--- /dev/null
+We handle stripping of the binary through dh_strip, thus remove the
+upstream code handling that, which does not care about our Debian
+build options.
+
+Index: aiccu-20070115/unix-console/Makefile
+===================================================================
+--- aiccu-20070115.orig/unix-console/Makefile 2009-10-25 22:31:57.000000000 +0100
++++ aiccu-20070115/unix-console/Makefile 2009-10-25 22:32:04.000000000 +0100
+@@ -145,11 +145,6 @@
+
+ aiccu: $(OBJS) ${SRCS} ${INCS}
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS)
+-ifeq ($(shell echo $(CFLAGS) | grep -c "DEBUG"),0)
+-ifeq ($(shell echo "$(RPM_OPT_FLAGS)" | wc -c),1)
+- strip $@
+-endif
+-endif
+
+ clean:
+ $(RM) -f $(OBJS) aiccu
--- /dev/null
+It's better for us to see gcc output in the build log to ease debugging.
+Quiet builds make that much harder.
+
+Index: aiccu-20070115/unix-console/Makefile
+===================================================================
+--- aiccu-20070115.orig/unix-console/Makefile 2009-10-25 22:33:06.000000000 +0100
++++ aiccu-20070115/unix-console/Makefile 2009-10-25 22:33:12.000000000 +0100
+@@ -26,7 +26,7 @@
+
+ #CFLAGS += $(CWARNS) -D_GNU_SOURCE -D_DEBUG -g3 -O0
+ CFLAGS += $(CWARNS) -D_GNU_SOURCE
+-CC = @gcc
++CC = gcc
+ RM = rm
+
+ # Add -O3 when nothing is specified yet
--- /dev/null
+Fix some spelling errors to satisfy lintian
+
+--- aiccu.orig/common/aiccu_test.c
++++ aiccu/common/aiccu_test.c
+@@ -133,7 +133,7 @@
+ printf("### This confirms the reachability of the other side of the tunnel\n");
+ printf("### If it doesn't reply then check your interface and routing tables\n");
+ printf("### Don't forget to check your firewall of course\n");
+- printf("### If the previous test was succesful then this could be both\n");
++ printf("### If the previous test was successful then this could be both\n");
+ printf("### a firewalling and a routing/interface problem\n");
+ printf("\n");
+ system_arg(PING6, PINGCOUNT, hTunnel->sIPv6_POP);
+--- aiccu.orig/common/common.c
++++ aiccu/common/common.c
+@@ -484,7 +484,7 @@
+ return false;
+ }
+
+- dolog(LOG_DEBUG, "TLS Handshake completed succesfully\n");
++ dolog(LOG_DEBUG, "TLS Handshake completed successfully\n");
+
+ sock->tls_active = true;
+ return true;
+--- aiccu.orig/common/tic.c
++++ aiccu/common/tic.c
+@@ -517,8 +517,8 @@
+ struct in6_addr ipv6_ll, ipv6_local;
+ char ll[100];
+
+- /* Log that the fetch was succesful */
+- dolog(LOG_INFO, "Succesfully retrieved tunnel information for %s\n", sId);
++ /* Log that the fetch was successful */
++ dolog(LOG_INFO, "Successfully retrieved tunnel information for %s\n", sId);
+
+ /*
+ * Some TUN/TAP devices don't have any
+@@ -652,7 +652,7 @@
+ /* All went okay? */
+ if (buf[0] == '2' && buf[1] == '0' && buf[2] == '2')
+ {
+- dolog(LOG_INFO, "Succesfully retrieved POP information for %s\n", sId);
++ dolog(LOG_INFO, "Successfully retrieved POP information for %s\n", sId);
+ return pop;
+ }
+
--- /dev/null
+commit 0f7db943bef0488644dce11c2ba2d19c180d8650
+Author: Norman Rasmussen <norman@rasmussen.co.za>
+Date: Sun Jan 10 21:43:44 2010 +0000
+
+ Initialize syslog so that we log with our PID as DAEMON.
