This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 60490558f655b7184879f5574520852d3f08a6ee (commit) via 6eac34e43185a6ee04f9ee86b4cfa40fdc176615 (commit) via 1d91ea28f9dcd640c39fa68df9c400b22ae0879c (commit) via 02ad01eb9f8942d687246cec46e838f74b28face (commit) via 1ec32691e9d3bff913b5701178ddceacae3f8e1f (commit) via 510a670253de9d93fec967a72a3f0e32650eb164 (commit) via d8bef72e7686539769debd5e914d69d6ec28fc68 (commit) via beae0121b740ad235a9ecea866a4bc4789279ad0 (commit) via 415fb8b5bd4509f274515408e8e36c308e05f497 (commit) via c82aa03e2c14f8380ada3f38011990bf49cfe9c4 (commit) via f7b1fe542f6734b597821cba0e2f75d6bc6e5cb1 (commit) via 83596e7059b772e657ea74e07ca279eb888325d8 (commit) via 4ae9d47ba3b72f8007c43256e1533a088abffe53 (commit) via 9cc131cc5ad1d8c733c033a7b451e73508835d2b (commit) via f64cbda3d1983204b5624b55498977020829894a (commit) via 5cc921b474c991c36120d29c8974dcb8734ebc65 (commit) via 62e116567adf025d1ecc4e290b0dcbb3fb886fb2 (commit) via 3e5d4e6f83a75412ef9b9205829cf5102d504d25 (commit) via 8d82903c0d2fbf8180a5d07681af9872e86a0611 (commit) via df67c7a80e8a3465384ed818fa50ac75d0db31a0 (commit) via 7487e2340ec92cb401413f880c7d37c329d8e7ed (commit) via 527c3f39b8af9399619eaca5b5e4feace9f0f2f3 (commit) via 590e4a38bfb35640cc8ca2bd3cd624ff6e947e8c (commit) via ca6dc5ad5e74c19e6414491f4b902803453b5639 (commit) via 3e9f88bc65213150f0fc975f360d835c1423f622 (commit) via 42541ddb7eb2196951fc5353012324ca0575790c (commit) via 961a27b5e2285da9953abf00b265fbb37e744c4a (commit) via c8b068a2b5a3965e10adf01b0e231cfbd3a0384c (commit) via bb2696da35b7e92515dddd6ec18644974bb78dc9 (commit) via a40ee6b9bf36410664536e1b591ae0982678fba7 (commit) via 30ee98e949097ee91e92987c2303c15c71cb0ae3 (commit) via e93959a7aab3e47248930e53fcde94c098a6e012 (commit) via be8afd151f95cf6b2a77e73524c42628600cd543 (commit) via 90582bb01e41bd700421f59587724f395a57d951 (commit) via 583687a88d263b68b4fdb27e78a7b65120d21088 (commit) via 1141bc69c9b218717699c1ee02ed06e566aea96b (commit) via 4636ed66c6c12c7c17ea05ffaa2242b4b0355990 (commit) via 856cdf15df30e3cab170581b2cd3e4c19fbb9170 (commit) via e153efaf11a673a02ff81b10e09305463d22ffaf (commit) via 1826c42b9e7bf55b9afd9ac39799554892e751f9 (commit) via fa5274763c55515dc1a0e519da3582b0fec440b8 (commit) via c86bf0bf2484213e6ada44be65d70b4fca1f8ef9 (commit) via cdf373c8fc1c9262afc0954816c2244006c8a4e2 (commit) via d93b76a00eab09ef1e7c9327ec1f1b703e6fb801 (commit) via a0926f75e0691527688a5bb0b964acae4f204bff (commit) via 64e0b8a5afabc66a9da6586a1c23cf2ce1d7b6d4 (commit) via 31a36bb951818457c2505a32cfc110f7e7cc9bf0 (commit) via cb41e4a9a9bf9e860f65110422820a0267492bf5 (commit) via eeb1a2a219ae844b1a130e28fa3b394ad7a4f260 (commit) via bc456dd750a09b8d86089d00f27308a17145f10d (commit) via 39bf8c634163c92939693b090af6bfcdb2226b46 (commit) via 095bf494074994c5a2cd867f3b00603de95ed207 (commit) via 0a340fbe1e76323afc7473b296dec871f3d820b0 (commit) via 8f9c4081b41783505f24a3c43404d5ad82e067c1 (commit) via d5ccd924e04ff4e4a71293aa488870bc7767ef6e (commit) from c772b7550c4dd06f7945e32cc6af47e8f6a0f229 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 60490558f655b7184879f5574520852d3f08a6ee Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 02:42:54 2019 +0000
core138: fix rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6eac34e43185a6ee04f9ee86b4cfa40fdc176615 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 01:55:46 2019 +0000
intel-microcode: fix rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1d91ea28f9dcd640c39fa68df9c400b22ae0879c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 01:55:09 2019 +0000
bash: fix rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 02ad01eb9f8942d687246cec46e838f74b28face Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 20:08:41 2019 +0000
core138: fix intel-microcode rootfile link
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1ec32691e9d3bff913b5701178ddceacae3f8e1f Author: Peter Müller peter.mueller@ipfire.org Date: Wed Nov 13 19:18:00 2019 +0000
intel-microcode: update to 20191112
For release notes, refer to: - https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform... - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases...
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 510a670253de9d93fec967a72a3f0e32650eb164 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:56:11 2019 +0000
qemu: remove sdl from dependency list
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d8bef72e7686539769debd5e914d69d6ec28fc68 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:55:17 2019 +0000
qemu: switch to xz compressed source
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit beae0121b740ad235a9ecea866a4bc4789279ad0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:45:14 2019 +0000
core138: add bash, readline and readline-compat
commit 415fb8b5bd4509f274515408e8e36c308e05f497 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 12 17:15:00 2019 +0000
bash: update to 5.0 (patchlevel 11)
The third version of this patch also includes patches 1-11 for version 5.0, drops orphaned 4.3 patches, and fixes rootfile mistakes reported by Arne.
Please refer to https://tiswww.case.edu/php/chet/bash/bashtop.html for release notes.
Cc: Michael Tremer michael.tremer@ipfire.org Cc: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c82aa03e2c14f8380ada3f38011990bf49cfe9c4 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 12 17:14:00 2019 +0000
readline: update to 8.0 (patchlevel 1)
The third version of this patch fixes missing rootfile changes, drops orphaned readline 5.2 patches (as they became obsolete due to readline-compat changes), includes readline 8.0 upstream patch, and keeps the for-loop in LFS file (as commented by Michael).
Cc: Michael Tremer michael.tremer@ipfire.org Cc: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f7b1fe542f6734b597821cba0e2f75d6bc6e5cb1 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Tue Nov 12 15:59:00 2019 +0000
readline-compat: update to 6.3
This is necessary as many add-ons still need readline-compat as they cannot link against readline 8.0, yet.
Reported-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 83596e7059b772e657ea74e07ca279eb888325d8 Author: Stephan Feddersen sfeddersen@ipfire.org Date: Tue Nov 12 21:34:00 2019 +0100
wio-1.3.2-7: fixed bug with arp client import
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4ae9d47ba3b72f8007c43256e1533a088abffe53 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 12 09:09:01 2019 +0100
ddns: Import rename NoIP.com handle back to no-ip.com patch
This patch is required for compatiblity reasons for any existing configurations.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9cc131cc5ad1d8c733c033a7b451e73508835d2b Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:03:02 2019 +0000
Update qemu to version 4.1.0
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f64cbda3d1983204b5624b55498977020829894a Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:03:01 2019 +0000
qemu: disable sdl and documentation
A newer version of qemu does not build anymore with our version of sdl. I tried around a little bit and as I have not got a clue why we are using sdl (spice and remote access still works) I think we should disable it.
I disabled the generation of the documentation as well but this switch does not seem to have any effect.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5cc921b474c991c36120d29c8974dcb8734ebc65 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:03:00 2019 +0000
Libvirt: enable lvm
This was requested in the forum:
https://forum.ipfire.org/viewtopic.php?f=17&t=21872&p=120243&hil...
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 62e116567adf025d1ecc4e290b0dcbb3fb886fb2 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:02:59 2019 +0000
Libvirt: update to version 5.6.0
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3e5d4e6f83a75412ef9b9205829cf5102d504d25 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:02:58 2019 +0000
libvirt: use a custom config file
The patch which adjusts the options for IPFire in the libvirtd.conf does not apply in a newer version of libvirt. Creating this patch is harder than to use a separate config file.
This separate config file also enables us to adjust options much faster.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8d82903c0d2fbf8180a5d07681af9872e86a0611 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:02:57 2019 +0000
Libvirt: disable Wireshark
When I try to build libvirt a second-time without ./make.sh clean between the two builds, libvirt tries to link against Wireshark and fails. This configure option solves the problem.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit df67c7a80e8a3465384ed818fa50ac75d0db31a0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:37:47 2019 +0000
core138: add squid
commit 7487e2340ec92cb401413f880c7d37c329d8e7ed Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Nov 8 17:47:06 2019 +0100
squid: Update to 4.9
For details see: http://www.squid-cache.org/Versions/v4/changesets/
Fixes CVE-2019-12526, CVE-2019-12523, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678 and CVE-2019-18679
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 527c3f39b8af9399619eaca5b5e4feace9f0f2f3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 19:23:41 2019 +0100
ddns: Import upstream patch for NoIP.com
Reference: #11561.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 590e4a38bfb35640cc8ca2bd3cd624ff6e947e8c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:33:53 2019 +0000
core138: add ddns
commit ca6dc5ad5e74c19e6414491f4b902803453b5639 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:33:31 2019 +0000
core138: add logwatch
commit 3e9f88bc65213150f0fc975f360d835c1423f622 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:37:44 2019 +0100
ddns: Update to 012
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 42541ddb7eb2196951fc5353012324ca0575790c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:20:17 2019 +0000
core138: add suricata changes
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 961a27b5e2285da9953abf00b265fbb37e744c4a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:32:02 2019 +0100
suricata: Use DNS_SERVERS declaration from external file.
These settings now will be read from /var/ipfire/suricata/suricata-dns-servers.yaml, which will be generated by the generate_dns_servers_file() function, located in ids-functions.pl and called by various scripts.
Fixes #12166.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c8b068a2b5a3965e10adf01b0e231cfbd3a0384c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:32:01 2019 +0100
red.up: Generate Suricata DNS servers file on reconnect.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bb2696da35b7e92515dddd6ec18644974bb78dc9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:32:00 2019 +0100
convert-snort: Generate DNS servers file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a40ee6b9bf36410664536e1b591ae0982678fba7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:31:59 2019 +0100
ids.cgi: Generate and store the DNS server configuration.
This will be done by the recently added generate_dns_servers_file() function from ids-functions.pl.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 30ee98e949097ee91e92987c2303c15c71cb0ae3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:31:58 2019 +0100
ids-functions.pl: Introduce generate_dns_servers_file()
This function is used to generate a yaml file which take care of the current used DNS configuration and should be included in the main suricata config file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e93959a7aab3e47248930e53fcde94c098a6e012 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Nov 5 09:07:46 2019 +0100
logwatch: Update to 7.5.2
For details see: https://build.opensuse.org/package/view_file/server:monitoring/logwatch/Chan...
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit be8afd151f95cf6b2a77e73524c42628600cd543 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Mon Nov 4 18:53:00 2019 +0000
Apache: deny framing of WebUI from different origins
There is no legitimate reason to do this. Setting header X-Frame-Options to "sameorigin" is necessary for displaying some collectd graphs on the WebUI.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 90582bb01e41bd700421f59587724f395a57d951 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:10:03 2019 +0000
core138: add ipfire-interface.conf
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 583687a88d263b68b4fdb27e78a7b65120d21088 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Mon Nov 4 18:52:00 2019 +0000
Apache: prevent Referrer leaks via WebUI
By default, even modern browsers sent the URL of ther originating site to another one when accessing hyperlinks. This is an information leak and may expose internal details (such as FQDN or IP address) of an IPFire installation to a third party.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1141bc69c9b218717699c1ee02ed06e566aea96b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:08:02 2019 +0000
core138: add ipfire-interface-ssl.conf
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4636ed66c6c12c7c17ea05ffaa2242b4b0355990 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Mon Nov 4 18:35:00 2019 +0000
Apache: drop CBC ciphers for WebUI
CBC ciphers contain some known vulnerabilities and should not be used anymore. While dropping them for OpenSSL clients or public web servers still causes interoperability problems with legacy setups, they can be safely removed from IPFire's administrative UI.
This patch changes the used cipersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
Since TLS 1.3 ciphers will be added automatically by OpenSSL, mentioning them in "SSLCipherSuite" is unnecessary. ECDSA is preferred over RSA for performance reasons.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 856cdf15df30e3cab170581b2cd3e4c19fbb9170 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:04:48 2019 +0000
core138: add openssl
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e153efaf11a673a02ff81b10e09305463d22ffaf Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Mon Nov 4 18:24:00 2019 +0000
OpenSSL: drop preferring of Chacha20/Poly1305 over AES-GCM
As hardware acceleration for AES is emerging (Fireinfo indicates 30.98% of reporting installations support this, compared to 28.22% in summer), there is no more reason to manually prefer Chacha20/Poly1305 over it.
Further, overall performance is expected to increase as server CPUs usually come with AES-NI today, where Chacha/Poly would be an unnecessary bottleneck. Small systems without AES-NI, however, compute Chacha/Poly measurable, but not significantly faster, so there only was a small advantage of this.
This patch changes the OpenSSL default ciphersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1826c42b9e7bf55b9afd9ac39799554892e751f9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:55:53 2019 +0000
core138: add ovpnmain.cgi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fa5274763c55515dc1a0e519da3582b0fec440b8 Author: Erik Kapfer ummeegge@ipfire.org Date: Mon Nov 4 15:52:26 2019 +0100
OpenVPN: Fix max-clients option
Fix: Triggered by https://forum.ipfire.org/viewtopic.php?f=16&t=23551
Since the 'DHCP_WINS' cgiparam has been set for the max-client directive, changes in the WUI has not been adapted to server.conf.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c86bf0bf2484213e6ada44be65d70b4fca1f8ef9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:54:28 2019 +0000
core138: add unbound initscript
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit cdf373c8fc1c9262afc0954816c2244006c8a4e2 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Nov 4 12:02:46 2019 +0000
unbound: Fix whitespace error in initscript
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d93b76a00eab09ef1e7c9327ec1f1b703e6fb801 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:52:15 2019 +0000
core138: add openvpn
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a0926f75e0691527688a5bb0b964acae4f204bff Author: Erik Kapfer ummeegge@ipfire.org Date: Fri Nov 1 14:33:06 2019 +0100
OpenVPN: Update to version 2.4.8
This is primarily a maintenance release with bugfixes and improvements. All changes can be overviewed in here --> https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 64e0b8a5afabc66a9da6586a1c23cf2ce1d7b6d4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:50:07 2019 +0000
core138: add init.d/functions
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 31a36bb951818457c2505a32cfc110f7e7cc9bf0 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Oct 31 18:09:05 2019 +0000
initscripts: Tell users to report bugs on Bugzilla
I have been receiving a couple of emails recently directed at info@ipfire.org with bug reports when a system did not boot up or shut down properly.
This is obviously not the right way to report bugs, but we are telling our users to do so.
This patch changes this to report bugs to Bugzilla like it should be.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit cb41e4a9a9bf9e860f65110422820a0267492bf5 Author: Erik Kapfer ummeegge@ipfire.org Date: Thu Oct 31 08:58:30 2019 +0100
libarchiv: Update to version 3.4.0
Version 3.4.0 is a feature and security release. The changelog can be found in here --> https://github.com/libarchive/libarchive/releases .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit eeb1a2a219ae844b1a130e28fa3b394ad7a4f260 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:44:36 2019 +0000
core138: add lz4
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bc456dd750a09b8d86089d00f27308a17145f10d Author: Erik Kapfer ummeegge@ipfire.org Date: Thu Oct 31 08:49:55 2019 +0100
lz4: Update to version 1.9.2
Several fixes and improvements has been integrated. The changes list through the different versions since the current version 1.8.1.2 can be found in here --> https://github.com/lz4/lz4/releases
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 39bf8c634163c92939693b090af6bfcdb2226b46 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:42:17 2019 +0000
core138: add mail.cgi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 095bf494074994c5a2cd867f3b00603de95ed207 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 30 10:59:00 2019 +0000
mail.cgi: Do not print content of input fields
This was printed unescaped and could therefore be used for a stored XSS attack.
Fixes: #12226 Reported-by: Pisher Honda pisher24@gmail.com Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0a340fbe1e76323afc7473b296dec871f3d820b0 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 30 10:58:59 2019 +0000
mail.cgi: Always check content of fields
These checks did not do anything but clear all fields when mailing was disabled.
It makes a lot more sense to retain people's settings, even when they have been disabled.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8f9c4081b41783505f24a3c43404d5ad82e067c1 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Tue Oct 29 18:17:00 2019 +0000
Core Update 138: ship ca-certificates
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d5ccd924e04ff4e4a71293aa488870bc7767ef6e Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Tue Oct 29 18:16:00 2019 +0000
update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.
The original file can be retrieved from: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/bu...
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/ca-certificates/certdata.txt | 943 +++----- config/cfgroot/ids-functions.pl | 62 + config/httpd/vhosts.d/ipfire-interface-ssl.conf | 4 +- config/httpd/vhosts.d/ipfire-interface.conf | 2 + config/libvirt/libvirtd.conf | 501 +++++ config/rootfiles/common/bash | 100 +- config/rootfiles/common/libarchive | 3 +- config/rootfiles/common/logwatch | 10 +- config/rootfiles/common/lz4 | 2 +- config/rootfiles/common/readline | 9 +- config/rootfiles/common/readline-compat | 8 +- config/rootfiles/common/x86_64/intel-microcode | 8 +- .../{oldcore/66 => core/138}/filelists/bash | 0 .../121 => core/138}/filelists/ca-certificates | 0 .../{oldcore/104 => core/138}/filelists/ddns | 0 config/rootfiles/core/138/filelists/files | 11 + .../138}/filelists/i586/intel-microcode | 0 .../100 => core/138}/filelists/i586/openssl-sse2 | 0 .../{oldcore/111 => core/138}/filelists/logwatch | 0 .../{oldcore/118 => core/138}/filelists/lz4 | 0 .../{oldcore/100 => core/138}/filelists/openssl | 0 .../{oldcore/100 => core/138}/filelists/openvpn | 0 .../{oldcore/66 => core/138}/filelists/readline | 0 .../66 => core/138}/filelists/readline-compat | 0 .../{oldcore/100 => core/138}/filelists/squid | 0 .../138}/filelists/x86_64/intel-microcode | 0 config/rootfiles/packages/libvirt | 421 ++-- config/rootfiles/packages/qemu | 80 +- config/suricata/convert-snort | 16 +- config/suricata/suricata.yaml | 4 +- html/cgi-bin/ids.cgi | 3 + html/cgi-bin/mail.cgi | 27 +- html/cgi-bin/ovpnmain.cgi | 4 +- lfs/bash | 10 +- lfs/ca-certificates | 2 +- lfs/ddns | 8 +- lfs/intel-microcode | 6 +- lfs/libarchive | 6 +- lfs/libvirt | 13 +- lfs/logwatch | 6 +- lfs/lz4 | 8 +- lfs/openssl | 2 +- lfs/openvpn | 4 +- lfs/qemu | 16 +- lfs/readline | 10 +- lfs/readline-compat | 14 +- lfs/squid | 4 +- lfs/wio | 4 +- src/initscripts/networking/red.up/23-suricata | 6 +- src/initscripts/system/functions | 2 +- src/initscripts/system/unbound | 2 +- src/patches/bash/bash43-001 | 58 - src/patches/bash/bash43-002 | 62 - src/patches/bash/bash43-003 | 48 - src/patches/bash/bash43-004 | 47 - src/patches/bash/bash43-005 | 63 - src/patches/bash/bash43-006 | 48 - src/patches/bash/bash43-007 | 50 - src/patches/bash/bash43-008 | 188 -- src/patches/bash/bash43-009 | 64 - src/patches/bash/bash43-010 | 157 -- src/patches/bash/bash43-011 | 49 - src/patches/bash/bash43-012 | 43 - src/patches/bash/bash43-013 | 66 - src/patches/bash/bash43-014 | 102 - src/patches/bash/bash43-015 | 58 - src/patches/bash/bash43-016 | 132 -- src/patches/bash/bash43-017 | 51 - src/patches/bash/bash43-018 | 44 - src/patches/bash/bash43-019 | 84 - src/patches/bash/bash43-020 | 110 - src/patches/bash/bash43-021 | 52 - src/patches/bash/bash43-022 | 56 - src/patches/bash/bash43-023 | 104 - src/patches/bash/bash43-024 | 54 - src/patches/bash/bash43-025 | 123 -- src/patches/bash/bash43-026 | 60 - src/patches/bash/bash43-027 | 221 -- src/patches/bash/bash43-028 | 2265 -------------------- src/patches/bash/bash43-029 | 59 - src/patches/bash/bash43-030 | 2064 ------------------ src/patches/bash/bash50-001 | 166 ++ src/patches/bash/bash50-002 | 113 + src/patches/bash/bash50-003 | 239 +++ src/patches/bash/bash50-004 | 53 + src/patches/bash/bash50-005 | 110 + src/patches/bash/bash50-006 | 47 + src/patches/bash/bash50-007 | 62 + src/patches/bash/bash50-008 | 68 + src/patches/bash/bash50-009 | 42 + src/patches/bash/bash50-010 | 172 ++ src/patches/bash/bash50-011 | 59 + src/patches/ddns-012-noip-fix-handle-name.patch | 36 + src/patches/ddns-012-noip-rename-provider.patch | 65 + ...hange-options-in-libvirtd.conf-for-IPFire.patch | 35 - src/patches/lz4-1.9.2_mod_install_path.patch | 24 + .../openssl-1.1.1c-default-cipherlist.patch | 18 - .../openssl-1.1.1d-default-cipherlist.patch | 11 + src/patches/qemu-2.11.0-memfd-collision.patch | 57 - src/patches/readline/readline52-001 | 30 - src/patches/readline/readline52-002 | 49 - src/patches/readline/readline52-003 | 37 - src/patches/readline/readline52-004 | 70 - src/patches/readline/readline52-005 | 328 --- src/patches/readline/readline52-006 | 62 - src/patches/readline/readline52-007 | 65 - src/patches/readline/readline52-008 | 70 - src/patches/readline/readline52-009 | 45 - src/patches/readline/readline52-010 | 47 - src/patches/readline/readline52-011 | 32 - src/patches/readline/readline52-012 | 150 -- src/patches/readline/readline52-013 | 135 -- src/patches/readline/readline52-014 | 49 - src/patches/readline/readline80-001 | 38 + src/wio/wio.cgi | 61 +- 115 files changed, 2764 insertions(+), 8804 deletions(-) create mode 100644 config/libvirt/libvirtd.conf copy config/rootfiles/{oldcore/66 => core/138}/filelists/bash (100%) copy config/rootfiles/{oldcore/121 => core/138}/filelists/ca-certificates (100%) copy config/rootfiles/{oldcore/104 => core/138}/filelists/ddns (100%) copy config/rootfiles/{oldcore/121 => core/138}/filelists/i586/intel-microcode (100%) copy config/rootfiles/{oldcore/100 => core/138}/filelists/i586/openssl-sse2 (100%) copy config/rootfiles/{oldcore/111 => core/138}/filelists/logwatch (100%) copy config/rootfiles/{oldcore/118 => core/138}/filelists/lz4 (100%) copy config/rootfiles/{oldcore/100 => core/138}/filelists/openssl (100%) copy config/rootfiles/{oldcore/100 => core/138}/filelists/openvpn (100%) copy config/rootfiles/{oldcore/66 => core/138}/filelists/readline (100%) copy config/rootfiles/{oldcore/66 => core/138}/filelists/readline-compat (100%) copy config/rootfiles/{oldcore/100 => core/138}/filelists/squid (100%) copy config/rootfiles/{oldcore/121 => core/138}/filelists/x86_64/intel-microcode (100%) delete mode 100644 src/patches/bash/bash43-001 delete mode 100644 src/patches/bash/bash43-002 delete mode 100644 src/patches/bash/bash43-003 delete mode 100644 src/patches/bash/bash43-004 delete mode 100644 src/patches/bash/bash43-005 delete mode 100644 src/patches/bash/bash43-006 delete mode 100644 src/patches/bash/bash43-007 delete mode 100644 src/patches/bash/bash43-008 delete mode 100644 src/patches/bash/bash43-009 delete mode 100644 src/patches/bash/bash43-010 delete mode 100644 src/patches/bash/bash43-011 delete mode 100644 src/patches/bash/bash43-012 delete mode 100644 src/patches/bash/bash43-013 delete mode 100644 src/patches/bash/bash43-014 delete mode 100644 src/patches/bash/bash43-015 delete mode 100644 src/patches/bash/bash43-016 delete mode 100644 src/patches/bash/bash43-017 delete mode 100644 src/patches/bash/bash43-018 delete mode 100644 src/patches/bash/bash43-019 delete mode 100644 src/patches/bash/bash43-020 delete mode 100644 src/patches/bash/bash43-021 delete mode 100644 src/patches/bash/bash43-022 delete mode 100644 src/patches/bash/bash43-023 delete mode 100644 src/patches/bash/bash43-024 delete mode 100644 src/patches/bash/bash43-025 delete mode 100644 src/patches/bash/bash43-026 delete mode 100644 src/patches/bash/bash43-027 delete mode 100644 src/patches/bash/bash43-028 delete mode 100644 src/patches/bash/bash43-029 delete mode 100644 src/patches/bash/bash43-030 create mode 100644 src/patches/bash/bash50-001 create mode 100644 src/patches/bash/bash50-002 create mode 100644 src/patches/bash/bash50-003 create mode 100644 src/patches/bash/bash50-004 create mode 100644 src/patches/bash/bash50-005 create mode 100644 src/patches/bash/bash50-006 create mode 100644 src/patches/bash/bash50-007 create mode 100644 src/patches/bash/bash50-008 create mode 100644 src/patches/bash/bash50-009 create mode 100644 src/patches/bash/bash50-010 create mode 100644 src/patches/bash/bash50-011 create mode 100644 src/patches/ddns-012-noip-fix-handle-name.patch create mode 100644 src/patches/ddns-012-noip-rename-provider.patch delete mode 100644 src/patches/libvirt/0002-Change-options-in-libvirtd.conf-for-IPFire.patch create mode 100644 src/patches/lz4-1.9.2_mod_install_path.patch delete mode 100644 src/patches/openssl-1.1.1c-default-cipherlist.patch create mode 100644 src/patches/openssl-1.1.1d-default-cipherlist.patch delete mode 100644 src/patches/qemu-2.11.0-memfd-collision.patch delete mode 100644 src/patches/readline/readline52-001 delete mode 100644 src/patches/readline/readline52-002 delete mode 100644 src/patches/readline/readline52-003 delete mode 100644 src/patches/readline/readline52-004 delete mode 100644 src/patches/readline/readline52-005 delete mode 100644 src/patches/readline/readline52-006 delete mode 100644 src/patches/readline/readline52-007 delete mode 100644 src/patches/readline/readline52-008 delete mode 100644 src/patches/readline/readline52-009 delete mode 100644 src/patches/readline/readline52-010 delete mode 100644 src/patches/readline/readline52-011 delete mode 100644 src/patches/readline/readline52-012 delete mode 100644 src/patches/readline/readline52-013 delete mode 100644 src/patches/readline/readline52-014 create mode 100644 src/patches/readline/readline80-001
