Merge remote-tracking branch 'origin/master' into kernel-4.14

2026-04-25 18:32:57 +02:00 · 2018-03-30 10:26:01 +02:00
parent 018a19af64 36600cef36
commit 302dba205b
158 changed files with 10487 additions and 913 deletions
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -1,6 +1,9 @@
 net.ipv4.ip_forward = 1
 net.ipv4.ip_dynaddr = 1

+# Disable Path MTU Discovery
+net.ipv4.ip_no_pmtu_disc = 1
+
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 net.ipv4.icmp_ignore_bogus_error_responses = 1
 net.ipv4.icmp_ratelimit = 1000
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -10,8 +10,8 @@
    TransferLog /var/log/httpd/access_log

    SSLEngine on
-    SSLProtocol all -SSLv2 -SSLv3
-    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA
+    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+    SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
    SSLHonorCipherOrder on
    SSLCompression off
    SSLSessionTickets off
--- a/config/ovpn/openvpn-crl-updater
+++ b/config/ovpn/openvpn-crl-updater
@@ -0,0 +1,90 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2018  IPFire Team  <erik.kapfer@ipfire.org>                   #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+#                                                                             #
+# Script Location/Name: /etc/fcron.daily/openvpn-crl-updater                  #
+#                                                                             #
+# Description: This script checks the "Next Update:" field of the CRL         #
+#   and renews it if needed, which prevents the expiration of OpenVPNs CRL.   #
+#   With OpenVPN 2.4.x the CRL handling has been refactored,                  #
+#   whereby the verification logic has been removed                           #
+#   from ssl_verify_<backend>.c .                                             #
+#                                                                             #
+# Run Information: If OpenVPNs CRL is present,                                #
+#   this script provides a cronjob which checks daily if an update            #
+#   of the CRL is needed. If the expiring date reaches the value              #
+#   (defined in the 'UPDATE' variable in days) before the CRL expiration,     #
+#   an openssl command will be executed to renew the CRL.                     #
+#   Script execution will be logged into /var/log/messages.                   #
+#                                                                             #
+###############################################################################
+
+## Paths
+OVPN="/var/ipfire/ovpn"
+CRL="${OVPN}/crls/cacrl.pem"
+CAKEY="${OVPN}/ca/cakey.pem"
+CACERT="${OVPN}/ca/cacert.pem"
+OPENSSLCONF="${OVPN}/openssl/ovpn.cnf"
+
+# Check if CRL is presant or if OpenVPN is active
+if [ ! -e "${CAKEY}" ]; then
+	exit 0;
+fi
+
+## Values
+# Actual time in epoch format
+NOW="$(date +%s)"
+
+# Investigate CRLs 'Next Update' date
+EXPIRES_CRL="$(openssl crl -in "${CRL}" -text | grep -oP 'Next Update: *\K.*')"
+
+# Convert 'Next Update:' date from epoch to seconds
+EXPIRES_AT="$(date -d "${EXPIRES_CRL}" "+%s")"
+
+# Seconds left until CRL expires
+EXPIRINGDATEINSEC="$(( EXPIRES_AT - NOW ))"
+
+# Day in seconds to calculate
+DAYINSEC="86400"
+
+# Convert seconds to days
+NEXTUPDATE="$(( EXPIRINGDATEINSEC / DAYINSEC ))"
+
+# Update of the CRL in days before CRL expiring date
+UPDATE="14"
+
+
+## Mainpart
+# Check if OpenVPNs CRL needs to be renewed
+if [ ${NEXTUPDATE} -le ${UPDATE} ]; then
+    if openssl ca -gencrl -keyfile "${CAKEY}" -cert "${CACERT}" -out "${CRL}" -config "${OPENSSLCONF}"; then
+		logger -t openvpn "CRL has been updated"
+    else
+		logger -t openvpn "error: Could not update CRL"
+    fi
+fi
+
+exit 0
+
+
+# EOF
+
--- a/config/qos/makeqosscripts.pl
+++ b/config/qos/makeqosscripts.pl
@@ -726,7 +726,7 @@ print <<END
 	echo "Quality of Service was successfully cleared!"
  ;;
  gen|generate)
-	echo -n "Generateing the QoS-Scripts..."
+	echo -n "Generating the QoS-Scripts..."
 	/usr/bin/perl /var/ipfire/qos/bin/makeqosscripts.pl > /var/ipfire/qos/bin/qos.sh
 	echo ".Done!"
