[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 5cd3a05bf0653726834489c87b80064584e6073b

14 Dec 2013

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
       via  5cd3a05bf0653726834489c87b80064584e6073b (commit)
       via  6c859e038223d4c6ec8535b7b7e635d9ef7fac1f (commit)
       via  325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29 (commit)
       via  a1365ee37ccffa2be499d483ff1356d9f71013de (commit)
       via  cfb00625b8224e929ecc4a2610bbe153f7ead475 (commit)
       via  dfb1bfaf7b88a914ae2a384a0f30bdafaebc9125 (commit)
       via  9fa18495864b421b508201870abe93acc5a35b7c (commit)
       via  afa75939328ba211a8905da1749711d2189c70bf (commit)
       via  3868dc2a0cec3dc14cf9f78145ec25a468d4ebd3 (commit)
       via  a408e02da29d32d72a570112caec8544f0474f51 (commit)
       via  6003c4bbdb46094dcbcf63939395fe3bda82da70 (commit)
       via  4ea955c544fa5ff4939449bc163426fc36e1482f (commit)
       via  9f9e43dcdd2517cdd56810a243270e3697844569 (commit)
       via  bdbfbac6b473908dcf93cf96bce8dc762c87d3fc (commit)
       via  57c8392d1c42e8794ac193a88923d0823103861d (commit)
       via  c0a4b928399ca37112dda7de1e55ae93642889dc (commit)
       via  ec4a4fafb28f4eaadf122e03754c9d601ec7f881 (commit)
       via  b1c17c7a95e0a108a9ddcf022ec34f30dec1689b (commit)
       via  fce512dce39a56dc1e099b1c73544f87beedcacf (commit)
       via  532b997c65fba44c2c5778fd7622fafe513cc245 (commit)
       via  78c2b230d42ba20858d7f4ce115a0c7669aca8e1 (commit)
       via  4f160f04cb819cafd9b4ddc53ccb24d48668aa92 (commit)
       via  0fffd0e763573f0e4be37653e5e4b8da9eec9531 (commit)
       via  1e6ce289bd8520b07897fa0f70253c8e56acc188 (commit)
       via  8cb142e76d95f24c396c8b4cd5ac80ea97aee675 (commit)
       via  e2fedc9a47aa92b1572f26aeca78da2f922400c7 (commit)
       via  1a386bb9d8765a04651f54348d0d1e01d9950235 (commit)
       via  c648458609b87478266e691429131ed2c8d70f9a (commit)
       via  34daf4dbf8e4e5e4fb901f8dcece703480a1ac1f (commit)
       via  ec985733a532fb257e75fd75a10746fe9c8cfb80 (commit)
       via  6fb9681c24360c0c531e18215673e2ba83c53879 (commit)
       via  78e35c82dc1273e4503aa336372f0c104f0bb737 (commit)
       via  77117e740ccd09436449234be77b7a95d720043e (commit)
       via  2d490a7304b6a5a84822e5093c36a8985994d1c8 (commit)
       via  f974c1d4bcfc0fa95a6c9982f7fc7800158062ed (commit)
       via  21b21d95a2c91ce235fe5705b0e5d2fbe6c396fe (commit)
       via  abb6ed9179489ab3ab5ba30662bd7b6ed9483f53 (commit)
       via  6a1cdd5fda6b0f17033762c2507fc542a4b89bfd (commit)
      from  af2dcb40f62adcdcb1cbb8303d1f67ff74df6981 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5cd3a05bf0653726834489c87b80064584e6073b
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Sat Dec 14 22:01:16 2013 +0100
finalize core 74.
commit 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 12 21:20:56 2013 +0100
core74: Add httpscert script.
commit 325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 12 21:18:56 2013 +0100
httpscert: Increase size of the RSA key to 4096.
RSA keys with length of 1024 bits are considered weak.
commit a1365ee37ccffa2be499d483ff1356d9f71013de
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 12 21:17:53 2013 +0100
httpscert: Use regular random source.
Previous to this patch, the kernel image file and internal
    configuration settings have been used as a source for random
    data, which is not random at all.
commit cfb00625b8224e929ecc4a2610bbe153f7ead475
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 12 21:15:24 2013 +0100
strongswan: Disable rdrand plugin.
Disabled because of security concerns.
commit dfb1bfaf7b88a914ae2a384a0f30bdafaebc9125
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Wed Dec 11 21:59:22 2013 +0100
Always create squid.conf.
In some cases, /var/ipfire/proxy/squid.conf does not belong to
    nobody:nobody, so we do this explicitely.
-----------------------------------------------------------------------
Summary of changes:
 config/rootfiles/common/apache2                    |   1 +
 config/rootfiles/common/configroot                 |   1 +
 config/rootfiles/common/openvpn                    |  17 ++-
 config/rootfiles/common/strongswan                 |  14 +-
 config/rootfiles/core/{70 => 74}/exclude           |   0
 config/rootfiles/core/74/filelists/files           |   7 +
 .../{72 => 74}/filelists/i586/strongswan-padlock   |   0
 .../{oldcore/53 => core/74}/filelists/openvpn      |   0
 config/rootfiles/core/{71 => 74}/filelists/squid   |   0
 .../rootfiles/core/{72 => 74}/filelists/strongswan |   0
 config/rootfiles/core/{70 => 74}/meta              |   0
 config/rootfiles/core/{73 => 74}/update.sh         |  23 ++--
 config/rootfiles/packages/check_mk_agent           |   1 +
 doc/language_issues.tr                             |  89 +------------
 html/cgi-bin/proxy.cgi                             |   2 +-
 langs/tr/cgi-bin/tr.pl                             | 101 +++++++++++++-
 lfs/check_mk_agent                                 |   6 +-
 lfs/configroot                                     |   2 +-
 lfs/nagios                                         |   2 +-
 lfs/openvpn                                        |  18 +--
 lfs/squid                                          |  11 +-
 lfs/strongswan                                     |  16 ++-
 lfs/tor                                            |   6 +-
 make.sh                                            |   4 +-
 src/paks/check_mk_agent/install.sh                 |  10 ++
 src/paks/check_mk_agent/uninstall.sh               |   8 ++
 src/patches/squid-3.1-10486.patch                  |  54 --------
 src/patches/squid-3.1-10487.patch                  |  73 ----------
 .../squid-3.3.10-optional-ssl-options.patch        | 148 ---------------------
 src/patches/strongswan-5.1.1-delay-dpd.patch       |  35 +++++
 src/scripts/httpscert                              |   9 +-
 31 files changed, 239 insertions(+), 419 deletions(-)
 copy config/rootfiles/core/{70 => 74}/exclude (100%)
 create mode 100644 config/rootfiles/core/74/filelists/files
 copy config/rootfiles/core/{72 => 74}/filelists/i586/strongswan-padlock (100%)
 copy config/rootfiles/{oldcore/53 => core/74}/filelists/openvpn (100%)