Difference in files: diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt index 3466f6ee4..3a44db293 100644 --- a/config/ca-certificates/certdata.txt +++ b/config/ca-certificates/certdata.txt @@ -13,19 +13,21 @@ # # Certificates # -# -- Attribute -- -- type -- -- value -- -# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -# CKA_TOKEN CK_BBOOL CK_TRUE -# CKA_PRIVATE CK_BBOOL CK_FALSE -# CKA_MODIFIABLE CK_BBOOL CK_FALSE -# CKA_LABEL UTF8 (varies) -# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -# CKA_SUBJECT DER+base64 (varies) -# CKA_ID byte array (varies) -# CKA_ISSUER DER+base64 (varies) -# CKA_SERIAL_NUMBER DER+base64 (varies) -# CKA_VALUE DER+base64 (varies) -# CKA_NSS_EMAIL ASCII7 (unused here) +# -- Attribute -- -- type -- -- value -- +# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +# CKA_TOKEN CK_BBOOL CK_TRUE +# CKA_PRIVATE CK_BBOOL CK_FALSE +# CKA_MODIFIABLE CK_BBOOL CK_FALSE +# CKA_LABEL UTF8 (varies) +# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +# CKA_SUBJECT DER+base64 (varies) +# CKA_ID byte array (varies) +# CKA_ISSUER DER+base64 (varies) +# CKA_SERIAL_NUMBER DER+base64 (varies) +# CKA_VALUE DER+base64 (varies) +# CKA_NSS_EMAIL ASCII7 (unused here) +# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies) +# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies) # # Trust # @@ -164,6 +166,8 @@ CKA_VALUE MULTILINE_OCTAL \125\342\374\110\311\051\046\151\340 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GlobalSign Root CA" # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE @@ -298,6 +302,8 @@ CKA_VALUE MULTILINE_OCTAL \152\374\176\102\070\100\144\022\367\236\201\341\223\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GlobalSign Root CA - R2" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 @@ -454,6 +460,8 @@ CKA_VALUE MULTILINE_OCTAL \113\336\006\226\161\054\362\333\266\037\244\357\077\356 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -619,6 +627,8 @@ CKA_VALUE MULTILINE_OCTAL \311\130\020\371\252\357\132\266\317\113\113\337\052 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -784,6 +794,8 @@ CKA_VALUE MULTILINE_OCTAL \153\271\012\172\116\117\113\204\356\113\361\175\335\021 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -1059,6 +1071,8 @@ CKA_VALUE MULTILINE_OCTAL \174\136\232\166\351\131\220\305\174\203\065\021\145\121 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Entrust.net Premium 2048 Secure Server CA" # Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net @@ -1197,6 +1211,8 @@ CKA_VALUE MULTILINE_OCTAL \347\201\035\031\303\044\102\352\143\071\251 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Baltimore CyberTrust Root" # Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE @@ -1341,6 +1357,8 @@ CKA_VALUE MULTILINE_OCTAL \065\341\035\026\034\320\274\053\216\326\161\331 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AddTrust Low-Value Services Root" # Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE @@ -1490,6 +1508,8 @@ CKA_VALUE MULTILINE_OCTAL \027\132\173\320\274\307\217\116\206\004 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AddTrust External Root" # Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE @@ -1654,6 +1674,8 @@ CKA_VALUE MULTILINE_OCTAL \036\177\132\264\074 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Entrust Root Certification Authority" # Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US @@ -1788,6 +1810,8 @@ CKA_VALUE MULTILINE_OCTAL \302\005\146\200\241\313\346\063 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Global CA" # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US @@ -1948,6 +1972,8 @@ CKA_VALUE MULTILINE_OCTAL \244\346\216\330\371\051\110\212\316\163\376\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Universal CA" # Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US @@ -2108,6 +2134,8 @@ CKA_VALUE MULTILINE_OCTAL \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Universal CA 2" # Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US @@ -2228,6 +2256,8 @@ CKA_VALUE MULTILINE_OCTAL \350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Certum Root CA" # Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL @@ -2374,6 +2404,8 @@ CKA_VALUE MULTILINE_OCTAL \225\351\066\226\230\156 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Comodo AAA Services root" # Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -2552,6 +2584,8 @@ CKA_VALUE MULTILINE_OCTAL \112\164\066\371 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "QuoVadis Root CA" # Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM @@ -2721,6 +2755,8 @@ CKA_VALUE MULTILINE_OCTAL \020\005\145\325\202\020\352\302\061\315\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "QuoVadis Root CA 2" # Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM @@ -2901,6 +2937,8 @@ CKA_VALUE MULTILINE_OCTAL \332 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "QuoVadis Root CA 3" # Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM @@ -3030,6 +3068,8 @@ CKA_VALUE MULTILINE_OCTAL \057\317\246\356\311\160\042\024\275\375\276\154\013\003 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Security Communication Root CA" # Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP @@ -3153,6 +3193,8 @@ CKA_VALUE MULTILINE_OCTAL \160\254\337\114 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Sonera Class 2 Root CA" # Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI @@ -3188,177 +3230,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-# -# Certificate "UTN USERFirst Email Root CA" -# -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Not Valid Before: Fri Jul 09 17:28:50 1999 -# Not Valid After : Tue Jul 09 17:36:58 2019 -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UTN USERFirst Email Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 -\311\211 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\242\060\202\003\212\240\003\002\001\002\002\020\104 -\276\014\213\120\000\044\264\021\323\066\045\045\147\311\211\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013 -\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006 -\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040 -\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124 -\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164 -\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150 -\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162 -\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004\003 -\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164\055 -\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151\143 -\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154\060 -\036\027\015\071\071\060\067\060\071\061\067\062\070\065\060\132 -\027\015\061\071\060\067\060\071\061\067\063\066\065\070\132\060 -\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025 -\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145 -\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025 -\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145 -\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030 -\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164 -\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004 -\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164 -\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151 -\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\262\071\205\244\362\175\253\101\073\142\106\067\256\315\301 -\140\165\274\071\145\371\112\032\107\242\271\314\110\314\152\230 -\325\115\065\031\271\244\102\345\316\111\342\212\057\036\174\322 -\061\007\307\116\264\203\144\235\056\051\325\242\144\304\205\275 -\205\121\065\171\244\116\150\220\173\034\172\244\222\250\027\362 -\230\025\362\223\314\311\244\062\225\273\014\117\060\275\230\240 -\013\213\345\156\033\242\106\372\170\274\242\157\253\131\136\245 -\057\317\312\332\155\252\057\353\254\241\263\152\252\267\056\147 -\065\213\171\341\036\151\210\342\346\106\315\240\245\352\276\013 -\316\166\072\172\016\233\352\374\332\047\133\075\163\037\042\346 -\110\141\306\114\363\151\261\250\056\033\266\324\061\040\054\274 -\202\212\216\244\016\245\327\211\103\374\026\132\257\035\161\327 -\021\131\332\272\207\015\257\372\363\341\302\360\244\305\147\214 -\326\326\124\072\336\012\244\272\003\167\263\145\310\375\036\323 -\164\142\252\030\312\150\223\036\241\205\176\365\107\145\313\370 -\115\127\050\164\322\064\377\060\266\356\366\142\060\024\214\054 -\353\002\003\001\000\001\243\201\271\060\201\266\060\013\006\003 -\125\035\017\004\004\003\002\001\306\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\211\202\147\175\304\235\046\160\000\113\264 -\120\110\174\336\075\256\004\156\175\060\130\006\003\125\035\037 -\004\121\060\117\060\115\240\113\240\111\206\107\150\164\164\160 -\072\057\057\143\162\154\056\165\163\145\162\164\162\165\163\164 -\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151\162 -\163\164\055\103\154\151\145\156\164\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\141\156\144\105\155\141\151\154\056 -\143\162\154\060\035\006\003\125\035\045\004\026\060\024\006\010 -\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005\007 -\003\004\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\261\155\141\135\246\032\177\174\253\112 -\344\060\374\123\157\045\044\306\312\355\342\061\134\053\016\356 -\356\141\125\157\004\076\317\071\336\305\033\111\224\344\353\040 -\114\264\346\236\120\056\162\331\215\365\252\243\263\112\332\126 -\034\140\227\200\334\202\242\255\112\275\212\053\377\013\011\264 -\306\327\040\004\105\344\315\200\001\272\272\053\156\316\252\327 -\222\376\344\257\353\364\046\035\026\052\177\154\060\225\067\057 -\063\022\254\177\335\307\321\021\214\121\230\262\320\243\221\320 -\255\366\237\236\203\223\036\035\102\270\106\257\153\146\360\233 -\177\352\343\003\002\345\002\121\301\252\325\065\235\162\100\003 -\211\272\061\035\305\020\150\122\236\337\242\205\305\134\010\246 -\170\346\123\117\261\350\267\323\024\236\223\246\303\144\343\254 -\176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174 -\025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044 -\121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266 -\370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303 -\005\323\312\003\112\124 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "UTN USERFirst Email Root CA" -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Not Valid Before: Fri Jul 09 17:28:50 1999 -# Not Valid After : Tue Jul 09 17:36:58 2019 -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UTN USERFirst Email Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152 -\104\143\166\212 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\327\064\075\357\035\047\011\050\341\061\002\133\023\053\335\367 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 -\311\211 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Camerfirma Chambers of Commerce Root" # @@ -3481,6 +3352,8 @@ CKA_VALUE MULTILINE_OCTAL \334 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Camerfirma Chambers of Commerce Root" # Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU @@ -3641,6 +3514,8 @@ CKA_VALUE MULTILINE_OCTAL \166\135\165\220\032\365\046\217\360 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Camerfirma Global Chambersign Root" # Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU @@ -3794,6 +3669,8 @@ CKA_VALUE MULTILINE_OCTAL \264\003\045\274 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "XRamp Global CA Root" # Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US @@ -3941,6 +3818,8 @@ CKA_VALUE MULTILINE_OCTAL \177\333\275\237 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Go Daddy Class 2 CA" # Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US @@ -4086,6 +3965,8 @@ CKA_VALUE MULTILINE_OCTAL \037\027\224 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Starfield Class 2 CA" # Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US @@ -4250,6 +4131,8 @@ CKA_VALUE MULTILINE_OCTAL \245\206\054\174\364\022 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Taiwan GRCA" # Issuer: O=Government Root Certification Authority,C=TW @@ -4389,6 +4272,8 @@ CKA_VALUE MULTILINE_OCTAL \346\120\262\247\372\012\105\057\242\360\362 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "DigiCert Assured ID Root CA" # Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4530,6 +4415,8 @@ CKA_VALUE MULTILINE_OCTAL \225\155\336 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "DigiCert Global Root CA" # Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4672,6 +4559,8 @@ CKA_VALUE MULTILINE_OCTAL \370\351\056\023\243\167\350\037\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "DigiCert High Assurance EV Root CA" # Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4711,136 +4600,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-# -# Certificate "Certplus Class 2 Primary CA" -# -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Class 2 Primary CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000 -\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021 -\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165 -\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163 -\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036 -\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027 -\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075 -\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060 -\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163 -\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163 -\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120 -\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317 -\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103 -\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221 -\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154 -\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063 -\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213 -\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171 -\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337 -\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235 -\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140 -\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276 -\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254 -\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162 -\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311 -\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064 -\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003 -\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023 -\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035 -\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026 -\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171 -\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370 -\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037 -\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160 -\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056 -\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143 -\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177 -\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104 -\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333 -\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174 -\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076 -\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233 -\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021 -\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006 -\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100 -\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000 -\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157 -\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330 -\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201 -\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366 -\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056 -\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273 -\227\277\242\216\264\124 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Certplus Class 2 Primary CA" -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Class 2 Primary CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302 -\201\222\342\273 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013 -END -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "DST Root CA X3" # @@ -4932,6 +4691,8 @@ CKA_VALUE MULTILINE_OCTAL \013\004\216\007\333\051\266\012\356\235\202\065\065\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "DST Root CA X3" # Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. @@ -5099,6 +4860,8 @@ CKA_VALUE MULTILINE_OCTAL \205\206\171\145\322 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SwissSign Platinum CA - G2" # Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH @@ -5264,6 +5027,8 @@ CKA_VALUE MULTILINE_OCTAL \111\044\133\311\260\320\127\301\372\076\172\341\227\311 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SwissSign Gold CA - G2" # Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH @@ -5430,6 +5195,8 @@ CKA_VALUE MULTILINE_OCTAL \156 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SwissSign Silver CA - G2" # Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH @@ -5562,6 +5329,8 @@ CKA_VALUE MULTILINE_OCTAL \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Primary Certification Authority" # Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US @@ -5717,6 +5486,8 @@ CKA_VALUE MULTILINE_OCTAL \215\126\214\150 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "thawte Primary Root CA" # Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US @@ -5892,6 +5663,8 @@ CKA_VALUE MULTILINE_OCTAL \254\021\326\250\355\143\152 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -6035,6 +5808,8 @@ CKA_VALUE MULTILINE_OCTAL \113\035\236\054\302\270\150\274\355\002\356\061 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SecureTrust CA" # Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US @@ -6170,6 +5945,8 @@ CKA_VALUE MULTILINE_OCTAL \117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Secure Global CA" # Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US @@ -6320,6 +6097,8 @@ CKA_VALUE MULTILINE_OCTAL \145 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "COMODO Certification Authority" # Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -6466,6 +6245,8 @@ CKA_VALUE MULTILINE_OCTAL \244\140\114\260\125\240\240\173\127\262 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Network Solutions Certificate Authority" # Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US @@ -6592,6 +6373,8 @@ CKA_VALUE MULTILINE_OCTAL \334\335\363\377\035\054\072\026\127\331\222\071\326 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "COMODO ECC Certification Authority" # Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -6743,6 +6526,8 @@ CKA_VALUE MULTILINE_OCTAL \374\276\337\012\015 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "OISTE WISeKey Global Root GA CA" # Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH @@ -6878,6 +6663,8 @@ CKA_VALUE MULTILINE_OCTAL \300\226\130\057\352\273\106\327\273\344\331\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Certigna" # Issuer: CN=Certigna,O=Dhimyotis,C=FR @@ -6913,147 +6700,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-# -# Certificate "Deutsche Telekom Root CA 2" -# -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034 -\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035 -\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143 -\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060 -\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145 -\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101 -\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061 -\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060 -\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104 -\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164 -\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061 -\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145 -\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162 -\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163 -\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164 -\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024 -\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225 -\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245 -\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102 -\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053 -\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320 -\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053 -\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110 -\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006 -\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122 -\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062 -\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206 -\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034 -\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310 -\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322 -\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007 -\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060 -\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365 -\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017 -\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303 -\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211 -\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051 -\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037 -\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330 -\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132 -\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240 -\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236 -\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345 -\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020 -\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124 -\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376 -\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257 -\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143 -\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224 -\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005 -\126\144\127 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Deutsche Telekom Root CA 2" -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375 -\214\336\067\277 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010 -END -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Cybertrust Global Root" # @@ -7148,6 +6794,8 @@ CKA_VALUE MULTILINE_OCTAL \246\210\070\316\125 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Cybertrust Global Root" # Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" @@ -7315,6 +6963,8 @@ CKA_VALUE MULTILINE_OCTAL \201\370\021\234 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "ePKI Root Certification Authority" # Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW @@ -7440,6 +7090,8 @@ CKA_VALUE MULTILINE_OCTAL \366\356\260\132\116\111\104\124\130\137\102\203 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "certSIGN ROOT CA" # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO @@ -7588,6 +7240,8 @@ CKA_VALUE MULTILINE_OCTAL \021\055 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Primary Certification Authority - G3" # Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US @@ -7717,6 +7371,8 @@ CKA_VALUE MULTILINE_OCTAL \367\130\077\056\162\002\127\243\217\241\024\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "thawte Primary Root CA - G2" # Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US @@ -7877,6 +7533,8 @@ CKA_VALUE MULTILINE_OCTAL \061\324\100\032\142\064\066\077\065\001\256\254\143\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "thawte Primary Root CA - G3" # Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US @@ -8013,6 +7671,8 @@ CKA_VALUE MULTILINE_OCTAL \017\212 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Primary Certification Authority - G2" # Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US @@ -8183,6 +7843,8 @@ CKA_VALUE MULTILINE_OCTAL \354\315\202\141\361\070\346\117\227\230\052\132\215 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "VeriSign Universal Root Certification Authority" # Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -8338,6 +8000,8 @@ CKA_VALUE MULTILINE_OCTAL \055\247\330\206\052\335\056\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -8498,6 +8162,8 @@ CKA_VALUE MULTILINE_OCTAL \330\316\304\143\165\077\131\107\261 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "NetLock Arany (Class Gold) Főtanúsítvány" # Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU @@ -8672,6 +8338,8 @@ CKA_VALUE MULTILINE_OCTAL \370\161\012\334\271\374\175\062\140\346\353\257\212\001 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Staat der Nederlanden Root CA - G2" # Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL @@ -8798,6 +8466,8 @@ CKA_VALUE MULTILINE_OCTAL \002\153\331\132 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Hongkong Post Root CA 1" # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK @@ -8929,6 +8599,8 @@ CKA_VALUE MULTILINE_OCTAL \362 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SecureSign RootCA11" # Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP @@ -9076,6 +8748,8 @@ CKA_VALUE MULTILINE_OCTAL \202\042\055\172\124\253\160\303\175\042\145\202\160\226 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Microsec e-Szigno Root CA 2009" # Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU @@ -9208,6 +8882,8 @@ CKA_VALUE MULTILINE_OCTAL \130\077\137 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GlobalSign Root CA - R3" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 @@ -9381,6 +9057,8 @@ CKA_VALUE MULTILINE_OCTAL \156\117\022\176\012\074\235\225 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES @@ -9550,6 +9228,8 @@ CKA_VALUE MULTILINE_OCTAL \333\374\046\210\307 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Izenpe.com" # Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES @@ -9755,6 +9435,8 @@ CKA_VALUE MULTILINE_OCTAL \167\110\320 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Chambers of Commerce Root - 2008" # Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU @@ -9964,6 +9646,8 @@ CKA_VALUE MULTILINE_OCTAL \351\233\256\325\124\300\164\200\321\013\102\237\301 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Global Chambersign Root - 2008" # Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU @@ -10112,6 +9796,8 @@ CKA_VALUE MULTILINE_OCTAL \342\342\104\276\134\367\352\034\365 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Go Daddy Root Certificate Authority - G2" # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -10262,6 +9948,8 @@ CKA_VALUE MULTILINE_OCTAL \364 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Starfield Root Certificate Authority - G2" # Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -10414,6 +10102,8 @@ CKA_VALUE MULTILINE_OCTAL \261\050\272 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Starfield Services Root Certificate Authority - G2" # Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -10545,6 +10235,8 @@ CKA_VALUE MULTILINE_OCTAL \007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AffirmTrust Commercial" # Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US @@ -10671,6 +10363,8 @@ CKA_VALUE MULTILINE_OCTAL \355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AffirmTrust Networking" # Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US @@ -10829,6 +10523,8 @@ CKA_VALUE MULTILINE_OCTAL \051\340\266\270\011\150\031\034\030\103 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AffirmTrust Premium" # Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US @@ -10935,6 +10631,8 @@ CKA_VALUE MULTILINE_OCTAL \214\171 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AffirmTrust Premium ECC" # Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US @@ -11074,6 +10772,8 @@ CKA_VALUE MULTILINE_OCTAL \326\267\064\365\176\316\071\232\331\070\361\121\367\117\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Certum Trusted Network CA" # Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL @@ -11210,6 +10910,8 @@ CKA_VALUE MULTILINE_OCTAL \274\060\376\173\016\063\220\373\355\322\024\221\037\007\257 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "TWCA Root Certification Authority" # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW @@ -11693,6 +11395,8 @@ CKA_VALUE MULTILINE_OCTAL \201\050\174\247\175\047\353\000\256\215\067 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Security Communication RootCA2" # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP @@ -11876,6 +11580,8 @@ CKA_VALUE MULTILINE_OCTAL \371\210\075\176\270\157\156\003\344\102 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "EC-ACC" # Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES @@ -12039,6 +11745,8 @@ CKA_VALUE MULTILINE_OCTAL \113\321\047\327\270 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011" # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR @@ -12275,6 +11983,8 @@ CKA_VALUE MULTILINE_OCTAL \216\362\024\212\314\351\265\174\373\154\235\014\245\341\226 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Actalis Authentication Root CA" # Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT @@ -12406,6 +12116,8 @@ CKA_VALUE MULTILINE_OCTAL \145\353\127\331\363\127\226\273\110\315\201 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Trustis FPS Root CA" # Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB @@ -12566,6 +12278,8 @@ CKA_VALUE MULTILINE_OCTAL \327\201\011\361\311\307\046\015\254\230\026\126\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Buypass Class 2 Root CA" # Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO @@ -12725,6 +12439,8 @@ CKA_VALUE MULTILINE_OCTAL \061\356\006\274\163\277\023\142\012\237\307\271\227 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Buypass Class 3 Root CA" # Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO @@ -12867,6 +12583,8 @@ CKA_VALUE MULTILINE_OCTAL \116\223\303\244\124\024\133 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "T-TeleSec GlobalRoot Class 3" # Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE @@ -13016,6 +12734,8 @@ CKA_VALUE MULTILINE_OCTAL \307\314\165\301\226\305\235 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "EE Certification Centre Root CA" # Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE @@ -13229,6 +12949,8 @@ CKA_VALUE MULTILINE_OCTAL \164\145\327\134\376\243\342 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "D-TRUST Root Class 3 CA 2 2009" # Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE @@ -13373,6 +13095,8 @@ CKA_VALUE MULTILINE_OCTAL \352\237\026\361\054\124\265 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "D-TRUST Root Class 3 CA 2 EV 2009" # Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE @@ -13410,181 +13134,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-# -# Certificate "Swisscom Root CA 2" -# -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Not Valid Before: Fri Jun 24 08:38:14 2011 -# Not Valid After : Wed Jun 25 07:38:14 2031 -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Swisscom Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 -\147\266 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\036 -\236\050\350\110\362\345\357\303\174\112\036\132\030\147\266\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\144 -\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060 -\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155 -\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164 -\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123 -\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003 -\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040 -\103\101\040\062\060\036\027\015\061\061\060\066\062\064\060\070 -\063\070\061\064\132\027\015\063\061\060\066\062\065\060\067\063 -\070\061\064\132\060\144\061\013\060\011\006\003\125\004\006\023 -\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167 -\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023 -\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151 -\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060 -\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155 -\040\122\157\157\164\040\103\101\040\062\060\202\002\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 -\017\000\060\202\002\012\002\202\002\001\000\225\102\116\204\235 -\121\346\323\011\350\162\132\043\151\333\170\160\216\026\361\053 -\217\015\003\316\223\314\056\000\010\173\253\063\214\364\351\100 -\346\027\114\253\236\270\107\024\062\167\062\335\050\014\336\030 -\113\137\166\237\370\071\073\374\116\211\330\174\305\147\357\253 -\322\271\064\137\153\072\363\144\066\316\302\260\317\023\150\312 -\310\313\353\265\342\075\056\041\337\352\054\324\340\371\160\226 -\114\377\152\130\230\267\027\344\033\122\345\176\007\000\035\137 -\332\346\076\225\004\267\151\210\071\241\101\140\045\141\113\225 -\071\150\142\034\261\013\005\211\300\066\202\024\041\077\256\333 -\241\375\274\157\034\140\206\266\123\224\111\271\053\106\305\117 -\000\053\277\241\273\313\077\340\307\127\034\127\350\326\151\370 -\301\044\122\235\210\125\335\302\207\056\164\043\320\024\375\052 -\107\132\273\246\235\375\224\344\321\212\245\137\206\143\166\205 -\313\257\377\111\050\374\200\355\114\171\322\273\344\300\357\001 -\356\120\101\010\065\043\160\053\251\026\264\214\156\205\351\266 -\021\317\061\335\123\046\033\337\055\132\112\002\100\374\304\300 -\266\351\061\032\010\050\345\140\303\037\304\220\216\020\142\140 -\104\015\354\012\276\125\030\161\054\245\364\262\274\025\142\377 -\034\343\276\035\332\036\127\263\074\176\315\202\035\221\343\113 -\353\054\122\064\260\212\375\022\116\226\260\353\160\177\236\071 -\367\146\102\261\253\254\122\332\166\100\127\173\052\275\350\156 -\003\262\013\200\205\210\235\014\307\302\167\260\232\232\127\364 -\270\372\023\134\150\223\072\147\244\227\320\033\231\267\206\062 -\113\140\330\316\357\320\014\177\225\237\157\207\117\207\212\216 -\137\010\174\252\133\374\132\276\241\221\237\125\175\116\260\013 -\151\314\260\224\250\247\207\362\323\112\120\334\137\162\260\026 -\165\036\313\264\030\142\232\260\247\071\252\233\237\146\330\215 -\246\154\226\025\343\346\362\370\361\203\142\154\273\125\351\141 -\223\243\075\365\261\127\213\117\043\260\233\345\224\152\057\337 -\214\337\225\121\051\140\241\013\051\344\134\125\130\267\250\374 -\231\356\045\115\114\016\263\323\114\217\204\350\051\017\375\020 -\124\002\205\310\371\345\303\213\317\347\017\002\003\001\000\001 -\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060 -\024\060\022\006\007\140\205\164\001\123\002\001\006\007\140\205 -\164\001\123\002\001\060\022\006\003\125\035\023\001\001\377\004 -\010\060\006\001\001\377\002\001\007\060\035\006\003\125\035\016 -\004\026\004\024\115\046\040\042\211\113\323\325\244\012\241\157 -\336\342\022\201\305\361\074\056\060\037\006\003\125\035\043\004 -\030\060\026\200\024\115\046\040\042\211\113\323\325\244\012\241 -\157\336\342\022\201\305\361\074\056\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\003\202\002\001\000\062\012\262 -\244\033\313\175\276\202\127\211\271\152\177\363\364\301\056\021 -\175\270\031\076\171\267\250\250\162\067\146\233\032\355\254\023 -\073\016\277\142\360\234\337\236\173\241\123\110\016\101\172\312 -\040\247\027\033\266\170\354\100\221\363\102\255\020\303\134\357 -\377\140\131\177\315\205\243\213\075\110\034\045\002\074\147\175 -\365\062\351\057\060\345\175\245\172\070\320\363\146\052\146\036 -\215\063\203\212\157\174\156\250\132\165\232\270\327\332\130\110 -\104\107\250\114\372\114\111\012\112\302\022\067\250\100\014\303 -\310\341\320\127\015\227\062\225\307\072\237\227\323\127\370\013 -\336\345\162\363\243\333\377\265\330\131\262\163\335\115\052\161 -\262\272\111\365\313\034\325\365\171\310\231\263\374\301\114\164 -\343\264\275\051\067\025\004\050\036\336\105\106\160\354\257\272 -\170\016\212\052\316\000\171\334\300\137\031\147\054\153\113\357 -\150\150\013\103\343\254\301\142\011\357\246\335\145\141\240\257 -\204\125\110\221\122\034\306\045\221\052\320\301\042\043\141\131 -\257\105\021\205\035\001\044\064\217\317\263\377\027\162\040\023 -\302\200\252\041\054\161\071\016\320\217\134\301\323\321\216\042 -\162\106\114\035\226\256\117\161\261\341\005\051\226\131\364\273 -\236\165\075\317\015\067\015\142\333\046\214\143\251\043\337\147 -\006\074\174\072\332\064\102\341\146\264\106\004\336\306\226\230 -\017\113\110\172\044\062\165\221\237\254\367\150\351\052\271\125 -\145\316\135\141\323\047\160\330\067\376\237\271\257\240\056\126 -\267\243\145\121\355\073\253\024\277\114\121\003\350\137\212\005 -\233\356\212\156\234\357\277\150\372\310\332\013\343\102\311\320 -\027\024\234\267\112\340\257\223\047\041\125\046\265\144\057\215 -\361\377\246\100\005\205\005\134\312\007\031\134\013\023\050\114 -\130\177\302\245\357\105\332\140\323\256\145\141\235\123\203\164 -\302\256\362\134\302\026\355\222\076\204\076\163\140\210\274\166 -\364\054\317\320\175\175\323\270\136\321\221\022\020\351\315\335 -\312\045\343\325\355\231\057\276\165\201\113\044\371\105\106\224 -\311\051\041\123\234\046\105\252\023\027\344\347\315\170\342\071 -\301\053\022\236\246\236\033\305\346\016\331\061\331 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Swisscom Root CA 2" -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Not Valid Before: Fri Jun 24 08:38:14 2011 -# Not Valid After : Wed Jun 25 07:38:14 2031 -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Swisscom Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\167\107\117\306\060\344\017\114\107\144\077\204\272\270\306\225 -\112\212\101\354 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\133\004\151\354\245\203\224\143\030\247\206\320\344\362\156\031 -END -CKA_ISSUER MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 -\147\266 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "CA Disig Root R2" # @@ -13711,6 +13260,8 @@ CKA_VALUE MULTILINE_OCTAL \363\154\033\165\106\243\345\112\027\351\244\327\013 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "CA Disig Root R2" # Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK @@ -13911,6 +13462,8 @@ CKA_VALUE MULTILINE_OCTAL \125\064\106\052\213\206\073 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "ACCVRAIZ1" # Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 @@ -14071,6 +13624,8 @@ CKA_VALUE MULTILINE_OCTAL \053\006\320\004\315 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TWCA Global Root CA" # Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW @@ -14228,6 +13783,8 @@ CKA_VALUE MULTILINE_OCTAL \245\240\314\277\323\366\165\244\165\226\155\126 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TeliaSonera Root CA v1" # Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera @@ -14416,6 +13973,8 @@ CKA_VALUE MULTILINE_OCTAL \243\253\157\134\035\266\176\350\263\202\064\355\006\134\044 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "E-Tugra Certification Authority" # Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR @@ -14565,6 +14124,8 @@ CKA_VALUE MULTILINE_OCTAL \005\047\216\023\241\156\302 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "T-TeleSec GlobalRoot Class 2" # Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE @@ -14696,6 +14257,8 @@ CKA_VALUE MULTILINE_OCTAL \035\362\376\011\021\260\360\207\173\247\235 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Atos TrustedRoot 2011" # Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011 @@ -14856,6 +14419,8 @@ CKA_VALUE MULTILINE_OCTAL \063\140\345\303 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "QuoVadis Root CA 1 G3" # Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM @@ -15018,6 +14583,8 @@ CKA_VALUE MULTILINE_OCTAL \203\336\177\214 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "QuoVadis Root CA 2 G3" # Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM @@ -15180,6 +14747,8 @@ CKA_VALUE MULTILINE_OCTAL \130\371\230\364 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "QuoVadis Root CA 3 G3" # Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM @@ -15317,6 +14886,8 @@ CKA_VALUE MULTILINE_OCTAL \042\023\163\154\317\046\365\212\051\347 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Assured ID Root G2" # Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -15435,6 +15006,8 @@ CKA_VALUE MULTILINE_OCTAL \352\226\143\152\145\105\222\225\001\264 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Assured ID Root G3" # Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -15574,6 +15147,8 @@ CKA_VALUE MULTILINE_OCTAL \062\266 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Global Root G2" # Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -15692,6 +15267,8 @@ CKA_VALUE MULTILINE_OCTAL \263\047\027 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Global Root G3" # Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -15863,6 +15440,8 @@ CKA_VALUE MULTILINE_OCTAL \317\363\146\176 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Trusted Root G4" # Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16042,6 +15621,8 @@ CKA_VALUE MULTILINE_OCTAL \065\123\205\006\112\135\237\255\273\033\137\164 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "COMODO RSA Certification Authority" # Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -16224,6 +15805,8 @@ CKA_VALUE MULTILINE_OCTAL \250\375 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "USERTrust RSA Certification Authority" # Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US @@ -16353,6 +15936,8 @@ CKA_VALUE MULTILINE_OCTAL \127\152\030 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "USERTrust ECC Certification Authority" # Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US @@ -16465,6 +16050,8 @@ CKA_VALUE MULTILINE_OCTAL \173\013\370\237\204 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GlobalSign ECC Root CA - R4" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 @@ -16578,6 +16165,8 @@ CKA_VALUE MULTILINE_OCTAL \220\067 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GlobalSign ECC Root CA - R5" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 @@ -16743,6 +16332,8 @@ CKA_VALUE MULTILINE_OCTAL \367\200\173\041\147\047\060\131 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Staat der Nederlanden Root CA - G3" # Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL @@ -16907,6 +16498,8 @@ CKA_VALUE MULTILINE_OCTAL \356\354\327\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Staat der Nederlanden EV Root CA" # Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL @@ -17069,6 +16662,8 @@ CKA_VALUE MULTILINE_OCTAL \272\204\156\207 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "IdenTrust Commercial Root CA 1" # Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US @@ -17231,6 +16826,8 @@ CKA_VALUE MULTILINE_OCTAL \267\254\266\255\267\312\076\001\357\234 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "IdenTrust Public Sector Root CA 1" # Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US @@ -17390,6 +16987,8 @@ CKA_VALUE MULTILINE_OCTAL \105\366 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Entrust Root Certification Authority - G2" # Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US @@ -17535,6 +17134,8 @@ CKA_VALUE MULTILINE_OCTAL \231\267\046\101\133\045\140\256\320\110\032\356\006 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Entrust Root Certification Authority - EC1" # Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US @@ -17708,6 +17309,8 @@ CKA_VALUE MULTILINE_OCTAL \056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "CFCA EV ROOT" # Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN @@ -17847,6 +17450,8 @@ CKA_VALUE MULTILINE_OCTAL \065\255\201\307\116\161\272\210\023 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "OISTE WISeKey Global Root GB CA" # Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH @@ -17982,6 +17587,8 @@ CKA_VALUE MULTILINE_OCTAL \326\040\036\343\163\267 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SZAFIR ROOT CA2" # Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL @@ -18160,6 +17767,8 @@ CKA_VALUE MULTILINE_OCTAL \016\265\271\276\044\217 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Certum Trusted Network CA 2" # Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL @@ -18347,6 +17956,8 @@ CKA_VALUE MULTILINE_OCTAL \276\157\152\247\365\054\102\355\062\255\266\041\236\276\274 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Hellenic Academic and Research Institutions RootCA 2015" # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR @@ -18483,6 +18094,8 @@ CKA_VALUE MULTILINE_OCTAL \342\174\352\002\130\042\221 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015" # Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR @@ -18652,6 +18265,8 @@ CKA_VALUE MULTILINE_OCTAL \376\216\036\127\242\315\100\235\176\142\042\332\336\030\047 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "ISRG Root X1" # Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US @@ -18815,6 +18430,8 @@ CKA_VALUE MULTILINE_OCTAL \072\117\110\366\213\266\263 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "AC RAIZ FNMT-RCM" # Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES @@ -18940,6 +18557,8 @@ CKA_VALUE MULTILINE_OCTAL \304\220\276\361\271 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Amazon Root CA 1" # Issuer: CN=Amazon Root CA 1,O=Amazon,C=US @@ -19097,6 +18716,8 @@ CKA_VALUE MULTILINE_OCTAL \340\373\011\140\154 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Amazon Root CA 2" # Issuer: CN=Amazon Root CA 2,O=Amazon,C=US @@ -19197,6 +18818,8 @@ CKA_VALUE MULTILINE_OCTAL \143\044\110\034\337\060\175\325\150\073 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Amazon Root CA 3" # Issuer: CN=Amazon Root CA 3,O=Amazon,C=US @@ -19301,6 +18924,8 @@ CKA_VALUE MULTILINE_OCTAL \012\166\324\245\274\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Amazon Root CA 4" # Issuer: CN=Amazon Root CA 4,O=Amazon,C=US @@ -19468,6 +19093,8 @@ CKA_VALUE MULTILINE_OCTAL \045\307\043\200\203\012\353 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "LuxTrust Global Root 2" # Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU @@ -19617,6 +19244,8 @@ CKA_VALUE MULTILINE_OCTAL \322\063\340\377\275\321\124\071\051\017 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Symantec Class 1 Public Primary Certification Authority - G6" # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -19771,6 +19400,8 @@ CKA_VALUE MULTILINE_OCTAL \157\374\132\344\202\125\131\257\061\251 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Symantec Class 2 Public Primary Certification Authority - G6" # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -19904,6 +19535,8 @@ CKA_VALUE MULTILINE_OCTAL \362\014\105\111\071\277\231\004\034\323\020\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Symantec Class 1 Public Primary Certification Authority - G4" # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -20037,6 +19670,8 @@ CKA_VALUE MULTILINE_OCTAL \051\246\330\107\331\240\226\030\333\362\105\263 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Symantec Class 2 Public Primary Certification Authority - G4" # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -20182,6 +19817,8 @@ CKA_VALUE MULTILINE_OCTAL \137\134 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "D-TRUST Root CA 3 2013" # Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE @@ -20344,6 +19981,8 @@ CKA_VALUE MULTILINE_OCTAL \237\042\136\242\017\241\343 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" # Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR @@ -20519,6 +20158,8 @@ CKA_VALUE MULTILINE_OCTAL \250\267\101\154\007\335\275\074\206\227\057\322 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GDCA TrustAUTH R5 ROOT" # Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN @@ -20674,6 +20315,8 @@ CKA_VALUE MULTILINE_OCTAL \132\171\054\031 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TrustCor RootCert CA-1" # Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -20865,6 +20508,8 @@ CKA_VALUE MULTILINE_OCTAL \326\354\011 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TrustCor RootCert CA-2" # Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -21021,6 +20666,8 @@ CKA_VALUE MULTILINE_OCTAL \264\237\327\346 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TrustCor ECA-1" # Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -21200,6 +20847,8 @@ CKA_VALUE MULTILINE_OCTAL \271 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SSL.com Root Certification Authority RSA" # Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -21324,6 +20973,8 @@ CKA_VALUE MULTILINE_OCTAL \145 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SSL.com Root Certification Authority ECC" # Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -21503,6 +21154,8 @@ CKA_VALUE MULTILINE_OCTAL \040\022\215\264\254\127\261\105\143\241\254\166\251\302\373 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SSL.com EV Root Certification Authority RSA R2" # Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -21630,6 +21283,8 @@ CKA_VALUE MULTILINE_OCTAL \371\007\340\142\232\214\134\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SSL.com EV Root Certification Authority ECC" # Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -21796,6 +21451,8 @@ CKA_VALUE MULTILINE_OCTAL \147\203\005\132\311\244\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GlobalSign Root CA - R6" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 @@ -21913,6 +21570,8 @@ CKA_VALUE MULTILINE_OCTAL \242\355\357\173\260\200\117\130\017\113\123\071\275 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "OISTE WISeKey Global Root GC CA" # Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH @@ -22076,6 +21735,8 @@ CKA_VALUE MULTILINE_OCTAL \361\306\143\107\125\034\272\245\010\121\165\246\110\045 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GTS Root R1" # Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US @@ -22237,6 +21898,8 @@ CKA_VALUE MULTILINE_OCTAL \267\375\054\010\122\117\202\335\243\360\324\206\011\002 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GTS Root R2" # Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US @@ -22345,6 +22008,8 @@ CKA_VALUE MULTILINE_OCTAL \232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GTS Root R3" # Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US @@ -22453,6 +22118,8 @@ CKA_VALUE MULTILINE_OCTAL \161\314\362\260\115\326\376\231\310\224\251\165\242\343 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GTS Root R4" # Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US @@ -22611,6 +22278,8 @@ CKA_VALUE MULTILINE_OCTAL \120\037\212\373\006\365\302\031\360\320 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "UCA Global G2 Root" # Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN @@ -22771,6 +22440,8 @@ CKA_VALUE MULTILINE_OCTAL \177\275\145\040\262\311\301\053\166\030\166\237\126\261 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "UCA Extended Validation Root" # Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN @@ -22950,6 +22621,8 @@ CKA_VALUE MULTILINE_OCTAL \045\124\377\242\332\117\212\141\071\136\256\075\112\214\275 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Certigna Root CA" # Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR @@ -23087,6 +22760,8 @@ CKA_VALUE MULTILINE_OCTAL \210\336\272\314\037\200\176\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "emSign Root CA - G1" # Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN @@ -23204,6 +22879,8 @@ CKA_VALUE MULTILINE_OCTAL \054\243 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "emSign ECC Root CA - G3" # Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN @@ -23337,6 +23014,8 @@ CKA_VALUE MULTILINE_OCTAL \361\337\312\276\203\015\102 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "emSign Root CA - C1" # Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US @@ -23448,6 +23127,8 @@ CKA_VALUE MULTILINE_OCTAL \276\201\007\125\060\120\040\024\365\127\070\012\250\061\121 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "emSign ECC Root CA - C3" # Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US @@ -23623,6 +23304,8 @@ CKA_VALUE MULTILINE_OCTAL \232\233\364 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Hongkong Post Root CA 3" # Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 94de1373c..54d86f70f 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -34,6 +34,9 @@ our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml"; # File where the addresses of the homenet are stored. our $homenet_file = "$settingsdir/suricata-homenet.yaml";
