fixed bugs #69900, #70457, #80633, #80636, #80697, #81095 and #83009

Package-Manager: portage-2.0.51.19

15 files changed, 979 insertions, 44 deletions

diff --git a/net-misc/quagga/ChangeLog b/net-misc/quagga/ChangeLog
index dca4ee3f2dbb..a35993df529c 100644
--- a/net-misc/quagga/ChangeLog
+++ b/net-misc/quagga/ChangeLog
@@ -1,8 +1,22 @@
 # ChangeLog for net-misc/quagga
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Copyright 2003-2004 DataCore GmbH
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/ChangeLog,v 1.11 2004/10/25 17:35:17 amir Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/ChangeLog,v 1.12 2005/03/20 18:09:43 mrness Exp $
+
+*quagga-0.98.2 (20 Mar 2005)
+
+  20 Mar 2005; Alin Nastac <mrness@gentoo.org>
+  +files/patches-0.98.2/amir-connected-route.patch,
+  +files/patches-0.98.2/ht-20040304-classless-bgp.patch,
+  +files/patches-0.98.2/ht-20050110-0.98.0-bgp-md5.patch, +files/quagga.pam,
+  metadata.xml, quagga-0.96.4-r6.ebuild, quagga-0.96.5.ebuild,
+  quagga-0.96.5-r1.ebuild, quagga-0.97.1.ebuild, quagga-0.97.2.ebuild,
+  +quagga-0.98.2.ebuild:
+  Version bumped based on an ebuild made by Amir Guindehi <amir@gentoo.org>
+  and Michael Sandee <voidptr@voidptr.sboost.org>. The new version has support
+  for TCP MD5 & classless prefixes for BGP.
+  Fixed bugs #69900, #70457, #80633, #80636, #80697, #81095 and #83009.
 
 *quagga-0.97.2 (25 Oct 2004)
 
diff --git a/net-misc/quagga/Manifest b/net-misc/quagga/Manifest
index 65316d254106..6b1c0bd30099 100644
--- a/net-misc/quagga/Manifest
+++ b/net-misc/quagga/Manifest
@@ -1,32 +1,39 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-MD5 853a30dc9e47d59ed3c94a3c9bbc4bf5 metadata.xml 1387
-MD5 01fc96021b8cad5060ba761d5bbb2c3d quagga-0.96.4-r6.ebuild 3354
-MD5 6dc49c141cdc6399bd70142ddaa2aefe ChangeLog 5406
-MD5 cfc3a89dc2a63548877c7544ee9f1f13 quagga-0.96.5.ebuild 3415
-MD5 d19ba50e76f663979f91586bf96c9a2d quagga-0.96.5-r1.ebuild 3821
-MD5 377924dd5b2f0f5aa4d62039c3a3a9b6 quagga-0.97.1.ebuild 3818
-MD5 7b61bd40d79cd3591e6a00950b900400 quagga-0.97.2.ebuild 3846
-MD5 72494598a213a5d6f441496f48aefd7b files/digest-quagga-0.96.4-r6 66
+MD5 b70056f75c93d332c335c74f4e52ce2b quagga-0.96.4-r6.ebuild 3528
+MD5 8fb53c43576eb001c327062e9cc7d415 quagga-0.97.2.ebuild 3983
+MD5 37454b363590483e47d94149d36c4186 quagga-0.98.2.ebuild 4599
+MD5 ec4d382f3d6969b44a6579975ba8a6e2 quagga-0.97.1.ebuild 3957
+MD5 7b196a7d4501440d65cfac16cc349cdb ChangeLog 6102
+MD5 f0c8f9afaf3bbefcea71ff3b6fa139c4 metadata.xml 1389
+MD5 9516803db922d13a126a5315a0a27956 quagga-0.96.5-r1.ebuild 3959
+MD5 824b354d0cf35f8b889bcb115fe4eb72 quagga-0.96.5.ebuild 3589
 MD5 9056b8bd752a672787eacb129ee47535 files/digest-quagga-0.96.5 142
-MD5 9056b8bd752a672787eacb129ee47535 files/digest-quagga-0.96.5-r1 142
 MD5 9ee8920582beff3b7ffa2408666f5f2b files/digest-quagga-0.97.1 142
 MD5 898c502fc59023326048bdb4e014754f files/digest-quagga-0.97.2 142
+MD5 1a1df9fb95d48001187e1f56dc4ff5e5 files/digest-quagga-0.98.2 66
+MD5 72494598a213a5d6f441496f48aefd7b files/digest-quagga-0.96.4-r6 66
+MD5 9056b8bd752a672787eacb129ee47535 files/digest-quagga-0.96.5-r1 142
+MD5 18c1046db57ea850aabd385058522cc4 files/quagga.env 25
+MD5 7d8952055d69c80a4212194aac85c283 files/quagga.pam 1199
 MD5 3f95e96aeb427fa3de7f387ff3dc6ad6 files/init/bgpd 866
-MD5 4a118d93cab17b63f1d9c675f5d92fdf files/init/ospf6d 884
+MD5 e484b94e7ebb358d11fdf3252e0b604f files/init/ripd 865
 MD5 6b7fbbe67b98a52a36684455c3866d65 files/init/ospfd 875
 MD5 bfecfbc3b2f5b2748271a2838cac5a2b files/init/zebra 1143
-MD5 e484b94e7ebb358d11fdf3252e0b604f files/init/ripd 865
+MD5 4a118d93cab17b63f1d9c675f5d92fdf files/init/ospf6d 884
 MD5 2c6f6b3a64eedf1362a56fd6b3ca9c1b files/init/ripngd 885
 MD5 6d870c42af2625dcc07ba4b155618ebf files/patches-0.96.4/opaque-ready.patch 2617
 MD5 13439f842c485b5402125d2a18158c84 files/patches-0.96.4/ospf_refcount.patch 1296
-MD5 a08e46f6d262bc34749ee9cf9716a753 files/patches-0.97.1/01_all_unbreak-ospfapi.patch.bz2 667
 MD5 a5e54af5a6268307f6d5d86e6a5a680c files/patches-0.97.1/02_all_unbreak-ospfapi.patch.bz2 645
+MD5 a08e46f6d262bc34749ee9cf9716a753 files/patches-0.97.1/01_all_unbreak-ospfapi.patch.bz2 667
+MD5 7da4097332468741416e156a2e5d35e4 files/patches-0.98.2/amir-connected-route.patch 6336
+MD5 6c9cdbdc237bb8d24dfd26504059464b files/patches-0.98.2/ht-20050110-0.98.0-bgp-md5.patch 14570
+MD5 e70bf25e2ca5f76efb2c5704234ccc1f files/patches-0.98.2/ht-20040304-classless-bgp.patch 1581
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.9.10 (GNU/Linux)
+Version: GnuPG v1.4.1 (GNU/Linux)
 
