This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 3757b8ef10377e422f2c7b98d34f728ab0977809 (commit) via c1f13252d063b374039bc80c12d60b389a75befd (commit) via 66eac1139047efaf5619dcf562807b12c4a2a126 (commit) via 1f1755aae03cd18dc2c54d550151a9406c2acb2b (commit) via 7d6b92e10d604050b22cb4f9823df13f8df15215 (commit) via 9e3eebb4ef732acb81b9039a9d6983b5f59fcf9a (commit) via ab7944fceb9138fb3ec66c02d1573f99a853d0b8 (commit) via 1a0cbc236b0e51399de495b582813acf5b39a9f4 (commit) via f82f3234ab37ab0bef908d2550d3b17da105d5c1 (commit) via d4bf67e28f75d82e6873700d2f89b5a61ece0b00 (commit) via 38e463f7b6692c3ea88c0d384d4d390136c91a2f (commit) via e5ee56f677e12873754589ac19669bffbfa8fe42 (commit) via 981a5756fdbf9d099e16e358bc5ac206db1229dc (commit) via cf56de7a94e5007bce8eaa37cc5a4929a13ff45e (commit) via cca29326abd3e2fba6e6fc40c33e82a1ad001e9b (commit) via 406ab3f286dd6ed8427f29534f686ddaeefe6e80 (commit) via 553867681e73a487b59cc85327979b7f4d3049f0 (commit) via 62bf01529bda71007f08827ae4c25684ebc31ef3 (commit) via 1ae53a882e5e935c45e63dec707f8b7bc342f022 (commit) via 634af916739e6758c853939c08b7b409dc2379cb (commit) via a8a107af2ed730c71d12d2cc276242403c814cfe (commit) via 6c9744bbcb0ab0b483884c914466f960287c0f9d (commit) via 74be89cf589f93aea0f0aade3a5dcba8bcbb3ea2 (commit) via a023f6b57428be64d39802eb20c90c4192c4b136 (commit) via 3d8ed693e204235cf0c92be8bb0c4b327e878256 (commit) via 08d1f80b1aaf9f50a2f00905b2afa38a01455e94 (commit) via dd8b385fc499d3a297e731bd49ab720a4a1fe2de (commit) via a4e20441ff08401644fc29342338ef8f6bd7984a (commit) via 870bd70a3d85d0ca4bc826fe9440d74ac4b343f3 (commit) via 1de96a83d6d6cec5d4d3eda1792aa80bfbd8fafe (commit) via 3bcb69888eabf32ebfec10389cbb42eed8c91837 (commit) via 843c39434195e0fe78be36fb25adc5854aff78a2 (commit) via 9c72aa966309ea160c4385363d9e29305af73389 (commit) via 3f538a827627ae70fc2c892abab6e8d73f73aaad (commit) via 60dd0f8f15d1b70e0692c933dcf374dd329ee365 (commit) via 77631ba4c738432c31cd4b6fad0da28b880fb0c7 (commit) via 657801ca491cf671d7201354b566a42d6cce6515 (commit) via 0818920c8a96df3b80042f2ffe8bade8d4545076 (commit) via 468e9831d5c7b99a2dc20b66d881f43ecb0a424b (commit) via 6c228fabd02aaf17ff1e0b403666a01725d70b3c (commit) via 06ee2b84e7e33235caf2203810cddc3c7020a943 (commit) via 456ff347463776c3a5adee02d3d2ca65924661c2 (commit) via ccb2d0a211b9efd65c4943c7594b6e367a371ec9 (commit) via 9b57b59a411fe3e82c173becad8f0edc538aafe6 (commit) via 6dcd2c24bba008952469414b6d560863793e6001 (commit) via db8d09bdb72ddf08333172b18fc145393c5375d6 (commit) via 335cd6187bfe38e0e4c671f2a848bd834855f952 (commit) via c0261d9b96f55a954ee63ad9115db6d2a5636c38 (commit) via a61f0c752225fd3dcde20a9929947f3fe2586781 (commit) via 7b62f1706638ab287e0300b43a322c595b1466fb (commit) via 9914a4f1cdf811e790164a1b2d047d985065b6ac (commit) via 4e4b6033294509f6a9301cf7d7700263adc69172 (commit) via 5058edbadacd66e5313e4a1bbe9fca09aaace483 (commit) via a6568d122d85d447805aa137c68a541c641b3516 (commit) via 82f8e2fef4c35cf44250a8484ef4c63a95e12b49 (commit) via 057c7692b1fd41f1683f68cf20742f6f025d1c17 (commit) via 61a4d3cf49ae48896663af0cfee094b1f04df83f (commit) via 803f69b16f6e560a38220f19449aa86afa53198a (commit) via 607760950b571610cef4a0e6264415ddec5c69ec (commit) via be78d2abafc58a7f216102079498e642c107aebc (commit) via ac1032f025a851bf03c4ff56e21df379c81aba04 (commit) via 0d241960201088fea9eeae80eee06555a724a03f (commit) via aba4372e3ec4001bafb32f94eae9698dcb174259 (commit) via 3679c7a0d4f8881679c72abd321a90e75febc2c3 (commit) via 39eafa413f4b37e8dc1abff1f7d7ca2c0e1cbffa (commit) via 66546a360704717be03ffa12ff80137cccbab90a (commit) via eb48782ee7184b5c397efeda14f27d83e3c6995b (commit) via 5541ca3faf4e0100cd64e79022d4c0a4eed658fd (commit) via 09901bae0a8cffdd9f8d77eaac6a1c114723e32b (commit) via 0739ae938f1881cb863018e2230e0f523f073005 (commit) via a3170662bf8943b57a1bbbe0b86ec4a1eb954802 (commit) via 32f722f9c831bc037f10e069a3c44d3e3b3e5c66 (commit) via 37174e29de670a33f9be4b90c88b0a96c695dad1 (commit) via 76ea485d9edb781328e307c68b1f878d933408e5 (commit) via 08ddf896561c7733a17491d175dd6bda00e775e3 (commit) via b611b775dd1780cb59c8fde77f7ebb8722b79ecd (commit) via d312592b00270f972b60a648b431f074f0b1ebf1 (commit) via 5a1c02df8973b3acc5c3101a94e86fe6df4b43b6 (commit) via 1f2bb86219bb57718b9a666f9c5b14b2c44f98a3 (commit) via d6868ae94c63d0f708985e6bb6604a4bd40cf1a8 (commit) via 27e9dcc159247d55e369b3cbf6b826168fda38f6 (commit) via 397e0c527192382ed628df6d8ec767fef2240a54 (commit) via 35afcd212ef33f091a6a36e8dd3b092da2613d59 (commit) via 6d8483a793bd720bdf183b2eaa43fdd5bf0402c0 (commit) via fadf9488c4ad2dcee9060240dabafe49fa74b154 (commit) via 76db32dd47b45947905ecb28475accfae848919e (commit) via e5604dafcd5fe74af8a116bb5c26d36d268d9490 (commit) via 63a1468e907c6cf8d469df560f04d656c03d0c70 (commit) via 593481a6b3b613dcabff936f2c9fedb87f778900 (commit) via 85ec8363a873100fc1bb49e3c01f9f63bf97c6e1 (commit) via 31a21c9974b82fb266ddea3320be69de32628d9b (commit) via 95bf26599d97d98ece3886fe69ccf898f19b298f (commit) via f552e23da404adf4555299c887a0279016323df4 (commit) via eb47427429e5518385344c2fa262948b0b0e659a (commit) via 89b976e9a7e4da13b82de4aadadb63ffaf3031a6 (commit) via f0a4cae5e82fe9011d41a17d359419b528c80415 (commit) via 5ca419c7fff709bf33b7a23d75632129590ef5be (commit) via cb7e2a7d908f0db7201f2b3d7c4fded3caba8586 (commit) via 4846ff3a1091f280f3fdabbfdd898adfeff80e87 (commit) via ca479eb8bfdd6d1c154c8bea1b823fd940727533 (commit) via b526e4998161c217ac0af88ad616e32bdac314c7 (commit) via 4981916fd955d0fc7a9008352d3a4bec1a498cdd (commit) via 2406a4cfe573cdc926e14150522578d861e4c240 (commit) via ff9ccfa8d75871f96d43501f4536590c680429d7 (commit) via 0cf51b17e97c93e988c52cc3462061e085facc3c (commit) via 5eb7d41133f3b8a74f38f3b2ab01ccb8c34ae0f1 (commit) via 303f811025b6d2672b8535d63b039e2d76a2260a (commit) via c0cddfa6feb95c13cdd84ea68253c5f025801d45 (commit) via 21001812389666836552bc193248cb2ffc3a76b6 (commit) via f84c7d0bdac38fb6ed7105a21c1f2422ddbcd656 (commit) via d11f9d75b002b8395fe094b0beaf2bb4c2e2e0ed (commit) via 4e83b78e86b12ec418e872cae7f162b9548c3a59 (commit) via a77882639e42e40deea0ea2e811ed0644f51ebe7 (commit) via 3eba8076012f79da1bda90995afc88bce569a060 (commit) via 6a760ba418e6701b584ca80a6cd834e014397929 (commit) via cc203a41265c8ec5564be204293cf86ac9533e81 (commit) via eefe8bcdec7095331044488aab4bf6b7a711d765 (commit) via e44e1be465cab81a37bab7aa9ecb301b105633ee (commit) via 283238d66fa69b3a5198b2ac7a0539f6a678ce4c (commit) via 0b4c2c3799fdfc8cfbb67888f6a0f7a21869d826 (commit) via c5606af3e5ecb3a968df2a48ea10c7811760241d (commit) via b57617edafdfa2fd057c5902ed3b5f9dc6558ec5 (commit) via 16c94e73c70da3cf6446b2bf80fa306e51ded53c (commit) via 26d6b4cd89621cb1552871be0b14a1b59584c82b (commit) via 1425014380d4118bba7b4ffe1f41691a2af7a3b0 (commit) via 3cfb59a767313f65fdaa8d18a9df12ffaec6129c (commit) via 7f79f01123992781788ab7b5eac12794fa21143a (commit) via 44cf6442d2d2608e081dee552b0d4778586125fd (commit) via 06df633c86eabbfa40fe36c508bef8963f3f006f (commit) via d9d98b678b5207856d7383c3f097eb30910df61b (commit) via c5af1d851cb3963441b43785b17c335d328d763e (commit) via d408b1a8e717ed0387366c254a0a637c635e8a2c (commit) via 8d26760ce43686485cc9db595f2efa9a9a5c3302 (commit) via 4fe654d7704499063ec6d766faf3249149cac7a3 (commit) via c25e3d6a1924448fa988de0118b802b7de0a0405 (commit) via 6d3c91bc7a7c9aa84631ca8b90dc5cda63c0ec5a (commit) via 83e6991be967ceaaa8d61167c533636f35d6a498 (commit) via a5b7858c705cf7bdd37a32b2add8a9ffe3e42342 (commit) via fdfec12a5f272c8f960f3fcbc4af356f80fc1b9a (commit) via 06dbc836a47160d51ab10f8b9d4ca356beaa7cdb (commit) via fc32e7b9147d2eeeb6e2bc1497859fb050001eb5 (commit) via b78ba3624f0a11c060ad06dbd65741b82684d93e (commit) from f0c8d0eb9a4121b15e28a663bf65d22b8eaed9b0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3757b8ef10377e422f2c7b98d34f728ab0977809 Author: Michael Tremer Date: Thu Apr 24 15:00:39 2025 +0000 core195: Ship OpenSSL Signed-off-by: Michael Tremer commit c1f13252d063b374039bc80c12d60b389a75befd Author: Adolf Belka Date: Thu Apr 24 15:43:54 2025 +0200 openssl: Update to version 3.5.0 - Update from version 3.4.1 to 3.5.0 - Update of rootfile - The changelog mentions some potentially significant or incompatible changes. From the description they don't seem to be ones that would not work with IPFire but I will look at evaluating the new version in my vm testbed and reporting back. - Changelog 3.5.0 This release incorporates the following potentially significant or incompatible changes: Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc. The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list. The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519. All BIO_meth_get_*() functions were deprecated. This release adds the following new features: Support for server side QUIC (RFC 9000) Support for 3rd party QUIC stacks including 0-RTT support Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA) A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422 A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source Support for central key generation in CMP Support added for opaque symmetric key objects (EVP_SKEY) Support for multiple TLS keyshares and improved TLS key establishment group configurability API support for pipelining in provided cipher algorithms Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 66eac1139047efaf5619dcf562807b12c4a2a126 Author: Michael Tremer Date: Thu Apr 24 15:00:02 2025 +0000 core195: Ship OpenSSH Signed-off-by: Michael Tremer commit 1f1755aae03cd18dc2c54d550151a9406c2acb2b Author: Adolf Belka Date: Thu Apr 24 15:43:53 2025 +0200 openssh: Update to version 10.0p1 - Update from version 9.9p2 to 10.0p1 - Update of rootfile - There is a security fix in this version that openssh have described as minor. - From this version onwards the default key agreement used is the hybrid post-quantum algorithm - mlkem768x25519-sha256 - Changelog 10.0p1 Potentially-incompatible changes * This release removes support for the weak DSA signature algorithm, completing the deprecation process that began in 2015 (when DSA was disabled by default) and repeatedly warned over the last 12 months. * scp(1), sftp(1): pass "ControlMaster no" to ssh when invoked by scp & sftp. This disables implicit session creation by these tools when ControlMaster was set to yes/auto by configuration, which some users found surprising. This change will not prevent scp/sftp from using an existing multiplexing session if one had already been created. GHPR557 * This release has the version number 10.0 and announces itself as "SSH-2.0-OpenSSH_10.0". Software that naively matches versions using patterns like "OpenSSH_1*" may be confused by this. * sshd(8): this release removes the code responsible for the user authentication phase of the protocol from the per- connection sshd-session binary to a new sshd-auth binary. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after the authentication phase completes. This change should be largely invisible to users, though some log messages may now come from "sshd-auth" instead of "sshd-session". Downstream distributors of OpenSSH will need to package the sshd-auth binary. * sshd(8): this release disables finite field (a.k.a modp) Diffie-Hellman key exchange in sshd by default. Specifically, this removes the "diffie-hellman-group*" and "diffie-hellman-group-exchange-*" methods from the default KEXAlgorithms list. The client is unchanged and continues to support these methods by default. Finite field Diffie Hellman is slow and computationally expensive for the same security level as Elliptic Curve DH or PQ key agreement while offering no redeeming advantages. ECDH has been specified for the SSH protocol for 15 years and some form of ECDH has been the default key exchange in OpenSSH for the last 14 years. * sshd(8): this release removes the implicit fallback to compiled- in groups for Diffie-Hellman Group Exchange KEX when the moduli file exists but does not contain moduli within the client- requested range. The fallback behaviour remains for the case where the moduli file does not exist at all. This allows administrators more explicit control over which DH groups will be selected, but can lead to connection failures if the moduli file is edited incorrectly. bz#2793 Security * sshd(8): fix the DisableForwarding directive, which was failing to disable X11 forwarding and agent forwarding as documented. X11 forwarding is disabled by default in the server and agent forwarding is off by default in the client. New features * ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 is now used by default for key agreement. This algorithm is considered to be safe against attack by quantum computers, is guaranteed to be no less strong than the popular curve25519-sha256 algorithm, has been standardised by NIST and is considerably faster than the previous default. * ssh(1): prefer AES-GCM to AES-CTR mode when selecting a cipher for the connection. The default cipher preference list is now Chacha20/Poly1305, AES-GCM (128/256) followed by AES-CTR (128/192/256). * ssh(1): add %-token and environment variable expansion to the ssh_config SetEnv directive. * ssh(1): allow %-token and environment variable expansion in the ssh_config User directive, with the exception of %r and %C which would be self-referential. bz#3477 * ssh(1), sshd(8): add "Match version" support to ssh_config and sshd_config. Allows matching on the local version of OpenSSH, e.g. "Match version OpenSSH_10.*". * ssh(1): add support for "Match sessiontype" to ssh_config. Allows matching on the type of session initially requested, either "shell" for interactive sessions, "exec" for command execution sessions, "subsystem" for subsystem requests, such as sftp, or "none" for transport/forwarding-only sessions. * ssh(1): add support for "Match command ..." support to ssh_config, allowing matching on the remote command as specified on the command-line. * ssh(1): allow 'Match tagged ""' and 'Match command ""' to match empty tag and command values respectively. * sshd(8): allow glob(3) patterns to be used in sshd_config AuthorizedKeysFile and AuthorizedPrincipalsFile directives. bz2755 * sshd(1): support the VersionAddendum in the client, mirroring the option of the same name in the server; bz2745 * ssh-agent(1): the agent will now delete all loaded keys when signaled with SIGUSR1. This allows deletion of keys without having access to $SSH_AUTH_SOCK. * Portable OpenSSH, ssh-agent(1): support systemd-style socket activation in ssh-agent using the LISTEN_PID/LISTEN_FDS mechanism. Activated when these environment variables are set, the agent is started with the -d or -D option and no socket path is set. GHPR502 * ssh-keygen(1): support FIDO tokens that return no attestation data, e.g. recent WinHello. GHPR542 * ssh-agent(1): add a "-Owebsafe-allow=..." option to allow the default FIDO application ID allow-list to be overridden. * Add a work-in-progress tool to verify FIDO attestation blobs that ssh-keygen can optionally write when enrolling FIDO keys. This tool is available under regress/misc/ssh-verify-attestation for experimentation but is not installed by "make install". * ssh-keygen(1): allow "-" as output file for moduli screening. GHPR393 Bugfixes * sshd(8): remove assumption that the sshd_config and any configs it includes can fit in a (possibly enlarged) socket buffer. Previously it was possible to create a sufficiently large configuration that could cause sshd to fail to accept any connection. sshd(8) will now actively manage sending its config to the sshd-session sub-process. * ssh(1): don't start the ObscureKeystrokeTiming mitigations if there has been traffic on a X11 forwarding channel recently. Should fix X11 forwarding performance problems when this setting is enabled. bz3655 * ssh(1): prohibit the comma character in hostnames accepted, but allow an underscore as the first character in a hostname. * sftp(1): set high-water when resuming a "put". Prevents bogus "server reordered acks" debug message. * ssh(1), sshd(8): fix regression in openssh-9.8, which would fail to accept "Match criteria=argument" as well as the documented "Match criteria argument" syntax in ssh_config and sshd_config. bz3739 * sftp(1), ssh(1): fix a number possible NULL dereference bugs, including Coverity CIDs 405019 and 477813. * sshd(8): fix PerSourcePenalty incorrectly using "crash" penalty when LoginGraceTime was exceeded. bz3797 * sshd(8): fix "Match invalid-user" from incorrectly being activated in initial configuration pass when no other predicates were present on the match line * sshd(8): fix debug logging of user specific delay. GHPR#552 * sshd(8): improve debug logging across sub-process boundaries. Previously some log messages were lost early in the sshd-auth and sshd-session processes' life. * ssh(1): require control-escape character sequences passed via the '-e ^x' command-line to be exactly two characters long. Avoids one byte out-of-bounds read if ssh is invoked as "ssh -e^ ..." GHPR368 * ssh(1), sshd(8): prevent integer overflow in x11 port handling. These are theoretically possible if the admin misconfigured X11DisplayOffset or the user misconfigures their own $DISPLAY, but don't happen in normal operation. bz#3730 * ssh-keygen(1): don't mess up ssh-keygen -l output when the file contains CR characters; GHPR236 bz3385. * sshd(8): add rate limits to logging of connections dropped by PerSourcePenalties. Previously these could be noisy in logs. * ssh(1): fix argument of "Compression" directive in ssh -G config dump, which regressed in openssh-9.8. * sshd(8): fix a corner-case triggered by UpdateHostKeys when sshd refuses to accept the signature returned by an agent holding host keys during the hostkey rotation sub-protocol. This situation could occur in situations where a PKCS#11 smartcard that lacked support for particular signature algorithms was used to store host keys. * ssh-keygen(1): when using RSA keys to sign messages with "ssh-keygen -Y", select the signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx"). This allows using something other than the default of rsa-sha2-512, which may not be supported on all signing backends, e.g. some smartcards only support SHA256. * ssh(1), sshd(8), ssh-keyscan(1): fix ML-KEM768x25519 KEX on big-endian systems. * Many regression and interop test improvements. Portability * All: add support for AWS-LC (AWS libcrypto). bz3784 * sshd(8): add wtmpdb support as a Y2038 safe wtmp replacement. * sshd(8): add support for locking sshd into memory, enabled with the --with-linux-memlock-onfault configure flag. * Add support for building a standalone sk-libfido2 library, enabled by --with-security-key-standalone * ssh(1), sshd(8), ssh-keyscan(1): include __builtin_popcount replacement function. for compilers that lack it. * All: Check for and replace le32toh, le64toh, htole64 separately. It appears that at least some versions of endian.h in glibc do not have the latter two. bz#3794 * Remove ancient RHL 6.x config in RPM spec. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 7d6b92e10d604050b22cb4f9823df13f8df15215 Author: Adolf Belka Date: Thu Apr 24 15:43:51 2025 +0200 nano: Update to version 8.4 - Update from version 8.3 to 8.4 - Update of rootfile not required - Changelog 8.4 • Bracketed pastes over a slow connection are more reliable. • Tabs in an external paste at a prompt are not dropped. • Feedback occurs when the cursor sits on a Byte Order Mark. • The Execute prompt is more forgiving of a typo. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 9e3eebb4ef732acb81b9039a9d6983b5f59fcf9a Author: Adolf Belka Date: Thu Apr 24 15:43:52 2025 +0200 nfs: Update to version 2.8.3 - Update from version 2.8.2 to 2.8.3 - Update of rootfile not required - Changelog is just a list of the commits and is over 500 lines long. The details can be found in the changelog at https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.3/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ab7944fceb9138fb3ec66c02d1573f99a853d0b8 Author: Michael Tremer Date: Thu Apr 24 14:58:34 2025 +0000 core195: Ship libgpg-error Signed-off-by: Michael Tremer commit 1a0cbc236b0e51399de495b582813acf5b39a9f4 Author: Adolf Belka Date: Thu Apr 24 15:43:50 2025 +0200 libgpg-error: Update to version 1.54 - Update from version 1.51 to 1.54 - Update of rootfile - Changelog 1.54 * Fix a regression in 1.52 which did not allow to open UNC specified files on Windows. [rE28ae4ee194] * Ignore log file specification from the Registry in the gpg-error tool. 1.53 * Fix regression in 1.52. 1.52 * The KEY_WOW64_xxKEY flags can now be passed to the Registry read functions. [rE652328c786] * In the spawn functions care about closefrom/close call is interrupted. [T7478] * New command --getreg for gpg-error on Windows. [rE652328c786] * New simple string list API. [rE47097806f1] * New API for name value files. [rE7ec1f27b60] * Add a Windows Registry emulation for Unix. [rE9864dd4d66] * Interface changes relative to the 1.51 release: gpgrt_w32_reg_query_string NEW (Windows only). gpgrt_strlist_t NEW type. gpgrt_strlist_free NEW. gpgrt_strlist_add NEW. gpgrt_strlist_tokenize NEW. gpgrt_strlist_copy NEW. gpgrt_strlist_rev NEW. gpgrt_strlist_prev NEW. gpgrt_strlist_last NEW. gpgrt_strlist_pop NEW. gpgrt_strlist_find NEW. GPGRT_STRLIST_APPEND NEW const. GPGRT_STRLIST_WIPE NEW const. gpgrt_nvc_t NEW type. gpgrt_nve_t NEW type. gpgrt_nvc_new NEW. gpgrt_nvc_release NEW. gpgrt_nvc_get_flag NEW. gpgrt_nvc_add NEW. gpgrt_nvc_set NEW. gpgrt_nve_set NEW. gpgrt_nvc_delete NEW. gpgrt_nvc_lookup NEW. gpgrt_nvc_parse NEW. gpgrt_nvc_write NEW. gpgrt_nve_next NEW. gpgrt_nve_name NEW. gpgrt_nve_value NEW. gpgrt_nvc_get_string NEW. gpgrt_nvc_get_bool NEW. GPGRT_NVC_WIPE NEW const. GPGRT_NVC_PRIVKEY NEW const. GPGRT_NVC_SECTION NEW const. GPGRT_NVC_MODIFIED NEW const. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f82f3234ab37ab0bef908d2550d3b17da105d5c1 Author: Michael Tremer Date: Thu Apr 24 14:58:17 2025 +0000 core195: Ship libffi Signed-off-by: Michael Tremer commit d4bf67e28f75d82e6873700d2f89b5a61ece0b00 Author: Adolf Belka Date: Thu Apr 24 15:43:49 2025 +0200 libffi: Update to version 3.4.8 - Update from version 3.4.7 to 3.4.8 - Update of rootfile not required - Changelog 3.4.8 aarch64: add PAC to GNU Notes by @billatarm in #882 MIPS: Dont import asm/sgidefs.h on linux by @fossdd in #885 Update the Simple Example from the Docs to fix a compile error by @Nikitf777 in #886 Fix bugs in the x86-64 and x32 target (#887) by @mikulas-patocka in #889 Add the "ABI_ATTR" attribute to called functions (#891) by @mikulas-patocka in #892 powerpc: Add static trampoline support (#894) by @peter-bergner in #895 testsuite: add two tests to Makefile.am by @thesamesam in #893 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 38e463f7b6692c3ea88c0d384d4d390136c91a2f Author: Michael Tremer Date: Thu Apr 24 14:57:55 2025 +0000 core195: Ship libcap Signed-off-by: Michael Tremer commit e5ee56f677e12873754589ac19669bffbfa8fe42 Author: Adolf Belka Date: Thu Apr 24 15:43:48 2025 +0200 libcap: Update to version 2.76 - Update from version 2.75 to 2.76 - Update of rootfile - Changelog 2.76 More libpsx and psx Go package mechanism fixes (many thanks to Christial Kastner for helping dive into the off-piste architectures. See Bug 219915.) Address an arm64 (aarch64) libpsx issue seen with Tracee. (Tagged psx/v1.2.76-rc1) Note, 2.75 should have fixed the tracee issue 4678 but the above issue emerged from their extensive testing. Thanks to Gregório G. for reporting the observed failure details. More architectures supported: of the many architectures Debian builds for, we think only alpha and sparc64 have problems. Unable to construct qemu-*-system images with which to debug these. If anyone has a recipe for that that works for Fedora as a base platform, please provide details... To make the various .so files continue to be runnable as standalone programs added another workaround for glibc. (Bug 219880 reported by Christian Kastner.) _IO_stdin_used needs to be weekly defined to make puts() and friends work. Also updated the Stackoverflow answer to include that detail. Made a new man page cap_text_formats(7). This makes it possible to separate the tool man pages from the developer man pages. I believe this was the second time this was requested, by Carlos Rodriguez-Fernandez this time (can't find the former request in my email). Some man page cross linking fixes as well. Dropped Make.Rules definition of SYSTEM_HEADERS Thanks to Ross Burton for reporting. Removed a spurious debugging printf() from setcap tool. Removed cap_ workarounds for go.dev cap package examples. The website bugs have been resolved: go/issues/70611; go/issues/70630. Added a Makefile to the contrib/seccomp example. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 981a5756fdbf9d099e16e358bc5ac206db1229dc Author: Michael Tremer Date: Thu Apr 24 14:57:33 2025 +0000 core195: Ship btrfs-progs Signed-off-by: Michael Tremer commit cf56de7a94e5007bce8eaa37cc5a4929a13ff45e Author: Adolf Belka Date: Thu Apr 24 15:43:44 2025 +0200 btrfs-progs: Update to version 6.14 - Update from version 6.13 to 6.14 - Update of rootfile not required - Changelog 6.14 * mkfs: * allow --sectorsize to be 2K for testing purposes of subpage mode (needs the same block size supported by kernel) * fix false error when no compression is requested and lzo is not compiled in * convert: support 2K block size in the source filesystem * defrag: new parameter -L/--level to specify compression levels (kernel 6.15), also supports the realtime levels * subvol delete: show names of recursively deleted child subvolumes * qgroup show: use sysfs to detect up to date consistency status * zoned mode: support zone capacity tracking * other: * CI new and updated workflows * documentation updates Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit cca29326abd3e2fba6e6fc40c33e82a1ad001e9b Author: Michael Tremer Date: Thu Apr 24 14:56:53 2025 +0000 core195: Ship fontconfig Signed-off-by: Michael Tremer commit 406ab3f286dd6ed8427f29534f686ddaeefe6e80 Author: Adolf Belka Date: Thu Apr 24 15:43:46 2025 +0200 fontconfig: Update to version 2.16.2 - Update from version 2.16.0 to 2.16 2 - Update of rootfile - Default build system has been moved from autotools to meson. Autotools will likely be removed in next version. - Changelog 2.16.2 meson: do not require libintl if nls feature is disabled ci: Add back Android build in a common way ci: drop Language to make sure they are applied as default style ci: Change the default build system to meson ci: Stop on fail anyway ci: default to clean-build ci: detect OS from os-release if no FC_DISTRO_NAME is set ci: add missing dependency of pytest ci: Set more timeout for pytest ci: fix too many open files on test ci: add missing dependency of requests meson: Use Requires.private instead of Requires Upgrade bindgen in Fontations enabled Rust builds [Fontations] Add internal PatternBuilder abstraction meson: don't force build of a shared library meson.build: define a 'c' standard for the project (C99 and C11) 2.16.1 meson: create fc_cachedir at the installation time meson: set WORDS_BIGENDIAN ci: get back MinGW build to rawhide meson: make sure config.h contains config-fixups.h for OSX Reformatting with clang-format ci: Add a workflow to check the coding style ci: workaround conflict between systemd and systemd-standalone-sysusers conf.d: Add Adwaita Sans as system-ui ci: disable job tentatively ci: Add a release workflow [Fontations] Allow linkage to internals in tests meson.build: explicitly check for pthread support Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 553867681e73a487b59cc85327979b7f4d3049f0 Author: Michael Tremer Date: Thu Apr 24 14:56:28 2025 +0000 core195: Ship coreutils Signed-off-by: Michael Tremer commit 62bf01529bda71007f08827ae4c25684ebc31ef3 Author: Adolf Belka Date: Thu Apr 24 15:43:45 2025 +0200 coreutils: Update to version 9.7 - Update from version 9.5 to 9.7 - Update of rootfile not required - Changelog 9.7 ** Bug fixes 'cat' would fail with "input file is output file" if input and output are the same terminal device and the output is append-only. [bug introduced in coreutils-9.6] 'cksum -a crc' misbehaved on aarch64 with 32-bit uint_fast32_t. [bug introduced in coreutils-9.6] dd with the 'nocache' flag will now detect all failures to drop the cache for the whole file. Previously it may have erroneously succeeded. [bug introduced with the "nocache" feature in coreutils-8.11] 'ls -Z dir' would crash on all systems, and 'ls -l' could crash on systems like Android with SELinux but without xattr support. [bug introduced in coreutils-9.6] `ls -l` could output spurious "Not supported" errors in certain cases, like with dangling symlinks on cygwin. [bug introduced in coreutils-9.6] timeout would fail to timeout commands with infinitesimal timeouts. For example `timeout 1e-5000 sleep inf` would never timeout. [bug introduced with timeout in coreutils-7.0] sleep, tail, and timeout would sometimes sleep for slightly less time than requested. [bug introduced in coreutils-5.0] 'who -m' now outputs entries for remote logins. Previously login entries prefixed with the service (like "sshd") were not matched. [bug introduced in coreutils-9.4] ** Improvements 'logname' correctly returns the user who logged in the session, on more systems. Previously on musl or uclibc it would have merely output the LOGNAME environment variable. 9.6 ** Bug fixes cp fixes support for --update=none-fail, which would have been rejected as an invalid option. [bug introduced in coreutils-9.5] cp,mv --update no longer overrides --interactive or --force. [bug introduced in coreutils-9.3] csplit no longer creates empty files given empty input. [This bug was present in "the beginning".] ls and printf fix shell quoted output in the edge case of escaped first and last characters, and single quotes in the string. [bug introduced in coreutils-8.26] ls -l no longer outputs "Permission denied" errors on NFS which may happen with files without read permission, and which resulted in inaccurate indication of ACLs (missing '+' flag after mode). [bug introduced in coreutils-9.4] ls -l no longer outputs "Not supported" errors on virtiofs. [bug introduced in coreutils-9.4] mv works again with macFUSE file systems. Previously it would have exited with a "Function not implemented" error. [bug introduced in coreutils-8.28] nproc gives more consistent results on systems with more than 1024 CPUs. Previously it would have ignored the affinity mask on such systems. [bug introduced with nproc in coreutils-8.1] numfmt --from=iec-i now works with numbers without a suffix. Previously such numbers were rejected with an error. [bug introduced with numfmt in coreutils-8.21] printf now diagnoses attempts to treat empty strings as numbers, as per POSIX. For example, "printf '%d' ''" now issues a diagnostic and fails instead of silently succeeding. [This bug was present in "the beginning".] pwd no longer outputs an erroneous double slash on systems where the system getcwd() was completely replaced. [bug introduced in coreutils-9.2] 'shuf' generates more-random output when the output is small. [bug introduced in coreutils-8.6] `tail --follow=name` no longer waits indefinitely for watched file names that are moved elsewhere within the same file system. [bug introduced in coreutils-8.24] `tail --follow` without --retry, will consistently exit with failure status where inotify is not used, when all followed files become inaccessible. [This bug was present in "the beginning".] `tail --follow --pid=PID` will now exit when the PID dies, even in the presence of blocking inputs like unopened fifos. [This bug was present in "the beginning".] 'tail -c 4096 /dev/zero' no longer loops forever. [This bug was present in "the beginning".] ** Changes in behavior 'factor' now buffers output more efficiently in some cases. install -C now dereferences symlink sources when comparing, rather than always treating as different and performing the copy. kill -l and -t now list signal 0, as it's a valid signal to send. ls's -f option now simply acts like -aU, instead of also ignoring some earlier options. For example 'ls -fl' and 'ls -lf' are now equivalent because -f no longer ignores an earlier -l. The new behavior is more orthogonal and is compatible with FreeBSD. stat -f -c%T now reports the "fuseblk" file system type as "fuse", given that there is no longer a distinct "ctl" fuse variant file system. ** New Features cksum -a now supports the "crc32b" option, which calculates the CRC of the input as defined by ITU V.42, as used by gzip for example. For performance pclmul instructions are used where supported. ls now supports the --sort=name option, to explicitly select the default operation of sorting by file name. printf now supports indexed arguments, using the POSIX:2024 specified %$ format, where '' is an integer referencing a particular argument, thus allowing repetition or reordering of printf arguments. test supports the POSIX:2024 specified '<' and '>' operators with strings, to compare the string locale collating order. timeout now supports the POSIX:2024 specified -f, and -p short options, corresponding to --foreground, and --preserve-status respectively. ** Improvements cksum -a crc, makes use of AVX2, AVX512, and ARMv8 SIMD extensions for time reductions of up to 40%, 60%, and 80% respectively. 'head -c NUM', 'head -n NUM', 'nl -l NUM', 'nproc --ignore NUM', 'tail -c NUM', 'tail -n NUM', and 'tail --max-unchanged-stats NUM’ no longer fail merely because NUM stands for 2**64 or more. sort operates more efficiently when used on pseudo files with an apparent size of 0, like those in /proc. stat and tail now know about the "bcachefs", and "pidfs" file system types. stat -f -c%T now reports the file system type, and tail -f uses inotify for these file systems. wc now reads a minimum of 256KiB at a time. This was previously 16KiB and increasing to 256KiB was seen to increase wc -l performance by about 10% when reading cached files on modern systems. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 1ae53a882e5e935c45e63dec707f8b7bc342f022 Author: Adolf Belka Date: Thu Apr 24 15:43:43 2025 +0200 alsa: Update to version 1.2.14 - Update from version 1.2.13 to 1.2.14 - alsa-lib, alsa-utils and alsa-ucm-conf all updated to that new version. - Update of rootfile - Changelog 1.2.14 alsa-lib Core Delete alsalisp code include: prefer alsa/asoundlib.h for apps, dependency cleanups seq: Define new events for UMP EP/FB change notifications configure: Make sequencer dependent on rawmidi src/Versions.in.in: Update *_tempo_base name Config API include: prefer alsa/asoundlib.h for apps, dependency cleanups Control API control: remap - improve sync feature control: remap - add sync feature control: remap - separate event handling from map (preparation for sync) control: remap - add possibility to remap multiple source channels include: prefer alsa/asoundlib.h for apps, dependency cleanups PCM API pcm: hw: do not reset tstamp_type in SND_PCM_APPEND mode (#2) pcm: hw: fix default timestamp type for O_APPPEND pcm: hw: do not reset tstamp_type in SND_PCM_APPEND mode pcm: fix minor typos in doc RawMidi API rawmidi: ump - fix snd_ump_block_info_set_block_id double version #2 rawmidi: Extensions for tied device and substream inactive flag rawmidi: ump - fix snd_ump_block_info_set_block_id double version rawmidi: ump - fix snd_ump_block_info_get_block_id double version Rawmidi API rawmidi: Make rawmidi flag bits doxygen-style comments rawmidi: Extensions for tied device and substream inactive flag Sequencer API seq: update_group_ports - rewrite blknames update ALSA: seq: Use SND_* instead of SNDRV_* ALSA: seq: Add missing UMP EP cap bit at snd_seq_create_ump_endpoint() seq: shuffle calloc arguments in snd_seq_hw_open (gcc warning) seq: add more checks to snd_seq_hw_set_client_info for older kernels seq: Fix typo of the group number in snd_seq_create_ump_endpoint() seq: Fix bogus return of snd_seq_client_info_get_ump_conversion() seq: seq.c - fix calloc arguments seq: seqmid - fix info->name is always true error seq: Define new events for UMP EP/FB change notifications seq: include UMP headers Use Case Manager API ucm: do not bump syntax version to 8 ucm: add '${LibCaps}' substitution ucm: remove @@LibraryVersion and @@SyntaxVersion variables ucm: format @@SyntaxVersion to 4 digits ucm: enhance documentation (sys-card + ranges + more) ucm: add @@LibraryVersion and @@SyntaxVersion variables ucm: add sys-card substitution /Makefile.am Delete alsalisp code /include/Makefile.am Delete alsalisp code include: prefer alsa/asoundlib.h for apps, dependency cleanups ALSA Lisp Delete alsalisp code Documentation doc: fix permissions External PCM Filter Plugin SDK include: pcm extplug/ioplug: fix internal include External PCM I/O Plugin SDK include: pcm extplug/ioplug: fix internal include Kernel Headers Sync UAPI asequencer.h with 6.14 kernel Sync UAPI asound.h with 6.14 kernel MIDI 2.0 (UMP) include/ump_msg.h: Fix endianness detection seq: include UMP headers Test/Example code test/playmidi1: fix compilation caused by conflict between midifile.h and ump_msg.h Utils utils: add missing alsa-topology.pc.in to EXTRA_DIST alsa-utils Core axfer, topology: use only include instead specific alsa-lib headers ALSA Control (alsactl) alsactl: info - handle situations when devices are not available in kernel alsactl: info - print errors for next_device calls Remove trailing spaces in man pages alsactl: 90-alsa-restore.rules - fix AMD acp-pdm-mach link alsactl: 90-alsa-restore.rules - fix alsa_restore_go/std Audio Transfer utility axfer, topology: use only include instead specific alsa-lib headers alsa-info.sh alsa-info: move man page to section 8 (administration commands) alsa-info.sh: Add alsa-ucm package to package filter alsatplg (topology) Topology: NHLT: Intel: Improve error message for DMIC enable conflict Topology: NHLT: Intel: Fix mono DMIC configure for MTL platform axfer, topology: use only include instead specific alsa-lib headers Topology: NHLT: Intel: Fix DMA slots config in SSP blob amixer amixer: fix unknown TVL sequence print aplay/arecord Remove trailing spaces in man pages aplaymidi/arecordmidi Remove trailing spaces in man pages aplaymidi2/arecordmidi2 (MIDI v2.0) arecordmidi2: fix unitialization variable error in read_ump_raw() aseqdump aseqdump: Fix typos in messages alsa-ucm-conf Core github: use ucm-validator2, use actions/checkout@v4 Configuration USB-Audio: Add support of HyperX SoloCast (USB ID 03f0:0b8b) ucm2: Qualcomm: add Asus Zenbook A14 ucm2: Qualcomm: add Lenovo ThinkBook 16 support ucm2: Qualcomm: add HP Omnibook X14 support USB-Audio: Add focusrite scarlett 18i20 lineup USB-Audio: Add Roland BridgeCast One sof-soundwire: cs42l43: Switch mixer based on output volume ucm2: sof-soundwire: Correct include file path for dsp.conf USB-Audio: ALC4080 - add rear microphone support for 0414:a014 (Gigabyte Aorus Pro) sof-soundwire: Add LED support for cs35l56 amplifiers sof-soundwire: cs42l43: Drop headset mic from mic mute LED HDA: mics - don't create conflict link for Headphone Mic HDA: mics - improve the Jack selection HDA: mics - prefer 'Mic Jack' instead 'Headphone Jack' USB-Audio: ALC4080 - add support for ASUS B850-I (USB ID 0b05:1be1) sof-hda-dsp: Use common HDA initialization from /HDA/init.conf HDA: move led.conf include to more appropriate place ucm2: Qualcomm: fix typo in Lenovo T14s matching sof-soundwire: rt1318: add playback control switch ucm2: Qualcomm: add Lenovo Yoga Slim7x support ucm2: Qualcomm: add Lenovo T14s support ucm2: MediaTek: mt8390-evk: Add support for SOF Torradex: replace spaces with tabs when appropriate Torradex: fix wrong device names Headphone/Microphone USB-Audio: Add support for RME Fireface UCX II Qualcomm: Add QCS6490 RB3Gen2 HiFi config Qualcomm: Add QCM6490 IDP HiFi config ucm2: IO-Boards: Toradex: verdin: Add support for Toradex ucm2: IO-Boards: Toradex: verdin: Add support for Toradex ucm2: NXP: iMX6: Toradex: colibri-imx6: Add support for ucm2: NXP: iMX7: Toradex: colibri-imx7: Add support for ucm2: NXP: iMX8X: Toradex: colibri-imx8x: Add support for ucm2: NXP: iMX6: Toradex: apalis-imx6: Add support for ucm2: NXP: iMX8: Toradex: apalis-imx8: Add support for ucm2: IO-Boards: Toradex: apalis: Add support for Toradex USB-Audio: add Roland Quad-Capture support ucm2: HDA - remove HDA-Capture-value.conf and put contents directly to HDACaptureDevice macro ucm2: HDA: HiFi-analog/mic: Refactor the analog mic discovery GoXLR: Add 'Broadcast Stream Mix 2' to Capture if channels use SetLED in rt1318 init configuration Turn speaker LED accroding to rt1318 speaker status ucm2: use new SetLED macro to hide the implementation details common: add led.conf with SetLED macro to hide implementation details USB-Audio: Add support for TASCAM Model 12 UCM2: Blobs: SOF: Cleanup blob names from .blob to .bin USB-Audio: alc4080: Add MSI PRO B650-A WIFI USB ID 0db0:9e6d USB-Audio: Improve support for Focusrite 4th Gen devices USB-Audio: GoXLR - fix the channel detection for mini, cleanups USB-Audio: set capture channels to 4 in UR22C-HiFi.conf sof-soundwire: Fix cs42l43 dmic initialisation sof-soundwire: Split cs42l43 dmic initialisation ucm2: add mt8183_mt6358_ts3a227_max98357 ucm2: add mt8183_da7219_rt1015p ucm2: add acp3x-alc5682-alc1015 DEBUG.md: add "Logs from PipeWire (wireplumber)" section USB-Audio: Revelator-IO-44-HiFi - fix device names (validator) Rename ucm2/AMD/acp3xalc5682m98 to ucm2/AMD/acp3x-alc5682-max98357 Rename ucm2/AMD/acpd7219m98357 to ucm2/AMD/acp-da7219-rt5682-max98357 Qualcomm: Add SM8750 MTP HiFi config rt722: change output volume of headphone to 0dB ucm2: USB-Audio: add Presonus Revelator IO 44 (USB194f:0424) USB-Audio: ALC4080 - add ASUS ROG Crosshair X870E Hero (USB ID 0b05:1b7c) sun4i-codec: add routing for headphones and internal speaker UCM2: sof-soundwire: Add setup of IIR, DRC, beamformer UCM2: sof-soundwire: Add setup of IIR, DRC, beamformer UCM2: sof-soundwire: Enable DRC and equalizers for UCM2: Intel: sof-hda-dsp: Enable Dmic0 DRC and TDFB UCM2: Blobs/SOF/IPC4: Add Beamformer blobs, update UCM2: Intel: sof-hda-dsp: Cleanup definitions UCM2: Intel: sof-hda-dsp: Move variables defitions from ucm: fix SectionDevice identifiers ucm2: whitespace fixes USB-Audio: ALC4080: add support for MSI MEG X670E GODLIKE (USB 0db0:e1f8) USB-Audio: ALC4080 - add ASUS ROG STRIX X870E-E GAMING WIFI (USB 0b05:1b9b) Configuration files for Roland Bridge Cast X V2 ucm2: sof-soundwire: Correct FixedBootSequence for dmic info amd-soundwire: add support for AMD generic legacy machine driver sof-hda-dsp: Add back missing .conf suffix for product/user specific configs sof-soundwire: whitespace cleanup sof-soundwire: cs42l43: Correct CapturePCM and routing avs_nau8825: Fix JackControl name sof-soundwire: cs42l43-spk: Correct PlaybackPCM and routing sof-hda-dsp: Fix the case where sysfs dmi product_name attribute is not set UCM2: Intel: sof-hda-dsp: Fix handling of empty sys_vendor Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 634af916739e6758c853939c08b7b409dc2379cb Author: Stephen Cuka Date: Thu Apr 24 06:40:55 2025 -0600 pakfire.cgi: Changes to 'Install' confirmation page - Comma separate package names if multiple packages selected to install. - Display dependencies for package(s) to install in 'parent -> child' format. - Formatting and verbiage changes. - No functional changes to the install process. Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit a8a107af2ed730c71d12d2cc276242403c814cfe Author: Adolf Belka Date: Thu Apr 24 16:20:41 2025 +0200 core195: Ship backup.pl and sources files Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 6c9744bbcb0ab0b483884c914466f960287c0f9d Author: Adolf Belka Date: Thu Apr 24 16:20:40 2025 +0200 update.sh: Core195 - remove any 3coresec ipblocklists during Core Update - This ensures that any existing 3coresec blocklists that might have been selected when they existed will be removed from users systems. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 74be89cf589f93aea0f0aade3a5dcba8bcbb3ea2 Author: Adolf Belka Date: Thu Apr 24 16:20:39 2025 +0200 backup.pl: Remove any 3coresec ipblocklists from old backups being restored - This patch ensures that any restore from an old backup cointaining the 3coresec lists will not restore the ipblocklist associated files for those lists. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a023f6b57428be64d39802eb20c90c4192c4b136 Author: Adolf Belka Date: Thu Apr 24 16:20:38 2025 +0200 sources: remove the 3CORESEC ipblocklist entries from the sources file - The three 3CORESEC ipblocklists were removed and the web server urls completely removed on 3 Feb 2025. There was no explanation or announcement. - There was some suggestion from their twitter account that they might be ressurrected which is why the removal was delayed. However there has been no further notification or indication of any change. - From their website they focus on a turnkey platform provision and the provision of actionable threat information being provided on a subscription basis. So I believe they have decided to stop the free IPBlocklist provision but were not willing to make a clear announcement on that fact. - This patch removes the three lists from the sources file. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 3d8ed693e204235cf0c92be8bb0c4b327e878256 Author: Michael Tremer Date: Thu Apr 24 14:52:08 2025 +0000 core195: Ship protobuf and protobuf-c Signed-off-by: Michael Tremer commit 08d1f80b1aaf9f50a2f00905b2afa38a01455e94 Author: Adolf Belka Date: Thu Apr 24 15:45:44 2025 +0200 protobuf-c: Update to version 1.5.2 - Update from version 1.5.0 to 1.5.2 - Update of rootfile not required - The update to protobuf caused a breaking change for the build of protobuf-c. Version 1.5.2 has the fix for that issue in it. - The changes to protobuf-c are such that the code has been significantly changed and the previous patch file for version 1.5.0 is no longer needed. - Changelog 1.5.2 * Chase compatibility issues with Google protobuf 30.0-rc1 by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/762 * protoc-gen-c: Explicitly construct strings where needed for protobuf 30.x by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/768 1.5.1 * CMakeList.txt: Remove double hyphens by @AlessandroBono in https://github.com/protobuf-c/protobuf-c/pull/699 * Makefile.am: Distribute missing Config.cmake.in by @AlessandroBono in https://github.com/protobuf-c/protobuf-c/pull/700 * protobuf_c_message_unpack(): Fix memory corruption by initializing unknown_fields pointer by @smuellerDD in https://github.com/protobuf-c/protobuf-c/pull/703 * Fix CI issues with CMake by @clementperon in https://github.com/protobuf-c/protobuf-c/pull/714 * build.yml: Install libtool on OS X by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/717 * build.yml: Set "fail-fast: false" so we can tell which jobs are failing by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/718 * Update actions by @AndrewQuijano in https://github.com/protobuf-c/protobuf-c/pull/740 * Miscellaneous CI updates by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/747 * build.yml: Build on more pull request activity types by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/751 * Chase compatibility issues with Google protobuf >= 26.0 by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/711 * Clean CMake by @clementperon in https://github.com/protobuf-c/protobuf-c/pull/719 * build.yml: Update Windows dependencies (abseil, protobuf) by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/753 * build.yml: Ubuntu: Add 22.04, 24.04 by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/754 * Order oneof union members from largest to smallest by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/755 * More renaming of `protoc-c` to `protoc-gen-c` by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/756 * cmake: Fix build when using ninja and protobuf-c already installed by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/757 * protoc-gen-c: Log a deprecation warning when invoked as `protoc-c` by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/758 * build.yml: Try running multiarch builds on Debian bookworm by @edmonds in https://github.com/protobuf-c/protobuf-c/pull/759 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit dd8b385fc499d3a297e731bd49ab720a4a1fe2de Author: Adolf Belka Date: Thu Apr 24 15:45:43 2025 +0200 protobuf: Update to version 30.2 - Update from version 29.3 to 30.2 - Update of rootfile - Changes in protobuf required changes in protobuf-c to prevent build crashes. An update for protobuf-c is combined in this patch set. - protobuf, protobuf-c and frr (which depends on those) all built successfully. - Changelog 30.2 Compiler Restore generator headers in cmake install until the next breaking C++ release (#20749) (b69f653) C++ Remove dllexport attribute on variable definition. (#20833) (7831669) Restore generator headers in cmake install until the next breaking C++ release (#20749) (b69f653) Change how we decide which empty string implementation to use. (#20708) (221b2a0) Java Remove dllexport attribute on variable definition. (#20833) (7831669) Add protobuf_maven artifacts to protobuf_maven_dev as well so they can still be referenced correctly using the dev namespace for dev-only targets. (#20771) (09b5078) Add volatile to featuresResolved (#20766) (b7f06f1) Restore generator headers in cmake install until the next breaking C++ release (#20749) (b69f653) Restore custom protobuf maven namespaces to avoid polluting main maven namespace for non-dev dependencies as well. (#20739) (f4b0a79) Fix Java concurrency issue in feature resolution for old <=3.25.x gencode using lazy feature resolution. (#20751) (2dc9f35) Fix lite classes in the protobuf-java Maven release to be JDK8 compatible. (#20843) (7a4c63b) Kotlin Restore custom protobuf maven namespaces to avoid polluting main maven namespace for non-dev dependencies as well. (#20739) (f4b0a79) Csharp Restore generator headers in cmake install until the next breaking C++ release (#20749) (b69f653) Objective-C Restore generator headers in cmake install until the next breaking C++ release (#20749) (b69f653) Python Restore generator headers in cmake install until the next breaking C++ release (#20749) (b69f653) Ruby Restore generator headers in cmake install until the next breaking C++ release (#20749) (b69f653) Other Restore JDK8 compatibility in Bazel for libraries with dependencies from Maven (e.g. //java/util) (#20832) (da9cadc) 30.1 Bazel Loosen py_proto_library check to be on the import path instead of full directory (i.e. excluding external/module-name prefix). (#20569) (3576a1f) Compiler Fix python codegen crash when C++ features are used. (#20577) (250c550) C++ Fix python codegen crash when C++ features are used. (#20577) (250c550) Java Remove Java runtime classes from kotlin release. (#20607) (4747628) Kotlin Remove Java runtime classes from kotlin release. (#20607) (4747628) Python Fix python codegen crash when C++ features are used. (#20577) (250c550) Other Re-add system_python repo alias to MODULE.bazel (#20662) (ebb5224) 30.0 Announcements This version includes breaking changes to: Objective-C, Python, C++. [Objective-C] Remove legacy WKT headers. (d9caebc) [Objective-C] Remove deprecated apis. (2a52b90) [Objective-C] Remove support for older generated code. (cffa590) [Objective-C] Remove GPBUnknownFieldSet. (2b93422) [Python] Fix closed enum validation under editions (72b3eda) [Python] Remove deprecated GetDebugString() from protobuf python cpp extension. (721a452) [Python] Remove deprecated reflection methods (292f964) [Python] Remove deprecated GetPrototype MessageFactory.GetPrototype(), (c261b49) [Python] Python nested message class qualname now contains the outer message name. (Previous qualname has the same result with name for nested message that outer message name was not included) (0720536) [Python] Remove deprecated Python RPC Service Interfaces (5ba74b1) [Python] Python setdefault behavior change for map field. (81da6b9) [Python] Remove deprecated py_proto_library macro. [C++] Prohibit using Bazel+MSVC to build protobuf (117e7bb) [C++] Remove deprecated Arena::CreateMessage. (d83a536) [C++] Remove CMake submodule support in favor of fetched or installed dependencies. (3f06ca4) [C++] Flip default behavior for handling cmake dependencies. (9cc685e) [C++] Add ASAN poisoning after clearing oneof messages on arena. (54d068e) [C++] Upgrade return type of type_name() and cpp_type_name() from const char* to absl::string_view. (a9ad51f) [C++] Remove deprecated RepeatedPtrField::ClearedCount(). (e8e3253) [C++] Upgrade return type of several string returning functions to absl::string_view. (d1990d9) [C++] Strip ctype from options in C++ (aebf8b9) [C++] Remove MutableRepeatedFieldRef::Reserve() in reflection (913f7b0) [C++] Remove deprecated JsonOptions alias. (e2eb0a1) [C++] Remove deprecated Arena::GetArena. (30ed452) Bazel Remove reference to cc_proto_aspect (fa02f76) Remove deprecated bazel/system_python.bzl alias. (00f108c) Compiler Add notices.h with information about our dependencies' licenses and add --notices flag to protoc to print the contents of that file. (a7df327) Have the protoc CLI properly report any parser warnings. (cafeaa4) Split protoc apart from libprotoc in our cmake configs. (b4b93b3) Begin adding extension numbers to SourceCodeInfo and FileDescriptorSet for tooling purposes. (9d7236b) Fix various unsigned to signed comparison warnings. (#17212) (67de087) C++ Fixing staleness tests (6abaf77) Add notices.h with information about our dependencies' licenses and add --notices flag to protoc to print the contents of that file. (a7df327) Backport: Remove if_constexpr usage for future Abseil compatibility (#20488) (450ee76) Add tests for older gcc versions we still support (#20463) (0778473) Fix a bug in handling of implicit-presence string_view fields. (#20403) (81196ac) Remove rules_rust dependency from MODULE.bazel for 30.x (#20310) (b8248f6) Upgrade abseil-cpp to 20250127 and use @com_google_absl -> @abseil-cpp and com_google_googletest -> @googletest canonical BCR names. (#20295) (df849cc) Replace std::any with a custom solution. (#20251) (6250d09) Make DebugString print debug output, enable debug markers for debug output (9a03332) Fix missing port_undef (#20052) (0644388) Use __builtin_expect_with_probability for proto field presence checks. (e958419) Enable meta-tagging for redaction purposes (1f48795) Breaking change: Prohibit using Bazel+MSVC to build protobuf (117e7bb) Breaking change: Upgrade return type of several string returning functions to absl::string_view. (d1990d9) Print the presence probability when analysis is enabled. (d4ba7ff) Split protoc apart from libprotoc in our cmake configs. (b4b93b3) Breaking change: Strip ctype from options in C++ (aebf8b9) Breaking change: Remove MutableRepeatedFieldRef::Reserve() in reflection (913f7b0) Remove stale references to C++14. (f4cc92c) Breaking change: Upgrade return type of type_name() and cpp_type_name() from const char* to absl::string_view. (a9ad51f) Update cmake minimum version to >=3.16. (21f535c) Migrate coded output stream arguments from const std::string& to absl::string_view. (0361a59) Breaking change: Remove deprecated Arena::GetArena. (30ed452) Remove the time (or time-based) entropy being added to Map's seed. (a7875bb) Don't use CLOCK_UPTIME_RAW if it won't be defined (#16951) (097dcda) Fix DEPENDENCIES in protobuf_generate() to accept multiple values instead of silently dropping (52887e1) Use ABSL_PREDICT_TRUE|FALSE instead of PROTOBUF_PREDICT_TRUE|FALSE. (fd47730) Breaking change: Flip default behavior for handling cmake dependencies. (9cc685edf867acf5... Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a4e20441ff08401644fc29342338ef8f6bd7984a Author: Michael Tremer Date: Thu Apr 24 14:47:33 2025 +0000 core195: Ship WireGuard Signed-off-by: Michael Tremer commit 870bd70a3d85d0ca4bc826fe9440d74ac4b343f3 Merge: f0c8d0eb9a 1de96a83d6 Author: Michael Tremer Date: Thu Apr 24 09:34:23 2025 +0000 Merge remote-tracking branch 'ms/wg' into next commit 1de96a83d6d6cec5d4d3eda1792aa80bfbd8fafe Author: Michael Tremer Date: Wed Apr 23 12:35:52 2025 +0200 firewall: Add support for WireGuard peers to groups Signed-off-by: Michael Tremer commit 3bcb69888eabf32ebfec10389cbb42eed8c91837 Author: Michael Tremer Date: Tue Apr 22 19:59:43 2025 +0200 firewall: Actually create WireGuard rules Signed-off-by: Michael Tremer commit 843c39434195e0fe78be36fb25adc5854aff78a2 Author: Michael Tremer Date: Tue Apr 22 19:58:01 2025 +0200 wireguard-functions.pl: Return subnets as an array reference I don't know why, but otherwise Perl will try to expand everything everywhere all of the time. Signed-off-by: Michael Tremer commit 9c72aa966309ea160c4385363d9e29305af73389 Author: Michael Tremer Date: Tue Apr 22 19:48:37 2025 +0200 firewall-lib.pl: Fix whitespace issues No functional changes. Signed-off-by: Michael Tremer commit 3f538a827627ae70fc2c892abab6e8d73f73aaad Author: Michael Tremer Date: Tue Apr 22 19:47:23 2025 +0200 wireguard-functions.pl: Return a hash reference instead of a hash when loading a peer Perl is so absolutely fucking broken and dealing with hashes is such a massive pain in the rear. I don't want to see this any more. Signed-off-by: Michael Tremer commit 60dd0f8f15d1b70e0692c933dcf374dd329ee365 Author: Michael Tremer Date: Tue Apr 22 18:12:20 2025 +0200 firewall.cgi: Use "peer" for the WireGuard "hosts" We don't distinguish between N2N and RW and therefore we should not use the term "hosts" here. Signed-off-by: Michael Tremer commit 77631ba4c738432c31cd4b6fad0da28b880fb0c7 Author: Michael Tremer Date: Tue Apr 22 18:09:31 2025 +0200 firewall.cgi: Highlight any deleted WireGuard peers Signed-off-by: Michael Tremer commit 657801ca491cf671d7201354b566a42d6cce6515 Author: Michael Tremer Date: Tue Apr 22 17:48:20 2025 +0200 firewall.cgi: Highlight WireGuard rules in the correct colour Signed-off-by: Michael Tremer commit 0818920c8a96df3b80042f2ffe8bade8d4545076 Author: Michael Tremer Date: Tue Apr 22 17:47:52 2025 +0200 Run "./make.sh lang" Signed-off-by: Michael Tremer commit 468e9831d5c7b99a2dc20b66d881f43ecb0a424b Author: Michael Tremer Date: Tue Apr 22 17:41:12 2025 +0200 firewall.cgi: Add dropdown to add WireGuard peers to a firewall rule Signed-off-by: Michael Tremer commit 6c228fabd02aaf17ff1e0b403666a01725d70b3c Author: Michael Tremer Date: Thu Jan 2 13:41:12 2025 +0000 make.sh: Build wireguard-tools later Signed-off-by: Michael Tremer commit 06ee2b84e7e33235caf2203810cddc3c7020a943 Author: Michael Tremer Date: Fri Dec 6 20:15:44 2024 +0100 wireguard.cgi: Remove function to show configuration This code is no longer re-used Signed-off-by: Michael Tremer commit 456ff347463776c3a5adee02d3d2ca65924661c2 Author: Michael Tremer Date: Fri Dec 6 20:14:55 2024 +0100 wireguard-functions.pl: Actually generate all configuration types Signed-off-by: Michael Tremer commit ccb2d0a211b9efd65c4943c7594b6e367a371ec9 Author: Michael Tremer Date: Fri Dec 6 20:08:33 2024 +0100 wireguard.cgi: It is no longer possible to download the configuration again Signed-off-by: Michael Tremer commit 9b57b59a411fe3e82c173becad8f0edc538aafe6 Author: Michael Tremer Date: Fri Dec 6 20:06:19 2024 +0100 wireguard.cgi: Merge both functions to generate a peer configuration Signed-off-by: Michael Tremer commit 6dcd2c24bba008952469414b6d560863793e6001 Author: Michael Tremer Date: Fri Dec 6 20:01:48 2024 +0100 wireguard-functions.pl: Unify fetching the endpoint Signed-off-by: Michael Tremer commit db8d09bdb72ddf08333172b18fc145393c5375d6 Author: Michael Tremer Date: Fri Dec 6 19:59:54 2024 +0100 wireguard.cgi: Redirect back to the right place on error Signed-off-by: Michael Tremer commit 335cd6187bfe38e0e4c671f2a848bd834855f952 Author: Michael Tremer Date: Fri Dec 6 19:59:35 2024 +0100 wireguard.cgi: Bring back the warning about showing config only once Signed-off-by: Michael Tremer commit c0261d9b96f55a954ee63ad9115db6d2a5636c38 Author: Michael Tremer Date: Fri Dec 6 19:56:05 2024 +0100 wireguard.cgi: No longer store the private keys for RW peers Signed-off-by: Michael Tremer commit a61f0c752225fd3dcde20a9929947f3fe2586781 Author: Michael Tremer Date: Fri Dec 6 19:50:33 2024 +0100 wireguard.cgi: Send the N2N peer configuration to the client Signed-off-by: Michael Tremer commit 7b62f1706638ab287e0300b43a322c595b1466fb Author: Michael Tremer Date: Fri Dec 6 19:31:35 2024 +0100 wireguard.cgi: Change generate_peer_configuration to only generate RW stuff Signed-off-by: Michael Tremer commit 9914a4f1cdf811e790164a1b2d047d985065b6ac Author: Michael Tremer Date: Fri Dec 6 18:40:16 2024 +0100 wireguard.cgi: Don't offer to download the configuration for N2N Signed-off-by: Michael Tremer commit 4e4b6033294509f6a9301cf7d7700263adc69172 Author: Michael Tremer Date: Fri Dec 6 18:35:42 2024 +0100 wireguard.cgi: Create a new simplified dialogue to create a new N2N connection The former process was very complicated and required that many settings were copied across both sides. It seems to be much more elegant to generate a new connection in one place and import it on the other side. Signed-off-by: Michael Tremer commit 5058edbadacd66e5313e4a1bbe9fca09aaace483 Author: Michael Tremer Date: Fri Dec 6 17:13:53 2024 +0100 wireguard: Accept FQDNs as endpoints Signed-off-by: Michael Tremer commit a6568d122d85d447805aa137c68a541c641b3516 Author: Michael Tremer Date: Fri Dec 6 17:12:16 2024 +0100 wireguard: Install wg-dynamic This is a script that checks if we are connected with the correct peer. Signed-off-by: Michael Tremer commit 82f8e2fef4c35cf44250a8484ef4c63a95e12b49 Author: Michael Tremer Date: Fri Dec 6 16:20:30 2024 +0100 wireguard: Transparently replace 0.0.0.0/0 with 0.0.0.0/1 and 128.0.0.0/1 Signed-off-by: Michael Tremer commit 057c7692b1fd41f1683f68cf20742f6f025d1c17 Author: Michael Tremer Date: Fri Dec 6 14:34:38 2024 +0100 wireguard-functions.pl: Fix Perl syntax issue Signed-off-by: Michael Tremer commit 61a4d3cf49ae48896663af0cfee094b1f04df83f Author: Michael Tremer Date: Fri Dec 6 14:30:20 2024 +0100 wireguard.cgi: Fix connection status for RW connections Signed-off-by: Michael Tremer commit 803f69b16f6e560a38220f19449aa86afa53198a Author: Michael Tremer Date: Fri Nov 22 14:09:35 2024 +0100 wireguard.cgi: Make it clear what peer is being edited Signed-off-by: Michael Tremer commit 607760950b571610cef4a0e6264415ddec5c69ec Author: Michael Tremer Date: Fri Nov 22 14:04:40 2024 +0100 wireguard.cgi: Suggest a PSK for new N2N peers Signed-off-by: Michael Tremer commit be78d2abafc58a7f216102079498e642c107aebc Author: Michael Tremer Date: Fri Nov 22 13:53:07 2024 +0100 wireguard.cgi: Show our own public key when creating N2N peers Signed-off-by: Michael Tremer commit ac1032f025a851bf03c4ff56e21df379c81aba04 Author: Michael Tremer Date: Fri Nov 22 13:38:13 2024 +0100 wireguard.cgi: Don't show the public key There is very little use now since we don't use this key for N2N connections any more. RW clients will have the public key in their configuration files. Signed-off-by: Michael Tremer commit 0d241960201088fea9eeae80eee06555a724a03f Author: Michael Tremer Date: Fri Nov 22 13:34:35 2024 +0100 wireguard.cgi: Fix fetching connection status with multiple interfaces Signed-off-by: Michael Tremer commit aba4372e3ec4001bafb32f94eae9698dcb174259 Author: Michael Tremer Date: Mon Sep 30 20:05:48 2024 +0200 wireguard: Store the connection name as an alias This way it is easier to find the correct interface on the console. Signed-off-by: Michael Tremer commit 3679c7a0d4f8881679c72abd321a90e75febc2c3 Author: Michael Tremer Date: Mon Sep 30 20:04:05 2024 +0200 wireguard.cgi: Allow to edit the port and automatically chose one Signed-off-by: Michael Tremer commit 39eafa413f4b37e8dc1abff1f7d7ca2c0e1cbffa Author: Michael Tremer Date: Mon Sep 30 19:40:09 2024 +0200 wireguard.cgi: Add controls to download configuration Signed-off-by: Michael Tremer commit 66546a360704717be03ffa12ff80137cccbab90a Author: Michael Tremer Date: Mon Sep 30 19:00:40 2024 +0200 wireguard.cgi: Store the private key for RW peers, too We have so much key material stored that it does not make much sense to drop a bit of it when it makes life so much harder. Signed-off-by: Michael Tremer commit eb48782ee7184b5c397efeda14f27d83e3c6995b Author: Michael Tremer Date: Mon Sep 30 18:53:45 2024 +0200 wireguard: Implement creating an extra interface per N2N peer When importing a configuration, we will receive a new private key which we cannot apply to the original interface. Therefore we need to create a new one for each peer. RW peers will remain on wg0 which will always exist. Signed-off-by: Michael Tremer commit 5541ca3faf4e0100cd64e79022d4c0a4eed658fd Author: Michael Tremer Date: Mon Sep 30 18:49:07 2024 +0200 wireguard-functions.pl: Store networks in CIDR notation only wg(8) does not accept anything else. Signed-off-by: Michael Tremer commit 09901bae0a8cffdd9f8d77eaac6a1c114723e32b Author: Michael Tremer Date: Sun Sep 29 14:17:10 2024 +0200 wireguard.cgi: Implement a way to import a connection Signed-off-by: Michael Tremer commit 0739ae938f1881cb863018e2230e0f523f073005 Author: Michael Tremer Date: Fri Sep 27 18:53:51 2024 +0200 wireguard.cgi: Rename function to check keys This function can check all types of keys and not only the public key. Signed-off-by: Michael Tremer commit a3170662bf8943b57a1bbbe0b86ec4a1eb954802 Author: Michael Tremer Date: Fri Sep 27 18:03:14 2024 +0200 wireguard-functions.pl: Don't send DNS configuration to n2n peers Signed-off-by: Michael Tremer commit 32f722f9c831bc037f10e069a3c44d3e3b3e5c66 Author: Michael Tremer Date: Fri Sep 27 17:58:36 2024 +0200 wireguard.cgi: Rename "generate_client_configuration" to "generate_peer_configuration" Signed-off-by: Michael Tremer commit 37174e29de670a33f9be4b90c88b0a96c695dad1 Author: Michael Tremer Date: Fri Sep 27 17:55:46 2024 +0200 wireguard.cgi: Normalize filenames This is because Windows clients won't import any configurations that have spaces in the filename. Therefore we replace it and remove anything else unwanted on the way. Signed-off-by: Michael Tremer commit 76ea485d9edb781328e307c68b1f878d933408e5 Author: Michael Tremer Date: Fri Sep 27 17:39:22 2024 +0200 wireguard: Select the correct source IP address for N2N peers This is so that the firewall chooses the correct IP address when trying to establish connections to the remote networks. Signed-off-by: Michael Tremer commit 08ddf896561c7733a17491d175dd6bda00e775e3 Author: Michael Tremer Date: Sat Sep 21 12:12:05 2024 +0200 misc-progs: Fix compiling wireguardctrl Signed-off-by: Michael Tremer commit b611b775dd1780cb59c8fde77f7ebb8722b79ecd Author: Michael Tremer Date: Fri Sep 20 17:12:26 2024 +0200 wireguard.cgi: Allow to configure a custom endpoint Signed-off-by: Michael Tremer commit d312592b00270f972b60a648b431f074f0b1ebf1 Author: Michael Tremer Date: Fri Sep 20 16:54:09 2024 +0200 wireguard.cgi: Permit empty client pool Signed-off-by: Michael Tremer commit 5a1c02df8973b3acc5c3101a94e86fe6df4b43b6 Author: Michael Tremer Date: Thu Sep 12 19:39:26 2024 +0200 firewall: Add WireGuard RW to the UI Signed-off-by: Michael Tremer commit 1f2bb86219bb57718b9a666f9c5b14b2c44f98a3 Author: Michael Tremer Date: Wed Sep 11 02:24:49 2024 +0200 wireguard: Move functions into their own file Signed-off-by: Michael Tremer commit d6868ae94c63d0f708985e6bb6604a4bd40cf1a8 Author: Michael Tremer Date: Fri Sep 6 18:20:46 2024 +0200 firewall: Allow WG traffic when the firewall is in permissive mode Signed-off-by: Michael Tremer commit 27e9dcc159247d55e369b3cbf6b826168fda38f6 Author: Michael Tremer Date: Fri Sep 6 18:10:48 2024 +0200 wireguard.cgi: Only show the location if we have something Otherwise the text won't be centered in the box which looks a little bit wrong. Signed-off-by: Michael Tremer commit 397e0c527192382ed628df6d8ec767fef2240a54 Author: Michael Tremer Date: Fri Sep 6 18:02:26 2024 +0200 services.cgi: Don't always try expand the status column unless asked Signed-off-by: Michael Tremer commit 35afcd212ef33f091a6a36e8dd3b092da2613d59 Author: Michael Tremer Date: Fri Sep 6 17:59:58 2024 +0200 wireguard.cgi: Remove the large box to warn people that the configuration will only be shown once Signed-off-by: Michael Tremer commit 6d8483a793bd720bdf183b2eaa43fdd5bf0402c0 Author: Michael Tremer Date: Fri Sep 6 17:56:15 2024 +0200 wireguard.cgi: Add a button to return after creating a new connection Signed-off-by: Michael Tremer commit fadf9488c4ad2dcee9060240dabafe49fa74b154 Author: Michael Tremer Date: Wed Aug 14 18:49:56 2024 +0200 AQM: Ignore WireGuard interfaces Signed-off-by: Michael Tremer commit 76db32dd47b45947905ecb28475accfae848919e Author: Michael Tremer Date: Wed Aug 14 18:40:09 2024 +0200 web UI: Add a menu entry Signed-off-by: Michael Tremer commit e5604dafcd5fe74af8a116bb5c26d36d268d9490 Author: Michael Tremer Date: Wed Aug 14 18:33:44 2024 +0200 misc-progs: Update rootfile Signed-off-by: Michael Tremer commit 63a1468e907c6cf8d469df560f04d656c03d0c70 Author: Michael Tremer Date: Wed Aug 14 18:23:55 2024 +0200 wireguard.cgi: Don't allow creating RW connections if there is no address space Signed-off-by: Michael Tremer commit 593481a6b3b613dcabff936f2c9fedb87f778900 Author: Michael Tremer Date: Wed Aug 14 18:14:26 2024 +0200 wireguard.cgi: Don't show an empty table if there are no peers Signed-off-by: Michael Tremer commit 85ec8363a873100fc1bb49e3c01f9f63bf97c6e1 Author: Michael Tremer Date: Wed Aug 14 15:55:06 2024 +0000 wireguard: Install empty configuration files Signed-off-by: Michael Tremer commit 31a21c9974b82fb266ddea3320be69de32628d9b Author: Michael Tremer Date: Wed Aug 14 15:51:19 2024 +0000 firewall: Fix typo in "iptables" Signed-off-by: Michael Tremer commit 95bf26599d97d98ece3886fe69ccf898f19b298f Author: Michael Tremer Date: Thu Apr 25 20:36:42 2024 +0200 wireguard.cgi: Rename local subnets to allowed subnets Signed-off-by: Michael Tremer commit f552e23da404adf4555299c887a0279016323df4 Author: Michael Tremer Date: Wed Apr 17 17:13:32 2024 +0000 misc-progs: Add wireguardctrl Signed-off-by: Michael Tremer commit eb47427429e5518385344c2fa262948b0b0e659a Author: Michael Tremer Date: Sun Apr 14 13:50:08 2024 +0000 wireguard-tools: New package Signed-off-by: Michael Tremer commit 89b976e9a7e4da13b82de4aadadb63ffaf3031a6 Author: Michael Tremer Date: Thu Apr 25 20:32:57 2024 +0200 wireguard: Block unauthorized traffic Signed-off-by: Michael Tremer commit f0a4cae5e82fe9011d41a17d359419b528c80415 Author: Michael Tremer Date: Thu Apr 25 20:20:13 2024 +0200 wireguard: Rename routes to remote subnets Signed-off-by: Michael Tremer commit 5ca419c7fff709bf33b7a23d75632129590ef5be Author: Michael Tremer Date: Thu Apr 25 20:16:38 2024 +0200 lang: Add translation for "remarks" Signed-off-by: Michael Tremer commit cb7e2a7d908f0db7201f2b3d7c4fded3caba8586 Author: Michael Tremer Date: Thu Apr 25 20:13:56 2024 +0200 wireguard.cgi: Implement toggle enable/disable peers Signed-off-by: Michael Tremer commit 4846ff3a1091f280f3fdabbfdd898adfeff80e87 Author: Michael Tremer Date: Thu Apr 25 20:03:49 2024 +0200 wireguard.cgi: Make the client configuration downloadable I believe this is much better than copy & paste. Signed-off-by: Michael Tremer commit ca479eb8bfdd6d1c154c8bea1b823fd940727533 Author: Michael Tremer Date: Thu Apr 25 19:50:45 2024 +0200 wireguard.cgi: Implement DNS configuration for clients Signed-off-by: Michael Tremer commit b526e4998161c217ac0af88ad616e32bdac314c7 Author: Michael Tremer Date: Thu Apr 25 19:33:21 2024 +0200 wireguard.cgi: Correctly compose the FQDN Signed-off-by: Michael Tremer commit 4981916fd955d0fc7a9008352d3a4bec1a498cdd Author: Michael Tremer Date: Thu Apr 25 19:32:52 2024 +0200 general-functions.pl: Always load the main settings Signed-off-by: Michael Tremer commit 2406a4cfe573cdc926e14150522578d861e4c240 Author: Michael Tremer Date: Thu Apr 25 19:22:01 2024 +0200 wireguard.cgi: Call start instead of reload I didn't implement reload in the helper. Signed-off-by: Michael Tremer commit ff9ccfa8d75871f96d43501f4536590c680429d7 Author: Michael Tremer Date: Thu Apr 25 19:15:53 2024 +0200 wireguard.cgi: Dynamically allocate a pool address for clients Signed-off-by: Michael Tremer commit 0cf51b17e97c93e988c52cc3462061e085facc3c Author: Michael Tremer Date: Thu Apr 25 18:48:22 2024 +0200 wireguard.cgi: Ensure that AllowedIPs are in CIDR format Signed-off-by: Michael Tremer commit 5eb7d41133f3b8a74f38f3b2ab01ccb8c34ae0f1 Author: Michael Tremer Date: Thu Apr 25 18:47:49 2024 +0200 wireguard: Route the client pool Signed-off-by: Michael Tremer commit 303f811025b6d2672b8535d63b039e2d76a2260a Author: Michael Tremer Date: Thu Apr 25 17:32:32 2024 +0200 wireguard.cgi: Show a QR code that contains the client configuration Signed-off-by: Michael Tremer commit c0cddfa6feb95c13cdd84ea68253c5f025801d45 Author: Michael Tremer Date: Thu Apr 25 17:14:27 2024 +0200 wireguard.cgi: Show client configuration after creating a client Signed-off-by: Michael Tremer commit 21001812389666836552bc193248cb2ffc3a76b6 Author: Michael Tremer Date: Thu Apr 25 13:04:01 2024 +0200 wireguard.cgi: Check if the client pool is in use and prevent editing Signed-off-by: Michael Tremer commit f84c7d0bdac38fb6ed7105a21c1f2422ddbcd656 Author: Michael Tremer Date: Thu Apr 25 12:57:08 2024 +0200 wireguard.cgi: Add client pool config option Signed-off-by: Michael Tremer commit d11f9d75b002b8395fe094b0beaf2bb4c2e2e0ed Author: Michael Tremer Date: Thu Apr 25 12:51:46 2024 +0200 wireguard.cgi: Implement creating host-to-net connections Signed-off-by: Michael Tremer commit 4e83b78e86b12ec418e872cae7f162b9548c3a59 Author: Michael Tremer Date: Thu Apr 25 12:18:14 2024 +0200 wireguard.cgi: Move creating private keys into a separate function Signed-off-by: Michael Tremer commit a77882639e42e40deea0ea2e811ed0644f51ebe7 Author: Michael Tremer Date: Thu Apr 25 00:50:17 2024 +0200 wireguard.cgi: Rename editor to edit-net Signed-off-by: Michael Tremer commit 3eba8076012f79da1bda90995afc88bce569a060 Author: Michael Tremer Date: Thu Apr 25 00:44:53 2024 +0200 wireguard.cgi: Fix typo of %checked Signed-off-by: Michael Tremer commit 6a760ba418e6701b584ca80a6cd834e014397929 Author: Michael Tremer Date: Thu Apr 25 00:44:38 2024 +0200 wireguard.cgi: Fix disabling the service Signed-off-by: Michael Tremer commit cc203a41265c8ec5564be204293cf86ac9533e81 Author: Michael Tremer Date: Thu Apr 25 00:34:34 2024 +0200 wireguard.cgi: Allow the endpoint to be empty Signed-off-by: Michael Tremer commit eefe8bcdec7095331044488aab4bf6b7a711d765 Author: Michael Tremer Date: Thu Apr 25 00:34:20 2024 +0200 wireguard.cgi: Fix saving empty PSKs Signed-off-by: Michael Tremer commit e44e1be465cab81a37bab7aa9ecb301b105633ee Author: Michael Tremer Date: Thu Apr 25 00:22:40 2024 +0200 wireguard.cgi: Implement option to configure keepalive Signed-off-by: Michael Tremer commit 283238d66fa69b3a5198b2ac7a0539f6a678ce4c Author: Michael Tremer Date: Thu Apr 25 00:04:36 2024 +0200 wireguard.cgi: Group keys together Signed-off-by: Michael Tremer commit 0b4c2c3799fdfc8cfbb67888f6a0f7a21869d826 Author: Michael Tremer Date: Thu Apr 25 00:02:58 2024 +0200 wireguard.cgi: Implement helper functions to read/write subnets Signed-off-by: Michael Tremer commit c5606af3e5ecb3a968df2a48ea10c7811760241d Author: Michael Tremer Date: Wed Apr 24 23:50:04 2024 +0200 wireguard: Implement optional PSK for post-quantum stuff Signed-off-by: Michael Tremer commit b57617edafdfa2fd057c5902ed3b5f9dc6558ec5 Author: Michael Tremer Date: Wed Apr 24 23:20:48 2024 +0200 wireguard.cgi: Implement deleting peers Signed-off-by: Michael Tremer commit 16c94e73c70da3cf6446b2bf80fa306e51ded53c Author: Michael Tremer Date: Wed Apr 24 23:14:53 2024 +0200 wireguard.cgi: Check for duplicate names Signed-off-by: Michael Tremer commit 26d6b4cd89621cb1552871be0b14a1b59584c82b Author: Michael Tremer Date: Wed Apr 24 23:07:52 2024 +0200 wireguard.cgi: Add helper functions to encode/decode remarks Signed-off-by: Michael Tremer commit 1425014380d4118bba7b4ffe1f41691a2af7a3b0 Author: Michael Tremer Date: Wed Apr 24 23:03:48 2024 +0200 wireguard.cgi: Implement launching the editor for editing a connection Signed-off-by: Michael Tremer commit 3cfb59a767313f65fdaa8d18a9df12ffaec6129c Author: Michael Tremer Date: Wed Apr 24 23:02:15 2024 +0200 wireguard.cgi: Fix typo in variable name Signed-off-by: Michael Tremer commit 7f79f01123992781788ab7b5eac12794fa21143a Author: Michael Tremer Date: Wed Apr 24 22:49:11 2024 +0200 wireguard.cgi: Adjust IDs of the peer Signed-off-by: Michael Tremer commit 44cf6442d2d2608e081dee552b0d4778586125fd Author: Michael Tremer Date: Wed Apr 24 22:26:37 2024 +0200 wireguard.cgi: Store remarks encoded as base64 Signed-off-by: Michael Tremer commit 06df633c86eabbfa40fe36c508bef8963f3f006f Author: Michael Tremer Date: Wed Apr 24 22:20:04 2024 +0200 wireguard.cgi: Rename CREATE-PEER-NET action to SAVE-PEER-NET Signed-off-by: Michael Tremer commit d9d98b678b5207856d7383c3f097eb30910df61b Author: Michael Tremer Date: Wed Apr 24 22:15:33 2024 +0200 wireguard.cgi: Add editor to create a new peer Signed-off-by: Michael Tremer commit c5af1d851cb3963441b43785b17c335d328d763e Author: Michael Tremer Date: Wed Apr 17 19:56:30 2024 +0200 wireguard.cgi: Implement choice to create a new connection Signed-off-by: Michael Tremer commit d408b1a8e717ed0387366c254a0a637c635e8a2c Author: Michael Tremer Date: Wed Apr 17 19:43:25 2024 +0200 wireguard.cgi: Remove the extra box around the peers Signed-off-by: Michael Tremer commit 8d26760ce43686485cc9db595f2efa9a9a5c3302 Author: Michael Tremer Date: Wed Apr 17 19:41:59 2024 +0200 wireguard.cgi: Move the status column more to the left Signed-off-by: Michael Tremer commit 4fe654d7704499063ec6d766faf3249149cac7a3 Author: Michael Tremer Date: Wed Apr 17 19:41:14 2024 +0200 wireguard.cgi: Show visual status when disconected Signed-off-by: Michael Tremer commit c25e3d6a1924448fa988de0118b802b7de0a0405 Author: Michael Tremer Date: Wed Apr 17 19:32:06 2024 +0200 wireguard.cgi: Show origin of the connected peer Signed-off-by: Michael Tremer commit 6d3c91bc7a7c9aa84631ca8b90dc5cda63c0ec5a Author: Michael Tremer Date: Wed Apr 17 19:19:14 2024 +0200 wireguard.cgi: Fix connection detection Signed-off-by: Michael Tremer commit 83e6991be967ceaaa8d61167c533636f35d6a498 Author: Michael Tremer Date: Wed Apr 17 19:15:35 2024 +0200 wireguard.cgi: Fix calling wireguardctrl Signed-off-by: Michael Tremer commit a5b7858c705cf7bdd37a32b2add8a9ffe3e42342 Author: Michael Tremer Date: Wed Apr 17 18:58:11 2024 +0200 wireguard.cgi: Show status for each peer Signed-off-by: Michael Tremer commit fdfec12a5f272c8f960f3fcbc4af356f80fc1b9a Author: Michael Tremer Date: Tue Apr 16 18:21:59 2024 +0200 wireguard.cgi: Show peers in a table Signed-off-by: Michael Tremer commit 06dbc836a47160d51ab10f8b9d4ca356beaa7cdb Author: Michael Tremer Date: Tue Apr 16 18:06:47 2024 +0200 wireguard.cgi: Add a basic CGI to configure the global settings Signed-off-by: Michael Tremer commit fc32e7b9147d2eeeb6e2bc1497859fb050001eb5 Author: Michael Tremer Date: Tue Apr 16 16:20:55 2024 +0200 firewall: Automatically open ports for WireGuard Signed-off-by: Michael Tremer commit b78ba3624f0a11c060ad06dbd65741b82684d93e Author: Michael Tremer Date: Tue Apr 16 16:17:59 2024 +0200 wireguard: Add initscript Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/backup/backup.pl | 14 +- config/cfgroot/general-functions.pl | 12 + config/cfgroot/header.pl | 13 + config/cfgroot/wireguard-functions.pl | 599 +++++++++ config/firewall/firewall-lib.pl | 45 +- config/firewall/firewall-policy | 12 + config/ipblocklist/sources | 18 - config/menu/40-services.menu | 6 + config/rootfiles/common/aarch64/initscripts | 4 + config/rootfiles/common/configroot | 4 + config/rootfiles/common/fontconfig | 2 +- config/rootfiles/common/libcap | 5 +- config/rootfiles/common/libgpg-error | 2 +- config/rootfiles/common/misc-progs | 3 +- config/rootfiles/common/openssh | 1 + config/rootfiles/common/openssl | 329 ++++- config/rootfiles/common/protobuf | 125 +- config/rootfiles/common/riscv64/initscripts | 4 + config/rootfiles/common/web-user-interface | 1 + config/rootfiles/common/wireguard-tools | 4 + config/rootfiles/common/x86_64/initscripts | 4 + .../186 => core/195}/filelists/btrfs-progs | 0 .../{oldcore/103 => core/195}/filelists/coreutils | 0 config/rootfiles/core/195/filelists/files | 18 + .../{oldcore/110 => core/195}/filelists/fontconfig | 0 .../{oldcore/104 => core/195}/filelists/libcap | 0 .../{oldcore/155 => core/195}/filelists/libffi | 0 .../106 => core/195}/filelists/libgpg-error | 0 .../{oldcore/100 => core/195}/filelists/openssh | 0 .../{oldcore/100 => core/195}/filelists/openssl | 0 .../{oldcore/190 => core/195}/filelists/protobuf | 0 .../{oldcore/190 => core/195}/filelists/protobuf-c | 0 .../rootfiles/core/195/filelists/wireguard-tools | 1 + config/rootfiles/core/195/update.sh | 26 + config/rootfiles/packages/alsa | 169 ++- config/udev/network-aqm | 5 + config/wireguard/wg-dynamic | 122 ++ doc/language_issues.de | 43 +- doc/language_issues.en | 56 +- doc/language_issues.es | 54 +- doc/language_issues.fr | 54 +- doc/language_issues.it | 54 +- doc/language_issues.nl | 54 +- doc/language_issues.pl | 54 +- doc/language_issues.ru | 54 +- doc/language_issues.tr | 54 +- doc/language_missings | 443 ++++++- html/cgi-bin/firewall.cgi | 83 +- html/cgi-bin/fwhosts.cgi | 59 + html/cgi-bin/pakfire.cgi | 191 ++- html/cgi-bin/services.cgi | 4 +- html/cgi-bin/wireguard.cgi | 1369 ++++++++++++++++++++ html/html/themes/ipfire/include/css/style.css | 9 + langs/de/cgi-bin/de.pl | 17 +- langs/en/cgi-bin/en.pl | 61 +- langs/es/cgi-bin/es.pl | 4 +- langs/fr/cgi-bin/fr.pl | 4 +- langs/it/cgi-bin/it.pl | 4 +- langs/nl/cgi-bin/nl.pl | 4 +- langs/pl/cgi-bin/pl.pl | 4 +- langs/ru/cgi-bin/ru.pl | 4 +- langs/tr/cgi-bin/tr.pl | 4 +- lfs/alsa | 16 +- lfs/btrfs-progs | 4 +- lfs/configroot | 5 +- lfs/coreutils | 6 +- lfs/fontconfig | 19 +- lfs/initscripts | 3 + lfs/libcap | 6 +- lfs/libffi | 4 +- lfs/libgpg-error | 6 +- lfs/nano | 17 +- lfs/nfs | 16 +- lfs/openssh | 17 +- lfs/openssl | 4 +- lfs/protobuf | 12 +- lfs/protobuf-c | 7 +- lfs/{iotop => wireguard-tools} | 27 +- make.sh | 1 + src/initscripts/networking/functions.network | 40 + src/initscripts/system/firewall | 9 + src/initscripts/system/wireguard | 356 +++++ src/misc-progs/Makefile | 2 +- src/misc-progs/wireguardctrl.c | 44 + src/patches/protobuf-c_1.5.0_protobuf-26.patch | 118 -- 85 files changed, 4599 insertions(+), 429 deletions(-) create mode 100644 config/cfgroot/wireguard-functions.pl create mode 100644 config/rootfiles/common/wireguard-tools copy config/rootfiles/{oldcore/186 => core/195}/filelists/btrfs-progs (100%) copy config/rootfiles/{oldcore/103 => core/195}/filelists/coreutils (100%) copy config/rootfiles/{oldcore/110 => core/195}/filelists/fontconfig (100%) copy config/rootfiles/{oldcore/104 => core/195}/filelists/libcap (100%) copy config/rootfiles/{oldcore/155 => core/195}/filelists/libffi (100%) copy config/rootfiles/{oldcore/106 => core/195}/filelists/libgpg-error (100%) copy config/rootfiles/{oldcore/100 => core/195}/filelists/openssh (100%) copy config/rootfiles/{oldcore/100 => core/195}/filelists/openssl (100%) copy config/rootfiles/{oldcore/190 => core/195}/filelists/protobuf (100%) copy config/rootfiles/{oldcore/190 => core/195}/filelists/protobuf-c (100%) create mode 120000 config/rootfiles/core/195/filelists/wireguard-tools create mode 100644 config/wireguard/wg-dynamic create mode 100644 html/cgi-bin/wireguard.cgi copy lfs/{iotop => wireguard-tools} (86%) create mode 100644 src/initscripts/system/wireguard create mode 100644 src/misc-progs/wireguardctrl.c delete mode 100644 src/patches/protobuf-c_1.5.0_protobuf-26.patch Difference in files: diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 0cfbd4fc38..b36296ee86 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -252,11 +252,14 @@ restore_backup() { -out /etc/httpd/server.crt &>/dev/null fi - # Remove any entry for ALIENVAULT, SPAMHAUS_EDROP or ABUSECH_BOTNETC2 from the ipblocklist modified file + # Remove any entry for ALIENVAULT, SPAMHAUS_EDROP, ABUSECH_BOTNETC2 or 3CORESEC from the ipblocklist modified file # and the associated ipblocklist files from the /var/lib/ipblocklist directory sed -i '/ALIENVAULT=/d' /var/ipfire/ipblocklist/modified sed -i '/SPAMHAUS_EDROP=/d' /var/ipfire/ipblocklist/modified sed -i '/ABUSECH_BOTNETC2=/d' /var/ipfire/ipblocklist/modified + sed -i '/3CORESEC_SSH=/d' /var/ipfire/ipblocklist/modified + sed -i '/3CORESEC_SCAN=/d' /var/ipfire/ipblocklist/modified + sed -i '/3CORESEC_WEB=/d' /var/ipfire/ipblocklist/modified if [ -e /var/lib/ipblocklist/ALIENVAULT.conf ]; then rm /var/lib/ipblocklist/ALIENVAULT.conf fi @@ -266,6 +269,15 @@ restore_backup() { if [ -e /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf ]; then rm /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf fi + if [ -e /var/lib/ipblocklist/3CORESEC_SSH.conf ]; then + rm /var/lib/ipblocklist/3CORESEC_SSH.conf + fi + if [ -e /var/lib/ipblocklist/3CORESEC_SCAN.conf ]; then + rm /var/lib/ipblocklist/3CORESEC_SCAN.conf + fi + if [ -e /var/lib/ipblocklist/3CORESEC_WEB.conf ]; then + rm /var/lib/ipblocklist/3CORESEC_WEB.conf + fi # The collectd directory structure was changed but not all changes # are done by the official migration script generator diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index bbd0f9839f..cc5d9fd812 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -24,6 +24,11 @@ $General::swroot = 'CONFIG_ROOT'; $General::noipprefix = 'noipg-'; require "${General::swroot}/network-functions.pl"; +require "${General::swroot}/wireguard-functions.pl"; + +# Load the main settings file +our %mainsettings = (); +&readhash("${General::swroot}/main/settings", \%mainsettings); # This function executes a shell command without forking a shell or do any other # Perl-voodoo before it. It deprecates the "system" command and is the only way @@ -252,6 +257,13 @@ sub setup_default_networks $defaultNetworks->{"IPsec RW (${netaddress}/${prefix})"}{'NET'} = $netaddress; } } + + # WireGuard + if ($Wireguard::settings{'CLIENT_POOL'}) { + my $name = $Lang::tr{'wg rw peers'}; + + $defaultNetworks->{$name}{'NAME'} = "WGRW"; + } } sub get_aliases { diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index 2d4aa89f24..5a4d413081 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -17,6 +17,7 @@ use HTML::Entities(); use Socket; use Time::Local; use Encode; +use Unicode::Normalize; require "${General::swroot}/graphs.pl"; @@ -628,6 +629,18 @@ sub escape($) { return HTML::Entities::encode_entities($s); } +sub normalize($) { + my $s = shift; + + # Remove any special characters + $s = &Unicode::Normalize::NFKD($s); + + # Remove any whitespace and replace with dash + $s =~ s/\s+/\-/g; + + return $s; +} + sub cleanhtml { my $outstring =$_[0]; $outstring =~ tr/,/ / if not defined $_[1] or $_[1] ne 'y'; diff --git a/config/cfgroot/wireguard-functions.pl b/config/cfgroot/wireguard-functions.pl new file mode 100644 index 0000000000..79b3bb0978 --- /dev/null +++ b/config/cfgroot/wireguard-functions.pl @@ -0,0 +1,599 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2024 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +package Wireguard; + +use strict; +use MIME::Base64; + +require "/var/ipfire/general-functions.pl"; +require "/var/ipfire/network-functions.pl"; + +our @DEFAULT_PORTRANGE = (60000, 62000); +our $DEFAULT_PORT = 51820; +our $DEFAULT_KEEPALIVE = 25; + +# Read the global configuration +our %settings = (); +&General::readhash("/var/ipfire/wireguard/settings", \%settings); + +# Read all peers +our %peers = (); +&General::readhasharray("/var/ipfire/wireguard/peers", \%peers); + +# Set any defaults +&General::set_defaults(\%settings, { + "ENABLED" => "off", + "PORT" => $DEFAULT_PORT, + "CLIENT_DNS" => $Network::ethernet{'GREEN_ADDRESS'}, +}); + +# Returns the local endpoint +sub get_endpoint() { + my $endpoint = $settings{'ENDPOINT'}; + + # If no endpoint is set, we fall back to the FQDN of the firewall + if ($endpoint eq "") { + $endpoint = $General::mainsettings{'HOSTNAME'} . "." . $General::mainsettings{'DOMAINNAME'}; + } + + return $endpoint; +} + +# This function generates a set of keys for this host if none exist +sub generate_keys($) { + my $force = shift || 0; + + # Reset any previous keys if re-generation forced + if ($force) { + $settings{"PRIVATE_KEY"} = undef; + $settings{"PUBLIC_KEY"} = undef; + } + + # Return if we already have keys + return if (defined $settings{"PRIVATE_KEY"} && defined $settings{"PUBLIC_KEY"}); + + # Generate a new private key + unless (defined $settings{'PRIVATE_KEY'}) { + # Generate a new private key + $settings{"PRIVATE_KEY"} = &generate_private_key(); + + # Reset the public key + $settings{"PUBLIC_KEY"} = undef; + } + + # Derive the public key + unless (defined $settings{"PUBLIC_KEY"}) { + # Derive the public key + $settings{"PUBLIC_KEY"} = &derive_public_key($settings{"PRIVATE_KEY"}); + } + + # Store the configuration file + &General::writehash("/var/ipfire/wireguard/settings", \%settings); +} + +# Generates a new private key +sub generate_private_key() { + # Generate a new private key + my @output = &General::system_output("wg", "genkey"); + + # Store the key + foreach (@output) { + chomp; + + return $_; + } + + # Return undefined on error + return undef; +} + +# Takes a private key and derives the public key +sub derive_public_key($) { + my $private_key = shift; + my @output = (); + + # Derive the public key + if (open(STDIN, "-|")) { + @output = &General::system_output("wg", "pubkey"); + } else { + print $private_key . "\n"; + exit (0); + } + + # Return the first line + foreach (@output) { + chomp; + + return $_; + } + + # Return undefined on error + return undef; +} + +sub dump($) { + my $intf = shift; + + my %dump = (); + my $lineno = 0; + + # Fetch the dump + my @output = &General::system_output("/usr/local/bin/wireguardctrl", "dump", $intf); + + foreach my $line (@output) { + # Increment the line numbers + $lineno++; + + # Skip the first line + next if ($lineno <= 1); + + # Split the line into its fields + my @fields = split(/\t/, $line); + + # Create a new hash indexed by the public key + $dump{$fields[0]} = { + "psk" => $fields[1], + "endpoint" => $fields[2], + "allowed-ips" => $fields[3], + "latest-handshake" => $fields[4], + "transfer-rx" => $fields[5], + "transfer-tx" => $fields[6], + "persistent-keepalive" => $fields[7], + }; + } + + return %dump; +} + +sub load_peer($) { + my $key = shift; + + my $type = $peers{$key}[1]; + + my %peer = ( + "ENABLED" => $peers{$key}[0], + "TYPE" => $type, + "NAME" => $peers{$key}[2], + "PUBLIC_KEY" => $peers{$key}[3], + "PRIVATE_KEY" => $peers{$key}[4], + "PORT" => $peers{$key}[5], + "ENDPOINT_ADDR" => $peers{$key}[6], + "ENDPOINT_PORT" => $peers{$key}[7], + ($type eq "host") ? "CLIENT_ADDRESS" : "REMOTE_SUBNETS" + => &decode_subnets($peers{$key}[8]), + "REMARKS" => &decode_remarks($peers{$key}[9]), + "LOCAL_SUBNETS" => &decode_subnets($peers{$key}[10]), + "PSK" => $peers{$key}[11], + "KEEPALIVE" => $peers{$key}[12], + "INTERFACE" => ($type eq "host") ? "wg0" : "wg${key}", + ); + + return \%peer; +} + +sub get_peer_by_name($) { + my $name = shift; + + foreach my $key (keys %peers) { + my $peer = &load_peer($key); + + # Return the peer if the name matches + if ($peer->{"NAME"} eq $name) { + return $peer; + } + } + + # Return undefined if nothing was found + return undef; +} + +sub name_is_valid($) { + my $name = shift; + + # The name must be between 1 and 63 characters + if (length ($name) < 1 || length ($name) > 63) { + return 0; + } + + # Only valid characters are a-z, A-Z, 0-9, space and - + if ($name !~ /^[a-zA-Z0-9 -]*$/) { + return 0; + } + + return 1; +} + +sub name_is_free($) { + my $name = shift; + my $key = shift || 0; + + foreach my $i (keys %peers) { + # Skip the connection with ID + next if ($key eq $i); + + # Return if we found a match + return 0 if ($peers{$i}[2] eq $name); + } + + return 1; +} + +sub key_is_valid($) { + my $key = shift; + + # Try to decode the key + $key = &MIME::Base64::decode_base64($key); + + # All keys must be 32 bytes long + return length($key) == 32; +} + +sub keepalive_is_valid($) { + my $keepalive = shift; + + # Must be a number + return 0 unless ($keepalive =~ m/^[0-9]+$/); + + # Must be between 0 and 65535 (inclusive) + return 0 if ($keepalive lt 0); + return 0 if ($keepalive gt 65535); + + return 1; +} + +sub encode_remarks($) { + my $remarks = shift; + + # Encode to Base64 + $remarks = &MIME::Base64::encode_base64($remarks); + + # Remove the trailing newline + chomp($remarks); + + return $remarks; +} + +sub decode_remarks($) { + my $remarks = shift; + + # Decode from base64 + return &MIME::Base64::decode_base64($remarks); +} + +sub encode_subnets($) { + my @subnets = @_; + + my @formatted = (); + + # wg only handles the CIDR notation + foreach my $subnet (@subnets) { + my $netaddr = &Network::get_netaddress($subnet); + my $prefix = &Network::get_prefix($subnet); + + next unless (defined $netaddr && defined $prefix); + + push(@formatted, "${netaddr}/${prefix}"); + } + + # Join subnets together separated by | + return join("|", @formatted); +} + +sub decode_subnets($) { + my $subnets = shift; + + # Split the string + my @subnets = split(/\|/, $subnets); + + return \@subnets; +} + +sub pool_is_in_use($) { + my $pool = shift; + + foreach my $key (keys %peers) { + my $type = $peers{$key}[1]; + my $address = $peers{$key}[6]; + + # Check if a host is using an IP address from the pool + if ($type eq "host" && &Network::ip_address_in_network($address, $pool)) { + return 1; + } + } + + # No match found + return 0; +} + +# Takes the pool and an optional limit of up to how many addresses to return +sub free_pool_addresses($$) { + my $pool = shift; + my $limit = shift || 0; + + my @used_addresses = (); + my @free_addresses = (); + + # Collect all used addresses + foreach my $key (keys %peers) { + my $type = $peers{$key}[1]; + my $address = $peers{$key}[6]; + + # Only check hosts + next if ($type ne "host"); + + push(@used_addresses, &Network::ip2bin($address)); + } + + # Fetch the first address + my $address = &Network::get_netaddress($pool); + + # Fetch the last address + my $broadcast = &Network::get_broadcast($pool); + $broadcast = &Network::ip2bin($broadcast); + + # Walk through all addresses excluding the first and last address. + # No technical reason, we just don't want to confuse people. + OUTER: for (my $i = &Network::ip2bin($address) + 1; $i < $broadcast; $i++) { + # Skip any addresses that already in use + foreach my $used_address (@used_addresses) { + next OUTER if ($i == $used_address); + } + + push(@free_addresses, &Network::bin2ip($i)); + + # Check limit + last if ($limit > 0 && scalar @free_addresses >= $limit); + } + + return @free_addresses; +} + +sub generate_peer_configuration($$) { + my $key = shift; + my $private_key = shift; + + my @conf = (); + + # Load the peer + my $peer = &load_peer($key); + + # Return if we could not find the peer + return undef unless ($peer); + + my @allowed_ips = (); + + # Convert all subnets into CIDR notation + foreach my $subnet ($peer->{'LOCAL_SUBNETS'}) { + my $netaddress = &Network::get_netaddress($subnet); + my $prefix = &Network::get_prefix($subnet); + + # Skip invalid subnets + next if (!defined $netaddress || !defined $prefix); + + push(@allowed_ips, "${netaddress}/${prefix}"); + } + + # Fetch the endpoint + my $endpoint = &get_endpoint(); + + # Net-2-Net + if ($peer->{'TYPE'} eq "net") { + # Derive our own public key + my $public_key = &derive_public_key($peer->{'PRIVATE_KEY'}); + + push(@conf, + "[Interface]", + "PrivateKey = $private_key", + "Port = $peer->{'ENDPOINT_PORT'}", + "", + "[Peer]", + "Endpoint = ${endpoint}:$peer->{'PORT'}", + "PublicKey = $public_key", + "PresharedKey = $peer->{'PSK'}", + "AllowedIPs = " . join(", ", @allowed_ips), + "PersistentKeepalive = $peer->{'KEEPALIVE'}", + ); + + # Host-2-Net + } elsif ($peer->{'TYPE'} eq "host") { + # Fetch any DNS servers for hosts + my @dns = split(/\|/, $settings{'CLIENT_DNS'}); + + push(@conf, + "[Interface]", + "PrivateKey = $private_key", + "Address = $peer->{'CLIENT_ADDRESS'}", + ); + + # Optionally add DNS servers + if (scalar @dns) { + push(@conf, "DNS = " . join(", ", @dns)); + } + + # Finish the [Interface] section + push(@conf, ""); + + # Add peer configuration + push(@conf, ( + "[Peer]", + "Endpoint = ${endpoint}:$settings{'PORT'}", + "PublicKey = $settings{'PUBLIC_KEY'}", + "PresharedKey = $peer->{'PSK'}", + "AllowedIPs = " . join(", ", @allowed_ips), + "PersistentKeepalive = $DEFAULT_KEEPALIVE", + )); + } + + return join("\n", @conf); +} + +sub parse_configuration($) { + my $fh = shift; + + my %peer = (); + + # Collect any errors + my @errormessages = (); + + my $section = undef; + my $key = undef; + my $val = undef; + + while (<$fh>) { + # Remove line breaks + chomp; + + # Search for section headers + if ($_ =~ m/^\[(\w+)\]$/) { + $section = $1; + next; + + # Search for key = value lines + } elsif ($_ =~ m/^(\w+)\s+=\s+(.*)$/) { + # Skip anything before the first section header + next unless (defined $section); + + # Store keys and values + $key = $1; + $val = $2; + + # Skip any unhandled lines + } else { + next; + } + + # Interface section + if ($section eq "Interface") { + # Address + if ($key eq "Address") { + if (&Network::check_ip_address($val)) { + $peer{'CLIENT_ADDRESS'} = $val; + } else { + push(@errormessages, $Lang::tr{'invalid ip address'}); + } + + # PrivateKey + } elsif ($key eq "PrivateKey") { + if (&key_is_valid($val)) { + $peer{'PRIVATE_KEY'} = $val; + } else { + push(@errormessages, $Lang::tr{'malformed private key'}); + } + } + + # Peer section + } elsif ($section eq "Peer") { + # PublicKey + if ($key eq "PublicKey") { + if (&key_is_valid($val)) { + $peer{'PUBLIC_KEY'} = $val; + } else { + push(@errormessages, $Lang::tr{'malformed public key'}); + } + + # PresharedKey + } elsif ($key eq "PresharedKey") { + if (&key_is_valid($val)) { + $peer{'PSK'} = $val; + } else { + push(@errormessages, $Lang::tr{'malformed preshared key'}); + } + + # AllowedIPs + } elsif ($key eq "AllowedIPs") { + my @networks = split(/,/, $val); + + # Check if all networks are valid + foreach my $network (@networks) { + unless (&Network::check_subnet($network)) { + push(@errormessages, $Lang::tr{'invalid network'} . " $network"); + } + } + + $peer{'REMOTE_SUBNETS'} = join(", ", @networks); + # Endpoint + } elsif ($key eq "Endpoint") { + my $address = $val; + my $port = $DEFAULT_PORT; + + # Try to separate the port (if any) + if ($val =~ m/^(.*):(\d+)$/) { + $address = $1; + $port = $2; + } + + # Check if we have a valid IP address + if (&Network::check_ip_address($address)) { + # nothing + + # Check if we have a valid FQDN + } elsif (&General::validfqdn($address)) { + # nothing + + # Otherwise this fails + } else { + push(@errormessages, $Lang::tr{'invalid endpoint address'}); + next; + } + + # Store the values + $peer{'ENDPOINT_ADDRESS'} = $address; + $peer{'ENDPOINT_PORT'} = $port; + + # PersistentKeepalive + } elsif ($key eq "PersistentKeepalive") { + # Must be an integer + if ($val =~ m/^(\d+)$/) { + $peer{'KEEPALIVE'} = $1; + } else { + push(@errormessages, $Lang::tr{'invalid keepalive interval'}); + } + } + } + } + + return %peer, @errormessages; +} + +sub get_free_port() { + my @used_ports = (); + + my $tries = 100; + + # Collect all ports that are already in use + foreach my $key (keys %peers) { + push(@used_ports, $peers{$key}[5]); + } + + my ($port_start, $port_end) = @DEFAULT_PORTRANGE; + + while ($tries-- > 0) { + my $port = $port_start + int(rand($port_end - $port_start)); + + # Return the port unless it is already in use + return $port unless (grep { $port == $_ } @used_ports); + } + + return undef; +} + +1; diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index 7d35d56864..2dfc44a94e 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -95,9 +95,9 @@ sub get_srvgrp_prot my $icmp; foreach my $key (sort {$a <=> $b} keys %customservicegrp){ if($customservicegrp{$key}[0] eq $val){ - if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){ + if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){ $tcp=1; - }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){ + }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){ $udp=1; }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){ $icmp=1; @@ -112,7 +112,7 @@ sub get_srvgrp_prot if ($icmp eq '1'){push (@ips,'ICMP');} my $back=join(",",@ips); return $back; - + } sub get_srv_port { @@ -147,7 +147,7 @@ sub get_srvgrp_port }elsif ($prot eq 'ICMP'){ $back="--icmp-type "; } - + $back.=join(",",@ips); return $back; } @@ -205,7 +205,7 @@ sub get_ovpn_host_ip } sub get_ovpn_net_ip { - + my $val=shift; my $field=shift; foreach my $key (sort {$a <=> $b} keys %ccdnet){ @@ -222,8 +222,8 @@ sub get_grp_ip if ($customgrp{$key}[0] eq $val){ &get_address($customgrp{$key}[3],$src); } - } - + } + } sub get_std_net_ip { @@ -239,6 +239,8 @@ sub get_std_net_ip return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; }elsif($val eq 'RED'){ return "0.0.0.0/0"; + }elsif($val eq 'WGRW'){ + return $Wireguard::settings{'CLIENT_POOL'}; }elsif($val =~ /OpenVPN/i){ return "$ovpnsettings{'DOVPN_SUBNET'}"; }elsif($val =~ /IPsec/i){ @@ -259,6 +261,12 @@ sub get_interface if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){ return "$netsettings{'BLUE_DEV'}"; } + + # Wireguard + if ($net eq $Wireguard::settings{'CLIENT_POOL'}) { + return "wg0"; + } + if($net eq "0.0.0.0/0") { return &get_external_interface(); } @@ -270,7 +278,7 @@ sub get_net_ip foreach my $key (sort {$a <=> $b} keys %customnetwork){ if($customnetwork{$key}[0] eq $val){ return "$customnetwork{$key}[1]/$customnetwork{$key}[2]"; - } + } } } sub get_host_ip @@ -288,7 +296,7 @@ sub get_host_ip }elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){ return "none"; } - } + } } } sub get_addresses @@ -385,6 +393,25 @@ sub get_address push(@ret, [$host_address, ""]); } + # WireGuard Peers + } elsif ($key eq 'wg_peer' || $key eq 'wg_peer_src' || $key eq 'wg_peer_tgt') { + my $peer = &Wireguard::get_peer_by_name($value); + if (defined $peer) { + my $remotes; + + # Select the remote IP addresses + if ($peer->{'TYPE'} eq 'host') { + $remotes = $peer->{'CLIENT_ADDRESS'}; + } elsif ($peer->{'TYPE'} eq 'net') { + $remotes = $peer->{'REMOTE_SUBNETS'}; + } + + # Add all remotes + foreach my $remote (@$remotes) { + push(@ret, [$remote, $peer->{'INTERFACE'}]); + } + } + # OpenVPN networks. } elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) { my $network_address = &get_ovpn_net_ip($value, 1); diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy index 21165e9338..872a921401 100755 --- a/config/firewall/firewall-policy +++ b/config/firewall/firewall-policy @@ -54,6 +54,7 @@ esac HAVE_IPSEC="true" HAVE_OPENVPN="true" +HAVE_WG="true" # INPUT @@ -97,6 +98,14 @@ case "${HAVE_OPENVPN},${POLICY}" in ;; esac +# WireGuard INPUT +case "${HAVE_WG},${POLICY}" in + true,MODE1) ;; + true,*) + iptables -A POLICYIN -i wg+ -j ACCEPT + ;; +esac + case "${FWPOLICY2}" in REJECT) if [ "${DROPINPUT}" = "on" ]; then @@ -149,6 +158,9 @@ case "${POLICY}" in # Grant access for OpenVPN connections iptables -A POLICYFWD -i tun+ -j ACCEPT + # Grant access for WireGuard + iptables -A POLICYFWD -i wg+ -j ACCEPT + if [ -n "${IFACE}" ]; then if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then iptables -A POLICYFWD -i "${BLUE_DEV}" -s "${BLUE_NETADDRESS}/${BLUE_NETMASK}" -o "${IFACE}" -j ACCEPT diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources index 0e26792d6b..b0b405357d 100644 --- a/config/ipblocklist/sources +++ b/config/ipblocklist/sources @@ -111,24 +111,6 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis 'parser' => 'ip-or-net-list', 'rate' => '30m', 'category' => 'attacker' }, - '3CORESEC_SSH' => { 'name' => '3CORESec SSH Activity Blocklist', - 'url' => 'https://blacklist.3coresec.net/lists/ssh.txt', - 'info' => 'https://blacklist.3coresec.net', - 'parser' => 'ip-or-net-list', - 'rate' => '1d', - 'category' => 'attacker' }, - '3CORESEC_SCAN' => { 'name' => '3CORESec Scan and IDS Blocklist', - 'url' => 'https://blacklist.3coresec.net/lists/misc.txt', - 'info' => 'https://blacklist.3coresec.net', - 'parser' => 'ip-or-net-list', - 'rate' => '1d', - 'category' => 'reputation' }, - '3CORESEC_WEB' => { 'name' => '3CORESec Web Server Activity Blocklist', - 'url' => 'https://blacklist.3coresec.net/lists/http.txt', - 'info' => 'https://blacklist.3coresec.net', - 'parser' => 'ip-or-net-list', - 'rate' => '1d', - 'category' => 'attacker' }, 'THREATVIEW_IO_IP' => { 'name' => 'Threatview.io Malicious IP Blocklist for known Bad IP addresses', 'url' => 'https://threatview.io/Downloads/IP-High-Confidence-Feed.txt', 'info' => 'https://threatview.io/#services', diff --git a/config/menu/40-services.menu b/config/menu/40-services.menu index 83ce3bc1f5..932a7f0339 100644 --- a/config/menu/40-services.menu +++ b/config/menu/40-services.menu @@ -4,6 +4,12 @@ 'title' => "$Lang::tr{'virtual private networking'}", 'enabled' => 1, }; + $subservices->{'15.wireguard'} = { + 'caption' => $Lang::tr{'wireguard'}, + 'uri' => '/cgi-bin/wireguard.cgi', + 'title' => "$Lang::tr{'wireguard'}", + 'enabled' => 1, + }; $subservices->{'20.openvpn'} = { 'caption' => 'OpenVPN', 'uri' => '/cgi-bin/ovpnmain.cgi', diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index cc7833a180..12898701ab 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -92,6 +92,7 @@ etc/rc.d/init.d/udev_retry etc/rc.d/init.d/unbound etc/rc.d/init.d/vnstat etc/rc.d/init.d/waitdrives +etc/rc.d/init.d/wireguard etc/rc.d/init.d/wlanclient #etc/rc.d/rc0.d etc/rc.d/rc0.d/K01grub-btrfsd @@ -102,6 +103,7 @@ etc/rc.d/rc0.d/K30sshd etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat +etc/rc.d/rc0.d/K70wireguard etc/rc.d/rc0.d/K77conntrackd etc/rc.d/rc0.d/K78suricata etc/rc.d/rc0.d/K79leds @@ -133,6 +135,7 @@ etc/rc.d/rc3.d/S24cyrus-sasl etc/rc.d/rc3.d/S30sshd etc/rc.d/rc3.d/S32apache etc/rc.d/rc3.d/S40fcron +etc/rc.d/rc3.d/S50wireguard etc/rc.d/rc3.d/S98rc.local etc/rc.d/rc3.d/S99grub-btrfsd #etc/rc.d/rc3.d/S99vdradmin @@ -145,6 +148,7 @@ etc/rc.d/rc6.d/K30sshd etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat +etc/rc.d/rc6.d/K70wireguard etc/rc.d/rc6.d/K77conntrackd etc/rc.d/rc6.d/K78suricata etc/rc.d/rc6.d/K79leds diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 51472e7c51..df8af19abc 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -199,6 +199,10 @@ var/ipfire/vpn #var/ipfire/vpn/settings var/ipfire/wakeonlan #var/ipfire/wakeonlan/clients.conf +var/ipfire/wireguard +#var/ipfire/wireguard/peers +#var/ipfire/wireguard/settings +var/ipfire/wireguard-functions.pl var/ipfire/wireless #var/ipfire/wireless/config #var/ipfire/wireless/settings diff --git a/config/rootfiles/common/fontconfig b/config/rootfiles/common/fontconfig index 713fda6017..76cee2dfd6 100644 --- a/config/rootfiles/common/fontconfig +++ b/config/rootfiles/common/fontconfig @@ -36,7 +36,7 @@ usr/bin/fc-validate #usr/include/fontconfig/fcfreetype.h #usr/include/fontconfig/fcprivate.h #usr/include/fontconfig/fontconfig.h -#usr/lib/libfontconfig.la +#usr/lib/libfontconfig.a #usr/lib/libfontconfig.so usr/lib/libfontconfig.so.1 usr/lib/libfontconfig.so.1.15.0 diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap index 65d423ac7c..220b907c8e 100644 --- a/config/rootfiles/common/libcap +++ b/config/rootfiles/common/libcap @@ -6,10 +6,10 @@ sbin/setcap #usr/include/sys/psx_syscall.h #usr/lib/libcap.so usr/lib/libcap.so.2 -usr/lib/libcap.so.2.75 +usr/lib/libcap.so.2.76 #usr/lib/libpsx.so #usr/lib/libpsx.so.2 -usr/lib/libpsx.so.2.75 +usr/lib/libpsx.so.2.76 #usr/lib/pkgconfig/libcap.pc #usr/lib/pkgconfig/libpsx.pc #usr/lib/security @@ -89,6 +89,7 @@ usr/lib/security/pam_cap.so #usr/share/man/man3/psx_syscall3.3 #usr/share/man/man3/psx_syscall6.3 #usr/share/man/man5/capability.conf.5 +#usr/share/man/man7/cap_text_formats.7 #usr/share/man/man8/captree.8 #usr/share/man/man8/getcap.8 #usr/share/man/man8/getpcaps.8 diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error index ec61ac1f8b..cf34b3bdb8 100644 --- a/config/rootfiles/common/libgpg-error +++ b/config/rootfiles/common/libgpg-error @@ -6,7 +6,7 @@ usr/bin/gpg-error #usr/lib/libgpg-error.la #usr/lib/libgpg-error.so usr/lib/libgpg-error.so.0 -usr/lib/libgpg-error.so.0.38.0 +usr/lib/libgpg-error.so.0.39.2 #usr/lib/pkgconfig/gpg-error.pc #usr/share/aclocal/gpg-error.m4 #usr/share/aclocal/gpgrt.m4 diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index d6594b3f8d..b92a1e32af 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -25,8 +25,8 @@ usr/local/bin/redctrl usr/local/bin/setaliases usr/local/bin/smartctrl usr/local/bin/squidctrl -usr/local/bin/suricatactrl usr/local/bin/sshctrl +usr/local/bin/suricatactrl usr/local/bin/syslogdctrl usr/local/bin/timectrl #usr/local/bin/torctrl @@ -35,6 +35,7 @@ usr/local/bin/updxlratorctrl usr/local/bin/urlfilterctrl #usr/local/bin/wiohelper #usr/local/bin/wioscan +usr/local/bin/wireguardctrl usr/local/bin/wirelessclient usr/local/bin/wirelessctrl #usr/local/bin/wlanapctrl diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index d256513485..85dd5dd2dd 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -21,6 +21,7 @@ usr/lib/openssh/sftp-server usr/lib/openssh/ssh-keysign usr/lib/openssh/ssh-pkcs11-helper usr/lib/openssh/ssh-sk-helper +usr/lib/openssh/sshd-auth usr/lib/openssh/sshd-session usr/sbin/sshd #usr/share/man/man1/scp.1 diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl index 9773c0fa1c..8c154485e6 100644 --- a/config/rootfiles/common/openssl +++ b/config/rootfiles/common/openssl @@ -15,7 +15,6 @@ usr/bin/openssl #usr/include/openssl #usr/include/openssl/aes.h #usr/include/openssl/asn1.h -#usr/include/openssl/asn1_mac.h #usr/include/openssl/asn1err.h #usr/include/openssl/asn1t.h #usr/include/openssl/async.h @@ -27,6 +26,7 @@ usr/bin/openssl #usr/include/openssl/bnerr.h #usr/include/openssl/buffer.h #usr/include/openssl/buffererr.h +#usr/include/openssl/byteorder.h #usr/include/openssl/camellia.h #usr/include/openssl/cast.h #usr/include/openssl/cmac.h @@ -93,6 +93,7 @@ usr/bin/openssl #usr/include/openssl/md4.h #usr/include/openssl/md5.h #usr/include/openssl/mdc2.h +#usr/include/openssl/ml_kem.h #usr/include/openssl/modes.h #usr/include/openssl/obj_mac.h #usr/include/openssl/objects.h @@ -225,6 +226,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man1/openssl-s_server.html #usr/share/doc/openssl/html/man1/openssl-s_time.html #usr/share/doc/openssl/html/man1/openssl-sess_id.html +#usr/share/doc/openssl/html/man1/openssl-skeyutl.html #usr/share/doc/openssl/html/man1/openssl-smime.html #usr/share/doc/openssl/html/man1/openssl-speed.html #usr/share/doc/openssl/html/man1/openssl-spkac.html @@ -462,6 +464,8 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html #usr/share/doc/openssl/html/man3/EVP_RAND.html #usr/share/doc/openssl/html/man3/EVP_SIGNATURE.html +#usr/share/doc/openssl/html/man3/EVP_SKEY.html +#usr/share/doc/openssl/html/man3/EVP_SKEYMGMT.html #usr/share/doc/openssl/html/man3/EVP_SealInit.html #usr/share/doc/openssl/html/man3/EVP_SignInit.html #usr/share/doc/openssl/html/man3/EVP_VerifyInit.html @@ -516,6 +520,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/OPENSSL_init_ssl.html #usr/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html #usr/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html +#usr/share/doc/openssl/html/man3/OPENSSL_load_u16_le.html #usr/share/doc/openssl/html/man3/OPENSSL_malloc.html #usr/share/doc/openssl/html/man3/OPENSSL_riscvcap.html #usr/share/doc/openssl/html/man3/OPENSSL_s390xcap.html @@ -568,6 +573,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/OSSL_PARAM_allocate_from_text.html #usr/share/doc/openssl/html/man3/OSSL_PARAM_dup.html #usr/share/doc/openssl/html/man3/OSSL_PARAM_int.html +#usr/share/doc/openssl/html/man3/OSSL_PARAM_print_to_bio.html #usr/share/doc/openssl/html/man3/OSSL_PROVIDER.html #usr/share/doc/openssl/html/man3/OSSL_QUIC_client_method.html #usr/share/doc/openssl/html/man3/OSSL_SELF_TEST_new.html @@ -703,6 +709,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html +#usr/share/doc/openssl/html/man3/SSL_CTX_set_domain_flags.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html @@ -710,6 +717,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_mode.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html +#usr/share/doc/openssl/html/man3/SSL_CTX_set_new_pending_conn_cb.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_options.html #usr/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html @@ -798,6 +806,8 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/SSL_library_init.html #usr/share/doc/openssl/html/man3/SSL_load_client_CA_file.html #usr/share/doc/openssl/html/man3/SSL_new.html +#usr/share/doc/openssl/html/man3/SSL_new_domain.html +#usr/share/doc/openssl/html/man3/SSL_new_listener.html #usr/share/doc/openssl/html/man3/SSL_new_stream.html #usr/share/doc/openssl/html/man3/SSL_pending.html #usr/share/doc/openssl/html/man3/SSL_poll.html @@ -815,6 +825,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/SSL_set_default_stream_mode.html #usr/share/doc/openssl/html/man3/SSL_set_fd.html #usr/share/doc/openssl/html/man3/SSL_set_incoming_stream_policy.html +#usr/share/doc/openssl/html/man3/SSL_set_quic_tls_cbs.html #usr/share/doc/openssl/html/man3/SSL_set_retry_verify.html #usr/share/doc/openssl/html/man3/SSL_set_session.html #usr/share/doc/openssl/html/man3/SSL_set_session_secret_cb.html @@ -940,6 +951,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man7/EVP_KDF-X942-CONCAT.html #usr/share/doc/openssl/html/man7/EVP_KDF-X963.html #usr/share/doc/openssl/html/man7/EVP_KEM-EC.html +#usr/share/doc/openssl/html/man7/EVP_KEM-ML-KEM.html #usr/share/doc/openssl/html/man7/EVP_KEM-RSA.html #usr/share/doc/openssl/html/man7/EVP_KEM-X25519.html #usr/share/doc/openssl/html/man7/EVP_KEYEXCH-DH.html @@ -973,7 +985,10 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man7/EVP_PKEY-EC.html #usr/share/doc/openssl/html/man7/EVP_PKEY-FFC.html #usr/share/doc/openssl/html/man7/EVP_PKEY-HMAC.html +#usr/share/doc/openssl/html/man7/EVP_PKEY-ML-DSA.html +#usr/share/doc/openssl/html/man7/EVP_PKEY-ML-KEM.html #usr/share/doc/openssl/html/man7/EVP_PKEY-RSA.html +#usr/share/doc/openssl/html/man7/EVP_PKEY-SLH-DSA.html #usr/share/doc/openssl/html/man7/EVP_PKEY-SM2.html #usr/share/doc/openssl/html/man7/EVP_PKEY-X25519.html #usr/share/doc/openssl/html/man7/EVP_RAND-CRNG-TEST.html @@ -988,7 +1003,9 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-ECDSA.html #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-ED25519.html #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-HMAC.html +#usr/share/doc/openssl/html/man7/EVP_SIGNATURE-ML-DSA.html #usr/share/doc/openssl/html/man7/EVP_SIGNATURE-RSA.html +#usr/share/doc/openssl/html/man7/EVP_SIGNATURE-SLH-DSA.html #usr/share/doc/openssl/html/man7/OSSL_PROVIDER-FIPS.html #usr/share/doc/openssl/html/man7/OSSL_PROVIDER-base.html #usr/share/doc/openssl/html/man7/OSSL_PROVIDER-default.html @@ -1022,6 +1039,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man7/openssl-env.html #usr/share/doc/openssl/html/man7/openssl-glossary.html #usr/share/doc/openssl/html/man7/openssl-qlog.html +#usr/share/doc/openssl/html/man7/openssl-quic-concurrency.html #usr/share/doc/openssl/html/man7/openssl-quic.html #usr/share/doc/openssl/html/man7/openssl-threads.html #usr/share/doc/openssl/html/man7/openssl_user_macros.html @@ -1034,6 +1052,8 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man7/ossl-guide-quic-client-non-block.html #usr/share/doc/openssl/html/man7/ossl-guide-quic-introduction.html #usr/share/doc/openssl/html/man7/ossl-guide-quic-multi-stream.html +#usr/share/doc/openssl/html/man7/ossl-guide-quic-server-block.html +#usr/share/doc/openssl/html/man7/ossl-guide-quic-server-non-block.html #usr/share/doc/openssl/html/man7/ossl-guide-tls-client-block.html #usr/share/doc/openssl/html/man7/ossl-guide-tls-client-non-block.html #usr/share/doc/openssl/html/man7/ossl-guide-tls-introduction.html @@ -1056,6 +1076,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man7/provider-object.html #usr/share/doc/openssl/html/man7/provider-rand.html #usr/share/doc/openssl/html/man7/provider-signature.html +#usr/share/doc/openssl/html/man7/provider-skeymgmt.html #usr/share/doc/openssl/html/man7/provider-storemgmt.html #usr/share/doc/openssl/html/man7/provider.html #usr/share/doc/openssl/html/man7/proxy-certificates.html @@ -1133,6 +1154,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man1/openssl-s_server.1ossl #usr/share/man/man1/openssl-s_time.1ossl #usr/share/man/man1/openssl-sess_id.1ossl +#usr/share/man/man1/openssl-skeyutl.1ossl #usr/share/man/man1/openssl-smime.1ossl #usr/share/man/man1/openssl-speed.1ossl #usr/share/man/man1/openssl-spkac.1ossl @@ -1395,6 +1417,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/BIO_dgram_get_peer.3ossl #usr/share/man/man3/BIO_dgram_recv_timedout.3ossl #usr/share/man/man3/BIO_dgram_send_timedout.3ossl +#usr/share/man/man3/BIO_dgram_set0_local_addr.3ossl #usr/share/man/man3/BIO_dgram_set_caps.3ossl #usr/share/man/man3/BIO_dgram_set_local_addr_enable.3ossl #usr/share/man/man3/BIO_dgram_set_mtu.3ossl @@ -1797,6 +1820,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/CMS_EnvelopedData_create.3ossl #usr/share/man/man3/CMS_EnvelopedData_create_ex.3ossl #usr/share/man/man3/CMS_EnvelopedData_decrypt.3ossl +#usr/share/man/man3/CMS_EnvelopedData_dup.3ossl #usr/share/man/man3/CMS_EnvelopedData_it.3ossl #usr/share/man/man3/CMS_ReceiptRequest_create0.3ossl #usr/share/man/man3/CMS_ReceiptRequest_create0_ex.3ossl @@ -2562,6 +2586,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/EVP_CIPHER_CTX_type.3ossl #usr/share/man/man3/EVP_CIPHER_asn1_to_param.3ossl #usr/share/man/man3/EVP_CIPHER_block_size.3ossl +#usr/share/man/man3/EVP_CIPHER_can_pipeline.3ossl #usr/share/man/man3/EVP_CIPHER_do_all_provided.3ossl #usr/share/man/man3/EVP_CIPHER_fetch.3ossl #usr/share/man/man3/EVP_CIPHER_flags.3ossl @@ -2612,8 +2637,13 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/EVP_CipherFinal.3ossl #usr/share/man/man3/EVP_CipherFinal_ex.3ossl #usr/share/man/man3/EVP_CipherInit.3ossl +#usr/share/man/man3/EVP_CipherInit_SKEY.3ossl #usr/share/man/man3/EVP_CipherInit_ex.3ossl #usr/share/man/man3/EVP_CipherInit_ex2.3ossl +#usr/share/man/man3/EVP_CipherPipelineDecryptInit.3ossl +#usr/share/man/man3/EVP_CipherPipelineEncryptInit.3ossl +#usr/share/man/man3/EVP_CipherPipelineFinal.3ossl +#usr/share/man/man3/EVP_CipherPipelineUpdate.3ossl #usr/share/man/man3/EVP_CipherUpdate.3ossl #usr/share/man/man3/EVP_DecodeBlock.3ossl #usr/share/man/man3/EVP_DecodeFinal.3ossl @@ -2745,6 +2775,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/EVP_MAC_gettable_ctx_params.3ossl #usr/share/man/man3/EVP_MAC_gettable_params.3ossl #usr/share/man/man3/EVP_MAC_init.3ossl +#usr/share/man/man3/EVP_MAC_init_SKEY.3ossl #usr/share/man/man3/EVP_MAC_is_a.3ossl #usr/share/man/man3/EVP_MAC_names_do_all.3ossl #usr/share/man/man3/EVP_MAC_settable_ctx_params.3ossl @@ -3245,6 +3276,31 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/EVP_SIGNATURE_names_do_all.3ossl #usr/share/man/man3/EVP_SIGNATURE_settable_ctx_params.3ossl #usr/share/man/man3/EVP_SIGNATURE_up_ref.3ossl +#usr/share/man/man3/EVP_SKEY.3ossl +#usr/share/man/man3/EVP_SKEYMGMT.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_do_all_provided.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_fetch.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_free.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_get0_description.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_get0_gen_settable_params.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_get0_imp_settable_params.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_get0_name.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_get0_provider.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_is_a.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_names_do_all.3ossl +#usr/share/man/man3/EVP_SKEYMGMT_up_ref.3ossl +#usr/share/man/man3/EVP_SKEY_export.3ossl +#usr/share/man/man3/EVP_SKEY_free.3ossl +#usr/share/man/man3/EVP_SKEY_generate.3ossl +#usr/share/man/man3/EVP_SKEY_get0_key_id.3ossl +#usr/share/man/man3/EVP_SKEY_get0_provider_name.3ossl +#usr/share/man/man3/EVP_SKEY_get0_raw_key.3ossl +#usr/share/man/man3/EVP_SKEY_get0_skeymgmt_name.3ossl +#usr/share/man/man3/EVP_SKEY_import.3ossl +#usr/share/man/man3/EVP_SKEY_import_raw_key.3ossl +#usr/share/man/man3/EVP_SKEY_is_a.3ossl +#usr/share/man/man3/EVP_SKEY_to_provider.3ossl +#usr/share/man/man3/EVP_SKEY_up_ref.3ossl #usr/share/man/man3/EVP_SealFinal.3ossl #usr/share/man/man3/EVP_SealInit.3ossl #usr/share/man/man3/EVP_SealUpdate.3ossl @@ -3398,6 +3454,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/EVP_des_ofb.3ossl #usr/share/man/man3/EVP_desx_cbc.3ossl #usr/share/man/man3/EVP_enc_null.3ossl +#usr/share/man/man3/EVP_get1_default_properties.3ossl #usr/share/man/man3/EVP_get_cipherbyname.3ossl #usr/share/man/man3/EVP_get_cipherbynid.3ossl #usr/share/man/man3/EVP_get_cipherbyobj.3ossl @@ -3714,6 +3771,12 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OPENSSL_instrument_bus.3ossl #usr/share/man/man3/OPENSSL_instrument_bus2.3ossl #usr/share/man/man3/OPENSSL_load_builtin_modules.3ossl +#usr/share/man/man3/OPENSSL_load_u16_be.3ossl +#usr/share/man/man3/OPENSSL_load_u16_le.3ossl +#usr/share/man/man3/OPENSSL_load_u32_be.3ossl +#usr/share/man/man3/OPENSSL_load_u32_le.3ossl +#usr/share/man/man3/OPENSSL_load_u64_be.3ossl +#usr/share/man/man3/OPENSSL_load_u64_le.3ossl #usr/share/man/man3/OPENSSL_malloc.3ossl #usr/share/man/man3/OPENSSL_malloc_init.3ossl #usr/share/man/man3/OPENSSL_mem_debug_pop.3ossl @@ -3753,6 +3816,12 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OPENSSL_sk_unshift.3ossl #usr/share/man/man3/OPENSSL_sk_value.3ossl #usr/share/man/man3/OPENSSL_sk_zero.3ossl +#usr/share/man/man3/OPENSSL_store_u16_be.3ossl +#usr/share/man/man3/OPENSSL_store_u16_le.3ossl +#usr/share/man/man3/OPENSSL_store_u32_be.3ossl +#usr/share/man/man3/OPENSSL_store_u32_le.3ossl +#usr/share/man/man3/OPENSSL_store_u64_be.3ossl +#usr/share/man/man3/OPENSSL_store_u64_le.3ossl #usr/share/man/man3/OPENSSL_strcasecmp.3ossl #usr/share/man/man3/OPENSSL_strdup.3ossl #usr/share/man/man3/OPENSSL_strlcat.3ossl @@ -3768,10 +3837,43 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OPENSSL_version_patch.3ossl #usr/share/man/man3/OPENSSL_version_pre_release.3ossl #usr/share/man/man3/OPENSSL_zalloc.3ossl +#usr/share/man/man3/OSSL_AA_DIST_POINT_free.3ossl +#usr/share/man/man3/OSSL_AA_DIST_POINT_it.3ossl +#usr/share/man/man3/OSSL_AA_DIST_POINT_new.3ossl #usr/share/man/man3/OSSL_ALGORITHM.3ossl +#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_CHOICE_free.3ossl +#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_CHOICE_it.3ossl +#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_CHOICE_new.3ossl +#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_ITEM_free.3ossl +#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_ITEM_it.3ossl +#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_ITEM_new.3ossl +#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_SYNTAX_free.3ossl +#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_SYNTAX_it.3ossl +#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_SYNTAX_new.3ossl +#usr/share/man/man3/OSSL_ATAV_free.3ossl +#usr/share/man/man3/OSSL_ATAV_it.3ossl +#usr/share/man/man3/OSSL_ATAV_new.3ossl #usr/share/man/man3/OSSL_ATTRIBUTES_SYNTAX_free.3ossl #usr/share/man/man3/OSSL_ATTRIBUTES_SYNTAX_it.3ossl #usr/share/man/man3/OSSL_ATTRIBUTES_SYNTAX_new.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_DESCRIPTOR_free.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_DESCRIPTOR_it.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_DESCRIPTOR_new.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPINGS_free.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPINGS_it.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPINGS_new.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPING_free.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPING_it.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPING_new.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_TYPE_MAPPING_free.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_TYPE_MAPPING_it.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_TYPE_MAPPING_new.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_VALUE_MAPPING_free.