From 525839f74f6be04b59f8bb3874f5764fed078a78 Mon Sep 17 00:00:00 2001
From: Erik Kapfer <erik.kapfer@ipfire.org>
Date: Thu, 12 Jun 2014 17:36:57 +0200
Subject: [PATCH 01/29] openvpn: Clean up DH download code.

---
 html/cgi-bin/ovpnmain.cgi | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 45c2f6c67..b2ce05e97 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1519,17 +1519,6 @@ END
 	exit(0);
     }
 
-###
-### Download Diffie-Hellman parameter
-###
-}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download dh parameter'}) {
-    if ( -f "${General::swroot}/ovpn/ca/dh1024.pem" ) {
-	print "Content-Type: application/octet-stream\r\n";
-	print "Content-Disposition: filename=dh1024.pem\r\n\r\n";
-	print `/usr/bin/openssl dhparam -in ${General::swroot}/ovpn/ca/dh1024.pem`;
-	exit(0);
-    }
-
 ###
 ### Download tls-auth key
 ###

From ac3b63071f903b110cbf0b87e5e8d3a9e5c99a77 Mon Sep 17 00:00:00 2001
From: Erik Kapfer <erik.kapfer@ipfire.org>
Date: Mon, 16 Jun 2014 09:50:20 +0200
Subject: [PATCH 02/29] openvpn: Shortened word to prevent line break.

* Shortened Diffie-Hellman to DH in language files to
affort a better look in WUI.
---
 langs/de/cgi-bin/de.pl | 2 +-
 langs/en/cgi-bin/en.pl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index ae4d69491..a88a7cc8a 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -665,7 +665,7 @@
 'devices on blue' => 'Geräte auf Blau',
 'dh' => 'Diffie-Hellman-Parameter',
 'dh key move failed' => 'Verschieben der Diffie-Hellman-Parameter fehlgeschlagen.',
-'dh key warn' => 'Das Generieren der Diffie-Hellman-Parameter mit 1024 oder 2048 Bit dauert üblicherweise mehrere Minuten. Schlüssellängen von 3072 oder 4096 Bit beanspruchen mehrere Stunden. Bitte haben Sie etwas Geduld.',
+'dh key warn' => 'Das Generieren der DH-Parameter mit 1024 oder 2048 Bit dauert üblicherweise mehrere Minuten. Schlüssellängen von 3072 oder 4096 Bit beanspruchen mehrere Stunden. Bitte haben Sie etwas Geduld.',
 'dh key warn1' => 'Bei schwachen Systemen oder Systeme mit wenig Entropie wird empfohlen lange Diffie-Hellman-Parameter über die Upload-Funktion hochzuladen.',
 'dh parameter' => 'Diffie-Hellman-Parameter',
 'dhcp advopt add' => 'DHCP Option hinzufügen',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index f8770204c..706ed0f6b 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -687,7 +687,7 @@
 'devices on blue' => 'Devices on BLUE',
 'dh' => 'Diffie-Hellman parameters',
 'dh key move failed' => 'Diffie-Hellman parameters move failed.',
-'dh key warn' => 'Creating Diffie-Hellman parameters with lengths of 1024 or 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.',
+'dh key warn' => 'Creating DH-parameters with lengths of 1024 or 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.',
 'dh key warn1' => 'For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.',
 'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".',
 'dh parameter' => 'Diffie-Hellman parameters',

From 7eb25cb302c28a7969a160a8672df6744c0b85af Mon Sep 17 00:00:00 2001
From: Stefan Ferstl <st.ferstl@gmail.com>
Date: Tue, 17 Jun 2014 11:22:21 +0200
Subject: [PATCH 03/29] DDNS: Fix API call for the "Dynu" DDNS service This
 affects the DDNS service "dynu.ca dyn.ee dynserv.(ca|org|net|com)". DNS
 updates using this service were made using the URL http://dynserv.ca/ .
 However, the domain dynserv.ca does not exist anymore. The Dynu service is
 now only reachable via the dynu.com domain. This commit changes the API call
 according to Dynu's specification on
 http://www.dynu.com/Default.aspx?page=dnsapi .

---
 src/scripts/setddns.pl | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/scripts/setddns.pl b/src/scripts/setddns.pl
index 5e77fce5c..5a195650c 100644
--- a/src/scripts/setddns.pl
+++ b/src/scripts/setddns.pl
@@ -632,23 +632,22 @@ if ($ip ne $ipcache) {
 			    	$settings{'HOSTDOMAIN'} = "$settings{'HOSTNAME'}.$settings{'DOMAIN'}";
 			    }
 
-			    my ($out, $response) = Net::SSLeay::get_http(  'dynserv.ca',
-									    80,
-									    "/dyn/dynengine.cgi?func=set&name=$settings{'LOGIN'}&pass=$settings{'PASSWORD'}&ip=$ip&domain=$settings{'DOMAIN'}",
+			    my ($out, $response) = Net::SSLeay::get_https( 'api.dynu.com',
+									    443,
+									    "/nic/update?hostname=$settings{'HOSTDOMAIN'}&myip=$ip&username=$settings{'LOGIN'}&password=$settings{'PASSWORD'}",
 	                						    Net::SSLeay::make_headers('User-Agent' => 'IPFire' )
 									 );
-			    #Valid responses from service are:
-			    # 02 == Domain already exists, refreshing data for ... => xxx.xxx.xxx.xxx
-			    #
+			    # Valid responses are 'good xxx.xxx.xxx.xxx', 'nochg'
+			    # see http://www.dynu.com/Default.aspx?page=dnsapi for further details
 			    if ($response =~ m%HTTP/1\.. 200 OK%) {
-				if ( $out !~ m/Domain already exists, refreshing data for/ig ) {
+				if ( $out !~ m/^(good|nochg)/ ) {
 				    &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure ($out)");
 				} else {
-				    &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : success");
+				    &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : success ($out)");
 				    $success++;
 				}
 			    } else {
-			        &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server)");
+			        &General::log("Dynamic DNS ip-update for $settings{'HOSTDOMAIN'} : failure (could not connect to server---$out-$response)");
 			    }
 			}
 			elsif ($settings{'SERVICE'} eq 'udmedia') {

From f98bc1feb7e3f6f29588c9c0d2dc124382ae4e49 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue, 17 Jun 2014 13:45:40 +0200
Subject: [PATCH 04/29] kernel: update to 3.10.44.

---
 lfs/linux | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lfs/linux b/lfs/linux
index 45e9ce661..72166c4b2 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,10 +24,10 @@
 
 include Config
 
-VER        = 3.10.43
+VER        = 3.10.44
 
 RPI_PATCHES = linux-3.10.38-grsec-1b49b45
-GRS_PATCHES = grsecurity-2.9.1-3.10.43-ipfire1.patch.xz
+GRS_PATCHES = grsecurity-2.9.1-3.10.44-ipfire1.patch.xz
 
 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -36,7 +36,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 CFLAGS     =
 CXXFLAGS   =
 
-PAK_VER    = 49
+PAK_VER    = 50
 DEPS	   = ""
 
 VERSUFIX=ipfire$(KCFG)
@@ -74,9 +74,9 @@ $(DL_FILE)				= $(URL_IPFIRE)/$(DL_FILE)
 rpi-patches-$(RPI_PATCHES).patch.xz	= $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
 $(GRS_PATCHES)				= $(URL_IPFIRE)/$(GRS_PATCHES)
 
-$(DL_FILE)_MD5				= b76af402bd1848b533f0b6dab41d3220
+$(DL_FILE)_MD5				= 8a4006eff3bbd8aff58fe4b443223e7a
 rpi-patches-$(RPI_PATCHES).patch.xz_MD5	= a7408e8bad57b4b2cb677dd5a0bfb7ff
-$(GRS_PATCHES)_MD5			= a77f35c2f4cd6d64a50c26ef5513540b
+$(GRS_PATCHES)_MD5			= 07e5d812146063ed5b2ce49d0d24099b
 
 install : $(TARGET)
 

From 654a8ece848581428d91e32ff511956e840b688f Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue, 17 Jun 2014 16:11:03 +0200
Subject: [PATCH 05/29] clamav: update to 0.98.4.

---
 config/rootfiles/packages/clamav | 6 +++---
 lfs/clamav                       | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index e27eba6e5..c2aee7cf5 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -11,15 +11,15 @@ usr/bin/sigtool
 #usr/lib/libclamav.la
 usr/lib/libclamav.so
 usr/lib/libclamav.so.6
-usr/lib/libclamav.so.6.1.22
+usr/lib/libclamav.so.6.1.23
 #usr/lib/libclamunrar.la
 usr/lib/libclamunrar.so
 usr/lib/libclamunrar.so.6
-usr/lib/libclamunrar.so.6.1.22
+usr/lib/libclamunrar.so.6.1.23
 #usr/lib/libclamunrar_iface.la
 usr/lib/libclamunrar_iface.so
 usr/lib/libclamunrar_iface.so.6
-usr/lib/libclamunrar_iface.so.6.1.22
+usr/lib/libclamunrar_iface.so.6.1.23
 #usr/lib/pkgconfig/libclamav.pc
 usr/sbin/clamd
 usr/share/clamav
diff --git a/lfs/clamav b/lfs/clamav
index 8cb849b5c..58f03417a 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.98.3
+VER        = 0.98.4
 
 THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 25
+PAK_VER    = 26
 
 DEPS       = ""
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = b649d35ee85d4d6075a98173dd255c17
+$(DL_FILE)_MD5 = 6d409eab6c311de05a0a591fccd2ec83
 
 install : $(TARGET)
 

From 6af27d7120da496521e7a313a4201be0438a67d2 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue, 17 Jun 2014 16:11:03 +0200
Subject: [PATCH 06/29] clamav: update to 0.98.4.

