diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
--- openswan-2.4.5rc5/programs/loggerfix	1970-01-01 01:00:00.000000000 +0100
+++ openswan-2.4.5rc5.patched/programs/loggerfix	2006-03-29 01:20:44.000000000 +0200
@@ -0,0 +1,5 @@
+#!/bin/sh
+# use filename instead of /dev/null to log, but dont log to flash or ram
+# pref. log to nfs mount
+echo "$*" >> /dev/null
+exit 0
diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
--- openswan-2.4.5rc5/programs/look/look.in	2005-08-18 16:10:09.000000000 +0200
+++ openswan-2.4.5rc5.patched/programs/look/look.in	2006-03-29 01:20:44.000000000 +0200
@@ -84,7 +84,7 @@
 then
 	pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
 else
-	for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
+	for i in `echo "$IPSECinterfaces" | tr '=' ' '`
 	do
 		pat="$pat|$i\$"
 	done
diff -Nur openswan-2.4.5rc5/programs/manual/manual.in openswan-2.4.5rc5.patched/programs/manual/manual.in
--- openswan-2.4.5rc5/programs/manual/manual.in	2005-11-18 06:18:33.000000000 +0100
+++ openswan-2.4.5rc5.patched/programs/manual/manual.in	2006-03-29 01:20:44.000000000 +0200
@@ -104,7 +104,7 @@
 				sub(/:/, " ", $0)
 				if (interf != "")
 					print $3 "@" interf
-			 }' | sed ':a;N;$!ba;s/\n/ /g'`"
+			 }' | tr '\n' ' '`"
 	;;
 esac
 
diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
--- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in	2006-01-06 00:45:00.000000000 +0100
+++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in	2006-03-29 01:20:44.000000000 +0200
@@ -147,7 +147,7 @@
 			exit 1
 		fi
 	else
-		if test ! -w "`dirname $stderrlog`"
+		if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
 		then
 			echo Cannot write to directory to create \"$stderrlog\".
 			exit 1
diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
--- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in	2005-07-28 02:23:48.000000000 +0200
+++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in	2006-03-29 01:20:44.000000000 +0200
@@ -235,7 +235,7 @@
 
 	# misc pre-Pluto setup
 
-	perform test -d `dirname $subsyslock` "&&" touch $subsyslock
+	perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
 
 	if test " $IPSECforwardcontrol" = " yes"
 	then
@@ -347,7 +347,7 @@
 		lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
 	fi 
 
-	perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
+	perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
 
 	perform rm -f $info $lock $plutopid
 	perform echo "...Openswan IPsec stopped" "|" $LOGONLY
diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
--- openswan-2.4.5rc5/programs/send-pr/send-pr.in	2005-04-18 01:04:46.000000000 +0200
+++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in	2006-03-29 01:20:44.000000000 +0200
@@ -402,7 +402,7 @@
 		    else
 			if [ "$fieldname" != "Category" ]
 			then
-			    values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
+			    values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
 			    valslen=`echo "$values" | wc -c`
 			else
 			    values="choose from a category listed above"
@@ -414,7 +414,7 @@
 			else
 				desc="<${values} (one line)>";
 			fi
-			dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+			dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
 			echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
 		    fi
 		    echo "${fmtname}${desc}" >> $file
@@ -425,7 +425,7 @@
 			desc="	$default_val";
 		    else
 		        desc="	<`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
-			dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+			dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
 			echo "s/^${dpat}//" >> $FIXFIL
 		    fi
 		    echo "${fmtname}" >> $file;
@@ -437,7 +437,7 @@
 			desc="${default_val}"
 		    else
 			desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
-			dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+			dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
 			echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
 		    fi
 		    echo "${fmtname}${desc}" >> $file
diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
--- openswan-2.4.5rc5/programs/setup/setup.in	2005-07-25 21:17:03.000000000 +0200
+++ openswan-2.4.5rc5.patched/programs/setup/setup.in	2006-03-29 01:20:44.000000000 +0200
@@ -117,12 +117,22 @@
 # do it
 case "$1" in
   start|--start|stop|--stop|_autostop|_autostart)
-	if test " `id -u`" != " 0"
+	if [ "x${USER}" != "xroot" ]
 	then
 		echo "permission denied (must be superuser)" |
 			logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
 		exit 1
 	fi
+
+	# make sure all required directories exist
+	if [ ! -d /var/run/pluto ]
+	then
+		mkdir -p /var/run/pluto
+	fi
+	if [ ! -d /var/lock/subsys ]
+	then
+		mkdir -p /var/lock/subsys
+	fi
 	tmp=/var/run/pluto/ipsec_setup.st
 	outtmp=/var/run/pluto/ipsec_setup.out
 	(
diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
--- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in	2004-11-14 14:40:41.000000000 +0100
+++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in	2006-03-29 01:20:44.000000000 +0200
@@ -63,7 +63,7 @@
 	exit 1
 fi
 
