Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools Update ipsec-tools to 0.6.1rc1
details: https://anonhg.NetBSD.org/src/rev/119ebb9dc7a2
branches: trunk
changeset: 583449:119ebb9dc7a2
user: manu <manu%NetBSD.org@localhost>
date: Sun Aug 07 08:46:11 2005 +0000
description:
Update ipsec-tools to 0.6.1rc1
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.
diffstat:
crypto/dist/ipsec-tools/NEWS | 16 +-
crypto/dist/ipsec-tools/acracoon.m4 | 10 +-
crypto/dist/ipsec-tools/configure.ac | 146 +++++++--
crypto/dist/ipsec-tools/netbsd-import.sh | 2 +-
crypto/dist/ipsec-tools/rpm/suse/Makefile.am | 16 +-
crypto/dist/ipsec-tools/rpm/suse/ipsec-tools.spec.in | 4 +-
crypto/dist/ipsec-tools/src/racoon/Makefile.am | 13 +-
crypto/dist/ipsec-tools/src/racoon/getcertsbyname.c | 13 +-
crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c | 7 +-
crypto/dist/ipsec-tools/src/racoon/missing/crypto/sha2/sha2.h | 17 +-
crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c | 8 +-
crypto/dist/ipsec-tools/src/racoon/proposal.h | 5 +-
crypto/dist/ipsec-tools/src/racoon/racoonctl.c | 6 +-
crypto/dist/ipsec-tools/src/racoon/sockmisc.c | 14 +-
crypto/dist/ipsec-tools/src/setkey/Makefile.am | 2 +-
crypto/dist/ipsec-tools/src/setkey/extern.h | 3 +
16 files changed, 193 insertions(+), 89 deletions(-)
diffs (truncated from 734 to 300 lines):
diff -r 48fe6850a094 -r 119ebb9dc7a2 crypto/dist/ipsec-tools/NEWS
--- a/crypto/dist/ipsec-tools/NEWS Sun Aug 07 08:38:30 2005 +0000
+++ b/crypto/dist/ipsec-tools/NEWS Sun Aug 07 08:46:11 2005 +0000
@@ -1,13 +1,25 @@
Version history:
----------------
-0.6??? - ??
+0.6.1 - ??
+ o NAT-T fixes for situations where NAT-T is not used
+ o OpenSSL 0.9.8 support
+ o keys are not restricted to OpenSSL default size anymore
+ o PKCS7 support
+ o SHA2 support
+
+0.6 - 27 June 2005
+ o Generated policies are now correctly flushed
+ o NAT-T works with multiple peers behind the NAT (need kernel support)
+ o Xauth can use shadow passwords
+ o TCP-MD5 support
o PAM support for Xauth
o Privilege separation
o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
o racoon admin interface is exported (header and library) to
help building control programs for racoon (think GUI)
+ o Fixed single DES support; single DES users MUST UPGRADE
-0.5??? - ??
+0.5 - 10 April 2005
o Rewritten buildsystem. Now completely autoconfed, automaked,
libtoolized.
o IPsec-tools now compiles on NetBSD and FreeBSD again.
diff -r 48fe6850a094 -r 119ebb9dc7a2 crypto/dist/ipsec-tools/acracoon.m4
--- a/crypto/dist/ipsec-tools/acracoon.m4 Sun Aug 07 08:38:30 2005 +0000
+++ b/crypto/dist/ipsec-tools/acracoon.m4 Sun Aug 07 08:46:11 2005 +0000
@@ -48,7 +48,8 @@
}],
[ac_cv_va_copy=yes],
[ac_cv_va_copy=no],
- [])
+ AC_MSG_WARN(Cross compiling... Unable to test va_copy)
+ [ac_cv_va_copy=no])
])
if test x$ac_cv_va_copy != xyes; then
AC_CACHE_CHECK([for an implementation of __va_copy()],
@@ -69,7 +70,8 @@
}],
[ac_cv___va_copy=yes],
[ac_cv___va_copy=no],
- [])
+ AC_MSG_WARN(Cross compiling... Unable to test __va_copy)
+ [ac_cv___va_copy=no])
])
fi
@@ -186,8 +188,8 @@
buggygetaddrinfo=no,
AC_MSG_RESULT(buggy)
buggygetaddrinfo=yes,
- AC_MSG_RESULT(buggy)
- buggygetaddrinfo=yes)
+ AC_MSG_RESULT(Cross compiling ... Assuming getaddrinfo is not buggy.)