---
 config/rootfiles/packages/clamav | 6 +++---
 lfs/clamav                       | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index e27eba6e5..c2aee7cf5 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -11,15 +11,15 @@ usr/bin/sigtool
 #usr/lib/libclamav.la
 usr/lib/libclamav.so
 usr/lib/libclamav.so.6
-usr/lib/libclamav.so.6.1.22
+usr/lib/libclamav.so.6.1.23
 #usr/lib/libclamunrar.la
 usr/lib/libclamunrar.so
 usr/lib/libclamunrar.so.6
-usr/lib/libclamunrar.so.6.1.22
+usr/lib/libclamunrar.so.6.1.23
 #usr/lib/libclamunrar_iface.la
 usr/lib/libclamunrar_iface.so
 usr/lib/libclamunrar_iface.so.6
-usr/lib/libclamunrar_iface.so.6.1.22
+usr/lib/libclamunrar_iface.so.6.1.23
 #usr/lib/pkgconfig/libclamav.pc
 usr/sbin/clamd
 usr/share/clamav
diff --git a/lfs/clamav b/lfs/clamav
index 8cb849b5c..58f03417a 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.98.3
+VER        = 0.98.4
 
 THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 25
+PAK_VER    = 26
 
 DEPS       = ""
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = b649d35ee85d4d6075a98173dd255c17
+$(DL_FILE)_MD5 = 6d409eab6c311de05a0a591fccd2ec83
 
 install : $(TARGET)
 

From 2f9e90ee1cfc7d535f69be244227b27a9260ee1d Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 17 Jun 2014 19:26:28 +0200
Subject: [PATCH 07/29] core80: Ship setddns.pl.

---
 config/rootfiles/core/80/filelists/files | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files
index 409e5fe8a..82e437609 100644
--- a/config/rootfiles/core/80/filelists/files
+++ b/config/rootfiles/core/80/filelists/files
@@ -1,2 +1,3 @@
 etc/system-release
 etc/issue
+usr/local/bin/setddns.pl

From 7119032e11ad50ed78bd6df2be8e8536d7191bf4 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 17 Jun 2014 19:47:06 +0200
Subject: [PATCH 08/29] Rewrite redirect_wrapper.

The wrapper had multiple errors in handling the new version of the
squid redirector protocol and was awful to maintain as it did not
fulfill any coding guidelines at all.
---
 config/urlfilter/redirect_wrapper | 145 +++++++++++++++++-------------
 1 file changed, 84 insertions(+), 61 deletions(-)

diff --git a/config/urlfilter/redirect_wrapper b/config/urlfilter/redirect_wrapper
index 96cc0a094..3e8b49eac 100644
--- a/config/urlfilter/redirect_wrapper
+++ b/config/urlfilter/redirect_wrapper
@@ -21,12 +21,9 @@
 #                                                                             #
 ###############################################################################
 
-use strict;
 use IPC::Open2;
 use IO::Handle;
 
-my $redirectors;
-
 require '/var/ipfire/general-functions.pl';
 
 my %proxysettings=();
@@ -35,15 +32,20 @@ $proxysettings{'ENABLE_CLAMAV'} = 'off';
 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
 
-# define here your redirectors (use a comma sperated list)
-if ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/bin/squidGuard', '/usr/bin/squidclamav', '/usr/sbin/updxlrator' ];}
-elsif ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'off' ){$redirectors = [ '/usr/bin/squidGuard', '/usr/bin/squidclamav' ];}
-elsif ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'off' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];}
-elsif ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'off' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'off' ){$redirectors = [ '/usr/bin/squidGuard' ];}
-elsif ( $proxysettings{'ENABLE_FILTER'} eq 'off' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/bin/squidclamav', '/usr/sbin/updxlrator' ];}
-elsif ( $proxysettings{'ENABLE_FILTER'} eq 'off' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'off' ){$redirectors = [ '/usr/bin/squidclamav' ];}
-elsif ( $proxysettings{'ENABLE_FILTER'} eq 'off' && $proxysettings{'ENABLE_CLAMAV'} eq 'off' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/sbin/updxlrator' ];}
-else  { $redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];}
+# define here your redirectors
+my @redirectors = ();
+
+if ($proxysettings{'ENABLE_FILTER'} eq 'on') {
+	push(@redirectors, "/usr/bin/squidGuard");
+}
+
+if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
+	push(@redirectors, "/usr/bin/squidclamav");
+}
+
+if ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') {
+	push(@redirectors, "/usr/sbin/updxlrator");
+}
 
 # Attention: keep in mind that the order of your redirectors is important.
 # It doesn't make sense to scan for viruses on pages you restrict access to...
@@ -55,68 +57,89 @@ else  { $redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];}
 # init
 $| = 1;
 STDOUT->autoflush(1);
-my $line;
-my $return;
-my $i;
+
 my $debug=0; # enable only for debugging
 
-if ( -e "/var/ipfire/proxy/enable_redirector_debug" ){
-	$debug = 1;
+if (-e "/var/ipfire/proxy/enable_redirector_debug") {
 	writetolog("Urlfilter = ".$proxysettings{'ENABLE_FILTER'}." Clamav = ".$proxysettings{'ENABLE_CLAMAV'}." Updxlrator = ".$proxysettings{'ENABLE_UPDXLRATOR'});
+	$debug = 1;
+}
+
+# Open one instance for each redirector in the list and
+# put them into an array with the STDIN and STDOUT file
+# descriptors.
+my @instances = ();
+
+foreach my $redirector (@redirectors) {
+	my $desc_out = new IO::Handle();
+	my $desc_in  = new IO::Handle();
+
+	my $pid = open2($desc_out, $desc_in, $redirector);
+
+	if ($debug) {
+		&writetolog("Started an instance of $redirector with PID $pid");
 	}
 
-# open progamms
-my $pidlist = [];
-my $rlist = [];
-my $wlist = [];
-
-for($i = 0; $i < @$redirectors; $i++) {
-	$pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors->[$i]);
-	if ($debug){
-		writetolog("Current redirector is ".$redirectors->[$i]." number ".$i." PID ".$pidlist->[$i]);
-		}
-	}
+	push(@instances, [$redirector, $desc_out, $desc_in]);
+}
 
 # wait for data...
-while($line = <>) {
-	$return = "";
+my $line;
+while ($line = <>) {
+	my $return = "ERR\n";
 
-	for($i = 0; $i < @$redirectors; $i++) {
-		$wlist->[$i]->print($line);
-		$return = $rlist->[$i]->getline;
+	foreach my $instance (@instances) {
+		my $redirector = @$instance[0];
+		my $desc_out   = @$instance[1];
+		my $desc_in    = @$instance[2];
+		my $response;
 
-		if ( $return eq "Processing file and database" ){
+		# Send request to the redirector.
+		$desc_in->print($line);
+
+		# Wait for a response.
+		$response = $desc_out->getline;
+
+		# Catch invalid responses from squidGuard.
+		if ($redirector eq "/usr/bin/squidGuard" && $response eq "Processing file and database") {
 			system("logger -t ipfire 'Emergency - squidGuard not initialised please run squidGuard -C all'");
-			}
-
-		if ($debug){
-			my $dline = $line;my $dreturn = $return;chomp $dline;chomp $dreturn;
-			if ( $return eq $line or $return eq "\n" or $return eq "" ){
-				writetolog("Request equals result by ".$redirectors->[$i]." ".$dline);
-				}
-			else {
-				writetolog($redirectors->[$i]." answers ".$dreturn."\n   Querried ".$dline);
-				}
-			}
-
-		# break if redirector changes data
-		if($return ne "ERR\n" and $return ne $line ){
-			if ( $redirectors->[$i] ne "/usr/sbin/updxlrator"){
-				if ($debug){
-					writetolog($redirectors->[$i]." is stopping querry because block was found.");
-					}
-				$i = @$redirectors;
-				}
-			}
+			next;
+		}
+
+		# Writing debug output.
+		if ($debug) {
+			my $len_response = length($response);
+
+			&writetolog("Queried $redirector for: $line");
+			&writetolog("  --> Response ($len_response): $response");
+		}
+
+		# If we got a decisive response, we send it back to squid
+		# and stop querying any more redirectors.
+		if ($response =~ /^(OK|BH)/) {
+			if ($debug) {
+				&writetolog("  --  Stopped querying redirectors");
+			}
+
+			$return = $response;
+			last;
 		}
-	print $return;
 	}
 
+	# Send response back to squid.
+	if ($debug) {
+		&writetolog("Sending back to squid: $return");
+	}
+	print $return;
+}
+
 exit 0;
 
 sub writetolog {
-	open(DATEI, ">>/var/log/squid/redirector_debug") || die "Unable to acces file /var/log/squid/redirector_debug";
-	my $log = shift;
-	print DATEI $log."\n";
-	close(DATEI);
-	}
+	my $message = shift;
+	chomp($message);
+
+	open(FILE, ">>/var/log/squid/redirector_debug") || die "Unable to acces file /var/log/squid/redirector_debug";
+	print FILE "$message\n";
+	close(FILE);
+}

From 4cb7c9b47fbc265c3f503591b9aae4fb095a18bf Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 17 Jun 2014 19:48:34 +0200
Subject: [PATCH 09/29] Update translations.