-host="`hostname --fqdn`"
+host="`cat /proc/sys/kernel/hostname`"
 
 awk '	BEGIN {
 		inkey = 0
diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
--- openswan-2.4.5rc5/programs/_startklips/_startklips.in	2005-11-25 00:08:05.000000000 +0100
+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in	2006-03-29 01:23:54.000000000 +0200
@@ -262,15 +262,15 @@
     echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
     exit
 fi
-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
+if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
 then
     # statically compiled KLIPS/NETKEY not found; try to load the module
-    modprobe ipsec
+    insmod ipsec
 fi
 
 if test ! -f $ipsecversion && test ! -f $netkey
 then
-	modprobe -v af_key
+	insmod -v af_key
 fi
 
 if test -f $netkey
@@ -278,21 +278,21 @@
 	klips=false
 	if test -f $modules
 	then
-		modprobe -qv ah4
-		modprobe -qv esp4
-		modprobe -qv ipcomp
+		insmod -qv ah4
+		insmod -qv esp4
+		insmod -qv ipcomp
 		#  xfrm4_tunnel is needed by ipip and ipcomp
-		modprobe -qv xfrm4_tunnel
+		insmod -qv xfrm4_tunnel
 		# xfrm_user contains netlink support for IPsec 
-		modprobe -qv xfrm_user
-		modprobe -qv hw_random
+		insmod -qv xfrm_user
+		insmod -qv hw_random
 		# padlock must load before aes module
-		modprobe -qv padlock
+		insmod -qv padlock
 		# load the most common ciphers/algo's
-		modprobe -qv sha1
-		modprobe -qv md5
-		modprobe -qv des
-		modprobe -qv aes
+		insmod -qv sha1
+		insmod -qv md5
+		insmod -qv des
+		insmod -qv aes
 	fi
 fi
 
