Merge remote-tracking branch 'origin/next' into thirteen
authorArne Fitzenreiter <arne_f@ipfire.org>
Thu, 6 Dec 2012 18:29:29 +0000 (19:29 +0100)
committerArne Fitzenreiter <arne_f@ipfire.org>
Thu, 6 Dec 2012 18:29:29 +0000 (19:29 +0100)
Conflicts:
config/rootfiles/common/stage2
make.sh

1  2 
config/rootfiles/common/stage2
html/cgi-bin/vpnmain.cgi
lfs/stage2
make.sh

@@@ -1,6 -1,6 +1,6 @@@
  bin/bash
  bin/cat
 -bin/grep
 +bin/echo
  bin/pwd
  bin/stty
  #boot
@@@ -13,10 -13,11 +13,10 @@@ etc/hddtemp.d
  etc/host.conf
  etc/inittab
  etc/inputrc
 -#etc/ipsec.user.conf
 -#etc/ipsec.user.secrets
 +etc/ipsec.user.conf
 +etc/ipsec.user.secrets
  etc/issue
  etc/ld.so.conf
 -etc/localtime
  etc/logrotate.conf
  etc/mime.types
  etc/modprobe.d
@@@ -29,13 -30,11 +29,13 @@@ etc/nsswitch.con
  etc/passwd
  etc/profile
  #etc/profile.d
 -etc/profile.d/bashrc.sh
 -etc/profile.d/dircolors.sh
 +etc/profile.d/colorls.sh
  etc/profile.d/extrapaths.sh
 +etc/profile.d/glib2-locale.sh
  etc/profile.d/i18n.sh
 +etc/profile.d/lang.sh
  etc/profile.d/readline.sh
 +etc/profile.d/term256.sh
  etc/profile.d/umask.sh
  etc/resolv.conf
  etc/securetty
@@@ -51,23 -50,14 +51,23 @@@ media/usbke
  mnt
  #opt
  #root
 +root/.bash_logout
 +root/.bash_profile
 +root/.bashrc
  root/ipfire
  #sbin
  #srv
 +#usr/bin
  #usr/bin/perl
  #usr/include
  #usr/lib
 -usr/lib/libgcc_s.so
 +#usr/lib/libgcc_s.so
  usr/lib/libgcc_s.so.1
 +#usr/lib/libstdc++.la
 +#usr/lib/libstdc++.so
 +usr/lib/libstdc++.so.6
 +#usr/local
 +#usr/local/bin
  #usr/local/bin/archive.files
  usr/local/bin/backupiso
  usr/local/bin/connscheduler
@@@ -84,15 -74,15 +84,18 @@@ usr/local/bin/scanh
  usr/local/bin/setddns.pl
  usr/local/bin/settime
  usr/local/bin/timecheck
+ #usr/local/bin/uname
+ usr/local/bin/update-lang-cache
+ usr/local/bin/vpn-watch
  #usr/local/include
  #usr/local/lib
  #usr/local/sbin
 +#usr/local/share
  #usr/local/share/doc
  #usr/local/share/info
  #usr/local/share/locale
 +#usr/local/share/man
 +#usr/local/share/man/man1
  #usr/local/share/man/man2
  #usr/local/share/man/man3
  #usr/local/share/man/man4
  #usr/local/share/zoneinfo
  #usr/local/src
  #usr/sbin
+ usr/sbin/ovpn-ccd-convert
  #usr/share
  #usr/share/doc
  #usr/share/doc/licenses
@@@ -144,6 -135,6 +148,6 @@@ var/ru
  var/run/utmp
  #var/spool
  var/tmp
 -dev/null
  dev/console
 +dev/null
  tmp
diff --combined html/cgi-bin/vpnmain.cgi
index eaf6f48,24aeb6d..e9d114b
mode 100644,100755..100755
@@@ -73,9 -73,17 +73,9 @@@ $cgiparams{'ENABLED'} = 'off'
  $cgiparams{'EDIT_ADVANCED'} = 'off';
  $cgiparams{'ACTION'} = '';
  $cgiparams{'CA_NAME'} = '';
 -$cgiparams{'DBG_CRYPT'} = '';
 -$cgiparams{'DBG_PARSING'} = '';
 -$cgiparams{'DBG_EMITTING'} = '';
 -$cgiparams{'DBG_CONTROL'} = '';
 -$cgiparams{'DBG_KLIPS'} = '';
 -$cgiparams{'DBG_DNS'} = '';
 -$cgiparams{'DBG_NAT_T'} = '';
  $cgiparams{'KEY'} = '';
  $cgiparams{'TYPE'} = '';
  $cgiparams{'ADVANCED'} = '';
 -$cgiparams{'INTERFACE'} = '';
  $cgiparams{'NAME'} = '';
  $cgiparams{'LOCAL_SUBNET'} = '';
  $cgiparams{'REMOTE_SUBNET'} = '';
@@@ -246,10 -254,49 +246,10 @@@ sub writeipsecfiles 
      flock SECRETS, 2;
      print CONF "version 2\n\n";
      print CONF "config setup\n";
 -    #create an ipsec Interface for each 'enabled' ones
 -    #loop trought configuration and add physical interfaces to the list
 -    my $interfaces = "\tinterfaces=\"";
 -    foreach my $key (keys %lconfighash) {
 -      next if ($lconfighash{$key}[0] ne 'on');
 -        $interfaces .= "%defaultroute "                   if ($interfaces !~ /defaultroute/ && $lconfighash{$key}[26] eq 'RED');
 -      $interfaces .= "$netsettings{'GREEN_DEV'} "  if ($interfaces !~ /ipsec1/              && $lconfighash{$key}[26] eq 'GREEN');
 -      $interfaces .= "$netsettings{'BLUE_DEV'} "   if ($interfaces !~ /ipsec2/              && $lconfighash{$key}[26] eq 'BLUE');
 -      $interfaces .= "$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/              && $lconfighash{$key}[26] eq 'ORANGE');
 -    }
 -    print CONF $interfaces . "\"\n";
 -
 -    my $plutodebug = '';                      # build debug list
 -    map ($plutodebug .= $lvpnsettings{$_} eq 'on' ? lc (substr($_,4)).' ' : '',
 -      ('DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
 -       'DBG_DNS'));
 -    $plutodebug = 'none' if $plutodebug eq '';  # if nothing selected, use 'none'.
 -    #print CONF "\tklipsdebug=\"none\"\n";
 -    print CONF "\tplutodebug=\"$plutodebug\"\n";
 -    # deprecated in ipsec.conf version 2
 -    #print CONF "\tplutoload=%search\n";
 -    #print CONF "\tplutostart=%search\n";
 -    print CONF "\tuniqueids=yes\n";
 -    print CONF "\tnat_traversal=yes\n";
 -    print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
 -    print CONF "\tvirtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16";
 -    print CONF ",%v4:!$green_cidr";
 -    if (length($netsettings{'ORANGE_DEV'}) > 2) {
 -      print CONF ",%v4:!$orange_cidr";
 -    }
 -    if (length($netsettings{'BLUE_DEV'}) > 2) {
 -      print CONF ",%v4:!$blue_cidr";
 -    }
 -    foreach my $key (keys %lconfighash) {
 -      if ($lconfighash{$key}[3] eq 'net') {
 -          print CONF ",%v4:!$lconfighash{$key}[11]";
 -      }
 -    }
 -    print CONF "\n\n";
 +    print CONF "\tcharondebug=\"dmn 0, mgr 0, ike 0, chd 0, job 0, cfg 0, knl 0, net 0, asn 0, enc 0, lib 0, esp 0, tls 0, tnc 0, imc 0, imv 0, pts 0\"\n";
 +    print CONF "\n";
      print CONF "conn %default\n";
 -    print CONF "\tkeyingtries=0\n";
 -    #strongswan doesn't know this
 -    #print CONF "\tdisablearrivalcheck=no\n";
 +    print CONF "\tkeyingtries=%forever\n";
      print CONF "\n";
  