---
 doc/language_issues.de | 7 ++-----
 doc/language_issues.en | 6 +-----
 doc/language_issues.es | 9 +++------
 doc/language_issues.fr | 9 +++------
 doc/language_issues.nl | 9 +++------
 doc/language_issues.pl | 9 +++------
 doc/language_issues.ru | 9 +++------
 doc/language_issues.tr | 9 +++------
 doc/language_missings  | 8 ++++++++
 langs/de/cgi-bin/de.pl | 2 +-
 10 files changed, 30 insertions(+), 47 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 9d1e0adce..e814281f3 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -145,6 +145,7 @@ WARNING: translation string unused: dmzpinholes for same net not necessary
 WARNING: translation string unused: dns server
 WARNING: translation string unused: do not log this port list
 WARNING: translation string unused: donation-link
+WARNING: translation string unused: download dh parameter
 WARNING: translation string unused: driver
 WARNING: translation string unused: dstprt range overlaps
 WARNING: translation string unused: dstprt within existing
@@ -459,16 +460,12 @@ WARNING: translation string unused: released
 WARNING: translation string unused: removable device advice
 WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
 WARNING: translation string unused: restore hardware settings
 WARNING: translation string unused: root
 WARNING: translation string unused: root path
 WARNING: translation string unused: root user password
 WARNING: translation string unused: route subnet is invalid
 WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
 WARNING: translation string unused: rules already up to date
 WARNING: translation string unused: safe removal of umounted device
 WARNING: translation string unused: save error
@@ -495,7 +492,6 @@ WARNING: translation string unused: source ip in use
 WARNING: translation string unused: source ip or net
 WARNING: translation string unused: source net
 WARNING: translation string unused: source network
-WARNING: translation string unused: source port in use
 WARNING: translation string unused: source port overlaps
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
@@ -630,4 +626,5 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: uplink
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 55ee3e28c..57e0dd3bb 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -168,6 +168,7 @@ WARNING: translation string unused: dns server
 WARNING: translation string unused: do not log this port list
 WARNING: translation string unused: donation-link
 WARNING: translation string unused: done
+WARNING: translation string unused: download dh parameter
 WARNING: translation string unused: driver
 WARNING: translation string unused: dstprt range overlaps
 WARNING: translation string unused: dstprt within existing
@@ -486,16 +487,12 @@ WARNING: translation string unused: released
 WARNING: translation string unused: removable device advice
 WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
 WARNING: translation string unused: restore hardware settings
 WARNING: translation string unused: root
 WARNING: translation string unused: root path
 WARNING: translation string unused: root user password
 WARNING: translation string unused: route subnet is invalid
 WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
 WARNING: translation string unused: rules already up to date
 WARNING: translation string unused: safe removal of umounted device
 WARNING: translation string unused: save error
@@ -525,7 +522,6 @@ WARNING: translation string unused: source ip in use
 WARNING: translation string unused: source ip or net
 WARNING: translation string unused: source net
 WARNING: translation string unused: source network
-WARNING: translation string unused: source port in use
 WARNING: translation string unused: source port overlaps
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 6bbdc18e1..a87250311 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -420,16 +420,12 @@ WARNING: translation string unused: released
 WARNING: translation string unused: removable device advice
 WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
 WARNING: translation string unused: restore hardware settings
 WARNING: translation string unused: root
 WARNING: translation string unused: root path
 WARNING: translation string unused: root user password
 WARNING: translation string unused: route subnet is invalid
 WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
 WARNING: translation string unused: rules already up to date
 WARNING: translation string unused: safe removal of umounted device
 WARNING: translation string unused: save error
@@ -459,7 +455,6 @@ WARNING: translation string unused: source ip in use
 WARNING: translation string unused: source ip or net
 WARNING: translation string unused: source net
 WARNING: translation string unused: source network
-WARNING: translation string unused: source port in use
 WARNING: translation string unused: source port overlaps
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
@@ -655,7 +650,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
-WARNING: untranslated string: download dh parameter
+WARNING: untranslated string: download tls-auth key
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -920,6 +915,7 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
+WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: software version
 WARNING: untranslated string: source ip country
@@ -929,6 +925,7 @@ WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
 WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: system information
+WARNING: untranslated string: ta key
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
 WARNING: untranslated string: tor accounting bytes
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 13a3c8802..ed42fe595 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -431,16 +431,12 @@ WARNING: translation string unused: released
 WARNING: translation string unused: removable device advice
 WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
 WARNING: translation string unused: restore hardware settings
 WARNING: translation string unused: root
 WARNING: translation string unused: root path
 WARNING: translation string unused: root user password
 WARNING: translation string unused: route subnet is invalid
 WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
 WARNING: translation string unused: rules already up to date
 WARNING: translation string unused: safe removal of umounted device
 WARNING: translation string unused: save error
@@ -470,7 +466,6 @@ WARNING: translation string unused: source ip in use
 WARNING: translation string unused: source ip or net
 WARNING: translation string unused: source net
 WARNING: translation string unused: source network
-WARNING: translation string unused: source port in use
 WARNING: translation string unused: source port overlaps
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
@@ -666,7 +661,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
-WARNING: untranslated string: download dh parameter
+WARNING: untranslated string: download tls-auth key
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -927,6 +922,7 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
+WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: snort working
 WARNING: untranslated string: software version
@@ -937,6 +933,7 @@ WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
 WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: system information
+WARNING: untranslated string: ta key
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
 WARNING: untranslated string: tor accounting bytes
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index aff38ca0e..fbe4ba166 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -485,16 +485,12 @@ WARNING: translation string unused: released
 WARNING: translation string unused: removable device advice
 WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
 WARNING: translation string unused: restore hardware settings
 WARNING: translation string unused: root
 WARNING: translation string unused: root path
 WARNING: translation string unused: root user password
 WARNING: translation string unused: route subnet is invalid
 WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
 WARNING: translation string unused: rules already up to date
 WARNING: translation string unused: safe removal of umounted device
 WARNING: translation string unused: save error
@@ -524,7 +520,6 @@ WARNING: translation string unused: source ip in use
 WARNING: translation string unused: source ip or net
 WARNING: translation string unused: source net
 WARNING: translation string unused: source network
-WARNING: translation string unused: source port in use
 WARNING: translation string unused: source port overlaps
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
@@ -662,7 +657,7 @@ WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
 WARNING: untranslated string: dh parameter
 WARNING: untranslated string: dns servers
-WARNING: untranslated string: download dh parameter
+WARNING: untranslated string: download tls-auth key
 WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: fwhost err hostip
@@ -699,7 +694,9 @@ WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: show dh
+WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: software version
 WARNING: untranslated string: source ip country
+WARNING: untranslated string: ta key
 WARNING: untranslated string: upload dh key
 WARNING: untranslated string: vendor
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 6bbdc18e1..a87250311 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -420,16 +420,12 @@ WARNING: translation string unused: released
 WARNING: translation string unused: removable device advice
 WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
 WARNING: translation string unused: restore hardware settings
 WARNING: translation string unused: root
 WARNING: translation string unused: root path
 WARNING: translation string unused: root user password
 WARNING: translation string unused: route subnet is invalid
 WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
 WARNING: translation string unused: rules already up to date
 WARNING: translation string unused: safe removal of umounted device
 WARNING: translation string unused: save error
@@ -459,7 +455,6 @@ WARNING: translation string unused: source ip in use
 WARNING: translation string unused: source ip or net
 WARNING: translation string unused: source net
 WARNING: translation string unused: source network
-WARNING: translation string unused: source port in use
 WARNING: translation string unused: source port overlaps
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
@@ -655,7 +650,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
-WARNING: untranslated string: download dh parameter
+WARNING: untranslated string: download tls-auth key
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -920,6 +915,7 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
+WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: software version
 WARNING: untranslated string: source ip country
@@ -929,6 +925,7 @@ WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
 WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: system information
+WARNING: untranslated string: ta key
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
 WARNING: untranslated string: tor accounting bytes
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index e553af7d1..6104715ee 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -425,16 +425,12 @@ WARNING: translation string unused: released
 WARNING: translation string unused: removable device advice
 WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
 WARNING: translation string unused: restore hardware settings
 WARNING: translation string unused: root
 WARNING: translation string unused: root path
 WARNING: translation string unused: root user password
 WARNING: translation string unused: route subnet is invalid
 WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
 WARNING: translation string unused: rules already up to date
 WARNING: translation string unused: safe removal of umounted device
 WARNING: translation string unused: save error
@@ -464,7 +460,6 @@ WARNING: translation string unused: source ip in use
 WARNING: translation string unused: source ip or net
 WARNING: translation string unused: source net
 WARNING: translation string unused: source network
-WARNING: translation string unused: source port in use
 WARNING: translation string unused: source port overlaps
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
@@ -660,7 +655,7 @@ WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
-WARNING: untranslated string: download dh parameter
+WARNING: untranslated string: download tls-auth key
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -910,6 +905,7 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
+WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: software version
 WARNING: untranslated string: source ip country
@@ -918,6 +914,7 @@ WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
 WARNING: untranslated string: system has rdrand
+WARNING: untranslated string: ta key
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
 WARNING: untranslated string: tor accounting bytes
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 5d3dbc817..cb7347800 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -484,16 +484,12 @@ WARNING: translation string unused: released
 WARNING: translation string unused: removable device advice
 WARNING: translation string unused: reportfile
 WARNING: translation string unused: requested data
-WARNING: translation string unused: reserved dst port
-WARNING: translation string unused: reserved src port
 WARNING: translation string unused: restore hardware settings
 WARNING: translation string unused: root
 WARNING: translation string unused: root path
 WARNING: translation string unused: root user password
 WARNING: translation string unused: route subnet is invalid
 WARNING: translation string unused: router ip
-WARNING: translation string unused: rsvd dst port overlap
-WARNING: translation string unused: rsvd src port overlap
 WARNING: translation string unused: rules already up to date
 WARNING: translation string unused: safe removal of umounted device
 WARNING: translation string unused: save error
@@ -523,7 +519,6 @@ WARNING: translation string unused: source ip in use
 WARNING: translation string unused: source ip or net
 WARNING: translation string unused: source net
 WARNING: translation string unused: source network
-WARNING: translation string unused: source port in use
 WARNING: translation string unused: source port overlaps
 WARNING: translation string unused: squid extension methods
 WARNING: translation string unused: squid extension methods invalid
@@ -659,7 +654,7 @@ WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
 WARNING: untranslated string: dh parameter
-WARNING: untranslated string: download dh parameter
+WARNING: untranslated string: download tls-auth key
 WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: gen dh
@@ -694,7 +689,9 @@ WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: show dh
+WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: software version
 WARNING: untranslated string: source ip country
+WARNING: untranslated string: ta key
 WARNING: untranslated string: upload dh key
 WARNING: untranslated string: vendor
diff --git a/doc/language_missings b/doc/language_missings
index a20a8d77b..edbccbde2 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -96,6 +96,7 @@
 < dnsforward zone
 < dns servers
 < download dh parameter
+< download tls-auth key
 < dpd delay
 < dpd timeout
 < drop action
@@ -410,6 +411,7 @@
 < system has hwrng
 < system has rdrand
 < system information
+< ta key
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -616,6 +618,7 @@
 < dnsforward zone
 < dns servers
 < download dh parameter
+< download tls-auth key
 < dpd delay
 < dpd timeout
 < drop action
@@ -946,6 +949,7 @@
 < system has hwrng
 < system has rdrand
 < system information
+< ta key
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -1128,6 +1132,7 @@
 < dnsforward zone
 < dns servers
 < download dh parameter
+< download tls-auth key
 < dpd delay
 < dpd timeout
 < drop action
@@ -1434,6 +1439,7 @@
 < support donation
 < system has hwrng
 < system has rdrand
+< ta key
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -1619,6 +1625,7 @@
 < dnsforward zone
 < dns servers
 < download dh parameter
+< download tls-auth key
 < dpd delay
 < dpd timeout
 < drop action
@@ -1927,6 +1934,7 @@
 < support donation
 < system has hwrng
 < system has rdrand
+< ta key
 < tor
 < tor 0 = disabled
 < tor accounting
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index a88a7cc8a..33a2fd40d 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2054,6 +2054,7 @@
 'system log viewer' => 'Betrachter der System-Logdateien',
 'system logs' => 'System-Logdateien',
 'system status information' => 'System-Statusinformationen',
+'ta key' => 'TLS-Authentifizierungsschlüssel',
 'telephone not set' => 'Telefonnummer nicht angegeben.',
 'template' => 'Vorlage',
 'template warning' => 'Zur Einrichtung von QoS stehen Ihnen 2 Möglichkeiten zur Auswahl. Entweder Sie wählen speichern und erstellen Klassen und Regeln nach Ihren Wünschen, oder Sie wählen Vorlage, dann werden die Klassen und Regeln durch ein Template generiert.',
@@ -2079,7 +2080,6 @@
 'time server' => 'Zeitserver',
 'timeout must be a number' => 'Wartezeit muss eine Zahl sein.',
 'title' => 'Titel',
-'ta key' => 'TLS-Authentifizierungsschlüssel',
 'to' => 'Bis',
 'to email adr' => 'An Email Adresse',
 'to install an update' => 'Um ein Update zu installieren, laden Sie zuerst die folgende .tgz.gpg Datei hoch:',

