5 files changed, 229 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-Fix-warning-with-gcc-4.8.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-Fix-warning-with-gcc-4.8.patch
new file mode 100644
index 0000000000..61f39d1961
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-Fix-warning-with-gcc-4.8.patch
@@ -0,0 +1,36 @@
+From fc230d5ded73fe4049aa586eacbe4098aeff912f Mon Sep 17 00:00:00 2001
+From: Paul Barker <paul@paulbarker.me.uk>
+Date: Wed, 12 Jun 2013 17:39:06 +0100
+Subject: [PATCH] Fix warning with gcc 4.8.
+The line "memset(pair, 0, sizeof(pair));" was causing the following warning:
+        error: argument to 'sizeof' in 'memset' call is the same expression as
+        the destination; did you mean to dereference
+Compiling with -Werror (as specified in configure.ac) was causing this warning
+to become an error. The line itself is not needed as memory is allocated via
+calloc which performs zero initialization. Therefore, the line is removed to fix
+the warning and does not need replacing anything.
+---
+ src/racoon/ipsec_doi.c | 1 -
+ 1 file changed, 1 deletion(-)
+Upstream-Status: Accepted
+        (in CVS HEAD and 0_8-stable, expected to be present in next release)
+diff --git a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
+index 2b48d49..4e9d3a8 100644
+--- a/src/racoon/ipsec_doi.c
+++ b/src/racoon/ipsec_doi.c
+@@ -1183,7 +1183,6 @@ get_proppair_and_doi_sit(sa, mode, doitype, sittype)
+                        "failed to get buffer.\n");
+                goto bad;
+        }
+-       memset(pair, 0, sizeof(pair));
+ 
+        bp = (caddr_t)(sab + 1);
+        tlen = sa->l - sizeof(*sab);
+-- 
+1.8.3
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0002-Don-t-link-against-libfl.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0002-Don-t-link-against-libfl.patch
new file mode 100644
index 0000000000..13e9d73fc4
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0002-Don-t-link-against-libfl.patch
@@ -0,0 +1,87 @@
+From e48b9097dce7bc2bfbb9e9c542124d3b5cebab39 Mon Sep 17 00:00:00 2001
+From: Paul Barker <paul@paulbarker.me.uk>
+Date: Wed, 5 Mar 2014 13:39:14 +0000
+Subject: [PATCH] Don't link against libfl
+We can remove all references to yywrap by adding "%option noyywrap" statements
+to each flex source file that doesn't override yywrap. After this, we no longer
+need to link against libfl and so no longer get errors about undefined
+references to yylex.
+Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
+Upstream-status: Submitted 2014-03-11
+    see http://sourceforge.net/p/ipsec-tools/mailman/ipsec-tools-devel/thread/CANyK_8ewmxGA3vBVJW6s1APXPmxPR%2BDFWZ61EL8pCt288aKQ6w%40mail.gmail.com/#msg32088797
+---
+ src/libipsec/Makefile.am | 1 -
+ src/racoon/Makefile.am   | 2 +-
+ src/racoon/cftoken.l     | 2 ++
+ src/setkey/Makefile.am   | 1 -
+ src/setkey/token.l       | 2 ++
+ 5 files changed, 5 insertions(+), 3 deletions(-)
+diff --git a/src/libipsec/Makefile.am b/src/libipsec/Makefile.am
+index 6a4e3b3..df1e106 100644
+--- a/src/libipsec/Makefile.am
+++ b/src/libipsec/Makefile.am
+@@ -26,7 +26,6 @@ libipsec_la_SOURCES = \
+ # version is current:revision:age.