+
+diff --git a/common/aiccu.c b/common/aiccu.c
+index 9abb334..75aadc8 100755
+--- a/common/aiccu.c
++++ b/common/aiccu.c
+@@ -58,6 +58,9 @@ bool aiccu_InitConfig()
+ int ret;
+ #define CAFILE "ca.pem"
+ #endif
++#ifndef _WIN32
++ openlog(NULL, LOG_PID, LOG_DAEMON);
++#endif
+ /* Allocate & Initialize */
+ g_aiccu = (struct AICCU_conf *)malloc(sizeof(*g_aiccu));
+ if (!g_aiccu) return false;
--- /dev/null
+commit d7c4f7c0d34b80c188fa45228ca282fd8771a41d
+Author: Norman Rasmussen <norman@rasmussen.co.za>
+Date: Sun Jan 10 21:45:55 2010 +0000
+
+ Allow 'tunnels' mode when there's an already running instance.
+
+diff --git a/unix-console/main.c b/unix-console/main.c
+index 8a4d9a9..388d988 100755
+--- a/unix-console/main.c
++++ b/unix-console/main.c
+@@ -50,7 +50,7 @@ int sigrunning(int sig)
+ /* Close the file again */
+ fclose(f);
+
+- /* If we can HUP it, it still runs */
++ /* If we can signal it, it still runs */
+ return (pid > 0 && kill(pid, sig) == 0 ? 1 : 0);
+ }
+
+@@ -302,20 +302,6 @@ int main(int argc, char *argv[])
+ return -1;
+ }
+
+-#ifndef _WIN32
+- /* start or stop? */
+- if ( mode != A_TEST &&
+- mode != A_AUTOTEST)
+- {
+- /* Already running? */
+- if (sigrunning(mode == A_STOP ? SIGTERM : 0) == 1)
+- {
+- dolog(LOG_ERR, "Already running instance HUP'ed, exiting\n");
+- return 0;
+- }
+- }
+-#endif
+-
+ /* Verify required parameters */
+ if (!g_aiccu->username || !g_aiccu->password)
+ {
+@@ -331,6 +317,20 @@ int main(int argc, char *argv[])
+ return ret == 0 ? -1 : 0;
+ }
+
++#ifndef _WIN32
++ /* start or stop? */
++ if ( mode != A_TEST &&
++ mode != A_AUTOTEST)
++ {
++ /* Already running? */
++ if (sigrunning(mode == A_STOP ? SIGTERM : 0) == 1)
++ {
++ dolog(LOG_ERR, "Already running instance signaled, exiting\n");
++ return 0;
++ }
++ }
++#endif
++
+ /* Get our tunnel */
+ hTunnel = get_tunnel();
+
--- /dev/null
+Author: Norman Rasmussen <norman@rasmussen.co.za>
+
+ Make setupscript work and add teardownscript setting.
+
+--- aiccu.orig/common/aiccu.c
++++ aiccu/common/aiccu.c
+@@ -212,9 +212,6 @@
+ fprintf(f, "# Try to automatically login and setup the tunnel?\n");
+ fprintf(f, "automatic %s\n", g_aiccu->automatic ? "true" : "false");
+ fprintf(f, "\n");
+- fprintf(f, "# Script to run after setting up the interfaces (default: none)\n");
+- fprintf(f, "%ssetupscript %s\n", g_aiccu->setupscript ? "" : "#", g_aiccu->setupscript ? g_aiccu->setupscript : "<path>");
+- fprintf(f, "\n");
+ fprintf(f, "# TLS Required?\n");
+ fprintf(f, "requiretls %s\n", g_aiccu->requiretls ? "true" : "false");
+ fprintf(f, "\n");
+@@ -231,6 +228,9 @@
+ fprintf(f, "# PID File\n");
+ fprintf(f, "pidfile %s\n", g_aiccu->pidfile);
+ fprintf(f, "\n");
++ fprintf(f, "# Script to run after setting up the interfaces (default: none)\n");
++ fprintf(f, "%ssetupscript %s\n", g_aiccu->setupscript ? "" : "#", g_aiccu->setupscript ? g_aiccu->setupscript : "<path>");