      # Add user includes to config file
  
        print CONF "conn $lconfighash{$key}[1]\n";
        print CONF "\tleft=$localside\n";
 -      print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
        my $cidr_net=&General::ipcidr($lconfighash{$key}[8]);
        print CONF "\tleftsubnet=$cidr_net\n";
        print CONF "\tleftfirewall=yes\n";
        if ($lconfighash{$key}[3] eq 'net') {
            my $cidr_net=&General::ipcidr($lconfighash{$key}[11]);
            print CONF "\trightsubnet=$cidr_net\n";
 -          print CONF "\trightnexthop=%defaultroute\n";
        } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
            print CONF "\trightsubnet=vhost:%no,%priv\n";
        }
        print CONF "\tleftid=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
        print CONF "\trightid=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
  
 +      # Is PFS enabled?
 +      my $pfs = $lconfighash{$key}[28] eq 'on' ? 'on' : 'off';
 +
        # Algorithms
        if ($lconfighash{$key}[18] && $lconfighash{$key}[19] && $lconfighash{$key}[20]) {
            print CONF "\tike=";
            print CONF "\tesp=";
            my @encs   = split('\|', $lconfighash{$key}[21]);
            my @ints   = split('\|', $lconfighash{$key}[22]);
 +          my @groups = split('\|', $lconfighash{$key}[20]);
            my $comma = 0;
            foreach my $i (@encs) {
                foreach my $j (@ints) {
 -                  if ($comma != 0) { print CONF ","; } else { $comma = 1; }
 -                  print CONF "$i-$j";
 +                      my $modp = "";
 +                      if ($pfs eq "on") {
 +                              foreach my $k (@groups) {
 +                                  if ($comma != 0) { print CONF ","; } else { $comma = 1; }
 +                                  if ($pfs eq "on") {
 +                                      $modp = "-modp$k";
 +                                  } else {
 +                                      $modp = "";
 +                                  }
 +                                  print CONF "$i-$j$modp";
 +                              }
 +                      } else {
 +                              if ($comma != 0) { print CONF ","; } else { $comma = 1; }
 +                              print CONF "$i-$j";
 +                      }
                }
            }
            if ($lconfighash{$key}[24] eq 'on') {       #only proposed algorythms?
                print CONF "\n";
            }
        }
 -      if ($lconfighash{$key}[23]) {
 -          print CONF "\tpfsgroup=$lconfighash{$key}[23]\n";
 -      }
  
        # IKE V1 or V2
        if (! $lconfighash{$key}[29]) {
        print CONF "\tdpdtimeout=120\n";
        print CONF "\tdpdaction=$lconfighash{$key}[27]\n";
  
 -      # Disable pfs ?
 -      print CONF "\tpfs=". ($lconfighash{$key}[28] eq 'on' ? "yes\n" : "no\n");
 -
        # Build Authentication details:  LEFTid RIGHTid : PSK psk
        my $psk_line;
        if ($lconfighash{$key}[4] eq 'psk') {
      close(SECRETS);
  }
  
 +# Hook to regenerate the configuration files.
 +if ($ENV{"REMOTE_ADDR"} eq "") {
 +      writeipsecfiles;
 +      exit(0);
 +}
 +
  ###
  ### Save main settings
  ###
@@@ -434,14 -466,29 +434,14 @@@ if ($cgiparams{'ACTION'} eq $Lang::tr{'
        goto SAVE_ERROR;
      }
  
 -    unless ($cgiparams{'VPN_OVERRIDE_MTU'} =~ /^(|[0-9]{1,5})$/ ) { #allow 0-99999
 -      $errormessage = $Lang::tr{'vpn mtu invalid'};
 -      goto SAVE_ERROR;
 -    }
 -
 -    unless ($cgiparams{'VPN_WATCH'} =~ /^(|off|on)$/ ) {
 -      $errormessage = $Lang::tr{'invalid input'};
 -      goto SAVE_ERROR;
 -    }
 -
      if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'RW_NET'}) ) {
        $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'};
        goto SAVE_ERROR;
      }
  
 -    map ($vpnsettings{$_} = $cgiparams{$_},
 -      ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
 -       'DBG_DNS'));
 -
 +    $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
      $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
      $vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
 -    $vpnsettings{'VPN_OVERRIDE_MTU'} = $cgiparams{'VPN_OVERRIDE_MTU'};
 -    $vpnsettings{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'};
      $vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'};
      &General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
      &writeipsecfiles();
@@@ -1251,6 -1298,7 +1251,6 @@@ EN
        $cgiparams{'REMOTE'}            = $confighash{$cgiparams{'KEY'}}[10];
        $cgiparams{'REMOTE_SUBNET'}     = $confighash{$cgiparams{'KEY'}}[11];
        $cgiparams{'REMARK'}            = $confighash{$cgiparams{'KEY'}}[25];
 -      $cgiparams{'INTERFACE'}         = $confighash{$cgiparams{'KEY'}}[26];
        $cgiparams{'DPD_ACTION'}        = $confighash{$cgiparams{'KEY'}}[27];
        $cgiparams{'IKE_VERSION'}       = $confighash{$cgiparams{'KEY'}}[29];
        $cgiparams{'IKE_ENCRYPTION'}    = $confighash{$cgiparams{'KEY'}}[18];
            goto VPNCONF_ERROR;
        }
  
