! -f Makefile ] || $(MAKE) distclean
+ifneq "$(wildcard /usr/share/misc/config.sub)" ""
+ cp -f /usr/share/misc/config.sub config.sub
+endif
+ifneq "$(wildcard /usr/share/misc/config.guess)" ""
+ cp -f /usr/share/misc/config.guess config.guess
+endif
+
+ debconf-updatepo
+ dh_clean
+
+install: install-indep install-arch
+install-indep:
+ # we have no indep packages
+
+install-arch:
+ dh_testdir
+ dh_testroot
+ dh_clean -k -s
+ dh_installdirs -s
+
+ # Add here commands to install the arch part of the package into
+ # debian/tmp.
+ $(MAKE) install DESTDIR=$(CURDIR)/debian/racoon
+
+ chrpath -d debian/racoon/usr/lib/*.so.0.* \
+ debian/racoon/usr/sbin/*
+ dh_movefiles -pipsec-tools --sourcedir=debian/racoon \
+ usr/sbin/setkey usr/share/man/man8/setkey.8 \
+ /usr/lib/libipsec.so.0 /usr/lib/libipsec.so.0.0.1
+ rm debian/racoon/usr/lib/*.so debian/racoon/usr/lib/*.la
+
+ mkdir -p debian/racoon/var/lib/racoon
+ install -m 755 -o root -g root debian/racoon-tool.pl \
+ debian/racoon/usr/sbin/racoon-tool
+ install -D -m 600 -o root -g root src/racoon/samples/psk.txt.sample \
+ debian/racoon/etc/racoon/psk.txt
+ install -m 644 -o root -g root debian/racoon-tool.conf \
+ debian/racoon/etc/racoon
+ install -m 644 -o root -g root debian/racoon.conf \
+ debian/racoon/etc/racoon/racoon.conf
+ mkdir -p debian/ipsec-tools/etc
+ install -m 755 -o root -g root debian/ipsec-tools.conf \
+ debian/ipsec-tools/etc/ipsec-tools.conf
+
+# Must not depend on anything. This is to be called by
+# binary-arch/binary-indep
+# in another 'make' thread.
+binary-arch: build-arch install-arch
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs ChangeLog
+ dh_installdocs
+ dh_installexamples -pracoon src/racoon/samples
+ dh_installdebconf
+ dh_installinit -pracoon -- start 40 S . stop 89 1 .
+ dh_installinit -pipsec-tools --name=setkey --no-start -- \
+ start 37 S .
+ dh_installman -pracoon debian/racoon-tool.8 debian/racoon-tool.conf.5
+ dh_link
+ dh_strip
+ dh_compress
+ dh_fixperms
+ dh_perl
+ dh_makeshlibs
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+# Build architecture independant packages using the common target.
+binary-indep: build-indep install-indep
+ # we have no architecture independant stuff yet
+
+binary: binary-arch binary-indep
+.PHONY: build clean binary-indep binary-arch binary install install-indep install-arch
--- ipsec-tools-0.7.1.orig/debian/control
+++ ipsec-tools-0.7.1/debian/control
@@ -0,0 +1,25 @@
+Source: ipsec-tools
+Section: net
+Priority: extra
+Maintainer: Ubuntu Core Developers
+XSBC-Original-Maintainer: Ganesan Rajagopal
+Build-Depends: debhelper (>= 4.0.0), flex, bison, libkrb5-dev, libssl-dev (>= 0.9.6), libpam0g-dev, po-debconf, chrpath, hardening-wrapper
+Build-Conflicts: bison++
+Standards-Version: 3.7.3
+
+Package: ipsec-tools
+Architecture: any
+Depends: ${shlibs:Depends}, lsb-base (>= 3.0)
+Description: IPsec tools for Linux
+ IPsec-Tools is a port of the KAME IPsec utilities for Linux. It can be
+ used with the ipsec implementation in 2.6 and later kernels or with
+ the 2.4 backport of the ipsec changes.
+
+Package: racoon
+Architecture: any
+Provides: ike-server
+Depends: ${shlibs:Depends}, ipsec-tools (= ${binary:Version}), debconf (>= 0.2.26) | debconf-2.0, ${perl:Depends}
+Description: IPsec IKE keying daemon
+ racoon is the KAME IKE (ipsec key exchange) server. It can be used with
+ the Linux ipsec implementation in 2.6 and later kernels or with
+ the 2.4 backport of the ipsec changes.
--- ipsec-tools-0.7.1.orig/debian/racoon.templates
+++ ipsec-tools-0.7.1/debian/racoon.templates
@@ -0,0 +1,12 @@
+Template: racoon/config_mode
+Type: select
+__Choices: direct, racoon-tool
+# The above choices have to be left as they are as the values are used directly
+# in the postinst script. They do not need translation.
+# Please explain what they are in any rewritten description.
+Default: direct
+_Description: Configuration mode for racoon IKE daemon.
+ Racoon can be configured two ways, either by directly editing
+ /etc/racoon/racoon.conf or using the racoon-tool administrative front end.
+ racoon-tool is now deprecated and is only available for backward
+ compatibility. New installations should always use the "direct" method.
--- ipsec-tools-0.7.1.orig/debian/changelog
+++ ipsec-tools-0.7.1/debian/changelog
@@ -0,0 +1,903 @@
+ipsec-tools (1:0.7.1-1.6ubuntu1.1) lucid-proposed; urgency=low
+
+ * src/racoon/handler.c: fix phase 2 negotiation (LP: #947309).
+ - Patch from upstream CVS revisions 1.31 and 1.32.
+ - Fixes Vista and Windows 7 client support.
+
+ -- Robie Basak Fri, 09 Mar 2012 19:01:04 +0000
+
+ipsec-tools (1:0.7.1-1.6ubuntu1) lucid; urgency=low
+
+ * Merge from debian testing. Remaining changes:
+ - debian/control:
+ - Set Ubuntu maintainer address.
+ - Depend on lsb-base
+ - debian/ipsec-tools.setkey.init: LSB init script.
+ - Enable build with hardened options:
+ - src/setkey/setkey.c: stop scanning stdin if fgets fails.
+ - debian/{control,rules}: add and enable hardened build for PIE
+ (Debian bug 542731).
+ - src/racoon/ipsec_doi.c: Patched to fix segfault when using
+ ipv6 addresses in sainfo section of racoon.conf. Thanks to
+ Fredrik Ljunggren. (LP: #374185)
+ - src/racoon/isakmp.c: Fix address already in use. (LP: #332606)
+
+ -- Chuck Short Sun, 03 Jan 2010 17:58:13 +0000
+
+ipsec-tools (1:0.7.1-1.6) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Avoid strict aliasing checking, fix FTBFS w/ GCC 4.4 and up; patch by
+ peter green. (Closes: #530527)
+
+ -- Stefano Zacchiroli Fri, 25 Dec 2009 19:21:49 +0100
+
+ipsec-tools (1:0.7.1-1.5ubuntu4) karmic; urgency=low
+
+ * src/racoon/isakmp.c: Fix address already in use. (LP: #332606)
+
+ -- Chuck Short Tue, 15 Sep 2009 08:39:41 -0400
+
+ipsec-tools (1:0.7.1-1.5ubuntu3) karmic; urgency=low
+
+ * src/racoon/ipsec_doi.c: Patched to fix segfault when using
+ ipv6 addresses in sainfo section of racoon.conf. Thanks to
+ Fredrik Ljunggren. (LP: #374185)
+
+ -- Chuck Short Wed, 09 Sep 2009 13:11:32 -0400
+
+ipsec-tools (1:0.7.1-1.5ubuntu2) karmic; urgency=low
+
+ * debian/{control,rules}: add and enable hardened build for PIE
+ (Debian bug 542731).
+
+ -- Kees Cook Thu, 20 Aug 2009 17:56:30 -0700
+
+ipsec-tools (1:0.7.1-1.5ubuntu1) karmic; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/control:
+ - Set Ubuntu maintainer address.
+ - Depend on lsb-base.
+ - debian/ipsec-tools.setkey.init: LSB init script.
+ - debian/rules: build with -fno-strict-aliasing, required with gcc 4.4.
+ - Enable build with hardened options:
+ - src/setkey/setkey.c: stop scanning stdin if fgets fails.
+ * Dropped
+ - src/libipsec/policy_token.c: don't check return code of fwrite.
+
+ -- Jamie Strandboge Fri, 24 Jul 2009 13:24:17 -0500
+
+ipsec-tools (1:0.7.1-1.5) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix multiple memory leaks in NAT traversal and RSA authentication
+ code of racoon leading to DoS because (CVE-2009-1632; Closes: #528933).
+
+ -- Nico Golde Tue, 19 May 2009 13:26:14 +0200
+
+ipsec-tools (1:0.7.1-1.4) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix possible denial of service via a fragment without
+ any payload (all item lengths = 0) which triggers a
+ null ptr dereference (Closes: #527634).
+
+ -- Nico Golde Wed, 13 May 2009 13:24:22 +0200
+
+ipsec-tools (1:0.7.1-1.3) unstable; urgency=low
+
+ * Non-maintainer upload
+ * Racoon should depend on at least the current version of ipsec-tools
+ (Closes: #507071)
+
+ -- Evan Broder Sat, 13 Dec 2008 15:40:55 -0500
+
+ipsec-tools (1:0.7.1-1.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Apply upstream patch to remove orphaned phase 1 handles that were
+ initiated remotely if an invalid first exchange was received
+ which may lead to a denial of service attack
+ (CVE-2008-3652; Closes: #501026).