+# File where the addresses of the used DNS servers are stored. +our $dns_servers_file = "$settingsdir/suricata-dns-servers.yaml"; + # File which contains the enabled sids. our $enabled_sids_file = "$settingsdir/oinkmaster-enabled-sids.conf";
@@ -695,6 +698,65 @@ sub generate_home_net_file() { close(FILE); }
+# +# Function to generate and write the file which contains the configured and used DNS servers. +# +sub generate_dns_servers_file() { + # Open file which contains the current used DNS configuration. + open (FILE, "${General::swroot}/red/dns") or die "Could not read DNS configuration from ${General::swroot}/red/dns. $!\n"; + + # Read-in whole file content and store it in a temporary array. + my @file_content = <FILE>; + + # Close file handle. + close(FILE); + + # Format dns servers declaration. + my $line = ""["; + + # Loop through the array which contains the file content. + foreach my $server (@file_content) { + # Remove newlines. + chomp($server); + + # Check if the current DNS configuration is using the local recursor mode. + if ($server eq "local recursor") { + # The responsible DNS servers on red are directly used, and because we are not able + # to specify each single DNS server address here, we currently have to thread each + # address which is not part of the HOME_NET as possible DNS server. + $line = "$line" . "!$HOME_NET"; + } else { + # Add the DNS server to the line. + $line = "$line" . "$server"; + } + + # Check if the current DNS server was the last in the array. + if ($server eq $file_content[-1]) { + # Close the line. + $line = "$line" . "]""; + } else { + # Add "," for the next DNS server. + $line = "$line" . ","; + } + } + + # Open file to store the used DNS server addresses. + open(FILE, ">$dns_servers_file") or die "Could not open $dns_servers_file. $!\n"; + + # Print yaml header. + print FILE "%YAML 1.1\n"; + print FILE "---\n\n"; + + # Print notice about autogenerated file. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Print the generated DNS declaration to the file. + print FILE "DNS_SERVERS:\t$line\n"; + + # Close file handle. + close(FILE); +} + # ## Function to generate and write the file for used rulefiles. # diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index 0166c4920..de7b8559d 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -11,7 +11,7 @@
SSLEngine on SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 + SSLCipherSuite AESGCM+EECDH:CHACHA20+EECDH:@STRENGTH:+aRSA SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off @@ -22,6 +22,8 @@
Header always set X-Content-Type-Options nosniff Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'" + Header always set Referrer-Policy strict-origin + Header always set X-Frame-Options sameorigin
<Directory /srv/web/ipfire/html> Options ExecCGI diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf index b70994404..2cf57dd29 100644 --- a/config/httpd/vhosts.d/ipfire-interface.conf +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -8,6 +8,8 @@
Header always set X-Content-Type-Options nosniff Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'" + Header always set Referrer-Policy strict-origin + Header always set X-Frame-Options sameorigin
<Directory /srv/web/ipfire/html> Options ExecCGI diff --git a/config/libvirt/libvirtd.conf b/config/libvirt/libvirtd.conf new file mode 100644 index 000000000..dc4ba4cb6 --- /dev/null +++ b/config/libvirt/libvirtd.conf @@ -0,0 +1,501 @@ +# Master libvirt daemon configuration file +# + +################################################################# +# +# Network connectivity controls +# + +# Flag listening for secure TLS connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# It is necessary to setup a CA and issue server certificates before +# using this capability. +# +# This is enabled by default, uncomment this to disable it +listen_tls = 0 + +# Listen for unencrypted TCP connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# Using the TCP socket requires SASL authentication by default. Only +# SASL mechanisms which support data encryption are allowed. This is +# DIGEST_MD5 and GSSAPI (Kerberos5) +# +# This is disabled by default, uncomment this to enable it. +#listen_tcp = 1 + + + +# Override the port for accepting secure TLS connections +# This can be a port number, or service name +# +# This setting is not required or honoured if using systemd socket +# activation with systemd version >= 227 +# +#tls_port = "16514" + +# Override the port for accepting insecure TCP connections +# This can be a port number, or service name +# +# This setting is not required or honoured if using systemd socket +# activation with systemd version >= 227 +# +#tcp_port = "16509" + + +# Override the default configuration which binds to all network +# interfaces. This can be a numeric IPv4/6 address, or hostname +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# If the libvirtd service is started in parallel with network +# startup (e.g. with systemd), binding to addresses other than +# the wildcards (0.0.0.0/::) might not be available yet. +# +listen_addr = "127.0.0.1" + + +################################################################# +# +# UNIX socket access controls +# + +# Set the UNIX domain socket group ownership. This can be used to +# allow a 'trusted' set of users access to management capabilities +# without becoming root. +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# This is restricted to 'root' by default. +unix_sock_group = "libvirt-remote" + +# Set the UNIX socket permissions for the R/O socket. This is used +# for monitoring VM status only +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# Default allows any user. If setting group ownership, you may want to +# restrict this too. +unix_sock_ro_perms = "0770" + +# Set the UNIX socket permissions for the R/W socket. This is used +# for full management of VMs +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# Default allows only root. If PolicyKit is enabled on the socket, +# the default will change to allow everyone (eg, 0777) +# +# If not using PolicyKit and setting group ownership for access +# control, then you may want to relax this too. +unix_sock_rw_perms = "0770" + +# Set the UNIX socket permissions for the admin interface socket. +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# Default allows only owner (root), do not change it unless you are +# sure to whom you are exposing the access to. +#unix_sock_admin_perms = "0700" + +# Set the name of the directory in which sockets will be found/created. +# +# This setting is not required or honoured if using systemd socket +# activation with systemd version >= 227 +# +#unix_sock_dir = "/var/run/libvirt" + + + +################################################################# +# +# Authentication. +# +# - none: do not perform auth checks. If you can connect to the +# socket you are allowed. This is suitable if there are +# restrictions on connecting to the socket (eg, UNIX +# socket permissions), or if there is a lower layer in +# the network providing auth (eg, TLS/x509 certificates) +# +# - sasl: use SASL infrastructure. The actual auth scheme is then +# controlled from /etc/sasl2/libvirt.conf. For the TCP +# socket only GSSAPI & DIGEST-MD5 mechanisms will be used. +# For non-TCP or TLS sockets, any scheme is allowed. +# +# - polkit: use PolicyKit to authenticate. This is only suitable +# for use on the UNIX sockets. The default policy will +# require a user to supply their own password to gain +# full read/write access (aka sudo like), while anyone +# is allowed read/only access. +# +# Set an authentication scheme for UNIX read-only sockets +# By default socket permissions allow anyone to connect +# +# To restrict monitoring of domains you may wish to enable +# an authentication mechanism here +#auth_unix_ro = "none" + +# Set an authentication scheme for UNIX read-write sockets +# By default socket permissions only allow root. If PolicyKit +# support was compiled into libvirt, the default will be to +# use 'polkit' auth. +# +# If the unix_sock_rw_perms are changed you may wish to enable +# an authentication mechanism here +#auth_unix_rw = "none" + +# Change the authentication scheme for TCP sockets. +# +# If you don't enable SASL, then all TCP traffic is cleartext. +# Don't do this outside of a dev/test scenario. For real world +# use, always enable SASL and use the GSSAPI or DIGEST-MD5 +# mechanism in /etc/sasl2/libvirt.conf +#auth_tcp = "sasl" + +# Change the authentication scheme for TLS sockets. +# +# TLS sockets already have encryption provided by the TLS +# layer, and limited authentication is done by certificates +# +# It is possible to make use of any SASL authentication +# mechanism as well, by using 'sasl' for this option +#auth_tls = "none" + + +# Change the API access control scheme +# +# By default an authenticated user is allowed access +# to all APIs. Access drivers can place restrictions +# on this. By default the 'nop' driver is enabled, +# meaning no access control checks are done once a +# client has authenticated with libvirtd +# +#access_drivers = [ "polkit" ] + +################################################################# +# +# TLS x509 certificate configuration +# + +# Use of TLS requires that x509 certificates be issued. The default locations +# for the certificate files is as follows: +# +# /etc/pki/CA/cacert.pem - The CA master certificate +# /etc/pki/libvirt/servercert.pem - The server certificate signed with +# the cacert.pem +# /etc/pki/libvirt/private/serverkey.pem - The server private key +# +# It is possible to override the default locations by altering the 'key_file', +# 'cert_file', and 'ca_file' values and uncommenting them below. +# +# NB, overriding the default of one location requires uncommenting and +# possibly additionally overriding the other settings. +# + +# Override the default server key file path +# +#key_file = "/etc/pki/libvirt/private/serverkey.pem" + +# Override the default server certificate file path +# +#cert_file = "/etc/pki/libvirt/servercert.pem" + +# Override the default CA certificate path +# +#ca_file = "/etc/pki/CA/cacert.pem" + +# Specify a certificate revocation list. +# +# Defaults to not using a CRL, uncomment to enable it +#crl_file = "/etc/pki/CA/crl.pem" + + + +################################################################# +# +# Authorization controls +# + + +# Flag to disable verification of our own server certificates +# +# When libvirtd starts it performs some sanity checks against +# its own certificates. +# +# Default is to always run sanity checks. Uncommenting this +# will disable sanity checks which is not a good idea +#tls_no_sanity_certificate = 1 + +# Flag to disable verification of client certificates +# +# Client certificate verification is the primary authentication mechanism. +# Any client which does not present a certificate signed by the CA +# will be rejected. +# +# Default is to always verify. Uncommenting this will disable +# verification - make sure an IP whitelist is set +#tls_no_verify_certificate = 1 + + +# A whitelist of allowed x509 Distinguished Names +# This list may contain wildcards such as +# +# "C=GB,ST=London,L=London,O=Red Hat,CN=*" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no DN's are checked +#tls_allowed_dn_list = ["DN1", "DN2"] + + +# A whitelist of allowed SASL usernames. The format for username +# depends on the SASL authentication mechanism. Kerberos usernames +# look like username@REALM +# +# This list may contain wildcards such as +# +# "*@EXAMPLE.COM" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no Username's are checked +#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ] + + +# Override the compile time default TLS priority string. The +# default is usually "NORMAL" unless overridden at build time. +# Only set this is it is desired for libvirt to deviate from +# the global default settings. +# +#tls_priority="NORMAL" + + +################################################################# +# +# Processing controls +# + +# The maximum number of concurrent client connections to allow +# over all sockets combined. +#max_clients = 5000 + +# The maximum length of queue of connections waiting to be +# accepted by the daemon. Note, that some protocols supporting +# retransmission may obey this so that a later reattempt at +# connection succeeds. +#max_queued_clients = 1000 + +# The maximum length of queue of accepted but not yet +# authenticated clients. The default value is 20. Set this to +# zero to turn this feature off. +#max_anonymous_clients = 20 + +# The minimum limit sets the number of workers to start up +# initially. If the number of active clients exceeds this, +# then more threads are spawned, up to max_workers limit. +# Typically you'd want max_workers to equal maximum number +# of clients allowed +#min_workers = 5 +#max_workers = 20 + + +# The number of priority workers. If all workers from above +# pool are stuck, some calls marked as high priority +# (notably domainDestroy) can be executed in this pool. +#prio_workers = 5 + +# Limit on concurrent requests from a single client +# connection. To avoid one client monopolizing the server +# this should be a small fraction of the global max_workers +# parameter. +#max_client_requests = 5 + +# Same processing controls, but this time for the admin interface. +# For description of each option, be so kind to scroll few lines +# upwards. + +#admin_min_workers = 1 +#admin_max_workers = 5 +#admin_max_clients = 5 +#admin_max_queued_clients = 5 +#admin_max_client_requests = 5 + +################################################################# +# +# Logging controls +# + +# Logging level: 4 errors, 3 warnings, 2 information, 1 debug +# basically 1 will log everything possible +# +# WARNING: USE OF THIS IS STRONGLY DISCOURAGED. +# +# WARNING: It outputs too much information to practically read. +# WARNING: The "log_filters" setting is recommended instead. +# +# WARNING: Journald applies rate limiting of messages and so libvirt +# WARNING: will limit "log_level" to only allow values 3 or 4 if +# WARNING: journald is the current output. +# +# WARNING: USE OF THIS IS STRONGLY DISCOURAGED. +#log_level = 3 + +# Logging filters: +# A filter allows to select a different logging level for a given category +# of logs. The format for a filter is one of: +# +# level:match +# level:+match +# +# where 'match' is a string which is matched against the category +# given in the VIR_LOG_INIT() at the top of each libvirt source +# file, e.g., "remote", "qemu", or "util.json". The 'match' in the +# filter matches using shell wildcard syntax (see 'man glob(7)'). +# The 'match' is always treated as a substring match. IOW a match +# string 'foo' is equivalent to '*foo*'. +# +# If 'match' contains the optional "+" prefix, it tells libvirt +# to log stack trace for each message matching name. +# +# 'level' is the minimal level where matching messages should +# be logged: +# +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple filters can be defined in a single @log_filters, they just need +# to be separated by spaces. Note that libvirt performs "first" match, i.e. +# if there are concurrent filters, the first one that matches will be applied, +# given the order in @log_filters. +# +# A typical need is to capture information from a hypervisor driver, +# public API entrypoints and some of the utility code. Some utility +# code is very verbose and is generally not desired. Taking the QEMU +# hypervisor as an example, a suitable filter string for debugging +# might be to turn off object, json & event logging, but enable the +# rest of the util code: +# +#log_filters="1:qemu 1:libvirt 4:object 4:json 4:event 1:util" + +# Logging outputs: +# An output is one of the places to save logging information +# The format for an output can be: +# level:stderr +# output goes to stderr +# level:syslog:name +# use syslog for the output and use the given name as the ident +# level:file:file_path +# output to a file, with the given filepath +# level:journald +# output to journald logging system +# In all cases 'level' is the minimal priority, acting as a filter +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple outputs can be defined, they just need to be separated by spaces. +# e.g. to log all warnings and errors to syslog under the libvirtd ident: +#log_outputs="3:syslog:libvirtd" + + +################################################################## +# +# Auditing +# +# This setting allows usage of the auditing subsystem to be altered: +# +# audit_level == 0 -> disable all auditing +# audit_level == 1 -> enable auditing, only if enabled on host (default) +# audit_level == 2 -> enable auditing, and exit if disabled on host +# +#audit_level = 2 +# +# If set to 1, then audit messages will also be sent +# via libvirt logging infrastructure. Defaults to 0 +# +#audit_logging = 1 + +################################################################### +# UUID of the host: +# Host UUID is read from one of the sources specified in host_uuid_source. +# +# - 'smbios': fetch the UUID from 'dmidecode -s system-uuid' +# - 'machine-id': fetch the UUID from /etc/machine-id +# +# The host_uuid_source default is 'smbios'. If 'dmidecode' does not provide +# a valid UUID a temporary UUID will be generated. +# +# Another option is to specify host UUID in host_uuid. +# +# Keep the format of the example UUID below. UUID must not have all digits +# be the same. + +# NB This default all-zeros UUID will not work. Replace +# it with the output of the 'uuidgen' command and then +# uncomment this entry +#host_uuid = "00000000-0000-0000-0000-000000000000" +#host_uuid_source = "smbios" + +################################################################### +# Keepalive protocol: +# This allows libvirtd to detect broken client connections or even +# dead clients. A keepalive message is sent to a client after +# keepalive_interval seconds of inactivity to check if the client is +# still responding; keepalive_count is a maximum number of keepalive +# messages that are allowed to be sent to the client without getting +# any response before the connection is considered broken. In other +# words, the connection is automatically closed approximately after +# keepalive_interval * (keepalive_count + 1) seconds since the last +# message received from the client. If keepalive_interval is set to +# -1, libvirtd will never send keepalive requests; however clients +# can still send them and the daemon will send responses. When +# keepalive_count is set to 0, connections will be automatically +# closed after keepalive_interval seconds of inactivity without +# sending any keepalive messages. +# +#keepalive_interval = 5 +#keepalive_count = 5 + +# +# These configuration options are no longer used. There is no way to +# restrict such clients from connecting since they first need to +# connect in order to ask for keepalive. +# +#keepalive_required = 1 +#admin_keepalive_required = 1 + +# Keepalive settings for the admin interface +#admin_keepalive_interval = 5 +#admin_keepalive_count = 5 + +################################################################### +# Open vSwitch: +# This allows to specify a timeout for openvswitch calls made by +# libvirt. The ovs-vsctl utility is used for the configuration and +# its timeout option is set by default to 5 seconds to avoid +# potential infinite waits blocking libvirt. +# +#ovs_timeout = 5 diff --git a/config/rootfiles/common/bash b/config/rootfiles/common/bash index 84f587f3c..7669333c8 100644 --- a/config/rootfiles/common/bash +++ b/config/rootfiles/common/bash @@ -1,6 +1,96 @@ -bin/sh -bin/bash #bin/bashbug +#usr/include/bash +#usr/include/bash/alias.h +#usr/include/bash/array.h +#usr/include/bash/arrayfunc.h +#usr/include/bash/assoc.h +#usr/include/bash/bashansi.h +#usr/include/bash/bashintl.h +#usr/include/bash/bashjmp.h +#usr/include/bash/bashtypes.h +#usr/include/bash/builtins +#usr/include/bash/builtins.h +#usr/include/bash/builtins/bashgetopt.h +#usr/include/bash/builtins/builtext.h +#usr/include/bash/builtins/common.h +#usr/include/bash/builtins/getopt.h +#usr/include/bash/command.h +#usr/include/bash/config-bot.h +#usr/include/bash/config-top.h +#usr/include/bash/config.h +#usr/include/bash/conftypes.h +#usr/include/bash/dispose_cmd.h +#usr/include/bash/error.h +#usr/include/bash/externs.h +#usr/include/bash/general.h +#usr/include/bash/hashlib.h +#usr/include/bash/include +#usr/include/bash/include/ansi_stdlib.h +#usr/include/bash/include/chartypes.h +#usr/include/bash/include/filecntl.h +#usr/include/bash/include/gettext.h +#usr/include/bash/include/maxpath.h +#usr/include/bash/include/memalloc.h +#usr/include/bash/include/ocache.h +#usr/include/bash/include/posixdir.h +#usr/include/bash/include/posixjmp.h +#usr/include/bash/include/posixstat.h +#usr/include/bash/include/posixtime.h +#usr/include/bash/include/posixwait.h +#usr/include/bash/include/shmbchar.h +#usr/include/bash/include/shmbutil.h +#usr/include/bash/include/shtty.h +#usr/include/bash/include/stat-time.h +#usr/include/bash/include/stdc.h +#usr/include/bash/include/systimes.h +#usr/include/bash/include/typemax.h +#usr/include/bash/include/unionwait.h +#usr/include/bash/jobs.h +#usr/include/bash/make_cmd.h +#usr/include/bash/pathnames.h +#usr/include/bash/quit.h +#usr/include/bash/shell.h +#usr/include/bash/sig.h +#usr/include/bash/siglist.h +#usr/include/bash/signames.h +#usr/include/bash/subst.h +#usr/include/bash/syntax.h +#usr/include/bash/unwind_prot.h +#usr/include/bash/variables.h +#usr/include/bash/version.h +#usr/include/bash/xmalloc.h +#usr/include/bash/y.tab.h +#usr/lib/bash +usr/lib/bash/Makefile.inc +usr/lib/bash/basename +usr/lib/bash/dirname +usr/lib/bash/fdflags +usr/lib/bash/finfo +usr/lib/bash/head +usr/lib/bash/id +usr/lib/bash/ln +usr/lib/bash/loadables.h +usr/lib/bash/logname +usr/lib/bash/mkdir +usr/lib/bash/mypid +usr/lib/bash/pathchk +usr/lib/bash/print +usr/lib/bash/printenv +usr/lib/bash/push +usr/lib/bash/realpath +usr/lib/bash/rmdir +usr/lib/bash/seq +usr/lib/bash/setpgid +usr/lib/bash/sleep +usr/lib/bash/strftime +usr/lib/bash/sync +usr/lib/bash/tee +usr/lib/bash/truefalse +usr/lib/bash/tty +usr/lib/bash/uname +usr/lib/bash/unlink +usr/lib/bash/whoami +#usr/lib/pkgconfig/bash.pc #usr/share/doc/bash #usr/share/doc/bash/CHANGES #usr/share/doc/bash/COMPAT @@ -39,15 +129,15 @@ bin/bash #usr/share/locale/it/LC_MESSAGES/bash.mo #usr/share/locale/ja/LC_MESSAGES/bash.mo #usr/share/locale/lt/LC_MESSAGES/bash.mo +#usr/share/locale/nb/LC_MESSAGES/bash.mo #usr/share/locale/nl/LC_MESSAGES/bash.mo #usr/share/locale/pl/LC_MESSAGES/bash.mo +#usr/share/locale/pt/LC_MESSAGES/bash.mo #usr/share/locale/pt_BR/LC_MESSAGES/bash.mo #usr/share/locale/ro/LC_MESSAGES/bash.mo #usr/share/locale/ru/LC_MESSAGES/bash.mo #usr/share/locale/sk/LC_MESSAGES/bash.mo #usr/share/locale/sl/LC_MESSAGES/bash.mo -#usr/share/locale/sr -#usr/share/locale/sr/LC_MESSAGES #usr/share/locale/sr/LC_MESSAGES/bash.mo #usr/share/locale/sv/LC_MESSAGES/bash.mo #usr/share/locale/tr/LC_MESSAGES/bash.mo @@ -57,3 +147,5 @@ bin/bash #usr/share/locale/zh_TW/LC_MESSAGES/bash.mo #usr/share/man/man1/bash.1 #usr/share/man/man1/bashbug.1 +bin/sh +bin/bash diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive index c190eef7b..10950c9fc 100644 --- a/config/rootfiles/common/libarchive +++ b/config/rootfiles/common/libarchive @@ -6,7 +6,7 @@ #usr/lib/libarchive.la #usr/lib/libarchive.so #usr/lib/libarchive.so.13 -#usr/lib/libarchive.so.13.3.1 +#usr/lib/libarchive.so.13.4.0 #usr/lib/pkgconfig/libarchive.pc #usr/share/man/man1/bsdcat.1 #usr/share/man/man1/bsdcpio.1 @@ -14,6 +14,7 @@ #usr/share/man/man3/archive_entry.3 #usr/share/man/man3/archive_entry_acl.3 #usr/share/man/man3/archive_entry_linkify.3 +#usr/share/man/man3/archive_entry_misc.3 #usr/share/man/man3/archive_entry_paths.3 #usr/share/man/man3/archive_entry_perms.3 #usr/share/man/man3/archive_entry_stat.3 diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch index fe67a8c84..c47fb4199 100644 --- a/config/rootfiles/common/logwatch +++ b/config/rootfiles/common/logwatch @@ -24,7 +24,9 @@ usr/share/logwatch/default.conf/logfiles/cron.conf #usr/share/logwatch/default.conf/logfiles/daemon.conf #usr/share/logwatch/default.conf/logfiles/denyhosts.conf #usr/share/logwatch/default.conf/logfiles/dirsrv.conf +#usr/share/logwatch/default.conf/logfiles/dnf-rpm.conf #usr/share/logwatch/default.conf/logfiles/dnssec.conf +#usr/share/logwatch/default.conf/logfiles/dovecot.conf #usr/share/logwatch/default.conf/logfiles/dpkg.conf #usr/share/logwatch/default.conf/logfiles/emerge.conf #usr/share/logwatch/default.conf/logfiles/eventlog.conf @@ -51,6 +53,7 @@ usr/share/logwatch/default.conf/logfiles/php.conf #usr/share/logwatch/default.conf/logfiles/qmail-send-current.conf #usr/share/logwatch/default.conf/logfiles/qmail-smtpd-current.conf usr/share/logwatch/default.conf/logfiles/resolver.conf +#usr/share/logwatch/default.conf/logfiles/rsnapshot.conf #usr/share/logwatch/default.conf/logfiles/rt314.conf usr/share/logwatch/default.conf/logfiles/samba.conf #usr/share/logwatch/default.conf/logfiles/secure.conf @@ -86,6 +89,7 @@ usr/share/logwatch/default.conf/services/cron.conf #usr/share/logwatch/default.conf/services/denyhosts.conf usr/share/logwatch/default.conf/services/dhcpd.conf #usr/share/logwatch/default.conf/services/dirsrv.conf +#usr/share/logwatch/default.conf/services/dnf-rpm.conf #usr/share/logwatch/default.conf/services/dnssec.conf #usr/share/logwatch/default.conf/services/dovecot.conf #usr/share/logwatch/default.conf/services/dpkg.conf @@ -146,6 +150,7 @@ usr/share/logwatch/default.conf/services/postfix.conf #usr/share/logwatch/default.conf/services/qmail.conf #usr/share/logwatch/default.conf/services/raid.conf usr/share/logwatch/default.conf/services/resolver.conf +#usr/share/logwatch/default.conf/services/rsnapshot.conf #usr/share/logwatch/default.conf/services/rsyslogd.conf #usr/share/logwatch/default.conf/services/rt314.conf