+ # See: http://www.gnu.org/manual/libtool-1.4.2/html_chapter/libtool_6.html#SEC32
+ libipsec_la_LDFLAGS = -version-info 0:1:0
+-libipsec_la_LIBADD = $(LEXLIB)
+ 
+ noinst_HEADERS = ipsec_strerror.h
+ 
+diff --git a/src/racoon/Makefile.am b/src/racoon/Makefile.am
+index dbaded9..0662957 100644
+--- a/src/racoon/Makefile.am
+++ b/src/racoon/Makefile.am
+@@ -38,7 +38,7 @@ racoon_SOURCES = \
+        cftoken.l cfparse.y prsa_tok.l prsa_par.y 
+ EXTRA_racoon_SOURCES = isakmp_xauth.c isakmp_cfg.c isakmp_unity.c throttle.c \
+        isakmp_frag.c nattraversal.c security.c $(MISSING_ALGOS)
+-racoon_LDADD = $(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) $(LEXLIB) \
+racoon_LDADD = $(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) \
+         $(SECCTX_OBJS) vmbuf.o sockmisc.o misc.o ../libipsec/libipsec.la
+ racoon_DEPENDENCIES = \
+        $(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) $(SECCTX_OBJS) \
+diff --git a/src/racoon/cftoken.l b/src/racoon/cftoken.l
+index 490242c..1701922 100644
+--- a/src/racoon/cftoken.l
+++ b/src/racoon/cftoken.l
+@@ -106,6 +106,8 @@ static int incstackp = 0;
+ static int yy_first_time = 1;
+ %}
+ 
+%option noyywrap
+
+ /* common seciton */
+ nl             \n
+ ws             [ \t]+
+diff --git a/src/setkey/Makefile.am b/src/setkey/Makefile.am
+index 746c1f1..389e6cf 100644
+--- a/src/setkey/Makefile.am
+++ b/src/setkey/Makefile.am
+@@ -13,7 +13,6 @@ setkey_SOURCES = \
+ 
+ setkey_LDFLAGS = ../libipsec/libipsec.la
+ setkey_DEPENDENCIES = ../libipsec/libipsec.la
+-setkey_LDADD = $(LEXLIB)
+ 
+ noinst_HEADERS = vchar.h extern.h
+ man8_MANS = setkey.8
+diff --git a/src/setkey/token.l b/src/setkey/token.l
+index ad3d843..eb23b76 100644
+--- a/src/setkey/token.l
+++ b/src/setkey/token.l
+@@ -88,6 +88,8 @@
+ #endif
+ %}
+ 
+%option noyywrap
+
+ /* common section */
+ nl             \n
+ ws             [ \t]+
+-- 
+1.9.0
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoonctl-build-fix.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoonctl-build-fix.patch
new file mode 100644
index 0000000000..eb8fa3e160
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoonctl-build-fix.patch
@@ -0,0 +1,35 @@
+diff -rupN ipsec-tools-0.8.1.old/src/racoon/Makefile.am ipsec-tools-0.8.1/src/racoon/Makefile.am
+--- ipsec-tools-0.8.1.old/src/racoon/Makefile.am        2014-03-05 12:16:52.907101044 +0100
+++ ipsec-tools-0.8.1/src/racoon/Makefile.am    2014-03-05 12:17:10.946320064 +0100
+@@ -44,7 +44,17 @@ racoon_DEPENDENCIES = \
+        $(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) $(SECCTX_OBJS) \
+        vmbuf.o sockmisc.o misc.o
+ 
+-racoonctl_SOURCES = racoonctl.c str2val.c 
+racoonctl_SOURCES = \
+       session.c isakmp.c handler.c \
+       isakmp_ident.c isakmp_agg.c isakmp_base.c \
+       isakmp_quick.c isakmp_inf.c isakmp_newg.c \
+       gssapi.c dnssec.c getcertsbyname.c privsep.c \
+       pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \
+       policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \
+       proposal.c sainfo.c strnames.c \
+       plog.c logger.c schedule.c str2val.c \
+       safefile.c backupsa.c genlist.c rsalist.c \
+       cftoken.l cfparse.y prsa_tok.l prsa_par.y racoonctl.c
+ racoonctl_LDADD = libracoon.la ../libipsec/libipsec.la 
+ 
+ libracoon_la_SOURCES = kmpstat.c vmbuf.c sockmisc.c misc.c
+diff -rupN ipsec-tools-0.8.1.old/src/racoon/racoonctl.c ipsec-tools-0.8.1/src/racoon/racoonctl.c
+--- ipsec-tools-0.8.1.old/src/racoon/racoonctl.c        2014-03-05 12:16:52.915100698 +0100
+++ ipsec-tools-0.8.1/src/racoon/racoonctl.c    2014-03-05 12:17:17.906018754 +0100
+@@ -247,6 +247,9 @@ usage()
+ #error "Incompatible racoonctl interface"
+ #endif
+ 
+int f_local = 0;       /* local test mode.  behave like a wall. */
+int dump_config =0;
+
+ int
+ main(ac, av)
+        int ac;
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/with-flexdir.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/with-flexdir.patch
new file mode 100644
index 0000000000..da1169218a
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/with-flexdir.patch
@@ -0,0 +1,14 @@
+--- ipsec-tools-0.8.1.old/configure.ac  2014-03-04 16:24:57.431207664 +0100
+++ ipsec-tools-0.8.1/configure.ac      2014-03-04 16:26:00.372461304 +0100
