This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via a087f4f586d7b2d86641493f699af154e4a37024 (commit) via 1cbcd044afc8e4895bea1a68537f64fbe5dde03f (commit) via f238e251720bc0df01714facbf5c0979edb25871 (commit) via 6f626b9ba0dbc2ff8a73d3c3fe97876f03878b87 (commit) via 6a83dbb4518fae7fe7089266b78e0adceed17c35 (commit) via 65871d1a0c97823a3f47184b533154a6daebd625 (commit) from db3451fe72518d7875e52db51315e7d3a87d9eaa (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit a087f4f586d7b2d86641493f699af154e4a37024 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 20 21:55:55 2019 +0100
core132: Ship vulnerabilities.cgi
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1cbcd044afc8e4895bea1a68537f64fbe5dde03f Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 20 21:54:05 2019 +0100
SMT: Show status on vulnerabilities.cgi
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f238e251720bc0df01714facbf5c0979edb25871 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 20 21:39:03 2019 +0100
vulnerabilities.cgi: Disable debugging output
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6f626b9ba0dbc2ff8a73d3c3fe97876f03878b87 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 20 21:38:20 2019 +0100
Add the new vulnerabilities CGI file to the System menu
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6a83dbb4518fae7fe7089266b78e0adceed17c35 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 20 21:30:26 2019 +0100
SMT: Apply settings according to configuration
SMT can be forced on.
By default, all systems that are vulnerable to RIDL/Fallout will have SMT disabled by default.
Systems that are not vulnerable to that will keep SMT enabled.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 65871d1a0c97823a3f47184b533154a6daebd625 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 20 21:17:17 2019 +0100
Add new CGI file to show CPU vulnerability status
This is supposed to help users to have an idea about the status of the used hardware.
Additionally, it allows users to enable/disable SMT.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/menu/10-system.menu | 8 +- config/rootfiles/common/aarch64/initscripts | 2 + config/rootfiles/common/armv5tel/initscripts | 2 + config/rootfiles/common/i586/initscripts | 2 + config/rootfiles/common/x86_64/initscripts | 2 + config/rootfiles/core/132/filelists/files | 4 + doc/language_issues.de | 19 ++ doc/language_issues.en | 21 ++- doc/language_issues.es | 21 ++- doc/language_issues.fr | 19 ++ doc/language_issues.it | 21 ++- doc/language_issues.nl | 21 ++- doc/language_issues.pl | 21 ++- doc/language_issues.ru | 21 ++- doc/language_issues.tr | 19 ++ doc/language_missings | 133 +++++++++++++- html/cgi-bin/vulnerabilities.cgi | 250 +++++++++++++++++++++++++++ langs/en/cgi-bin/en.pl | 20 ++- lfs/initscripts | 1 + src/initscripts/system/smt | 40 +++++ 20 files changed, 634 insertions(+), 13 deletions(-) create mode 100644 html/cgi-bin/vulnerabilities.cgi create mode 100644 src/initscripts/system/smt
Difference in files: diff --git a/config/menu/10-system.menu b/config/menu/10-system.menu index 3b84e31c0..b142bfbac 100644 --- a/config/menu/10-system.menu +++ b/config/menu/10-system.menu @@ -45,7 +45,13 @@ 'title' => "$Lang::tr{'system information'}", 'enabled' => 1, }; - $subsystem->{'42.shutdown'} = { + $subsystem->{'42.hwvuln'} = { + 'caption' => $Lang::tr{'hardware vulnerabilities'}, + 'uri' => '/cgi-bin/vulnerabilities.cgi', + 'title' => "$Lang::tr{'hardware vulnerabilities'}", + 'enabled' => 1, + }; + $subsystem->{'43.shutdown'} = { 'caption' => $Lang::tr{'shutdown'}, 'uri' => '/cgi-bin/shutdown.cgi', 'title' => "$Lang::tr{'shutdown'}", diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index ed4f727d9..cc23cd7fe 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd etc/rc.d/init.d/sendsignals etc/rc.d/init.d/setclock etc/rc.d/init.d/smartenabler +etc/rc.d/init.d/smt etc/rc.d/init.d/squid etc/rc.d/init.d/sshd etc/rc.d/init.d/static-routes @@ -184,6 +185,7 @@ etc/rc.d/rcsysinit.d/S30checkfs etc/rc.d/rcsysinit.d/S40mountfs etc/rc.d/rcsysinit.d/S42fsresize etc/rc.d/rcsysinit.d/S43mounttmpfs +etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index ed4f727d9..cc23cd7fe 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd etc/rc.d/init.d/sendsignals etc/rc.d/init.d/setclock etc/rc.d/init.d/smartenabler +etc/rc.d/init.d/smt etc/rc.d/init.d/squid etc/rc.d/init.d/sshd etc/rc.d/init.d/static-routes @@ -184,6 +185,7 @@ etc/rc.d/rcsysinit.d/S30checkfs etc/rc.d/rcsysinit.d/S40mountfs etc/rc.d/rcsysinit.d/S42fsresize etc/rc.d/rcsysinit.d/S43mounttmpfs +etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 07a123a48..c0c6cf8a9 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd etc/rc.d/init.d/sendsignals etc/rc.d/init.d/setclock etc/rc.d/init.d/smartenabler +etc/rc.d/init.d/smt etc/rc.d/init.d/squid etc/rc.d/init.d/sshd etc/rc.d/init.d/static-routes @@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S30checkfs etc/rc.d/rcsysinit.d/S40mountfs etc/rc.d/rcsysinit.d/S42fsresize etc/rc.d/rcsysinit.d/S43mounttmpfs +etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 07a123a48..c0c6cf8a9 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -75,6 +75,7 @@ etc/rc.d/init.d/rngd etc/rc.d/init.d/sendsignals etc/rc.d/init.d/setclock etc/rc.d/init.d/smartenabler +etc/rc.d/init.d/smt etc/rc.d/init.d/squid etc/rc.d/init.d/sshd etc/rc.d/init.d/static-routes @@ -183,6 +184,7 @@ etc/rc.d/rcsysinit.d/S30checkfs etc/rc.d/rcsysinit.d/S40mountfs etc/rc.d/rcsysinit.d/S42fsresize etc/rc.d/rcsysinit.d/S43mounttmpfs +etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock diff --git a/config/rootfiles/core/132/filelists/files b/config/rootfiles/core/132/filelists/files index cd6938878..22065cfdf 100644 --- a/config/rootfiles/core/132/filelists/files +++ b/config/rootfiles/core/132/filelists/files @@ -2,8 +2,10 @@ etc/system-release etc/issue etc/mime.types etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf +etc/rc.d/init.d/smt etc/rc.d/init.d/suricata etc/rc.d/init.d/unbound +etc/rc.d/rcsysinit.d/S44smt etc/suricata/suricata.yaml etc/unbound/unbound.conf opt/pakfire/lib/functions.pl @@ -16,6 +18,7 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/routing.cgi srv/web/ipfire/cgi-bin/urlfilter.cgi +srv/web/ipfire/cgi-bin/vulnerabilities.cgi srv/web/ipfire/cgi-bin/zoneconf.cgi usr/lib/firewall/rules.pl usr/local/bin/backupiso @@ -23,5 +26,6 @@ usr/local/bin/update-ids-ruleset usr/sbin/convert-snort var/ipfire/ids-functions.pl var/ipfire/langs +var/ipfire/menu.d/10-system.menu var/ipfire/menu.d/30-network.menu var/ipfire/network-functions.pl diff --git a/doc/language_issues.de b/doc/language_issues.de index 6bc94f798..e72ad7e2b 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -752,10 +752,15 @@ WARNING: untranslated string: Scan for Songs = unknown string WARNING: untranslated string: addons = Addons WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dead peer detection = Dead Peer Detection WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: fwhost