usr/share/logwatch/default.conf/services/samba.conf @@ -178,7 +183,6 @@ usr/share/logwatch/default.conf/services/windows.conf #usr/share/logwatch/default.conf/services/yum.conf #usr/share/logwatch/default.conf/services/zypp.conf usr/share/logwatch/default.conf/services/zz-disk_space.conf -#usr/share/logwatch/default.conf/services/zz-fortune.conf usr/share/logwatch/default.conf/services/zz-lm_sensors.conf usr/share/logwatch/default.conf/services/zz-network.conf usr/share/logwatch/default.conf/services/zz-runtime.conf @@ -230,6 +234,7 @@ usr/share/logwatch/scripts/services/cron usr/share/logwatch/scripts/services/dhcpd usr/share/logwatch/scripts/services/dialup #usr/share/logwatch/scripts/services/dirsrv +#usr/share/logwatch/scripts/services/dnf-rpm #usr/share/logwatch/scripts/services/dnssec #usr/share/logwatch/scripts/services/dovecot #usr/share/logwatch/scripts/services/dpkg @@ -290,6 +295,7 @@ usr/share/logwatch/scripts/services/postfix #usr/share/logwatch/scripts/services/qmail-smtpd #usr/share/logwatch/scripts/services/raid usr/share/logwatch/scripts/services/resolver +#usr/share/logwatch/scripts/services/rsnapshot #usr/share/logwatch/scripts/services/rsyslogd #usr/share/logwatch/scripts/services/rt314 usr/share/logwatch/scripts/services/samba @@ -322,7 +328,6 @@ usr/share/logwatch/scripts/services/windows #usr/share/logwatch/scripts/services/yum #usr/share/logwatch/scripts/services/zypp usr/share/logwatch/scripts/services/zz-disk_space -#usr/share/logwatch/scripts/services/zz-fortune usr/share/logwatch/scripts/services/zz-lm_sensors usr/share/logwatch/scripts/services/zz-network usr/share/logwatch/scripts/services/zz-runtime @@ -340,6 +345,7 @@ usr/share/logwatch/scripts/shared/eventlogremoveservice usr/share/logwatch/scripts/shared/expandrepeats usr/share/logwatch/scripts/shared/hosthash usr/share/logwatch/scripts/shared/hostlist +usr/share/logwatch/scripts/shared/journalctl usr/share/logwatch/scripts/shared/multiservice usr/share/logwatch/scripts/shared/onlycontains usr/share/logwatch/scripts/shared/onlyhost diff --git a/config/rootfiles/common/lz4 b/config/rootfiles/common/lz4 index 0902a47fe..ab03c65f7 100644 --- a/config/rootfiles/common/lz4 +++ b/config/rootfiles/common/lz4 @@ -9,7 +9,7 @@ usr/bin/lz4 #usr/lib/liblz4.a #usr/lib/liblz4.so usr/lib/liblz4.so.1 -usr/lib/liblz4.so.1.8.1 +usr/lib/liblz4.so.1.9.2 #usr/lib/pkgconfig/liblz4.pc #usr/share/man/man1/lz4.1 #usr/share/man/man1/lz4c.1 diff --git a/config/rootfiles/common/readline b/config/rootfiles/common/readline index b2ac26dd4..19baa8a4a 100644 --- a/config/rootfiles/common/readline +++ b/config/rootfiles/common/readline @@ -8,11 +8,12 @@ #usr/include/readline/rltypedefs.h #usr/include/readline/tilde.h #usr/lib/libhistory.so -usr/lib/libhistory.so.6 -usr/lib/libhistory.so.6.3 +usr/lib/libhistory.so.8 +usr/lib/libhistory.so.8.0 #usr/lib/libreadline.so -usr/lib/libreadline.so.6 -usr/lib/libreadline.so.6.3 +usr/lib/libreadline.so.8 +usr/lib/libreadline.so.8.0 +#usr/lib/pkgconfig/readline.pc #usr/share/doc/readline #usr/share/doc/readline/CHANGES #usr/share/doc/readline/INSTALL diff --git a/config/rootfiles/common/readline-compat b/config/rootfiles/common/readline-compat index 1ff73257c..9ef128a47 100644 --- a/config/rootfiles/common/readline-compat +++ b/config/rootfiles/common/readline-compat @@ -1,4 +1,4 @@ -lib/libhistory.so.5 -lib/libhistory.so.5.2 -lib/libreadline.so.5 -lib/libreadline.so.5.2 +lib/libhistory.so.6 +lib/libhistory.so.6.3 +lib/libreadline.so.6 +lib/libreadline.so.6.3 diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode index df05c2de5..2aa6f9301 100644 --- a/config/rootfiles/common/x86_64/intel-microcode +++ b/config/rootfiles/common/x86_64/intel-microcode @@ -63,8 +63,11 @@ lib/firmware/intel-ucode/06-46-01 lib/firmware/intel-ucode/06-47-01 lib/firmware/intel-ucode/06-4c-03 lib/firmware/intel-ucode/06-4c-04 +lib/firmware/intel-ucode/06-4d-08 lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-55-03 lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-55-06 lib/firmware/intel-ucode/06-55-07 lib/firmware/intel-ucode/06-56-02 lib/firmware/intel-ucode/06-56-03 @@ -75,7 +78,10 @@ lib/firmware/intel-ucode/06-5c-09 lib/firmware/intel-ucode/06-5c-0a lib/firmware/intel-ucode/06-5e-03 lib/firmware/intel-ucode/06-5f-01 +lib/firmware/intel-ucode/06-66-03 lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-7a-08 +lib/firmware/intel-ucode/06-7e-05 lib/firmware/intel-ucode/06-8e-09 lib/firmware/intel-ucode/06-8e-0a lib/firmware/intel-ucode/06-8e-0b @@ -83,8 +89,8 @@ lib/firmware/intel-ucode/06-8e-0c lib/firmware/intel-ucode/06-9e-09 lib/firmware/intel-ucode/06-9e-0a lib/firmware/intel-ucode/06-9e-0b -lib/firmware/intel-ucode/06-9e-0c lib/firmware/intel-ucode/06-9e-0d +lib/firmware/intel-ucode/06-a6-00 lib/firmware/intel-ucode/0f-00-07 lib/firmware/intel-ucode/0f-00-0a lib/firmware/intel-ucode/0f-01-02 diff --git a/config/rootfiles/core/138/filelists/bash b/config/rootfiles/core/138/filelists/bash new file mode 120000 index 000000000..de970cb1d --- /dev/null +++ b/config/rootfiles/core/138/filelists/bash @@ -0,0 +1 @@ +../../../common/bash \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/ca-certificates b/config/rootfiles/core/138/filelists/ca-certificates new file mode 120000 index 000000000..320fea8f4 --- /dev/null +++ b/config/rootfiles/core/138/filelists/ca-certificates @@ -0,0 +1 @@ +../../../common/ca-certificates \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/ddns b/config/rootfiles/core/138/filelists/ddns new file mode 120000 index 000000000..739516420 --- /dev/null +++ b/config/rootfiles/core/138/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/files b/config/rootfiles/core/138/filelists/files index e780b00b0..d22fb8314 100644 --- a/config/rootfiles/core/138/filelists/files +++ b/config/rootfiles/core/138/filelists/files @@ -2,4 +2,15 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs +etc/httpd/conf/vhosts.d/ipfire-interface.conf +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf +etc/rc.d/init.d/functions +etc/rc.d/init.d/networking/red.up/23-suricata +etc/rc.d/init.d/unbound +etc/suricata/suricata.yaml +srv/web/ipfire/cgi-bin/ids.cgi +srv/web/ipfire/cgi-bin/mail.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +usr/sbin/convert-snort usr/lib/firewall/firewall-lib.pl +var/ipfire/ids-functions.pl diff --git a/config/rootfiles/core/138/filelists/i586/intel-microcode b/config/rootfiles/core/138/filelists/i586/intel-microcode new file mode 120000 index 000000000..f03e84778 --- /dev/null +++ b/config/rootfiles/core/138/filelists/i586/intel-microcode @@ -0,0 +1 @@ +../../../../common/i586/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/i586/openssl-sse2 b/config/rootfiles/core/138/filelists/i586/openssl-sse2 new file mode 120000 index 000000000..f424713d6 --- /dev/null +++ b/config/rootfiles/core/138/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/logwatch b/config/rootfiles/core/138/filelists/logwatch new file mode 120000 index 000000000..f14eabda9 --- /dev/null +++ b/config/rootfiles/core/138/filelists/logwatch @@ -0,0 +1 @@ +../../../common/logwatch \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/lz4 b/config/rootfiles/core/138/filelists/lz4 new file mode 120000 index 000000000..65c31802e --- /dev/null +++ b/config/rootfiles/core/138/filelists/lz4 @@ -0,0 +1 @@ +../../../common/lz4 \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/openssl b/config/rootfiles/core/138/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/138/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/openvpn b/config/rootfiles/core/138/filelists/openvpn new file mode 120000 index 000000000..493f3f7a4 --- /dev/null +++ b/config/rootfiles/core/138/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/readline b/config/rootfiles/core/138/filelists/readline new file mode 120000 index 000000000..84209f189 --- /dev/null +++ b/config/rootfiles/core/138/filelists/readline @@ -0,0 +1 @@ +../../../common/readline \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/readline-compat b/config/rootfiles/core/138/filelists/readline-compat new file mode 120000 index 000000000..f96bc808c --- /dev/null +++ b/config/rootfiles/core/138/filelists/readline-compat @@ -0,0 +1 @@ +../../../common/readline-compat \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/squid b/config/rootfiles/core/138/filelists/squid new file mode 120000 index 000000000..2dc8372a0 --- /dev/null +++ b/config/rootfiles/core/138/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/x86_64/intel-microcode b/config/rootfiles/core/138/filelists/x86_64/intel-microcode new file mode 120000 index 000000000..d5ac074e2 --- /dev/null +++ b/config/rootfiles/core/138/filelists/x86_64/intel-microcode @@ -0,0 +1 @@ +../../../../common/x86_64/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt index 633febf05..db6554a34 100644 --- a/config/rootfiles/packages/libvirt +++ b/config/rootfiles/packages/libvirt @@ -30,7 +30,6 @@ etc/logrotate.d/libvirtd etc/logrotate.d/libvirtd.libxl #etc/logrotate.d/libvirtd.lxc etc/logrotate.d/libvirtd.qemu -#etc/logrotate.d/libvirtd.uml etc/rc.d/init.d/libvirt-guests etc/rc.d/init.d/libvirtd etc/rc.d/init.d/virtlogd @@ -43,6 +42,7 @@ usr/bin/virt-xml-validate #usr/include/libvirt #usr/include/libvirt/libvirt-admin.h #usr/include/libvirt/libvirt-common.h +#usr/include/libvirt/libvirt-domain-checkpoint.h #usr/include/libvirt/libvirt-domain-snapshot.h #usr/include/libvirt/libvirt-domain.h #usr/include/libvirt/libvirt-event.h @@ -62,19 +62,19 @@ usr/bin/virt-xml-validate #usr/lib/libvirt-admin.la #usr/lib/libvirt-admin.so usr/lib/libvirt-admin.so.0 -usr/lib/libvirt-admin.so.0.4010.0 +usr/lib/libvirt-admin.so.0.5006.0 #usr/lib/libvirt-lxc.la #usr/lib/libvirt-lxc.so usr/lib/libvirt-lxc.so.0 -usr/lib/libvirt-lxc.so.0.4010.0 +usr/lib/libvirt-lxc.so.0.5006.0 #usr/lib/libvirt-qemu.la #usr/lib/libvirt-qemu.so usr/lib/libvirt-qemu.so.0 -usr/lib/libvirt-qemu.so.0.4010.0 +usr/lib/libvirt-qemu.so.0.5006.0 #usr/lib/libvirt.la #usr/lib/libvirt.so usr/lib/libvirt.so.0 -usr/lib/libvirt.so.0.4010.0 +usr/lib/libvirt.so.0.5006.0 #usr/lib/libvirt/connection-driver #usr/lib/libvirt/connection-driver/libvirt_driver_interface.la usr/lib/libvirt/connection-driver/libvirt_driver_interface.so @@ -94,6 +94,8 @@ usr/lib/libvirt/lock-driver/lockd.so #usr/lib/libvirt/storage-backend #usr/lib/libvirt/storage-backend/libvirt_storage_backend_fs.la usr/lib/libvirt/storage-backend/libvirt_storage_backend_fs.so +#usr/lib/libvirt/storage-backend/libvirt_storage_backend_logical.la +usr/lib/libvirt/storage-backend/libvirt_storage_backend_logical.so #usr/lib/libvirt/storage-file #usr/lib/libvirt/storage-file/libvirt_storage_file_fs.la usr/lib/libvirt/storage-file/libvirt_storage_file_fs.so @@ -120,176 +122,249 @@ usr/sbin/virtlogd #usr/share/augeas/lenses/tests/test_virtlogd.aug #usr/share/augeas/lenses/virtlockd.aug #usr/share/augeas/lenses/virtlogd.aug -#usr/share/doc/libvirt-4.10.0 -#usr/share/doc/libvirt-4.10.0/html -#usr/share/doc/libvirt-4.10.0/html/32favicon.png -#usr/share/doc/libvirt-4.10.0/html/404.html -#usr/share/doc/libvirt-4.10.0/html/acl.html -#usr/share/doc/libvirt-4.10.0/html/aclpolkit.html -#usr/share/doc/libvirt-4.10.0/html/api.html -#usr/share/doc/libvirt-4.10.0/html/api_extension.html -#usr/share/doc/libvirt-4.10.0/html/apps.html -#usr/share/doc/libvirt-4.10.0/html/architecture.gif -#usr/share/doc/libvirt-4.10.0/html/architecture.html -#usr/share/doc/libvirt-4.10.0/html/auditlog.html -#usr/share/doc/libvirt-4.10.0/html/auth.html -#usr/share/doc/libvirt-4.10.0/html/bindings.html -#usr/share/doc/libvirt-4.10.0/html/bugs.html -#usr/share/doc/libvirt-4.10.0/html/cgroups.html -#usr/share/doc/libvirt-4.10.0/html/compiling.html -#usr/share/doc/libvirt-4.10.0/html/contact.html -#usr/share/doc/libvirt-4.10.0/html/contribute.html -#usr/share/doc/libvirt-4.10.0/html/csharp.html -#usr/share/doc/libvirt-4.10.0/html/dbus.html -#usr/share/doc/libvirt-4.10.0/html/devguide.html -#usr/share/doc/libvirt-4.10.0/html/docs.html -#usr/share/doc/libvirt-4.10.0/html/downloads.html -#usr/share/doc/libvirt-4.10.0/html/drivers.html -#usr/share/doc/libvirt-4.10.0/html/drvbhyve.html -#usr/share/doc/libvirt-4.10.0/html/drvesx.html -#usr/share/doc/libvirt-4.10.0/html/drvhyperv.html -#usr/share/doc/libvirt-4.10.0/html/drvlxc.html -#usr/share/doc/libvirt-4.10.0/html/drvnodedev.html -#usr/share/doc/libvirt-4.10.0/html/drvopenvz.html -#usr/share/doc/libvirt-4.10.0/html/drvphyp.html -#usr/share/doc/libvirt-4.10.0/html/drvqemu.html -#usr/share/doc/libvirt-4.10.0/html/drvremote.html -#usr/share/doc/libvirt-4.10.0/html/drvtest.html -#usr/share/doc/libvirt-4.10.0/html/drvuml.html -#usr/share/doc/libvirt-4.10.0/html/drvvbox.html -#usr/share/doc/libvirt-4.10.0/html/drvvirtuozzo.html -#usr/share/doc/libvirt-4.10.0/html/drvvmware.html -#usr/share/doc/libvirt-4.10.0/html/drvxen.html -#usr/share/doc/libvirt-4.10.0/html/errors.html -#usr/share/doc/libvirt-4.10.0/html/firewall.html -#usr/share/doc/libvirt-4.10.0/html/fonts -#usr/share/doc/libvirt-4.10.0/html/fonts/LICENSE.md -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-bold-italic.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-bold.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-italic.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-light-italic.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-light.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-mono-bold.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-mono-light.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-mono-regular.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-mono-semibold.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-regular.woff -#usr/share/doc/libvirt-4.10.0/html/fonts/stylesheet.css -#usr/share/doc/libvirt-4.10.0/html/format.html -#usr/share/doc/libvirt-4.10.0/html/formatcaps.html -#usr/share/doc/libvirt-4.10.0/html/formatdomain.html -#usr/share/doc/libvirt-4.10.0/html/formatdomaincaps.html -#usr/share/doc/libvirt-4.10.0/html/formatnetwork.html -#usr/share/doc/libvirt-4.10.0/html/formatnode.html -#usr/share/doc/libvirt-4.10.0/html/formatnwfilter.html -#usr/share/doc/libvirt-4.10.0/html/formatsecret.html -#usr/share/doc/libvirt-4.10.0/html/formatsnapshot.html -#usr/share/doc/libvirt-4.10.0/html/formatstorage.html -#usr/share/doc/libvirt-4.10.0/html/formatstorageencryption.html -#usr/share/doc/libvirt-4.10.0/html/generic.css -#usr/share/doc/libvirt-4.10.0/html/goals.html -#usr/share/doc/libvirt-4.10.0/html/governance.html -#usr/share/doc/libvirt-4.10.0/html/hacking.html -#usr/share/doc/libvirt-4.10.0/html/hooks.html -#usr/share/doc/libvirt-4.10.0/html/html -#usr/share/doc/libvirt-4.10.0/html/html/home.png -#usr/share/doc/libvirt-4.10.0/html/html/index.html -#usr/share/doc/libvirt-4.10.0/html/html/left.png -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-common.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-domain-snapshot.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-domain.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-event.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-host.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-interface.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-network.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-nodedev.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-nwfilter.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-secret.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-storage.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-stream.html -#usr/share/doc/libvirt-4.10.0/html/html/libvirt-virterror.html -#usr/share/doc/libvirt-4.10.0/html/html/right.png -#usr/share/doc/libvirt-4.10.0/html/html/up.png -#usr/share/doc/libvirt-4.10.0/html/hvsupport.html -#usr/share/doc/libvirt-4.10.0/html/index.html -#usr/share/doc/libvirt-4.10.0/html/internals -#usr/share/doc/libvirt-4.10.0/html/internals.html -#usr/share/doc/libvirt-4.10.0/html/internals/command.html -#usr/share/doc/libvirt-4.10.0/html/internals/eventloop.html -#usr/share/doc/libvirt-4.10.0/html/internals/locking.html -#usr/share/doc/libvirt-4.10.0/html/internals/oomtesting.html -#usr/share/doc/libvirt-4.10.0/html/internals/rpc.html -#usr/share/doc/libvirt-4.10.0/html/java.html -#usr/share/doc/libvirt-4.10.0/html/libvirt-daemon-arch.png -#usr/share/doc/libvirt-4.10.0/html/libvirt-driver-arch.png -#usr/share/doc/libvirt-4.10.0/html/libvirt-object-model.png -#usr/share/doc/libvirt-4.10.0/html/libvirt.css -#usr/share/doc/libvirt-4.10.0/html/locking-lockd.html -#usr/share/doc/libvirt-4.10.0/html/locking-sanlock.html -#usr/share/doc/libvirt-4.10.0/html/locking.html -#usr/share/doc/libvirt-4.10.0/html/logging.html -#usr/share/doc/libvirt-4.10.0/html/logos -#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-dark-256.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-dark-800.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-dark.svg -#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-light-256.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-light-800.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-light.svg -#usr/share/doc/libvirt-4.10.0/html/logos/logo-base.svg -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-128.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-192.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-256.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-96.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered-128.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered-192.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered-256.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered-96.png -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered.svg -#usr/share/doc/libvirt-4.10.0/html/logos/logo-square.svg -#usr/share/doc/libvirt-4.10.0/html/main.css -#usr/share/doc/libvirt-4.10.0/html/migration-managed-direct.png -#usr/share/doc/libvirt-4.10.0/html/migration-managed-p2p.png -#usr/share/doc/libvirt-4.10.0/html/migration-native.png -#usr/share/doc/libvirt-4.10.0/html/migration-tunnel.png -#usr/share/doc/libvirt-4.10.0/html/migration-unmanaged-direct.png -#usr/share/doc/libvirt-4.10.0/html/migration.html -#usr/share/doc/libvirt-4.10.0/html/mobile.css -#usr/share/doc/libvirt-4.10.0/html/news-2005.html -#usr/share/doc/libvirt-4.10.0/html/news-2006.html -#usr/share/doc/libvirt-4.10.0/html/news-2007.html -#usr/share/doc/libvirt-4.10.0/html/news-2008.html -#usr/share/doc/libvirt-4.10.0/html/news-2009.html -#usr/share/doc/libvirt-4.10.0/html/news-2010.html -#usr/share/doc/libvirt-4.10.0/html/news-2011.html -#usr/share/doc/libvirt-4.10.0/html/news-2012.html -#usr/share/doc/libvirt-4.10.0/html/news-2013.html -#usr/share/doc/libvirt-4.10.0/html/news-2014.html -#usr/share/doc/libvirt-4.10.0/html/news-2015.html -#usr/share/doc/libvirt-4.10.0/html/news-2016.html -#usr/share/doc/libvirt-4.10.0/html/news.html -#usr/share/doc/libvirt-4.10.0/html/node.gif -#usr/share/doc/libvirt-4.10.0/html/nss.html -#usr/share/doc/libvirt-4.10.0/html/pci-hotplug.html -#usr/share/doc/libvirt-4.10.0/html/php.html -#usr/share/doc/libvirt-4.10.0/html/platforms.html -#usr/share/doc/libvirt-4.10.0/html/python.html -#usr/share/doc/libvirt-4.10.0/html/remote.html -#usr/share/doc/libvirt-4.10.0/html/secureusage.html -#usr/share/doc/libvirt-4.10.0/html/securityprocess.html -#usr/share/doc/libvirt-4.10.0/html/storage.html -#usr/share/doc/libvirt-4.10.0/html/support.html -#usr/share/doc/libvirt-4.10.0/html/testapi.html -#usr/share/doc/libvirt-4.10.0/html/testsuites.html -#usr/share/doc/libvirt-4.10.0/html/testtck.html -#usr/share/doc/libvirt-4.10.0/html/todo.html -#usr/share/doc/libvirt-4.10.0/html/uri.html -#usr/share/doc/libvirt-4.10.0/html/virshcmdref.html -#usr/share/doc/libvirt-4.10.0/html/windows.html +#usr/share/doc/libvirt +#usr/share/doc/libvirt/examples +#usr/share/doc/libvirt/examples/c +#usr/share/doc/libvirt/examples/c/admin +#usr/share/doc/libvirt/examples/c/admin/client_close.c +#usr/share/doc/libvirt/examples/c/admin/client_info.c +#usr/share/doc/libvirt/examples/c/admin/client_limits.c +#usr/share/doc/libvirt/examples/c/admin/list_clients.c +#usr/share/doc/libvirt/examples/c/admin/list_servers.c +#usr/share/doc/libvirt/examples/c/admin/logging.c +#usr/share/doc/libvirt/examples/c/admin/threadpool_params.c +#usr/share/doc/libvirt/examples/c/domain +#usr/share/doc/libvirt/examples/c/domain/dommigrate.c +#usr/share/doc/libvirt/examples/c/domain/domtop.c +#usr/share/doc/libvirt/examples/c/domain/info1.c +#usr/share/doc/libvirt/examples/c/domain/rename.c +#usr/share/doc/libvirt/examples/c/domain/suspend.c +#usr/share/doc/libvirt/examples/c/misc +#usr/share/doc/libvirt/examples/c/misc/event-test.c +#usr/share/doc/libvirt/examples/c/misc/hellolibvirt.c +#usr/share/doc/libvirt/examples/c/misc/openauth.c +#usr/share/doc/libvirt/examples/polkit +#usr/share/doc/libvirt/examples/polkit/libvirt-acl.rules +#usr/share/doc/libvirt/examples/sh +#usr/share/doc/libvirt/examples/sh/virt-lxc-convert +#usr/share/doc/libvirt/examples/systemtap +#usr/share/doc/libvirt/examples/systemtap/events.stp +#usr/share/doc/libvirt/examples/systemtap/lock-debug.stp +#usr/share/doc/libvirt/examples/systemtap/qemu-monitor.stp +#usr/share/doc/libvirt/examples/systemtap/rpc-monitor.stp +#usr/share/doc/libvirt/examples/xml +#usr/share/doc/libvirt/examples/xml/storage +#usr/share/doc/libvirt/examples/xml/storage/pool-dir.xml +#usr/share/doc/libvirt/examples/xml/storage/pool-fs.xml +#usr/share/doc/libvirt/examples/xml/storage/pool-logical.xml +#usr/share/doc/libvirt/examples/xml/storage/pool-netfs.xml +#usr/share/doc/libvirt/examples/xml/storage/vol-cow.xml +#usr/share/doc/libvirt/examples/xml/storage/vol-qcow.xml +#usr/share/doc/libvirt/examples/xml/storage/vol-qcow2.xml +#usr/share/doc/libvirt/examples/xml/storage/vol-raw.xml +#usr/share/doc/libvirt/examples/xml/storage/vol-sparse.xml +#usr/share/doc/libvirt/examples/xml/storage/vol-vmdk.xml +#usr/share/doc/libvirt/examples/xml/test +#usr/share/doc/libvirt/examples/xml/test/testdev.xml +#usr/share/doc/libvirt/examples/xml/test/testdomfc4.xml +#usr/share/doc/libvirt/examples/xml/test/testdomfv0.xml +#usr/share/doc/libvirt/examples/xml/test/testnetdef.xml +#usr/share/doc/libvirt/examples/xml/test/testnetpriv.xml +#usr/share/doc/libvirt/examples/xml/test/testnode.xml +#usr/share/doc/libvirt/examples/xml/test/testnodeinline.xml +#usr/share/doc/libvirt/examples/xml/test/testpool.xml +#usr/share/doc/libvirt/examples/xml/test/testvol.xml +#usr/share/doc/libvirt/html +#usr/share/doc/libvirt/html/32favicon.png +#usr/share/doc/libvirt/html/404.html +#usr/share/doc/libvirt/html/acl.html +#usr/share/doc/libvirt/html/aclpolkit.html +#usr/share/doc/libvirt/html/api.html +#usr/share/doc/libvirt/html/api_extension.html +#usr/share/doc/libvirt/html/apps.html +#usr/share/doc/libvirt/html/architecture.gif +#usr/share/doc/libvirt/html/architecture.html +#usr/share/doc/libvirt/html/auditlog.html +#usr/share/doc/libvirt/html/auth.html +#usr/share/doc/libvirt/html/bindings.html +#usr/share/doc/libvirt/html/bugs.html +#usr/share/doc/libvirt/html/cgroups.html +#usr/share/doc/libvirt/html/compiling.html +#usr/share/doc/libvirt/html/contact.html +#usr/share/doc/libvirt/html/contribute.html +#usr/share/doc/libvirt/html/csharp.html +#usr/share/doc/libvirt/html/dbus.html +#usr/share/doc/libvirt/html/devguide.html +#usr/share/doc/libvirt/html/docs.html +#usr/share/doc/libvirt/html/downloads.html +#usr/share/doc/libvirt/html/drivers.html +#usr/share/doc/libvirt/html/drvbhyve.html +#usr/share/doc/libvirt/html/drvesx.html +#usr/share/doc/libvirt/html/drvhyperv.html +#usr/share/doc/libvirt/html/drvlxc.html +#usr/share/doc/libvirt/html/drvnodedev.html +#usr/share/doc/libvirt/html/drvopenvz.html +#usr/share/doc/libvirt/html/drvphyp.html +#usr/share/doc/libvirt/html/drvqemu.html +#usr/share/doc/libvirt/html/drvremote.html +#usr/share/doc/libvirt/html/drvtest.html +#usr/share/doc/libvirt/html/drvvbox.html +#usr/share/doc/libvirt/html/drvvirtuozzo.html +#usr/share/doc/libvirt/html/drvvmware.html +#usr/share/doc/libvirt/html/drvxen.html +#usr/share/doc/libvirt/html/errors.html +#usr/share/doc/libvirt/html/firewall.html +#usr/share/doc/libvirt/html/fonts +#usr/share/doc/libvirt/html/fonts/LICENSE.md +#usr/share/doc/libvirt/html/fonts/overpass-bold-italic.woff +#usr/share/doc/libvirt/html/fonts/overpass-bold.woff +#usr/share/doc/libvirt/html/fonts/overpass-italic.woff +#usr/share/doc/libvirt/html/fonts/overpass-light-italic.woff +#usr/share/doc/libvirt/html/fonts/overpass-light.woff +#usr/share/doc/libvirt/html/fonts/overpass-mono-bold.woff +#usr/share/doc/libvirt/html/fonts/overpass-mono-light.woff +#usr/share/doc/libvirt/html/fonts/overpass-mono-regular.woff +#usr/share/doc/libvirt/html/fonts/overpass-mono-semibold.woff +#usr/share/doc/libvirt/html/fonts/overpass-regular.woff +#usr/share/doc/libvirt/html/fonts/stylesheet.css +#usr/share/doc/libvirt/html/format.html +#usr/share/doc/libvirt/html/formatcaps.html +#usr/share/doc/libvirt/html/formatcheckpoint.html +#usr/share/doc/libvirt/html/formatdomain.html +#usr/share/doc/libvirt/html/formatdomaincaps.html +#usr/share/doc/libvirt/html/formatnetwork.html +#usr/share/doc/libvirt/html/formatnetworkport.html +#usr/share/doc/libvirt/html/formatnode.html +#usr/share/doc/libvirt/html/formatnwfilter.html +#usr/share/doc/libvirt/html/formatsecret.html +#usr/share/doc/libvirt/html/formatsnapshot.html +#usr/share/doc/libvirt/html/formatstorage.html +#usr/share/doc/libvirt/html/formatstoragecaps.html +#usr/share/doc/libvirt/html/formatstorageencryption.html +#usr/share/doc/libvirt/html/generic.css +#usr/share/doc/libvirt/html/goals.html +#usr/share/doc/libvirt/html/governance.html +#usr/share/doc/libvirt/html/hacking.html +#usr/share/doc/libvirt/html/hooks.html +#usr/share/doc/libvirt/html/html +#usr/share/doc/libvirt/html/html/home.png +#usr/share/doc/libvirt/html/html/index.html +#usr/share/doc/libvirt/html/html/left.png +#usr/share/doc/libvirt/html/html/libvirt-libvirt-common.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-domain-checkpoint.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-domain-snapshot.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-domain.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-event.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-host.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-interface.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-network.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-nodedev.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-nwfilter.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-secret.