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_VALUE_MAPPING_it.3ossl +#usr/share/man/man3/OSSL_ATTRIBUTE_VALUE_MAPPING_new.3ossl +#usr/share/man/man3/OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_free.3ossl +#usr/share/man/man3/OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_it.3ossl +#usr/share/man/man3/OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_new.3ossl #usr/share/man/man3/OSSL_BASIC_ATTR_CONSTRAINTS_free.3ossl #usr/share/man/man3/OSSL_BASIC_ATTR_CONSTRAINTS_it.3ossl #usr/share/man/man3/OSSL_BASIC_ATTR_CONSTRAINTS_new.3ossl @@ -3982,6 +4084,13 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_CRMF_CERTTEMPLATE_get0_subject.3ossl #usr/share/man/man3/OSSL_CRMF_CERTTEMPLATE_it.3ossl #usr/share/man/man3/OSSL_CRMF_CERTTEMPLATE_new.3ossl +#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_free.3ossl +#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_get1_encCert.3ossl +#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_get1_pkey.3ossl +#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_init_envdata.3ossl +#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_it.3ossl +#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_new.3ossl +#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDVALUE_decrypt.3ossl #usr/share/man/man3/OSSL_CRMF_ENCRYPTEDVALUE_free.3ossl #usr/share/man/man3/OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert.3ossl #usr/share/man/man3/OSSL_CRMF_ENCRYPTEDVALUE_it.3ossl @@ -3991,6 +4100,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_CRMF_MSGS_new.3ossl #usr/share/man/man3/OSSL_CRMF_MSGS_verify_popo.3ossl #usr/share/man/man3/OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo.3ossl +#usr/share/man/man3/OSSL_CRMF_MSG_centralkeygen_requested.3ossl #usr/share/man/man3/OSSL_CRMF_MSG_create_popo.3ossl #usr/share/man/man3/OSSL_CRMF_MSG_dup.3ossl #usr/share/man/man3/OSSL_CRMF_MSG_free.3ossl @@ -4029,6 +4139,12 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_CRMF_SINGLEPUBINFO_new.3ossl #usr/share/man/man3/OSSL_CRMF_pbm_new.3ossl #usr/share/man/man3/OSSL_CRMF_pbmp_new.3ossl +#usr/share/man/man3/OSSL_DAY_TIME_BAND_free.3ossl +#usr/share/man/man3/OSSL_DAY_TIME_BAND_it.3ossl +#usr/share/man/man3/OSSL_DAY_TIME_BAND_new.3ossl +#usr/share/man/man3/OSSL_DAY_TIME_free.3ossl +#usr/share/man/man3/OSSL_DAY_TIME_it.3ossl +#usr/share/man/man3/OSSL_DAY_TIME_new.3ossl #usr/share/man/man3/OSSL_DECODER.3ossl #usr/share/man/man3/OSSL_DECODER_CLEANUP.3ossl #usr/share/man/man3/OSSL_DECODER_CONSTRUCT.3ossl @@ -4129,7 +4245,16 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_ESS_check_signing_certs.3ossl #usr/share/man/man3/OSSL_ESS_signing_cert_new_init.3ossl #usr/share/man/man3/OSSL_ESS_signing_cert_v2_new_init.3ossl +#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_alert_fn.3ossl +#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_crypto_recv_rcd_fn.3ossl +#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_crypto_release_rcd_fn.3ossl +#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_crypto_send_fn.3ossl +#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn.3ossl +#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_yield_secret_fn.3ossl #usr/share/man/man3/OSSL_GENERAL_NAMES_print.3ossl +#usr/share/man/man3/OSSL_HASH_free.3ossl +#usr/share/man/man3/OSSL_HASH_it.3ossl +#usr/share/man/man3/OSSL_HASH_new.3ossl #usr/share/man/man3/OSSL_HPKE_CTX_free.3ossl #usr/share/man/man3/OSSL_HPKE_CTX_get_seq.3ossl #usr/share/man/man3/OSSL_HPKE_CTX_new.3ossl @@ -4190,6 +4315,12 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_IETF_ATTR_SYNTAX_set0_policyAuthority.3ossl #usr/share/man/man3/OSSL_INDICATOR_get_callback.3ossl #usr/share/man/man3/OSSL_INDICATOR_set_callback.3ossl +#usr/share/man/man3/OSSL_INFO_SYNTAX_POINTER_free.3ossl +#usr/share/man/man3/OSSL_INFO_SYNTAX_POINTER_it.3ossl +#usr/share/man/man3/OSSL_INFO_SYNTAX_POINTER_new.3ossl +#usr/share/man/man3/OSSL_INFO_SYNTAX_free.3ossl +#usr/share/man/man3/OSSL_INFO_SYNTAX_it.3ossl +#usr/share/man/man3/OSSL_INFO_SYNTAX_new.3ossl #usr/share/man/man3/OSSL_ISSUER_SERIAL_free.3ossl #usr/share/man/man3/OSSL_ISSUER_SERIAL_get0_issuer.3ossl #usr/share/man/man3/OSSL_ISSUER_SERIAL_get0_issuerUID.3ossl @@ -4210,6 +4341,9 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_LIB_CTX_new_from_dispatch.3ossl #usr/share/man/man3/OSSL_LIB_CTX_set0_default.3ossl #usr/share/man/man3/OSSL_LIB_CTX_set_conf_diagnostics.3ossl +#usr/share/man/man3/OSSL_NAMED_DAY_free.3ossl +#usr/share/man/man3/OSSL_NAMED_DAY_it.3ossl +#usr/share/man/man3/OSSL_NAMED_DAY_new.3ossl #usr/share/man/man3/OSSL_OBJECT_DIGEST_INFO_free.3ossl #usr/share/man/man3/OSSL_OBJECT_DIGEST_INFO_get0_digest.3ossl #usr/share/man/man3/OSSL_OBJECT_DIGEST_INFO_new.3ossl @@ -4289,6 +4423,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_PARAM_modified.3ossl #usr/share/man/man3/OSSL_PARAM_octet_ptr.3ossl #usr/share/man/man3/OSSL_PARAM_octet_string.3ossl +#usr/share/man/man3/OSSL_PARAM_print_to_bio.3ossl #usr/share/man/man3/OSSL_PARAM_set_BN.3ossl #usr/share/man/man3/OSSL_PARAM_set_all_unmodified.3ossl #usr/share/man/man3/OSSL_PARAM_set_double.3ossl @@ -4315,15 +4450,21 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_PARAM_utf8_ptr.3ossl #usr/share/man/man3/OSSL_PARAM_utf8_string.3ossl #usr/share/man/man3/OSSL_PASSPHRASE_CALLBACK.3ossl +#usr/share/man/man3/OSSL_PRIVILEGE_POLICY_ID_free.3ossl +#usr/share/man/man3/OSSL_PRIVILEGE_POLICY_ID_it.3ossl +#usr/share/man/man3/OSSL_PRIVILEGE_POLICY_ID_new.3ossl #usr/share/man/man3/OSSL_PROVIDER.3ossl #usr/share/man/man3/OSSL_PROVIDER_add_builtin.3ossl +#usr/share/man/man3/OSSL_PROVIDER_add_conf_parameter.3ossl #usr/share/man/man3/OSSL_PROVIDER_available.3ossl +#usr/share/man/man3/OSSL_PROVIDER_conf_get_bool.3ossl #usr/share/man/man3/OSSL_PROVIDER_do_all.3ossl #usr/share/man/man3/OSSL_PROVIDER_get0_default_search_path.3ossl #usr/share/man/man3/OSSL_PROVIDER_get0_dispatch.3ossl #usr/share/man/man3/OSSL_PROVIDER_get0_name.3ossl #usr/share/man/man3/OSSL_PROVIDER_get0_provider_ctx.3ossl #usr/share/man/man3/OSSL_PROVIDER_get_capabilities.3ossl +#usr/share/man/man3/OSSL_PROVIDER_get_conf_parameters.3ossl #usr/share/man/man3/OSSL_PROVIDER_get_params.3ossl #usr/share/man/man3/OSSL_PROVIDER_gettable_params.3ossl #usr/share/man/man3/OSSL_PROVIDER_load.3ossl @@ -4358,6 +4499,13 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT.3ossl #usr/share/man/man3/OSSL_QUIC_client_method.3ossl #usr/share/man/man3/OSSL_QUIC_client_thread_method.3ossl +#usr/share/man/man3/OSSL_QUIC_server_method.3ossl +#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_SYNTAX_free.3ossl +#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_SYNTAX_it.3ossl +#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_SYNTAX_new.3ossl +#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_free.3ossl +#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_it.3ossl +#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_new.3ossl #usr/share/man/man3/OSSL_SELF_TEST_free.3ossl #usr/share/man/man3/OSSL_SELF_TEST_get_callback.3ossl #usr/share/man/man3/OSSL_SELF_TEST_new.3ossl @@ -4469,6 +4617,30 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OSSL_TARGET_new.3ossl #usr/share/man/man3/OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN.3ossl #usr/share/man/man3/OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL.3ossl +#usr/share/man/man3/OSSL_TIME_PERIOD_free.3ossl +#usr/share/man/man3/OSSL_TIME_PERIOD_it.3ossl +#usr/share/man/man3/OSSL_TIME_PERIOD_new.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_ABSOLUTE_free.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_ABSOLUTE_it.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_ABSOLUTE_new.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_DAY_free.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_DAY_it.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_DAY_new.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_MONTH_free.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_MONTH_it.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_MONTH_new.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_TIME_free.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_TIME_it.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_TIME_new.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_WEEKS_free.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_WEEKS_it.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_WEEKS_new.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_X_DAY_OF_free.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_X_DAY_OF_it.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_X_DAY_OF_new.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_free.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_it.3ossl +#usr/share/man/man3/OSSL_TIME_SPEC_new.3ossl #usr/share/man/man3/OSSL_TRACE.3ossl #usr/share/man/man3/OSSL_TRACE1.3ossl #usr/share/man/man3/OSSL_TRACE2.3ossl @@ -4525,6 +4697,9 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/PBMAC1PARAM_it.3ossl #usr/share/man/man3/PBMAC1PARAM_new.3ossl #usr/share/man/man3/PBMAC1_get1_pbkdf2_param.3ossl +#usr/share/man/man3/PEM_ASN1_write.3ossl +#usr/share/man/man3/PEM_ASN1_write_bio.3ossl +#usr/share/man/man3/PEM_ASN1_write_bio_ctx.3ossl #usr/share/man/man3/PEM_FLAG_EAY_COMPATIBLE.3ossl #usr/share/man/man3/PEM_FLAG_ONLY_B64.3ossl #usr/share/man/man3/PEM_FLAG_SECURE.3ossl @@ -4857,6 +5032,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/RAND_seed.3ossl #usr/share/man/man3/RAND_set0_private.3ossl #usr/share/man/man3/RAND_set0_public.3ossl +#usr/share/man/man3/RAND_set1_random_provider.3ossl #usr/share/man/man3/RAND_set_DRBG_type.3ossl #usr/share/man/man3/RAND_set_rand_method.3ossl #usr/share/man/man3/RAND_set_seed_source_type.3ossl @@ -5064,6 +5240,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SRP_user_pwd_set0_sv.3ossl #usr/share/man/man3/SRP_user_pwd_set1_ids.3ossl #usr/share/man/man3/SRP_user_pwd_set_gN.3ossl +#usr/share/man/man3/SSL_ACCEPT_CONNECTION_NO_BLOCK.3ossl #usr/share/man/man3/SSL_ACCEPT_STREAM_NO_BLOCK.3ossl #usr/share/man/man3/SSL_CIPHER_description.3ossl #usr/share/man/man3/SSL_CIPHER_find.3ossl @@ -5132,6 +5309,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_CTX_get0_chain_cert_store.3ossl #usr/share/man/man3/SSL_CTX_get0_chain_certs.3ossl #usr/share/man/man3/SSL_CTX_get0_client_cert_type.3ossl +#usr/share/man/man3/SSL_CTX_get0_implemented_groups.3ossl #usr/share/man/man3/SSL_CTX_get0_param.3ossl #usr/share/man/man3/SSL_CTX_get0_security_ex_data.3ossl #usr/share/man/man3/SSL_CTX_get0_server_cert_type.3ossl @@ -5145,6 +5323,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_CTX_get_default_passwd_cb.3ossl #usr/share/man/man3/SSL_CTX_get_default_passwd_cb_userdata.3ossl #usr/share/man/man3/SSL_CTX_get_default_read_ahead.3ossl +#usr/share/man/man3/SSL_CTX_get_domain_flags.3ossl #usr/share/man/man3/SSL_CTX_get_ex_data.3ossl #usr/share/man/man3/SSL_CTX_get_ex_new_index.3ossl #usr/share/man/man3/SSL_CTX_get_extra_chain_certs.3ossl @@ -5257,6 +5436,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_CTX_set_default_verify_paths.3ossl #usr/share/man/man3/SSL_CTX_set_default_verify_store.3ossl #usr/share/man/man3/SSL_CTX_set_dh_auto.3ossl +#usr/share/man/man3/SSL_CTX_set_domain_flags.3ossl #usr/share/man/man3/SSL_CTX_set_ecdh_auto.3ossl #usr/share/man/man3/SSL_CTX_set_ex_data.3ossl #usr/share/man/man3/SSL_CTX_set_generate_session_id.3ossl @@ -5271,6 +5451,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_CTX_set_mode.3ossl #usr/share/man/man3/SSL_CTX_set_msg_callback.3ossl #usr/share/man/man3/SSL_CTX_set_msg_callback_arg.3ossl +#usr/share/man/man3/SSL_CTX_set_new_pending_conn_cb.3ossl #usr/share/man/man3/SSL_CTX_set_next_proto_select_cb.3ossl #usr/share/man/man3/SSL_CTX_set_next_protos_advertised_cb.3ossl #usr/share/man/man3/SSL_CTX_set_num_tickets.3ossl @@ -5337,6 +5518,11 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_DEFAULT_STREAM_MODE_AUTO_BIDI.3ossl #usr/share/man/man3/SSL_DEFAULT_STREAM_MODE_AUTO_UNI.3ossl #usr/share/man/man3/SSL_DEFAULT_STREAM_MODE_NONE.3ossl +#usr/share/man/man3/SSL_DOMAIN_FLAG_BLOCKING.3ossl +#usr/share/man/man3/SSL_DOMAIN_FLAG_LEGACY_BLOCKING.3ossl +#usr/share/man/man3/SSL_DOMAIN_FLAG_MULTI_THREAD.3ossl +#usr/share/man/man3/SSL_DOMAIN_FLAG_SINGLE_THREAD.3ossl +#usr/share/man/man3/SSL_DOMAIN_FLAG_THREAD_ASSISTED.3ossl #usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_ACCEPT.3ossl #usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_AUTO.3ossl #usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_REJECT.3ossl @@ -5440,6 +5626,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_VALUE_STREAM_WRITE_BUF_USED.3ossl #usr/share/man/man3/SSL_WRITE_FLAG_CONCLUDE.3ossl #usr/share/man/man3/SSL_accept.3ossl +#usr/share/man/man3/SSL_accept_connection.3ossl #usr/share/man/man3/SSL_accept_stream.3ossl #usr/share/man/man3/SSL_add0_chain_cert.3ossl #usr/share/man/man3/SSL_add1_chain_cert.3ossl @@ -5506,18 +5693,22 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_get0_connection.3ossl #usr/share/man/man3/SSL_get0_dane_authority.3ossl #usr/share/man/man3/SSL_get0_dane_tlsa.3ossl +#usr/share/man/man3/SSL_get0_domain.3ossl #usr/share/man/man3/SSL_get0_group_name.3ossl #usr/share/man/man3/SSL_get0_iana_groups.3ossl +#usr/share/man/man3/SSL_get0_listener.3ossl #usr/share/man/man3/SSL_get0_next_proto_negotiated.3ossl #usr/share/man/man3/SSL_get0_param.3ossl #usr/share/man/man3/SSL_get0_peer_CA_list.3ossl #usr/share/man/man3/SSL_get0_peer_certificate.3ossl #usr/share/man/man3/SSL_get0_peer_rpk.3ossl #usr/share/man/man3/SSL_get0_peer_scts.3ossl +#usr/share/man/man3/SSL_get0_peer_signature_name.3ossl #usr/share/man/man3/SSL_get0_peername.3ossl #usr/share/man/man3/SSL_get0_security_ex_data.3ossl #usr/share/man/man3/SSL_get0_server_cert_type.3ossl #usr/share/man/man3/SSL_get0_session.3ossl +#usr/share/man/man3/SSL_get0_signature_name.3ossl #usr/share/man/man3/SSL_get0_verified_chain.3ossl #usr/share/man/man3/SSL_get0_verify_cert_store.3ossl #usr/share/man/man3/SSL_get1_builtin_sigalgs.3ossl @@ -5528,6 +5719,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_get1_session.3ossl #usr/share/man/man3/SSL_get1_supported_ciphers.3ossl #usr/share/man/man3/SSL_get_SSL_CTX.3ossl +#usr/share/man/man3/SSL_get_accept_connection_queue_len.3ossl #usr/share/man/man3/SSL_get_accept_stream_queue_len.3ossl #usr/share/man/man3/SSL_get_all_async_fds.3ossl #usr/share/man/man3/SSL_get_app_data.3ossl @@ -5549,6 +5741,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_get_default_passwd_cb.3ossl #usr/share/man/man3/SSL_get_default_passwd_cb_userdata.3ossl #usr/share/man/man3/SSL_get_default_timeout.3ossl +#usr/share/man/man3/SSL_get_domain_flags.3ossl #usr/share/man/man3/SSL_get_early_data_status.3ossl #usr/share/man/man3/SSL_get_error.3ossl #usr/share/man/man3/SSL_get_event_handling_mode.3ossl @@ -5652,20 +5845,27 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_in_init.3ossl #usr/share/man/man3/SSL_inject_net_dgram.3ossl #usr/share/man/man3/SSL_is_connection.3ossl +#usr/share/man/man3/SSL_is_domain.3ossl #usr/share/man/man3/SSL_is_dtls.3ossl #usr/share/man/man3/SSL_is_init_finished.3ossl +#usr/share/man/man3/SSL_is_listener.3ossl #usr/share/man/man3/SSL_is_quic.3ossl #usr/share/man/man3/SSL_is_server.3ossl #usr/share/man/man3/SSL_is_stream_local.3ossl #usr/share/man/man3/SSL_is_tls.3ossl #usr/share/man/man3/SSL_key_update.3ossl #usr/share/man/man3/SSL_library_init.3ossl +#usr/share/man/man3/SSL_listen.3ossl #usr/share/man/man3/SSL_load_client_CA_file.3ossl #usr/share/man/man3/SSL_load_client_CA_file_ex.3ossl #usr/share/man/man3/SSL_load_error_strings.3ossl #usr/share/man/man3/SSL_net_read_desired.3ossl #usr/share/man/man3/SSL_net_write_desired.3ossl #usr/share/man/man3/SSL_new.3ossl +#usr/share/man/man3/SSL_new_domain.3ossl +#usr/share/man/man3/SSL_new_from_listener.3ossl +#usr/share/man/man3/SSL_new_listener.3ossl +#usr/share/man/man3/SSL_new_listener_from.3ossl #usr/share/man/man3/SSL_new_session_ticket.3ossl #usr/share/man/man3/SSL_new_stream.3ossl #usr/share/man/man3/SSL_peek.3ossl @@ -5755,6 +5955,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_set_mode.3ossl #usr/share/man/man3/SSL_set_msg_callback.3ossl #usr/share/man/man3/SSL_set_msg_callback_arg.3ossl +#usr/share/man/man3/SSL_set_new_pending_conn_cb_fn.3ossl #usr/share/man/man3/SSL_set_num_tickets.3ossl #usr/share/man/man3/SSL_set_options.3ossl #usr/share/man/man3/SSL_set_post_handshake_auth.3ossl @@ -5763,6 +5964,9 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/SSL_set_psk_server_callback.3ossl #usr/share/man/man3/SSL_set_psk_use_session_callback.3ossl #usr/share/man/man3/SSL_set_purpose.3ossl +#usr/share/man/man3/SSL_set_quic_tls_cbs.3ossl +#usr/share/man/man3/SSL_set_quic_tls_early_data_enabled.3ossl +#usr/share/man/man3/SSL_set_quic_tls_transport_params.3ossl #usr/share/man/man3/SSL_set_quiet_shutdown.3ossl #usr/share/man/man3/SSL_set_read_ahead.3ossl #usr/share/man/man3/SSL_set_record_padding_callback.3ossl @@ -6194,6 +6398,18 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/X509_PUBKEY_set.3ossl #usr/share/man/man3/X509_PUBKEY_set0_param.3ossl #usr/share/man/man3/X509_PUBKEY_set0_public_key.3ossl +#usr/share/man/man3/X509_PURPOSE_add.3ossl +#usr/share/man/man3/X509_PURPOSE_cleanup.3ossl +#usr/share/man/man3/X509_PURPOSE_get0.3ossl +#usr/share/man/man3/X509_PURPOSE_get0_name.3ossl +#usr/share/man/man3/X509_PURPOSE_get0_sname.3ossl +#usr/share/man/man3/X509_PURPOSE_get_by_id.3ossl +#usr/share/man/man3/X509_PURPOSE_get_by_sname.3ossl +#usr/share/man/man3/X509_PURPOSE_get_count.3ossl +#usr/share/man/man3/X509_PURPOSE_get_id.3ossl +#usr/share/man/man3/X509_PURPOSE_get_trust.3ossl +#usr/share/man/man3/X509_PURPOSE_get_unused_id.3ossl +#usr/share/man/man3/X509_PURPOSE_set.3ossl #usr/share/man/man3/X509_REQ_INFO_free.3ossl #usr/share/man/man3/X509_REQ_INFO_new.3ossl #usr/share/man/man3/X509_REQ_add1_attr.3ossl @@ -6393,6 +6609,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/X509_VERIFY_PARAM_get_flags.3ossl #usr/share/man/man3/X509_VERIFY_PARAM_get_hostflags.3ossl #usr/share/man/man3/X509_VERIFY_PARAM_get_inh_flags.3ossl +#usr/share/man/man3/X509_VERIFY_PARAM_get_purpose.3ossl #usr/share/man/man3/X509_VERIFY_PARAM_get_time.3ossl #usr/share/man/man3/X509_VERIFY_PARAM_set1_email.3ossl #usr/share/man/man3/X509_VERIFY_PARAM_set1_host.3ossl @@ -6631,7 +6848,18 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/d2i_OCSP_SERVICELOC.3ossl #usr/share/man/man3/d2i_OCSP_SIGNATURE.3ossl #usr/share/man/man3/d2i_OCSP_SINGLERESP.3ossl +#usr/share/man/man3/d2i_OSSL_AA_DIST_POINT.3ossl +#usr/share/man/man3/d2i_OSSL_ALLOWED_ATTRIBUTES_CHOICE.3ossl +#usr/share/man/man3/d2i_OSSL_ALLOWED_ATTRIBUTES_ITEM.3ossl +#usr/share/man/man3/d2i_OSSL_ALLOWED_ATTRIBUTES_SYNTAX.3ossl +#usr/share/man/man3/d2i_OSSL_ATAV.3ossl #usr/share/man/man3/d2i_OSSL_ATTRIBUTES_SYNTAX.3ossl +#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_DESCRIPTOR.3ossl +#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_MAPPING.3ossl +#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_MAPPINGS.3ossl +#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_TYPE_MAPPING.3ossl +#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_VALUE_MAPPING.3ossl +#usr/share/man/man3/d2i_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX.3ossl #usr/share/man/man3/d2i_OSSL_BASIC_ATTR_CONSTRAINTS.3ossl #usr/share/man/man3/d2i_OSSL_CMP_ATAVS.3ossl #usr/share/man/man3/d2i_OSSL_CMP_MSG.3ossl @@ -6640,19 +6868,37 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/d2i_OSSL_CMP_PKISI.3ossl #usr/share/man/man3/d2i_OSSL_CRMF_CERTID.3ossl #usr/share/man/man3/d2i_OSSL_CRMF_CERTTEMPLATE.3ossl +#usr/share/man/man3/d2i_OSSL_CRMF_ENCRYPTEDKEY.3ossl #usr/share/man/man3/d2i_OSSL_CRMF_ENCRYPTEDVALUE.3ossl #usr/share/man/man3/d2i_OSSL_CRMF_MSG.3ossl #usr/share/man/man3/d2i_OSSL_CRMF_MSGS.3ossl #usr/share/man/man3/d2i_OSSL_CRMF_PBMPARAMETER.3ossl #usr/share/man/man3/d2i_OSSL_CRMF_PKIPUBLICATIONINFO.3ossl #usr/share/man/man3/d2i_OSSL_CRMF_SINGLEPUBINFO.3ossl +#usr/share/man/man3/d2i_OSSL_DAY_TIME.3ossl +#usr/share/man/man3/d2i_OSSL_DAY_TIME_BAND.3ossl +#usr/share/man/man3/d2i_OSSL_HASH.3ossl #usr/share/man/man3/d2i_OSSL_IETF_ATTR_SYNTAX.3ossl +#usr/share/man/man3/d2i_OSSL_INFO_SYNTAX.3ossl +#usr/share/man/man3/d2i_OSSL_INFO_SYNTAX_POINTER.3ossl #usr/share/man/man3/d2i_OSSL_ISSUER_SERIAL.3ossl +#usr/share/man/man3/d2i_OSSL_NAMED_DAY.3ossl #usr/share/man/man3/d2i_OSSL_OBJECT_DIGEST_INFO.3ossl +#usr/share/man/man3/d2i_OSSL_PRIVILEGE_POLICY_ID.3ossl +#usr/share/man/man3/d2i_OSSL_ROLE_SPEC_CERT_ID.3ossl +#usr/share/man/man3/d2i_OSSL_ROLE_SPEC_CERT_ID_SYNTAX.3ossl #usr/share/man/man3/d2i_OSSL_TARGET.3ossl #usr/share/man/man3/d2i_OSSL_TARGETING_INFORMATION.3ossl #usr/share/man/man3/d2i_OSSL_TARGETS.3ossl #usr/share/man/man3/d2i_OSSL_TARGET_CERT.3ossl +#usr/share/man/man3/d2i_OSSL_TIME_PERIOD.3ossl +#usr/share/man/man3/d2i_OSSL_TIME_SPEC.3ossl +#usr/share/man/man3/d2i_OSSL_TIME_SPEC_ABSOLUTE.3ossl +#usr/share/man/man3/d2i_OSSL_TIME_SPEC_DAY.3ossl +#usr/share/man/man3/d2i_OSSL_TIME_SPEC_MONTH.3ossl +#usr/share/man/man3/d2i_OSSL_TIME_SPEC_TIME.3ossl +#usr/share/man/man3/d2i_OSSL_TIME_SPEC_WEEKS.3ossl +#usr/share/man/man3/d2i_OSSL_TIME_SPEC_X_DAY_OF.3ossl #usr/share/man/man3/d2i_OSSL_USER_NOTICE_SYNTAX.3ossl #usr/share/man/man3/d2i_OTHERNAME.3ossl #usr/share/man/man3/d2i_PBE2PARAM.3ossl @@ -6868,7 +7114,18 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/i2d_OCSP_SERVICELOC.3ossl #usr/share/man/man3/i2d_OCSP_SIGNATURE.3ossl #usr/share/man/man3/i2d_OCSP_SINGLERESP.3ossl +#usr/share/man/man3/i2d_OSSL_AA_DIST_POINT.3ossl +#usr/share/man/man3/i2d_OSSL_ALLOWED_ATTRIBUTES_CHOICE.3ossl +#usr/share/man/man3/i2d_OSSL_ALLOWED_ATTRIBUTES_ITEM.3ossl +#usr/share/man/man3/i2d_OSSL_ALLOWED_ATTRIBUTES_SYNTAX.3ossl +#usr/share/man/man3/i2d_OSSL_ATAV.3ossl #usr/share/man/man3/i2d_OSSL_ATTRIBUTES_SYNTAX.3ossl +#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_DESCRIPTOR.3ossl +#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_MAPPING.3ossl +#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_MAPPINGS.3ossl +#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_TYPE_MAPPING.3ossl +#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_VALUE_MAPPING.3ossl +#usr/share/man/man3/i2d_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX.3ossl #usr/share/man/man3/i2d_OSSL_BASIC_ATTR_CONSTRAINTS.3ossl #usr/share/man/man3/i2d_OSSL_CMP_ATAVS.3ossl #usr/share/man/man3/i2d_OSSL_CMP_MSG.3ossl @@ -6877,19 +7134,37 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/i2d_OSSL_CMP_PKISI.3ossl #usr/share/man/man3/i2d_OSSL_CRMF_CERTID.3ossl #usr/share/man/man3/i2d_OSSL_CRMF_CERTTEMPLATE.3ossl +#usr/share/man/man3/i2d_OSSL_CRMF_ENCRYPTEDKEY.3ossl #usr/share/man/man3/i2d_OSSL_CRMF_ENCRYPTEDVALUE.3ossl #usr/share/man/man3/i2d_OSSL_CRMF_MSG.3ossl #usr/share/man/man3/i2d_OSSL_CRMF_MSGS.3ossl #usr/share/man/man3/i2d_OSSL_CRMF_PBMPARAMETER.3ossl #usr/share/man/man3/i2d_OSSL_CRMF_PKIPUBLICATIONINFO.3ossl #usr/share/man/man3/i2d_OSSL_CRMF_SINGLEPUBINFO.3ossl +#usr/share/man/man3/i2d_OSSL_DAY_TIME.3ossl +#usr/share/man/man3/i2d_OSSL_DAY_TIME_BAND.3ossl +#usr/share/man/man3/i2d_OSSL_HASH.3ossl #usr/share/man/man3/i2d_OSSL_IETF_ATTR_SYNTAX.3ossl +#usr/share/man/man3/i2d_OSSL_INFO_SYNTAX.3ossl +#usr/share/man/man3/i2d_OSSL_INFO_SYNTAX_POINTER.3ossl #usr/share/man/man3/i2d_OSSL_ISSUER_SERIAL.3ossl +#usr/share/man/man3/i2d_OSSL_NAMED_DAY.3ossl #usr/share/man/man3/i2d_OSSL_OBJECT_DIGEST_INFO.3ossl +#usr/share/man/man3/i2d_OSSL_PRIVILEGE_POLICY_ID.3ossl +#usr/share/man/man3/i2d_OSSL_ROLE_SPEC_CERT_ID.3ossl +#usr/share/man/man3/i2d_OSSL_ROLE_SPEC_CERT_ID_SYNTAX.3ossl #usr/share/man/man3/i2d_OSSL_TARGET.3ossl #usr/share/man/man3/i2d_OSSL_TARGETING_INFORMATION.3ossl #usr/share/man/man3/i2d_OSSL_TARGETS.3ossl #usr/share/man/man3/i2d_OSSL_TARGET_CERT.3ossl +#usr/share/man/man3/i2d_OSSL_TIME_PERIOD.3ossl +#usr/share/man/man3/i2d_OSSL_TIME_SPEC.3ossl +#usr/share/man/man3/i2d_OSSL_TIME_SPEC_ABSOLUTE.3ossl +#usr/share/man/man3/i2d_OSSL_TIME_SPEC_DAY.3ossl +#usr/share/man/man3/i2d_OSSL_TIME_SPEC_MONTH.3ossl +#usr/share/man/man3/i2d_OSSL_TIME_SPEC_TIME.3ossl +#usr/share/man/man3/i2d_OSSL_TIME_SPEC_WEEKS.3ossl +#usr/share/man/man3/i2d_OSSL_TIME_SPEC_X_DAY_OF.3ossl #usr/share/man/man3/i2d_OSSL_USER_NOTICE_SYNTAX.3ossl #usr/share/man/man3/i2d_OTHERNAME.3ossl #usr/share/man/man3/i2d_PBE2PARAM.3ossl @@ -7096,6 +7371,10 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man7/EVP_KDF-X942-CONCAT.7ossl #usr/share/man/man7/EVP_KDF-X963.7ossl #usr/share/man/man7/EVP_KEM-EC.7ossl +#usr/share/man/man7/EVP_KEM-ML-KEM-1024.7ossl +#usr/share/man/man7/EVP_KEM-ML-KEM-512.7ossl +#usr/share/man/man7/EVP_KEM-ML-KEM-768.7ossl +#usr/share/man/man7/EVP_KEM-ML-KEM.7ossl #usr/share/man/man7/EVP_KEM-RSA.7ossl #usr/share/man/man7/EVP_KEM-X25519.7ossl #usr/share/man/man7/EVP_KEM-X448.7ossl @@ -7111,8 +7390,14 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man7/EVP_KEYMGMT-ED25519.7ossl #usr/share/man/man7/EVP_KEYMGMT-ED448.7ossl #usr/share/man/man7/EVP_KEYMGMT-HMAC.7ossl +#usr/share/man/man7/EVP_KEYMGMT-ML-DSA.7ossl +#usr/share/man/man7/EVP_KEYMGMT-ML-KEM-1024.7ossl +#usr/share/man/man7/EVP_KEYMGMT-ML-KEM-512.7ossl +#usr/share/man/man7/EVP_KEYMGMT-ML-KEM-768.7ossl +#usr/share/man/man7/EVP_KEYMGMT-ML-KEM.7ossl #usr/share/man/man7/EVP_KEYMGMT-Poly1305.7ossl #usr/share/man/man7/EVP_KEYMGMT-RSA.7ossl +#usr/share/man/man7/EVP_KEYMGMT-SLH-DSA.7ossl #usr/share/man/man7/EVP_KEYMGMT-SM2.7ossl #usr/share/man/man7/EVP_KEYMGMT-Siphash.7ossl #usr/share/man/man7/EVP_KEYMGMT-X25519.7ossl @@ -7154,8 +7439,29 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man7/EVP_PKEY-ED448.7ossl #usr/share/man/man7/EVP_PKEY-FFC.7ossl #usr/share/man/man7/EVP_PKEY-HMAC.7ossl +#usr/share/man/man7/EVP_PKEY-ML-DSA-44.7ossl +#usr/share/man/man7/EVP_PKEY-ML-DSA-65.7ossl +#usr/share/man/man7/EVP_PKEY-ML-DSA-87.7ossl +#usr/share/man/man7/EVP_PKEY-ML-DSA.7ossl +#usr/share/man/man7/EVP_PKEY-ML-KEM-1024.7ossl +#usr/share/man/man7/EVP_PKEY-ML-KEM-512.7ossl +#usr/share/man/man7/EVP_PKEY-ML-KEM-768.7ossl +#usr/share/man/man7/EVP_PKEY-ML-KEM.7ossl #usr/share/man/man7/EVP_PKEY-Poly1305.7ossl #usr/share/man/man7/EVP_PKEY-RSA.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-128f.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-128s.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-192f.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-192s.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-256f.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-256s.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-128f.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-128s.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-192f.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-192s.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-256f.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-256s.7ossl +#usr/share/man/man7/EVP_PKEY-SLH-DSA.7ossl #usr/share/man/man7/EVP_PKEY-SM2.7ossl #usr/share/man/man7/EVP_PKEY-Siphash.7ossl #usr/share/man/man7/EVP_PKEY-X25519.7ossl @@ -7174,8 +7480,25 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man7/EVP_SIGNATURE-ED25519.7ossl #usr/share/man/man7/EVP_SIGNATURE-ED448.7ossl #usr/share/man/man7/EVP_SIGNATURE-HMAC.7ossl +#usr/share/man/man7/EVP_SIGNATURE-ML-DSA-44.7ossl +#usr/share/man/man7/EVP_SIGNATURE-ML-DSA-65.7ossl +#usr/share/man/man7/EVP_SIGNATURE-ML-DSA-87.7ossl +#usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ossl #usr/share/man/man7/EVP_SIGNATURE-Poly1305.7ossl #usr/share/man/man7/EVP_SIGNATURE-RSA.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-128f.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-128s.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-192f.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-192s.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-256f.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-256s.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-128f.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-128s.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-192f.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-192s.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-256f.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-256s.7ossl +#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ossl #usr/share/man/man7/EVP_SIGNATURE-Siphash.7ossl #usr/share/man/man7/Ed25519.7ossl #usr/share/man/man7/Ed448.7ossl @@ -7212,6 +7535,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man7/openssl-env.7ossl #usr/share/man/man7/openssl-glossary.7ossl #usr/share/man/man7/openssl-qlog.7ossl +#usr/share/man/man7/openssl-quic-concurrency.7ossl #usr/share/man/man7/openssl-quic.7ossl #usr/share/man/man7/openssl-threads.7ossl #usr/share/man/man7/openssl_user_macros.7ossl @@ -7224,6 +7548,8 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man7/ossl-guide-quic-client-non-block.7ossl #usr/share/man/man7/ossl-guide-quic-introduction.7ossl #usr/share/man/man7/ossl-guide-quic-multi-stream.7ossl +#usr/share/man/man7/ossl-guide-quic-server-block.7ossl +#usr/share/man/man7/ossl-guide-quic-server-non-block.7ossl #usr/share/man/man7/ossl-guide-tls-client-block.7ossl #usr/share/man/man7/ossl-guide-tls-client-non-block.7ossl #usr/share/man/man7/ossl-guide-tls-introduction.7ossl @@ -7246,6 +7572,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man7/provider-object.7ossl #usr/share/man/man7/provider-rand.7ossl #usr/share/man/man7/provider-signature.7ossl +#usr/share/man/man7/provider-skeymgmt.7ossl #usr/share/man/man7/provider-storemgmt.7ossl #usr/share/man/man7/provider.7ossl #usr/share/man/man7/proxy-certificates.7ossl diff --git a/config/rootfiles/common/protobuf b/config/rootfiles/common/protobuf index db247dfeba..897f8cc33c 100644 --- a/config/rootfiles/common/protobuf +++ b/config/rootfiles/common/protobuf @@ -1,11 +1,11 @@ #usr/bin/protoc -#usr/bin/protoc-29.3.0 +usr/bin/protoc-30.2.0 #usr/bin/protoc-gen-upb -#usr/bin/protoc-gen-upb-29.3.0 +usr/bin/protoc-gen-upb-30.2.0 #usr/bin/protoc-gen-upb_minitable -#usr/bin/protoc-gen-upb_minitable-29.3.0 +usr/bin/protoc-gen-upb_minitable-30.2.0 #usr/bin/protoc-gen-upbdefs -#usr/bin/protoc-gen-upbdefs-29.3.0 +usr/bin/protoc-gen-upbdefs-30.2.0 #usr/include/google #usr/include/google/protobuf #usr/include/google/protobuf/any.h @@ -24,110 +24,31 @@ #usr/include/google/protobuf/compiler/code_generator_lite.h #usr/include/google/protobuf/compiler/command_line_interface.h #usr/include/google/protobuf/compiler/cpp -#usr/include/google/protobuf/compiler/cpp/enum.h -#usr/include/google/protobuf/compiler/cpp/extension.h -#usr/include/google/protobuf/compiler/cpp/field.h -#usr/include/google/protobuf/compiler/cpp/field_generators -#usr/include/google/protobuf/compiler/cpp/field_generators/generators.h -#usr/include/google/protobuf/compiler/cpp/file.h #usr/include/google/protobuf/compiler/cpp/generator.h #usr/include/google/protobuf/compiler/cpp/helpers.h -#usr/include/google/protobuf/compiler/cpp/ifndef_guard.h -#usr/include/google/protobuf/compiler/cpp/message.h -#usr/include/google/protobuf/compiler/cpp/message_layout_helper.h #usr/include/google/protobuf/compiler/cpp/names.h -#usr/include/google/protobuf/compiler/cpp/namespace_printer.h #usr/include/google/protobuf/compiler/cpp/options.h -#usr/include/google/protobuf/compiler/cpp/padding_optimizer.h -#usr/include/google/protobuf/compiler/cpp/parse_function_generator.h -#usr/include/google/protobuf/compiler/cpp/service.h -#usr/include/google/protobuf/compiler/cpp/tracker.h #usr/include/google/protobuf/compiler/csharp -#usr/include/google/protobuf/compiler/csharp/csharp_doc_comment.h -#usr/include/google/protobuf/compiler/csharp/csharp_enum.h -#usr/include/google/protobuf/compiler/csharp/csharp_enum_field.h -#usr/include/google/protobuf/compiler/csharp/csharp_field_base.h #usr/include/google/protobuf/compiler/csharp/csharp_generator.h -#usr/include/google/protobuf/compiler/csharp/csharp_helpers.h -#usr/include/google/protobuf/compiler/csharp/csharp_map_field.h -#usr/include/google/protobuf/compiler/csharp/csharp_message.h -#usr/include/google/protobuf/compiler/csharp/csharp_message_field.h -#usr/include/google/protobuf/compiler/csharp/csharp_options.h -#usr/include/google/protobuf/compiler/csharp/csharp_primitive_field.h -#usr/include/google/protobuf/compiler/csharp/csharp_reflection_class.h -#usr/include/google/protobuf/compiler/csharp/csharp_repeated_enum_field.h -#usr/include/google/protobuf/compiler/csharp/csharp_repeated_message_field.h -#usr/include/google/protobuf/compiler/csharp/csharp_repeated_primitive_field.h -#usr/include/google/protobuf/compiler/csharp/csharp_source_generator_base.h -#usr/include/google/protobuf/compiler/csharp/csharp_wrapper_field.h #usr/include/google/protobuf/compiler/csharp/names.h #usr/include/google/protobuf/compiler/importer.h #usr/include/google/protobuf/compiler/java #usr/include/google/protobuf/compiler/java/context.h #usr/include/google/protobuf/compiler/java/doc_comment.h -#usr/include/google/protobuf/compiler/java/field_common.h -#usr/include/google/protobuf/compiler/java/file.h -#usr/include/google/protobuf/compiler/java/full -#usr/include/google/protobuf/compiler/java/full/enum.h -#usr/include/google/protobuf/compiler/java/full/enum_field.h -#usr/include/google/protobuf/compiler/java/full/extension.h -#usr/include/google/protobuf/compiler/java/full/field_generator.h -#usr/include/google/protobuf/compiler/java/full/generator_factory.h -#usr/include/google/protobuf/compiler/java/full/make_field_gens.h -#usr/include/google/protobuf/compiler/java/full/map_field.h -#usr/include/google/protobuf/compiler/java/full/message.h -#usr/include/google/protobuf/compiler/java/full/message_builder.h -#usr/include/google/protobuf/compiler/java/full/message_field.h -#usr/include/google/protobuf/compiler/java/full/primitive_field.h -#usr/include/google/protobuf/compiler/java/full/service.h -#usr/include/google/protobuf/compiler/java/full/string_field.h #usr/include/google/protobuf/compiler/java/generator.h -#usr/include/google/protobuf/compiler/java/generator_common.h -#usr/include/google/protobuf/compiler/java/generator_factory.h #usr/include/google/protobuf/compiler/java/helpers.h -#usr/include/google/protobuf/compiler/java/internal_helpers.h #usr/include/google/protobuf/compiler/java/java_features.pb.h -#usr/include/google/protobuf/compiler/java/lite -#usr/include/google/protobuf/compiler/java/lite/enum.h -#usr/include/google/protobuf/compiler/java/lite/enum_field.h -#usr/include/google/protobuf/compiler/java/lite/extension.h -#usr/include/google/protobuf/compiler/java/lite/field_generator.h -#usr/include/google/protobuf/compiler/java/lite/generator_factory.h -#usr/include/google/protobuf/compiler/java/lite/make_field_gens.h -#usr/include/google/protobuf/compiler/java/lite/map_field.h -#usr/include/google/protobuf/compiler/java/lite/message.h -#usr/include/google/protobuf/compiler/java/lite/message_builder.h -#usr/include/google/protobuf/compiler/java/lite/message_field.h -#usr/include/google/protobuf/compiler/java/lite/primitive_field.h -#usr/include/google/protobuf/compiler/java/lite/string_field.h -#usr/include/google/protobuf/compiler/java/message_serialization.h #usr/include/google/protobuf/compiler/java/name_resolver.h #usr/include/google/protobuf/compiler/java/names.h #usr/include/google/protobuf/compiler/java/options.h -#usr/include/google/protobuf/compiler/java/shared_code_generator.h #usr/include/google/protobuf/compiler/kotlin -#usr/include/google/protobuf/compiler/kotlin/file.h #usr/include/google/protobuf/compiler/kotlin/generator.h -#usr/include/google/protobuf/compiler/kotlin/message.h +#usr/include/google/protobuf/compiler/notices.h #usr/include/google/protobuf/compiler/objectivec -#usr/include/google/protobuf/compiler/objectivec/enum.h -#usr/include/google/protobuf/compiler/objectivec/enum_field.h -#usr/include/google/protobuf/compiler/objectivec/extension.h -#usr/include/google/protobuf/compiler/objectivec/field.h -#usr/include/google/protobuf/compiler/objectivec/file.h #usr/include/google/protobuf/compiler/objectivec/generator.h -#usr/include/google/protobuf/compiler/objectivec/helpers.h -#usr/include/google/protobuf/compiler/objectivec/import_writer.h #usr/include/google/protobuf/compiler/objectivec/line_consumer.h -#usr/include/google/protobuf/compiler/objectivec/map_field.h -#usr/include/google/protobuf/compiler/objectivec/message.h -#usr/include/google/protobuf/compiler/objectivec/message_field.h #usr/include/google/protobuf/compiler/objectivec/names.h #usr/include/google/protobuf/compiler/objectivec/nsobject_methods.h -#usr/include/google/protobuf/compiler/objectivec/oneof.h -#usr/include/google/protobuf/compiler/objectivec/options.h -#usr/include/google/protobuf/compiler/objectivec/primitive_field.h -#usr/include/google/protobuf/compiler/objectivec/tf_decode_data.h #usr/include/google/protobuf/compiler/parser.h #usr/include/google/protobuf/compiler/php #usr/include/google/protobuf/compiler/php/names.h @@ -137,29 +58,10 @@ #usr/include/google/protobuf/compiler/plugin.proto #usr/include/google/protobuf/compiler/python #usr/include/google/protobuf/compiler/python/generator.h -#usr/include/google/protobuf/compiler/python/helpers.h #usr/include/google/protobuf/compiler/python/pyi_generator.h #usr/include/google/protobuf/compiler/retention.h #usr/include/google/protobuf/compiler/ruby #usr/include/google/protobuf/compiler/ruby/ruby_generator.h -#usr/include/google/protobuf/compiler/rust -#usr/include/google/protobuf/compiler/rust/accessors -#usr/include/google/protobuf/compiler/rust/accessors/accessor_case.h -#usr/include/google/protobuf/compiler/rust/accessors/accessors.h -#usr/include/google/protobuf/compiler/rust/accessors/default_value.h -#usr/include/google/protobuf/compiler/rust/accessors/generator.h -#usr/include/google/protobuf/compiler/rust/accessors/with_presence.h -#usr/include/google/protobuf/compiler/rust/context.h -#usr/include/google/protobuf/compiler/rust/crate_mapping.h -#usr/include/google/protobuf/compiler/rust/enum.h -#usr/include/google/protobuf/compiler/rust/generator.h -#usr/include/google/protobuf/compiler/rust/message.h -#usr/include/google/protobuf/compiler/rust/naming.h -#usr/include/google/protobuf/compiler/rust/oneof.h -#usr/include/google/protobuf/compiler/rust/relative_path.h -#usr/include/google/protobuf/compiler/rust/rust_field_type.h -#usr/include/google/protobuf/compiler/rust/rust_keywords.h -#usr/include/google/protobuf/compiler/rust/upb_helpers.h #usr/include/google/protobuf/compiler/scc.h #usr/include/google/protobuf/compiler/subprocess.h #usr/include/google/protobuf/compiler/versions.h @@ -264,8 +166,6 @@ #usr/include/google/protobuf/stubs/platform_macros.h #usr/include/google/protobuf/stubs/port.h #usr/include/google/protobuf/stubs/status_macros.h -#usr/include/google/protobuf/testing -#usr/include/google/protobuf/testing/file.h #usr/include/google/protobuf/text_format.h #usr/include/google/protobuf/thread_safe_arena.h #usr/include/google/protobuf/timestamp.pb.h @@ -408,6 +308,7 @@ #usr/include/upb/reflection/oneof_def.h #usr/include/upb/reflection/service_def.h #usr/include/upb/text +#usr/include/upb/text/debug_string.h #usr/include/upb/text/encode.h #usr/include/upb/text/internal #usr/include/upb/text/internal/encode.h @@ -424,12 +325,6 @@ #usr/include/upb/wire/internal/decode_fast.h #usr/include/upb/wire/reader.h #usr/include/upb/wire/types.h -#usr/include/upb_generator -#usr/include/upb_generator/common -#usr/include/upb_generator/common/names.h -#usr/include/upb_generator/minitable -#usr/include/upb_generator/minitable/names.h -#usr/include/upb_generator/minitable/names_internal.h #usr/include/utf8_range.h #usr/include/utf8_validity.h #usr/lib/cmake/protobuf @@ -445,14 +340,16 @@ #usr/lib/cmake/utf8_range/utf8_range-targets-noconfig.cmake #usr/lib/cmake/utf8_range/utf8_range-targets.cmake #usr/lib/libprotobuf-lite.so -usr/lib/libprotobuf-lite.so.29.3.0 +usr/lib/libprotobuf-lite.so.30.2.0 #usr/lib/libprotobuf.so -usr/lib/libprotobuf.so.29.3.0 +usr/lib/libprotobuf.so.30.2.0 #usr/lib/libprotoc.so -usr/lib/libprotoc.so.29.3.0 +usr/lib/libprotoc.so.30.2.0 #usr/lib/libupb.a usr/lib/libutf8_range.so +usr/lib/libutf8_range.so.30.2.0 usr/lib/libutf8_validity.so +usr/lib/libutf8_validity.so.30.2.0 #usr/lib/pkgconfig/protobuf-lite.pc #usr/lib/pkgconfig/protobuf.pc #usr/lib/pkgconfig/upb.pc diff --git a/config/rootfiles/common/riscv64/initscripts b/config/rootfiles/common/riscv64/initscripts index 4ee77ba210..11cfaf2be8 100644 --- a/config/rootfiles/common/riscv64/initscripts +++ b/config/rootfiles/common/riscv64/initscripts @@ -91,6 +91,7 @@ etc/rc.d/init.d/udev_retry etc/rc.d/init.d/unbound etc/rc.d/init.d/vnstat etc/rc.d/init.d/waitdrives +etc/rc.d/init.d/wireguard etc/rc.d/init.d/wlanclient #etc/rc.d/rc0.d etc/rc.d/rc0.d/K01grub-btrfsd @@ -101,6 +102,7 @@ etc/rc.d/rc0.d/K30sshd etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat +etc/rc.d/rc0.d/K70wireguard etc/rc.d/rc0.d/K77conntrackd etc/rc.d/rc0.d/K78suricata etc/rc.d/rc0.d/K79leds @@ -132,6 +134,7 @@ etc/rc.d/rc3.d/S24cyrus-sasl etc/rc.d/rc3.d/S30sshd etc/rc.d/rc3.d/S32apache etc/rc.d/rc3.d/S40fcron +etc/rc.d/rc3.d/S50wireguard etc/rc.d/rc3.d/S98rc.local etc/rc.d/rc3.d/S99grub-btrfsd #etc/rc.d/rc3.d/S99vdradmin @@ -144,6 +147,7 @@ etc/rc.d/rc6.d/K30sshd etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat +etc/rc.d/rc6.d/K70wireguard etc/rc.d/rc6.d/K77conntrackd etc/rc.d/rc6.d/K78suricata etc/rc.d/rc6.d/K79leds diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index 816241daee..aa31491d24 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -87,6 +87,7 @@ srv/web/ipfire/cgi-bin/wakeonlan.cgi srv/web/ipfire/cgi-bin/webaccess.cgi #srv/web/ipfire/cgi-bin/wio.cgi #srv/web/ipfire/cgi-bin/wiographs.cgi +srv/web/ipfire/cgi-bin/wireguard.cgi srv/web/ipfire/cgi-bin/wireless.cgi srv/web/ipfire/cgi-bin/wirelessclient.cgi #srv/web/ipfire/cgi-bin/wlanap.cgi diff --git a/config/rootfiles/common/wireguard-tools b/config/rootfiles/common/wireguard-tools new file mode 100644 index 0000000000..46225828d7 --- /dev/null +++ b/config/rootfiles/common/wireguard-tools @@ -0,0 +1,4 @@ +etc/fcron.cyclic/wg-dynamic +usr/bin/wg +#usr/share/bash-completion/completions/wg +#usr/share/man/man8/wg.8 diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 4ee77ba210..11cfaf2be8 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -91,6 +91,7 @@ etc/rc.d/init.d/udev_retry etc/rc.d/init.d/unbound etc/rc.d/init.d/vnstat etc/rc.d/init.d/waitdrives +etc/rc.d/init.d/wireguard etc/rc.d/init.d/wlanclient #etc/rc.d/rc0.d etc/rc.d/rc0.d/K01grub-btrfsd @@ -101,6 +102,7 @@ etc/rc.d/rc0.d/K30sshd etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat +etc/rc.d/rc0.d/K70wireguard etc/rc.d/rc0.d/K77conntrackd etc/rc.d/rc0.d/K78suricata etc/rc.d/rc0.d/K79leds @@ -132,6 +134,7 @@ etc/rc.d/rc3.d/S24cyrus-sasl etc/rc.d/rc3.d/S30sshd etc/rc.d/rc3.d/S32apache etc/rc.d/rc3.d/S40fcron +etc/rc.d/rc3.d/S50wireguard etc/rc.d/rc3.d/S98rc.local etc/rc.d/rc3.d/S99grub-btrfsd #etc/rc.d/rc3.d/S99vdradmin @@ -144,6 +147,7 @@ etc/rc.d/rc6.d/K30sshd etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat +etc/rc.d/rc6.d/K70wireguard etc/rc.d/rc6.d/K77conntrackd etc/rc.d/rc6.d/K78suricata etc/rc.d/rc6.d/K79leds diff --git a/config/rootfiles/core/195/filelists/btrfs-progs b/config/rootfiles/core/195/filelists/btrfs-progs new file mode 120000 index 0000000000..d7a2f6f524 --- /dev/null +++ b/config/rootfiles/core/195/filelists/btrfs-progs @@ -0,0 +1 @@ +../../../common/btrfs-progs \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/coreutils b/config/rootfiles/core/195/filelists/coreutils new file mode 120000 index 0000000000..7351ed2cf5 --- /dev/null +++ b/config/rootfiles/core/195/filelists/coreutils @@ -0,0 +1 @@ +../../../common/coreutils \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/files