+
+ -- Nico Golde Tue, 07 Oct 2008 14:22:25 +0200
+
+ipsec-tools (1:0.7.1-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix pending l10n issues
+ * Debconf translations:
+ - Russian. Closes: #484325
+ - Japanese. Closes: #494054
+ - Italian. Closes: #496117
+ - Finnish. Closes: #496236
+
+ -- Christian Perrier Wed, 27 Aug 2008 08:49:00 +0200
+
+ipsec-tools (1:0.7.1-1) unstable; urgency=low
+
+ * New upstream release
+ * Apply debconf Swedish translation (closes: #491769)
+
+ -- Ganesan Rajagopal Sun, 27 Jul 2008 15:51:17 +0530
+
+ipsec-tools (1:0.7-2.1ubuntu3) karmic; urgency=low
+
+ * debian/rules: build with -fno-strict-aliasing, required with gcc 4.4.
+
+ -- Steve Langasek Tue, 21 Jul 2009 18:33:13 +0000
+
+ipsec-tools (1:0.7-2.1ubuntu2) karmic; urgency=low
+
+ * No-change rebuild against libkrb5-3.
+
+ -- Steve Langasek Tue, 21 Jul 2009 08:26:53 +0000
+
+ipsec-tools (1:0.7-2.1ubuntu1) intrepid; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/control:
+ - Set Ubuntu maintainer address.
+ - Depend on lsb-base.
+ - debian/ipsec-tools.setkey.init:
+ - LSB init script.
+ * Dropped:
+ - debian/ipsec-tools.setkey.init:
+ - restart method: stop then start.
+ - Use {} instead of () in usage (bash_completion).
+ - debian/racoon.init:
+ - Create /var/run/racoon.
+ - Use {} instead of () in usage (bash_completion).
+ * Bug fixed by this merge:
+ - fix XAuth with U-FQDN (LP: #234166).
+ * Enable build with hardened options:
+ - src/libipsec/policy_token.c: don't check return code of fwrite.
+ - src/setkey/setkey.c: stop scanning stdin if fgets fails.
+
+ -- Mathias Gug Wed, 18 Jun 2008 17:34:55 -0400
+
+ipsec-tools (1:0.7-2.1) unstable; urgency=low
+
+ * Non-maintainer upload to fix pending l10n issues.
+ * Debconf translations:
+ - German. Closes: #479257
+ - French. Closes: #477771
+ - Galician. Closes: #480984
+ - Spanish. Closes: #482343
+ - Vietnamese. Closes: #482363
+ - Czech. Closes: #482429
+ - Basque. Closes: #482847
+ - Portuguese. Closes: #482892
+ - Dutch. Closes: #483006
+ - Brazilian Portuguese. Closes: #483684
+ * [Lintian] Remove useless debian/preinst script
+
+ -- Christian Perrier Sat, 10 May 2008 19:36:28 +0200
+
+ipsec-tools (1:0.7-2) unstable; urgency=low
+
+ * Really apply patch from Ubuntu to racoon.init for bash completion
+ (closes: #453031).
+ * Fix module loading bug with hyphen in kernel version (closes: 376934).
+
+ -- Ganesan Rajagopal Tue, 22 Apr 2008 14:40:39 +0530
+
+ipsec-tools (1:0.7-1) unstable; urgency=low
+
+ * New upstream release (closes: #448056).
+ * Thanks Peter Eisentraut and Jérémy Bobbio for NMUs.
+ * Apply patch from Ubuntu to racoon.init to create /var/run/racoon if it
+ doesn't already exist (closes: #453029).
+ * Apply patch from Ubuntu to racoon.init for bash completion
+ (closes: #453031).
+ * Fix bad config location in README.Debian (closes: #412674).
+ * Remove unneeded Build-Depends on libreadline5-dev.
+ * Add Build-Depends on chrpath and remove rpath lintian warnings.
+ * Fix racoon-tool bug which causes racoon to fail to start (closes: #470736).
+ * Update Standards-Version to 3.7.3 (no packaging changes required).
+
+ -- Ganesan Rajagopal Tue, 22 Apr 2008 14:37:51 +0530
+
+ipsec-tools (1:0.6.7-1.2) unstable; urgency=low
+
+ * Non-maintainer upload
+ * Remove all configuration files on purge (closes: #298496)
+ * Remove PID file and socket file on daemon stop (closes: #298496)
+ * Corrected restart logic in setkey init script (closes: #460324)
+ * Added LSB-formatted dependency info in init.d scripts (closes: #458488)
+ * Fixed watch file (closes: #449659)
+
+ -- Peter Eisentraut Tue, 18 Mar 2008 01:24:48 +0100
+
+ipsec-tools (1:0.6.7-1.1ubuntu1) hardy; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/control:
+ - Set Ubuntu maintainer address.
+ - Depend on lsb-base.
+ - debian/ipsec-tools.setkey.init:
+ - LSB init script.
+ - restart method: stop then start.
+ - Use {} instead of () in usage (bash_completion).
+ - debian/racoon.init:
+ - Create /var/run/racoon.
+ - Use {} instead of () in usage (bash_completion).
+ * Dropped:
+ - src/racoon/isakmp_inf.c: upstream fix for unecrypted ISAKMP packets.
+ - src/racoon/grabmyaddr.c: Define IFA_RTA and #include .
+
+ -- Mathias Gug Mon, 26 Nov 2007 11:57:18 -0500
+
+ipsec-tools (1:0.6.7-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix null pointer checks in: (Closes: #362213)
+ * GETNAMEINFO and GETNAMEINFO_NULL in src/racoon/var.h,
+ * certtest() in src/racoon/eaytest.c.
+ * Fix debian-rules-ignores-make-clean-error lintian warning.
+
+ -- Jérémy Bobbio Sat, 29 Sep 2007 14:37:50 +0200
+
+ipsec-tools (1:0.6.7-1) unstable; urgency=low
+
+ * New upstream release (closes: #429711)
+ * Thanks Dann Frazier and Christian Perrier
+ for NMUs.
+ * Fixed bug in parsing for DNSSEC. Patch from Marc Dequènes
+ (closes: #321159).
+ * Included Galician translation provided by Jacobo Tarrio
+ for debconf templates (closes: #412867).
+ * Included Dutch translation proivded by cobaco (aka Bart Cornelis)
+ (closes: #413885).
+ * Fix racoon-tool bug setting lifetime when the setting pfs_group=none.
+ Patch by Pallai Roland (closes: #406684).
+ * Re-ran automake/autoconf because of a bug in libtool versions older than
+ 1.5.20 which insists on checking for a C++ compiler though racoon doesn't
+ require it.
+
+ -- Ganesan Rajagopal Sat, 30 Jun 2007 19:31:39 +0530
+
+ipsec-tools (1:0.6.6-3.2) unstable; urgency=low
+
+ * Non-maintainer upload
+ * Fix remote DoS condition that makes it possible for remote attackers to
+ crash a tunnel. See CVE-2007-1841 (closes: #423252)
+ * Fix typo in initscript (s/force_reload/force-reload). Patch from
+ Robie Basak (closes: #380103)
+ * setkey does not honor both -FP and -F in a single run, split into
+ separate calls. Patch from Benjamin Sonntag (closes: #403511)
+
+ -- dann frazier Tue, 19 Jun 2007 11:26:58 -0600
+
+ipsec-tools (1:0.6.6-3.1ubuntu3) gutsy; urgency=low
+
+ * fix racoon.init to work with bash_completion (LP: #88153)
+
+ -- Patrick Hetu Tue, 10 Jul 2007 10:59:25 -0400
+
+ipsec-tools (1:0.6.6-3.1ubuntu2) gutsy; urgency=low
+
+ * Fix compilation errors with GCC-4.2.
+
+ -- Matthias Klose Tue, 29 May 2007 09:05:02 +0200
+
+ipsec-tools (1:0.6.6-3.1ubuntu1) gutsy; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - src/racoon/isakmp_inf.c: upstream fix for unecrypted ISAKMP packets.
+ - src/racoon/grabmyaddr.c: Define IFA_RTA and #include .
+ - debian/control: Set Ubuntu maintainer address.
+ - LSB init script.
+ - debian/racoon.init: Create /var/run/racoon.
+
+ -- Kees Cook Tue, 08 May 2007 05:29:33 -0700
+
+ipsec-tools (1:0.6.6-3.1) unstable; urgency=low
+
+ * Non-maintainer upload to fix pending l10n issues.
+ * Debconf translations:
+ - Russian. Closes: #373925
+ - German. Closes: #401468
+ - Japanese. Closes: #402623
+ - Spanish. Closes: #403484
+ * Fix typos in the debconf templates and unfuzzy translations
+ Closes: #397187
+
+ -- Christian Perrier Sun, 4 Feb 2007 19:34:49 +0100
+
+ipsec-tools (1:0.6.6-3ubuntu3) feisty; urgency=low
+
+ * SECURITY UPDATE: remote ipsec tunnel disruption.
+ * src/racoon/isakmp_inf.c: upstream fix for unecrypted ISAKMP packets
+ causing tunnels to be disconnected.
+ * References
+ CVE-2007-1841
+
+ -- Kees Cook Wed, 4 Apr 2007 13:46:40 -0700
+
+ipsec-tools (1:0.6.6-3ubuntu2) feisty; urgency=low
+
+ * Rebuild for changes in the amd64 toolchain.
+ * Set Ubuntu maintainer address.
+
+ -- Matthias Klose Mon, 5 Mar 2007 01:19:03 +0000
+
+ipsec-tools (1:0.6.6-3ubuntu1) feisty; urgency=low
+
+ * Merge from debian unstable.
+ - LSB init script.
+ - debian/racoon.init: Create /var/run/racoon.
+ * src/racoon/grabmyaddr.c: Define IFA_RTA and #include .
+
+ -- Martin Pitt Fri, 3 Nov 2006 10:15:57 +0100
+
+ipsec-tools (1:0.6.6-3) unstable; urgency=low
+
+ * Remove old rc*.d symlinks to fix existing installations.
+
+ -- Ganesan Rajagopal Wed, 19 Jul 2006 19:59:57 +0530
+
+ipsec-tools (1:0.6.6-2) unstable; urgency=low
+
+ * Fix typo in enabling PAM.