cust geoipgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: guardian = Guardian @@ -788,16 +793,30 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string +WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: ids hide = Hide WARNING: untranslated string: ids rules update = Ruleset WARNING: untranslated string: ids show = Show WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: interface mode = Interface +WARNING: untranslated string: meltdown = Meltdown +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: no data = unknown string +WARNING: untranslated string: not affected = Not Affected +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string WARNING: untranslated string: show tls-auth key = Show tls-auth key +WARNING: untranslated string: smt disabled = unknown string +WARNING: untranslated string: smt enabled = unknown string +WARNING: untranslated string: smt not supported = unknown string +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: vpn statistics n2n = unknown string +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable diff --git a/doc/language_issues.en b/doc/language_issues.en index 9d1c36b35..126803997 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -5,7 +5,7 @@ WARNING: untranslated string: Add Port Rule = Add port rule WARNING: untranslated string: Add Rule = Add rule WARNING: untranslated string: Add a route = Add a route WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -526,6 +526,7 @@ WARNING: untranslated string: current fixed leases = Current fixed leases WARNING: untranslated string: current hosts = Current hosts WARNING: untranslated string: current playlist = Current Playlist WARNING: untranslated string: current rules = Current rules: +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: date = Date WARNING: untranslated string: date not in logs = No (or only partial) logs exist for the day queried WARNING: untranslated string: day = Day @@ -719,6 +720,7 @@ WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rul WARNING: untranslated string: empty = This field may be left blank WARNING: untranslated string: empty profile = empty WARNING: untranslated string: enable ignore filter = Enable ignore filter +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: enabled = Enabled: WARNING: untranslated string: enabled on = Enabled on WARNING: untranslated string: encapsulation = Encapsulation @@ -745,6 +747,7 @@ WARNING: untranslated string: extrahd maybe the device is in use = . Maybe the d WARNING: untranslated string: extrahd to = to WARNING: untranslated string: extrahd to root = to root WARNING: untranslated string: extrahd you cant mount = You can't mount +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: false classnumber = The Class-Number does not match the interface. WARNING: untranslated string: false max bandwith = Maximum bandwith is false. WARNING: untranslated string: false min bandwith = Minimum bandwith is false. @@ -791,7 +794,9 @@ WARNING: untranslated string: fixed ip lease added = Fixed IP lease added WARNING: untranslated string: fixed ip lease modified = Fixed IP lease modified WARNING: untranslated string: fixed ip lease removed = Fixed IP lease removed WARNING: untranslated string: flag = Flag +WARNING: untranslated string: force enable = Forced WARNING: untranslated string: force user = force all new file to user +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: free = Free WARNING: untranslated string: free memory = Free Memory @@ -1018,6 +1023,7 @@ WARNING: untranslated string: hangup string = Hangup: WARNING: untranslated string: harddisk temperature = Harddisk Temperature WARNING: untranslated string: hardware graphs = Hardware Graphs WARNING: untranslated string: hardware support = Hardware Support +WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hdd temperature in = Harddisk temperature in WARNING: untranslated string: help = Help WARNING: untranslated string: high = High @@ -1257,6 +1263,7 @@ WARNING: untranslated string: meaning = meaning WARNING: untranslated string: media = Media WARNING: untranslated string: media information = Media information WARNING: untranslated string: medium = Medium +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: memory = Memory WARNING: untranslated string: memory information = Memory information WARNING: untranslated string: memory usage per = Memory Usage per @@ -1269,6 +1276,7 @@ WARNING: untranslated string: minimum = Minimum WARNING: untranslated string: minute = Minute WARNING: untranslated string: minutes = Minutes WARNING: untranslated string: misc-options = Miscellaneous options +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: mode = Mode WARNING: untranslated string: model = Model WARNING: untranslated string: modem = Modem @@ -1336,6 +1344,7 @@ WARNING: untranslated string: none = none WARNING: untranslated string: none found = none found WARNING: untranslated string: not a valid ca certificate = Not a valid CA certificate. WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: not enough disk space = Not enough disk space WARNING: untranslated string: not present = <b>Not</b> present WARNING: untranslated string: not running = not running @@ -1460,6 +1469,7 @@ WARNING: untranslated string: persistent = Persistent WARNING: untranslated string: pfs yes no = Perfect Forward Secrecy (PFS) WARNING: untranslated string: pkcs12 file password = PKCS12 File Password WARNING: untranslated string: play = Play +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: policy = Policy WARNING: untranslated string: port = Port WARNING: untranslated string: portscans = portscancs @@ -1482,6 +1492,7 @@ WARNING: untranslated string: printing = Printing WARNING: untranslated string: printing options = printing options WARNING: untranslated string: priority = Priority WARNING: untranslated string: processes = Processes +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: profile = Profile WARNING: untranslated string: profile deleted = Profile deleted: WARNING: untranslated string: profile has errors = Profile has errors @@ -1620,6 +1631,9 @@ WARNING: untranslated string: smartwarn2 = reports S.M.A.R.T. error WARNING: untranslated string: smbrestart = Restart samba WARNING: untranslated string: smbstart = Start samba WARNING: untranslated string: smbstop = Stop samba +WARNING: untranslated string: smt disabled = unknown string +WARNING: untranslated string: smt enabled = unknown string +WARNING: untranslated string: smt not supported = unknown string WARNING: untranslated string: snat new source ip address = New source IP address WARNING: untranslated string: socket options = Socket options WARNING: untranslated string: software version = Software Version @@ -1634,6 +1648,9 @@ WARNING: untranslated string: source port = Source port WARNING: untranslated string: source port numbers = Source port must be a valid port number or port range. WARNING: untranslated string: speaker off = Speaker off: WARNING: untranslated string: speaker on = Speaker on: +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: src port = Src Port WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh access = SSH Access @@ -2094,6 +2111,8 @@ WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn subjectaltname = Subject Alt Name WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: waiting to synchronize clock = Waiting to synchronize clock WARNING: untranslated string: warning messages = Warning messages WARNING: untranslated string: was deleted = was deleted diff --git a/doc/language_issues.es b/doc/language_issues.es index 2ffea2f43..f015ac7df 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -664,7 +664,7 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -782,6 +782,7 @@ WARNING: untranslated string: country codes and flags = Country Codes and Flags: WARNING: untranslated string: countrycode = Code WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dead peer detection = Dead Peer Detection WARNING: untranslated string: default = Default WARNING: untranslated string: default IP address = Default IP Address @@ -843,9 +844,11 @@ WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: encryption = Encryption: WARNING: untranslated string: entropy = Entropy WARNING: untranslated string: entropy graphs = Entropy Graphs +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: fireinfo ipfire version = IPFire version WARNING: untranslated string: fireinfo is disabled = Fireinfo is disabled @@ -875,6 +878,8 @@ WARNING: untranslated string: firewall rules = Firewall Rules WARNING: untranslated string: first = First WARNING: untranslated string: five minutes = 5 Minutes WARNING: untranslated string: flag = Flag +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fw default drop = Firewall policy WARNING: untranslated string: fw settings = Firewall settings @@ -1065,6 +1070,7 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware support = Hardware Support +WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: ids apply = Apply WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: ids automatic rules update = Automatic Rule Update @@ -1124,9 +1130,11 @@ WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled WARNING: untranslated string: maximum = Maximum +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages WARNING: untranslated string: minimum = Minimum WARNING: untranslated string: minute = Minute +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: model = Model WARNING: untranslated string: modem hardware details = Modem Hardware WARNING: untranslated string: modem information = Modem Information @@ -1147,6 +1155,7 @@ WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: notice = Notice WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month @@ -1189,9 +1198,11 @@ WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is no WARNING: untranslated string: p2p block = P2P networks WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes. WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: proxy reports = Proxy Reports WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports @@ -1213,9 +1224,15 @@ WARNING: untranslated string: search = Search WARNING: untranslated string: server restart = You are not able to save any changes while the OpenVPN server is running. WARNING: untranslated string: show dh = Show Diffie-Hellman parameters WARNING: untranslated string: show tls-auth key = Show tls-auth key +WARNING: untranslated string: smt disabled = unknown string +WARNING: untranslated string: smt enabled = unknown string +WARNING: untranslated string: smt not supported = unknown string WARNING: untranslated string: snat new source ip address = New source IP address WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding @@ -1311,6 +1328,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client = Wireless client WARNING: untranslated string: wlan client advanced settings = Advanced settings diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 950e4713d..0503c8241 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -794,8 +794,13 @@ WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to wor WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: bytes = unknown string +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: fwhost cust geoipgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: generate ptr = Generate PTR @@ -828,6 +833,7 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string +WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: ids apply = Apply WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: ids automatic rules update = Automatic Rule Update @@ -847,18 +853,31 @@ WARNING: untranslated string: ids show = Show WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string WARNING: untranslated string: info messages = unknown string +WARNING: untranslated string: meltdown = Meltdown +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: no data = unknown string +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: ptr = PTR WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string +WARNING: untranslated string: smt disabled = unknown string +WARNING: untranslated string: smt enabled = unknown string +WARNING: untranslated string: smt not supported = unknown string +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: system is offline = The system is offline. WARNING: untranslated string: update ruleset = Update ruleset WARNING: untranslated string: vpn statistics n2n = unknown string +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.it b/doc/language_issues.it index 3acfd5ba9..ac213f0b1 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -754,7 +754,7 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -813,6 +813,7 @@ WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: check all = Check all WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136): WARNING: untranslated string: dhcp dns key name = Key Name @@ -843,6 +844,8 @@ WARNING: untranslated string: email testmail = Send test mail WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country) WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP) @@ -851,6 +854,8 @@ WARNING: untranslated string: firewall log country = Firewall log (Country) WARNING: untranslated string: firewall log ip = Firewall log (IP) WARNING: untranslated string: firewall log port = Firewall log (Port) WARNING: untranslated string: five minutes = 5 Minutes +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fwdfw all subnets = All subnets WARNING: untranslated string: fwdfw err concon = Invalid number for concurrent connections @@ -904,6 +909,7 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string +WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: ids apply = Apply WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: ids automatic rules update = Automatic Rule Update @@ -950,10 +956,13 @@ WARNING: untranslated string: masquerade orange = Masquerade ORANGE WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: mtu = MTU WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week @@ -965,9 +974,11 @@ WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br> WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br> +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: ptr = PTR WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: required field = Required field @@ -978,6 +989,12 @@ WARNING: untranslated string: routing table = unknown string WARNING: untranslated string: samba join a domain = Join a domain WARNING: untranslated string: samba join domain = Join domain WARNING: untranslated string: search = Search +WARNING: untranslated string: smt disabled = unknown string +WARNING: untranslated string: smt enabled = unknown string +WARNING: untranslated string: smt not supported = unknown string +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since @@ -1012,6 +1029,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client anonymous identity = Anonymous Identity WARNING: untranslated string: wlan client auth auto = Auto diff --git a/doc/language_issues.nl b/doc/language_issues.nl index ac0093776..741c1c39f 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -748,7 +748,7 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -809,6 +809,7 @@ WARNING: untranslated string: capabilities = Capabilities WARNING: untranslated string: check all = Check all WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: default = Default WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: dh = Diffie-Hellman parameters @@ -852,6 +853,8 @@ WARNING: untranslated string: email testmail = Send test mail WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country) WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP) @@ -861,6 +864,8 @@ WARNING: untranslated string: firewall log ip = Firewall log (IP) WARNING: untranslated string: firewall log port = Firewall log (Port) WARNING: untranslated string: firewall logs country = Fw-Loggraphs (Country) WARNING: untranslated string: five minutes = 5 Minutes +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fwdfw all subnets = All subnets WARNING: untranslated string: fwdfw err concon = Invalid number for concurrent connections @@ -915,6 +920,7 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string +WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: ids apply = Apply WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: ids automatic rules update = Automatic Rule Update @@ -963,7 +969,9 @@ WARNING: untranslated string: masquerade orange = Masquerade ORANGE WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: model = Model WARNING: untranslated string: modem hardware details = Modem Hardware WARNING: untranslated string: modem information = Modem Information @@ -983,6 +991,7 @@ WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week @@ -1001,9 +1010,11 @@ WARNING: untranslated string: ovpn generating the root and host certificates = G WARNING: untranslated string: ovpn ha = Hash algorithm WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br> +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: ptr = PTR WARNING: untranslated string: random number generator daemon = Random Number Generator Daemon WARNING: untranslated string: rdns = rDNS @@ -1017,8 +1028,14 @@ WARNING: untranslated string: samba join domain = Join domain WARNING: untranslated string: search = Search WARNING: untranslated string: show dh = Show Diffie-Hellman parameters WARNING: untranslated string: show tls-auth key = Show tls-auth key +WARNING: untranslated string: smt disabled = unknown string +WARNING: untranslated string: smt enabled = unknown string +WARNING: untranslated string: smt not supported = unknown string WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since @@ -1056,6 +1073,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client anonymous identity = Anonymous Identity WARNING: untranslated string: wlan client auth auto = Auto diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 2ffea2f43..f015ac7df 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -664,7 +664,7 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -782,6 +782,7 @@ WARNING: untranslated string: country codes and flags = Country Codes and Flags: WARNING: untranslated string: countrycode = Code WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dead peer detection = Dead Peer Detection WARNING: untranslated string: default = Default WARNING: untranslated string: default IP address = Default IP Address @@ -843,9 +844,11 @@ WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: encryption = Encryption: WARNING: untranslated string: entropy = Entropy WARNING: untranslated string: entropy graphs = Entropy Graphs +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: fireinfo ipfire version = IPFire version WARNING: untranslated string: fireinfo is disabled = Fireinfo is disabled @@ -875,6 +878,8 @@ WARNING: untranslated string: firewall rules = Firewall Rules WARNING: untranslated string: first = First WARNING: untranslated string: five minutes = 5 Minutes WARNING: untranslated string: flag = Flag +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fw default drop = Firewall policy WARNING: untranslated string: fw settings = Firewall settings @@ -1065,6 +1070,7 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware support = Hardware Support +WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: ids apply = Apply WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: ids automatic rules update = Automatic Rule Update @@ -1124,9 +1130,11 @@ WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled WARNING: untranslated string: maximum = Maximum +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages WARNING: untranslated string: minimum = Minimum WARNING: untranslated string: minute = Minute +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: model = Model WARNING: untranslated string: modem hardware details = Modem Hardware WARNING: untranslated string: modem information = Modem Information @@ -1147,6 +1155,7 @@ WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: notice = Notice WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month @@ -1189,9 +1198,11 @@ WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is no WARNING: untranslated string: p2p block = P2P networks WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes. WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: proxy reports = Proxy Reports WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports @@ -1213,9 +1224,15 @@ WARNING: untranslated string: search = Search WARNING: untranslated string: server restart = You are not able to save any changes while the OpenVPN server is running. WARNING: untranslated string: show dh = Show Diffie-Hellman parameters WARNING: untranslated string: show tls-auth key = Show tls-auth key +WARNING: untranslated string: smt disabled = unknown string +WARNING: untranslated string: smt enabled = unknown string +WARNING: untranslated string: smt not supported = unknown string WARNING: untranslated string: snat new