Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

config/etc/sysctl.conf

@@ -42,3 +42,9 @@ net.netfilter.nf_conntrack_acct=1
 net.bridge.bridge-nf-call-ip6tables = 0
 net.bridge.bridge-nf-call-iptables = 0
 net.bridge.bridge-nf-call-arptables = 0
+
+# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
+kernel.kptr_restrict = 1
+
+# Avoid kernel memory address exposures via dmesg.
+kernel.dmesg_restrict = 1

config/rootfiles/common/multipath-tools

@@ -1,4 +1,4 @@
-#etc/udev/rules.d/kpartx.rules
-#lib/udev/kpartx_id
 #sbin/kpartx
+#usr/lib/udev/rules.d/11-dm-parts.rules
+#usr/lib/udev/rules.d/68-del-part-nodes.rules
 #usr/share/man/man8/kpartx.8.gz

config/rootfiles/core/123/filelists/files

@@ -3,12 +3,14 @@ etc/issue
 etc/rc.d/helper/aws-setup
 etc/rc.d/init.d/aws
 etc/rc.d/rcsysinit.d/S74aws
+etc/sysctl.conf
 srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 usr/sbin/dhclient
+usr/share/GeoIP/GeoIP.dat
 var/ipfire/backup/exclude
 var/ipfire/langs
 var/ipfire/aws-functions.pl

config/rootfiles/core/123/filelists/usbutils

@@ -0,0 +1 @@
+../../../common/usbutils

doc/language_issues.de

@@ -707,7 +707,6 @@ WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: guardian
 WARNING: untranslated string: guardian block a host
 WARNING: untranslated string: guardian block httpd brute-force
-WARNING: untranslated string: guardian block owncloud brute-force
 WARNING: untranslated string: guardian block ssh brute-force
 WARNING: untranslated string: guardian blockcount
 WARNING: untranslated string: guardian blocked hosts

doc/language_issues.en

@@ -740,7 +740,6 @@ WARNING: untranslated string: fwhost cust geoipgrp
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: guardian block a host
 WARNING: untranslated string: guardian block httpd brute-force
-WARNING: untranslated string: guardian block owncloud brute-force
 WARNING: untranslated string: guardian block ssh brute-force
 WARNING: untranslated string: guardian blockcount
 WARNING: untranslated string: guardian blocked hosts

doc/language_issues.es

@@ -728,6 +728,8 @@ WARNING: untranslated string: count
 WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
 WARNING: untranslated string: countrycode
+WARNING: untranslated string: crypto error
+WARNING: untranslated string: crypto warning
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: default
 WARNING: untranslated string: deprecated fs warn
@@ -978,7 +980,6 @@ WARNING: untranslated string: grouptype
 WARNING: untranslated string: guardian
 WARNING: untranslated string: guardian block a host
 WARNING: untranslated string: guardian block httpd brute-force
-WARNING: untranslated string: guardian block owncloud brute-force
 WARNING: untranslated string: guardian block ssh brute-force
 WARNING: untranslated string: guardian blockcount
 WARNING: untranslated string: guardian blocked hosts
@@ -1090,6 +1091,8 @@ WARNING: untranslated string: ovpn dh parameters
 WARNING: untranslated string: ovpn dh upload
 WARNING: untranslated string: ovpn errmsg green already pushed
 WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn error dh
+WARNING: untranslated string: ovpn error md5
 WARNING: untranslated string: ovpn generating the root and host certificates
 WARNING: untranslated string: ovpn ha
 WARNING: untranslated string: ovpn hmac
@@ -1099,6 +1102,7 @@ WARNING: untranslated string: ovpn no connections
 WARNING: untranslated string: ovpn port in root range
 WARNING: untranslated string: ovpn routes push
 WARNING: untranslated string: ovpn routes push options
+WARNING: untranslated string: ovpn warning rfc3280
 WARNING: untranslated string: p2p block
 WARNING: untranslated string: p2p block save notice
 WARNING: untranslated string: pakfire ago

