Import IPsec-tools 0.6.3. This fixes several bugs, including bugs that

caused DoS.

crypto/dist/ipsec-tools/NEWS

@@ -1,5 +1,8 @@
 Version history:
 ----------------
+0.6.3	- 21 November 2005
+	o Various bug fixes
+
 0.6.2	- 14 October 2005
 	o ISAKMP mode config works without Xauth
 

crypto/dist/ipsec-tools/configure.ac

@@ -1,8 +1,8 @@
 dnl -*- mode: m4 -*-
-dnl Id: configure.ac,v 1.47.2.29 2005/10/14 09:24:43 manubsd Exp
+dnl Id: configure.ac,v 1.47.2.31 2005/11/21 11:11:41 manubsd Exp
 
 AC_PREREQ(2.52)
-AC_INIT(ipsec-tools, 0.6.2)
+AC_INIT(ipsec-tools, 0.6.3)
 AC_CONFIG_SRCDIR([configure.ac])
 AM_CONFIG_HEADER(config.h)
 
@@ -108,7 +108,7 @@ AC_STRUCT_TM
 AC_FUNC_MEMCMP
 AC_TYPE_SIGNAL
 AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy)
+AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
 AC_REPLACE_FUNCS(strdup)
 RACOON_CHECK_VA_COPY
 
@@ -210,13 +210,13 @@ AC_CHECK_HEADER(openssl/sha2.h, [], [
 	AC_TRY_COMPILE([
 		#include <openssl/sha.h>
 	], [
-		typedef int SHA256_CTX;
-	], [AC_MSG_RESULT(no)
-	    AC_LIBOBJ([sha2])
-	    CRYPTOBJS="$CRYPTOBJS sha2.o"
+		SHA256_CTX ctx;
 	], [
 	    AC_MSG_RESULT(yes)
 	    AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
+	], [AC_MSG_RESULT(no)
+	    AC_LIBOBJ([sha2])
+	    CRYPTOBJS="$CRYPTOBJS sha2.o"
 	])
 
 	CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"

crypto/dist/ipsec-tools/rpm/suse/ipsec-tools.spec

@@ -0,0 +1,110 @@
+#
+# spec file for package ipsec-tools
+#
+# Copyright (c) 2005 SUSE LINUX AG, Nuernberg, Germany.
+# This file and all modifications and additions to the pristine
+# package are under the same license as the package itself.
+#
+# Please submit bugfixes or comments via http://www.suse.de/feedback/
+#
+
+# norootforbuild
+# neededforbuild  kernel-source openssl openssl-devel readline-devel
+
+BuildRequires: aaa_base acl attr bash bind-utils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db devs diffutils e2fsprogs file filesystem fillup findutils flex gawk gdbm-devel glibc glibc-devel glibc-locale gpm grep groff gzip info insserv less libacl libattr libgcc libselinux libstdc++ libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch permissions popt procinfo procps psmisc pwdutils rcs readline sed strace syslogd sysvinit tar tcpd texinfo timezone unzip util-linux vim zlib zlib-devel autoconf automake binutils gcc gdbm gettext kernel-source libtool openssl-devel perl readline-devel rpm
+
+Name:         ipsec-tools
+Version:      0.6.3
+Release:      0
+License:      Other License(s), see package, BSD
+Group:        Productivity/Networking/Security
+Provides:     racoon
+PreReq:       %insserv_prereq %fillup_prereq
+Autoreqprov:  on
+Summary:      IPsec Utilities
+Source:       http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
+Source1:      racoon.init
+Source2:      sysconfig.racoon
+URL:          http://ipsec-tools.sourceforge.net/
+Prefix:       /usr
+BuildRoot:    %{_tmppath}/%{name}-%{version}-build
+
+%description
+This is the IPsec-Tools package.  This package is needed to really make
+use of the IPsec functionality in the version 2.5 and 2.6 Linux
+kernels.  This package builds:
+
+- libipsec, a PFKeyV2 library
+
+- setkey, a program to directly manipulate policies and SAs
+
+- racoon, an IKEv1 keying daemon
+
+These sources can be found at the IPsec-Tools home page at:
+http://ipsec-tools.sourceforge.net/
+
+
+
+Authors:
+--------
+    Derek Atkins  <derek@ihtfp.com>
+    Michal Ludvig <mludvig@suse.cz>
+
+%prep
+%setup
+
+%build
+%{suse_update_config -f . src/racoon}
+CFLAGS="$RPM_OPT_FLAGS" \
+./configure --prefix=/usr --disable-shared \
+	--mandir=%{_mandir} --infodir=%{_infodir} --libdir=%{_libdir} \
+	--libexecdir=%{_libdir} --sysconfdir=/etc/racoon \
+	--sharedstatedir=/var/run --localstatedir=/var \
+	--enable-dpd --enable-hybrid --enable-frag
+make 
+make check
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT/etc/init.d
+install -m 0755 $RPM_SOURCE_DIR/racoon.init $RPM_BUILD_ROOT/etc/init.d/racoon
+ln -sf /etc/init.d/racoon $RPM_BUILD_ROOT/usr/sbin/rcracoon
+mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
+install -m 644 $RPM_SOURCE_DIR/sysconfig.racoon $RPM_BUILD_ROOT/var/adm/fillup-templates/
+mkdir -p $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/
+cp -rv src/racoon/samples $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/
+cp -v src/setkey/sample* $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/
+
+%post
+%{fillup_and_insserv racoon}
+
+%postun
+%{insserv_cleanup}
+
+%clean
+if test ! -z "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != "/"; then
+  rm -rf $RPM_BUILD_ROOT
+fi
+
+%files
+%defattr(-,root,root)
+%dir /etc/racoon
+%config(noreplace) /etc/racoon/psk.txt
+%config(noreplace) /etc/racoon/racoon.conf
+%config(noreplace) /etc/racoon/setkey.conf
+%config /etc/init.d/racoon
+/usr/sbin/rcracoon
+%dir /usr/include/libipsec/
+%doc /usr/share/doc/packages/%{name}/
+/var/adm/fillup-templates/sysconfig.racoon
+/usr/include/libipsec/libpfkey.h
+/usr/%{_lib}/libipsec.a
+/usr/%{_lib}/libipsec.la
+/usr/sbin/racoon
+/usr/sbin/racoonctl
+/usr/sbin/setkey
+/usr/sbin/plainrsa-gen
+%{_mandir}/man*/*
+
+%changelog -n ipsec-tools