-iD8DBQFBiBsNHTu7gpaalycRAu4oAKCuMNjETrportJyeD/VGV0gJMLL9gCfdeYe
-pMthGnwk1CC+4Ojs/y7A+GU=
-=AnE1
+iD8DBQFCPbx1jiC39V7gKu0RAsLsAJ96TD8ZUzsKAtUL0K90wXnaQez0kwCfQr3o
+lpHIPaPagx+lwl93IUh5a/4=
+=zDib
 -----END PGP SIGNATURE-----
diff --git a/net-misc/quagga/files/digest-quagga-0.98.2 b/net-misc/quagga/files/digest-quagga-0.98.2
new file mode 100644
index 000000000000..3860c803d08a
--- /dev/null
+++ b/net-misc/quagga/files/digest-quagga-0.98.2
@@ -0,0 +1 @@
+MD5 8757b155aa2458f6158ccd330d0e1b39 quagga-0.98.2.tar.gz 2012251
diff --git a/net-misc/quagga/files/patches-0.98.2/amir-connected-route.patch b/net-misc/quagga/files/patches-0.98.2/amir-connected-route.patch
new file mode 100644
index 000000000000..735548d01a65
--- /dev/null
+++ b/net-misc/quagga/files/patches-0.98.2/amir-connected-route.patch
@@ -0,0 +1,222 @@
+diff -Naur quagga-0.98.2/zebra/connected.c quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/connected.c
+--- quagga-0.98.2/zebra/connected.c	2004-12-22 17:32:16.000000000 +0100
++++ quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/connected.c	2005-02-23 09:59:09.916749568 +0100
+@@ -29,6 +29,7 @@
+ #include "rib.h"
+ #include "table.h"
+ #include "log.h"
++#include "rt.h"
+ 
+ #include "zebra/zserv.h"
+ #include "zebra/redistribute.h"
+@@ -86,6 +87,8 @@
+   rib_add_ipv4 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0, 0, 0);
+ 
+   rib_update ();
++
++  kernel_connected_up(ifc);
+ }
+ 
+ /* Add connected IPv4 route to the interface. */
+@@ -224,6 +227,8 @@
+   rib_delete_ipv4 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0);
+ 
+   rib_update ();
++
++  kernel_connected_down(ifc);
+ }
+ 
+ /* Delete connected IPv4 route to the interface. */
+@@ -316,6 +321,8 @@
+   rib_add_ipv6 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0);
+ 
+   rib_update ();
++
++  kernel_connected_up(ifc);
+ }
+ 
+ /* Add connected IPv6 route to the interface. */
+@@ -405,6 +412,8 @@
+   rib_delete_ipv6 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0);
+ 
+   rib_update ();
++
++  kernel_connected_down(ifc);
+ }
+ 
+ void
+diff -Naur quagga-0.98.2/zebra/rt.h quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/rt.h
+--- quagga-0.98.2/zebra/rt.h	2002-12-13 21:15:30.000000000 +0100
++++ quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/rt.h	2005-02-23 09:59:09.917749416 +0100
+@@ -29,6 +29,9 @@
+ int kernel_address_add_ipv4 (struct interface *, struct connected *);
+ int kernel_address_delete_ipv4 (struct interface *, struct connected *);
+ 
++int kernel_connected_up (struct connected *ifc);
++int kernel_connected_down (struct connected *ifc);
++
+ #ifdef HAVE_IPV6
+ int kernel_add_ipv6 (struct prefix *, struct rib *);
+ int kernel_delete_ipv6 (struct prefix *, struct rib *);
+diff -Naur quagga-0.98.2/zebra/rt_ioctl.c quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/rt_ioctl.c
+--- quagga-0.98.2/zebra/rt_ioctl.c	2004-12-07 22:12:56.000000000 +0100
++++ quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/rt_ioctl.c	2005-02-23 09:59:09.916749568 +0100
+@@ -44,6 +44,20 @@
+   return;
+ }
+ 
++/* Dummy function */
++int
++kernel_connected_up (struct connected *ifc)
++{
++  return 0;
++}
++
++/* Dummy function */
++int
++kernel_connected_down (struct connected *ifc)
++{
++  return 0;
++}
++
+ #if 0
+ /* Initialization prototype of struct sockaddr_in. */
+ static struct sockaddr_in sin_proto =
+diff -Naur quagga-0.98.2/zebra/rt_netlink.c quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/rt_netlink.c
+--- quagga-0.98.2/zebra/rt_netlink.c	2004-12-07 22:12:56.000000000 +0100
++++ quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/rt_netlink.c	2005-02-23 10:00:06.553139528 +0100
+@@ -1329,6 +1329,112 @@
+   return 0;
+ }
+ 
++/* Routing table change for connected route via netlink interface. */
++int
++netlink_routeconnected (int cmd, struct connected *ifc)
++{
++  int ret;
++  int bytelen;
++  struct sockaddr_nl snl;
++  u_char bufnet[BUFSIZ];
++  u_char bufaddr[BUFSIZ];
++  u_char bufsrc[BUFSIZ];
++
++  int cmds[] = { RTM_NEWROUTE, RTM_DELROUTE };
++
++  struct prefix *p = ifc->address;
++  int family = ifc->address->family;
++  int table = RT_TABLE_MAIN;
++  int index = ifc->ifp->ifindex;
++
++  struct prefix dest;
++  struct prefix src;
++  int length = p->prefixlen; 
++
++  struct
++  {
++    struct nlmsghdr n;
++    struct rtmsg r;
++    char buf[1024];
++  } req;
++
++  if (! (index && p))
++    return -1;  
++
++#ifdef HAVE_IPV6
++  if ((family == AF_INET6) && (IN6_IS_ADDR_LINKLOCAL(&p->u.prefix6)))
++    return -1;
++#endif /* HAVE_IPV6 */
++
++  memset (&dest, 0, sizeof dest);
++  memset (&req, 0, sizeof req);
++  memset (&src, 0, sizeof(struct prefix));
++
++  /* Copy prefix */
++  prefix_copy (&src, p);
++  prefix2str(&src, bufsrc, sizeof (bufaddr));
++
++  prefix_copy (&dest, p);
++  prefix2str(&dest, bufaddr, sizeof (bufaddr));
++
++  /* Make it sure prefixlen is applied to the prefix. */
++  apply_mask (&dest);
++  prefix2str(&dest, bufnet, sizeof (bufnet));
++
++  bytelen = (family == AF_INET ? 4 : 16);
++
++  req.n.nlmsg_len = NLMSG_LENGTH (sizeof (struct rtmsg));
++  req.n.nlmsg_flags = NLM_F_CREATE | NLM_F_REQUEST;
++  req.n.nlmsg_type = cmds[cmd];
++  req.r.rtm_family = family;
++  req.r.rtm_table = table;
++  req.r.rtm_dst_len = length;
++  req.r.rtm_src_len = IPV4_MAX_BITLEN;
++
++  req.r.rtm_protocol = RTPROT_KERNEL;
++  req.r.rtm_scope = RT_SCOPE_LINK;
++  req.r.rtm_type = RTN_UNICAST;
++
++  addattr_l (&req.n, sizeof req, RTA_DST, &dest.u.prefix, bytelen);
++  addattr_l (&req.n, sizeof req, RTA_PREFSRC, &src.u.prefix, bytelen);
