From d1347595abe451baa2ad4b1a81c15e160135ecf0 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 3 Jul 2013 21:38:17 +0200
Subject: [PATCH 1/8] gperf: New package.

---
 config/rootfiles/common/gperf |  4 ++
 lfs/gperf                     | 76 +++++++++++++++++++++++++++++++++++
 make.sh                       |  1 +
 3 files changed, 81 insertions(+)
 create mode 100644 config/rootfiles/common/gperf
 create mode 100644 lfs/gperf

diff --git a/config/rootfiles/common/gperf b/config/rootfiles/common/gperf
new file mode 100644
index 000000000..7c3a1cb61
--- /dev/null
+++ b/config/rootfiles/common/gperf
@@ -0,0 +1,4 @@
+#usr/bin/gperf
+#usr/share/doc/gperf.html
+#usr/share/info/gperf.info
+#usr/share/man/man1/gperf.1
diff --git a/lfs/gperf b/lfs/gperf
new file mode 100644
index 000000000..ac33857f1
--- /dev/null
+++ b/lfs/gperf
@@ -0,0 +1,76 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013 IPFire Development Team                                  #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 3.0.4
+
+THISAPP    = gperf-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = c1f1db32fb6598d6a93e6e88796a8632
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
+	cd $(DIR_APP) && make $(MAKETUNING)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 71df2c9b2..662f2c0de 100755
--- a/make.sh
+++ b/make.sh
@@ -333,6 +333,7 @@ buildbase() {
     lfsmake2 gettext
     lfsmake2 grep
     lfsmake2 groff
+    lfsmake2 gperf
     lfsmake2 gzip
     lfsmake2 inetutils
     lfsmake2 iproute2

From 3f7ae7b7158e6d15a273815c676e63794346fffe Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 4 Jul 2013 12:41:25 +0200
Subject: [PATCH 2/8] strongswan: Update to 5.1.0dr1.

---
 config/rootfiles/common/strongswan | 3 +++
 lfs/strongswan                     | 8 +++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index 2d5d42b43..978802917 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -51,15 +51,18 @@ usr/lib/ipsec/plugins/libstrongswan-openssl.so
 usr/lib/ipsec/plugins/libstrongswan-pem.so
 usr/lib/ipsec/plugins/libstrongswan-pgp.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs1.so
+usr/lib/ipsec/plugins/libstrongswan-pkcs12.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs7.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs8.so
 usr/lib/ipsec/plugins/libstrongswan-pubkey.so
 usr/lib/ipsec/plugins/libstrongswan-random.so
+usr/lib/ipsec/plugins/libstrongswan-rc2.so
 usr/lib/ipsec/plugins/libstrongswan-resolve.so
 usr/lib/ipsec/plugins/libstrongswan-revocation.so
 usr/lib/ipsec/plugins/libstrongswan-sha1.so
 usr/lib/ipsec/plugins/libstrongswan-sha2.so
 usr/lib/ipsec/plugins/libstrongswan-socket-default.so
+usr/lib/ipsec/plugins/libstrongswan-sshkey.so
 usr/lib/ipsec/plugins/libstrongswan-stroke.so
 usr/lib/ipsec/plugins/libstrongswan-updown.so
 usr/lib/ipsec/plugins/libstrongswan-x509.so
diff --git a/lfs/strongswan b/lfs/strongswan
index b3ce846b7..c370181ff 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,12 +24,13 @@
 
 include Config
 
-VER        = 5.0.4
+VER        = 5.1.0dr1
+GIT_VER    = 1d72875
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/$(THISAPP)
+DIR_APP    = $(DIR_SRC)/strongswan-$(GIT_VER)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 ifeq "$(MACHINE)" "i586"
@@ -46,7 +47,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 7085ac1d28dcc250096553fa51c3a4ea
+$(DL_FILE)_MD5 = c5698c2c56f3ce08e5515f375fc99cef
 
 install : $(TARGET)
 
@@ -79,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.5.3_ipfire.patch
 
+	cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
 	cd $(DIR_APP) && ./configure \
 		--prefix="/usr" \
 		--sysconfdir="/etc" \

From 82efdd4f22af3a3f37c99444c1ee65934920ea24 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 14 Jul 2013 12:58:38 +0200
Subject: [PATCH 3/8] strongswan: Update to 5.1.0dr2.