 copy config/rootfiles/core/{71 => 74}/filelists/squid (100%)
 copy config/rootfiles/core/{72 => 74}/filelists/strongswan (100%)
 copy config/rootfiles/core/{70 => 74}/meta (100%)
 copy config/rootfiles/core/{73 => 74}/update.sh (85%)
 delete mode 100644 src/patches/squid-3.1-10486.patch
 delete mode 100644 src/patches/squid-3.1-10487.patch
 delete mode 100644 src/patches/squid-3.3.10-optional-ssl-options.patch
 create mode 100644 src/patches/strongswan-5.1.1-delay-dpd.patch
Difference in files:

diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2
index 9be3581..c18b5ed 100644
--- a/config/rootfiles/common/apache2
+++ b/config/rootfiles/common/apache2
@@ -1388,6 +1388,7 @@ srv/web/ipfire/cgi-bin/connscheduler.cgi
 srv/web/ipfire/cgi-bin/country.cgi
 srv/web/ipfire/cgi-bin/credits.cgi
 srv/web/ipfire/cgi-bin/dns.cgi
+srv/web/ipfire/cgi-bin/dnsforward.cgi
 srv/web/ipfire/cgi-bin/ddns.cgi
 srv/web/ipfire/cgi-bin/dhcp.cgi
 srv/web/ipfire/cgi-bin/dmzholes.cgi
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index 8965ff7..5a169d8 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -144,6 +144,7 @@ var/ipfire/proxy
 #var/ipfire/proxy/calamaris
 #var/ipfire/proxy/calamaris/bin
 #var/ipfire/proxy/settings
+#var/ipfire/proxy/squid.conf
 var/ipfire/qos
 #var/ipfire/qos/bin
 #var/ipfire/qos/bin/RRD-func.pl
diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index 6be9a10..ae6d6ee 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -1,8 +1,19 @@
-usr/lib/openvpn
-usr/lib/openvpn/openvpn-auth-pam.so
-usr/lib/openvpn/openvpn-down-root.so
+#usr/include/openvpn-plugin.h
+#usr/lib/openvpn
+#usr/lib/openvpn/plugins
+#usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.la
+usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
+#usr/lib/openvpn/plugins/openvpn-plugin-down-root.la
+usr/lib/openvpn/plugins/openvpn-plugin-down-root.so
 usr/sbin/openvpn
 #usr/share/doc/openvpn
+#usr/share/doc/openvpn/COPYING
+#usr/share/doc/openvpn/COPYRIGHT.GPL
+#usr/share/doc/openvpn/README
+#usr/share/doc/openvpn/README.IPv6
+#usr/share/doc/openvpn/README.auth-pam
+#usr/share/doc/openvpn/README.down-root
+#usr/share/doc/openvpn/README.polarssl
 #usr/share/doc/openvpn/management-notes.txt
 #usr/share/man/man8/openvpn.8
 var/ipfire/ovpn
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index 5d61ec1..732e327 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -10,6 +10,7 @@ etc/ipsec.d/private
 etc/ipsec.d/reqs
 etc/ipsec.secrets
 etc/strongswan.conf
+usr/bin/pki
 #usr/lib/ipsec
 #usr/lib/ipsec/libcharon.a
 #usr/lib/ipsec/libcharon.la
@@ -74,6 +75,7 @@ usr/lib/ipsec/plugins/libstrongswan-sha2.so
 usr/lib/ipsec/plugins/libstrongswan-socket-default.so
 usr/lib/ipsec/plugins/libstrongswan-sshkey.so
 usr/lib/ipsec/plugins/libstrongswan-stroke.so
+usr/lib/ipsec/plugins/libstrongswan-unity.so
 usr/lib/ipsec/plugins/libstrongswan-updown.so
 usr/lib/ipsec/plugins/libstrongswan-x509.so
 usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
@@ -85,11 +87,21 @@ usr/libexec/ipsec/_updown
 usr/libexec/ipsec/_updown_espmark
 usr/libexec/ipsec/charon
 usr/libexec/ipsec/openac
-usr/libexec/ipsec/pki
 usr/libexec/ipsec/scepclient
 usr/libexec/ipsec/starter
 usr/libexec/ipsec/stroke
 usr/sbin/ipsec
+#usr/share/man/man1/pki---gen.1
+#usr/share/man/man1/pki---issue.1
+#usr/share/man/man1/pki---keyid.1
+#usr/share/man/man1/pki---pkcs7.1
+#usr/share/man/man1/pki---print.1
+#usr/share/man/man1/pki---pub.1
+#usr/share/man/man1/pki---req.1
+#usr/share/man/man1/pki---self.1
+#usr/share/man/man1/pki---signcrl.1
+#usr/share/man/man1/pki---verify.1
+#usr/share/man/man1/pki.1
 #usr/share/man/man5/ipsec.conf.5
 #usr/share/man/man5/ipsec.secrets.5
 #usr/share/man/man5/strongswan.conf.5
diff --git a/config/rootfiles/core/74/exclude b/config/rootfiles/core/74/exclude
new file mode 100644
index 0000000..321a931
--- /dev/null
+++ b/config/rootfiles/core/74/exclude
@@ -0,0 +1,17 @@
+srv/web/ipfire/html/proxy.pac
+boot/config.txt
+etc/udev/rules.d/30-persistent-network.rules
+etc/collectd.custom
+etc/shadow
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+var/log/cache
+var/updatecache
+etc/localtime
+var/ipfire/ovpn
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+var/state/dhcp/dhcpd.leases
diff --git a/config/rootfiles/core/74/filelists/files b/config/rootfiles/core/74/filelists/files
new file mode 100644
index 0000000..52d0178
--- /dev/null
+++ b/config/rootfiles/core/74/filelists/files
@@ -0,0 +1,7 @@
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/dnsforward.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+usr/local/bin/httpscert
+var/ipfire/header.pl
+var/ipfire/langs
diff --git a/config/rootfiles/core/74/filelists/i586/strongswan-padlock b/config/rootfiles/core/74/filelists/i586/strongswan-padlock
new file mode 120000
index 0000000..2412824
--- /dev/null
+++ b/config/rootfiles/core/74/filelists/i586/strongswan-padlock
@@ -0,0 +1 @@
+../../../../common/i586/strongswan-padlock
\ No newline at end of file
diff --git a/config/rootfiles/core/74/filelists/openvpn b/config/rootfiles/core/74/filelists/openvpn
new file mode 120000
index 0000000..493f3f7
--- /dev/null
+++ b/config/rootfiles/core/74/filelists/openvpn
@@ -0,0 +1 @@
+../../../common/openvpn
\ No newline at end of file
diff --git a/config/rootfiles/core/74/filelists/squid b/config/rootfiles/core/74/filelists/squid
new file mode 120000
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/core/74/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/core/74/filelists/strongswan b/config/rootfiles/core/74/filelists/strongswan
new file mode 120000
index 0000000..90c727e
--- /dev/null
+++ b/config/rootfiles/core/74/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/config/rootfiles/core/74/meta b/config/rootfiles/core/74/meta
new file mode 100644
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/core/74/meta
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/core/74/update.sh b/config/rootfiles/core/74/update.sh
new file mode 100644
index 0000000..ca26b51
--- /dev/null
+++ b/config/rootfiles/core/74/update.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2013 IPFire-Team info@ipfire.org.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+#
+# Remove old core updates from pakfire cache to save space...