++
++  if (index > 0)
++    addattr32 (&req.n, sizeof req, RTA_OIF, index);
++
++  /* Destination netlink address. */
++  memset (&snl, 0, sizeof snl);
++  snl.nl_family = AF_NETLINK;
++
++  if (! cmd)
++    zlog_warn ("netlink_routeconnected: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc);
++  else
++    zlog_warn ("netlink_routeconnected: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc);
++
++  /* Talk to netlink socket. */
++  ret = netlink_talk (&req.n, &netlink);
++  if (ret < 0)
++    return -1;
++
++  if (! cmd)
++    zlog_warn ("netlink_routeconnected: ACK: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc);
++  else
++    zlog_warn ("netlink_routeconnected: ACK: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc);
++
++  return 0;
++}
++
++int
++kernel_connected_up (struct connected *ifc)
++{
++  return netlink_routeconnected (0, ifc);
++}
++
++int
++kernel_connected_down (struct connected *ifc)
++{
++  return netlink_routeconnected (1, ifc);
++}
++
+ /* Routing table change via netlink interface. */
+ int
+ netlink_route_multipath (int cmd, struct prefix *p, struct rib *rib,
+diff -Naur quagga-0.98.2/zebra/rt_socket.c quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/rt_socket.c
+--- quagga-0.98.2/zebra/rt_socket.c	2004-12-07 22:12:56.000000000 +0100
++++ quagga-0.98.2-route-connected-fix-ipv6-fix/zebra/rt_socket.c	2005-02-23 09:59:09.918749264 +0100
+@@ -480,4 +480,18 @@
+ 
+   return route;
+ }
++
++/* Dummy function */
++int
++kernel_connected_up (struct connected *ifc)
++{
++  return 0;
++}
++
++/* Dummy function */
++int
++kernel_connected_down (struct connected *ifc)
++{
++  return 0;
++}
+ #endif /* HAVE_IPV6 */
diff --git a/net-misc/quagga/files/patches-0.98.2/ht-20040304-classless-bgp.patch b/net-misc/quagga/files/patches-0.98.2/ht-20040304-classless-bgp.patch
new file mode 100644
index 000000000000..978dfa3dcdfa
--- /dev/null
+++ b/net-misc/quagga/files/patches-0.98.2/ht-20040304-classless-bgp.patch
@@ -0,0 +1,43 @@
+Index: bgpd/bgp_route.c
+===================================================================
+RCS file: /var/cvsroot/quagga/bgpd/bgp_route.c,v
+retrieving revision 1.10
+diff -u -3 -p -r1.10 bgp_route.c
+--- bgpd/bgp_route.c	17 Feb 2004 19:45:10 -0000	1.10
++++ bgpd/bgp_route.c	4 Mar 2004 19:44:42 -0000
+@@ -3710,16 +3710,7 @@ route_vty_out_route (struct prefix *p, s
+     {
+       len = vty_out (vty, "%s", inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ));
+       destination = ntohl (p->u.prefix4.s_addr);
+-
+-      if ((IN_CLASSC (destination) && p->prefixlen == 24)
+-	  || (IN_CLASSB (destination) && p->prefixlen == 16)
+-	  || (IN_CLASSA (destination) && p->prefixlen == 8)
+-	  || p->u.prefix4.s_addr == 0)
+-	{
+-	  /* When mask is natural, mask is not displayed. */
+-	}
+-      else
+-	len += vty_out (vty, "/%d", p->prefixlen);
++      len += vty_out (vty, "/%d", p->prefixlen);
+     }
+   else
+     len = vty_out (vty, "%s/%d", inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ),
+@@ -8931,16 +8922,7 @@ bgp_config_write_network (struct vty *vt
+ 	    masklen2ip (p->prefixlen, &netmask);
+ 	    vty_out (vty, " network %s",
+ 		     inet_ntop (p->family, &p->u.prefix, buf, SU_ADDRSTRLEN));
+-
+-	    if ((IN_CLASSC (destination) && p->prefixlen == 24)
+-		|| (IN_CLASSB (destination) && p->prefixlen == 16)
+-		|| (IN_CLASSA (destination) && p->prefixlen == 8)
+-		|| p->u.prefix4.s_addr == 0)
+-	      {
+-		/* Natural mask is not display. */
+-	      }
+-	    else
+-	      vty_out (vty, " mask %s", inet_ntoa (netmask));
++	    vty_out (vty, " mask %s", inet_ntoa (netmask));
+ 	  }
+ 	else
+ 	  {
diff --git a/net-misc/quagga/files/patches-0.98.2/ht-20050110-0.98.0-bgp-md5.patch b/net-misc/quagga/files/patches-0.98.2/ht-20050110-0.98.0-bgp-md5.patch
new file mode 100644
index 000000000000..933304df7897
--- /dev/null
+++ b/net-misc/quagga/files/patches-0.98.2/ht-20050110-0.98.0-bgp-md5.patch
@@ -0,0 +1,481 @@
+==== Patch <ht-20050110-0.98.0-bgp-md5> level 1
+Source: [No source]
+Target: 53eccb64-3fed-0310-a953-aee945e670f6:/quagga/working-copy:832 [local]
+Log:
+Patch updated to the Quagga version 0.98.0.
+--- bgpd/bgp_network.c  (revision 832)
++++ bgpd/bgp_network.c  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -38,6 +38,56 @@ Software Foundation, Inc., 59 Temple Pla
+ extern struct zebra_privs_t bgpd_privs;
+ 
+ 
++#if defined(HAVE_TCP_MD5) && defined(GNU_LINUX)
++/* Set MD5 key to the socket.  */
++int
++bgp_md5_set (int sock, struct peer *peer, char *password)
++{
++  int ret;
++  struct tcp_rfc2385_cmd cmd;
++  struct in_addr *addr = &peer->su.sin.sin_addr;
++
++  cmd.command = TCP_MD5_AUTH_ADD;
++  cmd.address = addr->s_addr;
++  cmd.keylen = strlen (password);
++  cmd.key = password;
++
++  if ( bgpd_privs.change (ZPRIVS_RAISE) )
++    zlog_err ("bgp_md5_set: could not raise privs");
++
++  ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd);
++
++  if (bgpd_privs.change (ZPRIVS_LOWER) )
++    zlog_err ("bgp_md5_set: could not lower privs");
++
++  return ret;
++}
++
++/* Unset MD5 key from the socket.  */
++int
++bgp_md5_unset (int sock, struct peer *peer, char *password)
++{
++  int ret;
++  struct tcp_rfc2385_cmd cmd;
++  struct in_addr *addr = &peer->su.sin.sin_addr;
++
++  cmd.command = TCP_MD5_AUTH_DEL;
++  cmd.address = addr->s_addr;
++  cmd.keylen = strlen (password);
++  cmd.key = password;
++
++  if ( bgpd_privs.change (ZPRIVS_RAISE) )
++    zlog_err ("bgp_md5_unset: could not raise privs");
++
++  ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd);
++
++  if (bgpd_privs.change (ZPRIVS_LOWER) )