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-storage.html +#usr/share/doc/libvirt/html/html/libvirt-libvirt-stream.html +#usr/share/doc/libvirt/html/html/libvirt-virterror.html +#usr/share/doc/libvirt/html/html/right.png +#usr/share/doc/libvirt/html/html/up.png +#usr/share/doc/libvirt/html/hvsupport.html +#usr/share/doc/libvirt/html/index.html +#usr/share/doc/libvirt/html/internals +#usr/share/doc/libvirt/html/internals.html +#usr/share/doc/libvirt/html/internals/command.html +#usr/share/doc/libvirt/html/internals/eventloop.html +#usr/share/doc/libvirt/html/internals/locking.html +#usr/share/doc/libvirt/html/internals/oomtesting.html +#usr/share/doc/libvirt/html/internals/rpc.html +#usr/share/doc/libvirt/html/java.html +#usr/share/doc/libvirt/html/js +#usr/share/doc/libvirt/html/js/main.js +#usr/share/doc/libvirt/html/kbase +#usr/share/doc/libvirt/html/kbase.html +#usr/share/doc/libvirt/html/kbase/domainstatecapture.html +#usr/share/doc/libvirt/html/kbase/launch_security_sev.html +#usr/share/doc/libvirt/html/kbase/locking-lockd.html +#usr/share/doc/libvirt/html/kbase/locking-sanlock.html +#usr/share/doc/libvirt/html/kbase/locking.html +#usr/share/doc/libvirt/html/kbase/secureusage.html +#usr/share/doc/libvirt/html/libvirt-daemon-arch.png +#usr/share/doc/libvirt/html/libvirt-driver-arch.png +#usr/share/doc/libvirt/html/libvirt-object-model.png +#usr/share/doc/libvirt/html/libvirt.css +#usr/share/doc/libvirt/html/logging.html +#usr/share/doc/libvirt/html/logos +#usr/share/doc/libvirt/html/logos/logo-banner-dark-256.png +#usr/share/doc/libvirt/html/logos/logo-banner-dark-800.png +#usr/share/doc/libvirt/html/logos/logo-banner-dark.svg +#usr/share/doc/libvirt/html/logos/logo-banner-light-256.png +#usr/share/doc/libvirt/html/logos/logo-banner-light-800.png +#usr/share/doc/libvirt/html/logos/logo-banner-light.svg +#usr/share/doc/libvirt/html/logos/logo-base.svg +#usr/share/doc/libvirt/html/logos/logo-square-128.png +#usr/share/doc/libvirt/html/logos/logo-square-192.png +#usr/share/doc/libvirt/html/logos/logo-square-256.png +#usr/share/doc/libvirt/html/logos/logo-square-96.png +#usr/share/doc/libvirt/html/logos/logo-square-powered-128.png +#usr/share/doc/libvirt/html/logos/logo-square-powered-192.png +#usr/share/doc/libvirt/html/logos/logo-square-powered-256.png +#usr/share/doc/libvirt/html/logos/logo-square-powered-96.png +#usr/share/doc/libvirt/html/logos/logo-square-powered.svg +#usr/share/doc/libvirt/html/logos/logo-square.svg +#usr/share/doc/libvirt/html/main.css +#usr/share/doc/libvirt/html/migration-managed-direct.png +#usr/share/doc/libvirt/html/migration-managed-p2p.png +#usr/share/doc/libvirt/html/migration-native.png +#usr/share/doc/libvirt/html/migration-tunnel.png +#usr/share/doc/libvirt/html/migration-unmanaged-direct.png +#usr/share/doc/libvirt/html/migration.html +#usr/share/doc/libvirt/html/mobile.css +#usr/share/doc/libvirt/html/news-2005.html +#usr/share/doc/libvirt/html/news-2006.html +#usr/share/doc/libvirt/html/news-2007.html +#usr/share/doc/libvirt/html/news-2008.html +#usr/share/doc/libvirt/html/news-2009.html +#usr/share/doc/libvirt/html/news-2010.html +#usr/share/doc/libvirt/html/news-2011.html +#usr/share/doc/libvirt/html/news-2012.html +#usr/share/doc/libvirt/html/news-2013.html +#usr/share/doc/libvirt/html/news-2014.html +#usr/share/doc/libvirt/html/news-2015.html +#usr/share/doc/libvirt/html/news-2016.html +#usr/share/doc/libvirt/html/news.html +#usr/share/doc/libvirt/html/node.gif +#usr/share/doc/libvirt/html/nss.html +#usr/share/doc/libvirt/html/pci-hotplug.html +#usr/share/doc/libvirt/html/php.html +#usr/share/doc/libvirt/html/platforms.html +#usr/share/doc/libvirt/html/python.html +#usr/share/doc/libvirt/html/remote.html +#usr/share/doc/libvirt/html/securityprocess.html +#usr/share/doc/libvirt/html/storage.html +#usr/share/doc/libvirt/html/support.html +#usr/share/doc/libvirt/html/testapi.html +#usr/share/doc/libvirt/html/testsuites.html +#usr/share/doc/libvirt/html/testtck.html +#usr/share/doc/libvirt/html/todo.html +#usr/share/doc/libvirt/html/uri.html +#usr/share/doc/libvirt/html/virshcmdref.html +#usr/share/doc/libvirt/html/windows.html #usr/share/gtk-doc/html/libvirt #usr/share/gtk-doc/html/libvirt/general.html #usr/share/gtk-doc/html/libvirt/home.png #usr/share/gtk-doc/html/libvirt/index.html #usr/share/gtk-doc/html/libvirt/left.png +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-common.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-domain-checkpoint.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-domain-snapshot.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-domain.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-event.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-host.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-interface.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-network.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-nodedev.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-nwfilter.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-secret.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-storage.html +#usr/share/gtk-doc/html/libvirt/libvirt-libvirt-stream.html #usr/share/gtk-doc/html/libvirt/libvirt-virterror.html #usr/share/gtk-doc/html/libvirt/libvirt.devhelp #usr/share/gtk-doc/html/libvirt/right.png @@ -315,8 +390,9 @@ usr/share/libvirt/cpu_map/x86_Broadwell-IBRS.xml usr/share/libvirt/cpu_map/x86_Broadwell-noTSX-IBRS.xml usr/share/libvirt/cpu_map/x86_Broadwell-noTSX.xml usr/share/libvirt/cpu_map/x86_Broadwell.xml +usr/share/libvirt/cpu_map/x86_Cascadelake-Server.xml usr/share/libvirt/cpu_map/x86_Conroe.xml -usr/share/libvirt/cpu_map/x86_EPYC-IBRS.xml +usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml usr/share/libvirt/cpu_map/x86_EPYC.xml usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml @@ -365,11 +441,13 @@ usr/share/libvirt/schemas/capability.rng usr/share/libvirt/schemas/cputypes.rng usr/share/libvirt/schemas/domain.rng usr/share/libvirt/schemas/domaincaps.rng +usr/share/libvirt/schemas/domaincheckpoint.rng usr/share/libvirt/schemas/domaincommon.rng usr/share/libvirt/schemas/domainsnapshot.rng usr/share/libvirt/schemas/interface.rng usr/share/libvirt/schemas/network.rng usr/share/libvirt/schemas/networkcommon.rng +usr/share/libvirt/schemas/networkport.rng usr/share/libvirt/schemas/nodedev.rng usr/share/libvirt/schemas/nwfilter.rng usr/share/libvirt/schemas/nwfilter_params.rng @@ -377,6 +455,7 @@ usr/share/libvirt/schemas/nwfilterbinding.rng usr/share/libvirt/schemas/secret.rng usr/share/libvirt/schemas/storagecommon.rng usr/share/libvirt/schemas/storagepool.rng +usr/share/libvirt/schemas/storagepoolcaps.rng usr/share/libvirt/schemas/storagevol.rng #usr/share/libvirt/test-screenshot.png #usr/share/man/man1/virsh.1 diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu index dbd900179..e5c0cd189 100644 --- a/config/rootfiles/packages/qemu +++ b/config/rootfiles/packages/qemu @@ -1,8 +1,10 @@ lib/udev/rules.d/65-kvm.rules +usr/bin/elf2dmp usr/bin/ivshmem-client usr/bin/ivshmem-server usr/bin/qemu usr/bin/qemu-arm +usr/bin/qemu-edid usr/bin/qemu-ga usr/bin/qemu-i386 usr/bin/qemu-img @@ -14,27 +16,53 @@ usr/bin/qemu-system-i386 usr/bin/qemu-system-x86_64 usr/bin/qemu-x86_64 usr/libexec/qemu-bridge-helper -#usr/share/doc/qemu -#usr/share/doc/qemu/qemu-doc.html -#usr/share/doc/qemu/qemu-doc.txt -#usr/share/doc/qemu/qemu-ga-ref.html -#usr/share/doc/qemu/qemu-ga-ref.txt -#usr/share/doc/qemu/qemu-qmp-ref.html -#usr/share/doc/qemu/qemu-qmp-ref.txt -#usr/share/man/man1/qemu-img.1 -#usr/share/man/man1/qemu.1 -#usr/share/man/man7/qemu-block-drivers.7 -#usr/share/man/man7/qemu-ga-ref.7 -#usr/share/man/man7/qemu-qmp-ref.7 -#usr/share/man/man8/qemu-ga.8 -#usr/share/man/man8/qemu-nbd.8 +#usr/share/applications/qemu.desktop +#usr/share/icons +#usr/share/icons/hicolor +#usr/share/icons/hicolor/128x128 +#usr/share/icons/hicolor/128x128/apps +#usr/share/icons/hicolor/128x128/apps/qemu.png +#usr/share/icons/hicolor/16x16 +#usr/share/icons/hicolor/16x16/apps +#usr/share/icons/hicolor/16x16/apps/qemu.png +#usr/share/icons/hicolor/24x24 +#usr/share/icons/hicolor/24x24/apps +#usr/share/icons/hicolor/24x24/apps/qemu.png +#usr/share/icons/hicolor/256x256 +#usr/share/icons/hicolor/256x256/apps +#usr/share/icons/hicolor/256x256/apps/qemu.png +#usr/share/icons/hicolor/32x32 +#usr/share/icons/hicolor/32x32/apps +#usr/share/icons/hicolor/32x32/apps/qemu.bmp +#usr/share/icons/hicolor/32x32/apps/qemu.png +#usr/share/icons/hicolor/48x48 +#usr/share/icons/hicolor/48x48/apps +#usr/share/icons/hicolor/48x48/apps/qemu.png +#usr/share/icons/hicolor/512x512 +#usr/share/icons/hicolor/512x512/apps +#usr/share/icons/hicolor/512x512/apps/qemu.png +#usr/share/icons/hicolor/64x64 +#usr/share/icons/hicolor/64x64/apps +#usr/share/icons/hicolor/64x64/apps/qemu.png +#usr/share/icons/hicolor/scalable +#usr/share/icons/hicolor/scalable/apps +#usr/share/icons/hicolor/scalable/apps/qemu.svg #usr/share/qemu usr/share/qemu/QEMU,cgthree.bin usr/share/qemu/QEMU,tcx.bin -usr/share/qemu/acpi-dsdt.aml usr/share/qemu/bamboo.dtb usr/share/qemu/bios-256k.bin usr/share/qemu/bios.bin +usr/share/qemu/canyonlands.dtb +usr/share/qemu/edk2-aarch64-code.fd +usr/share/qemu/edk2-arm-code.fd +usr/share/qemu/edk2-arm-vars.fd +usr/share/qemu/edk2-i386-code.fd +usr/share/qemu/edk2-i386-secure-code.fd +usr/share/qemu/edk2-i386-vars.fd +usr/share/qemu/edk2-licenses.txt +usr/share/qemu/edk2-x86_64-code.fd +usr/share/qemu/edk2-x86_64-secure-code.fd usr/share/qemu/efi-e1000.rom usr/share/qemu/efi-e1000e.rom usr/share/qemu/efi-eepro100.rom @@ -43,10 +71,17 @@ usr/share/qemu/efi-pcnet.rom usr/share/qemu/efi-rtl8139.rom usr/share/qemu/efi-virtio.rom usr/share/qemu/efi-vmxnet3.rom +usr/share/qemu/firmware +usr/share/qemu/firmware/50-edk2-i386-secure.json +usr/share/qemu/firmware/50-edk2-x86_64-secure.json +usr/share/qemu/firmware/60-edk2-aarch64.json +usr/share/qemu/firmware/60-edk2-arm.json +usr/share/qemu/firmware/60-edk2-i386.json +usr/share/qemu/firmware/60-edk2-x86_64.json +usr/share/qemu/hppa-firmware.img usr/share/qemu/keymaps usr/share/qemu/keymaps/ar usr/share/qemu/keymaps/bepo -usr/share/qemu/keymaps/common usr/share/qemu/keymaps/cz usr/share/qemu/keymaps/da usr/share/qemu/keymaps/de @@ -69,9 +104,7 @@ usr/share/qemu/keymaps/ja usr/share/qemu/keymaps/lt usr/share/qemu/keymaps/lv usr/share/qemu/keymaps/mk -usr/share/qemu/keymaps/modifiers usr/share/qemu/keymaps/nl -usr/share/qemu/keymaps/nl-be usr/share/qemu/keymaps/no usr/share/qemu/keymaps/pl usr/share/qemu/keymaps/pt @@ -88,18 +121,21 @@ usr/share/qemu/multiboot.bin usr/share/qemu/openbios-ppc usr/share/qemu/openbios-sparc32 usr/share/qemu/openbios-sparc64 +usr/share/qemu/opensbi-riscv32-virt-fw_jump.bin +usr/share/qemu/opensbi-riscv64-sifive_u-fw_jump.bin +usr/share/qemu/opensbi-riscv64-virt-fw_jump.bin usr/share/qemu/palcode-clipper usr/share/qemu/petalogix-ml605.dtb usr/share/qemu/petalogix-s3adsp1800.dtb usr/share/qemu/ppc_rom.bin +usr/share/qemu/pvh.bin usr/share/qemu/pxe-e1000.rom usr/share/qemu/pxe-eepro100.rom usr/share/qemu/pxe-ne2k_pci.rom usr/share/qemu/pxe-pcnet.rom usr/share/qemu/pxe-rtl8139.rom usr/share/qemu/pxe-virtio.rom -usr/share/qemu/qemu-icon.bmp -usr/share/qemu/qemu_logo_no_text.svg +usr/share/qemu/qemu-nsis.bmp usr/share/qemu/qemu_vga.ndrv usr/share/qemu/s390-ccw.img usr/share/qemu/s390-netboot.img @@ -108,9 +144,13 @@ usr/share/qemu/skiboot.lid usr/share/qemu/slof.bin usr/share/qemu/spapr-rtas.bin usr/share/qemu/trace-events-all +usr/share/qemu/u-boot-sam460-20100605.bin usr/share/qemu/u-boot.e500 +usr/share/qemu/vgabios-ati.bin +usr/share/qemu/vgabios-bochs-display.bin usr/share/qemu/vgabios-cirrus.bin usr/share/qemu/vgabios-qxl.bin +usr/share/qemu/vgabios-ramfb.bin usr/share/qemu/vgabios-stdvga.bin usr/share/qemu/vgabios-virtio.bin usr/share/qemu/vgabios-vmware.bin diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort index 5ed36954f..64b6e8b6a 100644 --- a/config/suricata/convert-snort +++ b/config/suricata/convert-snort @@ -253,7 +253,17 @@ if (-f $IDS::rulestarball) { &IDS::set_ownership("$IDS::homenet_file");
# -## Step 9: Setup automatic ruleset updates. +## Step 9: Generate file for the DNS servers. +# + +# Call subfunction to generate the file. +&IDS::generate_dns_servers_file(); + +# Set correct ownership for the dns_servers_file. +&IDS::set_ownership("$IDS::dns_servers_file"); + +# +## Step 10: Setup automatic ruleset updates. #
# Check if a ruleset is configured. @@ -263,7 +273,7 @@ if($rulessettings{"RULES"}) { }
# -## Step 10: Grab used ruleset files from snort config file and convert +## Step 11: Grab used ruleset files from snort config file and convert ## them into the new format. #
@@ -309,7 +319,7 @@ close(SNORTCONF); &IDS::write_used_rulefiles_file(@enabled_rule_files);
# -## Step 11: Start the IDS if enabled. +## Step 12: Start the IDS if enabled. #
# Check if the IDS should be started. diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index e921781cf..af9cb75a9 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -11,12 +11,14 @@ vars: # Include HOME_NET declaration from external file. include: /var/ipfire/suricata/suricata-homenet.yaml
+ # Include DNS_SERVERS declaration from external file. + include: /var/ipfire/suricata/suricata-dns-servers.yaml + EXTERNAL_NET: "any"
HTTP_SERVERS: "$HOME_NET" SMTP_SERVERS: "$HOME_NET" SQL_SERVERS: "$HOME_NET" - DNS_SERVERS: "$HOME_NET" TELNET_SERVERS: "$HOME_NET" AIM_SERVERS: "$EXTERNAL_NET" DC_SERVERS: "$HOME_NET" diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 74f5ca223..da009f891 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -601,6 +601,9 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Generate file to store the home net. &IDS::generate_home_net_file();
+ # Generate file to the store the DNS servers. + &IDS::generate_dns_servers_file(); + # Write the modify sid's file and pass the taken ruleaction. &IDS::write_modify_sids_file();
diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi index 9cf14cac8..25589046e 100755 --- a/html/cgi-bin/mail.cgi +++ b/html/cgi-bin/mail.cgi @@ -81,19 +81,10 @@ if ( -f $mailfile){
#ACTIONS if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite - #Check fields - if ($cgiparams{'USEMAIL'} eq 'on'){ - $errormessage=&checkmailsettings; - }else{ - $cgiparams{'txt_mailserver'}=''; - $cgiparams{'txt_mailport'}=''; - $cgiparams{'txt_mailuser'}=''; - $cgiparams{'txt_mailpass'}=''; - $cgiparams{'mail_tls'}=''; - $cgiparams{'txt_mailsender'}=''; - $cgiparams{'txt_recipient'}=''; - } - if(!$errormessage){ + # Check fields + $errormessage = &checkmailsettings(); + + if (!$errormessage) { #clear hashes %auth=(); %dma=(); @@ -269,21 +260,21 @@ sub checkmailsettings { #Check if mailserver is an ip address or a domain if ($cgiparams{'txt_mailserver'} =~ /^(\d+).(\d+).(\d+).(\d+)$/){ if (! &General::validip($cgiparams{'txt_mailserver'})){ - $errormessage.="$Lang::tr{'email invalid mailip'} $cgiparams{'txt_mailserver'}<br>"; + $errormessage .= $Lang::tr{'email invalid mailip'} . "<br>"; } }elsif(! &General::validfqdn($cgiparams{'txt_mailserver'})){ - $errormessage.="$Lang::tr{'email invalid mailfqdn'} $cgiparams{'txt_mailserver'}<br>"; + $errormessage .= $Lang::tr{'email invalid mailfqdn'} . "<br>"; } #Check valid mailserverport if($cgiparams{'txt_mailport'} < 1 || $cgiparams{'txt_mailport'} > 65535){ - $errormessage.="$Lang::tr{'email invalid mailport'} $cgiparams{'txt_mailport'}<br>"; + $errormessage .= $Lang::tr{'email invalid mailport'} . "<br>"; } #Check valid sender if(! $cgiparams{'txt_mailsender'}){ - $errormessage.="$Lang::tr{'email empty field'} $Lang::tr{'email mailsender'}<br>"; + $errormessage .= $Lang::tr{'email empty field'} . "<br>"; }else{ if (! &General::validemail($cgiparams{'txt_mailsender'})){ - $errormessage.="<br>$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}<br>"; + $errormessage .= "$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}<br>"; } } return $errormessage; diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 970444a55..09f0dc42f 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -355,10 +355,10 @@ sub writeserverconf { print CONF "push "dhcp-option WINS $sovpnsettings{DHCP_WINS}"\n"; }
- if ($sovpnsettings{DHCP_WINS} eq '') { + if ($sovpnsettings{MAX_CLIENTS} eq '') { print CONF "max-clients 100\n"; } - if ($sovpnsettings{DHCP_WINS} ne '') { + if ($sovpnsettings{MAX_CLIENTS} ne '') { print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n"; } print CONF "tls-verify /usr/lib/openvpn/verify\n"; diff --git a/lfs/bash b/lfs/bash index 09b4e71e6..79c21896b 100644 --- a/lfs/bash +++ b/lfs/bash @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 4.3 +VER = 5.0
THISAPP = bash-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -53,7 +53,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 81348932d5da294953e15d4814c74dd1 +$(DL_FILE)_MD5 = 2b44b47b905be16f45709648f671820b
install : $(TARGET)
@@ -87,8 +87,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) sed -e "s/filename, RTLD_LAZY/filename, RTLD_NOW/" \ -i $(DIR_APP)/builtins/enable.def
- for i in $$(seq 1 30); do \ - cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash/bash43-$$(printf "%03d" "$${i}") || exit 1; \ + for i in $$(seq 1 11); do \ + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash/bash50-$$(printf "%03d" "$${i}") || exit 1; \ done
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash-4.0-paths-1.patch diff --git a/lfs/ca-certificates b/lfs/ca-certificates index c190f6188..769f38217 100644 --- a/lfs/ca-certificates +++ b/lfs/ca-certificates @@ -24,7 +24,7 @@
include Config
-VER = 20190730 +VER = 20191029
THISAPP = ca-certificates DIR_APP = $(DIR_SRC)/$(THISAPP) diff --git a/lfs/ddns b/lfs/ddns index cd56ee72b..47817c058 100644 --- a/lfs/ddns +++ b/lfs/ddns @@ -24,7 +24,7 @@
include Config
-VER = 011 +VER = 012
THISAPP = ddns-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f0399ba5bad3272f32e539c45cd1abe9 +$(DL_FILE)_MD5 = 00e70e8bf619148e14b6f6836314bbb7
install : $(TARGET)
@@ -71,6 +71,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ # Add upstream patch for fixing noip.com + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns-012-noip-rename-provider.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns-012-noip-fix-handle-name.patch + cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure \ --prefix=/usr \ diff --git a/lfs/intel-microcode b/lfs/intel-microcode index e01ea9934..c50e73d11 100644 --- a/lfs/intel-microcode +++ b/lfs/intel-microcode @@ -24,10 +24,10 @@
include Config
-VER = 20190618 +VER = 20191112
THISAPP = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER) -DL_FILE = $(THISAPP).tar.xz +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 18af9bd8b6c7164f0cd917080a387244 +$(DL_FILE)_MD5 = b215c5a8fd438afd867d8a42d01e27f6
install : $(TARGET)
diff --git a/lfs/libarchive b/lfs/libarchive index 0f8b3956a..772398fc7 100644 --- a/lfs/libarchive +++ b/lfs/libarchive @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.3.1 +VER = 3.4.0
THISAPP = libarchive-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d2af45480aa5b0db5b5f3919cd0ea65e +$(DL_FILE)_MD5 = 6046396255bd7cf6d0f6603a9bda39ac
install : $(TARGET)
diff --git a/lfs/libvirt b/lfs/libvirt index d0742e810..fdf6fcdcf 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -24,7 +24,7 @@
include Config
-VER = 4.10.0 +VER = 5.6.0
THISAPP = libvirt-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = libvirt -PAK_VER = 19 +PAK_VER = 20
DEPS = "libpciaccess libyajl ncat qemu"
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f85067e830bd89db08b7b7ffa75db6ef +$(DL_FILE)_MD5 = e818bb25ead24119925781b7519a8401
install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) @@ -78,14 +78,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0002-Change-options-in-libvirtd.conf-for-IPFire.patch cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc \ --with-openssl --without-sasl \ --without-uml --without-vbox --without-lxc --without-esx --without-vmware --without-openvz \ - --without-firewalld --without-network --with-interface --with-virtualport --with-macvtap \ + --without-firewalld --without-network --with-interface --with-virtualport --with-macvtap --without-wireshark-dissector \ --disable-nls --without-avahi --without-test-suite --without-dbus \ --with-qemu-user=nobody --with-qemu-group=kvm \ - --with-storage-dir --with-storage-fs --without-storage-lvm --without-storage-iscsi \ + --with-storage-dir --with-storage-fs --with-storage-lvm --without-storage-iscsi \ --without-storage-scsi --without-storage-mpath --without-storage-disk --without-storage-rbd --without-storage-sheepdog --without-storage-gluster --without-storage-zfs cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install @@ -95,5 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) mv /usr/libexec/libvirt-guests.sh /etc/rc.d/init.d/libvirt-guests # Backup install -v -m 644 $(DIR_SRC)/config/backup/includes/libvirt /var/ipfire/backup/addons/includes/libvirt + # Install libvirtd.conf + cp -fv $(DIR_SRC)/config/libvirt/libvirtd.conf /etc/libvirt @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/logwatch b/lfs/logwatch index 917a13ad6..eb576717c 100644 --- a/lfs/logwatch +++ b/lfs/logwatch @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 7.4.3 +VER = 7.5.2
THISAPP = logwatch-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 22bd22841caa45f12c605abc3e0c2b09 +$(DL_FILE)_MD5 = 634b2ac423b77b809d400cc6085db49d
install : $(TARGET)
diff --git a/lfs/lz4 b/lfs/lz4 index aff8f25bb..17b10cfed 100644 --- a/lfs/lz4 +++ b/lfs/lz4 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.8.1.2 +VER = 1.9.2
THISAPP = lz4-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 343538e69ba752a386c669b1a28111e2 +$(DL_FILE)_MD5 = 3898c56c82fb3d9455aefd48db48eaad
install : $(TARGET)
@@ -74,7 +74,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lz4-1.8.1.2_mod_install_path.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lz4-1.9.2_mod_install_path.patch
cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/openssl b/lfs/openssl index f5aa7c3f9..8d978f171 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -117,7 +117,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1c-default-cipherlist.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1d-default-cipherlist.patch
# Apply our CFLAGS cd $(DIR_APP) && sed -i Configure \ diff --git a/lfs/openvpn b/lfs/openvpn index 61c805fdb..0ee437e78 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -24,7 +24,7 @@
include Config
-VER = 2.4.7 +VER = 2.4.8
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4ad8a008e1e7f261b3aa0024e79e7fb7 +$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9
install : $(TARGET)
diff --git a/lfs/qemu b/lfs/qemu index d18b49cb3..a6b203029 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,18 +24,18 @@
include Config
-VER = 2.11.0 +VER = 4.1.0
THISAPP = qemu-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = qemu -PAK_VER = 24 +PAK_VER = 25
-DEPS = "libusbredir sdl spice libseccomp" +DEPS = "libusbredir spice libseccomp"
############################################################################### # Top-level Rules @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 335994a755bc655e88a87aeb36bfc0b9 +$(DL_FILE)_MD5 = cdf2b5ca52b9abac9bacb5842fa420f8
install : $(TARGET)
@@ -78,11 +78,11 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/qemu-2.11.0-memfd-collision.patch cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ --localstatedir=/var --enable-kvm --disable-bluez --disable-attr \ --target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \ - --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir --enable-seccomp + --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir --enable-seccomp \ + --disable-docs --disable-sdl cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install
diff --git a/lfs/readline b/lfs/readline index 3e9e2a3d5..62097aea7 100644 --- a/lfs/readline +++ b/lfs/readline @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 6.3 +VER = 8.0
THISAPP = readline-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 33c8fb279e981274f485fd91da77e94a +$(DL_FILE)_MD5 = 7e6c1f16aee3244a69aba6e438295ca3
install : $(TARGET)
@@ -71,8 +71,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- for i in $$(seq 1 6); do \ - cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/readline/readline63-$$(printf "%03d" "$${i}") || exit 1; \ + for i in $$(seq 1 1); do \ + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/readline/readline80-$$(printf "%03d" "$${i}") || exit 1; \ done
cd $(DIR_APP) && ./configure --prefix=/usr --disable-static diff --git a/lfs/readline-compat b/lfs/readline-compat index e7a49c306..248f522c4 100644 --- a/lfs/readline-compat +++ b/lfs/readline-compat @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 5.2 +VER = 6.3
THISAPP = readline-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = e39331f32ad14009b9ff49cc10c5e751 +$(DL_FILE)_MD5 = 33c8fb279e981274f485fd91da77e94a
install : $(TARGET)
@@ -72,8 +72,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE)
- for i in $$(seq 1 14); do \ - cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/readline/readline52-$$(printf "%03d" "$${i}") || exit 1; \ + for i in $$(seq 1 6); do \ + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/readline/readline63-$$(printf "%03d" "$${i}") || exit 1; \ done
cd $(DIR_APP) && ./configure --prefix=/usr --libdir=/lib --disable-static @@ -81,7 +81,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP)/shlib && install -m 755 libreadline.so.$(VER) /lib cd $(DIR_APP)/shlib && install -m 755 libhistory.so.$(VER) /lib - ln -svf libreadline.so.$(VER) /lib/libreadline.so.5 - ln -svf libhistory.so.$(VER) /lib/libhistory.so.5 + ln -svf libreadline.so.$(VER) /lib/libreadline.so.6 + ln -svf libhistory.so.$(VER) /lib/libhistory.so.6 @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/squid b/lfs/squid index 7df658a20..9801c153b 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 4.8 +VER = 4.9
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 08e018f2d8db4911ee90591284fa1ca5 +$(DL_FILE)_MD5 = 5c2e335dd1e8ced9dda6e0e11894b344
install : $(TARGET)
diff --git a/lfs/wio b/lfs/wio index 58ab16620..5ed954676 100644 --- a/lfs/wio +++ b/lfs/wio @@ -1,6 +1,6 @@ ############################################################################### # IPFire.org - An Open Source Firewall Solution # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # ###############################################################################
############################################################################### @@ -15,7 +15,7 @@ THISAPP = wio-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = wio -PAK_VER = 6 +PAK_VER = 7