b/config/rootfiles/core/195/filelists/files index ca8972dd2e..cdab4957a6 100644 --- a/config/rootfiles/core/195/filelists/files +++ b/config/rootfiles/core/195/filelists/files @@ -1,6 +1,24 @@ +etc/fcron.cyclic/wg-dynamic +etc/rc.d/init.d/firewall +etc/rc.d/init.d/networking/functions.network +etc/rc.d/init.d/wireguard +lib/udev/network-aqm opt/pakfire/lib/functions.pl srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/firewall.cgi +srv/web/ipfire/cgi-bin/fwhosts.cgi srv/web/ipfire/cgi-bin/pakfire.cgi +srv/web/ipfire/cgi-bin/services.cgi +srv/web/ipfire/cgi-bin/wireguard.cgi +srv/web/ipfire/html/themes/ipfire/include/css/style.css +usr/lib/firewall/firewall-lib.pl +usr/local/bin/wireguardctrl +usr/sbin/firewall-policy +var/ipfire/backup/bin/backup.pl var/ipfire/general-functions.pl +var/ipfire/header.pl var/ipfire/http-client-functions.pl var/ipfire/ids-functions.pl +var/ipfire/ipblocklist/sources +var/ipfire/menu.d/40-services.menu +var/ipfire/wireguard-functions.pl diff --git a/config/rootfiles/core/195/filelists/fontconfig b/config/rootfiles/core/195/filelists/fontconfig new file mode 120000 index 0000000000..6daeffdd05 --- /dev/null +++ b/config/rootfiles/core/195/filelists/fontconfig @@ -0,0 +1 @@ +../../../common/fontconfig \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/libcap b/config/rootfiles/core/195/filelists/libcap new file mode 120000 index 0000000000..ed67d950a8 --- /dev/null +++ b/config/rootfiles/core/195/filelists/libcap @@ -0,0 +1 @@ +../../../common/libcap \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/libffi b/config/rootfiles/core/195/filelists/libffi new file mode 120000 index 0000000000..c391acd0cb --- /dev/null +++ b/config/rootfiles/core/195/filelists/libffi @@ -0,0 +1 @@ +../../../common/libffi \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/libgpg-error b/config/rootfiles/core/195/filelists/libgpg-error new file mode 120000 index 0000000000..cad431339f --- /dev/null +++ b/config/rootfiles/core/195/filelists/libgpg-error @@ -0,0 +1 @@ +../../../common/libgpg-error \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/openssh b/config/rootfiles/core/195/filelists/openssh new file mode 120000 index 0000000000..d8c77fd8e7 --- /dev/null +++ b/config/rootfiles/core/195/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/openssl b/config/rootfiles/core/195/filelists/openssl new file mode 120000 index 0000000000..e011a9266c --- /dev/null +++ b/config/rootfiles/core/195/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/protobuf b/config/rootfiles/core/195/filelists/protobuf new file mode 120000 index 0000000000..e04ed90e7e --- /dev/null +++ b/config/rootfiles/core/195/filelists/protobuf @@ -0,0 +1 @@ +../../../common/protobuf \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/protobuf-c b/config/rootfiles/core/195/filelists/protobuf-c new file mode 120000 index 0000000000..5435540d52 --- /dev/null +++ b/config/rootfiles/core/195/filelists/protobuf-c @@ -0,0 +1 @@ +../../../common/protobuf-c \ No newline at end of file diff --git a/config/rootfiles/core/195/filelists/wireguard-tools b/config/rootfiles/core/195/filelists/wireguard-tools new file mode 120000 index 0000000000..412bf8c385 --- /dev/null +++ b/config/rootfiles/core/195/filelists/wireguard-tools @@ -0,0 +1 @@ +../../../common/wireguard-tools \ No newline at end of file diff --git a/config/rootfiles/core/195/update.sh b/config/rootfiles/core/195/update.sh index ee9b534976..eb7a672b93 100644 --- a/config/rootfiles/core/195/update.sh +++ b/config/rootfiles/core/195/update.sh @@ -41,13 +41,39 @@ extract_files # update linker config ldconfig +# Create the Wireguard configuration directory +if [ ! -d "/var/ipfire/wireguard" ]; then + mkdir -pv "/var/ipfire/wireguard" + chown nobody:nobody "/var/ipfire/wireguard" +fi + # Update Language cache /usr/local/bin/update-lang-cache # Filesytem cleanup /usr/local/bin/filesystem-cleanup +# Remove any entry for 3CORESEC_SSH, 3CORESEC_SCAN or 3CORESEC_WEB from the ipblocklist modified file +# and the associated ipblocklist files from the /var/lib/ipblocklist directory +sed -i '/3CORESEC_SSH=/d' /var/ipfire/ipblocklist/modified +if [ -e /var/lib/ipblocklist/3CORESEC_SSH.conf ]; then + rm /var/lib/ipblocklist/3CORESEC_SSH.conf +fi +sed -i '/3CORESEC_SCAN=/d' /var/ipfire/ipblocklist/modified +if [ -e /var/lib/ipblocklist/3CORESEC_SCAN.conf ]; then + rm /var/lib/ipblocklist/3CORESEC_SCAN.conf +fi +sed -i '/3CORESEC_WEB=/d' /var/ipfire/ipblocklist/modified +if [ -e /var/lib/ipblocklist/3CORESEC_WEB.conf ]; then + rm /var/lib/ipblocklist/3CORESEC_WEB.conf +fi + +# Apply SSH configuration +/usr/local/bin/sshctrl + # Start services +/etc/init.d/firewall restart +/etc/init.d/sshd restart # This update needs a reboot... #touch /var/run/need_reboot diff --git a/config/rootfiles/packages/alsa b/config/rootfiles/packages/alsa index f61fd8fdd3..938091b936 100644 --- a/config/rootfiles/packages/alsa +++ b/config/rootfiles/packages/alsa @@ -185,24 +185,29 @@ usr/share/alsa/pcm/surround51.conf usr/share/alsa/pcm/surround71.conf #usr/share/alsa/ucm2 #usr/share/alsa/ucm2/AMD +#usr/share/alsa/ucm2/AMD/acp-da7219-rt5682-max98357 +usr/share/alsa/ucm2/AMD/acp-da7219-rt5682-max98357/HiFi.conf +usr/share/alsa/ucm2/AMD/acp-da7219-rt5682-max98357/acp-da7219-rt5682-max98357.conf +#usr/share/alsa/ucm2/AMD/acp3x-alc5682-alc1015 +usr/share/alsa/ucm2/AMD/acp3x-alc5682-alc1015/HiFi.conf +usr/share/alsa/ucm2/AMD/acp3x-alc5682-alc1015/acp3x-alc5682-alc1015.conf +#usr/share/alsa/ucm2/AMD/acp3x-alc5682-max98357 +usr/share/alsa/ucm2/AMD/acp3x-alc5682-max98357/HiFi.conf +usr/share/alsa/ucm2/AMD/acp3x-alc5682-max98357/acp3x-alc5682-max98357.conf #usr/share/alsa/ucm2/AMD/acp3x-es83xx usr/share/alsa/ucm2/AMD/acp3x-es83xx/HiFi.conf usr/share/alsa/ucm2/AMD/acp3x-es83xx/acp3x-es83xx.conf -usr/share/alsa/ucm2/AMD/acp3xalc5682m98 -usr/share/alsa/ucm2/AMD/acp3xalc5682m98/HiFi.conf -usr/share/alsa/ucm2/AMD/acp3xalc5682m98/acp3xalc5682m98.conf #usr/share/alsa/ucm2/AMD/acp5x usr/share/alsa/ucm2/AMD/acp5x/HiFi.conf usr/share/alsa/ucm2/AMD/acp5x/acp5x.conf -#usr/share/alsa/ucm2/AMD/acpd7219m98357 -usr/share/alsa/ucm2/AMD/acpd7219m98357/HiFi.conf -usr/share/alsa/ucm2/AMD/acpd7219m98357/acpd7219m98357.conf #usr/share/alsa/ucm2/Allwinner #usr/share/alsa/ucm2/Allwinner/A64 #usr/share/alsa/ucm2/Allwinner/A64/PinePhone usr/share/alsa/ucm2/Allwinner/A64/PinePhone/HiFi.conf usr/share/alsa/ucm2/Allwinner/A64/PinePhone/PinePhone.conf usr/share/alsa/ucm2/Allwinner/A64/PinePhone/VoiceCall.conf +#usr/share/alsa/ucm2/Allwinner/sun4i-h616 +usr/share/alsa/ucm2/Allwinner/sun4i-h616/HiFi.conf #usr/share/alsa/ucm2/Amlogic #usr/share/alsa/ucm2/Amlogic/p241 usr/share/alsa/ucm2/Amlogic/p241/p241-HiFi.conf @@ -212,13 +217,23 @@ usr/share/alsa/ucm2/Amlogic/p241/p241.conf #usr/share/alsa/ucm2/HDA/DualCodecs usr/share/alsa/ucm2/HDA/DualCodecs/DualCodecs.conf usr/share/alsa/ucm2/HDA/DualCodecs/HiFi.conf -usr/share/alsa/ucm2/HDA/HDA-Capture-value.conf usr/share/alsa/ucm2/HDA/HDA.conf usr/share/alsa/ucm2/HDA/Hdmi.conf usr/share/alsa/ucm2/HDA/HiFi-acp.conf usr/share/alsa/ucm2/HDA/HiFi-analog.conf +usr/share/alsa/ucm2/HDA/HiFi-mic.conf usr/share/alsa/ucm2/HDA/HiFi.conf usr/share/alsa/ucm2/HDA/init.conf +#usr/share/alsa/ucm2/IO-Boards +#usr/share/alsa/ucm2/IO-Boards/Toradex +#usr/share/alsa/ucm2/IO-Boards/Toradex/apalis +usr/share/alsa/ucm2/IO-Boards/Toradex/apalis/eval-HiFi.conf +usr/share/alsa/ucm2/IO-Boards/Toradex/apalis/eval.conf +#usr/share/alsa/ucm2/IO-Boards/Toradex/verdin +usr/share/alsa/ucm2/IO-Boards/Toradex/verdin/dahlia-HiFi.conf +usr/share/alsa/ucm2/IO-Boards/Toradex/verdin/dahlia.conf +usr/share/alsa/ucm2/IO-Boards/Toradex/verdin/dev-HiFi.conf +usr/share/alsa/ucm2/IO-Boards/Toradex/verdin/dev.conf #usr/share/alsa/ucm2/Intel #usr/share/alsa/ucm2/Intel/SOF usr/share/alsa/ucm2/Intel/SOF/HiFi.conf @@ -340,8 +355,16 @@ usr/share/alsa/ucm2/Intel/sof-glkda7219max/sof-glkda7219max.conf usr/share/alsa/ucm2/Intel/sof-hda-dsp/Hdmi.conf usr/share/alsa/ucm2/Intel/sof-hda-dsp/HiFi-sof.conf usr/share/alsa/ucm2/Intel/sof-hda-dsp/HiFi.conf +usr/share/alsa/ucm2/Intel/sof-hda-dsp/dsp.conf usr/share/alsa/ucm2/Intel/sof-hda-dsp/sof-hda-dsp.conf #usr/share/alsa/ucm2/MediaTek +#usr/share/alsa/ucm2/MediaTek/mt8183 +#usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_da7219_rt1015p +usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_da7219_rt1015p/HiFi.conf +usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_da7219_rt1015p/mt8183_da7219_rt1015p.conf +#usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_mt6358_ts3a227_max98357 +usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_mt6358_ts3a227_max98357/HiFi.conf +usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_mt6358_ts3a227_max98357/mt8183_mt6358_ts3a227_max98357.conf #usr/share/alsa/ucm2/MediaTek/mt8192 #usr/share/alsa/ucm2/MediaTek/mt8192/mt6359-rt1015p-rt5682 usr/share/alsa/ucm2/MediaTek/mt8192/mt6359-rt1015p-rt5682/HiFi.conf @@ -364,7 +387,10 @@ usr/share/alsa/ucm2/MediaTek/mt8370-evk/HiFi.conf usr/share/alsa/ucm2/MediaTek/mt8370-evk/mt8370-evk.conf #usr/share/alsa/ucm2/MediaTek/mt8390-evk usr/share/alsa/ucm2/MediaTek/mt8390-evk/HiFi.conf +usr/share/alsa/ucm2/MediaTek/mt8390-evk/init.conf usr/share/alsa/ucm2/MediaTek/mt8390-evk/mt8390-evk.conf +#usr/share/alsa/ucm2/MediaTek/mt8390-evk/sof +usr/share/alsa/ucm2/MediaTek/mt8390-evk/sof/sof-mt8390-evk.conf #usr/share/alsa/ucm2/MediaTek/mt8395-evk usr/share/alsa/ucm2/MediaTek/mt8395-evk/HiFi.conf usr/share/alsa/ucm2/MediaTek/mt8395-evk/mt8395-evk.conf @@ -374,6 +400,19 @@ usr/share/alsa/ucm2/MediaTek/mtk-rt5650/HiFi.conf usr/share/alsa/ucm2/MediaTek/mtk-rt5650/init.conf usr/share/alsa/ucm2/MediaTek/mtk-rt5650/mtk-rt5650.conf #usr/share/alsa/ucm2/NXP +#usr/share/alsa/ucm2/NXP/iMX6 +#usr/share/alsa/ucm2/NXP/iMX6/Toradex +#usr/share/alsa/ucm2/NXP/iMX6/Toradex/apalis-imx6 +usr/share/alsa/ucm2/NXP/iMX6/Toradex/apalis-imx6/HiFi.conf +usr/share/alsa/ucm2/NXP/iMX6/Toradex/apalis-imx6/apalis-imx6.conf +#usr/share/alsa/ucm2/NXP/iMX6/Toradex/colibri-imx6 +usr/share/alsa/ucm2/NXP/iMX6/Toradex/colibri-imx6/HiFi.conf +usr/share/alsa/ucm2/NXP/iMX6/Toradex/colibri-imx6/colibri-imx6.conf +#usr/share/alsa/ucm2/NXP/iMX7 +#usr/share/alsa/ucm2/NXP/iMX7/Toradex +#usr/share/alsa/ucm2/NXP/iMX7/Toradex/colibri-imx7 +usr/share/alsa/ucm2/NXP/iMX7/Toradex/colibri-imx7/HiFi.conf +usr/share/alsa/ucm2/NXP/iMX7/Toradex/colibri-imx7/colibri-imx7.conf #usr/share/alsa/ucm2/NXP/iMX8 #usr/share/alsa/ucm2/NXP/iMX8/Librem_5 usr/share/alsa/ucm2/NXP/iMX8/Librem_5/HiFi.conf @@ -381,6 +420,15 @@ usr/share/alsa/ucm2/NXP/iMX8/Librem_5/Librem 5.conf #usr/share/alsa/ucm2/NXP/iMX8/Librem_5_Devkit usr/share/alsa/ucm2/NXP/iMX8/Librem_5_Devkit/HiFi.conf usr/share/alsa/ucm2/NXP/iMX8/Librem_5_Devkit/Librem 5 Devkit.conf +#usr/share/alsa/ucm2/NXP/iMX8/Toradex +#usr/share/alsa/ucm2/NXP/iMX8/Toradex/apalis-imx8 +usr/share/alsa/ucm2/NXP/iMX8/Toradex/apalis-imx8/HiFi.conf +usr/share/alsa/ucm2/NXP/iMX8/Toradex/apalis-imx8/apalis-imx8.conf +#usr/share/alsa/ucm2/NXP/iMX8X +#usr/share/alsa/ucm2/NXP/iMX8X/Toradex +#usr/share/alsa/ucm2/NXP/iMX8X/Toradex/colibri-imx8x +usr/share/alsa/ucm2/NXP/iMX8X/Toradex/colibri-imx8x/HiFi.conf +usr/share/alsa/ucm2/NXP/iMX8X/Toradex/colibri-imx8x/colibri-imx8x.conf #usr/share/alsa/ucm2/OMAP #usr/share/alsa/ucm2/OMAP/abe-twl6040 #usr/share/alsa/ucm2/OMAP/abe-twl6040/Pandaboard @@ -409,6 +457,14 @@ usr/share/alsa/ucm2/Qualcomm/apq8016-sbc/apq8016-sbc.conf usr/share/alsa/ucm2/Qualcomm/apq8096/HDMI.conf usr/share/alsa/ucm2/Qualcomm/apq8096/HiFi.conf usr/share/alsa/ucm2/Qualcomm/apq8096/apq8096.conf +#usr/share/alsa/ucm2/Qualcomm/qcm6490 +#usr/share/alsa/ucm2/Qualcomm/qcm6490/QCM6490-IDP +usr/share/alsa/ucm2/Qualcomm/qcm6490/QCM6490-IDP/HiFi.conf +usr/share/alsa/ucm2/Qualcomm/qcm6490/QCM6490-IDP/QCM6490-IDP.conf +#usr/share/alsa/ucm2/Qualcomm/qcs6490 +#usr/share/alsa/ucm2/Qualcomm/qcs6490/QCS6490-RB3Gen2 +usr/share/alsa/ucm2/Qualcomm/qcs6490/QCS6490-RB3Gen2/HiFi.conf +usr/share/alsa/ucm2/Qualcomm/qcs6490/QCS6490-RB3Gen2/QCS6490-RB3Gen2.conf #usr/share/alsa/ucm2/Qualcomm/sc7180 #usr/share/alsa/ucm2/Qualcomm/sc7180/adau7002-max98357a usr/share/alsa/ucm2/Qualcomm/sc7180/adau7002-max98357a/HiFi.conf @@ -442,9 +498,18 @@ usr/share/alsa/ucm2/Qualcomm/sm8650/MTP/SM8650-MTP.conf #usr/share/alsa/ucm2/Qualcomm/sm8650/QRD usr/share/alsa/ucm2/Qualcomm/sm8650/QRD/HiFi.conf usr/share/alsa/ucm2/Qualcomm/sm8650/QRD/SM8650-QRD.conf +#usr/share/alsa/ucm2/Qualcomm/sm8750 +#usr/share/alsa/ucm2/Qualcomm/sm8750/MTP +usr/share/alsa/ucm2/Qualcomm/sm8750/MTP/HiFi.conf +usr/share/alsa/ucm2/Qualcomm/sm8750/MTP/SM8750-MTP.conf #usr/share/alsa/ucm2/Qualcomm/x1e80100 usr/share/alsa/ucm2/Qualcomm/x1e80100/HiFi.conf +usr/share/alsa/ucm2/Qualcomm/x1e80100/LENOVO-Slim-7x.conf +usr/share/alsa/ucm2/Qualcomm/x1e80100/LENOVO-T14s.conf +usr/share/alsa/ucm2/Qualcomm/x1e80100/Slim7x-HiFi.conf +usr/share/alsa/ucm2/Qualcomm/x1e80100/T14s-HiFi.conf usr/share/alsa/ucm2/Qualcomm/x1e80100/X1E80100-CRD.conf +usr/share/alsa/ucm2/Qualcomm/x1e80100/x1e80100.conf #usr/share/alsa/ucm2/README.md #usr/share/alsa/ucm2/Rockchip #usr/share/alsa/ucm2/Rockchip/es8316 @@ -534,7 +599,10 @@ usr/share/alsa/ucm2/USB-Audio/Dell/WD15-Dock.conf usr/share/alsa/ucm2/USB-Audio/Digidesign/Digidesign-Mbox-3-HiFi.conf usr/share/alsa/ucm2/USB-Audio/Digidesign/Digidesign-Mbox-3.conf #usr/share/alsa/ucm2/USB-Audio/Focusrite +usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-18i20-HiFi.conf +usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-18i20.conf usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-2i-HiFi.conf +usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-2i-gen4-HiFi.conf usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-2i.conf #usr/share/alsa/ucm2/USB-Audio/Gigabyte usr/share/alsa/ucm2/USB-Audio/Gigabyte/Aorus-Master-Main-Audio-HiFi.conf @@ -542,6 +610,9 @@ usr/share/alsa/ucm2/USB-Audio/Gigabyte/Aorus-Master-Main-Audio.conf #usr/share/alsa/ucm2/USB-Audio/GoXLR usr/share/alsa/ucm2/USB-Audio/GoXLR/GoXLR-HiFi.conf usr/share/alsa/ucm2/USB-Audio/GoXLR/GoXLR.conf +#usr/share/alsa/ucm2/USB-Audio/HyperX +usr/share/alsa/ucm2/USB-Audio/HyperX/SoloCast-HiFi.conf +usr/share/alsa/ucm2/USB-Audio/HyperX/SoloCast.conf #usr/share/alsa/ucm2/USB-Audio/Lenovo usr/share/alsa/ucm2/USB-Audio/Lenovo/ThinkStation-P620-Main-HiFi.conf usr/share/alsa/ucm2/USB-Audio/Lenovo/ThinkStation-P620-Main.conf @@ -561,6 +632,12 @@ usr/share/alsa/ucm2/USB-Audio/MOTU/UltraLite-mk5.conf #usr/share/alsa/ucm2/USB-Audio/NativeInstruments usr/share/alsa/ucm2/USB-Audio/NativeInstruments/Traktor-Kontrol-Z1-Mixer.conf usr/share/alsa/ucm2/USB-Audio/NativeInstruments/Traktor-Kontrol-Z1.conf +#usr/share/alsa/ucm2/USB-Audio/Presonus +usr/share/alsa/ucm2/USB-Audio/Presonus/Revelator-IO-44-HiFi.conf +usr/share/alsa/ucm2/USB-Audio/Presonus/Revelator-IO-44.conf +#usr/share/alsa/ucm2/USB-Audio/RME +usr/share/alsa/ucm2/USB-Audio/RME/Fireface-UCX-II-HiFi.conf +usr/share/alsa/ucm2/USB-Audio/RME/Fireface-UCX-II.conf #usr/share/alsa/ucm2/USB-Audio/Rane usr/share/alsa/ucm2/USB-Audio/Rane/SL-1-HiFi.conf usr/share/alsa/ucm2/USB-Audio/Rane/SL-1.conf @@ -574,6 +651,10 @@ usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCast-Hifi.conf usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCast.conf usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCastV2-Hifi.conf usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCastV2.conf +usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCastXV2-Hifi.conf +usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCastXV2.conf +usr/share/alsa/ucm2/USB-Audio/Roland/Quad-Capture-HiFi.conf +usr/share/alsa/ucm2/USB-Audio/Roland/Quad-Capture.conf #usr/share/alsa/ucm2/USB-Audio/SolidStateLabs usr/share/alsa/ucm2/USB-Audio/SolidStateLabs/SSL2-HiFi.conf usr/share/alsa/ucm2/USB-Audio/SolidStateLabs/SSL2.conf @@ -589,6 +670,9 @@ usr/share/alsa/ucm2/USB-Audio/Steinberg/UR24C-HiFi.conf usr/share/alsa/ucm2/USB-Audio/Steinberg/UR24C.conf usr/share/alsa/ucm2/USB-Audio/Steinberg/UR44-HiFi.conf usr/share/alsa/ucm2/USB-Audio/Steinberg/UR44.conf +#usr/share/alsa/ucm2/USB-Audio/TASCAM +usr/share/alsa/ucm2/USB-Audio/TASCAM/Model12-HiFi.conf +usr/share/alsa/ucm2/USB-Audio/TASCAM/Model12.conf usr/share/alsa/ucm2/USB-Audio/USB-Audio.conf #usr/share/alsa/ucm2/USB-Audio/UniversalAudio usr/share/alsa/ucm2/USB-Audio/UniversalAudio/Volt2-HiFi.conf @@ -598,32 +682,46 @@ usr/share/alsa/ucm2/USB-Audio/UniversalAudio/Volt2.conf #usr/share/alsa/ucm2/blobs/sof/ipc3 #usr/share/alsa/ucm2/blobs/sof/ipc3/eq_fir #usr/share/alsa/ucm2/blobs/sof/ipc3/eq_fir/README.md -#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_fir/pass.blob +#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_fir/pass.bin #usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir #usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/README.md -#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_100hz_0db_48khz.blob -#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_20hz_0db_48khz.blob -#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_50hz_0db_48khz.blob -#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/pass.blob +#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_100hz_0db_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_20hz_0db_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_50hz_0db_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/pass.bin #usr/share/alsa/ucm2/blobs/sof/ipc4 #usr/share/alsa/ucm2/blobs/sof/ipc4/drc #usr/share/alsa/ucm2/blobs/sof/ipc4/drc/README.md -#usr/share/alsa/ucm2/blobs/sof/ipc4/drc/passthrough.blob -#usr/share/alsa/ucm2/blobs/sof/ipc4/drc/speaker_default.blob +#usr/share/alsa/ucm2/blobs/sof/ipc4/drc/passthrough.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/drc/speaker_default.bin #usr/share/alsa/ucm2/blobs/sof/ipc4/eq_fir #usr/share/alsa/ucm2/blobs/sof/ipc4/eq_fir/README.md -#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_fir/pass.blob +#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_fir/pass.bin #usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir #usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/README.md -#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_100hz_0db_48khz.blob -#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_20hz_0db_48khz.blob -#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_50hz_0db_48khz.blob -#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/pass.blob +#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_100hz_0db_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_20hz_0db_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_50hz_0db_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/pass.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb +#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/README.md +#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_50mm_pm5_15_30_90deg_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_68mm_pm5_15_30_90deg_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_74mm_pm5_15_30_90deg_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_generic_pm10deg_48khz.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_pass.bin +#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line4_pass.bin #usr/share/alsa/ucm2/blobs/sof/product_configs #usr/share/alsa/ucm2/blobs/sof/product_configs/AAEON usr/share/alsa/ucm2/blobs/sof/product_configs/AAEON/UPX-TGL01.conf #usr/share/alsa/ucm2/codecs +#usr/share/alsa/ucm2/codecs/cs35l56 +#usr/share/alsa/ucm2/codecs/cs35l56-bridge +usr/share/alsa/ucm2/codecs/cs35l56-bridge/init.conf +usr/share/alsa/ucm2/codecs/cs35l56/init.conf #usr/share/alsa/ucm2/codecs/cs42l43 +#usr/share/alsa/ucm2/codecs/cs42l43-dmic +usr/share/alsa/ucm2/codecs/cs42l43-dmic/init.conf usr/share/alsa/ucm2/codecs/cs42l43/init.conf #usr/share/alsa/ucm2/codecs/cx2072x usr/share/alsa/ucm2/codecs/cx2072x/DisableSeq.conf @@ -687,6 +785,8 @@ usr/share/alsa/ucm2/codecs/qcom-lpass/wsa-macro/Wsa2SpeakerEnableSeq.conf #usr/share/alsa/ucm2/codecs/qcom-lpass/wsa-macro/four-speakers usr/share/alsa/ucm2/codecs/qcom-lpass/wsa-macro/four-speakers/init.conf usr/share/alsa/ucm2/codecs/qcom-lpass/wsa-macro/init.conf +#usr/share/alsa/ucm2/codecs/rt1318 +usr/share/alsa/ucm2/codecs/rt1318/init.conf #usr/share/alsa/ucm2/codecs/rt5640 usr/share/alsa/ucm2/codecs/rt5640/DigitalMics.conf usr/share/alsa/ucm2/codecs/rt5640/EnableSeq.conf @@ -820,6 +920,7 @@ usr/share/alsa/ucm2/codecs/wsa884x/two-speakers/SpeakerSeq.conf usr/share/alsa/ucm2/codecs/wsa884x/two-speakers/init.conf #usr/share/alsa/ucm2/common #usr/share/alsa/ucm2/common/ctl +usr/share/alsa/ucm2/common/ctl/led.conf usr/share/alsa/ucm2/common/ctl/remap.conf usr/share/alsa/ucm2/common/direct-verb.conf usr/share/alsa/ucm2/common/direct.conf @@ -850,6 +951,8 @@ usr/share/alsa/ucm2/conf.d/acp-pdm-mach/acp-pdm-mach.conf usr/share/alsa/ucm2/conf.d/acp/acp.conf #usr/share/alsa/ucm2/conf.d/acp3x-es83xx usr/share/alsa/ucm2/conf.d/acp3x-es83xx/acp3x-es83xx.conf +#usr/share/alsa/ucm2/conf.d/acp3xalc5682101 +usr/share/alsa/ucm2/conf.d/acp3xalc5682101/acp3xalc5682101.conf #usr/share/alsa/ucm2/conf.d/acp3xalc5682m98 usr/share/alsa/ucm2/conf.d/acp3xalc5682m98/acp3xalc5682m98.conf #usr/share/alsa/ucm2/conf.d/acp5x @@ -862,6 +965,8 @@ usr/share/alsa/ucm2/conf.d/acp63/acp63.conf usr/share/alsa/ucm2/conf.d/acp6x/acp6x.conf #usr/share/alsa/ucm2/conf.d/acpd7219m98357 usr/share/alsa/ucm2/conf.d/acpd7219m98357/acpd7219m98357.conf +#usr/share/alsa/ucm2/conf.d/amd-soundwire +usr/share/alsa/ucm2/conf.d/amd-soundwire/amd-soundwire.conf #usr/share/alsa/ucm2/conf.d/apq8096 usr/share/alsa/ucm2/conf.d/apq8096/DB820c.conf #usr/share/alsa/ucm2/conf.d/avs_da7219 @@ -920,6 +1025,9 @@ usr/share/alsa/ucm2/conf.d/chtnau8824/chtnau8824.conf usr/share/alsa/ucm2/conf.d/chtrt5645/chtrt5645.conf #usr/share/alsa/ucm2/conf.d/chtrt5650 usr/share/alsa/ucm2/conf.d/chtrt5650/chtrt5650.conf +#usr/share/alsa/ucm2/conf.d/fsl-asoc-card +usr/share/alsa/ucm2/conf.d/fsl-asoc-card/apalis-imx6.conf +usr/share/alsa/ucm2/conf.d/fsl-asoc-card/colibri-imx6.conf #usr/share/alsa/ucm2/conf.d/gx-sound-card usr/share/alsa/ucm2/conf.d/gx-sound-card/GXL-P241.conf usr/share/alsa/ucm2/conf.d/gx-sound-card/LIBRETECH-CC.conf @@ -929,6 +1037,10 @@ usr/share/alsa/ucm2/conf.d/hda-dsp/hda-dsp.conf usr/share/alsa/ucm2/conf.d/hdaudioB0D2/hdaudioB0D2.conf #usr/share/alsa/ucm2/conf.d/kblrt5660 usr/share/alsa/ucm2/conf.d/kblrt5660/kblrt5660.conf +#usr/share/alsa/ucm2/conf.d/mt8183_da7219_r +usr/share/alsa/ucm2/conf.d/mt8183_da7219_r/mt8183_da7219_r.conf +#usr/share/alsa/ucm2/conf.d/mt8183_mt6358_t +usr/share/alsa/ucm2/conf.d/mt8183_mt6358_t/mt8183_mt6358_t.conf #usr/share/alsa/ucm2/conf.d/mt8192_mt6359 usr/share/alsa/ucm2/conf.d/mt8192_mt6359/mt8192_mt6359_rt1015p_rt5682.conf #usr/share/alsa/ucm2/conf.d/mt8195_demo @@ -943,6 +1055,10 @@ usr/share/alsa/ucm2/conf.d/mt8390-evk/mt8390-evk.conf usr/share/alsa/ucm2/conf.d/mt8395-evk/mt8395-evk.conf #usr/share/alsa/ucm2/conf.d/mtk-rt5650 usr/share/alsa/ucm2/conf.d/mtk-rt5650/mtk-rt5650.conf +#usr/share/alsa/ucm2/conf.d/qcm6490 +usr/share/alsa/ucm2/conf.d/qcm6490/QCM6490-IDP.conf +#usr/share/alsa/ucm2/conf.d/qcs6490 +usr/share/alsa/ucm2/conf.d/qcs6490/QCS6490-RB3Gen2.conf #usr/share/alsa/ucm2/conf.d/rk3399-gru-soun usr/share/alsa/ucm2/conf.d/rk3399-gru-soun/rk3399-gru-soun.conf #usr/share/alsa/ucm2/conf.d/rk3588-es8316 @@ -958,9 +1074,15 @@ usr/share/alsa/ucm2/conf.d/sdm845/LENOVO-81JL-LenovoYOGAC630_13Q50-LNVNB161216.c usr/share/alsa/ucm2/conf.d/simple-card/Librem 5 Devkit.conf usr/share/alsa/ucm2/conf.d/simple-card/Librem 5.conf usr/share/alsa/ucm2/conf.d/simple-card/PinePhone.conf +usr/share/alsa/ucm2/conf.d/simple-card/apalis-imx8.conf +usr/share/alsa/ucm2/conf.d/simple-card/apalis-nau8822.conf +usr/share/alsa/ucm2/conf.d/simple-card/colibri-imx7.conf +usr/share/alsa/ucm2/conf.d/simple-card/colibri-imx8x.conf usr/share/alsa/ucm2/conf.d/simple-card/rk817_ext.conf usr/share/alsa/ucm2/conf.d/simple-card/rk817_int.conf usr/share/alsa/ucm2/conf.d/simple-card/rockchip,es8316-codec.conf +usr/share/alsa/ucm2/conf.d/simple-card/verdin-nau8822.conf +usr/share/alsa/ucm2/conf.d/simple-card/verdin-wm8904.conf #usr/share/alsa/ucm2/conf.d/skylake-rt286 usr/share/alsa/ucm2/conf.d/skylake-rt286/skylake-rt286.conf #usr/share/alsa/ucm2/conf.d/sm8250 @@ -970,6 +1092,8 @@ usr/share/alsa/ucm2/conf.d/sm8550/SM8550-HDK.conf #usr/share/alsa/ucm2/conf.d/sm8650 usr/share/alsa/ucm2/conf.d/sm8650/SM8650-MTP.conf usr/share/alsa/ucm2/conf.d/sm8650/SM8650-QRD.conf +#usr/share/alsa/ucm2/conf.d/sm8750 +usr/share/alsa/ucm2/conf.d/sm8750/SM8750-MTP.conf #usr/share/alsa/ucm2/conf.d/sof-ehl-rt5660 usr/share/alsa/ucm2/conf.d/sof-ehl-rt5660/sof-ehl-rt5660.conf #usr/share/alsa/ucm2/conf.d/sof-essx8336 @@ -983,9 +1107,13 @@ usr/share/alsa/ucm2/conf.d/sof-hda-dsp/sof-skl_hda_card.conf usr/share/alsa/ucm2/conf.d/sof-m8195_r1019/sof-m8195_r1019_5682s.conf #usr/share/alsa/ucm2/conf.d/sof-mt8195_r101 usr/share/alsa/ucm2/conf.d/sof-mt8195_r101/sof-mt8195_r1019_5682.conf +#usr/share/alsa/ucm2/conf.d/sof-mt8390-evk +usr/share/alsa/ucm2/conf.d/sof-mt8390-evk/sof-mt8390-evk.conf #usr/share/alsa/ucm2/conf.d/sof-skl_hda_card #usr/share/alsa/ucm2/conf.d/sof-soundwire usr/share/alsa/ucm2/conf.d/sof-soundwire/sof-soundwire.conf +#usr/share/alsa/ucm2/conf.d/sun4i-codec +usr/share/alsa/ucm2/conf.d/sun4i-codec/h616-audio-codec.conf #usr/share/alsa/ucm2/conf.d/tegra #usr/share/alsa/ucm2/conf.d/tegra-hda usr/share/alsa/ucm2/conf.d/tegra-hda/tegra-hda.conf @@ -1005,6 +1133,7 @@ usr/share/alsa/ucm2/conf.d/tegra/LG Optimus 4X HD MAX98089.conf usr/share/alsa/ucm2/conf.d/tegra/LG Optimus Vu MAX98089.conf #usr/share/alsa/ucm2/conf.d/x1e80100 usr/share/alsa/ucm2/conf.d/x1e80100/X1E80100-CRD.conf +usr/share/alsa/ucm2/conf.d/x1e80100/x1e80100.conf #usr/share/alsa/ucm2/conf.virt.d usr/share/alsa/ucm2/conf.virt.d/.gitignore #usr/share/alsa/ucm2/lib @@ -1063,7 +1192,6 @@ usr/share/alsa/ucm2/ucm.conf #usr/share/locale/sk/LC_MESSAGES/alsa-utils.mo #usr/share/man/fr/man8/alsaconf.8 #usr/share/man/man1/aconnect.1 -#usr/share/man/man1/alsa-info.sh.1 #usr/share/man/man1/alsabat.1 #usr/share/man/man1/alsactl.1 #usr/share/man/man1/alsaloop.1 @@ -1085,6 +1213,7 @@ usr/share/alsa/ucm2/ucm.conf #usr/share/man/man1/iecset.1 #usr/share/man/man1/nhlt-dmic-info.1 #usr/share/man/man1/speaker-test.1 +#usr/share/man/man8/alsa-info.sh.8 #usr/share/man/man8/alsaconf.8 #usr/share/sounds usr/share/sounds/alsa diff --git a/config/udev/network-aqm b/config/udev/network-aqm index 36355cfc6b..aad49abbea 100644 --- a/config/udev/network-aqm +++ b/config/udev/network-aqm @@ -79,6 +79,11 @@ case "${ACTION}" in exit 0 ;; + # Ignore WireGuard + wg[0-9]*,*) + exit 0 + ;; + # Handle dial-up connections on RED ppp*,512) args+=( "cake" "internet" "conservative" "ack-filter" ) diff --git a/config/wireguard/wg-dynamic b/config/wireguard/wg-dynamic new file mode 100644 index 0000000000..d67abbca28 --- /dev/null +++ b/config/wireguard/wg-dynamic @@ -0,0 +1,122 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2024 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### +# # +# This script tries to keep WireGuard connections with dynamic peers alive # +# # +# It resolves the endpoint if it is an FQDN, and if so, will check if the # +# currently connected endpoint matches any of the resolved IP addresses. If # +# not it will reload the WireGuard configuration in the hope that wg will # +# update the kernel with the new IP address and the connection comes back up # +# again. # +# # +############################################################################### + +. /etc/sysconfig/rc +. ${rc_functions} + +# Fetches the first endpoint that is currently active on the given interface +current_endpoint() { + local intf="${1}" + + local pubkey + local endpoint + + # List the first endpoint (are there even more than one?) + wg show "${intf}" endpoints | while read -r pubkey endpoint; do + echo "${endpoint%:*}" + break + done + + return 0 +} + +# Resolves a hostname +resolve() { + local endpoint="${1}" + + dig +short "A" "${endpoint}" 2>/dev/null +} + +main() { + local -A settings=() + + # Read WireGuard settings + readhash settings /var/ipfire/wireguard/settings + + # Do nothing if WireGuard is not enabled + if [ "${settings[ENABLED]}" != "on" ]; then + return 0 + fi + + local line + while IFS=',' read -r -a line; do + local id="${line[0]}" + local enabled="${line[1]}" + local type="${line[2]}" + local name="${line[3]}" + local endpoint="${line[7]}" + + # Only process enabled net-to-net connections + case "${enabled},${type}" in + on,net) + ;; + *) + continue + ;; + esac + + # The endpoint must be an FQDN + case "${endpoint}" in + # Ignore IP addresses + [0-9]*.[0-9]*.[0-9]*.[0-9]*) + continue + ;; + + # Ignore if we don't know the endpoint + "") + continue + ;; + esac + + local address + local match=0 + + # Fetch the current endpoint address + local current_address="$(current_endpoint "wg${id}")" + + # Walk through all IP addresses the FQDN resolves to + for address in $(resolve "${endpoint}"); do + if [ "${current_address}" = "${address}" ]; then + match=1 + break + fi + done + + # If there has been no match, we have to reload everything + if [ "${match}" -eq 0 ]; then + exec /etc/init.d/wireguard reload + fi + done < /var/ipfire/wireguard/peers + + return 0 +} + +main "$@" || exit $? diff --git a/doc/language_issues.de b/doc/language_issues.de index b5309f41ba..090850fbe7 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -184,7 +184,6 @@ WARNING: translation string unused: could not open installed updates file WARNING: translation string unused: could not open update information file WARNING: translation string unused: cpu frequency per WARNING: translation string unused: cpu usage per -WARNING: translation string unused: create WARNING: translation string unused: create mask WARNING: translation string unused: create new backup WARNING: translation string unused: current media @@ -631,6 +630,7 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install +WARNING: translation string unused: pakfire accept all WARNING: translation string unused: pakfire core update auto WARNING: translation string unused: pakfire dependecies found WARNING: translation string unused: pakfire health check @@ -896,6 +896,8 @@ WARNING: translation string unused: webradio playlist WARNING: translation string unused: week WARNING: translation string unused: week-graph WARNING: translation string unused: weekly firewallhits +WARNING: translation string unused: wg download configuration +WARNING: translation string unused: wg show configuration qrcode WARNING: translation string unused: wildcards WARNING: translation string unused: wins server WARNING: translation string unused: wins support @@ -938,6 +940,7 @@ WARNING: untranslated string: access point name = Access Point Name WARNING: untranslated string: access point name is invalid = Access Point Name is invalid WARNING: untranslated string: access point name is required = Access Point Name is required WARNING: untranslated string: aliases default interface = - Default Interface - +WARNING: untranslated string: allowed subnets = Allowed Subnets WARNING: untranslated string: ca name must only contain characters and spaces = unknown string WARNING: untranslated string: cake profile bridged-llcsnap 32 = Bridged LLC SNAP (32 bytes) WARNING: untranslated string: cake profile bridged-ptm 19 = Bridged PTM (19 bytes) @@ -961,11 +964,15 @@ WARNING: untranslated string: download apple profile = Download Apple Configurat WARNING: untranslated string: enable = Enable WARNING: untranslated string: enable disable client = unknown string WARNING: untranslated string: enable disable dyndns = unknown string +WARNING: untranslated string: endpoint = Endpoint +WARNING: untranslated string: endpoint address = Endpoint Address +WARNING: untranslated string: endpoint port = Endpoint Port WARNING: untranslated string: error message = unknown string WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date! WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only) WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string WARNING: untranslated string: guardian block ssh brute-force = unknown string @@ -1004,6 +1011,7 @@ WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation +WARNING: untranslated string: local subnets = Local Subnets WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon @@ -1012,12 +1020,17 @@ WARNING: untranslated string: oops something went wrong = Oops, something went w WARNING: untranslated string: optional = Optional WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server WARNING: untranslated string: pakfire invalid tree = Invalid repository selected +WARNING: untranslated string: public key = Public Key +WARNING: untranslated string: qr code = QR Code WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. +WARNING: untranslated string: remarks = Remarks +WARNING: untranslated string: remote subnets = Remote Subnets WARNING: untranslated string: required = Required WARNING: untranslated string: route config changed = unknown string +WARNING: untranslated string: routing = Routing WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: samba server role member = Domain Member @@ -1026,6 +1039,34 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: subscription code = Subscription code WARNING: untranslated string: user management = User Management +WARNING: untranslated string: wg client pool = Client Pool +WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer +WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer +WARNING: untranslated string: wg dns = DNS +WARNING: untranslated string: wg download configuration file = Download the configuration file +WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer +WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer +WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings +WARNING: untranslated string: wg invalid client dns = Invalid client DNS address +WARNING: untranslated string: wg invalid client pool = Invalid client pool +WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address +WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port +WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535) +WARNING: untranslated string: wg invalid local subnet = Invalid local subnet +WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed) +WARNING: untranslated string: wg invalid psk = Invalid pre-shared key +WARNING: untranslated string: wg invalid public key = Invalid public key +WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet +WARNING: untranslated string: wg keepalive interval = Keepalive Interval +WARNING: untranslated string: wg name is already used = The name is already in use +WARNING: untranslated string: wg no local subnets = No local subnets given +WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool +WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration +WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers +WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: winbind daemon = Winbind Daemon WARNING: untranslated string: wio = unknown string WARNING: untranslated string: wio checked = unknown string diff --git a/doc/language_issues.en b/doc/language_issues.en index 28eb622a69..1c1c546f7e 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -306,6 +306,7 @@ WARNING: untranslated string: aliases = Aliases WARNING: untranslated string: aliases default interface = - Default Interface - WARNING: untranslated string: aliases not active = Aliases will not be active unless your RED interface is STATIC WARNING: untranslated string: all = All +WARNING: untranslated string: allowed subnets = Allowed Subnets WARNING: untranslated string: alt dialup = Dialup WARNING: untranslated string: alt home = Home WARNING: untranslated string: alt logs = Logs @@ -513,6 +514,7 @@ WARNING: untranslated string: cpu nice usage = Nice CPU Usage WARNING: untranslated string: cpu steal usage = Steal CPU Usage WARNING: untranslated string: cpu system usage = System CPU Usage WARNING: untranslated string: cpu user usage = User CPU Usage +WARNING: untranslated string: create = Create WARNING: untranslated string: credits = Credits WARNING: untranslated string: crl = Certificate Revocation List WARNING: untranslated string: cron server = CRON Server @@ -645,6 +647,7 @@ WARNING: untranslated string: domain name = Domain name WARNING: untranslated string: domain name suffix = Domain name suffix: WARNING: untranslated string: donation = Donation WARNING: untranslated string: donation-text = IPFire is driven and maintained by volunteers in their free time. To keep this project running costs incurred, if you like to support us we would be pleased by a small donation. +WARNING: untranslated string: done = Done WARNING: untranslated string: down and up speed = Enter your Down- and Uplink-Speed
and then press Save. WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: downlink = Downlink @@ -725,6 +728,9 @@ WARNING: untranslated string: enabled on = Enabled on WARNING: untranslated string: encapsulation = Encapsulation WARNING: untranslated string: encryption = Encryption: WARNING: untranslated string: end address = End address: +WARNING: untranslated string: endpoint = Endpoint +WARNING: untranslated string: endpoint address = Endpoint Address +WARNING: untranslated string: endpoint port = Endpoint Port WARNING: untranslated string: enter data = Enter your settings
and then press Save. WARNING: untranslated string: error = Error WARNING: untranslated string: error message = unknown string @@ -961,6 +967,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks: WARNING: untranslated string: fwhost type = Type WARNING: untranslated string: fwhost used = Used WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster. +WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: gateway = Gateway WARNING: untranslated string: gateway ip = Gateway IP WARNING: untranslated string: generate a certificate = Generate a certificate: @@ -1071,6 +1078,7 @@ WARNING: untranslated string: iface = Iface WARNING: untranslated string: ignore filter = Ignore filter WARNING: untranslated string: ike lifetime should be between 1 and 24 hours = IKE lifetime should be between 1 and 24 hours. WARNING: untranslated string: imei = IMEI +WARNING: untranslated string: import connection = Import a Connection WARNING: untranslated string: imsi = IMSI WARNING: untranslated string: include logfiles = Include logfiles WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression @@ -1094,6 +1102,8 @@ WARNING: untranslated string: invalid characters found in pre-shared key = Inval WARNING: untranslated string: invalid default lease time = Invalid default lease time. WARNING: untranslated string: invalid domain name = Invalid domain name. WARNING: untranslated string: invalid end address = Invalid end address. +WARNING: untranslated string: invalid endpoint = Invalid Endpoint +WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address WARNING: untranslated string: invalid fixed ip address = Invalid fixed IP address WARNING: untranslated string: invalid fixed mac address = Invalid fixed MAC address WARNING: untranslated string: invalid hostname = Invalid hostname. @@ -1128,8 +1138,10 @@ WARNING: untranslated string: invalid input for state or province = Invalid inpu WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). WARNING: untranslated string: invalid ip = Invalid IP Address +WARNING: untranslated string: invalid ip address = Invalid IP Address WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: invalid keep time = Keep time must be a valid number +WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval WARNING: untranslated string: invalid key = Invalid key. WARNING: untranslated string: invalid local-remote id = local & remote id must not be equal and begin with a "@" sign. These are leftid and rightid in strongswan terminology. WARNING: untranslated string: invalid logserver address = Invalid syslogd server address @@ -1142,6 +1154,7 @@ WARNING: untranslated string: invalid maximum outgoing size = Invalid maximum ou WARNING: untranslated string: invalid minimum object size = Invalid minimum object size. WARNING: untranslated string: invalid mtu input = Invalid MTU WARNING: untranslated string: invalid netmask = Invalid netmask +WARNING: untranslated string: invalid network = Invalid Network WARNING: untranslated string: invalid port = Invalid port. Must be a valid port number. WARNING: untranslated string: invalid primary dns = Invalid primary DNS. WARNING: untranslated string: invalid primary ntp = Invalid Primary NTP server address @@ -1216,8 +1229,10 @@ WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulatio WARNING: untranslated string: load average = Load Average WARNING: untranslated string: local ip address = Local IP Address WARNING: untranslated string: local ntp server specified but not enabled = Local NTP server specified but not enabled +WARNING: untranslated string: local port = Local Port WARNING: untranslated string: local subnet = Local subnet: WARNING: untranslated string: local subnet is invalid = Local subnet is invalid. +WARNING: untranslated string: local subnets = Local Subnets WARNING: untranslated string: local vpn hostname/ip = Local VPN Hostname/IP WARNING: untranslated string: location = Location WARNING: untranslated string: locationblock = Location Block @@ -1261,6 +1276,9 @@ WARNING: untranslated string: mac1 new = new MAC address 1 (vdsl-inet): WARNING: untranslated string: mac2 new = new MAC address 2 (vdsl-iptv): WARNING: untranslated string: magic packet send to: = Magic packet send to: WARNING: untranslated string: main page = Main page +WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key +WARNING: untranslated string: malformed private key = Malformed Private Key +WARNING: untranslated string: malformed public key = Malformed Public Key WARNING: untranslated string: manage shares = Manage Shares WARNING: untranslated string: manually = Manually WARNING: untranslated string: map to guest = Map to Guest @@ -1447,10 +1465,10 @@ WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant.
Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.