+ * Include russian translation.
+ * Don't flush keys on reboot/shutdown (closes: #340740).
+ * Start racoon in rcS.d to help VPN configurations (closes: #372665).
+
+ -- Ganesan Rajagopal Wed, 19 Jul 2006 17:10:15 +0530
+
+ipsec-tools (1:0.6.6-1ubuntu1) edgy; urgency=low
+
+ * Merge from Debian. Only changes left:
+ - LSB init script.
+ - debian/racoon.init: Create /var/run/racoon.
+
+ -- Martin Pitt Fri, 30 Jun 2006 10:21:40 +0200
+
+ipsec-tools (1:0.6.6-1) unstable; urgency=low
+
+ * New upstream release.
+ * Added debconf-updatepo in clean target (closes: #372910).
+ * Compiled with PAM support (closes: #299806, #371053).
+ * Fixed typo in racoon.templates and corresponding po files.
+ * Updated Brazilian Portugese, Vietnamese, Swedish, French and Czech
+ translations for debconf templates (closes: #370148, #369409).
+
+ -- Ganesan Rajagopal Thu, 15 Jun 2006 17:47:58 +0530
+
+ipsec-tools (1:0.6.5-6) unstable; urgency=low
+
+ * Fix regex in racoon-tool.conf man page (closes: #352157).
+ * Switch to "/sbin/modprobe" instead of "/sbin/insmod" for module loading
+ in racoon-tool (closes: #298286).
+ * Apply patch by Teddy Hogeborn to fix as1dn handling
+ by racoon-tool (closes: #296259).
+ * Apply patch by Kristjan Räts to make sure
+ racoon is configured before it's started (closes: #304573).
+ * Officially deprecate racoon-tool and cleanup debconf template
+ (closes: #338216).
+ * Update Standards-Version to 3.7.2 (no packaging changes required).
+
+ -- Ganesan Rajagopal Mon, 29 May 2006 15:43:05 +0530
+
+ipsec-tools (1:0.6.5-5) unstable; urgency=low
+
+ * Fix "dereferencing type-punned...." gcc-4.1 FTBFS bug (closes: #361334).
+ * Include updated French translation (closes: #338642).
+ * Include swedish debconf translation (closes: #330569).
+ * Fix racoon-tool tool braindead shutdown delay (closes: #332814).
+
+ -- Ganesan Rajagopal Wed, 17 May 2006 17:03:11 +0530
+
+ipsec-tools (1:0.6.5-4ubuntu1) dapper; urgency=low
+
+ * Synchronize to Debian to bring in new upstream version.
+ - UVF exception approved by Matt Zimmerman.
+ - New version repairs racoon for road warrior setup (which broke in
+ earlier Dapper versions, but worked fine in Breezy). Closes: LP#40386
+
+ -- Martin Pitt Tue, 9 May 2006 11:33:01 +0200
+
+ipsec-tools (1:0.6.5-4) unstable; urgency=low
+
+ * Fixed FTBFS on another source file on 64-bit platforms. (closes: #359092).
+ * Include samples directory in package.
+
+ -- Ganesan Rajagopal Thu, 30 Mar 2006 14:30:45 +0530
+
+ipsec-tools (1:0.6.5-3) unstable; urgency=low
+
+ * Fixed FTBFS on 64-bit platforms (closes: #359092).
+
+ -- Ganesan Rajagopal Mon, 27 Mar 2006 17:41:45 +0530
+
+ipsec-tools (1:0.6.5-2) unstable; urgency=low
+
+ * Enable GSSAPI/Kerberos 5 support (closes: #352040).
+
+ -- Ganesan Rajagopal Sun, 26 Mar 2006 09:48:51 +0530
+
+ipsec-tools (1:0.6.5-1) unstable; urgency=low
+
+ * New upstream release.
+ * Don't rerun bootstrap because upstream libtool problem is fixed.
+
+ -- Ganesan Rajagopal Tue, 7 Feb 2006 13:40:27 +0530
+
+ipsec-tools (1:0.6.4-1ubuntu2) dapper; urgency=low
+
+ * Create /var/run/racoon in the init script.
+
+ -- Scott James Remnant Wed, 19 Apr 2006 14:26:13 +0100
+
+ipsec-tools (1:0.6.4-1ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian.
+
+ -- Martin Pitt Tue, 7 Feb 2006 11:45:50 +0100
+
+ipsec-tools (1:0.6.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * Apply racoon-tool patch to use modprobe instead of insmod
+ (closes: #320087).
+ * Rerun bootstrap because upstream libtool appears to be broken (configure
+ breaks if g++ is not installed).
+
+ -- Ganesan Rajagopal Tue, 24 Jan 2006 10:20:11 +0530
+
+ipsec-tools (1:0.6.3-1) unstable; urgency=low
+
+ * New upstream release with fix for CVE-2005-3732 (closes: #340584).
+
+ -- Ganesan Rajagopal Mon, 28 Nov 2005 11:58:31 +0530
+
+ipsec-tools (1:0.6.2-2ubuntu2) dapper; urgency=low
+
+ * Rebuild against openssl 0.9.8.
+
+ -- Martin Pitt Mon, 30 Jan 2006 10:48:21 +0000
+
+ipsec-tools (1:0.6.2-2ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian.
+
+ -- Tollef Fog Heen Fri, 11 Nov 2005 09:59:03 +0100
+
+ipsec-tools (1:0.6.2-2) unstable; urgency=low
+
+ * Fix build breakage with OpenSSL 0.9.8 (closes: #334669).
+
+ -- Ganesan Rajagopal Mon, 31 Oct 2005 11:19:53 +0530
+
+ipsec-tools (1:0.6.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * Update FSF address in copyright.
+ * Remove bashism in postinst.
+
+ -- Ganesan Rajagopal Tue, 18 Oct 2005 10:30:53 +0530
+
+ipsec-tools (1:0.6.1-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Ganesan Rajagopal Sun, 21 Aug 2005 13:24:15 +0530
+
+ipsec-tools (1:0.6-2) unstable; urgency=low
+
+ * Add debconf-2.0 as an alternate for debconf dependency.
+ * Updated standards version.
+ * Fixed racoonctl breakage (closes: #320535).
+
+ -- Ganesan Rajagopal Sat, 13 Aug 2005 09:27:43 +0530
+
+ipsec-tools (1:0.6-1ubuntu1) breezy; urgency=low
+
+ * LSB init scripts.
+
+ -- LaMont Jones Wed, 28 Sep 2005 18:33:52 -0600
+
+ipsec-tools (1:0.6-1) unstable; urgency=low
+
+ * New upstream release.
+ * Include Vietnamese translation for debconf template (closes: #312031).
+ * Include Japanese translation for debconf template (closes: #309732).
+ * Registering /etc/init.d/setkey in rcS.d before ifupdown (closes: #303451).
+
+ -- Ganesan Rajagopal Wed, 29 Jun 2005 10:16:54 +0530
+
+ipsec-tools (1:0.5.2-1) unstable; urgency=high
+
+ * New upstream release. This release fixes ph2handle unlink bug
+ (closes: #307233).
+ * Urgency high because of fix for security problem with single DES.
+ * Applied patch from Richard Lucassen to pass options to racoon via
+ /etc/default/racoon file.
+
+ -- Ganesan Rajagopal Wed, 4 May 2005 13:46:45 +0530
+
+ipsec-tools (1:0.5.1-2) unstable; urgency=low
+
+ * Disabled readline support because it introduces a bug in setkey and
+ confuses a lot of people (closes: #303573).
+ * Added Build-Conflicts for bison++ (closes: #305974).
+
+ -- Ganesan Rajagopal Mon, 2 May 2005 10:18:04 +0530
+
+ipsec-tools (1:0.5.1-1) unstable; urgency=low
+
+ * New upstream release (closes: #305310).
+ * Removed --enabled-stats while building (closes: #300718).
+ * Removed --enable-ipv6 while build; this enables IPv6 automatically.
+ (closes: #304000).
+
+ -- Ganesan Rajagopal Tue, 19 Apr 2005 15:47:29 +0530
+
+ipsec-tools (1:0.5-5) unstable; urgency=high
+
+ * Fix ISAKMP Header Parsing DoS bug (closes: #299716).
+ * Quote URL in README.Debian to avoid confusion (closes: #297179).
+
+ -- Ganesan Rajagopal Wed, 16 Mar 2005 09:31:30 +0530
+
+ipsec-tools (1:0.5-4) unstable; urgency=low
+
+ * Fix typo in ipsec-tools.setkey.init (closes: #296912).
+
+ -- Ganesan Rajagopal Sat, 26 Feb 2005 11:39:19 +0530
+
+ipsec-tools (1:0.5-3) unstable; urgency=low
+
+ * Renamed ipsec.conf to ipsec-tools.conf to avoid conflict with openswan
+ (closes: #296079).
+ * Fix bug in quotes handling for peers_certfile (closes: #296105).
+
+ -- Ganesan Rajagopal Sun, 20 Feb 2005 21:51:41 +0530
+
+ipsec-tools (1:0.5-2) unstable; urgency=low
+
+ * Fix compile warnings to avoid build failures on 64-bit platforms.
+
+ -- Ganesan Rajagopal Sat, 19 Feb 2005 10:03:27 +0530
+
+ipsec-tools (1:0.5-1) unstable; urgency=low
+
+ * New upstream stable release.
+ * Forced to introduce epoch because I misunderstood how comparing
+ version strings works (0.4999 > 0.5). I can't believe I screwed up
+ this one :-(.
+ * Added initscript to run setkey on boot (closes: #276970).
+ * Renamed racoon.init.d to racoon.init as per dh_installinit documentation.
+ * Added note in README.Debian that racoon-tool may lag behind in features.
+ * Included racoon.conf samples directory.
+ * Added note in sample racoon.conf that it will not be used if racoon-tool
+ is used.