+       
+       if ($cgiparams{'TYPE'} eq 'net'){
+               $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
+               if ($errormessage ne ''){
+                       goto VPNCONF_ERROR;
+               }
+               
+       }
        if ($cgiparams{'AUTH'} eq 'psk') {
            if (! length($cgiparams{'PSK'}) ) {
                $errormessage = $Lang::tr{'pre-shared key is too short'};
@@@ -1753,7 -1809,7 +1761,7 @@@ EN
        $confighash{$key}[9] = $cgiparams{'REMOTE_ID'};
        $confighash{$key}[10] = $cgiparams{'REMOTE'};
        $confighash{$key}[25] = $cgiparams{'REMARK'};
 -      $confighash{$key}[26] = $cgiparams{'INTERFACE'};
 +      $confighash{$key}[26] = ""; # Formerly INTERFACE
        $confighash{$key}[27] = $cgiparams{'DPD_ACTION'};
        $confighash{$key}[29] = $cgiparams{'IKE_VERSION'};
  
            $cgiparams{'DPD_ACTION'} = 'restart';
        }
  
 -      # Default IKE Version to V1
 -      if (! $cgiparams{'IKE_VERSION'}) {
 -          $cgiparams{'IKE_VERSION'} = 'ikev1';
 +      # Default IKE Version to v2
 +      if (!$cgiparams{'IKE_VERSION'}) {
 +          $cgiparams{'IKE_VERSION'} = 'ikev2';
        }
  
 -      # Default is yes for 'pfs'
 -      $cgiparams{'PFS'}     = 'on';
 -      
        # ID are empty
        $cgiparams{'LOCAL_ID'}  = '';
        $cgiparams{'REMOTE_ID'} = '';
  
        #use default advanced value
 -      $cgiparams{'IKE_ENCRYPTION'} = 'aes128|3des';   #[18];
 -      $cgiparams{'IKE_INTEGRITY'}  = 'sha|md5';       #[19];
 -      $cgiparams{'IKE_GROUPTYPE'}  = '1536|1024';     #[20];
 +      $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des';     #[18];
 +      $cgiparams{'IKE_INTEGRITY'}  = 'sha2_256|sha|md5';      #[19];
 +      $cgiparams{'IKE_GROUPTYPE'}  = '8192|6144|4096|3072|2048|1536|1024';            #[20];
        $cgiparams{'IKE_LIFETIME'}   = '1';             #[16];
 -      $cgiparams{'ESP_ENCRYPTION'} = 'aes128|3des';   #[21];
 -      $cgiparams{'ESP_INTEGRITY'}  = 'sha1|md5';      #[22];
 +      $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des';     #[21];
 +      $cgiparams{'ESP_INTEGRITY'}  = 'sha2_256|sha1|md5';     #[22];
        $cgiparams{'ESP_GROUPTYPE'}  = '';              #[23];
        $cgiparams{'ESP_KEYLIFE'}    = '8';             #[17];
 -      $cgiparams{'COMPRESSION'}    = 'off';           #[13];
 +      $cgiparams{'COMPRESSION'}    = 'on';            #[13];
        $cgiparams{'ONLY_PROPOSED'}  = 'off';           #[24];
        $cgiparams{'PFS'}            = 'on';            #[28];
        $cgiparams{'VHOST'}          = 'on';            #[14];
      $checked{'AUTH'}{'auth-dn'} = '';
      $checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
  
 -    $selected{'INTERFACE'}{'RED'} = '';
 -    $selected{'INTERFACE'}{'ORANGE'} = '';
 -    $selected{'INTERFACE'}{'GREEN'} = '';
 -    $selected{'INTERFACE'}{'BLUE'} = '';
 -    $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = "selected='selected'";
 -
      $selected{'DPD_ACTION'}{'clear'} = '';
      $selected{'DPD_ACTION'}{'hold'} = '';
      $selected{'DPD_ACTION'}{'restart'} = '';
        $blob = "<img src='/blob.gif' alt='*' />";
      };
  
 -    print "<tr><td>$Lang::tr{'host ip'}:</td>";
 -    print "<td><select name='INTERFACE'>";
 -    print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED ($vpnsettings{'VPN_IP'})</option>";
 -    print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN ($netsettings{'GREEN_ADDRESS'})</option>";
 -    print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE ($netsettings{'BLUE_ADDRESS'})</option>" if ($netsettings{'BLUE_DEV'} ne '');
 -    print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE ($netsettings{'ORANGE_ADDRESS'})</option>" if ($netsettings{'ORANGE_DEV'} ne '');
 -    print "</select></td>";
      print <<END
 +      <tr>
            <td class='boldbase'>$Lang::tr{'remote host/ip'}:&nbsp;$blob</td>
 -          <td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' /></td>
 -      </tr><tr>
 -          <td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
 -          <td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
 +          <td>
 +              <input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' />
 +          </td>
            <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
 -          <td><input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
 -      </tr><tr>
 +          <td>
 +              <input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' />
 +          </td>
 +      </tr>
 +      <tr>
 +          <td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
 +          <td colspan='3'>
 +              <input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' />
 +          </td>
 +      </tr>
 +      <tr>
            <td class='boldbase'>$Lang::tr{'vpn local id'}:<br />($Lang::tr{'eg'} <tt>&#64;xy.example.com</tt>)</td>
            <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
            <td class='boldbase'>$Lang::tr{'vpn remote id'}:</td>
        </tr><td><br /></td><tr>
            <td>$Lang::tr{'vpn keyexchange'}:</td>
            <td><select name='IKE_VERSION'>
 -              <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
                <option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
 -              </select></a>
 +              <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
 +              </select>
            </td>
            <td>$Lang::tr{'dpd action'}:</td>
            <td><select name='DPD_ACTION'>
                <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
                <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
                <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
 -              </select>&nbsp; <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
 +              </select>
            </td>
        </tr><tr>
 -<!--http://www.openswan.com/docs/local/README.DPD
 -    http://bugs.xelerance.com/view.php?id=156
 -    restart = clear + reinitiate connection
 --->
            <td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></td>
            <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
        </tr>
@@@ -2097,7 -2164,7 +2105,7 @@@ if(($cgiparams{'ACTION'} eq $Lang::tr{'
            goto ADVANCED_ERROR;
        }
        foreach my $val (@temp) {
 -          if ($val !~ /^(sha2_512|sha2_256|sha|md5)$/) {
 +          if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha|md5|aesxcbc)$/) {
                $errormessage = $Lang::tr{'invalid input'};
                goto ADVANCED_ERROR;
            }
            goto ADVANCED_ERROR;
        }
        foreach my $val (@temp) {
 -          if ($val !~ /^(aes256|aes128|3des)$/) {
 +          if ($val !~ /^(aes256|aes192|aes128|3des)$/) {
                $errormessage = $Lang::tr{'invalid input'};
                goto ADVANCED_ERROR;
            }
            goto ADVANCED_ERROR;
        }
        foreach my $val (@temp) {
 -          if ($val !~ /^(sha2_512|sha2_256|sha1|md5)$/) {
 +          if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha1|md5|aesxcbc)$/) {
                $errormessage = $Lang::tr{'invalid input'};
                goto ADVANCED_ERROR;
            }
        }
        if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
 -          $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(1024|1536|2048|3072|4096)$/) {
 +          $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(1024|1536|2048|3072|4096|6144|8192)$/) {
            $errormessage = $Lang::tr{'invalid input'};
            goto ADVANCED_ERROR;
        }
  