@@ -308,10 +308,10 @@
 		fi
                 unset MODPATH MODULECONF        # no user overrides!
                 depmod -a >/dev/null 2>&1
-		modprobe -qv hw_random
+		insmod -qv hw_random
 		# padlock must load before aes module
-		modprobe -qv padlock
-                modprobe -v ipsec
+		insmod -qv padlock
+                insmod -v ipsec
         fi
         if test ! -f $ipsecversion
         then
diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
--- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig	1970-01-01 01:00:00.000000000 +0100
+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig	2005-11-25 00:08:05.000000000 +0100
@@ -0,0 +1,407 @@
+#!/bin/sh
+# KLIPS startup script
+# Copyright (C) 1998, 1999, 2001, 2002  Henry Spencer.
+# 
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+#
+# RCSID $Id$
+
+me='ipsec _startklips'		# for messages
+
+# KLIPS-related paths
+sysflags=/proc/sys/net/ipsec
+modules=/proc/modules
+# full rp_filter path is $rpfilter1/interface/$rpfilter2
+rpfilter1=/proc/sys/net/ipv4/conf
+rpfilter2=rp_filter
+# %unchanged or setting (0, 1, or 2)
+rpfiltercontrol=0
+ipsecversion=/proc/net/ipsec_version
+moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
+bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`
+moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
+case $bareversion in
+	2.6*)
+		modulename=ipsec.ko
+		;;
+	*)
+		modulename=ipsec.o
+		;;
+esac
+
+klips=true
+netkey=/proc/net/pfkey
+
+info=/dev/null
+log=daemon.error
+for dummy
+do
+	case "$1" in
+	--log)		log="$2" ; shift	;;
+	--info)		info="$2" ; shift	;;
+	--debug)	debug="$2" ; shift	;;
+	--omtu)		omtu="$2" ; shift	;;
+	--fragicmp)	fragicmp="$2" ; shift	;;
+	--hidetos)	hidetos="$2" ; shift	;;
+	--rpfilter)	rpfiltercontrol="$2" ; shift	;;
+	--)	shift ; break	;;
+	-*)	echo "$me: unknown option \`$1'" >&2 ; exit 2	;;
+	*)	break	;;
+	esac
+	shift
+done
+
+
+
+# some shell functions, to clarify the actual code
+
+# set up a system flag based on a variable
+# sysflag value shortname default flagname
+sysflag() {
+	case "$1" in
+	'')	v="$3"	;;
+	*)	v="$1"	;;
+	esac
+	if test ! -f $sysflags/$4
+	then
+		if test " $v" != " $3"
+		then
+			echo "cannot do $2=$v, $sysflags/$4 does not exist"
+			exit 1
+		else
+			return	# can't set, but it's the default anyway
+		fi
+	fi
+	case "$v" in
+	yes|no)	;;
+	*)	echo "unknown (not yes/no) $2 value \`$1'"
+		exit 1
+		;;
+	esac
+	case "$v" in
+	yes)	echo 1 >$sysflags/$4	;;
+	no)	echo 0 >$sysflags/$4	;;
+	esac
+}
+
+# set up a Klips interface
+klipsinterface() {
+	# pull apart the interface spec
+	virt=`expr $1 : '\([^=]*\)=.*'`
+	phys=`expr $1 : '[^=]*=\(.*\)'`
+	case "$virt" in
+	ipsec[0-9])	;;
+	*)	echo "invalid interface \`$virt' in \`$1'" ; exit 1	;;
+	esac
+
+	# figure out ifconfig for interface
+	addr=
+	eval `ifconfig $phys |
+		awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
+			gsub(/:/, " ", $0)
+			print "addr=" $3
+			other = $5
+			if ($4 == "Bcast")
+				print "type=broadcast"
+			else if ($4 == "P-t-P")
+				print "type=pointopoint"
+			else if (NF == 5) {
+				print "type="
+				other = ""
+			} else
+				print "type=unknown"
+			print "otheraddr=" other
+			print "mask=" $NF
+		}'`
+	if test " $addr" = " "
+	then
+		echo "unable to determine address of \`$phys'"
+		exit 1
+	fi
+	if test " $type" = " unknown"
+	then
+		echo "\`$phys' is of an unknown type"
+		exit 1
+	fi
+	if test " $omtu" != " "
+	then
+		mtu="mtu $omtu"
+	else
+		mtu=
+	fi
+	echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly
+
+	if $klips
+	then
+		# attach the interface and bring it up
+		ipsec tncfg --attach --virtual $virt --physical $phys
+		ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
+	fi
+
+	# if %defaultroute, note the facts
+	if test " $2" != " "
+	then
+		(
+			echo "defaultroutephys=$phys"
+			echo "defaultroutevirt=$virt"
+			echo "defaultrouteaddr=$addr"
+			if test " $2" != " 0.0.0.0"
+			then
+				echo "defaultroutenexthop=$2"
+			fi
+		) >>$info
+	else
+		echo '#dr: no default route' >>$info
+	fi
+
+	# check for rp_filter trouble
+	checkif $phys			# thought to be a problem only on phys
+}
+
+# check an interface for problems
+checkif() {
+	$klips || return 0
+	rpf=$rpfilter1/$1/$rpfilter2
+	if test -f $rpf
+	then
+		r="`cat $rpf`"
+		if test " $r" != " 0"
+		then
+			case "$r-$rpfiltercontrol" in
+			0-%unchanged|0-0|1-1|2-2)
+				# happy state
+				;;
+			*-%unchanged)
+				echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"
+				;;
+			[012]-[012])
+				echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"
+				echo "$rpfiltercontrol" >$rpf
+				;;
+			[012]-*)
+				echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"
+				;;
+			*)
+				echo "ERROR: unknown $rpf value $r"
+				;;
+			esac
+		fi
+	fi
+}
+
+# interfaces=%defaultroute:  put ipsec0 on top of default route's interface
+defaultinterface() {
+	phys=`netstat -nr |
+		awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
+	if test " $phys" = " "
+	then
+		echo "no default route, %defaultroute cannot cope!!!"
+		exit 1