+
+ -- Ganesan Rajagopal Fri, 18 Feb 2005 11:00:23 +0530
+
+ipsec-tools (0.4999pre0.5rc2-3) unstable; urgency=low
+
+ * Added libssl-dev to build-deps (closes: #295263).
+ * Updated racoon-tool.pl to handle certtype for peers_certfile
+ (closes: #295035).
+ * Escape quote ('"') characters in racoon-tool.pl to prevent messing up
+ syntax highlighting in emacs.
+
+ -- Ganesan Rajagopal Thu, 17 Feb 2005 14:34:06 +0530
+
+ipsec-tools (0.4999pre0.5rc2-2) unstable; urgency=low
+
+ * Applied patch to support SPD levels and NAT traversl from
+ Lockenvitz Jan EXT
+ (closes: #277285).
+ * Included debconf template Czech translation by
+ Miroslav Kure (closes: #294779).
+
+ -- Ganesan Rajagopal Mon, 14 Feb 2005 18:27:14 +0530
+
+ipsec-tools (0.4999pre0.5rc2-1) unstable; urgency=low
+
+ * New upstream release.
+ * Redone packaging using debhelper.
+ * Upstream supports Linux fwd policy (closes: #292850).
+ * Source address patch applied upstream (closes: #289604).
+ * Enabled NATT support (closes: #238795).
+ * Removed empty racoon.conf (closes: #255124).
+ * Fixed paths in man pages (closes: #276854).
+
+ -- Ganesan Rajagopal Tue, 1 Feb 2005 13:55:37 +0530
+
+ipsec-tools (0.3.3-7) unstable; urgency=low
+
+ * Fixed fix memory leak in crypto_openssl.c (closes: #292732).
+ * French translation already included (closes: #245583).
+ * Brazilian portugese translation already included (closes: #262550).
+ * We don't include a debbugs URL anymore (closes: #220089).
+
+ -- Ganesan Rajagopal Tue, 1 Feb 2005 13:48:22 +0530
+
+ipsec-tools (0.3.3-6) unstable; urgency=low
+
+ * Taking over as maintainer from Matthew Grant with his approval.
+
+ -- Ganesan Rajagopal Mon, 31 Jan 2005 20:52:43 +0530
+
+ipsec-tools (0.3.3-5) unstable; urgency=low
+
+ * Removed unneeded dependency on ed from control file, which I forgot to do.
+
+ -- Matthew Grant Sat, 18 Dec 2004 16:14:10 +1300
+
+ipsec-tools (0.3.3-4) unstable; urgency=medium
+
+ * Didn't properly fix Bug #285103. This upload fixes it by adjusting the
+ config scripts. Priority set to medium to make sure that the 3 RC bugs get
+ cleared promptly from testing version. Removed use of ed as this tool
+ is only used in racoon.postint, and is not needed by any package essential
+ to run a firewall.
+
+ -- Matthew Grant Sat, 18 Dec 2004 11:46:36 +1300
+
+ipsec-tools (0.3.3-3) unstable; urgency=low
+
+ * Fix use of 'find' in debian/rules. Thanks to Christian Ospelkaus
+ for patch. (closes: #285788)
+ * Fix use of $? after another command execution in if statement at line 2161
+ of racoon-tool. Thanks to shonorio@alpargatas.com.br
+ for analysis. (closes: #285549)
+ * debian/racoon.init.d: In stop target, pass option --name instead of
+ --exec to start-stop-daemon to make sure old versions of the daemon
+ are properly stopped even if a new version is already on disk.
+ (closes: #285117) (Daniel Kobras )
+ * debian/racoon.{config,postinst}: Seed debconf settings from
+ configuration file, and take care to preserve manual changes.
+ (closes: #285103) (Daniel Kobras )
+ * debian/control: Add ed to racoon's dependencies as it is used in the
+ postinst script. (Daniel Kobras )
+
+ -- Matthew Grant Thu, 16 Dec 2004 22:29:48 +1300
+
+ipsec-tools (0.3.3-2) unstable; urgency=medium
+
+ * Fix spelling mistake for 'available' in racoon init script. (closes: #249288)
+ * Fixed URL in README.certificate (closes: #252513)
+ * Fixed gzipping of under sized files (closes: #279739)
+ * Added french debconf translation for racoon (closes: #245251)
+ * Added pt_BR.po Brazilian Portuguese translation for raccon debconf
+ (closes #262550)
+ * Added German de.po for raccon debconf (closes: #263055)
+ * Applied patch from Wilfried Weissmann who
+ forwarded a fix for "initial_contact" spelling error (closes: #280837)
+ * Fixed racoon-tool address type parsing bug. Fix forwarded by
+ Kolja Waschk (closes: #269934)
+ * Fixed racoon-tool port parsing bug with port numbers more than 3 chars.
+ Patch from Jeremy Jackson (closes: #260875)
+ * Fixed parsing of file paths delimited by optional double quotes.
+ (closes: #257350)
+
+ -- Matthew Grant Fri, 26 Nov 2004 08:34:17 +1300
+
+ipsec-tools (0.3.3-1) unstable; urgency=high
+
+ * Security upload. Updated to vesion 0.3.3 which fixes a "authentication
+ bug in KAME's racoon" in eay_check_x509cert() (Bugtraq
+ http://seclists.org/lists/bugtraq/2004/Jun/0219.html) (closes: #254663).
+ * Fix for "racooninit" in racoon-tool.conf. Applied patch submitted by
+ Teddy Hogeborn . (closes: #249222)
+ * Stopped patching racoon.conf.5 manpage as the "Japlish" fix is now in the
+ source tree.
+
+ -- Matthew Grant Thu, 17 Jun 2004 09:05:50 +1200
+
+ipsec-tools (0.3.1-4) unstable; urgency=low
+
+ * Fixed autoconf more so that it only gets called by maintainer. This is to
+ fix the woody backport support.
+
+ -- Matthew Grant Thu, 22 Apr 2004 15:55:45 +1200
+
+ipsec-tools (0.3.1-3) unstable; urgency=high
+
+ * Security upload. Correct urgency so that it will be accepted into
+ testing in 2 days because version in testing suffers from CAN-2004-0403
+ and CAN-2004-0155.
+ * New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403)
+ (closes: #244182). Repeated for sake of BTS.
+
+ -- Matthew Grant Thu, 22 Apr 2004 10:42:49 +1200
+
+ipsec-tools (0.3.1-2) unstable; urgency=high
+
+ * Security upload. Correct urgency so that it will be accepted into
+ testing in 2 days because version in testing suffers from CAN-2004-0403
+ and CAN-2004-0155.
+ * New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403)
+ (closes: #244182). Repeated for sake of BTS.
+
+ -- Matthew Grant Thu, 22 Apr 2004 10:00:58 +1200
+
+ipsec-tools (0.3.1-1) unstable; urgency=high (Fixes remote DoS CAN-2004-0403)
+
+ * New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403)
+ (closes: #244182)
+ * Enable shared libraries for libipsec - had been turned off upstream.
+ * Removed support for GNU readline as there is definitely a licensing
+ conflist, and it breadks the stdin processing of setkey which is needed
+ for racoon-tool.
+ * rpm building Makefile was causing a lot of grief by recursively calling
+ toplevel makefile. Removed from configure.ac
+ * Removed autoconf from build targets as rebuilding Makefile.in makes
+ debian/rules clean target non-idempotent.
+ * Security release, set urgency to high.
+
+ -- Matthew Grant Thu, 22 Apr 2004 08:42:28 +1200
+
+ipsec-tools (0.2.5-2) unstable; urgency=low
+
+ * New upstream release. Fixes the the X509 security authentication bug.
+ (CAN-2004-0155) Closes: #242327
+ * Finally worked out autoconf so that it is dependable. Package needs to
+ use 2 DIFFERENT versions of autoconf so that it works!
+ * Fixed some 'Japlish' in the racoon.conf.5 manpage. Closes: #235456
+
+ -- Matthew Grant Wed, 7 Apr 2004 16:05:34 +1200
+
+ipsec-tools (0.2.5-1) unstable; urgency=low
+
+ * Botched upload due to Ctrl-C-ing dupload...
+
+ -- Matthew Grant Wed, 7 Apr 2004 13:18:03 +1200
+
+ipsec-tools (0.2.4-3) unstable; urgency=low
+
+ * Fixed start and stop being in the wrong order in legacy init.d target.
+ Closes: #198755
+ * Rearranged racoon maintainer scripts starting and stopping of daemon.
+ Dropped testing of kernel in postinst - test in init script is enough.
+ Closes: #233642
+ * Reorganised the debconf screens as there was too many of them.
+ Closes: #240056. Removal of one of the screens - Closes: #240010
+ * Installed a README.Debian in the racoon package, describing most
+ things needed to get racoon starting properly.
+ * Replaced racoon.conf with a far simpler one to make sure racoon
+ has a good chance of starting properly. Closes: #209226
+ * Made sure packaged is autoconfed correctly. This was causing
+ trouble when building with set CC, CPP and CFLAGS in environment.
+ Closes: #229614
+ * Set racoon and ipsec-tools priorities to optional, shouldn't be extra.
+ Closes: #212985
+
+ -- Matthew Grant Sun, 28 Mar 2004 23:19:16 +1200
+
+ipsec-tools (0.2.4-2) unstable; urgency=low
+
+ * Fix problem with do_patch do_unpatch not having execute bits set on
+ dpkg-source -x causing build failures. Closes: Bug#239668
+ * Forgot to mention that upgrade to upstream does this: Closes: Bug#216650
+ * Upstream release also Closes: Bug#233642 Closes: Bug#231006, Bug#224960
+ * This build also Closes: Bug#230269, lintian checks found it!