 	exit 0
--- a/config/rootfiles/common/armv5tel/gcc
+++ b/config/rootfiles/common/armv5tel/gcc
@@ -1353,6 +1353,7 @@ usr/lib/libubsan.so.0.0.0
 #usr/share/info/gccint.info
 #usr/share/info/libgomp.info
 #usr/share/info/libitm.info
+#usr/share/info/libquadmath.info
 #usr/share/man/man1/cpp.1
 #usr/share/man/man1/g++.1
 #usr/share/man/man1/gcc.1
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -63,6 +63,7 @@ etc/rc.d/init.d/networking/red.up/99-geoip-database
 etc/rc.d/init.d/networking/red.up/99-pakfire-update
 etc/rc.d/init.d/networking/wpa_supplicant.exe
 etc/rc.d/init.d/ntp
+etc/rc.d/init.d/pakfire
 etc/rc.d/init.d/partresize
 etc/rc.d/init.d/random
 etc/rc.d/init.d/rc
@@ -181,6 +182,7 @@ etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S73swconfig
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
+etc/rc.d/rcsysinit.d/S81pakfire
 etc/rc.d/rcsysinit.d/S85firewall
 etc/rc.d/rcsysinit.d/S90network-trigger
 etc/rc.d/rcsysinit.d/S92rngd
--- a/config/rootfiles/common/armv5tel/python-m2crypto
+++ b/config/rootfiles/common/armv5tel/python-m2crypto
@@ -1 +0,0 @@
-#usr/lib/python2.7/site-packages/M2Crypto-0.21.1-py2.7-linux-armv5tel.egg
--- a/config/rootfiles/common/curl
+++ b/config/rootfiles/common/curl
@@ -2,20 +2,18 @@ usr/bin/curl
 #usr/bin/curl-config
 #usr/include/curl
 #usr/include/curl/curl.h
-#usr/include/curl/curlbuild.h
-#usr/include/curl/curlrules.h
 #usr/include/curl/curlver.h
 #usr/include/curl/easy.h
 #usr/include/curl/mprintf.h
 #usr/include/curl/multi.h
 #usr/include/curl/stdcheaders.h
+#usr/include/curl/system.h
 #usr/include/curl/typecheck-gcc.h
-#usr/lib/libcurl.a
 #usr/lib/libcurl.la
 #usr/lib/libcurl.so
 usr/lib/libcurl.so.3
 usr/lib/libcurl.so.4
-usr/lib/libcurl.so.4.4.0
+#usr/lib/libcurl.so.4.5.0
 #usr/lib/pkgconfig/libcurl.pc
 #usr/share/aclocal/libcurl.m4
 #usr/share/man/man1/curl-config.1
@@ -26,15 +24,19 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLINFO_CONDITION_UNMET.3
 #usr/share/man/man3/CURLINFO_CONNECT_TIME.3
 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3
+#usr/share/man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3
 #usr/share/man/man3/CURLINFO_CONTENT_LENGTH_UPLOAD.3
+#usr/share/man/man3/CURLINFO_CONTENT_LENGTH_UPLOAD_T.3
 #usr/share/man/man3/CURLINFO_CONTENT_TYPE.3
 #usr/share/man/man3/CURLINFO_COOKIELIST.3
 #usr/share/man/man3/CURLINFO_EFFECTIVE_URL.3
 #usr/share/man/man3/CURLINFO_FILETIME.3
+#usr/share/man/man3/CURLINFO_FILETIME_T.3
 #usr/share/man/man3/CURLINFO_FTP_ENTRY_PATH.3
 #usr/share/man/man3/CURLINFO_HEADER_SIZE.3
 #usr/share/man/man3/CURLINFO_HTTPAUTH_AVAIL.3
 #usr/share/man/man3/CURLINFO_HTTP_CONNECTCODE.3
+#usr/share/man/man3/CURLINFO_HTTP_VERSION.3
 #usr/share/man/man3/CURLINFO_LASTSOCKET.3
 #usr/share/man/man3/CURLINFO_LOCAL_IP.3
 #usr/share/man/man3/CURLINFO_LOCAL_PORT.3
@@ -45,7 +47,9 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLINFO_PRIMARY_IP.3
 #usr/share/man/man3/CURLINFO_PRIMARY_PORT.3
 #usr/share/man/man3/CURLINFO_PRIVATE.3
+#usr/share/man/man3/CURLINFO_PROTOCOL.3
 #usr/share/man/man3/CURLINFO_PROXYAUTH_AVAIL.3
+#usr/share/man/man3/CURLINFO_PROXY_SSL_VERIFYRESULT.3
 #usr/share/man/man3/CURLINFO_REDIRECT_COUNT.3
 #usr/share/man/man3/CURLINFO_REDIRECT_TIME.3
 #usr/share/man/man3/CURLINFO_REDIRECT_URL.3
@@ -55,10 +59,15 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLINFO_RTSP_CSEQ_RECV.3
 #usr/share/man/man3/CURLINFO_RTSP_SERVER_CSEQ.3
 #usr/share/man/man3/CURLINFO_RTSP_SESSION_ID.3
+#usr/share/man/man3/CURLINFO_SCHEME.3
 #usr/share/man/man3/CURLINFO_SIZE_DOWNLOAD.3
+#usr/share/man/man3/CURLINFO_SIZE_DOWNLOAD_T.3
 #usr/share/man/man3/CURLINFO_SIZE_UPLOAD.3
+#usr/share/man/man3/CURLINFO_SIZE_UPLOAD_T.3
 #usr/share/man/man3/CURLINFO_SPEED_DOWNLOAD.3
+#usr/share/man/man3/CURLINFO_SPEED_DOWNLOAD_T.3
 #usr/share/man/man3/CURLINFO_SPEED_UPLOAD.3
+#usr/share/man/man3/CURLINFO_SPEED_UPLOAD_T.3
 #usr/share/man/man3/CURLINFO_SSL_ENGINES.3
 #usr/share/man/man3/CURLINFO_SSL_VERIFYRESULT.3
 #usr/share/man/man3/CURLINFO_STARTTRANSFER_TIME.3
@@ -80,6 +89,7 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLMOPT_SOCKETFUNCTION.3
 #usr/share/man/man3/CURLMOPT_TIMERDATA.3
 #usr/share/man/man3/CURLMOPT_TIMERFUNCTION.3
+#usr/share/man/man3/CURLOPT_ABSTRACT_UNIX_SOCKET.3
 #usr/share/man/man3/CURLOPT_ACCEPTTIMEOUT_MS.3
 #usr/share/man/man3/CURLOPT_ACCEPT_ENCODING.3
 #usr/share/man/man3/CURLOPT_ADDRESS_SCOPE.3
@@ -97,6 +107,7 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_CONNECTTIMEOUT.3
 #usr/share/man/man3/CURLOPT_CONNECTTIMEOUT_MS.3
 #usr/share/man/man3/CURLOPT_CONNECT_ONLY.3
+#usr/share/man/man3/CURLOPT_CONNECT_TO.3