All OpenVPN clients needs then to be renewed!
WARNING: untranslated string: pagerefresh = Page is beeing refreshed, please wait. WARNING: untranslated string: pak update = Update -WARNING: untranslated string: pakfire accept all = Do you want to install all packages? WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: pakfire already busy = Pakfire is already performing a task. Please try again later. WARNING: untranslated string: pakfire available addons = Available Add-ons: +WARNING: untranslated string: pakfire check deps = Checking dependencies... WARNING: untranslated string: pakfire configuration = Pakfire Configuration WARNING: untranslated string: pakfire confirm upgrades = Do you want to install all upgrades? WARNING: untranslated string: pakfire core update level = Core-Update-Level @@ -1458,7 +1476,7 @@ WARNING: untranslated string: pakfire finished = Pakfire has finished! Returning WARNING: untranslated string: pakfire finished error = Pakfire has finished! Errors occurred, please check the log output before proceeding. WARNING: untranslated string: pakfire install = Install WARNING: untranslated string: pakfire install description = Please select one or more add-ons to install. -WARNING: untranslated string: pakfire install package = You want to install the following packages: +WARNING: untranslated string: pakfire install package = Packages to install: WARNING: untranslated string: pakfire installed addons = Installed Add-ons: WARNING: untranslated string: pakfire invalid tree = Invalid repository selected WARNING: untranslated string: pakfire last core list update = Last core list update made @@ -1533,11 +1551,13 @@ WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR WARNING: untranslated string: ptr lookup failed = Reverse lookup failed +WARNING: untranslated string: public key = Public Key WARNING: untranslated string: pulse = Pulse WARNING: untranslated string: pulse dial = Pulse dial: WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: qos graphs = Qos Graphs WARNING: untranslated string: qos warning = The rule must be saved, otherwise it will be discarded! +WARNING: untranslated string: qr code = QR Code WARNING: untranslated string: ram = RAM WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: read bytes = Bytes Read @@ -1562,6 +1582,7 @@ WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is WARNING: untranslated string: release = Release WARNING: untranslated string: remark = Remark WARNING: untranslated string: remark title = Remark: +WARNING: untranslated string: remarks = Remarks WARNING: untranslated string: remote access = Remote access WARNING: untranslated string: remote announce = Remote Announce WARNING: untranslated string: remote browse sync = Remote Browse Sync @@ -1569,6 +1590,7 @@ WARNING: untranslated string: remote host/ip = Remote host/IP WARNING: untranslated string: remote logging = Remote logging WARNING: untranslated string: remote subnet = Remote subnet: WARNING: untranslated string: remote subnet is invalid = Remote subnet is invalid. +WARNING: untranslated string: remote subnets = Remote Subnets WARNING: untranslated string: remove = Remove WARNING: untranslated string: remove ca certificate = Remove CA certificate WARNING: untranslated string: remove x509 = Remove x509 @@ -1584,6 +1606,7 @@ WARNING: untranslated string: retbleed = Retbleed WARNING: untranslated string: reverse sort = Sort in reverse chronological order WARNING: untranslated string: root certificate = Root Certificate WARNING: untranslated string: route config changed = unknown string +WARNING: untranslated string: routing = Routing WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string @@ -2133,6 +2156,35 @@ WARNING: untranslated string: web server = Web Server WARNING: untranslated string: website = Website WARNING: untranslated string: wednesday = Wednesday WARNING: untranslated string: weeks = Weeks +WARNING: untranslated string: wg client pool = Client Pool +WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer +WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer +WARNING: untranslated string: wg dns = DNS +WARNING: untranslated string: wg download configuration file = Download the configuration file +WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer +WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer +WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings +WARNING: untranslated string: wg invalid client dns = Invalid client DNS address +WARNING: untranslated string: wg invalid client pool = Invalid client pool +WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address +WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port +WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535) +WARNING: untranslated string: wg invalid local subnet = Invalid local subnet +WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed) +WARNING: untranslated string: wg invalid psk = Invalid pre-shared key +WARNING: untranslated string: wg invalid public key = Invalid public key +WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet +WARNING: untranslated string: wg keepalive interval = Keepalive Interval +WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select +WARNING: untranslated string: wg name is already used = The name is already in use +WARNING: untranslated string: wg no local subnets = No local subnets given +WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool +WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration +WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers +WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.es b/doc/language_issues.es index 00297e3ec9..cf72374357 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -203,7 +203,6 @@ WARNING: translation string unused: could not open installed updates file WARNING: translation string unused: could not open update information file WARNING: translation string unused: cpu frequency per WARNING: translation string unused: cpu usage per -WARNING: translation string unused: create WARNING: translation string unused: create mask WARNING: translation string unused: create new backup WARNING: translation string unused: cryptographic settings @@ -289,7 +288,6 @@ WARNING: translation string unused: do not log this port list WARNING: translation string unused: domain master WARNING: translation string unused: domain not set WARNING: translation string unused: donation-link -WARNING: translation string unused: done WARNING: translation string unused: dos charset WARNING: translation string unused: download dh parameter WARNING: translation string unused: download new ruleset @@ -686,6 +684,7 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install +WARNING: translation string unused: pakfire accept all WARNING: translation string unused: pakfire core update auto WARNING: translation string unused: pakfire dependencies found WARNING: translation string unused: pakfire health check @@ -1010,15 +1009,20 @@ WARNING: untranslated string: Captive clients = unknown string WARNING: untranslated string: access point name = Access Point Name WARNING: untranslated string: access point name is invalid = Access Point Name is invalid WARNING: untranslated string: access point name is required = Access Point Name is required +WARNING: untranslated string: allowed subnets = Allowed Subnets WARNING: untranslated string: bypassed = Bypassed WARNING: untranslated string: ca name must only contain characters and spaces = unknown string WARNING: untranslated string: cpu frequency = CPU frequency WARNING: untranslated string: data transfer = Data Transfer WARNING: untranslated string: dhcp fixed ip address in dynamic range = Fixed IP Address in dynamic range WARNING: untranslated string: dns servers = DNS Servers +WARNING: untranslated string: done = Done WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: enable disable client = unknown string WARNING: untranslated string: enable disable dyndns = unknown string +WARNING: untranslated string: endpoint = Endpoint +WARNING: untranslated string: endpoint address = Endpoint Address +WARNING: untranslated string: endpoint port = Endpoint Port WARNING: untranslated string: error message = unknown string WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string WARNING: untranslated string: extrahd mounted = Mounted @@ -1028,6 +1032,7 @@ WARNING: untranslated string: extrahd not mounted = Not mounted WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only) WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string WARNING: untranslated string: guardian block ssh brute-force = unknown string @@ -1062,13 +1067,24 @@ WARNING: untranslated string: hostile networks out = To Hostile Networks WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids provider eol = (EOL) WARNING: untranslated string: ids rulesets = Rulesets +WARNING: untranslated string: import connection = Import a Connection WARNING: untranslated string: info messages = unknown string +WARNING: untranslated string: invalid endpoint = Invalid Endpoint +WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address +WARNING: untranslated string: invalid ip address = Invalid IP Address WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname +WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval +WARNING: untranslated string: invalid network = Invalid Network WARNING: untranslated string: ips throughput = Throughput WARNING: untranslated string: last updated = Last Updated WARNING: untranslated string: load average = Load Average +WARNING: untranslated string: local port = Local Port +WARNING: untranslated string: local subnets = Local Subnets WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks +WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key +WARNING: untranslated string: malformed private key = Malformed Private Key +WARNING: untranslated string: malformed public key = Malformed Public Key WARNING: untranslated string: no data = unknown string WARNING: untranslated string: oops something went wrong = Oops, something went wrong... WARNING: untranslated string: openvpn cert expires soon = Expires Soon @@ -1077,11 +1093,16 @@ WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Serv WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark. WARNING: untranslated string: processors = Processors +WARNING: untranslated string: public key = Public Key +WARNING: untranslated string: qr code = QR Code WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. +WARNING: untranslated string: remarks = Remarks +WARNING: untranslated string: remote subnets = Remote Subnets WARNING: untranslated string: route config changed = unknown string +WARNING: untranslated string: routing = Routing WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string @@ -1093,6 +1114,35 @@ WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: total = Total WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client pool = Client Pool +WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer +WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer +WARNING: untranslated string: wg dns = DNS +WARNING: untranslated string: wg download configuration file = Download the configuration file +WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer +WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer +WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings +WARNING: untranslated string: wg invalid client dns = Invalid client DNS address +WARNING: untranslated string: wg invalid client pool = Invalid client pool +WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address +WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port +WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535) +WARNING: untranslated string: wg invalid local subnet = Invalid local subnet +WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed) +WARNING: untranslated string: wg invalid psk = Invalid pre-shared key +WARNING: untranslated string: wg invalid public key = Invalid public key +WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet +WARNING: untranslated string: wg keepalive interval = Keepalive Interval +WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select +WARNING: untranslated string: wg name is already used = The name is already in use +WARNING: untranslated string: wg no local subnets = No local subnets given +WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool +WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration +WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers +WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: wio = unknown string WARNING: untranslated string: wio checked = unknown string diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 2ffa0a8dd3..702911061d 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -206,7 +206,6 @@ WARNING: translation string unused: could not open installed updates file WARNING: translation string unused: could not open update information file WARNING: translation string unused: cpu frequency per WARNING: translation string unused: cpu usage per -WARNING: translation string unused: create WARNING: translation string unused: create mask WARNING: translation string unused: create new backup WARNING: translation string unused: cryptographic settings @@ -286,7 +285,6 @@ WARNING: translation string unused: do not log this port list WARNING: translation string unused: domain master WARNING: translation string unused: domain not set WARNING: translation string unused: donation-link -WARNING: translation string unused: done WARNING: translation string unused: dos charset WARNING: translation string unused: download new ruleset WARNING: translation string unused: driver @@ -661,6 +659,7 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install +WARNING: translation string unused: pakfire accept all WARNING: translation string unused: pakfire core update auto WARNING: translation string unused: pakfire dependencies found WARNING: translation string unused: pakfire health check @@ -975,17 +974,23 @@ WARNING: translation string unused: zoneconf val vlan amount assignment error WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val vlan tag range error WARNING: translation string unused: zoneconf val zoneslave amount error +WARNING: untranslated string: allowed subnets = Allowed Subnets WARNING: untranslated string: bypassed = Bypassed WARNING: untranslated string: ca name must only contain characters and spaces = unknown string WARNING: untranslated string: core notice 3 = available. WARNING: untranslated string: data transfer = Data Transfer +WARNING: untranslated string: done = Done WARNING: untranslated string: enable disable client = unknown string WARNING: untranslated string: enable disable dyndns = unknown string +WARNING: untranslated string: endpoint = Endpoint +WARNING: untranslated string: endpoint address = Endpoint Address +WARNING: untranslated string: endpoint port = Endpoint Port WARNING: untranslated string: error message = unknown string WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only) WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string WARNING: untranslated string: guardian block ssh brute-force = unknown string @@ -1017,15 +1022,31 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids provider eol = (EOL) WARNING: untranslated string: ids rulesets = Rulesets +WARNING: untranslated string: import connection = Import a Connection +WARNING: untranslated string: invalid endpoint = Invalid Endpoint +WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address +WARNING: untranslated string: invalid ip address = Invalid IP Address +WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval +WARNING: untranslated string: invalid network = Invalid Network WARNING: untranslated string: ips throughput = Throughput WARNING: untranslated string: last updated = Last Updated WARNING: untranslated string: load average = Load Average +WARNING: untranslated string: local port = Local Port +WARNING: untranslated string: local subnets = Local Subnets +WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key +WARNING: untranslated string: malformed private key = Malformed Private Key +WARNING: untranslated string: malformed public key = Malformed Public Key WARNING: untranslated string: oops something went wrong = Oops, something went wrong... WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark. WARNING: untranslated string: processors = Processors +WARNING: untranslated string: public key = Public Key +WARNING: untranslated string: qr code = QR Code WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) +WARNING: untranslated string: remarks = Remarks +WARNING: untranslated string: remote subnets = Remote Subnets +WARNING: untranslated string: routing = Routing WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: scanned = Scanned @@ -1033,6 +1054,35 @@ WARNING: untranslated string: system time = System Time (as of last page load) WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: total = Total WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client pool = Client Pool +WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer +WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer +WARNING: untranslated string: wg dns = DNS +WARNING: untranslated string: wg download configuration file = Download the configuration file +WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer +WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer +WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings +WARNING: untranslated string: wg invalid client dns = Invalid client DNS address +WARNING: untranslated string: wg invalid client pool = Invalid client pool +WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address +WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port +WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535) +WARNING: untranslated string: wg invalid local subnet = Invalid local subnet +WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed) +WARNING: untranslated string: wg invalid psk = Invalid pre-shared key +WARNING: untranslated string: wg invalid public key = Invalid public key +WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet +WARNING: untranslated string: wg keepalive interval = Keepalive Interval +WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select +WARNING: untranslated string: wg name is already used = The name is already in use +WARNING: untranslated string: wg no local subnets = No local subnets given +WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool +WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration +WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers +WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: wio = unknown string WARNING: untranslated string: wio checked = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 46f7356373..3d93239afd 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -176,7 +176,6 @@ WARNING: translation string unused: could not open installed updates file WARNING: translation string unused: could not open update information file WARNING: translation string unused: cpu frequency per WARNING: translation string unused: cpu usage per -WARNING: translation string unused: create WARNING: translation string unused: create mask WARNING: translation string unused: create new backup WARNING: translation string unused: current media @@ -254,7 +253,6 @@ WARNING: translation string unused: do not log this port list WARNING: translation string unused: domain master WARNING: translation string unused: domain not set WARNING: translation string unused: donation-link -WARNING: translation string unused: done WARNING: translation string unused: dos charset WARNING: translation string unused: download new ruleset WARNING: translation string unused: driver @@ -615,6 +613,7 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install +WARNING: translation string unused: pakfire accept all WARNING: translation string unused: pakfire core update auto WARNING: translation string unused: pakfire dependencies found WARNING: translation string unused: pakfire health check @@ -973,6 +972,7 @@ WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: aliases default interface = - Default Interface - +WARNING: untranslated string: allowed subnets = Allowed Subnets WARNING: untranslated string: asn lookup failed = AS lookup failed WARNING: untranslated string: autonomous system = Autonomous System WARNING: untranslated string: available = available @@ -1034,6 +1034,7 @@ WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigne WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled WARNING: untranslated string: dnsforward forward_servers = Nameservers +WARNING: untranslated string: done = Done WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: download apple profile = Download Apple Configuration Profile WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.) @@ -1064,6 +1065,9 @@ WARNING: untranslated string: enable disable client = unknown string WARNING: untranslated string: enable disable dyndns = unknown string WARNING: untranslated string: enable otp = Enable OTP WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: endpoint = Endpoint +WARNING: untranslated string: endpoint address = Endpoint Address +WARNING: untranslated string: endpoint port = Endpoint Port WARNING: untranslated string: error = Error WARNING: untranslated string: error message = unknown string WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date! @@ -1099,6 +1103,7 @@ WARNING: untranslated string: fwhost cust locationgroup = Location Groups WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: fwhost newlocationgrp = Location Groups +WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: guaranteed bandwidth = Guaranteed bandwidth WARNING: untranslated string: guardian = Guardian @@ -1171,12 +1176,15 @@ WARNING: untranslated string: ids the choosen provider is already in use = The c WARNING: untranslated string: ids unable to download the ruleset = Unable to download the ruleset WARNING: untranslated string: ids visit provider website = Visit provider website WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully... +WARNING: untranslated string: import connection = Import a Connection WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint +WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout WARNING: untranslated string: invalid input for interface address = Invalid input for interface address WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode @@ -1185,8 +1193,11 @@ WARNING: untranslated string: invalid input for local ip address = Invalid input WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). +WARNING: untranslated string: invalid ip address = Invalid IP Address WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname +WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol +WARNING: untranslated string: invalid network = Invalid Network WARNING: untranslated string: ip basic info = Basic IP information WARNING: untranslated string: ip info for = IP information for WARNING: untranslated string: ipblocklist = IP Address Blocklists @@ -1222,6 +1233,8 @@ WARNING: untranslated string: last updated = Last Updated WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation WARNING: untranslated string: load average = Load Average WARNING: untranslated string: local ip address = Local IP Address +WARNING: untranslated string: local port = Local Port +WARNING: untranslated string: local subnets = Local Subnets WARNING: untranslated string: location = Location WARNING: untranslated string: locationblock = Location Block WARNING: untranslated string: locationblock block countries = Block countries @@ -1233,6 +1246,9 @@ WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hos WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: log server protocol = protocol: +WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key +WARNING: untranslated string: malformed private key = Malformed Private Key +WARNING: untranslated string: malformed public key = Malformed Public Key WARNING: untranslated string: masquerade blue = Masquerade BLUE WARNING: untranslated string: masquerade green = Masquerade GREEN WARNING: untranslated string: masquerade orange = Masquerade ORANGE @@ -1287,6 +1303,8 @@ WARNING: untranslated string: pptp route = PPTP Route WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: processors = Processors WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = Public Key +WARNING: untranslated string: qr code = QR Code WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check @@ -1296,10 +1314,13 @@ WARNING: untranslated string: regenerate host certificate = Renew Host Certifica WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: release = Release +WARNING: untranslated string: remarks = Remarks +WARNING: untranslated string: remote subnets = Remote Subnets WARNING: untranslated string: required = Required WARNING: untranslated string: required field = Required field WARNING: untranslated string: retbleed = Retbleed WARNING: untranslated string: route config changed = unknown string +WARNING: untranslated string: routing = Routing WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string @@ -1379,6 +1400,35 @@ WARNING: untranslated string: vpn weak = Weak WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client pool = Client Pool +WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer +WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer +WARNING: untranslated string: wg dns = DNS +WARNING: untranslated string: wg download configuration file = Download the configuration file +WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer +WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer +WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings +WARNING: untranslated string: wg invalid client dns = Invalid client DNS address +WARNING: untranslated string: wg invalid client pool = Invalid client pool +WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address +WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port +WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535) +WARNING: untranslated string: wg invalid local subnet = Invalid local subnet +WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed) +WARNING: untranslated string: wg invalid psk = Invalid pre-shared key +WARNING: untranslated string: wg invalid public key = Invalid public key +WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet +WARNING: untranslated string: wg keepalive interval = Keepalive Interval +WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select +WARNING: untranslated string: wg name is already used = The name is already in use +WARNING: untranslated string: wg no local subnets = No local subnets given +WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool +WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration +WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers +WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.nl b/doc/language_issues.nl index c1b076dccd..f1090fc337 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -176,7 +176,6 @@ WARNING: translation string unused: could not open installed updates file WARNING: translation string unused: could not open update information file WARNING: translation string unused: cpu frequency per WARNING: translation string unused: cpu usage per -WARNING: translation string unused: create WARNING: translation string unused: create mask WARNING: translation string unused: create new backup WARNING: translation string unused: current media @@ -254,7 +253,6 @@ WARNING: translation string unused: do not log this port list WARNING: translation string unused: domain master WARNING: translation string unused: domain not set WARNING: translation string unused: donation-link -WARNING: translation string unused: done WARNING: translation string unused: dos charset WARNING: translation string unused: download new ruleset WARNING: translation string unused: driver @@ -614,6 +612,7 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install +WARNING: translation string unused: pakfire accept all WARNING: translation string unused: pakfire core update auto WARNING: translation string unused: pakfire dependencies found WARNING: translation string unused: pakfire health check @@ -973,6 +972,7 @@ WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: aliases default interface = - Default Interface - +WARNING: untranslated string: allowed subnets = Allowed Subnets WARNING: untranslated string: asn lookup failed = AS lookup failed WARNING: untranslated string: atm device = Device: WARNING: untranslated string: autonomous system = Autonomous System @@ -1037,6 +1037,7 @@ WARNING: untranslated string: dnsforward forward_servers = Nameservers WARNING: untranslated string: dnssec aware = DNSSEC Aware WARNING: untranslated string: dnssec not supported = DNSSEC Not supported WARNING: untranslated string: dnssec validating = DNSSEC Validating +WARNING: untranslated string: done = Done WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: download apple profile = Download Apple Configuration Profile WARNING: untranslated string: download tls-auth key = Download tls-auth key @@ -1069,6 +1070,9 @@ WARNING: untranslated string: enable disable client = unknown string WARNING: untranslated string: enable disable dyndns = unknown string WARNING: untranslated string: enable otp = Enable OTP WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: endpoint = Endpoint +WARNING: untranslated string: endpoint address = Endpoint Address +WARNING: untranslated string: endpoint port = Endpoint Port WARNING: untranslated string: error = Error WARNING: untranslated string: error message = unknown string WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date! @@ -1105,6 +1109,7 @@ WARNING: untranslated string: fwhost cust locationgroup = Location Groups WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: fwhost newlocationgrp = Location Groups +WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: guardian = Guardian WARNING: untranslated string: guardian block a host = unknown string @@ -1177,6 +1182,7 @@ WARNING: untranslated string: ids unable to download the ruleset = Unable to dow WARNING: untranslated string: ids visit provider website = Visit provider website WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: imei = IMEI +WARNING: untranslated string: import connection = Import a Connection WARNING: untranslated string: imsi = IMSI WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead @@ -1184,6 +1190,8 @@ WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint +WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout WARNING: untranslated string: invalid input for interface address = Invalid input for interface address WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode @@ -1192,8 +1200,11 @@ WARNING: untranslated string: invalid input for local ip address = Invalid input WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). +WARNING: untranslated string: invalid ip address = Invalid IP Address WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname +WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol +WARNING: untranslated string: invalid network = Invalid Network WARNING: untranslated string: ip basic info = Basic IP information WARNING: untranslated string: ip info for = IP information for WARNING: untranslated string: ipblocklist = IP Address Blocklists @@ -1229,6 +1240,8 @@ WARNING: untranslated string: last updated = Last Updated WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation WARNING: untranslated string: load average = Load Average WARNING: untranslated string: local ip address = Local IP Address +WARNING: untranslated string: local port = Local Port +WARNING: untranslated string: local subnets = Local Subnets WARNING: untranslated string: location = Location WARNING: untranslated string: locationblock = Location Block WARNING: untranslated string: locationblock block countries = Block countries @@ -1240,6 +1253,9 @@ WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hos WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: log server protocol = protocol: +WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key +WARNING: untranslated string: malformed private key = Malformed Private Key +WARNING: untranslated string: malformed public key = Malformed Public Key WARNING: untranslated string: masquerade blue = Masquerade BLUE WARNING: untranslated string: masquerade green = Masquerade GREEN WARNING: untranslated string: masquerade orange = Masquerade ORANGE @@ -1310,6 +1326,8 @@ WARNING: untranslated string: pptp route = PPTP Route WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: processors = Processors WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = Public Key +WARNING: untranslated string: qr code = QR Code WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received @@ -1317,10 +1335,13 @@ WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampli WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. +WARNING: untranslated string: remarks = Remarks +WARNING: untranslated string: remote subnets = Remote Subnets WARNING: untranslated string: required = Required WARNING: untranslated string: required field = Required field WARNING: untranslated string: retbleed = Retbleed WARNING: untranslated string: route config changed = unknown string +WARNING: untranslated string: routing = Routing WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string @@ -1400,6 +1421,35 @@ WARNING: untranslated string: vpn weak = Weak WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client pool = Client Pool +WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer +WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer +WARNING: untranslated string: wg dns = DNS +WARNING: untranslated string: wg download configuration file = Download the configuration file +WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer +WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer +WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings +WARNING: untranslated string: wg invalid client dns = Invalid client DNS address +WARNING: untranslated string: wg invalid client pool = Invalid client pool +WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address +WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port +WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535) +WARNING: untranslated string: wg invalid local subnet = Invalid local subnet +WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed) +WARNING: untranslated string: wg invalid psk = Invalid pre-shared key +WARNING: untranslated string: wg invalid public key = Invalid public key +WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet +WARNING: untranslated string: wg keepalive interval = Keepalive Interval +WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select +WARNING: untranslated string: wg name is already used = The name is already in use +WARNING: untranslated string: wg no local subnets = No local subnets given +WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool +WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration +WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers +WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 8bf0fa0dbe..1db36fb67f 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -168,7 +168,6 @@ WARNING: translation string unused: could not open installed updates file WARNING: translation string unused: could not open update information file WARNING: translation string unused: cpu frequency per WARNING: translation string unused: cpu usage per -WARNING: translation string unused: create WARNING: translation string unused: create mask WARNING: translation string unused: create new backup WARNING: translation string unused: current media @@ -242,7 +241,6 @@ WARNING: translation string unused: do not log this port list WARNING: translation string unused: domain master WARNING: translation string unused: domain not set WARNING: translation string unused: donation-link -WARNING: translation string unused: done WARNING: translation string unused: dos charset WARNING: translation string unused: download new ruleset WARNING: translation string unused: driver @@ -539,6 +537,7 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install +WARNING: translation string unused: pakfire accept all WARNING: translation string unused: pakfire core update auto WARNING: translation string unused: pakfire dependencies found WARNING: translation string unused: pakfire health check @@ -896,6 +895,7 @@ WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Pro WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: age second = second WARNING: untranslated string: aliases default interface = - Default Interface - +WARNING: untranslated string: allowed subnets = Allowed Subnets WARNING: untranslated string: asn lookup failed = AS lookup failed WARNING: untranslated string: atm device = Device: WARNING: untranslated string: attention = ATTENTION @@ -1015,6 +1015,7 @@ WARNING: untranslated string: dnsforward zone = Zone WARNING: untranslated string: dnssec aware = DNSSEC Aware WARNING: untranslated string: dnssec not supported = DNSSEC Not supported WARNING: untranslated string: dnssec validating = DNSSEC Validating +WARNING: untranslated string: done = Done WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: downlink = Downlink WARNING: untranslated string: download apple profile = Download Apple Configuration Profile @@ -1055,6 +1056,9 @@ WARNING: untranslated string: enable disable dyndns = unknown string WARNING: untranslated string: enable otp = Enable OTP WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: encryption = Encryption: +WARNING: untranslated string: endpoint = Endpoint +WARNING: untranslated string: endpoint address = Endpoint Address +WARNING: untranslated string: endpoint port = Endpoint Port WARNING: untranslated string: error = Error WARNING: untranslated string: error message = unknown string WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date! @@ -1242,6 +1246,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks: WARNING: untranslated string: fwhost type = Type WARNING: untranslated string: fwhost used = Used WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster. +WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: grouptype = Grouptype: WARNING: untranslated string: guardian = Guardian @@ -1315,6 +1320,7 @@ WARNING: untranslated string: ids unable to download the ruleset = Unable to dow WARNING: untranslated string: ids visit provider website = Visit provider website WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: imei = IMEI +WARNING: untranslated string: import connection = Import a Connection WARNING: untranslated string: imsi = IMSI WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression WARNING: untranslated string: incoming firewall access = Incoming Firewall Access @@ -1324,6 +1330,8 @@ WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: integrity = Integrity: WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint +WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout @@ -1334,8 +1342,11 @@ WARNING: untranslated string: invalid input for local ip address = Invalid input WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). +WARNING: untranslated string: invalid ip address = Invalid IP Address WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname +WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol +WARNING: untranslated string: invalid network = Invalid Network WARNING: untranslated string: ip basic info = Basic IP information WARNING: untranslated string: ip info for = IP information for WARNING: untranslated string: ipblocklist = IP Address Blocklists @@ -1376,6 +1387,8 @@ WARNING: untranslated string: lifetime = Lifetime: WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation WARNING: untranslated string: load average = Load Average WARNING: untranslated string: local ip address = Local IP Address +WARNING: untranslated string: local port = Local Port +WARNING: untranslated string: local subnets = Local Subnets WARNING: untranslated string: location = Location WARNING: untranslated string: locationblock = Location Block WARNING: untranslated string: locationblock block countries = Block countries @@ -1387,6 +1400,9 @@ WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hos WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: log server protocol = protocol: +WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key +WARNING: untranslated string: malformed private key = Malformed Private Key +WARNING: untranslated string: malformed public key = Malformed Public Key WARNING: untranslated string: masquerade blue = Masquerade BLUE WARNING: untranslated string: masquerade green = Masquerade GREEN WARNING: untranslated string: masquerade orange = Masquerade ORANGE @@ -1486,7 +1502,9 @@ WARNING: untranslated string: proxy reports monthly = Monthly reports WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = Public Key WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! +WARNING: untranslated string: qr code = QR Code WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check @@ -1497,10 +1515,13 @@ WARNING: untranslated string: regenerate host certificate = Renew Host Certifica WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: release = Release +WARNING: untranslated string: remarks = Remarks +WARNING: untranslated string: remote subnets = Remote Subnets WARNING: untranslated string: required = Required WARNING: untranslated string: required field = Required field WARNING: untranslated string: retbleed = Retbleed WARNING: untranslated string: route config changed = unknown string +WARNING: untranslated string: routing = Routing WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string @@ -1642,6 +1663,35 @@ WARNING: untranslated string: vpn weak = Weak WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client pool = Client Pool +WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer +WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer +WARNING: untranslated string: wg dns = DNS +WARNING: untranslated string: wg download configuration file = Download the configuration file +WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer +WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer +WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings +WARNING: untranslated string: wg invalid client dns = Invalid client DNS address +WARNING: untranslated string: wg invalid client pool = Invalid client pool +WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address +WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port +WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535) +WARNING: untranslated string: wg invalid local subnet = Invalid local subnet +WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed) +WARNING: untranslated string: wg invalid psk = Invalid pre-shared key +WARNING: untranslated string: wg invalid public key = Invalid public key +WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet +WARNING: untranslated string: wg keepalive interval = Keepalive Interval +WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select +WARNING: untranslated string: wg name is already used = The name is already in use +WARNING: untranslated string: wg no local subnets = No local subnets given +WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool +WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration +WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers +WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.ru b/doc/language_issues.ru index bce016c277..4d29c4f951 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -168,7 +168,6 @@ WARNING: translation string unused: could not open installed updates file WARNING: translation string unused: could not open update information file WARNING: translation string unused: cpu frequency per WARNING: translation string unused: cpu usage per -WARNING: translation string unused: create WARNING: translation string unused: create mask WARNING: translation string unused: create new backup WARNING: translation string unused: current media @@ -240,7 +239,6 @@ WARNING: translation string unused: do not log this port list WARNING: translation string unused: domain master WARNING: translation string unused: domain not set WARNING: translation string unused: donation-link -WARNING: translation string unused: done WARNING: translation string unused: dos charset WARNING: translation string unused: download new ruleset WARNING: translation string unused: driver @@ -534,6 +532,7 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install +WARNING: translation string unused: pakfire accept all WARNING: translation string unused: pakfire core update auto WARNING: translation string unused: pakfire dependencies found WARNING: translation string unused: pakfire health check @@ -891,6 +890,7 @@ WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Pro WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: age second = second WARNING: untranslated string: aliases default interface = - Default Interface - +WARNING: untranslated string: allowed subnets = Allowed Subnets WARNING: untranslated string: asn lookup failed = AS lookup failed WARNING: untranslated string: atm device = Device: WARNING: untranslated string: attention = ATTENTION @@ -1010,6 +1010,7 @@ WARNING: untranslated string: dnsforward zone = Zone WARNING: untranslated string: dnssec aware = DNSSEC Aware WARNING: untranslated string: dnssec not supported = DNSSEC Not supported WARNING: untranslated string: dnssec validating = DNSSEC Validating +WARNING: untranslated string: done = Done WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: downlink = Downlink WARNING: untranslated string: download apple profile = Download Apple Configuration Profile @@ -1050,6 +1051,9 @@ WARNING: untranslated string: enable disable dyndns = unknown string WARNING: untranslated string: enable otp = Enable OTP WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: encryption = Encryption: +WARNING: untranslated string: endpoint = Endpoint +WARNING: untranslated string: endpoint address = Endpoint Address +WARNING: untranslated string: endpoint port = Endpoint Port WARNING: untranslated string: error = Error WARNING: untranslated string: error message = unknown string WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date! @@ -1237,6 +1241,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks: WARNING: untranslated string: fwhost type = Type WARNING: untranslated string: fwhost used = Used WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster. +WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: grouptype = Grouptype: WARNING: untranslated string: guardian = Guardian @@ -1310,6 +1315,7 @@ WARNING: untranslated string: ids unable to download the ruleset = Unable to dow WARNING: untranslated string: ids visit provider website = Visit provider website WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: imei = IMEI +WARNING: untranslated string: import connection = Import a Connection WARNING: untranslated string: imsi = IMSI WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression WARNING: untranslated string: incoming firewall access = Incoming Firewall Access @@ -1320,6 +1326,8 @@ WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: integrity = Integrity: WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint +WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout @@ -1330,8 +1338,11 @@ WARNING: untranslated string: invalid input for local ip address = Invalid input WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). +WARNING: untranslated string: invalid ip address = Invalid IP Address WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname +WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol +WARNING: untranslated string: invalid network = Invalid Network WARNING: untranslated string: ip basic info = Basic IP information WARNING: untranslated string: ip info for = IP information for WARNING: untranslated string: ipblocklist = IP Address Blocklists @@ -1372,6 +1383,8 @@ WARNING: untranslated string: lifetime = Lifetime: WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation WARNING: untranslated string: load average = Load Average WARNING: untranslated string: local ip address = Local IP Address +WARNING: untranslated string: local port = Local Port +WARNING: untranslated string: local subnets = Local Subnets WARNING: untranslated string: location = Location WARNING: untranslated string: locationblock = Location Block WARNING: untranslated string: locationblock block countries = Block countries @@ -1383,6 +1396,9 @@ WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hos WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: log server protocol = protocol: +WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key +WARNING: untranslated string: malformed private key = Malformed Private Key +WARNING: untranslated string: malformed public key = Malformed Public Key WARNING: untranslated string: masquerade blue = Masquerade BLUE WARNING: untranslated string: masquerade green = Masquerade GREEN WARNING: untranslated string: masquerade orange = Masquerade ORANGE @@ -1479,7 +1495,9 @@ WARNING: untranslated string: proxy reports monthly = Monthly reports WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = Public Key WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! +WARNING: untranslated string: qr code = QR Code WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check @@ -1490,10 +1508,13 @@ WARNING: untranslated string: regenerate host certificate = Renew Host Certifica WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: release = Release +WARNING: untranslated string: remarks = Remarks +WARNING: untranslated string: remote subnets = Remote Subnets WARNING: untranslated string: required = Required WARNING: untranslated string: required field = Required field WARNING: untranslated string: retbleed = Retbleed WARNING: untranslated string: route config changed = unknown string +WARNING: untranslated string: routing = Routing WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string @@ -1635,6 +1656,35 @@ WARNING: untranslated string: vpn weak = Weak WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client pool = Client Pool +WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer +WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer +WARNING: untranslated string: wg dns = DNS +WARNING: untranslated string: wg download configuration file = Download the configuration file +WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer +WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer +WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings +WARNING: untranslated string: wg invalid client dns = Invalid client DNS address +WARNING: untranslated string: wg invalid client pool = Invalid client pool +WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address +WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port +WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535) +WARNING: untranslated string: wg invalid local subnet = Invalid local subnet +WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed) +WARNING: untranslated string: wg invalid psk = Invalid pre-shared key +WARNING: untranslated string: wg invalid public key = Invalid public key +WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet +WARNING: untranslated string: wg keepalive interval = Keepalive Interval +WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select +WARNING: untranslated string: wg name is already used = The name is already in use +WARNING: untranslated string: wg no local subnets = No local subnets given +WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool +WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration +WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers +WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 8dc81778d8..2da19f2761 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -198,7 +198,6 @@ WARNING: translation string unused: could not open installed updates file WARNING: translation string unused: could not open update information file WARNING: translation string unused: cpu frequency per WARNING: translation string unused: cpu usage per -WARNING: translation string unused: create WARNING: translation string unused: create mask WARNING: translation string unused: create new backup WARNING: translation string unused: current media @@ -277,7 +276,6 @@ WARNING: translation string unused: do not log this port list WARNING: translation string unused: domain master WARNING: translation string unused: domain not set WARNING: translation string unused: donation-link -WARNING: translation string unused: done WARNING: translation string unused: dos charset WARNING: translation string unused: download new ruleset WARNING: translation string unused: driver @@ -644,6 +642,7 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install +WARNING: translation string unused: pakfire accept all WARNING: translation string unused: pakfire core update auto WARNING: translation string unused: pakfire dependencies found WARNING: translation string unused: pakfire health check @@ -960,6 +959,7 @@ WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: aliases default interface = - Default Interface - +WARNING: untranslated string: allowed subnets = Allowed Subnets WARNING: untranslated string: asn lookup failed = AS lookup failed WARNING: untranslated string: autonomous system = Autonomous System WARNING: untranslated string: available = available @@ -1013,6 +1013,7 @@ WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigne WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled WARNING: untranslated string: dnsforward forward_servers = Nameservers +WARNING: untranslated string: done = Done WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: download apple profile = Download Apple Configuration Profile WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.) @@ -1026,6 +1027,9 @@ WARNING: untranslated string: enable disable client = unknown string WARNING: untranslated string: enable disable dyndns = unknown string WARNING: untranslated string: enable otp = Enable OTP WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: endpoint = Endpoint +WARNING: untranslated string: endpoint address = Endpoint Address +WARNING: untranslated string: endpoint port = Endpoint Port WARNING: untranslated string: error = Error WARNING: untranslated string: error message = unknown string WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date! @@ -1042,6 +1046,7 @@ WARNING: untranslated string: fwdfw all subnets = All subnets WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only) WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string @@ -1112,17 +1117,23 @@ WARNING: untranslated string: ids the choosen provider is already in use = The c WARNING: untranslated string: ids unable to download the ruleset = Unable to download the ruleset WARNING: untranslated string: ids visit provider website = Visit provider website WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully... +WARNING: untranslated string: import connection = Import a Connection WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint +WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address WARNING: untranslated string: invalid input for interface address = Invalid input for interface address WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code +WARNING: untranslated string: invalid ip address = Invalid IP Address WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname +WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval +WARNING: untranslated string: invalid network = Invalid Network WARNING: untranslated string: ip basic info = Basic IP information WARNING: untranslated string: ip info for = IP information for WARNING: untranslated string: ipblocklist = IP Address Blocklists @@ -1158,9 +1169,14 @@ WARNING: untranslated string: last updated = Last Updated WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation WARNING: untranslated string: load average = Load Average WARNING: untranslated string: local ip address = Local IP Address +WARNING: untranslated string: local port = Local Port +WARNING: untranslated string: local subnets = Local Subnets WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking +WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key +WARNING: untranslated string: malformed private key = Malformed Private Key +WARNING: untranslated string: malformed public key = Malformed Public Key WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: mmio stale data = MMIO Stale Data @@ -1197,6 +1213,8 @@ WARNING: untranslated string: please reboot to apply your changes = Please reboo WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: processors = Processors WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = Public Key +WARNING: untranslated string: qr code = QR Code WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received @@ -1205,9 +1223,12 @@ WARNING: untranslated string: regenerate host certificate = Renew Host Certifica WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: release = Release +WARNING: untranslated string: remarks = Remarks +WARNING: untranslated string: remote subnets = Remote Subnets WARNING: untranslated string: required = Required WARNING: untranslated string: retbleed = Retbleed WARNING: untranslated string: route config changed = unknown string +WARNING: untranslated string: routing = Routing WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string @@ -1262,6 +1283,35 @@ WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client pool = Client Pool +WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer +WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer +WARNING: untranslated string: wg dns = DNS +WARNING: untranslated string: wg download configuration file = Download the configuration file +WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer +WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer +WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings +WARNING: untranslated string: wg invalid client dns = Invalid client DNS address +WARNING: untranslated string: wg invalid client pool = Invalid client pool +WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address +WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port +WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535) +WARNING: untranslated string: wg invalid local subnet = Invalid local subnet +WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed) +WARNING: untranslated string: wg invalid psk = Invalid pre-shared key +WARNING: untranslated string: wg invalid public key = Invalid public key +WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet +WARNING: untranslated string: wg keepalive interval = Keepalive Interval +WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select +WARNING: untranslated string: wg name is already used = The name is already in use +WARNING: untranslated string: wg no local subnets = No local subnets given +WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool +WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration +WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers +WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_missings b/doc/language_missings index 58191cfe35..48b98ce74d 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -6,6 +6,7 @@ < access point name is required < advproxy update information < aliases default interface +< allowed subnets < ansi t1.483 < backup archive < backup clear archive @@ -53,12 +54,15 @@ < dhcp server enabled on blue interface < disable < dns could not add server -< done < download apple profile < enable +< endpoint +< endpoint address +< endpoint port < error the to date has to be later than the from date < extrahd because it it outside the allowed mount path < fwdfw syn flood protection +< fwhost wg peers < g.dtm < g.lite < hostile networks in @@ -73,6 +77,7 @@ < ipsec invalid ip address or fqdn for rw endpoint < ipsec roadwarrior endpoint < link-layer encapsulation +< local subnets < log drop hostile in < log drop hostile out < netbios nameserver daemon @@ -85,13 +90,18 @@ < pakfire dependencies found < pakfire no dependencies found < pakfire resolvedeps wait +< public key +< qr code < quick control < random number generator daemon < regenerate host certificate < reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 +< remarks +< remote subnets < required +< routing < samba server role member < samba server role standalone < shaping add options @@ -108,6 +118,38 @@ < user management < vpn configuration main < wg +< wg client configuration file +< wg client pool +< wg create host-to-net peer +< wg create net-to-net peer +< wg create peer +< wg dns +< wg download configuration file +< wg edit host-to-net peer +< wg edit net-to-net peer +< wg edit peer +< wg host to net client settings +< wg invalid client dns +< wg invalid client pool +< wg invalid endpoint address +< wg invalid endpoint port +< wg invalid keepalive interval +< wg invalid local subnet +< wg invalid name +< wg invalid psk +< wg invalid public key +< wg invalid remote subnet +< wg keepalive interval +< wg name is already used +< wg no local subnets +< wg no more free addresses in pool +< wg no remote subnets +< wg peer configuration +< wg peer does not exist +< wg pre-shared key (optional) +< wg rw peers +< wg scan the qr code +< wg warning configuration only shown once < winbind daemon < wireguard < wlanap 802.11w disabled @@ -125,19 +167,25 @@ < access point name is invalid < access point name is required < addon +< allowed subnets < bypassed < ca name must only contain characters or spaces < cpu frequency < data transfer < dhcp fixed ip address in dynamic range < dns servers +< done < downfall gather data sampling +< endpoint +< endpoint address +< endpoint port < extrahd because it it outside the allowed mount path < extrahd mounted < extrahd no mount point given < extrahd not configured < extrahd not mounted < fwdfw syn flood protection +< fwhost wg peers < hardware vulnerabilities < hostile networks in < hostile networks out @@ -145,22 +193,38 @@ < ids provider eol < ids rulesets < ids unsupported provider +< import connection +< invalid endpoint +< invalid endpoint address +< invalid ip address < invalid ip or hostname +< invalid keepalive interval +< invalid network < ips throughput < last updated < load average +< local port +< local subnets < log drop hostile in < log drop hostile out +< malformed preshared key +< malformed private key +< malformed public key < oops something went wrong < openvpn cert expires soon < openvpn cert has expired < ovpn roadwarrior server < password has quotation mark < processors +< public key +< qr code < regenerate host certificate < reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 +< remarks +< remote subnets +< routing < scanned < service boot setting unavailable < spec rstack overflow @@ -170,6 +234,41 @@ < transport mode does not support vti < warning < wg +< wg client configuration file +< wg client pool +< wg create host-to-net peer +< wg create net-to-net peer +< wg create peer +< wg dns +< wg download configuration +< wg download configuration file +< wg edit host-to-net peer +< wg edit net-to-net peer +< wg edit peer +< wg host to net client settings +< wg invalid client dns +< wg invalid client pool +< wg invalid endpoint address +< wg invalid endpoint port +< wg invalid keepalive interval +< wg invalid local subnet +< wg invalid name +< wg invalid psk +< wg invalid public key +< wg invalid remote subnet +< wg keepalive interval +< wg leave empty to automatically select +< wg name is already used +< wg no local subnets +< wg no more free addresses in pool +< wg no remote subnets +< wg peer configuration +< wg peer does not exist +< wg pre-shared key (optional) +< wg rw peers +< wg scan the qr code +< wg show configuration qrcode +< wg warning configuration only shown once < whitelisted < wireguard < wlanap @@ -181,28 +280,50 @@ ############################################################################ # Checking cgi-bin translations for language: fr # ############################################################################ +< allowed subnets < ansi t1.483 < bewan adsl pci st < bewan adsl usb < bypassed < ca name must only contain characters or spaces < data transfer +< done +< endpoint +< endpoint address +< endpoint port < extrahd because it it outside the allowed mount path < fwdfw syn flood protection +< fwhost wg peers < g.dtm < g.lite < hostile networks total < ids provider eol < ids rulesets < ids unsupported provider +< import connection +< invalid endpoint +< invalid endpoint address +< invalid ip address +< invalid keepalive interval +< invalid network < ips throughput < last updated < load average +< local port +< local subnets +< malformed preshared key +< malformed private key +< malformed public key < oops something went wrong < ovpn roadwarrior server < password has quotation mark < processors +< public key +< qr code < reg_file_data_sampling +< remarks +< remote subnets +< routing < scanned < system time < timeformat @@ -210,6 +331,41 @@ < upload fcdsl.o < warning < wg +< wg client configuration file +< wg client pool +< wg create host-to-net peer +< wg create net-to-net peer +< wg create peer +< wg dns +< wg download configuration +< wg download configuration file +< wg edit host-to-net peer +< wg edit net-to-net peer +< wg edit peer +< wg host to net client settings +< wg invalid client dns +< wg invalid client pool +< wg invalid endpoint address +< wg invalid endpoint port +< wg invalid keepalive interval +< wg invalid local subnet +< wg invalid name +< wg invalid psk +< wg invalid public key +< wg invalid remote subnet +< wg keepalive interval +< wg leave empty to automatically select +< wg name is already used +< wg no local subnets +< wg no more free addresses in pool +< wg no remote subnets +< wg peer configuration +< wg peer does not exist +< wg pre-shared key (optional) +< wg rw peers +< wg scan the qr code +< wg show configuration qrcode +< wg warning configuration only shown once < whitelisted < wireguard < wlanap hide ssid @@ -248,6 +404,7 @@ < advproxy wpad title < advproxy wpad view pac < aliases default interface +< allowed subnets < asn lookup failed < autonomous system < available @@ -368,6 +525,7 @@ < dns tls hostname < dns use isp assigned nameservers < dns use protocol for dns queries +< done < downfall gather data sampling < download apple profile < drop hostile @@ -401,6 +559,9 @@ < enable < enable otp < enable smt +< endpoint +< endpoint address +< endpoint port < eol architecture warning < error < error the to date has to be later than the from date @@ -434,6 +595,7 @@ < fwhost cust locationgroup < fwhost cust locationlocation < fwhost newlocationgrp +< fwhost wg peers < fw red < generate ptr < guaranteed bandwidth @@ -482,11 +644,14 @@ < ids unsupported provider < ids visit provider website < ids working +< import connection < incoming compression in bytes per second < incoming overhead in bytes per second < inodes < interface mode < intrusion prevention system +< invalid endpoint +< invalid endpoint address < invalid input for inactivity timeout < invalid input for interface address < invalid input for interface mode @@ -495,8 +660,11 @@ < invalid input for mode < invalid input for subscription code < invalid input for valid till days +< invalid ip address < invalid ip or hostname +< invalid keepalive interval < invalid logserver protocol +< invalid network < ip basic info < ipblocklist < ipblocklist blocklist settings @@ -540,6 +708,8 @@ < link-layer encapsulation < load average < local ip address +< local port +< local subnets < location < locationblock < locationblock block countries @@ -554,6 +724,9 @@ < log drop hostile out < log dropped conntrack invalids < log server protocol +< malformed preshared key +< malformed private key +< malformed public key < masquerade blue < masquerade green < masquerade orange @@ -610,6 +783,8 @@ < processors < processor vulnerability mitigations < ptr +< public key +< qr code < random number generator daemon < rdns < reboot fsck @@ -620,9 +795,12 @@ < reiserfs warning1 < reiserfs warning2 < release +< remarks +< remote subnets < required < required field < retbleed +< routing < runmode < samba join a domain < samba join domain @@ -704,6 +882,41 @@ < warning < Weekly < wg +< wg client configuration file +< wg client pool +< wg create host-to-net peer +< wg create net-to-net peer +< wg create peer +< wg dns +< wg download configuration +< wg download configuration file +< wg edit host-to-net peer +< wg edit net-to-net peer +< wg edit peer +< wg host to net client settings +< wg invalid client dns +< wg invalid client pool +< wg invalid endpoint address +< wg invalid endpoint port +< wg invalid keepalive interval +< wg invalid local subnet +< wg invalid name +< wg invalid psk +< wg invalid public key +< wg invalid remote subnet +< wg keepalive interval +< wg leave empty to automatically select +< wg name is already used +< wg no local subnets +< wg no more free addresses in pool +< wg no remote subnets +< wg peer configuration +< wg peer does not exist +< wg pre-shared key (optional) +< wg rw peers +< wg scan the qr code +< wg show configuration qrcode +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon @@ -792,6 +1005,7 @@ < advproxy wpad title < advproxy wpad view pac < aliases default interface +< allowed subnets < asn lookup failed < atm device < autonomous system @@ -916,6 +1130,7 @@ < dns tls hostname < dns use isp assigned nameservers < dns use protocol for dns queries +< done < downfall gather data sampling < download apple profile < download tls-auth key @@ -951,6 +1166,9 @@ < enable < enable otp < enable smt +< endpoint +< endpoint address +< endpoint port < eol architecture warning < error < error the to date has to be later than the from date @@ -985,6 +1203,7 @@ < fwhost cust locationgroup < fwhost cust locationlocation < fwhost newlocationgrp +< fwhost wg peers < fw red < generate ptr < guardian @@ -1033,12 +1252,15 @@ < ids visit provider website < ids working < imei +< import connection < imsi < incoming compression in bytes per second < incoming overhead in bytes per second < inodes < interface mode < intrusion prevention system +< invalid endpoint +< invalid endpoint address < invalid input for inactivity timeout < invalid input for interface address < invalid input for interface mode @@ -1047,8 +1269,11 @@ < invalid input for mode < invalid input for subscription code < invalid input for valid till days +< invalid ip address < invalid ip or hostname +< invalid keepalive interval < invalid logserver protocol +< invalid network < ip basic info < ipblocklist < ipblocklist blocklist settings @@ -1092,6 +1317,8 @@ < link-layer encapsulation < load average < local ip address +< local port +< local subnets < location < locationblock < locationblock block countries @@ -1106,6 +1333,9 @@ < log drop hostile out < log dropped conntrack invalids < log server protocol +< malformed preshared key +< malformed private key +< malformed public key < masquerade blue < masquerade green < masquerade orange @@ -1181,6 +1411,8 @@ < processors < processor vulnerability mitigations < ptr +< public key +< qr code < random number generator daemon < rdns < rebooting ipfire fsck @@ -1189,9 +1421,12 @@ < reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 +< remarks +< remote subnets < required < required field < retbleed +< routing < runmode < samba join a domain < samba join domain @@ -1274,6 +1509,41 @@ < warning < Weekly < wg +< wg client configuration file +< wg client pool +< wg create host-to-net peer +< wg create net-to-net peer +< wg create peer +< wg dns +< wg download configuration +< wg download configuration file +< wg edit host-to-net peer +< wg edit net-to-net peer +< wg edit peer +< wg host to net client settings +< wg invalid client dns +< wg invalid client pool +< wg invalid endpoint address +< wg invalid endpoint port +< wg invalid keepalive interval +< wg invalid local subnet +< wg invalid name +< wg invalid psk +< wg invalid public key +< wg invalid remote subnet +< wg keepalive interval +< wg leave empty to automatically select +< wg name is already used +< wg no local subnets +< wg no more free addresses in pool +< wg no remote subnets +< wg peer configuration +< wg peer does not exist +< wg pre-shared key (optional) +< wg rw peers +< wg scan the qr code +< wg show configuration qrcode +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon @@ -1374,6 +1644,7 @@ < age sminute < age ssecond < aliases default interface +< allowed subnets < asn lookup failed < atm device < attention @@ -1562,6 +1833,7 @@ < dns tls hostname < dns use isp assigned nameservers < dns use protocol for dns queries +< done < downfall gather data sampling < downlink < download apple profile @@ -1606,6 +1878,9 @@ < enable otp < enable smt < encryption +< endpoint +< endpoint address +< endpoint port < entropy < entropy graphs < eol architecture warning @@ -1831,6 +2106,7 @@ < fwhost type < fwhost used < fwhost welcome +< fwhost wg peers < fwhost wo subnet < fw red < fw rules reload notice @@ -1887,6 +2163,7 @@ < ids visit provider website < ids working < imei +< import connection < imsi < incoming compression in bytes per second < incoming firewall access @@ -1895,6 +2172,8 @@ < integrity < interface mode < intrusion prevention system +< invalid endpoint +< invalid endpoint address < invalid input for dpd delay < invalid input for dpd timeout < invalid input for inactivity timeout @@ -1905,8 +2184,11 @@ < invalid input for mode < invalid input for subscription code < invalid input for valid till days +< invalid ip address < invalid ip or hostname +< invalid keepalive interval < invalid logserver protocol +< invalid network < ip basic info < ipblocklist < ipblocklist blocklist settings @@ -1956,6 +2238,8 @@ < link-layer encapsulation < load average < local ip address +< local port +< local subnets < location < locationblock < locationblock block countries @@ -1971,6 +2255,9 @@ < log dropped conntrack invalids < log server protocol < mac filter +< malformed preshared key +< malformed private key +< malformed public key < masquerade blue < masquerade green < masquerade orange @@ -2089,7 +2376,9 @@ < proxy reports today < proxy reports weekly < ptr +< public key < qos enter bandwidths +< qr code < random number generator daemon < rdns < reboot fsck @@ -2101,9 +2390,12 @@ < reiserfs warning1 < reiserfs warning2 < release +< remarks +< remote subnets < required < required field < retbleed +< routing < runmode < samba join a domain < samba join domain @@ -2260,6 +2552,41 @@ < warning < Weekly < wg +< wg client configuration file +< wg client pool +< wg create host-to-net peer +< wg create net-to-net peer +< wg create peer +< wg dns +< wg download configuration +< wg download configuration file +< wg edit host-to-net peer +< wg edit net-to-net peer +< wg edit peer +< wg host to net client settings +< wg invalid client dns +< wg invalid client pool +< wg invalid endpoint address +< wg invalid endpoint port +< wg invalid keepalive interval +< wg invalid local subnet +< wg invalid name +< wg invalid psk +< wg invalid public key +< wg invalid remote subnet +< wg keepalive interval +< wg leave empty to automatically select +< wg name is already used +< wg no local subnets +< wg no more free addresses in pool +< wg no remote subnets +< wg peer configuration +< wg peer does not exist +< wg pre-shared key (optional) +< wg rw peers +< wg scan the qr code +< wg show configuration qrcode +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon @@ -2392,6 +2719,7 @@ < age sminute < age ssecond < aliases default interface +< allowed subnets < asn lookup failed < atm device < attention @@ -2582,6 +2910,7 @@ < dns tls hostname < dns use isp assigned nameservers < dns use protocol for dns queries +< done < downfall gather data sampling < downlink < download apple profile @@ -2627,6 +2956,9 @@ < enable otp < enable smt < encryption +< endpoint +< endpoint address +< endpoint port < entropy < entropy graphs < eol architecture warning @@ -2853,6 +3185,7 @@ < fwhost type < fwhost used < fwhost welcome +< fwhost wg peers < fwhost wo subnet < fw red < fw rules reload notice @@ -2910,6 +3243,7 @@ < ids visit provider website < ids working < imei +< import connection < imsi < incoming compression in bytes per second < incoming firewall access @@ -2919,6 +3253,8 @@ < integrity < interface mode < intrusion prevention system +< invalid endpoint +< invalid endpoint address < invalid input for dpd delay < invalid input for dpd timeout < invalid input for inactivity timeout @@ -2929,8 +3265,11 @@ < invalid input for mode < invalid input for subscription code < invalid input for valid till days +< invalid ip address < invalid ip or hostname +< invalid keepalive interval < invalid logserver protocol +< invalid network < ip basic info < ipblocklist < ipblocklist blocklist settings @@ -2980,6 +3319,8 @@ < link-layer encapsulation < load average < local ip address +< local port +< local subnets < location < locationblock < locationblock block countries @@ -2995,6 +3336,9 @@ < log dropped conntrack invalids < log server protocol < mac filter +< malformed preshared key +< malformed private key +< malformed public key < masquerade blue < masquerade green < masquerade orange @@ -3111,7 +3455,9 @@ < proxy reports today < proxy reports weekly < ptr +< public key < qos enter bandwidths +< qr code < random number generator daemon < rdns < reboot fsck @@ -3123,9 +3469,12 @@ < reiserfs warning1 < reiserfs warning2 < release +< remarks +< remote subnets < required < required field < retbleed +< routing < runmode < samba join a domain < samba join domain @@ -3283,6 +3632,41 @@ < week-graph < Weekly < wg +< wg client configuration file +< wg client pool +< wg create host-to-net peer +< wg create net-to-net peer +< wg create peer +< wg dns +< wg download configuration +< wg download configuration file +< wg edit host-to-net peer +< wg edit net-to-net peer +< wg edit peer +< wg host to net client settings +< wg invalid client dns +< wg invalid client pool +< wg invalid endpoint address +< wg invalid endpoint port +< wg invalid keepalive interval +< wg invalid local subnet +< wg invalid name +< wg invalid psk +< wg invalid public key +< wg invalid remote subnet +< wg keepalive interval +< wg leave empty to automatically select +< wg name is already used +< wg no local subnets +< wg no more free addresses in pool +< wg no remote subnets +< wg peer configuration +< wg peer does not exist +< wg pre-shared key (optional) +< wg rw peers +< wg scan the qr code +< wg show configuration qrcode +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon @@ -3395,6 +3779,7 @@ < advproxy wpad title < advproxy wpad view pac < aliases default interface +< allowed subnets < asn lookup failed < autonomous system < available @@ -3453,6 +3838,7 @@ < dns tls hostname < dns use isp assigned nameservers < dns use protocol for dns queries +< done < downfall gather data sampling < download apple profile < drop hostile @@ -3465,6 +3851,9 @@ < enable < enable otp < enable smt +< endpoint +< endpoint address +< endpoint port < eol architecture warning < error < error the to date has to be later than the from date @@ -3478,6 +3867,7 @@ < foreshadow < fwdfw all subnets < fwdfw syn flood protection +< fwhost wg peers < fw red < generate ptr < hardware vulnerabilities @@ -3524,16 +3914,22 @@ < ids unsupported provider < ids visit provider website < ids working +< import connection < inodes < interface mode < intrusion prevention system +< invalid endpoint +< invalid endpoint address < invalid input for interface address < invalid input for interface mode < invalid input for interface mtu < invalid input for local ip address < invalid input for mode < invalid input for subscription code +< invalid ip address < invalid ip or hostname +< invalid keepalive interval +< invalid network < ip basic info < ipblocklist < ipblocklist blocklist settings @@ -3577,9 +3973,14 @@ < link-layer encapsulation < load average < local ip address +< local port +< local subnets < log drop hostile in < log drop hostile out < log dropped conntrack invalids +< malformed preshared key +< malformed private key +< malformed public key < meltdown < mitigated < mmio stale data @@ -3616,6 +4017,8 @@ < processors < processor vulnerability mitigations < ptr +< public key +< qr code < random number generator daemon < reboot fsck < rebooting ipfire fsck @@ -3625,8 +4028,11 @@ < reiserfs warning1 < reiserfs warning2 < release +< remarks +< remote subnets < required < retbleed +< routing < runmode < samba server role member < samba server role standalone @@ -3683,6 +4089,41 @@ < warning < Weekly < wg +< wg client configuration file +< wg client pool +< wg create host-to-net peer +< wg create net-to-net peer +< wg create peer +< wg dns +< wg download configuration +< wg download configuration file +< wg edit host-to-net peer +< wg edit net-to-net peer +< wg edit peer +< wg host to net client settings +< wg invalid client dns +< wg invalid client pool +< wg invalid endpoint address +< wg invalid endpoint port +< wg invalid keepalive interval +< wg invalid local subnet +< wg invalid name +< wg invalid psk +< wg invalid public key +< wg invalid remote subnet +< wg keepalive interval +< wg leave empty to automatically select +< wg name is already used +< wg no local subnets +< wg no more free addresses in pool +< wg no remote subnets +< wg peer configuration +< wg peer does not exist +< wg pre-shared key (optional) +< wg rw peers +< wg scan the qr code +< wg show configuration qrcode +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index e87a7fed02..855be095d0 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -33,6 +33,7 @@ no warnings 'uninitialized'; require '/var/ipfire/general-functions.pl'; require '/var/ipfire/network-functions.pl'; +require '/var/ipfire/wireguard-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/location-functions.pl"; @@ -875,8 +876,14 @@ sub checkrule $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr
"; } }else{ + $errormessage .= $sip; + $errormessage .= $scidr; + + $errormessage .= $tip; + $errormessage .= $tcidr; + if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){ - $errormessage.=$Lang::tr{'fwdfw err samesub'}; + $errormessage.=$Lang::tr{'fwdfw err samesub'} . $fwdfwsettings{'grp1'} .$fwdfwsettings{$fwdfwsettings{'grp1'}} . $fwdfwsettings{'grp2'} . $fwdfwsettings{$fwdfwsettings{'grp2'}}; } } } @@ -1178,6 +1185,40 @@ END #End left table. start right table (vpn) print""; + + # WireGuard Peers + if (%Wireguard::peers || $optionsfw{'SHOWDROPDOWN'} eq 'on') { + print < + + + + +EOF + } + # CCD networks if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ print"
+ + + $Lang::tr{'fwhost wg peers'} + +
$Lang::tr{'fwhost ccdnet'}
"; #Inner table right print""; + # WireGuard Peers + if (%Wireguard::peers) { + print < + + + +EOF + } #OVPN networks if (! -z $configccdnet){ print<$c" + } + } + #Check if IP is part of OpenVPN N2N subnet foreach my $key (sort keys %ccdhost){ if ($ccdhost{$key}[3] eq 'net'){ @@ -2979,6 +3022,19 @@ sub getipforgroup &deletefromgrp($name,$configgrp); } + # WireGuard Peers + if ($type eq "wg_peer") { + my $peer = &Wireguard::get_peer_by_name($name); + + if (defined $peer) { + if ($peer->{"TYPE"} eq "host") { + return $peer->{"CLIENT_ADDRESS"}; + } elsif ($peer->{"TYPE"} eq "net") { + return join(", ", @{ $peer->{"REMOTE_SUBNETS"} }); + } + } + } + #get address from ovpn ccd Net-2-Net if ($type eq 'OpenVPN N-2-N'){ foreach my $key (keys %ccdhost) { @@ -3055,6 +3111,9 @@ sub getipforgroup &General::readhash("${General::swroot}/ethernet/settings",\%hash); return $hash{'ORANGE_NETADDRESS'}."/".&Network::convert_netmask2prefix($hash{'ORANGE_NETMASK'}) || $hash{'ORANGE_NETMASK'}; } + if ($name eq "WGRW") { + return $Wireguard::settings{'CLIENT_POOL'}; + } if ($name eq 'ALL'){ return "0.0.0.0/0"; } diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi index 1246760df9..3cd5b15634 100644 --- a/html/cgi-bin/pakfire.cgi +++ b/html/cgi-bin/pakfire.cgi @@ -278,30 +278,127 @@ if (($cgiparams{'ACTION'} eq $Lang::tr{'pakfire install'}) && ($pagemode eq $PM_ &Header::openbox("100%", "center", $Lang::tr{'pakfire install'}); my @pkgs = split(/\|/, $cgiparams{'INSPAKS'}); - my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", @pkgs); + print < +
+ + +
- - - - - - - "; + my $status = ""; my $testcmd = ''; my $exename; @@ -234,7 +234,7 @@ sub isrunningaddon (@) { $status .=""; }else{ $status = ""; - $status .= ""; + $status .= ""; } return $status; } diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi new file mode 100644 index 0000000000..cc79347a62 --- /dev/null +++ b/html/cgi-bin/wireguard.cgi @@ -0,0 +1,1369 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2024 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +use strict; + +# enable only the following on debugging purpose +use warnings; +use CGI::Carp 'fatalsToBrowser'; +use Imager::QRCode; +use MIME::Base64; + +require "/var/ipfire/general-functions.pl"; +require "${General::swroot}/header.pl"; +require "${General::swroot}/location-functions.pl"; +require "${General::swroot}/wireguard-functions.pl"; + +my %cgiparams = (); +my @errormessages = (); + +# Generate keys +&Wireguard::generate_keys(); + +# Fetch CGI parameters +&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); + +# Save on main page +if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) { + my @client_dns = (); + + # Store whether enabled or not + if ($cgiparams{'ENABLED'} =~ m/^(on|off)?$/) { + $Wireguard::settings{'ENABLED'} = $cgiparams{'ENABLED'}; + } + + # Check endpoint + if (&General::validfqdn($cgiparams{'ENDPOINT'}) || &Network::check_ip_address($cgiparams{'ENDPOINT'}) || ($cgiparams{'ENDPOINT'} eq '')) { + $Wireguard::settings{'ENDPOINT'} = $cgiparams{'ENDPOINT'}; + } else { + push(@errormessages, $Lang::tr{'invalid endpoint'}); + } + + # Check port + if (&General::validport($cgiparams{'PORT'})) { + $Wireguard::settings{'PORT'} = $cgiparams{'PORT'}; + } else { + push(@errormessages, $Lang::tr{'invalid port'}); + } + + # Check client pool + if (&Wireguard::pool_is_in_use($Wireguard::settings{'CLIENT_POOL'})) { + # Ignore any changes if the pool is in use + } elsif (&Network::check_subnet($cgiparams{'CLIENT_POOL'})) { + $Wireguard::settings{'CLIENT_POOL'} = $cgiparams{'CLIENT_POOL'}; + } elsif ($cgiparams{'CLIENT_POOL'} ne '') { + push(@errormessages, $Lang::tr{'wg invalid client pool'}); + } + + # Check client DNS + if (defined $cgiparams{'CLIENT_DNS'}) { + @client_dns = split(/,/, $cgiparams{'CLIENT_DNS'}); + + foreach my $dns (@client_dns) { + unless (&Network::check_ip_address($dns)) { + push(@errormessages, "$Lang::tr{'wg invalid client dns'}: ${dns}"); + } + } + + # Store CLIENT_DNS + $Wireguard::settings{'CLIENT_DNS'} = join("|", @client_dns); + } + + # Don't continue on error + goto MAIN if (scalar @errormessages); + + # Store the configuration file + &General::writehash("/var/ipfire/wireguard/settings", \%Wireguard::settings); + + # Start if enabled + if ($Wireguard::settings{'ENABLED'} eq "on") { + &General::system("/usr/local/bin/wireguardctrl", "start"); + } else { + &General::system("/usr/local/bin/wireguardctrl", "stop"); + } + +# Delete an existing peer +} elsif ($cgiparams{"ACTION"} eq $Lang::tr{'remove'}) { + my $key = $cgiparams{'KEY'}; + + # Fail if the peer does not exist + unless (exists $Wireguard::peers{$key}) { + push(@errormessages, $Lang::tr{'wg peer does not exist'}); + goto MAIN; + } + + # Delete the peer + delete($Wireguard::peers{$key}); + + # Store the configuration + &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers); + + # Reload if enabled + if ($Wireguard::settings{'ENABLED'} eq "on") { + &General::system("/usr/local/bin/wireguardctrl", "start"); + } + +# Edit an existing peer +} elsif ($cgiparams{"ACTION"} eq $Lang::tr{'edit'}) { + my $key = $cgiparams{'KEY'}; + + # Fail if the peer does not exist + unless (exists $Wireguard::peers{$key}) { + push(@errormessages, $Lang::tr{'wg peer does not exist'}); + goto MAIN; + } + + # Fetch type + my $type = $Wireguard::peers{$key}[1]; + + my $remote_subnets = &Wireguard::decode_subnets($Wireguard::peers{$key}[8]); + my $local_subnets = &Wireguard::decode_subnets($Wireguard::peers{$key}[10]); + + # Flush CGI parameters & load configuration + %cgiparams = ( + "KEY" => $key, + "ENABLED" => $Wireguard::peers{$key}[0], + "TYPE" => $Wireguard::peers{$key}[1], + "NAME" => $Wireguard::peers{$key}[2], + "PUBLIC_KEY" => $Wireguard::peers{$key}[3], + "PRIVATE_KEY" => $Wireguard::peers{$key}[4], + "PORT" => $Wireguard::peers{$key}[5], + "ENDPOINT_ADDRESS" => $Wireguard::peers{$key}[6], + "ENDPOINT_PORT" => $Wireguard::peers{$key}[7], + "REMOTE_SUBNETS" => join(", ", @$remote_subnets), + "REMARKS" => &MIME::Base64::decode_base64($Wireguard::peers{$key}[9]), + "LOCAL_SUBNETS" => join(", ", @$local_subnets), + "PSK" => $Wireguard::peers{$key}[11], + "KEEPALIVE" => $Wireguard::peers{$key}[12], + ); + + # Jump to the editor + if ($type eq "host") { + goto EDITHOST; + } elsif ($type eq "net") { + goto EDITNET; + } else { + die "Unsupported type: $type"; + } + +} elsif ($cgiparams{"ACTION"} eq "CREATE-PEER-NET") { + my @local_subnets = (); + my @remote_subnets = (); + + # Allocate a new key + my $key = &General::findhasharraykey(\%Wireguard::peers); + + my $name = $cgiparams{"NAME"}; + + # Check if the name is valid + unless (&Wireguard::name_is_valid($name)) { + push(@errormessages, $Lang::tr{'wg invalid name'}); + } + + # Check if the name is free + unless (&Wireguard::name_is_free($name, $key)) { + push(@errormessages, $Lang::tr{'wg name is already used'}); + } + + # Check the endpoint address + if ($cgiparams{'ENDPOINT_ADDRESS'} eq '') { + # The endpoint address may be empty + } elsif (&General::validfqdn($cgiparams{'ENDPOINT_ADDRESS'})) { + # The endpoint is a valid FQDN + } elsif (&Network::check_ip_address($cgiparams{'ENDPOINT_ADDRESS'})) { + # The endpoint is a valid IP address + } else { + push(@errormessages, $Lang::tr{'wg invalid endpoint address'}); + } + + # Check local subnets + if (defined $cgiparams{'LOCAL_SUBNETS'}) { + @local_subnets = split(/,/, $cgiparams{'LOCAL_SUBNETS'}); + + foreach my $subnet (@local_subnets) { + $subnet =~ s/^\s+//g; + $subnet =~ s/\s+$//g; + + unless (&Network::check_subnet($subnet)) { + push(@errormessages, $Lang::tr{'wg invalid local subnet'} . ": ${subnet}"); + } + } + } else { + push(@errormessages, $Lang::tr{'wg no local subnets'}); + } + + # Check remote subnets + if (defined $cgiparams{'REMOTE_SUBNETS'}) { + @remote_subnets = split(/,/, $cgiparams{'REMOTE_SUBNETS'}); + + foreach my $subnet (@remote_subnets) { + $subnet =~ s/^\s+//g; + $subnet =~ s/\s+$//g; + + unless (&Network::check_subnet($subnet)) { + push(@errormessages, $Lang::tr{'wg invalid remote subnet'} . ": ${subnet}"); + } + } + } else { + push(@errormessages, $Lang::tr{'wg no remote subnets'}); + } + + # If there are any errors, we go back to the editor + goto CREATENET if (scalar @errormessages); + + # Generate a new key pair + my $local_private_key = &Wireguard::generate_private_key(); + my $remote_private_key = &Wireguard::generate_private_key(); + + # Derive the public key + my $remote_public_key = &Wireguard::derive_public_key($remote_private_key); + + # Generate a new PSK + my $psk = &Wireguard::generate_private_key(); + + # Generate two new ports + my $local_port = &Wireguard::get_free_port(); + my $remote_port = &Wireguard::get_free_port(); + + # Save the connection + $Wireguard::peers{$key} = [ + # 0 = Enabled + "on", + # 1 = Type + "net", + # 2 = Name + $name, + # 3 = Remote Public Key + $remote_public_key, + # 4 = Local Private Key + $local_private_key, + # 5 = Port + $local_port, + # 6 = Endpoint Address + $cgiparams{"ENDPOINT_ADDRESS"}, + # 7 = Endpoint Port + $remote_port, + # 8 = Remote Subnets + &Wireguard::encode_subnets(@remote_subnets), + # 9 = Remark + &Wireguard::encode_remarks($cgiparams{"REMARKS"}), + # 10 = Local Subnets + &Wireguard::encode_subnets(@local_subnets), + # 11 = PSK + $psk, + # 12 = Keepalive + $Wireguard::DEFAULT_KEEPALIVE, + ]; + + # Store the configuration + &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers); + + # Reload if enabled + if ($Wireguard::settings{'ENABLED'} eq "on") { + &General::system("/usr/local/bin/wireguardctrl", "start"); + } + + # Send HTTP Headers + &Header::showhttpheaders(); + + # Open the page + &Header::openpage($Lang::tr{'wireguard'}, 1, ''); + + # Generate the client configuration + my $config = &Wireguard::generate_peer_configuration($key, $remote_private_key); + + # Encode the configuration as Base64 + $config = &MIME::Base64::encode_base64($config); + + # Open a new box + &Header::openbox('100%', '', "$Lang::tr{'wg peer configuration'}: $name"); + + # Make the filename for files + my $filename = &Header::normalize("${name}.conf"); + + print < +