############################################################################### # Top-level Rules diff --git a/src/initscripts/networking/red.up/23-suricata b/src/initscripts/networking/red.up/23-suricata index 1514909ee..c0628e9f9 100644 --- a/src/initscripts/networking/red.up/23-suricata +++ b/src/initscripts/networking/red.up/23-suricata @@ -19,8 +19,12 @@ if($ids_settings{'ENABLE_IDS'} eq "on") { # Regenerate the file with HOME_NET details. &IDS::generate_home_net_file();
- # Set correct ownership. + # Regenerate the file with DNS_SERVERS details. + &IDS::generate_dns_servers_file(); + + # Set correct ownerships. &IDS::set_ownership("$IDS::homenet_file"); + &IDS::set_ownership("$IDS::dns_servers_file");
# Check if suricata is running. if(&IDS::ids_is_running()) { diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions index 2870729a5..2127a5899 100644 --- a/src/initscripts/system/functions +++ b/src/initscripts/system/functions @@ -153,7 +153,7 @@ print_error_msg() boot_mesg -n "If you're able to track this" boot_mesg -n " error down to a bug in one of the files provided by" boot_mesg -n " ipfire, please be so kind to inform us at" - boot_mesg " info@ipfire.org.\n" + boot_mesg " https://bugzilla.ipfire.org.%5Cn" boot_mesg_flush boot_mesg -n "Press Enter to continue or wait a minute..." ${INFO} boot_mesg "" ${NORMAL} diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index d195fd325..8eaf3734a 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -450,7 +450,7 @@ ns_supports_tcp() { shift
# If TCP is forced we know by now if the server responds to it - if [ "${FORCE_TCP}" = "on" ]; then + if [ "${FORCE_TCP}" = "on" ]; then return 0 fi
diff --git a/src/patches/bash/bash43-001 b/src/patches/bash/bash43-001 deleted file mode 100644 index ea1c6b265..000000000 --- a/src/patches/bash/bash43-001 +++ /dev/null @@ -1,58 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-001 - -Bug-Reported-by: NBaH nbah@sfr.fr -Bug-Reference-ID: ler0b5$iu9$1@speranza.aioe.org -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-02/msg00092.html - -Bug-Description: - -A missing check for a valid option prevented `test -R' from working. There -is another problem that causes bash to look up the wrong variable name when -processing the argument to `test -R'. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3/test.c 2014-02-04 16:52:58.000000000 -0500 ---- test.c 2014-02-28 21:22:44.000000000 -0500 -*************** -*** 647,652 **** - - case 'R': -! v = find_variable (arg); -! return (v && invisible_p (v) == 0 && var_isset (v) && nameref_p (v) ? TRUE : FALSE); - } - ---- 647,652 ---- - - case 'R': -! v = find_variable_noref (arg); -! return ((v && invisible_p (v) == 0 && var_isset (v) && nameref_p (v)) ? TRUE : FALSE); - } - -*************** -*** 724,727 **** ---- 724,728 ---- - case 'u': case 'v': case 'w': case 'x': case 'z': - case 'G': case 'L': case 'O': case 'S': case 'N': -+ case 'R': - return (1); - } -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 0 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 1 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-002 b/src/patches/bash/bash43-002 deleted file mode 100644 index 735b7b81a..000000000 --- a/src/patches/bash/bash43-002 +++ /dev/null @@ -1,62 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-002 - -Bug-Reported-by: Moe Tunes moetunes42@gmail.com -Bug-Reference-ID: 53103F49.3070100@gmail.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-02/msg00086.html - -Bug-Description: - -A change to save state while running the DEBUG trap caused pipelines to hang -on systems which need process group synchronization while building pipelines. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3/trap.c 2014-02-05 10:03:21.000000000 -0500 ---- trap.c 2014-02-28 09:51:43.000000000 -0500 -*************** -*** 921,925 **** - - #if defined (JOB_CONTROL) -! save_pipeline (1); /* XXX only provides one save level */ - #endif - ---- 921,926 ---- - - #if defined (JOB_CONTROL) -! if (sig != DEBUG_TRAP) /* run_debug_trap does this */ -! save_pipeline (1); /* XXX only provides one save level */ - #endif - -*************** -*** 941,945 **** - - #if defined (JOB_CONTROL) -! restore_pipeline (1); - #endif - ---- 942,947 ---- - - #if defined (JOB_CONTROL) -! if (sig != DEBUG_TRAP) /* run_debug_trap does this */ -! restore_pipeline (1); - #endif - -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 1 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 2 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-003 b/src/patches/bash/bash43-003 deleted file mode 100644 index 0f32f410d..000000000 --- a/src/patches/bash/bash43-003 +++ /dev/null @@ -1,48 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-003 - -Bug-Reported-by: Anatol Pomozov anatol.pomozov@gmail.com -Bug-Reference-ID: CAOMFOmXy3mT2So5GQ5F-smCVArQuAeBwZ2QKzgCtMeXJoDeYOQ@mail.gmail.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00010.html - -Bug-Description: - -When in callback mode, some readline commands can cause readline to seg -fault by passing invalid contexts to callback functions. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3/lib/readline/readline.c 2013-10-28 14:58:06.000000000 -0400 ---- lib/readline/readline.c 2014-03-10 14:15:02.000000000 -0400 -*************** -*** 745,749 **** - - RL_CHECK_SIGNALS (); -! if (r == 0) /* success! */ - { - _rl_keyseq_chain_dispose (); ---- 745,750 ---- - - RL_CHECK_SIGNALS (); -! /* We only treat values < 0 specially to simulate recursion. */ -! if (r >= 0 || (r == -1 && (cxt->flags & KSEQ_SUBSEQ) == 0)) /* success! or failure! */ - { - _rl_keyseq_chain_dispose (); -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 2 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 3 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-004 b/src/patches/bash/bash43-004 deleted file mode 100644 index 010f04a2a..000000000 --- a/src/patches/bash/bash43-004 +++ /dev/null @@ -1,47 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-004 - -Bug-Reported-by: Daan van Rossum daan@flash.uchicago.edu -Bug-Reference-ID: 20140307072523.GA14250@flash.uchicago.edu -Bug-Reference-URL: - -Bug-Description: - -The `.' command in vi mode cannot undo multi-key commands beginning with -`c', `d', and `y' (command plus motion specifier). - -Patch (apply with `patch -p0'): - -*** ../bash-4.3/lib/readline/readline.c 2013-10-28 14:58:06.000000000 -0400 ---- lib/readline/readline.c 2014-03-07 15:20:33.000000000 -0500 -*************** -*** 965,969 **** - if (rl_editing_mode == vi_mode && _rl_keymap == vi_movement_keymap && - key != ANYOTHERKEY && -! rl_key_sequence_length == 1 && /* XXX */ - _rl_vi_textmod_command (key)) - _rl_vi_set_last (key, rl_numeric_arg, rl_arg_sign); ---- 965,969 ---- - if (rl_editing_mode == vi_mode && _rl_keymap == vi_movement_keymap && - key != ANYOTHERKEY && -! _rl_dispatching_keymap == vi_movement_keymap && - _rl_vi_textmod_command (key)) - _rl_vi_set_last (key, rl_numeric_arg, rl_arg_sign); -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 3 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 4 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-005 b/src/patches/bash/bash43-005 deleted file mode 100644 index bcd40697c..000000000 --- a/src/patches/bash/bash43-005 +++ /dev/null @@ -1,63 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-005 - -Bug-Reported-by: David Sines dave.gma@googlemail.com -Bug-Reference-ID: CAO3BAa_CK_Rgkhdfzs+NJ4KFYdB9qW3pvXQK0xLCi6GMmDU8bw@mail.gmail.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00037.html - -Bug-Description: - -When in Posix mode, bash did not correctly interpret the ANSI-C-style -$'...' quoting mechanism when performing pattern substitution word -expansions within double quotes. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3/parse.y 2014-02-11 09:42:10.000000000 -0500 ---- parse.y 2014-03-07 20:57:15.000000000 -0500 -*************** -*** 3399,3403 **** - unescaped double-quotes or single-quotes, if any, shall occur." */ - /* This was changed in Austin Group Interp 221 */ -! if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == ''') - continue; - ---- 3399,3403 ---- - unescaped double-quotes or single-quotes, if any, shall occur." */ - /* This was changed in Austin Group Interp 221 */ -! if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && dolbrace_state != DOLBRACE_QUOTE2 && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == ''') - continue; - -*** ../bash-4.3/y.tab.c 2014-02-11 10:57:47.000000000 -0500 ---- y.tab.c 2014-03-28 10:41:15.000000000 -0400 -*************** -*** 5711,5715 **** - unescaped double-quotes or single-quotes, if any, shall occur." */ - /* This was changed in Austin Group Interp 221 */ -! if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == ''') - continue; - ---- 5711,5715 ---- - unescaped double-quotes or single-quotes, if any, shall occur." */ - /* This was changed in Austin Group Interp 221 */ -! if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && dolbrace_state != DOLBRACE_QUOTE2 && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == ''') - continue; - -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 4 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 5 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-006 b/src/patches/bash/bash43-006 deleted file mode 100644 index 24ff057a5..000000000 --- a/src/patches/bash/bash43-006 +++ /dev/null @@ -1,48 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-006 - -Bug-Reported-by: Eduardo A . Bustamante Lopez dualbus@gmail.com -Bug-Reference-ID: 20140228170013.GA16015@dualbus.me -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-02/msg00091.html - -Bug-Description: - -A shell that started with job control active but was not interactive left -the terminal in the wrong process group when exiting, causing its parent -shell to get a stop signal when it attempted to read from the terminal. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3/jobs.c 2014-01-10 09:05:34.000000000 -0500 ---- jobs.c 2014-03-02 18:05:09.000000000 -0500 -*************** -*** 4375,4379 **** - end_job_control () - { -! if (interactive_shell) /* XXX - should it be interactive? */ - { - terminate_stopped_jobs (); ---- 4375,4379 ---- - end_job_control () - { -! if (interactive_shell || job_control) /* XXX - should it be just job_control? */ - { - terminate_stopped_jobs (); -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 5 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 6 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-007 b/src/patches/bash/bash43-007 deleted file mode 100644 index 0d62c9ec6..000000000 --- a/src/patches/bash/bash43-007 +++ /dev/null @@ -1,50 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-007 - -Bug-Reported-by: geir.hauge@gmail.com -Bug-Reference-ID: 20140318093650.B181C1C5B0B@gina.itea.ntnu.no -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00095.html - -Bug-Description: - -Using compound assignments for associative arrays like - -assoc=( [x]= [y]=bar ) - -left the value corresponding to the key `x' NULL. This caused subsequent -lookups to interpret it as unset. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3/arrayfunc.c 2013-08-02 16:19:59.000000000 -0400 ---- arrayfunc.c 2014-03-18 11:08:15.000000000 -0400 -*************** -*** 598,601 **** ---- 598,606 ---- - { - val = expand_assignment_string_to_string (val, 0); -+ if (val == 0) -+ { -+ val = (char *)xmalloc (1); -+ val[0] = '\0'; /* like do_assignment_internal */ -+ } - free_val = 1; - } -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 6 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 7 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-008 b/src/patches/bash/bash43-008 deleted file mode 100644 index 0ae7c9522..000000000 --- a/src/patches/bash/bash43-008 +++ /dev/null @@ -1,188 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-008 - -Bug-Reported-by: Stephane Chazelas stephane.chazelas@gmail.com -Bug-Reference-ID: 20140318135901.GB22158@chaz.gmail.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00098.html - -Bug-Description: - -Some extended glob patterns incorrectly matched filenames with a leading -dot, regardless of the setting of the `dotglob' option. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3/lib/glob/gmisc.c 2013-10-28 14:45:25.000000000 -0400 ---- lib/glob/gmisc.c 2014-03-19 09:16:08.000000000 -0400 -*************** -*** 211,214 **** ---- 211,215 ---- - case '!': - case '@': -+ case '?': - return (pat[1] == LPAREN); - default: -*** ../bash-4.3/lib/glob/glob.c 2014-01-31 21:43:51.000000000 -0500 ---- lib/glob/glob.c 2014-03-20 09:01:26.000000000 -0400 -*************** -*** 180,202 **** - int flags; - { -! char *pp, *pe, *t; -! int n, r; - - pp = pat + 2; -! pe = pp + strlen (pp) - 1; /*(*/ -! if (*pe != ')') -! return 0; -! if ((t = strchr (pp, '|')) == 0) /* easy case first */ - { - *pe = '\0'; - r = skipname (pp, dname, flags); /*(*/ - *pe = ')'; - return r; - } - while (t = glob_patscan (pp, pe, '|')) - { - n = t[-1]; - t[-1] = '\0'; - r = skipname (pp, dname, flags); - t[-1] = n; - if (r == 0) /* if any pattern says not skip, we don't skip */ ---- 180,215 ---- - int flags; - { -! char *pp, *pe, *t, *se; -! int n, r, negate; - -+ negate = *pat == '!'; - pp = pat + 2; -! se = pp + strlen (pp) - 1; /* end of string */ -! pe = glob_patscan (pp, se, 0); /* end of extglob pattern (( */ -! /* we should check for invalid extglob pattern here */ -! /* if pe != se we have more of the pattern at the end of the extglob -! pattern. Check the easy case first ( */ -! if (pe == se && *pe == ')' && (t = strchr (pp, '|')) == 0) - { - *pe = '\0'; -+ #if defined (HANDLE_MULTIBYTE) -+ r = mbskipname (pp, dname, flags); -+ #else - r = skipname (pp, dname, flags); /*(*/ -+ #endif - *pe = ')'; - return r; - } -+ -+ /* check every subpattern */ - while (t = glob_patscan (pp, pe, '|')) - { - n = t[-1]; - t[-1] = '\0'; -+ #if defined (HANDLE_MULTIBYTE) -+ r = mbskipname (pp, dname, flags); -+ #else - r = skipname (pp, dname, flags); -+ #endif - t[-1] = n; - if (r == 0) /* if any pattern says not skip, we don't skip */ -*************** -*** 205,219 **** - } /*(*/ - -! if (pp == pe) /* glob_patscan might find end of pattern */ - return r; - -! *pe = '\0'; -! # if defined (HANDLE_MULTIBYTE) -! r = mbskipname (pp, dname, flags); /*(*/ -! # else -! r = skipname (pp, dname, flags); /*(*/ -! # endif -! *pe = ')'; -! return r; - } - #endif ---- 218,227 ---- - } /*(*/ - -! /* glob_patscan might find end of pattern */ -! if (pp == se) - return r; - -! /* but if it doesn't then we didn't match a leading dot */ -! return 0; - } - #endif -*************** -*** 278,289 **** - { - #if EXTENDED_GLOB -! wchar_t *pp, *pe, *t, n; -! int r; - - pp = pat + 2; -! pe = pp + wcslen (pp) - 1; /*(*/ -! if (*pe != L')') -! return 0; -! if ((t = wcschr (pp, L'|')) == 0) - { - *pe = L'\0'; ---- 286,298 ---- - { - #if EXTENDED_GLOB -! wchar_t *pp, *pe, *t, n, *se; -! int r, negate; - -+ negate = *pat == L'!'; - pp = pat + 2; -! se = pp + wcslen (pp) - 1; /*(*/ -! pe = glob_patscan_wc (pp, se, 0); -! -! if (pe == se && *pe == ')' && (t = wcschr (pp, L'|')) == 0) - { - *pe = L'\0'; -*************** -*** 292,295 **** ---- 301,306 ---- - return r; - } -+ -+ /* check every subpattern */ - while (t = glob_patscan_wc (pp, pe, '|')) - { -*************** -*** 306,313 **** - return r; - -! *pe = L'\0'; -! r = wchkname (pp, dname); /*(*/ -! *pe = L')'; -! return r; - #else - return (wchkname (pat, dname)); ---- 317,322 ---- - return r; - -! /* but if it doesn't then we didn't match a leading dot */ -! return 0; - #else - return (wchkname (pat, dname)); -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 7 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 8 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-009 b/src/patches/bash/bash43-009 deleted file mode 100644 index 015835cde..000000000 --- a/src/patches/bash/bash43-009 +++ /dev/null @@ -1,64 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-009 - -Bug-Reported-by: Matthias Klose doko@debian.org -Bug-Reference-ID: 53346FC8.6090005@debian.org -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00171.html - -Bug-Description: - -There is a problem with unsigned sign extension when attempting to reallocate -the input line when it is fewer than 3 characters long and there has been a -history expansion. The sign extension causes the shell to not reallocate the -line, which results in a segmentation fault when it writes past the end. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/parse.y 2014-02-11 09:42:10.000000000 -0500 ---- parse.y 2014-03-27 16:33:29.000000000 -0400 -*************** -*** 2425,2429 **** - if (shell_input_line_terminator != EOF) - { -! if (shell_input_line_size < SIZE_MAX && shell_input_line_len > shell_input_line_size - 3) - shell_input_line = (char *)xrealloc (shell_input_line, - 1 + (shell_input_line_size += 2)); ---- 2425,2429 ---- - if (shell_input_line_terminator != EOF) - { -! if (shell_input_line_size < SIZE_MAX-3 && (shell_input_line_len+3 > shell_input_line_size)) - shell_input_line = (char *)xrealloc (shell_input_line, - 1 + (shell_input_line_size += 2)); -*** ../bash-4.3-patched/y.tab.c 2014-03-28 11:17:06.000000000 -0400 ---- y.tab.c 2014-04-07 11:48:31.000000000 -0400 -*************** -*** 4737,4741 **** - if (shell_input_line_terminator != EOF) - { -! if (shell_input_line_size < SIZE_MAX && shell_input_line_len > shell_input_line_size - 3) - shell_input_line = (char *)xrealloc (shell_input_line, - 1 + (shell_input_line_size += 2)); ---- 4737,4741 ---- - if (shell_input_line_terminator != EOF) - { -! if (shell_input_line_size < SIZE_MAX-3 && (shell_input_line_len+3 > shell_input_line_size)) - shell_input_line = (char *)xrealloc (shell_input_line, - 1 + (shell_input_line_size += 2)); -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 8 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 9 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-010 b/src/patches/bash/bash43-010 deleted file mode 100644 index 835a96ead..000000000 --- a/src/patches/bash/bash43-010 +++ /dev/null @@ -1,157 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-010 - -Bug-Reported-by: Albert Shih Albert.Shih@obspm.fr -Bug-Reference-ID: Wed, 5 Mar 2014 23:01:40 +0100 -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00028.html - -Bug-Description: - -Patch (apply with `patch -p0'): - -This patch changes the behavior of programmable completion to compensate -for two assumptions made by the bash-completion package. Bash-4.3 changed -to dequote the argument to programmable completion only under certain -circumstances, to make the behavior of compgen more consistent when run -from the command line -- closer to the behavior when run by a shell function -run as part of programmable completion. Bash-completion can pass quoted -arguments to compgen when the original word to be completed was not quoted, -expecting programmable completion to dequote the word before attempting -completion. - -This patch fixes two cases: - -1. An empty string that bash-completion passes to compgen as a quoted null - string (''). - -2. An unquoted word that bash-completion quotes using single quotes or - backslashes before passing it to compgen. - -In these cases, since readline did not detect a quote character in the original -word to be completed, bash-4.3 - -*** ../bash-4.3/externs.h 2014-01-02 14:58:20.000000000 -0500 ---- externs.h 2014-03-13 14:42:57.000000000 -0400 -*************** -*** 325,328 **** ---- 325,329 ---- - extern char *sh_backslash_quote_for_double_quotes __P((char *)); - extern int sh_contains_shell_metas __P((char *)); -+ extern int sh_contains_quotes __P((char *)); - - /* declarations for functions defined in lib/sh/spell.c */ -*** ../bash-4.3/lib/sh/shquote.c 2013-03-31 21:53:32.000000000 -0400 ---- lib/sh/shquote.c 2014-03-13 14:42:57.000000000 -0400 -*************** -*** 312,313 **** ---- 312,327 ---- - return (0); - } -+ -+ int -+ sh_contains_quotes (string) -+ char *string; -+ { -+ char *s; -+ -+ for (s = string; s && *s; s++) -+ { -+ if (*s == ''' || *s == '"' || *s == '\') -+ return 1; -+ } -+ return 0; -+ } -*** ../bash-4.3/pcomplete.c 2013-08-26 15:23:45.000000000 -0400 ---- pcomplete.c 2014-03-25 17:23:23.000000000 -0400 -*************** -*** 184,187 **** ---- 184,188 ---- - COMPSPEC *pcomp_curcs; - const char *pcomp_curcmd; -+ const char *pcomp_curtxt; - - #ifdef DEBUG -*************** -*** 754,757 **** ---- 755,784 ---- - dfn = (*rl_filename_dequoting_function) ((char *)text, rl_completion_quote_character); - } -+ /* Intended to solve a mismatched assumption by bash-completion. If -+ the text to be completed is empty, but bash-completion turns it into -+ a quoted string ('') assuming that this code will dequote it before -+ calling readline, do the dequoting. */ -+ else if (iscompgen && iscompleting && -+ pcomp_curtxt && *pcomp_curtxt == 0 && -+ text && (*text == ''' || *text == '"') && text[1] == text[0] && text[2] == 0 && -+ rl_filename_dequoting_function) -+ dfn = (*rl_filename_dequoting_function) ((char *)text, rl_completion_quote_character); -+ /* Another mismatched assumption by bash-completion. If compgen is being -+ run as part of bash-completion, and the argument to compgen is not -+ the same as the word originally passed to the programmable completion -+ code, dequote the argument if it has quote characters. It's an -+ attempt to detect when bash-completion is quoting its filename -+ argument before calling compgen. */ -+ /* We could check whether gen_shell_function_matches is in the call -+ stack by checking whether the gen-shell-function-matches tag is in -+ the unwind-protect stack, but there's no function to do that yet. -+ We could simply check whether we're executing in a function by -+ checking variable_context, and may end up doing that. */ -+ else if (iscompgen && iscompleting && rl_filename_dequoting_function && -+ pcomp_curtxt && text && -+ STREQ (pcomp_curtxt, text) == 0 && -+ variable_context && -+ sh_contains_quotes (text)) /* guess */ -+ dfn = (*rl_filename_dequoting_function) ((char *)text, rl_completion_quote_character); - else - dfn = savestring (text); -*************** -*** 1523,1527 **** - { - COMPSPEC *cs, *oldcs; -! const char *oldcmd; - STRINGLIST *ret; - ---- 1550,1554 ---- - { - COMPSPEC *cs, *oldcs; -! const char *oldcmd, *oldtxt; - STRINGLIST *ret; - -*************** -*** 1546,1552 **** ---- 1573,1581 ---- - oldcs = pcomp_curcs; - oldcmd = pcomp_curcmd; -+ oldtxt = pcomp_curtxt; - - pcomp_curcs = cs; - pcomp_curcmd = cmd; -+ pcomp_curtxt = word; - - ret = gen_compspec_completions (cs, cmd, word, start, end, foundp); -*************** -*** 1554,1557 **** ---- 1583,1587 ---- - pcomp_curcs = oldcs; - pcomp_curcmd = oldcmd; -+ pcomp_curtxt = oldtxt; - - /* We need to conditionally handle setting *retryp here */ -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 9 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 10 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-011 b/src/patches/bash/bash43-011 deleted file mode 100644 index cdc1572ee..000000000 --- a/src/patches/bash/bash43-011 +++ /dev/null @@ -1,49 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-011 - -Bug-Reported-by: Egmont Koblinger egmont@gmail.com -Bug-Reference-ID: CAGWcZk+bU5Jo1M+tutGvL-250UBE9DXjpeJVofYJSFcqFEVfMg@mail.gmail.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00153.html - -Bug-Description: - -The signal handling changes to bash and readline (to avoid running any code -in a signal handler context) cause the cursor to be placed on the wrong -line of a multi-line command after a ^C interrupts editing. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/lib/readline/display.c 2013-12-27 13:10:56.000000000 -0500 ---- lib/readline/display.c 2014-03-27 11:52:45.000000000 -0400 -*************** -*** 2678,2682 **** - if (_rl_echoing_p) - { -! _rl_move_vert (_rl_vis_botlin); - _rl_vis_botlin = 0; - fflush (rl_outstream); ---- 2678,2683 ---- - if (_rl_echoing_p) - { -! if (_rl_vis_botlin > 0) /* minor optimization plus bug fix */ -! _rl_move_vert (_rl_vis_botlin); - _rl_vis_botlin = 0; - fflush (rl_outstream); -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 10 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 11 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-012 b/src/patches/bash/bash43-012 deleted file mode 100644 index 176fa15bd..000000000 --- a/src/patches/bash/bash43-012 +++ /dev/null @@ -1,43 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-012 - -Bug-Reported-by: Eduardo A. Bustamante Lópezdualbus@gmail.com -Bug-Reference-ID: 5346B54C.4070205@case.edu -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00051.html - -Bug-Description: - -When a SIGCHLD trap runs a command containing a shell builtin while -a script is running `wait' to wait for all running children to complete, -the SIGCHLD trap will not be run once for each child that terminates. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/jobs.c 2014-03-28 10:54:19.000000000 -0400 ---- jobs.c 2014-04-15 08:47:03.000000000 -0400 -*************** -*** 3598,3601 **** ---- 3598,3602 ---- - unwind_protect_pointer (the_pipeline); - unwind_protect_pointer (subst_assign_varlist); -+ unwind_protect_pointer (this_shell_builtin); - - /* We have to add the commands this way because they will be run -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 11 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 12 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-013 b/src/patches/bash/bash43-013 deleted file mode 100644 index 8f4006b48..000000000 --- a/src/patches/bash/bash43-013 +++ /dev/null @@ -1,66 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-013 - -Bug-Reported-by: Trond.Endrestol@ximalas.info -Bug-Reference-ID: alpine.BSF.2.03.1404192114310.1973@enterprise.ximalas.info -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00069.html - -Bug-Description: - -Using reverse-i-search when horizontal scrolling is enabled does not redisplay -the entire line containing the successful search results. - -Patch (apply with `patch -p0'): -*** ../bash-4.3-patched/lib/readline/display.c 2014-04-08 18:19:36.000000000 -0400 ---- lib/readline/display.c 2014-04-20 18:32:52.000000000 -0400 -*************** -*** 1638,1642 **** - the spot of first difference is before the end of the invisible chars, - lendiff needs to be adjusted. */ -! if (current_line == 0 && !_rl_horizontal_scroll_mode && - current_invis_chars != visible_wrap_offset) - { ---- 1638,1642 ---- - the spot of first difference is before the end of the invisible chars, - lendiff needs to be adjusted. */ -! if (current_line == 0 && /* !