      ADVANCED_ERROR:
      $checked{'IKE_ENCRYPTION'}{'aes256'} = '';
 +    $checked{'IKE_ENCRYPTION'}{'aes192'} = '';
      $checked{'IKE_ENCRYPTION'}{'aes128'} = '';
      $checked{'IKE_ENCRYPTION'}{'3des'} = '';
      my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
      foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
      $checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
 +    $checked{'IKE_INTEGRITY'}{'sha2_384'} = '';
      $checked{'IKE_INTEGRITY'}{'sha2_256'} = '';
      $checked{'IKE_INTEGRITY'}{'sha'} = '';
      $checked{'IKE_INTEGRITY'}{'md5'} = '';
 +    $checked{'IKE_INTEGRITY'}{'aesxcbc'} = '';
      @temp = split('\|', $cgiparams{'IKE_INTEGRITY'});
      foreach my $key (@temp) {$checked{'IKE_INTEGRITY'}{$key} = "selected='selected'"; }
      $checked{'IKE_GROUPTYPE'}{'768'} = '';
      # 768 is not supported by strongswan
      $checked{'IKE_GROUPTYPE'}{'768'} = '';
  
 -
      $checked{'ESP_ENCRYPTION'}{'aes256'} = '';
 +    $checked{'ESP_ENCRYPTION'}{'aes192'} = '';
      $checked{'ESP_ENCRYPTION'}{'aes128'} = '';
      $checked{'ESP_ENCRYPTION'}{'3des'} = '';
      @temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
      foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
      $checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
 +    $checked{'ESP_INTEGRITY'}{'sha2_384'} = '';
      $checked{'ESP_INTEGRITY'}{'sha2_256'} = '';
      $checked{'ESP_INTEGRITY'}{'sha1'} = '';
      $checked{'ESP_INTEGRITY'}{'md5'} = '';
 +    $checked{'ESP_INTEGRITY'}{'aesxcbc'} = '';
      @temp = split('\|', $cgiparams{'ESP_INTEGRITY'});
      foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; }
      $checked{'ESP_GROUPTYPE'}{$cgiparams{'ESP_GROUPTYPE'}} = "selected='selected'";
        <tr><td class='boldbase' align='right' valign='top'>$Lang::tr{'ike encryption'}</td><td class='boldbase' valign='top'>
                <select name='IKE_ENCRYPTION' multiple='multiple' size='4'>
                <option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
 +              <option value='aes192' $checked{'IKE_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
                <option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
                <option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>3DES</option>
                </select></td>
  
            <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike integrity'}</td><td class='boldbase' valign='top'>
                <select name='IKE_INTEGRITY' multiple='multiple' size='4'>
 -              <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA</option>
 +              <option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
 +              <option value='sha2_384' $checked{'IKE_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
 +              <option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
 +              <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1</option>
                <option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option>
 +              <option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
                </select></td>
        
            <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike grouptype'}</td><td class='boldbase' valign='top'>
            <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp encryption'}</td><td class='boldbase' valign='top'>
                <select name='ESP_ENCRYPTION' multiple='multiple' size='4'>
                <option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
 +              <option value='aes192' $checked{'ESP_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
                <option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
                <option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>3DES</option>
  
            <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp integrity'}</td><td class='boldbase' valign='top'>
                <select name='ESP_INTEGRITY' multiple='multiple' size='4'>
 +              <option value='sha2_512' $checked{'ESP_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
 +              <option value='sha2_384' $checked{'ESP_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
 +              <option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
                <option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option>
 -              <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option></select></td>
 +              <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option>
 +              <option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
 +              </select></td>
  
            <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp grouptype'}</td><td class='boldbase' valign='top'>
                <select name='ESP_GROUPTYPE'>
      $cgiparams{'VPN_IP'} ='%defaultroute' if ($cgiparams{'VPN_IP'} eq '');
      
      $cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'}));
 -    $checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
 -    map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
 -      ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
 -       'DBG_DNS'));
 -
 +    $checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : '';
  
      &Header::showhttpheaders();
      &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
        <td width='20%'><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' /></td>
        <td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'} /></td>
      </tr>
 -END
 -    ;
 -    print <<END
 -    <tr>
 -      <td class='base' nowrap='nowrap'>$Lang::tr{'override mtu'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
 -      <td ><input type='text' name='VPN_OVERRIDE_MTU' value='$cgiparams{'VPN_OVERRIDE_MTU'}' /></td>
 -    </tr>
  END
      ;
  print <<END
        <td ><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>
      </tr>
   </table>
 -<p>$Lang::tr{'vpn watch'}:<input type='checkbox' name='VPN_WATCH' $checked{'VPN_WATCH'} /></p>
 -<p>PLUTO DEBUG&nbsp;=
 -crypt:<input type='checkbox' name='DBG_CRYPT' $checked{'DBG_CRYPT'} />,&nbsp;
 -parsing:<input type='checkbox' name='DBG_PARSING' $checked{'DBG_PARSING'} />,&nbsp;
 -emitting:<input type='checkbox' name='DBG_EMITTING' $checked{'DBG_EMITTING'} />,&nbsp;
 -control:<input type='checkbox' name='DBG_CONTROL' $checked{'DBG_CONTROL'} />,&nbsp;
 -dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />&nbsp;
  <hr />
  <table width='100%'>
  <tr>
diff --combined lfs/stage2
@@@ -63,11 -63,9 +63,11 @@@ $(TARGET) 
        
