Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into strongswan-next

config/rootfiles/common/strongswan

@@ -31,6 +31,11 @@ usr/lib/ipsec/libradius.so.0.0.0
 usr/lib/ipsec/libstrongswan.so
 usr/lib/ipsec/libstrongswan.so.0
 usr/lib/ipsec/libstrongswan.so.0.0.0
+#usr/lib/ipsec/libtls.a
+#usr/lib/ipsec/libtls.la
+usr/lib/ipsec/libtls.so
+usr/lib/ipsec/libtls.so.0
+usr/lib/ipsec/libtls.so.0.0.0
 #usr/lib/ipsec/plugins
 usr/lib/ipsec/plugins/libstrongswan-aes.so
 usr/lib/ipsec/plugins/libstrongswan-attr.so
@@ -39,7 +44,12 @@ usr/lib/ipsec/plugins/libstrongswan-constraints.so
 usr/lib/ipsec/plugins/libstrongswan-curl.so
 usr/lib/ipsec/plugins/libstrongswan-des.so
 usr/lib/ipsec/plugins/libstrongswan-dnskey.so
+usr/lib/ipsec/plugins/libstrongswan-eap-identity.so
+usr/lib/ipsec/plugins/libstrongswan-eap-mschapv2.so
+usr/lib/ipsec/plugins/libstrongswan-eap-peap.so
 usr/lib/ipsec/plugins/libstrongswan-eap-radius.so
+usr/lib/ipsec/plugins/libstrongswan-eap-tls.so
+usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so
 usr/lib/ipsec/plugins/libstrongswan-fips-prf.so
 usr/lib/ipsec/plugins/libstrongswan-gmp.so
 usr/lib/ipsec/plugins/libstrongswan-hmac.so

html/cgi-bin/proxy.cgi

@@ -3071,6 +3071,12 @@ icp_port 0
 
 END
 	;
+
+	# Include file with user defined settings.
+	if (-e "/etc/squid/squid.conf.pre.local") {
+		print FILE "include /etc/squid/squid.conf.pre.local\n\n";
+	}
+
 	print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
 	if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" }
 	if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }

lfs/squidclamav

@@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch
 	cd $(DIR_APP) && ./configure --prefix=/usr
 	cd $(DIR_APP) && make install
-	install -v -m 755  $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf
+	install -v -m 664 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf
+	chown -v root:nobody /etc/squidclamav.conf
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/squidclamav /var/ipfire/backup/addons/includes/squidclamav
 	chmod 755 /srv/web/ipfire/html/clwarn.cgi
 	@rm -rf $(DIR_APP)

lfs/strongswan

@@ -85,7 +85,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--sysconfdir="/etc" \
 		--enable-curl \
 		--enable-openssl \
+		--enable-xauth-eap \
 		--enable-eap-radius \
+		--enable-eap-tls \
+		--enable-eap-ttls \
+		--enable-eap-peap \
+		--enable-eap-mschapv2 \
+		--enable-eap-identity \
 		$(PADLOCK)
 
 	cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"

src/paks/squidclamav/update.sh

@@ -28,21 +28,26 @@ extract_files
 VERSION=$(cat /opt/pakfire/db/installed/meta-squidclamav | grep Release | cut -d" " -f2)
 
 if [ "$VERSION" -gt "10" ]; then
- restore_backup ${NAME}
+	restore_backup ${NAME}
 fi
 
 if [ "$VERSION" -lt "11" ]; then
- sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf
+	sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf
 fi
 
 if [ "$VERSION" -lt "16" ]; then
- sed -e "s/proxy none//g" -i /etc/squidclamav.conf
- sed -e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \
-     -e "s/^#squid_port 3128/squid_port 800/g" \
-     -e "s/^#trust_cache 1/trust_cache 1/g" -i /etc/squidclamav.conf
+	sed -i /etc/squidclamav.conf \
+		-e "s/proxy none//g" \
+		-e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \
+		-e "s/^#squid_port 3128/squid_port 800/g" \
+		-e "s/^#trust_cache 1/trust_cache 1/g"
 
- # Regenerate configuration files.
- perl /srv/web/ipfire/cgi-bin/proxy.cgi
+	# Fix permissions.
+	chmod 664 /etc/squidclamav.conf
+	chown root.nobody /etc/squidclamav.conf
+
+	# Regenerate configuration files.
+	perl /srv/web/ipfire/cgi-bin/proxy.cgi
 fi
  
 /etc/init.d/squid restart