_rl_horizontal_scroll_mode && */ - current_invis_chars != visible_wrap_offset) - { -*************** -*** 1826,1831 **** - _rl_last_c_pos += bytes_to_insert; - - if (_rl_horizontal_scroll_mode && ((oe-old) > (ne-new))) -! goto clear_rest_of_line; - } - } ---- 1826,1836 ---- - _rl_last_c_pos += bytes_to_insert; - -+ /* XXX - we only want to do this if we are at the end of the line -+ so we move there with _rl_move_cursor_relative */ - if (_rl_horizontal_scroll_mode && ((oe-old) > (ne-new))) -! { -! _rl_move_cursor_relative (ne-new, new); -! goto clear_rest_of_line; -! } - } - } -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 12 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 13 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-014 b/src/patches/bash/bash43-014 deleted file mode 100644 index f8371967f..000000000 --- a/src/patches/bash/bash43-014 +++ /dev/null @@ -1,102 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-014 - -Bug-Reported-by: Greg Wooledge wooledg@eeg.ccf.org -Bug-Reference-ID: 20140418202123.GB7660@eeg.ccf.org -Bug-Reference-URL: http://lists.gnu.org/archive/html/help-bash/2014-04/msg00004.html - -Bug-Description: - -Under certain circumstances, $@ is expanded incorrectly in contexts where -word splitting is not performed. - -Patch (apply with `patch -p0'): -*** ../bash-4.3-patched/subst.c 2014-01-23 16:26:37.000000000 -0500 ---- subst.c 2014-04-19 15:41:26.000000000 -0400 -*************** -*** 3249,3254 **** ---- 3249,3256 ---- - return ((char *)NULL); - -+ expand_no_split_dollar_star = 1; - w->flags |= W_NOSPLIT2; - l = call_expand_word_internal (w, 0, 0, (int *)0, (int *)0); -+ expand_no_split_dollar_star = 0; - if (l) - { -*************** -*** 7848,7851 **** ---- 7850,7857 ---- - according to POSIX.2, this expands to a list of the positional - parameters no matter what IFS is set to. */ -+ /* XXX - what to do when in a context where word splitting is not -+ performed? Even when IFS is not the default, posix seems to imply -+ that we behave like unquoted $* ? Maybe we should use PF_NOSPLIT2 -+ here. */ - temp = string_list_dollar_at (list, (pflags & PF_ASSIGNRHS) ? (quoted|Q_DOUBLE_QUOTES) : quoted); - -*************** -*** 8817,8820 **** ---- 8823,8827 ---- - { - char *ifs_chars; -+ char *tstring; - - ifs_chars = (quoted_dollar_at || has_dollar_at) ? ifs_value : (char *)NULL; -*************** -*** 8831,8834 **** ---- 8838,8865 ---- - if (split_on_spaces) - list = list_string (istring, " ", 1); /* XXX quoted == 1? */ -+ /* If we have $@ (has_dollar_at != 0) and we are in a context where we -+ don't want to split the result (W_NOSPLIT2), and we are not quoted, -+ we have already separated the arguments with the first character of -+ $IFS. In this case, we want to return a list with a single word -+ with the separator possibly replaced with a space (it's what other -+ shells seem to do). -+ quoted_dollar_at is internal to this function and is set if we are -+ passed an argument that is unquoted (quoted == 0) but we encounter a -+ double-quoted $@ while expanding it. */ -+ else if (has_dollar_at && quoted_dollar_at == 0 && ifs_chars && quoted == 0 && (word->flags & W_NOSPLIT2)) -+ { -+ /* Only split and rejoin if we have to */ -+ if (*ifs_chars && *ifs_chars != ' ') -+ { -+ list = list_string (istring, *ifs_chars ? ifs_chars : " ", 1); -+ tstring = string_list (list); -+ } -+ else -+ tstring = istring; -+ tword = make_bare_word (tstring); -+ if (tstring != istring) -+ free (tstring); -+ goto set_word_flags; -+ } - else if (has_dollar_at && ifs_chars) - list = list_string (istring, *ifs_chars ? ifs_chars : " ", 1); -*************** -*** 8836,8839 **** ---- 8867,8871 ---- - { - tword = make_bare_word (istring); -+ set_word_flags: - if ((quoted & (Q_DOUBLE_QUOTES|Q_HERE_DOCUMENT)) || (quoted_state == WHOLLY_QUOTED)) - tword->flags |= W_QUOTED; -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 13 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 14 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-015 b/src/patches/bash/bash43-015 deleted file mode 100644 index 9c4e5ea48..000000000 --- a/src/patches/bash/bash43-015 +++ /dev/null @@ -1,58 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-015 - -Bug-Reported-by: Clark Wang dearvoid@gmail.com -Bug-Reference-ID: CADv8-og2TOSoabXeNVXVGaXN3tEMHnYVq1rwOLe5meaRPSGRig@mail.gmail.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00095.html - -Bug-Description: - -When completing directory names, the directory name is dequoted twice. -This causes problems for directories with single and double quotes in -their names. - -Patch (apply with `patch -p0'): -*** ../bash-4.3-patched/bashline.c 2014-02-09 19:56:58.000000000 -0500 ---- bashline.c 2014-04-25 14:57:52.000000000 -0400 -*************** -*** 4168,4174 **** - - qc = rl_dispatching ? rl_completion_quote_character : 0; -! dfn = bash_dequote_filename ((char *)text, qc); - m1 = rl_completion_matches (dfn, rl_filename_completion_function); -! free (dfn); - - if (m1 == 0 || m1[0] == 0) ---- 4209,4222 ---- - - qc = rl_dispatching ? rl_completion_quote_character : 0; -! /* If rl_completion_found_quote != 0, rl_completion_matches will call the -! filename dequoting function, causing the directory name to be dequoted -! twice. */ -! if (rl_dispatching && rl_completion_found_quote == 0) -! dfn = bash_dequote_filename ((char *)text, qc); -! else -! dfn = (char *)text; - m1 = rl_completion_matches (dfn, rl_filename_completion_function); -! if (dfn != text) -! free (dfn); - - if (m1 == 0 || m1[0] == 0) -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 14 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 15 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-016 b/src/patches/bash/bash43-016 deleted file mode 100644 index 882d5939b..000000000 --- a/src/patches/bash/bash43-016 +++ /dev/null @@ -1,132 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-016 - -Bug-Reported-by: Pierre Gaston pierre.gaston@gmail.com -Bug-Reference-ID: CAPSX3sTCD61k1VQLJ5r-LWzEt+e7Xc-fxXmwn2u8EA5gJJej8Q@mail.gmail.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00100.html - -Bug-Description: - -An extended glob pattern containing a slash (`/') causes the globbing code -to misinterpret it as a directory separator. - -Patch (apply with `patch -p0'): -*** ../bash-4.3-patched/lib/glob/glob.c 2014-03-28 10:54:23.000000000 -0400 ---- lib/glob/glob.c 2014-05-02 10:24:28.000000000 -0400 -*************** -*** 124,127 **** ---- 124,129 ---- - extern wchar_t *glob_patscan_wc __P((wchar_t *, wchar_t *, int)); - -+ extern char *glob_dirscan __P((char *, int)); -+ - /* Compile `glob_loop.c' for single-byte characters. */ - #define CHAR unsigned char -*************** -*** 188,191 **** ---- 190,196 ---- - pe = glob_patscan (pp, se, 0); /* end of extglob pattern (( */ - /* we should check for invalid extglob pattern here */ -+ if (pe == 0) -+ return 0; -+ - /* if pe != se we have more of the pattern at the end of the extglob - pattern. Check the easy case first ( */ -*************** -*** 1016,1020 **** - char **result; - unsigned int result_size; -! char *directory_name, *filename, *dname; - unsigned int directory_len; - int free_dirname; /* flag */ ---- 1021,1025 ---- - char **result; - unsigned int result_size; -! char *directory_name, *filename, *dname, *fn; - unsigned int directory_len; - int free_dirname; /* flag */ -*************** -*** 1032,1035 **** ---- 1037,1052 ---- - /* Find the filename. */ - filename = strrchr (pathname, '/'); -+ #if defined (EXTENDED_GLOB) -+ if (filename && extended_glob) -+ { -+ fn = glob_dirscan (pathname, '/'); -+ #if DEBUG_MATCHING -+ if (fn != filename) -+ fprintf (stderr, "glob_filename: glob_dirscan: fn (%s) != filename (%s)\n", fn ? fn : "(null)", filename); -+ #endif -+ filename = fn; -+ } -+ #endif -+ - if (filename == NULL) - { -*** ../bash-4.3-patched/lib/glob/gmisc.c 2014-03-28 10:54:23.000000000 -0400 ---- lib/glob/gmisc.c 2014-05-02 09:35:57.000000000 -0400 -*************** -*** 43,46 **** ---- 43,48 ---- - #define WRPAREN L')' - -+ extern char *glob_patscan __P((char *, char *, int)); -+ - /* Return 1 of the first character of WSTRING could match the first - character of pattern WPAT. Wide character version. */ -*************** -*** 376,377 **** ---- 378,410 ---- - return matlen; - } -+ -+ /* Skip characters in PAT and return the final occurrence of DIRSEP. This -+ is only called when extended_glob is set, so we have to skip over extglob -+ patterns x(...) */ -+ char * -+ glob_dirscan (pat, dirsep) -+ char *pat; -+ int dirsep; -+ { -+ char *p, *d, *pe, *se; -+ -+ d = pe = se = 0; -+ for (p = pat; p && *p; p++) -+ { -+ if (extglob_pattern_p (p)) -+ { -+ if (se == 0) -+ se = p + strlen (p) - 1; -+ pe = glob_patscan (p + 2, se, 0); -+ if (pe == 0) -+ continue; -+ else if (*pe == 0) -+ break; -+ p = pe - 1; /* will do increment above */ -+ continue; -+ } -+ if (*p == dirsep) -+ d = p; -+ } -+ return d; -+ } - -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 15 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 16 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-017 b/src/patches/bash/bash43-017 deleted file mode 100644 index 4016fb934..000000000 --- a/src/patches/bash/bash43-017 +++ /dev/null @@ -1,51 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-017 - -Bug-Reported-by: Dan Douglas ormaaj@gmail.com -Bug-Reference-ID: 7781746.RhfoTROLxF@smorgbox -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-05/msg00026.html - -Bug-Description: - -The code that creates local variables should not clear the `invisible' -attribute when returning an existing local variable. Let the code that -actually assigns a value clear it. - -Patch (apply with `patch -p0'): -*** ../bash-4.3-patched/variables.c 2014-02-14 11:55:12.000000000 -0500 ---- variables.c 2014-05-07 10:53:57.000000000 -0400 -*************** -*** 2198,2205 **** - old_var = find_variable (name); - if (old_var && local_p (old_var) && old_var->context == variable_context) -! { -! VUNSETATTR (old_var, att_invisible); /* XXX */ -! return (old_var); -! } - - was_tmpvar = old_var && tempvar_p (old_var); ---- 2260,2264 ---- - old_var = find_variable (name); - if (old_var && local_p (old_var) && old_var->context == variable_context) -! return (old_var); - - was_tmpvar = old_var && tempvar_p (old_var); - -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 16 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 17 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-018 b/src/patches/bash/bash43-018 deleted file mode 100644 index 39499f663..000000000 --- a/src/patches/bash/bash43-018 +++ /dev/null @@ -1,44 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-018 - -Bug-Reported-by: Geir Hauge geir.hauge@gmail.com -Bug-Reference-ID: CAO-BiTLOvfPXDypg61jcBausADrxUKJejakV2WTWP26cW0=rgA@mail.gmail.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-05/msg00040.html - -Bug-Description: - -When assigning an array variable using the compound assignment syntax, -but using `declare' with the rhs of the compound assignment quoted, the -shell did not mark the variable as visible after successfully performing -the assignment. - -Patch (apply with `patch -p0'): -*** ../bash-4.3-patched/arrayfunc.c 2014-03-28 10:54:21.000000000 -0400 ---- arrayfunc.c 2014-05-12 11:19:00.000000000 -0400 -*************** -*** 180,183 **** ---- 180,184 ---- - FREE (newval); - -+ VUNSETATTR (entry, att_invisible); /* no longer invisible */ - return (entry); - } - -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 17 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 18 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-019 b/src/patches/bash/bash43-019 deleted file mode 100644 index a93714beb..000000000 --- a/src/patches/bash/bash43-019 +++ /dev/null @@ -1,84 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-019 - -Bug-Reported-by: John Lenton -Bug-Reference-ID: -Bug-Reference-URL: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1317476 - -Bug-Description: - -The -t timeout option to `read' does not work when the -e option is used. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/lib/readline/input.c 2014-01-10 15:07:08.000000000 -0500 ---- lib/readline/input.c 2014-05-22 18:40:59.000000000 -0400 -*************** -*** 535,540 **** ---- 538,551 ---- - else if (_rl_caught_signal == SIGHUP || _rl_caught_signal == SIGTERM) - return (RL_ISSTATE (RL_STATE_READCMD) ? READERR : EOF); -+ /* keyboard-generated signals of interest */ - else if (_rl_caught_signal == SIGINT || _rl_caught_signal == SIGQUIT) - RL_CHECK_SIGNALS (); -+ /* non-keyboard-generated signals of interest */ -+ else if (_rl_caught_signal == SIGALRM -+ #if defined (SIGVTALRM) -+ || _rl_caught_signal == SIGVTALRM -+ #endif -+ ) -+ RL_CHECK_SIGNALS (); - - if (rl_signal_event_hook) -*** ../bash-4.3-patched/builtins/read.def 2013-09-02 11:54:00.000000000 -0400 ---- builtins/read.def 2014-05-08 11:43:35.000000000 -0400 -*************** -*** 443,447 **** - #if defined (READLINE) - if (edit) -! add_unwind_protect (reset_attempted_completion_function, (char *)NULL); - #endif - falarm (tmsec, tmusec); ---- 443,450 ---- - #if defined (READLINE) - if (edit) -! { -! add_unwind_protect (reset_attempted_completion_function, (char *)NULL); -! add_unwind_protect (bashline_reset_event_hook, (char *)NULL); -! } - #endif - falarm (tmsec, tmusec); -*************** -*** 1022,1025 **** ---- 1025,1029 ---- - old_attempted_completion_function = rl_attempted_completion_function; - rl_attempted_completion_function = (rl_completion_func_t *)NULL; -+ bashline_set_event_hook (); - if (itext) - { -*************** -*** 1033,1036 **** ---- 1037,1041 ---- - rl_attempted_completion_function = old_attempted_completion_function; - old_attempted_completion_function = (rl_completion_func_t *)NULL; -+ bashline_reset_event_hook (); - - if (ret == 0) -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 18 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 19 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-020 b/src/patches/bash/bash43-020 deleted file mode 100644 index 5f533ef8d..000000000 --- a/src/patches/bash/bash43-020 +++ /dev/null @@ -1,110 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-020 - -Bug-Reported-by: Jared Yanovich slovichon@gmail.com -Bug-Reference-ID: 20140417073654.GB26875@nightderanger.psc.edu -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00065.html - -Bug-Description: - -When PS2 contains a command substitution, here-documents entered in an -interactive shell can sometimes cause a segmentation fault. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/shell.h 2012-12-25 21:11:01.000000000 -0500 ---- shell.h 2014-06-03 09:24:28.000000000 -0400 -*************** -*** 169,173 **** - int expand_aliases; - int echo_input_at_read; -! - } sh_parser_state_t; - ---- 169,174 ---- - int expand_aliases; - int echo_input_at_read; -! int need_here_doc; -! - } sh_parser_state_t; - -*** ../bash-4.3-patched/parse.y 2014-05-14 09:16:40.000000000 -0400 ---- parse.y 2014-04-30 09:27:59.000000000 -0400 -*************** -*** 2643,2647 **** - - r = 0; -! while (need_here_doc) - { - parser_state |= PST_HEREDOC; ---- 2643,2647 ---- - - r = 0; -! while (need_here_doc > 0) - { - parser_state |= PST_HEREDOC; -*************** -*** 6076,6079 **** ---- 6076,6080 ---- - ps->expand_aliases = expand_aliases; - ps->echo_input_at_read = echo_input_at_read; -+ ps->need_here_doc = need_here_doc; - - ps->token = token; -*************** -*** 6124,6127 **** ---- 6125,6129 ---- - expand_aliases = ps->expand_aliases; - echo_input_at_read = ps->echo_input_at_read; -+ need_here_doc = ps->need_here_doc; - - FREE (token); -*** ../bash-4.3-patched/y.tab.c 2014-04-07 11:56:12.000000000 -0400 ---- y.tab.c 2014-07-30 09:55:57.000000000 -0400 -*************** -*** 4955,4959 **** - - r = 0; -! while (need_here_doc) - { - parser_state |= PST_HEREDOC; ---- 5151,5155 ---- - - r = 0; -! while (need_here_doc > 0) - { - parser_state |= PST_HEREDOC; -*************** -*** 8388,8391 **** ---- 8584,8588 ---- - ps->expand_aliases = expand_aliases; - ps->echo_input_at_read = echo_input_at_read; -+ ps->need_here_doc = need_here_doc; - - ps->token = token; -*************** -*** 8436,8439 **** ---- 8633,8637 ---- - expand_aliases = ps->expand_aliases; - echo_input_at_read = ps->echo_input_at_read; -+ need_here_doc = ps->need_here_doc; - - FREE (token); -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 19 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 20 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-021 b/src/patches/bash/bash43-021 deleted file mode 100644 index fd1c945ec..000000000 --- a/src/patches/bash/bash43-021 +++ /dev/null @@ -1,52 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-021 - -Bug-Reported-by: Jared Yanovich slovichon@gmail.com -Bug-Reference-ID: 20140625225019.GJ17044@nightderanger.psc.edu -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-06/msg00070.html - -Bug-Description: - -When the readline `revert-all-at-newline' option is set, pressing newline -when the current line is one retrieved from history results in a double free -and a segmentation fault. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/lib/readline/misc.c 2012-09-01 18:03:11.000000000 -0400 ---- lib/readline/misc.c 2014-06-30 13:41:19.000000000 -0400 -*************** -*** 462,465 **** ---- 462,466 ---- - /* Set up rl_line_buffer and other variables from history entry */ - rl_replace_from_history (entry, 0); /* entry->line is now current */ -+ entry->data = 0; /* entry->data is now current undo list */ - /* Undo all changes to this history entry */ - while (rl_undo_list) -*************** -*** 469,473 **** - FREE (entry->line); - entry->line = savestring (rl_line_buffer); -- entry->data = 0; - } - entry = previous_history (); ---- 470,473 ---- - -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 20 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 21 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-022 b/src/patches/bash/bash43-022 deleted file mode 100644 index 7ce39ec0a..000000000 --- a/src/patches/bash/bash43-022 +++ /dev/null @@ -1,56 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-022 - -Bug-Reported-by: scorp.dev.null@gmail.com -Bug-Reference-ID: E1WxXw8-0007iE-Bi@pcm14 -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-06/msg00061.html - -Bug-Description: - -Using nested pipelines within loops with the `lastpipe' option set can result -in a segmentation fault. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/execute_cmd.c 2014-01-31 10:54:52.000000000 -0500 ---- execute_cmd.c 2014-06-19 08:05:49.000000000 -0400 -*************** -*** 2410,2414 **** - lstdin = wait_for (lastpid); - #if defined (JOB_CONTROL) -! exec_result = job_exit_status (lastpipe_jid); - #endif - unfreeze_jobs_list (); ---- 2425,2438 ---- - lstdin = wait_for (lastpid); - #if defined (JOB_CONTROL) -! /* If wait_for removes the job from the jobs table, use result of last -! command as pipeline's exit status as usual. The jobs list can get -! frozen and unfrozen at inconvenient times if there are multiple pipelines -! running simultaneously. */ -! if (INVALID_JOB (lastpipe_jid) == 0) -! exec_result = job_exit_status (lastpipe_jid); -! else if (pipefail_opt) -! exec_result = exec_result | lstdin; /* XXX */ -! /* otherwise we use exec_result */ -! - #endif - unfreeze_jobs_list (); -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 21 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 22 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-023 b/src/patches/bash/bash43-023 deleted file mode 100644 index d1e4e9d7c..000000000 --- a/src/patches/bash/bash43-023 +++ /dev/null @@ -1,104 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-023 - -Bug-Reported-by: Tim Friske me@timfriske.com -Bug-Reference-ID: CAM1RzOcOR9zzC2i+aeES6LtbHNHoOV+0pZEYPrqxv_QAii-RXA@mail.gmail.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-06/msg00056.html - -Bug-Description: - -Bash does not correctly parse process substitution constructs that contain -unbalanced parentheses as part of the contained command. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/subst.h 2014-01-11 21:02:27.000000000 -0500 ---- subst.h 2014-07-20 17:25:01.000000000 -0400 -*************** -*** 83,87 **** - Start extracting at (SINDEX) as if we had just seen "<(". - Make (SINDEX) get the position just after the matching ")". */ -! extern char *extract_process_subst __P((char *, char *, int *)); - #endif /* PROCESS_SUBSTITUTION */ - ---- 83,87 ---- - Start extracting at (SINDEX) as if we had just seen "<(". - Make (SINDEX) get the position just after the matching ")". */ -! extern char *extract_process_subst __P((char *, char *, int *, int)); - #endif /* PROCESS_SUBSTITUTION */ - -*** ../bash-4.3-patched/subst.c 2014-05-15 08:26:45.000000000 -0400 ---- subst.c 2014-07-20 17:26:44.000000000 -0400 -*************** -*** 1193,1202 **** - Make (SINDEX) get the position of the matching ")". */ /*))*/ - char * -! extract_process_subst (string, starter, sindex) - char *string; - char *starter; - int *sindex; - { - return (extract_delimited_string (string, sindex, starter, "(", ")", SX_COMMAND)); - } - #endif /* PROCESS_SUBSTITUTION */ ---- 1193,1208 ---- - Make (SINDEX) get the position of the matching ")". */ /*))*/ - char * -! extract_process_subst (string, starter, sindex, xflags) - char *string; - char *starter; - int *sindex; -+ int xflags; - { -+ #if 0 - return (extract_delimited_string (string, sindex, starter, "(", ")", SX_COMMAND)); -+ #else -+ xflags |= (no_longjmp_on_fatal_error ? SX_NOLONGJMP : 0); -+ return (xparse_dolparen (string, string+*sindex, sindex, xflags)); -+ #endif - } - #endif /* PROCESS_SUBSTITUTION */ -*************** -*** 1786,1790 **** - if (string[si] == '\0') - CQ_RETURN(si); -! temp = extract_process_subst (string, (c == '<') ? "<(" : ">(", &si); - free (temp); /* no SX_ALLOC here */ - i = si; ---- 1792,1796 ---- - if (string[si] == '\0') - CQ_RETURN(si); -! temp = extract_process_subst (string, (c == '<') ? "<(" : ">(", &si, 0); - free (temp); /* no SX_ALLOC here */ - i = si; -*************** -*** 8250,8254 **** - t_index = sindex + 1; /* skip past both '<' and LPAREN */ - -! temp1 = extract_process_subst (string, (c == '<') ? "<(" : ">(", &t_index); /*))*/ - sindex = t_index; - ---- 8256,8260 ---- - t_index = sindex + 1; /* skip past both '<' and LPAREN */ - -! temp1 = extract_process_subst (string, (c == '<') ? "<(" : ">(", &t_index, 0); /*))*/ - sindex = t_index; - -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 22 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 23 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-024 b/src/patches/bash/bash43-024 deleted file mode 100644 index a24b8fbbc..000000000 --- a/src/patches/bash/bash43-024 +++ /dev/null @@ -1,54 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-024 - -Bug-Reported-by: Corentin Peuvrel cpeuvrel@pom-monitoring.com -Bug-Reference-ID: 53CE9E5D.6050203@pom-monitoring.com -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-07/msg00021.html - -Bug-Description: - -Indirect variable references do not work correctly if the reference -variable expands to an array reference using a subscript other than 0 -(e.g., foo='bar[1]' ; echo ${!foo}). - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/subst.c 2014-06-03 09:32:44.000000000 -0400 ---- subst.c 2014-07-23 09:58:19.000000000 -0400 -*************** -*** 7375,7379 **** - - if (want_indir) -! tdesc = parameter_brace_expand_indir (name + 1, var_is_special, quoted, quoted_dollar_atp, contains_dollar_at); - else - tdesc = parameter_brace_expand_word (name, var_is_special, quoted, PF_IGNUNBOUND|(pflags&(PF_NOSPLIT2|PF_ASSIGNRHS)), &ind); ---- 7445,7455 ---- - - if (want_indir) -! { -! tdesc = parameter_brace_expand_indir (name + 1, var_is_special, quoted, quoted_dollar_atp, contains_dollar_at); -! /* Turn off the W_ARRAYIND flag because there is no way for this function -! to return the index we're supposed to be using. */ -! if (tdesc && tdesc->flags) -! tdesc->flags &= ~W_ARRAYIND; -! } - else - tdesc = parameter_brace_expand_word (name, var_is_special, quoted, PF_IGNUNBOUND|(pflags&(PF_NOSPLIT2|PF_ASSIGNRHS)), &ind); -*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 ---- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 23 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 24 - - #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash43-025 b/src/patches/bash/bash43-025 deleted file mode 100644 index 721aca030..000000000 --- a/src/patches/bash/bash43-025 +++ /dev/null @@ -1,123 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 4.3 -Patch-ID: bash43-025 - -Bug-Reported-by: Stephane Chazelas stephane.chazelas@gmail.com -Bug-Reference-ID: -Bug-Reference-URL: - -Bug-Description: - -Under certain circumstances, bash will execute user code while processing the -environment for exported function definitions. - -Patch (apply with `patch -p0'): - -*** ../bash-4.3-patched/builtins/common.h 2013-07-08 16:54:47.000000000 -0400 ---- builtins/common.h 2014-09-12 14:25:47.000000000 -0400 -*************** -*** 34,37 **** ---- 49,54 ---- - #define SEVAL_PARSEONLY 0x020 - #define SEVAL_NOLONGJMP 0x040 -+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ -+ #define SEVAL_ONECMD 0x100 /* only allow a single command */ - - /* Flags for describe_command, shared between type.def and command.def */ -*** ../bash-4.3-patched/builtins/evalstring.c 2014-02-11 09:42:10.000000000 -0500 ---- builtins/evalstring.c 2014-09-14 14:15:13.000000000 -0400 -*************** -*** 309,312 **** ---- 313,324 ---- - struct fd_bitmap *bitmap; - -+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) -+ { -+ internal_warning ("%s: ignoring function definition attempt", from_file); -+ should_jump_to_top_level = 0; -+ last_result = last_command_exit_value = EX_BADUSAGE; -+ break; -+ } -+ - bitmap = new_fd_bitmap (FD_BITMAP_SIZE); - begin_unwind_frame ("pe_dispose"); -*************** -*** 369,372 **** ---- 381,387 ---- - dispose_fd_bitmap (bitmap); - discard_unwind_frame ("pe_dispose"); -+ -+ if (flags & SEVAL_ONECMD) -+ break; - } - } -*** ../bash-4.3-patched/variables.c 2014-05-15 08:26:50.000000000 -0400 ---- variables.c 2014-09-14 14:23:35.000000000 -0400 -*************** -*** 359,369 **** - strcpy (temp_string + char_index + 1, string); - -! if (posixly_correct == 0 || legal_identifier (name)) -! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); -! -! /* Ancient backwards compatibility. Old versions of bash exported -! functions like name()=() {...} */ -! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') -! name[char_index - 2] = '\0'; - - if (temp_var = find_function (name)) ---- 364,372 ---- - strcpy (temp_string + char_index + 1, string); - -! /* Don't import function names that are invalid identifiers from the -! environment, though we still allow them to be defined as shell -! variables. */ -! if (legal_identifier (name)) -! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); - - if (temp_var = find_function (name)) -*************** -*** 382,389 **** - report_error (_("error importing function definition for `%s'"), name); - }