+
+ -- Matthew Grant Thu, 25 Mar 2004 22:32:34 +1200
+
+ipsec-tools (0.2.4-1) unstable; urgency=low
+
+ * Upload takes over maintainership of ipsec-tools. I have already emailed
+ Wichert Akkerman , and he has said this is good and OK.
+ * Converted templates to po-debconf.
+ * Built support into debian/rules, templates and control files to allow
+ easy building on woody as well as unstable.
+ * Rebuilt autoconf and libtool using latest versions in sid. This should
+ fix ARM compilation problems.
+ * Ported to sid.
+ * Included patches and portablilty in debian/rules to make building
+ on either tons easier.
+
+ -- Matthew Grant Wed, 24 Mar 2004 08:41:14 +1200
+
+ipsec-tools (0.2.4-0.mag.4) unstable; urgency=low
+
+ * Set up a quick and dirty patching scheme so that all changes are in
+ debian directory. Make source tree easier to maintain.
+ * Make a test build.
+
+ -- Matthew Grant Mon, 22 Mar 2004 02:40:53 +0000
+
+ipsec-tools (0.2.4-0.mag.3) unstable; urgency=low
+
+ * Made it generate a .diff file.
+
+ -- Matthew Grant Mon, 22 Mar 2004 01:51:20 +0000
+
+ipsec-tools (0.2.4-0.mag.2) unstable; urgency=low
+
+ * Added manpages for racoon-tool(8) and racoon-tool.conf(5)
+ * Updated copyright file etc.
+ * Fixed a lot of problems lintian detected.
+
+ -- Matthew Grant Sun, 21 Mar 2004 21:01:07 +0000
+
+ipsec-tools (0.2.4-0.mag.1) unstable; urgency=low
+
+ * Fix install so that racoon goes into /usr/sbin.
+ * Fix restart operation of racoon init script.
+ * Set up debconf to either select racoon-tool or use direct editing
+ of the configuration. Default to direct configuration mode.
+ * Fix dependency generation for racoon package.
+ * Fix racoon init scripts and posinst script to detect if a suitable
+ kernel is installed.
+
+ -- Matthew Grant Wed, 17 Mar 2004 00:34:24 +0000
+
+ipsec-tools (0.2.4-0.mag.0) unstable; urgency=low
+
+ * Updated to new upstream release.
+
+ -- Matthew Grant Tue, 2 Mar 2004 03:05:17 +0000
+
+ipsec-tools (0.2.2-8) unstable; urgency=low
+
+ * Give libtool and auto* the deserved kick in the pants and upgrade them
+ to newer versions which do not break on ARM. Closes: Bug#221553
+
+ -- Wichert Akkerman Wed, 19 Nov 2003 13:42:19 +0100
+
+ipsec-tools (0.2.2-7) unstable; urgency=low
+
+ * Tell configure that our kernel includes are in /usr/include.
+ Closes: Bug#221380
+ * Stop using debian email address in changelog as well
+
+ -- Wichert Akkerman Tue, 18 Nov 2003 11:13:48 +0100
+
+ipsec-tools (0.2.2-6) unstable; urgency=low
+
+ * Build using the new linux-kernel-headers package
+ * Split out racoon into its own package
+
+ -- Wichert Akkerman Fri, 14 Nov 2003 00:09:21 +0100
+
+ipsec-tools (0.2.2-5) unstable; urgency=low
+
+ * Update kernel headers so DES and 3DES work again with current kernels.
+
+ -- Wichert Akkerman Mon, 23 Jun 2003 14:01:40 +0200
+
+ipsec-tools (0.2.2-4) unstable; urgency=low
+
+ * Fix logic error in init script which prevented racoon from being
+ started
+ * Update link to the PKIX certificate documentation
+ * Use invoke-rc.d. Note that whoever decided its --query option should
+ return 104 on an obvious success case should be shot.
+ * Include GSSAPI copyright. Closes: Bug#192281
+
+ -- Wichert Akkerman Wed, 14 May 2003 11:21:47 +0200
+
+ipsec-tools (0.2.2-3) unstable; urgency=low
+
+ * Add libssl-dev Build-Depend. Closes: Bug#186750
+ * Add a Standards-Version. Closes: Bug#186748
+ * Update config.{guess,sub} to version from autotools-dev 20030110.1.
+ Closes: Bug#186587
+ * Don't abort if make distclean fails. Closes: Bug#186751
+
+ -- Wichert Akkerman Sat, 29 Mar 2003 18:16:01 +0100
+
+ipsec-tools (0.2.2-2) unstable; urgency=low
+
+ * Add a real description and copyright
+ * Install all racoon documentation
+ * Install conffiles
+ * Fix permissions, compress manpages
+ * Properly restart and stop racoon on upgrade and removal
+
+ -- Wichert Akkerman Sat, 22 Mar 2003 18:42:03 +0100
+
+ipsec-tools (0.2.2-1) unstable; urgency=low
+
+ * First trivial packaging
+
+ -- Wichert Akkerman Sat, 15 Mar 2003 11:53:05 +0100
+
--- ipsec-tools-0.7.1.orig/debian/racoon.conf
+++ ipsec-tools-0.7.1/debian/racoon.conf
@@ -0,0 +1,40 @@
+#
+# NOTE: This file will not be used if you use racoon-tool(8) to manage your
+# IPsec connections. racoon-tool will process racoon-tool.conf(5) and
+# generate a configuration (/var/lib/racoon/racoon.conf) and use it, instead
+# of this file.
+#
+# Simple racoon.conf
+#
+#
+# Please look in /usr/share/doc/racoon/examples for
+# examples that come with the source.
+#
+# Please read racoon.conf(5) for details, and alsoread setkey(8).
+#
+#
+# Also read the Linux IPSEC Howto up at
+# http://www.ipsec-howto.org/t1.html
+#
+
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+#remote 172.31.1.1 {
+# exchange_mode main,aggressive;
+# proposal {
+# encryption_algorithm 3des;
+# hash_algorithm sha1;
+# authentication_method pre_shared_key;
+# dh_group modp1024;
+# }
+# generate_policy off;
+#}
+#
+#sainfo address 192.168.203.10[any] any address 192.168.22.0/24[any] any {
+# pfs_group modp768;
+# encryption_algorithm 3des;
+# authentication_algorithm hmac_md5;
+# compression_algorithm deflate;
+#}
+
--- ipsec-tools-0.7.1.orig/debian/postrm
+++ ipsec-tools-0.7.1/debian/postrm
@@ -0,0 +1,38 @@
+#! /bin/sh
+# postrm script for ipsec-tools
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * `remove'
+# * `purge'
+# * `upgrade'
+# * `failed-upgrade'
+# * `abort-install'
+# * `abort-install'
+# * `abort-upgrade'
+# * `disappear' overwrit>r>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+
+
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- ipsec-tools-0.7.1.orig/debian/postinst
+++ ipsec-tools-0.7.1/debian/postinst
@@ -0,0 +1,42 @@
+#! /bin/sh
+# postinst script for ipsec-tools
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * `configure'
+# * `abort-upgrade'
+# * `abort-remove' `in-favour'
+#
+# * `abort-deconfigure' `in-favour'
+# `removing'
+#
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure)
+
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
--- ipsec-tools-0.7.1.orig/debian/racoon.prerm
+++ ipsec-tools-0.7.1/debian/racoon.prerm
@@ -0,0 +1,39 @@
+#! /bin/sh
+# prerm script for ipsec-tools
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * `remove'
+# * `upgrade'
+# * `failed-upgrade'
+# * `remove' `in-favour'
+# * `deconfigure' `in-favour'
+# `removing'
+#
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ remove|upgrade|deconfigure)
+# install-info --quiet --remove /usr/info/ipsec-tools.info.gz
+ ;;
+ failed-upgrade)
+ ;;
+ *)
+ echo "prerm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
--- ipsec-tools-0.7.1.orig/debian/racoon.files
+++ ipsec-tools-0.7.1/debian/racoon.files
@@ -0,0 +1,2 @@
+ipsec-tools_0.4999pre5-20041206cvs_i386.deb net optional
+racoon_0.4999pre5-20041206cvs_i386.deb net optional
--- ipsec-tools-0.7.1.orig/debian/racoon.docs
+++ ipsec-tools-0.7.1/debian/racoon.docs
@@ -0,0 +1,6 @@
+NEWS
+README
+src/racoon/doc/FAQ
+src/racoon/doc/README.certificate
+
+
--- ipsec-tools-0.7.1.orig/debian/racoon-tool.8
+++ ipsec-tools-0.7.1/debian/racoon-tool.8
@@ -0,0 +1,143 @@
+.TH RACOON-TOOL 8
+.\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection
+.\" other parms are allowed: see man(7), man(1)
+.SH NAME
+racoon-tool \- program to manage the
+.BR racoon (8)
+IPSEC IKE daemon.
+.SH SYNOPSIS
+.B racoon-tool
+.I "[-h] reload|restart|force-reload|start|stop"
+.br
+.B racoon-tool
+.I "[-h] sadflush|spdflush|saddump|spddump"
+.br
+.B racoon-tool
+.I "[-h] vpndown|vdown|vpnup|vup connection-name|all"
+.br
+.B racoon-tool
+.I "[-h] vpnreload|vreload connection-name|all"
+.br
+.B racoon-tool
+.I "[-h] vpnlist|vlist [connection-name|all]"
+.br
+.B racoon-tool
+.I "[-h] vpnmenu|vmenu [connection-name-regexp]"
+.br
+.B racoon-tool
+.I "[-h] racoonstart|racoonstop|rstart|rstop"
+.br
+.SH "DESCRIPTION"
+This manual page documents briefly the
+.BR racoon-tool
+command.
+.BR racoon-tool (8)
+is a perl script that can be used to control the
+.BR racoon (8)
+IKE daemon and the SPD database within the kernel via the
+.BR setkey (8)
+command. Various operations that it can do
+are described below.
+.PP
+You can also optionally choose not to use it via reconfiguring the
+.I racoon
+package using
+.BR dpkg-reconfigure (8).