+@@ -171,9 +171,9 @@ if test $with_readline != "no"; then
+ fi
+ 
+ 
+-AC_MSG_CHECKING(if --with-flex option is specified)
+AC_MSG_CHECKING(if --with-flexdir option is specified)
+ AC_ARG_WITH(flexdir,
+-       [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
+       [AC_HELP_STRING([--with-flexdir], [use directory (default: no)])],
+        [flexdir="$withval"])
+ AC_MSG_RESULT(${flexdir-dirdefault})
+ 
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
new file mode 100644
index 0000000000..b94404122d
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
@@ -0,0 +1,57 @@
+DESCRIPTION = "IPsec-Tools is a port of KAME's IPsec utilities to the \
+Linux-2.6 IPsec implementation."
+HOMEPAGE = "http://ipsec-tools.sourceforge.net/"
+SECTION = "console/network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://src/libipsec/pfkey.c;beginline=6;endline=31;md5=bc9b7ff40beff19fe6bc6aef26bd2b24"
+DEPENDS = "virtual/kernel openssl readline flex-native bison-native"
+SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV}.tar.bz2 \
+           file://0001-Fix-warning-with-gcc-4.8.patch \
+           file://0002-Don-t-link-against-libfl.patch \
+           file://racoonctl-build-fix.patch \
+           file://with-flexdir.patch \
+          "
+SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8"
+SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4"
+inherit autotools
+# Options:
+#  --enable-adminport      enable admin port
+#  --enable-rc5            enable RC5 encryption (patented)
+#  --enable-idea enable IDEA encryption (patented)
+#  --enable-gssapi         enable GSS-API authentication
+#  --enable-hybrid         enable hybrid, both mode-cfg and xauth support
+#  --enable-frag           enable IKE fragmentation payload support
+#  --enable-stats          enable statistics logging function
+#  --enable-dpd            enable dead peer detection
+#  --enable-samode-unspec  enable to use unspecified a mode of SA
+#  --disable-ipv6          disable ipv6 support
+#  --enable-natt           enable NAT-Traversal (yes/no/kernel)
+#  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.
+#  --with-kernel-headers=/lib/modules/<uname>/build/include
+#                          where your Linux Kernel headers are installed
+#  --with-readline         support readline input (yes by default)
+#  --with-flex             use directiory (default: no)
+#  --with-flexlib=<LIB>    specify flex library.
+#  --with-openssl=DIR      specify OpenSSL directory
+#  --with-libradius=DIR    specify libradius path (like/usr/pkg)
+#  --with-libpam=DIR       specify libpam path (like/usr/pkg)
+#
+# Note: if you give it the actual kernel headers it won't build, it actually
+# needs to point at the linux-libc-headers version of the kernel headers.
+#
+EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
+                --with-readline \
+                --with-openssl=${STAGING_LIBDIR}/.. \
+                --without-libradius \
+                --without-libpam \
+                --disable-security-context \
+                --enable-shared \
+                ${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"
+# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
+CFLAGS += "-fno-strict-aliasing"

diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-Fix-warning-with-gcc-4.8.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-Fix-warning-with-gcc-4.8.patch new file mode 100644 index 0000000000..61f39d1961 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-Fix-warning-with-gcc-4.8.patch
@@ -0,0 +1,36 @@
	1	From fc230d5ded73fe4049aa586eacbe4098aeff912f Mon Sep 17 00:00:00 2001
	2	From: Paul Barker <paul@paulbarker.me.uk>
	3	Date: Wed, 12 Jun 2013 17:39:06 +0100
	4	Subject: [PATCH] Fix warning with gcc 4.8.
	5
	6	The line "memset(pair, 0, sizeof(pair));" was causing the following warning:
	7
	8	error: argument to 'sizeof' in 'memset' call is the same expression as
	9	the destination; did you mean to dereference
	10
	11	Compiling with -Werror (as specified in configure.ac) was causing this warning
	12	to become an error. The line itself is not needed as memory is allocated via
	13	calloc which performs zero initialization. Therefore, the line is removed to fix
	14	the warning and does not need replacing anything.