 #usr/share/man/man3/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3
 #usr/share/man/man3/CURLOPT_CONV_FROM_UTF8_FUNCTION.3
 #usr/share/man/man3/CURLOPT_CONV_TO_NETWORK_FUNCTION.3
@@ -142,6 +153,7 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_FTP_USE_EPSV.3
 #usr/share/man/man3/CURLOPT_FTP_USE_PRET.3
 #usr/share/man/man3/CURLOPT_GSSAPI_DELEGATION.3
+#usr/share/man/man3/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3
 #usr/share/man/man3/CURLOPT_HEADER.3
 #usr/share/man/man3/CURLOPT_HEADERDATA.3
 #usr/share/man/man3/CURLOPT_HEADERFUNCTION.3
@@ -165,6 +177,7 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_IOCTLFUNCTION.3
 #usr/share/man/man3/CURLOPT_IPRESOLVE.3
 #usr/share/man/man3/CURLOPT_ISSUERCERT.3
+#usr/share/man/man3/CURLOPT_KEEP_SENDING_ON_ERROR.3
 #usr/share/man/man3/CURLOPT_KEYPASSWD.3
 #usr/share/man/man3/CURLOPT_KRBLEVEL.3
 #usr/share/man/man3/CURLOPT_LOCALPORT.3
@@ -181,6 +194,7 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_MAXREDIRS.3
 #usr/share/man/man3/CURLOPT_MAX_RECV_SPEED_LARGE.3
 #usr/share/man/man3/CURLOPT_MAX_SEND_SPEED_LARGE.3
+#usr/share/man/man3/CURLOPT_MIMEPOST.3
 #usr/share/man/man3/CURLOPT_NETRC.3
 #usr/share/man/man3/CURLOPT_NETRC_FILE.3
 #usr/share/man/man3/CURLOPT_NEW_DIRECTORY_PERMS.3
@@ -189,7 +203,6 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_NOPROGRESS.3
 #usr/share/man/man3/CURLOPT_NOPROXY.3
 #usr/share/man/man3/CURLOPT_NOSIGNAL.3
-#usr/share/man/man3/CURLOPT_CONNECT_TO.3
 #usr/share/man/man3/CURLOPT_OPENSOCKETDATA.3
 #usr/share/man/man3/CURLOPT_OPENSOCKETFUNCTION.3
 #usr/share/man/man3/CURLOPT_PASSWORD.3
@@ -204,6 +217,7 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_POSTQUOTE.3
 #usr/share/man/man3/CURLOPT_POSTREDIR.3
 #usr/share/man/man3/CURLOPT_PREQUOTE.3
+#usr/share/man/man3/CURLOPT_PRE_PROXY.3
 #usr/share/man/man3/CURLOPT_PRIVATE.3
 #usr/share/man/man3/CURLOPT_PROGRESSDATA.3
 #usr/share/man/man3/CURLOPT_PROGRESSFUNCTION.3
@@ -216,7 +230,24 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_PROXYTYPE.3
 #usr/share/man/man3/CURLOPT_PROXYUSERNAME.3
 #usr/share/man/man3/CURLOPT_PROXYUSERPWD.3
+#usr/share/man/man3/CURLOPT_PROXY_CAINFO.3
+#usr/share/man/man3/CURLOPT_PROXY_CAPATH.3
+#usr/share/man/man3/CURLOPT_PROXY_CRLFILE.3
+#usr/share/man/man3/CURLOPT_PROXY_KEYPASSWD.3
+#usr/share/man/man3/CURLOPT_PROXY_PINNEDPUBLICKEY.3
 #usr/share/man/man3/CURLOPT_PROXY_SERVICE_NAME.3
+#usr/share/man/man3/CURLOPT_PROXY_SSLCERT.3
+#usr/share/man/man3/CURLOPT_PROXY_SSLCERTTYPE.3
+#usr/share/man/man3/CURLOPT_PROXY_SSLKEY.3
+#usr/share/man/man3/CURLOPT_PROXY_SSLKEYTYPE.3
+#usr/share/man/man3/CURLOPT_PROXY_SSLVERSION.3
+#usr/share/man/man3/CURLOPT_PROXY_SSL_CIPHER_LIST.3
+#usr/share/man/man3/CURLOPT_PROXY_SSL_OPTIONS.3
+#usr/share/man/man3/CURLOPT_PROXY_SSL_VERIFYHOST.3
+#usr/share/man/man3/CURLOPT_PROXY_SSL_VERIFYPEER.3
+#usr/share/man/man3/CURLOPT_PROXY_TLSAUTH_PASSWORD.3
+#usr/share/man/man3/CURLOPT_PROXY_TLSAUTH_TYPE.3
+#usr/share/man/man3/CURLOPT_PROXY_TLSAUTH_USERNAME.3
 #usr/share/man/man3/CURLOPT_PROXY_TRANSFER_MODE.3
 #usr/share/man/man3/CURLOPT_PUT.3
 #usr/share/man/man3/CURLOPT_QUOTE.3
@@ -226,7 +257,10 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_READFUNCTION.3
 #usr/share/man/man3/CURLOPT_REDIR_PROTOCOLS.3
 #usr/share/man/man3/CURLOPT_REFERER.3
+#usr/share/man/man3/CURLOPT_REQUEST_TARGET.3
 #usr/share/man/man3/CURLOPT_RESOLVE.3
+#usr/share/man/man3/CURLOPT_RESOLVER_START_DATA.3
+#usr/share/man/man3/CURLOPT_RESOLVER_START_FUNCTION.3
 #usr/share/man/man3/CURLOPT_RESUME_FROM.3
 #usr/share/man/man3/CURLOPT_RESUME_FROM_LARGE.3
 #usr/share/man/man3/CURLOPT_RTSP_CLIENT_CSEQ.3
@@ -242,9 +276,11 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_SHARE.3
 #usr/share/man/man3/CURLOPT_SOCKOPTDATA.3
 #usr/share/man/man3/CURLOPT_SOCKOPTFUNCTION.3
+#usr/share/man/man3/CURLOPT_SOCKS5_AUTH.3
 #usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_NEC.3
 #usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3
 #usr/share/man/man3/CURLOPT_SSH_AUTH_TYPES.3
+#usr/share/man/man3/CURLOPT_SSH_COMPRESSION.3
 #usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3
 #usr/share/man/man3/CURLOPT_SSH_KEYDATA.3
 #usr/share/man/man3/CURLOPT_SSH_KEYFUNCTION.3
@@ -273,6 +309,7 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_STREAM_DEPENDS.3
 #usr/share/man/man3/CURLOPT_STREAM_DEPENDS_E.3
 #usr/share/man/man3/CURLOPT_STREAM_WEIGHT.3
+#usr/share/man/man3/CURLOPT_SUPPRESS_CONNECT_HEADERS.3
 #usr/share/man/man3/CURLOPT_TCP_FASTOPEN.3
 #usr/share/man/man3/CURLOPT_TCP_KEEPALIVE.3
 #usr/share/man/man3/CURLOPT_TCP_KEEPIDLE.3
