diff --git a/config/rootfiles/oldcore/158/filelists/files b/config/rootfiles/oldcore/158/filelists/files
index 903ae9450..299ce1e2e 100644
--- a/config/rootfiles/oldcore/158/filelists/files
+++ b/config/rootfiles/oldcore/158/filelists/files
@@ -1,6 +1,7 @@
 etc/rc.d/init.d/firewall
 etc/ssh/sshd_config
 opt/pakfire/lib/functions.pl
+opt/pakfire/lib/functions.sh
 opt/pakfire/pakfire
 usr/lib/firewall/ipsec-policy
 var/ipfire/backup/bin/backup.pl
diff --git a/config/rootfiles/oldcore/158/update.sh b/config/rootfiles/oldcore/158/update.sh
index 42744e2a7..a0e8d842f 100644
--- a/config/rootfiles/oldcore/158/update.sh
+++ b/config/rootfiles/oldcore/158/update.sh
@@ -74,6 +74,9 @@ ldconfig
 # Filesytem cleanup
 /usr/local/bin/filesystem-cleanup
 
+# Apply local configuration to sshd_config
+/usr/local/bin/sshctrl
+
 # Start services
 /etc/init.d/vnstat restart
 /etc/init.d/rngd restart
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi
index e30aa3d4f..0e3ccbe45 100644
--- a/html/cgi-bin/ddns.cgi
+++ b/html/cgi-bin/ddns.cgi
@@ -171,20 +171,28 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::
 		$errormessage = $Lang::tr{'invalid domain name'};
 	}
 
-	# Check if a username has been sent.
-	if ($settings{'LOGIN'} eq '') {
-		$errormessage = $Lang::tr{'username not set'};
-	}
+	# Check if the choosen provider supports token based authentication.
+	if ($settings{'SERVICE'} ~~ @token_provider) {
+		# Check if a token has been given.
+		unless ($settings{'TOKEN'}) {
+			$errormessage = $Lang::tr{'token not set'};
+		}
 
-	# Check if a password has been typed in.
-	# freedns.afraid.org does not require this field.
-	if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) {
-		$errormessage = $Lang::tr{'password not set'};
-	}
+		# Automatically set the username to token.
+		$settings{'LOGIN'} = "token";
 
-	# Check if a token has been given for provider which support tokens.
-	if (($settings{'SERVICE'} ~~ @token_provider) && ($settings{'TOKEN'} eq '')) {
-		$errormessage = $Lang::tr{'token not set'};
+	# A provider without token support has been choosen.
+	} else {
+		# Check if a username has been sent.
+		if ($settings{'LOGIN'} eq '') {
+			$errormessage = $Lang::tr{'username not set'};
+		}
+
+		# Check if a password has been typed in.
+		# freedns.afraid.org does not require this field.
+		if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) {
+			$errormessage = $Lang::tr{'password not set'};
+		}
 	}
 
 	# Go furter if there was no error.
diff --git a/html/cgi-bin/fireinfo.cgi b/html/cgi-bin/fireinfo.cgi
index e0221c5be..04e36faf4 100644
--- a/html/cgi-bin/fireinfo.cgi
+++ b/html/cgi-bin/fireinfo.cgi
@@ -94,7 +94,7 @@ my $ipfire_version = <FILE>;
 close(FILE);
 
 my $pakfire_version = &Pakfire::make_version();
-my $kernel_version = &General::system_output("uname", "-a");
+my @kernel_version = &General::system_output("uname", "-a");
 
 &Header::openbox('100%', 'left', $Lang::tr{'fireinfo system version'});
 print <<END;
@@ -109,7 +109,7 @@ print <<END;
 		</tr>
 		<tr>
 			<td align='center' bgcolor='#F0F0F0' width='15%'>$Lang::tr{'fireinfo kernel version'}</td>
-			<td bgcolor='#F0F0F0'><code>$kernel_version</code></td>
+			<td bgcolor='#F0F0F0'><code>@kernel_version</code></td>
 		</tr>
 	</table>
 END
diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi
index 631587ce2..0cf522ba1 100644
--- a/html/cgi-bin/pakfire.cgi
+++ b/html/cgi-bin/pakfire.cgi
@@ -55,14 +55,15 @@ sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' cont
 &Header::openbigbox('100%', 'left', '', $errormessage);
 