	15	---
	16	src/racoon/ipsec_doi.c \| 1 -
	17	1 file changed, 1 deletion(-)
	18
	19	Upstream-Status: Accepted
	20	(in CVS HEAD and 0_8-stable, expected to be present in next release)
	21
	22	diff --git a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
	23	index 2b48d49..4e9d3a8 100644
	24	--- a/src/racoon/ipsec_doi.c
	25	+++ b/src/racoon/ipsec_doi.c
	26	@@ -1183,7 +1183,6 @@ get_proppair_and_doi_sit(sa, mode, doitype, sittype)
	27	"failed to get buffer.\n");
	28	goto bad;
	29	}
	30	- memset(pair, 0, sizeof(pair));
	31
	32	bp = (caddr_t)(sab + 1);
	33	tlen = sa->l - sizeof(*sab);
	34	--
	35	1.8.3
	36


diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0002-Don-t-link-against-libfl.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0002-Don-t-link-against-libfl.patch new file mode 100644 index 0000000000..13e9d73fc4 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0002-Don-t-link-against-libfl.patch
@@ -0,0 +1,87 @@
	1	From e48b9097dce7bc2bfbb9e9c542124d3b5cebab39 Mon Sep 17 00:00:00 2001
	2	From: Paul Barker <paul@paulbarker.me.uk>
	3	Date: Wed, 5 Mar 2014 13:39:14 +0000
	4	Subject: [PATCH] Don't link against libfl
	5
	6	We can remove all references to yywrap by adding "%option noyywrap" statements
	7	to each flex source file that doesn't override yywrap. After this, we no longer
	8	need to link against libfl and so no longer get errors about undefined
	9	references to yylex.
	10
	11	Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
	12	Upstream-status: Submitted 2014-03-11
	13	see http://sourceforge.net/p/ipsec-tools/mailman/ipsec-tools-devel/thread/CANyK_8ewmxGA3vBVJW6s1APXPmxPR%2BDFWZ61EL8pCt288aKQ6w%40mail.gmail.com/#msg32088797
	14	---
	15	src/libipsec/Makefile.am \| 1 -
	16	src/racoon/Makefile.am \| 2 +-
	17	src/racoon/cftoken.l \| 2 ++
	18	src/setkey/Makefile.am \| 1 -
	19	src/setkey/token.l \| 2 ++
	20	5 files changed, 5 insertions(+), 3 deletions(-)
	21
	22	diff --git a/src/libipsec/Makefile.am b/src/libipsec/Makefile.am
	23	index 6a4e3b3..df1e106 100644
	24	--- a/src/libipsec/Makefile.am
	25	+++ b/src/libipsec/Makefile.am
	26	@@ -26,7 +26,6 @@ libipsec_la_SOURCES = \
	27	# version is current:revision:age.