crypto/dist/ipsec-tools/src/libipsec/policy_parse.h

@@ -0,0 +1,29 @@
+/*	$NetBSD: policy_parse.h,v 1.1.1.1 2005/11/21 14:12:17 manu Exp $	*/
+
+typedef union {
+	u_int num;
+	u_int32_t num32;
+	struct _val {
+		int len;
+		char *buf;
+	} val;
+} YYSTYPE;
+#define	DIR	257
+#define	PRIORITY	258
+#define	PLUS	259
+#define	PRIO_BASE	260
+#define	PRIO_OFFSET	261
+#define	ACTION	262
+#define	PROTOCOL	263
+#define	MODE	264
+#define	LEVEL	265
+#define	LEVEL_SPECIFY	266
+#define	IPADDRESS	267
+#define	PORT	268
+#define	ME	269
+#define	ANY	270
+#define	SLASH	271
+#define	HYPHEN	272
+
+
+extern YYSTYPE __libipseclval;

crypto/dist/ipsec-tools/src/setkey/parse.h

@@ -0,0 +1,64 @@
+/*	$NetBSD: parse.h,v 1.1.1.1 2005/11/21 14:12:18 manu Exp $	*/
+
+typedef union {
+	int num;
+	unsigned long ulnum;
+	vchar_t val;
+	struct addrinfo *res;
+} YYSTYPE;
+#define	EOT	257
+#define	SLASH	258
+#define	BLCL	259
+#define	ELCL	260
+#define	ADD	261
+#define	GET	262
+#define	DELETE	263
+#define	DELETEALL	264
+#define	FLUSH	265
+#define	DUMP	266
+#define	EXIT	267
+#define	PR_ESP	268
+#define	PR_AH	269
+#define	PR_IPCOMP	270
+#define	PR_ESPUDP	271
+#define	PR_TCP	272
+#define	F_PROTOCOL	273
+#define	F_AUTH	274
+#define	F_ENC	275
+#define	F_REPLAY	276
+#define	F_COMP	277
+#define	F_RAWCPI	278
+#define	F_MODE	279
+#define	MODE	280
+#define	F_REQID	281
+#define	F_EXT	282
+#define	EXTENSION	283
+#define	NOCYCLICSEQ	284
+#define	ALG_AUTH	285
+#define	ALG_AUTH_NOKEY	286
+#define	ALG_ENC	287
+#define	ALG_ENC_NOKEY	288
+#define	ALG_ENC_DESDERIV	289
+#define	ALG_ENC_DES32IV	290
+#define	ALG_ENC_OLD	291
+#define	ALG_COMP	292
+#define	F_LIFETIME_HARD	293
+#define	F_LIFETIME_SOFT	294
+#define	F_LIFEBYTE_HARD	295
+#define	F_LIFEBYTE_SOFT	296
+#define	DECSTRING	297
+#define	QUOTEDSTRING	298
+#define	HEXSTRING	299
+#define	STRING	300
+#define	ANY	301
+#define	SPDADD	302
+#define	SPDDELETE	303
+#define	SPDDUMP	304
+#define	SPDFLUSH	305
+#define	F_POLICY	306
+#define	PL_REQUESTS	307
+#define	F_AIFLAGS	308
+#define	TAGGED	309
+
+
+extern YYSTYPE yylval;