source ip address = New source IP address WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding @@ -1311,6 +1328,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client = Wireless client WARNING: untranslated string: wlan client advanced settings = Advanced settings diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 8923c2705..f8f4e1051 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -666,7 +666,7 @@ WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Add a route = Add a route WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -785,6 +785,7 @@ WARNING: untranslated string: country codes and flags = Country Codes and Flags: WARNING: untranslated string: countrycode = Code WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dead peer detection = Dead Peer Detection WARNING: untranslated string: default = Default WARNING: untranslated string: default IP address = Default IP Address @@ -847,6 +848,7 @@ WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: encryption = Encryption: WARNING: untranslated string: entropy = Entropy WARNING: untranslated string: entropy graphs = Entropy Graphs @@ -857,6 +859,7 @@ WARNING: untranslated string: extrahd maybe the device is in use = . Maybe the d WARNING: untranslated string: extrahd to = to WARNING: untranslated string: extrahd to root = to root WARNING: untranslated string: extrahd you cant mount = You can't mount +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country) WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP) @@ -869,6 +872,8 @@ WARNING: untranslated string: firewall rules = Firewall Rules WARNING: untranslated string: first = First WARNING: untranslated string: five minutes = 5 Minutes WARNING: untranslated string: flag = Flag +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fw default drop = Firewall policy WARNING: untranslated string: fw settings = Firewall settings @@ -1066,6 +1071,7 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware support = Hardware Support +WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: ids apply = Apply WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: ids automatic rules update = Automatic Rule Update @@ -1126,9 +1132,11 @@ WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled WARNING: untranslated string: maximum = Maximum +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages WARNING: untranslated string: minimum = Minimum WARNING: untranslated string: minute = Minute +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: model = Model WARNING: untranslated string: modem hardware details = Modem Hardware WARNING: untranslated string: modem information = Modem Information @@ -1149,6 +1157,7 @@ WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: notice = Notice WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month @@ -1185,9 +1194,11 @@ WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br> WARNING: untranslated string: p2p block = P2P networks WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes. +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: proxy reports = Proxy Reports WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports @@ -1209,9 +1220,15 @@ WARNING: untranslated string: search = Search WARNING: untranslated string: server restart = You are not able to save any changes while the OpenVPN server is running. WARNING: untranslated string: show dh = Show Diffie-Hellman parameters WARNING: untranslated string: show tls-auth key = Show tls-auth key +WARNING: untranslated string: smt disabled = unknown string +WARNING: untranslated string: smt enabled = unknown string +WARNING: untranslated string: smt not supported = unknown string WARNING: untranslated string: snat new source ip address = New source IP address WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding @@ -1306,6 +1323,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client = Wireless client WARNING: untranslated string: wlan client advanced settings = Advanced settings diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 42c7811bf..2f1699d59 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -796,12 +796,17 @@ WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled WARNING: untranslated string: dnsforward forward_servers = Nameservers WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: fwdfw all subnets = All subnets WARNING: untranslated string: fwhost cust geoipgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string @@ -835,6 +840,7 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string +WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: ids apply = Apply WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: ids automatic rules update = Automatic Rule Update @@ -869,17 +875,28 @@ WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: ipsec settings = IPsec Settings WARNING: untranslated string: local ip address = Local IP Address +WARNING: untranslated string: meltdown = Meltdown +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: mtu = MTU WARNING: untranslated string: no data = unknown string +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br> WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br> WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br> +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: ptr = PTR WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string +WARNING: untranslated string: smt disabled = unknown string +WARNING: untranslated string: smt enabled = unknown string +WARNING: untranslated string: smt not supported = unknown string +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since @@ -892,6 +909,8 @@ WARNING: untranslated string: update ruleset = Update ruleset WARNING: untranslated string: vpn start action add = Wait for connection initiation WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_missings b/doc/language_missings index 7b779054d..3f4d41394 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -29,6 +29,7 @@ < community rules < could not connect to www ipfire org < cryptographic settings +< dangerous < dead peer detection < default IP address < dhcp server disabled on blue interface @@ -37,26 +38,41 @@ < done < emerging pro rules < emerging rules +< enable smt +< fallout zombieload ridl +< force enable +< foreshadow < g.dtm < g.lite < guardian +< hardware vulnerabilities < ids hide < ids rules update < ids show < insert removable device < interface mode +< meltdown +< mitigated +< not affected < notes +< please reboot to apply your changes +< processor vulnerability mitigations < quick control < shaping add options < show areas < show lines < show tls-auth key +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < teovpn_fragment < tor bridge enabled < tor errmsg invalid node id < updxlrtr used by < upload fcdsl.o < vpn configuration main +< vulnerability +< vulnerable ############################################################################ # Checking cgi-bin translations for language: es # ############################################################################ @@ -100,7 +116,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -202,6 +217,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < dead peer detection < default < default ip @@ -271,10 +287,12 @@ < email usemail < emerging pro rules < emerging rules +< enable smt < encryption < entropy < entropy graphs < error +< fallout zombieload ridl < fifteen minutes < fireinfo ipfire version < fireinfo is disabled @@ -304,6 +322,8 @@ < first < five minutes < flag +< force enable +< foreshadow < forward firewall < four hours < fw default drop @@ -507,6 +527,7 @@ < grouptype < guardian < hardware support +< hardware vulnerabilities < ids apply < ids apply ruleset changes < ids automatic rules update @@ -568,9 +589,11 @@ < maximum < MB read < MB written +< meltdown < messages < minimum < minute +< mitigated < model < modem hardware details < modem information @@ -592,6 +615,7 @@ < never < no hardware random number generator < none +< not affected < not a valid dh key < notice < Number of Countries for the pie chart @@ -659,9 +683,11 @@ < ovpn warning rfc3280 < p2p block < p2p block save notice +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < proxy reports < proxy reports daily < proxy reports monthly @@ -684,6 +710,9 @@ < snat new source ip address < software version < source ip country +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh < ssh active sessions < ssh agent forwarding @@ -791,6 +820,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < Weekly < wireless network < wlanap @@ -875,11 +906,17 @@ < advproxy wpad view pac < Captive delete logo < Daily +< dangerous < Disabled < dnsforward dnssec disabled < emerging pro rules +< enable smt < error +< fallout zombieload ridl +< force enable +< foreshadow < generate ptr +< hardware vulnerabilities < ids apply < ids apply ruleset changes < ids automatic rules update @@ -898,12 +935,22 @@ < ids show < ids working < intrusion prevention system +< meltdown +< mitigated +< not affected < ovpn tls auth +< please reboot to apply your changes +< processor vulnerability mitigations < ptr < runmode +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh agent forwarding < system is offline < update ruleset +< vulnerability +< vulnerable < Weekly < wlanap auto < wlanap broadcast ssid @@ -950,7 +997,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -1005,6 +1051,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < default IP address < dhcp dns enable update < dhcp dns key name @@ -1040,7 +1087,9 @@ < email tls < email usemail < emerging pro rules +< enable smt < error +< fallout zombieload ridl < fifteen minutes < firewall graph country < firewall graph ip @@ -1049,6 +1098,8 @@ < firewall log ip < firewall log port < five minutes +< force enable +< foreshadow < four hours < fwdfw all subnets < fwdfw err concon @@ -1075,6 +1126,7 @@ < geoipblock flag < guaranteed bandwith < guardian +< hardware vulnerabilities < ids apply < ids apply ruleset changes < ids automatic rules update @@ -1120,10 +1172,13 @@ < masquerading < masquerading disabled < masquerading enabled +< meltdown < messages +< mitigated < mtu < MTU settings < none +< not affected < Number of Countries for the pie chart < one hour < one month @@ -1136,9 +1191,11 @@ < ovpn error md5 < ovpn tls auth < ovpn warning rfc3280 +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < ptr < rdns < required field @@ -1146,6 +1203,9 @@ < samba join a domain < samba join domain < search +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh active sessions < ssh agent forwarding < ssh login time @@ -1179,6 +1239,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < Weekly < wireless network < wlanap @@ -1247,7 +1309,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -1302,6 +1363,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < default < default IP address < dh @@ -1352,7 +1414,9 @@ < email tls < email usemail < emerging pro rules +< enable smt < error +< fallout zombieload ridl < fifteen minutes < firewall graph country < firewall graph ip @@ -1362,6 +1426,8 @@ < firewall log port < firewall logs country < five minutes +< force enable +< foreshadow < four hours < fwdfw all subnets < fwdfw err concon @@ -1389,6 +1455,7 @@ < geoipblock enable feature < geoipblock flag < guardian +< hardware vulnerabilities < ids apply < ids apply ruleset changes < ids automatic rules update @@ -1436,7 +1503,9 @@ < masquerading < masquerading disabled < masquerading enabled +< meltdown < messages +< mitigated < model < modem hardware details < modem information @@ -1456,6 +1525,7 @@ < nameserver < never < none +< not affected < not a valid dh key < Number of Countries for the pie chart < one hour @@ -1478,9 +1548,11 @@ < ovpn reneg sec < ovpn tls auth < ovpn warning rfc3280 +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < ptr < random number generator daemon < rdns @@ -1493,6 +1565,9 @@ < show tls-auth key < software version < source ip country +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh active sessions < ssh agent forwarding < ssh login time @@ -1530,6 +1605,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < Weekly < wireless network < wlanap @@ -1611,7 +1688,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -1714,6 +1790,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < dead peer detection < default < default ip @@ -1783,6 +1860,7 @@ < email usemail < emerging pro rules < emerging rules +< enable smt < encryption < entropy < entropy graphs @@ -1796,6 +1874,7 @@ < extrahd unable to read < extrahd unable to write < extrahd you cant mount +< fallout zombieload ridl < fifteen minutes < firewall graph country < firewall graph ip @@ -1808,6 +1887,8 @@ < first < five minutes < flag +< force enable +< foreshadow < forward firewall < four hours < fw default drop @@ -2021,6 +2102,7 @@ < grouptype < guardian < hardware support +< hardware vulnerabilities < ids apply < ids apply ruleset changes < ids automatic rules update @@ -2082,9 +2164,11 @@ < maximum < MB read < MB written +< meltdown < messages < minimum < minute +< mitigated < model < modem hardware details < modem information @@ -2106,6 +2190,7 @@ < never < no hardware random number generator < none +< not affected < not a valid dh key < notice < Number of Countries for the pie chart @@ -2159,9 +2244,11 @@ < ovpn warning rfc3280 < p2p block < p2p block save notice +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < proxy reports < proxy reports daily < proxy reports monthly @@ -2183,6 +2270,9 @@ < snat new source ip address < software version < source ip country +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh < ssh active sessions < ssh agent forwarding @@ -2289,6 +2379,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < Weekly < wireless network < wlanap @@ -2403,7 +2495,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -2506,6 +2597,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < day-graph < dead peer detection < default @@ -2578,6 +2670,7 @@ < email usemail < emerging pro rules < emerging rules +< enable smt < encryption < entropy < entropy graphs @@ -2591,6 +2684,7 @@ < extrahd unable to read < extrahd unable to write < extrahd you cant mount +< fallout zombieload ridl < fifteen minutes < firewall graph country < firewall graph ip @@ -2603,6 +2697,8 @@ < first < five minutes < flag +< force enable +< foreshadow < forward firewall < four hours < frequency @@ -2817,6 +2913,7 @@ < grouptype < guardian < hardware support +< hardware vulnerabilities < hour-graph < ids apply < ids apply ruleset changes @@ -2880,9 +2977,11 @@ < maximum < MB read < MB written +< meltdown < messages < minimum < minute +< mitigated < model < modem hardware details < modem information @@ -2905,6 +3004,7 @@ < never < no hardware random number generator < none +< not affected < not a valid dh key < notice < Number of Countries for the pie chart @@ -2955,9 +3055,11 @@ < ovpn warning rfc3280 < p2p block < p2p block save notice +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < proxy reports < proxy reports daily < proxy reports monthly @@ -2979,6 +3081,9 @@ < snat new source ip address < software version < source ip country +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh < ssh active sessions < ssh agent forwarding @@ -3085,6 +3190,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < week-graph < Weekly < wireless network @@ -3174,6 +3281,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < default IP address < Disabled < dns forward disable dnssec @@ -3181,9 +3289,14 @@ < dnsforward forward_servers < dns forwarding dnssec disabled notice < emerging pro rules +< enable smt < error +< fallout zombieload ridl +< force enable +< foreshadow < fwdfw all subnets < generate ptr +< hardware vulnerabilities < ids apply < ids apply ruleset changes < ids automatic rules update @@ -3217,13 +3330,21 @@ < ipsec mode tunnel < ipsec settings < local ip address +< meltdown +< mitigated < mtu +< not affected < ovpn error dh < ovpn error md5 < ovpn tls auth < ovpn warning rfc3280 +< please reboot to apply your changes +< processor vulnerability mitigations < ptr < runmode +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh active sessions < ssh agent forwarding < ssh login time @@ -3235,6 +3356,8 @@ < update ruleset < vpn start action add < vpn wait +< vulnerability +< vulnerable < Weekly < wlanap auto < wlanap broadcast ssid diff --git a/html/cgi-bin/vulnerabilities.cgi b/html/cgi-bin/vulnerabilities.cgi new file mode 100644 index 000000000..371ffa547 --- /dev/null +++ b/html/cgi-bin/vulnerabilities.cgi @@ -0,0 +1,250 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +my %VULNERABILITIES = ( + "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)", + "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)", + "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)", + "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)", + "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)", + "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)", +); + +my $errormessage = ""; +my $notice = ""; + +my %mainsettings = (); +my %color = (); +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); + +my %settings = ( + "ENABLE_SMT" => "auto", +); +&General::readhash("${General::swroot}/main/security", %settings); + +&Header::showhttpheaders(); + +&Header::getcgihash(%settings); + +if ($settings{'ACTION'} eq $Lang::tr{'save'}) { + if ($settings{'ENABLE_SMT'} !~ /^(auto|on)$/) { + $errormessage = $Lang::tr{'invalid input'}; + } + + unless ($errormessage) { + &General::writehash("${General::swroot}/main/security", %settings); + $notice = $Lang::tr{'please reboot to apply your changes'}; + } +} + +my %checked = (); +$checked{'ENABLE_SMT'}{'auto'} = ''; +$checked{'ENABLE_SMT'}{'on'} = ''; +$checked{'ENABLE_SMT'}{$settings{'ENABLE_SMT'}} = "checked"; + +&Header::openpage($Lang::tr{'processor vulnerability mitigations'}, 1, ''); + +&Header::openbigbox("100%", "left", "", $errormessage); + +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<font color='red'>$errormessage</font>"; + &Header::closebox(); +} + +if ($notice) { + &Header::openbox('100%', 'left', $Lang::tr{'notice'}); + print "<font color='red'>$notice</font>"; + &Header::closebox(); +} + +&Header::openbox('100%', 'center', $Lang::tr{'processor vulnerability mitigations'}); + +print <<END; + <table class="tbl" width='100%'> + <thead> + <tr> + <th align="center"> + <strong>$Lang::tr{'vulnerability'}</strong> + </th> + <th align="center"> + <strong>$Lang::tr{'status'}</strong> + </th> + </tr> + </thead> + <tbody> +END + +my $id = 0; +for my $vuln (sort keys %VULNERABILITIES) { + my ($status, $message) = &check_status($vuln); + next if (!$status); + + my $colour = ""; + my $bgcolour = ""; + my $status_message = ""; + + # Not affected + if ($status eq "Not affected") { + $status_message = $Lang::tr{'not affected'}; + $colour = "white"; + $bgcolour = ${Header::colourblack}; + + # Vulnerable + } elsif ($status eq "Vulnerable") { + $status_message = $Lang::tr{'vulnerable'}; + $colour = "white"; + $bgcolour = ${Header::colourred}; + + # Mitigated + } elsif ($status eq "Mitigation") { + $status_message = $Lang::tr{'mitigated'}; + $colour = "black"; + $bgcolour = ${Header::colourorange}; + + } else { + next; + } + + my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'}; + + print <<END; + <tr bgcolor="$table_colour"> + <td align="left"> + <strong>$VULNERABILITIES{$vuln}</strong> + </td> + + <td bgcolor="$bgcolour" align="center"> + <font color="$colour"> +END + if ($message) { + print "<strong>$status_message</strong>: $message"; + } else { + print "<strong>$status_message</strong>"; + } + + print <<END; + </font> + </td> + </tr> +END + } + +print <<END; + </tbody> + </table> +END + +&Header::closebox(); + +print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; + +&Header::openbox('100%', 'center', $Lang::tr{'settings'}); + +my $smt_status = &smt_status(); + +print <<END; + <table class="tbl" width="66%"> + <tbody> + <tr> + <th colspan="2" align="center"> + <strong>$smt_status</strong> + </th> + </tr> + + <tr> + <td width="50%" align="left"> + $Lang::tr{'enable smt'} + </td> + + <td width="50%" align="center"> + <label> + <input type="radio" name="ENABLE_SMT" + value="auto" $checked{'ENABLE_SMT'}{'auto'}> + $Lang::tr{'automatic'} + </label> / + <label> + <input type="radio" name="ENABLE_SMT" + value="on" $checked{'ENABLE_SMT'}{'on'}> + $Lang::tr{'force enable'} ($Lang::tr{'dangerous'}) + </label> + </td> + </tr> + + <tr> + <td colspan="2" align="right"> + <input type="submit" name="ACTION" value="$Lang::tr{'save'}"> + </td> + </tr> + </tbody> + </table> +END + +&Header::closebox(); + +print "</form>\n"; + +&Header::closebigbox(); + +&Header::closepage(); + +sub check_status($) { + my $vuln = shift; + + open(FILE, "/sys/devices/system/cpu/vulnerabilities/$vuln") or return undef; + my $status = <FILE>; + close(FILE); + + if ($status =~ /^(Mitigation): (.