++ fprintf(f, "\n");
+ fprintf(f, "# Make heartbeats (default true)\n");
+ fprintf(f, "# In general you don't want to turn this off\n");
+ fprintf(f, "# Of course only applies to AYIYA and heartbeat tunnels not to static ones\n");
+--- aiccu.orig/unix-console/main.c
++++ aiccu/unix-console/main.c
+@@ -471,6 +471,11 @@
+ */
+ if (aiccu_setup(hTunnel, true))
+ {
++ if (g_aiccu->setupscript)
++ {
++ aiccu_exec("%s", g_aiccu->setupscript);
++ }
++
+ /* We need to stay running when doing Heartbeat or AYIYA */
+ if ( strcasecmp(hTunnel->sType, "6in4-heartbeat") == 0 ||
+ strcasecmp(hTunnel->sType, "ayiya") == 0)
--- /dev/null
+Make aiccu compile with ld.gold
+
+Index: aiccu-20070115/unix-console/Makefile
+===================================================================
+--- aiccu-20070115.orig/unix-console/Makefile 2011-02-27 17:43:53.872782002 +0000
++++ aiccu-20070115/unix-console/Makefile 2011-02-27 17:44:23.372782001 +0000
+@@ -150,7 +150,7 @@
+ all: aiccu
+
+ aiccu: $(OBJS) ${SRCS} ${INCS}
+- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS)
++ $(CC) $(CFLAGS) -o $@ $(OBJS) $(LDFLAGS)
+
+ clean:
+ $(RM) -f $(OBJS) aiccu
--- /dev/null
+Description: GnuTLS 3.4 compat.
+ Use GnuTLS priority NORMAL:+CTYPE-OPENPGP instead of deprecated (and removed in GnuTLS 3.4) function gnutls_certificate_type_set_priority.
+Author: Andreas Metzler <ametzler@debian.org>
+Bug-Debian: https://bugs.debian.org/624056
+Origin: vendor
+Forwarded: no
+Last-Update: 2015-07-25
+
+--- aiccu-20070115.orig/common/common.c
++++ aiccu-20070115/common/common.c
+@@ -271,8 +271,6 @@ TLSSOCKET sock_alloc(void);
+ TLSSOCKET sock_alloc(void)
+ {
+ #ifdef AICCU_GNUTLS
+- /* Allow connections to servers that have OpenPGP keys as well */
+- const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+ int ret;
+ #endif /* AICCU_GNUTLS*/
+
+@@ -297,11 +295,10 @@ TLSSOCKET sock_alloc(void)
+ }
+
+ /* Use default priorities */
+- gnutls_set_default_priority(sock->session);
+- /* XXX: Return value is not documented in GNUTLS documentation! */
+-
+- gnutls_certificate_type_set_priority(sock->session, cert_type_priority);
+- /* XXX: Return value is not documented in GNUTLS documentation! */
++ /* Allow connections to servers that have OpenPGP keys as well */
++ gnutls_priority_set_direct(sock->session,
++ "NORMAL:+CTYPE-OPENPGP",
++ NULL);
+
+ /* Configure the x509 credentials for the current session */
+ gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
--- /dev/null
+From: "Barak A. Pearlmutter" <barak+git@cs.nuim.ie>
+Date: Fri, 17 Aug 2012 12:23:06 +0200
+Subject: gnutls cleanup
+
+Stop ignoring some gnutls return codes.
+
+Rewrite call to depricated gnutls_set_default_priority() to use
+gnutls_priority_set_direct() instead.
+
+Remove call to deprecated routine
+gnutls_certificate_type_set_priority, no changes necessary.