        # Symlinks
        # for this reason, stage2 rebuild will broke the iso:perl, grubbatch
 -      -ln -sv /tools/bin/{bash,cat,grep,pwd,stty} /bin
 +      -ln -sv /tools/bin/{bash,cat,echo,pwd,stty} /bin
        -ln -sv /tools/bin/perl /usr/bin
        -ln -sv /tools/lib/libgcc_s.so{,.1} /usr/lib
 +      -ln -sv /tools/lib/libstdc++.so{,.6} /usr/lib
 +      sed 's/tools/usr/' /tools/lib/libstdc++.la > /usr/lib/libstdc++.la
        -ln -sv bash /bin/sh
  
        # Config files
            [ -f $$i ] && cp $$i /etc/profile.d; \
        done
        chmod 755 /etc/bashrc
 -      ln -svf ../bashrc /etc/profile.d/bashrc.sh
 +
 +      # Install root's bash files.
 +      for i in $(DIR_SRC)/config/bash/dot_*; do \
 +              [ -f $$i ] && cp $$i /root/$$(basename $${i/dot_/\.}); \
 +      done
  
        # Scripts
        for i in `find $(DIR_SRC)/src/scripts -maxdepth 1 -type f`; do \
@@@ -95,6 -89,9 +95,9 @@@
            chmod 755 /usr/local/bin/`basename $$i`; \
        done
  
+       # Move script to correct place.
+       mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
        # Nobody user
        -mkdir -p /home/nobody
        chown -R nobody:nobody /home/nobody
diff --combined make.sh
+++ b/make.sh
@@@ -24,9 -24,9 +24,9 @@@
  
  NAME="IPFire"                                                 # Software name
  SNAME="ipfire"                                                        # Short name
 -VERSION="2.11"                                                        # Version number
 +VERSION="2.13"                                                        # Version number
- CORE="64"                                                     # Core Level (Filename)
- PAKFIRE_CORE="64"                                             # Core Level (PAKFIRE)
+ CORE="65"                                                     # Core Level (Filename)
+ PAKFIRE_CORE="65"                                             # Core Level (PAKFIRE)
  GIT_BRANCH=`git status | head -n1 | cut -d" " -f4`            # Git Branch
  SLOGAN="www.ipfire.org"                                               # Software slogan
  CONFIG_ROOT=/var/ipfire                                               # Configuration rootdir
@@@ -37,11 -37,12 +37,11 @@@ KVER=`grep --max-count=1 VER lfs/linux 
  MACHINE=`uname -m`
  GIT_TAG=$(git tag | tail -1)                                  # Git Tag
  GIT_LASTCOMMIT=$(git log | head -n1 | cut -d" " -f2 |head -c8)        # Last commit
 -TOOLCHAINVER=3
 +TOOLCHAINVER=6
  
  BUILDMACHINE=$MACHINE
      if [ "$MACHINE" = "x86_64" ]; then
          BUILDMACHINE="i686";
 -        linux32="linux32";
      fi
  
  
@@@ -213,10 -214,15 +213,10 @@@ prepareenv() 
      mount --bind $BASEDIR/log    $BASEDIR/build/usr/src/log
      mount --bind $BASEDIR/src    $BASEDIR/build/usr/src/src
  
 -    # This is a temporary hack!!!
 -    if [ ! -f /tools/bin/hostname ]; then
 -      cp -f /bin/hostname /tools/bin/hostname 2>/dev/null
 -    fi
 -
      # Run LFS static binary creation scripts one by one
      export CCACHE_DIR=$BASEDIR/ccache
      export CCACHE_COMPRESS=1
 -    export CCACHE_HASHDIR=1
 +    export CCACHE_COMPILERCHECK="none"
  
      # Remove pre-install list of installed files in case user erase some files before rebuild
      rm -f $BASEDIR/build/usr/src/lsalr 2>/dev/null
@@@ -226,7 -232,7 +226,7 @@@ buildtoolchain() 
      local error=false
      case "${MACHINE}:$(uname -m)" in
          # x86
 -        i586:i586|i586:i686)
 +        i586:i586|i586:i686|i586:x86_64)
              # These are working.
              ;;
          i586:*)
              ;;
  
          # ARM
 -        armv5tel:armv5tel|armv5tel:armv5tejl|armv5tel:armv7l)
 +        armv5tel:armv5tel|armv5tel:armv5tejl|armv5tel:armv6l|armv5tel:armv7l)
              # These are working.
              ;;
          armv5tel:*)
      ${error} && \
          exiterror "Cannot build ${MACHINE} toolchain on $(uname -m). Please use the download if any."
  
 -    if [ "$(uname -r | grep ipfire)" ]; then
 -        exiterror "Cannot build toolchain on ipfire. Please use the download."
 +    local gcc=$(type -p gcc)
 +    if [ -z "${gcc}" ]; then
 +        exiterror "Could not find GCC. You will need a working build enviroment in order to build the toolchain."
      fi
  