+
+.SH OPTIONS
+A summary of options are included below.
+.TP
+.B \-h
+Show summary of options.
+
+.SH COMMANDS
+.TP
+.B start
+Start
+.BR racoon (8),
+loading any needed modules, configuring the SPD, and generating
+a configuration from
+.I /etc/racoon/racoon-tool.conf.
+.TP
+.B stop
+Stop
+.BR racoon (8)
+unloading any crypto/IPSEC modules, flushing the SAD and SPD.
+.TP
+.B reload
+Regenerate configuration from
+.I /etc/racoon/racoon.conf, HUP
+.BR racoon (8)
+and reinitialise the SPD and SAD.
+.TP
+.B restart|force-reload
+Perform a
+.I stop
+followed by a
+.I start
+.TP
+.B sadflush
+Flush the SAD via
+.BR setkey (8).
+.TP
+.B spdflush
+Flush the SPD via
+.BR setkey (8).
+.TP
+.B saddump|dump
+Dump the SAD to screen via
+.BR setkey (8),
+paginating via your pager.
+.TP
+.B spddump
+Dump the SPD to screen via
+.BR setkey (8),
+paginating via your pager.
+.TP
+.BR "vpnup|vup" " connection-name|all"
+Bring up the VPN connection(s).
+.TP
+.BR "vpndown|vdown" " connection-name|all"
+Take down the VPN connection(s).
+.TP
+.BR "vpnreload|vreload" " connection-name|all"
+Reload the VPN connection(s).
+.TP
+.BR "vpnlist|vlist" " [connection-name|all]"
+List the known VPN connections in
+.I /etc/racoon/racoon-tool.conf.
+Can be used by a script or administrator to see
+if a VPN connection exists.
+.TP
+.BR "vpnmenu|vmenu" " [connection-name-regexp]"
+Start the VPN menu management mode. This displays the SPD,
+and you can shutdown VPNs from here. Latter on support will
+be added for checking status and reloading the chosen connection.
+.TP
+.B racoonstart|rstart
+Start only the
+.BR racoon (8)
+daemon.
+.TP
+.B racoonstop|rstop
+Stop only the
+.BR racoon (8)
+daemon.
+.SH "FILES"
+.TP
+.I /etc/racoon/racoon-tool.conf
+\- configuration file.
+.TP
+.I /var/lib/racoon/racoon.conf
+\- generated racoon.conf
+.SH "SEE ALSO"
+.BR racoon (8),
+.BR racoon.conf (5),
+.BR setkey (8),
+.BR racoon-tool.conf (5).
+
+.SH AUTHOR
+This manual page was written by Matthew Grant ,
+for the Debian GNU/Linux system (but may be used by others).
+
+\" LocalWords: RACOON
--- ipsec-tools-0.7.1.orig/debian/ipsec-tools.setkey.default
+++ ipsec-tools-0.7.1/debian/ipsec-tools.setkey.default
@@ -0,0 +1,2 @@
+# Set to "no" to disable loading ipsec.conf on startup
+# RUN_SETKEY=yes
--- ipsec-tools-0.7.1.orig/debian/copyright
+++ ipsec-tools-0.7.1/debian/copyright
@@ -0,0 +1,61 @@
+This is the Debian packaged version of ipsec-tools.
+
+Sources for this package can be found at its homepage at
+http://ipsec-tools.sourceforge.net/ .
+
+The code is copyright 1995, 1996, 1997, 1998, and 1999 by the WIDE Project
+and licensed under the BSD license. On Debian systems a copy of the
+license can be found in /usr/share/common-licenses/BSD .
+
+The GSSAPI code is copyright 2000 Wasabi Systems, Inc and lincensed under
+the following license:
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by Wasabi Systems for
+ Zembu Labs, Inc. http://www.zembu.com/
+ 4. The name of Wasabi Systems, Inc. may not be used to endorse
+ or promote products derived from this software without specific prior
+ written permission.
+
+ THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
+ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+The racoon-tool perl script is:
+
+Copyright Matthew Grant, Catalyst IT Ltd 2004.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+On Debian GNU/Linux systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL'.
+
+ A copy of the GNU General Public License is also available at
+ . You may also obtain
+ it by writing to the Free Software Foundation, Inc., 51 Franklin
+ St, Fifth Floor, Boston, MA 02110-1301, USA.
+
--- ipsec-tools-0.7.1.orig/debian/racoon-tool.conf
+++ ipsec-tools-0.7.1/debian/racoon-tool.conf
@@ -0,0 +1,46 @@
+#
+# Configuration file for racoon-tool
+#
+# See racoon-tool.conf(5) for details
+#
+
+# How to control the syslog level
+global:
+ log: notify
+
+#
+# Example of multiple networks to one endpoint
+#
+#connection(bacckdoor-doormat):
+# src_range: 192.168.223.1/32
+# dst_range: 192.168.200.0/24
+# src_ip: 172.31.1.1
+# dst_ip: 10.0.0.1
+# admin_status: enabled
+# compression: no
+# lifetime: time 20 min
+# authentication_algorithm: hmac_sha1,hmac_md5
+# encryption_algorithm: aes,3des
+
+#connection(backdoor-outhouse):
+# src_range: 192.168.223.0/24
+# dst_range: 10.255.255.254
+# src_ip: 172.31.1.1
+# dst_ip: 10.0.0.1
+# admin_status: no
+# lifetime: time 20 min
+# authentication_algorithm: hmac_sha1
+# encryption_algorithm: 3des
+
+
+#peer(10.0.0.1):
+# verify_cert: on
+# passive: off
+# verify_identifier: off
+# lifetime: time 60 min
+# hash_algorithm[0]: sha1
+# encryption_algorithm[0]: 3des
+## my_identifier: fqdn backdoor.foo.bar
+## peers_identifier: fqdn garden-path.foo.bar
+## certificate_type: x509 bLaH.pem PrIv.pem
+
--- ipsec-tools-0.7.1.orig/debian/racoon-tool.conf.5
+++ ipsec-tools-0.7.1/debian/racoon-tool.conf.5
@@ -0,0 +1,291 @@
+.TH RACOON-TOOL.CONF 5
+.SH NAME
+racoon-tool.conf \- configuration file for
+.BR racoon-tool (8).
+.SH "DESCRIPTION"
+This manual page documents briefly the
+.BR racoon-tool.conf (5) ,
+configuration file format.
+.PP
+Please consult the
+.BR racoon.conf (5)
+man-page first to better understand what is written about here.
+.SH SYNTAX
+The
+.BR racoon-tool.conf (5)
+file is laid out in sections.
+.PP
+Comments are delimited on the left by `#', and can be on a line by
+themselves, or at the end of a line.
+.PP
+The possible sections are
+.I global,
+.I connection,
+and
+.I peer.
+The possible templates are
+.I spdadd,
+.I spdinit,
+.I sadinit,
+.I sadadd,
+.I remote,
+.I sainfo,
+and
+.I racooninit.
+.PP
+Sections start with
+.I section:
+and then continue with their properties (name terminated by `:' then
+value), and templates ALWAYS have to have each line started with
+.I template:
+Sections and templates can be named, with the name occurring in
+parenthesis between the last character of their type and the final
+colon.
+.SH SECTIONS
+The possible sections are:
+.TP
+.BR global:
+Contains global parameters for the generated
+.BR racoon.conf (5),
+and global settings used by
+.BR racoon-tool (8).
+Available settings are:
+.I path_pre_shared_key,
+.I path_certificate,
+.I path_racoon_conf,
+.I racoon_command,
+.I racoon_pid_file,
+.I log,
+.I listen[[0-9a-z]],
+and
+.I complex_bundle.
+
+Apart from
+.I racoon-command
+and
+.I racoon_pid_file,
+the setting map across to the similar names in
+.BR racoon.conf (5).
+
+The
+.I listen
+directive is a bit different from the man-page and takes multiple
+.I {ip-address} [[port]]
+statements by attaching an index `0-9',`a-z' in square brackets immediately
+before the colon.
+.TP
+.BR connection( "%default|%anonymous|[-_a-z0-9]+" ):
+Connection as described by the complementary SPD entries. Creates
+`sainfo' sections in the generated
+.BR racoon.conf (5),
+and associated SPD entries.
+
+Directives and values are basically one for
+one with the relevant entries in
+.BR racoon.conf (5).
+
+The `%default' VPN connection fills in entries in other specified
+connections, unless they are otherwise defined within the specific
+connection. The `%anonymous' connection is there for a passive VPN
+server.
+.TP
+.BR peer( "%default|%anonymous|[a-f0-9:\.]+" ):
+Defines the phase 1 attributes associated with a peer. This creates
+`remote' entries in the generated
+.BR racoon.conf (5).
+
+Directives and values are basically one for one with the relevant
+entries in
+.BR racoon.conf (5).
+Different proposals are signified by adding an index `0-9', or `a-z' to
+the
+.I encryption_algorithm,
+.I hash_algorithm,
+.I dh_group,
+and
+.I authentication_method
+entries, within square brackets immediately before the colon.
+
+The `%default' VPN connection fills in entries in other specified
+connections, unless they are otherwise defined within the specific
+connection. The `%anonymous' connection is there for a passive VPN
+server.
+.SH TEMPLATES
+Templates are described briefly here. You will have to look inside the
+.BR racoon-tool (8)
+perl script to see exactly what you can do.
+.TP
+.BR spdinit:
+Portion that can be used to initialise the SPD. Uses setkey syntax.
+See
+.BR setkey (8).
+.TP
+.BR sadinit:
+Portion that can be used to initialise the SAD. Uses setkey syntax.
+See
+.BR setkey (8).
+.TP
+.BR spdadd(%default|[-_a-z0-9]+):
+Template for adding SPD entries. Different templates can be used.
+Keys for replacement are of the form `___setkey_name___', with names
+found in
+.BR setkey (8).