++    zlog_err ("bgp_md5_unset: could not lower privs");
++
++  return ret;
++}
++#endif /* defined(HAVE_TCP_MD5) && defined(GNU_LINUX) */
++
+ /* Accept bgp connection. */
+ static int
+ bgp_accept (struct thread *thread)
+@@ -240,6 +290,12 @@ bgp_connect (struct peer *peer)
+   sockopt_reuseaddr (peer->fd);
+   sockopt_reuseport (peer->fd);
+ 
++#ifdef HAVE_TCP_MD5
++  if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD))
++    if (sockunion_family (&peer->su) == AF_INET)
++      bgp_md5_set (peer->fd, peer, peer->password);
++#endif /* HAVE_TCP_MD5 */
++
+   /* Bind socket. */
+   bgp_bind (peer);
+ 
+@@ -287,6 +343,9 @@ int
+ bgp_socket (struct bgp *bgp, unsigned short port)
+ {
+   int ret, en;
++#ifdef IPV6_V6ONLY
++  int v6only = 1;
++#endif /* IPV6_V6ONLY */
+   struct addrinfo req;
+   struct addrinfo *ainfo;
+   struct addrinfo *ainfo_save;
+@@ -321,6 +380,11 @@ bgp_socket (struct bgp *bgp, unsigned sh
+ 	  zlog_err ("socket: %s", safe_strerror (errno));
+ 	  continue;
+ 	}
++#ifdef IPV6_V6ONLY
++      ret = setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&v6only, sizeof(v6only));
++      if (ret < 0)
++	  zlog_err ("setsockopt IPV6_V6ONLY: i%s", strerror (errno));
++#endif /* IPV6_V6ONLY */
+ 
+       sockopt_reuseaddr (sock);
+       sockopt_reuseport (sock);
+@@ -348,6 +412,11 @@ bgp_socket (struct bgp *bgp, unsigned sh
+ 	  continue;
+ 	}
+ 
++#ifdef HAVE_TCP_MD5
++      if (ainfo->ai_family == AF_INET)
++	bm->sock = sock;
++#endif /* HAVE_TCP_MD5 */
++
+       thread_add_read (master, bgp_accept, bgp, sock);
+     }
+   while ((ainfo = ainfo->ai_next) != NULL);
+@@ -408,6 +477,9 @@ bgp_socket (struct bgp *bgp, unsigned sh
+       close (sock);
+       return ret;
+     }
++#ifdef HAVE_TCP_MD5
++  bm->sock = sock;
++#endif /* HAVE_TCP_MD5 */
+ 
+   thread_add_read (bm->master, bgp_accept, bgp, sock);
+ 
+--- bgpd/bgp_network.h  (revision 832)
++++ bgpd/bgp_network.h  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -18,6 +18,27 @@ along with GNU Zebra; see the file COPYI
+ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ 02111-1307, USA.  */
+ 
++#if defined(HAVE_TCP_MD5) && defined(GNU_LINUX)
++/* setsockopt Number */
++#define TCP_MD5_AUTH 13
++
++/* Commands (used in the structure passed from userland) */
++#define TCP_MD5_AUTH_ADD 1
++#define TCP_MD5_AUTH_DEL 2
++
++struct tcp_rfc2385_cmd {
++  u_int8_t     command;    /* Command - Add/Delete */
++  u_int32_t    address;    /* IPV4 address associated */
++  u_int8_t     keylen;     /* MD5 Key len (do NOT assume 0 terminated ascii) */
++  void         *key;       /* MD5 Key */
++};
++#endif /* defined(HAVE_TCP_MD5) && defined(GNU_LINUX) */
++
++#ifdef HAVE_TCP_MD5
++int bgp_md5_set (int sock, struct peer *, char *);
++int bgp_md5_unset (int sock, struct peer *, char *);
++#endif /* HAVE_TCP_MD5 */
++
+ int bgp_socket (struct bgp *, unsigned short);
+ int bgp_connect (struct peer *);
+ void bgp_getsockname (struct peer *);
+--- bgpd/bgp_vty.c  (revision 832)
++++ bgpd/bgp_vty.c  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -1386,6 +1386,46 @@ ALIAS (no_neighbor_local_as,
+        "AS number used as local AS\n"
+        "Do not prepend local-as to updates from ebgp peers\n")
+ 
++#ifdef HAVE_TCP_MD5
++DEFUN (neighbor_password,
++       neighbor_password_cmd,
++       NEIGHBOR_CMD2 "password LINE",
++       NEIGHBOR_STR
++       NEIGHBOR_ADDR_STR2
++       "Set a password\n"
++       "The password\n")
++{
++  struct peer *peer;
++  int ret;
++
++  peer = peer_and_group_lookup_vty (vty, argv[0]);
++  if (! peer)
++    return CMD_WARNING;
++
++  ret = peer_password_set (peer, argv[1]);
++  return bgp_vty_return (vty, ret);
++}
++
++DEFUN (no_neighbor_password,
++       no_neighbor_password_cmd,
++       NO_NEIGHBOR_CMD2 "password",
++       NO_STR
++       NEIGHBOR_STR
++       NEIGHBOR_ADDR_STR2
++       "Set a password\n")
++{
++  struct peer *peer;
++  int ret;
++
++  peer = peer_and_group_lookup_vty (vty, argv[0]);
++  if (! peer)
++    return CMD_WARNING;
++
++  ret = peer_password_unset (peer);
++  return bgp_vty_return (vty, ret);
++}
++#endif /* HAVE_TCP_MD5 */
++
+ DEFUN (neighbor_activate,
+        neighbor_activate_cmd,
+        NEIGHBOR_CMD2 "activate",
+@@ -8531,6 +8571,12 @@ bgp_vty_init ()
+   install_element (BGP_NODE, &no_neighbor_local_as_val_cmd);
+   install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd);
+ 
++#ifdef HAVE_TCP_MD5
++  /* "neighbor password" commands. */
++  install_element (BGP_NODE, &neighbor_password_cmd);
++  install_element (BGP_NODE, &no_neighbor_password_cmd);
++#endif /* HAVE_TCP_MD5 */
++
+   /* "neighbor activate" commands. */
+   install_element (BGP_NODE, &neighbor_activate_cmd);
+   install_element (BGP_IPV4_NODE, &neighbor_activate_cmd);
+--- bgpd/bgpd.c  (revision 832)
++++ bgpd/bgpd.c  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -707,6 +707,7 @@ peer_new ()
+   peer->ostatus = Idle;
+   peer->version = BGP_VERSION_4;
+   peer->weight = 0;
++  peer->password = NULL;
+ 
+   /* Set default flags.  */
+   for (afi = AFI_IP; afi < AFI_MAX; afi++)
+@@ -1068,6 +1069,17 @@ peer_delete (struct peer *peer)
+   bgp_stop (peer);
+   bgp_fsm_change_status (peer, Idle);
+ 
++#ifdef HAVE_TCP_MD5
++  /* Password configuration */
++  if (peer->password)
++    {
++      if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)
++          && sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_unset (bm->sock, peer, peer->password);
++      free (peer->password);
++    }
++#endif /* HAVE_TCP_MD5 */
++
+   /* Stop all timers. */
+   BGP_TIMER_OFF (peer->t_start);