      LOGFILE="$BASEDIR/log/_build.toolchain.log"
      export LOGFILE
 -    NATIVEGCC=`gcc --version | grep GCC | awk {'print $3'}`
 -    export NATIVEGCC GCCmajor=${NATIVEGCC:0:1} GCCminor=${NATIVEGCC:2:1} GCCrelease=${NATIVEGCC:4:1}
 -    ORG_PATH=$PATH
 -    lfsmake1 ccache   PASS=1
 -    lfsmake1 make     PASS=1
 -    lfsmake1 binutils PASS=1
 -    lfsmake1 gcc              PASS=1
 -    export PATH=$BASEDIR/build/usr/local/bin:$BASEDIR/build/tools/bin:$PATH
 -    if [ "${MACHINE_TYPE}" = "arm" ]; then
 -        lfsmake1 linux TOOLS=1 HEADERS=1
 -    else
 -        lfsmake1 linux-libc-header
 -    fi
 +
 +    local ORG_PATH=$PATH
 +    export PATH="/tools/ccache/bin:/tools/bin:$PATH"
 +    lfsmake1 ccache                   PASS=1
 +    lfsmake1 binutils                 PASS=1
 +    lfsmake1 gcc                      PASS=1
 +    lfsmake1 linux                    TOOLS=1 KCFG="-headers"
      lfsmake1 glibc
 -    lfsmake1 cleanup-toolchain PASS=1
 -    lfsmake1 fake-environ
 +    lfsmake1 cleanup-toolchain                PASS=1
 +    lfsmake1 binutils                 PASS=2
 +    lfsmake1 gcc                      PASS=2
 +    lfsmake1 ccache                   PASS=2
      lfsmake1 tcl
      lfsmake1 expect
      lfsmake1 dejagnu
 -    lfsmake1 gcc              PASS=2
 -    lfsmake1 binutils PASS=2
 -    lfsmake1 ccache   PASS=2
      lfsmake1 ncurses
      lfsmake1 bash
      lfsmake1 bzip2
      lfsmake1 grep
      lfsmake1 gzip
      lfsmake1 m4
 -    lfsmake1 make     PASS=2
 +    lfsmake1 make
      lfsmake1 patch
      lfsmake1 perl
      lfsmake1 sed
      lfsmake1 tar
      lfsmake1 texinfo
 -    lfsmake1 util-linux
 -    lfsmake1 strip
 -    lfsmake1 cleanup-toolchain        PASS=2
 +    lfsmake1 xz
 +    lfsmake1 fake-environ
 +    lfsmake1 cleanup-toolchain                PASS=2
      export PATH=$ORG_PATH
  }
  
@@@ -294,19 -306,17 +294,19 @@@ buildbase() 
      LOGFILE="$BASEDIR/log/_build.base.log"
      export LOGFILE
      lfsmake2 stage2
 -    if [ "${MACHINE_TYPE}" = "arm" ]; then
 -        lfsmake2 linux HEADERS=1
 -    else
 -        lfsmake2 linux-libc-header
 -    fi
 +    lfsmake2 linux                    KCFG="-headers"
      lfsmake2 man-pages
      lfsmake2 glibc
      lfsmake2 tzdata
 -    lfsmake2 cleanup-toolchain        PASS=3
 +    lfsmake2 cleanup-toolchain                PASS=3
 +    lfsmake2 zlib
      lfsmake2 binutils
 +    lfsmake2 gmp
 +    lfsmake2 gmp-compat
 +    lfsmake2 mpfr
 +    lfsmake2 file
      lfsmake2 gcc
 +    lfsmake2 sed
      lfsmake2 berkeley
      lfsmake2 coreutils
      lfsmake2 iana-etc
      lfsmake2 bison
      lfsmake2 ncurses
      lfsmake2 procps
 -    lfsmake2 sed
      lfsmake2 libtool
      lfsmake2 perl
      lfsmake2 readline
 -    lfsmake2 zlib
 +    lfsmake2 readline-compat
 +    lfsmake2 pcre
 +    lfsmake2 pcre-compat
      lfsmake2 autoconf
      lfsmake2 automake
      lfsmake2 bash
      lfsmake2 diffutils
      lfsmake2 e2fsprogs
      lfsmake2 ed
 -    lfsmake2 file
      lfsmake2 findutils
      lfsmake2 flex
      lfsmake2 gawk
      lfsmake2 iproute2
      lfsmake2 kbd
      lfsmake2 less
 -    lfsmake2 libaal
      lfsmake2 make
      lfsmake2 man
      lfsmake2 mktemp
      lfsmake2 net-tools
      lfsmake2 patch
      lfsmake2 psmisc
 -    lfsmake2 reiser4progs
      lfsmake2 shadow
      lfsmake2 sysklogd
      lfsmake2 sysvinit
      lfsmake2 udev
      lfsmake2 util-linux
      lfsmake2 vim
 +    lfsmake2 xz
      lfsmake2 grub
  }
  
@@@ -371,18 -382,20 +371,18 @@@ buildipfire() 
    ipfiremake pptp
    ipfiremake unzip
    ipfiremake which
 -  ipfiremake xz
    ipfiremake linux-firmware
 +  ipfiremake dvb-firmwares
    ipfiremake zd1211-firmware
 -  ipfiremake fw_ath9k_htc
 +  ipfiremake rpi-firmware
    ipfiremake u-boot
  