From ab92dc0c84cc6c11f90e753439567d80bac23e2b Mon Sep 17 00:00:00 2001
From: Alexander Marx <alexander.marx@ipfire.org>
Date: Thu, 8 May 2014 14:08:04 +0200
Subject: [PATCH 10/29] General-functions.pl: rewrite IpInSubnet replace
 inet_ntoa

---
 config/cfgroot/general-functions.pl | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 271dc41da..a3f431100 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -760,12 +760,21 @@ sub validportrange # used to check a port range
 # Return: TRUE/FALSE
 sub IpInSubnet
 {
-    my $ip = unpack('N', &Socket::inet_aton(shift));
-    my $start = unpack('N', &Socket::inet_aton(shift));
-    my $mask  = unpack('N', &Socket::inet_aton(shift));
-       $start &= $mask;  # base of subnet...
-    my $end   = $start + ~$mask;
-    return (($ip >= $start) && ($ip <= $end));
+	my $addr = shift;
+	my $network = shift;
+	my $netmask = shift;
+
+	my $addr_num = &Socket::inet_pton(AF_INET,$addr);
+	my $network_num = &Socket::inet_pton(AF_INET,$network);
+	my $netmask_num = &Socket::inet_pton(AF_INET,$netmask);
+
+	# Find start address
+	my $network_start = $network_num & $netmask_num;
+
+	# Find end address
+	my $network_end = $network_start ^ ~$netmask_num;
+
+	return (($addr_num ge $network_start) && ($addr_num le $network_end));
 }
 
 #

From 1be398ae381d4d0cdbd50272bff4434121d36f65 Mon Sep 17 00:00:00 2001
From: Alexander Marx <alexander.marx@ipfire.org>
Date: Thu, 8 May 2014 14:31:31 +0200
Subject: [PATCH 11/29] General-functions.pl: rewrite getnetworkip without
 inet_aton

---
 config/cfgroot/general-functions.pl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index a3f431100..6fabf1c05 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -413,9 +413,9 @@ sub getnetworkip
 	#Gets:  IP, CIDR    (10.10.10.0-255, 24)
 	#Gives:  10.10.10.0
 	my ($ccdip,$ccdsubnet) = @_;
-	my $ip_address_binary = inet_aton( $ccdip );
-	my $netmask_binary    = ~pack("N", (2**(32-$ccdsubnet))-1);
-	my $network_address    = inet_ntoa( $ip_address_binary & $netmask_binary );
+	my $ip_address_binary = &Socket::inet_pton( AF_INET,$ccdip );
+	my $netmask_binary = &Socket::inet_pton(AF_INET,&iporsubtodec($ccdsubnet));
+	my $network_address    = &Socket::inet_ntop( AF_INET,$ip_address_binary & $netmask_binary );
 	return $network_address;
 }
 

From a57cfc41ad99bfb4ac9ff69a1a4b965fa9a9580d Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 19 Jun 2014 12:13:41 +0200
Subject: [PATCH 12/29] core80: Add general-functions.pl to updater.

---
 config/rootfiles/core/80/filelists/files | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files
index 82e437609..57448d703 100644
--- a/config/rootfiles/core/80/filelists/files
+++ b/config/rootfiles/core/80/filelists/files
@@ -1,3 +1,4 @@
 etc/system-release
 etc/issue
 usr/local/bin/setddns.pl
+var/ipfire/general-functions.pl

From f577f4bce75b19376d1d986d0197cf210c75b956 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 19 Jun 2014 14:20:13 +0200
Subject: [PATCH 13/29] libgpg-error: Update to version 1.13.