+	fi
+	if test `echo " $phys" | wc -l` -gt 1
+	then
+		echo "multiple default routes, %defaultroute cannot cope!!!"
+		exit 1
+	fi
+	next=`netstat -nr |
+		awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
+	klipsinterface "ipsec0=$phys" $next
+}
+
+# log only to syslog, not to stdout/stderr
+logonly() {
+	logger -p $log -t ipsec_setup
+}
+
+# sort out which module is appropriate, changing it if necessary
+setmodule() {
+	if [ -e /proc/kallsyms ]
+	then
+		kernelsymbols="/proc/kallsyms";
+		echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"
+	else
+		kernelsymbols="/proc/ksyms";
+	fi	
+        wantgoo="`ipsec calcgoo $kernelsymbols`"
+        module=$moduleplace/$modulename
+        if test -f $module
+        then
+                goo="`nm -ao $module | ipsec calcgoo`"
+                if test " $wantgoo" = " $goo"
+                then
+                        return          # looks right
+                fi
+        fi
+        if test -f $moduleinstplace/$wantgoo
+        then
+                echo "modprobe failed, but found matching template module $wantgoo."
+                echo "Copying $moduleinstplace/$wantgoo to $module."
+                rm -f $module
+                mkdir -p $moduleplace
+                cp -p $moduleinstplace/$wantgoo $module
+                # "depmod -a" gets done by caller
+        fi
+}
+
+
+
+# main line
+
+# load module if possible
+if test -f $ipsecversion && test -f $netkey
+then
+    # both KLIPS and NETKEY code detected, bail out
+    echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
+    exit
+fi
+if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
+then
+    # statically compiled KLIPS/NETKEY not found; try to load the module
+    modprobe ipsec
+fi
+
+if test ! -f $ipsecversion && test ! -f $netkey
+then
+	modprobe -v af_key
+fi
+
+if test -f $netkey
+then
+	klips=false
+	if test -f $modules
+	then
+		modprobe -qv ah4
+		modprobe -qv esp4
+		modprobe -qv ipcomp
+		#  xfrm4_tunnel is needed by ipip and ipcomp
+		modprobe -qv xfrm4_tunnel
+		# xfrm_user contains netlink support for IPsec 
+		modprobe -qv xfrm_user
+		modprobe -qv hw_random
+		# padlock must load before aes module
+		modprobe -qv padlock
+		# load the most common ciphers/algo's
+		modprobe -qv sha1
+		modprobe -qv md5
+		modprobe -qv des
+		modprobe -qv aes
+	fi
+fi
+
+if test ! -f $ipsecversion && $klips
+then
+        if test -r $modules             # kernel does have modules
+        then
+		if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]
+		then
+			echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"
+		else
+                	setmodule
+		fi
+                unset MODPATH MODULECONF        # no user overrides!
+                depmod -a >/dev/null 2>&1
+		modprobe -qv hw_random
+		# padlock must load before aes module
+		modprobe -qv padlock
+                modprobe -v ipsec
+        fi
+        if test ! -f $ipsecversion
+        then
+                echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
+                exit 1
+        fi
+fi
+
+# figure out debugging flags
+case "$debug" in
+'')	debug=none	;;
+esac
+if test -r /proc/net/ipsec_klipsdebug
+then
+	echo "KLIPS debug \`$debug'" | logonly
+	case "$debug" in
+	none)	ipsec klipsdebug --none	;;
+	all)	ipsec klipsdebug --all	;;
+	*)	ipsec klipsdebug --none
+		for d in $debug
+		do
+			ipsec klipsdebug --set $d
+		done
+		;;
+	esac
+elif $klips
+then
+	if test " $debug" != " none"
+	then
+		echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"
+	fi
+fi
+
+# figure out misc. kernel config
+if test -d $sysflags
+then
+	sysflag "$fragicmp" "fragicmp" yes icmp
+	echo 1 >$sysflags/inbound_policy_check		# no debate
+	sysflag no "no_eroute_pass" no no_eroute_pass	# obsolete parm
+	sysflag no "opportunistic" no opportunistic	# obsolete parm
+	sysflag "$hidetos" "hidetos" yes tos
+elif $klips
+then
+	echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"
+	# carry on
+fi
+
+if $klips
+then
+	# clear tables out in case dregs have been left over
+	ipsec eroute --clear
+	ipsec spi --clear
+elif test $netkey
+then
+	if ip xfrm state > /dev/null 2>&1
+	then
+		ip xfrm state flush
+		ip xfrm policy flush
+	elif type setkey > /dev/null 2>&1
+	then
+	 	# Check that the setkey command is available.
+         	setkeycmd= 	 
+         	PATH=$PATH:/usr/local/sbin 	 
+         	for dir in `echo $PATH | tr ':' ' '` 	 
+         	do 	 
+                	if test -f $dir/setkey -a -x $dir/setkey 	 
+                 	then
+                         	setkeycmd=$dir/setkey
+                         	break                   # NOTE BREAK OUT 
+                	fi
+         	done
+        	$setkeycmd -F
+        	$setkeycmd -FP
+	else
+	
+        	echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |
+                	logger -s -p daemon.error -t ipsec_setup
+	fi
+fi
+
+# figure out interfaces
+for i
+do
+	case "$i" in
+	ipsec*=?*)	klipsinterface "$i"	;;
+	%defaultroute)	defaultinterface	;;
+	*)	echo "interface \`$i' not understood"
+		exit 1
+		;;
+	esac
+done
+
+exit 0