doc/language_issues.fr

@@ -736,6 +736,8 @@ WARNING: untranslated string: count
 WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
 WARNING: untranslated string: countrycode
+WARNING: untranslated string: crypto error
+WARNING: untranslated string: crypto warning
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: default
 WARNING: untranslated string: deprecated fs warn
@@ -994,7 +996,6 @@ WARNING: untranslated string: grouptype
 WARNING: untranslated string: guardian
 WARNING: untranslated string: guardian block a host
 WARNING: untranslated string: guardian block httpd brute-force
-WARNING: untranslated string: guardian block owncloud brute-force
 WARNING: untranslated string: guardian block ssh brute-force
 WARNING: untranslated string: guardian blockcount
 WARNING: untranslated string: guardian blocked hosts
@@ -1104,6 +1105,8 @@ WARNING: untranslated string: ovpn dh
 WARNING: untranslated string: ovpn dh new key
 WARNING: untranslated string: ovpn dh parameters
 WARNING: untranslated string: ovpn dh upload
+WARNING: untranslated string: ovpn error dh
+WARNING: untranslated string: ovpn error md5
 WARNING: untranslated string: ovpn generating the root and host certificates
 WARNING: untranslated string: ovpn ha
 WARNING: untranslated string: ovpn hmac
@@ -1111,6 +1114,7 @@ WARNING: untranslated string: ovpn mgmt in root range
 WARNING: untranslated string: ovpn mtu-disc
 WARNING: untranslated string: ovpn no connections
 WARNING: untranslated string: ovpn port in root range
+WARNING: untranslated string: ovpn warning rfc3280
 WARNING: untranslated string: p2p block
 WARNING: untranslated string: p2p block save notice
 WARNING: untranslated string: pakfire ago

doc/language_issues.it

@@ -753,6 +753,8 @@ WARNING: untranslated string: block
 WARNING: untranslated string: bytes
 WARNING: untranslated string: captive
 WARNING: untranslated string: check all
+WARNING: untranslated string: crypto error
+WARNING: untranslated string: crypto warning
 WARNING: untranslated string: dhcp dns enable update
 WARNING: untranslated string: dhcp dns key name
 WARNING: untranslated string: dhcp dns update
@@ -810,7 +812,6 @@ WARNING: untranslated string: guaranteed bandwith
 WARNING: untranslated string: guardian
 WARNING: untranslated string: guardian block a host
 WARNING: untranslated string: guardian block httpd brute-force
-WARNING: untranslated string: guardian block owncloud brute-force
 WARNING: untranslated string: guardian block ssh brute-force
 WARNING: untranslated string: guardian blockcount
 WARNING: untranslated string: guardian blocked hosts
@@ -868,6 +869,9 @@ WARNING: untranslated string: one year
 WARNING: untranslated string: outgoing compression in bytes per second
 WARNING: untranslated string: outgoing overhead in bytes per second
 WARNING: untranslated string: ovpn add conf
+WARNING: untranslated string: ovpn error dh
+WARNING: untranslated string: ovpn error md5
+WARNING: untranslated string: ovpn warning rfc3280
 WARNING: untranslated string: pptp netconfig
 WARNING: untranslated string: pptp peer
 WARNING: untranslated string: pptp route