+core=74
+for (( i=1; i<=$core; i++ ))
+do
+	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+
+#
+#Stop services
+/etc/init.d/ipsec stop
+/etc/init.d/squid stop
+
+
+#
+#Extract files
+extract_files
+
+if [ -e "/var/ipfire/proxy/enable" ] || [ -e "/var/ipfire/proxy/enable_blue" ]; then
+	(
+		eval $(/usr/local/bin/readhash /var/ipfire/proxy/advanced/settings)
+
+		if [ "${TRANSPARENT_PORT}" = "81" ]; then
+			TRANSPARENT_PORT="$(( ${TRANSPARENT_PORT} + 1 ))"
+			sed -e "s/^TRANSPARENT_PORT=.*/TRANSPARENT_PORT=${TRANSPARENT_PORT}/" \
+				-i /var/ipfire/proxy/advanced/settings
+		fi
+	)
+fi
+
+# Regenerate squid configuration files.
+/srv/web/ipfire/cgi-bin/proxy.cgi
+chown nobody:nobody /var/ipfire/proxy/squid.conf
+
+#
+#Start services
+/etc/init.d/squid start
+
+if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
+	/etc/init.d/ipsec start
+fi
+
+#
+#Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+sync
+
+# This update need a reboot...
+#touch /var/run/need_reboot
+
+#
+#Finish
+/etc/init.d/fireinfo start
+sendprofile
+#Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/packages/check_mk_agent b/config/rootfiles/packages/check_mk_agent
index 073b483..1d68f74 100644
--- a/config/rootfiles/packages/check_mk_agent
+++ b/config/rootfiles/packages/check_mk_agent
@@ -1,2 +1,3 @@
 usr/bin/check_mk_agent
+etc/xinetd.d/check_mk_agent
 usr/bin/waitmax
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index d58bcc3..d1d655a 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -437,6 +437,12 @@ WARNING: translation string unused: to email adr
 WARNING: translation string unused: to install an update
 WARNING: translation string unused: to warn email bad
 WARNING: translation string unused: too long 80 char max
+WARNING: translation string unused: tor accounting period daily
+WARNING: translation string unused: tor accounting period monthly
+WARNING: translation string unused: tor accounting period weekly
+WARNING: translation string unused: tor bridge enabled
+WARNING: translation string unused: tor errmsg invalid node id
+WARNING: translation string unused: tor exit country
 WARNING: translation string unused: traffic back
 WARNING: translation string unused: traffic calc time
 WARNING: translation string unused: traffic calc time bad
@@ -512,13 +518,6 @@ WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: advproxy errmsg proxy ports equal
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: bytes
-WARNING: untranslated string: dnsforward
-WARNING: untranslated string: dnsforward add a new entry
-WARNING: untranslated string: dnsforward configuration
-WARNING: untranslated string: dnsforward edit an entry
-WARNING: untranslated string: dnsforward entries
-WARNING: untranslated string: dnsforward forward_server
-WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: least preferred
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: new
@@ -527,82 +526,6 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
-WARNING: untranslated string: tor
-WARNING: untranslated string: tor accounting
-WARNING: untranslated string: tor accounting bytes
-WARNING: untranslated string: tor accounting bytes left
-WARNING: untranslated string: tor accounting interval
-WARNING: untranslated string: tor accounting limit
-WARNING: untranslated string: tor accounting period
-WARNING: untranslated string: tor acls
-WARNING: untranslated string: tor allowed subnets
-WARNING: untranslated string: tor bandwidth burst
-WARNING: untranslated string: tor bandwidth rate
-WARNING: untranslated string: tor bandwidth settings
-WARNING: untranslated string: tor bandwidth unlimited
-WARNING: untranslated string: tor common settings
-WARNING: untranslated string: tor configuration
-WARNING: untranslated string: tor connected relays
-WARNING: untranslated string: tor contact info
-WARNING: untranslated string: tor daemon
 WARNING: untranslated string: tor directory port
-WARNING: untranslated string: tor enabled
-WARNING: untranslated string: tor errmsg invalid accounting limit
 WARNING: untranslated string: tor errmsg invalid directory port
-WARNING: untranslated string: tor errmsg invalid ip or mask
-WARNING: untranslated string: tor errmsg invalid relay address
-WARNING: untranslated string: tor errmsg invalid relay name
-WARNING: untranslated string: tor errmsg invalid relay port
-WARNING: untranslated string: tor errmsg invalid socks port
-WARNING: untranslated string: tor exit country any
-WARNING: untranslated string: tor exit nodes
-WARNING: untranslated string: tor relay address
-WARNING: untranslated string: tor relay configuration
-WARNING: untranslated string: tor relay enabled
-WARNING: untranslated string: tor relay external address
-WARNING: untranslated string: tor relay fingerprint
-WARNING: untranslated string: tor relay mode
-WARNING: untranslated string: tor relay mode bridge
-WARNING: untranslated string: tor relay mode exit
-WARNING: untranslated string: tor relay mode private bridge
-WARNING: untranslated string: tor relay mode relay
-WARNING: untranslated string: tor relay nickname
-WARNING: untranslated string: tor relay port
-WARNING: untranslated string: tor service
-WARNING: untranslated string: tor socks port
-WARNING: untranslated string: tor stats
-WARNING: untranslated string: tor traffic limit hard
-WARNING: untranslated string: tor traffic limit soft
-WARNING: untranslated string: tor traffic read written
-WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: urlfilter redirect template
-WARNING: untranslated string: wlan client
-WARNING: untranslated string: wlan client advanced settings
-WARNING: untranslated string: wlan client and
-WARNING: untranslated string: wlan client bssid
-WARNING: untranslated string: wlan client ccmp
-WARNING: untranslated string: wlan client configuration
-WARNING: untranslated string: wlan client disconnected
-WARNING: untranslated string: wlan client duplicate ssid
-WARNING: untranslated string: wlan client edit entry
-WARNING: untranslated string: wlan client encryption
-WARNING: untranslated string: wlan client encryption none
-WARNING: untranslated string: wlan client encryption wep
-WARNING: untranslated string: wlan client encryption wpa
-WARNING: untranslated string: wlan client encryption wpa2
-WARNING: untranslated string: wlan client group cipher
-WARNING: untranslated string: wlan client group key algorithm
-WARNING: untranslated string: wlan client invalid key length
-WARNING: untranslated string: wlan client new entry
-WARNING: untranslated string: wlan client new network
-WARNING: untranslated string: wlan client pairwise cipher
-WARNING: untranslated string: wlan client pairwise key algorithm
-WARNING: untranslated string: wlan client pairwise key group key
-WARNING: untranslated string: wlan client psk
-WARNING: untranslated string: wlan client ssid
-WARNING: untranslated string: wlan client tkip
-WARNING: untranslated string: wlan client wpa mode
-WARNING: untranslated string: wlan client wpa mode all
-WARNING: untranslated string: wlan client wpa mode ccmp ccmp
-WARNING: untranslated string: wlan client wpa mode ccmp tkip
-WARNING: untranslated string: wlan client wpa mode tkip tkip
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 6dd900f..acb4f97 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -391,7 +391,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
    	}
    }
    if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
-		($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 65536))
+		($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576))
    {
    	$errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
    	goto ERROR;
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index 9888121..2589668 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -737,6 +737,13 @@
 'dns saved txt' => 'Girilen iki DNS sunucu adresi başarılı bir şekilde kaydedildi.<br />Değişikliklerin aktifleştirielebilmesi için yeniden başlatın!',
 'dns server' => 'DNS Sunucusu',
 'dns title' => 'Etki Alanı Ad Sistemi',
+'dnsforward' => 'DNS yönlendirmesi',
+'dnsforward add a new entry' => 'Yeni bir kayıt ekle:',
+'dnsforward configuration' => 'İleri DNS yapılandırması',
+'dnsforward edit an entry' => 'Varolan bir kaydı düzenle:',
+'dnsforward entries' => 'Güncel kayıtlar:',
+'dnsforward forward_server' => 'Ad sunucusu',
+'dnsforward zone' => 'Bölge',
 'do not log this port list' => 'Otorumdan hemen önce bu bağlantı noktaları listesini bırak (günlük boyutunu küçültür)',
 'dod' => 'Çevirmeli Bağlantı Üzerinden Talep',
 'dod for dns' => 'DNS için çevirmeli bağlantı üzerinden talep:',
@@ -751,7 +758,7 @@
 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
 'donation-text' => '<strong>IPFire</strong> boş zamanlarında gönüllüer tarafından geliştirlmektedir. Bu projeyi ayakta tutmak için eğer bize destek olmak isterseniz küçük bir bağıştan mutluluk duyarız.',
 'done' => 'Yap',
-'dos charset' => 'DOS Karakter',
+'dos charset' => 'DOS Karakterleri',
 'down and up speed' => 'Gönderme hızı düştüğünde <i>Kaydet</i> düğmesine basın.',
 'downlink speed' => 'İndirme bağlantı hızı (kbit/san)',
 'downlink std class' => 'Standart indirme bağlantısı sınıfı',
@@ -1586,9 +1593,9 @@
 'reload' => 'yeniden yükle',
 'remark' => 'Açıklama',
 'remark title' => 'Açıklama:',
-'remote access' => 'Uzaktan erişim',
-'remote announce' => 'Uzaktan Duyuru',
-'remote browse sync' => 'Remote Browse Sync',
+'remote access' => 'Uzak erişim',
+'remote announce' => 'Uzak duyuru',
+'remote browse sync' => 'Uzak tarayıcı eşitlemesi',
 'remote host/ip' => 'Uzak ana bilgisayar/IP',
 'remote logging' => 'Uzak günlük',
 'remote subnet' => 'Uzak alt ağ:',
@@ -1824,6 +1831,58 @@
 'tone' => 'Ses',
 'tone dial' => 'Sesli çevirme:',
 'too long 80 char max' => ' çok uzun, izin verilen en fazla 80 karakterdir',
+'tor' => 'Tor',
+'tor accounting' => 'Hesap',
+'tor accounting bytes' => 'Trafik (okuma/yazma)',
+'tor accounting bytes left' => 'left',
+'tor accounting interval' => 'Aralık (UTC)',
+'tor accounting limit' => 'Hesap sınırı (MB)',
+'tor accounting period' => 'Hesap dönemi',
+'tor accounting period daily' => 'günlük',
+'tor accounting period monthly' => 'aylık',
+'tor accounting period weekly' => 'haftalık',
+'tor acls' => 'Erişim Kontrolü',
+'tor allowed subnets' => 'İzin verilen alt ağlar (her satırda bir tane)',
+'tor bandwidth burst' => 'En büyük ayırma',
+'tor bandwidth rate' => 'En büyük oran',
+'tor bandwidth settings' => 'Bant Genişliği Ayarları',
+'tor bandwidth unlimited' => 'sınırsız',
+'tor bridge enabled' => 'Tor köprüsünü etkinleştir',
+'tor common settings' => 'Genel Ayarlar',
+'tor configuration' => 'Tor Yapılandırması',
+'tor connected relays' => 'Bağlı aktarımlar',
+'tor contact info' => 'İletişim Bilgileri',
+'tor daemon' => 'Artalan süreci',
+'tor enabled' => 'Tor Aktif',
+'tor errmsg invalid accounting limit' => 'Geçersiz hesap sınırı',
