ipsec-tools-0.5.1 was released March 22. I removed the epatch line, as the fix for that exploit is in 0.5.1; is the sed removal of $include <sys/sysctl.h> from src/racoon/pfkey.c and src/setkey/setkey.c necessary? Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 56896 [details] Ebuild for ipsec-tools-0.5.1
Any chance of renaming /etc/ipsec.conf.sample to /etc/setkey.conf.sample? I'm not certain, but it looks like the /etc/ipsec.conf name is a holdover from freeswan... Any opinions? Perhaps this should be a separate bug, but I thought if we are going to 0.5.1 soon, perhaps a name change would be in order as well.
Also see bug 87920 for information about the ipv6 problem. I'll attach the patch here also.
Created attachment 57402 [details, diff] Patch to configure.ac for ipv6 problem.
With the configur.ac patch placed in files/ipsec-tools-0.5.1-ipv6-configure.diff and the following patch, ./configure dies on me at this stage: checking for openssl/sha2.h... no checking if --enable-adminport option is specified... yes checking if --enable-gssapi option is specified... no checking for krb5-config... no checking if --enable-hybrid option is specified... yes checking if --enable-frag option is specified... yes ./configure: line 24004: syntax error near unexpected token `MD5_Init,' ./configure: line 24004: `RACOON_PATH_LIBS(MD5_Init, crypto)' make: *** [config.status] Error 2 0.5.1 was previously installed (using my previous ebuild) and worked, although without ipv6. But since ipv6 is broken in that build, i think massaging this one is necessary.
Created attachment 57691 [details] New ebuild for 0.5.1 (includes ipv6, but broken) configure fails on my setup; are we still handling the libtoolize thing this way? (only refs I saw were from late 2004)
I've just commited 0.5.2 to the tree, so marking this FIXED. Please see comment #6 on bug #92363 for my opinion on changing the config file location. As to that configure error, that was a problem as aclocal wasn't being called with "-I ." so aclocal wasn't finding the definitions in the acracoon.m4 file. See the ipsec-tools-0.5-r2.ebuild for the fix. Thanks.