+ + $Lang::tr{'wg download configuration file'} + +

+ +

+ $Lang::tr{'wg warning configuration only shown once'} +

+ +

+ + + +

+ +END + + &Header::closebox(); + &Header::closepage(); + + exit(0); + +} elsif ($cgiparams{"ACTION"} eq "SAVE-PEER-NET") { + my @local_subnets = (); + my @remote_subnets = (); + + # Fetch or allocate a new key + my $key = $cgiparams{'KEY'}; + + # Load the existing peer + my $peer = &Wireguard::load_peer($key); + + # Check if the name is valid + unless (&Wireguard::name_is_valid($cgiparams{"NAME"})) { + push(@errormessages, $Lang::tr{'wg invalid name'}); + } + + # Check if the name is free + unless (&Wireguard::name_is_free($cgiparams{"NAME"}, $key)) { + push(@errormessages, $Lang::tr{'wg name is already used'}); + } + + # Check the public key + unless (&Wireguard::key_is_valid($cgiparams{'PUBLIC_KEY'})) { + push(@errormessages, $Lang::tr{'wg invalid public key'}); + } + + # Check PSK + if ($cgiparams{'PSK'} eq '') { + # The PSK may be empty + } elsif (!&Wireguard::key_is_valid($cgiparams{'PSK'})) { + push(@errormessages, $Lang::tr{'wg invalid psk'}); + } + + # Select a new random port if none given + if ($cgiparams{'PORT'} eq "") { + $cgiparams{'PORT'} = &Wireguard::get_free_port(); + + # If a port was given we check that it is valid + } elsif (!&General::validport($cgiparams{'PORT'})) { + push(@errormessages, $LANG::tr{'invalid port'}); + } + + # Check the endpoint address + if ($cgiparams{'ENDPOINT_ADDRESS'} eq '') { + # The endpoint address may be empty + } elsif (&General::validfqdn($cgiparams{'ENDPOINT_ADDRESS'})) { + # The endpoint is a valid FQDN + } elsif (&Network::check_ip_address($cgiparams{'ENDPOINT_ADDRESS'})) { + # The endpoint is a valid IP address + } else { + push(@errormessages, $Lang::tr{'wg invalid endpoint address'}); + } + + # Check the endpoint port + unless (&General::validport($cgiparams{'ENDPOINT_PORT'})) { + push(@errormessages, $Lang::tr{'wg invalid endpoint port'}); + } + + # Check keepalive + unless (&Wireguard::keepalive_is_valid($cgiparams{'KEEPALIVE'})) { + push(@errormessages, $Lang::tr{'wg invalid keepalive interval'}); + } + + # Check local subnets + if (defined $cgiparams{'LOCAL_SUBNETS'}) { + @local_subnets = split(/,/, $cgiparams{'LOCAL_SUBNETS'}); + + foreach my $subnet (@local_subnets) { + $subnet =~ s/^\s+//g; + $subnet =~ s/\s+$//g; + + unless (&Network::check_subnet($subnet)) { + push(@errormessages, $Lang::tr{'wg invalid local subnet'} . ": ${subnet}"); + } + } + } else { + push(@errormessages, $Lang::tr{'wg no local subnets'}); + } + + # Check remote subnets + if (defined $cgiparams{'REMOTE_SUBNETS'}) { + @remote_subnets = split(/,/, $cgiparams{'REMOTE_SUBNETS'}); + + foreach my $subnet (@remote_subnets) { + $subnet =~ s/^\s+//g; + $subnet =~ s/\s+$//g; + + unless (&Network::check_subnet($subnet)) { + push(@errormessages, $Lang::tr{'wg invalid remote subnet'} . ": ${subnet}"); + } + } + } else { + push(@errormessages, $Lang::tr{'wg no remote subnets'}); + } + + # If there are any errors, we go back to the editor + goto EDITNET if (scalar @errormessages); + + # Save the connection + $Wireguard::peers{$key} = [ + # 0 = Enabled + "on", + # 1 = Type + "net", + # 2 = Name + $cgiparams{"NAME"}, + # 3 = Public Key + $cgiparams{"PUBLIC_KEY"}, + # 4 = Private Key + $peer->{"PRIVATE_KEY"}, + # 5 = Port + $cgiparams{"PORT"}, + # 6 = Endpoint Address + $cgiparams{"ENDPOINT_ADDRESS"}, + # 7 = Endpoint Port + $cgiparams{"ENDPOINT_PORT"}, + # 8 = Remote Subnets + &Wireguard::encode_subnets(@remote_subnets), + # 9 = Remark + &Wireguard::encode_remarks($cgiparams{"REMARKS"}), + # 10 = Local Subnets + &Wireguard::encode_subnets(@local_subnets), + # 11 = PSK + $cgiparams{"PSK"} || "", + # 12 = Keepalive + $cgiparams{"KEEPALIVE"} || 0, + ]; + + # Store the configuration + &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers); + + # Reload if enabled + if ($Wireguard::settings{'ENABLED'} eq "on") { + &General::system("/usr/local/bin/wireguardctrl", "start"); + } + +} elsif ($cgiparams{"ACTION"} eq "SAVE-PEER-HOST") { + my $private_key; + my @free_addresses = (); + my @local_subnets = (); + + # Fetch or allocate a new key + my $key = $cgiparams{'KEY'} || &General::findhasharraykey(\%Wireguard::peers); + + # Is this a new connection? + my $is_new = !exists $Wireguard::peers{$key}; + + # Check if the name is valid + unless (&Wireguard::name_is_valid($cgiparams{"NAME"})) { + push(@errormessages, $Lang::tr{'wg invalid name'}); + } + + # Check if the name is free + unless (&Wireguard::name_is_free($cgiparams{"NAME"}, $key)) { + push(@errormessages, $Lang::tr{'wg name is already used'}); + } + + # Check local subnets + if (defined $cgiparams{'LOCAL_SUBNETS'}) { + @local_subnets = split(/,/, $cgiparams{'LOCAL_SUBNETS'}); + + foreach my $subnet (@local_subnets) { + $subnet =~ s/^\s+//g; + $subnet =~ s/\s+$//g; + + unless (&Network::check_subnet($subnet)) { + push(@errormessages, $Lang::tr{'wg invalid local subnet'} . ": ${subnet}"); + } + } + } else { + push(@errormessages, $Lang::tr{'wg no local subnets'}); + } + + # Check if we have address space left in the pool + if ($is_new) { + # Fetch the next free address + @free_addresses = &Wireguard::free_pool_addresses($Wireguard::settings{'CLIENT_POOL'}, 1); + + # Fail if we ran out of addresses + if (scalar @free_addresses == 0) { + push(@errormessages, $Lang::tr{'wg no more free addresses in pool'}); + } + } + + # If there are any errors, we go back to the editor + goto EDITHOST if (scalar @errormessages); + + # Generate things for a new peer + if ($is_new) { + # Generate a new private key + $private_key = &Wireguard::generate_private_key(); + + # Derive the public key + $cgiparams{"PUBLIC_KEY"} = &Wireguard::derive_public_key($private_key); + + # Generate a new PSK + $cgiparams{"PSK"} = &Wireguard::generate_private_key(); + + # Fetch a free address from the pool + foreach (@free_addresses) { + $cgiparams{'CLIENT_ADDRESS'} = $_; + last; + } + + # Fetch some configuration parts + } else { + $cgiparams{"PUBLIC_KEY"} = $Wireguard::peers{$key}[3]; + $cgiparams{'CLIENT_ADDRESS'} = $Wireguard::peers{$key}[8]; + $cgiparams{"PSK"} = $Wireguard::peers{$key}[11]; + } + + # Save the connection + $Wireguard::peers{$key} = [ + # 0 = Enabled + "on", + # 1 = Type + "host", + # 2 = Name + $cgiparams{"NAME"}, + # 3 = Public Key + $cgiparams{"PUBLIC_KEY"}, + # 4 = Private Key + "", + # 5 = Port + "", + # 6 = Endpoint Address + "", + # 7 = Endpoint Port + "", + # 8 = Remote Subnets + $cgiparams{'CLIENT_ADDRESS'}, + # 9 = Remark + &Wireguard::encode_remarks($cgiparams{"REMARKS"}), + # 10 = Local Subnets + &Wireguard::encode_subnets(@local_subnets), + # 11 = PSK + $cgiparams{"PSK"}, + # 12 = Keepalive + 0, + ]; + + # Store the configuration + &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers); + + # Reload if enabled + if ($Wireguard::settings{'ENABLED'} eq "on") { + &General::system("/usr/local/bin/wireguardctrl", "start"); + } + + # Show the client configuration when creating a new peer + if ($is_new) { + # Send HTTP Headers + &Header::showhttpheaders(); + + # Open the page + &Header::openpage($Lang::tr{'wireguard'}, 1, ''); + + # Load the peer + my $peer = &Wireguard::load_peer($key); + + # Generate the client configuration + my $config = &Wireguard::generate_peer_configuration($key, $private_key); + + # Create a QR code generator + my $qrgen = Imager::QRCode->new( + size => 6, + margin => 0, + version => 0, + level => 'M', + mode => '8-bit', + casesensitive => 1, + lightcolor => Imager::Color->new(255, 255, 255), + darkcolor => Imager::Color->new(0, 0, 0), + ); + + # The generated QR code + my $qrcode; + + # Encode the configuration + my $img = $qrgen->plot("$config"); + + # Encode the image as PNG + $img->write(data => \$qrcode, type => "png") or die $img->errstr; + + # Encode the image as bas64 + $qrcode = &MIME::Base64::encode_base64($qrcode); + + # Encode the configuration as Base64 + $config = &MIME::Base64::encode_base64($config); + + # Open a new box + &Header::openbox('100%', '', "$Lang::tr{'wg peer configuration'}: $peer->{'NAME'}"); + + # Make the filename for files + my $filename = &Header::normalize($peer->{'NAME'}) . ".conf"; + + print < +

+ $Lang::tr{'qr code'} +

+ +

+ $Lang::tr{'wg scan the qr code'} +

+ +

+ + $Lang::tr{'wg download configuration file'} + +

+ +

+ $Lang::tr{'wg warning configuration only shown once'} +

+ +

+
+ + +

+ +END + + &Header::closebox(); + &Header::closepage(); + + exit(0); + } + +} elsif ($cgiparams{"ACTION"} eq $Lang::tr{'add'}) { + if ($cgiparams{"TYPE"} eq "net") { + goto CREATENET; + + } elsif ($cgiparams{"TYPE"} eq "host") { + goto CREATEHOST; + + } elsif ($cgiparams{"TYPE"} eq "import") { + # Parse the configuration file + (%cgiparams, @errormessages) = &Wireguard::parse_configuration($cgiparams{'FH'}); + + # We basically don't support importing RW connections, so we always + # need to go and show the N2N editor. + goto EDITNET; + + # Ask the user what type they want + } else { + goto ADD; + } + +# Toggle Enable/Disable +} elsif ($cgiparams{'ACTION'} eq 'TOGGLE-ENABLE-DISABLE') { + my $key = $cgiparams{'KEY'} || 0; + + if (exists $Wireguard::peers{$key}) { + if ($Wireguard::peers{$key}[0] eq "on") { + $Wireguard::peers{$key}[0] = "off"; + } else { + $Wireguard::peers{$key}[0] = "on"; + } + } + + # Store the configuration + &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers); + + # Reload if enabled + if ($Wireguard::settings{'ENABLED'} eq "on") { + &General::system("/usr/local/bin/wireguardctrl", "start"); + } +} + +# The main page starts here +MAIN: + # Send HTTP Headers + &Header::showhttpheaders(); + + # Open the page + &Header::openpage($Lang::tr{'wireguard'}, 1, ''); + + # Show any error messages + &Header::errorbox(@errormessages); + + # Open a box for Global Settings + &Header::openbox('100%', '', $Lang::tr{'global settings'}); + + my %checked = ( + "ENABLED" => ($Wireguard::settings{'ENABLED'} eq "on") ? "checked" : "", + ); + + my %readonly = ( + "CLIENT_POOL" => (&Wireguard::pool_is_in_use($Wireguard::settings{'CLIENT_POOL'}) ? "readonly" : ""), + ); + + my $client_dns = $Wireguard::settings{'CLIENT_DNS'} =~ s/\|/, /gr; + + print < +
-

$Lang::tr{'pakfire install package'} @{pkgs}
$Lang::tr{'pakfire possible dependency'}

+ $Lang::tr{'pakfire install package'} +END + + foreach (my $i = 0; $i < $#pkgs; $i++) + { + print "$pkgs[$i], "; + } + print "$pkgs[$#pkgs]"; + + print < +

$Lang::tr{'pakfire check deps'} 
 END
-	foreach (@output) {
-		$_ =~ s/\\[[0-1]\;[0-9]+m//g;
-		print "$_\n";
+
+	# get dependencies from pakfire resolvedeps output
+	my @pkgs_deps;
+	my @errors;
+	my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", @pkgs);
+	foreach (@output)
+	{
+		if ($_ =~ /install/)
+		{
+			(my $package) = $_ =~ /.+:\s(.+):\s.+:\s.+/;
+			(my $dependency) = $_ =~ /.+:\s.+:\s.+:\s(.+)/;
+			push @pkgs_deps, "$package:$dependency";
+		}
+		if ($_ =~ /ERROR/)
+		{
+			push @errors, $_;
+		}
+	}
+
+	if (@errors)
+	{
+		chomp @errors;
+		print "\nErrors occurred:\n";
+		foreach (@errors)
+		{
+			print "$_\n";
+		}
+	}
+
+	# get dependencies from metafiles
+	my $instdir = "/opt/pakfire/db/installed";
+	my @inst_deps = deps_from_metafiles($instdir);
+	my $metadir = "/opt/pakfire/db/meta";
+	my @meta_deps = deps_from_metafiles($metadir);
+
+	my @all_deps = @inst_deps;
+	push @all_deps, @meta_deps;
+
+	my %dedupe;
+	@all_deps = grep { ! $dedupe{ $_ }++ } @all_deps;
+
+	# build dependencies tree
+	my @search = @pkgs_deps;
+	my @pkgs_deps_tree;
+	my @temp;
+	do
+	{
+		@temp = ();
+		foreach my $i (@search)
+		{
+			(my $child) = $i =~ /.+:(.+)/;
+			foreach my $j (@all_deps)
+			{
+				(my $all_deps_parent) = $j =~ /(.+):.+/;
+				(my $all_deps_child) = $j =~ /.+:(.+)/;
+				if ( $child eq $all_deps_parent )
+				{
+					push @temp, "$i:$all_deps_child";
+				}
+			}
+		}
+		push @pkgs_deps_tree, @temp;
+		@search = @temp;
+	} until ( ! (@search));
+
+	push @pkgs_deps, @pkgs_deps_tree;
+
+	@pkgs_deps = sort @pkgs_deps;
+
+	my @installed = get_package_names($instdir);
+
+	# display dependencies
+	print "\nPackage dependencies:\n";
+	foreach my $i (@pkgs)
+	{
+		print "\n  Package:  $i\n";
+		if (grep (/^$i/, @pkgs_deps))
+		{
+			foreach my $j (@pkgs_deps)
+			{
+				if (grep (/$i/, $j))
+				{
+					(my $child) = $j =~ /.+:(.+)/;
+					if (grep (/$child/, @installed))
+					{
+						print "            " . (arrow_format($j)) . " (already installed)\n";
+					} else {
+						print "            " . (arrow_format($j)) . "\n";
+					}
+				}
+			}
+		} else {
+			print "            No dependencies found.\n";
+		}
 	}
+
 	print <
$Lang::tr{'pakfire accept all'}
 