	28	# See: http://www.gnu.org/manual/libtool-1.4.2/html_chapter/libtool_6.html#SEC32
	29	libipsec_la_LDFLAGS = -version-info 0:1:0
	30	-libipsec_la_LIBADD = $(LEXLIB)
	31
	32	noinst_HEADERS = ipsec_strerror.h
	33
	34	diff --git a/src/racoon/Makefile.am b/src/racoon/Makefile.am
	35	index dbaded9..0662957 100644
	36	--- a/src/racoon/Makefile.am
	37	+++ b/src/racoon/Makefile.am
	38	@@ -38,7 +38,7 @@ racoon_SOURCES = \
	39	cftoken.l cfparse.y prsa_tok.l prsa_par.y
	40	EXTRA_racoon_SOURCES = isakmp_xauth.c isakmp_cfg.c isakmp_unity.c throttle.c \
	41	isakmp_frag.c nattraversal.c security.c $(MISSING_ALGOS)
	42	-racoon_LDADD = $(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) $(LEXLIB) \
	43	+racoon_LDADD = $(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) \
	44	$(SECCTX_OBJS) vmbuf.o sockmisc.o misc.o ../libipsec/libipsec.la
	45	racoon_DEPENDENCIES = \
	46	$(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) $(SECCTX_OBJS) \
	47	diff --git a/src/racoon/cftoken.l b/src/racoon/cftoken.l
	48	index 490242c..1701922 100644
	49	--- a/src/racoon/cftoken.l
	50	+++ b/src/racoon/cftoken.l
	51	@@ -106,6 +106,8 @@ static int incstackp = 0;
	52	static int yy_first_time = 1;
	53	%}
	54
	55	+%option noyywrap
	56	+
	57	/* common seciton */
	58	nl \n
	59	ws [ \t]+
	60	diff --git a/src/setkey/Makefile.am b/src/setkey/Makefile.am
	61	index 746c1f1..389e6cf 100644
	62	--- a/src/setkey/Makefile.am
	63	+++ b/src/setkey/Makefile.am
	64	@@ -13,7 +13,6 @@ setkey_SOURCES = \
	65
	66	setkey_LDFLAGS = ../libipsec/libipsec.la
	67	setkey_DEPENDENCIES = ../libipsec/libipsec.la
	68	-setkey_LDADD = $(LEXLIB)
	69
	70	noinst_HEADERS = vchar.h extern.h
	71	man8_MANS = setkey.8
	72	diff --git a/src/setkey/token.l b/src/setkey/token.l
	73	index ad3d843..eb23b76 100644
	74	--- a/src/setkey/token.l
	75	+++ b/src/setkey/token.l
	76	@@ -88,6 +88,8 @@
	77	#endif
	78	%}
	79
	80	+%option noyywrap
	81	+
	82	/* common section */
	83	nl \n
	84	ws [ \t]+
	85	--
	86	1.9.0
	87


diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoonctl-build-fix.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoonctl-build-fix.patch new file mode 100644 index 0000000000..eb8fa3e160 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoonctl-build-fix.patch
@@ -0,0 +1,35 @@
	1	diff -rupN ipsec-tools-0.8.1.old/src/racoon/Makefile.am ipsec-tools-0.8.1/src/racoon/Makefile.am
	2	--- ipsec-tools-0.8.1.old/src/racoon/Makefile.am 2014-03-05 12:16:52.907101044 +0100
	3	+++ ipsec-tools-0.8.1/src/racoon/Makefile.am 2014-03-05 12:17:10.946320064 +0100
	4	@@ -44,7 +44,17 @@ racoon_DEPENDENCIES = \
	5	$(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) $(SECCTX_OBJS) \
	6	vmbuf.o sockmisc.o misc.o
	7
	8	-racoonctl_SOURCES = racoonctl.c str2val.c
	9	+racoonctl_SOURCES = \
	10	+ session.c isakmp.c handler.c \
	11	+ isakmp_ident.c isakmp_agg.c isakmp_base.c \
	12	+ isakmp_quick.c isakmp_inf.c isakmp_newg.c \
	13	+ gssapi.c dnssec.c getcertsbyname.c privsep.c \
	14	+ pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \
	15	+ policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \
	16	+ proposal.c sainfo.c strnames.c \
	17	+ plog.c logger.c schedule.c str2val.c \
	18	+ safefile.c backupsa.c genlist.c rsalist.c \
	19	+ cftoken.l cfparse.y prsa_tok.l prsa_par.y racoonctl.c
	20	racoonctl_LDADD = libracoon.la ../libipsec/libipsec.la
	21
	22	libracoon_la_SOURCES = kmpstat.c vmbuf.c sockmisc.c misc.c
	23	diff -rupN ipsec-tools-0.8.1.old/src/racoon/racoonctl.c ipsec-tools-0.8.1/src/racoon/racoonctl.c
	24	--- ipsec-tools-0.8.1.old/src/racoon/racoonctl.c 2014-03-05 12:16:52.915100698 +0100
	25	+++ ipsec-tools-0.8.1/src/racoon/racoonctl.c 2014-03-05 12:17:17.906018754 +0100
	26	@@ -247,6 +247,9 @@ usage()