+'tor errmsg invalid ip or mask' => 'Geçersiz IP alt ağı',
+'tor errmsg invalid node id' => 'Geçersiz düğüm kimliği (ID)',
+'tor errmsg invalid relay address' => 'Geçersiz aktarma adresi',
+'tor errmsg invalid relay name' => 'Geçersiz aktarma takma adı',
+'tor errmsg invalid relay port' => 'Geçersiz aktarma bağlantı noktası',
+'tor errmsg invalid socks port' => 'Geçersiz SOCKS bağlantı noktası',
+'tor exit country' => 'Ülçe çıkışı',
+'tor exit country any' => 'Herhangi bir ülke',
+'tor exit nodes' => 'Çıkış Düğümleri',
+'tor relay address' => 'Aktarma adresleri',
+'tor relay configuration' => 'Tor Aktarma Yapılandırması',
+'tor relay enabled' => 'Tor Aktarma Aktif',
+'tor relay external address' => 'Aktarım dış adresi',
+'tor relay fingerprint' => 'Aktarım parmak izi',
+'tor relay mode' => 'Aktarım biçimi',
+'tor relay mode bridge' => 'Köprü',
+'tor relay mode exit' => 'Çıkış-Düğümü',
+'tor relay mode private bridge' => 'Özel köprü',
+'tor relay mode relay' => 'Sadece aktarım',
+'tor relay nickname' => 'Aktarım takma adı',
+'tor relay port' => 'Aktarım bağlantı noktası',
+'tor service' => 'Tor Servisi',
+'tor socks port' => 'SOCKS bağlantı noktası',
+'tor stats' => 'İstatistik',
+'tor traffic limit hard' => 'Trafik sınırına ulaşıldı.',
+'tor traffic limit soft' => 'Trafik sınırına neredeyse ulaşıldı. Yeni herhangi bir bağlantı kabul edilmiyor.',
+'tor traffic read written' => 'Toplam tarfik (okuma/yazma)',
+'tor use exit nodes' => 'Sadece bu çıkış düğümlerini kullanın (her satıra bir tane)',
 'total connection time' => 'Toplam bağlantı süresi',
 'total hits for log section' => 'Günlük bölümü için toplam kayıt',
 'traffic back' => 'Geri',
@@ -1933,7 +1992,7 @@
 'updxlrtr save and restart' => 'Kaydet ve Yeniden Başlat',
 'updxlrtr source' => 'Kaynak',
 'updxlrtr source checkup' => 'Kaynak kontrolü',
-'updxlrtr source checkup schedule' => 'Kaynak kontrolü programı',
+'updxlrtr source checkup schedule' => 'Kaynak kontrol zamanı',
 'updxlrtr sources' => 'Kaynaklar',
 'updxlrtr standard view' => 'Standart görünüm',
 'updxlrtr statistics' => 'İstatistik',
@@ -2066,7 +2125,7 @@
 'urlfilter hourly' => 'Saatlik',
 'urlfilter import blacklist' => 'Kara listeyi al',
 'urlfilter import text' => 'Önceden kaydedilmiş *.tar.gz uzantılı kara liste düzenleyici dosyasını yüklemek için aşağıdan seçin',
-'urlfilter install blacklist' => 'Kara listeyi kur',
+'urlfilter install blacklist' => 'Kara listeye yükle',
 'urlfilter install information' => 'Yeni kara liste otomatik olarak oluşturulup veritabanları için derlenecektir. Kara liste boyutuna bağlı olarak güncelleme işlemi birkaç dakika zaman alabilir. URL filtreyi yeniden başlatmadan önce bu görevin muhakkak bitirilmesini bekleyin.',
 'urlfilter invalid content' => 'Dosya squidGuard uyumlu kara liste değil',
 'urlfilter invalid import file' => 'Dosya geçerli URL filtre kara liste düzenleyicisi dosyası değil',
@@ -2247,6 +2306,36 @@
 'wireless config added' => 'Kablosuz ağ yapılandırma eklendi',
 'wireless config changed' => 'Kablosuz ağ yapılandırma değiştirildi',
 'wireless configuration' => 'Kablosuz Ağ ayarları',
+'wlan client' => 'Kablosuz istemci',
+'wlan client advanced settings' => 'Gelişmiş ayarlar',
+'wlan client and' => 've',
+'wlan client bssid' => 'BSSID',
+'wlan client ccmp' => 'CCMP',
+'wlan client configuration' => 'Kablosuz isdemci Yapılandırması',
+'wlan client disconnected' => 'Bağlantı kesildi',
+'wlan client duplicate ssid' => 'Yinelenen SSID',
+'wlan client edit entry' => 'Kablosuz istemci yapılandırmasını düzenle',
+'wlan client encryption' => 'Şifreleme',
+'wlan client encryption none' => 'Hiçbiri',
+'wlan client encryption wep' => 'WEP',
+'wlan client encryption wpa' => 'WPA',
+'wlan client encryption wpa2' => 'WPA2',
+'wlan client group cipher' => 'Grup şifreleme',
+'wlan client group key algorithm' => 'GKA',
+'wlan client invalid key length' => 'Geçersiz anahtar uzunluğu.',
+'wlan client new entry' => 'Yeni kablosuz istemci yapılandırması oluştur',
+'wlan client new network' => 'Yeni ağ',
+'wlan client pairwise cipher' => 'İkili şifreleme',
+'wlan client pairwise key algorithm' => 'PKA',
+'wlan client pairwise key group key' => 'İkili anahtar/grup anahtarı',
+'wlan client psk' => 'Önceden paylaşılan anahtar',
+'wlan client ssid' => 'SSID',
+'wlan client tkip' => 'TKIP',
+'wlan client wpa mode' => 'WPA biçimi',
+'wlan client wpa mode all' => 'Otomatik',
+'wlan client wpa mode ccmp ccmp' => 'CCMP-CCMP',
+'wlan client wpa mode ccmp tkip' => 'CCMP-TKIP',
+'wlan client wpa mode tkip tkip' => 'TKIP-TKIP',
 'wlanap access point' => 'Erişim Noktası',
 'wlanap channel' => 'Kanal',
 'wlanap country' => 'Ülke Kodu',
diff --git a/lfs/check_mk_agent b/lfs/check_mk_agent
index c0f70d1..6e6d557 100644
--- a/lfs/check_mk_agent
+++ b/lfs/check_mk_agent
@@ -24,7 +24,7 @@
include Config
-VER        = 1.2.0p3
+VER        = 1.2.2p2
THISAPP    = check_mk_agent-$(VER)
 DL_FILE    = check_mk-${VER}.tar.gz
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2c0f27fe8b6e3455557ecb30954d8a79
+$(DL_FILE)_MD5 = caa0f7662b4d170b2b6db2516bd41a89
install : $(TARGET)
 check : $(patsubst %,$(DIR_CHK)/%,$(objects))
@@ -78,6 +78,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
    cd $(DIR_APP) && tar xzf agents.tar.gz
    cd $(DIR_APP) && install -v -m 755 check_mk_agent.linux /usr/bin/check_mk_agent
+	-mkdir /etc/xinetd.d
+	cd $(DIR_APP) && install -v -m 755 xinetd.conf /etc/xinetd.d/check_mk_agent
