From 8b417dd143a02900f8ba06510d7ffa3039f15be8 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 16 Jul 2013 19:38:54 +0200
Subject: [PATCH 1/4] proxy.cgi: Re-apply accidentially removed changes.

Removed in dfee7582f9b386126fcaa6c8cdcb98677e34f5b4,
originally introduced in 49c7cb232870cce6986f93bb6fc3b6dbf643ec07.
---
 html/cgi-bin/proxy.cgi | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 76d52b425..870042ae5 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3071,6 +3071,12 @@ icp_port 0
 
 END
 	;
+
+	# Include file with user defined settings.
+	if (-e "/etc/squid/squid.conf.pre.local") {
+		print FILE "include /etc/squid/squid.conf.pre.local\n\n";
+	}
+
 	print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
 	if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" }
 	if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }

From 25848b36da1363f46ad85570501e6aff7a3eec1e Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 16 Jul 2013 19:42:53 +0200
Subject: [PATCH 2/4] squidclamav: Fix permissions of /etc/squidclamav.conf.

The file must not be executable, but writeable by anybody
in the group nobody.
---
 lfs/squidclamav                | 3 ++-
 src/paks/squidclamav/update.sh | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lfs/squidclamav b/lfs/squidclamav
index 79bf5d010..7d9e6afec 100644
--- a/lfs/squidclamav
+++ b/lfs/squidclamav
@@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch
 	cd $(DIR_APP) && ./configure --prefix=/usr
 	cd $(DIR_APP) && make install
-	install -v -m 755  $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf
+	install -v -m 664 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf
+	chown -v root:nobody /etc/squidclamav.conf
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/squidclamav /var/ipfire/backup/addons/includes/squidclamav
 	chmod 755 /srv/web/ipfire/html/clwarn.cgi
 	@rm -rf $(DIR_APP)
diff --git a/src/paks/squidclamav/update.sh b/src/paks/squidclamav/update.sh
index 4b542164e..c7380d9c7 100644
--- a/src/paks/squidclamav/update.sh
+++ b/src/paks/squidclamav/update.sh
@@ -41,6 +41,10 @@ if [ "$VERSION" -lt "16" ]; then
      -e "s/^#squid_port 3128/squid_port 800/g" \
      -e "s/^#trust_cache 1/trust_cache 1/g" -i /etc/squidclamav.conf
 
+ # Fix permissions.
+ chmod 664 /etc/squidclamav.conf
+ chown root.nobody /etc/squidclamav.conf
+
  # Regenerate configuration files.
  perl /srv/web/ipfire/cgi-bin/proxy.cgi
 fi

From cfab012b143b6aaf7f181243c96616e060c08d05 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 16 Jul 2013 19:46:29 +0200
Subject: [PATCH 3/4] squidclamav: Fix indentation of update script.

---
 src/paks/squidclamav/update.sh | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/paks/squidclamav/update.sh b/src/paks/squidclamav/update.sh
index c7380d9c7..43760856c 100644
--- a/src/paks/squidclamav/update.sh
+++ b/src/paks/squidclamav/update.sh
@@ -28,25 +28,26 @@ extract_files
 VERSION=$(cat /opt/pakfire/db/installed/meta-squidclamav | grep Release | cut -d" " -f2)
 
 if [ "$VERSION" -gt "10" ]; then
- restore_backup ${NAME}
+	restore_backup ${NAME}
 fi
 
 if [ "$VERSION" -lt "11" ]; then
- sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf
+	sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf
 fi
 
 if [ "$VERSION" -lt "16" ]; then
- sed -e "s/proxy none//g" -i /etc/squidclamav.conf
- sed -e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \
-     -e "s/^#squid_port 3128/squid_port 800/g" \
-     -e "s/^#trust_cache 1/trust_cache 1/g" -i /etc/squidclamav.conf
+	sed -i /etc/squidclamav.conf \
+		-e "s/proxy none//g" \
+		-e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \
+		-e "s/^#squid_port 3128/squid_port 800/g" \
+		-e "s/^#trust_cache 1/trust_cache 1/g"
 
- # Fix permissions.
- chmod 664 /etc/squidclamav.conf
- chown root.nobody /etc/squidclamav.conf
+	# Fix permissions.
+	chmod 664 /etc/squidclamav.conf
+	chown root.nobody /etc/squidclamav.conf
 
- # Regenerate configuration files.
- perl /srv/web/ipfire/cgi-bin/proxy.cgi
+	# Regenerate configuration files.
+	perl /srv/web/ipfire/cgi-bin/proxy.cgi
 fi
  
 /etc/init.d/squid restart

From 15be554282c3c424d5d9eab9de62f6fde4203585 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 16 Jul 2013 20:54:28 +0200
Subject: [PATCH 4/4] strongswan: Enable EAP authentication algorithms.

---
 config/rootfiles/common/strongswan | 10 ++++++++++
 lfs/strongswan                     |  6 ++++++
 2 files changed, 16 insertions(+)

diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index 2d5d42b43..c94ce6f3b 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -31,6 +31,11 @@ usr/lib/ipsec/libradius.so.0.0.0
 usr/lib/ipsec/libstrongswan.so
 usr/lib/ipsec/libstrongswan.so.0
 usr/lib/ipsec/libstrongswan.so.0.0.0
+#usr/lib/ipsec/libtls.a
+#usr/lib/ipsec/libtls.la
+usr/lib/ipsec/libtls.so
+usr/lib/ipsec/libtls.so.0
+usr/lib/ipsec/libtls.so.0.0.0
 #usr/lib/ipsec/plugins
 usr/lib/ipsec/plugins/libstrongswan-aes.so
 usr/lib/ipsec/plugins/libstrongswan-attr.so
@@ -39,7 +44,12 @@ usr/lib/ipsec/plugins/libstrongswan-constraints.so
 usr/lib/ipsec/plugins/libstrongswan-curl.so
 usr/lib/ipsec/plugins/libstrongswan-des.so
 usr/lib/ipsec/plugins/libstrongswan-dnskey.so
+usr/lib/ipsec/plugins/libstrongswan-eap-identity.so
+usr/lib/ipsec/plugins/libstrongswan-eap-mschapv2.so
+usr/lib/ipsec/plugins/libstrongswan-eap-peap.so
 usr/lib/ipsec/plugins/libstrongswan-eap-radius.so
+usr/lib/ipsec/plugins/libstrongswan-eap-tls.so
+usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so
 usr/lib/ipsec/plugins/libstrongswan-fips-prf.so
 usr/lib/ipsec/plugins/libstrongswan-gmp.so
 usr/lib/ipsec/plugins/libstrongswan-hmac.so
diff --git a/lfs/strongswan b/lfs/strongswan
index b3ce846b7..a6075a289 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -84,7 +84,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--sysconfdir="/etc" \
 		--enable-curl \
 		--enable-openssl \
+		--enable-xauth-eap \
 		--enable-eap-radius \
+		--enable-eap-tls \
+		--enable-eap-ttls \
+		--enable-eap-peap \
+		--enable-eap-mschapv2 \
+		--enable-eap-identity \
 		$(PADLOCK)
 
 	cd $(DIR_APP) && make $(MAKETUNING)