doc/language_issues.nl

@@ -752,6 +752,8 @@ WARNING: untranslated string: bytes
 WARNING: untranslated string: capabilities
 WARNING: untranslated string: captive
 WARNING: untranslated string: check all
+WARNING: untranslated string: crypto error
+WARNING: untranslated string: crypto warning
 WARNING: untranslated string: default
 WARNING: untranslated string: dh
 WARNING: untranslated string: dh key move failed
@@ -824,7 +826,6 @@ WARNING: untranslated string: geoipblock enable feature
 WARNING: untranslated string: guardian
 WARNING: untranslated string: guardian block a host
 WARNING: untranslated string: guardian block httpd brute-force
-WARNING: untranslated string: guardian block owncloud brute-force
 WARNING: untranslated string: guardian block ssh brute-force
 WARNING: untranslated string: guardian blockcount
 WARNING: untranslated string: guardian blocked hosts
@@ -905,9 +906,12 @@ WARNING: untranslated string: ovpn dh
 WARNING: untranslated string: ovpn dh new key
 WARNING: untranslated string: ovpn dh parameters
 WARNING: untranslated string: ovpn dh upload
+WARNING: untranslated string: ovpn error dh
+WARNING: untranslated string: ovpn error md5
 WARNING: untranslated string: ovpn generating the root and host certificates
 WARNING: untranslated string: ovpn ha
 WARNING: untranslated string: ovpn hmac
+WARNING: untranslated string: ovpn warning rfc3280
 WARNING: untranslated string: pptp netconfig
 WARNING: untranslated string: pptp peer
 WARNING: untranslated string: pptp route

doc/language_issues.pl

@@ -728,6 +728,8 @@ WARNING: untranslated string: count
 WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
 WARNING: untranslated string: countrycode
+WARNING: untranslated string: crypto error
+WARNING: untranslated string: crypto warning
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: default
 WARNING: untranslated string: deprecated fs warn
@@ -978,7 +980,6 @@ WARNING: untranslated string: grouptype
 WARNING: untranslated string: guardian
 WARNING: untranslated string: guardian block a host
 WARNING: untranslated string: guardian block httpd brute-force
-WARNING: untranslated string: guardian block owncloud brute-force
 WARNING: untranslated string: guardian block ssh brute-force
 WARNING: untranslated string: guardian blockcount
 WARNING: untranslated string: guardian blocked hosts
@@ -1090,6 +1091,8 @@ WARNING: untranslated string: ovpn dh parameters
 WARNING: untranslated string: ovpn dh upload
 WARNING: untranslated string: ovpn errmsg green already pushed
 WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn error dh
+WARNING: untranslated string: ovpn error md5
 WARNING: untranslated string: ovpn generating the root and host certificates
 WARNING: untranslated string: ovpn ha
 WARNING: untranslated string: ovpn hmac
@@ -1099,6 +1102,7 @@ WARNING: untranslated string: ovpn no connections
 WARNING: untranslated string: ovpn port in root range
 WARNING: untranslated string: ovpn routes push
 WARNING: untranslated string: ovpn routes push options
+WARNING: untranslated string: ovpn warning rfc3280
 WARNING: untranslated string: p2p block
 WARNING: untranslated string: p2p block save notice
 WARNING: untranslated string: pakfire ago

doc/language_issues.ru

@@ -731,6 +731,8 @@ WARNING: untranslated string: count
 WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
 WARNING: untranslated string: countrycode
+WARNING: untranslated string: crypto error
+WARNING: untranslated string: crypto warning
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: default
 WARNING: untranslated string: deprecated fs warn
@@ -979,7 +981,6 @@ WARNING: untranslated string: grouptype
 WARNING: untranslated string: guardian
 WARNING: untranslated string: guardian block a host
 WARNING: untranslated string: guardian block httpd brute-force
-WARNING: untranslated string: guardian block owncloud brute-force
 WARNING: untranslated string: guardian block ssh brute-force
 WARNING: untranslated string: guardian blockcount
 WARNING: untranslated string: guardian blocked hosts
@@ -1089,6 +1090,8 @@ WARNING: untranslated string: ovpn dh
 WARNING: untranslated string: ovpn dh new key
 WARNING: untranslated string: ovpn dh parameters
 WARNING: untranslated string: ovpn dh upload
+WARNING: untranslated string: ovpn error dh
+WARNING: untranslated string: ovpn error md5
 WARNING: untranslated string: ovpn generating the root and host certificates
 WARNING: untranslated string: ovpn ha
 WARNING: untranslated string: ovpn hmac
@@ -1096,6 +1099,7 @@ WARNING: untranslated string: ovpn mgmt in root range
 WARNING: untranslated string: ovpn mtu-disc
 WARNING: untranslated string: ovpn no connections
 WARNING: untranslated string: ovpn port in root range
+WARNING: untranslated string: ovpn warning rfc3280
 WARNING: untranslated string: p2p block
 WARNING: untranslated string: p2p block save notice
 WARNING: untranslated string: pptp netconfig