    cd $(DIR_APP) && gcc $(CFLAGS) waitmax.c -o waitmax
    cd $(DIR_APP) && install -v -m 755 waitmax /usr/bin/waitmax
    @rm -rf $(DIR_APP)
diff --git a/lfs/configroot b/lfs/configroot
index 1185236..1260ceb 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -67,7 +67,7 @@ $(TARGET) :
        ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings fwlogs/ipsettings fwlogs/portsettings \
        isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings outgoing/settings outgoing/rules \
        ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
-	    ppp/settings-5 ppp/settings proxy/settings proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
+	    ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
        qos/tosconfig snort/settings tripwire/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
        vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
            touch $(CONFIG_ROOT)/$$i; \
diff --git a/lfs/nagios b/lfs/nagios
index 2bb2a41..a9cef53 100644
--- a/lfs/nagios
+++ b/lfs/nagios
@@ -103,7 +103,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    cd $(DIR_SRC)/nagios-plugins* && ./configure --prefix=/usr \
    	--libexecdir=/usr/lib/nagios \
    	--with-nagios-user=nobody --with-nagios-group=nobody
-	cd $(DIR_SRC)/nagios-plugins* && make $(MAKETUNING)
+	cd $(DIR_SRC)/nagios-plugins* && make
    cd $(DIR_SRC)/nagios-plugins* && make install
    chown -R nobody:nobody /var/nagios
    ln -s /etc/init.d/nagios /etc/rc.d/rc3.d/S67nagios
diff --git a/lfs/openvpn b/lfs/openvpn
index e57aa30..87daf07 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2011  IPFire Team  info@ipfire.org                     #
+# Copyright (C) 2007-2013  IPFire Team  info@ipfire.org                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
include Config
-VER        = 2.2.2
+VER        = 2.3.2
THISAPP    = openvpn-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c5181e27b7945fa6276d21873329c5c7
+$(DL_FILE)_MD5 = 06e5f93dbf13f2c19647ca15ffc23ac1
install : $(TARGET)
@@ -73,16 +73,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    cd $(DIR_APP) && ./configure \
    	--prefix=/usr \
    	--sysconfdir=/var/ipfire/ovpn \
+		--enable-iproute2 \
    	--enable-password-save \
-		--enable-pthread
+		--enable-plugins \
+		--enable-plugin-auth-pam \
+		--enable-plugin-down-root
+
    cd $(DIR_APP) && make $(MAKETUNING)
    cd $(DIR_APP) && make install
    cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
-	-mkdir -pv /usr/lib/openvpn
-	cd $(DIR_APP)/plugin/auth-pam && make
-	cp -pvf $(DIR_APP)/plugin/auth-pam/openvpn-auth-pam.so /usr/lib/openvpn
-	cd $(DIR_APP)/plugin/down-root && make
-	cp -pvf $(DIR_APP)/plugin/down-root/openvpn-down-root.so /usr/lib/openvpn
+	-mkdir -vp /usr/lib/openvpn/plugins
    -mkdir -vp /var/ipfire/ovpn/ca
    -mkdir -vp /var/ipfire/ovpn/ccd
    -mkdir -vp /var/ipfire/ovpn/crls
diff --git a/lfs/squid b/lfs/squid
index a341857..3c5f6c5 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
include Config
-VER        = 3.3.10
+VER        = 3.3.11
THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 28058812d722cac303517a643e28bcb0
+$(DL_FILE)_MD5 = dd016ff5f14b2548083b3882207914f6
install : $(TARGET)
@@ -53,7 +53,6 @@ md5 : $(subst %,%_MD5,$(objects))
 ###############################################################################
 # Downloading, checking, md5sum
 ###############################################################################
-
 $(patsubst %,$(DIR_CHK)/%,$(objects)) :
    @$(CHECK)
@@ -70,9 +69,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    @$(PREBUILD)
    @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
-
-	cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-ssl-options.patch
-
    cd $(DIR_APP) && ./configure \
    	--prefix=/usr \
    	--sysconfdir=/etc/squid \
@@ -104,8 +100,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    	--enable-eui \
    	--with-pthreads \
    	--with-dl \
-		--with-maxfd="65536" \
-		--with-filedescriptors=65536 \
+		--with-filedescriptors=$$(( 16384 * 64 )) \
    	--with-large-files \
    	--with-aio \
    	--enable-async-io=8 \
diff --git a/lfs/strongswan b/lfs/strongswan
index 4701f34..495d035 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
include Config
-VER        = 5.1.0
+VER        = 5.1.1
THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -33,9 +33,11 @@ DIR_APP    = $(DIR_SRC)/strongswan-$(VER)
 TARGET     = $(DIR_INFO)/$(THISAPP)
ifeq "$(MACHINE)" "i586"
-	PADLOCK = --enable-padlock
+	CONFIGURE_OPTIONS = \
+		--enable-padlock
 else
-	PADLOCK = --disable-padlock
+	CONFIGURE_OPTIONS = \
+		--disable-padlock
 endif
###############################################################################
@@ -46,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c1cd0a3ba9960f590cae28c8470800e8
+$(DL_FILE)_MD5 = e3af3d493d22286be3cd794533a8966a
install : $(TARGET)
@@ -78,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.5.3_ipfire.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.1-delay-dpd.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
    cd $(DIR_APP) && ./configure \
@@ -92,9 +95,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    	--enable-eap-peap \
    	--enable-eap-mschapv2 \
    	--enable-eap-identity \
-		$(PADLOCK)
+		--enable-unity \
+		$(CONFIGURE_OPTIONS)
-	cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"
+	cd $(DIR_APP) && make $(MAKETUNING)
