Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x

config/backup/includes/stunnel

@@ -0,0 +1 @@
+/etc/stunnel/

config/etc/passwd

@@ -8,6 +8,7 @@ mysql:x:41:41:MySQL Server:/dev/null:/bin/false
 ftp:x:45:45:anonymous_user:/home/ftp:/bin/false
 vsftpd:x:47:47:vsftpd User:/home/ftp:/bin/false
 rsyncd:x:48:48:rsyncd Daemon:/home/rsync:/bin/false
+stunnel:x:51:51:stunnel Daemon:/var/lib/stunnel:/bin/false
 sshd:x:74:74:sshd:/var/empty:/bin/false
 nobody:x:99:99:Nobody:/home/nobody:/bin/false
 postfix:x:100:100::/var/spool/postfix:/bin/false

config/firewall/convert-outgoingfw

@@ -427,8 +427,8 @@ sub process_rules
 				$grp1='std_net_src';
 				$source='ORANGE';
 			}elsif ($configline[2] eq 'red') {
-				$grp1='std_net_src';
-				$source='IPFire';
+				$grp1='ipfire_src';
+				$source='RED1';
 				&General::readhash($fwdfwsettings,\%fwdsettings);
 				$fwdsettings{'POLICY1'}=$outsettings{'POLICY'};
 				$fwdsettings{'POLICY'}=$outsettings{'POLICY'};
@@ -538,7 +538,7 @@ sub process_rules
 		my $chain;
 		foreach my $protocol (@prot){
 			my $now=localtime;
-			if ($source eq 'IPFire'){
+			if ($source eq 'RED1'){
 				$chain='OUTGOINGFW';
 			}else{
 				$chain='FORWARDFW';

config/kernel/kernel.config.armv5tel-ipfire-rpi

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.10.32 Kernel Configuration
+# Linux/arm 3.10.38 Kernel Configuration
 #
 CONFIG_ARM=y
 CONFIG_SYS_SUPPORTS_APM_EMULATION=y
@@ -681,6 +681,8 @@ CONFIG_NETFILTER_XT_MATCH_HELPER=m
 CONFIG_NETFILTER_XT_MATCH_HL=m
 CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
 CONFIG_NETFILTER_XT_MATCH_IPVS=m
+CONFIG_NETFILTER_XT_MATCH_LAYER7=m
+# CONFIG_NETFILTER_XT_MATCH_LAYER7_DEBUG is not set
 CONFIG_NETFILTER_XT_MATCH_LENGTH=m
 CONFIG_NETFILTER_XT_MATCH_LIMIT=m
 CONFIG_NETFILTER_XT_MATCH_MAC=m
@@ -699,8 +701,6 @@ CONFIG_NETFILTER_XT_MATCH_RECENT=m
 CONFIG_NETFILTER_XT_MATCH_SCTP=m
 CONFIG_NETFILTER_XT_MATCH_SOCKET=m
 CONFIG_NETFILTER_XT_MATCH_STATE=m
-CONFIG_NETFILTER_XT_MATCH_LAYER7=m
-# CONFIG_NETFILTER_XT_MATCH_LAYER7_DEBUG is not set
 CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
 CONFIG_NETFILTER_XT_MATCH_STRING=m
 CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
@@ -2956,11 +2956,13 @@ CONFIG_SND_BCM2708_SOC_I2S=m
 CONFIG_SND_BCM2708_SOC_HIFIBERRY_DAC=m
 CONFIG_SND_BCM2708_SOC_HIFIBERRY_DIGI=m
 CONFIG_SND_BCM2708_SOC_RPI_DAC=m
+# CONFIG_SND_BCM2708_SOC_IQAUDIO_DAC is not set
 CONFIG_SND_DESIGNWARE_I2S=m
 CONFIG_SND_SOC_I2C_AND_SPI=m
 # CONFIG_SND_SOC_ALL_CODECS is not set
 CONFIG_SND_SOC_PCM1794A=m
 CONFIG_SND_SOC_PCM5102A=m
+# CONFIG_SND_SOC_PCM512x is not set
 CONFIG_SND_SOC_WM8804=m
 CONFIG_SND_SIMPLE_CARD=m
 # CONFIG_SOUND_PRIME is not set