doc/language_issues.tr

@@ -736,12 +736,13 @@ WARNING: untranslated string: Captive clients
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: bytes
 WARNING: untranslated string: captive
+WARNING: untranslated string: crypto error
+WARNING: untranslated string: crypto warning
 WARNING: untranslated string: fwdfw all subnets
 WARNING: untranslated string: fwhost cust geoipgrp
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: guardian block a host
 WARNING: untranslated string: guardian block httpd brute-force
-WARNING: untranslated string: guardian block owncloud brute-force
 WARNING: untranslated string: guardian block ssh brute-force
 WARNING: untranslated string: guardian blockcount
 WARNING: untranslated string: guardian blocked hosts
@@ -778,6 +779,9 @@ WARNING: untranslated string: guardian watch snort alertfile
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: info messages
 WARNING: untranslated string: no data
+WARNING: untranslated string: ovpn error dh
+WARNING: untranslated string: ovpn error md5
+WARNING: untranslated string: ovpn warning rfc3280
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed

doc/language_missings

@@ -185,6 +185,8 @@
 < countries
 < countrycode
 < country codes and flags
+< crypto error
+< crypto warning
 < dead peer detection
 < default
 < default ip
@@ -579,6 +581,8 @@
 < ovpn engines
 < ovpn errmsg green already pushed
 < ovpn errmsg invalid ip or mask
+< ovpn error dh
+< ovpn error md5
 < ovpn generating the root and host certificates
 < ovpn ha
 < ovpn hmac
@@ -595,6 +599,7 @@
 < ovpn reneg sec
 < ovpn routes push
 < ovpn routes push options
+< ovpn warning rfc3280
 < p2p block
 < p2p block save notice
 < pptp netconfig
@@ -902,6 +907,8 @@
 < countries
 < countrycode
 < country codes and flags
+< crypto error
+< crypto warning
 < dead peer detection
 < default
 < default ip
@@ -1293,6 +1300,8 @@
 < ovpn dh parameters
 < ovpn dh upload
 < ovpn engines
+< ovpn error dh
+< ovpn error md5
 < ovpn generating the root and host certificates
 < ovpn ha
 < ovpn hmac
@@ -1307,6 +1316,7 @@
 < ovpn no connections
 < ovpn port in root range
 < ovpn reneg sec
+< ovpn warning rfc3280
 < p2p block
 < p2p block save notice
 < pptp netconfig
@@ -1573,6 +1583,8 @@
 < Captive WiFi coupon
 < Captive wrong ext
 < check all
+< crypto error
+< crypto warning
 < dhcp dns enable update
 < dhcp dns key name
 < dhcp dns update
@@ -1657,6 +1669,9 @@
 < outgoing compression in bytes per second
 < outgoing overhead in bytes per second
 < ovpn add conf
+< ovpn error dh
+< ovpn error md5
+< ovpn warning rfc3280
 < pptp netconfig
 < pptp peer
 < pptp route
@@ -1781,6 +1796,8 @@
 < Captive WiFi coupon
 < Captive wrong ext
 < check all
+< crypto error
+< crypto warning
 < default
 < dh
 < dhcp dns enable update
@@ -1907,10 +1924,13 @@
 < ovpn dh parameters
 < ovpn dh upload
 < ovpn engines
+< ovpn error dh
+< ovpn error md5
 < ovpn generating the root and host certificates
 < ovpn ha
 < ovpn hmac
 < ovpn reneg sec
+< ovpn warning rfc3280
 < pptp netconfig
 < pptp peer
 < pptp route
@@ -2105,6 +2125,8 @@
 < countries
 < countrycode
 < country codes and flags
+< crypto error
+< crypto warning
 < dead peer detection
 < default
 < default ip
@@ -2487,6 +2509,8 @@
 < ovpn engines
 < ovpn errmsg green already pushed
 < ovpn errmsg invalid ip or mask
+< ovpn error dh
+< ovpn error md5
 < ovpn generating the root and host certificates
 < ovpn ha
 < ovpn hmac
@@ -2503,6 +2527,7 @@
 < ovpn reneg sec
 < ovpn routes push
 < ovpn routes push options
+< ovpn warning rfc3280
 < p2p block
 < p2p block save notice
 < pptp netconfig
@@ -2810,6 +2835,8 @@
 < countries
 < countrycode
 < country codes and flags
+< crypto error
+< crypto warning
 < day-graph
 < dead peer detection
 < default
@@ -3198,6 +3225,8 @@
 < ovpn dh parameters
 < ovpn dh upload
 < ovpn engines
+< ovpn error dh
+< ovpn error md5
 < ovpn generating the root and host certificates
 < ovpn ha
 < ovpn hmac
@@ -3212,6 +3241,7 @@
 < ovpn no connections
 < ovpn port in root range
 < ovpn reneg sec
+< ovpn warning rfc3280
 < p2p block
 < p2p block save notice
 < pptp netconfig
@@ -3391,7 +3421,12 @@
 ############################################################################
 # Checking cgi-bin translations for language: tr                           #
 ############################################################################
+< crypto error
+< crypto warning
 < fwdfw all subnets
+< ovpn error dh
+< ovpn error md5
+< ovpn warning rfc3280
 < ssh active sessions
 < ssh login time
 < ssh no active logins