---
 config/rootfiles/common/libgpg-error   | 29 ++++++++++++++++++++++++++
 config/rootfiles/packages/libgpg-error | 25 ----------------------
 lfs/libgpg-error                       | 11 ++--------
 3 files changed, 31 insertions(+), 34 deletions(-)
 create mode 100644 config/rootfiles/common/libgpg-error
 delete mode 100644 config/rootfiles/packages/libgpg-error

diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error
new file mode 100644
index 000000000..dc4039897
--- /dev/null
+++ b/config/rootfiles/common/libgpg-error
@@ -0,0 +1,29 @@
+usr/bin/gpg-error
+#usr/bin/gpg-error-config
+#usr/include/gpg-error.h
+#usr/lib/libgpg-error.la
+#usr/lib/libgpg-error.so
+usr/lib/libgpg-error.so.0
+usr/lib/libgpg-error.so.0.11.0
+#usr/share/aclocal/gpg-error.m4
+#usr/share/common-lisp
+#usr/share/common-lisp/source
+#usr/share/common-lisp/source/gpg-error
+#usr/share/common-lisp/source/gpg-error/gpg-error-codes.lisp
+#usr/share/common-lisp/source/gpg-error/gpg-error-package.lisp
+#usr/share/common-lisp/source/gpg-error/gpg-error.asd
+#usr/share/common-lisp/source/gpg-error/gpg-error.lisp
+#usr/share/locale/cs/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/da/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/de/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/eo/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/fr/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/it/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/ja/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/nl/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/pl/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/ro/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/sv/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/uk/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/vi/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/zh_CN/LC_MESSAGES/libgpg-error.mo
diff --git a/config/rootfiles/packages/libgpg-error b/config/rootfiles/packages/libgpg-error
deleted file mode 100644
index dad751ce0..000000000
--- a/config/rootfiles/packages/libgpg-error
+++ /dev/null
@@ -1,25 +0,0 @@
-usr/bin/gpg-error
-usr/bin/gpg-error-config
-#usr/include/gpg-error.h
-#usr/lib/libgpg-error.la
-usr/lib/libgpg-error.so
-usr/lib/libgpg-error.so.0
-usr/lib/libgpg-error.so.0.8.0
-#usr/share/aclocal/gpg-error.m4
-usr/share/common-lisp
-usr/share/common-lisp/source
-usr/share/common-lisp/source/gpg-error
-usr/share/common-lisp/source/gpg-error/gpg-error-codes.lisp
-usr/share/common-lisp/source/gpg-error/gpg-error-package.lisp
-usr/share/common-lisp/source/gpg-error/gpg-error.asd
-usr/share/common-lisp/source/gpg-error/gpg-error.lisp
-#usr/share/locale/cs/LC_MESSAGES/libgpg-error.mo
-usr/share/locale/de/LC_MESSAGES/libgpg-error.mo
-usr/share/locale/fr/LC_MESSAGES/libgpg-error.mo
-#usr/share/locale/it/LC_MESSAGES/libgpg-error.mo
-#usr/share/locale/nl/LC_MESSAGES/libgpg-error.mo
-#usr/share/locale/pl/LC_MESSAGES/libgpg-error.mo
-#usr/share/locale/ro/LC_MESSAGES/libgpg-error.mo
-#usr/share/locale/sv/LC_MESSAGES/libgpg-error.mo
-#usr/share/locale/vi/LC_MESSAGES/libgpg-error.mo
-#usr/share/locale/zh_CN/LC_MESSAGES/libgpg-error.mo
diff --git a/lfs/libgpg-error b/lfs/libgpg-error
index 59108c155..7faf289bc 100644
--- a/lfs/libgpg-error
+++ b/lfs/libgpg-error
@@ -24,17 +24,13 @@
 
 include Config
 
-VER        = 1.10
+VER        = 1.13
 
 THISAPP    = libgpg-error-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
-PROG       = libgpg-error
-PAK_VER    = 1
-
-DEPS       = ""
 
 ###############################################################################
 # Top-level Rules
@@ -44,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 736a03daa9dc5873047d4eb4a9c22a16
+$(DL_FILE)_MD5 = fe0cfa7e15262ef8fdeee366109e9ff6
 
 install : $(TARGET)
 
@@ -54,9 +50,6 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
 
 md5 : $(subst %,%_MD5,$(objects))
 
-dist: 
-	@$(PAK)
-
 ###############################################################################
 # Downloading, checking, md5sum
 ###############################################################################

From 8e944ec640a39446d5569e2671ef1aadae633d9f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 19 Jun 2014 14:21:05 +0200
Subject: [PATCH 14/29] core80: Automatically uninstall libgpg-error.

This is not a package any more.
---
 config/rootfiles/core/80/update.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/config/rootfiles/core/80/update.sh b/config/rootfiles/core/80/update.sh
index f878cfe16..6878fb798 100644
--- a/config/rootfiles/core/80/update.sh
+++ b/config/rootfiles/core/80/update.sh
@@ -41,6 +41,11 @@ extract_files
 # Update Language cache
 #perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
 
+# Uninstall the libgpg-error package.
+rm -f \
+	/opt/pakfire/db/installed/meta-libgpg-error \
+	/opt/pakfire/db/rootfiles/libgpg-error
+
 sync
 
 # This update need a reboot...

From 88f2f61f43cbb1d9fbb8e432377f445cab7e1fd1 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 19 Jun 2014 14:23:14 +0200
Subject: [PATCH 15/29] Add new crypto library libgrypt

---
 config/rootfiles/common/libgcrypt             | 14 ++++
 config/rootfiles/core/80/filelists/libgcrypt  |  1 +
 .../rootfiles/core/80/filelists/libgpg-error  |  1 +
 lfs/libgcrypt                                 | 80 +++++++++++++++++++
 make.sh                                       |  5 +-
 5 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100644 config/rootfiles/common/libgcrypt
 create mode 120000 config/rootfiles/core/80/filelists/libgcrypt
 create mode 120000 config/rootfiles/core/80/filelists/libgpg-error
 create mode 100644 lfs/libgcrypt

diff --git a/config/rootfiles/common/libgcrypt b/config/rootfiles/common/libgcrypt
new file mode 100644
index 000000000..96e48e1f9
--- /dev/null
+++ b/config/rootfiles/common/libgcrypt
@@ -0,0 +1,14 @@
+#usr/bin/dumpsexp
+#usr/bin/hmac256
+#usr/bin/libgcrypt-config
+#usr/bin/mpicalc
+#usr/include/gcrypt.h
+#usr/lib/libgcrypt.la
+#usr/lib/libgcrypt.so
+usr/lib/libgcrypt.so.20
+usr/lib/libgcrypt.so.20.0.1
+#usr/share/aclocal/libgcrypt.m4
+#usr/share/info/gcrypt.info
+#usr/share/info/gcrypt.info-1
+#usr/share/info/gcrypt.info-2
+#usr/share/man/man1/hmac256.1
diff --git a/config/rootfiles/core/80/filelists/libgcrypt b/config/rootfiles/core/80/filelists/libgcrypt
new file mode 120000
index 000000000..2df12a20e
--- /dev/null
+++ b/config/rootfiles/core/80/filelists/libgcrypt
@@ -0,0 +1 @@
+../../../common/libgcrypt
\ No newline at end of file
diff --git a/config/rootfiles/core/80/filelists/libgpg-error b/config/rootfiles/core/80/filelists/libgpg-error
new file mode 120000
index 000000000..cad431339
--- /dev/null
+++ b/config/rootfiles/core/80/filelists/libgpg-error
@@ -0,0 +1 @@
+../../../common/libgpg-error
\ No newline at end of file
diff --git a/lfs/libgcrypt b/lfs/libgcrypt
new file mode 100644
index 000000000..76ee3d0af
--- /dev/null
+++ b/lfs/libgcrypt
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.6.1
+
+THISAPP    = libgcrypt-$(VER)
+DL_FILE    = $(THISAPP).tar.bz2
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = a5a5060dc2f80bcac700ab0236ea47dc
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && \
+		./configure \
+			--prefix=/usr \
+			--enable-noexecstack
+	cd $(DIR_APP) && make $(MAKETUNING)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 162128def..f756033c6 100755
--- a/make.sh
+++ b/make.sh
@@ -467,6 +467,9 @@ buildipfire() {
   ipfiremake pam
   ipfiremake openssl
   ipfiremake openssl-compat
+  ipfiremake libgpg-error
+  ipfiremake libgcrypt
+  ipfiremake libassuan
   ipfiremake curl
   ipfiremake tcl
   ipfiremake sqlite
@@ -769,8 +772,6 @@ buildipfire() {
   ipfiremake fping
   ipfiremake telnet
   ipfiremake xinetd
-  ipfiremake libgpg-error
-  ipfiremake libassuan
   ipfiremake gpgme
   ipfiremake pygpgme
   ipfiremake pakfire3

From e0af4231ac7d798b12c79582c6ff22e69102b0f2 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 19 Jun 2014 14:24:13 +0200
Subject: [PATCH 16/29] rng-tools: Update to version 5.