config/rootfiles/common/armv5tel/initscripts

@@ -115,6 +115,7 @@ etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 #etc/rc.d/init.d/sslh
 etc/rc.d/init.d/static-routes
+#etc/rc.d/init.d/stunnel
 etc/rc.d/init.d/swap
 etc/rc.d/init.d/sysctl
 etc/rc.d/init.d/sysklogd

config/rootfiles/common/i586/initscripts

@@ -117,6 +117,7 @@ etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 #etc/rc.d/init.d/sslh
 etc/rc.d/init.d/static-routes
+#etc/rc.d/init.d/stunnel
 etc/rc.d/init.d/swap
 etc/rc.d/init.d/sysctl
 etc/rc.d/init.d/sysklogd

config/rootfiles/core/77/update.sh

@@ -399,6 +399,7 @@ if [ -e /var/ipfire/qos/enable ]; then
 	/usr/local/bin/qosctrl start
 fi
 
+chown cron:cron /var/spool/cron
 # Update crontab
 cat <<EOF >> /var/spool/cron/root.orig
 

config/rootfiles/packages/pound

@@ -1,7 +1,4 @@
 etc/rc.d/init.d/pound
-etc/rc.d/rc0.d/K40pound
-etc/rc.d/rc3.d/S60pound
-etc/rc.d/rc6.d/K40pound
 #etc/pound.cfg
 usr/sbin/pound
 usr/sbin/poundctl

config/rootfiles/packages/stunnel

@@ -0,0 +1,41 @@
+etc/rc.d/init.d/stunnel
+etc/stunnel
+etc/stunnel/stunnel.conf
+#etc/stunnel/stunnel.conf-sample
+usr/bin/stunnel
+#usr/bin/stunnel3
+#usr/lib/stunnel
+#usr/lib/stunnel/libstunnel.la
+usr/lib/stunnel/libstunnel.so
+#usr/share/doc/stunnel
+#usr/share/doc/stunnel/AUTHORS
+#usr/share/doc/stunnel/BUGS
+#usr/share/doc/stunnel/COPYING
+#usr/share/doc/stunnel/COPYRIGHT.GPL
+#usr/share/doc/stunnel/CREDITS
+#usr/share/doc/stunnel/ChangeLog
+#usr/share/doc/stunnel/INSTALL
+#usr/share/doc/stunnel/INSTALL.FIPS
+#usr/share/doc/stunnel/INSTALL.W32
+#usr/share/doc/stunnel/INSTALL.WCE
+#usr/share/doc/stunnel/PORTS
+#usr/share/doc/stunnel/README
+#usr/share/doc/stunnel/TODO
+#usr/share/doc/stunnel/examples
+#usr/share/doc/stunnel/examples/ca.html
+#usr/share/doc/stunnel/examples/ca.pl
+#usr/share/doc/stunnel/examples/importCA.html
+#usr/share/doc/stunnel/examples/importCA.sh
+#usr/share/doc/stunnel/examples/script.sh
+#usr/share/doc/stunnel/examples/stunnel.init
+#usr/share/doc/stunnel/examples/stunnel.service
+#usr/share/doc/stunnel/examples/stunnel.spec
+#usr/share/doc/stunnel/stunnel.fr.html
+#usr/share/doc/stunnel/stunnel.html
+#usr/share/doc/stunnel/stunnel.pl.html
+#usr/share/man/man8/stunnel.8
+#usr/share/man/man8/stunnel.fr.8
+#usr/share/man/man8/stunnel.pl.8
+var/ipfire/backup/addons/includes/stunnel
+var/lib/stunnel
+var/lib/stunnel/run

config/stunnel/stunnel.conf

@@ -0,0 +1,21 @@
+; File: /etc/stunnel/stunnel.conf
+
+; Note: The pid and output locations are relative to the chroot location.
+
+pid    = /run/stunnel.pid
+chroot = /var/lib/stunnel
+client = no
+setuid = stunnel
+setgid = stunnel
+cert   = /etc/stunnel/stunnel.pem
+
+;debug = 7
+;output = stunnel.log
+
+;[https]
+;accept  = 443
+;connect = 80
+;; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
+;; Microsoft implementations do not use SSL close-notify alert and thus
+;; they are vulnerable to truncation attacks
+;TIMEOUTclose = 0