---
 lfs/strongswan | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/lfs/strongswan b/lfs/strongswan
index c370181ff..372320705 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,13 +24,12 @@
 
 include Config
 
-VER        = 5.1.0dr1
-GIT_VER    = 1d72875
+VER        = 5.1.0dr2
 
 THISAPP    = strongswan-$(VER)
-DL_FILE    = $(THISAPP).tar.gz
+DL_FILE    = $(THISAPP).tar.bz2
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/strongswan-$(GIT_VER)
+DIR_APP    = $(DIR_SRC)/strongswan-$(VER)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 ifeq "$(MACHINE)" "i586"
@@ -47,7 +46,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = c5698c2c56f3ce08e5515f375fc99cef
+$(DL_FILE)_MD5 = fce82d733d6aaaafdea652eb157ba45a
 
 install : $(TARGET)
 
@@ -89,7 +88,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--enable-eap-radius \
 		$(PADLOCK)
 
-	cd $(DIR_APP) && make $(MAKETUNING)
+	cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"
 	cd $(DIR_APP) && make install
 
 	# Remove all library files we don't want or need.

From e0cdf670a3d79b6d607f7eade6d99743f5cd5769 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 16 Jul 2013 12:04:29 +0200
Subject: [PATCH 4/8] ipsecctrl: Re-read everything when configuration is
 reloaded.

---
 src/misc-progs/ipsecctrl.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 633004e23..365807c9e 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -144,8 +144,8 @@ void turn_connection_on(char *name, char *type) {
                 "/usr/sbin/ipsec down %s >/dev/null", name);
         safe_system(command);
 
-	// Reload the configuration into the daemon.
-	safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+	// Reload the configuration into the daemon (#10339).
+	ipsec_reload();
 
 	// Bring the connection up again.
 	snprintf(command, STRING_SIZE - 1,
@@ -169,7 +169,15 @@ void turn_connection_off (char *name) {
         safe_system(command);
 
 	// Reload, so the connection is dropped.
-        safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+	ipsec_reload();
+}
+
+void ipsec_reload() {
+	/* Re-read all configuration files and secrets and
+	 * reload the daemon (#10339).
+	 */
+	safe_system("/usr/sbin/ipsec rereadall >/dev/null 2>&1");
+	safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
 }
 
 int main(int argc, char *argv[]) {
@@ -193,7 +201,7 @@ int main(int argc, char *argv[]) {
         }
 
         if (strcmp(argv[1], "R") == 0) {
-                safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+		ipsec_reload();
                 exit(0);
         }
 

From 05f4061d10a1bacb9a3c60205d8d88b84f216d29 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 20 Jul 2013 12:49:46 +0200
Subject: [PATCH 5/8] ipsec: Add ECP cryptography.

Allow selecting ECDH for IPsec VPN connections.
---
 html/cgi-bin/vpnmain.cgi | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 26f179341..2e3ef9a57 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -316,9 +316,16 @@ sub writeipsecfiles {
 	        foreach my $j (@ints) {
 	    	    foreach my $k (@groups) {
 		        if ($comma != 0) { print CONF ","; } else { $comma = 1; }
-		    print CONF "$i-$j-modp$k";
-		}
+
+		        my @l = split("", $k);
+		        if ($l[0] eq "e") {
+		            shift @l;
+		            print CONF "$i-$j-ecp".join("", @l);
+		        } else {
+		            print CONF "$i-$j-modp$k";
+		        }
 		    }
+	        }
 	    }
 	    if ($lconfighash{$key}[24] eq 'on') {	#only proposed algorythms?
 		print CONF "!\n";
@@ -339,7 +346,12 @@ sub writeipsecfiles {
 				foreach my $k (@groups) {
 				    if ($comma != 0) { print CONF ","; } else { $comma = 1; }
 				    if ($pfs eq "on") {
-					$modp = "-modp$k";
+					my @l = split("", $k);
+					if ($l[0] eq "e") {
+						$modp = "";
+					} else {
+						$modp = "-modp$k";
+					}
 				    } else {
 				        $modp = "";
 				    }
@@ -411,7 +423,7 @@ sub writeipsecfiles {
 
 # Hook to regenerate the configuration files.
 if ($ENV{"REMOTE_ADDR"} eq "") {
-	writeipsecfiles;
+	writeipsecfiles();
 	exit(0);
 }
 