	27	#error "Incompatible racoonctl interface"
	28	#endif
	29
	30	+int f_local = 0; /* local test mode. behave like a wall. */
	31	+int dump_config =0;
	32	+
	33	int
	34	main(ac, av)
	35	int ac;


diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/with-flexdir.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/with-flexdir.patch new file mode 100644 index 0000000000..da1169218a --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/with-flexdir.patch
@@ -0,0 +1,14 @@
	1	--- ipsec-tools-0.8.1.old/configure.ac 2014-03-04 16:24:57.431207664 +0100
	2	+++ ipsec-tools-0.8.1/configure.ac 2014-03-04 16:26:00.372461304 +0100
	3	@@ -171,9 +171,9 @@ if test $with_readline != "no"; then
	4	fi
	5
	6
	7	-AC_MSG_CHECKING(if --with-flex option is specified)
	8	+AC_MSG_CHECKING(if --with-flexdir option is specified)
	9	AC_ARG_WITH(flexdir,
	10	- [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
	11	+ [AC_HELP_STRING([--with-flexdir], [use directory (default: no)])],
	12	[flexdir="$withval"])
	13	AC_MSG_RESULT(${flexdir-dirdefault})
	14


diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb new file mode 100644 index 0000000000..b94404122d --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
@@ -0,0 +1,57 @@
	1	DESCRIPTION = "IPsec-Tools is a port of KAME's IPsec utilities to the \
	2	Linux-2.6 IPsec implementation."
	3	HOMEPAGE = "http://ipsec-tools.sourceforge.net/"
	4	SECTION = "console/network"
	5	LICENSE = "BSD"
	6	LIC_FILES_CHKSUM = "file://src/libipsec/pfkey.c;beginline=6;endline=31;md5=bc9b7ff40beff19fe6bc6aef26bd2b24"
	7
	8	DEPENDS = "virtual/kernel openssl readline flex-native bison-native"
	9
	10	SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV}.tar.bz2 \
	11	file://0001-Fix-warning-with-gcc-4.8.patch \
	12	file://0002-Don-t-link-against-libfl.patch \
	13	file://racoonctl-build-fix.patch \
	14	file://with-flexdir.patch \
	15	"
	16	SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8"
	17	SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4"
	18
	19	inherit autotools
	20
	21	# Options:
	22	# --enable-adminport enable admin port
	23	# --enable-rc5 enable RC5 encryption (patented)
	24	# --enable-idea enable IDEA encryption (patented)
	25	# --enable-gssapi enable GSS-API authentication
	26	# --enable-hybrid enable hybrid, both mode-cfg and xauth support
	27	# --enable-frag enable IKE fragmentation payload support
	28	# --enable-stats enable statistics logging function
	29	# --enable-dpd enable dead peer detection
	30	# --enable-samode-unspec enable to use unspecified a mode of SA
	31	# --disable-ipv6 disable ipv6 support
	32	# --enable-natt enable NAT-Traversal (yes/no/kernel)
	33	# --enable-natt-versions=list list of supported NAT-T versions delimited by coma.
	34	# --with-kernel-headers=/lib/modules/<uname>/build/include
	35	# where your Linux Kernel headers are installed
	36	# --with-readline support readline input (yes by default)
	37	# --with-flex use directiory (default: no)
	38	# --with-flexlib=<LIB> specify flex library.
	39	# --with-openssl=DIR specify OpenSSL directory
	40	# --with-libradius=DIR specify libradius path (like/usr/pkg)
	41	# --with-libpam=DIR specify libpam path (like/usr/pkg)
	42	#
	43	# Note: if you give it the actual kernel headers it won't build, it actually
	44	# needs to point at the linux-libc-headers version of the kernel headers.
	45	#
	46	EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
	47	--with-readline \
	48	--with-openssl=${STAGING_LIBDIR}/.. \
	49	--without-libradius \
	50	--without-libpam \
	51	--disable-security-context \
	52	--enable-shared \
	53	${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"
	54
	55	# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
	56	CFLAGS += "-fno-strict-aliasing"
	57