@@ -285,6 +322,7 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/CURLOPT_TIMEOUT.3
 #usr/share/man/man3/CURLOPT_TIMEOUT_MS.3
 #usr/share/man/man3/CURLOPT_TIMEVALUE.3
+#usr/share/man/man3/CURLOPT_TIMEVALUE_LARGE.3
 #usr/share/man/man3/CURLOPT_TLSAUTH_PASSWORD.3
 #usr/share/man/man3/CURLOPT_TLSAUTH_TYPE.3
 #usr/share/man/man3/CURLOPT_TLSAUTH_USERNAME.3
@@ -328,6 +366,19 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/curl_global_cleanup.3
 #usr/share/man/man3/curl_global_init.3
 #usr/share/man/man3/curl_global_init_mem.3
+#usr/share/man/man3/curl_global_sslset.3
+#usr/share/man/man3/curl_mime_addpart.3
+#usr/share/man/man3/curl_mime_data.3
+#usr/share/man/man3/curl_mime_data_cb.3
+#usr/share/man/man3/curl_mime_encoder.3
+#usr/share/man/man3/curl_mime_filedata.3
+#usr/share/man/man3/curl_mime_filename.3
+#usr/share/man/man3/curl_mime_free.3
+#usr/share/man/man3/curl_mime_headers.3
+#usr/share/man/man3/curl_mime_init.3
+#usr/share/man/man3/curl_mime_name.3
+#usr/share/man/man3/curl_mime_subparts.3
+#usr/share/man/man3/curl_mime_type.3
 #usr/share/man/man3/curl_mprintf.3
 #usr/share/man/man3/curl_multi_add_handle.3
 #usr/share/man/man3/curl_multi_assign.3
@@ -339,8 +390,8 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/curl_multi_remove_handle.3
 #usr/share/man/man3/curl_multi_setopt.3
 #usr/share/man/man3/curl_multi_socket.3
-#usr/share/man/man3/curl_multi_socket_all.3
 #usr/share/man/man3/curl_multi_socket_action.3
+#usr/share/man/man3/curl_multi_socket_all.3
 #usr/share/man/man3/curl_multi_strerror.3
 #usr/share/man/man3/curl_multi_timeout.3
 #usr/share/man/man3/curl_multi_wait.3
@@ -351,17 +402,17 @@ usr/lib/libcurl.so.4.4.0
 #usr/share/man/man3/curl_slist_append.3
 #usr/share/man/man3/curl_slist_free_all.3
 #usr/share/man/man3/curl_strequal.3
+#usr/share/man/man3/curl_strnequal.3
 #usr/share/man/man3/curl_unescape.3
 #usr/share/man/man3/curl_version.3
 #usr/share/man/man3/curl_version_info.3
 #usr/share/man/man3/libcurl-easy.3
+#usr/share/man/man3/libcurl-env.3
 #usr/share/man/man3/libcurl-errors.3
 #usr/share/man/man3/libcurl-multi.3
+#usr/share/man/man3/libcurl-security.3
 #usr/share/man/man3/libcurl-share.3
 #usr/share/man/man3/libcurl-symbols.3
 #usr/share/man/man3/libcurl-thread.3
 #usr/share/man/man3/libcurl-tutorial.3
 #usr/share/man/man3/libcurl.3
-#usr/share/zsh
-#usr/share/zsh/site-functions
-#usr/share/zsh/site-functions/_curl
--- a/config/rootfiles/common/cyrus-sasl
+++ b/config/rootfiles/common/cyrus-sasl
@@ -1,3 +1,4 @@
+etc/rc.d/init.d/cyrus-sasl
 #usr/include/sasl
 #usr/include/sasl/hmac-md5.h
 #usr/include/sasl/md5.h
@@ -24,10 +25,6 @@ usr/lib/sasl2/libcrammd5.so.3.0.0
 usr/lib/sasl2/libdigestmd5.so
 usr/lib/sasl2/libdigestmd5.so.3
 usr/lib/sasl2/libdigestmd5.so.3.0.0
-#usr/lib/sasl2/libotp.la
-usr/lib/sasl2/libotp.so
-usr/lib/sasl2/libotp.so.3
-usr/lib/sasl2/libotp.so.3.0.0
 #usr/lib/sasl2/libplain.la
 usr/lib/sasl2/libplain.so
 usr/lib/sasl2/libplain.so.3
@@ -94,4 +91,3 @@ usr/sbin/testsaslauthd
 #usr/share/man/man8/sasldblistusers2.8
 #usr/share/man/man8/saslpasswd2.8
 var/lib/sasl
-etc/rc.d/init.d/cyrus-sasl
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -64,6 +64,7 @@ etc/rc.d/init.d/networking/red.up/99-geoip-database
 etc/rc.d/init.d/networking/red.up/99-pakfire-update
 etc/rc.d/init.d/networking/wpa_supplicant.exe
 etc/rc.d/init.d/ntp
+etc/rc.d/init.d/pakfire
 etc/rc.d/init.d/partresize
 etc/rc.d/init.d/random
 etc/rc.d/init.d/rc
@@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
+etc/rc.d/rcsysinit.d/S81pakfire
 etc/rc.d/rcsysinit.d/S85firewall
 etc/rc.d/rcsysinit.d/S90network-trigger
 etc/rc.d/rcsysinit.d/S92rngd
--- a/config/rootfiles/common/i586/openssl-sse2
+++ b/config/rootfiles/common/i586/openssl-sse2
@@ -1 +1 @@
-usr/lib/sse2/libcrypto.so.10
+usr/lib/sse2/libcrypto.so.1.1
--- a/config/rootfiles/common/i586/python-m2crypto
+++ b/config/rootfiles/common/i586/python-m2crypto
@@ -1 +0,0 @@
-#usr/lib/python2.7/site-packages/M2Crypto-0.21.1-py2.7-linux-i586.egg
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
--- a/config/rootfiles/common/openssl-compat
+++ b/config/rootfiles/common/openssl-compat
@@ -0,0 +1,2 @@
+usr/lib/libcrypto.so.10
+usr/lib/libssl.so.10
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -1,3 +1,5 @@
+etc/fcron.daily/openvpn-crl-updater
+#usr/include/openvpn-msg.h
 #usr/include/openvpn-plugin.h
 #usr/lib/openvpn
 #usr/lib/openvpn/plugins
@@ -10,11 +12,12 @@ usr/sbin/openvpn
 #usr/share/doc/openvpn
 #usr/share/doc/openvpn/COPYING
 #usr/share/doc/openvpn/COPYRIGHT.GPL
+#usr/share/doc/openvpn/Changes.rst