+ buggygetaddrinfo=no)
CFLAGS=$saved_CFLAGS
unset saved_CFLAGS
])
diff -r 48fe6850a094 -r 119ebb9dc7a2 crypto/dist/ipsec-tools/configure.ac
--- a/crypto/dist/ipsec-tools/configure.ac Sun Aug 07 08:38:30 2005 +0000
+++ b/crypto/dist/ipsec-tools/configure.ac Sun Aug 07 08:46:11 2005 +0000
@@ -1,8 +1,8 @@
dnl -*- mode: m4 -*-
-dnl Id: configure.ac,v 1.47.2.3 2005/03/14 07:55:03 manubsd Exp
+dnl Id: configure.ac,v 1.47.2.23 2005/08/04 21:26:47 manubsd Exp
AC_PREREQ(2.52)
-AC_INIT(ipsec-tools, 0.5pre)
+AC_INIT(ipsec-tools, 0.6.1rc1)
AC_CONFIG_SRCDIR([configure.ac])
AM_CONFIG_HEADER(config.h)
@@ -57,8 +57,8 @@
AC_SUBST(CONFIGURE_AMFLAGS) ],
[ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
- AC_CHECK_FILE($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
- [ AC_CHECK_FILE(/usr/src/linux/include/linux/pfkeyv2.h,
+ AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
+ [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
KERNEL_INCLUDE=/usr/src/linux/include ,
[ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
AC_SUBST(KERNEL_INCLUDE)
@@ -73,9 +73,10 @@
[#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
- AC_SUBST(GLIBC_BUGS)
GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
+ CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
+ AC_SUBST(GLIBC_BUGS)
;;
*)
if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
@@ -94,6 +95,7 @@
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
+AC_CHECK_HEADERS(shadow.h)
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
@@ -149,6 +151,27 @@
], [])], [])
fi
+
+AC_MSG_CHECKING(if --with-flex option is specified)
+AC_ARG_WITH(flexdir,
+ [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
+ [flexdir="$withval"])
+AC_MSG_RESULT(${flexdir-dirdefault})
+
+if test "x$flexdir" != "x"; then
+ LIBS="$LIBS $flexdir/libfl.a"
+fi
+
+AC_MSG_CHECKING(if --with-flexlib option is specified)
+AC_ARG_WITH(flexlib,
+ [ --with-flexlib=<LIB> specify flex library.],
+ [flexlib="$withval"])
+AC_MSG_RESULT(${flexlib-default})
+
+if test "x$flexlib" != "x"; then
+ LIBS="$LIBS $flexlib"
+fi
+
# Check if a different OpenSSL directory was specified
AC_MSG_CHECKING(if --with-openssl option is specified)
AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory],
@@ -157,15 +180,21 @@
if test "x$crypto_dir" != "x"; then
LIBS="$LIBS -L${crypto_dir}/lib"
- CPPFLAGS_ADD="-I${crypto_dir}/include $CPPFLAGS_ADD"
+ CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
fi
AC_MSG_CHECKING(openssl version)
-AC_EGREP_CPP(yes, [#include <openssl/opensslv.h>
-#if OPENSSL_VERSION_NUMBER >= 0x0090602fL
-yes
-#endif], [AC_MSG_RESULT(ok)], [AC_MSG_RESULT(too old)
- AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
- ])
+
+AC_TRY_COMPILE(
+[#include <openssl/opensslv.h>
+],
+[#if OPENSSL_VERSION_NUMBER < 0x0090602fL
+#error OpenSSL version is too old ...