html/cgi-bin/guardian.cgi

@@ -52,7 +52,6 @@ my $ignorefile ='/var/ipfire/guardian/guardian.ignore';
 # file locations on IPFire systems.
 my %module_file_locations = (
 	"HTTPD" => "/var/log/httpd/error_log",
-	"OWNCLOUD" => "/var/owncloud/data/owncloud.log",
 	"SNORT" => "/var/log/snort/alert",
 	"SSH" => "/var/log/messages",
 );
@@ -65,11 +64,6 @@ our %mainsettings = ();
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
 
-# Pakfire meta file for owncloud.
-# (File exists when the addon is installed.)
-my $owncloud_meta = "/opt/pakfire/db/installed/meta-owncloud";
-
-
 # File declarations.
 my $settingsfile = "${General::swroot}/guardian/settings";
 my $ignoredfile = "${General::swroot}/guardian/ignored";
@@ -96,11 +90,6 @@ $settings{'GUARDIAN_FIREWALL_ACTION'} = 'DROP';
 $settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
 $settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3';
 
-# Default settings for owncloud if installed.
-if ( -e "$owncloud_meta") {
-	$settings{'GUARDIAN_MONITOR_OWNCLOUD'} = 'off';
-}
-
 my $errormessage = '';
 
 &Header::showhttpheaders();
@@ -561,17 +550,7 @@ END
 				<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='on' $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} /> /
 				<input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='off' $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} /> off</td>
 			</tr>
-END
 
-			# Display owncloud checkbox when the addon is installed.
-			if ( -e "$owncloud_meta" ) {
-				print"<tr>\n";
-				print"<td width='25%' class='base'>$Lang::tr{'guardian block owncloud brute-force'}</td>\n";
-				print"<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='on' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} /> /\n";
-				print"<input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='off' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} /> off</td>\n";
-				print"</tr>\n";
-			}
-	print <<END;
 			<tr>
 				<td colspan='2'><br></td>
 			</tr>

html/cgi-bin/ovpnmain.cgi

@@ -64,6 +64,8 @@ my %cahash=();
 my %selected=();
 my $warnmessage = '';
 my $errormessage = '';
+my $cryptoerror = '';
+my $cryptowarning = '';
 my %settings=();
 my $routes_push_file = '';
 my $confighost="${General::swroot}/fwhosts/customhosts";
@@ -1069,7 +1071,42 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   close(CLIENTCONF);
 