Supports using RDRAND on processors which don't have AES-NI.
---
 config/rootfiles/core/80/filelists/rng-tools | 1 +
 lfs/rng-tools                                | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)
 create mode 120000 config/rootfiles/core/80/filelists/rng-tools

diff --git a/config/rootfiles/core/80/filelists/rng-tools b/config/rootfiles/core/80/filelists/rng-tools
new file mode 120000
index 000000000..a7853e41b
--- /dev/null
+++ b/config/rootfiles/core/80/filelists/rng-tools
@@ -0,0 +1 @@
+../../../common/rng-tools
\ No newline at end of file
diff --git a/lfs/rng-tools b/lfs/rng-tools
index 8ca95cff8..c8ea08d8a 100644
--- a/lfs/rng-tools
+++ b/lfs/rng-tools
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4
+VER        = 5
 
 THISAPP    = rng-tools-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ae89dbfcf08bdfbea19066cfbf599127
+$(DL_FILE)_MD5 = 6726cdc6fae1f5122463f24ae980dd68
 
 install : $(TARGET)
 

From 567fadff6a099d8e2d59ee6ce1e1957cb5de8840 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 19 Jun 2014 14:39:21 +0200
Subject: [PATCH 17/29] strongswan: Update to 5.2.0dr6.

---
 config/rootfiles/common/strongswan            | 5 +++++
 config/rootfiles/core/80/filelists/strongswan | 1 +
 lfs/strongswan                                | 5 +++--
 3 files changed, 9 insertions(+), 2 deletions(-)
 create mode 120000 config/rootfiles/core/80/filelists/strongswan

diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index 6d7bb0de4..550fa69d9 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -30,6 +30,7 @@ etc/strongswan.d/charon/eap-tls.conf
 etc/strongswan.d/charon/eap-ttls.conf
 etc/strongswan.d/charon/farp.conf
 etc/strongswan.d/charon/fips-prf.conf
+etc/strongswan.d/charon/gcrypt.conf
 etc/strongswan.d/charon/gmp.conf
 etc/strongswan.d/charon/hmac.conf
 etc/strongswan.d/charon/kernel-netlink.conf
@@ -60,6 +61,7 @@ etc/strongswan.d/charon/xauth-eap.conf
 etc/strongswan.d/charon/xauth-generic.conf
 etc/strongswan.d/charon/xauth-noauth.conf
 etc/strongswan.d/charon/xcbc.conf
+etc/strongswan.d/pki.conf
 etc/strongswan.d/starter.conf
 etc/strongswan.d/tools.conf
 usr/bin/pki
@@ -106,6 +108,7 @@ usr/lib/ipsec/plugins/libstrongswan-eap-tls.so
 usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so
 usr/lib/ipsec/plugins/libstrongswan-farp.so
 usr/lib/ipsec/plugins/libstrongswan-fips-prf.so
+usr/lib/ipsec/plugins/libstrongswan-gcrypt.so
 usr/lib/ipsec/plugins/libstrongswan-gmp.so
 usr/lib/ipsec/plugins/libstrongswan-hmac.so
 usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so
@@ -186,6 +189,7 @@ usr/sbin/ipsec
 #usr/share/strongswan/templates/config/plugins/eap-ttls.conf
 #usr/share/strongswan/templates/config/plugins/farp.conf
 #usr/share/strongswan/templates/config/plugins/fips-prf.conf
+#usr/share/strongswan/templates/config/plugins/gcrypt.conf
 #usr/share/strongswan/templates/config/plugins/gmp.conf
 #usr/share/strongswan/templates/config/plugins/hmac.conf
 #usr/share/strongswan/templates/config/plugins/kernel-netlink.conf
@@ -220,5 +224,6 @@ usr/sbin/ipsec
 #usr/share/strongswan/templates/config/strongswan.d
 #usr/share/strongswan/templates/config/strongswan.d/charon-logging.conf
 #usr/share/strongswan/templates/config/strongswan.d/charon.conf
+#usr/share/strongswan/templates/config/strongswan.d/pki.conf
 #usr/share/strongswan/templates/config/strongswan.d/starter.conf
 #usr/share/strongswan/templates/config/strongswan.d/tools.conf
diff --git a/config/rootfiles/core/80/filelists/strongswan b/config/rootfiles/core/80/filelists/strongswan
new file mode 120000
index 000000000..90c727e26
--- /dev/null
+++ b/config/rootfiles/core/80/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/lfs/strongswan b/lfs/strongswan
index ba492106e..7448c8d2f 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.1.3
+VER        = 5.2.0dr6
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 1d1c108775242743cd8699215b2918c3
+$(DL_FILE)_MD5 = 6b9ac43a3934dcdf66ccbdfebc54081b
 
 install : $(TARGET)
 
@@ -88,6 +88,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--enable-dhcp \
 		--enable-farp \
 		--enable-openssl \
+		--enable-gcrypt \
 		--enable-xauth-eap \
 		--enable-xauth-noauth \
 		--enable-eap-radius \

From cdbf2bccc8439731dce978aae9172ed90ef54991 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 19 Jun 2014 14:40:56 +0200
Subject: [PATCH 18/29] gpgme: Remove libgpg-error from dependency list

This has become a part of the core system, now.
---
 lfs/gpgme | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/gpgme b/lfs/gpgme
index 12da4cb77..cdaf5a69e 100644
--- a/lfs/gpgme
+++ b/lfs/gpgme
@@ -32,9 +32,9 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = gpgme
-PAK_VER    = 1
+PAK_VER    = 2
 
-DEPS       = "libgpg-error libassuan"
+DEPS       = "libassuan"
 
 ###############################################################################
 # Top-level Rules

From 5dee01cfc8ee333c6e9ab31311a90a0cca06d28d Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 20 Jun 2014 13:46:06 +0200
Subject: [PATCH 19/29] collectd: Compile fix.

---
 lfs/collectd | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lfs/collectd b/lfs/collectd
index 3d2884198..d4ea661d5 100644
--- a/lfs/collectd
+++ b/lfs/collectd
@@ -36,6 +36,8 @@ PROG       = collectd
 
 DEPS       = ""
 
+CFLAGS    += -Wno-error=deprecated-declarations
+
 ###############################################################################
 # Top-level Rules
 ###############################################################################

From 3a9c7a1a33b6844964775e0e082615d355058551 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 20 Jun 2014 16:04:47 +0200
Subject: [PATCH 20/29] Rootfile update.

---
 config/rootfiles/common/libgpg-error | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error
index dc4039897..cbb7dec24 100644
--- a/config/rootfiles/common/libgpg-error
+++ b/config/rootfiles/common/libgpg-error
@@ -16,6 +16,8 @@ usr/lib/libgpg-error.so.0.11.0
 #usr/share/locale/cs/LC_MESSAGES/libgpg-error.mo
 #usr/share/locale/da/LC_MESSAGES/libgpg-error.mo
 #usr/share/locale/de/LC_MESSAGES/libgpg-error.mo
+#usr/share/locale/eo
+#usr/share/locale/eo/LC_MESSAGES
 #usr/share/locale/eo/LC_MESSAGES/libgpg-error.mo
 #usr/share/locale/fr/LC_MESSAGES/libgpg-error.mo
 #usr/share/locale/it/LC_MESSAGES/libgpg-error.mo

From 8279b2d7ffd4d6ebc054a6f763eed840b2c84ebf Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 21 Jun 2014 19:04:33 +0200
Subject: [PATCH 21/29] syslinux: add serial console output.

---
 config/syslinux/syslinux.cfg | 53 +++++++++++++++++++++++++++++++++---
 1 file changed, 49 insertions(+), 4 deletions(-)

diff --git a/config/syslinux/syslinux.cfg b/config/syslinux/syslinux.cfg
index 88320890c..3c7ae87d2 100644
--- a/config/syslinux/syslinux.cfg
+++ b/config/syslinux/syslinux.cfg
@@ -1,3 +1,4 @@
+SERIAL 0 115200
 
 UI vesamenu.c32
 PROMPT 0
@@ -25,8 +26,7 @@ MENU TITLE Welcome!
 LABEL installer
 	MENU LABEL Install IPFire VERSION
 	TEXT HELP
-Install the version of IPFire that is
-on this disk.
+Install the version of IPFire that is on this disk.
 	ENDTEXT
 	KERNEL vmlinuz
 	INITRD instroot
@@ -80,12 +80,57 @@ Diagnose memory problems with memtest86+.
 	LABEL hdt
 		MENU LABEL Hardware Detection Tool
 		TEXT HELP
-Check your hardware with the Hardware Detection
-Tool!
+Check your hardware with the Hardware Detection Tool!
 		ENDTEXT
 		KERNEL hdt.c32
 MENU END
 
+MENU BEGIN serial
+	MENU TITLE Serial console options
+
+	LABEL serial.back
+		MENU LABEL Back
+		MENU EXIT
+
+	MENU SEPARATOR
+
+	LABEL ipfire-serial
+		MENU LABEL Install IPFire (serial)
+		TEXT HELP
+Run the installer with serial console.
+		ENDTEXT
+		KERNEL vmlinuz
+		INITRD instroot
+		APPEND console=ttyS0,115200 novga
+
+	LABEL unattended-serial
+		MENU LABEL Unattended installation (serial)
+		TEXT HELP
+Run an unattended installation wit serial console.
+		ENDTEXT
+		KERNEL vmlinuz
+		INITRD instroot
+		APPEND console=ttyS0,115200 novga unattended
+
+	MENU SEPARATOR
+
+	LABEL memtest-serial
+		MENU LABEL memtest86+ (serial)
+		TEXT HELP
+Diagnose memory problems with memtest86+ with serial console.
+		ENDTEXT
+		KERNEL memtest
+		APPEND console=ttyS0,115200
+
+	LABEL hdt-serial
+		MENU LABEL Hardware Detection Tool
+		TEXT HELP
+Check your hardware with the Hardware Detection Tool!
+		ENDTEXT
+		KERNEL hdt.c32
+
+MENU END
+
 MENU SEPARATOR
 
 LABEL netboot

From eebc5a89ebe2815075f7bacb1be1cfc8816e5284 Mon Sep 17 00:00:00 2001
From: Ersan Yildirim <ersan73@gmail.com>
Date: Sun, 22 Jun 2014 17:19:50 +0200
Subject: [PATCH 22/29] Update Turkish translation.