+---
+ common/common.c | 27 +++++++++++++++++----------
+ 1 file changed, 17 insertions(+), 10 deletions(-)
+
+--- a/common/common.c
++++ b/common/common.c
+@@ -287,7 +287,7 @@
+
+ /* Initialize TLS session */
+ ret = gnutls_init(&sock->session, GNUTLS_CLIENT);
+- if (ret != 0)
++ if (ret != GNUTLS_E_SUCCESS)
+ {
+ dolog(LOG_ERR, "TLS Init failed: %s (%d)\n", gnutls_strerror(ret), ret);
+ free(sock);
+@@ -296,13 +296,26 @@
+
+ /* Use default priorities */
+ /* Allow connections to servers that have OpenPGP keys as well */
+- gnutls_priority_set_direct(sock->session,
++ ret = gnutls_priority_set_direct(sock->session,
+ "NORMAL:+CTYPE-OPENPGP",
+ NULL);
++ if (ret != GNUTLS_E_SUCCESS)
++ {
++ dolog(LOG_ERR, "TLS set default priority failed: %s (%d)\n", gnutls_strerror(ret), ret);
++ gnutls_deinit(sock->session);
++ free(sock);
++ return NULL;
++ }
+
+ /* Configure the x509 credentials for the current session */
+- gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
+- /* XXX: Return value is not documented in GNUTLS documentation! */
++ ret = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
++ if (ret != GNUTLS_E_SUCCESS)
++ {
++ dolog(LOG_ERR, "TLS credentials set failed: %s (%d)\n", gnutls_strerror(ret), ret);
++ gnutls_deinit(sock->session);
++ free(sock);
++ return NULL;
++ }
+
+ #endif /* AICCU_GNUTLS*/
+
--- /dev/null
+From: "Barak A. Pearlmutter" <barak+git@cs.nuim.ie>
+Date: Sat, 22 Feb 2014 15:49:24 +0000
+Subject: memset sizeof
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Teeny little bug.
+
+../common/hash_md5.c: In function ‘MD5Final’:
+../common/hash_md5.c:134:23: warning: argument to ‘sizeof’ in ‘memset’ call is the same expression as the destination; did you mean to dereference it? [-Wsizeof-pointer-memaccess]
+ memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
+
+Guess it isn't sensitive. Lucky a pointer takes less space than a struct MD5Context!
+---
+ common/hash_md5.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common/hash_md5.c b/common/hash_md5.c
+index 160b849..ca4c1b9 100755
+--- a/common/hash_md5.c
++++ b/common/hash_md5.c
+@@ -131,7 +131,7 @@ MD5Final(md5byte digest[16], struct MD5Context *ctx)
+
+ byteSwap(ctx->buf, 4);
+ memcpy(digest, ctx->buf, 16);
+- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
++ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
+ }
+
+ #ifndef ASM_MD5
--- /dev/null
+Description: Add missing description for "aiccu autotest"
+Author: Axel Beckert <abe@debian.org>
+Forwarded: not-yet
+
+--- a/doc/aiccu.1
++++ b/doc/aiccu.1
+@@ -41,7 +41,8 @@
+ to report this back as it should show most obvious problems.
+ .TP
+ \fBautotest\fR
+-Decription here
++Same as \fBtest\fR but without interactive questions. Piping the
++output of "aiccu autotest" into a log file or "tee" is a good idea.
+ .TP
+ \fBlicense\fR
+ Shows the license aiccu is released under.
Name: aiccu
Version: 2007.01.15
%define _fileversion 20070115
-Release: 2
+Release: 3
License: BSD
Vendor: SixXS
Group: Networking/Utilities
Source0: http://www.sixxs.net/archive/sixxs/aiccu/unix/%{name}_%{_fileversion}.tar.gz
# Source0-md5: c9bcc83644ed788e22a7c3f3d4021350
Patch0: %{name}-makefile.diff
+Patch1: 02_skip-strip.patch
+Patch2: 03_no-quiet-gcc.patch
+Patch3: 05_spelling-error.patch
+Patch4: 06_syslog_openlog.patch
+Patch5: 07_allow_tunnels.patch
+Patch6: 08_setup_script.patch
+Patch7: 09_binutils_gold.patch
+Patch8: 10_gnutls34.patch
+Patch9: 11_gnutls-cleanup.patch
+Patch10: 12_memset-sizeof.patch
+Patch11: 13_autotest_description.patch
URL: http://www.sixxs.net/tools/aiccu/
Requires(post,preun): /sbin/chkconfig
Requires: gnutls
%prep
%setup -q -n %{name}
%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
%build
%{__make} \