    cd $(DIR_APP) && make install
# Remove all library files we don't want or need.
diff --git a/lfs/tor b/lfs/tor
index 795f7c3..10eaca4 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -24,7 +24,7 @@
include Config
-VER        = 0.2.4.17-rc
+VER        = 0.2.4.18-rc
THISAPP    = tor-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tor
-PAK_VER    = 4
+PAK_VER    = 5
DEPS       = "libevent2"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2cdfb8dcc3306a43cf465a858bf97b2d
+$(DL_FILE)_MD5 = 6cc5bc776e9d61a9fb1b000609ed2692
install : $(TARGET)
diff --git a/make.sh b/make.sh
index ef98d6f..37fa1c8 100755
--- a/make.sh
+++ b/make.sh
@@ -25,8 +25,8 @@
 NAME="IPFire"							# Software name
 SNAME="ipfire"							# Short name
 VERSION="2.13"							# Version number
-CORE="73"							# Core Level (Filename)
-PAKFIRE_CORE="73"						# Core Level (PAKFIRE)
+CORE="74"							# Core Level (Filename)
+PAKFIRE_CORE="74"						# Core Level (PAKFIRE)
 GIT_BRANCH=`git status | head -n1 | cut -d" " -f4`		# Git Branch
 SLOGAN="www.ipfire.org"						# Software slogan
 CONFIG_ROOT=/var/ipfire						# Configuration rootdir
diff --git a/src/paks/check_mk_agent/install.sh b/src/paks/check_mk_agent/install.sh
index 682363b..6aed752 100644
--- a/src/paks/check_mk_agent/install.sh
+++ b/src/paks/check_mk_agent/install.sh
@@ -24,3 +24,13 @@
 . /opt/pakfire/lib/functions.sh
 extract_files
 restore_backup ${NAME}
+
+mkdir -p /usr/lib/check_mk_agent/plugins
+
+if [[ -x /usr/sbin/xinetd ]];
+then
+   if [[ -x /etc/init.d/xinetd ]]
+   then
+      /etc/init.d/xinetd restart
+   fi
+fi
diff --git a/src/paks/check_mk_agent/uninstall.sh b/src/paks/check_mk_agent/uninstall.sh
index 66f4344..3a0860a 100644
--- a/src/paks/check_mk_agent/uninstall.sh
+++ b/src/paks/check_mk_agent/uninstall.sh
@@ -24,3 +24,11 @@
 . /opt/pakfire/lib/functions.sh
 make_backup ${NAME}
 remove_files
+
+if [[ -x /usr/sbin/xinetd ]];
+then
+   if [[ -x /etc/init.d/xinetd ]]
+   then
+      /etc/init.d/xinetd restart
+   fi
+fi
diff --git a/src/patches/squid-3.1-10486.patch b/src/patches/squid-3.1-10486.patch
deleted file mode 100644
index 6a0388e..0000000
--- a/src/patches/squid-3.1-10486.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-------------------------------------------------------------
-revno: 10486
-revision-id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
-parent: squid3@treenet.co.nz-20130109021503-hqg7ufldrudpzr9l
-fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790
-author: Reinhard Sojka reinhard.sojka@parlament.gv.at
-committer: Amos Jeffries squid3@treenet.co.nz
-branch nick: SQUID_3_1
-timestamp: Fri 2013-02-22 04:13:25 -0700
-message:
-  Bug 3790: cachemgr.cgi crash with authentication
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches%5C
-#   /SQUID_3_1
-# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b
-# timestamp: 2013-02-22 11:17:18 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches%5C
-#   /SQUID_3_1
-# base_revision_id: squid3@treenet.co.nz-20130109021503-\
-#   hqg7ufldrudpzr9l
-# 
-# Begin patch
-=== modified file 'tools/cachemgr.cc'
---- tools/cachemgr.cc	2013-01-08 23:11:51 +0000
-+++ tools/cachemgr.cc	2013-02-22 11:13:25 +0000
-@@ -1162,7 +1162,6 @@
- {
-     static char buf[1024];
-     size_t stringLength = 0;
--    const char *str64;
- 
-     if (!req->passwd)
-         return "";
-@@ -1171,15 +1170,12 @@
-              req->user_name ? req->user_name : "",
-              req->passwd);
- 
--    str64 = base64_encode(buf);
--
--    stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64);
-+    stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf));
- 
-     assert(stringLength < sizeof(buf));
- 
--    snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64);
-+    snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf));
- 
--    xxfree(str64);
-     return buf;
- }
- 
-
diff --git a/src/patches/squid-3.1-10487.patch b/src/patches/squid-3.1-10487.patch
deleted file mode 100644
index 2ca4848..0000000
--- a/src/patches/squid-3.1-10487.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-------------------------------------------------------------
-revno: 10487
-revision-id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
-parent: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
-author: Nathan Hoad nathan@getoffmalawn.com
-committer: Amos Jeffries squid3@treenet.co.nz
-branch nick: SQUID_3_1
-timestamp: Wed 2013-07-10 06:47:48 -0600
-message:
-  Protect against buffer overrun in DNS query generation
-  
-  see SQUID-2013:2.
-  
-  This bug has been present as long as the internal DNS component however
-  most code reaching this point is passing through URL validation first.
-  With Squid-3.2 Host header verification using DNS directly we may have
-  problems.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches%5C
-#   /SQUID_3_1
-# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0
-# timestamp: 2013-07-10 12:48:57 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches%5C
-#   /SQUID_3_1
-# base_revision_id: squid3@treenet.co.nz-20130222111325-\
-#   zizr296kq3te4g7h
-# 
-# Begin patch
-=== modified file 'src/dns_internal.cc'
---- src/dns_internal.cc	2011-10-11 02:12:56 +0000
-+++ src/dns_internal.cc	2013-07-10 12:47:48 +0000
-@@ -1532,22 +1532,26 @@
- void
- idnsALookup(const char *name, IDNSCB * callback, void *data)
- {
--    unsigned int i;
-+    size_t nameLength = strlen(name);
-+
-+    // Prevent buffer overflow on q->name
-+    if (nameLength > NS_MAXDNAME) {
-+        debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
-+        callback(data, NULL, 0, "Internal error");
-+        return;
-+    }
-+
-+    if (idnsCachedLookup(name, callback, data))
-+        return;
-+
-+    idns_query *q = cbdataAlloc(idns_query);
-+    q->id = idnsQueryID();
-     int nd = 0;
--    idns_query *q;
--
--    if (idnsCachedLookup(name, callback, data))
--        return;
--
--    q = cbdataAlloc(idns_query);
--
--    q->id = idnsQueryID();
--
--    for (i = 0; i < strlen(name); i++)
-+    for (unsigned int i = 0; i < nameLength; ++i)
-         if (name[i] == '.')
-             nd++;
- 
--    if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
-+    if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
-         q->do_searchpath = 1;
-     } else {
-         q->do_searchpath = 0;
-
diff --git a/src/patches/squid-3.3.10-optional-ssl-options.patch b/src/patches/squid-3.3.10-optional-ssl-options.patch
deleted file mode 100644
index f6a108c..0000000
--- a/src/patches/squid-3.3.10-optional-ssl-options.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115
-
-Committer: Christos Tsantilas
-Date: 2013-11-07 10:46:14 UTC
-Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf
-
-http://bugs.squid-cache.org/show_bug.cgi?id=3936
-Bug 3936: error-details.txt parse error
-
-Squid fails parsing error-details.txt template when one or more listed OpenSSL
-errors are not supported on running platform.
-This patch add a hardcoded list of OpenSSL errors wich can be optional.