---
 doc/language_issues.tr |  4 ++++
 langs/tr/cgi-bin/tr.pl | 30 +++++++++++++++++-------------
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index cb7347800..954ff6a55 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -622,6 +622,10 @@ WARNING: translation string unused: urlfilter update information
 WARNING: translation string unused: urlfilter update notification
 WARNING: translation string unused: urlfilter update results
 WARNING: translation string unused: urlfilter upload background
+WARNING: translation string unused: usb modem on acm0
+WARNING: translation string unused: usb modem on acm1
+WARNING: translation string unused: usb modem on acm2
+WARNING: translation string unused: usb modem on acm3
 WARNING: translation string unused: use
 WARNING: translation string unused: use dov
 WARNING: translation string unused: use ibod
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index 619f3f249..459a80ceb 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -143,7 +143,7 @@
 'advproxy MIME block types' => ' Bu MIME türlerini engelle (her satırda bir tane)',
 'advproxy MIME filter' => 'MIME türü filtre',
 'advproxy NCSA auth' => 'Yerel kullanıcı kimlik doğrulaması',
-'advproxy NCSA create user' => 'Kullanıcı oluştur',
+'advproxy NCSA create user' => 'Kullanıcı Oluştur',
 'advproxy NCSA group' => 'Grup',
 'advproxy NCSA group membership' => 'Grup üyeliği',
 'advproxy NCSA grp disabled' => 'Pasif',
@@ -156,7 +156,7 @@
 'advproxy NCSA redirector bypass' => 'Grubun üyeleri için yönlendirmeyi atla',
 'advproxy NCSA update user' => 'Kullanıcıyı güncelle',
 'advproxy NCSA user accounts' => 'Kullanıcı hesabı',
-'advproxy NCSA user management' => 'Kullanıcı yönetimi',
+'advproxy NCSA user management' => 'Kullanıcı Yönetimi',
 'advproxy NCSA username' => 'Kullanıcı adı',
 'advproxy NTLM BDC hostname' => 'BDC ana bilgisayar adı',
 'advproxy NTLM PDC hostname' => 'PDC ana bilgisayar adı',
@@ -188,7 +188,7 @@
 'advproxy advanced web proxy configuration' => 'Gelişmiş web vekil sunucu ayarları',
 'advproxy allowed subnets' => 'İzin verilen alt ağlar (her satırda bir tane)',
 'advproxy allowed web browsers' => 'Web erişimi için izin verilen istemciler',
-'advproxy back to main page' => 'Ana sayfaya geri dön',
+'advproxy back to main page' => 'Ana Sayfaya Geri Dön',
 'advproxy banned ip clients' => 'Yasaklanan IP adresleri (her satırda bir tane)',
 'advproxy banned mac clients' => 'Yasaklanan MAC adresleri (her satırda bir tane)',
 'advproxy cache management' => 'Önbellek yönetimi',
@@ -619,7 +619,7 @@
 'current aliases' => 'Geçerli takma adlar:',
 'current class' => 'Geçerli sınıflar',
 'current devices' => 'Geçerli aygıtlar',
-'current dhcp leases on blue' => 'Mavi üzerindeki geçerli DHCP atamaları',
+'current dhcp leases on blue' => 'Mavi üzerindeki geçerli dhcp atamaları',
 'current dynamic leases' => 'Geçerli dinamik atamalar',
 'current fixed leases' => 'Geçerli sabit atamalar',
 'current hosts' => 'Mevcut ana bilgisayarlar:',
@@ -681,7 +681,7 @@
 'detail level' => 'Detay seviyesi',
 'details' => 'Detaylar',
 'device' => 'Aygıt',
-'devices on blue' => 'MAVİ üzerindeki aygıt',
+'devices on blue' => 'Mavi üzerindeki aygıtlar',
 'dhcp advopt add' => 'DHCP seçeneği ekle',
 'dhcp advopt added' => 'DHCP seçeneği eklendi',
 'dhcp advopt blank value' => 'DHCP seçeneği değeri boş olamaz.',
@@ -751,8 +751,8 @@
 'dns header' => 'Red0 üzerindeki DHCP için sadece DNS sunucu adreslerini ata',
 'dns list' => 'Halka açık ücretsiz DNS sunucularının listesi',
 'dns menu' => 'DNS Sunucusu',
-'dns new 0' => 'Yeni <strong>birincil</strong> DNS sunucu IP\'si:',
-'dns new 1' => 'Yeni <strong>ikincil</strong> DNS sunucu IP\'si:',
+'dns new 0' => 'Yeni <strong>birincil</strong> DNS sunucu IP adresi:',
+'dns new 1' => 'Yeni <strong>ikincil</strong> DNS sunucu IP adresi:',
 'dns proxy server' => 'DNS Vekil Sunucusu',
 'dns saved' => 'Başarıyla kaydedildi!',
 'dns saved txt' => 'Girilen iki DNS sunucu adresi başarılı bir şekilde kaydedildi.<br />Değişikliklerin aktifleştirielebilmesi için yeniden başlatın!',
@@ -1524,7 +1524,7 @@
 'name must only contain characters' => 'Ad sadece karakter içermelidir.',
 'name too long' => 'Kullanıcının tam adı veya sistem ana bilgisayar adı çok uzun',
 'nat-traversal' => 'Nat Geçişi:',
-'needreboot' => 'Bir güncelleştirmeden sonra yeniden başlatmak gerekir',
+'needreboot' => 'Bu güncelleştirmeden sonra yeniden başlatmak gerekir',
 'net' => 'Ağ',
 'net address' => 'ağ adresi',
 'net config' => 'Ağ yapılandırma',
@@ -1639,7 +1639,7 @@
 'out' => 'Dışarı',
 'outgoing' => 'giden',
 'outgoing firewall' => 'Giden güvenlik duvarı',
-'outgoing firewall access' => 'giden güvenlik duvarı bağlantısı',
+'outgoing firewall access' => 'Giden güvenlik duvarı bağlantısı',
 'outgoing firewall add ip group' => 'IP Adres Grubu Ekle',
 'outgoing firewall add mac group' => 'MAC Adres Grubu Ekle',
 'outgoing firewall edit ip group' => 'IP Adres Grubunu Düzenle',
@@ -1896,7 +1896,7 @@
 'secondary wins server address' => 'İkincil WINS sunucu adresi',
 'seconds' => 'Saniye',
 'section' => 'Bölüm',
-'secure shell server' => 'Güvenli Kabuk Sunucusu',
+'secure shell server' => 'Güvenli Kabuk Sunucusu (SSH)',
 'security' => 'Güvenlik',
 'security options' => 'Güvenlik seçenekleri',
 'select' => 'Seç',
@@ -2238,9 +2238,9 @@
 'updxlrtr not enabled' => 'Güncelleme hızlandırıcı web vekil sunucusu sayfasında aktif değil',
 'updxlrtr other' => 'Diğer',
 'updxlrtr passive mode' => 'Pasif yöntemini aktifleştir',
-'updxlrtr pending downloads' => 'Beklemedekileri indir',
+'updxlrtr pending downloads' => 'Beklemedekileri indirilenler',
 'updxlrtr performance options' => 'Performans seçenekleri',
-'updxlrtr progress' => 'Geliştirme',
+'updxlrtr progress' => 'İşlem durumu',
 'updxlrtr purge' => 'Temizlik',
 'updxlrtr remove file' => 'Önbelleği kaldır',
 'updxlrtr save and restart' => 'Kaydet ve Yeniden Başlat',
@@ -2264,7 +2264,7 @@
 'updxlrtr week' => 'Bir hafta',
 'updxlrtr weekly' => 'haftalık',
 'updxlrtr year' => 'Bir yıl',
-'upgrade' => 'yükselt',
+'upgrade' => 'Yükselt',
 'uplink' => 'Yükleme bağlantısı',
 'uplink speed' => 'Yükleme hızı (kbit/san)',
 'uplink std class' => 'Standart yükleme hızı sınıf',
@@ -2484,6 +2484,10 @@
 'urlfilter weekly' => 'Haftalık',
 'urlfilter whitelist always allowed' => 'Yasaklı istemciler için özel beyaz liste izini',
 'urlfilter wrong filetype' => 'Uzantısı .tar.gz olan dosya yok',
+'usb modem on acm0' => 'ACM0 üzerindeki USB Modem',
+'usb modem on acm1' => 'ACM1 üzerindeki USB Modem',
+'usb modem on acm2' => 'ACM2 üzerindeki USB Modem',
+'usb modem on acm3' => 'ACM3 üzerindeki USB Modem',
 'use' => 'Kullan',
 'use a pre-shared key' => 'Ön paylaşımlı anahtar kullan:',
 'use dov' => 'Ses üzerinden veri kullan (DOV):',

From 01183cccc3e6f79fc554f1c275be6cb227ee0485 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 22 Jun 2014 17:20:50 +0200
Subject: [PATCH 23/29] core80: Add language files.