 #usr/share/doc/openvpn/README
 #usr/share/doc/openvpn/README.IPv6
 #usr/share/doc/openvpn/README.auth-pam
 #usr/share/doc/openvpn/README.down-root
-#usr/share/doc/openvpn/README.polarssl
+#usr/share/doc/openvpn/README.mbedtls
 #usr/share/doc/openvpn/management-notes.txt
 #usr/share/man/man8/openvpn.8
 var/ipfire/ovpn/ca
--- a/config/rootfiles/common/pakfire
+++ b/config/rootfiles/common/pakfire
@@ -6,6 +6,7 @@ opt/pakfire/db/rootfiles
 #opt/pakfire/etc
 #opt/pakfire/pakfire.conf
 opt/pakfire/etc/pakfire.conf
+opt/pakfire/pakfire.key
 #opt/pakfire/lib
 opt/pakfire/lib/functions.pl
 opt/pakfire/lib/functions.sh
--- a/config/rootfiles/common/python-m2crypto
+++ b/config/rootfiles/common/python-m2crypto
@@ -0,0 +1,98 @@
+#usr/lib/python2.7/site-packages/M2Crypto
+#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info
+#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/PKG-INFO
+#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/SOURCES.txt
+#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/dependency_links.txt
+#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/requires.txt
+#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/top_level.txt
+#usr/lib/python2.7/site-packages/M2Crypto/ASN1.py
+#usr/lib/python2.7/site-packages/M2Crypto/ASN1.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/AuthCookie.py
+#usr/lib/python2.7/site-packages/M2Crypto/AuthCookie.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/BIO.py
+#usr/lib/python2.7/site-packages/M2Crypto/BIO.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/BN.py
+#usr/lib/python2.7/site-packages/M2Crypto/BN.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/DH.py
+#usr/lib/python2.7/site-packages/M2Crypto/DH.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/DSA.py
+#usr/lib/python2.7/site-packages/M2Crypto/DSA.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/EC.py
+#usr/lib/python2.7/site-packages/M2Crypto/EC.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/EVP.py
+#usr/lib/python2.7/site-packages/M2Crypto/EVP.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/Engine.py
+#usr/lib/python2.7/site-packages/M2Crypto/Engine.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/Err.py
+#usr/lib/python2.7/site-packages/M2Crypto/Err.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/PGP
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/PublicKey.py
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/PublicKey.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/PublicKeyRing.py
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/PublicKeyRing.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/RSA.py
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/RSA.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/__init__.py
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/__init__.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/constants.py
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/constants.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/packet.py
+#usr/lib/python2.7/site-packages/M2Crypto/PGP/packet.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/RC4.py
+#usr/lib/python2.7/site-packages/M2Crypto/RC4.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/RSA.py
+#usr/lib/python2.7/site-packages/M2Crypto/RSA.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/Rand.py
+#usr/lib/python2.7/site-packages/M2Crypto/Rand.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SMIME.py
+#usr/lib/python2.7/site-packages/M2Crypto/SMIME.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Checker.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Checker.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Cipher.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Cipher.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Connection.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Connection.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Context.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Context.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/SSLServer.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/SSLServer.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Session.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/Session.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/__init__.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/__init__.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/cb.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/cb.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/ssl_dispatcher.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/ssl_dispatcher.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/timeout.py
+#usr/lib/python2.7/site-packages/M2Crypto/SSL/timeout.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/X509.py
+#usr/lib/python2.7/site-packages/M2Crypto/X509.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/__init__.py
+#usr/lib/python2.7/site-packages/M2Crypto/__init__.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/_m2crypto.so
+#usr/lib/python2.7/site-packages/M2Crypto/callback.py
+#usr/lib/python2.7/site-packages/M2Crypto/callback.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/ftpslib.py
+#usr/lib/python2.7/site-packages/M2Crypto/ftpslib.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/httpslib.py
+#usr/lib/python2.7/site-packages/M2Crypto/httpslib.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/m2.py
+#usr/lib/python2.7/site-packages/M2Crypto/m2.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/m2crypto.py
+#usr/lib/python2.7/site-packages/M2Crypto/m2crypto.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/m2urllib.py
+#usr/lib/python2.7/site-packages/M2Crypto/m2urllib.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/m2urllib2.py
+#usr/lib/python2.7/site-packages/M2Crypto/m2urllib2.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/m2xmlrpclib.py
+#usr/lib/python2.7/site-packages/M2Crypto/m2xmlrpclib.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/six.py
+#usr/lib/python2.7/site-packages/M2Crypto/six.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/threading.py
+#usr/lib/python2.7/site-packages/M2Crypto/threading.pyc
+#usr/lib/python2.7/site-packages/M2Crypto/util.py
+#usr/lib/python2.7/site-packages/M2Crypto/util.pyc
--- a/config/rootfiles/common/python-typing
+++ b/config/rootfiles/common/python-typing
@@ -0,0 +1,3 @@
+#usr/lib/python2.7/site-packages/typing-3.6.1-py2.7.egg-info
+#usr/lib/python2.7/site-packages/typing.py
+#usr/lib/python2.7/site-packages/typing.pyc
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,8 @@ etc/unbound/unbound.conf
 #usr/lib/libunbound.la
 #usr/lib/libunbound.so
 usr/lib/libunbound.so.2
-usr/lib/libunbound.so.2.5.7
+usr/lib/libunbound.so.2.5.8
+#usr/lib/pkgconfig/libunbound.pc
 usr/sbin/unbound
 usr/sbin/unbound-anchor
 usr/sbin/unbound-checkconf
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -64,6 +64,7 @@ etc/rc.d/init.d/networking/red.up/99-geoip-database
 etc/rc.d/init.d/networking/red.up/99-pakfire-update
 etc/rc.d/init.d/networking/wpa_supplicant.exe
 etc/rc.d/init.d/ntp
+etc/rc.d/init.d/pakfire
 etc/rc.d/init.d/partresize
 etc/rc.d/init.d/random
 etc/rc.d/init.d/rc
@@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
+etc/rc.d/rcsysinit.d/S81pakfire
 etc/rc.d/rcsysinit.d/S85firewall
 etc/rc.d/rcsysinit.d/S90network-trigger
 etc/rc.d/rcsysinit.d/S92rngd
--- a/config/rootfiles/common/x86_64/python-m2crypto
+++ b/config/rootfiles/common/x86_64/python-m2crypto
@@ -1 +0,0 @@
-#usr/lib/python2.7/site-packages/M2Crypto-0.21.1-py2.7-linux-x86_64.egg
--- a/config/rootfiles/core/120/exclude
+++ b/config/rootfiles/core/120/exclude
--- a/config/rootfiles/core/120/filelists/Net_SSLeay
+++ b/config/rootfiles/core/120/filelists/Net_SSLeay
@@ -0,0 +1 @@
+../../../common/Net_SSLeay
--- a/config/rootfiles/core/120/filelists/apache2
+++ b/config/rootfiles/core/120/filelists/apache2
@@ -0,0 +1 @@
+../../../common/apache2
--- a/config/rootfiles/core/120/filelists/apr
+++ b/config/rootfiles/core/120/filelists/apr
@@ -0,0 +1 @@
+../../../common/apr
--- a/config/rootfiles/core/120/filelists/aprutil
+++ b/config/rootfiles/core/120/filelists/aprutil
@@ -0,0 +1 @@
+../../../common/aprutil
--- a/config/rootfiles/core/120/filelists/bind
+++ b/config/rootfiles/core/120/filelists/bind
@@ -0,0 +1 @@
+../../../common/bind
--- a/config/rootfiles/core/120/filelists/curl
+++ b/config/rootfiles/core/120/filelists/curl
@@ -0,0 +1 @@
+../../../common/curl
--- a/config/rootfiles/core/120/filelists/cyrus-sasl
+++ b/config/rootfiles/core/120/filelists/cyrus-sasl
@@ -0,0 +1 @@
+../../../common/cyrus-sasl
--- a/config/rootfiles/core/120/filelists/dma
+++ b/config/rootfiles/core/120/filelists/dma
--- a/config/rootfiles/core/120/filelists/files
+++ b/config/rootfiles/core/120/filelists/files
@@ -0,0 +1,19 @@
+etc/system-release
+etc/issue
+etc/sysctl.conf
+etc/fcron.daily/openvpn-crl-updater
+etc/rc.d/init.d/dhcp
+etc/rc.d/init.d/pakfire
+etc/rc.d/init.d/unbound
+etc/rc.d/rcsysinit.d/S81pakfire
+opt/pakfire/lib/functions.pl
+opt/pakfire/pakfire.key