 }
-  
+
+###
+### Check for cryptography problems
+###
+
+# Warning if DH parameter is 1024 bit
+if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
+	my $dhlenght = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
+	if ($dhlenght =~ /1024 bit/) {
+		$cryptoerror = "$Lang::tr{'ovpn error dh'}";
+		goto CRYPTO_ERROR;
+	}
+}
+
+# Warning if md5 is in usage
+if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
+	my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+	if ($signature =~ /md5WithRSAEncryption/) {
+		$cryptoerror = "$Lang::tr{'ovpn error md5'}";
+		goto CRYPTO_ERROR;
+	}
+}
+
+CRYPTO_ERROR:
+
+# Warning if certificate is not compliant to RFC3280 TLS rules
+if (-f "${General::swroot}/ovpn/openssl/ovpn.cnf") {
+	my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+	if ($extendkeyusage =~ /TLS Web Server Authentication/) {
+		$cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
+		goto CRYPTO_WARNING;
+	}
+}
+
+CRYPTO_WARNING:
+
 ###
 ### Save main settings
 ###
@@ -1181,7 +1218,7 @@ SETTINGS_ERROR:
 	    delete $confighash{$cgiparams{'$key'}};
 	}
 
-	system ("/usr/local/bin/openvpnctrl -drrd $name");
+	system ("/usr/local/bin/openvpnctrl -drrd $name &>/dev/null");
     }
     while ($file = glob("${General::swroot}/ovpn/ca/*")) {
 	unlink $file;
@@ -5135,6 +5172,20 @@ END
 	&Header::closebox();
     }
 
+	if ($cryptoerror) {
+		&Header::openbox('100%', 'LEFT', $Lang::tr{'crypto error'});
+		print "<class name='base'>$cryptoerror";
+		print "&nbsp;</class>";
+		&Header::closebox();
+	}
+
+	if ($cryptowarning) {
+		&Header::openbox('100%', 'LEFT', $Lang::tr{'crypto warning'});
+		print "<class name='base'>$cryptowarning";
+		print "&nbsp;</class>";
+		&Header::closebox();
+	}
+
 	if ($warnmessage) {
 		&Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
 		print "$warnmessage<br>";

langs/de/cgi-bin/de.pl

@@ -661,6 +661,8 @@
 'credits' => 'Credits',
 'crl' => 'Certificate Revocation List',
 'cron server' => 'Cron-Server',
+'crypto error' => 'Kryptografiefehler',
+'crypto warning' => 'Kryptografiewarnungen',
 'current' => 'Aktuell',
 'current aliases' => 'Aktuelle Alias-Adresse',
 'current class' => 'Aktuelle Klasse',
@@ -1817,6 +1819,8 @@
 'ovpn engines' => 'Krypto Engine',
 'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
 'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
+'ovpn error dh' => 'Der Diffie-Hellman Parameter muss mindestens 2048 bit lang sein! <br>Bitte einen neuen Diffie-Hellman Parameter erzeugen oder hochladen, dies kann unten über den Bereich "Diffie-Hellman-Parameter Optionen" gemacht werden.</br>',
+'ovpn error md5' => 'Das Host Zertifikat nutzt einen MD5 Algorithmus welcher nicht mehr akzeptiert wird. <br>Bitte IPFire auf die neueste Version updaten und generieren sie ein neues Root und Host Zertifikate.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
 'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
 'ovpn ha' => 'Hash-Algorithmus',
 'ovpn hmac' => 'HMAC-Optionen',
@@ -1841,6 +1845,7 @@
 'ovpn subnet' => 'OpenVPN-Subnetz:',
 'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
 'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit  ',
+'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht RFC3280 Regelkonform. <br>Bitte IPFire auf die letzte Version updaten und generieren sie ein neues Root und Host Zertifikat so bald wie möglich.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
 'ovpn_fastio' => 'Fast-IO',
 'ovpn_fragment' => 'Fragmentgrösse',
 'ovpn_mssfix' => 'MSSFIX-Grösse',