+   BGP_TIMER_OFF (peer->t_connect);
+@@ -1293,6 +1305,26 @@ peer_group2peer_config_copy (struct peer
+   else
+     peer->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV;
+ 
++#ifdef HAVE_TCP_MD5
++  /* password apply */
++  if (CHECK_FLAG (conf->flags, PEER_FLAG_PASSWORD))
++    {
++      if (peer->password)
++	free (peer->password);
++      peer->password = strdup (conf->password);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_set (bm->sock, peer, peer->password);
++    }
++  else if (peer->password)
++    {
++      if (sockunion_family (&peer->su) == AF_INET)
++        bgp_md5_unset (bm->sock, peer, peer->password);
++      free (peer->password);
++      peer->password = NULL;
++    }
++#endif /* HAVE_TCP_MD5 */
++
+   /* maximum-prefix */
+   peer->pmax[afi][safi] = conf->pmax[afi][safi];
+   peer->pmax_threshold[afi][safi] = conf->pmax_threshold[afi][safi];
+@@ -3270,6 +3302,119 @@ peer_local_as_unset (struct peer *peer)
+   return 0;
+ }
+ 
++#ifdef HAVE_TCP_MD5
++/* Set password for authenticating with the peer. */
++int
++peer_password_set (struct peer *peer, const char *password)
++{
++  struct peer_group *group;
++  struct listnode *nn;
++
++  if (peer->password && strcmp (peer->password, password) == 0
++      && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
++	return 0;
++
++  SET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++  if (peer->password)
++    free (peer->password);
++  peer->password = strdup (password);
++
++  if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
++    {
++      if (peer->status == Established)
++          bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
++      else
++        BGP_EVENT_ADD (peer, BGP_Stop);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_set (bm->sock, peer, peer->password);
++      return 0;
++    }
++
++  group = peer->group;
++  LIST_LOOP (group->peer, peer, nn)
++    {
++      if (peer->password && strcmp (peer->password, password) == 0)
++	continue;
++
++      SET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++      if (peer->password)
++        free (peer->password);
++      peer->password = strdup (password);
++
++      if (peer->status == Established)
++        bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
++      else
++        BGP_EVENT_ADD (peer, BGP_Stop);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_set (bm->sock, peer, peer->password);
++    }
++
++  return 0;
++}
++
++int
++peer_password_unset (struct peer *peer)
++{
++  struct peer_group *group;
++  struct listnode *nn;
++
++  if (! CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD)
++      && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
++    return 0;
++
++  if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
++    {
++      if (peer_group_active (peer)
++	  && CHECK_FLAG (peer->group->conf->flags, PEER_FLAG_PASSWORD))
++	return BGP_ERR_PEER_GROUP_HAS_THE_FLAG;
++
++      if (peer->status == Established)
++        bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
++      else
++        BGP_EVENT_ADD (peer, BGP_Stop);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_unset (bm->sock, peer, peer->password);
++
++      UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++      if (peer->password)
++	free (peer->password);
++      peer->password = NULL;
++
++      return 0;
++    }
++
++  UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++  if (peer->password)
++    free (peer->password);
++  peer->password = NULL;
++
++  group = peer->group;
++  LIST_LOOP (group->peer, peer, nn)
++    {
++      if (! CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD))
++	continue;
++
++      if (peer->status == Established)
++        bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
++      else
++        BGP_EVENT_ADD (peer, BGP_Stop);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_unset (bm->sock, peer, peer->password);
++
++      UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++      if (peer->password)
++        free (peer->password);
++      peer->password = NULL;
++    }
++
++  return 0;
++}
++#endif /* HAVE_TCP_MD5 */
++
+ /* Set distribute list to the peer. */
+ int
+ peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, 
+@@ -4286,6 +4431,16 @@ bgp_config_write_peer (struct vty *vty, 
+ 	    ! CHECK_FLAG (g_peer->flags, PEER_FLAG_SHUTDOWN))
+ 	  vty_out (vty, " neighbor %s shutdown%s", addr, VTY_NEWLINE);
+ 
++#ifdef HAVE_TCP_MD5
++      /* Password. */
++      if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD))
++	if (! peer_group_active (peer)
++	    || ! CHECK_FLAG (g_peer->flags, PEER_FLAG_PASSWORD)
++	    || strcmp (peer->password, g_peer->password) != 0)
++	  vty_out (vty, " neighbor %s password %s%s", addr, peer->password,
++		   VTY_NEWLINE);
++#endif /* HAVE_TCP_MD5 */
++
+       /* BGP port. */
+       if (peer->port != BGP_PORT_DEFAULT)
+ 	vty_out (vty, " neighbor %s port %d%s", addr, peer->port, 
+@@ -4817,6 +4972,9 @@ bgp_master_init ()
+   bm->port = BGP_PORT_DEFAULT;
+   bm->master = thread_master_create ();
+   bm->start_time = time (NULL);
++#ifdef HAVE_TCP_MD5
++  bm->sock = -1;
++#endif /* HAVE_TCP_MD5 */
+ }
+ 
+ void
+--- bgpd/bgpd.h  (revision 832)
++++ bgpd/bgpd.h  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -45,6 +45,11 @@ struct bgp_master
+ #define BGP_OPT_NO_FIB                   (1 << 0)
+ #define BGP_OPT_MULTIPLE_INSTANCE        (1 << 1)
+ #define BGP_OPT_CONFIG_CISCO             (1 << 2)
++
++#ifdef HAVE_TCP_MD5
++  /* bgp receive socket */
++  int sock;
++#endif /* HAVE_TCP_MD5 */
+ };
+ 
+ /* BGP instance structure.  */
+@@ -335,6 +340,7 @@ struct peer
+ #define PEER_FLAG_DYNAMIC_CAPABILITY        (1 << 6) /* dynamic capability */
+ #define PEER_FLAG_ENFORCE_MULTIHOP          (1 << 7) /* enforce-multihop */
+ #define PEER_FLAG_LOCAL_AS_NO_PREPEND       (1 << 8) /* local-as no-prepend */
++#define PEER_FLAG_PASSWORD                  (1 << 9) /* password */
+ 
+   /* Per AF configuration flags. */
+   u_int32_t af_flags[AFI_MAX][SAFI_MAX];
+@@ -356,6 +362,9 @@ struct peer
+ #define PEER_FLAG_MAX_PREFIX_WARNING        (1 << 15) /* maximum prefix warning-only */
+ #define PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED   (1 << 16) /* leave link-local nexthop unchanged */ 
+ 
++  /* MD5 password */
++  char *password;
++
+   /* default-originate route-map.  */
+   struct
+   {
+@@ -895,5 +904,10 @@ int peer_unsuppress_map_unset (struct pe
+ int peer_maximum_prefix_set (struct peer *, afi_t, safi_t, u_int32_t, u_char, int);
+ int peer_maximum_prefix_unset (struct peer *, afi_t, safi_t);
+ 
++#ifdef HAVE_TCP_MD5
++int peer_password_set (struct peer *, const char *);
++int peer_password_unset (struct peer *);
++#endif /* HAVE_TCP_MD5 */
++
+ int peer_clear (struct peer *);
+ int peer_clear_soft (struct peer *, afi_t, safi_t, enum bgp_clear_type);
+--- configure.ac  (revision 832)
++++ configure.ac  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -153,6 +153,8 @@ AC_ARG_ENABLE(irdp,
+ [  --enable-irdp                 enable IRDP server support in zebra])
+ AC_ARG_ENABLE(capabilities,
+ [  --disable-capabilities        disable using POSIX capabilities])
++AC_ARG_ENABLE(tcp-md5,
++[  --enable-tcp-md5  enable TCP MD5 Signature Option (RFC2385)])
+ AC_ARG_ENABLE(gcc_ultra_verbose,
+ [  --enable-gcc-ultra-verbose    enable ultra verbose GCC warnings])
+ AC_ARG_ENABLE(gcc-rdynamic,
+@@ -192,6 +194,11 @@ if test "${enable_ospf_te}" = "yes"; the
+   AC_DEFINE(HAVE_OSPF_TE,,OSPF TE)
+ fi
+ 
++if test "${enable_tcp_md5}" = "yes"; then
++  AC_DEFINE(HAVE_TCP_MD5,,Linux TCP MD5 Signature Option)
++fi
++
++
+ AC_MSG_CHECKING(if zebra should be configurable to send Route Advertisements)
+ if test "${enable_rtadv}" != "no"; then
+   AC_MSG_RESULT(yes)
diff --git a/net-misc/quagga/files/quagga.env b/net-misc/quagga/files/quagga.env
new file mode 100644
index 000000000000..efef58e06c47
--- /dev/null
+++ b/net-misc/quagga/files/quagga.env
@@ -0,0 +1 @@
+LDPATH="/usr/lib/quagga"
diff --git a/net-misc/quagga/files/quagga.pam b/net-misc/quagga/files/quagga.pam
new file mode 100644
index 000000000000..486d45df9975
--- /dev/null
+++ b/net-misc/quagga/files/quagga.pam
@@ -0,0 +1,26 @@
+#%PAM-1.0
+#
+
+##### if running quagga as root:
+# Only allow root (and possibly wheel) to use this because enable access
+# is unrestricted.
+auth       sufficient   /lib/security/pam_rootok.so
+
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth       sufficient   /lib/security/pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth       required     /lib/security/pam_wheel.so use_uid
+###########################################################
+
+# If using quagga privileges and with a seperate group for vty access, then
+# access can be controlled via the vty access group, and pam can simply
+# check for valid user/password, eg:
+#
+# only allow local users.
+#auth       required     /lib/security/pam_securetty.so
+#auth       required     /lib/security/pam_stack.so service=system-auth
+#auth       required     /lib/security/pam_nologin.so
+#account    required     /lib/security/pam_stack.so service=system-auth
+#password   required     /lib/security/pam_stack.so service=system-auth
+#session    required     /lib/security/pam_stack.so service=system-auth
+#session    optional     /lib/security/pam_console.so
diff --git a/net-misc/quagga/metadata.xml b/net-misc/quagga/metadata.xml
index e96396a5020f..d654a18f4fbf 100644
--- a/net-misc/quagga/metadata.xml
+++ b/net-misc/quagga/metadata.xml
@@ -8,7 +8,7 @@
 		<description>Primary Maintainer</description>
 	</maintainer>
 	<maintainer>
-		<email>ueli@gentoo.org</email>
+		<email>mrness@gentoo.org</email>
 		<description>Secondary Maintainer</description>
 	</maintainer>
         <longdescription>Quagga is a modern fork of Zebra. Quagga is a routing software package that provides TCP/IP based routing services with routing protocols support such as RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+ (*note Supported RFC::). Quagga also supports special BGP Route Reflector and Route Server behavior.  In addition to traditional IPv4 routing protocols, Quagga also supports IPv6 routing protocols. With SNMP daemon which supports SMUX protocol, Quagga provides routing protocol MIBs (*note SNMP Support::). Furthermore Quagga supports OSPFAPI (*note OSPFAPI Support::), a API interface to the OSPF LSDB. It supports inspection as well as injection of normal and opaque OSPF LSAs. Applications like SRRD - The Service Rounting Redundancy Daemon - can make use of OSPFAPI to inject opaque data into the OSPF routing domain. SRRD, for example, implements a cluster server by using the OSPFAPI to flood service state information into the routing domain.</longdescription>
diff --git a/net-misc/quagga/quagga-0.96.4-r6.ebuild b/net-misc/quagga/quagga-0.96.4-r6.ebuild
index 31bd4531796e..a1326d86c7ef 100644
--- a/net-misc/quagga/quagga-0.96.4-r6.ebuild
+++ b/net-misc/quagga/quagga-0.96.4-r6.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.96.4-r6.ebuild,v 1.8 2004/10/22 08:16:24 amir Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.96.4-r6.ebuild,v 1.9 2005/03/20 18:09:43 mrness Exp $
 