@@ -2111,7 +2123,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    goto ADVANCED_ERROR;
 	}
 	foreach my $val (@temp) {
-	    if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
+	    if ($val !~ /^(e521|e384|e256|e224|e192|1024|1536|2048|3072|4096|6144|8192)$/) {
 		$errormessage = $Lang::tr{'invalid input'};
 		goto ADVANCED_ERROR;
 	    }
@@ -2147,6 +2159,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    }
 	}
 	if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
+	    $cgiparams{'ESP_GROUPTYPE'} !~  /^ecp(192|224|256|384|512)$/ &&
 	    $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(1024|1536|2048|3072|4096|6144|8192)$/) {
 	    $errormessage = $Lang::tr{'invalid input'};
 	    goto ADVANCED_ERROR;
@@ -2305,6 +2318,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	
 	    <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike grouptype'}</td><td class='boldbase' valign='top'>
 		<select name='IKE_GROUPTYPE' multiple='multiple' size='4'>
+		<option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521</option>
+		<option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384</option>
+		<option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256</option>
+		<option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224</option>
+		<option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192</option>
 		<option value='8192' $checked{'IKE_GROUPTYPE'}{'8192'}>MODP-8192</option>
 		<option value='6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</option>
 		<option value='4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</option>

From 6b0a04c0f81ff33793783752aa8275974b12fdd5 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 20 Jul 2013 17:35:53 +0200
Subject: [PATCH 6/8] strongswan: Update to 5.1.0rc1.

---
 config/rootfiles/common/strongswan | 1 +
 lfs/strongswan                     | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index 1f5c6a0bc..5d61ec17b 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -76,6 +76,7 @@ usr/lib/ipsec/plugins/libstrongswan-sshkey.so
 usr/lib/ipsec/plugins/libstrongswan-stroke.so
 usr/lib/ipsec/plugins/libstrongswan-updown.so
 usr/lib/ipsec/plugins/libstrongswan-x509.so
+usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
 usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so
 usr/lib/ipsec/plugins/libstrongswan-xcbc.so
 #usr/libexec/ipsec
diff --git a/lfs/strongswan b/lfs/strongswan
index df71a3d29..de848f8f9 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.1.0dr2
+VER        = 5.1.0rc1
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = fce82d733d6aaaafdea652eb157ba45a
+$(DL_FILE)_MD5 = 8f31789837dd9868c279aa0c38ba82d9
 
 install : $(TARGET)
 

From 7f532e3725cba38c96a1cc0d0bd75802f8732994 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 1 Aug 2013 19:38:50 +0200
Subject: [PATCH 7/8] strongswan: Update to 5.1.0.

---
 lfs/strongswan | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/strongswan b/lfs/strongswan
index de848f8f9..4701f3478 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.1.0rc1
+VER        = 5.1.0
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 8f31789837dd9868c279aa0c38ba82d9
+$(DL_FILE)_MD5 = c1cd0a3ba9960f590cae28c8470800e8
 
 install : $(TARGET)
 

From 592efb85b898498361bd0b698cee18ec8dd35041 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 1 Aug 2013 19:41:21 +0200
Subject: [PATCH 8/8] core72: Add strongswan update.

---
 config/rootfiles/core/72/filelists/i586/strongswan-padlock | 1 +
 config/rootfiles/core/72/filelists/strongswan              | 1 +
 config/rootfiles/core/72/update.sh                         | 2 ++
 3 files changed, 4 insertions(+)
 create mode 120000 config/rootfiles/core/72/filelists/i586/strongswan-padlock
 create mode 120000 config/rootfiles/core/72/filelists/strongswan

diff --git a/config/rootfiles/core/72/filelists/i586/strongswan-padlock b/config/rootfiles/core/72/filelists/i586/strongswan-padlock
new file mode 120000
index 000000000..2412824fb
--- /dev/null
+++ b/config/rootfiles/core/72/filelists/i586/strongswan-padlock
@@ -0,0 +1 @@
+../../../../common/i586/strongswan-padlock
\ No newline at end of file
diff --git a/config/rootfiles/core/72/filelists/strongswan b/config/rootfiles/core/72/filelists/strongswan
new file mode 120000
index 000000000..90c727e26
--- /dev/null
+++ b/config/rootfiles/core/72/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/config/rootfiles/core/72/update.sh b/config/rootfiles/core/72/update.sh
index f365abb0e..4a5b943ad 100644
--- a/config/rootfiles/core/72/update.sh
+++ b/config/rootfiles/core/72/update.sh
@@ -34,6 +34,7 @@ done
 
 #
 #Stop services
+ipsec stop
 
 
 #
@@ -43,6 +44,7 @@ extract_files
 
 #
 #Start services
+ipsec start
 
 #
 #Update Language cache