langs/en/cgi-bin/en.pl

@@ -682,6 +682,8 @@
 'credits' => 'Credits',
 'crl' => 'Certificate Revocation List',
 'cron server' => 'CRON Server',
+'crypto error' => 'Cryptographic error',
+'crypto warning' => 'Cryptographic warning',
 'current' => 'Current',
 'current aliases' => 'Current aliases',
 'current class' => 'Current class',
@@ -1850,6 +1852,8 @@
 'ovpn engines' => 'Crypto engine',
 'ovpn errmsg green already pushed' => 'Route for green network is always set',
 'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
+'ovpn error dh' => 'The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>',
+'ovpn error md5' => 'You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
 'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.',
 'ovpn ha' => 'Hash algorithm',
 'ovpn hmac' => 'HMAC options',
@@ -1874,6 +1878,7 @@
 'ovpn subnet' => 'OpenVPN subnet:',
 'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
 'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
+'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
 'ovpn_fastio' => 'Fast-IO',
 'ovpn_mssfix' => 'MSSFIX Size',
 'ovpn_mtudisc' => 'MTU-Discovery',

lfs/GeoIP

@@ -25,7 +25,7 @@
 include Config
 
 VER        = 1.25
-DATVER     = 07012017
+DATVER     = 30062018
 
 THISAPP    = Geo-IP-PurePerl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 GeoIP.dat-$(DATVER).gz = $(DL_FROM)/GeoIP.dat-$(DATVER).gz
 
 $(DL_FILE)_MD5 = a47a1b71f7cd7c46cca9efcc448e0726
-GeoIP.dat-$(DATVER).gz_MD5 = fac676d18785585568312f30b7851657
+GeoIP.dat-$(DATVER).gz_MD5 = d538e57ad9268fdc7955c6cf9a37c4a9
 
 install : $(TARGET)
 

lfs/guardian

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.0
+VER        = 2.0.2
 
 THISAPP    = guardian-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 PROG       = guardian
-PAK_VER    = 14
+PAK_VER    = 15
 
 DEPS       = "perl-inotify2 perl-Net-IP"
 
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 15be3b14a70e21502368deca74903f5c
+$(DL_FILE)_MD5 = f83a7ca312cd3cb3ddf79fb33826027d
 
 install : $(TARGET)
 

lfs/hplip

@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2018  IPFire Team   <info@ipfire.org>                         #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.12.6
+VER        = 3.18.6
 
 THISAPP    = hplip-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = hplip
-PAK_VER    = 2
+PAK_VER    = 3
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 5303938e8630775ea6fb383af85775e5
+$(DL_FILE)_MD5 = 3857eae76c49c00fa185628d4dce7d61
 
 install : $(TARGET)
 
@@ -78,10 +78,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	$(UPDATE_AUTOMAKE)
-	cd $(DIR_APP) && ./configure --prefix=/usr \
-											 --enable-hpijs-only-build \
-											--disable-network-build --disable-scan-build
+	cd $(DIR_APP) && ./configure		\
+		--prefix=/usr			\
+		--enable-hpijs-only-build	\
+		--disable-network-build		\
+		--disable-scan-build
+
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)

lfs/multipath-tools

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = be1191b
+VER        = 386d288
 
 THISAPP    = multipath-tools-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 4a055e84c9ced857bc9c996cb6180d2a
+$(DL_FILE)_MD5 = 51288dc6cabd580f0b6c30c77624b9d7
 
 install : $(TARGET)
 

lfs/usbutils

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 007
+VER        = 010
 
 THISAPP    = usbutils-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = c9df5107ae9d26b10a1736a261250139
+$(DL_FILE)_MD5 = 938e3707593974be99a0dd6d1de76671
 
 install : $(TARGET)