*)$/) { + return ($1, $2); + } + + return $status; +} + +sub smt_status() { + open(FILE, "/sys/devices/system/cpu/smt/control"); + my $status = <FILE>; + close(FILE); + + chomp($status); + + if ($status eq "on") { + return $Lang::tr{'smt enabled'}; + } elsif (($status eq "off") || ($status eq "forceoff")) { + return $Lang::tr{'smt disabled'}; + } elsif ($status eq "notsupported") { + return $Lang::tr{'smt not supported'}; + } + + return $status; +} diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 8b43872a3..5f32a7ab1 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -12,12 +12,14 @@ 'Captive 1day' => '1 day', 'Captive 1month' => '1 month', 'Captive 1week' => '1 week', -'Captive ACTIVATE' => 'ACTIVATE', 'Captive GAIN ACCESS' => 'GAIN ACCESS', 'Captive WiFi coupon' => 'WiFi Coupon', 'Captive activate' => 'Activate', 'Captive activated' => 'Activated', 'Captive active on' => 'Activated on', +'smt enabled' => 'Simultaneous Multi-Threading (SMT) is enabled', +'smt disabled' => 'Simultaneous Multi-Threading (SMT) is disabled', +'smt not supported' => 'Simultaneous Multi-Threading (SMT) is not supported', 'Captive agree tac' => 'I agree with the terms & conditions below.', 'Captive auth_lic' => 'License', 'Captive auth_vou' => 'Voucher', @@ -713,6 +715,7 @@ 'custom networks' => 'Custom networks', 'custom services' => 'Custom services', 'daily firewallhits' => 'daily firewallhits', +'dangerous' => 'Dangerous', 'dat without key' => 'An encrypted archive cannot be restored without the key.', 'date' => 'Date', 'date not in logs' => 'No (or only partial) logs exist for the day queried', @@ -970,6 +973,7 @@ 'empty profile' => 'empty', 'enable ignore filter' => 'Enable ignore filter', 'enable javascript' => 'Enable javascript', +'enable smt' => 'Enable Simultaneous Multi-Threading (SMT)', 'enable wildcards' => 'Enable wildcards:', 'enabled' => 'Enabled:', 'enabled on' => 'Enabled on', @@ -1027,6 +1031,7 @@ 'extrahd unable to read' => 'Unable to read', 'extrahd unable to write' => 'Unable to write', 'extrahd you cant mount' => 'You can't mount', +'fallout zombieload ridl' => 'Fallout/ZombieLoad/RIDL', 'false classnumber' => 'The Class-Number does not match the interface.', 'false max bandwith' => 'Maximum bandwith is false.', 'false min bandwith' => 'Minimum bandwith is false.', @@ -1076,8 +1081,10 @@ 'fixed ip lease modified' => 'Fixed IP lease modified', 'fixed ip lease removed' => 'Fixed IP lease removed', 'flag' => 'Flag', +'force enable' => 'Forced', 'force update' => 'Force update', 'force user' => 'force all new file to user', +'foreshadow' => 'Foreshadow', 'forward firewall' => 'Firewall', 'forwarding rule added' => 'Forwarding rule added; restarting forwarder', 'forwarding rule removed' => 'Forwarding rule removed; restarting forwarder', @@ -1343,6 +1350,7 @@ 'harddisk temperature graphs' => 'HDD Graphs', 'hardware graphs' => 'Hardware Graphs', 'hardware support' => 'Hardware Support', +'hardware vulnerabilities' => 'Hardware Vulnerabilities', 'hdd temperature in' => 'Harddisk temperature in', 'help' => 'Help', 'high' => 'High', @@ -1668,6 +1676,7 @@ 'media' => 'Media', 'media information' => 'Media information', 'medium' => 'Medium', +'meltdown' => 'Meltdown', 'memory' => 'Memory', 'memory information' => 'Memory information', 'memory usage per' => 'Memory Usage per', @@ -1684,6 +1693,7 @@ 'misc-options' => 'Miscellaneous options', 'missing dat' => 'Encrypted archive not found', 'missing gz' => 'Unencrypted archive not found', +'mitigated' => 'Mitigated', 'mode' => 'Mode', 'model' => 'Model', 'modem' => 'Modem', @@ -1792,6 +1802,7 @@ 'noservicename' => 'No Service Name entered', 'not a valid ca certificate' => 'Not a valid CA certificate.', 'not a valid dh key' => 'Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.', +'not affected' => 'Not Affected', 'not enough disk space' => 'Not enough disk space', 'not present' => '<b>Not</b> present', 'not running' => 'not running', @@ -1991,6 +2002,7 @@ 'ping disabled' => 'Disable ping response', 'pkcs12 file password' => 'PKCS12 File Password', 'play' => 'Play', +'please reboot to apply your changes' => 'Please reboot to apply your changes', 'polfile' => 'Polfile', 'policy' => 'Policy', 'port' => 'Port', @@ -2019,6 +2031,7 @@ 'printing options' => 'printing options', 'priority' => 'Priority', 'processes' => 'Processes', +'processor vulnerability mitigations' => 'Processor Vulnerability Mitigations', 'profile' => 'Profile', 'profile deleted' => 'Profile deleted: ', 'profile has errors' => 'Profile has errors', @@ -2231,6 +2244,9 @@ 'source port overlaps' => 'Source port range overlaps an existing port range.', 'speaker off' => 'Speaker off:', 'speaker on' => 'Speaker on:', +'spectre variant 1' => 'Spectre Variant 1', +'spectre variant 2' => 'Spectre Variant 2', +'spectre variant 4' => 'Spectre Variant 4', 'squid extension methods' => 'Your <tt>extension_methods</tt> list', 'squid extension methods invalid' => 'Your 'extension_methods' list can only contain uppercase words of letters and digits, separated with a space. ', 'squid fix cache' => 'Repair cache', @@ -2821,6 +2837,8 @@ 'vpn wait' => 'WAITING', 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).', 'vpn weak' => 'Weak', +'vulnerability' => 'Vulnerability', +'vulnerable' => 'Vulnerable', 'waiting to synchronize clock' => 'Waiting to synchronize clock', 'warn when traffic reaches' => 'Warn when traffic reaches x %', 'warning messages' => 'Warning messages', diff --git a/lfs/initscripts b/lfs/initscripts index 055e106d0..5ed5f9524 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -169,6 +169,7 @@ $(TARGET) : ln -sf ../init.d/mountfs /etc/rc.d/rcsysinit.d/S40mountfs ln -sf ../init.d/fsresize /etc/rc.d/rcsysinit.d/S42fsresize ln -sf ../init.d/mounttmpfs /etc/rc.d/rcsysinit.d/S43mounttmpfs + ln -sf ../init.d/smt /etc/rc.d/rcsysinit.d/S44smt ln -sf ../init.d/udev_retry /etc/rc.d/rcsysinit.d/S45udev_retry ln -sf ../init.d/cleanfs /etc/rc.d/rcsysinit.d/S50cleanfs ln -sf ../init.d/setclock /etc/rc.d/rcsysinit.d/S60setclock diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt new file mode 100644 index 000000000..a31cd7bea --- /dev/null +++ b/src/initscripts/system/smt @@ -0,0 +1,40 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/smt +######################################################################## + +. /etc/sysconfig/rc +. ${rc_functions} + +eval $(/usr/local/bin/readhash /var/ipfire/main/security) + +case "${1}" in + start) + # Nothing to do here when SMT is forced on + if [ "${ENABLE_SMT}" = "on" ]; then + exit 0 + fi + + # Nothing to do if this processor is not vulnerable + # to Fallout/RIDL. + if [ -r "/sys/devices/system/cpu/vulnerabilities/mds" ]; then + if [ "$(</sys/devices/system/cpu/vulnerabilities/mds)" = "Not affected" ]; then + exit 0 + fi + + # Disable SMT when supported and enabled + if [ "$(</sys/devices/system/cpu/smt/control)" = "on" ]; then + boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..." + echo "forceoff" > /sys/devices/system/cpu/smt/control + echo_ok + fi + fi + ;; + + *) + echo "Usage: ${0} {start}" + exit 1 + ;; +esac + +# End $rc_base/init.d/smt
hooks/post-receive -- IPFire 2.x development tree