 -  # The xen and PAE kernels are only available for x86
    if [ "${MACHINE_TYPE}" != "arm" ]; then
 -    ipfiremake linux                  KCFG="-xen"
 -    ipfiremake kqemu                  KCFG="-xen"
 +
 +    # x86-xen (Legacy XEN) kernel build
 +    ipfiremake linux2                 KCFG="-xen"
      ipfiremake v4l-dvb                        KCFG="-xen"
 -    ipfiremake madwifi                        KCFG="-xen"
      ipfiremake mISDN                  KCFG="-xen"
 -    ipfiremake dahdi                  KCFG="-xen" KMOD=1
      ipfiremake cryptodev              KCFG="-xen"
      ipfiremake compat-wireless                KCFG="-xen"
      ipfiremake r8169                  KCFG="-xen"
      ipfiremake e1000                  KCFG="-xen"
      ipfiremake e1000e                 KCFG="-xen"
      ipfiremake igb                    KCFG="-xen"
 +
 +    # x86-pae (Native and new XEN) kernel build
      ipfiremake linux                  KCFG="-pae"
 -    ipfiremake kqemu                  KCFG="-pae"
      ipfiremake kvm-kmod                       KCFG="-pae"
      ipfiremake v4l-dvb                        KCFG="-pae"
 -    ipfiremake madwifi                        KCFG="-pae"
 -    ipfiremake alsa                   KCFG="-pae" KMOD=1
      ipfiremake mISDN                  KCFG="-pae"
 -    ipfiremake dahdi                  KCFG="-pae" KMOD=1
      ipfiremake cryptodev              KCFG="-pae"
      ipfiremake compat-wireless                KCFG="-pae"
 -#    ipfiremake r8169                 KCFG="-pae"
 -#    ipfiremake r8168                 KCFG="-pae"
 -#    ipfiremake r8101                 KCFG="-pae"
 -    ipfiremake e1000                  KCFG="-pae"
 +    ipfiremake r8169                  KCFG="-pae"
 +    ipfiremake r8168                  KCFG="-pae"
 +    ipfiremake r8101                  KCFG="-pae"
      ipfiremake e1000e                 KCFG="-pae"
      ipfiremake igb                    KCFG="-pae"
 +
 +    # x86 kernel build
      ipfiremake linux                  KCFG=""
 -    ipfiremake v4l-dvb                        KCFG=""
 -    ipfiremake kqemu                  KCFG=""
      ipfiremake kvm-kmod                       KCFG=""
 -    ipfiremake madwifi                        KCFG=""
 -    ipfiremake alsa                   KCFG="" KMOD=1
 +    ipfiremake v4l-dvb                        KCFG=""
      ipfiremake mISDN                  KCFG=""
 -    ipfiremake dahdi                  KCFG="" KMOD=1
      ipfiremake cryptodev              KCFG=""
      ipfiremake compat-wireless                KCFG=""
 -#    ipfiremake r8169                 KCFG=""
 -#    ipfiremake r8168                 KCFG=""
 -#    ipfiremake r8101                 KCFG=""
 -    ipfiremake e1000                  KCFG=""
 +    ipfiremake r8169                  KCFG=""
 +    ipfiremake r8168                  KCFG=""
 +    ipfiremake r8101                  KCFG=""
      ipfiremake e1000e                 KCFG=""
      ipfiremake igb                    KCFG=""
 +
    else
 -    # arm-versatile kernel build
 -    ipfiremake linux                  KCFG="-versatile"
 -    ipfiremake v4l-dvb                        KCFG="-versatile"
 -    ipfiremake kqemu                  KCFG="-versatile"
 -    ipfiremake kvm-kmod                       KCFG="-versatile"
 -    ipfiremake madwifi                        KCFG="-versatile"
 -    ipfiremake mISDN                  KCFG="-versatile"
 -    ipfiremake dahdi                  KCFG="-versatile" KMOD=1
 -    ipfiremake cryptodev              KCFG="-versatile"
 -    ipfiremake compat-wireless                KCFG="-versatile"
 -#  ipfiremake r8169                   KCFG="-versatile"
 -#  ipfiremake r8168                   KCFG="-versatile"
 -#  ipfiremake r8101                   KCFG="-versatile"
 -    ipfiremake e1000                  KCFG="-versatile"
 -    ipfiremake e1000e                 KCFG="-versatile"
 -    ipfiremake igb                    KCFG="-versatile"
 -    # arm-kirkwood kernel build
 +    # arm-rpi (Raspberry Pi) kernel build
 +    ipfiremake linux                  KCFG="-rpi"
 +    ipfiremake v4l-dvb                        KCFG="-rpi"
 +    ipfiremake mISDN                  KCFG="-rpi" NOPCI=1
 +    ipfiremake cryptodev              KCFG="-rpi"
 +    ipfiremake compat-wireless                KCFG="-rpi"
 +
 +    # arm-omap (Panda Board) kernel build
 +    ipfiremake linux                  KCFG="-omap"
 +    ipfiremake v4l-dvb                        KCFG="-omap"
 +    ipfiremake mISDN                  KCFG="-omap" NOPCI=1
 +    ipfiremake cryptodev              KCFG="-omap"
 +    ipfiremake compat-wireless                KCFG="-omap"
 +
 +    # arm-kirkwood (Dreamplug, ICY-Box ...) kernel build
      ipfiremake linux                  KCFG="-kirkwood"
      ipfiremake v4l-dvb                        KCFG="-kirkwood"
 -    ipfiremake kqemu                  KCFG="-kirkwood"
 -    ipfiremake kvm-kmod                       KCFG="-kirkwood"
 -    ipfiremake madwifi                        KCFG="-kirkwood"
      ipfiremake mISDN                  KCFG="-kirkwood"
 -    ipfiremake dahdi                  KCFG="-kirkwood" KMOD=1
      ipfiremake cryptodev              KCFG="-kirkwood"
      ipfiremake compat-wireless                KCFG="-kirkwood"
 -#  ipfiremake r8169                   KCFG="-kirkwood"
 -#  ipfiremake r8168                   KCFG="-kirkwood"
 -#  ipfiremake r8101                   KCFG="-kirkwood"
 -    ipfiremake e1000                  KCFG="-kirkwood"
 +    ipfiremake r8169                  KCFG="-kirkwood"
 +    ipfiremake r8168                  KCFG="-kirkwood"
 +    ipfiremake r8101                  KCFG="-kirkwood"
      ipfiremake e1000e                 KCFG="-kirkwood"
      ipfiremake igb                    KCFG="-kirkwood"
 +
    fi
    ipfiremake pkg-config
    ipfiremake linux-atm
    ipfiremake dracut
    ipfiremake expat
    ipfiremake gdbm
 -  ipfiremake gmp
    ipfiremake pam
    ipfiremake openssl
    ipfiremake curl
    ipfiremake iptables
    ipfiremake libupnp
    ipfiremake ipaddr
 -  ipfiremake iptstate
    ipfiremake iputils
    ipfiremake l7-protocols
    ipfiremake mISDNuser
    ipfiremake capi4k-utils
    ipfiremake hwdata
 -  ipfiremake kudzu
    ipfiremake logrotate
    ipfiremake logwatch
    ipfiremake misc-progs
    ipfiremake python-mechanize
    ipfiremake python-feedparser
    ipfiremake python-rssdler
 +  ipfiremake libffi
    ipfiremake glib
    ipfiremake GeoIP
    ipfiremake fwhits
    ipfiremake noip_updater
    ipfiremake ntp
    ipfiremake openssh
 +  ipfiremake fontconfig
 +  ipfiremake dejavu-fonts-ttf
 +  ipfiremake freefont
 +  ipfiremake pixman
 +  ipfiremake cairo
 +  ipfiremake pango
    ipfiremake rrdtool
    ipfiremake setserial
    ipfiremake setup
    ipfiremake traceroute
    ipfiremake vlan
    ipfiremake wireless
 -  ipfiremake libsafe
    ipfiremake pakfire
    ipfiremake spandsp
    ipfiremake lzo
    ipfiremake wget
    ipfiremake bridge-utils
    ipfiremake screen
 -  ipfiremake hddtemp
    ipfiremake smartmontools
    ipfiremake htop
    ipfiremake postfix
    ipfiremake cmake
    ipfiremake gnump3d
    ipfiremake libsigc++
 -  ipfiremake applejuice
    ipfiremake libtorrent
    ipfiremake rtorrent
 -  ipfiremake ipfireseeder
    ipfiremake rsync
    ipfiremake tcpwrapper
    ipfiremake libevent
    ipfiremake vsftpd
    ipfiremake strongswan
    ipfiremake lsof
 -  ipfiremake centerim
    ipfiremake br2684ctl
    ipfiremake pcmciautils
    ipfiremake lm_sensors
    ipfiremake fbset
    ipfiremake sdl
    ipfiremake qemu
 -  ipfiremake qemu-kqemu
    ipfiremake sane
    ipfiremake netpbm
    ipfiremake phpSANE
    ipfiremake nagios
    ipfiremake nagios_nrpe
    ipfiremake ebtables
 -  ipfiremake fontconfig
 -  ipfiremake freefont
    ipfiremake directfb
    ipfiremake dfb++
    ipfiremake faad2
    ipfiremake ffmpeg
 -  ipfiremake videolan
    ipfiremake vdr
    ipfiremake w_scan
    ipfiremake icecast
    ipfiremake iw
    ipfiremake wpa_supplicant
    ipfiremake hostapd
 +  ipfiremake pycurl
    ipfiremake urlgrabber
    ipfiremake syslinux
    ipfiremake tftpd
    ipfiremake netcat
    ipfiremake 7zip
    ipfiremake lynis
 -  ipfiremake splix
    ipfiremake streamripper
    ipfiremake sshfs
    ipfiremake taglib
    ipfiremake nut
    ipfiremake watchdog
    ipfiremake libpri
 -  ipfiremake dahdi
    ipfiremake asterisk
    ipfiremake lcr
    ipfiremake usb_modeswitch
    ipfiremake python-progressbar
    ipfiremake python-xattr
    ipfiremake intltool
 -  ipfiremake pakfire3-deps
    ipfiremake transmission
    ipfiremake dpfhack
    ipfiremake lcd4linux
    ipfiremake mtr
    ipfiremake tcpick
    ipfiremake minidlna
 +  ipfiremake acpid
    ipfiremake fping
    ipfiremake telnet
 +  ipfiremake libgpg-error
 +  ipfiremake libassuan
 +  ipfiremake gpgme
 +  ipfiremake pygpgme
 +  ipfiremake pakfire3
+   ipfiremake stress
+   ipfiremake libstatgrab
+   ipfiremake sarg
    echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
    cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
    echo >> $BASEDIR/build/var/ipfire/firebuild
    echo >> $BASEDIR/build/var/ipfire/firebuild
    cat /proc/cpuinfo >> $BASEDIR/build/var/ipfire/firebuild
    echo $PAKFIRE_CORE > $BASEDIR/build/opt/pakfire/db/core/mine
 -  if [ "$GIT_BRANCH" = "master" -o "$GIT_BRANCH" = "next" ]; then
 -      echo "$NAME $VERSION ($MACHINE) - Development Build: $GIT_LASTCOMMIT" > $BASEDIR/build/etc/system-release
 -  else
 -      echo "$NAME $VERSION ($MACHINE) - $GIT_BRANCH" > $BASEDIR/build/etc/system-release
 -  fi
 +  case "$GIT_BRANCH" in
 +      core*)
 +          echo "$NAME $VERSION ($MACHINE) - $GIT_BRANCH" > $BASEDIR/build/etc/system-release
 +          ;;
 +      *)
 +          echo "$NAME $VERSION ($MACHINE) - Development Build: $GIT_BRANCH/$GIT_LASTCOMMIT" > $BASEDIR/build/etc/system-release
 +          ;;
 +  esac
  }
  