+
@@ -638,3 +735,71 @@ sub _http_pagemode_redirect { $pagemode = $mode; } } + +# search package metafiles in $dir and return array of +# dependencies in parent:child format +sub deps_from_metafiles +{ + my $dir = $_[0]; + my @packages = (); + my @temp = (); + my @found_deps = (); + my @files = glob("$dir/meta-*"); + + foreach (@files) + { + (my $pak) = $_ =~ /.+\/meta\-([\w\-]+)$/; + push @packages, $pak; + } + + foreach my $i (@packages) + { + open(META, "<", "$dir/meta-$i") or die "Cannot open file meta-$i: $!"; + my @data = ; + close(META); + + my $line = ''; + foreach (@data) + { + $line = $_; + last if (grep(/Dependencies:/, $line)); + } + + chomp $line; + @temp = split(' ', $line); + @temp = grep {$_ ne 'Dependencies:'} @temp; + foreach (@temp) + { + push @found_deps, "$i:$_"; + } + } + return @found_deps; +} + +# return package names from a metafile directory +sub get_package_names +{ + my $dir = $_[0]; + my @files = (); + my @temp = glob("$dir/meta-*"); + foreach (@temp) + { + (my $name) = $_ =~ /.+\/meta\-([\w\-]+)$/; + push @files, $name; + } + return @files; +} + +# convert a string in 'parent:child:child...' format to +# 'parent -> child -> child -> ...' format +sub arrow_format +{ + my $line = ''; + my @items = split(/:/, $_[0]); + foreach my $i (@items) + { + $line = $line . "$i -> "; + } + $line = substr($line, 0, -4); + return $line; +} diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi index 43babf5229..462b6bfa1a 100644 --- a/html/cgi-bin/services.cgi +++ b/html/cgi-bin/services.cgi @@ -205,7 +205,7 @@ sub isautorun (@) { sub isrunningaddon (@) { my ($pak, $service) = @_; - my $status = "
$Lang::tr{'stopped'}$Lang::tr{'stopped'}$memory$Lang::tr{$Lang::tr{'stopped'}$Lang::tr{'stopped'}
+ + + + + + + + + + + + + + +
$Lang::tr{'enabled'} + +
$Lang::tr{'endpoint'} + +
$Lang::tr{'port'} + +
+ +
$Lang::tr{'wg host to net client settings'}
+ + + + + + + + + + + + + + + +
$Lang::tr{'wg client pool'} + +
$Lang::tr{'wg dns'} + +
+ +
+ +END + &Header::closebox(); + + # Show a list with all peers + &Header::opensection(); + + if (%Wireguard::peers) { + print < + + + $Lang::tr{'name'} + + + + $Lang::tr{'remark'} + + + + $Lang::tr{'status'} + + + + $Lang::tr{'action'} + + +END + + # Dump all RW peers + my %DUMP = &Wireguard::dump("wg0"); + + # Iterate through all peers... + foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) { + my $enabled = $Wireguard::peers{$key}[0]; + my $type = $Wireguard::peers{$key}[1]; + my $name = $Wireguard::peers{$key}[2]; + my $pubkey = $Wireguard::peers{$key}[3]; + #my $privkey = $Wireguard::peers{$key}[4] + #my $port = $Wireguard::peers{$key}[5]; + my $endpoint = $Wireguard::peers{$key}[6]; + #my $endpport = $Wireguard::peers{$key}[7]; + my $routes = $Wireguard::peers{$key}[8]; + my $remarks = &Wireguard::decode_remarks($Wireguard::peers{$key}[9]); + + my $connected = $Lang::tr{'capsclosed'}; + my $country = "ZZ"; + my $location = ""; + + my $gif = ($enabled eq "on") ? "on.gif" : "off.gif"; + my @status = ("status"); + + # Fetch the dump + my %dump = ($type eq "net") ? &Wireguard::dump("wg$key") : %DUMP; + + # Fetch the status of the peer (if possible) + my $status = $dump{$pubkey} || (); + + # Fetch the actual endpoint + my ($actual_endpoint, $actual_port) = split(/:/, $status->{"endpoint"}, 2); + + # WireGuard performs a handshake very two minutes, so we should be considered online then + my $is_connected = (time - $status->{"latest-handshake"}) <= 120; + + # We are connected! + if ($is_connected) { + push(@status, "is-connected"); + + $connected = $Lang::tr{'capsopen'}; + + # If we have an endpoint lets lookup the country + if ($actual_endpoint) { + $country = &Location::Functions::lookup_country_code($actual_endpoint); + + # If we found a country, let's show it + if ($country) { + my $icon = &Location::Functions::get_flag_icon($country); + + $location = < + $country + +EOF + } + } + + # We are not connected... + } else { + push(@status, "is-disconnected"); + } + + # Escape remarks + if ($remarks) { + $remarks = &Header::escape($remarks); + } + + print < + + $name + + + + $remarks + +END + + if ($location) { + print < + $connected + + + + $location + +END + } else { + print < + $connected + +END + } + + print < +
+ + + +
+ + + +
+ + + +
+ + + +
+ + + +
+ + +END + } + + print""; + } + + # Show controls + print < + + +
+ +
+ + + +END + + &Header::closesection(); + &Header::closepage(); + + exit(0); + +ADD: + # Send HTTP Headers + &Header::showhttpheaders(); + + # Open the page + &Header::openpage($Lang::tr{'wireguard'}, 1, ''); + + # Show any error messages + &Header::errorbox(@errormessages); + + # Open a new box + &Header::openbox('100%', '', $Lang::tr{'connection type'}); + + my %disabled = ( + "host" => "", + ); + + # If there is no CLIENT_POOL configured, we disable the option + if ($Wireguard::settings{'CLIENT_POOL'} eq "") { + $disabled{"host"} = "disabled"; + + # If the client pool is out of addresses, we do the same + } else { + my @free_addresses = &Wireguard::free_pool_addresses($Wireguard::settings{'CLIENT_POOL'}, 1); + + if (scalar @free_addresses == 0) { + $disabled{"host"} = "disabled"; + } + } + + print < +
    +
  • + +
    • + +
  • + +
    • + +
  • + + + +
    • +
+ + + + + +
+ +
+ +END + + &Header::closebox(); + &Header::closepage(); + + exit(0); + +CREATENET: + # Send HTTP Headers + &Header::showhttpheaders(); + + # Open the page + &Header::openpage($Lang::tr{'wireguard'}, 1, ''); + + # Show any error messages + &Header::errorbox(@errormessages); + + # Open a new box + &Header::openbox('100%', '', $Lang::tr{'wg create net-to-net peer'}); + + # Set defaults + &General::set_defaults(\%cgiparams, { + "LOCAL_SUBNETS" => + $Network::ethernet{"GREEN_NETADDRESS"} + . "/" . $Network::ethernet{"GREEN_NETMASK"}, + }); + + print < + + + + + + + + + + + + + + +
+ $Lang::tr{'name'} + + +
+ $Lang::tr{'remarks'} + + +
+ +
$Lang::tr{'endpoint'}
+ + + + + + + +
+ $Lang::tr{'endpoint address'} + + +
+ +
$Lang::tr{'routing'}
+ + + + + + + + + + + + + + + + + +
+ $Lang::tr{'local subnets'} + + +
+ $Lang::tr{'remote subnets'} + + +
+ +
+ +END + + &Header::closebox(); + &Header::closepage(); + + exit(0); + +EDITNET: + # Send HTTP Headers + &Header::showhttpheaders(); + + # Open the page + &Header::openpage($Lang::tr{'wireguard'}, 1, ''); + + # Show any error messages + &Header::errorbox(@errormessages); + + # Fetch the key + my $key = $cgiparams{'KEY'}; + + # Open a new box + &Header::openbox('100%', '', $Lang::tr{'wg edit net-to-net peer'}); + + # Derive our own public key + my $public_key = &Wireguard::derive_public_key($cgiparams{'PRIVATE_KEY'}); + + print < + + + + + + + + + + + + + + + + + + + + + +
+ $Lang::tr{'name'} + + +
+ $Lang::tr{'remarks'} + + +
+ $Lang::tr{'public key'} + + +
+ +
$Lang::tr{'endpoint'}
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ $Lang::tr{'endpoint address'} + + +
+ $Lang::tr{'endpoint port'} + + +
+ $Lang::tr{'local port'} + + +
$Lang::tr{'public key'} + +
$Lang::tr{'wg pre-shared key (optional)'} + +
+ $Lang::tr{'wg keepalive interval'} + + +
+ +
$Lang::tr{'routing'}
+ + + + + + + + + + + + + + + + + +
+ $Lang::tr{'local subnets'} + + +
+ $Lang::tr{'remote subnets'} + + +
+ +
+ +END + + &Header::closebox(); + &Header::closepage(); + + exit(0); + +CREATEHOST: +EDITHOST: + # Send HTTP Headers + &Header::showhttpheaders(); + + # Open the page + &Header::openpage($Lang::tr{'wireguard'}, 1, ''); + + # Show any error messages + &Header::errorbox(@errormessages); + + # Fetch the key + my $key = $cgiparams{'KEY'}; + + # Open a new box + &Header::openbox('100%', '', + (defined $key) ? $Lang::tr{'wg edit host-to-net peer'} : $Lang::tr{'wg create host-to-net peer'}); + + # Set defaults + unless (defined $key) { + &General::set_defaults(\%cgiparams, { + "LOCAL_SUBNETS" => + $Network::ethernet{"GREEN_NETADDRESS"} + . "/" . $Network::ethernet{"GREEN_NETMASK"}, + }); + } + + print < + + + + + + + + + + + + + + + +
+ $Lang::tr{'name'} + + +
+ $Lang::tr{'remarks'} + + +
+ +
$Lang::tr{'routing'}
+ + + + + + + + + + + +
+ $Lang::tr{'allowed subnets'} + + +
+ +
+END + + &Header::closebox(); + &Header::closepage(); + + exit(0); diff --git a/html/html/themes/ipfire/include/css/style.css b/html/html/themes/ipfire/include/css/style.css index 56e6f26dff..c598893261 100644 --- a/html/html/themes/ipfire/include/css/style.css +++ b/html/html/themes/ipfire/include/css/style.css @@ -155,6 +155,13 @@ iframe { text-align: right; } +/* + Text Colors +*/ +.text-error { + color: var(--color-red); +} + /* Header */ #header { @@ -490,7 +497,9 @@ table.form tr.action td form { .tbl .status.is-stopped, .tbl .status.is-disconnected { background-color: var(--color-red); color: var(--color-red-invert); +} +.tbl .status.is-fixed { width: 33%; } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 44e327ef04..3ce02b657a 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -887,6 +887,7 @@ 'donation' => 'Spenden', 'donation-link' => 'https://www.paypal.com/de_DE/DE/i/btn/btn_donateCC_LG.gif', 'donation-text' => 'IPFire wird von Freiwilligen in ihrer Freizeit betreut und weiterentwickelt. Um dieses Projekt am Leben zu erhalten, entstehen uns natürlich auch Kosten. Wenn Sie uns unterstützen wollen, würden wir uns über eine kleine Spende sehr freuen.', +'done' => 'Fertig', 'dos charset' => 'DOS-Zeichensatz', 'down and up speed' => 'Geben Sie bitte hier ihre Download- bzw. Upload-Geschwindigkeit ein
und klicken Sie danach auf Speichern.', 'downfall gather data sampling' => 'Downfall/Gather Data Sampling', @@ -1430,6 +1431,7 @@ 'ike lifetime should be between 1 and 24 hours' => 'IKE Lebensdauer sollte zwischen 1 und 24 Stunden betragen.', 'imei' => 'IMEI', 'import' => 'Import', +'import connection' => 'Eine Verbindung importieren', 'importkey' => 'PSK importieren', 'imsi' => 'IMSI', 'in' => 'Ein', @@ -1470,6 +1472,8 @@ 'invalid domain name' => 'Ungültiger Domainname.', 'invalid downlink speed' => 'Ungültige Downlink-Gerschwindigkeit.', 'invalid end address' => 'Ungültige Endadresse.', +'invalid endpoint' => 'Ungültige Gegenstelle', +'invalid endpoint address' => 'Ungültige Endpoint-Adresse', 'invalid fixed ip address' => 'Ungültige feste IP-Adresse', 'invalid fixed mac address' => 'Ungültige feste MAC-Adresse', 'invalid hostname' => 'Ungültiger Hostname.', @@ -1504,8 +1508,10 @@ 'invalid input for state or province' => 'Ungültige Eingabe für Bundesstaat oder Provinz.', 'invalid input for valid till days' => 'Ungültige Eingabe für Gültig bis (Tage).', 'invalid ip' => 'Ungültige IP-Adresse', +'invalid ip address' => 'Ungültige IP-Adresse', 'invalid ip or hostname' => 'Ungültige IP-Addresse oder Hostname', 'invalid keep time' => 'Die Aufbewahrungszeit muss eine gültige Zahl sein', +'invalid keepalive interval' => 'Ungültiges Keepalive-Interval', 'invalid key' => 'Ungültiger Schlüssel.', 'invalid loaded file' => 'Ungültige geladene Datei', 'invalid local-remote id' => 'Local-Id und Remote-Id dürfen nicht gleich sein, und müssen einem "@"-Zeichen beginnen (in der strongSwan-Terminologie handelt es sich dabei um leftid und rightid).', @@ -1520,6 +1526,7 @@ 'invalid minimum object size' => 'Ungültige min. Objektgröße.', 'invalid mtu input' => 'Ungültige MTU', 'invalid netmask' => 'Ungültige Netzwerkmaske', +'invalid network' => 'Ungültiges Netzwerk', 'invalid port' => 'Ungültiger Port. Bitte gültige Portnummer eingeben.', 'invalid port list' => 'Portlisten-Syntax lautet: port[,port]... wobei port in /etc/services enthalten ist, alternativ Portnummer', 'invalid primary dns' => 'Ungültiger primärer DNS.', @@ -1623,6 +1630,7 @@ 'local ip address' => 'Lokale IP-Adresse', 'local master' => 'Local Master', 'local ntp server specified but not enabled' => 'Lokaler NTP-Server angegeben aber nicht aktiviert', +'local port' => 'Lokaler Port', 'local subnet' => 'Lokales Subnetz:', 'local subnet is invalid' => 'Lokales Subnetz ist ungültig.', 'local vpn hostname/ip' => 'Lokaler VPN Hostname/IP', @@ -1692,6 +1700,9 @@ 'mailmethod' => 'Mail Methode', 'mailprogramm' => 'Mail Programm', 'main page' => 'Startseite', +'malformed preshared key' => 'Ungültiger Pre-Shared Key', +'malformed private key' => 'Ungültiger privater Schlüssel', +'malformed public key' => 'Ungültiger öffentlicher Schlüssel', 'manage ovpn' => '5. Tunnel Management', 'manage printers' => 'Drucker verwalten', 'manage shares' => 'Freigaben verwalten', @@ -2010,6 +2021,7 @@ 'pakfire ago' => 'her.', 'pakfire already busy' => 'Pakfire führt bereits eine Aufgabe aus. Bitte versuchen Sie es später erneut.', 'pakfire available addons' => 'Verfügbare Add-ons:', +'pakfire check deps' => 'Überprüfung der Abhängigkeiten...', 'pakfire configuration' => 'Pakfire Konfiguration', 'pakfire confirm upgrades' => 'Möchten Sie alle Upgrades installieren?', 'pakfire core update auto' => 'Core- und Add-on-Updates automatisch installieren:', @@ -2020,7 +2032,7 @@ 'pakfire health check' => 'Mirrors auf Erreichbarkeit prüfen (Ping):', 'pakfire install' => 'Installieren', 'pakfire install description' => 'Bitte wählen Sie ein oder mehrere Add-Ons zur Installation aus.', -'pakfire install package' => 'Sie möchten folgende Pakete installieren: ', +'pakfire install package' => 'Zu installierende Pakete:', 'pakfire installed addons' => 'Installierte Add-ons:', 'pakfire invalid tree' => '', 'pakfire last core list update' => 'Letztes Corelisten Update ist', @@ -2944,6 +2956,9 @@ 'week-graph' => 'Woche', 'weekly firewallhits' => 'wöchentliche Firewalltreffer', 'weeks' => 'Wochen', +'wg download configuration' => 'Konfiguration herunterladen', +'wg leave empty to automatically select' => 'Leer lassen für automatische Wahl', +'wg show configuration qrcode' => 'Konfigurations-QR-Code anzeigen', 'whitelisted' => 'Ausgenommen', 'whois results from' => 'WHOIS-Ergebnisse von', 'wildcards' => 'Wildcards', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index bf7ea0c3b4..3e647e6e53 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -433,6 +433,7 @@ 'all services' => 'All Services', 'all updates installed' => 'All updates installed', 'allmsg' => 'show all', +'allowed subnets' => 'Allowed Subnets', 'alt dialup' => 'Dialup', 'alt home' => 'Home', 'alt information' => 'Information', @@ -931,7 +932,7 @@ 'donation' => 'Donation', 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif', 'donation-text' => 'IPFire is driven and maintained by volunteers in their free time. To keep this project running costs incurred, if you like to support us we would be pleased by a small donation.', -'done' => 'Do it', +'done' => 'Done', 'dos charset' => 'DOS Charset', 'down and up speed' => 'Enter your Down- and Uplink-Speed
and then press Save.', 'downfall gather data sampling' => 'Downfall/Gather Data Sampling', @@ -1036,6 +1037,9 @@ 'encrypted' => 'Encrypted', 'encryption' => 'Encryption:', 'end address' => 'End address:', +'endpoint' => 'Endpoint', +'endpoint address' => 'Endpoint Address', +'endpoint port' => 'Endpoint Port', 'enter ack class' => 'Enter the ACK- Class
and then press Save.', 'enter data' => 'Enter your settings
and then press Save.', 'entropy' => 'Entropy', @@ -1361,6 +1365,7 @@ 'fwhost type' => 'Type', 'fwhost used' => 'Used', 'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.', +'fwhost wg peers' => 'WireGuard Peers', 'fwhost wo subnet' => '(without subnet)', 'g.dtm' => 'TO BE REMOVED', 'g.lite' => 'TO BE REMOVED', @@ -1485,6 +1490,7 @@ 'ike lifetime should be between 1 and 24 hours' => 'IKE lifetime should be between 1 and 24 hours.', 'imei' => 'IMEI', 'import' => 'Import', +'import connection' => 'Import a Connection', 'importkey' => 'Import PSK', 'imsi' => 'IMSI', 'in' => 'In', @@ -1525,6 +1531,8 @@ 'invalid domain name' => 'Invalid domain name.', 'invalid downlink speed' => 'Invalid downlink speed.', 'invalid end address' => 'Invalid end address.', +'invalid endpoint' => 'Invalid Endpoint', +'invalid endpoint address' => 'Invalid Endpoint Address', 'invalid fixed ip address' => 'Invalid fixed IP address', 'invalid fixed mac address' => 'Invalid fixed MAC address', 'invalid hostname' => 'Invalid hostname.', @@ -1559,8 +1567,10 @@ 'invalid input for subscription code' => 'Invalid input for subscription code', 'invalid input for valid till days' => 'Invalid input for Valid till (days).', 'invalid ip' => 'Invalid IP Address', +'invalid ip address' => 'Invalid IP Address', 'invalid ip or hostname' => 'Invalid IP Address or Hostname', 'invalid keep time' => 'Keep time must be a valid number', +'invalid keepalive interval' => 'Invalid Keepalive Interval', 'invalid key' => 'Invalid key.', 'invalid loaded file' => 'Invalid loaded file', 'invalid local-remote id' => 'local & remote id must not be equal and begin with a "@" sign. These are leftid and rightid in strongswan terminology.', @@ -1575,6 +1585,7 @@ 'invalid minimum object size' => 'Invalid minimum object size.', 'invalid mtu input' => 'Invalid MTU', 'invalid netmask' => 'Invalid netmask', +'invalid network' => 'Invalid Network', 'invalid port' => 'Invalid port. Must be a valid port number.', 'invalid port list' => 'Port list syntax is: port[,port]... where port is in /etc/services or number', 'invalid primary dns' => 'Invalid primary DNS.', @@ -1682,8 +1693,10 @@ 'local ip address' => 'Local IP Address', 'local master' => 'Local Master', 'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled', +'local port' => 'Local Port', 'local subnet' => 'Local subnet:', 'local subnet is invalid' => 'Local subnet is invalid.', +'local subnets' => 'Local Subnets', 'local vpn hostname/ip' => 'Local VPN Hostname/IP', 'localkey' => 'Localkey', 'localkeyfile' => 'Localkeyfile', @@ -1753,6 +1766,9 @@ 'mailmethod' => 'Mailmethod', 'mailprogramm' => 'Mailprogramm', 'main page' => 'Main page', +'malformed preshared key' => 'Malformed Pre-Shared Key', +'malformed private key' => 'Malformed Private Key', +'malformed public key' => 'Malformed Public Key', 'manage ovpn' => '5. Tunnel Management:', 'manage printers' => 'manage printers', 'manage shares' => 'Manage Shares', @@ -2076,6 +2092,7 @@ 'pakfire ago' => 'ago.', 'pakfire already busy' => 'Pakfire is already performing a task. Please try again later.', 'pakfire available addons' => 'Available Add-ons:', +'pakfire check deps' => 'Checking dependencies...', 'pakfire configuration' => 'Pakfire Configuration', 'pakfire confirm upgrades' => 'Do you want to install all upgrades?', 'pakfire core update auto' => 'Install core and add-on updates automatically:', @@ -2086,7 +2103,7 @@ 'pakfire health check' => 'Check if mirror is reachable (ping):', 'pakfire install' => 'Install', 'pakfire install description' => 'Please select one or more add-ons to install.', -'pakfire install package' => 'You want to install the following packages: ', +'pakfire install package' => 'Packages to install:', 'pakfire installed addons' => 'Installed Add-ons:', 'pakfire invalid tree' => 'Invalid repository selected', 'pakfire last core list update' => 'Last core list update made', @@ -2196,12 +2213,14 @@ 'psk' => 'PSK', 'ptr' => 'PTR', 'ptr lookup failed' => 'Reverse lookup failed', +'public key' => 'Public Key', 'pulse' => 'Pulse', 'pulse dial' => 'Pulse dial:', 'qos add subclass' => 'Add subclass', 'qos enter bandwidths' => 'You will need to enter your downstream and upstream bandwidth!', 'qos graphs' => 'Qos Graphs', 'qos warning' => 'The rule must be saved, otherwise it will be discarded!', +'qr code' => 'QR Code', 'quick control' => 'Quick Control', 'quick playlist' => 'Quick Playlist', 'ram' => 'RAM', @@ -2238,6 +2257,7 @@ 'reload' => 'reload', 'remark' => 'Remark', 'remark title' => 'Remark:', +'remarks' => 'Remarks', 'remote access' => 'Remote access', 'remote announce' => 'Remote Announce', 'remote browse sync' => 'Remote Browse Sync', @@ -2245,6 +2265,7 @@ 'remote logging' => 'Remote logging', 'remote subnet' => 'Remote subnet:', 'remote subnet is invalid' => 'Remote subnet is invalid.', +'remote subnets' => 'Remote Subnets', 'removable device advice' => 'Plug in a device, refresh, select and mount before usage. Umount before removal.', 'remove' => 'Remove', 'remove ca certificate' => 'Remove CA certificate', @@ -2278,6 +2299,7 @@ 'root user password' => 'Root password', 'route subnet is invalid' => 'Additional push route subnet is invalid', 'router ip' => 'Router IP address:', +'routing' => 'Routing', 'routing table entries' => 'Routing Table Entries', 'rsvd dst port overlap' => 'Destination Port Range overlaps a port reserved for IPFire:', 'rsvd src port overlap' => 'Source Port Range overlaps a port reserved for IPFire:', @@ -3031,6 +3053,41 @@ 'weekly firewallhits' => 'weekly firewallhits', 'weeks' => 'Weeks', 'wg' => 'WireGuard', +'wg client configuration file' => 'WireGuard Client Configuration File', +'wg client pool' => 'Client Pool', +'wg create host-to-net peer' => 'Create A New Host-To-Net Peer', +'wg create net-to-net peer' => 'Create A New Net-To-Net Peer', +'wg create peer' => 'Create A New Peer', +'wg dns' => 'DNS', +'wg download configuration' => 'Download Configuration', +'wg download configuration file' => 'Download the configuration file', +'wg edit host-to-net peer' => 'Edit Host-To-Net Peer', +'wg edit net-to-net peer' => 'Edit Net-To-Net Peer', +'wg edit peer' => 'Edit Peer', +'wg host to net client settings' => 'Host-To-Net Client Settings', +'wg invalid client dns' => 'Invalid client DNS address', +'wg invalid client pool' => 'Invalid client pool', +'wg invalid endpoint address' => 'Invalid endpoint address', +'wg invalid endpoint port' => 'Invalid endpoint port', +'wg invalid keepalive interval' => 'Invalid Keepalive Interval (Must be between 0 and 65535)', +'wg invalid local subnet' => 'Invalid local subnet', +'wg invalid name' => 'Invalid name (Only letters, numbers, space and hyphen are allowed)', +'wg invalid psk' => 'Invalid pre-shared key', +'wg invalid public key' => 'Invalid public key', +'wg invalid remote subnet' => 'Invalid remote subnet', +'wg keepalive interval' => 'Keepalive Interval', +'wg leave empty to automatically select' => 'Leave empty to automatically select', +'wg name is already used' => 'The name is already in use', +'wg no local subnets' => 'No local subnets given', +'wg no more free addresses in pool' => 'No more free addresses in pool', +'wg no remote subnets' => 'No remote subnets given', +'wg peer configuration' => 'Peer Configuration', +'wg peer does not exist' => 'Peer does not exist', +'wg pre-shared key (optional)' => 'Pre-Shared Key (optional)', +'wg rw peers' => 'WireGuard Roadwarrior Peers', +'wg scan the qr code' => 'Scan the QR code to import the WireGuard configuration into a mobile client.', +'wg show configuration qrcode' => 'Show Configuration QR Code', +'wg warning configuration only shown once' => 'Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.', 'whitelisted' => 'Whitelisted', 'whois results from' => 'WHOIS results from', 'wildcards' => 'Wildcards', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 5707132ce0..a830b215ca 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -928,7 +928,6 @@ 'donation' => 'Donación', 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif', 'donation-text' => 'IPFire es desarrollado y mantenido por voluntarios en su tiempo libre. Para ayudar con los costos de operación de este proyecto si usted gusta ayudarnos. Nos sería muy útil una pequeña donación.', -'done' => 'Hecho', 'dos charset' => 'Juego de caracteres DOS', 'down and up speed' => 'Introduzca la velocidad de enlace de subida/bajada
y después presione Guardar', 'downlink' => 'Vínculo de descarga', @@ -2073,6 +2072,7 @@ 'pakfire ago' => '', 'pakfire already busy' => 'Pakfire ya está realizando una tarea. Por favor, inténtelo de nuevo más tarde.', 'pakfire available addons' => 'Complementos disponibles:', +'pakfire check deps' => 'Comprobando dependencias...', 'pakfire configuration' => 'Configuración de Pakfire', 'pakfire confirm upgrades' => '¿Quieres instalar todas las actualizaciones?', 'pakfire core update auto' => 'Instar actualizaciones principales y complementarias automáticamente:', @@ -2083,7 +2083,7 @@ 'pakfire health check' => 'Verificar disponibilidad del espejo (ping):', 'pakfire install' => 'Instalar', 'pakfire install description' => 'Seleccione uno o más complementos para instalar.', -'pakfire install package' => 'Ud. desea instalar los siguientes paquetes:', +'pakfire install package' => 'Paquetes a instalar:', 'pakfire installed addons' => 'Complementos instalados:', 'pakfire invalid tree' => 'Repositorio no válido seleccionado', 'pakfire last core list update' => 'Última lista de actualización de núcleo hecha', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index cf3db1eed1..06f50fd93a 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -933,7 +933,6 @@ 'donation' => 'Faire un don', 'donation-link' => 'https://www.paypal.com/fr_fr/fr/i/btn/btn_donateCC_LG.gif', 'donation-text' => 'IPFire est développé et maintenu par des bénévoles durant leur temps libre.
Afin de participer aux coûts du projet et nous encourager, vous pouvez faire un don.', -'done' => 'Fait', 'dos charset' => 'Jeu de car. DOS', 'down and up speed' => 'Entrez votre débit descendant et montant
et cliquez sur Sauvegarder.', 'downfall gather data sampling' => 'Chute / collecte échantillons de données - proc. Intel', @@ -2071,6 +2070,7 @@ 'pakfire ago' => '', 'pakfire already busy' => 'Pakfire est déjà en train d\'effectuer une tâche. Veuillez réessayer plus tard.', 'pakfire available addons' => 'Modules disponibles :', +'pakfire check deps' => 'Vérification des dépendances...', 'pakfire configuration' => 'Configuration Pakfire', 'pakfire confirm upgrades' => 'Voulez-vous installer toutes les mises à niveau ?', 'pakfire core update auto' => 'Installer automatiquement les mises à jour du noyau et des modules :', @@ -2081,7 +2081,7 @@ 'pakfire health check' => 'Vérifier si le miroir est accessible (ping) :', 'pakfire install' => 'Installer', 'pakfire install description' => 'Veuillez sélectionner un ou plusieurs modules complémentaires à installer.', -'pakfire install package' => 'Vous souhaitez installer le(s) module(s) suivant(s) : ', +'pakfire install package' => 'Paquets à installer :', 'pakfire installed addons' => 'Modules installés :', 'pakfire invalid tree' => 'Dépôt choisi invalide', 'pakfire last core list update' => 'Dernière mise à jour de la liste du noyau : ', diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl index 936f426702..df3c1f9eb9 100644 --- a/langs/it/cgi-bin/it.pl +++ b/langs/it/cgi-bin/it.pl @@ -781,7 +781,6 @@ 'donation' => 'Donazione', 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif', 'donation-text' => 'IPFire è sviluppato da volontari nel loro tempo libero. Per sostenere questo progetto e i relativi costi di gestione puoi effettuare una piccola donazione.', -'done' => 'Do it', 'dos charset' => 'DOS Charset', 'down and up speed' => 'Enter your Down- and Uplink-Speed
and then press Save.', 'downlink' => 'Downlink', @@ -1711,6 +1710,7 @@ 'pakfire accept all' => 'Vuoi installare tutti i pacchetti?', 'pakfire ago' => 'ago.', 'pakfire available addons' => 'Addons disponibili:', +'pakfire check deps' => 'Controllo delle dipendenze...', 'pakfire configuration' => 'Configurazione Pakfire', 'pakfire confirm upgrades' => 'Vuoi installare tutti gli aggiornamenti?', 'pakfire core update auto' => 'Install core and addon updates automatically:', @@ -1719,7 +1719,7 @@ 'pakfire health check' => 'Controllare se il mirror è raggiungibile (ping):', 'pakfire install' => 'Installare', 'pakfire install description' => 'Selezionare uno o più componenti aggiuntivi da installare.', -'pakfire install package' => 'You want to install the following packages: ', +'pakfire install package' => 'Pacchetti da installare:', 'pakfire installed addons' => 'Addons installati:', 'pakfire last core list update' => 'Ultimo aggiornamento della lista di sistema', 'pakfire last package update' => 'Ultimo aggiornamento della lista pacchetti', diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl index 07643e0ab6..da01276a81 100644 --- a/langs/nl/cgi-bin/nl.pl +++ b/langs/nl/cgi-bin/nl.pl @@ -778,7 +778,6 @@ 'donation' => 'Donatie', 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif', 'donation-text' => 'IPFire wordt ontwikkeld en onderhouden door vrijwilligers in hun vrije tijd. Om dit project draaiend te houden, zouden we het erg op prijs stellen als u een kleine donatie maakt.', -'done' => 'Doe het', 'dos charset' => 'DOS tekenset', 'down and up speed' => 'Voer uw down- en uploadsnelheid in
en klik dan op Opslaan.', 'downlink' => 'Downlink', @@ -1686,6 +1685,7 @@ 'pakfire accept all' => 'Wilt u alle pakketten installeren?', 'pakfire ago' => 'geleden.', 'pakfire available addons' => 'Beschikbare add-ons:', +'pakfire check deps' => 'Afhankelijkheden controleren...', 'pakfire configuration' => 'Pakfire configuratie', 'pakfire confirm upgrades' => 'Wilt u alle upgrades installeren?', 'pakfire core update auto' => 'Installeer core- en extensie-updates automatisch:', @@ -1694,7 +1694,7 @@ 'pakfire health check' => 'Controleer of de mirror bereikbaar is (ping):', 'pakfire install' => 'Installeren', 'pakfire install description' => 'Selecteer een of meer add-ons om te installeren.', -'pakfire install package' => 'U wilt de volgende pakketten installeren: ', +'pakfire install package' => 'Pakketten om te installeren:', 'pakfire installed addons' => 'Geïnstalleerde add-ons:', 'pakfire last core list update' => 'Laatste core-lijst update gemaakt', 'pakfire last package update' => 'Laatste pakketlijst update gemaakt', diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl index cfe6745e53..9223fb152c 100644 --- a/langs/pl/cgi-bin/pl.pl +++ b/langs/pl/cgi-bin/pl.pl @@ -698,7 +698,6 @@ 'donation' => 'Donation', 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif', 'donation-text' => 'IPFire jest tworzony przez wolontariuszy w ich wolnym czasie. Jeżeli chcesz pomóc w dalszym rozwoju projektu możesz nas wspomóc dowolną kwotą. ', -'done' => 'Do it', 'dos charset' => 'Kodowanie DOS', 'down and up speed' => 'Wprowadź parametry Twojego łącza - prędkość pobierania i wysyłania danych
i naciśnij Zapisz.', 'downlink speed' => 'Prędkość pobierania (kbit/sec)', @@ -1351,6 +1350,7 @@ 'pakfire accept all' => 'Czy chcesz zainstalować wszystkie pakiety?', 'pakfire ago' => 'temu.', 'pakfire available addons' => 'Dostępne dodatki:', +'pakfire check deps' => 'Sprawdzanie zależności...', 'pakfire configuration' => 'Konfiguracja Pakfire', 'pakfire confirm upgrades' => 'Czy chcesz zainstalować wszystkie aktualizacje?', 'pakfire core update auto' => 'Instaluj aktualizacje jądra automatycznie:', @@ -1359,7 +1359,7 @@ 'pakfire health check' => 'Sprawdź czy mirror jest dostępny (ping):', 'pakfire install' => 'Instaluj', 'pakfire install description' => 'Wybierz jeden lub więcej dodatków do zainstalowania.', -'pakfire install package' => 'Zamierzasz zainstalować następujące pakiety: ', +'pakfire install package' => 'Pakiety do zainstalowania:', 'pakfire installed addons' => 'Zainstalowane dodatki:', 'pakfire last core list update' => 'Sprawdzenie aktualizacja jądra:', 'pakfire last package update' => 'Ostatnia aktualizacja listy pakietów:', diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl index 7027f2aa53..34da20ecc1 100644 --- a/langs/ru/cgi-bin/ru.pl +++ b/langs/ru/cgi-bin/ru.pl @@ -694,7 +694,6 @@ 'donation' => 'Пожертвования', 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif', 'donation-text' => 'IPFire управляется и поддерживается добровольцами за счёт их собственного времени и сил. Мы будем признательны, если Вы внесёте небольшое пожертвование на поддержку и развитие проекта.', -'done' => 'Выполнить', 'dos charset' => 'Символы DOS', 'down and up speed' => 'Введите свою входящую и исходящую скорость
и нажмите Сохранить.', 'downlink speed' => 'Скорость загрузки (kbit/sec)', @@ -1346,6 +1345,7 @@ 'pakfire accept all' => 'Do you want to install all packages?', 'pakfire ago' => 'назад.', 'pakfire available addons' => 'Доступные Аддоны:', +'pakfire check deps' => 'Проверка зависимостей...', 'pakfire configuration' => 'Pakfire Configuration', 'pakfire confirm upgrades' => 'Вы хотите установить все обновления?', 'pakfire core update auto' => 'Устанавливать обновления ядра и аддонов автоматически:', @@ -1354,7 +1354,7 @@ 'pakfire health check' => 'Пинговать зеркало на доступность:', 'pakfire install' => 'Установить', 'pakfire install description' => 'Пожалуйста, выберите одно или несколько дополнений для установки.', -'pakfire install package' => 'Вы собираетесь установить следующие пакеты: ', +'pakfire install package' => 'Пакеты для установки:', 'pakfire installed addons' => 'Установленные Аддоны:', 'pakfire last core list update' => 'Обновление core-списков', 'pakfire last package update' => 'Обновление списка пакетов', diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl index d0d29c4fb3..4cba99ff16 100644 --- a/langs/tr/cgi-bin/tr.pl +++ b/langs/tr/cgi-bin/tr.pl @@ -853,7 +853,6 @@ 'donation' => 'Bağış', 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif', 'donation-text' => 'IPFire boş zamanlarında gönüllüer tarafından geliştirlmektedir. Bu projeyi ayakta tutmak için eğer bize destek olmak isterseniz küçük bir bağıştan mutluluk duyarız.', -'done' => 'Yap', 'dos charset' => 'DOS karakterleri', 'down and up speed' => 'Gönderme hızı düştüğünde Kaydet düğmesine basın.', 'downlink' => 'İndirme bağlantısı', @@ -1855,6 +1854,7 @@ 'pakfire accept all' => 'Tüm paketleri yüklemek istiyor musunuz?', 'pakfire ago' => 'önce yapıldı.', 'pakfire available addons' => 'Mevcut eklentiler:', +'pakfire check deps' => 'Bağımlılıklar kontrol ediliyor...', 'pakfire configuration' => 'Pakfire yapılandırması', 'pakfire confirm upgrades' => 'Tüm yükseltmeleri yüklemek istiyor musunuz?', 'pakfire core update auto' => 'Otomatik olarak çekirdek ve eklenti güncelleştirmelerini yükle:', @@ -1863,7 +1863,7 @@ 'pakfire health check' => 'Yansımanın ulaşılabilir olup olmadığını kontrol et (ping):', 'pakfire install' => 'Yükle', 'pakfire install description' => 'Lütfen yüklemek için bir veya daha fazla eklenti seçin.', -'pakfire install package' => 'Aşağıdaki paketleri yüklemek istediniz: ', +'pakfire install package' => 'Kurulacak paketler:', 'pakfire installed addons' => 'Kurulu eklentiler:', 'pakfire last core list update' => 'Son çekirdek listesi güncellemesi', 'pakfire last package update' => 'Son paket listesi güncellemesi', diff --git a/lfs/alsa b/lfs/alsa index 18a7868b9f..fba9b47f59 100644 --- a/lfs/alsa +++ b/lfs/alsa @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,16 +26,16 @@ include Config SUMMARY = Advanced Linux Sound Architecture -VER = 1.2.13 -UVER = 1.2.13 -CVER = 1.2.13 +VER = 1.2.14 +UVER = 1.2.14 +CVER = 1.2.14 THISAPP = alsa-lib-$(VER) DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) PROG = alsa -PAK_VER = 22 +PAK_VER = 23 DEPS = @@ -54,9 +54,9 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) alsa-utils-$(UVER).tar.bz2 = $(DL_FROM)/alsa-utils-$(UVER).tar.bz2 alsa-ucm-conf-$(CVER).tar.bz2 = $(DL_FROM)/alsa-ucm-conf-$(CVER).tar.bz2 -$(DL_FILE)_BLAKE2 = 1723ca5f191525e050f05423fb9ccf4501e4f20490d01b0c068493bbce279d3a067e8d0e5f52f9c76c2eaecb4c2b3fc42690193b88c313461fce2aec390175b3 -alsa-utils-$(UVER).tar.bz2_BLAKE2 = 9bc2bf8e21fb9308c2eabc6612da0848f9ddba45acb8bf8453d9cff7f73fa0267495430a150ea53b28fab8afb69a51e487e8b253dc7501e17d77ea3f6e90bcf7 -alsa-ucm-conf-$(CVER).tar.bz2_BLAKE2 = 87e4bf2285961e316ca853e9245e02447ea9e60fa506e124c072e2b6ed71345fc0c30b19bf8c849f8123a6b95a4facd22225eafccba8164266961110a60ef44c +$(DL_FILE)_BLAKE2 = 6fee05f859a19b8ef0d9896d37442c55f602e8b4aaa7698f30c01e03a339d7a74b3214493b095a64b59ee581fb7756d903d4965e080db552e062e2001e0662ff +alsa-utils-$(UVER).tar.bz2_BLAKE2 = 0f15f6f684bf17c0508b01eabd21917d8501b965074d3b42f6915e9bbafeafad894dcbd1a219008db0064fb98d6fb2be311e98c0b8bc7e91d1a0b8146dd02dfe +alsa-ucm-conf-$(CVER).tar.bz2_BLAKE2 = cbb4b81db7670207cac5b85ba9cd4d9df93e4aca573da4caffe0f1e0386a9685b837e58b7ed85ddcfecf3c0f2469e706833dad6f0ef020440c943aa41520f8f0 install : $(TARGET) diff --git a/lfs/btrfs-progs b/lfs/btrfs-progs index 82473dbef6..cbeb179f3e 100644 --- a/lfs/btrfs-progs +++ b/lfs/btrfs-progs @@ -24,7 +24,7 @@ include Config -VER = 6.13 +VER = 6.14 # https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs/ @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = aaf536e17977c052dd0828501f5a91b85403d561301f10d8c7bf2f5abae30a323f781ef8727f8ca48efc6edf16000b3ee8435fd6a89d6d047dda289ad87e3f64 +$(DL_FILE)_BLAKE2 = fae9bdbacc093ba260d7740001eef98f4ffb72c30631c789a34fbd5f34283cbdfb9f1e6b2f6112fb769b90892b47ea2bcc0bcdab37748b8d23e3588051620b2a install : $(TARGET) diff --git a/lfs/configroot b/lfs/configroot index 1f752ddb67..997b4908c1 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -56,7 +56,7 @@ $(TARGET) : ovpn patches pakfire portfw ppp private proxy/advanced/cre \ proxy/calamaris/bin qos/bin red remote sensors suricata time \ updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \ - wakeonlan wireless ; do \ + wakeonlan wireguard wireless ; do \ mkdir -p $(CONFIG_ROOT)/$$i; \ done @@ -70,7 +70,7 @@ $(TARGET) : ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \ - vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \ + vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireguard/peers wireguard/settings wireless/config wireless/settings; do \ touch $(CONFIG_ROOT)/$$i; \ done @@ -82,6 +82,7 @@ $(TARGET) : cp $(DIR_SRC)/config/cfgroot/location-functions.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/ipblocklist-functions.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/ids-functions.pl $(CONFIG_ROOT)/ + cp $(DIR_SRC)/config/cfgroot/wireguard-functions.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/ diff --git a/lfs/coreutils b/lfs/coreutils index 4220050da1..4241526491 100644 --- a/lfs/coreutils +++ b/lfs/coreutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 9.5 +VER = 9.7 THISAPP = coreutils-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -58,7 +58,7 @@ objects =$(DL_FILE) $(DL_FILE)= $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6fd3a77697c9e85f31415c6ad66559faf18acc7d346677a89d4a999c2027886551e78842a7283e7b3b44fe8ef2fde04ba2f88df32a7844d5f69d45bcb7a04b6f +$(DL_FILE)_BLAKE2 = e5e5f7ec26c3952eb6a25988f78d3a1f8a70cf97a2fbc7b433dfcd1721cd38e6e0a8b9cb83f854a22df325bcb5ea8c4534c5a217273762cd5d575b381db69ee8 install : $(TARGET) diff --git a/lfs/fontconfig b/lfs/fontconfig index 6b7af145a1..01c211b179 100644 --- a/lfs/fontconfig +++ b/lfs/fontconfig @@ -24,7 +24,7 @@ include Config -VER = 2.16.0 +VER = 2.16.2 SUMMARY = Library for configuring and customizing font access THISAPP = fontconfig-$(VER) @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 48d6fcbfe83f0a4c026a4f90d864a4195805e04cc6dd486bd18d68caa8b55fd51fc37822781298152d363b70dc103c9f8b216f6dc0193b2b192eb35565482ec4 +$(DL_FILE)_BLAKE2 = 24fdbfc573d1a97e08fc159b91e24b77ddeb646e59ab62bb154b18f07383103a8b1e00c635299e1209fb5965dc889b8ab8f5d7228083af1a916978fa69c71136 install : $(TARGET) @@ -71,12 +71,13 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --disable-docs - cd $(DIR_APP) && make $(MAKETUNING) - cd $(DIR_APP) && make install + cd $(DIR_APP) && meson setup \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + -D doc=disabled \ + builddir/ + cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING) + cd $(DIR_APP) && ninja -C builddir/ install @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/initscripts b/lfs/initscripts index 82e20bfa7e..700e912445 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -99,6 +99,7 @@ $(TARGET) : ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc0.d/K49cyrus-sasl ln -sf ../init.d/vnstat /etc/rc.d/rc0.d/K51vnstat + ln -sf ../init.d/wireguard /etc/rc.d/rc0.d/K70wireguard ln -sf ../init.d/conntrackd /etc/rc.d/rc0.d/K77conntrackd ln -sf ../init.d/suricata /etc/rc.d/rc0.d/K78suricata ln -sf ../init.d/leds /etc/rc.d/rc0.d/K79leds @@ -128,6 +129,7 @@ $(TARGET) : ln -sf ../init.d/sshd /etc/rc.d/rc3.d/S30sshd ln -sf ../init.d/apache /etc/rc.d/rc3.d/S32apache ln -sf ../init.d/fcron /etc/rc.d/rc3.d/S40fcron + ln -sf ../init.d/wireguard /etc/rc.d/rc3.d/S50wireguard ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local ln -sf ../init.d/grub-btrfsd /etc/rc.d/rc3.d/S99grub-btrfsd ln -sf ../init.d/vdradmin /etc/rc.d/rc3.d/S99vdradmin @@ -140,6 +142,7 @@ $(TARGET) : ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc6.d/K49cyrus-sasl ln -sf ../init.d/vnstat /etc/rc.d/rc6.d/K51vnstat + ln -sf ../init.d/wireguard /etc/rc.d/rc6.d/K70wireguard ln -sf ../init.d/conntrackd /etc/rc.d/rc6.d/K77conntrackd ln -sf ../init.d/suricata /etc/rc.d/rc6.d/K78suricata ln -sf ../init.d/leds /etc/rc.d/rc6.d/K79leds diff --git a/lfs/libcap b/lfs/libcap index b3bbda4d0f..c0707a5e0c 100644 --- a/lfs/libcap +++ b/lfs/libcap @@ -6,7 +6,7 @@ # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # +# (at your option) any later301c74ceae00e915f70ff8f0a32c86a5ddf405a00522f4299390e4e0b6bc4270fc7e3c4ba5c53db2ddc5f7de6a97b43e310097a4ecc1d678f721f9dfa53cef53 version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # @@ -24,7 +24,7 @@ include Config -VER = 2.75 +VER = 2.76 THISAPP = libcap-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 88071f0ff6f786f42777853a03ae116b1175769b14b715dd1b3def7414fcf118dea56f80e14dc467f72d3cb1a091ab95fc2fc0a240552fedfbbb95a9fc94f2db +$(DL_FILE)_BLAKE2 = 301c74ceae00e915f70ff8f0a32c86a5ddf405a00522f4299390e4e0b6bc4270fc7e3c4ba5c53db2ddc5f7de6a97b43e310097a4ecc1d678f721f9dfa53cef53 install : $(TARGET) diff --git a/lfs/libffi b/lfs/libffi index 546eba4767..ec8ea8f595 100644 --- a/lfs/libffi +++ b/lfs/libffi @@ -24,7 +24,7 @@ include Config -VER = 3.4.7 +VER = 3.4.8 THISAPP = libffi-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 0dd17b4fd358beb9842889168437443137445a5dba1f0a7e8669ae420d8efb927815c08602c1b1b141acfdfdbaa12b417863402a5c8df5f36519fd3e772d3f37 +$(DL_FILE)_BLAKE2 = 10b3d970dc598fb8689bca49751cda499ddc5216baf89d38625385b0d42d57f10d15cce3c4c044c9c73a4fce384c26f2a8e1b99269e9db1174c2631201c6bfd4 install : $(TARGET) diff --git a/lfs/libgpg-error b/lfs/libgpg-error index 74604d343f..12ee9a5cf3 100644 --- a/lfs/libgpg-error +++ b/lfs/libgpg-error @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.51 +VER = 1.54 THISAPP = libgpg-error-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 8727a993fb5e589beceafce9d06d843b28ceff80398c33a5655608bdcd3d92ee363389bc209a1dff675b9f78d56f13b78d77e55696c0736612b09275ae0da7f3 +$(DL_FILE)_BLAKE2 = 75f0cd9f1cb8c85bd86f7f49c6be6ec7aa216e39a269b92c9231fa4c441e862ef0b666cc6639a154777f31526bb41b1f81796662c8b210616c4a04c3db8e3d68 install : $(TARGET) diff --git a/lfs/nano b/lfs/nano index 080506a0b4..f88ea70cd3 100644 --- a/lfs/nano +++ b/lfs/nano @@ -24,7 +24,7 @@ include Config -VER = 8.3 +VER = 8.4 THISAPP = nano-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 39c400483f79f11da0f959fed769462b65007f9235cb76d38e71d0a63919b659dc553d44f5d13dd13db801ec361fd7a3ad68b68bfa456ac6c169c861e80c6067 +$(DL_FILE)_BLAKE2 = 2e5dbe6982ef9d284c6e018abad593bf383f27c85047241bafaa098948b73897c0a81b63aa453385ac93afc1c398936464d5a1fb024d00936ad383c5e5e4403f install : $(TARGET) @@ -74,13 +74,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --sysconfdir=/etc/nano \ - --enable-color \ - --enable-multibuffer \ - --enable-nanorc \ - --disable-nls - + --prefix=/usr \ + --sysconfdir=/etc/nano \ + --enable-color \ + --enable-multibuffer \ + --enable-nanorc \ + --disable-nls cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install cd $(DIR_APP) && install -v -m644 -D doc/sample.nanorc /etc/nano/sample.nanorc diff --git a/lfs/nfs b/lfs/nfs index 645aca3025..5f3f8190e3 100644 --- a/lfs/nfs +++ b/lfs/nfs @@ -26,7 +26,7 @@ include Config SUMMARY = Support Utilities for Kernel nfsd -VER = 2.8.2 +VER = 2.8.3 THISAPP = nfs-utils-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nfs -PAK_VER = 26 +PAK_VER = 27 DEPS = rpcbind @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b3b876dd1b4c745f4fe26b6ae9ec4690f7a946f5616276ce543a7cf0504156408e59682499b80aca4d09fe819de75c6499a11726bec0a392a277685199b56ac6 +$(DL_FILE)_BLAKE2 = 70fbba171697e13e0050cb146ff7e30ce53937d37882e4f53be62ee2792e8afee451a74e81d3b739a4d3c76ef444c5602a7a6a2a1e1148829a50f27e5da18533 install : $(TARGET) @@ -82,11 +82,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --disable-gss \ - --without-tcp-wrappers \ - --disable-ipv6 + --prefix=/usr \ + --sysconfdir=/etc \ + --disable-gss \ + --without-tcp-wrappers \ + --disable-ipv6 cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/openssh b/lfs/openssh index f2165a96de..46151228c8 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@ include Config -VER = 9.9p2 +VER = 10.0p1 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 1b5bc09482b3a807ccfee52c86c6be3c363acf0c8e774862e0ae64f76bfeb4ce7cf29b3ed2f99c04c89bb4977da0cf50a7a175b15bf1d9925de1e03c66f8306d +$(DL_FILE)_BLAKE2 = 4ce353adf75aade8f4b2a223ad13e2f92cd23d1e60b4ee52bad0eaf036571229438cd9760dfa99c0e10fa09a8ac47b2bfb04eb183fb7b9287ac564ec75316a75 install : $(TARGET) @@ -73,13 +73,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && autoconf cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --sysconfdir=/etc/ssh \ - --libexecdir=/usr/lib/openssh \ - --with-md5-passwords \ - --with-privsep-path=/var/empty \ - --with-superuser-path=/sbin:/usr/sbin:/bin:/usr/bin - + --prefix=/usr \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/lib/openssh \ + --with-md5-passwords \ + --with-privsep-path=/var/empty \ + --with-superuser-path=/sbin:/usr/sbin:/bin:/usr/bin cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/openssl b/lfs/openssl index c6f521d630..a94f325a0f 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 3.4.1 +VER = 3.5.0 THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -72,7 +72,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 328a2a4f0536b15ffe6421afc99bdb5dcdf3d29f44437fdd80bbf4089f5f2658ca10907e033eda2e04c6b862e49b150ea59d8ab1807d14a3dcf64e10c32e78af +$(DL_FILE)_BLAKE2 = 9bf55ad242863123ec117296ff4d3067a27da9e0aa104a70203009536440198bacbb155c6431801e139dee6deaf6a26e0ac9a5e71fdcf963d00ba3ec7434440f install : $(TARGET) diff --git a/lfs/protobuf b/lfs/protobuf index 92d19de38f..664ac3a11a 100644 --- a/lfs/protobuf +++ b/lfs/protobuf @@ -24,7 +24,7 @@ include Config -VER = 29.3 +VER = 30.2 THISAPP = protobuf-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 8d37daac6f0d832e5bff5c56b9be73fce1fe016ca4e905f4c66d8fea20fabbee54a6be2c824f503d40f8492a4ec6280a539c454de9a118b69ebc57f2afe3d965 +$(DL_FILE)_BLAKE2 = 3a7d6bfa38500b16b1ce52b244fd9448fe7be2933a77224a1423a67e3ae3155846c0974ee1b6c579f6050f60b7784ace21b149b3cbdff2ef1e6bf954acbb1b51 install : $(TARGET) @@ -71,10 +71,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cmake . \ - -D CMAKE_INSTALL_PREFIX=/usr \ - -D protobuf_BUILD_TESTS=OFF \ - -D protobuf_BUILD_SHARED_LIBS=ON \ - -D protobuf_ABSL_PROVIDER=package + -D CMAKE_INSTALL_PREFIX=/usr \ + -D protobuf_BUILD_TESTS=OFF \ + -D protobuf_BUILD_SHARED_LIBS=ON \ + -D protobuf_ABSL_PROVIDER=package cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/lfs/protobuf-c b/lfs/protobuf-c index 6799778724..7ed7b93464 100644 --- a/lfs/protobuf-c +++ b/lfs/protobuf-c @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.5.0 +VER = 1.5.2 THISAPP = protobuf-c-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 7b428655901f4fd74b67b75419552e7c02065a5291aed4dcc1d55b98c986caa9ccf846eb5e98e0954420c3e5bea559b0078843e00daa7b5c63465eec21e28204 +$(DL_FILE)_BLAKE2 = f6815319bad26095fe462b7a3da295594a853b131b565c7bc27d2d9ba1e51722ce8fefb408e37bc41b953de8ba51d4340b87a57fbb7163ce444e5aa2b99c9721 install : $(TARGET) @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/protobuf-c_1.5.0_protobuf-26.patch cd $(DIR_APP) && ./configure \ --prefix=/usr cd $(DIR_APP) && make $(MAKETUNING) diff --git a/lfs/wireguard-tools b/lfs/wireguard-tools new file mode 100644 index 0000000000..5d0e820941 --- /dev/null +++ b/lfs/wireguard-tools @@ -0,0 +1,84 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.0.20210914 + +THISAPP = wireguard-tools-$(VER) +DL_FILE = $(THISAPP).tar.xz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +# Disable wg-quick +export WITH_WGQUICK = no + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 020f4a61597dafc6663e9ee5659f9401416692f5dc8e23afe8d59054bffd32c92814ff2e1f99d6ffe558fdfcf756afc1838e4d425847f892ad4b627a077fe614 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP)/src && make $(MAKETUNING) + cd $(DIR_APP)/src && make install + + # Install wg-dynamic + install -v -m 755 $(DIR_SRC)/config/wireguard/wg-dynamic \ + /etc/fcron.cyclic/wg-dynamic + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 8da90d61d4..3643b469e2 100755 --- a/make.sh +++ b/make.sh @@ -1706,6 +1706,7 @@ build_system() { lfsmake2 ntfs-3g lfsmake2 ethtool lfsmake2 fcron + lfsmake2 wireguard-tools lfsmake2 perl-ExtUtils-PkgConfig lfsmake2 perl-GD lfsmake2 perl-GD-Graph diff --git a/src/initscripts/networking/functions.network b/src/initscripts/networking/functions.network index eb83b183da..3c0f2e3ad6 100644 --- a/src/initscripts/networking/functions.network +++ b/src/initscripts/networking/functions.network @@ -246,6 +246,46 @@ network_address_in_network() { [ "${address}" -ge "${netaddr}" -a "${address}" -le "${broadcast}" ] } +# Takes a network and list of IP addresses and will return the first IP address +# that is in the given network. +first_address_in_network() { + local network="${1}" + shift + + local addr + for addr in $@; do + if network_address_in_network "${addr}" "${network}"; then + echo "${addr}" + return 0 + fi + done + + return 1 +} + +# Returns the first of IPFire's own IP addresses that is in any of the given networks +ipfire_address_in_networks() { + local addresses=() + + local var + for var in GREEN_ADDRESS BLUE_ADDRESS ORANGE_ADDRESS; do + if [ -n "${!var}" ]; then + addresses+=( "${!var}" ) + fi + done + + local network + for network in $@; do + # Find and end after the first match + if first_address_in_network "${network}" "${addresses[@]}"; then + return 0 + fi + done + + # Nothing found + return 1 +} + dhcpcd_get_pid() { # This function returns the pid of a dhcpcd by a given # network device, if a pidfile exists. diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 6befa9fc39..c6e3e96716 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -215,6 +215,11 @@ iptables_init() { iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK iptables -A OUTPUT -m policy --dir out --pol none -j IPSECBLOCK + # Block unauthorized WireGuard traffic + iptables -N WGBLOCK + iptables -A INPUT -i wg+ -j WGBLOCK + iptables -A FORWARD -i wg+ -j WGBLOCK + # Block OpenVPN transfer networks iptables -N OVPNBLOCK iptables -A INPUT -i tun+ -j OVPNBLOCK @@ -319,6 +324,10 @@ iptables_init() { iptables -N WIRELESSFORWARD iptables -A FORWARD -m conntrack --ctstate NEW -j WIRELESSFORWARD + # WireGuard + iptables -N WGINPUT + iptables -A INPUT -j WGINPUT + # OpenVPN iptables -N OVPNINPUT iptables -A INPUT -j OVPNINPUT diff --git a/src/initscripts/system/wireguard b/src/initscripts/system/wireguard new file mode 100644 index 0000000000..7632d6114f --- /dev/null +++ b/src/initscripts/system/wireguard @@ -0,0 +1,356 @@ +#!/bin/sh +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2024 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +. /etc/sysconfig/rc +. ${rc_functions} +. /etc/rc.d/init.d/networking/functions.network + +eval $(/usr/local/bin/readhash /var/ipfire/wireguard/settings) + +interfaces() { + local id + local enabled + local type + local _rest + + local IFS=',' + + # wg0 will always be created for roadwarrior + echo "wg0" + + while read -r id enabled type _rest; do + # Skip peers that are not enabled + [ "${enabled}" = "on" ] || continue + + # Skip anything that isn't a net-to-net connection + [ "${type}" = "net" ] || continue + + echo "wg${id}" + done < /var/ipfire/wireguard/peers + + return 0 +} + +interface_is_rw() { + local intf="${1}" + + [ "${intf}" = "wg0" ] +} + +setup_interface() { + local intf="${1}" + + # Create the interface if it does not exist + if [ ! -d "/sys/class/net/${intf}" ]; then + ip link add "${intf}" type wireguard || return $? + fi + + # Set up the interface + ip link set "${intf}" up + + # Set the MTU + if [ -n "${MTU}" ]; then + ip link set "${intf}" mtu "${MTU}" || return $? + fi + + # Load the configuration into the kernel + wg syncconf "${intf}" <(generate_config "${intf}") || return $? + + return 0 +} + +cleanup_interfaces() { + local interfaces=( "$(interfaces)" ) + + local intf + for intf in /sys/class/net/wg[0-9]*; do + [ -d "${intf}" ] || continue + + # Remove the path + intf="${intf##*/}" + + local found=0 + local i + + for i in ${interfaces[@]}; do + if [ "${intf}" = "${i}" ]; then + found=1 + break + fi + done + + if [ "${found}" -eq 0 ]; then + ip link del "${intf}" + fi + done + + return 0 +} + +# Replaces 0.0.0.0/0 with 0.0.0.0/1 and 128.0.0.0/1 so that we can route all traffic +# through a WireGuard tunnel. +expand_subnets() { + local subnet + + for subnet in $@; do + case "${subnet}" in + 0.0.0.0/0|0.0.0.0/0.0.0.0) + echo -n "0.0.0.0/1," + echo -n "128.0.0.0/1," + ;; + + *) + echo -n "${subnet}," + ;; + esac + done + + return 0 +} + +generate_config() { + local intf="${1}" + + # Flush all previously set routes + ip route flush dev "${intf}" + + local IFS=',' + + local id + local enabled + local type + local name + local pubkey + local privkey + local port + local endpoint_addr + local endpoint_port + local remote_subnets + local remarks + local local_subnets + local psk + local keepalive + local _rest + + # Handles the special case of the RW interface + if interface_is_rw "${intf}"; then + echo "[Interface]" + echo "PrivateKey = ${PRIVATE_KEY}" + + # Optionally set the port + if [ -n "${PORT}" ]; then + echo "ListenPort = ${PORT}" + fi + + # Add the client pool + if [ -n "${CLIENT_POOL}" ]; then + ip route add "${CLIENT_POOL}" dev "${intf}" + fi + + while read -r id enabled type name pubkey privkey port endpoint_addr endpoint_port \ + remote_subnets remarks local_subnets psk keepalive _rest; do + # Skip peers that are not hosts or not enabled + [ "${type}" = "host" ] || continue + [ "${enabled}" = "on" ] || continue + + echo "[Peer]" + echo "PublicKey = ${pubkey}" + + # Set PSK (if set) + if [ -n "${psk}" ]; then + echo "PresharedKey = ${psk}" + fi + + # Set routes + if [ -n "${remote_subnets}" ]; then + echo "AllowedIPs = ${remote_subnets//|/, }" + fi + + echo # newline + done < /var/ipfire/wireguard/peers + + return 0 + fi + + local local_subnet + local remote_subnet + + while read -r id enabled type name pubkey privkey port endpoint_addr endpoint_port \ + remote_subnets remarks local_subnets psk keepalive _rest; do + # Check for the matching connection + [ "${type}" = "net" ] || continue + [ "${intf}" = "wg${id}" ] || continue + + # Skip peers that are not enabled + [ "${enabled}" = "on" ] || continue + + # Update the interface alias + ip link set "${intf}" alias "${name}" + + echo "[Interface]" + + if [ -n "${privkey}" ]; then + echo "PrivateKey = ${privkey}" + fi + + # Optionally set the port + if [ -n "${port}" ]; then + echo "ListenPort = ${port}" + + # Open the port + iptables -A WGINPUT -p udp --dport "${port}" -j ACCEPT + fi + + echo "[Peer]" + echo "PublicKey = ${pubkey}" + + # Set PSK (if set) + if [ -n "${psk}" ]; then + echo "PresharedKey = ${psk}" + fi + + # Set endpoint + if [ -n "${endpoint_addr}" ]; then + echo "Endpoint = ${endpoint_addr}${endpoint_port:+:}${endpoint_port}" + fi + + # Set routes + if [ -n "${remote_subnets}" ]; then + echo "AllowedIPs = ${remote_subnets//|/, }" + + # Apply the routes + local_subnets=( "${local_subnets//|/,}" ) + remote_subnets=( "${remote_subnets//|/,}" ) + + # Find an IP address of the firewall that is inside the routed subnet + local src="$(ipfire_address_in_networks "${local_subnets[@]}")" + + for remote_subnet in $(expand_subnets "${remote_subnets[@]}"); do + local args=( + "${remote_subnet}" "dev" "${intf}" + ) + + # Add the preferred source if we found one + if [ -n "${src}" ]; then + args+=( "src" "${src}" ) + fi + + ip route add "${args[@]}" + done + fi + + # Set keepalive + if [ -n "${keepalive}" ]; then + echo "PersistentKeepalive = ${keepalive}" + fi + + # Set blocking rules + for local_subnet in ${local_subnets//|/ }; do + for remote_subnet in ${remote_subnets//|/ }; do + iptables -I WGBLOCK \ + -s "${remote_subnet}" -d "${local_subnet}" -j RETURN + done + done + + # There will only be one match, so we can break as soon we get here + break + done < /var/ipfire/wireguard/peers +} + +reload_firewall() { + # Flush all previous rules + iptables -F WGINPUT + + if [ "${ENABLED}" = "on" ]; then + iptables -A WGINPUT -p udp --dport "${PORT}" -j ACCEPT + fi + + iptables -F WGBLOCK + + # Block all other traffic + iptables -A WGBLOCK -j REJECT --reject-with icmp-admin-prohibited +} + +wg_start() { + local failed=0 + local intf + + # Find all interfaces + local interfaces=( "$(interfaces)" ) + + # Shut down any unwanted interfaces + cleanup_interfaces + + # Reload the firewall + reload_firewall + + # Setup all interfaces + for intf in ${interfaces[@]}; do + setup_interface "${intf}" || failed=1 + done + + return ${failed} +} + +wg_stop() { + local intf + + # Reload the firewall + ENABLED=off reload_firewall + + for intf in /sys/class/net/wg[0-9]*; do + ip link del "${intf##*/}" + done + + return 0 +} + +case "${1}" in + start) + if [ "${ENABLED}" != "on" ]; then + exit 0 + fi + + boot_mesg "Starting WireGuard VPN..." + wg_start; evaluate_retval + ;; + + stop) + boot_mesg "Stopping WireGuard VPN..." + wg_stop; evaluate_retval + ;; + + reload) + boot_mesg "Reloading WireGuard VPN..." + wg_start; evaluate_retval + ;; + + restart) + ${0} stop + sleep 1 + ${0} start + ;; + + *) + echo "Usage: ${0} {start|stop|reload|restart}" + exit 1 + ;; +esac diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index 1ae12b2946..9d380c158e 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -32,7 +32,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \ smartctrl clamavctrl addonctrl pakfire wlanapctrl \ setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ getconntracktable wirelessclient torctrl ddnsctrl unboundctrl \ - captivectrl + captivectrl wireguardctrl OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS)) diff --git a/src/misc-progs/wireguardctrl.c b/src/misc-progs/wireguardctrl.c new file mode 100644 index 0000000000..24580c2ebb --- /dev/null +++ b/src/misc-progs/wireguardctrl.c @@ -0,0 +1,44 @@ +/* This file is part of the IPFire Firewall. + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + */ + +#include +#include + +#include "setuid.h" + +int main(int argc, char** argv) { + // Become root + if (!initsetuid()) + exit(1); + + // Check if we have enough arguments + if (argc < 2) { + fprintf(stderr, "\nNot enough arguments.\n\n"); + exit(1); + } + + if (strcmp(argv[1], "start") == 0) { + return run("/etc/rc.d/init.d/wireguard", argv + 1); + + } else if (strcmp(argv[1], "stop") == 0) { + return run("/etc/rc.d/init.d/wireguard", argv + 1); + + } else if (strcmp(argv[1], "dump") == 0) { + char* args[] = { + "show", + (argc > 2) ? argv[2] : "wg0", + "dump", + NULL, + }; + + return run("/usr/bin/wg", args); + + } + + fprintf(stderr, "Invalid command\n"); + exit(1); +} diff --git a/src/patches/protobuf-c_1.5.0_protobuf-26.patch b/src/patches/protobuf-c_1.5.0_protobuf-26.patch deleted file mode 100644 index 40c9e64d00..0000000000 --- a/src/patches/protobuf-c_1.5.0_protobuf-26.patch +++ /dev/null @@ -1,118 +0,0 @@ -From a6cf1aa386067e26d582cc1d1e327787595c9f13 Mon Sep 17 00:00:00 2001 -From: Robert Edmonds -Date: Wed, 20 Mar 2024 21:48:10 -0400 -Subject: [PATCH 1/3] FileGenerator::GenerateHeader(): Set `min_header_version` - unconditionally - -Previously, we were conditionally trying to set `min_header_version` to -the lowest possible value, and relying on a "legacy" Google interface to -determine the file descriptor's syntax version as part of that -determination. - -Instead, simply bump the minimum version to 1003000 (1.3.0). This -release was almost 7 years ago. In practice protobuf-c users should not -be shipping pre-compiled .pb-c.c/.pb-c.h files, anyway. ---- - protoc-c/c_file.cc | 9 +-------- - 1 file changed, 1 insertion(+), 8 deletions(-) - -diff --git a/protoc-c/c_file.cc b/protoc-c/c_file.cc -index ca0ad34e..c6d8a240 100644 ---- a/protoc-c/c_file.cc -+++ b/protoc-c/c_file.cc -@@ -117,14 +117,7 @@ FileGenerator::~FileGenerator() {} - void FileGenerator::GenerateHeader(io::Printer* printer) { - std::string filename_identifier = FilenameIdentifier(file_->name()); - -- int min_header_version = 1000000; --#if GOOGLE_PROTOBUF_VERSION >= 4023000 -- if (FileDescriptorLegacy(file_).syntax() == FileDescriptorLegacy::SYNTAX_PROTO3) { --#else -- if (file_->syntax() == FileDescriptor::SYNTAX_PROTO3) { --#endif -- min_header_version = 1003000; -- } -+ const int min_header_version = 1003000; - - // Generate top of header. - printer->Print( - -From ee3d9e5423c93ee6b828fdda8e7fef13a77634eb Mon Sep 17 00:00:00 2001 -From: Robert Edmonds -Date: Wed, 20 Mar 2024 22:25:54 -0400 -Subject: [PATCH 2/3] Reimplement FieldSyntax() to maximize compatibility - across protobuf versions - -Recent versions of Google protobuf have broken the interfaces for -determining the syntax version of a .proto file. The current protobuf-c -1.5.0 release does not compile with Google protobuf 26.0 due to the most -recentage breakage. There is a possible workaround involving the Google -protobuf `FileDescriptorLegacy` class, which is documented as: - -// TODO Remove this deprecated API entirely. - -So we probably shouldn't rely on it. - -Instead, this commit obtains the `FileDescriptorProto` corresponding -to the passed in `FieldDescriptor` and interrogates the `syntax` field -directly. This is a single implementation with no version-specific -workarounds. Hopefully this won't break in the next Google protobuf -release. - -I tested the `FieldSyntax()` implementation in this commit across a -number of different Google protobuf releases and found that it worked -(`make && make check`) on all of them: - -- Google protobuf 3.6.1.3 (Ubuntu 20.04) -- Google protobuf 3.12.4 (Ubuntu 22.04) -- Google protobuf 3.21.12 (Debian 12 + Debian unstable) -- Google protobuf 3.25.2 (Debian experimental) -- Google protobuf 26.1-dev ---- - protoc-c/c_helpers.h | 24 ++++++++++++++---------- - 1 file changed, 14 insertions(+), 10 deletions(-) - -diff --git a/protoc-c/c_helpers.h b/protoc-c/c_helpers.h -index 062d330b..be28b601 100644 ---- a/protoc-c/c_helpers.h -+++ b/protoc-c/c_helpers.h -@@ -70,10 +70,6 @@ - #include - #include - --#if GOOGLE_PROTOBUF_VERSION >= 4023000 --# include --#endif -- - namespace google { - namespace protobuf { - namespace compiler { -@@ -173,13 +169,21 @@ struct NameIndex - int compare_name_indices_by_name(const void*, const void*); - - // Return the syntax version of the file containing the field. --// This wrapper is needed to be able to compile against protobuf2. - inline int FieldSyntax(const FieldDescriptor* field) { --#if GOOGLE_PROTOBUF_VERSION >= 4023000 -- return FileDescriptorLegacy(field->file()).syntax() == FileDescriptorLegacy::SYNTAX_PROTO3 ? 3 : 2; --#else -- return field->file()->syntax() == FileDescriptor::SYNTAX_PROTO3 ? 3 : 2; --#endif -+ auto proto = FileDescriptorProto(); -+ field->file()->CopyTo(&proto); -+ -+ if (proto.has_syntax()) { -+ auto syntax = proto.syntax(); -+ assert(syntax == "proto2" || syntax == "proto3"); -+ if (syntax == "proto2") { -+ return 2; -+ } else if (syntax == "proto3") { -+ return 3; -+ } -+ } -+ -+ return 2; - } - - // Work around changes in protobuf >= 22.x without breaking compilation against - hooks/post-receive -- IPFire 2.x development tree