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/cgi-bin/qos.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/lib/python2.7/lib-dynload/_hashlib.so
+usr/lib/python2.7/lib-dynload/_ssl.so
+var/ipfire/langs
+var/ipfire/ovpn/openssl/ovpn.cnf
+var/ipfire/qos/bin/makeqosscripts.pl
--- a/config/rootfiles/core/120/filelists/gnupg
+++ b/config/rootfiles/core/120/filelists/gnupg
@@ -0,0 +1 @@
+../../../common/gnupg
--- a/config/rootfiles/core/120/filelists/i586/openssl-sse2
+++ b/config/rootfiles/core/120/filelists/i586/openssl-sse2
@@ -0,0 +1 @@
+../../../../common/i586/openssl-sse2
--- a/config/rootfiles/core/120/filelists/libevent2
+++ b/config/rootfiles/core/120/filelists/libevent2
@@ -0,0 +1 @@
+../../../common/libevent2
--- a/config/rootfiles/core/120/filelists/logrotate
+++ b/config/rootfiles/core/120/filelists/logrotate
@@ -0,0 +1 @@
+../../../common/logrotate
--- a/config/rootfiles/core/120/filelists/ntp
+++ b/config/rootfiles/core/120/filelists/ntp
@@ -0,0 +1 @@
+../../../common/ntp
--- a/config/rootfiles/core/120/filelists/openssh
+++ b/config/rootfiles/core/120/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
--- a/config/rootfiles/core/120/filelists/openssl
+++ b/config/rootfiles/core/120/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
--- a/config/rootfiles/core/120/filelists/openssl-compat
+++ b/config/rootfiles/core/120/filelists/openssl-compat
@@ -0,0 +1 @@
+../../../common/openssl-compat
--- a/config/rootfiles/core/120/filelists/openvpn
+++ b/config/rootfiles/core/120/filelists/openvpn
@@ -0,0 +1 @@
+../../../common/openvpn
--- a/config/rootfiles/core/120/filelists/python-typing
+++ b/config/rootfiles/core/120/filelists/python-typing
@@ -0,0 +1 @@
+../../../common/python-typing
--- a/config/rootfiles/core/120/filelists/snort
+++ b/config/rootfiles/core/120/filelists/snort
@@ -0,0 +1 @@
+../../../common/snort
--- a/config/rootfiles/core/120/filelists/strongswan
+++ b/config/rootfiles/core/120/filelists/strongswan
--- a/config/rootfiles/core/120/filelists/unbound
+++ b/config/rootfiles/core/120/filelists/unbound
@@ -0,0 +1 @@
+../../../common/unbound
--- a/config/rootfiles/core/120/filelists/vnstat
+++ b/config/rootfiles/core/120/filelists/vnstat
@@ -0,0 +1 @@
+../../../common/vnstat
--- a/config/rootfiles/core/120/filelists/wget
+++ b/config/rootfiles/core/120/filelists/wget
@@ -0,0 +1 @@
+../../../common/wget
--- a/config/rootfiles/core/120/filelists/wpa_supplicant
+++ b/config/rootfiles/core/120/filelists/wpa_supplicant
@@ -0,0 +1 @@
+../../../common/wpa_supplicant
--- a/config/rootfiles/core/120/meta
+++ b/config/rootfiles/core/120/meta
--- a/config/rootfiles/core/120/update.sh
+++ b/config/rootfiles/core/120/update.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2017 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=120
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Remove forgotten PHP file
+rm -f /etc/httpd/conf/conf.d/php5.conf
+
+# Delete old PAM libs and symlinks if presant
+if ls /lib | grep -q 'libpam.*'; then
+    rm -f /lib/libpam*
+fi
+
+# Stop services
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Changed and new OpenVPN-2.4 directives will wrote to server.conf and renew CRL while update an core update
+if [ -e /var/ipfire/ovpn/server.conf ]; then
+	/usr/local/bin/openvpnctrl -k
+
+	# Update configuration directives
+	sed -i -e 's/script-security 3 system/script-security 3/' \
+		-e '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf
+
+	# Update the OpenVPN CRL
+	openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem \
+		-cert /var/ipfire/ovpn/ca/cacert.pem \
+		-out /var/ipfire/ovpn/crls/cacrl.pem \
+		-config /var/ipfire/ovpn/openssl/ovpn.cnf
+
+	/usr/local/bin/openvpnctrl -s
+fi
+
+# Start services
+/etc/init.d/apache restart
+/etc/init.d/unbound restart
+
+# Remove deprecated SSH configuration option
+sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config
+
+# Import new Pakfire key
+gpg --import /opt/pakfire/pakfire.key
+
+# This update needs a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+	grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
--- a/config/rootfiles/oldcore/119/exclude
+++ b/config/rootfiles/oldcore/119/exclude
@@ -0,0 +1,30 @@
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- a/config/rootfiles/oldcore/119/filelists/armv5tel/binutils
+++ b/config/rootfiles/oldcore/119/filelists/armv5tel/binutils
--- a/config/rootfiles/oldcore/119/filelists/armv5tel/gcc
+++ b/config/rootfiles/oldcore/119/filelists/armv5tel/gcc
--- a/config/rootfiles/oldcore/119/filelists/armv5tel/glibc
+++ b/config/rootfiles/oldcore/119/filelists/armv5tel/glibc