 inherit eutils
 
@@ -65,7 +65,7 @@ src_compile() {
 
 	# configure the stuff
 
-	./configure --host=${HOST} --prefix=/usr --enable-tcp-zebra \
+	./configure --host=${CHOST} --prefix=/usr --enable-tcp-zebra \
 	            --enable-nssa --enable-opaque-lsa --enable-ospf-te \
 		    --enable-ospf-secondary \
 		    --enable-user=${QUAGGA_USER} \
@@ -101,7 +101,9 @@ src_install() {
 
 pkg_postinst() {
 	# empty dir for pid files for the new priv separation auth
-	install -d -m0755 -o quagga -g quagga ${ROOT}/var/run/quagga
+	#set proper owner/group/perms even if dir already existed
+	install -d -m0700 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/etc/quagga
+	install -d -m0755 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/var/run/quagga
 
 	einfo "Sample configuration files can be found in /etc/quagga/sample."
 	einfo "You have to create config files in /etc/quagga before"
diff --git a/net-misc/quagga/quagga-0.96.5-r1.ebuild b/net-misc/quagga/quagga-0.96.5-r1.ebuild
index 80564580f947..05b4c281ab15 100644
--- a/net-misc/quagga/quagga-0.96.5-r1.ebuild
+++ b/net-misc/quagga/quagga-0.96.5-r1.ebuild
@@ -1,7 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
-# Copyright 2003-2004 DataCore GmbH
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.96.5-r1.ebuild,v 1.1 2004/10/22 08:16:24 amir Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.96.5-r1.ebuild,v 1.2 2005/03/20 18:09:43 mrness Exp $
 
 inherit eutils
 
@@ -79,7 +78,7 @@ src_compile() {
 
 	# configure the stuff
 
-	./configure --host=${HOST} \
+	./configure --host=${CHOST} \
 		    --prefix=${D}/usr \
 		    --enable-tcp-zebra \
 	            --enable-nssa \
@@ -117,7 +116,9 @@ src_install() {
 
 pkg_postinst() {
 	# empty dir for pid files for the new priv separation auth
-	install -d -m0755 -o quagga -g quagga ${ROOT}/var/run/quagga
+	#set proper owner/group/perms even if dir already existed
+	install -d -m0700 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/etc/quagga
+	install -d -m0755 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/var/run/quagga
 
 	einfo "Sample configuration files can be found in /etc/quagga/sample."
 	einfo "You have to create config files in /etc/quagga before"
diff --git a/net-misc/quagga/quagga-0.96.5.ebuild b/net-misc/quagga/quagga-0.96.5.ebuild
index 6ed6f606cd37..66dbad3222dc 100644
--- a/net-misc/quagga/quagga-0.96.5.ebuild
+++ b/net-misc/quagga/quagga-0.96.5.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.96.5.ebuild,v 1.2 2004/10/22 08:16:24 amir Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.96.5.ebuild,v 1.3 2005/03/20 18:09:43 mrness Exp $
 
 inherit eutils
 
@@ -66,7 +66,7 @@ src_compile() {
 
 	# configure the stuff
 
-	./configure --host=${HOST} --prefix=/usr --enable-tcp-zebra \
+	./configure --host=${CHOST} --prefix=/usr --enable-tcp-zebra \
 	            --enable-nssa --enable-opaque-lsa --enable-ospf-te \
 		    --enable-ospf-secondary \
 		    --enable-user=${QUAGGA_USER} \
@@ -102,7 +102,9 @@ src_install() {
 
 pkg_postinst() {
 	# empty dir for pid files for the new priv separation auth
-	install -d -m0755 -o quagga -g quagga ${ROOT}/var/run/quagga
+	#set proper owner/group/perms even if dir already existed
+	install -d -m0700 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/etc/quagga
+	install -d -m0755 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/var/run/quagga
 
 	einfo "Sample configuration files can be found in /etc/quagga/sample."
 	einfo "You have to create config files in /etc/quagga before"
diff --git a/net-misc/quagga/quagga-0.97.1.ebuild b/net-misc/quagga/quagga-0.97.1.ebuild
index ef2b38ea5a86..2f77493b000a 100644
--- a/net-misc/quagga/quagga-0.97.1.ebuild
+++ b/net-misc/quagga/quagga-0.97.1.ebuild
@@ -1,7 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
-# Copyright 2003-2004 DataCore GmbH
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.97.1.ebuild,v 1.2 2004/10/25 17:35:17 amir Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.97.1.ebuild,v 1.3 2005/03/20 18:09:43 mrness Exp $
 
 inherit eutils
 
@@ -20,7 +19,7 @@ IUSE="ipv6 snmp pam tcpmd5 ospfapi"
 DEPEND="virtual/libc
 	sys-devel/binutils
 	sys-apps/iproute2
-	=sys-libs/libcap-1.10-r3
+	>=sys-libs/libcap-1.10-r3
 	!sys-apps/zebra
 	!sys-apps/zebra-ag-svn
 	!sys-apps/zebra-pj-cvs
@@ -79,7 +78,7 @@ src_compile() {
 
 	# configure the stuff
 
-	./configure --host=${HOST} \
+	./configure --host=${CHOST} \
 		    --prefix=${D}/usr \
 		    --enable-tcp-zebra \
 	            --enable-nssa \
@@ -117,7 +116,9 @@ src_install() {
 
 pkg_postinst() {
 	# empty dir for pid files for the new priv separation auth
-	install -d -m0755 -o quagga -g quagga ${ROOT}/var/run/quagga
+	#set proper owner/group/perms even if dir already existed
+	install -d -m0700 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/etc/quagga
+	install -d -m0755 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/var/run/quagga
 
 	einfo "Sample configuration files can be found in /etc/quagga/sample."
 	einfo "You have to create config files in /etc/quagga before"
diff --git a/net-misc/quagga/quagga-0.97.2.ebuild b/net-misc/quagga/quagga-0.97.2.ebuild
index 2b75b326338d..602a0d5a2e76 100644
--- a/net-misc/quagga/quagga-0.97.2.ebuild
+++ b/net-misc/quagga/quagga-0.97.2.ebuild
@@ -1,7 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
-# Copyright 2003-2004 DataCore GmbH
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.97.2.ebuild,v 1.2 2004/11/02 23:40:23 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.97.2.ebuild,v 1.3 2005/03/20 18:09:43 mrness Exp $
 
 inherit eutils
 
@@ -18,7 +17,7 @@ KEYWORDS="~alpha ~amd64 ~arm ~ppc ~sparc ~x86"
 IUSE="ipv6 snmp pam tcpmd5 ospfapi"
 
 RDEPEND="sys-apps/iproute2
-	=sys-libs/libcap-1.10-r3
+	>=sys-libs/libcap-1.10-r3
 	!sys-apps/zebra
 	!sys-apps/zebra-ag-svn
 	!sys-apps/zebra-pj-cvs
@@ -80,7 +79,7 @@ src_compile() {
 