  buildinstaller() {
    ipfiremake mbr
    ipfiremake memtest
    ipfiremake installer
 -  cp -f $BASEDIR/doc/COPYING $BASEDIR/build/install/initrd/
    installmake strip
    ipfiremake initrd
  }
@@@ -824,8 -850,6 +827,8 @@@ buildpackages() 
    if [ $BUILD_IMAGES == 1 ] && ([ -e /dev/loop/0 ] || [ -e /dev/loop0 ]) && [ "${MACHINE_TYPE}" != "arm" ]; then
          cp -f $BASEDIR/packages/linux-xen-*.ipfire $LFS/install/packages/
          cp -f $BASEDIR/packages/meta-linux-xen $LFS/install/packages/
 +        cp -f $BASEDIR/packages/linux-pae-*.ipfire $LFS/install/packages/
 +        cp -f $BASEDIR/packages/meta-linux-pae $LFS/install/packages/
        ipfiremake xen-image
        rm -rf $LFS/install/packages/linux-xen-*.ipfire
        rm -rf $LFS/install/packages/meta-linux-xen
@@@ -862,7 -886,7 +865,7 @@@ ipfirepackages() 
        ipfiremake core-updates
  
        local i
 -      for i in $(find $BASEDIR/config/rootfiles/packages{${machine},} -maxdepth 1 -type f); do
 +      for i in $(find $BASEDIR/config/rootfiles/packages{/${MACHINE},} -maxdepth 1 -type f); do
                i=$(basename ${i})
                if [ -e $BASEDIR/lfs/$i ]; then
                        ipfiredist $i
@@@ -1017,7 -1041,9 +1020,7 @@@ toolchain
        echo "`date -u '+%b %e %T'`: Create toolchain tar.gz for $MACHINE" | tee -a $LOGFILE
        test -d $BASEDIR/cache/toolchains || mkdir -p $BASEDIR/cache/toolchains
        cd $BASEDIR && tar -zc --exclude='log/_build.*.log' -f cache/toolchains/$SNAME-$VERSION-toolchain-$TOOLCHAINVER-$MACHINE.tar.gz \
 -              build/{bin,etc,usr/bin,usr/local} \
 -              build/tools/{bin,etc,*-linux-gnu*,include,lib,libexec,sbin,share,var} \
 -              log >> $LOGFILE
 +              build/tools build/bin/sh log >> $LOGFILE
        md5sum cache/toolchains/$SNAME-$VERSION-toolchain-$TOOLCHAINVER-$MACHINE.tar.gz \
                > cache/toolchains/$SNAME-$VERSION-toolchain-$TOOLCHAINVER-$MACHINE.md5
        stdumount