+#endif],
+[AC_MSG_RESULT([ok])],
+[AC_MSG_RESULT(too old)
+AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
+])
+
AC_CHECK_HEADERS(openssl/engine.h)
# checking rijndael
@@ -175,10 +204,23 @@
# checking sha2
AC_MSG_CHECKING(sha2 support)
AC_DEFINE([WITH_SHA2], [], [SHA2 support])
+AC_MSG_RESULT(yes)
AC_CHECK_HEADER(openssl/sha2.h, [], [
+ AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
+ AC_TRY_COMPILE([
+ #include <openssl/sha.h>
+ ], [
+ typedef int SHA256_CTX;
+ ], [AC_MSG_RESULT(no)
+ AC_LIBOBJ([sha2])
+ CRYPTOBJS="$CRYPTOBJS sha2.o"
+ ], [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
+ ])
+
CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"
- AC_LIBOBJ([sha2])
- CRYPTOBJS="$CRYPTOBJS sha2.o"])
+])
AC_SUBST(CRYPTOBJS)
# Option --enable-adminport
@@ -219,7 +261,7 @@
AC_SUBST(EXTRA_CRYPTO)
# For dynamic libradius
-RACOON_PATH_LIBS(MD5_Init, crypto)
+RACOON_PATH_LIBS([MD5_Init], [crypto])
# Check for Kerberos5 support
AC_MSG_CHECKING(if --enable-gssapi option is specified)
@@ -248,33 +290,52 @@
LIBS="$LIBS $krb5_libs"
CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
+
+ # Check if iconv 2nd argument needs const
+ AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
+ AC_MSG_CHECKING([if iconv second argument needs const])
+ AC_TRY_COMPILE([
+ #include <iconv.h>
+ #include <stdio.h>
+ ], [
+ iconv_t cd = NULL;
+ const char **src = NULL;
+ size_t *srcleft = NULL;
+ char **dst = NULL;
+ size_t *dstleft = NULL;
+
+ (void)iconv(cd, src, srcleft, dst, dstleft);
+ ], [AC_MSG_RESULT(yes)
+ AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
+ ], [AC_MSG_RESULT(no)])
+
fi
AC_MSG_CHECKING([if --enable-hybrid option is specified])
AC_ARG_ENABLE(hybrid,
[ --enable-hybrid enable hybrid, both mode-cfg and xauth support],
- [
+ [], [enable_hybrid=no])
+AC_MSG_RESULT($enable_hybrid)
+
+if test "x$enable_hybrid" = "xyes"; then
LIBS="$LIBS -lcrypt";
- enable_hybrid=yes;
HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
AC_SUBST(HYBRID_OBJS)
AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
- ],
- [enable_hybrid=no])
-AC_MSG_RESULT($enable_hybrid)
+fi
AC_MSG_CHECKING([if --enable-frag option is specified])
AC_ARG_ENABLE(frag,
[ --enable-frag enable IKE fragmentation payload support],
- [
+ [], [enable_frag=no])
+AC_MSG_RESULT($enable_frag)
+
+if test "x$enable_frag" = "xyes"; then
LIBS="$LIBS -lcrypt";
- enable_frag=yes;
FRAG_OBJS="isakmp_frag.o"
AC_SUBST(FRAG_OBJS)
AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
- ],
- [enable_frag=no])
-AC_MSG_RESULT($enable_frag)
+fi
AC_MSG_CHECKING(if --with-libradius option is specified)
AC_ARG_WITH(libradius,
@@ -287,11 +348,11 @@
libradius_dir="";
fi;
if test "x$libradius_dir" = "x"; then
- RACOON_PATH_LIBS(rad_create_request, radius)
+ RACOON_PATH_LIBS([rad_create_request], [radius])
else
if test -d "$libradius_dir/lib" -a \
-d "$libradius_dir/include" ; then
- RACOON_PATH_LIBS(rad_create_request, radius, "$libradius_dir/lib")
+ RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
else
AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
@@ -313,11 +374,11 @@
libpam_dir="";
fi;
if test "x$libpam_dir" = "x"; then
- RACOON_PATH_LIBS(pam_start, pam)
+ RACOON_PATH_LIBS([pam_start], [pam])
else
if test -d "$libpam_dir/lib" -a \
-d "$libpam_dir/include" ; then
- RACOON_PATH_LIBS(pam_start, pam, "$libpam_dir/lib")
+ RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
else
AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
@@ -352,6 +413,19 @@
[ --enable-samode-unspec enable to use unspecified a mode of SA],
[], [enable_samode_unspec=no])
if test "x$enable_samode_unspec" = "xyes"; then
+ case $host_os in
+ *linux*)
+ cat << EOC
Home |
Main Index |
Thread Index |
Old Index