-
-This is a Measurement Factory project
-
-=== modified file 'src/ssl/ErrorDetail.cc'
---- src/ssl/ErrorDetail.cc	2013-07-31 00:13:04 +0000
-+++ src/ssl/ErrorDetail.cc	2013-11-07 10:46:14 +0000
-@@ -221,6 +221,31 @@
-     {SSL_ERROR_NONE, NULL}
- };
- 
-+static const char *OptionalSslErrors[] = {
-+    "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
-+    "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
-+    "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
-+    "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
-+    "X509_V_ERR_INVALID_NON_CA",
-+    "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
-+    "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
-+    "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
-+    "X509_V_ERR_INVALID_EXTENSION",
-+    "X509_V_ERR_INVALID_POLICY_EXTENSION",
-+    "X509_V_ERR_NO_EXPLICIT_POLICY",
-+    "X509_V_ERR_DIFFERENT_CRL_SCOPE",
-+    "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
-+    "X509_V_ERR_UNNESTED_RESOURCE",
-+    "X509_V_ERR_PERMITTED_VIOLATION",
-+    "X509_V_ERR_EXCLUDED_VIOLATION",
-+    "X509_V_ERR_SUBTREE_MINMAX",
-+    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
-+    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
-+    "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
-+    "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
-+    NULL
-+};
-+
- struct SslErrorAlias {
-     const char *name;
-     const Ssl::ssl_error_t *errors;
-@@ -331,6 +356,16 @@
-     return NULL;
- }
- 
-+bool
-+Ssl::ErrorIsOptional(const char *name)
-+{
-+    for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
-+        if (strcmp(name, OptionalSslErrors[i]) == 0)
-+            return true;
-+    }
-+    return false;
-+}
-+
- const char *
- Ssl::GetErrorDescr(Ssl::ssl_error_t value)
- {
-
-=== modified file 'src/ssl/ErrorDetail.h'
---- src/ssl/ErrorDetail.h	2013-05-30 10:10:29 +0000
-+++ src/ssl/ErrorDetail.h	2013-11-07 10:46:14 +0000
-@@ -40,6 +40,14 @@
- 
- /**
-    \ingroup ServerProtocolSSLAPI
-+   * Return true if the SSL error is optional and may not supported
-+   * by current squid version
-+ */
-+
-+bool ErrorIsOptional(const char *name);
-+
-+/**
-+   \ingroup ServerProtocolSSLAPI
-  * Used to pass SSL error details to the error pages returned to the
-  * end user.
-  */
-
-=== modified file 'src/ssl/ErrorDetailManager.cc'
---- src/ssl/ErrorDetailManager.cc	2013-10-25 00:13:46 +0000
-+++ src/ssl/ErrorDetailManager.cc	2013-11-07 10:46:14 +0000
-@@ -218,32 +218,35 @@
-             }
- 
-             Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
--            if (ssl_error == SSL_ERROR_NONE) {
-+            if (ssl_error != SSL_ERROR_NONE) {
-+
-+                if (theDetails->getErrorDetail(ssl_error)) {
-+                    debugs(83, DBG_IMPORTANT, HERE <<
-+                           "WARNING! duplicate entry: " << errorName);
-+                    return false;
-+                }
-+
-+                ErrorDetailEntry &entry = theDetails->theList[ssl_error];
-+                entry.error_no = ssl_error;
-+                entry.name = errorName;
-+                String tmp = parser.getByName("detail");
-+                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
-+                tmp = parser.getByName("descr");
-+                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
-+                bool parseOK = entry.descr.defined() && entry.detail.defined();
-+
-+                if (!parseOK) {
-+                    debugs(83, DBG_IMPORTANT, HERE <<
-+                           "WARNING! missing important field for detail error: " <<  errorName);
-+                    return false;
-+                }
-+
-+            } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
-                 debugs(83, DBG_IMPORTANT, HERE <<
-                        "WARNING! invalid error detail name: " << errorName);
-                 return false;
-             }
- 
--            if (theDetails->getErrorDetail(ssl_error)) {
--                debugs(83, DBG_IMPORTANT, HERE <<
--                       "WARNING! duplicate entry: " << errorName);
--                return false;
--            }
--
--            ErrorDetailEntry &entry = theDetails->theList[ssl_error];
--            entry.error_no = ssl_error;
--            entry.name = errorName;
--            String tmp = parser.getByName("detail");
--            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
--            tmp = parser.getByName("descr");
--            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
--            bool parseOK = entry.descr.defined() && entry.detail.defined();
--
--            if (!parseOK) {
--                debugs(83, DBG_IMPORTANT, HERE <<
--                       "WARNING! missing imporant field for detail error: " <<  errorName);
--                return false;
--            }
-         }// else {only spaces and black lines; just ignore}
- 
-         buf.consume(size);
-
diff --git a/src/patches/strongswan-5.1.1-delay-dpd.patch b/src/patches/strongswan-5.1.1-delay-dpd.patch
new file mode 100644
index 0000000..db3d664
--- /dev/null
+++ b/src/patches/strongswan-5.1.1-delay-dpd.patch
@@ -0,0 +1,35 @@
+From b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c Mon Sep 17 00:00:00 2001
+From: Martin Willi martin@revosec.ch
+Date: Fri, 1 Nov 2013 11:28:53 +0100
+Subject: [PATCH] ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeying
+
+Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which
+is perfectly valid. For short(er) DPD delays, this leads to the situation where
+we send a DPD request during set_state(), but the IKE_SA has no hosts set yet.
+Avoid that DPD by resetting the INBOUND timestamp during set_state().
+---
+ src/libcharon/sa/ike_sa.c |    8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
+index 0282087..d482f8b 100644
+--- a/src/libcharon/sa/ike_sa.c
++++ b/src/libcharon/sa/ike_sa.c
+@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void,
+ 					DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t);
+ 				}
+ 				trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg);
++				if (trigger_dpd)
++				{
++					/* Some peers delay the DELETE after rekeying an IKE_SA.
++					 * If this delay is longer than our DPD delay, we would
++					 * send a DPD request here. The IKE_SA is not ready to do
++					 * so yet, so prevent that. */
++					this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED];
++				}
+ 			}
+ 			break;
+ 		}
+-- 
+1.7.4.1
+
diff --git a/src/scripts/httpscert b/src/scripts/httpscert
index fb2d64b..d0e23fa 100644
--- a/src/scripts/httpscert
+++ b/src/scripts/httpscert
@@ -6,13 +6,9 @@
 # See how we were called.
 case "$1" in
   new)
-	# set temporary random file
-	export RANDFILE=/root/.rnd
    if [ ! -f /etc/httpd/server.key ]; then
    	echo "Generating https server key."
-		/usr/bin/openssl genrsa -rand \
-			/boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \
-			/etc/httpd/server.key 1024
+		/usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
    fi
    echo "Generating CSR"
    /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
@@ -21,9 +17,6 @@ case "$1" in
    /usr/bin/openssl x509 -req -days 999999 -in \
    	/etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
    	/etc/httpd/server.crt
-	# unset and remove random file
-	export -n RANDFILE
-	rm -f /root/.rnd
    ;;
   read)
    if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
hooks/post-receive
--
IPFire 2.x development tree

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 5cd3a05bf0653726834489c87b80064584e6073b