+The built in template is named `%default'.
+.TP
+.BR sadadd(%default|[-_a-z0-9]+):
+Template for adding SAD entries. Different templates can be used.
+Keys for replacement are of the form `___setkey_name___', with names
+found in
+.BR setkey (8).
+The built in template is named `%default'.
+.TP
+.BR remote(%default|[-_a-z0-9]+):
+Template for adding 'remote' entries to the generated
+.BR racoon.conf(5).
+Different templates can be used. Keys for replacement are
+of the form `___setkey_name___', with names found in
+.BR setkey (8).
+The built in template is named `%default'.
+.TP
+.BR sainfo(%default|[-_a-z0-9]+):
+Template for adding 'sainfo' entries to the generated
+.BR racoon.conf (5).
+Different templates can be used.
+Keys for replacement are of the form `___setkey_name___', with names
+found in
+.BR setkey (8).
+The built in template is named `%default'.
+.TP
+.BR racooninit:
+Template for adding your own section to the start of the generated
+.BR racoon.conf (5).
+
+.SH "EXAMPLES"
+Example of a simple configuration using PSK authentication.
+.PP
+.nf
+#
+# Configuration file for racoon-tool
+#
+# See racoon-tool.conf(5) for details
+#
+
+#
+# Simple PSK - authentication defaults to pre_shared_key
+#
+connection(bacckdoor-doormat):
+ src_range: 192.168.223.1/32
+ dst_range: 192.168.200.0/24
+ src_ip: 172.31.1.1
+ dst_ip: 10.0.0.1
+ admin_status: enabled
+ compression: no
+ lifetime: time 20 min
+ authentication_algorithm: hmac_sha1
+ encryption_algorithm: 3des
+
+peer(10.0.0.1):
+ verify_cert: on
+ passive: off
+ verify_identifier: off
+ lifetime: time 60 min
+ hash_algorithm[0]: sha1
+ encryption_algorithm[0]: 3des
+
+.fi
+.PP
+Example of a complex configuration with multple networks betweenthe
+same endpoints, as well as use of `%default' for common settings.
+.PP
+.nf
+#
+# Configuration file for racoon-tool
+#
+
+global:
+ log: notify
+
+# default settings to save typing
+peer(%default):
+ certificate_type: x509 blurke-ipsec.crt blurke-ipsec.key
+ my_identifier: fqdn blurke.bar.com
+ lifetime: time 60 min
+ verify_identifier: on
+ verify_cert: on
+ hash_algorithm[0]: sha1
+ encryption_algorithm[0]: 3des
+ authentication_method[0]: rsasig
+
+connection(%default):
+ authentication_algorithm: hmac_sha1
+ encryption_algorithm: 3des
+ src_ip: 172.31.1.1
+ lifetime: time 20 min
+
+# Connection to work
+peer(10.0.0.1):
+ peers_identifier: fqdn blue.sky.com
+
+connection(blurke-blue-sky-work):
+ src_range: 192.168.203.1/32
+ dst_range: 172.16.0.0/24
+ dst_ip: 10.0.0.1
+ admin_status: enabled
+
+# Connection to telehoused servers
+connection(blurke-mail):
+ src_range: 192.168.203.0/24
+ dst_range: 172.20.1.1
+ dst_ip: 10.100.0.1
+ encryption_algorithm: blowfish
+ compression: on
+ admin_status: yes
+
+peer(10.100.0.1):
+ peers_identifier: fqdn mail.bar.com
+
+connection(blurke-web1):
+ src_range: 192.168.203.0/24
+ dst_range: 172.20.1.23
+ dst_ip: 10.100.0.1
+ encryption_algorithm: blowfish
+ admin_status: yes
+
+connection(blurke-web2):
+ src_range: 192.168.203.0/24
+ dst_range: 172.20.1.24
+ dst_ip: 10.100.0.1
+ encryption_algorithm: blowfish
+ admin_status: yes
+
+
+
+# Test connection to Free S/WAN
+connection(blurke-freeswan):
+ src_range: 192.168.203.0/24
+ dst_range: 172.17.100.0/24
+ dst_ip: 172.30.1.1
+ admin_status: yes
+
+peer(172.30.1.1):
+ peers_identifier: fqdn banshee
+.fi
+
+.SH "FILES"
+.TP
+.I /etc/racoon/racoon-tool.conf
+The file that this man page describes.
+.TP
+.I /var/lib/racoon/racoon.conf
+The generated racoon.conf.
+
+.SH "SEE ALSO"
+.BR racoon.conf (5),
+.BR racoon-tool (8),
+.BR racoon (8),
+.BR setkey (8).
+.SH BUGS
+This man page is by no means complete.
+.SH AUTHOR
+This manual page was written by Matthew Grant
+for the Debian GNU/Linux system (but may be used by others).
--- ipsec-tools-0.7.1.orig/debian/racoon.README.Debian
+++ ipsec-tools-0.7.1/debian/racoon.README.Debian
@@ -0,0 +1,34 @@
+Debian README for racoon
+------------------------
+
+This package requires a 2.6 kernel with IPSEC available, or a 2.4 kernel
+with the new IPSEC backport as in the latest 2.4 kernel source in sid and
+sarge.
+
+Please note that the xfrm_user.o module must be loaded unless statically
+compiled into the kernel so that the /proc/net/pfkey file is available for
+setkey and racoon.
+
+If a suitable kernel is not installed, or /proc/net/pfkey is not available
+racoon will fail to start properly.
+
+You will also have to make sure all required kernel encryption and xfrm
+modules are loaded, or that they are statically linked if using 'direct'
+debconf configuration.
+
+racoon-tool
+-----------
+racoon-tool is now officially deprecated. It used to be the preferred method
+of configuration in older releases (till 0.3.1) but is now deprecated because
+of several reasons; it's debian specific, upstream doesn't like it, it lags
+behind in features when compared to racoon.conf(5). If you're interested in
+using the latest and greatest feature in racoon, use /etc/racoon/racoon.conf
+directly.
+
+Further Information
+-------------------
+Further information about the new Linux KAME/racoon IPSEC can be found
+up at http://ipsec-tools.sourceforge.net, and a HOWTO can be found up at
+"http://www.ipsec-howto.org/t1.html".
+
+ -- Ganesan Rajagopal , Mon, 21 Apr 2008 13:47:57 +0530
--- ipsec-tools-0.7.1.orig/debian/po/ja.po
+++ ipsec-tools-0.7.1/debian/po/ja.po
@@ -0,0 +1,95 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ipsec-tools 1:0.7.1-1\n"
+"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n"
+"POT-Creation-Date: 2008-04-21 08:51+0000\n"
+"PO-Revision-Date: 2008-08-06 20:05+0900\n"
+"Last-Translator: Hideki Yamane (Debian-JP) \n"
+"Language-Team: Japanese \n"
+"Language: ja\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "direct"
+msgstr "直接"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "racoon-tool"
+msgstr "racoon-tool"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid "Configuration mode for racoon IKE daemon."
+msgstr "racoon IKE デーモンの設定方法"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid ""
+"Racoon can be configured two ways, either by directly editing /etc/racoon/"
+"racoon.conf or using the racoon-tool administrative front end. racoon-tool "
+"is now deprecated and is only available for backward compatibility. New "
+"installations should always use the \"direct\" method."
+msgstr ""
+"racoon は、/etc/racoon/racoon.conf を直接編集する、もしくは racoon-tool 管理"
+"フロントエンドを利用するという、2 つの方法のどちらを使っても設定可能です。"
+"racoon-tool はすでに廃止される予定になっており、後方互換性のためにのみ残され"
+"ています。新規インストールでは必ず「直接」設定してください。"
+
+#~ msgid "Please select the racoon configuration mode."
+#~ msgstr "racoon IKE デーモンの設定方法を選択してください。"
+
+#~ msgid "Racoon can now be configured two ways."
+#~ msgstr "racoon は 2 つの方法で設定可能です。"
+
+#~ msgid ""
+#~ "The traditional one (direct), which is for direct editing of /etc/racoon/"
+#~ "racoon.conf and setup of the SPD using setkey via a shell script written "
+#~ "by the systems administrator. You will have to make sure that the kernel "
+#~ "has all required modules loaded or the racoon daemon can exit with a "
+#~ "'failed to parse configuration file' error."
+#~ msgstr ""
+#~ "従来の方法 (直接) では、/etc/racoon/racoon.conf を直接編集し、管理者によっ"
+#~ "て書かれたシェルスクリプトによる setkey を用いて SPD を設定します。カーネ"
+#~ "ルに必要な全てのモジュールが読み込まれていなければ、racoon デーモンは '設"
+#~ "定ファイルの解析エラー' で終了します。"
+
+#~ msgid ""
+#~ "The new one is the racoon-tool administration front end which configures "
+#~ "both, as well as handling module loading and can handle most common "
+#~ "setups. Please read /usr/share/doc/racoon/README.Debian for more "
+#~ "details."
+#~ msgstr ""
+#~ "新しい方法は、racoon-tool 管理フロントエンドでは、モジュールのロードと、一"
+#~ "般的なセットアップの両方が行えます。より詳細な情報については、/usr/share/"
+#~ "doc/racoon/README.Debian を読んでください。"
+
+#~ msgid ""
+#~ "Would you like to use the new racoon-tool program to configure VPNs, or "
+#~ "the direct editing of /etc/racoon/racoon.conf?"
+#~ msgstr ""
+#~ "VPN の設定に新しい racoon-tool プログラムを利用しますか?もしくは、直接 /"
+#~ "etc/racoon/racoon.conf を編集しますか?"
+
+#~ msgid "Please select from either 'direct' or 'racoon-tool'."