 if (($cgiparams{'ACTION'} eq 'install') && (! -e $Pakfire::lockfile)) {
-	$cgiparams{'INSPAKS'} =~ s/\|/\ /g;
+	my @pkgs = split(/\|/, $cgiparams{'INSPAKS'});
 	if ("$cgiparams{'FORCE'}" eq "on") {
-		&General::system_background("/usr/local/bin/pakfire", "install", "--non-interactive", "--no-colors", $cgiparams{'INSPAKS'});
+		&General::system_background("/usr/local/bin/pakfire", "install", "--non-interactive", "--no-colors", @pkgs);
+		sleep(2);
 	} else {
 		&Header::openbox("100%", "center", $Lang::tr{'request'});
-		my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", $cgiparams{'INSPAKS'});
+		my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", @pkgs);
 		print <<END;
-		<table><tr><td colspan='2'>$Lang::tr{'pakfire install package'}.$cgiparams{'INSPAKS'}.$Lang::tr{'pakfire possible dependency'}
+		<table><tr><td colspan='2'>$Lang::tr{'pakfire install package'} @pkgs $Lang::tr{'pakfire possible dependency'}
 		<pre>
 END
 		foreach (@output) {
@@ -92,15 +93,15 @@ END
 		exit;
 	}
 } elsif (($cgiparams{'ACTION'} eq 'remove') && (! -e $Pakfire::lockfile)) {
-
-	$cgiparams{'DELPAKS'} =~ s/\|/\ /g;
+	my @pkgs = split(/\|/, $cgiparams{'DELPAKS'});
 	if ("$cgiparams{'FORCE'}" eq "on") {
-		&General::system_background("/usr/local/bin/pakfire", "remove", "--non-interactive", "--no-colors", $cgiparams{'DELPAKS'});
+		&General::system_background("/usr/local/bin/pakfire", "remove", "--non-interactive", "--no-colors", @pkgs);
+		sleep(2);
 	} else {
 		&Header::openbox("100%", "center", $Lang::tr{'request'});
-		my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", $cgiparams{'DELPAKS'});
+		my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", @pkgs);
 		print <<END;
-		<table><tr><td colspan='2'>$Lang::tr{'pakfire uninstall package'}.$cgiparams{'DELPAKS'}.$Lang::tr{'pakfire possible dependency'}
+		<table><tr><td colspan='2'>$Lang::tr{'pakfire uninstall package'} @pkgs $Lang::tr{'pakfire possible dependency'}
 		<pre>
 END
 		foreach (@output) {
diff --git a/src/pakfire/lib/functions.sh b/src/pakfire/lib/functions.sh
index 5918649db..67986e20e 100644
--- a/src/pakfire/lib/functions.sh
+++ b/src/pakfire/lib/functions.sh
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2012  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -22,17 +22,28 @@
 . /etc/sysconfig/rc
 . $rc_functions
 
+TAR_OPTIONS=(
+	--acls
+	--xattrs
+	--xattrs-include='*'
+	--no-overwrite-dir
+	--no-delay-directory-restore
+	--preserve-permissions
+	--numeric-owner
+)
+
 extract_files() {
 	echo "Extracting files..."
-	tar --acls --xattrs --xattrs-include='*' \
-		-xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
+	tar -xavf /opt/pakfire/tmp/files* "${TAR_OPTIONS[@]}" -C /
+	sync
 	echo "...Finished."
 }
 
 extract_backup_includes() {
 	echo "Extracting backup includes..."
-	tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / \
+	tar xavf /opt/pakfire/tmp/files* "${TAR_OPTIONS[@]}" -C / \
 		var/ipfire/backup/addons/includes
+	sync
 	echo "...Finished."
 }
 
diff --git a/src/stripper b/src/stripper
index ac5f58ca5..e51463c69 100755
--- a/src/stripper
+++ b/src/stripper
@@ -27,6 +27,10 @@ function _strip() {
 		fi
 	done
 
+	# Fetch any capabilities
+	local capabilities="$(getfattr --no-dereference --name="security.capability" \
+		--absolute-names --dump "${file}")"
+
 	local cmd=( "${strip}" )
 
 	case "$(file -bi ${file})" in
@@ -40,6 +44,11 @@ function _strip() {
 
 	echo "Stripping ${file}..."
 	${cmd[*]} ${file}
+
+	# Restore capabilities
+	if [ -n "${capabilities}" ]; then
+		setfattr --no-dereference --restore=<(echo "${capabilities}")
+	fi
 }
 
 for dir in ${dirs}; do