 	# configure the stuff
 
-	./configure --host=${HOST} \
+	./configure --host=${CHOST} \
 		    --prefix=${D}/usr \
 		    --enable-tcp-zebra \
 	            --enable-nssa \
@@ -118,7 +117,9 @@ src_install() {
 
 pkg_postinst() {
 	# empty dir for pid files for the new priv separation auth
-	install -d -m0755 -o quagga -g quagga ${ROOT}/var/run/quagga
+	#set proper owner/group/perms even if dir already existed
+	install -d -m0700 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/etc/quagga
+	install -d -m0755 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/var/run/quagga
 
 	einfo "Sample configuration files can be found in /etc/quagga/sample."
 	einfo "You have to create config files in /etc/quagga before"
diff --git a/net-misc/quagga/quagga-0.98.2.ebuild b/net-misc/quagga/quagga-0.98.2.ebuild
new file mode 100644
index 000000000000..95804b4909db
--- /dev/null
+++ b/net-misc/quagga/quagga-0.98.2.ebuild
@@ -0,0 +1,133 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.98.2.ebuild,v 1.1 2005/03/20 18:09:43 mrness Exp $
+
+inherit eutils
+
+DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Includes OSPFAPI, NET-SNMP and IPV6 support."
+HOMEPAGE="http://quagga.net/"
+SRC_URI="http://www.quagga.net/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ppc ~sparc ~x86"
+IUSE="ipv6 snmp pam tcpmd5 bgpclassless ospfapi"
+
+RDEPEND="!net-misc/zebra
+	sys-apps/iproute2
+	sys-libs/libcap
+	snmp? ( net-analyzer/net-snmp )
+	pam? ( sys-libs/pam )"
+DEPEND="${RDEPEND}
+	virtual/libc
+	sys-devel/binutils"
+
+# TCP MD5 for BGP patch for Linux (RFC 2385) 
+MD5_PATCH="ht-20050110-0.98.0-bgp-md5.patch"
+# http://hasso.linux.ee/quagga/ht-20050110-0.98.0-bgp-md5.patch
+
+# Classless prefixes for BGP
+CLASSLESS_PATCH="ht-20040304-classless-bgp.patch"
+# http://hasso.linux.ee/quagga/pending-patches/ht-20040304-classless-bgp.patch
+
+# Connected route fix (Amir)
+CONNECTED_PATCH="amir-connected-route.patch"
+# http://voidptr.sboost.org/quagga/amir-connected-route.patch.bz2
+
+[ -z "${QUAGGA_USER_NAME}" ] && QUAGGA_USER_NAME="quagga"
+[ -z "${QUAGGA_USER_UID}" ] && QUAGGA_USER_UID="-1"
+[ -z "${QUAGGA_GROUP_NAME}" ] && QUAGGA_GROUP_NAME="quagga"
+#[ -z "${QUAGGA_GROUP_GID}" ] && QUAGGA_GROUP_GID=""
+[ -z "${QUAGGA_VTYGROUP}" ] && QUAGGA_VTYGROUP="quagga"
+[ -z "${QUAGGA_USER_SH}" ] && QUAGGA_USER_SH="/bin/false"
+[ -z "${QUAGGA_USER_HOMEDIR}" ] && QUAGGA_USER_HOMEDIR=/var/empty
+[ -z "${QUAGGA_USER_GROUPS}" ] && QUAGGA_USER_GROUPS=${QUAGGA_GROUP_NAME}
+[ -z "${QUAGGA_STATEDIR}" ] && QUAGGA_STATEDIR=/var/run/quagga
+
+pkg_preinst() {
+	enewgroup ${QUAGGA_GROUP_NAME} ${QUAGGA_GROUP_GID}
+	enewuser ${QUAGGA_USER_NAME} ${QUAGGA_USER_UID} ${QUAGGA_USER_SH} ${QUAGGA_USER_HOMEDIR} ${QUAGGA_USER_GROUPS}
+	fperms 770 /etc/quagga || die
+	fowners root:${QUAGGA_GROUP_NAME} /etc/quagga || die
+}
+
+src_unpack() {
+	unpack ${A} || die "failed to unpack sources"
+
+	cd ${S} || die "source dir not found"
+	use tcpmd5 && epatch ${FILESDIR}/patches-${PV}/${MD5_PATCH}
+	use bgpclassless && epatch ${FILESDIR}/patches-${PV}/${CLASSLESS_PATCH}
+	# non-upstream connected route patch
+	epatch ${FILESDIR}/patches-${PV}/${CONNECTED_PATCH}
+}
+
+src_compile() {
+	# regenerate configure and co if we touch .ac or .am files
+	#export WANT_AUTOMAKE=1.7
+	#./update-autotools || die
+	autoreconf
+	libtoolize --copy --force
+
+	local myconf="--disable-static --enable-dynamic"
+
+	use ipv6 \
+			&& myconf="${myconf} --enable-ipv6 --enable-ripng --enable-ospf6d --enable-rtadv" \
+			|| myconf="${myconf} --disable-ipv6 --disable-ripngd --disable-ospf6d"
+	use ospfapi \
+			&& myconf="${myconf} --enable-opaque-lsa --enable-ospf-te --enable-ospfclient"
+	use snmp && myconf="${myconf} --enable-snmp"
+	use pam && myconf="${myconf} --with-libpam"
+	use tcpmd5 && myconf="${myconf} --enable-tcp-md5"
+
+	econf \
+		--enable-tcp-zebra \
+		--enable-nssa \
+		--enable-user=${QUAGGA_USER_NAME} \
+		--enable-group=${QUAGGA_GROUP_NAME} \
+		--enable-vty-group=${QUAGGA_VTYGROUP} \
+		--with-cflags="${CFLAGS}" \
+		--enable-vtysh \
+		--sysconfdir=/etc/quagga \
+		--enable-exampledir=/etc/quagga/samples \
+		--localstatedir=${QUAGGA_STATEDIR} \
+		--libdir=/usr/lib/quagga \
+		${myconf} \
+		|| die "configure failed"
+	emake || die "make failed"
+}
+
+src_install() {
+	einstall \
+		localstatedir=${D}/${QUAGGA_STATEDIR} \
+		sysconfdir=${D}/etc/quagga \
+		exampledir=${D}/etc/quagga/samples \
+		libdir=${D}/usr/lib/quagga || die "make install failed"
+
+	keepdir /var/run/quagga || die
+
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/init/zebra zebra && \
+		newexe ${FILESDIR}/init/ripd ripd && \
+		newexe ${FILESDIR}/init/ospfd ospfd && \
+		( ! use ipv6 || newexe ${FILESDIR}/init/ripngd ripngd ) && \
+		( ! use ipv6 || newexe ${FILESDIR}/init/ospf6d ospf6d ) && \
+		newexe ${FILESDIR}/init/bgpd bgpd || die "failed to install init scripts"
+
+	if use pam; then
+		insinto /etc/pam.d
+		newins ${FILESDIR}/quagga.pam quagga
+	fi
+
+	newenvd ${FILESDIR}/quagga.env 99quagga
+}
+
+pkg_postinst() {
+	# empty dir for pid files for the new priv separation auth
+	#set proper owner/group/perms even if dir already existed
+	install -d -m0700 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/etc/quagga
+	install -d -m0755 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/var/run/quagga
+
+	einfo "Sample configuration files can be found in /etc/quagga/sample."
+	einfo "You have to create config files in /etc/quagga before"
+	einfo "starting one of the daemons."
+}