--- a/config/rootfiles/oldcore/119/filelists/dma
+++ b/config/rootfiles/oldcore/119/filelists/dma
@@ -0,0 +1 @@
+../../../common/dma
--- a/config/rootfiles/oldcore/119/filelists/files
+++ b/config/rootfiles/oldcore/119/filelists/files
--- a/config/rootfiles/oldcore/119/filelists/hostname
+++ b/config/rootfiles/oldcore/119/filelists/hostname
--- a/config/rootfiles/oldcore/119/filelists/i2c-tools
+++ b/config/rootfiles/oldcore/119/filelists/i2c-tools
--- a/config/rootfiles/oldcore/119/filelists/i586/binutils
+++ b/config/rootfiles/oldcore/119/filelists/i586/binutils
--- a/config/rootfiles/oldcore/119/filelists/i586/gcc
+++ b/config/rootfiles/oldcore/119/filelists/i586/gcc
--- a/config/rootfiles/oldcore/119/filelists/i586/glibc
+++ b/config/rootfiles/oldcore/119/filelists/i586/glibc
--- a/config/rootfiles/oldcore/119/filelists/iproute2
+++ b/config/rootfiles/oldcore/119/filelists/iproute2
--- a/config/rootfiles/oldcore/119/filelists/pam
+++ b/config/rootfiles/oldcore/119/filelists/pam
--- a/config/rootfiles/oldcore/119/filelists/setup
+++ b/config/rootfiles/oldcore/119/filelists/setup
--- a/config/rootfiles/oldcore/119/filelists/strongswan
+++ b/config/rootfiles/oldcore/119/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
--- a/config/rootfiles/oldcore/119/filelists/x86_64/binutils
+++ b/config/rootfiles/oldcore/119/filelists/x86_64/binutils
--- a/config/rootfiles/oldcore/119/filelists/x86_64/gcc
+++ b/config/rootfiles/oldcore/119/filelists/x86_64/gcc
--- a/config/rootfiles/oldcore/119/filelists/x86_64/glibc
+++ b/config/rootfiles/oldcore/119/filelists/x86_64/glibc
--- a/config/rootfiles/oldcore/119/meta
+++ b/config/rootfiles/oldcore/119/meta
@@ -0,0 +1 @@
+DEPS=""
--- a/config/rootfiles/oldcore/119/update.sh
+++ b/config/rootfiles/oldcore/119/update.sh
--- a/config/rootfiles/packages/asterisk
+++ b/config/rootfiles/packages/asterisk
@@ -591,10 +591,10 @@ var/ipfire/backup/addons/includes/asterisk
 #var/lib/asterisk
 var/lib/asterisk/agi-bin
 #var/lib/asterisk/documentation
-#var/lib/asterisk/documentation/appdocsxml.dtd
-#var/lib/asterisk/documentation/appdocsxml.xslt
-#var/lib/asterisk/documentation/core-en_US.xml
-#var/lib/asterisk/documentation/thirdparty
+var/lib/asterisk/documentation/appdocsxml.dtd
+var/lib/asterisk/documentation/appdocsxml.xslt
+var/lib/asterisk/documentation/core-en_US.xml
+var/lib/asterisk/documentation/thirdparty
 #var/lib/asterisk/firmware
 var/lib/asterisk/firmware/iax
 #var/lib/asterisk/images
--- a/config/rootfiles/packages/ffmpeg
+++ b/config/rootfiles/packages/ffmpeg
@@ -125,19 +125,19 @@ usr/bin/ffserver
 #usr/include/libswscale/version.h
 #usr/lib/libavcodec.a
 #usr/lib/libavcodec.so
-#usr/lib/libavcodec.so.57
+usr/lib/libavcodec.so.57
 usr/lib/libavcodec.so.57.107.100
 #usr/lib/libavdevice.a
 #usr/lib/libavdevice.so
-#usr/lib/libavdevice.so.57
+usr/lib/libavdevice.so.57
 usr/lib/libavdevice.so.57.10.100
 #usr/lib/libavfilter.a
 #usr/lib/libavfilter.so
-#usr/lib/libavfilter.so.6
+usr/lib/libavfilter.so.6
 usr/lib/libavfilter.so.6.107.100
 #usr/lib/libavformat.a
 #usr/lib/libavformat.so
-#usr/lib/libavformat.so.57
+usr/lib/libavformat.so.57
 usr/lib/libavformat.so.57.83.100
 #usr/lib/libavresample.a
 #usr/lib/libavresample.so
@@ -145,19 +145,19 @@ usr/lib/libavresample.so.3
 usr/lib/libavresample.so.3.7.0
 #usr/lib/libavutil.a
 #usr/lib/libavutil.so
-#usr/lib/libavutil.so.55
+usr/lib/libavutil.so.55
 usr/lib/libavutil.so.55.78.100
 #usr/lib/libpostproc.a
 #usr/lib/libpostproc.so
-#usr/lib/libpostproc.so.54
+usr/lib/libpostproc.so.54
 usr/lib/libpostproc.so.54.7.100
 #usr/lib/libswresample.a
 #usr/lib/libswresample.so
-#usr/lib/libswresample.so.2
+usr/lib/libswresample.so.2
 usr/lib/libswresample.so.2.9.100
 #usr/lib/libswscale.a
 #usr/lib/libswscale.so
-#usr/lib/libswscale.so.4
+usr/lib/libswscale.so.4
 usr/lib/libswscale.so.4.8.100
 #usr/lib/pkgconfig/libavcodec.pc
 #usr/lib/pkgconfig/libavdevice.pc
--- a/config/rootfiles/packages/krb5
+++ b/config/rootfiles/packages/krb5
@@ -82,12 +82,12 @@ usr/lib/libk5crypto.so.3
 usr/lib/libk5crypto.so.3.1
 #usr/lib/libkadm5clnt.so
 #usr/lib/libkadm5clnt_mit.so
-usr/lib/libkadm5clnt_mit.so.10
-usr/lib/libkadm5clnt_mit.so.10.0
+usr/lib/libkadm5clnt_mit.so.11
+usr/lib/libkadm5clnt_mit.so.11.0
 #usr/lib/libkadm5srv.so
 #usr/lib/libkadm5srv_mit.so
-usr/lib/libkadm5srv_mit.so.10
-usr/lib/libkadm5srv_mit.so.10.0
+usr/lib/libkadm5srv_mit.so.11
+usr/lib/libkadm5srv_mit.so.11.0
 #usr/lib/libkdb5.so
 usr/lib/libkdb5.so.8
 usr/lib/libkdb5.so.8.0
				`@@ -1 +0,0 @@`
				`#usr/lib/python2.7/site-packages/M2Crypto-0.21.1-py2.7-linux-armv5tel.egg`