+#~ msgstr "'直接' もしくは 'racoon-tool' のいづれかを選択してください"
--- ipsec-tools-0.7.1.orig/debian/po/ru.po
+++ ipsec-tools-0.7.1/debian/po/ru.po
@@ -0,0 +1,54 @@
+# translation of ipsec-tools_1:0.7-2.1_ru.po to Russian
+# Russian translation of ipsec-tools_1:0.6.5-6.po.
+# This file is distributed under the same license as the ipsec-tools package.
+#
+#
+# Aleksandr Bouksha , 2006.A , 2006.
+# Yuri Kozlov , 2008.
+msgid ""
+msgstr ""
+"Project-Id-Version: ipsec-tools 1:0.6.5-6\n"
+"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n"
+"POT-Creation-Date: 2008-04-21 08:51+0000\n"
+"PO-Revision-Date: 2008-06-03 21:25+0400\n"
+"Last-Translator: Yuri Kozlov \n"
+"Language-Team: Russian \n"
+"Language: ru\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "direct"
+msgstr "вручную"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "racoon-tool"
+msgstr "racoon-tool"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid "Configuration mode for racoon IKE daemon."
+msgstr "Способ настройки службы racoon IKE:"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid ""
+"Racoon can be configured two ways, either by directly editing /etc/racoon/"
+"racoon.conf or using the racoon-tool administrative front end. racoon-tool "
+"is now deprecated and is only available for backward compatibility. New "
+"installations should always use the \"direct\" method."
+msgstr ""
+"racoon может быть настроен двумя способами: редактированием /etc/init.d/"
+"racoon.conf вручную или при помощи инструмента racoon-tool. racoon-tool "
+"является устаревшим и доступен только для обратной совместимости. При новой "
+"установке всегда выбирайте настройку вручную."
--- ipsec-tools-0.7.1.orig/debian/po/fr.po
+++ ipsec-tools-0.7.1/debian/po/fr.po
@@ -0,0 +1,54 @@
+# Translation of iodine debconf templates to French
+# Copyright (C) Sylvain Archenault
+# This file is distributed under the same license as the iodine package.
+#
+# Jean-Luc Coulon (f5ibh)"
+# Christian Perrier
+# et Denis Barbier
+# Sylvain Archenault , 2005.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: fr\n"
+"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n"
+"POT-Creation-Date: 2008-04-21 08:51+0000\n"
+"PO-Revision-Date: 2006-05-29 14:10+0200\n"
+"Last-Translator: Sylvain Archenault \n"
+"Language-Team: French >\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "direct"
+msgstr "Modification directe"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "racoon-tool"
+msgstr "Utilisation de racoon-tool"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid "Configuration mode for racoon IKE daemon."
+msgstr "Mode de configuration pour le démon IKE racoon :"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid ""
+"Racoon can be configured two ways, either by directly editing /etc/racoon/"
+"racoon.conf or using the racoon-tool administrative front end. racoon-tool "
+"is now deprecated and is only available for backward compatibility. New "
+"installations should always use the \"direct\" method."
+msgstr ""
+"Racoon peut être configuré de deux façons, soit en modifiant directement le "
+"fichier /etc/racoon/racoon.conf, soit en utilisant l'outil d'administration "
+"racoon-tool. Racoon-tool est désormais obsolète et est seulement disponible "
+"pour la rétrocompatibilité. Les nouvelles installations ne doivent utiliser "
+"que la méthode « directe »."
--- ipsec-tools-0.7.1.orig/debian/po/templates.pot
+++ ipsec-tools-0.7.1/debian/po/templates.pot
@@ -0,0 +1,45 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR , YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n"
+"POT-Creation-Date: 2008-04-21 08:51+0000\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME \n"
+"Language-Team: LANGUAGE \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "direct"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "racoon-tool"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid "Configuration mode for racoon IKE daemon."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid ""
+"Racoon can be configured two ways, either by directly editing /etc/racoon/"
+"racoon.conf or using the racoon-tool administrative front end. racoon-tool "
+"is now deprecated and is only available for backward compatibility. New "
+"installations should always use the \"direct\" method."
+msgstr ""
--- ipsec-tools-0.7.1.orig/debian/po/vi.po
+++ ipsec-tools-0.7.1/debian/po/vi.po
@@ -0,0 +1,51 @@
+# Vietnamese Translation for ipsec-tools.
+# Copyright © 2008 Free Software Foundation, Inc.
+# Clytie Siddall , 2005-2008.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ipsec-tools 1:0.7-2.1\n"
+"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n"
+"POT-Creation-Date: 2008-04-21 08:51+0000\n"
+"PO-Revision-Date: 2008-05-22 14:29+0930\n"
+"Last-Translator: Clytie Siddall \n"
+"Language-Team: Vietnamese \n"
+"Language: vi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: LocFactoryEditor 1.7b3\n"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "direct"
+msgstr "trực tiếp"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "racoon-tool"
+msgstr "racoon-tool"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid "Configuration mode for racoon IKE daemon."
+msgstr "Chế độ cấu hình cho trình nền IKE racoon."
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid ""
+"Racoon can be configured two ways, either by directly editing /etc/racoon/"
+"racoon.conf or using the racoon-tool administrative front end. racoon-tool "
+"is now deprecated and is only available for backward compatibility. New "
+"installations should always use the \"direct\" method."
+msgstr ""
+"Trình racoon có thể được cấu hình bằng hai cách khác nhau, hoặc bằng cách "
+"hiệu chỉnh trực tiếp tập tin cấu hình « /etc/init.d/racoon.conf », hoặc bằng "
+"cách sử dụng tiền tiêu quản trị racoon-tool. Tùy nhiên, racoon-tool lúc bây "
+"giờ bị phản đối và công bố chỉ để tương thích ngược. Việc cài đặt mới lúc "
+"nào cũng nên dùng phương pháp « trực tiếp »."
--- ipsec-tools-0.7.1.orig/debian/po/pt_BR.po
+++ ipsec-tools-0.7.1/debian/po/pt_BR.po
@@ -0,0 +1,55 @@
+# ipsec-tools Brazilian Portuguese translation
+# Copyright (C) 2006 ipsec-tools's COPYRIGHT HOLDER
+# This file is distributed under the same license as the ipsec-tools package.
+# André Luís Lopes , 2006.
+# Eder L. Marques (frolic) , 2008.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ipsec-tools 1:0.7-2.1\n"
+"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n"
+"POT-Creation-Date: 2008-04-21 08:51+0000\n"
+"PO-Revision-Date: 2008-05-26 11:23-0300\n"
+"Last-Translator: Eder L. Marques (frolic) \n"
+"Language-Team: Brazilian Portuguese \n"
+"Language: pt_BR\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"pt_BR utf-8\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "direct"
+msgstr "direta"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "racoon-tool"
+msgstr "racoon-tool"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid "Configuration mode for racoon IKE daemon."
+msgstr "Modo de configuração para o daemon IKE racoon."
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid ""
+"Racoon can be configured two ways, either by directly editing /etc/racoon/"
+"racoon.conf or using the racoon-tool administrative front end. racoon-tool "
+"is now deprecated and is only available for backward compatibility. New "
+"installations should always use the \"direct\" method."
+msgstr ""
+"O racoon pode ser configurado de duas maneiras, tanto editando diretamente o "
+"arquivo /etc/racoon/racoon.conf ou usando a interface administrativa racoon-"
+"tool. O racoon-tool está obsoleto agora e está disponível somente para "
+"compatibilidade com versões anteriores. Novas instalações deveriam sempre "
+"utilizar o método \"direto\"."
--- ipsec-tools-0.7.1.orig/debian/po/POTFILES.in
+++ ipsec-tools-0.7.1/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] racoon.templates
--- ipsec-tools-0.7.1.orig/debian/po/eu.po
+++ ipsec-tools-0.7.1/debian/po/eu.po
@@ -0,0 +1,51 @@
+# translation of xd-ipsec-tools-eu.po to Euskara
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# xabier bilbao , 2008.
+# Piarres Beobide , 2008.
+msgid ""
+msgstr ""
+"Project-Id-Version: xd-ipsec-tools-eu\n"
+"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n"
+"POT-Creation-Date: 2008-04-21 08:51+0000\n"
+"PO-Revision-Date: 2008-05-24 23:47+0200\n"
+"Last-Translator: Piarres Beobide \n"
+"Language-Team: Euskara \n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "direct"
+msgstr "zuzena"
+
+#. Type: select
+#. Choices
+#: ../racoon.templates:1001
+msgid "racoon-tool"
+msgstr "racoon-tool bidez"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid "Configuration mode for racoon IKE daemon."
+msgstr "Racoon IKE deabrua konfiguratzeko modua:"
+
+#. Type: select
+#. Description
+#: ../racoon.templates:1002
+msgid ""
+"Racoon can be configured two ways, either by directly editing /etc/racoon/"
+"racoon.conf or using the racoon-tool administrative front end. racoon-tool "
+"is now deprecated and is only available for backward compatibility. New "
+"installations should always use the \"direct\" method."
+msgstr ""
+"Bi era daude Racoon konfiguratzeko: /etc/racoon/racoon.conf zuzenean "
+"editatuz, edo racoon-tool administrazio interfazea erabiliz. Racoon-tool "
+"zaharkitua geratu da, eta atzeranzko bateragarritasunagatik soilik dago "
+"eskura. Instalazio berrietan erabili beti \"zuzena\" modua."
--- ipsec-tools-0.7.1.orig/debian/po/it.po
+++ ipsec-tools-0.7.1/debian/po/it.po
@@ -0,0 +1,50 @@
+# Italian (it) translation of debconf templates for ipsec-tools
+# Copyright (C) 2008 Software in the Public Interest
+# This file is distributed under the same license as the ipsec-tools package.
+# Luca Monducci , 2008.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ipsec-tools\n"
+"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n"
+"POT-Creation-Date: 2008-04-21 08:51+0000\n"
+"PO-Revision-Date: 2008-08-22 21:42+0200\n"
+"Last-Translator: Luca Monducci