---
 config/rootfiles/core/80/filelists/files | 1 +
 config/rootfiles/core/80/update.sh       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files
index 57448d703..d5eb6c9e8 100644
--- a/config/rootfiles/core/80/filelists/files
+++ b/config/rootfiles/core/80/filelists/files
@@ -2,3 +2,4 @@ etc/system-release
 etc/issue
 usr/local/bin/setddns.pl
 var/ipfire/general-functions.pl
+var/ipfire/langs
diff --git a/config/rootfiles/core/80/update.sh b/config/rootfiles/core/80/update.sh
index 6878fb798..67f8c3ace 100644
--- a/config/rootfiles/core/80/update.sh
+++ b/config/rootfiles/core/80/update.sh
@@ -39,7 +39,7 @@ extract_files
 # Start services
 
 # Update Language cache
-#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
 
 # Uninstall the libgpg-error package.
 rm -f \

From f2a7c1f578591257495e2c859a344e8cac397ee8 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 23 Jun 2014 22:50:01 +0200
Subject: [PATCH 24/29] pppd: pppd 2.4.6 has changed behaviour and waited for
 hours.

---
 src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
index b09a9b52d..5127c1f10 100644
--- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
+++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
@@ -7,7 +7,7 @@ index 9ab2eee..86762bd 100644
  
  /* How many PADI/PADS attempts? */
 -#define MAX_PADI_ATTEMPTS 3
-+#define MAX_PADI_ATTEMPTS 12
++#define MAX_PADI_ATTEMPTS 4
  
  /* Initial timeout for PADO/PADS */
  #define PADI_TIMEOUT 5

From 4eff454e2f886df6b6dc6f8dad26dfc0900e925c Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon, 23 Jun 2014 23:01:38 +0200
Subject: [PATCH 25/29] kernel: disable intel p-state.

Our userspace tools doesn't support this.
---
 config/kernel/kernel.config.i586-ipfire     | 2 +-
 config/kernel/kernel.config.i586-ipfire-pae | 2 +-
 lfs/linux                                   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire
index ea1faff91..329d96d5f 100644
--- a/config/kernel/kernel.config.i586-ipfire
+++ b/config/kernel/kernel.config.i586-ipfire
@@ -581,7 +581,7 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m
 #
 # x86 CPU frequency scaling drivers
 #
-CONFIG_X86_INTEL_PSTATE=y
+# CONFIG_X86_INTEL_PSTATE is not set
 CONFIG_X86_PCC_CPUFREQ=m
 CONFIG_X86_ACPI_CPUFREQ=m
 # CONFIG_X86_ACPI_CPUFREQ_CPB is not set
diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae
index 9ade8729f..b6b4adde4 100644
--- a/config/kernel/kernel.config.i586-ipfire-pae
+++ b/config/kernel/kernel.config.i586-ipfire-pae
@@ -593,7 +593,7 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m
 #
 # x86 CPU frequency scaling drivers
 #
-CONFIG_X86_INTEL_PSTATE=y
+# CONFIG_X86_INTEL_PSTATE
 CONFIG_X86_PCC_CPUFREQ=m
 CONFIG_X86_ACPI_CPUFREQ=m
 # CONFIG_X86_ACPI_CPUFREQ_CPB is not set
diff --git a/lfs/linux b/lfs/linux
index 72166c4b2..6beb75c57 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -36,7 +36,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 CFLAGS     =
 CXXFLAGS   =
 
-PAK_VER    = 50
+PAK_VER    = 51
 DEPS	   = ""
 
 VERSUFIX=ipfire$(KCFG)

From 4c1e9ae0d9cff0191d5a7081d550695a9928b5f9 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon, 23 Jun 2014 23:04:27 +0200
Subject: [PATCH 26/29] samba: security update to 3.6.24.

This is a security releases in order to address
CVE-2014-0244 (Denial of service - CPU loop) and
CVE-2014-3493 (Denial of service - Server crash/memory corruption).
---
 lfs/samba | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/samba b/lfs/samba
index 4f5375c07..e2a5bdf3a 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 57
+PAK_VER    = 58
 
 DEPS       = "cups"
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 2f7aee1dc5d31aefcb364600915b31dc
+$(DL_FILE)_MD5 = d98425c0c2b73e08f048d31ffc727fb0
 
 install : $(TARGET)
 

From ec6b2ccbc0bdbc50d24cfa879ffd89ea9f81e0f4 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 21 Jun 2014 19:04:33 +0200
Subject: [PATCH 27/29] syslinux: add serial console output.

---
 config/syslinux/syslinux.cfg | 53 +++++++++++++++++++++++++++++++++---
 1 file changed, 49 insertions(+), 4 deletions(-)

diff --git a/config/syslinux/syslinux.cfg b/config/syslinux/syslinux.cfg
index 88320890c..3c7ae87d2 100644
--- a/config/syslinux/syslinux.cfg
+++ b/config/syslinux/syslinux.cfg
@@ -1,3 +1,4 @@
+SERIAL 0 115200
 
 UI vesamenu.c32
 PROMPT 0
@@ -25,8 +26,7 @@ MENU TITLE Welcome!
 LABEL installer
 	MENU LABEL Install IPFire VERSION
 	TEXT HELP
-Install the version of IPFire that is
-on this disk.
+Install the version of IPFire that is on this disk.
 	ENDTEXT
 	KERNEL vmlinuz
 	INITRD instroot
@@ -80,12 +80,57 @@ Diagnose memory problems with memtest86+.
 	LABEL hdt
 		MENU LABEL Hardware Detection Tool
 		TEXT HELP
-Check your hardware with the Hardware Detection
-Tool!
+Check your hardware with the Hardware Detection Tool!
 		ENDTEXT
 		KERNEL hdt.c32
 MENU END
 
+MENU BEGIN serial
+	MENU TITLE Serial console options
+
+	LABEL serial.back
+		MENU LABEL Back
+		MENU EXIT
+
+	MENU SEPARATOR
+
+	LABEL ipfire-serial
+		MENU LABEL Install IPFire (serial)
+		TEXT HELP
+Run the installer with serial console.
+		ENDTEXT
+		KERNEL vmlinuz
+		INITRD instroot
+		APPEND console=ttyS0,115200 novga
+
+	LABEL unattended-serial
+		MENU LABEL Unattended installation (serial)
+		TEXT HELP
+Run an unattended installation wit serial console.
+		ENDTEXT
+		KERNEL vmlinuz
+		INITRD instroot
+		APPEND console=ttyS0,115200 novga unattended
+
+	MENU SEPARATOR
+
+	LABEL memtest-serial
+		MENU LABEL memtest86+ (serial)
+		TEXT HELP
+Diagnose memory problems with memtest86+ with serial console.
+		ENDTEXT
+		KERNEL memtest
+		APPEND console=ttyS0,115200
+
+	LABEL hdt-serial
+		MENU LABEL Hardware Detection Tool
+		TEXT HELP
+Check your hardware with the Hardware Detection Tool!
+		ENDTEXT
+		KERNEL hdt.c32
+
+MENU END
+
 MENU SEPARATOR
 
 LABEL netboot

From f285bf4481eef58db7a2bd8f77f62c71fd26f310 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue, 24 Jun 2014 01:17:05 +0200
Subject: [PATCH 28/29] kernel: fix typo in cfg.

---
 config/kernel/kernel.config.i586-ipfire-pae | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae
index b6b4adde4..f395f3116 100644
--- a/config/kernel/kernel.config.i586-ipfire-pae
+++ b/config/kernel/kernel.config.i586-ipfire-pae
@@ -593,7 +593,7 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m
 #
 # x86 CPU frequency scaling drivers
 #
-# CONFIG_X86_INTEL_PSTATE
+# CONFIG_X86_INTEL_PSTATE is not set
 CONFIG_X86_PCC_CPUFREQ=m
 CONFIG_X86_ACPI_CPUFREQ=m
 # CONFIG_X86_ACPI_CPUFREQ_CPB is not set

From ef7686badbfa5018ca183bc6d8af000014a18a38 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue, 24 Jun 2014 06:48:41 +0200
Subject: [PATCH 29/29] samba: fix version.

---
 lfs/samba | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lfs/samba b/lfs/samba
index e2a5bdf3a..603f215b3 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.6.23
+VER        = 3.6.24
 
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz