* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 3757b8ef10377e422f2c7b98d34f728ab0977809
@ 2025-04-24 15:02 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-04-24 15:02 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 476526 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 3757b8ef10377e422f2c7b98d34f728ab0977809 (commit)
via c1f13252d063b374039bc80c12d60b389a75befd (commit)
via 66eac1139047efaf5619dcf562807b12c4a2a126 (commit)
via 1f1755aae03cd18dc2c54d550151a9406c2acb2b (commit)
via 7d6b92e10d604050b22cb4f9823df13f8df15215 (commit)
via 9e3eebb4ef732acb81b9039a9d6983b5f59fcf9a (commit)
via ab7944fceb9138fb3ec66c02d1573f99a853d0b8 (commit)
via 1a0cbc236b0e51399de495b582813acf5b39a9f4 (commit)
via f82f3234ab37ab0bef908d2550d3b17da105d5c1 (commit)
via d4bf67e28f75d82e6873700d2f89b5a61ece0b00 (commit)
via 38e463f7b6692c3ea88c0d384d4d390136c91a2f (commit)
via e5ee56f677e12873754589ac19669bffbfa8fe42 (commit)
via 981a5756fdbf9d099e16e358bc5ac206db1229dc (commit)
via cf56de7a94e5007bce8eaa37cc5a4929a13ff45e (commit)
via cca29326abd3e2fba6e6fc40c33e82a1ad001e9b (commit)
via 406ab3f286dd6ed8427f29534f686ddaeefe6e80 (commit)
via 553867681e73a487b59cc85327979b7f4d3049f0 (commit)
via 62bf01529bda71007f08827ae4c25684ebc31ef3 (commit)
via 1ae53a882e5e935c45e63dec707f8b7bc342f022 (commit)
via 634af916739e6758c853939c08b7b409dc2379cb (commit)
via a8a107af2ed730c71d12d2cc276242403c814cfe (commit)
via 6c9744bbcb0ab0b483884c914466f960287c0f9d (commit)
via 74be89cf589f93aea0f0aade3a5dcba8bcbb3ea2 (commit)
via a023f6b57428be64d39802eb20c90c4192c4b136 (commit)
via 3d8ed693e204235cf0c92be8bb0c4b327e878256 (commit)
via 08d1f80b1aaf9f50a2f00905b2afa38a01455e94 (commit)
via dd8b385fc499d3a297e731bd49ab720a4a1fe2de (commit)
via a4e20441ff08401644fc29342338ef8f6bd7984a (commit)
via 870bd70a3d85d0ca4bc826fe9440d74ac4b343f3 (commit)
via 1de96a83d6d6cec5d4d3eda1792aa80bfbd8fafe (commit)
via 3bcb69888eabf32ebfec10389cbb42eed8c91837 (commit)
via 843c39434195e0fe78be36fb25adc5854aff78a2 (commit)
via 9c72aa966309ea160c4385363d9e29305af73389 (commit)
via 3f538a827627ae70fc2c892abab6e8d73f73aaad (commit)
via 60dd0f8f15d1b70e0692c933dcf374dd329ee365 (commit)
via 77631ba4c738432c31cd4b6fad0da28b880fb0c7 (commit)
via 657801ca491cf671d7201354b566a42d6cce6515 (commit)
via 0818920c8a96df3b80042f2ffe8bade8d4545076 (commit)
via 468e9831d5c7b99a2dc20b66d881f43ecb0a424b (commit)
via 6c228fabd02aaf17ff1e0b403666a01725d70b3c (commit)
via 06ee2b84e7e33235caf2203810cddc3c7020a943 (commit)
via 456ff347463776c3a5adee02d3d2ca65924661c2 (commit)
via ccb2d0a211b9efd65c4943c7594b6e367a371ec9 (commit)
via 9b57b59a411fe3e82c173becad8f0edc538aafe6 (commit)
via 6dcd2c24bba008952469414b6d560863793e6001 (commit)
via db8d09bdb72ddf08333172b18fc145393c5375d6 (commit)
via 335cd6187bfe38e0e4c671f2a848bd834855f952 (commit)
via c0261d9b96f55a954ee63ad9115db6d2a5636c38 (commit)
via a61f0c752225fd3dcde20a9929947f3fe2586781 (commit)
via 7b62f1706638ab287e0300b43a322c595b1466fb (commit)
via 9914a4f1cdf811e790164a1b2d047d985065b6ac (commit)
via 4e4b6033294509f6a9301cf7d7700263adc69172 (commit)
via 5058edbadacd66e5313e4a1bbe9fca09aaace483 (commit)
via a6568d122d85d447805aa137c68a541c641b3516 (commit)
via 82f8e2fef4c35cf44250a8484ef4c63a95e12b49 (commit)
via 057c7692b1fd41f1683f68cf20742f6f025d1c17 (commit)
via 61a4d3cf49ae48896663af0cfee094b1f04df83f (commit)
via 803f69b16f6e560a38220f19449aa86afa53198a (commit)
via 607760950b571610cef4a0e6264415ddec5c69ec (commit)
via be78d2abafc58a7f216102079498e642c107aebc (commit)
via ac1032f025a851bf03c4ff56e21df379c81aba04 (commit)
via 0d241960201088fea9eeae80eee06555a724a03f (commit)
via aba4372e3ec4001bafb32f94eae9698dcb174259 (commit)
via 3679c7a0d4f8881679c72abd321a90e75febc2c3 (commit)
via 39eafa413f4b37e8dc1abff1f7d7ca2c0e1cbffa (commit)
via 66546a360704717be03ffa12ff80137cccbab90a (commit)
via eb48782ee7184b5c397efeda14f27d83e3c6995b (commit)
via 5541ca3faf4e0100cd64e79022d4c0a4eed658fd (commit)
via 09901bae0a8cffdd9f8d77eaac6a1c114723e32b (commit)
via 0739ae938f1881cb863018e2230e0f523f073005 (commit)
via a3170662bf8943b57a1bbbe0b86ec4a1eb954802 (commit)
via 32f722f9c831bc037f10e069a3c44d3e3b3e5c66 (commit)
via 37174e29de670a33f9be4b90c88b0a96c695dad1 (commit)
via 76ea485d9edb781328e307c68b1f878d933408e5 (commit)
via 08ddf896561c7733a17491d175dd6bda00e775e3 (commit)
via b611b775dd1780cb59c8fde77f7ebb8722b79ecd (commit)
via d312592b00270f972b60a648b431f074f0b1ebf1 (commit)
via 5a1c02df8973b3acc5c3101a94e86fe6df4b43b6 (commit)
via 1f2bb86219bb57718b9a666f9c5b14b2c44f98a3 (commit)
via d6868ae94c63d0f708985e6bb6604a4bd40cf1a8 (commit)
via 27e9dcc159247d55e369b3cbf6b826168fda38f6 (commit)
via 397e0c527192382ed628df6d8ec767fef2240a54 (commit)
via 35afcd212ef33f091a6a36e8dd3b092da2613d59 (commit)
via 6d8483a793bd720bdf183b2eaa43fdd5bf0402c0 (commit)
via fadf9488c4ad2dcee9060240dabafe49fa74b154 (commit)
via 76db32dd47b45947905ecb28475accfae848919e (commit)
via e5604dafcd5fe74af8a116bb5c26d36d268d9490 (commit)
via 63a1468e907c6cf8d469df560f04d656c03d0c70 (commit)
via 593481a6b3b613dcabff936f2c9fedb87f778900 (commit)
via 85ec8363a873100fc1bb49e3c01f9f63bf97c6e1 (commit)
via 31a21c9974b82fb266ddea3320be69de32628d9b (commit)
via 95bf26599d97d98ece3886fe69ccf898f19b298f (commit)
via f552e23da404adf4555299c887a0279016323df4 (commit)
via eb47427429e5518385344c2fa262948b0b0e659a (commit)
via 89b976e9a7e4da13b82de4aadadb63ffaf3031a6 (commit)
via f0a4cae5e82fe9011d41a17d359419b528c80415 (commit)
via 5ca419c7fff709bf33b7a23d75632129590ef5be (commit)
via cb7e2a7d908f0db7201f2b3d7c4fded3caba8586 (commit)
via 4846ff3a1091f280f3fdabbfdd898adfeff80e87 (commit)
via ca479eb8bfdd6d1c154c8bea1b823fd940727533 (commit)
via b526e4998161c217ac0af88ad616e32bdac314c7 (commit)
via 4981916fd955d0fc7a9008352d3a4bec1a498cdd (commit)
via 2406a4cfe573cdc926e14150522578d861e4c240 (commit)
via ff9ccfa8d75871f96d43501f4536590c680429d7 (commit)
via 0cf51b17e97c93e988c52cc3462061e085facc3c (commit)
via 5eb7d41133f3b8a74f38f3b2ab01ccb8c34ae0f1 (commit)
via 303f811025b6d2672b8535d63b039e2d76a2260a (commit)
via c0cddfa6feb95c13cdd84ea68253c5f025801d45 (commit)
via 21001812389666836552bc193248cb2ffc3a76b6 (commit)
via f84c7d0bdac38fb6ed7105a21c1f2422ddbcd656 (commit)
via d11f9d75b002b8395fe094b0beaf2bb4c2e2e0ed (commit)
via 4e83b78e86b12ec418e872cae7f162b9548c3a59 (commit)
via a77882639e42e40deea0ea2e811ed0644f51ebe7 (commit)
via 3eba8076012f79da1bda90995afc88bce569a060 (commit)
via 6a760ba418e6701b584ca80a6cd834e014397929 (commit)
via cc203a41265c8ec5564be204293cf86ac9533e81 (commit)
via eefe8bcdec7095331044488aab4bf6b7a711d765 (commit)
via e44e1be465cab81a37bab7aa9ecb301b105633ee (commit)
via 283238d66fa69b3a5198b2ac7a0539f6a678ce4c (commit)
via 0b4c2c3799fdfc8cfbb67888f6a0f7a21869d826 (commit)
via c5606af3e5ecb3a968df2a48ea10c7811760241d (commit)
via b57617edafdfa2fd057c5902ed3b5f9dc6558ec5 (commit)
via 16c94e73c70da3cf6446b2bf80fa306e51ded53c (commit)
via 26d6b4cd89621cb1552871be0b14a1b59584c82b (commit)
via 1425014380d4118bba7b4ffe1f41691a2af7a3b0 (commit)
via 3cfb59a767313f65fdaa8d18a9df12ffaec6129c (commit)
via 7f79f01123992781788ab7b5eac12794fa21143a (commit)
via 44cf6442d2d2608e081dee552b0d4778586125fd (commit)
via 06df633c86eabbfa40fe36c508bef8963f3f006f (commit)
via d9d98b678b5207856d7383c3f097eb30910df61b (commit)
via c5af1d851cb3963441b43785b17c335d328d763e (commit)
via d408b1a8e717ed0387366c254a0a637c635e8a2c (commit)
via 8d26760ce43686485cc9db595f2efa9a9a5c3302 (commit)
via 4fe654d7704499063ec6d766faf3249149cac7a3 (commit)
via c25e3d6a1924448fa988de0118b802b7de0a0405 (commit)
via 6d3c91bc7a7c9aa84631ca8b90dc5cda63c0ec5a (commit)
via 83e6991be967ceaaa8d61167c533636f35d6a498 (commit)
via a5b7858c705cf7bdd37a32b2add8a9ffe3e42342 (commit)
via fdfec12a5f272c8f960f3fcbc4af356f80fc1b9a (commit)
via 06dbc836a47160d51ab10f8b9d4ca356beaa7cdb (commit)
via fc32e7b9147d2eeeb6e2bc1497859fb050001eb5 (commit)
via b78ba3624f0a11c060ad06dbd65741b82684d93e (commit)
from f0c8d0eb9a4121b15e28a663bf65d22b8eaed9b0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3757b8ef10377e422f2c7b98d34f728ab0977809
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 15:00:39 2025 +0000
core195: Ship OpenSSL
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c1f13252d063b374039bc80c12d60b389a75befd
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:54 2025 +0200
openssl: Update to version 3.5.0
- Update from version 3.4.1 to 3.5.0
- Update of rootfile
- The changelog mentions some potentially significant or incompatible changes. From the
description they don't seem to be ones that would not work with IPFire but I will
look at evaluating the new version in my vm testbed and reporting back.
- Changelog
3.5.0
This release incorporates the following potentially significant or incompatible
changes:
Default encryption cipher for the req, cms, and smime applications
changed from des-ede3-cbc to aes-256-cbc.
The default TLS supported groups list has been changed to include and
prefer hybrid PQC KEM groups. Some practically unused groups were removed
from the default list.
The default TLS keyshares have been changed to offer X25519MLKEM768 and
and X25519.
All BIO_meth_get_*() functions were deprecated.
This release adds the following new features:
Support for server side QUIC (RFC 9000)
Support for 3rd party QUIC stacks including 0-RTT support
Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
A new configuration option no-tls-deprecated-ec to disable support for
TLS groups deprecated in RFC8422
A new configuration option enable-fips-jitter to make the FIPS provider
to use the JITTER seed source
Support for central key generation in CMP
Support added for opaque symmetric key objects (EVP_SKEY)
Support for multiple TLS keyshares and improved TLS key establishment group
configurability
API support for pipelining in provided cipher algorithms
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 66eac1139047efaf5619dcf562807b12c4a2a126
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 15:00:02 2025 +0000
core195: Ship OpenSSH
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1f1755aae03cd18dc2c54d550151a9406c2acb2b
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:53 2025 +0200
openssh: Update to version 10.0p1
- Update from version 9.9p2 to 10.0p1
- Update of rootfile
- There is a security fix in this version that openssh have described as minor.
- From this version onwards the default key agreement used is the hybrid post-quantum
algorithm - mlkem768x25519-sha256
- Changelog
10.0p1
Potentially-incompatible changes
* This release removes support for the weak DSA signature
algorithm, completing the deprecation process that began in
2015 (when DSA was disabled by default) and repeatedly warned
over the last 12 months.
* scp(1), sftp(1): pass "ControlMaster no" to ssh when invoked by
scp & sftp. This disables implicit session creation by these
tools when ControlMaster was set to yes/auto by configuration,
which some users found surprising. This change will not prevent
scp/sftp from using an existing multiplexing session if one had
already been created. GHPR557
* This release has the version number 10.0 and announces itself
as "SSH-2.0-OpenSSH_10.0". Software that naively matches
versions using patterns like "OpenSSH_1*" may be confused by
this.
* sshd(8): this release removes the code responsible for the
user authentication phase of the protocol from the per-
connection sshd-session binary to a new sshd-auth binary.
Splitting this code into a separate binary ensures that the
crucial pre-authentication attack surface has an entirely
disjoint address space from the code used for the rest of the
connection. It also yields a small runtime memory saving as the
authentication code will be unloaded after the authentication
phase completes. This change should be largely invisible to
users, though some log messages may now come from "sshd-auth"
instead of "sshd-session". Downstream distributors of OpenSSH
will need to package the sshd-auth binary.
* sshd(8): this release disables finite field (a.k.a modp)
Diffie-Hellman key exchange in sshd by default. Specifically,
this removes the "diffie-hellman-group*" and
"diffie-hellman-group-exchange-*" methods from the default
KEXAlgorithms list. The client is unchanged and continues to
support these methods by default. Finite field Diffie Hellman
is slow and computationally expensive for the same security
level as Elliptic Curve DH or PQ key agreement while offering
no redeeming advantages. ECDH has been specified for the SSH
protocol for 15 years and some form of ECDH has been the default
key exchange in OpenSSH for the last 14 years.
* sshd(8): this release removes the implicit fallback to compiled-
in groups for Diffie-Hellman Group Exchange KEX when the moduli
file exists but does not contain moduli within the client-
requested range. The fallback behaviour remains for the case
where the moduli file does not exist at all. This allows
administrators more explicit control over which DH groups will
be selected, but can lead to connection failures if the moduli
file is edited incorrectly. bz#2793
Security
* sshd(8): fix the DisableForwarding directive, which was failing
to disable X11 forwarding and agent forwarding as documented.
X11 forwarding is disabled by default in the server and agent
forwarding is off by default in the client.
New features
* ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256
is now used by default for key agreement. This algorithm is
considered to be safe against attack by quantum computers,
is guaranteed to be no less strong than the popular
curve25519-sha256 algorithm, has been standardised by NIST
and is considerably faster than the previous default.
* ssh(1): prefer AES-GCM to AES-CTR mode when selecting a cipher
for the connection. The default cipher preference list is now
Chacha20/Poly1305, AES-GCM (128/256) followed by AES-CTR
(128/192/256).
* ssh(1): add %-token and environment variable expansion to the
ssh_config SetEnv directive.
* ssh(1): allow %-token and environment variable expansion in
the ssh_config User directive, with the exception of %r and %C
which would be self-referential. bz#3477
* ssh(1), sshd(8): add "Match version" support to ssh_config and
sshd_config. Allows matching on the local version of OpenSSH,
e.g. "Match version OpenSSH_10.*".
* ssh(1): add support for "Match sessiontype" to ssh_config.
Allows matching on the type of session initially requested,
either "shell" for interactive sessions, "exec" for command
execution sessions, "subsystem" for subsystem requests, such as
sftp, or "none" for transport/forwarding-only sessions.
* ssh(1): add support for "Match command ..." support to
ssh_config, allowing matching on the remote command as specified
on the command-line.
* ssh(1): allow 'Match tagged ""' and 'Match command ""' to match
empty tag and command values respectively.
* sshd(8): allow glob(3) patterns to be used in sshd_config
AuthorizedKeysFile and AuthorizedPrincipalsFile directives.
bz2755
* sshd(1): support the VersionAddendum in the client, mirroring
the option of the same name in the server; bz2745
* ssh-agent(1): the agent will now delete all loaded keys when
signaled with SIGUSR1. This allows deletion of keys without
having access to $SSH_AUTH_SOCK.
* Portable OpenSSH, ssh-agent(1): support systemd-style socket
activation in ssh-agent using the LISTEN_PID/LISTEN_FDS
mechanism. Activated when these environment variables are set,
the agent is started with the -d or -D option and no socket path
is set. GHPR502
* ssh-keygen(1): support FIDO tokens that return no attestation
data, e.g. recent WinHello. GHPR542
* ssh-agent(1): add a "-Owebsafe-allow=..." option to allow the
default FIDO application ID allow-list to be overridden.
* Add a work-in-progress tool to verify FIDO attestation blobs
that ssh-keygen can optionally write when enrolling FIDO keys.
This tool is available under regress/misc/ssh-verify-attestation
for experimentation but is not installed by "make install".
* ssh-keygen(1): allow "-" as output file for moduli screening.
GHPR393
Bugfixes
* sshd(8): remove assumption that the sshd_config and any configs
it includes can fit in a (possibly enlarged) socket buffer.
Previously it was possible to create a sufficiently large
configuration that could cause sshd to fail to accept any
connection. sshd(8) will now actively manage sending its config
to the sshd-session sub-process.
* ssh(1): don't start the ObscureKeystrokeTiming mitigations if
there has been traffic on a X11 forwarding channel recently.
Should fix X11 forwarding performance problems when this setting
is enabled. bz3655
* ssh(1): prohibit the comma character in hostnames accepted, but
allow an underscore as the first character in a hostname.
* sftp(1): set high-water when resuming a "put". Prevents bogus
"server reordered acks" debug message.
* ssh(1), sshd(8): fix regression in openssh-9.8, which would fail
to accept "Match criteria=argument" as well as the documented
"Match criteria argument" syntax in ssh_config and sshd_config.
bz3739
* sftp(1), ssh(1): fix a number possible NULL dereference bugs,
including Coverity CIDs 405019 and 477813.
* sshd(8): fix PerSourcePenalty incorrectly using "crash" penalty
when LoginGraceTime was exceeded. bz3797
* sshd(8): fix "Match invalid-user" from incorrectly being
activated in initial configuration pass when no other predicates
were present on the match line
* sshd(8): fix debug logging of user specific delay. GHPR#552
* sshd(8): improve debug logging across sub-process boundaries.
Previously some log messages were lost early in the sshd-auth and
sshd-session processes' life.
* ssh(1): require control-escape character sequences passed via
the '-e ^x' command-line to be exactly two characters long. Avoids
one byte out-of-bounds read if ssh is invoked as "ssh -e^ ..."
GHPR368
* ssh(1), sshd(8): prevent integer overflow in x11 port handling.
These are theoretically possible if the admin misconfigured
X11DisplayOffset or the user misconfigures their own $DISPLAY,
but don't happen in normal operation. bz#3730
* ssh-keygen(1): don't mess up ssh-keygen -l output when the file
contains CR characters; GHPR236 bz3385.
* sshd(8): add rate limits to logging of connections dropped by
PerSourcePenalties. Previously these could be noisy in logs.
* ssh(1): fix argument of "Compression" directive in ssh -G config
dump, which regressed in openssh-9.8.
* sshd(8): fix a corner-case triggered by UpdateHostKeys when sshd
refuses to accept the signature returned by an agent holding host
keys during the hostkey rotation sub-protocol. This situation
could occur in situations where a PKCS#11 smartcard that lacked
support for particular signature algorithms was used to store
host keys.
* ssh-keygen(1): when using RSA keys to sign messages with
"ssh-keygen -Y", select the signature algorithm based on the
requested hash algorithm ("-Ohashalg=xxx"). This allows using
something other than the default of rsa-sha2-512, which may not
be supported on all signing backends, e.g. some smartcards only
support SHA256.
* ssh(1), sshd(8), ssh-keyscan(1): fix ML-KEM768x25519 KEX on
big-endian systems.
* Many regression and interop test improvements.
Portability
* All: add support for AWS-LC (AWS libcrypto). bz3784
* sshd(8): add wtmpdb support as a Y2038 safe wtmp replacement.
* sshd(8): add support for locking sshd into memory, enabled with
the --with-linux-memlock-onfault configure flag.
* Add support for building a standalone sk-libfido2 library,
enabled by --with-security-key-standalone
* ssh(1), sshd(8), ssh-keyscan(1): include __builtin_popcount
replacement function. for compilers that lack it.
* All: Check for and replace le32toh, le64toh, htole64 separately.
It appears that at least some versions of endian.h in glibc do
not have the latter two. bz#3794
* Remove ancient RHL 6.x config in RPM spec.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7d6b92e10d604050b22cb4f9823df13f8df15215
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:51 2025 +0200
nano: Update to version 8.4
- Update from version 8.3 to 8.4
- Update of rootfile not required
- Changelog
8.4
• Bracketed pastes over a slow connection are more reliable.
• Tabs in an external paste at a prompt are not dropped.
• Feedback occurs when the cursor sits on a Byte Order Mark.
• The Execute prompt is more forgiving of a typo.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9e3eebb4ef732acb81b9039a9d6983b5f59fcf9a
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:52 2025 +0200
nfs: Update to version 2.8.3
- Update from version 2.8.2 to 2.8.3
- Update of rootfile not required
- Changelog is just a list of the commits and is over 500 lines long. The details can be
found in the changelog at https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.3/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ab7944fceb9138fb3ec66c02d1573f99a853d0b8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 14:58:34 2025 +0000
core195: Ship libgpg-error
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1a0cbc236b0e51399de495b582813acf5b39a9f4
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:50 2025 +0200
libgpg-error: Update to version 1.54
- Update from version 1.51 to 1.54
- Update of rootfile
- Changelog
1.54
* Fix a regression in 1.52 which did not allow to open UNC
specified files on Windows. [rE28ae4ee194]
* Ignore log file specification from the Registry in the gpg-error
tool.
1.53
* Fix regression in 1.52.
1.52
* The KEY_WOW64_xxKEY flags can now be passed to the Registry read
functions. [rE652328c786]
* In the spawn functions care about closefrom/close call is
interrupted. [T7478]
* New command --getreg for gpg-error on Windows. [rE652328c786]
* New simple string list API. [rE47097806f1]
* New API for name value files. [rE7ec1f27b60]
* Add a Windows Registry emulation for Unix. [rE9864dd4d66]
* Interface changes relative to the 1.51 release:
gpgrt_w32_reg_query_string NEW (Windows only).
gpgrt_strlist_t NEW type.
gpgrt_strlist_free NEW.
gpgrt_strlist_add NEW.
gpgrt_strlist_tokenize NEW.
gpgrt_strlist_copy NEW.
gpgrt_strlist_rev NEW.
gpgrt_strlist_prev NEW.
gpgrt_strlist_last NEW.
gpgrt_strlist_pop NEW.
gpgrt_strlist_find NEW.
GPGRT_STRLIST_APPEND NEW const.
GPGRT_STRLIST_WIPE NEW const.
gpgrt_nvc_t NEW type.
gpgrt_nve_t NEW type.
gpgrt_nvc_new NEW.
gpgrt_nvc_release NEW.
gpgrt_nvc_get_flag NEW.
gpgrt_nvc_add NEW.
gpgrt_nvc_set NEW.
gpgrt_nve_set NEW.
gpgrt_nvc_delete NEW.
gpgrt_nvc_lookup NEW.
gpgrt_nvc_parse NEW.
gpgrt_nvc_write NEW.
gpgrt_nve_next NEW.
gpgrt_nve_name NEW.
gpgrt_nve_value NEW.
gpgrt_nvc_get_string NEW.
gpgrt_nvc_get_bool NEW.
GPGRT_NVC_WIPE NEW const.
GPGRT_NVC_PRIVKEY NEW const.
GPGRT_NVC_SECTION NEW const.
GPGRT_NVC_MODIFIED NEW const.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f82f3234ab37ab0bef908d2550d3b17da105d5c1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 14:58:17 2025 +0000
core195: Ship libffi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d4bf67e28f75d82e6873700d2f89b5a61ece0b00
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:49 2025 +0200
libffi: Update to version 3.4.8
- Update from version 3.4.7 to 3.4.8
- Update of rootfile not required
- Changelog
3.4.8
aarch64: add PAC to GNU Notes by @billatarm in #882
MIPS: Dont import asm/sgidefs.h on linux by @fossdd in #885
Update the Simple Example from the Docs to fix a compile error by
@Nikitf777 in #886
Fix bugs in the x86-64 and x32 target (#887) by @mikulas-patocka in #889
Add the "ABI_ATTR" attribute to called functions (#891) by @mikulas-patocka
in #892
powerpc: Add static trampoline support (#894) by @peter-bergner in #895
testsuite: add two tests to Makefile.am by @thesamesam in #893
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 38e463f7b6692c3ea88c0d384d4d390136c91a2f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 14:57:55 2025 +0000
core195: Ship libcap
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e5ee56f677e12873754589ac19669bffbfa8fe42
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:48 2025 +0200
libcap: Update to version 2.76
- Update from version 2.75 to 2.76
- Update of rootfile
- Changelog
2.76
More libpsx and psx Go package mechanism fixes (many thanks to Christial
Kastner for helping dive into the off-piste architectures. See Bug 219915.)
Address an arm64 (aarch64) libpsx issue seen with Tracee.
(Tagged psx/v1.2.76-rc1)
Note, 2.75 should have fixed the tracee issue 4678 but the above
issue emerged from their extensive testing. Thanks to Gregório G.
for reporting the observed failure details.
More architectures supported: of the many architectures Debian builds
for, we think only alpha and sparc64 have problems. Unable to
construct qemu-*-system images with which to debug these. If anyone
has a recipe for that that works for Fedora as a base platform,
please provide details...
To make the various .so files continue to be runnable as standalone
programs added another workaround for glibc. (Bug 219880 reported by
Christian Kastner.)
_IO_stdin_used needs to be weekly defined to make puts() and friends
work. Also updated the Stackoverflow answer to include that detail.
Made a new man page cap_text_formats(7). This makes it possible to
separate the tool man pages from the developer man pages. I believe this
was the second time this was requested, by Carlos Rodriguez-Fernandez
this time (can't find the former request in my email).
Some man page cross linking fixes as well.
Dropped Make.Rules definition of SYSTEM_HEADERS Thanks to Ross Burton for
reporting.
Removed a spurious debugging printf() from setcap tool.
Removed cap_ workarounds for go.dev cap package examples. The website bugs
have been resolved: go/issues/70611; go/issues/70630.
Added a Makefile to the contrib/seccomp example.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 981a5756fdbf9d099e16e358bc5ac206db1229dc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 14:57:33 2025 +0000
core195: Ship btrfs-progs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit cf56de7a94e5007bce8eaa37cc5a4929a13ff45e
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:44 2025 +0200
btrfs-progs: Update to version 6.14
- Update from version 6.13 to 6.14
- Update of rootfile not required
- Changelog
6.14
* mkfs:
* allow --sectorsize to be 2K for testing purposes of subpage mode (needs
the same block size supported by kernel)
* fix false error when no compression is requested and lzo is not
compiled in
* convert: support 2K block size in the source filesystem
* defrag: new parameter -L/--level to specify compression levels (kernel 6.15),
also supports the realtime levels
* subvol delete: show names of recursively deleted child subvolumes
* qgroup show: use sysfs to detect up to date consistency status
* zoned mode: support zone capacity tracking
* other:
* CI new and updated workflows
* documentation updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit cca29326abd3e2fba6e6fc40c33e82a1ad001e9b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 14:56:53 2025 +0000
core195: Ship fontconfig
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 406ab3f286dd6ed8427f29534f686ddaeefe6e80
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:46 2025 +0200
fontconfig: Update to version 2.16.2
- Update from version 2.16.0 to 2.16 2
- Update of rootfile
- Default build system has been moved from autotools to meson. Autotools will likely be
removed in next version.
- Changelog
2.16.2
meson: do not require libintl if nls feature is disabled
ci: Add back Android build in a common way
ci: drop Language to make sure they are applied as default style
ci: Change the default build system to meson
ci: Stop on fail anyway
ci: default to clean-build
ci: detect OS from os-release if no FC_DISTRO_NAME is set
ci: add missing dependency of pytest
ci: Set more timeout for pytest
ci: fix too many open files on test
ci: add missing dependency of requests
meson: Use Requires.private instead of Requires
Upgrade bindgen in Fontations enabled Rust builds
[Fontations] Add internal PatternBuilder abstraction
meson: don't force build of a shared library
meson.build: define a 'c' standard for the project (C99 and C11)
2.16.1
meson: create fc_cachedir at the installation time
meson: set WORDS_BIGENDIAN
ci: get back MinGW build to rawhide
meson: make sure config.h contains config-fixups.h for OSX
Reformatting with clang-format
ci: Add a workflow to check the coding style
ci: workaround conflict between systemd and systemd-standalone-sysusers
conf.d: Add Adwaita Sans as system-ui
ci: disable job tentatively
ci: Add a release workflow
[Fontations] Allow linkage to internals in tests
meson.build: explicitly check for pthread support
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 553867681e73a487b59cc85327979b7f4d3049f0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 14:56:28 2025 +0000
core195: Ship coreutils
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 62bf01529bda71007f08827ae4c25684ebc31ef3
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:45 2025 +0200
coreutils: Update to version 9.7
- Update from version 9.5 to 9.7
- Update of rootfile not required
- Changelog
9.7
** Bug fixes
'cat' would fail with "input file is output file" if input and
output are the same terminal device and the output is append-only.
[bug introduced in coreutils-9.6]
'cksum -a crc' misbehaved on aarch64 with 32-bit uint_fast32_t.
[bug introduced in coreutils-9.6]
dd with the 'nocache' flag will now detect all failures to drop the
cache for the whole file. Previously it may have erroneously succeeded.
[bug introduced with the "nocache" feature in coreutils-8.11]
'ls -Z dir' would crash on all systems, and 'ls -l' could crash
on systems like Android with SELinux but without xattr support.
[bug introduced in coreutils-9.6]
`ls -l` could output spurious "Not supported" errors in certain cases,
like with dangling symlinks on cygwin.
[bug introduced in coreutils-9.6]
timeout would fail to timeout commands with infinitesimal timeouts.
For example `timeout 1e-5000 sleep inf` would never timeout.
[bug introduced with timeout in coreutils-7.0]
sleep, tail, and timeout would sometimes sleep for slightly less
time than requested.
[bug introduced in coreutils-5.0]
'who -m' now outputs entries for remote logins. Previously login
entries prefixed with the service (like "sshd") were not matched.
[bug introduced in coreutils-9.4]
** Improvements
'logname' correctly returns the user who logged in the session,
on more systems. Previously on musl or uclibc it would have merely
output the LOGNAME environment variable.
9.6
** Bug fixes
cp fixes support for --update=none-fail, which would have been
rejected as an invalid option.
[bug introduced in coreutils-9.5]
cp,mv --update no longer overrides --interactive or --force.
[bug introduced in coreutils-9.3]
csplit no longer creates empty files given empty input.
[This bug was present in "the beginning".]
ls and printf fix shell quoted output in the edge case of escaped
first and last characters, and single quotes in the string.
[bug introduced in coreutils-8.26]
ls -l no longer outputs "Permission denied" errors on NFS
which may happen with files without read permission, and which resulted
in inaccurate indication of ACLs (missing '+' flag after mode).
[bug introduced in coreutils-9.4]
ls -l no longer outputs "Not supported" errors on virtiofs.
[bug introduced in coreutils-9.4]
mv works again with macFUSE file systems. Previously it would
have exited with a "Function not implemented" error.
[bug introduced in coreutils-8.28]
nproc gives more consistent results on systems with more than 1024 CPUs.
Previously it would have ignored the affinity mask on such systems.
[bug introduced with nproc in coreutils-8.1]
numfmt --from=iec-i now works with numbers without a suffix.
Previously such numbers were rejected with an error.
[bug introduced with numfmt in coreutils-8.21]
printf now diagnoses attempts to treat empty strings as numbers,
as per POSIX. For example, "printf '%d' ''" now issues a diagnostic
and fails instead of silently succeeding.
[This bug was present in "the beginning".]
pwd no longer outputs an erroneous double slash on systems
where the system getcwd() was completely replaced.
[bug introduced in coreutils-9.2]
'shuf' generates more-random output when the output is small.
[bug introduced in coreutils-8.6]
`tail --follow=name` no longer waits indefinitely for watched
file names that are moved elsewhere within the same file system.
[bug introduced in coreutils-8.24]
`tail --follow` without --retry, will consistently exit with failure status
where inotify is not used, when all followed files become inaccessible.
[This bug was present in "the beginning".]
`tail --follow --pid=PID` will now exit when the PID dies,
even in the presence of blocking inputs like unopened fifos.
[This bug was present in "the beginning".]
'tail -c 4096 /dev/zero' no longer loops forever.
[This bug was present in "the beginning".]
** Changes in behavior
'factor' now buffers output more efficiently in some cases.
install -C now dereferences symlink sources when comparing,
rather than always treating as different and performing the copy.
kill -l and -t now list signal 0, as it's a valid signal to send.
ls's -f option now simply acts like -aU, instead of also ignoring
some earlier options. For example 'ls -fl' and 'ls -lf' are now
equivalent because -f no longer ignores an earlier -l. The new
behavior is more orthogonal and is compatible with FreeBSD.
stat -f -c%T now reports the "fuseblk" file system type as "fuse",
given that there is no longer a distinct "ctl" fuse variant file system.
** New Features
cksum -a now supports the "crc32b" option, which calculates the CRC
of the input as defined by ITU V.42, as used by gzip for example.
For performance pclmul instructions are used where supported.
ls now supports the --sort=name option,
to explicitly select the default operation of sorting by file name.
printf now supports indexed arguments, using the POSIX:2024 specified
%<i>$ format, where '<i>' is an integer referencing a particular argument,
thus allowing repetition or reordering of printf arguments.
test supports the POSIX:2024 specified '<' and '>' operators with strings,
to compare the string locale collating order.
timeout now supports the POSIX:2024 specified -f, and -p short options,
corresponding to --foreground, and --preserve-status respectively.
** Improvements
cksum -a crc, makes use of AVX2, AVX512, and ARMv8 SIMD extensions
for time reductions of up to 40%, 60%, and 80% respectively.
'head -c NUM', 'head -n NUM', 'nl -l NUM', 'nproc --ignore NUM',
'tail -c NUM', 'tail -n NUM', and 'tail --max-unchanged-stats NUM’
no longer fail merely because NUM stands for 2**64 or more.
sort operates more efficiently when used on pseudo files with
an apparent size of 0, like those in /proc.
stat and tail now know about the "bcachefs", and "pidfs" file system types.
stat -f -c%T now reports the file system type,
and tail -f uses inotify for these file systems.
wc now reads a minimum of 256KiB at a time.
This was previously 16KiB and increasing to 256KiB was seen to increase
wc -l performance by about 10% when reading cached files on modern systems.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1ae53a882e5e935c45e63dec707f8b7bc342f022
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:43:43 2025 +0200
alsa: Update to version 1.2.14
- Update from version 1.2.13 to 1.2.14
- alsa-lib, alsa-utils and alsa-ucm-conf all updated to that new version.
- Update of rootfile
- Changelog
1.2.14
alsa-lib
Core
Delete alsalisp code
include: prefer alsa/asoundlib.h for apps, dependency cleanups
seq: Define new events for UMP EP/FB change notifications
configure: Make sequencer dependent on rawmidi
src/Versions.in.in: Update *_tempo_base name
Config API
include: prefer alsa/asoundlib.h for apps, dependency cleanups
Control API
control: remap - improve sync feature
control: remap - add sync feature
control: remap - separate event handling from map (preparation for sync)
control: remap - add possibility to remap multiple source channels
include: prefer alsa/asoundlib.h for apps, dependency cleanups
PCM API
pcm: hw: do not reset tstamp_type in SND_PCM_APPEND mode (#2)
pcm: hw: fix default timestamp type for O_APPPEND
pcm: hw: do not reset tstamp_type in SND_PCM_APPEND mode
pcm: fix minor typos in doc
RawMidi API
rawmidi: ump - fix snd_ump_block_info_set_block_id double version #2
rawmidi: Extensions for tied device and substream inactive flag
rawmidi: ump - fix snd_ump_block_info_set_block_id double version
rawmidi: ump - fix snd_ump_block_info_get_block_id double version
Rawmidi API
rawmidi: Make rawmidi flag bits doxygen-style comments
rawmidi: Extensions for tied device and substream inactive flag
Sequencer API
seq: update_group_ports - rewrite blknames update
ALSA: seq: Use SND_* instead of SNDRV_*
ALSA: seq: Add missing UMP EP cap bit at snd_seq_create_ump_endpoint()
seq: shuffle calloc arguments in snd_seq_hw_open (gcc warning)
seq: add more checks to snd_seq_hw_set_client_info for older kernels
seq: Fix typo of the group number in snd_seq_create_ump_endpoint()
seq: Fix bogus return of snd_seq_client_info_get_ump_conversion()
seq: seq.c - fix calloc arguments
seq: seqmid - fix info->name is always true error
seq: Define new events for UMP EP/FB change notifications
seq: include UMP headers
Use Case Manager API
ucm: do not bump syntax version to 8
ucm: add '${LibCaps}' substitution
ucm: remove @@LibraryVersion and @@SyntaxVersion variables
ucm: format @@SyntaxVersion to 4 digits
ucm: enhance documentation (sys-card + ranges + more)
ucm: add @@LibraryVersion and @@SyntaxVersion variables
ucm: add sys-card substitution
/Makefile.am
Delete alsalisp code
/include/Makefile.am
Delete alsalisp code
include: prefer alsa/asoundlib.h for apps, dependency cleanups
ALSA Lisp
Delete alsalisp code
Documentation
doc: fix permissions
External PCM Filter Plugin SDK
include: pcm extplug/ioplug: fix internal include
External PCM I/O Plugin SDK
include: pcm extplug/ioplug: fix internal include
Kernel Headers
Sync UAPI asequencer.h with 6.14 kernel
Sync UAPI asound.h with 6.14 kernel
MIDI 2.0 (UMP)
include/ump_msg.h: Fix endianness detection
seq: include UMP headers
Test/Example code
test/playmidi1: fix compilation caused by conflict between midifile.h and
ump_msg.h
Utils
utils: add missing alsa-topology.pc.in to EXTRA_DIST
alsa-utils
Core
axfer, topology: use only <alsa/asoundlib.h> include instead specific
alsa-lib headers
ALSA Control (alsactl)
alsactl: info - handle situations when devices are not available in kernel
alsactl: info - print errors for next_device calls
Remove trailing spaces in man pages
alsactl: 90-alsa-restore.rules - fix AMD acp-pdm-mach link
alsactl: 90-alsa-restore.rules - fix alsa_restore_go/std
Audio Transfer utility
axfer, topology: use only <alsa/asoundlib.h> include instead specific
alsa-lib headers
alsa-info.sh
alsa-info: move man page to section 8 (administration commands)
alsa-info.sh: Add alsa-ucm package to package filter
alsatplg (topology)
Topology: NHLT: Intel: Improve error message for DMIC enable conflict
Topology: NHLT: Intel: Fix mono DMIC configure for MTL platform
axfer, topology: use only <alsa/asoundlib.h> include instead specific
alsa-lib headers
Topology: NHLT: Intel: Fix DMA slots config in SSP blob
amixer
amixer: fix unknown TVL sequence print
aplay/arecord
Remove trailing spaces in man pages
aplaymidi/arecordmidi
Remove trailing spaces in man pages
aplaymidi2/arecordmidi2 (MIDI v2.0)
arecordmidi2: fix unitialization variable error in read_ump_raw()
aseqdump
aseqdump: Fix typos in messages
alsa-ucm-conf
Core
github: use ucm-validator2, use actions/checkout@v4
Configuration
USB-Audio: Add support of HyperX SoloCast (USB ID 03f0:0b8b)
ucm2: Qualcomm: add Asus Zenbook A14
ucm2: Qualcomm: add Lenovo ThinkBook 16 support
ucm2: Qualcomm: add HP Omnibook X14 support
USB-Audio: Add focusrite scarlett 18i20 lineup
USB-Audio: Add Roland BridgeCast One
sof-soundwire: cs42l43: Switch mixer based on output volume
ucm2: sof-soundwire: Correct include file path for dsp.conf
USB-Audio: ALC4080 - add rear microphone support for 0414:a014 (Gigabyte
Aorus Pro)
sof-soundwire: Add LED support for cs35l56 amplifiers
sof-soundwire: cs42l43: Drop headset mic from mic mute LED
HDA: mics - don't create conflict link for Headphone Mic
HDA: mics - improve the Jack selection
HDA: mics - prefer 'Mic Jack' instead 'Headphone Jack'
USB-Audio: ALC4080 - add support for ASUS B850-I (USB ID 0b05:1be1)
sof-hda-dsp: Use common HDA initialization from /HDA/init.conf
HDA: move led.conf include to more appropriate place
ucm2: Qualcomm: fix typo in Lenovo T14s matching
sof-soundwire: rt1318: add playback control switch
ucm2: Qualcomm: add Lenovo Yoga Slim7x support
ucm2: Qualcomm: add Lenovo T14s support
ucm2: MediaTek: mt8390-evk: Add support for SOF
Torradex: replace spaces with tabs when appropriate
Torradex: fix wrong device names Headphone/Microphone
USB-Audio: Add support for RME Fireface UCX II
Qualcomm: Add QCS6490 RB3Gen2 HiFi config
Qualcomm: Add QCM6490 IDP HiFi config
ucm2: IO-Boards: Toradex: verdin: Add support for Toradex
ucm2: IO-Boards: Toradex: verdin: Add support for Toradex
ucm2: NXP: iMX6: Toradex: colibri-imx6: Add support for
ucm2: NXP: iMX7: Toradex: colibri-imx7: Add support for
ucm2: NXP: iMX8X: Toradex: colibri-imx8x: Add support for
ucm2: NXP: iMX6: Toradex: apalis-imx6: Add support for
ucm2: NXP: iMX8: Toradex: apalis-imx8: Add support for
ucm2: IO-Boards: Toradex: apalis: Add support for Toradex
USB-Audio: add Roland Quad-Capture support
ucm2: HDA - remove HDA-Capture-value.conf and put contents directly to
HDACaptureDevice macro
ucm2: HDA: HiFi-analog/mic: Refactor the analog mic discovery
GoXLR: Add 'Broadcast Stream Mix 2' to Capture if channels
use SetLED in rt1318 init configuration
Turn speaker LED accroding to rt1318 speaker status
ucm2: use new SetLED macro to hide the implementation details
common: add led.conf with SetLED macro to hide implementation details
USB-Audio: Add support for TASCAM Model 12
UCM2: Blobs: SOF: Cleanup blob names from .blob to .bin
USB-Audio: alc4080: Add MSI PRO B650-A WIFI USB ID 0db0:9e6d
USB-Audio: Improve support for Focusrite 4th Gen devices
USB-Audio: GoXLR - fix the channel detection for mini, cleanups
USB-Audio: set capture channels to 4 in UR22C-HiFi.conf
sof-soundwire: Fix cs42l43 dmic initialisation
sof-soundwire: Split cs42l43 dmic initialisation
ucm2: add mt8183_mt6358_ts3a227_max98357
ucm2: add mt8183_da7219_rt1015p
ucm2: add acp3x-alc5682-alc1015
DEBUG.md: add "Logs from PipeWire (wireplumber)" section
USB-Audio: Revelator-IO-44-HiFi - fix device names (validator)
Rename ucm2/AMD/acp3xalc5682m98 to ucm2/AMD/acp3x-alc5682-max98357
Rename ucm2/AMD/acpd7219m98357 to ucm2/AMD/acp-da7219-rt5682-max98357
Qualcomm: Add SM8750 MTP HiFi config
rt722: change output volume of headphone to 0dB
ucm2: USB-Audio: add Presonus Revelator IO 44 (USB194f:0424)
USB-Audio: ALC4080 - add ASUS ROG Crosshair X870E Hero (USB ID 0b05:1b7c)
sun4i-codec: add routing for headphones and internal speaker
UCM2: sof-soundwire: Add setup of IIR, DRC, beamformer
UCM2: sof-soundwire: Add setup of IIR, DRC, beamformer
UCM2: sof-soundwire: Enable DRC and equalizers for
UCM2: Intel: sof-hda-dsp: Enable Dmic0 DRC and TDFB
UCM2: Blobs/SOF/IPC4: Add Beamformer blobs, update
UCM2: Intel: sof-hda-dsp: Cleanup definitions
UCM2: Intel: sof-hda-dsp: Move variables defitions from
ucm: fix SectionDevice identifiers
ucm2: whitespace fixes
USB-Audio: ALC4080: add support for MSI MEG X670E GODLIKE (USB 0db0:e1f8)
USB-Audio: ALC4080 - add ASUS ROG STRIX X870E-E GAMING WIFI (USB 0b05:1b9b)
Configuration files for Roland Bridge Cast X V2
ucm2: sof-soundwire: Correct FixedBootSequence for dmic info
amd-soundwire: add support for AMD generic legacy machine driver
sof-hda-dsp: Add back missing .conf suffix for product/user specific configs
sof-soundwire: whitespace cleanup
sof-soundwire: cs42l43: Correct CapturePCM and routing
avs_nau8825: Fix JackControl name
sof-soundwire: cs42l43-spk: Correct PlaybackPCM and routing
sof-hda-dsp: Fix the case where sysfs dmi product_name attribute is not set
UCM2: Intel: sof-hda-dsp: Fix handling of empty sys_vendor
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 634af916739e6758c853939c08b7b409dc2379cb
Author: Stephen Cuka <stephen@firemypi.org>
Date: Thu Apr 24 06:40:55 2025 -0600
pakfire.cgi: Changes to 'Install' confirmation page
- Comma separate package names if multiple packages selected to install.
- Display dependencies for package(s) to install in 'parent -> child' format.
- Formatting and verbiage changes.
- No functional changes to the install process.
Signed-off-by: Stephen Cuka <stephen@firemypi.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a8a107af2ed730c71d12d2cc276242403c814cfe
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 16:20:41 2025 +0200
core195: Ship backup.pl and sources files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6c9744bbcb0ab0b483884c914466f960287c0f9d
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 16:20:40 2025 +0200
update.sh: Core195 - remove any 3coresec ipblocklists during Core Update
- This ensures that any existing 3coresec blocklists that might have been selected
when they existed will be removed from users systems.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 74be89cf589f93aea0f0aade3a5dcba8bcbb3ea2
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 16:20:39 2025 +0200
backup.pl: Remove any 3coresec ipblocklists from old backups being restored
- This patch ensures that any restore from an old backup cointaining the 3coresec lists
will not restore the ipblocklist associated files for those lists.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a023f6b57428be64d39802eb20c90c4192c4b136
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 16:20:38 2025 +0200
sources: remove the 3CORESEC ipblocklist entries from the sources file
- The three 3CORESEC ipblocklists were removed and the web server urls completely
removed on 3 Feb 2025. There was no explanation or announcement.
- There was some suggestion from their twitter account that they might be ressurrected
which is why the removal was delayed. However there has been no further notification
or indication of any change.
- From their website they focus on a turnkey platform provision and the provision of
actionable threat information being provided on a subscription basis. So I believe
they have decided to stop the free IPBlocklist provision but were not willing to
make a clear announcement on that fact.
- This patch removes the three lists from the sources file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3d8ed693e204235cf0c92be8bb0c4b327e878256
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 14:52:08 2025 +0000
core195: Ship protobuf and protobuf-c
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 08d1f80b1aaf9f50a2f00905b2afa38a01455e94
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:45:44 2025 +0200
protobuf-c: Update to version 1.5.2
- Update from version 1.5.0 to 1.5.2
- Update of rootfile not required
- The update to protobuf caused a breaking change for the build of protobuf-c. Version
1.5.2 has the fix for that issue in it.
- The changes to protobuf-c are such that the code has been significantly changed and
the previous patch file for version 1.5.0 is no longer needed.
- Changelog
1.5.2
* Chase compatibility issues with Google protobuf 30.0-rc1 by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/762
* protoc-gen-c: Explicitly construct strings where needed for protobuf 30.x by
@edmonds in https://github.com/protobuf-c/protobuf-c/pull/768
1.5.1
* CMakeList.txt: Remove double hyphens by @AlessandroBono in
https://github.com/protobuf-c/protobuf-c/pull/699
* Makefile.am: Distribute missing Config.cmake.in by @AlessandroBono in
https://github.com/protobuf-c/protobuf-c/pull/700
* protobuf_c_message_unpack(): Fix memory corruption by initializing
unknown_fields pointer by @smuellerDD in
https://github.com/protobuf-c/protobuf-c/pull/703
* Fix CI issues with CMake by @clementperon in
https://github.com/protobuf-c/protobuf-c/pull/714
* build.yml: Install libtool on OS X by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/717
* build.yml: Set "fail-fast: false" so we can tell which jobs are failing by
@edmonds in https://github.com/protobuf-c/protobuf-c/pull/718
* Update actions by @AndrewQuijano in
https://github.com/protobuf-c/protobuf-c/pull/740
* Miscellaneous CI updates by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/747
* build.yml: Build on more pull request activity types by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/751
* Chase compatibility issues with Google protobuf >= 26.0 by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/711
* Clean CMake by @clementperon in
https://github.com/protobuf-c/protobuf-c/pull/719
* build.yml: Update Windows dependencies (abseil, protobuf) by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/753
* build.yml: Ubuntu: Add 22.04, 24.04 by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/754
* Order oneof union members from largest to smallest by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/755
* More renaming of `protoc-c` to `protoc-gen-c` by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/756
* cmake: Fix build when using ninja and protobuf-c already installed by
@edmonds in https://github.com/protobuf-c/protobuf-c/pull/757
* protoc-gen-c: Log a deprecation warning when invoked as `protoc-c` by
@edmonds in https://github.com/protobuf-c/protobuf-c/pull/758
* build.yml: Try running multiarch builds on Debian bookworm by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/759
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit dd8b385fc499d3a297e731bd49ab720a4a1fe2de
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 24 15:45:43 2025 +0200
protobuf: Update to version 30.2
- Update from version 29.3 to 30.2
- Update of rootfile
- Changes in protobuf required changes in protobuf-c to prevent build crashes. An update
for protobuf-c is combined in this patch set.
- protobuf, protobuf-c and frr (which depends on those) all built successfully.
- Changelog
30.2
Compiler
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
C++
Remove dllexport attribute on variable definition. (#20833) (7831669)
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Change how we decide which empty string implementation to use. (#20708)
(221b2a0)
Java
Remove dllexport attribute on variable definition. (#20833) (7831669)
Add protobuf_maven artifacts to protobuf_maven_dev as well so they can
still be referenced correctly using the dev namespace for dev-only
targets. (#20771) (09b5078)
Add volatile to featuresResolved (#20766) (b7f06f1)
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Restore custom protobuf maven namespaces to avoid polluting main maven
namespace for non-dev dependencies as well. (#20739) (f4b0a79)
Fix Java concurrency issue in feature resolution for old <=3.25.x gencode
using lazy feature resolution. (#20751) (2dc9f35)
Fix lite classes in the protobuf-java Maven release to be JDK8 compatible.
(#20843) (7a4c63b)
Kotlin
Restore custom protobuf maven namespaces to avoid polluting main maven
namespace for non-dev dependencies as well. (#20739) (f4b0a79)
Csharp
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Objective-C
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Python
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Ruby
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Other
Restore JDK8 compatibility in Bazel for libraries with dependencies from
Maven (e.g. //java/util) (#20832) (da9cadc)
30.1
Bazel
Loosen py_proto_library check to be on the import path instead of full
directory (i.e. excluding external/module-name prefix). (#20569) (3576a1f)
Compiler
Fix python codegen crash when C++ features are used. (#20577) (250c550)
C++
Fix python codegen crash when C++ features are used. (#20577) (250c550)
Java
Remove Java runtime classes from kotlin release. (#20607) (4747628)
Kotlin
Remove Java runtime classes from kotlin release. (#20607) (4747628)
Python
Fix python codegen crash when C++ features are used. (#20577) (250c550)
Other
Re-add system_python repo alias to MODULE.bazel (#20662) (ebb5224)
30.0
Announcements
This version includes breaking changes to: Objective-C, Python, C++.
[Objective-C] Remove legacy WKT headers. (d9caebc)
[Objective-C] Remove deprecated apis. (2a52b90)
[Objective-C] Remove support for older generated code. (cffa590)
[Objective-C] Remove GPBUnknownFieldSet. (2b93422)
[Python] Fix closed enum validation under editions (72b3eda)
[Python] Remove deprecated GetDebugString() from protobuf python cpp
extension. (721a452)
[Python] Remove deprecated reflection methods (292f964)
[Python] Remove deprecated GetPrototype MessageFactory.GetPrototype(),
(c261b49)
[Python] Python nested message class qualname now contains the outer
message name. (Previous qualname has the same result with name for
nested message that outer message name was not included) (0720536)
[Python] Remove deprecated Python RPC Service Interfaces (5ba74b1)
[Python] Python setdefault behavior change for map field. (81da6b9)
[Python] Remove deprecated py_proto_library macro.
[C++] Prohibit using Bazel+MSVC to build protobuf (117e7bb)
[C++] Remove deprecated Arena::CreateMessage. (d83a536)
[C++] Remove CMake submodule support in favor of fetched or installed
dependencies. (3f06ca4)
[C++] Flip default behavior for handling cmake dependencies. (9cc685e)
[C++] Add ASAN poisoning after clearing oneof messages on arena.
(54d068e)
[C++] Upgrade return type of type_name() and cpp_type_name() from
const char* to absl::string_view. (a9ad51f)
[C++] Remove deprecated RepeatedPtrField::ClearedCount(). (e8e3253)
[C++] Upgrade return type of several string returning functions to
absl::string_view. (d1990d9)
[C++] Strip ctype from options in C++ (aebf8b9)
[C++] Remove MutableRepeatedFieldRef::Reserve() in reflection (913f7b0)
[C++] Remove deprecated JsonOptions alias. (e2eb0a1)
[C++] Remove deprecated Arena::GetArena. (30ed452)
Bazel
Remove reference to cc_proto_aspect (fa02f76)
Remove deprecated bazel/system_python.bzl alias. (00f108c)
Compiler
Add notices.h with information about our dependencies' licenses and add
--notices flag to protoc to print the contents of that file. (a7df327)
Have the protoc CLI properly report any parser warnings. (cafeaa4)
Split protoc apart from libprotoc in our cmake configs. (b4b93b3)
Begin adding extension numbers to SourceCodeInfo and FileDescriptorSet for
tooling purposes. (9d7236b)
Fix various unsigned to signed comparison warnings. (#17212) (67de087)
C++
Fixing staleness tests (6abaf77)
Add notices.h with information about our dependencies' licenses and add
--notices flag to protoc to print the contents of that file. (a7df327)
Backport: Remove if_constexpr usage for future Abseil compatibility
(#20488) (450ee76)
Add tests for older gcc versions we still support (#20463) (0778473)
Fix a bug in handling of implicit-presence string_view fields. (#20403)
(81196ac)
Remove rules_rust dependency from MODULE.bazel for 30.x (#20310) (b8248f6)
Upgrade abseil-cpp to 20250127 and use @com_google_absl -> @abseil-cpp and
com_google_googletest -> @googletest canonical BCR names. (#20295) (df849cc)
Replace std::any with a custom solution. (#20251) (6250d09)
Make DebugString print debug output, enable debug markers for debug output
(9a03332)
Fix missing port_undef (#20052) (0644388)
Use __builtin_expect_with_probability for proto field presence checks.
(e958419)
Enable meta-tagging for redaction purposes (1f48795)
Breaking change: Prohibit using Bazel+MSVC to build protobuf (117e7bb)
Breaking change: Upgrade return type of several string returning functions
to absl::string_view. (d1990d9)
Print the presence probability when analysis is enabled. (d4ba7ff)
Split protoc apart from libprotoc in our cmake configs. (b4b93b3)
Breaking change: Strip ctype from options in C++ (aebf8b9)
Breaking change: Remove MutableRepeatedFieldRef::Reserve() in reflection
(913f7b0)
Remove stale references to C++14. (f4cc92c)
Breaking change: Upgrade return type of type_name() and cpp_type_name()
from const char* to absl::string_view. (a9ad51f)
Update cmake minimum version to >=3.16. (21f535c)
Migrate coded output stream arguments from const std::string& to
absl::string_view. (0361a59)
Breaking change: Remove deprecated Arena::GetArena. (30ed452)
Remove the time (or time-based) entropy being added to Map's seed. (a7875bb)
Don't use CLOCK_UPTIME_RAW if it won't be defined (#16951) (097dcda)
Fix DEPENDENCIES in protobuf_generate() to accept multiple values instead
of silently dropping (52887e1)
Use ABSL_PREDICT_TRUE|FALSE instead of PROTOBUF_PREDICT_TRUE|FALSE. (fd47730)
Breaking change: Flip default behavior for handling cmake dependencies.
(9cc685edf867acf5...
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a4e20441ff08401644fc29342338ef8f6bd7984a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 14:47:33 2025 +0000
core195: Ship WireGuard
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 870bd70a3d85d0ca4bc826fe9440d74ac4b343f3
Merge: f0c8d0eb9a 1de96a83d6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 24 09:34:23 2025 +0000
Merge remote-tracking branch 'ms/wg' into next
commit 1de96a83d6d6cec5d4d3eda1792aa80bfbd8fafe
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 23 12:35:52 2025 +0200
firewall: Add support for WireGuard peers to groups
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3bcb69888eabf32ebfec10389cbb42eed8c91837
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 22 19:59:43 2025 +0200
firewall: Actually create WireGuard rules
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 843c39434195e0fe78be36fb25adc5854aff78a2
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 22 19:58:01 2025 +0200
wireguard-functions.pl: Return subnets as an array reference
I don't know why, but otherwise Perl will try to expand everything
everywhere all of the time.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9c72aa966309ea160c4385363d9e29305af73389
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 22 19:48:37 2025 +0200
firewall-lib.pl: Fix whitespace issues
No functional changes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3f538a827627ae70fc2c892abab6e8d73f73aaad
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 22 19:47:23 2025 +0200
wireguard-functions.pl: Return a hash reference instead of a hash when loading a peer
Perl is so absolutely fucking broken and dealing with hashes is such a
massive pain in the rear. I don't want to see this any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 60dd0f8f15d1b70e0692c933dcf374dd329ee365
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 22 18:12:20 2025 +0200
firewall.cgi: Use "peer" for the WireGuard "hosts"
We don't distinguish between N2N and RW and therefore we should not use
the term "hosts" here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 77631ba4c738432c31cd4b6fad0da28b880fb0c7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 22 18:09:31 2025 +0200
firewall.cgi: Highlight any deleted WireGuard peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 657801ca491cf671d7201354b566a42d6cce6515
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 22 17:48:20 2025 +0200
firewall.cgi: Highlight WireGuard rules in the correct colour
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0818920c8a96df3b80042f2ffe8bade8d4545076
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 22 17:47:52 2025 +0200
Run "./make.sh lang"
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 468e9831d5c7b99a2dc20b66d881f43ecb0a424b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 22 17:41:12 2025 +0200
firewall.cgi: Add dropdown to add WireGuard peers to a firewall rule
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6c228fabd02aaf17ff1e0b403666a01725d70b3c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Jan 2 13:41:12 2025 +0000
make.sh: Build wireguard-tools later
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 06ee2b84e7e33235caf2203810cddc3c7020a943
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 20:15:44 2024 +0100
wireguard.cgi: Remove function to show configuration
This code is no longer re-used
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 456ff347463776c3a5adee02d3d2ca65924661c2
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 20:14:55 2024 +0100
wireguard-functions.pl: Actually generate all configuration types
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ccb2d0a211b9efd65c4943c7594b6e367a371ec9
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 20:08:33 2024 +0100
wireguard.cgi: It is no longer possible to download the configuration again
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9b57b59a411fe3e82c173becad8f0edc538aafe6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 20:06:19 2024 +0100
wireguard.cgi: Merge both functions to generate a peer configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6dcd2c24bba008952469414b6d560863793e6001
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 20:01:48 2024 +0100
wireguard-functions.pl: Unify fetching the endpoint
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit db8d09bdb72ddf08333172b18fc145393c5375d6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 19:59:54 2024 +0100
wireguard.cgi: Redirect back to the right place on error
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 335cd6187bfe38e0e4c671f2a848bd834855f952
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 19:59:35 2024 +0100
wireguard.cgi: Bring back the warning about showing config only once
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c0261d9b96f55a954ee63ad9115db6d2a5636c38
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 19:56:05 2024 +0100
wireguard.cgi: No longer store the private keys for RW peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a61f0c752225fd3dcde20a9929947f3fe2586781
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 19:50:33 2024 +0100
wireguard.cgi: Send the N2N peer configuration to the client
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7b62f1706638ab287e0300b43a322c595b1466fb
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 19:31:35 2024 +0100
wireguard.cgi: Change generate_peer_configuration to only generate RW stuff
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9914a4f1cdf811e790164a1b2d047d985065b6ac
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 18:40:16 2024 +0100
wireguard.cgi: Don't offer to download the configuration for N2N
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4e4b6033294509f6a9301cf7d7700263adc69172
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 18:35:42 2024 +0100
wireguard.cgi: Create a new simplified dialogue to create a new N2N connection
The former process was very complicated and required that many settings
were copied across both sides. It seems to be much more elegant to
generate a new connection in one place and import it on the other side.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5058edbadacd66e5313e4a1bbe9fca09aaace483
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 17:13:53 2024 +0100
wireguard: Accept FQDNs as endpoints
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a6568d122d85d447805aa137c68a541c641b3516
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 17:12:16 2024 +0100
wireguard: Install wg-dynamic
This is a script that checks if we are connected with the correct peer.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 82f8e2fef4c35cf44250a8484ef4c63a95e12b49
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 16:20:30 2024 +0100
wireguard: Transparently replace 0.0.0.0/0 with 0.0.0.0/1 and 128.0.0.0/1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 057c7692b1fd41f1683f68cf20742f6f025d1c17
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 14:34:38 2024 +0100
wireguard-functions.pl: Fix Perl syntax issue
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 61a4d3cf49ae48896663af0cfee094b1f04df83f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Dec 6 14:30:20 2024 +0100
wireguard.cgi: Fix connection status for RW connections
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 803f69b16f6e560a38220f19449aa86afa53198a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Nov 22 14:09:35 2024 +0100
wireguard.cgi: Make it clear what peer is being edited
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 607760950b571610cef4a0e6264415ddec5c69ec
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Nov 22 14:04:40 2024 +0100
wireguard.cgi: Suggest a PSK for new N2N peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit be78d2abafc58a7f216102079498e642c107aebc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Nov 22 13:53:07 2024 +0100
wireguard.cgi: Show our own public key when creating N2N peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ac1032f025a851bf03c4ff56e21df379c81aba04
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Nov 22 13:38:13 2024 +0100
wireguard.cgi: Don't show the public key
There is very little use now since we don't use this key for N2N
connections any more. RW clients will have the public key in their
configuration files.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0d241960201088fea9eeae80eee06555a724a03f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Nov 22 13:34:35 2024 +0100
wireguard.cgi: Fix fetching connection status with multiple interfaces
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit aba4372e3ec4001bafb32f94eae9698dcb174259
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Sep 30 20:05:48 2024 +0200
wireguard: Store the connection name as an alias
This way it is easier to find the correct interface on the console.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3679c7a0d4f8881679c72abd321a90e75febc2c3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Sep 30 20:04:05 2024 +0200
wireguard.cgi: Allow to edit the port and automatically chose one
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 39eafa413f4b37e8dc1abff1f7d7ca2c0e1cbffa
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Sep 30 19:40:09 2024 +0200
wireguard.cgi: Add controls to download configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 66546a360704717be03ffa12ff80137cccbab90a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Sep 30 19:00:40 2024 +0200
wireguard.cgi: Store the private key for RW peers, too
We have so much key material stored that it does not make much sense to
drop a bit of it when it makes life so much harder.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit eb48782ee7184b5c397efeda14f27d83e3c6995b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Sep 30 18:53:45 2024 +0200
wireguard: Implement creating an extra interface per N2N peer
When importing a configuration, we will receive a new private key which
we cannot apply to the original interface. Therefore we need to create a
new one for each peer. RW peers will remain on wg0 which will always
exist.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5541ca3faf4e0100cd64e79022d4c0a4eed658fd
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Sep 30 18:49:07 2024 +0200
wireguard-functions.pl: Store networks in CIDR notation only
wg(8) does not accept anything else.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 09901bae0a8cffdd9f8d77eaac6a1c114723e32b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun Sep 29 14:17:10 2024 +0200
wireguard.cgi: Implement a way to import a connection
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0739ae938f1881cb863018e2230e0f523f073005
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 27 18:53:51 2024 +0200
wireguard.cgi: Rename function to check keys
This function can check all types of keys and not only the public key.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a3170662bf8943b57a1bbbe0b86ec4a1eb954802
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 27 18:03:14 2024 +0200
wireguard-functions.pl: Don't send DNS configuration to n2n peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 32f722f9c831bc037f10e069a3c44d3e3b3e5c66
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 27 17:58:36 2024 +0200
wireguard.cgi: Rename "generate_client_configuration" to "generate_peer_configuration"
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 37174e29de670a33f9be4b90c88b0a96c695dad1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 27 17:55:46 2024 +0200
wireguard.cgi: Normalize filenames
This is because Windows clients won't import any configurations that
have spaces in the filename. Therefore we replace it and remove anything
else unwanted on the way.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 76ea485d9edb781328e307c68b1f878d933408e5
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 27 17:39:22 2024 +0200
wireguard: Select the correct source IP address for N2N peers
This is so that the firewall chooses the correct IP address when trying
to establish connections to the remote networks.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 08ddf896561c7733a17491d175dd6bda00e775e3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Sep 21 12:12:05 2024 +0200
misc-progs: Fix compiling wireguardctrl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b611b775dd1780cb59c8fde77f7ebb8722b79ecd
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 20 17:12:26 2024 +0200
wireguard.cgi: Allow to configure a custom endpoint
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d312592b00270f972b60a648b431f074f0b1ebf1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 20 16:54:09 2024 +0200
wireguard.cgi: Permit empty client pool
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5a1c02df8973b3acc5c3101a94e86fe6df4b43b6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 12 19:39:26 2024 +0200
firewall: Add WireGuard RW to the UI
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1f2bb86219bb57718b9a666f9c5b14b2c44f98a3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Sep 11 02:24:49 2024 +0200
wireguard: Move functions into their own file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d6868ae94c63d0f708985e6bb6604a4bd40cf1a8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 6 18:20:46 2024 +0200
firewall: Allow WG traffic when the firewall is in permissive mode
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 27e9dcc159247d55e369b3cbf6b826168fda38f6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 6 18:10:48 2024 +0200
wireguard.cgi: Only show the location if we have something
Otherwise the text won't be centered in the box which looks a little bit
wrong.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 397e0c527192382ed628df6d8ec767fef2240a54
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 6 18:02:26 2024 +0200
services.cgi: Don't always try expand the status column unless asked
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 35afcd212ef33f091a6a36e8dd3b092da2613d59
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 6 17:59:58 2024 +0200
wireguard.cgi: Remove the large box to warn people that the configuration will only be shown once
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6d8483a793bd720bdf183b2eaa43fdd5bf0402c0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 6 17:56:15 2024 +0200
wireguard.cgi: Add a button to return after creating a new connection
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit fadf9488c4ad2dcee9060240dabafe49fa74b154
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Aug 14 18:49:56 2024 +0200
AQM: Ignore WireGuard interfaces
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 76db32dd47b45947905ecb28475accfae848919e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Aug 14 18:40:09 2024 +0200
web UI: Add a menu entry
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e5604dafcd5fe74af8a116bb5c26d36d268d9490
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Aug 14 18:33:44 2024 +0200
misc-progs: Update rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 63a1468e907c6cf8d469df560f04d656c03d0c70
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Aug 14 18:23:55 2024 +0200
wireguard.cgi: Don't allow creating RW connections if there is no address space
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 593481a6b3b613dcabff936f2c9fedb87f778900
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Aug 14 18:14:26 2024 +0200
wireguard.cgi: Don't show an empty table if there are no peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 85ec8363a873100fc1bb49e3c01f9f63bf97c6e1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Aug 14 15:55:06 2024 +0000
wireguard: Install empty configuration files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 31a21c9974b82fb266ddea3320be69de32628d9b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Aug 14 15:51:19 2024 +0000
firewall: Fix typo in "iptables"
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 95bf26599d97d98ece3886fe69ccf898f19b298f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 20:36:42 2024 +0200
wireguard.cgi: Rename local subnets to allowed subnets
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f552e23da404adf4555299c887a0279016323df4
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 17 17:13:32 2024 +0000
misc-progs: Add wireguardctrl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit eb47427429e5518385344c2fa262948b0b0e659a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun Apr 14 13:50:08 2024 +0000
wireguard-tools: New package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 89b976e9a7e4da13b82de4aadadb63ffaf3031a6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 20:32:57 2024 +0200
wireguard: Block unauthorized traffic
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f0a4cae5e82fe9011d41a17d359419b528c80415
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 20:20:13 2024 +0200
wireguard: Rename routes to remote subnets
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5ca419c7fff709bf33b7a23d75632129590ef5be
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 20:16:38 2024 +0200
lang: Add translation for "remarks"
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit cb7e2a7d908f0db7201f2b3d7c4fded3caba8586
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 20:13:56 2024 +0200
wireguard.cgi: Implement toggle enable/disable peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4846ff3a1091f280f3fdabbfdd898adfeff80e87
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 20:03:49 2024 +0200
wireguard.cgi: Make the client configuration downloadable
I believe this is much better than copy & paste.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ca479eb8bfdd6d1c154c8bea1b823fd940727533
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 19:50:45 2024 +0200
wireguard.cgi: Implement DNS configuration for clients
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b526e4998161c217ac0af88ad616e32bdac314c7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 19:33:21 2024 +0200
wireguard.cgi: Correctly compose the FQDN
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4981916fd955d0fc7a9008352d3a4bec1a498cdd
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 19:32:52 2024 +0200
general-functions.pl: Always load the main settings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 2406a4cfe573cdc926e14150522578d861e4c240
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 19:22:01 2024 +0200
wireguard.cgi: Call start instead of reload
I didn't implement reload in the helper.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ff9ccfa8d75871f96d43501f4536590c680429d7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 19:15:53 2024 +0200
wireguard.cgi: Dynamically allocate a pool address for clients
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0cf51b17e97c93e988c52cc3462061e085facc3c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 18:48:22 2024 +0200
wireguard.cgi: Ensure that AllowedIPs are in CIDR format
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5eb7d41133f3b8a74f38f3b2ab01ccb8c34ae0f1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 18:47:49 2024 +0200
wireguard: Route the client pool
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 303f811025b6d2672b8535d63b039e2d76a2260a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 17:32:32 2024 +0200
wireguard.cgi: Show a QR code that contains the client configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c0cddfa6feb95c13cdd84ea68253c5f025801d45
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 17:14:27 2024 +0200
wireguard.cgi: Show client configuration after creating a client
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 21001812389666836552bc193248cb2ffc3a76b6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 13:04:01 2024 +0200
wireguard.cgi: Check if the client pool is in use and prevent editing
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f84c7d0bdac38fb6ed7105a21c1f2422ddbcd656
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 12:57:08 2024 +0200
wireguard.cgi: Add client pool config option
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d11f9d75b002b8395fe094b0beaf2bb4c2e2e0ed
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 12:51:46 2024 +0200
wireguard.cgi: Implement creating host-to-net connections
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4e83b78e86b12ec418e872cae7f162b9548c3a59
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 12:18:14 2024 +0200
wireguard.cgi: Move creating private keys into a separate function
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a77882639e42e40deea0ea2e811ed0644f51ebe7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 00:50:17 2024 +0200
wireguard.cgi: Rename editor to edit-net
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3eba8076012f79da1bda90995afc88bce569a060
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 00:44:53 2024 +0200
wireguard.cgi: Fix typo of %checked
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6a760ba418e6701b584ca80a6cd834e014397929
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 00:44:38 2024 +0200
wireguard.cgi: Fix disabling the service
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit cc203a41265c8ec5564be204293cf86ac9533e81
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 00:34:34 2024 +0200
wireguard.cgi: Allow the endpoint to be empty
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit eefe8bcdec7095331044488aab4bf6b7a711d765
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 00:34:20 2024 +0200
wireguard.cgi: Fix saving empty PSKs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e44e1be465cab81a37bab7aa9ecb301b105633ee
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 00:22:40 2024 +0200
wireguard.cgi: Implement option to configure keepalive
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 283238d66fa69b3a5198b2ac7a0539f6a678ce4c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 00:04:36 2024 +0200
wireguard.cgi: Group keys together
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0b4c2c3799fdfc8cfbb67888f6a0f7a21869d826
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Apr 25 00:02:58 2024 +0200
wireguard.cgi: Implement helper functions to read/write subnets
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c5606af3e5ecb3a968df2a48ea10c7811760241d
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 23:50:04 2024 +0200
wireguard: Implement optional PSK for post-quantum stuff
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b57617edafdfa2fd057c5902ed3b5f9dc6558ec5
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 23:20:48 2024 +0200
wireguard.cgi: Implement deleting peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 16c94e73c70da3cf6446b2bf80fa306e51ded53c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 23:14:53 2024 +0200
wireguard.cgi: Check for duplicate names
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 26d6b4cd89621cb1552871be0b14a1b59584c82b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 23:07:52 2024 +0200
wireguard.cgi: Add helper functions to encode/decode remarks
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1425014380d4118bba7b4ffe1f41691a2af7a3b0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 23:03:48 2024 +0200
wireguard.cgi: Implement launching the editor for editing a connection
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3cfb59a767313f65fdaa8d18a9df12ffaec6129c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 23:02:15 2024 +0200
wireguard.cgi: Fix typo in variable name
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7f79f01123992781788ab7b5eac12794fa21143a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 22:49:11 2024 +0200
wireguard.cgi: Adjust IDs of the peer
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 44cf6442d2d2608e081dee552b0d4778586125fd
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 22:26:37 2024 +0200
wireguard.cgi: Store remarks encoded as base64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 06df633c86eabbfa40fe36c508bef8963f3f006f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 22:20:04 2024 +0200
wireguard.cgi: Rename CREATE-PEER-NET action to SAVE-PEER-NET
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d9d98b678b5207856d7383c3f097eb30910df61b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 24 22:15:33 2024 +0200
wireguard.cgi: Add editor to create a new peer
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c5af1d851cb3963441b43785b17c335d328d763e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 17 19:56:30 2024 +0200
wireguard.cgi: Implement choice to create a new connection
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d408b1a8e717ed0387366c254a0a637c635e8a2c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 17 19:43:25 2024 +0200
wireguard.cgi: Remove the extra box around the peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8d26760ce43686485cc9db595f2efa9a9a5c3302
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 17 19:41:59 2024 +0200
wireguard.cgi: Move the status column more to the left
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4fe654d7704499063ec6d766faf3249149cac7a3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 17 19:41:14 2024 +0200
wireguard.cgi: Show visual status when disconected
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c25e3d6a1924448fa988de0118b802b7de0a0405
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 17 19:32:06 2024 +0200
wireguard.cgi: Show origin of the connected peer
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6d3c91bc7a7c9aa84631ca8b90dc5cda63c0ec5a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 17 19:19:14 2024 +0200
wireguard.cgi: Fix connection detection
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 83e6991be967ceaaa8d61167c533636f35d6a498
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 17 19:15:35 2024 +0200
wireguard.cgi: Fix calling wireguardctrl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a5b7858c705cf7bdd37a32b2add8a9ffe3e42342
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 17 18:58:11 2024 +0200
wireguard.cgi: Show status for each peer
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit fdfec12a5f272c8f960f3fcbc4af356f80fc1b9a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 16 18:21:59 2024 +0200
wireguard.cgi: Show peers in a table
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 06dbc836a47160d51ab10f8b9d4ca356beaa7cdb
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 16 18:06:47 2024 +0200
wireguard.cgi: Add a basic CGI to configure the global settings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit fc32e7b9147d2eeeb6e2bc1497859fb050001eb5
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 16 16:20:55 2024 +0200
firewall: Automatically open ports for WireGuard
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b78ba3624f0a11c060ad06dbd65741b82684d93e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 16 16:17:59 2024 +0200
wireguard: Add initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/backup.pl | 14 +-
config/cfgroot/general-functions.pl | 12 +
config/cfgroot/header.pl | 13 +
config/cfgroot/wireguard-functions.pl | 599 +++++++++
config/firewall/firewall-lib.pl | 45 +-
config/firewall/firewall-policy | 12 +
config/ipblocklist/sources | 18 -
config/menu/40-services.menu | 6 +
config/rootfiles/common/aarch64/initscripts | 4 +
config/rootfiles/common/configroot | 4 +
config/rootfiles/common/fontconfig | 2 +-
config/rootfiles/common/libcap | 5 +-
config/rootfiles/common/libgpg-error | 2 +-
config/rootfiles/common/misc-progs | 3 +-
config/rootfiles/common/openssh | 1 +
config/rootfiles/common/openssl | 329 ++++-
config/rootfiles/common/protobuf | 125 +-
config/rootfiles/common/riscv64/initscripts | 4 +
config/rootfiles/common/web-user-interface | 1 +
config/rootfiles/common/wireguard-tools | 4 +
config/rootfiles/common/x86_64/initscripts | 4 +
.../186 => core/195}/filelists/btrfs-progs | 0
.../{oldcore/103 => core/195}/filelists/coreutils | 0
config/rootfiles/core/195/filelists/files | 18 +
.../{oldcore/110 => core/195}/filelists/fontconfig | 0
.../{oldcore/104 => core/195}/filelists/libcap | 0
.../{oldcore/155 => core/195}/filelists/libffi | 0
.../106 => core/195}/filelists/libgpg-error | 0
.../{oldcore/100 => core/195}/filelists/openssh | 0
.../{oldcore/100 => core/195}/filelists/openssl | 0
.../{oldcore/190 => core/195}/filelists/protobuf | 0
.../{oldcore/190 => core/195}/filelists/protobuf-c | 0
.../rootfiles/core/195/filelists/wireguard-tools | 1 +
config/rootfiles/core/195/update.sh | 26 +
config/rootfiles/packages/alsa | 169 ++-
config/udev/network-aqm | 5 +
config/wireguard/wg-dynamic | 122 ++
doc/language_issues.de | 43 +-
doc/language_issues.en | 56 +-
doc/language_issues.es | 54 +-
doc/language_issues.fr | 54 +-
doc/language_issues.it | 54 +-
doc/language_issues.nl | 54 +-
doc/language_issues.pl | 54 +-
doc/language_issues.ru | 54 +-
doc/language_issues.tr | 54 +-
doc/language_missings | 443 ++++++-
html/cgi-bin/firewall.cgi | 83 +-
html/cgi-bin/fwhosts.cgi | 59 +
html/cgi-bin/pakfire.cgi | 191 ++-
html/cgi-bin/services.cgi | 4 +-
html/cgi-bin/wireguard.cgi | 1369 ++++++++++++++++++++
html/html/themes/ipfire/include/css/style.css | 9 +
langs/de/cgi-bin/de.pl | 17 +-
langs/en/cgi-bin/en.pl | 61 +-
langs/es/cgi-bin/es.pl | 4 +-
langs/fr/cgi-bin/fr.pl | 4 +-
langs/it/cgi-bin/it.pl | 4 +-
langs/nl/cgi-bin/nl.pl | 4 +-
langs/pl/cgi-bin/pl.pl | 4 +-
langs/ru/cgi-bin/ru.pl | 4 +-
langs/tr/cgi-bin/tr.pl | 4 +-
lfs/alsa | 16 +-
lfs/btrfs-progs | 4 +-
lfs/configroot | 5 +-
lfs/coreutils | 6 +-
lfs/fontconfig | 19 +-
lfs/initscripts | 3 +
lfs/libcap | 6 +-
lfs/libffi | 4 +-
lfs/libgpg-error | 6 +-
lfs/nano | 17 +-
lfs/nfs | 16 +-
lfs/openssh | 17 +-
lfs/openssl | 4 +-
lfs/protobuf | 12 +-
lfs/protobuf-c | 7 +-
lfs/{iotop => wireguard-tools} | 27 +-
make.sh | 1 +
src/initscripts/networking/functions.network | 40 +
src/initscripts/system/firewall | 9 +
src/initscripts/system/wireguard | 356 +++++
src/misc-progs/Makefile | 2 +-
src/misc-progs/wireguardctrl.c | 44 +
src/patches/protobuf-c_1.5.0_protobuf-26.patch | 118 --
85 files changed, 4599 insertions(+), 429 deletions(-)
create mode 100644 config/cfgroot/wireguard-functions.pl
create mode 100644 config/rootfiles/common/wireguard-tools
copy config/rootfiles/{oldcore/186 => core/195}/filelists/btrfs-progs (100%)
copy config/rootfiles/{oldcore/103 => core/195}/filelists/coreutils (100%)
copy config/rootfiles/{oldcore/110 => core/195}/filelists/fontconfig (100%)
copy config/rootfiles/{oldcore/104 => core/195}/filelists/libcap (100%)
copy config/rootfiles/{oldcore/155 => core/195}/filelists/libffi (100%)
copy config/rootfiles/{oldcore/106 => core/195}/filelists/libgpg-error (100%)
copy config/rootfiles/{oldcore/100 => core/195}/filelists/openssh (100%)
copy config/rootfiles/{oldcore/100 => core/195}/filelists/openssl (100%)
copy config/rootfiles/{oldcore/190 => core/195}/filelists/protobuf (100%)
copy config/rootfiles/{oldcore/190 => core/195}/filelists/protobuf-c (100%)
create mode 120000 config/rootfiles/core/195/filelists/wireguard-tools
create mode 100644 config/wireguard/wg-dynamic
create mode 100644 html/cgi-bin/wireguard.cgi
copy lfs/{iotop => wireguard-tools} (86%)
create mode 100644 src/initscripts/system/wireguard
create mode 100644 src/misc-progs/wireguardctrl.c
delete mode 100644 src/patches/protobuf-c_1.5.0_protobuf-26.patch
Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 0cfbd4fc38..b36296ee86 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -252,11 +252,14 @@ restore_backup() {
-out /etc/httpd/server.crt &>/dev/null
fi
- # Remove any entry for ALIENVAULT, SPAMHAUS_EDROP or ABUSECH_BOTNETC2 from the ipblocklist modified file
+ # Remove any entry for ALIENVAULT, SPAMHAUS_EDROP, ABUSECH_BOTNETC2 or 3CORESEC from the ipblocklist modified file
# and the associated ipblocklist files from the /var/lib/ipblocklist directory
sed -i '/ALIENVAULT=/d' /var/ipfire/ipblocklist/modified
sed -i '/SPAMHAUS_EDROP=/d' /var/ipfire/ipblocklist/modified
sed -i '/ABUSECH_BOTNETC2=/d' /var/ipfire/ipblocklist/modified
+ sed -i '/3CORESEC_SSH=/d' /var/ipfire/ipblocklist/modified
+ sed -i '/3CORESEC_SCAN=/d' /var/ipfire/ipblocklist/modified
+ sed -i '/3CORESEC_WEB=/d' /var/ipfire/ipblocklist/modified
if [ -e /var/lib/ipblocklist/ALIENVAULT.conf ]; then
rm /var/lib/ipblocklist/ALIENVAULT.conf
fi
@@ -266,6 +269,15 @@ restore_backup() {
if [ -e /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf ]; then
rm /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf
fi
+ if [ -e /var/lib/ipblocklist/3CORESEC_SSH.conf ]; then
+ rm /var/lib/ipblocklist/3CORESEC_SSH.conf
+ fi
+ if [ -e /var/lib/ipblocklist/3CORESEC_SCAN.conf ]; then
+ rm /var/lib/ipblocklist/3CORESEC_SCAN.conf
+ fi
+ if [ -e /var/lib/ipblocklist/3CORESEC_WEB.conf ]; then
+ rm /var/lib/ipblocklist/3CORESEC_WEB.conf
+ fi
# The collectd directory structure was changed but not all changes
# are done by the official migration script generator
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index bbd0f9839f..cc5d9fd812 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -24,6 +24,11 @@ $General::swroot = 'CONFIG_ROOT';
$General::noipprefix = 'noipg-';
require "${General::swroot}/network-functions.pl";
+require "${General::swroot}/wireguard-functions.pl";
+
+# Load the main settings file
+our %mainsettings = ();
+&readhash("${General::swroot}/main/settings", \%mainsettings);
# This function executes a shell command without forking a shell or do any other
# Perl-voodoo before it. It deprecates the "system" command and is the only way
@@ -252,6 +257,13 @@ sub setup_default_networks
$defaultNetworks->{"IPsec RW (${netaddress}/${prefix})"}{'NET'} = $netaddress;
}
}
+
+ # WireGuard
+ if ($Wireguard::settings{'CLIENT_POOL'}) {
+ my $name = $Lang::tr{'wg rw peers'};
+
+ $defaultNetworks->{$name}{'NAME'} = "WGRW";
+ }
}
sub get_aliases
{
diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index 2d4aa89f24..5a4d413081 100644
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -17,6 +17,7 @@ use HTML::Entities();
use Socket;
use Time::Local;
use Encode;
+use Unicode::Normalize;
require "${General::swroot}/graphs.pl";
@@ -628,6 +629,18 @@ sub escape($) {
return HTML::Entities::encode_entities($s);
}
+sub normalize($) {
+ my $s = shift;
+
+ # Remove any special characters
+ $s = &Unicode::Normalize::NFKD($s);
+
+ # Remove any whitespace and replace with dash
+ $s =~ s/\s+/\-/g;
+
+ return $s;
+}
+
sub cleanhtml {
my $outstring =$_[0];
$outstring =~ tr/,/ / if not defined $_[1] or $_[1] ne 'y';
diff --git a/config/cfgroot/wireguard-functions.pl b/config/cfgroot/wireguard-functions.pl
new file mode 100644
index 0000000000..79b3bb0978
--- /dev/null
+++ b/config/cfgroot/wireguard-functions.pl
@@ -0,0 +1,599 @@
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+package Wireguard;
+
+use strict;
+use MIME::Base64;
+
+require "/var/ipfire/general-functions.pl";
+require "/var/ipfire/network-functions.pl";
+
+our @DEFAULT_PORTRANGE = (60000, 62000);
+our $DEFAULT_PORT = 51820;
+our $DEFAULT_KEEPALIVE = 25;
+
+# Read the global configuration
+our %settings = ();
+&General::readhash("/var/ipfire/wireguard/settings", \%settings);
+
+# Read all peers
+our %peers = ();
+&General::readhasharray("/var/ipfire/wireguard/peers", \%peers);
+
+# Set any defaults
+&General::set_defaults(\%settings, {
+ "ENABLED" => "off",
+ "PORT" => $DEFAULT_PORT,
+ "CLIENT_DNS" => $Network::ethernet{'GREEN_ADDRESS'},
+});
+
+# Returns the local endpoint
+sub get_endpoint() {
+ my $endpoint = $settings{'ENDPOINT'};
+
+ # If no endpoint is set, we fall back to the FQDN of the firewall
+ if ($endpoint eq "") {
+ $endpoint = $General::mainsettings{'HOSTNAME'} . "." . $General::mainsettings{'DOMAINNAME'};
+ }
+
+ return $endpoint;
+}
+
+# This function generates a set of keys for this host if none exist
+sub generate_keys($) {
+ my $force = shift || 0;
+
+ # Reset any previous keys if re-generation forced
+ if ($force) {
+ $settings{"PRIVATE_KEY"} = undef;
+ $settings{"PUBLIC_KEY"} = undef;
+ }
+
+ # Return if we already have keys
+ return if (defined $settings{"PRIVATE_KEY"} && defined $settings{"PUBLIC_KEY"});
+
+ # Generate a new private key
+ unless (defined $settings{'PRIVATE_KEY'}) {
+ # Generate a new private key
+ $settings{"PRIVATE_KEY"} = &generate_private_key();
+
+ # Reset the public key
+ $settings{"PUBLIC_KEY"} = undef;
+ }
+
+ # Derive the public key
+ unless (defined $settings{"PUBLIC_KEY"}) {
+ # Derive the public key
+ $settings{"PUBLIC_KEY"} = &derive_public_key($settings{"PRIVATE_KEY"});
+ }
+
+ # Store the configuration file
+ &General::writehash("/var/ipfire/wireguard/settings", \%settings);
+}
+
+# Generates a new private key
+sub generate_private_key() {
+ # Generate a new private key
+ my @output = &General::system_output("wg", "genkey");
+
+ # Store the key
+ foreach (@output) {
+ chomp;
+
+ return $_;
+ }
+
+ # Return undefined on error
+ return undef;
+}
+
+# Takes a private key and derives the public key
+sub derive_public_key($) {
+ my $private_key = shift;
+ my @output = ();
+
+ # Derive the public key
+ if (open(STDIN, "-|")) {
+ @output = &General::system_output("wg", "pubkey");
+ } else {
+ print $private_key . "\n";
+ exit (0);
+ }
+
+ # Return the first line
+ foreach (@output) {
+ chomp;
+
+ return $_;
+ }
+
+ # Return undefined on error
+ return undef;
+}
+
+sub dump($) {
+ my $intf = shift;
+
+ my %dump = ();
+ my $lineno = 0;
+
+ # Fetch the dump
+ my @output = &General::system_output("/usr/local/bin/wireguardctrl", "dump", $intf);
+
+ foreach my $line (@output) {
+ # Increment the line numbers
+ $lineno++;
+
+ # Skip the first line
+ next if ($lineno <= 1);
+
+ # Split the line into its fields
+ my @fields = split(/\t/, $line);
+
+ # Create a new hash indexed by the public key
+ $dump{$fields[0]} = {
+ "psk" => $fields[1],
+ "endpoint" => $fields[2],
+ "allowed-ips" => $fields[3],
+ "latest-handshake" => $fields[4],
+ "transfer-rx" => $fields[5],
+ "transfer-tx" => $fields[6],
+ "persistent-keepalive" => $fields[7],
+ };
+ }
+
+ return %dump;
+}
+
+sub load_peer($) {
+ my $key = shift;
+
+ my $type = $peers{$key}[1];
+
+ my %peer = (
+ "ENABLED" => $peers{$key}[0],
+ "TYPE" => $type,
+ "NAME" => $peers{$key}[2],
+ "PUBLIC_KEY" => $peers{$key}[3],
+ "PRIVATE_KEY" => $peers{$key}[4],
+ "PORT" => $peers{$key}[5],
+ "ENDPOINT_ADDR" => $peers{$key}[6],
+ "ENDPOINT_PORT" => $peers{$key}[7],
+ ($type eq "host") ? "CLIENT_ADDRESS" : "REMOTE_SUBNETS"
+ => &decode_subnets($peers{$key}[8]),
+ "REMARKS" => &decode_remarks($peers{$key}[9]),
+ "LOCAL_SUBNETS" => &decode_subnets($peers{$key}[10]),
+ "PSK" => $peers{$key}[11],
+ "KEEPALIVE" => $peers{$key}[12],
+ "INTERFACE" => ($type eq "host") ? "wg0" : "wg${key}",
+ );
+
+ return \%peer;
+}
+
+sub get_peer_by_name($) {
+ my $name = shift;
+
+ foreach my $key (keys %peers) {
+ my $peer = &load_peer($key);
+
+ # Return the peer if the name matches
+ if ($peer->{"NAME"} eq $name) {
+ return $peer;
+ }
+ }
+
+ # Return undefined if nothing was found
+ return undef;
+}
+
+sub name_is_valid($) {
+ my $name = shift;
+
+ # The name must be between 1 and 63 characters
+ if (length ($name) < 1 || length ($name) > 63) {
+ return 0;
+ }
+
+ # Only valid characters are a-z, A-Z, 0-9, space and -
+ if ($name !~ /^[a-zA-Z0-9 -]*$/) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub name_is_free($) {
+ my $name = shift;
+ my $key = shift || 0;
+
+ foreach my $i (keys %peers) {
+ # Skip the connection with ID
+ next if ($key eq $i);
+
+ # Return if we found a match
+ return 0 if ($peers{$i}[2] eq $name);
+ }
+
+ return 1;
+}
+
+sub key_is_valid($) {
+ my $key = shift;
+
+ # Try to decode the key
+ $key = &MIME::Base64::decode_base64($key);
+
+ # All keys must be 32 bytes long
+ return length($key) == 32;
+}
+
+sub keepalive_is_valid($) {
+ my $keepalive = shift;
+
+ # Must be a number
+ return 0 unless ($keepalive =~ m/^[0-9]+$/);
+
+ # Must be between 0 and 65535 (inclusive)
+ return 0 if ($keepalive lt 0);
+ return 0 if ($keepalive gt 65535);
+
+ return 1;
+}
+
+sub encode_remarks($) {
+ my $remarks = shift;
+
+ # Encode to Base64
+ $remarks = &MIME::Base64::encode_base64($remarks);
+
+ # Remove the trailing newline
+ chomp($remarks);
+
+ return $remarks;
+}
+
+sub decode_remarks($) {
+ my $remarks = shift;
+
+ # Decode from base64
+ return &MIME::Base64::decode_base64($remarks);
+}
+
+sub encode_subnets($) {
+ my @subnets = @_;
+
+ my @formatted = ();
+
+ # wg only handles the CIDR notation
+ foreach my $subnet (@subnets) {
+ my $netaddr = &Network::get_netaddress($subnet);
+ my $prefix = &Network::get_prefix($subnet);
+
+ next unless (defined $netaddr && defined $prefix);
+
+ push(@formatted, "${netaddr}/${prefix}");
+ }
+
+ # Join subnets together separated by |
+ return join("|", @formatted);
+}
+
+sub decode_subnets($) {
+ my $subnets = shift;
+
+ # Split the string
+ my @subnets = split(/\|/, $subnets);
+
+ return \@subnets;
+}
+
+sub pool_is_in_use($) {
+ my $pool = shift;
+
+ foreach my $key (keys %peers) {
+ my $type = $peers{$key}[1];
+ my $address = $peers{$key}[6];
+
+ # Check if a host is using an IP address from the pool
+ if ($type eq "host" && &Network::ip_address_in_network($address, $pool)) {
+ return 1;
+ }
+ }
+
+ # No match found
+ return 0;
+}
+
+# Takes the pool and an optional limit of up to how many addresses to return
+sub free_pool_addresses($$) {
+ my $pool = shift;
+ my $limit = shift || 0;
+
+ my @used_addresses = ();
+ my @free_addresses = ();
+
+ # Collect all used addresses
+ foreach my $key (keys %peers) {
+ my $type = $peers{$key}[1];
+ my $address = $peers{$key}[6];
+
+ # Only check hosts
+ next if ($type ne "host");
+
+ push(@used_addresses, &Network::ip2bin($address));
+ }
+
+ # Fetch the first address
+ my $address = &Network::get_netaddress($pool);
+
+ # Fetch the last address
+ my $broadcast = &Network::get_broadcast($pool);
+ $broadcast = &Network::ip2bin($broadcast);
+
+ # Walk through all addresses excluding the first and last address.
+ # No technical reason, we just don't want to confuse people.
+ OUTER: for (my $i = &Network::ip2bin($address) + 1; $i < $broadcast; $i++) {
+ # Skip any addresses that already in use
+ foreach my $used_address (@used_addresses) {
+ next OUTER if ($i == $used_address);
+ }
+
+ push(@free_addresses, &Network::bin2ip($i));
+
+ # Check limit
+ last if ($limit > 0 && scalar @free_addresses >= $limit);
+ }
+
+ return @free_addresses;
+}
+
+sub generate_peer_configuration($$) {
+ my $key = shift;
+ my $private_key = shift;
+
+ my @conf = ();
+
+ # Load the peer
+ my $peer = &load_peer($key);
+
+ # Return if we could not find the peer
+ return undef unless ($peer);
+
+ my @allowed_ips = ();
+
+ # Convert all subnets into CIDR notation
+ foreach my $subnet ($peer->{'LOCAL_SUBNETS'}) {
+ my $netaddress = &Network::get_netaddress($subnet);
+ my $prefix = &Network::get_prefix($subnet);
+
+ # Skip invalid subnets
+ next if (!defined $netaddress || !defined $prefix);
+
+ push(@allowed_ips, "${netaddress}/${prefix}");
+ }
+
+ # Fetch the endpoint
+ my $endpoint = &get_endpoint();
+
+ # Net-2-Net
+ if ($peer->{'TYPE'} eq "net") {
+ # Derive our own public key
+ my $public_key = &derive_public_key($peer->{'PRIVATE_KEY'});
+
+ push(@conf,
+ "[Interface]",
+ "PrivateKey = $private_key",
+ "Port = $peer->{'ENDPOINT_PORT'}",
+ "",
+ "[Peer]",
+ "Endpoint = ${endpoint}:$peer->{'PORT'}",
+ "PublicKey = $public_key",
+ "PresharedKey = $peer->{'PSK'}",
+ "AllowedIPs = " . join(", ", @allowed_ips),
+ "PersistentKeepalive = $peer->{'KEEPALIVE'}",
+ );
+
+ # Host-2-Net
+ } elsif ($peer->{'TYPE'} eq "host") {
+ # Fetch any DNS servers for hosts
+ my @dns = split(/\|/, $settings{'CLIENT_DNS'});
+
+ push(@conf,
+ "[Interface]",
+ "PrivateKey = $private_key",
+ "Address = $peer->{'CLIENT_ADDRESS'}",
+ );
+
+ # Optionally add DNS servers
+ if (scalar @dns) {
+ push(@conf, "DNS = " . join(", ", @dns));
+ }
+
+ # Finish the [Interface] section
+ push(@conf, "");
+
+ # Add peer configuration
+ push(@conf, (
+ "[Peer]",
+ "Endpoint = ${endpoint}:$settings{'PORT'}",
+ "PublicKey = $settings{'PUBLIC_KEY'}",
+ "PresharedKey = $peer->{'PSK'}",
+ "AllowedIPs = " . join(", ", @allowed_ips),
+ "PersistentKeepalive = $DEFAULT_KEEPALIVE",
+ ));
+ }
+
+ return join("\n", @conf);
+}
+
+sub parse_configuration($) {
+ my $fh = shift;
+
+ my %peer = ();
+
+ # Collect any errors
+ my @errormessages = ();
+
+ my $section = undef;
+ my $key = undef;
+ my $val = undef;
+
+ while (<$fh>) {
+ # Remove line breaks
+ chomp;
+
+ # Search for section headers
+ if ($_ =~ m/^\[(\w+)\]$/) {
+ $section = $1;
+ next;
+
+ # Search for key = value lines
+ } elsif ($_ =~ m/^(\w+)\s+=\s+(.*)$/) {
+ # Skip anything before the first section header
+ next unless (defined $section);
+
+ # Store keys and values
+ $key = $1;
+ $val = $2;
+
+ # Skip any unhandled lines
+ } else {
+ next;
+ }
+
+ # Interface section
+ if ($section eq "Interface") {
+ # Address
+ if ($key eq "Address") {
+ if (&Network::check_ip_address($val)) {
+ $peer{'CLIENT_ADDRESS'} = $val;
+ } else {
+ push(@errormessages, $Lang::tr{'invalid ip address'});
+ }
+
+ # PrivateKey
+ } elsif ($key eq "PrivateKey") {
+ if (&key_is_valid($val)) {
+ $peer{'PRIVATE_KEY'} = $val;
+ } else {
+ push(@errormessages, $Lang::tr{'malformed private key'});
+ }
+ }
+
+ # Peer section
+ } elsif ($section eq "Peer") {
+ # PublicKey
+ if ($key eq "PublicKey") {
+ if (&key_is_valid($val)) {
+ $peer{'PUBLIC_KEY'} = $val;
+ } else {
+ push(@errormessages, $Lang::tr{'malformed public key'});
+ }
+
+ # PresharedKey
+ } elsif ($key eq "PresharedKey") {
+ if (&key_is_valid($val)) {
+ $peer{'PSK'} = $val;
+ } else {
+ push(@errormessages, $Lang::tr{'malformed preshared key'});
+ }
+
+ # AllowedIPs
+ } elsif ($key eq "AllowedIPs") {
+ my @networks = split(/,/, $val);
+
+ # Check if all networks are valid
+ foreach my $network (@networks) {
+ unless (&Network::check_subnet($network)) {
+ push(@errormessages, $Lang::tr{'invalid network'} . " $network");
+ }
+ }
+
+ $peer{'REMOTE_SUBNETS'} = join(", ", @networks);
+ # Endpoint
+ } elsif ($key eq "Endpoint") {
+ my $address = $val;
+ my $port = $DEFAULT_PORT;
+
+ # Try to separate the port (if any)
+ if ($val =~ m/^(.*):(\d+)$/) {
+ $address = $1;
+ $port = $2;
+ }
+
+ # Check if we have a valid IP address
+ if (&Network::check_ip_address($address)) {
+ # nothing
+
+ # Check if we have a valid FQDN
+ } elsif (&General::validfqdn($address)) {
+ # nothing
+
+ # Otherwise this fails
+ } else {
+ push(@errormessages, $Lang::tr{'invalid endpoint address'});
+ next;
+ }
+
+ # Store the values
+ $peer{'ENDPOINT_ADDRESS'} = $address;
+ $peer{'ENDPOINT_PORT'} = $port;
+
+ # PersistentKeepalive
+ } elsif ($key eq "PersistentKeepalive") {
+ # Must be an integer
+ if ($val =~ m/^(\d+)$/) {
+ $peer{'KEEPALIVE'} = $1;
+ } else {
+ push(@errormessages, $Lang::tr{'invalid keepalive interval'});
+ }
+ }
+ }
+ }
+
+ return %peer, @errormessages;
+}
+
+sub get_free_port() {
+ my @used_ports = ();
+
+ my $tries = 100;
+
+ # Collect all ports that are already in use
+ foreach my $key (keys %peers) {
+ push(@used_ports, $peers{$key}[5]);
+ }
+
+ my ($port_start, $port_end) = @DEFAULT_PORTRANGE;
+
+ while ($tries-- > 0) {
+ my $port = $port_start + int(rand($port_end - $port_start));
+
+ # Return the port unless it is already in use
+ return $port unless (grep { $port == $_ } @used_ports);
+ }
+
+ return undef;
+}
+
+1;
diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index 7d35d56864..2dfc44a94e 100644
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -95,9 +95,9 @@ sub get_srvgrp_prot
my $icmp;
foreach my $key (sort {$a <=> $b} keys %customservicegrp){
if($customservicegrp{$key}[0] eq $val){
- if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){
+ if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){
$tcp=1;
- }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){
+ }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){
$udp=1;
}elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
$icmp=1;
@@ -112,7 +112,7 @@ sub get_srvgrp_prot
if ($icmp eq '1'){push (@ips,'ICMP');}
my $back=join(",",@ips);
return $back;
-
+
}
sub get_srv_port
{
@@ -147,7 +147,7 @@ sub get_srvgrp_port
}elsif ($prot eq 'ICMP'){
$back="--icmp-type ";
}
-
+
$back.=join(",",@ips);
return $back;
}
@@ -205,7 +205,7 @@ sub get_ovpn_host_ip
}
sub get_ovpn_net_ip
{
-
+
my $val=shift;
my $field=shift;
foreach my $key (sort {$a <=> $b} keys %ccdnet){
@@ -222,8 +222,8 @@ sub get_grp_ip
if ($customgrp{$key}[0] eq $val){
&get_address($customgrp{$key}[3],$src);
}
- }
-
+ }
+
}
sub get_std_net_ip
{
@@ -239,6 +239,8 @@ sub get_std_net_ip
return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
}elsif($val eq 'RED'){
return "0.0.0.0/0";
+ }elsif($val eq 'WGRW'){
+ return $Wireguard::settings{'CLIENT_POOL'};
}elsif($val =~ /OpenVPN/i){
return "$ovpnsettings{'DOVPN_SUBNET'}";
}elsif($val =~ /IPsec/i){
@@ -259,6 +261,12 @@ sub get_interface
if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){
return "$netsettings{'BLUE_DEV'}";
}
+
+ # Wireguard
+ if ($net eq $Wireguard::settings{'CLIENT_POOL'}) {
+ return "wg0";
+ }
+
if($net eq "0.0.0.0/0") {
return &get_external_interface();
}
@@ -270,7 +278,7 @@ sub get_net_ip
foreach my $key (sort {$a <=> $b} keys %customnetwork){
if($customnetwork{$key}[0] eq $val){
return "$customnetwork{$key}[1]/$customnetwork{$key}[2]";
- }
+ }
}
}
sub get_host_ip
@@ -288,7 +296,7 @@ sub get_host_ip
}elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){
return "none";
}
- }
+ }
}
}
sub get_addresses
@@ -385,6 +393,25 @@ sub get_address
push(@ret, [$host_address, ""]);
}
+ # WireGuard Peers
+ } elsif ($key eq 'wg_peer' || $key eq 'wg_peer_src' || $key eq 'wg_peer_tgt') {
+ my $peer = &Wireguard::get_peer_by_name($value);
+ if (defined $peer) {
+ my $remotes;
+
+ # Select the remote IP addresses
+ if ($peer->{'TYPE'} eq 'host') {
+ $remotes = $peer->{'CLIENT_ADDRESS'};
+ } elsif ($peer->{'TYPE'} eq 'net') {
+ $remotes = $peer->{'REMOTE_SUBNETS'};
+ }
+
+ # Add all remotes
+ foreach my $remote (@$remotes) {
+ push(@ret, [$remote, $peer->{'INTERFACE'}]);
+ }
+ }
+
# OpenVPN networks.
} elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) {
my $network_address = &get_ovpn_net_ip($value, 1);
diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index 21165e9338..872a921401 100755
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -54,6 +54,7 @@ esac
HAVE_IPSEC="true"
HAVE_OPENVPN="true"
+HAVE_WG="true"
# INPUT
@@ -97,6 +98,14 @@ case "${HAVE_OPENVPN},${POLICY}" in
;;
esac
+# WireGuard INPUT
+case "${HAVE_WG},${POLICY}" in
+ true,MODE1) ;;
+ true,*)
+ iptables -A POLICYIN -i wg+ -j ACCEPT
+ ;;
+esac
+
case "${FWPOLICY2}" in
REJECT)
if [ "${DROPINPUT}" = "on" ]; then
@@ -149,6 +158,9 @@ case "${POLICY}" in
# Grant access for OpenVPN connections
iptables -A POLICYFWD -i tun+ -j ACCEPT
+ # Grant access for WireGuard
+ iptables -A POLICYFWD -i wg+ -j ACCEPT
+
if [ -n "${IFACE}" ]; then
if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
iptables -A POLICYFWD -i "${BLUE_DEV}" -s "${BLUE_NETADDRESS}/${BLUE_NETMASK}" -o "${IFACE}" -j ACCEPT
diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources
index 0e26792d6b..b0b405357d 100644
--- a/config/ipblocklist/sources
+++ b/config/ipblocklist/sources
@@ -111,24 +111,6 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis
'parser' => 'ip-or-net-list',
'rate' => '30m',
'category' => 'attacker' },
- '3CORESEC_SSH' => { 'name' => '3CORESec SSH Activity Blocklist',
- 'url' => 'https://blacklist.3coresec.net/lists/ssh.txt',
- 'info' => 'https://blacklist.3coresec.net',
- 'parser' => 'ip-or-net-list',
- 'rate' => '1d',
- 'category' => 'attacker' },
- '3CORESEC_SCAN' => { 'name' => '3CORESec Scan and IDS Blocklist',
- 'url' => 'https://blacklist.3coresec.net/lists/misc.txt',
- 'info' => 'https://blacklist.3coresec.net',
- 'parser' => 'ip-or-net-list',
- 'rate' => '1d',
- 'category' => 'reputation' },
- '3CORESEC_WEB' => { 'name' => '3CORESec Web Server Activity Blocklist',
- 'url' => 'https://blacklist.3coresec.net/lists/http.txt',
- 'info' => 'https://blacklist.3coresec.net',
- 'parser' => 'ip-or-net-list',
- 'rate' => '1d',
- 'category' => 'attacker' },
'THREATVIEW_IO_IP' => { 'name' => 'Threatview.io Malicious IP Blocklist for known Bad IP addresses',
'url' => 'https://threatview.io/Downloads/IP-High-Confidence-Feed.txt',
'info' => 'https://threatview.io/#services',
diff --git a/config/menu/40-services.menu b/config/menu/40-services.menu
index 83ce3bc1f5..932a7f0339 100644
--- a/config/menu/40-services.menu
+++ b/config/menu/40-services.menu
@@ -4,6 +4,12 @@
'title' => "$Lang::tr{'virtual private networking'}",
'enabled' => 1,
};
+ $subservices->{'15.wireguard'} = {
+ 'caption' => $Lang::tr{'wireguard'},
+ 'uri' => '/cgi-bin/wireguard.cgi',
+ 'title' => "$Lang::tr{'wireguard'}",
+ 'enabled' => 1,
+ };
$subservices->{'20.openvpn'} = {
'caption' => 'OpenVPN',
'uri' => '/cgi-bin/ovpnmain.cgi',
diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index cc7833a180..12898701ab 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -92,6 +92,7 @@ etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
#etc/rc.d/rc0.d
etc/rc.d/rc0.d/K01grub-btrfsd
@@ -102,6 +103,7 @@ etc/rc.d/rc0.d/K30sshd
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
+etc/rc.d/rc0.d/K70wireguard
etc/rc.d/rc0.d/K77conntrackd
etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
@@ -133,6 +135,7 @@ etc/rc.d/rc3.d/S24cyrus-sasl
etc/rc.d/rc3.d/S30sshd
etc/rc.d/rc3.d/S32apache
etc/rc.d/rc3.d/S40fcron
+etc/rc.d/rc3.d/S50wireguard
etc/rc.d/rc3.d/S98rc.local
etc/rc.d/rc3.d/S99grub-btrfsd
#etc/rc.d/rc3.d/S99vdradmin
@@ -145,6 +148,7 @@ etc/rc.d/rc6.d/K30sshd
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
+etc/rc.d/rc6.d/K70wireguard
etc/rc.d/rc6.d/K77conntrackd
etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index 51472e7c51..df8af19abc 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -199,6 +199,10 @@ var/ipfire/vpn
#var/ipfire/vpn/settings
var/ipfire/wakeonlan
#var/ipfire/wakeonlan/clients.conf
+var/ipfire/wireguard
+#var/ipfire/wireguard/peers
+#var/ipfire/wireguard/settings
+var/ipfire/wireguard-functions.pl
var/ipfire/wireless
#var/ipfire/wireless/config
#var/ipfire/wireless/settings
diff --git a/config/rootfiles/common/fontconfig b/config/rootfiles/common/fontconfig
index 713fda6017..76cee2dfd6 100644
--- a/config/rootfiles/common/fontconfig
+++ b/config/rootfiles/common/fontconfig
@@ -36,7 +36,7 @@ usr/bin/fc-validate
#usr/include/fontconfig/fcfreetype.h
#usr/include/fontconfig/fcprivate.h
#usr/include/fontconfig/fontconfig.h
-#usr/lib/libfontconfig.la
+#usr/lib/libfontconfig.a
#usr/lib/libfontconfig.so
usr/lib/libfontconfig.so.1
usr/lib/libfontconfig.so.1.15.0
diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap
index 65d423ac7c..220b907c8e 100644
--- a/config/rootfiles/common/libcap
+++ b/config/rootfiles/common/libcap
@@ -6,10 +6,10 @@ sbin/setcap
#usr/include/sys/psx_syscall.h
#usr/lib/libcap.so
usr/lib/libcap.so.2
-usr/lib/libcap.so.2.75
+usr/lib/libcap.so.2.76
#usr/lib/libpsx.so
#usr/lib/libpsx.so.2
-usr/lib/libpsx.so.2.75
+usr/lib/libpsx.so.2.76
#usr/lib/pkgconfig/libcap.pc
#usr/lib/pkgconfig/libpsx.pc
#usr/lib/security
@@ -89,6 +89,7 @@ usr/lib/security/pam_cap.so
#usr/share/man/man3/psx_syscall3.3
#usr/share/man/man3/psx_syscall6.3
#usr/share/man/man5/capability.conf.5
+#usr/share/man/man7/cap_text_formats.7
#usr/share/man/man8/captree.8
#usr/share/man/man8/getcap.8
#usr/share/man/man8/getpcaps.8
diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error
index ec61ac1f8b..cf34b3bdb8 100644
--- a/config/rootfiles/common/libgpg-error
+++ b/config/rootfiles/common/libgpg-error
@@ -6,7 +6,7 @@ usr/bin/gpg-error
#usr/lib/libgpg-error.la
#usr/lib/libgpg-error.so
usr/lib/libgpg-error.so.0
-usr/lib/libgpg-error.so.0.38.0
+usr/lib/libgpg-error.so.0.39.2
#usr/lib/pkgconfig/gpg-error.pc
#usr/share/aclocal/gpg-error.m4
#usr/share/aclocal/gpgrt.m4
diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index d6594b3f8d..b92a1e32af 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -25,8 +25,8 @@ usr/local/bin/redctrl
usr/local/bin/setaliases
usr/local/bin/smartctrl
usr/local/bin/squidctrl
-usr/local/bin/suricatactrl
usr/local/bin/sshctrl
+usr/local/bin/suricatactrl
usr/local/bin/syslogdctrl
usr/local/bin/timectrl
#usr/local/bin/torctrl
@@ -35,6 +35,7 @@ usr/local/bin/updxlratorctrl
usr/local/bin/urlfilterctrl
#usr/local/bin/wiohelper
#usr/local/bin/wioscan
+usr/local/bin/wireguardctrl
usr/local/bin/wirelessclient
usr/local/bin/wirelessctrl
#usr/local/bin/wlanapctrl
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
index d256513485..85dd5dd2dd 100644
--- a/config/rootfiles/common/openssh
+++ b/config/rootfiles/common/openssh
@@ -21,6 +21,7 @@ usr/lib/openssh/sftp-server
usr/lib/openssh/ssh-keysign
usr/lib/openssh/ssh-pkcs11-helper
usr/lib/openssh/ssh-sk-helper
+usr/lib/openssh/sshd-auth
usr/lib/openssh/sshd-session
usr/sbin/sshd
#usr/share/man/man1/scp.1
diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index 9773c0fa1c..8c154485e6 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -15,7 +15,6 @@ usr/bin/openssl
#usr/include/openssl
#usr/include/openssl/aes.h
#usr/include/openssl/asn1.h
-#usr/include/openssl/asn1_mac.h
#usr/include/openssl/asn1err.h
#usr/include/openssl/asn1t.h
#usr/include/openssl/async.h
@@ -27,6 +26,7 @@ usr/bin/openssl
#usr/include/openssl/bnerr.h
#usr/include/openssl/buffer.h
#usr/include/openssl/buffererr.h
+#usr/include/openssl/byteorder.h
#usr/include/openssl/camellia.h
#usr/include/openssl/cast.h
#usr/include/openssl/cmac.h
@@ -93,6 +93,7 @@ usr/bin/openssl
#usr/include/openssl/md4.h
#usr/include/openssl/md5.h
#usr/include/openssl/mdc2.h
+#usr/include/openssl/ml_kem.h
#usr/include/openssl/modes.h
#usr/include/openssl/obj_mac.h
#usr/include/openssl/objects.h
@@ -225,6 +226,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man1/openssl-s_server.html
#usr/share/doc/openssl/html/man1/openssl-s_time.html
#usr/share/doc/openssl/html/man1/openssl-sess_id.html
+#usr/share/doc/openssl/html/man1/openssl-skeyutl.html
#usr/share/doc/openssl/html/man1/openssl-smime.html
#usr/share/doc/openssl/html/man1/openssl-speed.html
#usr/share/doc/openssl/html/man1/openssl-spkac.html
@@ -462,6 +464,8 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html
#usr/share/doc/openssl/html/man3/EVP_RAND.html
#usr/share/doc/openssl/html/man3/EVP_SIGNATURE.html
+#usr/share/doc/openssl/html/man3/EVP_SKEY.html
+#usr/share/doc/openssl/html/man3/EVP_SKEYMGMT.html
#usr/share/doc/openssl/html/man3/EVP_SealInit.html
#usr/share/doc/openssl/html/man3/EVP_SignInit.html
#usr/share/doc/openssl/html/man3/EVP_VerifyInit.html
@@ -516,6 +520,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/OPENSSL_init_ssl.html
#usr/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html
#usr/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html
+#usr/share/doc/openssl/html/man3/OPENSSL_load_u16_le.html
#usr/share/doc/openssl/html/man3/OPENSSL_malloc.html
#usr/share/doc/openssl/html/man3/OPENSSL_riscvcap.html
#usr/share/doc/openssl/html/man3/OPENSSL_s390xcap.html
@@ -568,6 +573,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/OSSL_PARAM_allocate_from_text.html
#usr/share/doc/openssl/html/man3/OSSL_PARAM_dup.html
#usr/share/doc/openssl/html/man3/OSSL_PARAM_int.html
+#usr/share/doc/openssl/html/man3/OSSL_PARAM_print_to_bio.html
#usr/share/doc/openssl/html/man3/OSSL_PROVIDER.html
#usr/share/doc/openssl/html/man3/OSSL_QUIC_client_method.html
#usr/share/doc/openssl/html/man3/OSSL_SELF_TEST_new.html
@@ -703,6 +709,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html
+#usr/share/doc/openssl/html/man3/SSL_CTX_set_domain_flags.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html
@@ -710,6 +717,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_mode.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html
+#usr/share/doc/openssl/html/man3/SSL_CTX_set_new_pending_conn_cb.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_options.html
#usr/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html
@@ -798,6 +806,8 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/SSL_library_init.html
#usr/share/doc/openssl/html/man3/SSL_load_client_CA_file.html
#usr/share/doc/openssl/html/man3/SSL_new.html
+#usr/share/doc/openssl/html/man3/SSL_new_domain.html
+#usr/share/doc/openssl/html/man3/SSL_new_listener.html
#usr/share/doc/openssl/html/man3/SSL_new_stream.html
#usr/share/doc/openssl/html/man3/SSL_pending.html
#usr/share/doc/openssl/html/man3/SSL_poll.html
@@ -815,6 +825,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/SSL_set_default_stream_mode.html
#usr/share/doc/openssl/html/man3/SSL_set_fd.html
#usr/share/doc/openssl/html/man3/SSL_set_incoming_stream_policy.html
+#usr/share/doc/openssl/html/man3/SSL_set_quic_tls_cbs.html
#usr/share/doc/openssl/html/man3/SSL_set_retry_verify.html
#usr/share/doc/openssl/html/man3/SSL_set_session.html
#usr/share/doc/openssl/html/man3/SSL_set_session_secret_cb.html
@@ -940,6 +951,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man7/EVP_KDF-X942-CONCAT.html
#usr/share/doc/openssl/html/man7/EVP_KDF-X963.html
#usr/share/doc/openssl/html/man7/EVP_KEM-EC.html
+#usr/share/doc/openssl/html/man7/EVP_KEM-ML-KEM.html
#usr/share/doc/openssl/html/man7/EVP_KEM-RSA.html
#usr/share/doc/openssl/html/man7/EVP_KEM-X25519.html
#usr/share/doc/openssl/html/man7/EVP_KEYEXCH-DH.html
@@ -973,7 +985,10 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man7/EVP_PKEY-EC.html
#usr/share/doc/openssl/html/man7/EVP_PKEY-FFC.html
#usr/share/doc/openssl/html/man7/EVP_PKEY-HMAC.html
+#usr/share/doc/openssl/html/man7/EVP_PKEY-ML-DSA.html
+#usr/share/doc/openssl/html/man7/EVP_PKEY-ML-KEM.html
#usr/share/doc/openssl/html/man7/EVP_PKEY-RSA.html
+#usr/share/doc/openssl/html/man7/EVP_PKEY-SLH-DSA.html
#usr/share/doc/openssl/html/man7/EVP_PKEY-SM2.html
#usr/share/doc/openssl/html/man7/EVP_PKEY-X25519.html
#usr/share/doc/openssl/html/man7/EVP_RAND-CRNG-TEST.html
@@ -988,7 +1003,9 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man7/EVP_SIGNATURE-ECDSA.html
#usr/share/doc/openssl/html/man7/EVP_SIGNATURE-ED25519.html
#usr/share/doc/openssl/html/man7/EVP_SIGNATURE-HMAC.html
+#usr/share/doc/openssl/html/man7/EVP_SIGNATURE-ML-DSA.html
#usr/share/doc/openssl/html/man7/EVP_SIGNATURE-RSA.html
+#usr/share/doc/openssl/html/man7/EVP_SIGNATURE-SLH-DSA.html
#usr/share/doc/openssl/html/man7/OSSL_PROVIDER-FIPS.html
#usr/share/doc/openssl/html/man7/OSSL_PROVIDER-base.html
#usr/share/doc/openssl/html/man7/OSSL_PROVIDER-default.html
@@ -1022,6 +1039,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man7/openssl-env.html
#usr/share/doc/openssl/html/man7/openssl-glossary.html
#usr/share/doc/openssl/html/man7/openssl-qlog.html
+#usr/share/doc/openssl/html/man7/openssl-quic-concurrency.html
#usr/share/doc/openssl/html/man7/openssl-quic.html
#usr/share/doc/openssl/html/man7/openssl-threads.html
#usr/share/doc/openssl/html/man7/openssl_user_macros.html
@@ -1034,6 +1052,8 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man7/ossl-guide-quic-client-non-block.html
#usr/share/doc/openssl/html/man7/ossl-guide-quic-introduction.html
#usr/share/doc/openssl/html/man7/ossl-guide-quic-multi-stream.html
+#usr/share/doc/openssl/html/man7/ossl-guide-quic-server-block.html
+#usr/share/doc/openssl/html/man7/ossl-guide-quic-server-non-block.html
#usr/share/doc/openssl/html/man7/ossl-guide-tls-client-block.html
#usr/share/doc/openssl/html/man7/ossl-guide-tls-client-non-block.html
#usr/share/doc/openssl/html/man7/ossl-guide-tls-introduction.html
@@ -1056,6 +1076,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man7/provider-object.html
#usr/share/doc/openssl/html/man7/provider-rand.html
#usr/share/doc/openssl/html/man7/provider-signature.html
+#usr/share/doc/openssl/html/man7/provider-skeymgmt.html
#usr/share/doc/openssl/html/man7/provider-storemgmt.html
#usr/share/doc/openssl/html/man7/provider.html
#usr/share/doc/openssl/html/man7/proxy-certificates.html
@@ -1133,6 +1154,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man1/openssl-s_server.1ossl
#usr/share/man/man1/openssl-s_time.1ossl
#usr/share/man/man1/openssl-sess_id.1ossl
+#usr/share/man/man1/openssl-skeyutl.1ossl
#usr/share/man/man1/openssl-smime.1ossl
#usr/share/man/man1/openssl-speed.1ossl
#usr/share/man/man1/openssl-spkac.1ossl
@@ -1395,6 +1417,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/BIO_dgram_get_peer.3ossl
#usr/share/man/man3/BIO_dgram_recv_timedout.3ossl
#usr/share/man/man3/BIO_dgram_send_timedout.3ossl
+#usr/share/man/man3/BIO_dgram_set0_local_addr.3ossl
#usr/share/man/man3/BIO_dgram_set_caps.3ossl
#usr/share/man/man3/BIO_dgram_set_local_addr_enable.3ossl
#usr/share/man/man3/BIO_dgram_set_mtu.3ossl
@@ -1797,6 +1820,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/CMS_EnvelopedData_create.3ossl
#usr/share/man/man3/CMS_EnvelopedData_create_ex.3ossl
#usr/share/man/man3/CMS_EnvelopedData_decrypt.3ossl
+#usr/share/man/man3/CMS_EnvelopedData_dup.3ossl
#usr/share/man/man3/CMS_EnvelopedData_it.3ossl
#usr/share/man/man3/CMS_ReceiptRequest_create0.3ossl
#usr/share/man/man3/CMS_ReceiptRequest_create0_ex.3ossl
@@ -2562,6 +2586,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/EVP_CIPHER_CTX_type.3ossl
#usr/share/man/man3/EVP_CIPHER_asn1_to_param.3ossl
#usr/share/man/man3/EVP_CIPHER_block_size.3ossl
+#usr/share/man/man3/EVP_CIPHER_can_pipeline.3ossl
#usr/share/man/man3/EVP_CIPHER_do_all_provided.3ossl
#usr/share/man/man3/EVP_CIPHER_fetch.3ossl
#usr/share/man/man3/EVP_CIPHER_flags.3ossl
@@ -2612,8 +2637,13 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/EVP_CipherFinal.3ossl
#usr/share/man/man3/EVP_CipherFinal_ex.3ossl
#usr/share/man/man3/EVP_CipherInit.3ossl
+#usr/share/man/man3/EVP_CipherInit_SKEY.3ossl
#usr/share/man/man3/EVP_CipherInit_ex.3ossl
#usr/share/man/man3/EVP_CipherInit_ex2.3ossl
+#usr/share/man/man3/EVP_CipherPipelineDecryptInit.3ossl
+#usr/share/man/man3/EVP_CipherPipelineEncryptInit.3ossl
+#usr/share/man/man3/EVP_CipherPipelineFinal.3ossl
+#usr/share/man/man3/EVP_CipherPipelineUpdate.3ossl
#usr/share/man/man3/EVP_CipherUpdate.3ossl
#usr/share/man/man3/EVP_DecodeBlock.3ossl
#usr/share/man/man3/EVP_DecodeFinal.3ossl
@@ -2745,6 +2775,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/EVP_MAC_gettable_ctx_params.3ossl
#usr/share/man/man3/EVP_MAC_gettable_params.3ossl
#usr/share/man/man3/EVP_MAC_init.3ossl
+#usr/share/man/man3/EVP_MAC_init_SKEY.3ossl
#usr/share/man/man3/EVP_MAC_is_a.3ossl
#usr/share/man/man3/EVP_MAC_names_do_all.3ossl
#usr/share/man/man3/EVP_MAC_settable_ctx_params.3ossl
@@ -3245,6 +3276,31 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/EVP_SIGNATURE_names_do_all.3ossl
#usr/share/man/man3/EVP_SIGNATURE_settable_ctx_params.3ossl
#usr/share/man/man3/EVP_SIGNATURE_up_ref.3ossl
+#usr/share/man/man3/EVP_SKEY.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_do_all_provided.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_fetch.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_free.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_get0_description.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_get0_gen_settable_params.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_get0_imp_settable_params.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_get0_name.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_get0_provider.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_is_a.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_names_do_all.3ossl
+#usr/share/man/man3/EVP_SKEYMGMT_up_ref.3ossl
+#usr/share/man/man3/EVP_SKEY_export.3ossl
+#usr/share/man/man3/EVP_SKEY_free.3ossl
+#usr/share/man/man3/EVP_SKEY_generate.3ossl
+#usr/share/man/man3/EVP_SKEY_get0_key_id.3ossl
+#usr/share/man/man3/EVP_SKEY_get0_provider_name.3ossl
+#usr/share/man/man3/EVP_SKEY_get0_raw_key.3ossl
+#usr/share/man/man3/EVP_SKEY_get0_skeymgmt_name.3ossl
+#usr/share/man/man3/EVP_SKEY_import.3ossl
+#usr/share/man/man3/EVP_SKEY_import_raw_key.3ossl
+#usr/share/man/man3/EVP_SKEY_is_a.3ossl
+#usr/share/man/man3/EVP_SKEY_to_provider.3ossl
+#usr/share/man/man3/EVP_SKEY_up_ref.3ossl
#usr/share/man/man3/EVP_SealFinal.3ossl
#usr/share/man/man3/EVP_SealInit.3ossl
#usr/share/man/man3/EVP_SealUpdate.3ossl
@@ -3398,6 +3454,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/EVP_des_ofb.3ossl
#usr/share/man/man3/EVP_desx_cbc.3ossl
#usr/share/man/man3/EVP_enc_null.3ossl
+#usr/share/man/man3/EVP_get1_default_properties.3ossl
#usr/share/man/man3/EVP_get_cipherbyname.3ossl
#usr/share/man/man3/EVP_get_cipherbynid.3ossl
#usr/share/man/man3/EVP_get_cipherbyobj.3ossl
@@ -3714,6 +3771,12 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OPENSSL_instrument_bus.3ossl
#usr/share/man/man3/OPENSSL_instrument_bus2.3ossl
#usr/share/man/man3/OPENSSL_load_builtin_modules.3ossl
+#usr/share/man/man3/OPENSSL_load_u16_be.3ossl
+#usr/share/man/man3/OPENSSL_load_u16_le.3ossl
+#usr/share/man/man3/OPENSSL_load_u32_be.3ossl
+#usr/share/man/man3/OPENSSL_load_u32_le.3ossl
+#usr/share/man/man3/OPENSSL_load_u64_be.3ossl
+#usr/share/man/man3/OPENSSL_load_u64_le.3ossl
#usr/share/man/man3/OPENSSL_malloc.3ossl
#usr/share/man/man3/OPENSSL_malloc_init.3ossl
#usr/share/man/man3/OPENSSL_mem_debug_pop.3ossl
@@ -3753,6 +3816,12 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OPENSSL_sk_unshift.3ossl
#usr/share/man/man3/OPENSSL_sk_value.3ossl
#usr/share/man/man3/OPENSSL_sk_zero.3ossl
+#usr/share/man/man3/OPENSSL_store_u16_be.3ossl
+#usr/share/man/man3/OPENSSL_store_u16_le.3ossl
+#usr/share/man/man3/OPENSSL_store_u32_be.3ossl
+#usr/share/man/man3/OPENSSL_store_u32_le.3ossl
+#usr/share/man/man3/OPENSSL_store_u64_be.3ossl
+#usr/share/man/man3/OPENSSL_store_u64_le.3ossl
#usr/share/man/man3/OPENSSL_strcasecmp.3ossl
#usr/share/man/man3/OPENSSL_strdup.3ossl
#usr/share/man/man3/OPENSSL_strlcat.3ossl
@@ -3768,10 +3837,43 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OPENSSL_version_patch.3ossl
#usr/share/man/man3/OPENSSL_version_pre_release.3ossl
#usr/share/man/man3/OPENSSL_zalloc.3ossl
+#usr/share/man/man3/OSSL_AA_DIST_POINT_free.3ossl
+#usr/share/man/man3/OSSL_AA_DIST_POINT_it.3ossl
+#usr/share/man/man3/OSSL_AA_DIST_POINT_new.3ossl
#usr/share/man/man3/OSSL_ALGORITHM.3ossl
+#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_CHOICE_free.3ossl
+#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_CHOICE_it.3ossl
+#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_CHOICE_new.3ossl
+#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_ITEM_free.3ossl
+#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_ITEM_it.3ossl
+#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_ITEM_new.3ossl
+#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_SYNTAX_free.3ossl
+#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_SYNTAX_it.3ossl
+#usr/share/man/man3/OSSL_ALLOWED_ATTRIBUTES_SYNTAX_new.3ossl
+#usr/share/man/man3/OSSL_ATAV_free.3ossl
+#usr/share/man/man3/OSSL_ATAV_it.3ossl
+#usr/share/man/man3/OSSL_ATAV_new.3ossl
#usr/share/man/man3/OSSL_ATTRIBUTES_SYNTAX_free.3ossl
#usr/share/man/man3/OSSL_ATTRIBUTES_SYNTAX_it.3ossl
#usr/share/man/man3/OSSL_ATTRIBUTES_SYNTAX_new.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_DESCRIPTOR_free.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_DESCRIPTOR_it.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_DESCRIPTOR_new.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPINGS_free.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPINGS_it.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPINGS_new.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPING_free.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPING_it.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_MAPPING_new.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_TYPE_MAPPING_free.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_TYPE_MAPPING_it.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_TYPE_MAPPING_new.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_VALUE_MAPPING_free.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_VALUE_MAPPING_it.3ossl
+#usr/share/man/man3/OSSL_ATTRIBUTE_VALUE_MAPPING_new.3ossl
+#usr/share/man/man3/OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_free.3ossl
+#usr/share/man/man3/OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_it.3ossl
+#usr/share/man/man3/OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_new.3ossl
#usr/share/man/man3/OSSL_BASIC_ATTR_CONSTRAINTS_free.3ossl
#usr/share/man/man3/OSSL_BASIC_ATTR_CONSTRAINTS_it.3ossl
#usr/share/man/man3/OSSL_BASIC_ATTR_CONSTRAINTS_new.3ossl
@@ -3982,6 +4084,13 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_CRMF_CERTTEMPLATE_get0_subject.3ossl
#usr/share/man/man3/OSSL_CRMF_CERTTEMPLATE_it.3ossl
#usr/share/man/man3/OSSL_CRMF_CERTTEMPLATE_new.3ossl
+#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_free.3ossl
+#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_get1_encCert.3ossl
+#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_get1_pkey.3ossl
+#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_init_envdata.3ossl
+#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_it.3ossl
+#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDKEY_new.3ossl
+#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDVALUE_decrypt.3ossl
#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDVALUE_free.3ossl
#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert.3ossl
#usr/share/man/man3/OSSL_CRMF_ENCRYPTEDVALUE_it.3ossl
@@ -3991,6 +4100,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_CRMF_MSGS_new.3ossl
#usr/share/man/man3/OSSL_CRMF_MSGS_verify_popo.3ossl
#usr/share/man/man3/OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo.3ossl
+#usr/share/man/man3/OSSL_CRMF_MSG_centralkeygen_requested.3ossl
#usr/share/man/man3/OSSL_CRMF_MSG_create_popo.3ossl
#usr/share/man/man3/OSSL_CRMF_MSG_dup.3ossl
#usr/share/man/man3/OSSL_CRMF_MSG_free.3ossl
@@ -4029,6 +4139,12 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_CRMF_SINGLEPUBINFO_new.3ossl
#usr/share/man/man3/OSSL_CRMF_pbm_new.3ossl
#usr/share/man/man3/OSSL_CRMF_pbmp_new.3ossl
+#usr/share/man/man3/OSSL_DAY_TIME_BAND_free.3ossl
+#usr/share/man/man3/OSSL_DAY_TIME_BAND_it.3ossl
+#usr/share/man/man3/OSSL_DAY_TIME_BAND_new.3ossl
+#usr/share/man/man3/OSSL_DAY_TIME_free.3ossl
+#usr/share/man/man3/OSSL_DAY_TIME_it.3ossl
+#usr/share/man/man3/OSSL_DAY_TIME_new.3ossl
#usr/share/man/man3/OSSL_DECODER.3ossl
#usr/share/man/man3/OSSL_DECODER_CLEANUP.3ossl
#usr/share/man/man3/OSSL_DECODER_CONSTRUCT.3ossl
@@ -4129,7 +4245,16 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_ESS_check_signing_certs.3ossl
#usr/share/man/man3/OSSL_ESS_signing_cert_new_init.3ossl
#usr/share/man/man3/OSSL_ESS_signing_cert_v2_new_init.3ossl
+#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_alert_fn.3ossl
+#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_crypto_recv_rcd_fn.3ossl
+#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_crypto_release_rcd_fn.3ossl
+#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_crypto_send_fn.3ossl
+#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn.3ossl
+#usr/share/man/man3/OSSL_FUNC_SSL_QUIC_TLS_yield_secret_fn.3ossl
#usr/share/man/man3/OSSL_GENERAL_NAMES_print.3ossl
+#usr/share/man/man3/OSSL_HASH_free.3ossl
+#usr/share/man/man3/OSSL_HASH_it.3ossl
+#usr/share/man/man3/OSSL_HASH_new.3ossl
#usr/share/man/man3/OSSL_HPKE_CTX_free.3ossl
#usr/share/man/man3/OSSL_HPKE_CTX_get_seq.3ossl
#usr/share/man/man3/OSSL_HPKE_CTX_new.3ossl
@@ -4190,6 +4315,12 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_IETF_ATTR_SYNTAX_set0_policyAuthority.3ossl
#usr/share/man/man3/OSSL_INDICATOR_get_callback.3ossl
#usr/share/man/man3/OSSL_INDICATOR_set_callback.3ossl
+#usr/share/man/man3/OSSL_INFO_SYNTAX_POINTER_free.3ossl
+#usr/share/man/man3/OSSL_INFO_SYNTAX_POINTER_it.3ossl
+#usr/share/man/man3/OSSL_INFO_SYNTAX_POINTER_new.3ossl
+#usr/share/man/man3/OSSL_INFO_SYNTAX_free.3ossl
+#usr/share/man/man3/OSSL_INFO_SYNTAX_it.3ossl
+#usr/share/man/man3/OSSL_INFO_SYNTAX_new.3ossl
#usr/share/man/man3/OSSL_ISSUER_SERIAL_free.3ossl
#usr/share/man/man3/OSSL_ISSUER_SERIAL_get0_issuer.3ossl
#usr/share/man/man3/OSSL_ISSUER_SERIAL_get0_issuerUID.3ossl
@@ -4210,6 +4341,9 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_LIB_CTX_new_from_dispatch.3ossl
#usr/share/man/man3/OSSL_LIB_CTX_set0_default.3ossl
#usr/share/man/man3/OSSL_LIB_CTX_set_conf_diagnostics.3ossl
+#usr/share/man/man3/OSSL_NAMED_DAY_free.3ossl
+#usr/share/man/man3/OSSL_NAMED_DAY_it.3ossl
+#usr/share/man/man3/OSSL_NAMED_DAY_new.3ossl
#usr/share/man/man3/OSSL_OBJECT_DIGEST_INFO_free.3ossl
#usr/share/man/man3/OSSL_OBJECT_DIGEST_INFO_get0_digest.3ossl
#usr/share/man/man3/OSSL_OBJECT_DIGEST_INFO_new.3ossl
@@ -4289,6 +4423,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_PARAM_modified.3ossl
#usr/share/man/man3/OSSL_PARAM_octet_ptr.3ossl
#usr/share/man/man3/OSSL_PARAM_octet_string.3ossl
+#usr/share/man/man3/OSSL_PARAM_print_to_bio.3ossl
#usr/share/man/man3/OSSL_PARAM_set_BN.3ossl
#usr/share/man/man3/OSSL_PARAM_set_all_unmodified.3ossl
#usr/share/man/man3/OSSL_PARAM_set_double.3ossl
@@ -4315,15 +4450,21 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_PARAM_utf8_ptr.3ossl
#usr/share/man/man3/OSSL_PARAM_utf8_string.3ossl
#usr/share/man/man3/OSSL_PASSPHRASE_CALLBACK.3ossl
+#usr/share/man/man3/OSSL_PRIVILEGE_POLICY_ID_free.3ossl
+#usr/share/man/man3/OSSL_PRIVILEGE_POLICY_ID_it.3ossl
+#usr/share/man/man3/OSSL_PRIVILEGE_POLICY_ID_new.3ossl
#usr/share/man/man3/OSSL_PROVIDER.3ossl
#usr/share/man/man3/OSSL_PROVIDER_add_builtin.3ossl
+#usr/share/man/man3/OSSL_PROVIDER_add_conf_parameter.3ossl
#usr/share/man/man3/OSSL_PROVIDER_available.3ossl
+#usr/share/man/man3/OSSL_PROVIDER_conf_get_bool.3ossl
#usr/share/man/man3/OSSL_PROVIDER_do_all.3ossl
#usr/share/man/man3/OSSL_PROVIDER_get0_default_search_path.3ossl
#usr/share/man/man3/OSSL_PROVIDER_get0_dispatch.3ossl
#usr/share/man/man3/OSSL_PROVIDER_get0_name.3ossl
#usr/share/man/man3/OSSL_PROVIDER_get0_provider_ctx.3ossl
#usr/share/man/man3/OSSL_PROVIDER_get_capabilities.3ossl
+#usr/share/man/man3/OSSL_PROVIDER_get_conf_parameters.3ossl
#usr/share/man/man3/OSSL_PROVIDER_get_params.3ossl
#usr/share/man/man3/OSSL_PROVIDER_gettable_params.3ossl
#usr/share/man/man3/OSSL_PROVIDER_load.3ossl
@@ -4358,6 +4499,13 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT.3ossl
#usr/share/man/man3/OSSL_QUIC_client_method.3ossl
#usr/share/man/man3/OSSL_QUIC_client_thread_method.3ossl
+#usr/share/man/man3/OSSL_QUIC_server_method.3ossl
+#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_SYNTAX_free.3ossl
+#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_SYNTAX_it.3ossl
+#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_SYNTAX_new.3ossl
+#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_free.3ossl
+#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_it.3ossl
+#usr/share/man/man3/OSSL_ROLE_SPEC_CERT_ID_new.3ossl
#usr/share/man/man3/OSSL_SELF_TEST_free.3ossl
#usr/share/man/man3/OSSL_SELF_TEST_get_callback.3ossl
#usr/share/man/man3/OSSL_SELF_TEST_new.3ossl
@@ -4469,6 +4617,30 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OSSL_TARGET_new.3ossl
#usr/share/man/man3/OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN.3ossl
#usr/share/man/man3/OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL.3ossl
+#usr/share/man/man3/OSSL_TIME_PERIOD_free.3ossl
+#usr/share/man/man3/OSSL_TIME_PERIOD_it.3ossl
+#usr/share/man/man3/OSSL_TIME_PERIOD_new.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_ABSOLUTE_free.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_ABSOLUTE_it.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_ABSOLUTE_new.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_DAY_free.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_DAY_it.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_DAY_new.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_MONTH_free.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_MONTH_it.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_MONTH_new.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_TIME_free.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_TIME_it.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_TIME_new.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_WEEKS_free.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_WEEKS_it.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_WEEKS_new.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_X_DAY_OF_free.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_X_DAY_OF_it.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_X_DAY_OF_new.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_free.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_it.3ossl
+#usr/share/man/man3/OSSL_TIME_SPEC_new.3ossl
#usr/share/man/man3/OSSL_TRACE.3ossl
#usr/share/man/man3/OSSL_TRACE1.3ossl
#usr/share/man/man3/OSSL_TRACE2.3ossl
@@ -4525,6 +4697,9 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/PBMAC1PARAM_it.3ossl
#usr/share/man/man3/PBMAC1PARAM_new.3ossl
#usr/share/man/man3/PBMAC1_get1_pbkdf2_param.3ossl
+#usr/share/man/man3/PEM_ASN1_write.3ossl
+#usr/share/man/man3/PEM_ASN1_write_bio.3ossl
+#usr/share/man/man3/PEM_ASN1_write_bio_ctx.3ossl
#usr/share/man/man3/PEM_FLAG_EAY_COMPATIBLE.3ossl
#usr/share/man/man3/PEM_FLAG_ONLY_B64.3ossl
#usr/share/man/man3/PEM_FLAG_SECURE.3ossl
@@ -4857,6 +5032,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/RAND_seed.3ossl
#usr/share/man/man3/RAND_set0_private.3ossl
#usr/share/man/man3/RAND_set0_public.3ossl
+#usr/share/man/man3/RAND_set1_random_provider.3ossl
#usr/share/man/man3/RAND_set_DRBG_type.3ossl
#usr/share/man/man3/RAND_set_rand_method.3ossl
#usr/share/man/man3/RAND_set_seed_source_type.3ossl
@@ -5064,6 +5240,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SRP_user_pwd_set0_sv.3ossl
#usr/share/man/man3/SRP_user_pwd_set1_ids.3ossl
#usr/share/man/man3/SRP_user_pwd_set_gN.3ossl
+#usr/share/man/man3/SSL_ACCEPT_CONNECTION_NO_BLOCK.3ossl
#usr/share/man/man3/SSL_ACCEPT_STREAM_NO_BLOCK.3ossl
#usr/share/man/man3/SSL_CIPHER_description.3ossl
#usr/share/man/man3/SSL_CIPHER_find.3ossl
@@ -5132,6 +5309,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_CTX_get0_chain_cert_store.3ossl
#usr/share/man/man3/SSL_CTX_get0_chain_certs.3ossl
#usr/share/man/man3/SSL_CTX_get0_client_cert_type.3ossl
+#usr/share/man/man3/SSL_CTX_get0_implemented_groups.3ossl
#usr/share/man/man3/SSL_CTX_get0_param.3ossl
#usr/share/man/man3/SSL_CTX_get0_security_ex_data.3ossl
#usr/share/man/man3/SSL_CTX_get0_server_cert_type.3ossl
@@ -5145,6 +5323,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_CTX_get_default_passwd_cb.3ossl
#usr/share/man/man3/SSL_CTX_get_default_passwd_cb_userdata.3ossl
#usr/share/man/man3/SSL_CTX_get_default_read_ahead.3ossl
+#usr/share/man/man3/SSL_CTX_get_domain_flags.3ossl
#usr/share/man/man3/SSL_CTX_get_ex_data.3ossl
#usr/share/man/man3/SSL_CTX_get_ex_new_index.3ossl
#usr/share/man/man3/SSL_CTX_get_extra_chain_certs.3ossl
@@ -5257,6 +5436,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_CTX_set_default_verify_paths.3ossl
#usr/share/man/man3/SSL_CTX_set_default_verify_store.3ossl
#usr/share/man/man3/SSL_CTX_set_dh_auto.3ossl
+#usr/share/man/man3/SSL_CTX_set_domain_flags.3ossl
#usr/share/man/man3/SSL_CTX_set_ecdh_auto.3ossl
#usr/share/man/man3/SSL_CTX_set_ex_data.3ossl
#usr/share/man/man3/SSL_CTX_set_generate_session_id.3ossl
@@ -5271,6 +5451,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_CTX_set_mode.3ossl
#usr/share/man/man3/SSL_CTX_set_msg_callback.3ossl
#usr/share/man/man3/SSL_CTX_set_msg_callback_arg.3ossl
+#usr/share/man/man3/SSL_CTX_set_new_pending_conn_cb.3ossl
#usr/share/man/man3/SSL_CTX_set_next_proto_select_cb.3ossl
#usr/share/man/man3/SSL_CTX_set_next_protos_advertised_cb.3ossl
#usr/share/man/man3/SSL_CTX_set_num_tickets.3ossl
@@ -5337,6 +5518,11 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_DEFAULT_STREAM_MODE_AUTO_BIDI.3ossl
#usr/share/man/man3/SSL_DEFAULT_STREAM_MODE_AUTO_UNI.3ossl
#usr/share/man/man3/SSL_DEFAULT_STREAM_MODE_NONE.3ossl
+#usr/share/man/man3/SSL_DOMAIN_FLAG_BLOCKING.3ossl
+#usr/share/man/man3/SSL_DOMAIN_FLAG_LEGACY_BLOCKING.3ossl
+#usr/share/man/man3/SSL_DOMAIN_FLAG_MULTI_THREAD.3ossl
+#usr/share/man/man3/SSL_DOMAIN_FLAG_SINGLE_THREAD.3ossl
+#usr/share/man/man3/SSL_DOMAIN_FLAG_THREAD_ASSISTED.3ossl
#usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_ACCEPT.3ossl
#usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_AUTO.3ossl
#usr/share/man/man3/SSL_INCOMING_STREAM_POLICY_REJECT.3ossl
@@ -5440,6 +5626,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_VALUE_STREAM_WRITE_BUF_USED.3ossl
#usr/share/man/man3/SSL_WRITE_FLAG_CONCLUDE.3ossl
#usr/share/man/man3/SSL_accept.3ossl
+#usr/share/man/man3/SSL_accept_connection.3ossl
#usr/share/man/man3/SSL_accept_stream.3ossl
#usr/share/man/man3/SSL_add0_chain_cert.3ossl
#usr/share/man/man3/SSL_add1_chain_cert.3ossl
@@ -5506,18 +5693,22 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_get0_connection.3ossl
#usr/share/man/man3/SSL_get0_dane_authority.3ossl
#usr/share/man/man3/SSL_get0_dane_tlsa.3ossl
+#usr/share/man/man3/SSL_get0_domain.3ossl
#usr/share/man/man3/SSL_get0_group_name.3ossl
#usr/share/man/man3/SSL_get0_iana_groups.3ossl
+#usr/share/man/man3/SSL_get0_listener.3ossl
#usr/share/man/man3/SSL_get0_next_proto_negotiated.3ossl
#usr/share/man/man3/SSL_get0_param.3ossl
#usr/share/man/man3/SSL_get0_peer_CA_list.3ossl
#usr/share/man/man3/SSL_get0_peer_certificate.3ossl
#usr/share/man/man3/SSL_get0_peer_rpk.3ossl
#usr/share/man/man3/SSL_get0_peer_scts.3ossl
+#usr/share/man/man3/SSL_get0_peer_signature_name.3ossl
#usr/share/man/man3/SSL_get0_peername.3ossl
#usr/share/man/man3/SSL_get0_security_ex_data.3ossl
#usr/share/man/man3/SSL_get0_server_cert_type.3ossl
#usr/share/man/man3/SSL_get0_session.3ossl
+#usr/share/man/man3/SSL_get0_signature_name.3ossl
#usr/share/man/man3/SSL_get0_verified_chain.3ossl
#usr/share/man/man3/SSL_get0_verify_cert_store.3ossl
#usr/share/man/man3/SSL_get1_builtin_sigalgs.3ossl
@@ -5528,6 +5719,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_get1_session.3ossl
#usr/share/man/man3/SSL_get1_supported_ciphers.3ossl
#usr/share/man/man3/SSL_get_SSL_CTX.3ossl
+#usr/share/man/man3/SSL_get_accept_connection_queue_len.3ossl
#usr/share/man/man3/SSL_get_accept_stream_queue_len.3ossl
#usr/share/man/man3/SSL_get_all_async_fds.3ossl
#usr/share/man/man3/SSL_get_app_data.3ossl
@@ -5549,6 +5741,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_get_default_passwd_cb.3ossl
#usr/share/man/man3/SSL_get_default_passwd_cb_userdata.3ossl
#usr/share/man/man3/SSL_get_default_timeout.3ossl
+#usr/share/man/man3/SSL_get_domain_flags.3ossl
#usr/share/man/man3/SSL_get_early_data_status.3ossl
#usr/share/man/man3/SSL_get_error.3ossl
#usr/share/man/man3/SSL_get_event_handling_mode.3ossl
@@ -5652,20 +5845,27 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_in_init.3ossl
#usr/share/man/man3/SSL_inject_net_dgram.3ossl
#usr/share/man/man3/SSL_is_connection.3ossl
+#usr/share/man/man3/SSL_is_domain.3ossl
#usr/share/man/man3/SSL_is_dtls.3ossl
#usr/share/man/man3/SSL_is_init_finished.3ossl
+#usr/share/man/man3/SSL_is_listener.3ossl
#usr/share/man/man3/SSL_is_quic.3ossl
#usr/share/man/man3/SSL_is_server.3ossl
#usr/share/man/man3/SSL_is_stream_local.3ossl
#usr/share/man/man3/SSL_is_tls.3ossl
#usr/share/man/man3/SSL_key_update.3ossl
#usr/share/man/man3/SSL_library_init.3ossl
+#usr/share/man/man3/SSL_listen.3ossl
#usr/share/man/man3/SSL_load_client_CA_file.3ossl
#usr/share/man/man3/SSL_load_client_CA_file_ex.3ossl
#usr/share/man/man3/SSL_load_error_strings.3ossl
#usr/share/man/man3/SSL_net_read_desired.3ossl
#usr/share/man/man3/SSL_net_write_desired.3ossl
#usr/share/man/man3/SSL_new.3ossl
+#usr/share/man/man3/SSL_new_domain.3ossl
+#usr/share/man/man3/SSL_new_from_listener.3ossl
+#usr/share/man/man3/SSL_new_listener.3ossl
+#usr/share/man/man3/SSL_new_listener_from.3ossl
#usr/share/man/man3/SSL_new_session_ticket.3ossl
#usr/share/man/man3/SSL_new_stream.3ossl
#usr/share/man/man3/SSL_peek.3ossl
@@ -5755,6 +5955,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_set_mode.3ossl
#usr/share/man/man3/SSL_set_msg_callback.3ossl
#usr/share/man/man3/SSL_set_msg_callback_arg.3ossl
+#usr/share/man/man3/SSL_set_new_pending_conn_cb_fn.3ossl
#usr/share/man/man3/SSL_set_num_tickets.3ossl
#usr/share/man/man3/SSL_set_options.3ossl
#usr/share/man/man3/SSL_set_post_handshake_auth.3ossl
@@ -5763,6 +5964,9 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/SSL_set_psk_server_callback.3ossl
#usr/share/man/man3/SSL_set_psk_use_session_callback.3ossl
#usr/share/man/man3/SSL_set_purpose.3ossl
+#usr/share/man/man3/SSL_set_quic_tls_cbs.3ossl
+#usr/share/man/man3/SSL_set_quic_tls_early_data_enabled.3ossl
+#usr/share/man/man3/SSL_set_quic_tls_transport_params.3ossl
#usr/share/man/man3/SSL_set_quiet_shutdown.3ossl
#usr/share/man/man3/SSL_set_read_ahead.3ossl
#usr/share/man/man3/SSL_set_record_padding_callback.3ossl
@@ -6194,6 +6398,18 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/X509_PUBKEY_set.3ossl
#usr/share/man/man3/X509_PUBKEY_set0_param.3ossl
#usr/share/man/man3/X509_PUBKEY_set0_public_key.3ossl
+#usr/share/man/man3/X509_PURPOSE_add.3ossl
+#usr/share/man/man3/X509_PURPOSE_cleanup.3ossl
+#usr/share/man/man3/X509_PURPOSE_get0.3ossl
+#usr/share/man/man3/X509_PURPOSE_get0_name.3ossl
+#usr/share/man/man3/X509_PURPOSE_get0_sname.3ossl
+#usr/share/man/man3/X509_PURPOSE_get_by_id.3ossl
+#usr/share/man/man3/X509_PURPOSE_get_by_sname.3ossl
+#usr/share/man/man3/X509_PURPOSE_get_count.3ossl
+#usr/share/man/man3/X509_PURPOSE_get_id.3ossl
+#usr/share/man/man3/X509_PURPOSE_get_trust.3ossl
+#usr/share/man/man3/X509_PURPOSE_get_unused_id.3ossl
+#usr/share/man/man3/X509_PURPOSE_set.3ossl
#usr/share/man/man3/X509_REQ_INFO_free.3ossl
#usr/share/man/man3/X509_REQ_INFO_new.3ossl
#usr/share/man/man3/X509_REQ_add1_attr.3ossl
@@ -6393,6 +6609,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/X509_VERIFY_PARAM_get_flags.3ossl
#usr/share/man/man3/X509_VERIFY_PARAM_get_hostflags.3ossl
#usr/share/man/man3/X509_VERIFY_PARAM_get_inh_flags.3ossl
+#usr/share/man/man3/X509_VERIFY_PARAM_get_purpose.3ossl
#usr/share/man/man3/X509_VERIFY_PARAM_get_time.3ossl
#usr/share/man/man3/X509_VERIFY_PARAM_set1_email.3ossl
#usr/share/man/man3/X509_VERIFY_PARAM_set1_host.3ossl
@@ -6631,7 +6848,18 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/d2i_OCSP_SERVICELOC.3ossl
#usr/share/man/man3/d2i_OCSP_SIGNATURE.3ossl
#usr/share/man/man3/d2i_OCSP_SINGLERESP.3ossl
+#usr/share/man/man3/d2i_OSSL_AA_DIST_POINT.3ossl
+#usr/share/man/man3/d2i_OSSL_ALLOWED_ATTRIBUTES_CHOICE.3ossl
+#usr/share/man/man3/d2i_OSSL_ALLOWED_ATTRIBUTES_ITEM.3ossl
+#usr/share/man/man3/d2i_OSSL_ALLOWED_ATTRIBUTES_SYNTAX.3ossl
+#usr/share/man/man3/d2i_OSSL_ATAV.3ossl
#usr/share/man/man3/d2i_OSSL_ATTRIBUTES_SYNTAX.3ossl
+#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_DESCRIPTOR.3ossl
+#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_MAPPING.3ossl
+#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_MAPPINGS.3ossl
+#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_TYPE_MAPPING.3ossl
+#usr/share/man/man3/d2i_OSSL_ATTRIBUTE_VALUE_MAPPING.3ossl
+#usr/share/man/man3/d2i_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX.3ossl
#usr/share/man/man3/d2i_OSSL_BASIC_ATTR_CONSTRAINTS.3ossl
#usr/share/man/man3/d2i_OSSL_CMP_ATAVS.3ossl
#usr/share/man/man3/d2i_OSSL_CMP_MSG.3ossl
@@ -6640,19 +6868,37 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/d2i_OSSL_CMP_PKISI.3ossl
#usr/share/man/man3/d2i_OSSL_CRMF_CERTID.3ossl
#usr/share/man/man3/d2i_OSSL_CRMF_CERTTEMPLATE.3ossl
+#usr/share/man/man3/d2i_OSSL_CRMF_ENCRYPTEDKEY.3ossl
#usr/share/man/man3/d2i_OSSL_CRMF_ENCRYPTEDVALUE.3ossl
#usr/share/man/man3/d2i_OSSL_CRMF_MSG.3ossl
#usr/share/man/man3/d2i_OSSL_CRMF_MSGS.3ossl
#usr/share/man/man3/d2i_OSSL_CRMF_PBMPARAMETER.3ossl
#usr/share/man/man3/d2i_OSSL_CRMF_PKIPUBLICATIONINFO.3ossl
#usr/share/man/man3/d2i_OSSL_CRMF_SINGLEPUBINFO.3ossl
+#usr/share/man/man3/d2i_OSSL_DAY_TIME.3ossl
+#usr/share/man/man3/d2i_OSSL_DAY_TIME_BAND.3ossl
+#usr/share/man/man3/d2i_OSSL_HASH.3ossl
#usr/share/man/man3/d2i_OSSL_IETF_ATTR_SYNTAX.3ossl
+#usr/share/man/man3/d2i_OSSL_INFO_SYNTAX.3ossl
+#usr/share/man/man3/d2i_OSSL_INFO_SYNTAX_POINTER.3ossl
#usr/share/man/man3/d2i_OSSL_ISSUER_SERIAL.3ossl
+#usr/share/man/man3/d2i_OSSL_NAMED_DAY.3ossl
#usr/share/man/man3/d2i_OSSL_OBJECT_DIGEST_INFO.3ossl
+#usr/share/man/man3/d2i_OSSL_PRIVILEGE_POLICY_ID.3ossl
+#usr/share/man/man3/d2i_OSSL_ROLE_SPEC_CERT_ID.3ossl
+#usr/share/man/man3/d2i_OSSL_ROLE_SPEC_CERT_ID_SYNTAX.3ossl
#usr/share/man/man3/d2i_OSSL_TARGET.3ossl
#usr/share/man/man3/d2i_OSSL_TARGETING_INFORMATION.3ossl
#usr/share/man/man3/d2i_OSSL_TARGETS.3ossl
#usr/share/man/man3/d2i_OSSL_TARGET_CERT.3ossl
+#usr/share/man/man3/d2i_OSSL_TIME_PERIOD.3ossl
+#usr/share/man/man3/d2i_OSSL_TIME_SPEC.3ossl
+#usr/share/man/man3/d2i_OSSL_TIME_SPEC_ABSOLUTE.3ossl
+#usr/share/man/man3/d2i_OSSL_TIME_SPEC_DAY.3ossl
+#usr/share/man/man3/d2i_OSSL_TIME_SPEC_MONTH.3ossl
+#usr/share/man/man3/d2i_OSSL_TIME_SPEC_TIME.3ossl
+#usr/share/man/man3/d2i_OSSL_TIME_SPEC_WEEKS.3ossl
+#usr/share/man/man3/d2i_OSSL_TIME_SPEC_X_DAY_OF.3ossl
#usr/share/man/man3/d2i_OSSL_USER_NOTICE_SYNTAX.3ossl
#usr/share/man/man3/d2i_OTHERNAME.3ossl
#usr/share/man/man3/d2i_PBE2PARAM.3ossl
@@ -6868,7 +7114,18 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/i2d_OCSP_SERVICELOC.3ossl
#usr/share/man/man3/i2d_OCSP_SIGNATURE.3ossl
#usr/share/man/man3/i2d_OCSP_SINGLERESP.3ossl
+#usr/share/man/man3/i2d_OSSL_AA_DIST_POINT.3ossl
+#usr/share/man/man3/i2d_OSSL_ALLOWED_ATTRIBUTES_CHOICE.3ossl
+#usr/share/man/man3/i2d_OSSL_ALLOWED_ATTRIBUTES_ITEM.3ossl
+#usr/share/man/man3/i2d_OSSL_ALLOWED_ATTRIBUTES_SYNTAX.3ossl
+#usr/share/man/man3/i2d_OSSL_ATAV.3ossl
#usr/share/man/man3/i2d_OSSL_ATTRIBUTES_SYNTAX.3ossl
+#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_DESCRIPTOR.3ossl
+#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_MAPPING.3ossl
+#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_MAPPINGS.3ossl
+#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_TYPE_MAPPING.3ossl
+#usr/share/man/man3/i2d_OSSL_ATTRIBUTE_VALUE_MAPPING.3ossl
+#usr/share/man/man3/i2d_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX.3ossl
#usr/share/man/man3/i2d_OSSL_BASIC_ATTR_CONSTRAINTS.3ossl
#usr/share/man/man3/i2d_OSSL_CMP_ATAVS.3ossl
#usr/share/man/man3/i2d_OSSL_CMP_MSG.3ossl
@@ -6877,19 +7134,37 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/i2d_OSSL_CMP_PKISI.3ossl
#usr/share/man/man3/i2d_OSSL_CRMF_CERTID.3ossl
#usr/share/man/man3/i2d_OSSL_CRMF_CERTTEMPLATE.3ossl
+#usr/share/man/man3/i2d_OSSL_CRMF_ENCRYPTEDKEY.3ossl
#usr/share/man/man3/i2d_OSSL_CRMF_ENCRYPTEDVALUE.3ossl
#usr/share/man/man3/i2d_OSSL_CRMF_MSG.3ossl
#usr/share/man/man3/i2d_OSSL_CRMF_MSGS.3ossl
#usr/share/man/man3/i2d_OSSL_CRMF_PBMPARAMETER.3ossl
#usr/share/man/man3/i2d_OSSL_CRMF_PKIPUBLICATIONINFO.3ossl
#usr/share/man/man3/i2d_OSSL_CRMF_SINGLEPUBINFO.3ossl
+#usr/share/man/man3/i2d_OSSL_DAY_TIME.3ossl
+#usr/share/man/man3/i2d_OSSL_DAY_TIME_BAND.3ossl
+#usr/share/man/man3/i2d_OSSL_HASH.3ossl
#usr/share/man/man3/i2d_OSSL_IETF_ATTR_SYNTAX.3ossl
+#usr/share/man/man3/i2d_OSSL_INFO_SYNTAX.3ossl
+#usr/share/man/man3/i2d_OSSL_INFO_SYNTAX_POINTER.3ossl
#usr/share/man/man3/i2d_OSSL_ISSUER_SERIAL.3ossl
+#usr/share/man/man3/i2d_OSSL_NAMED_DAY.3ossl
#usr/share/man/man3/i2d_OSSL_OBJECT_DIGEST_INFO.3ossl
+#usr/share/man/man3/i2d_OSSL_PRIVILEGE_POLICY_ID.3ossl
+#usr/share/man/man3/i2d_OSSL_ROLE_SPEC_CERT_ID.3ossl
+#usr/share/man/man3/i2d_OSSL_ROLE_SPEC_CERT_ID_SYNTAX.3ossl
#usr/share/man/man3/i2d_OSSL_TARGET.3ossl
#usr/share/man/man3/i2d_OSSL_TARGETING_INFORMATION.3ossl
#usr/share/man/man3/i2d_OSSL_TARGETS.3ossl
#usr/share/man/man3/i2d_OSSL_TARGET_CERT.3ossl
+#usr/share/man/man3/i2d_OSSL_TIME_PERIOD.3ossl
+#usr/share/man/man3/i2d_OSSL_TIME_SPEC.3ossl
+#usr/share/man/man3/i2d_OSSL_TIME_SPEC_ABSOLUTE.3ossl
+#usr/share/man/man3/i2d_OSSL_TIME_SPEC_DAY.3ossl
+#usr/share/man/man3/i2d_OSSL_TIME_SPEC_MONTH.3ossl
+#usr/share/man/man3/i2d_OSSL_TIME_SPEC_TIME.3ossl
+#usr/share/man/man3/i2d_OSSL_TIME_SPEC_WEEKS.3ossl
+#usr/share/man/man3/i2d_OSSL_TIME_SPEC_X_DAY_OF.3ossl
#usr/share/man/man3/i2d_OSSL_USER_NOTICE_SYNTAX.3ossl
#usr/share/man/man3/i2d_OTHERNAME.3ossl
#usr/share/man/man3/i2d_PBE2PARAM.3ossl
@@ -7096,6 +7371,10 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man7/EVP_KDF-X942-CONCAT.7ossl
#usr/share/man/man7/EVP_KDF-X963.7ossl
#usr/share/man/man7/EVP_KEM-EC.7ossl
+#usr/share/man/man7/EVP_KEM-ML-KEM-1024.7ossl
+#usr/share/man/man7/EVP_KEM-ML-KEM-512.7ossl
+#usr/share/man/man7/EVP_KEM-ML-KEM-768.7ossl
+#usr/share/man/man7/EVP_KEM-ML-KEM.7ossl
#usr/share/man/man7/EVP_KEM-RSA.7ossl
#usr/share/man/man7/EVP_KEM-X25519.7ossl
#usr/share/man/man7/EVP_KEM-X448.7ossl
@@ -7111,8 +7390,14 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man7/EVP_KEYMGMT-ED25519.7ossl
#usr/share/man/man7/EVP_KEYMGMT-ED448.7ossl
#usr/share/man/man7/EVP_KEYMGMT-HMAC.7ossl
+#usr/share/man/man7/EVP_KEYMGMT-ML-DSA.7ossl
+#usr/share/man/man7/EVP_KEYMGMT-ML-KEM-1024.7ossl
+#usr/share/man/man7/EVP_KEYMGMT-ML-KEM-512.7ossl
+#usr/share/man/man7/EVP_KEYMGMT-ML-KEM-768.7ossl
+#usr/share/man/man7/EVP_KEYMGMT-ML-KEM.7ossl
#usr/share/man/man7/EVP_KEYMGMT-Poly1305.7ossl
#usr/share/man/man7/EVP_KEYMGMT-RSA.7ossl
+#usr/share/man/man7/EVP_KEYMGMT-SLH-DSA.7ossl
#usr/share/man/man7/EVP_KEYMGMT-SM2.7ossl
#usr/share/man/man7/EVP_KEYMGMT-Siphash.7ossl
#usr/share/man/man7/EVP_KEYMGMT-X25519.7ossl
@@ -7154,8 +7439,29 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man7/EVP_PKEY-ED448.7ossl
#usr/share/man/man7/EVP_PKEY-FFC.7ossl
#usr/share/man/man7/EVP_PKEY-HMAC.7ossl
+#usr/share/man/man7/EVP_PKEY-ML-DSA-44.7ossl
+#usr/share/man/man7/EVP_PKEY-ML-DSA-65.7ossl
+#usr/share/man/man7/EVP_PKEY-ML-DSA-87.7ossl
+#usr/share/man/man7/EVP_PKEY-ML-DSA.7ossl
+#usr/share/man/man7/EVP_PKEY-ML-KEM-1024.7ossl
+#usr/share/man/man7/EVP_PKEY-ML-KEM-512.7ossl
+#usr/share/man/man7/EVP_PKEY-ML-KEM-768.7ossl
+#usr/share/man/man7/EVP_PKEY-ML-KEM.7ossl
#usr/share/man/man7/EVP_PKEY-Poly1305.7ossl
#usr/share/man/man7/EVP_PKEY-RSA.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-128f.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-128s.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-192f.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-192s.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-256f.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHA2-256s.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-128f.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-128s.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-192f.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-192s.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-256f.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA-SHAKE-256s.7ossl
+#usr/share/man/man7/EVP_PKEY-SLH-DSA.7ossl
#usr/share/man/man7/EVP_PKEY-SM2.7ossl
#usr/share/man/man7/EVP_PKEY-Siphash.7ossl
#usr/share/man/man7/EVP_PKEY-X25519.7ossl
@@ -7174,8 +7480,25 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man7/EVP_SIGNATURE-ED25519.7ossl
#usr/share/man/man7/EVP_SIGNATURE-ED448.7ossl
#usr/share/man/man7/EVP_SIGNATURE-HMAC.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-ML-DSA-44.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-ML-DSA-65.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-ML-DSA-87.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ossl
#usr/share/man/man7/EVP_SIGNATURE-Poly1305.7ossl
#usr/share/man/man7/EVP_SIGNATURE-RSA.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-128f.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-128s.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-192f.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-192s.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-256f.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHA2-256s.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-128f.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-128s.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-192f.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-192s.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-256f.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA-SHAKE-256s.7ossl
+#usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ossl
#usr/share/man/man7/EVP_SIGNATURE-Siphash.7ossl
#usr/share/man/man7/Ed25519.7ossl
#usr/share/man/man7/Ed448.7ossl
@@ -7212,6 +7535,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man7/openssl-env.7ossl
#usr/share/man/man7/openssl-glossary.7ossl
#usr/share/man/man7/openssl-qlog.7ossl
+#usr/share/man/man7/openssl-quic-concurrency.7ossl
#usr/share/man/man7/openssl-quic.7ossl
#usr/share/man/man7/openssl-threads.7ossl
#usr/share/man/man7/openssl_user_macros.7ossl
@@ -7224,6 +7548,8 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man7/ossl-guide-quic-client-non-block.7ossl
#usr/share/man/man7/ossl-guide-quic-introduction.7ossl
#usr/share/man/man7/ossl-guide-quic-multi-stream.7ossl
+#usr/share/man/man7/ossl-guide-quic-server-block.7ossl
+#usr/share/man/man7/ossl-guide-quic-server-non-block.7ossl
#usr/share/man/man7/ossl-guide-tls-client-block.7ossl
#usr/share/man/man7/ossl-guide-tls-client-non-block.7ossl
#usr/share/man/man7/ossl-guide-tls-introduction.7ossl
@@ -7246,6 +7572,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man7/provider-object.7ossl
#usr/share/man/man7/provider-rand.7ossl
#usr/share/man/man7/provider-signature.7ossl
+#usr/share/man/man7/provider-skeymgmt.7ossl
#usr/share/man/man7/provider-storemgmt.7ossl
#usr/share/man/man7/provider.7ossl
#usr/share/man/man7/proxy-certificates.7ossl
diff --git a/config/rootfiles/common/protobuf b/config/rootfiles/common/protobuf
index db247dfeba..897f8cc33c 100644
--- a/config/rootfiles/common/protobuf
+++ b/config/rootfiles/common/protobuf
@@ -1,11 +1,11 @@
#usr/bin/protoc
-#usr/bin/protoc-29.3.0
+usr/bin/protoc-30.2.0
#usr/bin/protoc-gen-upb
-#usr/bin/protoc-gen-upb-29.3.0
+usr/bin/protoc-gen-upb-30.2.0
#usr/bin/protoc-gen-upb_minitable
-#usr/bin/protoc-gen-upb_minitable-29.3.0
+usr/bin/protoc-gen-upb_minitable-30.2.0
#usr/bin/protoc-gen-upbdefs
-#usr/bin/protoc-gen-upbdefs-29.3.0
+usr/bin/protoc-gen-upbdefs-30.2.0
#usr/include/google
#usr/include/google/protobuf
#usr/include/google/protobuf/any.h
@@ -24,110 +24,31 @@
#usr/include/google/protobuf/compiler/code_generator_lite.h
#usr/include/google/protobuf/compiler/command_line_interface.h
#usr/include/google/protobuf/compiler/cpp
-#usr/include/google/protobuf/compiler/cpp/enum.h
-#usr/include/google/protobuf/compiler/cpp/extension.h
-#usr/include/google/protobuf/compiler/cpp/field.h
-#usr/include/google/protobuf/compiler/cpp/field_generators
-#usr/include/google/protobuf/compiler/cpp/field_generators/generators.h
-#usr/include/google/protobuf/compiler/cpp/file.h
#usr/include/google/protobuf/compiler/cpp/generator.h
#usr/include/google/protobuf/compiler/cpp/helpers.h
-#usr/include/google/protobuf/compiler/cpp/ifndef_guard.h
-#usr/include/google/protobuf/compiler/cpp/message.h
-#usr/include/google/protobuf/compiler/cpp/message_layout_helper.h
#usr/include/google/protobuf/compiler/cpp/names.h
-#usr/include/google/protobuf/compiler/cpp/namespace_printer.h
#usr/include/google/protobuf/compiler/cpp/options.h
-#usr/include/google/protobuf/compiler/cpp/padding_optimizer.h
-#usr/include/google/protobuf/compiler/cpp/parse_function_generator.h
-#usr/include/google/protobuf/compiler/cpp/service.h
-#usr/include/google/protobuf/compiler/cpp/tracker.h
#usr/include/google/protobuf/compiler/csharp
-#usr/include/google/protobuf/compiler/csharp/csharp_doc_comment.h
-#usr/include/google/protobuf/compiler/csharp/csharp_enum.h
-#usr/include/google/protobuf/compiler/csharp/csharp_enum_field.h
-#usr/include/google/protobuf/compiler/csharp/csharp_field_base.h
#usr/include/google/protobuf/compiler/csharp/csharp_generator.h
-#usr/include/google/protobuf/compiler/csharp/csharp_helpers.h
-#usr/include/google/protobuf/compiler/csharp/csharp_map_field.h
-#usr/include/google/protobuf/compiler/csharp/csharp_message.h
-#usr/include/google/protobuf/compiler/csharp/csharp_message_field.h
-#usr/include/google/protobuf/compiler/csharp/csharp_options.h
-#usr/include/google/protobuf/compiler/csharp/csharp_primitive_field.h
-#usr/include/google/protobuf/compiler/csharp/csharp_reflection_class.h
-#usr/include/google/protobuf/compiler/csharp/csharp_repeated_enum_field.h
-#usr/include/google/protobuf/compiler/csharp/csharp_repeated_message_field.h
-#usr/include/google/protobuf/compiler/csharp/csharp_repeated_primitive_field.h
-#usr/include/google/protobuf/compiler/csharp/csharp_source_generator_base.h
-#usr/include/google/protobuf/compiler/csharp/csharp_wrapper_field.h
#usr/include/google/protobuf/compiler/csharp/names.h
#usr/include/google/protobuf/compiler/importer.h
#usr/include/google/protobuf/compiler/java
#usr/include/google/protobuf/compiler/java/context.h
#usr/include/google/protobuf/compiler/java/doc_comment.h
-#usr/include/google/protobuf/compiler/java/field_common.h
-#usr/include/google/protobuf/compiler/java/file.h
-#usr/include/google/protobuf/compiler/java/full
-#usr/include/google/protobuf/compiler/java/full/enum.h
-#usr/include/google/protobuf/compiler/java/full/enum_field.h
-#usr/include/google/protobuf/compiler/java/full/extension.h
-#usr/include/google/protobuf/compiler/java/full/field_generator.h
-#usr/include/google/protobuf/compiler/java/full/generator_factory.h
-#usr/include/google/protobuf/compiler/java/full/make_field_gens.h
-#usr/include/google/protobuf/compiler/java/full/map_field.h
-#usr/include/google/protobuf/compiler/java/full/message.h
-#usr/include/google/protobuf/compiler/java/full/message_builder.h
-#usr/include/google/protobuf/compiler/java/full/message_field.h
-#usr/include/google/protobuf/compiler/java/full/primitive_field.h
-#usr/include/google/protobuf/compiler/java/full/service.h
-#usr/include/google/protobuf/compiler/java/full/string_field.h
#usr/include/google/protobuf/compiler/java/generator.h
-#usr/include/google/protobuf/compiler/java/generator_common.h
-#usr/include/google/protobuf/compiler/java/generator_factory.h
#usr/include/google/protobuf/compiler/java/helpers.h
-#usr/include/google/protobuf/compiler/java/internal_helpers.h
#usr/include/google/protobuf/compiler/java/java_features.pb.h
-#usr/include/google/protobuf/compiler/java/lite
-#usr/include/google/protobuf/compiler/java/lite/enum.h
-#usr/include/google/protobuf/compiler/java/lite/enum_field.h
-#usr/include/google/protobuf/compiler/java/lite/extension.h
-#usr/include/google/protobuf/compiler/java/lite/field_generator.h
-#usr/include/google/protobuf/compiler/java/lite/generator_factory.h
-#usr/include/google/protobuf/compiler/java/lite/make_field_gens.h
-#usr/include/google/protobuf/compiler/java/lite/map_field.h
-#usr/include/google/protobuf/compiler/java/lite/message.h
-#usr/include/google/protobuf/compiler/java/lite/message_builder.h
-#usr/include/google/protobuf/compiler/java/lite/message_field.h
-#usr/include/google/protobuf/compiler/java/lite/primitive_field.h
-#usr/include/google/protobuf/compiler/java/lite/string_field.h
-#usr/include/google/protobuf/compiler/java/message_serialization.h
#usr/include/google/protobuf/compiler/java/name_resolver.h
#usr/include/google/protobuf/compiler/java/names.h
#usr/include/google/protobuf/compiler/java/options.h
-#usr/include/google/protobuf/compiler/java/shared_code_generator.h
#usr/include/google/protobuf/compiler/kotlin
-#usr/include/google/protobuf/compiler/kotlin/file.h
#usr/include/google/protobuf/compiler/kotlin/generator.h
-#usr/include/google/protobuf/compiler/kotlin/message.h
+#usr/include/google/protobuf/compiler/notices.h
#usr/include/google/protobuf/compiler/objectivec
-#usr/include/google/protobuf/compiler/objectivec/enum.h
-#usr/include/google/protobuf/compiler/objectivec/enum_field.h
-#usr/include/google/protobuf/compiler/objectivec/extension.h
-#usr/include/google/protobuf/compiler/objectivec/field.h
-#usr/include/google/protobuf/compiler/objectivec/file.h
#usr/include/google/protobuf/compiler/objectivec/generator.h
-#usr/include/google/protobuf/compiler/objectivec/helpers.h
-#usr/include/google/protobuf/compiler/objectivec/import_writer.h
#usr/include/google/protobuf/compiler/objectivec/line_consumer.h
-#usr/include/google/protobuf/compiler/objectivec/map_field.h
-#usr/include/google/protobuf/compiler/objectivec/message.h
-#usr/include/google/protobuf/compiler/objectivec/message_field.h
#usr/include/google/protobuf/compiler/objectivec/names.h
#usr/include/google/protobuf/compiler/objectivec/nsobject_methods.h
-#usr/include/google/protobuf/compiler/objectivec/oneof.h
-#usr/include/google/protobuf/compiler/objectivec/options.h
-#usr/include/google/protobuf/compiler/objectivec/primitive_field.h
-#usr/include/google/protobuf/compiler/objectivec/tf_decode_data.h
#usr/include/google/protobuf/compiler/parser.h
#usr/include/google/protobuf/compiler/php
#usr/include/google/protobuf/compiler/php/names.h
@@ -137,29 +58,10 @@
#usr/include/google/protobuf/compiler/plugin.proto
#usr/include/google/protobuf/compiler/python
#usr/include/google/protobuf/compiler/python/generator.h
-#usr/include/google/protobuf/compiler/python/helpers.h
#usr/include/google/protobuf/compiler/python/pyi_generator.h
#usr/include/google/protobuf/compiler/retention.h
#usr/include/google/protobuf/compiler/ruby
#usr/include/google/protobuf/compiler/ruby/ruby_generator.h
-#usr/include/google/protobuf/compiler/rust
-#usr/include/google/protobuf/compiler/rust/accessors
-#usr/include/google/protobuf/compiler/rust/accessors/accessor_case.h
-#usr/include/google/protobuf/compiler/rust/accessors/accessors.h
-#usr/include/google/protobuf/compiler/rust/accessors/default_value.h
-#usr/include/google/protobuf/compiler/rust/accessors/generator.h
-#usr/include/google/protobuf/compiler/rust/accessors/with_presence.h
-#usr/include/google/protobuf/compiler/rust/context.h
-#usr/include/google/protobuf/compiler/rust/crate_mapping.h
-#usr/include/google/protobuf/compiler/rust/enum.h
-#usr/include/google/protobuf/compiler/rust/generator.h
-#usr/include/google/protobuf/compiler/rust/message.h
-#usr/include/google/protobuf/compiler/rust/naming.h
-#usr/include/google/protobuf/compiler/rust/oneof.h
-#usr/include/google/protobuf/compiler/rust/relative_path.h
-#usr/include/google/protobuf/compiler/rust/rust_field_type.h
-#usr/include/google/protobuf/compiler/rust/rust_keywords.h
-#usr/include/google/protobuf/compiler/rust/upb_helpers.h
#usr/include/google/protobuf/compiler/scc.h
#usr/include/google/protobuf/compiler/subprocess.h
#usr/include/google/protobuf/compiler/versions.h
@@ -264,8 +166,6 @@
#usr/include/google/protobuf/stubs/platform_macros.h
#usr/include/google/protobuf/stubs/port.h
#usr/include/google/protobuf/stubs/status_macros.h
-#usr/include/google/protobuf/testing
-#usr/include/google/protobuf/testing/file.h
#usr/include/google/protobuf/text_format.h
#usr/include/google/protobuf/thread_safe_arena.h
#usr/include/google/protobuf/timestamp.pb.h
@@ -408,6 +308,7 @@
#usr/include/upb/reflection/oneof_def.h
#usr/include/upb/reflection/service_def.h
#usr/include/upb/text
+#usr/include/upb/text/debug_string.h
#usr/include/upb/text/encode.h
#usr/include/upb/text/internal
#usr/include/upb/text/internal/encode.h
@@ -424,12 +325,6 @@
#usr/include/upb/wire/internal/decode_fast.h
#usr/include/upb/wire/reader.h
#usr/include/upb/wire/types.h
-#usr/include/upb_generator
-#usr/include/upb_generator/common
-#usr/include/upb_generator/common/names.h
-#usr/include/upb_generator/minitable
-#usr/include/upb_generator/minitable/names.h
-#usr/include/upb_generator/minitable/names_internal.h
#usr/include/utf8_range.h
#usr/include/utf8_validity.h
#usr/lib/cmake/protobuf
@@ -445,14 +340,16 @@
#usr/lib/cmake/utf8_range/utf8_range-targets-noconfig.cmake
#usr/lib/cmake/utf8_range/utf8_range-targets.cmake
#usr/lib/libprotobuf-lite.so
-usr/lib/libprotobuf-lite.so.29.3.0
+usr/lib/libprotobuf-lite.so.30.2.0
#usr/lib/libprotobuf.so
-usr/lib/libprotobuf.so.29.3.0
+usr/lib/libprotobuf.so.30.2.0
#usr/lib/libprotoc.so
-usr/lib/libprotoc.so.29.3.0
+usr/lib/libprotoc.so.30.2.0
#usr/lib/libupb.a
usr/lib/libutf8_range.so
+usr/lib/libutf8_range.so.30.2.0
usr/lib/libutf8_validity.so
+usr/lib/libutf8_validity.so.30.2.0
#usr/lib/pkgconfig/protobuf-lite.pc
#usr/lib/pkgconfig/protobuf.pc
#usr/lib/pkgconfig/upb.pc
diff --git a/config/rootfiles/common/riscv64/initscripts b/config/rootfiles/common/riscv64/initscripts
index 4ee77ba210..11cfaf2be8 100644
--- a/config/rootfiles/common/riscv64/initscripts
+++ b/config/rootfiles/common/riscv64/initscripts
@@ -91,6 +91,7 @@ etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
#etc/rc.d/rc0.d
etc/rc.d/rc0.d/K01grub-btrfsd
@@ -101,6 +102,7 @@ etc/rc.d/rc0.d/K30sshd
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
+etc/rc.d/rc0.d/K70wireguard
etc/rc.d/rc0.d/K77conntrackd
etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
@@ -132,6 +134,7 @@ etc/rc.d/rc3.d/S24cyrus-sasl
etc/rc.d/rc3.d/S30sshd
etc/rc.d/rc3.d/S32apache
etc/rc.d/rc3.d/S40fcron
+etc/rc.d/rc3.d/S50wireguard
etc/rc.d/rc3.d/S98rc.local
etc/rc.d/rc3.d/S99grub-btrfsd
#etc/rc.d/rc3.d/S99vdradmin
@@ -144,6 +147,7 @@ etc/rc.d/rc6.d/K30sshd
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
+etc/rc.d/rc6.d/K70wireguard
etc/rc.d/rc6.d/K77conntrackd
etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
index 816241daee..aa31491d24 100644
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -87,6 +87,7 @@ srv/web/ipfire/cgi-bin/wakeonlan.cgi
srv/web/ipfire/cgi-bin/webaccess.cgi
#srv/web/ipfire/cgi-bin/wio.cgi
#srv/web/ipfire/cgi-bin/wiographs.cgi
+srv/web/ipfire/cgi-bin/wireguard.cgi
srv/web/ipfire/cgi-bin/wireless.cgi
srv/web/ipfire/cgi-bin/wirelessclient.cgi
#srv/web/ipfire/cgi-bin/wlanap.cgi
diff --git a/config/rootfiles/common/wireguard-tools b/config/rootfiles/common/wireguard-tools
new file mode 100644
index 0000000000..46225828d7
--- /dev/null
+++ b/config/rootfiles/common/wireguard-tools
@@ -0,0 +1,4 @@
+etc/fcron.cyclic/wg-dynamic
+usr/bin/wg
+#usr/share/bash-completion/completions/wg
+#usr/share/man/man8/wg.8
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index 4ee77ba210..11cfaf2be8 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -91,6 +91,7 @@ etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
#etc/rc.d/rc0.d
etc/rc.d/rc0.d/K01grub-btrfsd
@@ -101,6 +102,7 @@ etc/rc.d/rc0.d/K30sshd
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
+etc/rc.d/rc0.d/K70wireguard
etc/rc.d/rc0.d/K77conntrackd
etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
@@ -132,6 +134,7 @@ etc/rc.d/rc3.d/S24cyrus-sasl
etc/rc.d/rc3.d/S30sshd
etc/rc.d/rc3.d/S32apache
etc/rc.d/rc3.d/S40fcron
+etc/rc.d/rc3.d/S50wireguard
etc/rc.d/rc3.d/S98rc.local
etc/rc.d/rc3.d/S99grub-btrfsd
#etc/rc.d/rc3.d/S99vdradmin
@@ -144,6 +147,7 @@ etc/rc.d/rc6.d/K30sshd
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
+etc/rc.d/rc6.d/K70wireguard
etc/rc.d/rc6.d/K77conntrackd
etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
diff --git a/config/rootfiles/core/195/filelists/btrfs-progs b/config/rootfiles/core/195/filelists/btrfs-progs
new file mode 120000
index 0000000000..d7a2f6f524
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/btrfs-progs
@@ -0,0 +1 @@
+../../../common/btrfs-progs
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/coreutils b/config/rootfiles/core/195/filelists/coreutils
new file mode 120000
index 0000000000..7351ed2cf5
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/coreutils
@@ -0,0 +1 @@
+../../../common/coreutils
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/files b/config/rootfiles/core/195/filelists/files
index ca8972dd2e..cdab4957a6 100644
--- a/config/rootfiles/core/195/filelists/files
+++ b/config/rootfiles/core/195/filelists/files
@@ -1,6 +1,24 @@
+etc/fcron.cyclic/wg-dynamic
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/networking/functions.network
+etc/rc.d/init.d/wireguard
+lib/udev/network-aqm
opt/pakfire/lib/functions.pl
srv/web/ipfire/cgi-bin/ddns.cgi
+srv/web/ipfire/cgi-bin/firewall.cgi
+srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/pakfire.cgi
+srv/web/ipfire/cgi-bin/services.cgi
+srv/web/ipfire/cgi-bin/wireguard.cgi
+srv/web/ipfire/html/themes/ipfire/include/css/style.css
+usr/lib/firewall/firewall-lib.pl
+usr/local/bin/wireguardctrl
+usr/sbin/firewall-policy
+var/ipfire/backup/bin/backup.pl
var/ipfire/general-functions.pl
+var/ipfire/header.pl
var/ipfire/http-client-functions.pl
var/ipfire/ids-functions.pl
+var/ipfire/ipblocklist/sources
+var/ipfire/menu.d/40-services.menu
+var/ipfire/wireguard-functions.pl
diff --git a/config/rootfiles/core/195/filelists/fontconfig b/config/rootfiles/core/195/filelists/fontconfig
new file mode 120000
index 0000000000..6daeffdd05
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/fontconfig
@@ -0,0 +1 @@
+../../../common/fontconfig
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/libcap b/config/rootfiles/core/195/filelists/libcap
new file mode 120000
index 0000000000..ed67d950a8
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/libcap
@@ -0,0 +1 @@
+../../../common/libcap
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/libffi b/config/rootfiles/core/195/filelists/libffi
new file mode 120000
index 0000000000..c391acd0cb
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/libffi
@@ -0,0 +1 @@
+../../../common/libffi
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/libgpg-error b/config/rootfiles/core/195/filelists/libgpg-error
new file mode 120000
index 0000000000..cad431339f
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/libgpg-error
@@ -0,0 +1 @@
+../../../common/libgpg-error
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/openssh b/config/rootfiles/core/195/filelists/openssh
new file mode 120000
index 0000000000..d8c77fd8e7
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/openssl b/config/rootfiles/core/195/filelists/openssl
new file mode 120000
index 0000000000..e011a9266c
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/protobuf b/config/rootfiles/core/195/filelists/protobuf
new file mode 120000
index 0000000000..e04ed90e7e
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/protobuf
@@ -0,0 +1 @@
+../../../common/protobuf
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/protobuf-c b/config/rootfiles/core/195/filelists/protobuf-c
new file mode 120000
index 0000000000..5435540d52
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/protobuf-c
@@ -0,0 +1 @@
+../../../common/protobuf-c
\ No newline at end of file
diff --git a/config/rootfiles/core/195/filelists/wireguard-tools b/config/rootfiles/core/195/filelists/wireguard-tools
new file mode 120000
index 0000000000..412bf8c385
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/wireguard-tools
@@ -0,0 +1 @@
+../../../common/wireguard-tools
\ No newline at end of file
diff --git a/config/rootfiles/core/195/update.sh b/config/rootfiles/core/195/update.sh
index ee9b534976..eb7a672b93 100644
--- a/config/rootfiles/core/195/update.sh
+++ b/config/rootfiles/core/195/update.sh
@@ -41,13 +41,39 @@ extract_files
# update linker config
ldconfig
+# Create the Wireguard configuration directory
+if [ ! -d "/var/ipfire/wireguard" ]; then
+ mkdir -pv "/var/ipfire/wireguard"
+ chown nobody:nobody "/var/ipfire/wireguard"
+fi
+
# Update Language cache
/usr/local/bin/update-lang-cache
# Filesytem cleanup
/usr/local/bin/filesystem-cleanup
+# Remove any entry for 3CORESEC_SSH, 3CORESEC_SCAN or 3CORESEC_WEB from the ipblocklist modified file
+# and the associated ipblocklist files from the /var/lib/ipblocklist directory
+sed -i '/3CORESEC_SSH=/d' /var/ipfire/ipblocklist/modified
+if [ -e /var/lib/ipblocklist/3CORESEC_SSH.conf ]; then
+ rm /var/lib/ipblocklist/3CORESEC_SSH.conf
+fi
+sed -i '/3CORESEC_SCAN=/d' /var/ipfire/ipblocklist/modified
+if [ -e /var/lib/ipblocklist/3CORESEC_SCAN.conf ]; then
+ rm /var/lib/ipblocklist/3CORESEC_SCAN.conf
+fi
+sed -i '/3CORESEC_WEB=/d' /var/ipfire/ipblocklist/modified
+if [ -e /var/lib/ipblocklist/3CORESEC_WEB.conf ]; then
+ rm /var/lib/ipblocklist/3CORESEC_WEB.conf
+fi
+
+# Apply SSH configuration
+/usr/local/bin/sshctrl
+
# Start services
+/etc/init.d/firewall restart
+/etc/init.d/sshd restart
# This update needs a reboot...
#touch /var/run/need_reboot
diff --git a/config/rootfiles/packages/alsa b/config/rootfiles/packages/alsa
index f61fd8fdd3..938091b936 100644
--- a/config/rootfiles/packages/alsa
+++ b/config/rootfiles/packages/alsa
@@ -185,24 +185,29 @@ usr/share/alsa/pcm/surround51.conf
usr/share/alsa/pcm/surround71.conf
#usr/share/alsa/ucm2
#usr/share/alsa/ucm2/AMD
+#usr/share/alsa/ucm2/AMD/acp-da7219-rt5682-max98357
+usr/share/alsa/ucm2/AMD/acp-da7219-rt5682-max98357/HiFi.conf
+usr/share/alsa/ucm2/AMD/acp-da7219-rt5682-max98357/acp-da7219-rt5682-max98357.conf
+#usr/share/alsa/ucm2/AMD/acp3x-alc5682-alc1015
+usr/share/alsa/ucm2/AMD/acp3x-alc5682-alc1015/HiFi.conf
+usr/share/alsa/ucm2/AMD/acp3x-alc5682-alc1015/acp3x-alc5682-alc1015.conf
+#usr/share/alsa/ucm2/AMD/acp3x-alc5682-max98357
+usr/share/alsa/ucm2/AMD/acp3x-alc5682-max98357/HiFi.conf
+usr/share/alsa/ucm2/AMD/acp3x-alc5682-max98357/acp3x-alc5682-max98357.conf
#usr/share/alsa/ucm2/AMD/acp3x-es83xx
usr/share/alsa/ucm2/AMD/acp3x-es83xx/HiFi.conf
usr/share/alsa/ucm2/AMD/acp3x-es83xx/acp3x-es83xx.conf
-usr/share/alsa/ucm2/AMD/acp3xalc5682m98
-usr/share/alsa/ucm2/AMD/acp3xalc5682m98/HiFi.conf
-usr/share/alsa/ucm2/AMD/acp3xalc5682m98/acp3xalc5682m98.conf
#usr/share/alsa/ucm2/AMD/acp5x
usr/share/alsa/ucm2/AMD/acp5x/HiFi.conf
usr/share/alsa/ucm2/AMD/acp5x/acp5x.conf
-#usr/share/alsa/ucm2/AMD/acpd7219m98357
-usr/share/alsa/ucm2/AMD/acpd7219m98357/HiFi.conf
-usr/share/alsa/ucm2/AMD/acpd7219m98357/acpd7219m98357.conf
#usr/share/alsa/ucm2/Allwinner
#usr/share/alsa/ucm2/Allwinner/A64
#usr/share/alsa/ucm2/Allwinner/A64/PinePhone
usr/share/alsa/ucm2/Allwinner/A64/PinePhone/HiFi.conf
usr/share/alsa/ucm2/Allwinner/A64/PinePhone/PinePhone.conf
usr/share/alsa/ucm2/Allwinner/A64/PinePhone/VoiceCall.conf
+#usr/share/alsa/ucm2/Allwinner/sun4i-h616
+usr/share/alsa/ucm2/Allwinner/sun4i-h616/HiFi.conf
#usr/share/alsa/ucm2/Amlogic
#usr/share/alsa/ucm2/Amlogic/p241
usr/share/alsa/ucm2/Amlogic/p241/p241-HiFi.conf
@@ -212,13 +217,23 @@ usr/share/alsa/ucm2/Amlogic/p241/p241.conf
#usr/share/alsa/ucm2/HDA/DualCodecs
usr/share/alsa/ucm2/HDA/DualCodecs/DualCodecs.conf
usr/share/alsa/ucm2/HDA/DualCodecs/HiFi.conf
-usr/share/alsa/ucm2/HDA/HDA-Capture-value.conf
usr/share/alsa/ucm2/HDA/HDA.conf
usr/share/alsa/ucm2/HDA/Hdmi.conf
usr/share/alsa/ucm2/HDA/HiFi-acp.conf
usr/share/alsa/ucm2/HDA/HiFi-analog.conf
+usr/share/alsa/ucm2/HDA/HiFi-mic.conf
usr/share/alsa/ucm2/HDA/HiFi.conf
usr/share/alsa/ucm2/HDA/init.conf
+#usr/share/alsa/ucm2/IO-Boards
+#usr/share/alsa/ucm2/IO-Boards/Toradex
+#usr/share/alsa/ucm2/IO-Boards/Toradex/apalis
+usr/share/alsa/ucm2/IO-Boards/Toradex/apalis/eval-HiFi.conf
+usr/share/alsa/ucm2/IO-Boards/Toradex/apalis/eval.conf
+#usr/share/alsa/ucm2/IO-Boards/Toradex/verdin
+usr/share/alsa/ucm2/IO-Boards/Toradex/verdin/dahlia-HiFi.conf
+usr/share/alsa/ucm2/IO-Boards/Toradex/verdin/dahlia.conf
+usr/share/alsa/ucm2/IO-Boards/Toradex/verdin/dev-HiFi.conf
+usr/share/alsa/ucm2/IO-Boards/Toradex/verdin/dev.conf
#usr/share/alsa/ucm2/Intel
#usr/share/alsa/ucm2/Intel/SOF
usr/share/alsa/ucm2/Intel/SOF/HiFi.conf
@@ -340,8 +355,16 @@ usr/share/alsa/ucm2/Intel/sof-glkda7219max/sof-glkda7219max.conf
usr/share/alsa/ucm2/Intel/sof-hda-dsp/Hdmi.conf
usr/share/alsa/ucm2/Intel/sof-hda-dsp/HiFi-sof.conf
usr/share/alsa/ucm2/Intel/sof-hda-dsp/HiFi.conf
+usr/share/alsa/ucm2/Intel/sof-hda-dsp/dsp.conf
usr/share/alsa/ucm2/Intel/sof-hda-dsp/sof-hda-dsp.conf
#usr/share/alsa/ucm2/MediaTek
+#usr/share/alsa/ucm2/MediaTek/mt8183
+#usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_da7219_rt1015p
+usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_da7219_rt1015p/HiFi.conf
+usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_da7219_rt1015p/mt8183_da7219_rt1015p.conf
+#usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_mt6358_ts3a227_max98357
+usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_mt6358_ts3a227_max98357/HiFi.conf
+usr/share/alsa/ucm2/MediaTek/mt8183/mt8183_mt6358_ts3a227_max98357/mt8183_mt6358_ts3a227_max98357.conf
#usr/share/alsa/ucm2/MediaTek/mt8192
#usr/share/alsa/ucm2/MediaTek/mt8192/mt6359-rt1015p-rt5682
usr/share/alsa/ucm2/MediaTek/mt8192/mt6359-rt1015p-rt5682/HiFi.conf
@@ -364,7 +387,10 @@ usr/share/alsa/ucm2/MediaTek/mt8370-evk/HiFi.conf
usr/share/alsa/ucm2/MediaTek/mt8370-evk/mt8370-evk.conf
#usr/share/alsa/ucm2/MediaTek/mt8390-evk
usr/share/alsa/ucm2/MediaTek/mt8390-evk/HiFi.conf
+usr/share/alsa/ucm2/MediaTek/mt8390-evk/init.conf
usr/share/alsa/ucm2/MediaTek/mt8390-evk/mt8390-evk.conf
+#usr/share/alsa/ucm2/MediaTek/mt8390-evk/sof
+usr/share/alsa/ucm2/MediaTek/mt8390-evk/sof/sof-mt8390-evk.conf
#usr/share/alsa/ucm2/MediaTek/mt8395-evk
usr/share/alsa/ucm2/MediaTek/mt8395-evk/HiFi.conf
usr/share/alsa/ucm2/MediaTek/mt8395-evk/mt8395-evk.conf
@@ -374,6 +400,19 @@ usr/share/alsa/ucm2/MediaTek/mtk-rt5650/HiFi.conf
usr/share/alsa/ucm2/MediaTek/mtk-rt5650/init.conf
usr/share/alsa/ucm2/MediaTek/mtk-rt5650/mtk-rt5650.conf
#usr/share/alsa/ucm2/NXP
+#usr/share/alsa/ucm2/NXP/iMX6
+#usr/share/alsa/ucm2/NXP/iMX6/Toradex
+#usr/share/alsa/ucm2/NXP/iMX6/Toradex/apalis-imx6
+usr/share/alsa/ucm2/NXP/iMX6/Toradex/apalis-imx6/HiFi.conf
+usr/share/alsa/ucm2/NXP/iMX6/Toradex/apalis-imx6/apalis-imx6.conf
+#usr/share/alsa/ucm2/NXP/iMX6/Toradex/colibri-imx6
+usr/share/alsa/ucm2/NXP/iMX6/Toradex/colibri-imx6/HiFi.conf
+usr/share/alsa/ucm2/NXP/iMX6/Toradex/colibri-imx6/colibri-imx6.conf
+#usr/share/alsa/ucm2/NXP/iMX7
+#usr/share/alsa/ucm2/NXP/iMX7/Toradex
+#usr/share/alsa/ucm2/NXP/iMX7/Toradex/colibri-imx7
+usr/share/alsa/ucm2/NXP/iMX7/Toradex/colibri-imx7/HiFi.conf
+usr/share/alsa/ucm2/NXP/iMX7/Toradex/colibri-imx7/colibri-imx7.conf
#usr/share/alsa/ucm2/NXP/iMX8
#usr/share/alsa/ucm2/NXP/iMX8/Librem_5
usr/share/alsa/ucm2/NXP/iMX8/Librem_5/HiFi.conf
@@ -381,6 +420,15 @@ usr/share/alsa/ucm2/NXP/iMX8/Librem_5/Librem 5.conf
#usr/share/alsa/ucm2/NXP/iMX8/Librem_5_Devkit
usr/share/alsa/ucm2/NXP/iMX8/Librem_5_Devkit/HiFi.conf
usr/share/alsa/ucm2/NXP/iMX8/Librem_5_Devkit/Librem 5 Devkit.conf
+#usr/share/alsa/ucm2/NXP/iMX8/Toradex
+#usr/share/alsa/ucm2/NXP/iMX8/Toradex/apalis-imx8
+usr/share/alsa/ucm2/NXP/iMX8/Toradex/apalis-imx8/HiFi.conf
+usr/share/alsa/ucm2/NXP/iMX8/Toradex/apalis-imx8/apalis-imx8.conf
+#usr/share/alsa/ucm2/NXP/iMX8X
+#usr/share/alsa/ucm2/NXP/iMX8X/Toradex
+#usr/share/alsa/ucm2/NXP/iMX8X/Toradex/colibri-imx8x
+usr/share/alsa/ucm2/NXP/iMX8X/Toradex/colibri-imx8x/HiFi.conf
+usr/share/alsa/ucm2/NXP/iMX8X/Toradex/colibri-imx8x/colibri-imx8x.conf
#usr/share/alsa/ucm2/OMAP
#usr/share/alsa/ucm2/OMAP/abe-twl6040
#usr/share/alsa/ucm2/OMAP/abe-twl6040/Pandaboard
@@ -409,6 +457,14 @@ usr/share/alsa/ucm2/Qualcomm/apq8016-sbc/apq8016-sbc.conf
usr/share/alsa/ucm2/Qualcomm/apq8096/HDMI.conf
usr/share/alsa/ucm2/Qualcomm/apq8096/HiFi.conf
usr/share/alsa/ucm2/Qualcomm/apq8096/apq8096.conf
+#usr/share/alsa/ucm2/Qualcomm/qcm6490
+#usr/share/alsa/ucm2/Qualcomm/qcm6490/QCM6490-IDP
+usr/share/alsa/ucm2/Qualcomm/qcm6490/QCM6490-IDP/HiFi.conf
+usr/share/alsa/ucm2/Qualcomm/qcm6490/QCM6490-IDP/QCM6490-IDP.conf
+#usr/share/alsa/ucm2/Qualcomm/qcs6490
+#usr/share/alsa/ucm2/Qualcomm/qcs6490/QCS6490-RB3Gen2
+usr/share/alsa/ucm2/Qualcomm/qcs6490/QCS6490-RB3Gen2/HiFi.conf
+usr/share/alsa/ucm2/Qualcomm/qcs6490/QCS6490-RB3Gen2/QCS6490-RB3Gen2.conf
#usr/share/alsa/ucm2/Qualcomm/sc7180
#usr/share/alsa/ucm2/Qualcomm/sc7180/adau7002-max98357a
usr/share/alsa/ucm2/Qualcomm/sc7180/adau7002-max98357a/HiFi.conf
@@ -442,9 +498,18 @@ usr/share/alsa/ucm2/Qualcomm/sm8650/MTP/SM8650-MTP.conf
#usr/share/alsa/ucm2/Qualcomm/sm8650/QRD
usr/share/alsa/ucm2/Qualcomm/sm8650/QRD/HiFi.conf
usr/share/alsa/ucm2/Qualcomm/sm8650/QRD/SM8650-QRD.conf
+#usr/share/alsa/ucm2/Qualcomm/sm8750
+#usr/share/alsa/ucm2/Qualcomm/sm8750/MTP
+usr/share/alsa/ucm2/Qualcomm/sm8750/MTP/HiFi.conf
+usr/share/alsa/ucm2/Qualcomm/sm8750/MTP/SM8750-MTP.conf
#usr/share/alsa/ucm2/Qualcomm/x1e80100
usr/share/alsa/ucm2/Qualcomm/x1e80100/HiFi.conf
+usr/share/alsa/ucm2/Qualcomm/x1e80100/LENOVO-Slim-7x.conf
+usr/share/alsa/ucm2/Qualcomm/x1e80100/LENOVO-T14s.conf
+usr/share/alsa/ucm2/Qualcomm/x1e80100/Slim7x-HiFi.conf
+usr/share/alsa/ucm2/Qualcomm/x1e80100/T14s-HiFi.conf
usr/share/alsa/ucm2/Qualcomm/x1e80100/X1E80100-CRD.conf
+usr/share/alsa/ucm2/Qualcomm/x1e80100/x1e80100.conf
#usr/share/alsa/ucm2/README.md
#usr/share/alsa/ucm2/Rockchip
#usr/share/alsa/ucm2/Rockchip/es8316
@@ -534,7 +599,10 @@ usr/share/alsa/ucm2/USB-Audio/Dell/WD15-Dock.conf
usr/share/alsa/ucm2/USB-Audio/Digidesign/Digidesign-Mbox-3-HiFi.conf
usr/share/alsa/ucm2/USB-Audio/Digidesign/Digidesign-Mbox-3.conf
#usr/share/alsa/ucm2/USB-Audio/Focusrite
+usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-18i20-HiFi.conf
+usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-18i20.conf
usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-2i-HiFi.conf
+usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-2i-gen4-HiFi.conf
usr/share/alsa/ucm2/USB-Audio/Focusrite/Scarlett-2i.conf
#usr/share/alsa/ucm2/USB-Audio/Gigabyte
usr/share/alsa/ucm2/USB-Audio/Gigabyte/Aorus-Master-Main-Audio-HiFi.conf
@@ -542,6 +610,9 @@ usr/share/alsa/ucm2/USB-Audio/Gigabyte/Aorus-Master-Main-Audio.conf
#usr/share/alsa/ucm2/USB-Audio/GoXLR
usr/share/alsa/ucm2/USB-Audio/GoXLR/GoXLR-HiFi.conf
usr/share/alsa/ucm2/USB-Audio/GoXLR/GoXLR.conf
+#usr/share/alsa/ucm2/USB-Audio/HyperX
+usr/share/alsa/ucm2/USB-Audio/HyperX/SoloCast-HiFi.conf
+usr/share/alsa/ucm2/USB-Audio/HyperX/SoloCast.conf
#usr/share/alsa/ucm2/USB-Audio/Lenovo
usr/share/alsa/ucm2/USB-Audio/Lenovo/ThinkStation-P620-Main-HiFi.conf
usr/share/alsa/ucm2/USB-Audio/Lenovo/ThinkStation-P620-Main.conf
@@ -561,6 +632,12 @@ usr/share/alsa/ucm2/USB-Audio/MOTU/UltraLite-mk5.conf
#usr/share/alsa/ucm2/USB-Audio/NativeInstruments
usr/share/alsa/ucm2/USB-Audio/NativeInstruments/Traktor-Kontrol-Z1-Mixer.conf
usr/share/alsa/ucm2/USB-Audio/NativeInstruments/Traktor-Kontrol-Z1.conf
+#usr/share/alsa/ucm2/USB-Audio/Presonus
+usr/share/alsa/ucm2/USB-Audio/Presonus/Revelator-IO-44-HiFi.conf
+usr/share/alsa/ucm2/USB-Audio/Presonus/Revelator-IO-44.conf
+#usr/share/alsa/ucm2/USB-Audio/RME
+usr/share/alsa/ucm2/USB-Audio/RME/Fireface-UCX-II-HiFi.conf
+usr/share/alsa/ucm2/USB-Audio/RME/Fireface-UCX-II.conf
#usr/share/alsa/ucm2/USB-Audio/Rane
usr/share/alsa/ucm2/USB-Audio/Rane/SL-1-HiFi.conf
usr/share/alsa/ucm2/USB-Audio/Rane/SL-1.conf
@@ -574,6 +651,10 @@ usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCast-Hifi.conf
usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCast.conf
usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCastV2-Hifi.conf
usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCastV2.conf
+usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCastXV2-Hifi.conf
+usr/share/alsa/ucm2/USB-Audio/Roland/BridgeCastXV2.conf
+usr/share/alsa/ucm2/USB-Audio/Roland/Quad-Capture-HiFi.conf
+usr/share/alsa/ucm2/USB-Audio/Roland/Quad-Capture.conf
#usr/share/alsa/ucm2/USB-Audio/SolidStateLabs
usr/share/alsa/ucm2/USB-Audio/SolidStateLabs/SSL2-HiFi.conf
usr/share/alsa/ucm2/USB-Audio/SolidStateLabs/SSL2.conf
@@ -589,6 +670,9 @@ usr/share/alsa/ucm2/USB-Audio/Steinberg/UR24C-HiFi.conf
usr/share/alsa/ucm2/USB-Audio/Steinberg/UR24C.conf
usr/share/alsa/ucm2/USB-Audio/Steinberg/UR44-HiFi.conf
usr/share/alsa/ucm2/USB-Audio/Steinberg/UR44.conf
+#usr/share/alsa/ucm2/USB-Audio/TASCAM
+usr/share/alsa/ucm2/USB-Audio/TASCAM/Model12-HiFi.conf
+usr/share/alsa/ucm2/USB-Audio/TASCAM/Model12.conf
usr/share/alsa/ucm2/USB-Audio/USB-Audio.conf
#usr/share/alsa/ucm2/USB-Audio/UniversalAudio
usr/share/alsa/ucm2/USB-Audio/UniversalAudio/Volt2-HiFi.conf
@@ -598,32 +682,46 @@ usr/share/alsa/ucm2/USB-Audio/UniversalAudio/Volt2.conf
#usr/share/alsa/ucm2/blobs/sof/ipc3
#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_fir
#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_fir/README.md
-#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_fir/pass.blob
+#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_fir/pass.bin
#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir
#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/README.md
-#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_100hz_0db_48khz.blob
-#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_20hz_0db_48khz.blob
-#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_50hz_0db_48khz.blob
-#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/pass.blob
+#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_100hz_0db_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_20hz_0db_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/highpass_50hz_0db_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc3/eq_iir/pass.bin
#usr/share/alsa/ucm2/blobs/sof/ipc4
#usr/share/alsa/ucm2/blobs/sof/ipc4/drc
#usr/share/alsa/ucm2/blobs/sof/ipc4/drc/README.md
-#usr/share/alsa/ucm2/blobs/sof/ipc4/drc/passthrough.blob
-#usr/share/alsa/ucm2/blobs/sof/ipc4/drc/speaker_default.blob
+#usr/share/alsa/ucm2/blobs/sof/ipc4/drc/passthrough.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/drc/speaker_default.bin
#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_fir
#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_fir/README.md
-#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_fir/pass.blob
+#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_fir/pass.bin
#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir
#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/README.md
-#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_100hz_0db_48khz.blob
-#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_20hz_0db_48khz.blob
-#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_50hz_0db_48khz.blob
-#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/pass.blob
+#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_100hz_0db_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_20hz_0db_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/highpass_50hz_0db_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/eq_iir/pass.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb
+#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/README.md
+#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_50mm_pm5_15_30_90deg_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_68mm_pm5_15_30_90deg_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_74mm_pm5_15_30_90deg_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_generic_pm10deg_48khz.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line2_pass.bin
+#usr/share/alsa/ucm2/blobs/sof/ipc4/tdfb/line4_pass.bin
#usr/share/alsa/ucm2/blobs/sof/product_configs
#usr/share/alsa/ucm2/blobs/sof/product_configs/AAEON
usr/share/alsa/ucm2/blobs/sof/product_configs/AAEON/UPX-TGL01.conf
#usr/share/alsa/ucm2/codecs
+#usr/share/alsa/ucm2/codecs/cs35l56
+#usr/share/alsa/ucm2/codecs/cs35l56-bridge
+usr/share/alsa/ucm2/codecs/cs35l56-bridge/init.conf
+usr/share/alsa/ucm2/codecs/cs35l56/init.conf
#usr/share/alsa/ucm2/codecs/cs42l43
+#usr/share/alsa/ucm2/codecs/cs42l43-dmic
+usr/share/alsa/ucm2/codecs/cs42l43-dmic/init.conf
usr/share/alsa/ucm2/codecs/cs42l43/init.conf
#usr/share/alsa/ucm2/codecs/cx2072x
usr/share/alsa/ucm2/codecs/cx2072x/DisableSeq.conf
@@ -687,6 +785,8 @@ usr/share/alsa/ucm2/codecs/qcom-lpass/wsa-macro/Wsa2SpeakerEnableSeq.conf
#usr/share/alsa/ucm2/codecs/qcom-lpass/wsa-macro/four-speakers
usr/share/alsa/ucm2/codecs/qcom-lpass/wsa-macro/four-speakers/init.conf
usr/share/alsa/ucm2/codecs/qcom-lpass/wsa-macro/init.conf
+#usr/share/alsa/ucm2/codecs/rt1318
+usr/share/alsa/ucm2/codecs/rt1318/init.conf
#usr/share/alsa/ucm2/codecs/rt5640
usr/share/alsa/ucm2/codecs/rt5640/DigitalMics.conf
usr/share/alsa/ucm2/codecs/rt5640/EnableSeq.conf
@@ -820,6 +920,7 @@ usr/share/alsa/ucm2/codecs/wsa884x/two-speakers/SpeakerSeq.conf
usr/share/alsa/ucm2/codecs/wsa884x/two-speakers/init.conf
#usr/share/alsa/ucm2/common
#usr/share/alsa/ucm2/common/ctl
+usr/share/alsa/ucm2/common/ctl/led.conf
usr/share/alsa/ucm2/common/ctl/remap.conf
usr/share/alsa/ucm2/common/direct-verb.conf
usr/share/alsa/ucm2/common/direct.conf
@@ -850,6 +951,8 @@ usr/share/alsa/ucm2/conf.d/acp-pdm-mach/acp-pdm-mach.conf
usr/share/alsa/ucm2/conf.d/acp/acp.conf
#usr/share/alsa/ucm2/conf.d/acp3x-es83xx
usr/share/alsa/ucm2/conf.d/acp3x-es83xx/acp3x-es83xx.conf
+#usr/share/alsa/ucm2/conf.d/acp3xalc5682101
+usr/share/alsa/ucm2/conf.d/acp3xalc5682101/acp3xalc5682101.conf
#usr/share/alsa/ucm2/conf.d/acp3xalc5682m98
usr/share/alsa/ucm2/conf.d/acp3xalc5682m98/acp3xalc5682m98.conf
#usr/share/alsa/ucm2/conf.d/acp5x
@@ -862,6 +965,8 @@ usr/share/alsa/ucm2/conf.d/acp63/acp63.conf
usr/share/alsa/ucm2/conf.d/acp6x/acp6x.conf
#usr/share/alsa/ucm2/conf.d/acpd7219m98357
usr/share/alsa/ucm2/conf.d/acpd7219m98357/acpd7219m98357.conf
+#usr/share/alsa/ucm2/conf.d/amd-soundwire
+usr/share/alsa/ucm2/conf.d/amd-soundwire/amd-soundwire.conf
#usr/share/alsa/ucm2/conf.d/apq8096
usr/share/alsa/ucm2/conf.d/apq8096/DB820c.conf
#usr/share/alsa/ucm2/conf.d/avs_da7219
@@ -920,6 +1025,9 @@ usr/share/alsa/ucm2/conf.d/chtnau8824/chtnau8824.conf
usr/share/alsa/ucm2/conf.d/chtrt5645/chtrt5645.conf
#usr/share/alsa/ucm2/conf.d/chtrt5650
usr/share/alsa/ucm2/conf.d/chtrt5650/chtrt5650.conf
+#usr/share/alsa/ucm2/conf.d/fsl-asoc-card
+usr/share/alsa/ucm2/conf.d/fsl-asoc-card/apalis-imx6.conf
+usr/share/alsa/ucm2/conf.d/fsl-asoc-card/colibri-imx6.conf
#usr/share/alsa/ucm2/conf.d/gx-sound-card
usr/share/alsa/ucm2/conf.d/gx-sound-card/GXL-P241.conf
usr/share/alsa/ucm2/conf.d/gx-sound-card/LIBRETECH-CC.conf
@@ -929,6 +1037,10 @@ usr/share/alsa/ucm2/conf.d/hda-dsp/hda-dsp.conf
usr/share/alsa/ucm2/conf.d/hdaudioB0D2/hdaudioB0D2.conf
#usr/share/alsa/ucm2/conf.d/kblrt5660
usr/share/alsa/ucm2/conf.d/kblrt5660/kblrt5660.conf
+#usr/share/alsa/ucm2/conf.d/mt8183_da7219_r
+usr/share/alsa/ucm2/conf.d/mt8183_da7219_r/mt8183_da7219_r.conf
+#usr/share/alsa/ucm2/conf.d/mt8183_mt6358_t
+usr/share/alsa/ucm2/conf.d/mt8183_mt6358_t/mt8183_mt6358_t.conf
#usr/share/alsa/ucm2/conf.d/mt8192_mt6359
usr/share/alsa/ucm2/conf.d/mt8192_mt6359/mt8192_mt6359_rt1015p_rt5682.conf
#usr/share/alsa/ucm2/conf.d/mt8195_demo
@@ -943,6 +1055,10 @@ usr/share/alsa/ucm2/conf.d/mt8390-evk/mt8390-evk.conf
usr/share/alsa/ucm2/conf.d/mt8395-evk/mt8395-evk.conf
#usr/share/alsa/ucm2/conf.d/mtk-rt5650
usr/share/alsa/ucm2/conf.d/mtk-rt5650/mtk-rt5650.conf
+#usr/share/alsa/ucm2/conf.d/qcm6490
+usr/share/alsa/ucm2/conf.d/qcm6490/QCM6490-IDP.conf
+#usr/share/alsa/ucm2/conf.d/qcs6490
+usr/share/alsa/ucm2/conf.d/qcs6490/QCS6490-RB3Gen2.conf
#usr/share/alsa/ucm2/conf.d/rk3399-gru-soun
usr/share/alsa/ucm2/conf.d/rk3399-gru-soun/rk3399-gru-soun.conf
#usr/share/alsa/ucm2/conf.d/rk3588-es8316
@@ -958,9 +1074,15 @@ usr/share/alsa/ucm2/conf.d/sdm845/LENOVO-81JL-LenovoYOGAC630_13Q50-LNVNB161216.c
usr/share/alsa/ucm2/conf.d/simple-card/Librem 5 Devkit.conf
usr/share/alsa/ucm2/conf.d/simple-card/Librem 5.conf
usr/share/alsa/ucm2/conf.d/simple-card/PinePhone.conf
+usr/share/alsa/ucm2/conf.d/simple-card/apalis-imx8.conf
+usr/share/alsa/ucm2/conf.d/simple-card/apalis-nau8822.conf
+usr/share/alsa/ucm2/conf.d/simple-card/colibri-imx7.conf
+usr/share/alsa/ucm2/conf.d/simple-card/colibri-imx8x.conf
usr/share/alsa/ucm2/conf.d/simple-card/rk817_ext.conf
usr/share/alsa/ucm2/conf.d/simple-card/rk817_int.conf
usr/share/alsa/ucm2/conf.d/simple-card/rockchip,es8316-codec.conf
+usr/share/alsa/ucm2/conf.d/simple-card/verdin-nau8822.conf
+usr/share/alsa/ucm2/conf.d/simple-card/verdin-wm8904.conf
#usr/share/alsa/ucm2/conf.d/skylake-rt286
usr/share/alsa/ucm2/conf.d/skylake-rt286/skylake-rt286.conf
#usr/share/alsa/ucm2/conf.d/sm8250
@@ -970,6 +1092,8 @@ usr/share/alsa/ucm2/conf.d/sm8550/SM8550-HDK.conf
#usr/share/alsa/ucm2/conf.d/sm8650
usr/share/alsa/ucm2/conf.d/sm8650/SM8650-MTP.conf
usr/share/alsa/ucm2/conf.d/sm8650/SM8650-QRD.conf
+#usr/share/alsa/ucm2/conf.d/sm8750
+usr/share/alsa/ucm2/conf.d/sm8750/SM8750-MTP.conf
#usr/share/alsa/ucm2/conf.d/sof-ehl-rt5660
usr/share/alsa/ucm2/conf.d/sof-ehl-rt5660/sof-ehl-rt5660.conf
#usr/share/alsa/ucm2/conf.d/sof-essx8336
@@ -983,9 +1107,13 @@ usr/share/alsa/ucm2/conf.d/sof-hda-dsp/sof-skl_hda_card.conf
usr/share/alsa/ucm2/conf.d/sof-m8195_r1019/sof-m8195_r1019_5682s.conf
#usr/share/alsa/ucm2/conf.d/sof-mt8195_r101
usr/share/alsa/ucm2/conf.d/sof-mt8195_r101/sof-mt8195_r1019_5682.conf
+#usr/share/alsa/ucm2/conf.d/sof-mt8390-evk
+usr/share/alsa/ucm2/conf.d/sof-mt8390-evk/sof-mt8390-evk.conf
#usr/share/alsa/ucm2/conf.d/sof-skl_hda_card
#usr/share/alsa/ucm2/conf.d/sof-soundwire
usr/share/alsa/ucm2/conf.d/sof-soundwire/sof-soundwire.conf
+#usr/share/alsa/ucm2/conf.d/sun4i-codec
+usr/share/alsa/ucm2/conf.d/sun4i-codec/h616-audio-codec.conf
#usr/share/alsa/ucm2/conf.d/tegra
#usr/share/alsa/ucm2/conf.d/tegra-hda
usr/share/alsa/ucm2/conf.d/tegra-hda/tegra-hda.conf
@@ -1005,6 +1133,7 @@ usr/share/alsa/ucm2/conf.d/tegra/LG Optimus 4X HD MAX98089.conf
usr/share/alsa/ucm2/conf.d/tegra/LG Optimus Vu MAX98089.conf
#usr/share/alsa/ucm2/conf.d/x1e80100
usr/share/alsa/ucm2/conf.d/x1e80100/X1E80100-CRD.conf
+usr/share/alsa/ucm2/conf.d/x1e80100/x1e80100.conf
#usr/share/alsa/ucm2/conf.virt.d
usr/share/alsa/ucm2/conf.virt.d/.gitignore
#usr/share/alsa/ucm2/lib
@@ -1063,7 +1192,6 @@ usr/share/alsa/ucm2/ucm.conf
#usr/share/locale/sk/LC_MESSAGES/alsa-utils.mo
#usr/share/man/fr/man8/alsaconf.8
#usr/share/man/man1/aconnect.1
-#usr/share/man/man1/alsa-info.sh.1
#usr/share/man/man1/alsabat.1
#usr/share/man/man1/alsactl.1
#usr/share/man/man1/alsaloop.1
@@ -1085,6 +1213,7 @@ usr/share/alsa/ucm2/ucm.conf
#usr/share/man/man1/iecset.1
#usr/share/man/man1/nhlt-dmic-info.1
#usr/share/man/man1/speaker-test.1
+#usr/share/man/man8/alsa-info.sh.8
#usr/share/man/man8/alsaconf.8
#usr/share/sounds
usr/share/sounds/alsa
diff --git a/config/udev/network-aqm b/config/udev/network-aqm
index 36355cfc6b..aad49abbea 100644
--- a/config/udev/network-aqm
+++ b/config/udev/network-aqm
@@ -79,6 +79,11 @@ case "${ACTION}" in
exit 0
;;
+ # Ignore WireGuard
+ wg[0-9]*,*)
+ exit 0
+ ;;
+
# Handle dial-up connections on RED
ppp*,512)
args+=( "cake" "internet" "conservative" "ack-filter" )
diff --git a/config/wireguard/wg-dynamic b/config/wireguard/wg-dynamic
new file mode 100644
index 0000000000..d67abbca28
--- /dev/null
+++ b/config/wireguard/wg-dynamic
@@ -0,0 +1,122 @@
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# #
+# This script tries to keep WireGuard connections with dynamic peers alive #
+# #
+# It resolves the endpoint if it is an FQDN, and if so, will check if the #
+# currently connected endpoint matches any of the resolved IP addresses. If #
+# not it will reload the WireGuard configuration in the hope that wg will #
+# update the kernel with the new IP address and the connection comes back up #
+# again. #
+# #
+###############################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+# Fetches the first endpoint that is currently active on the given interface
+current_endpoint() {
+ local intf="${1}"
+
+ local pubkey
+ local endpoint
+
+ # List the first endpoint (are there even more than one?)
+ wg show "${intf}" endpoints | while read -r pubkey endpoint; do
+ echo "${endpoint%:*}"
+ break
+ done
+
+ return 0
+}
+
+# Resolves a hostname
+resolve() {
+ local endpoint="${1}"
+
+ dig +short "A" "${endpoint}" 2>/dev/null
+}
+
+main() {
+ local -A settings=()
+
+ # Read WireGuard settings
+ readhash settings /var/ipfire/wireguard/settings
+
+ # Do nothing if WireGuard is not enabled
+ if [ "${settings[ENABLED]}" != "on" ]; then
+ return 0
+ fi
+
+ local line
+ while IFS=',' read -r -a line; do
+ local id="${line[0]}"
+ local enabled="${line[1]}"
+ local type="${line[2]}"
+ local name="${line[3]}"
+ local endpoint="${line[7]}"
+
+ # Only process enabled net-to-net connections
+ case "${enabled},${type}" in
+ on,net)
+ ;;
+ *)
+ continue
+ ;;
+ esac
+
+ # The endpoint must be an FQDN
+ case "${endpoint}" in
+ # Ignore IP addresses
+ [0-9]*.[0-9]*.[0-9]*.[0-9]*)
+ continue
+ ;;
+
+ # Ignore if we don't know the endpoint
+ "")
+ continue
+ ;;
+ esac
+
+ local address
+ local match=0
+
+ # Fetch the current endpoint address
+ local current_address="$(current_endpoint "wg${id}")"
+
+ # Walk through all IP addresses the FQDN resolves to
+ for address in $(resolve "${endpoint}"); do
+ if [ "${current_address}" = "${address}" ]; then
+ match=1
+ break
+ fi
+ done
+
+ # If there has been no match, we have to reload everything
+ if [ "${match}" -eq 0 ]; then
+ exec /etc/init.d/wireguard reload
+ fi
+ done < /var/ipfire/wireguard/peers
+
+ return 0
+}
+
+main "$@" || exit $?
diff --git a/doc/language_issues.de b/doc/language_issues.de
index b5309f41ba..090850fbe7 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -184,7 +184,6 @@ WARNING: translation string unused: could not open installed updates file
WARNING: translation string unused: could not open update information file
WARNING: translation string unused: cpu frequency per
WARNING: translation string unused: cpu usage per
-WARNING: translation string unused: create
WARNING: translation string unused: create mask
WARNING: translation string unused: create new backup
WARNING: translation string unused: current media
@@ -631,6 +630,7 @@ WARNING: translation string unused: ovpn_processprioVH
WARNING: translation string unused: ovpnstatus log
WARNING: translation string unused: ovpnsys log
WARNING: translation string unused: package failed to install
+WARNING: translation string unused: pakfire accept all
WARNING: translation string unused: pakfire core update auto
WARNING: translation string unused: pakfire dependecies found
WARNING: translation string unused: pakfire health check
@@ -896,6 +896,8 @@ WARNING: translation string unused: webradio playlist
WARNING: translation string unused: week
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: wg download configuration
+WARNING: translation string unused: wg show configuration qrcode
WARNING: translation string unused: wildcards
WARNING: translation string unused: wins server
WARNING: translation string unused: wins support
@@ -938,6 +940,7 @@ WARNING: untranslated string: access point name = Access Point Name
WARNING: untranslated string: access point name is invalid = Access Point Name is invalid
WARNING: untranslated string: access point name is required = Access Point Name is required
WARNING: untranslated string: aliases default interface = - Default Interface -
+WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: ca name must only contain characters and spaces = unknown string
WARNING: untranslated string: cake profile bridged-llcsnap 32 = Bridged LLC SNAP (32 bytes)
WARNING: untranslated string: cake profile bridged-ptm 19 = Bridged PTM (19 bytes)
@@ -961,11 +964,15 @@ WARNING: untranslated string: download apple profile = Download Apple Configurat
WARNING: untranslated string: enable = Enable
WARNING: untranslated string: enable disable client = unknown string
WARNING: untranslated string: enable disable dyndns = unknown string
+WARNING: untranslated string: endpoint = Endpoint
+WARNING: untranslated string: endpoint address = Endpoint Address
+WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: error message = unknown string
WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
WARNING: untranslated string: fwhost cust locationgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
WARNING: untranslated string: guardian block a host = unknown string
WARNING: untranslated string: guardian block httpd brute-force = unknown string
WARNING: untranslated string: guardian block ssh brute-force = unknown string
@@ -1004,6 +1011,7 @@ WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS
WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation
+WARNING: untranslated string: local subnets = Local Subnets
WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks
WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon
@@ -1012,12 +1020,17 @@ WARNING: untranslated string: oops something went wrong = Oops, something went w
WARNING: untranslated string: optional = Optional
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
WARNING: untranslated string: pakfire invalid tree = Invalid repository selected
+WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
+WARNING: untranslated string: remarks = Remarks
+WARNING: untranslated string: remote subnets = Remote Subnets
WARNING: untranslated string: required = Required
WARNING: untranslated string: route config changed = unknown string
+WARNING: untranslated string: routing = Routing
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: samba server role member = Domain Member
@@ -1026,6 +1039,34 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key
WARNING: untranslated string: smb daemon = SMB Daemon
WARNING: untranslated string: subscription code = Subscription code
WARNING: untranslated string: user management = User Management
+WARNING: untranslated string: wg client pool = Client Pool
+WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
+WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
+WARNING: untranslated string: wg dns = DNS
+WARNING: untranslated string: wg download configuration file = Download the configuration file
+WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
+WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
+WARNING: untranslated string: wg invalid client pool = Invalid client pool
+WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
+WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
+WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
+WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
+WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
+WARNING: untranslated string: wg invalid public key = Invalid public key
+WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
+WARNING: untranslated string: wg name is already used = The name is already in use
+WARNING: untranslated string: wg no local subnets = No local subnets given
+WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
+WARNING: untranslated string: wg no remote subnets = No remote subnets given
+WARNING: untranslated string: wg peer configuration = Peer Configuration
+WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
+WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: winbind daemon = Winbind Daemon
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: wio checked = unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 28eb622a69..1c1c546f7e 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -306,6 +306,7 @@ WARNING: untranslated string: aliases = Aliases
WARNING: untranslated string: aliases default interface = - Default Interface -
WARNING: untranslated string: aliases not active = Aliases will not be active unless your RED interface is STATIC
WARNING: untranslated string: all = All
+WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: alt dialup = Dialup
WARNING: untranslated string: alt home = Home
WARNING: untranslated string: alt logs = Logs
@@ -513,6 +514,7 @@ WARNING: untranslated string: cpu nice usage = Nice CPU Usage
WARNING: untranslated string: cpu steal usage = Steal CPU Usage
WARNING: untranslated string: cpu system usage = System CPU Usage
WARNING: untranslated string: cpu user usage = User CPU Usage
+WARNING: untranslated string: create = Create
WARNING: untranslated string: credits = Credits
WARNING: untranslated string: crl = Certificate Revocation List
WARNING: untranslated string: cron server = CRON Server
@@ -645,6 +647,7 @@ WARNING: untranslated string: domain name = Domain name
WARNING: untranslated string: domain name suffix = Domain name suffix:
WARNING: untranslated string: donation = Donation
WARNING: untranslated string: donation-text = <strong>IPFire</strong> is driven and maintained by volunteers in their free time. To keep this project running costs incurred, if you like to support us we would be pleased by a small donation.
+WARNING: untranslated string: done = Done
WARNING: untranslated string: down and up speed = Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.
WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
WARNING: untranslated string: downlink = Downlink
@@ -725,6 +728,9 @@ WARNING: untranslated string: enabled on = Enabled on
WARNING: untranslated string: encapsulation = Encapsulation
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: end address = End address:
+WARNING: untranslated string: endpoint = Endpoint
+WARNING: untranslated string: endpoint address = Endpoint Address
+WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: enter data = Enter your settings <br /> and then press <i>Save</i>.
WARNING: untranslated string: error = Error
WARNING: untranslated string: error message = unknown string
@@ -961,6 +967,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks:
WARNING: untranslated string: fwhost type = Type
WARNING: untranslated string: fwhost used = Used
WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
WARNING: untranslated string: gateway = Gateway
WARNING: untranslated string: gateway ip = Gateway IP
WARNING: untranslated string: generate a certificate = Generate a certificate:
@@ -1071,6 +1078,7 @@ WARNING: untranslated string: iface = Iface
WARNING: untranslated string: ignore filter = Ignore filter
WARNING: untranslated string: ike lifetime should be between 1 and 24 hours = IKE lifetime should be between 1 and 24 hours.
WARNING: untranslated string: imei = IMEI
+WARNING: untranslated string: import connection = Import a Connection
WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: include logfiles = Include logfiles
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
@@ -1094,6 +1102,8 @@ WARNING: untranslated string: invalid characters found in pre-shared key = Inval
WARNING: untranslated string: invalid default lease time = Invalid default lease time.
WARNING: untranslated string: invalid domain name = Invalid domain name.
WARNING: untranslated string: invalid end address = Invalid end address.
+WARNING: untranslated string: invalid endpoint = Invalid Endpoint
+WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address
WARNING: untranslated string: invalid fixed ip address = Invalid fixed IP address
WARNING: untranslated string: invalid fixed mac address = Invalid fixed MAC address
WARNING: untranslated string: invalid hostname = Invalid hostname.
@@ -1128,8 +1138,10 @@ WARNING: untranslated string: invalid input for state or province = Invalid inpu
WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
WARNING: untranslated string: invalid ip = Invalid IP Address
+WARNING: untranslated string: invalid ip address = Invalid IP Address
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
WARNING: untranslated string: invalid keep time = Keep time must be a valid number
+WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval
WARNING: untranslated string: invalid key = Invalid key.
WARNING: untranslated string: invalid local-remote id = local & remote id must not be equal and begin with a "@" sign. These are leftid and rightid in strongswan terminology.
WARNING: untranslated string: invalid logserver address = Invalid syslogd server address
@@ -1142,6 +1154,7 @@ WARNING: untranslated string: invalid maximum outgoing size = Invalid maximum ou
WARNING: untranslated string: invalid minimum object size = Invalid minimum object size.
WARNING: untranslated string: invalid mtu input = Invalid MTU
WARNING: untranslated string: invalid netmask = Invalid netmask
+WARNING: untranslated string: invalid network = Invalid Network
WARNING: untranslated string: invalid port = Invalid port. Must be a valid port number.
WARNING: untranslated string: invalid primary dns = Invalid primary DNS.
WARNING: untranslated string: invalid primary ntp = Invalid Primary NTP server address
@@ -1216,8 +1229,10 @@ WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulatio
WARNING: untranslated string: load average = Load Average
WARNING: untranslated string: local ip address = Local IP Address
WARNING: untranslated string: local ntp server specified but not enabled = Local NTP server specified but not enabled
+WARNING: untranslated string: local port = Local Port
WARNING: untranslated string: local subnet = Local subnet:
WARNING: untranslated string: local subnet is invalid = Local subnet is invalid.
+WARNING: untranslated string: local subnets = Local Subnets
WARNING: untranslated string: local vpn hostname/ip = Local VPN Hostname/IP
WARNING: untranslated string: location = Location
WARNING: untranslated string: locationblock = Location Block
@@ -1261,6 +1276,9 @@ WARNING: untranslated string: mac1 new = new MAC address 1 (vdsl-inet):
WARNING: untranslated string: mac2 new = new MAC address 2 (vdsl-iptv):
WARNING: untranslated string: magic packet send to: = Magic packet send to:
WARNING: untranslated string: main page = Main page
+WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key
+WARNING: untranslated string: malformed private key = Malformed Private Key
+WARNING: untranslated string: malformed public key = Malformed Public Key
WARNING: untranslated string: manage shares = Manage Shares
WARNING: untranslated string: manually = Manually
WARNING: untranslated string: map to guest = Map to Guest
@@ -1447,10 +1465,10 @@ WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: pagerefresh = Page is beeing refreshed, please wait.
WARNING: untranslated string: pak update = Update
-WARNING: untranslated string: pakfire accept all = Do you want to install all packages?
WARNING: untranslated string: pakfire ago = ago.
WARNING: untranslated string: pakfire already busy = Pakfire is already performing a task. Please try again later.
WARNING: untranslated string: pakfire available addons = Available Add-ons:
+WARNING: untranslated string: pakfire check deps = Checking dependencies...
WARNING: untranslated string: pakfire configuration = Pakfire Configuration
WARNING: untranslated string: pakfire confirm upgrades = Do you want to install all upgrades?
WARNING: untranslated string: pakfire core update level = Core-Update-Level
@@ -1458,7 +1476,7 @@ WARNING: untranslated string: pakfire finished = Pakfire has finished! Returning
WARNING: untranslated string: pakfire finished error = Pakfire has finished! Errors occurred, please check the log output before proceeding.
WARNING: untranslated string: pakfire install = Install
WARNING: untranslated string: pakfire install description = Please select one or more add-ons to install.
-WARNING: untranslated string: pakfire install package = You want to install the following packages:
+WARNING: untranslated string: pakfire install package = Packages to install:
WARNING: untranslated string: pakfire installed addons = Installed Add-ons:
WARNING: untranslated string: pakfire invalid tree = Invalid repository selected
WARNING: untranslated string: pakfire last core list update = Last core list update made
@@ -1533,11 +1551,13 @@ WARNING: untranslated string: proxy reports today = Today
WARNING: untranslated string: proxy reports weekly = Weekly reports
WARNING: untranslated string: ptr = PTR
WARNING: untranslated string: ptr lookup failed = Reverse lookup failed
+WARNING: untranslated string: public key = Public Key
WARNING: untranslated string: pulse = Pulse
WARNING: untranslated string: pulse dial = Pulse dial:
WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!
WARNING: untranslated string: qos graphs = Qos Graphs
WARNING: untranslated string: qos warning = The rule <strong>must</strong> be saved, otherwise it will be discarded!
+WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: ram = RAM
WARNING: untranslated string: rdns = rDNS
WARNING: untranslated string: read bytes = Bytes Read
@@ -1562,6 +1582,7 @@ WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is
WARNING: untranslated string: release = Release
WARNING: untranslated string: remark = Remark
WARNING: untranslated string: remark title = Remark:
+WARNING: untranslated string: remarks = Remarks
WARNING: untranslated string: remote access = Remote access
WARNING: untranslated string: remote announce = Remote Announce
WARNING: untranslated string: remote browse sync = Remote Browse Sync
@@ -1569,6 +1590,7 @@ WARNING: untranslated string: remote host/ip = Remote host/IP
WARNING: untranslated string: remote logging = Remote logging
WARNING: untranslated string: remote subnet = Remote subnet:
WARNING: untranslated string: remote subnet is invalid = Remote subnet is invalid.
+WARNING: untranslated string: remote subnets = Remote Subnets
WARNING: untranslated string: remove = Remove
WARNING: untranslated string: remove ca certificate = Remove CA certificate
WARNING: untranslated string: remove x509 = Remove x509
@@ -1584,6 +1606,7 @@ WARNING: untranslated string: retbleed = Retbleed
WARNING: untranslated string: reverse sort = Sort in reverse chronological order
WARNING: untranslated string: root certificate = Root Certificate
WARNING: untranslated string: route config changed = unknown string
+WARNING: untranslated string: routing = Routing
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
@@ -2133,6 +2156,35 @@ WARNING: untranslated string: web server = Web Server
WARNING: untranslated string: website = Website
WARNING: untranslated string: wednesday = Wednesday
WARNING: untranslated string: weeks = Weeks
+WARNING: untranslated string: wg client pool = Client Pool
+WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
+WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
+WARNING: untranslated string: wg dns = DNS
+WARNING: untranslated string: wg download configuration file = Download the configuration file
+WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
+WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
+WARNING: untranslated string: wg invalid client pool = Invalid client pool
+WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
+WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
+WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
+WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
+WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
+WARNING: untranslated string: wg invalid public key = Invalid public key
+WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
+WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg name is already used = The name is already in use
+WARNING: untranslated string: wg no local subnets = No local subnets given
+WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
+WARNING: untranslated string: wg no remote subnets = No remote subnets given
+WARNING: untranslated string: wg peer configuration = Peer Configuration
+WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
+WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 00297e3ec9..cf72374357 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -203,7 +203,6 @@ WARNING: translation string unused: could not open installed updates file
WARNING: translation string unused: could not open update information file
WARNING: translation string unused: cpu frequency per
WARNING: translation string unused: cpu usage per
-WARNING: translation string unused: create
WARNING: translation string unused: create mask
WARNING: translation string unused: create new backup
WARNING: translation string unused: cryptographic settings
@@ -289,7 +288,6 @@ WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain master
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
-WARNING: translation string unused: done
WARNING: translation string unused: dos charset
WARNING: translation string unused: download dh parameter
WARNING: translation string unused: download new ruleset
@@ -686,6 +684,7 @@ WARNING: translation string unused: ovpn_processprioVH
WARNING: translation string unused: ovpnstatus log
WARNING: translation string unused: ovpnsys log
WARNING: translation string unused: package failed to install
+WARNING: translation string unused: pakfire accept all
WARNING: translation string unused: pakfire core update auto
WARNING: translation string unused: pakfire dependencies found
WARNING: translation string unused: pakfire health check
@@ -1010,15 +1009,20 @@ WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: access point name = Access Point Name
WARNING: untranslated string: access point name is invalid = Access Point Name is invalid
WARNING: untranslated string: access point name is required = Access Point Name is required
+WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: bypassed = Bypassed
WARNING: untranslated string: ca name must only contain characters and spaces = unknown string
WARNING: untranslated string: cpu frequency = CPU frequency
WARNING: untranslated string: data transfer = Data Transfer
WARNING: untranslated string: dhcp fixed ip address in dynamic range = Fixed IP Address in dynamic range
WARNING: untranslated string: dns servers = DNS Servers
+WARNING: untranslated string: done = Done
WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
WARNING: untranslated string: enable disable client = unknown string
WARNING: untranslated string: enable disable dyndns = unknown string
+WARNING: untranslated string: endpoint = Endpoint
+WARNING: untranslated string: endpoint address = Endpoint Address
+WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: error message = unknown string
WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string
WARNING: untranslated string: extrahd mounted = Mounted
@@ -1028,6 +1032,7 @@ WARNING: untranslated string: extrahd not mounted = Not mounted
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
WARNING: untranslated string: fwhost cust locationgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
WARNING: untranslated string: guardian block a host = unknown string
WARNING: untranslated string: guardian block httpd brute-force = unknown string
WARNING: untranslated string: guardian block ssh brute-force = unknown string
@@ -1062,13 +1067,24 @@ WARNING: untranslated string: hostile networks out = To Hostile Networks
WARNING: untranslated string: hostile networks total = Total Hostile Networks
WARNING: untranslated string: ids provider eol = (EOL)
WARNING: untranslated string: ids rulesets = Rulesets
+WARNING: untranslated string: import connection = Import a Connection
WARNING: untranslated string: info messages = unknown string
+WARNING: untranslated string: invalid endpoint = Invalid Endpoint
+WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address
+WARNING: untranslated string: invalid ip address = Invalid IP Address
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
+WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval
+WARNING: untranslated string: invalid network = Invalid Network
WARNING: untranslated string: ips throughput = Throughput
WARNING: untranslated string: last updated = Last Updated
WARNING: untranslated string: load average = Load Average
+WARNING: untranslated string: local port = Local Port
+WARNING: untranslated string: local subnets = Local Subnets
WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks
WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
+WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key
+WARNING: untranslated string: malformed private key = Malformed Private Key
+WARNING: untranslated string: malformed public key = Malformed Public Key
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: oops something went wrong = Oops, something went wrong...
WARNING: untranslated string: openvpn cert expires soon = Expires Soon
@@ -1077,11 +1093,16 @@ WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Serv
WARNING: untranslated string: pakfire ago = ago.
WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark.
WARNING: untranslated string: processors = Processors
+WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
+WARNING: untranslated string: remarks = Remarks
+WARNING: untranslated string: remote subnets = Remote Subnets
WARNING: untranslated string: route config changed = unknown string
+WARNING: untranslated string: routing = Routing
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
@@ -1093,6 +1114,35 @@ WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
WARNING: untranslated string: total = Total
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: wg client pool = Client Pool
+WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
+WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
+WARNING: untranslated string: wg dns = DNS
+WARNING: untranslated string: wg download configuration file = Download the configuration file
+WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
+WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
+WARNING: untranslated string: wg invalid client pool = Invalid client pool
+WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
+WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
+WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
+WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
+WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
+WARNING: untranslated string: wg invalid public key = Invalid public key
+WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
+WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg name is already used = The name is already in use
+WARNING: untranslated string: wg no local subnets = No local subnets given
+WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
+WARNING: untranslated string: wg no remote subnets = No remote subnets given
+WARNING: untranslated string: wg peer configuration = Peer Configuration
+WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
+WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: wio checked = unknown string
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 2ffa0a8dd3..702911061d 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -206,7 +206,6 @@ WARNING: translation string unused: could not open installed updates file
WARNING: translation string unused: could not open update information file
WARNING: translation string unused: cpu frequency per
WARNING: translation string unused: cpu usage per
-WARNING: translation string unused: create
WARNING: translation string unused: create mask
WARNING: translation string unused: create new backup
WARNING: translation string unused: cryptographic settings
@@ -286,7 +285,6 @@ WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain master
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
-WARNING: translation string unused: done
WARNING: translation string unused: dos charset
WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
@@ -661,6 +659,7 @@ WARNING: translation string unused: ovpn_processprioVH
WARNING: translation string unused: ovpnstatus log
WARNING: translation string unused: ovpnsys log
WARNING: translation string unused: package failed to install
+WARNING: translation string unused: pakfire accept all
WARNING: translation string unused: pakfire core update auto
WARNING: translation string unused: pakfire dependencies found
WARNING: translation string unused: pakfire health check
@@ -975,17 +974,23 @@ WARNING: translation string unused: zoneconf val vlan amount assignment error
WARNING: translation string unused: zoneconf val vlan tag assignment error
WARNING: translation string unused: zoneconf val vlan tag range error
WARNING: translation string unused: zoneconf val zoneslave amount error
+WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: bypassed = Bypassed
WARNING: untranslated string: ca name must only contain characters and spaces = unknown string
WARNING: untranslated string: core notice 3 = available.
WARNING: untranslated string: data transfer = Data Transfer
+WARNING: untranslated string: done = Done
WARNING: untranslated string: enable disable client = unknown string
WARNING: untranslated string: enable disable dyndns = unknown string
+WARNING: untranslated string: endpoint = Endpoint
+WARNING: untranslated string: endpoint address = Endpoint Address
+WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: error message = unknown string
WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
WARNING: untranslated string: fwhost cust locationgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
WARNING: untranslated string: guardian block a host = unknown string
WARNING: untranslated string: guardian block httpd brute-force = unknown string
WARNING: untranslated string: guardian block ssh brute-force = unknown string
@@ -1017,15 +1022,31 @@ WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: hostile networks total = Total Hostile Networks
WARNING: untranslated string: ids provider eol = (EOL)
WARNING: untranslated string: ids rulesets = Rulesets
+WARNING: untranslated string: import connection = Import a Connection
+WARNING: untranslated string: invalid endpoint = Invalid Endpoint
+WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address
+WARNING: untranslated string: invalid ip address = Invalid IP Address
+WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval
+WARNING: untranslated string: invalid network = Invalid Network
WARNING: untranslated string: ips throughput = Throughput
WARNING: untranslated string: last updated = Last Updated
WARNING: untranslated string: load average = Load Average
+WARNING: untranslated string: local port = Local Port
+WARNING: untranslated string: local subnets = Local Subnets
+WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key
+WARNING: untranslated string: malformed private key = Malformed Private Key
+WARNING: untranslated string: malformed public key = Malformed Public Key
WARNING: untranslated string: oops something went wrong = Oops, something went wrong...
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
WARNING: untranslated string: pakfire ago = ago.
WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark.
WARNING: untranslated string: processors = Processors
+WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
+WARNING: untranslated string: remarks = Remarks
+WARNING: untranslated string: remote subnets = Remote Subnets
+WARNING: untranslated string: routing = Routing
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: scanned = Scanned
@@ -1033,6 +1054,35 @@ WARNING: untranslated string: system time = System Time (as of last page load)
WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
WARNING: untranslated string: total = Total
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: wg client pool = Client Pool
+WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
+WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
+WARNING: untranslated string: wg dns = DNS
+WARNING: untranslated string: wg download configuration file = Download the configuration file
+WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
+WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
+WARNING: untranslated string: wg invalid client pool = Invalid client pool
+WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
+WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
+WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
+WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
+WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
+WARNING: untranslated string: wg invalid public key = Invalid public key
+WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
+WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg name is already used = The name is already in use
+WARNING: untranslated string: wg no local subnets = No local subnets given
+WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
+WARNING: untranslated string: wg no remote subnets = No remote subnets given
+WARNING: untranslated string: wg peer configuration = Peer Configuration
+WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
+WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: wio checked = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 46f7356373..3d93239afd 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -176,7 +176,6 @@ WARNING: translation string unused: could not open installed updates file
WARNING: translation string unused: could not open update information file
WARNING: translation string unused: cpu frequency per
WARNING: translation string unused: cpu usage per
-WARNING: translation string unused: create
WARNING: translation string unused: create mask
WARNING: translation string unused: create new backup
WARNING: translation string unused: current media
@@ -254,7 +253,6 @@ WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain master
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
-WARNING: translation string unused: done
WARNING: translation string unused: dos charset
WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
@@ -615,6 +613,7 @@ WARNING: translation string unused: ovpn_processprioVH
WARNING: translation string unused: ovpnstatus log
WARNING: translation string unused: ovpnsys log
WARNING: translation string unused: package failed to install
+WARNING: translation string unused: pakfire accept all
WARNING: translation string unused: pakfire core update auto
WARNING: translation string unused: pakfire dependencies found
WARNING: translation string unused: pakfire health check
@@ -973,6 +972,7 @@ WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL
WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: aliases default interface = - Default Interface -
+WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: asn lookup failed = AS lookup failed
WARNING: untranslated string: autonomous system = Autonomous System
WARNING: untranslated string: available = available
@@ -1034,6 +1034,7 @@ WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigne
WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward forward_servers = Nameservers
+WARNING: untranslated string: done = Done
WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/blocklists/do-not-route-or-peer/" target="_blank">Spamhaus DROP</a>, etc.)
@@ -1064,6 +1065,9 @@ WARNING: untranslated string: enable disable client = unknown string
WARNING: untranslated string: enable disable dyndns = unknown string
WARNING: untranslated string: enable otp = Enable OTP
WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: endpoint = Endpoint
+WARNING: untranslated string: endpoint address = Endpoint Address
+WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: error = Error
WARNING: untranslated string: error message = unknown string
WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
@@ -1099,6 +1103,7 @@ WARNING: untranslated string: fwhost cust locationgroup = Location Groups
WARNING: untranslated string: fwhost cust locationgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: fwhost newlocationgrp = Location Groups
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
WARNING: untranslated string: generate ptr = Generate PTR
WARNING: untranslated string: guaranteed bandwidth = Guaranteed bandwidth
WARNING: untranslated string: guardian = Guardian
@@ -1171,12 +1176,15 @@ WARNING: untranslated string: ids the choosen provider is already in use = The c
WARNING: untranslated string: ids unable to download the ruleset = Unable to download the ruleset
WARNING: untranslated string: ids visit provider website = Visit provider website
WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: import connection = Import a Connection
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: inodes = Index-Nodes
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System
+WARNING: untranslated string: invalid endpoint = Invalid Endpoint
+WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
@@ -1185,8 +1193,11 @@ WARNING: untranslated string: invalid input for local ip address = Invalid input
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
+WARNING: untranslated string: invalid ip address = Invalid IP Address
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
+WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
+WARNING: untranslated string: invalid network = Invalid Network
WARNING: untranslated string: ip basic info = Basic IP information
WARNING: untranslated string: ip info for = IP information for
WARNING: untranslated string: ipblocklist = IP Address Blocklists
@@ -1222,6 +1233,8 @@ WARNING: untranslated string: last updated = Last Updated
WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation
WARNING: untranslated string: load average = Load Average
WARNING: untranslated string: local ip address = Local IP Address
+WARNING: untranslated string: local port = Local Port
+WARNING: untranslated string: local subnets = Local Subnets
WARNING: untranslated string: location = Location
WARNING: untranslated string: locationblock = Location Block
WARNING: untranslated string: locationblock block countries = Block countries
@@ -1233,6 +1246,9 @@ WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hos
WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking
WARNING: untranslated string: log server protocol = protocol:
+WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key
+WARNING: untranslated string: malformed private key = Malformed Private Key
+WARNING: untranslated string: malformed public key = Malformed Public Key
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: masquerade green = Masquerade GREEN
WARNING: untranslated string: masquerade orange = Masquerade ORANGE
@@ -1287,6 +1303,8 @@ WARNING: untranslated string: pptp route = PPTP Route
WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: processors = Processors
WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: rdns = rDNS
WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
@@ -1296,10 +1314,13 @@ WARNING: untranslated string: regenerate host certificate = Renew Host Certifica
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: release = Release
+WARNING: untranslated string: remarks = Remarks
+WARNING: untranslated string: remote subnets = Remote Subnets
WARNING: untranslated string: required = Required
WARNING: untranslated string: required field = Required field
WARNING: untranslated string: retbleed = Retbleed
WARNING: untranslated string: route config changed = unknown string
+WARNING: untranslated string: routing = Routing
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
@@ -1379,6 +1400,35 @@ WARNING: untranslated string: vpn weak = Weak
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: wg client pool = Client Pool
+WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
+WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
+WARNING: untranslated string: wg dns = DNS
+WARNING: untranslated string: wg download configuration file = Download the configuration file
+WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
+WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
+WARNING: untranslated string: wg invalid client pool = Invalid client pool
+WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
+WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
+WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
+WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
+WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
+WARNING: untranslated string: wg invalid public key = Invalid public key
+WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
+WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg name is already used = The name is already in use
+WARNING: untranslated string: wg no local subnets = No local subnets given
+WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
+WARNING: untranslated string: wg no remote subnets = No remote subnets given
+WARNING: untranslated string: wg peer configuration = Peer Configuration
+WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
+WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index c1b076dccd..f1090fc337 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -176,7 +176,6 @@ WARNING: translation string unused: could not open installed updates file
WARNING: translation string unused: could not open update information file
WARNING: translation string unused: cpu frequency per
WARNING: translation string unused: cpu usage per
-WARNING: translation string unused: create
WARNING: translation string unused: create mask
WARNING: translation string unused: create new backup
WARNING: translation string unused: current media
@@ -254,7 +253,6 @@ WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain master
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
-WARNING: translation string unused: done
WARNING: translation string unused: dos charset
WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
@@ -614,6 +612,7 @@ WARNING: translation string unused: ovpn_processprioVH
WARNING: translation string unused: ovpnstatus log
WARNING: translation string unused: ovpnsys log
WARNING: translation string unused: package failed to install
+WARNING: translation string unused: pakfire accept all
WARNING: translation string unused: pakfire core update auto
WARNING: translation string unused: pakfire dependencies found
WARNING: translation string unused: pakfire health check
@@ -973,6 +972,7 @@ WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL
WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: aliases default interface = - Default Interface -
+WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: asn lookup failed = AS lookup failed
WARNING: untranslated string: atm device = Device:
WARNING: untranslated string: autonomous system = Autonomous System
@@ -1037,6 +1037,7 @@ WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
WARNING: untranslated string: dnssec validating = DNSSEC Validating
+WARNING: untranslated string: done = Done
WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
WARNING: untranslated string: download tls-auth key = Download tls-auth key
@@ -1069,6 +1070,9 @@ WARNING: untranslated string: enable disable client = unknown string
WARNING: untranslated string: enable disable dyndns = unknown string
WARNING: untranslated string: enable otp = Enable OTP
WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: endpoint = Endpoint
+WARNING: untranslated string: endpoint address = Endpoint Address
+WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: error = Error
WARNING: untranslated string: error message = unknown string
WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
@@ -1105,6 +1109,7 @@ WARNING: untranslated string: fwhost cust locationgroup = Location Groups
WARNING: untranslated string: fwhost cust locationgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: fwhost newlocationgrp = Location Groups
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
WARNING: untranslated string: generate ptr = Generate PTR
WARNING: untranslated string: guardian = Guardian
WARNING: untranslated string: guardian block a host = unknown string
@@ -1177,6 +1182,7 @@ WARNING: untranslated string: ids unable to download the ruleset = Unable to dow
WARNING: untranslated string: ids visit provider website = Visit provider website
WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: imei = IMEI
+WARNING: untranslated string: import connection = Import a Connection
WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
@@ -1184,6 +1190,8 @@ WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: inodes = Index-Nodes
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System
+WARNING: untranslated string: invalid endpoint = Invalid Endpoint
+WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
@@ -1192,8 +1200,11 @@ WARNING: untranslated string: invalid input for local ip address = Invalid input
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
+WARNING: untranslated string: invalid ip address = Invalid IP Address
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
+WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
+WARNING: untranslated string: invalid network = Invalid Network
WARNING: untranslated string: ip basic info = Basic IP information
WARNING: untranslated string: ip info for = IP information for
WARNING: untranslated string: ipblocklist = IP Address Blocklists
@@ -1229,6 +1240,8 @@ WARNING: untranslated string: last updated = Last Updated
WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation
WARNING: untranslated string: load average = Load Average
WARNING: untranslated string: local ip address = Local IP Address
+WARNING: untranslated string: local port = Local Port
+WARNING: untranslated string: local subnets = Local Subnets
WARNING: untranslated string: location = Location
WARNING: untranslated string: locationblock = Location Block
WARNING: untranslated string: locationblock block countries = Block countries
@@ -1240,6 +1253,9 @@ WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hos
WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking
WARNING: untranslated string: log server protocol = protocol:
+WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key
+WARNING: untranslated string: malformed private key = Malformed Private Key
+WARNING: untranslated string: malformed public key = Malformed Public Key
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: masquerade green = Masquerade GREEN
WARNING: untranslated string: masquerade orange = Masquerade ORANGE
@@ -1310,6 +1326,8 @@ WARNING: untranslated string: pptp route = PPTP Route
WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: processors = Processors
WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: rdns = rDNS
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
WARNING: untranslated string: received = Received
@@ -1317,10 +1335,13 @@ WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampli
WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
+WARNING: untranslated string: remarks = Remarks
+WARNING: untranslated string: remote subnets = Remote Subnets
WARNING: untranslated string: required = Required
WARNING: untranslated string: required field = Required field
WARNING: untranslated string: retbleed = Retbleed
WARNING: untranslated string: route config changed = unknown string
+WARNING: untranslated string: routing = Routing
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
@@ -1400,6 +1421,35 @@ WARNING: untranslated string: vpn weak = Weak
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: wg client pool = Client Pool
+WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
+WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
+WARNING: untranslated string: wg dns = DNS
+WARNING: untranslated string: wg download configuration file = Download the configuration file
+WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
+WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
+WARNING: untranslated string: wg invalid client pool = Invalid client pool
+WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
+WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
+WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
+WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
+WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
+WARNING: untranslated string: wg invalid public key = Invalid public key
+WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
+WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg name is already used = The name is already in use
+WARNING: untranslated string: wg no local subnets = No local subnets given
+WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
+WARNING: untranslated string: wg no remote subnets = No remote subnets given
+WARNING: untranslated string: wg peer configuration = Peer Configuration
+WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
+WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 8bf0fa0dbe..1db36fb67f 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -168,7 +168,6 @@ WARNING: translation string unused: could not open installed updates file
WARNING: translation string unused: could not open update information file
WARNING: translation string unused: cpu frequency per
WARNING: translation string unused: cpu usage per
-WARNING: translation string unused: create
WARNING: translation string unused: create mask
WARNING: translation string unused: create new backup
WARNING: translation string unused: current media
@@ -242,7 +241,6 @@ WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain master
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
-WARNING: translation string unused: done
WARNING: translation string unused: dos charset
WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
@@ -539,6 +537,7 @@ WARNING: translation string unused: ovpn_processprioVH
WARNING: translation string unused: ovpnstatus log
WARNING: translation string unused: ovpnsys log
WARNING: translation string unused: package failed to install
+WARNING: translation string unused: pakfire accept all
WARNING: translation string unused: pakfire core update auto
WARNING: translation string unused: pakfire dependencies found
WARNING: translation string unused: pakfire health check
@@ -896,6 +895,7 @@ WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Pro
WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: age second = second
WARNING: untranslated string: aliases default interface = - Default Interface -
+WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: asn lookup failed = AS lookup failed
WARNING: untranslated string: atm device = Device:
WARNING: untranslated string: attention = ATTENTION
@@ -1015,6 +1015,7 @@ WARNING: untranslated string: dnsforward zone = Zone
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
WARNING: untranslated string: dnssec validating = DNSSEC Validating
+WARNING: untranslated string: done = Done
WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
WARNING: untranslated string: downlink = Downlink
WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
@@ -1055,6 +1056,9 @@ WARNING: untranslated string: enable disable dyndns = unknown string
WARNING: untranslated string: enable otp = Enable OTP
WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
WARNING: untranslated string: encryption = Encryption:
+WARNING: untranslated string: endpoint = Endpoint
+WARNING: untranslated string: endpoint address = Endpoint Address
+WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: error = Error
WARNING: untranslated string: error message = unknown string
WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
@@ -1242,6 +1246,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks:
WARNING: untranslated string: fwhost type = Type
WARNING: untranslated string: fwhost used = Used
WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
WARNING: untranslated string: generate ptr = Generate PTR
WARNING: untranslated string: grouptype = Grouptype:
WARNING: untranslated string: guardian = Guardian
@@ -1315,6 +1320,7 @@ WARNING: untranslated string: ids unable to download the ruleset = Unable to dow
WARNING: untranslated string: ids visit provider website = Visit provider website
WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: imei = IMEI
+WARNING: untranslated string: import connection = Import a Connection
WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
WARNING: untranslated string: incoming firewall access = Incoming Firewall Access
@@ -1324,6 +1330,8 @@ WARNING: untranslated string: inodes = Index-Nodes
WARNING: untranslated string: integrity = Integrity:
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System
+WARNING: untranslated string: invalid endpoint = Invalid Endpoint
+WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address
WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
@@ -1334,8 +1342,11 @@ WARNING: untranslated string: invalid input for local ip address = Invalid input
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
+WARNING: untranslated string: invalid ip address = Invalid IP Address
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
+WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
+WARNING: untranslated string: invalid network = Invalid Network
WARNING: untranslated string: ip basic info = Basic IP information
WARNING: untranslated string: ip info for = IP information for
WARNING: untranslated string: ipblocklist = IP Address Blocklists
@@ -1376,6 +1387,8 @@ WARNING: untranslated string: lifetime = Lifetime:
WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation
WARNING: untranslated string: load average = Load Average
WARNING: untranslated string: local ip address = Local IP Address
+WARNING: untranslated string: local port = Local Port
+WARNING: untranslated string: local subnets = Local Subnets
WARNING: untranslated string: location = Location
WARNING: untranslated string: locationblock = Location Block
WARNING: untranslated string: locationblock block countries = Block countries
@@ -1387,6 +1400,9 @@ WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hos
WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking
WARNING: untranslated string: log server protocol = protocol:
+WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key
+WARNING: untranslated string: malformed private key = Malformed Private Key
+WARNING: untranslated string: malformed public key = Malformed Public Key
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: masquerade green = Masquerade GREEN
WARNING: untranslated string: masquerade orange = Masquerade ORANGE
@@ -1486,7 +1502,9 @@ WARNING: untranslated string: proxy reports monthly = Monthly reports
WARNING: untranslated string: proxy reports today = Today
WARNING: untranslated string: proxy reports weekly = Weekly reports
WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = Public Key
WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!
+WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: rdns = rDNS
WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
@@ -1497,10 +1515,13 @@ WARNING: untranslated string: regenerate host certificate = Renew Host Certifica
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: release = Release
+WARNING: untranslated string: remarks = Remarks
+WARNING: untranslated string: remote subnets = Remote Subnets
WARNING: untranslated string: required = Required
WARNING: untranslated string: required field = Required field
WARNING: untranslated string: retbleed = Retbleed
WARNING: untranslated string: route config changed = unknown string
+WARNING: untranslated string: routing = Routing
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
@@ -1642,6 +1663,35 @@ WARNING: untranslated string: vpn weak = Weak
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: wg client pool = Client Pool
+WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
+WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
+WARNING: untranslated string: wg dns = DNS
+WARNING: untranslated string: wg download configuration file = Download the configuration file
+WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
+WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
+WARNING: untranslated string: wg invalid client pool = Invalid client pool
+WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
+WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
+WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
+WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
+WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
+WARNING: untranslated string: wg invalid public key = Invalid public key
+WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
+WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg name is already used = The name is already in use
+WARNING: untranslated string: wg no local subnets = No local subnets given
+WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
+WARNING: untranslated string: wg no remote subnets = No remote subnets given
+WARNING: untranslated string: wg peer configuration = Peer Configuration
+WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
+WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index bce016c277..4d29c4f951 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -168,7 +168,6 @@ WARNING: translation string unused: could not open installed updates file
WARNING: translation string unused: could not open update information file
WARNING: translation string unused: cpu frequency per
WARNING: translation string unused: cpu usage per
-WARNING: translation string unused: create
WARNING: translation string unused: create mask
WARNING: translation string unused: create new backup
WARNING: translation string unused: current media
@@ -240,7 +239,6 @@ WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain master
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
-WARNING: translation string unused: done
WARNING: translation string unused: dos charset
WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
@@ -534,6 +532,7 @@ WARNING: translation string unused: ovpn_processprioVH
WARNING: translation string unused: ovpnstatus log
WARNING: translation string unused: ovpnsys log
WARNING: translation string unused: package failed to install
+WARNING: translation string unused: pakfire accept all
WARNING: translation string unused: pakfire core update auto
WARNING: translation string unused: pakfire dependencies found
WARNING: translation string unused: pakfire health check
@@ -891,6 +890,7 @@ WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Pro
WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: age second = second
WARNING: untranslated string: aliases default interface = - Default Interface -
+WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: asn lookup failed = AS lookup failed
WARNING: untranslated string: atm device = Device:
WARNING: untranslated string: attention = ATTENTION
@@ -1010,6 +1010,7 @@ WARNING: untranslated string: dnsforward zone = Zone
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
WARNING: untranslated string: dnssec validating = DNSSEC Validating
+WARNING: untranslated string: done = Done
WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
WARNING: untranslated string: downlink = Downlink
WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
@@ -1050,6 +1051,9 @@ WARNING: untranslated string: enable disable dyndns = unknown string
WARNING: untranslated string: enable otp = Enable OTP
WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
WARNING: untranslated string: encryption = Encryption:
+WARNING: untranslated string: endpoint = Endpoint
+WARNING: untranslated string: endpoint address = Endpoint Address
+WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: error = Error
WARNING: untranslated string: error message = unknown string
WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
@@ -1237,6 +1241,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks:
WARNING: untranslated string: fwhost type = Type
WARNING: untranslated string: fwhost used = Used
WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
WARNING: untranslated string: generate ptr = Generate PTR
WARNING: untranslated string: grouptype = Grouptype:
WARNING: untranslated string: guardian = Guardian
@@ -1310,6 +1315,7 @@ WARNING: untranslated string: ids unable to download the ruleset = Unable to dow
WARNING: untranslated string: ids visit provider website = Visit provider website
WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: imei = IMEI
+WARNING: untranslated string: import connection = Import a Connection
WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
WARNING: untranslated string: incoming firewall access = Incoming Firewall Access
@@ -1320,6 +1326,8 @@ WARNING: untranslated string: inodes = Index-Nodes
WARNING: untranslated string: integrity = Integrity:
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System
+WARNING: untranslated string: invalid endpoint = Invalid Endpoint
+WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address
WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
@@ -1330,8 +1338,11 @@ WARNING: untranslated string: invalid input for local ip address = Invalid input
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code
WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
+WARNING: untranslated string: invalid ip address = Invalid IP Address
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
+WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval
WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
+WARNING: untranslated string: invalid network = Invalid Network
WARNING: untranslated string: ip basic info = Basic IP information
WARNING: untranslated string: ip info for = IP information for
WARNING: untranslated string: ipblocklist = IP Address Blocklists
@@ -1372,6 +1383,8 @@ WARNING: untranslated string: lifetime = Lifetime:
WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation
WARNING: untranslated string: load average = Load Average
WARNING: untranslated string: local ip address = Local IP Address
+WARNING: untranslated string: local port = Local Port
+WARNING: untranslated string: local subnets = Local Subnets
WARNING: untranslated string: location = Location
WARNING: untranslated string: locationblock = Location Block
WARNING: untranslated string: locationblock block countries = Block countries
@@ -1383,6 +1396,9 @@ WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hos
WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking
WARNING: untranslated string: log server protocol = protocol:
+WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key
+WARNING: untranslated string: malformed private key = Malformed Private Key
+WARNING: untranslated string: malformed public key = Malformed Public Key
WARNING: untranslated string: masquerade blue = Masquerade BLUE
WARNING: untranslated string: masquerade green = Masquerade GREEN
WARNING: untranslated string: masquerade orange = Masquerade ORANGE
@@ -1479,7 +1495,9 @@ WARNING: untranslated string: proxy reports monthly = Monthly reports
WARNING: untranslated string: proxy reports today = Today
WARNING: untranslated string: proxy reports weekly = Weekly reports
WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = Public Key
WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!
+WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: rdns = rDNS
WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
@@ -1490,10 +1508,13 @@ WARNING: untranslated string: regenerate host certificate = Renew Host Certifica
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: release = Release
+WARNING: untranslated string: remarks = Remarks
+WARNING: untranslated string: remote subnets = Remote Subnets
WARNING: untranslated string: required = Required
WARNING: untranslated string: required field = Required field
WARNING: untranslated string: retbleed = Retbleed
WARNING: untranslated string: route config changed = unknown string
+WARNING: untranslated string: routing = Routing
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
@@ -1635,6 +1656,35 @@ WARNING: untranslated string: vpn weak = Weak
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: wg client pool = Client Pool
+WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
+WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
+WARNING: untranslated string: wg dns = DNS
+WARNING: untranslated string: wg download configuration file = Download the configuration file
+WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
+WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
+WARNING: untranslated string: wg invalid client pool = Invalid client pool
+WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
+WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
+WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
+WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
+WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
+WARNING: untranslated string: wg invalid public key = Invalid public key
+WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
+WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg name is already used = The name is already in use
+WARNING: untranslated string: wg no local subnets = No local subnets given
+WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
+WARNING: untranslated string: wg no remote subnets = No remote subnets given
+WARNING: untranslated string: wg peer configuration = Peer Configuration
+WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
+WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 8dc81778d8..2da19f2761 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -198,7 +198,6 @@ WARNING: translation string unused: could not open installed updates file
WARNING: translation string unused: could not open update information file
WARNING: translation string unused: cpu frequency per
WARNING: translation string unused: cpu usage per
-WARNING: translation string unused: create
WARNING: translation string unused: create mask
WARNING: translation string unused: create new backup
WARNING: translation string unused: current media
@@ -277,7 +276,6 @@ WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain master
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
-WARNING: translation string unused: done
WARNING: translation string unused: dos charset
WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
@@ -644,6 +642,7 @@ WARNING: translation string unused: ovpn_processprioVH
WARNING: translation string unused: ovpnstatus log
WARNING: translation string unused: ovpnsys log
WARNING: translation string unused: package failed to install
+WARNING: translation string unused: pakfire accept all
WARNING: translation string unused: pakfire core update auto
WARNING: translation string unused: pakfire dependencies found
WARNING: translation string unused: pakfire health check
@@ -960,6 +959,7 @@ WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL
WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: aliases default interface = - Default Interface -
+WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: asn lookup failed = AS lookup failed
WARNING: untranslated string: autonomous system = Autonomous System
WARNING: untranslated string: available = available
@@ -1013,6 +1013,7 @@ WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigne
WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward forward_servers = Nameservers
+WARNING: untranslated string: done = Done
WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/blocklists/do-not-route-or-peer/" target="_blank">Spamhaus DROP</a>, etc.)
@@ -1026,6 +1027,9 @@ WARNING: untranslated string: enable disable client = unknown string
WARNING: untranslated string: enable disable dyndns = unknown string
WARNING: untranslated string: enable otp = Enable OTP
WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: endpoint = Endpoint
+WARNING: untranslated string: endpoint address = Endpoint Address
+WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: error = Error
WARNING: untranslated string: error message = unknown string
WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
@@ -1042,6 +1046,7 @@ WARNING: untranslated string: fwdfw all subnets = All subnets
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
WARNING: untranslated string: fwhost cust locationgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
WARNING: untranslated string: generate ptr = Generate PTR
WARNING: untranslated string: guardian block a host = unknown string
WARNING: untranslated string: guardian block httpd brute-force = unknown string
@@ -1112,17 +1117,23 @@ WARNING: untranslated string: ids the choosen provider is already in use = The c
WARNING: untranslated string: ids unable to download the ruleset = Unable to download the ruleset
WARNING: untranslated string: ids visit provider website = Visit provider website
WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: import connection = Import a Connection
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: inodes = Index-Nodes
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System
+WARNING: untranslated string: invalid endpoint = Invalid Endpoint
+WARNING: untranslated string: invalid endpoint address = Invalid Endpoint Address
WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
WARNING: untranslated string: invalid input for mode = Invalid input for mode
WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code
+WARNING: untranslated string: invalid ip address = Invalid IP Address
WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
+WARNING: untranslated string: invalid keepalive interval = Invalid Keepalive Interval
+WARNING: untranslated string: invalid network = Invalid Network
WARNING: untranslated string: ip basic info = Basic IP information
WARNING: untranslated string: ip info for = IP information for
WARNING: untranslated string: ipblocklist = IP Address Blocklists
@@ -1158,9 +1169,14 @@ WARNING: untranslated string: last updated = Last Updated
WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation
WARNING: untranslated string: load average = Load Average
WARNING: untranslated string: local ip address = Local IP Address
+WARNING: untranslated string: local port = Local Port
+WARNING: untranslated string: local subnets = Local Subnets
WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks
WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking
+WARNING: untranslated string: malformed preshared key = Malformed Pre-Shared Key
+WARNING: untranslated string: malformed private key = Malformed Private Key
+WARNING: untranslated string: malformed public key = Malformed Public Key
WARNING: untranslated string: meltdown = Meltdown
WARNING: untranslated string: mitigated = Mitigated
WARNING: untranslated string: mmio stale data = MMIO Stale Data
@@ -1197,6 +1213,8 @@ WARNING: untranslated string: please reboot to apply your changes = Please reboo
WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: processors = Processors
WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = Public Key
+WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
WARNING: untranslated string: received = Received
@@ -1205,9 +1223,12 @@ WARNING: untranslated string: regenerate host certificate = Renew Host Certifica
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: release = Release
+WARNING: untranslated string: remarks = Remarks
+WARNING: untranslated string: remote subnets = Remote Subnets
WARNING: untranslated string: required = Required
WARNING: untranslated string: retbleed = Retbleed
WARNING: untranslated string: route config changed = unknown string
+WARNING: untranslated string: routing = Routing
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
@@ -1262,6 +1283,35 @@ WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vulnerability = Vulnerability
WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: warning = Warning
+WARNING: untranslated string: wg client pool = Client Pool
+WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
+WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
+WARNING: untranslated string: wg dns = DNS
+WARNING: untranslated string: wg download configuration file = Download the configuration file
+WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
+WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
+WARNING: untranslated string: wg invalid client pool = Invalid client pool
+WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
+WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
+WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
+WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
+WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
+WARNING: untranslated string: wg invalid public key = Invalid public key
+WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
+WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg name is already used = The name is already in use
+WARNING: untranslated string: wg no local subnets = No local subnets given
+WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
+WARNING: untranslated string: wg no remote subnets = No remote subnets given
+WARNING: untranslated string: wg peer configuration = Peer Configuration
+WARNING: untranslated string: wg peer does not exist = Peer does not exist
+WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
+WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
+WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: whitelisted = Whitelisted
WARNING: untranslated string: whois results from = WHOIS results from
WARNING: untranslated string: winbind daemon = Winbind Daemon
diff --git a/doc/language_missings b/doc/language_missings
index 58191cfe35..48b98ce74d 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -6,6 +6,7 @@
< access point name is required
< advproxy update information
< aliases default interface
+< allowed subnets
< ansi t1.483
< backup archive
< backup clear archive
@@ -53,12 +54,15 @@
< dhcp server enabled on blue interface
< disable
< dns could not add server
-< done
< download apple profile
< enable
+< endpoint
+< endpoint address
+< endpoint port
< error the to date has to be later than the from date
< extrahd because it it outside the allowed mount path
< fwdfw syn flood protection
+< fwhost wg peers
< g.dtm
< g.lite
< hostile networks in
@@ -73,6 +77,7 @@
< ipsec invalid ip address or fqdn for rw endpoint
< ipsec roadwarrior endpoint
< link-layer encapsulation
+< local subnets
< log drop hostile in
< log drop hostile out
< netbios nameserver daemon
@@ -85,13 +90,18 @@
< pakfire dependencies found
< pakfire no dependencies found
< pakfire resolvedeps wait
+< public key
+< qr code
< quick control
< random number generator daemon
< regenerate host certificate
< reg_file_data_sampling
< reiserfs warning1
< reiserfs warning2
+< remarks
+< remote subnets
< required
+< routing
< samba server role member
< samba server role standalone
< shaping add options
@@ -108,6 +118,38 @@
< user management
< vpn configuration main
< wg
+< wg client configuration file
+< wg client pool
+< wg create host-to-net peer
+< wg create net-to-net peer
+< wg create peer
+< wg dns
+< wg download configuration file
+< wg edit host-to-net peer
+< wg edit net-to-net peer
+< wg edit peer
+< wg host to net client settings
+< wg invalid client dns
+< wg invalid client pool
+< wg invalid endpoint address
+< wg invalid endpoint port
+< wg invalid keepalive interval
+< wg invalid local subnet
+< wg invalid name
+< wg invalid psk
+< wg invalid public key
+< wg invalid remote subnet
+< wg keepalive interval
+< wg name is already used
+< wg no local subnets
+< wg no more free addresses in pool
+< wg no remote subnets
+< wg peer configuration
+< wg peer does not exist
+< wg pre-shared key (optional)
+< wg rw peers
+< wg scan the qr code
+< wg warning configuration only shown once
< winbind daemon
< wireguard
< wlanap 802.11w disabled
@@ -125,19 +167,25 @@
< access point name is invalid
< access point name is required
< addon
+< allowed subnets
< bypassed
< ca name must only contain characters or spaces
< cpu frequency
< data transfer
< dhcp fixed ip address in dynamic range
< dns servers
+< done
< downfall gather data sampling
+< endpoint
+< endpoint address
+< endpoint port
< extrahd because it it outside the allowed mount path
< extrahd mounted
< extrahd no mount point given
< extrahd not configured
< extrahd not mounted
< fwdfw syn flood protection
+< fwhost wg peers
< hardware vulnerabilities
< hostile networks in
< hostile networks out
@@ -145,22 +193,38 @@
< ids provider eol
< ids rulesets
< ids unsupported provider
+< import connection
+< invalid endpoint
+< invalid endpoint address
+< invalid ip address
< invalid ip or hostname
+< invalid keepalive interval
+< invalid network
< ips throughput
< last updated
< load average
+< local port
+< local subnets
< log drop hostile in
< log drop hostile out
+< malformed preshared key
+< malformed private key
+< malformed public key
< oops something went wrong
< openvpn cert expires soon
< openvpn cert has expired
< ovpn roadwarrior server
< password has quotation mark
< processors
+< public key
+< qr code
< regenerate host certificate
< reg_file_data_sampling
< reiserfs warning1
< reiserfs warning2
+< remarks
+< remote subnets
+< routing
< scanned
< service boot setting unavailable
< spec rstack overflow
@@ -170,6 +234,41 @@
< transport mode does not support vti
< warning
< wg
+< wg client configuration file
+< wg client pool
+< wg create host-to-net peer
+< wg create net-to-net peer
+< wg create peer
+< wg dns
+< wg download configuration
+< wg download configuration file
+< wg edit host-to-net peer
+< wg edit net-to-net peer
+< wg edit peer
+< wg host to net client settings
+< wg invalid client dns
+< wg invalid client pool
+< wg invalid endpoint address
+< wg invalid endpoint port
+< wg invalid keepalive interval
+< wg invalid local subnet
+< wg invalid name
+< wg invalid psk
+< wg invalid public key
+< wg invalid remote subnet
+< wg keepalive interval
+< wg leave empty to automatically select
+< wg name is already used
+< wg no local subnets
+< wg no more free addresses in pool
+< wg no remote subnets
+< wg peer configuration
+< wg peer does not exist
+< wg pre-shared key (optional)
+< wg rw peers
+< wg scan the qr code
+< wg show configuration qrcode
+< wg warning configuration only shown once
< whitelisted
< wireguard
< wlanap
@@ -181,28 +280,50 @@
############################################################################
# Checking cgi-bin translations for language: fr #
############################################################################
+< allowed subnets
< ansi t1.483
< bewan adsl pci st
< bewan adsl usb
< bypassed
< ca name must only contain characters or spaces
< data transfer
+< done
+< endpoint
+< endpoint address
+< endpoint port
< extrahd because it it outside the allowed mount path
< fwdfw syn flood protection
+< fwhost wg peers
< g.dtm
< g.lite
< hostile networks total
< ids provider eol
< ids rulesets
< ids unsupported provider
+< import connection
+< invalid endpoint
+< invalid endpoint address
+< invalid ip address
+< invalid keepalive interval
+< invalid network
< ips throughput
< last updated
< load average
+< local port
+< local subnets
+< malformed preshared key
+< malformed private key
+< malformed public key
< oops something went wrong
< ovpn roadwarrior server
< password has quotation mark
< processors
+< public key
+< qr code
< reg_file_data_sampling
+< remarks
+< remote subnets
+< routing
< scanned
< system time
< timeformat
@@ -210,6 +331,41 @@
< upload fcdsl.o
< warning
< wg
+< wg client configuration file
+< wg client pool
+< wg create host-to-net peer
+< wg create net-to-net peer
+< wg create peer
+< wg dns
+< wg download configuration
+< wg download configuration file
+< wg edit host-to-net peer
+< wg edit net-to-net peer
+< wg edit peer
+< wg host to net client settings
+< wg invalid client dns
+< wg invalid client pool
+< wg invalid endpoint address
+< wg invalid endpoint port
+< wg invalid keepalive interval
+< wg invalid local subnet
+< wg invalid name
+< wg invalid psk
+< wg invalid public key
+< wg invalid remote subnet
+< wg keepalive interval
+< wg leave empty to automatically select
+< wg name is already used
+< wg no local subnets
+< wg no more free addresses in pool
+< wg no remote subnets
+< wg peer configuration
+< wg peer does not exist
+< wg pre-shared key (optional)
+< wg rw peers
+< wg scan the qr code
+< wg show configuration qrcode
+< wg warning configuration only shown once
< whitelisted
< wireguard
< wlanap hide ssid
@@ -248,6 +404,7 @@
< advproxy wpad title
< advproxy wpad view pac
< aliases default interface
+< allowed subnets
< asn lookup failed
< autonomous system
< available
@@ -368,6 +525,7 @@
< dns tls hostname
< dns use isp assigned nameservers
< dns use protocol for dns queries
+< done
< downfall gather data sampling
< download apple profile
< drop hostile
@@ -401,6 +559,9 @@
< enable
< enable otp
< enable smt
+< endpoint
+< endpoint address
+< endpoint port
< eol architecture warning
< error
< error the to date has to be later than the from date
@@ -434,6 +595,7 @@
< fwhost cust locationgroup
< fwhost cust locationlocation
< fwhost newlocationgrp
+< fwhost wg peers
< fw red
< generate ptr
< guaranteed bandwidth
@@ -482,11 +644,14 @@
< ids unsupported provider
< ids visit provider website
< ids working
+< import connection
< incoming compression in bytes per second
< incoming overhead in bytes per second
< inodes
< interface mode
< intrusion prevention system
+< invalid endpoint
+< invalid endpoint address
< invalid input for inactivity timeout
< invalid input for interface address
< invalid input for interface mode
@@ -495,8 +660,11 @@
< invalid input for mode
< invalid input for subscription code
< invalid input for valid till days
+< invalid ip address
< invalid ip or hostname
+< invalid keepalive interval
< invalid logserver protocol
+< invalid network
< ip basic info
< ipblocklist
< ipblocklist blocklist settings
@@ -540,6 +708,8 @@
< link-layer encapsulation
< load average
< local ip address
+< local port
+< local subnets
< location
< locationblock
< locationblock block countries
@@ -554,6 +724,9 @@
< log drop hostile out
< log dropped conntrack invalids
< log server protocol
+< malformed preshared key
+< malformed private key
+< malformed public key
< masquerade blue
< masquerade green
< masquerade orange
@@ -610,6 +783,8 @@
< processors
< processor vulnerability mitigations
< ptr
+< public key
+< qr code
< random number generator daemon
< rdns
< reboot fsck
@@ -620,9 +795,12 @@
< reiserfs warning1
< reiserfs warning2
< release
+< remarks
+< remote subnets
< required
< required field
< retbleed
+< routing
< runmode
< samba join a domain
< samba join domain
@@ -704,6 +882,41 @@
< warning
< Weekly
< wg
+< wg client configuration file
+< wg client pool
+< wg create host-to-net peer
+< wg create net-to-net peer
+< wg create peer
+< wg dns
+< wg download configuration
+< wg download configuration file
+< wg edit host-to-net peer
+< wg edit net-to-net peer
+< wg edit peer
+< wg host to net client settings
+< wg invalid client dns
+< wg invalid client pool
+< wg invalid endpoint address
+< wg invalid endpoint port
+< wg invalid keepalive interval
+< wg invalid local subnet
+< wg invalid name
+< wg invalid psk
+< wg invalid public key
+< wg invalid remote subnet
+< wg keepalive interval
+< wg leave empty to automatically select
+< wg name is already used
+< wg no local subnets
+< wg no more free addresses in pool
+< wg no remote subnets
+< wg peer configuration
+< wg peer does not exist
+< wg pre-shared key (optional)
+< wg rw peers
+< wg scan the qr code
+< wg show configuration qrcode
+< wg warning configuration only shown once
< whitelisted
< whois results from
< winbind daemon
@@ -792,6 +1005,7 @@
< advproxy wpad title
< advproxy wpad view pac
< aliases default interface
+< allowed subnets
< asn lookup failed
< atm device
< autonomous system
@@ -916,6 +1130,7 @@
< dns tls hostname
< dns use isp assigned nameservers
< dns use protocol for dns queries
+< done
< downfall gather data sampling
< download apple profile
< download tls-auth key
@@ -951,6 +1166,9 @@
< enable
< enable otp
< enable smt
+< endpoint
+< endpoint address
+< endpoint port
< eol architecture warning
< error
< error the to date has to be later than the from date
@@ -985,6 +1203,7 @@
< fwhost cust locationgroup
< fwhost cust locationlocation
< fwhost newlocationgrp
+< fwhost wg peers
< fw red
< generate ptr
< guardian
@@ -1033,12 +1252,15 @@
< ids visit provider website
< ids working
< imei
+< import connection
< imsi
< incoming compression in bytes per second
< incoming overhead in bytes per second
< inodes
< interface mode
< intrusion prevention system
+< invalid endpoint
+< invalid endpoint address
< invalid input for inactivity timeout
< invalid input for interface address
< invalid input for interface mode
@@ -1047,8 +1269,11 @@
< invalid input for mode
< invalid input for subscription code
< invalid input for valid till days
+< invalid ip address
< invalid ip or hostname
+< invalid keepalive interval
< invalid logserver protocol
+< invalid network
< ip basic info
< ipblocklist
< ipblocklist blocklist settings
@@ -1092,6 +1317,8 @@
< link-layer encapsulation
< load average
< local ip address
+< local port
+< local subnets
< location
< locationblock
< locationblock block countries
@@ -1106,6 +1333,9 @@
< log drop hostile out
< log dropped conntrack invalids
< log server protocol
+< malformed preshared key
+< malformed private key
+< malformed public key
< masquerade blue
< masquerade green
< masquerade orange
@@ -1181,6 +1411,8 @@
< processors
< processor vulnerability mitigations
< ptr
+< public key
+< qr code
< random number generator daemon
< rdns
< rebooting ipfire fsck
@@ -1189,9 +1421,12 @@
< reg_file_data_sampling
< reiserfs warning1
< reiserfs warning2
+< remarks
+< remote subnets
< required
< required field
< retbleed
+< routing
< runmode
< samba join a domain
< samba join domain
@@ -1274,6 +1509,41 @@
< warning
< Weekly
< wg
+< wg client configuration file
+< wg client pool
+< wg create host-to-net peer
+< wg create net-to-net peer
+< wg create peer
+< wg dns
+< wg download configuration
+< wg download configuration file
+< wg edit host-to-net peer
+< wg edit net-to-net peer
+< wg edit peer
+< wg host to net client settings
+< wg invalid client dns
+< wg invalid client pool
+< wg invalid endpoint address
+< wg invalid endpoint port
+< wg invalid keepalive interval
+< wg invalid local subnet
+< wg invalid name
+< wg invalid psk
+< wg invalid public key
+< wg invalid remote subnet
+< wg keepalive interval
+< wg leave empty to automatically select
+< wg name is already used
+< wg no local subnets
+< wg no more free addresses in pool
+< wg no remote subnets
+< wg peer configuration
+< wg peer does not exist
+< wg pre-shared key (optional)
+< wg rw peers
+< wg scan the qr code
+< wg show configuration qrcode
+< wg warning configuration only shown once
< whitelisted
< whois results from
< winbind daemon
@@ -1374,6 +1644,7 @@
< age sminute
< age ssecond
< aliases default interface
+< allowed subnets
< asn lookup failed
< atm device
< attention
@@ -1562,6 +1833,7 @@
< dns tls hostname
< dns use isp assigned nameservers
< dns use protocol for dns queries
+< done
< downfall gather data sampling
< downlink
< download apple profile
@@ -1606,6 +1878,9 @@
< enable otp
< enable smt
< encryption
+< endpoint
+< endpoint address
+< endpoint port
< entropy
< entropy graphs
< eol architecture warning
@@ -1831,6 +2106,7 @@
< fwhost type
< fwhost used
< fwhost welcome
+< fwhost wg peers
< fwhost wo subnet
< fw red
< fw rules reload notice
@@ -1887,6 +2163,7 @@
< ids visit provider website
< ids working
< imei
+< import connection
< imsi
< incoming compression in bytes per second
< incoming firewall access
@@ -1895,6 +2172,8 @@
< integrity
< interface mode
< intrusion prevention system
+< invalid endpoint
+< invalid endpoint address
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
@@ -1905,8 +2184,11 @@
< invalid input for mode
< invalid input for subscription code
< invalid input for valid till days
+< invalid ip address
< invalid ip or hostname
+< invalid keepalive interval
< invalid logserver protocol
+< invalid network
< ip basic info
< ipblocklist
< ipblocklist blocklist settings
@@ -1956,6 +2238,8 @@
< link-layer encapsulation
< load average
< local ip address
+< local port
+< local subnets
< location
< locationblock
< locationblock block countries
@@ -1971,6 +2255,9 @@
< log dropped conntrack invalids
< log server protocol
< mac filter
+< malformed preshared key
+< malformed private key
+< malformed public key
< masquerade blue
< masquerade green
< masquerade orange
@@ -2089,7 +2376,9 @@
< proxy reports today
< proxy reports weekly
< ptr
+< public key
< qos enter bandwidths
+< qr code
< random number generator daemon
< rdns
< reboot fsck
@@ -2101,9 +2390,12 @@
< reiserfs warning1
< reiserfs warning2
< release
+< remarks
+< remote subnets
< required
< required field
< retbleed
+< routing
< runmode
< samba join a domain
< samba join domain
@@ -2260,6 +2552,41 @@
< warning
< Weekly
< wg
+< wg client configuration file
+< wg client pool
+< wg create host-to-net peer
+< wg create net-to-net peer
+< wg create peer
+< wg dns
+< wg download configuration
+< wg download configuration file
+< wg edit host-to-net peer
+< wg edit net-to-net peer
+< wg edit peer
+< wg host to net client settings
+< wg invalid client dns
+< wg invalid client pool
+< wg invalid endpoint address
+< wg invalid endpoint port
+< wg invalid keepalive interval
+< wg invalid local subnet
+< wg invalid name
+< wg invalid psk
+< wg invalid public key
+< wg invalid remote subnet
+< wg keepalive interval
+< wg leave empty to automatically select
+< wg name is already used
+< wg no local subnets
+< wg no more free addresses in pool
+< wg no remote subnets
+< wg peer configuration
+< wg peer does not exist
+< wg pre-shared key (optional)
+< wg rw peers
+< wg scan the qr code
+< wg show configuration qrcode
+< wg warning configuration only shown once
< whitelisted
< whois results from
< winbind daemon
@@ -2392,6 +2719,7 @@
< age sminute
< age ssecond
< aliases default interface
+< allowed subnets
< asn lookup failed
< atm device
< attention
@@ -2582,6 +2910,7 @@
< dns tls hostname
< dns use isp assigned nameservers
< dns use protocol for dns queries
+< done
< downfall gather data sampling
< downlink
< download apple profile
@@ -2627,6 +2956,9 @@
< enable otp
< enable smt
< encryption
+< endpoint
+< endpoint address
+< endpoint port
< entropy
< entropy graphs
< eol architecture warning
@@ -2853,6 +3185,7 @@
< fwhost type
< fwhost used
< fwhost welcome
+< fwhost wg peers
< fwhost wo subnet
< fw red
< fw rules reload notice
@@ -2910,6 +3243,7 @@
< ids visit provider website
< ids working
< imei
+< import connection
< imsi
< incoming compression in bytes per second
< incoming firewall access
@@ -2919,6 +3253,8 @@
< integrity
< interface mode
< intrusion prevention system
+< invalid endpoint
+< invalid endpoint address
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
@@ -2929,8 +3265,11 @@
< invalid input for mode
< invalid input for subscription code
< invalid input for valid till days
+< invalid ip address
< invalid ip or hostname
+< invalid keepalive interval
< invalid logserver protocol
+< invalid network
< ip basic info
< ipblocklist
< ipblocklist blocklist settings
@@ -2980,6 +3319,8 @@
< link-layer encapsulation
< load average
< local ip address
+< local port
+< local subnets
< location
< locationblock
< locationblock block countries
@@ -2995,6 +3336,9 @@
< log dropped conntrack invalids
< log server protocol
< mac filter
+< malformed preshared key
+< malformed private key
+< malformed public key
< masquerade blue
< masquerade green
< masquerade orange
@@ -3111,7 +3455,9 @@
< proxy reports today
< proxy reports weekly
< ptr
+< public key
< qos enter bandwidths
+< qr code
< random number generator daemon
< rdns
< reboot fsck
@@ -3123,9 +3469,12 @@
< reiserfs warning1
< reiserfs warning2
< release
+< remarks
+< remote subnets
< required
< required field
< retbleed
+< routing
< runmode
< samba join a domain
< samba join domain
@@ -3283,6 +3632,41 @@
< week-graph
< Weekly
< wg
+< wg client configuration file
+< wg client pool
+< wg create host-to-net peer
+< wg create net-to-net peer
+< wg create peer
+< wg dns
+< wg download configuration
+< wg download configuration file
+< wg edit host-to-net peer
+< wg edit net-to-net peer
+< wg edit peer
+< wg host to net client settings
+< wg invalid client dns
+< wg invalid client pool
+< wg invalid endpoint address
+< wg invalid endpoint port
+< wg invalid keepalive interval
+< wg invalid local subnet
+< wg invalid name
+< wg invalid psk
+< wg invalid public key
+< wg invalid remote subnet
+< wg keepalive interval
+< wg leave empty to automatically select
+< wg name is already used
+< wg no local subnets
+< wg no more free addresses in pool
+< wg no remote subnets
+< wg peer configuration
+< wg peer does not exist
+< wg pre-shared key (optional)
+< wg rw peers
+< wg scan the qr code
+< wg show configuration qrcode
+< wg warning configuration only shown once
< whitelisted
< whois results from
< winbind daemon
@@ -3395,6 +3779,7 @@
< advproxy wpad title
< advproxy wpad view pac
< aliases default interface
+< allowed subnets
< asn lookup failed
< autonomous system
< available
@@ -3453,6 +3838,7 @@
< dns tls hostname
< dns use isp assigned nameservers
< dns use protocol for dns queries
+< done
< downfall gather data sampling
< download apple profile
< drop hostile
@@ -3465,6 +3851,9 @@
< enable
< enable otp
< enable smt
+< endpoint
+< endpoint address
+< endpoint port
< eol architecture warning
< error
< error the to date has to be later than the from date
@@ -3478,6 +3867,7 @@
< foreshadow
< fwdfw all subnets
< fwdfw syn flood protection
+< fwhost wg peers
< fw red
< generate ptr
< hardware vulnerabilities
@@ -3524,16 +3914,22 @@
< ids unsupported provider
< ids visit provider website
< ids working
+< import connection
< inodes
< interface mode
< intrusion prevention system
+< invalid endpoint
+< invalid endpoint address
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< invalid input for local ip address
< invalid input for mode
< invalid input for subscription code
+< invalid ip address
< invalid ip or hostname
+< invalid keepalive interval
+< invalid network
< ip basic info
< ipblocklist
< ipblocklist blocklist settings
@@ -3577,9 +3973,14 @@
< link-layer encapsulation
< load average
< local ip address
+< local port
+< local subnets
< log drop hostile in
< log drop hostile out
< log dropped conntrack invalids
+< malformed preshared key
+< malformed private key
+< malformed public key
< meltdown
< mitigated
< mmio stale data
@@ -3616,6 +4017,8 @@
< processors
< processor vulnerability mitigations
< ptr
+< public key
+< qr code
< random number generator daemon
< reboot fsck
< rebooting ipfire fsck
@@ -3625,8 +4028,11 @@
< reiserfs warning1
< reiserfs warning2
< release
+< remarks
+< remote subnets
< required
< retbleed
+< routing
< runmode
< samba server role member
< samba server role standalone
@@ -3683,6 +4089,41 @@
< warning
< Weekly
< wg
+< wg client configuration file
+< wg client pool
+< wg create host-to-net peer
+< wg create net-to-net peer
+< wg create peer
+< wg dns
+< wg download configuration
+< wg download configuration file
+< wg edit host-to-net peer
+< wg edit net-to-net peer
+< wg edit peer
+< wg host to net client settings
+< wg invalid client dns
+< wg invalid client pool
+< wg invalid endpoint address
+< wg invalid endpoint port
+< wg invalid keepalive interval
+< wg invalid local subnet
+< wg invalid name
+< wg invalid psk
+< wg invalid public key
+< wg invalid remote subnet
+< wg keepalive interval
+< wg leave empty to automatically select
+< wg name is already used
+< wg no local subnets
+< wg no more free addresses in pool
+< wg no remote subnets
+< wg peer configuration
+< wg peer does not exist
+< wg pre-shared key (optional)
+< wg rw peers
+< wg scan the qr code
+< wg show configuration qrcode
+< wg warning configuration only shown once
< whitelisted
< whois results from
< winbind daemon
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index e87a7fed02..855be095d0 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -33,6 +33,7 @@ no warnings 'uninitialized';
require '/var/ipfire/general-functions.pl';
require '/var/ipfire/network-functions.pl';
+require '/var/ipfire/wireguard-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
require "${General::swroot}/location-functions.pl";
@@ -875,8 +876,14 @@ sub checkrule
$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
}
}else{
+ $errormessage .= $sip;
+ $errormessage .= $scidr;
+
+ $errormessage .= $tip;
+ $errormessage .= $tcidr;
+
if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
- $errormessage.=$Lang::tr{'fwdfw err samesub'};
+ $errormessage.=$Lang::tr{'fwdfw err samesub'} . $fwdfwsettings{'grp1'} .$fwdfwsettings{$fwdfwsettings{'grp1'}} . $fwdfwsettings{'grp2'} . $fwdfwsettings{$fwdfwsettings{'grp2'}};
}
}
}
@@ -1178,6 +1185,40 @@ END
#End left table. start right table (vpn)
print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>";
+
+ # WireGuard Peers
+ if (%Wireguard::peers || $optionsfw{'SHOWDROPDOWN'} eq 'on') {
+ print <<EOF;
+ <tr>
+ <td>
+ <input type='radio' name='$grp' id='wg_peer_$srctgt' value='wg_peer_$srctgt' $checked{$grp}{'wg_peer_'.$srctgt}>
+ </td>
+ <td nowrap='nowrap' width='16%'>
+ $Lang::tr{'fwhost wg peers'}
+ </td>
+ <td nowrap='nowrap' width='1%' align='right'>
+ <select name='wg_peer_$srctgt' style='width:200px;'>"
+EOF
+ # Sort peers by name
+ foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) {
+ # Load the peer
+ my $peer = &Wireguard::load_peer($key);
+
+ # Is this peer selected?
+ my $selected = ($fwdfwsettings{$fwdfwsettings{$grp}} eq $peer->{'NAME'}) ? "selected" : "";
+
+ print <<EOF;
+ <option value="$peer->{'NAME'}" $selected>$peer->{'NAME'}</option>
+EOF
+ }
+
+ print <<EOF;
+ </select>
+ </td>
+ </tr>
+EOF
+ }
+
# CCD networks
if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' value='ovpn_net_$srctgt' $checked{$grp}{'ovpn_net_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_net_$srctgt' style='width:200px;'>";
@@ -1261,19 +1302,23 @@ sub get_ip
if ($fwdfwsettings{$grp} eq $val.'_addr'){
($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
}elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
- if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
+ if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "GREEN"){
$a=$netsettings{'GREEN_NETADDRESS'};
$b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
- }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "ORANGE"){
$a=$netsettings{'ORANGE_NETADDRESS'};
$b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
- }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "BLUE"){
$a=$netsettings{'BLUE_NETADDRESS'};
$b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
- }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "OpenVPN-Dyn"){
&General::readhash("$configovpn",\%ovpnsettings);
($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
$b=&General::iporsubtocidr($b);
+
+ # WireGuard
+ } elsif ($fwdfwsettings{$fwdfwsettings{$grp}} eq "WGRW") {
+ return $Wireguard::settings{'CLIENT_POOL'};
}
}elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
&General::readhasharray("$confignet", \%customnetwork);
@@ -1424,6 +1469,9 @@ sub getcolor
}elsif ($val eq 'IPsec RW' ){
$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
return;
+ }elsif ($val eq "WGRW") {
+ $tdcolor="style='background-color: $Header::colourwg; color: white;'";
+ return;
}elsif($val =~ /^(.*?)\/(.*?)$/){
my ($sip,$scidr) = split ("/",$val);
if ( &Header::orange_used() && &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
@@ -1490,8 +1538,20 @@ sub getcolor
}
}
}
+
+ # WireGuard Roadwarrior
+ if ($Wireguard::settings{'CLIENT_POOL'}) {
+ if (&Network::ip_address_in_network($c, $Wireguard::settings{'CLIENT_POOL'})) {
+ $tdcolor="style='background-color: $Header::colourwg; color:white;'";
+ return;
+ }
+ }
}
#VPN networks
+ if ($nettype eq 'wg_peer_src' || $nettype eq 'wg_peer_tgt'){
+ $tdcolor="style='background-color: $Header::colourwg;color:white;'";
+ return;
+ }
if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
$tdcolor="style='background-color: $Header::colourovpn;color:white;'";
return;
@@ -1500,6 +1560,7 @@ sub getcolor
$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
return;
}
+
#ALIASE
foreach my $alias (sort keys %aliases)
{
@@ -2525,10 +2586,10 @@ END
@tmpsrc=();
@tmptgt=();
#check if vpn hosts/nets have been deleted
- if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
+ if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /^wg_/ || $$hash{$key}[3] =~ /ovpn/i){
push (@tmpsrc,$$hash{$key}[4]);
}
- if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
+ if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /^wg_/ || $$hash{$key}[5] =~ /ovpn/i){
push (@tmptgt,$$hash{$key}[6]);
}
foreach my $host (@tmpsrc){
@@ -2548,6 +2609,10 @@ END
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
}
+ } elsif ($$hash{$key}[3] eq 'wg_peer_src') {
+ if (!defined &Wireguard::get_peer_by_name($host)) {
+ $coloryellow = 'on';
+ }
}
}
foreach my $host (@tmptgt){
@@ -2567,6 +2632,10 @@ END
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
}
+ } elsif ($$hash{$key}[3] eq 'wg_peer_tgt') {
+ if (!defined &Wireguard::get_peer_by_name($host)) {
+ $coloryellow = 'on';
+ }
}
}
#check if networkgroups or servicegroups are empty
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index d29940b8da..67a0f863a1 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -582,6 +582,13 @@ if ($fwhostsettings{'ACTION'} eq 'savegrp')
$fwhostsettings{'grp_name'}='';
$fwhostsettings{'remark'}='';
}
+ # Fetch the address from a WireGuard Peer
+ if ($fwhostsettings{'grp2'} eq 'wg_peer' && $fwhostsettings{'WG_PEER'} ne ''){
+ @target=$fwhostsettings{'WG_PEER'};
+ $type='wg_peer';
+ }elsif ($fwhostsettings{'grp2'} eq 'wg_peer' && $fwhostsettings{'WG_PEER'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ }
#get address from ovpn ccd static net
if ($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} ne ''){
@target=$fwhostsettings{'OVPN_CCD_NET'};
@@ -1523,6 +1530,34 @@ END
print"</table>";
#Inner table right
print"</td><td align='right' style='vertical-align:top;'><table width='90%' border='0'>";
+ # WireGuard Peers
+ if (%Wireguard::peers) {
+ print <<EOF;
+ <tr>
+ <td style='width:15em;'>
+ <label>
+ <input type='radio' name='grp2' value='wg_peer' $checked{'grp2'}{'wg_peer'}>
+ $Lang::tr{'fwhost wg peers'}
+ </label>
+ </td>
+ <td style='text-align:right;'>
+ <select name='WG_PEER' style='width:16em;'>"
+EOF
+
+ foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) {
+ my $peer = &Wireguard::load_peer($key);
+
+ print <<EOF;
+ <option value="$peer->{"NAME"}">$peer->{"NAME"}</option>
+EOF
+ }
+
+ print <<EOF;
+ </select>
+ </td>
+ </tr>
+EOF
+ }
#OVPN networks
if (! -z $configccdnet){
print<<END;
@@ -1973,6 +2008,14 @@ sub getcolor
$tdcolor="<font style='color: $Header::colourred;'>$c</font>";
return $tdcolor;
}
+
+ # WireGuard Roadwarrior
+ if ($Wireguard::settings{'CLIENT_POOL'}) {
+ if (&Network::ip_address_in_network($sip, $Wireguard::settings{'CLIENT_POOL'})) {
+ return "<font style='color: $Header::colourwg;'>$c</font>"
+ }
+ }
+
#Check if IP is part of OpenVPN N2N subnet
foreach my $key (sort keys %ccdhost){
if ($ccdhost{$key}[3] eq 'net'){
@@ -2979,6 +3022,19 @@ sub getipforgroup
&deletefromgrp($name,$configgrp);
}
+ # WireGuard Peers
+ if ($type eq "wg_peer") {
+ my $peer = &Wireguard::get_peer_by_name($name);
+
+ if (defined $peer) {
+ if ($peer->{"TYPE"} eq "host") {
+ return $peer->{"CLIENT_ADDRESS"};
+ } elsif ($peer->{"TYPE"} eq "net") {
+ return join(", ", @{ $peer->{"REMOTE_SUBNETS"} });
+ }
+ }
+ }
+
#get address from ovpn ccd Net-2-Net
if ($type eq 'OpenVPN N-2-N'){
foreach my $key (keys %ccdhost) {
@@ -3055,6 +3111,9 @@ sub getipforgroup
&General::readhash("${General::swroot}/ethernet/settings",\%hash);
return $hash{'ORANGE_NETADDRESS'}."/".&Network::convert_netmask2prefix($hash{'ORANGE_NETMASK'}) || $hash{'ORANGE_NETMASK'};
}
+ if ($name eq "WGRW") {
+ return $Wireguard::settings{'CLIENT_POOL'};
+ }
if ($name eq 'ALL'){
return "0.0.0.0/0";
}
diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi
index 1246760df9..3cd5b15634 100644
--- a/html/cgi-bin/pakfire.cgi
+++ b/html/cgi-bin/pakfire.cgi
@@ -278,30 +278,127 @@ if (($cgiparams{'ACTION'} eq $Lang::tr{'pakfire install'}) && ($pagemode eq $PM_
&Header::openbox("100%", "center", $Lang::tr{'pakfire install'});
my @pkgs = split(/\|/, $cgiparams{'INSPAKS'});
- my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", @pkgs);
+
print <<END;
- <table style="width: 100%">
+ <table style="width: 100%">
<tr>
<td>
- <p>$Lang::tr{'pakfire install package'} <strong>@{pkgs}</strong><br>$Lang::tr{'pakfire possible dependency'}</p>
+ $Lang::tr{'pakfire install package'} <strong>
+END
+
+ foreach (my $i = 0; $i < $#pkgs; $i++)
+ {
+ print "$pkgs[$i], ";
+ }
+ print "$pkgs[$#pkgs]";
+
+ print <<END;
+ </strong>
+ <br><br>$Lang::tr{'pakfire check deps'}
<pre>
END
- foreach (@output) {
- $_ =~ s/\^[\[[0-1]\;[0-9]+m//g;
- print "$_\n";
+
+ # get dependencies from pakfire resolvedeps output
+ my @pkgs_deps;
+ my @errors;
+ my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", @pkgs);
+ foreach (@output)
+ {
+ if ($_ =~ /install/)
+ {
+ (my $package) = $_ =~ /.+:\s(.+):\s.+:\s.+/;
+ (my $dependency) = $_ =~ /.+:\s.+:\s.+:\s(.+)/;
+ push @pkgs_deps, "$package:$dependency";
+ }
+ if ($_ =~ /ERROR/)
+ {
+ push @errors, $_;
+ }
+ }
+
+ if (@errors)
+ {
+ chomp @errors;
+ print "\nErrors occurred:\n";
+ foreach (@errors)
+ {
+ print "$_\n";
+ }
+ }
+
+ # get dependencies from metafiles
+ my $instdir = "/opt/pakfire/db/installed";
+ my @inst_deps = deps_from_metafiles($instdir);
+ my $metadir = "/opt/pakfire/db/meta";
+ my @meta_deps = deps_from_metafiles($metadir);
+
+ my @all_deps = @inst_deps;
+ push @all_deps, @meta_deps;
+
+ my %dedupe;
+ @all_deps = grep { ! $dedupe{ $_ }++ } @all_deps;
+
+ # build dependencies tree
+ my @search = @pkgs_deps;
+ my @pkgs_deps_tree;
+ my @temp;
+ do
+ {
+ @temp = ();
+ foreach my $i (@search)
+ {
+ (my $child) = $i =~ /.+:(.+)/;
+ foreach my $j (@all_deps)
+ {
+ (my $all_deps_parent) = $j =~ /(.+):.+/;
+ (my $all_deps_child) = $j =~ /.+:(.+)/;
+ if ( $child eq $all_deps_parent )
+ {
+ push @temp, "$i:$all_deps_child";
+ }
+ }
+ }
+ push @pkgs_deps_tree, @temp;
+ @search = @temp;
+ } until ( ! (@search));
+
+ push @pkgs_deps, @pkgs_deps_tree;
+
+ @pkgs_deps = sort @pkgs_deps;
+
+ my @installed = get_package_names($instdir);
+
+ # display dependencies
+ print "\nPackage dependencies:\n";
+ foreach my $i (@pkgs)
+ {
+ print "\n Package: $i\n";
+ if (grep (/^$i/, @pkgs_deps))
+ {
+ foreach my $j (@pkgs_deps)
+ {
+ if (grep (/$i/, $j))
+ {
+ (my $child) = $j =~ /.+:(.+)/;
+ if (grep (/$child/, @installed))
+ {
+ print " " . (arrow_format($j)) . "<span style='font-size:80%'> (already installed)</span>\n";
+ } else {
+ print " " . (arrow_format($j)) . "\n";
+ }
+ }
+ }
+ } else {
+ print " No dependencies found.\n";
+ }
}
+
print <<END;
</pre>
</td>
</tr>
<tr>
- <td>$Lang::tr{'pakfire accept all'}</td>
- </tr>
- <tr>
- <td> </td>
- </tr>
- <tr>
- <td align='center'>
+ <td align='center' style='padding-top:8px;padding-bottom:4px'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='INSPAKS' value='$cgiparams{'INSPAKS'}' />
<input type='hidden' name='FORCE' value='on' />
@@ -638,3 +735,71 @@ sub _http_pagemode_redirect {
$pagemode = $mode;
}
}
+
+# search package metafiles in $dir and return array of
+# dependencies in parent:child format
+sub deps_from_metafiles
+{
+ my $dir = $_[0];
+ my @packages = ();
+ my @temp = ();
+ my @found_deps = ();
+ my @files = glob("$dir/meta-*");
+
+ foreach (@files)
+ {
+ (my $pak) = $_ =~ /.+\/meta\-([\w\-]+)$/;
+ push @packages, $pak;
+ }
+
+ foreach my $i (@packages)
+ {
+ open(META, "<", "$dir/meta-$i") or die "Cannot open file meta-$i: $!";
+ my @data = <META>;
+ close(META);
+
+ my $line = '';
+ foreach (@data)
+ {
+ $line = $_;
+ last if (grep(/Dependencies:/, $line));
+ }
+
+ chomp $line;
+ @temp = split(' ', $line);
+ @temp = grep {$_ ne 'Dependencies:'} @temp;
+ foreach (@temp)
+ {
+ push @found_deps, "$i:$_";
+ }
+ }
+ return @found_deps;
+}
+
+# return package names from a metafile directory
+sub get_package_names
+{
+ my $dir = $_[0];
+ my @files = ();
+ my @temp = glob("$dir/meta-*");
+ foreach (@temp)
+ {
+ (my $name) = $_ =~ /.+\/meta\-([\w\-]+)$/;
+ push @files, $name;
+ }
+ return @files;
+}
+
+# convert a string in 'parent:child:child...' format to
+# 'parent -> child -> child -> ...' format
+sub arrow_format
+{
+ my $line = '';
+ my @items = split(/:/, $_[0]);
+ foreach my $i (@items)
+ {
+ $line = $line . "$i -> ";
+ }
+ $line = substr($line, 0, -4);
+ return $line;
+}
diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi
index 43babf5229..462b6bfa1a 100644
--- a/html/cgi-bin/services.cgi
+++ b/html/cgi-bin/services.cgi
@@ -205,7 +205,7 @@ sub isautorun (@) {
sub isrunningaddon (@) {
my ($pak, $service) = @_;
- my $status = "<td class='status is-stopped'>$Lang::tr{'stopped'}</td><td colspan='2'></td>";
+ my $status = "<td class='status is-stopped is-fixed'>$Lang::tr{'stopped'}</td><td colspan='2'></td>";
my $testcmd = '';
my $exename;
@@ -234,7 +234,7 @@ sub isrunningaddon (@) {
$status .="<td align='right'>$memory</td>";
}else{
$status = "<td align='center' width='16%' colspan=2><a href='services.cgi?$pak!start!$service'><img alt='$Lang::tr{'start'}' title='$Lang::tr{'start'}' src='/images/go-up.png' border='0' /></a></td>";
- $status .= "<td class='status is-stopped'>$Lang::tr{'stopped'}</td><td colspan='2'></td>";
+ $status .= "<td class='status is-stopped is-fixed'>$Lang::tr{'stopped'}</td><td colspan='2'></td>";
}
return $status;
}
diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi
new file mode 100644
index 0000000000..cc79347a62
--- /dev/null
+++ b/html/cgi-bin/wireguard.cgi
@@ -0,0 +1,1369 @@
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+use Imager::QRCode;
+use MIME::Base64;
+
+require "/var/ipfire/general-functions.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/location-functions.pl";
+require "${General::swroot}/wireguard-functions.pl";
+
+my %cgiparams = ();
+my @errormessages = ();
+
+# Generate keys
+&Wireguard::generate_keys();
+
+# Fetch CGI parameters
+&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
+
+# Save on main page
+if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
+ my @client_dns = ();
+
+ # Store whether enabled or not
+ if ($cgiparams{'ENABLED'} =~ m/^(on|off)?$/) {
+ $Wireguard::settings{'ENABLED'} = $cgiparams{'ENABLED'};
+ }
+
+ # Check endpoint
+ if (&General::validfqdn($cgiparams{'ENDPOINT'}) || &Network::check_ip_address($cgiparams{'ENDPOINT'}) || ($cgiparams{'ENDPOINT'} eq '')) {
+ $Wireguard::settings{'ENDPOINT'} = $cgiparams{'ENDPOINT'};
+ } else {
+ push(@errormessages, $Lang::tr{'invalid endpoint'});
+ }
+
+ # Check port
+ if (&General::validport($cgiparams{'PORT'})) {
+ $Wireguard::settings{'PORT'} = $cgiparams{'PORT'};
+ } else {
+ push(@errormessages, $Lang::tr{'invalid port'});
+ }
+
+ # Check client pool
+ if (&Wireguard::pool_is_in_use($Wireguard::settings{'CLIENT_POOL'})) {
+ # Ignore any changes if the pool is in use
+ } elsif (&Network::check_subnet($cgiparams{'CLIENT_POOL'})) {
+ $Wireguard::settings{'CLIENT_POOL'} = $cgiparams{'CLIENT_POOL'};
+ } elsif ($cgiparams{'CLIENT_POOL'} ne '') {
+ push(@errormessages, $Lang::tr{'wg invalid client pool'});
+ }
+
+ # Check client DNS
+ if (defined $cgiparams{'CLIENT_DNS'}) {
+ @client_dns = split(/,/, $cgiparams{'CLIENT_DNS'});
+
+ foreach my $dns (@client_dns) {
+ unless (&Network::check_ip_address($dns)) {
+ push(@errormessages, "$Lang::tr{'wg invalid client dns'}: ${dns}");
+ }
+ }
+
+ # Store CLIENT_DNS
+ $Wireguard::settings{'CLIENT_DNS'} = join("|", @client_dns);
+ }
+
+ # Don't continue on error
+ goto MAIN if (scalar @errormessages);
+
+ # Store the configuration file
+ &General::writehash("/var/ipfire/wireguard/settings", \%Wireguard::settings);
+
+ # Start if enabled
+ if ($Wireguard::settings{'ENABLED'} eq "on") {
+ &General::system("/usr/local/bin/wireguardctrl", "start");
+ } else {
+ &General::system("/usr/local/bin/wireguardctrl", "stop");
+ }
+
+# Delete an existing peer
+} elsif ($cgiparams{"ACTION"} eq $Lang::tr{'remove'}) {
+ my $key = $cgiparams{'KEY'};
+
+ # Fail if the peer does not exist
+ unless (exists $Wireguard::peers{$key}) {
+ push(@errormessages, $Lang::tr{'wg peer does not exist'});
+ goto MAIN;
+ }
+
+ # Delete the peer
+ delete($Wireguard::peers{$key});
+
+ # Store the configuration
+ &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers);
+
+ # Reload if enabled
+ if ($Wireguard::settings{'ENABLED'} eq "on") {
+ &General::system("/usr/local/bin/wireguardctrl", "start");
+ }
+
+# Edit an existing peer
+} elsif ($cgiparams{"ACTION"} eq $Lang::tr{'edit'}) {
+ my $key = $cgiparams{'KEY'};
+
+ # Fail if the peer does not exist
+ unless (exists $Wireguard::peers{$key}) {
+ push(@errormessages, $Lang::tr{'wg peer does not exist'});
+ goto MAIN;
+ }
+
+ # Fetch type
+ my $type = $Wireguard::peers{$key}[1];
+
+ my $remote_subnets = &Wireguard::decode_subnets($Wireguard::peers{$key}[8]);
+ my $local_subnets = &Wireguard::decode_subnets($Wireguard::peers{$key}[10]);
+
+ # Flush CGI parameters & load configuration
+ %cgiparams = (
+ "KEY" => $key,
+ "ENABLED" => $Wireguard::peers{$key}[0],
+ "TYPE" => $Wireguard::peers{$key}[1],
+ "NAME" => $Wireguard::peers{$key}[2],
+ "PUBLIC_KEY" => $Wireguard::peers{$key}[3],
+ "PRIVATE_KEY" => $Wireguard::peers{$key}[4],
+ "PORT" => $Wireguard::peers{$key}[5],
+ "ENDPOINT_ADDRESS" => $Wireguard::peers{$key}[6],
+ "ENDPOINT_PORT" => $Wireguard::peers{$key}[7],
+ "REMOTE_SUBNETS" => join(", ", @$remote_subnets),
+ "REMARKS" => &MIME::Base64::decode_base64($Wireguard::peers{$key}[9]),
+ "LOCAL_SUBNETS" => join(", ", @$local_subnets),
+ "PSK" => $Wireguard::peers{$key}[11],
+ "KEEPALIVE" => $Wireguard::peers{$key}[12],
+ );
+
+ # Jump to the editor
+ if ($type eq "host") {
+ goto EDITHOST;
+ } elsif ($type eq "net") {
+ goto EDITNET;
+ } else {
+ die "Unsupported type: $type";
+ }
+
+} elsif ($cgiparams{"ACTION"} eq "CREATE-PEER-NET") {
+ my @local_subnets = ();
+ my @remote_subnets = ();
+
+ # Allocate a new key
+ my $key = &General::findhasharraykey(\%Wireguard::peers);
+
+ my $name = $cgiparams{"NAME"};
+
+ # Check if the name is valid
+ unless (&Wireguard::name_is_valid($name)) {
+ push(@errormessages, $Lang::tr{'wg invalid name'});
+ }
+
+ # Check if the name is free
+ unless (&Wireguard::name_is_free($name, $key)) {
+ push(@errormessages, $Lang::tr{'wg name is already used'});
+ }
+
+ # Check the endpoint address
+ if ($cgiparams{'ENDPOINT_ADDRESS'} eq '') {
+ # The endpoint address may be empty
+ } elsif (&General::validfqdn($cgiparams{'ENDPOINT_ADDRESS'})) {
+ # The endpoint is a valid FQDN
+ } elsif (&Network::check_ip_address($cgiparams{'ENDPOINT_ADDRESS'})) {
+ # The endpoint is a valid IP address
+ } else {
+ push(@errormessages, $Lang::tr{'wg invalid endpoint address'});
+ }
+
+ # Check local subnets
+ if (defined $cgiparams{'LOCAL_SUBNETS'}) {
+ @local_subnets = split(/,/, $cgiparams{'LOCAL_SUBNETS'});
+
+ foreach my $subnet (@local_subnets) {
+ $subnet =~ s/^\s+//g;
+ $subnet =~ s/\s+$//g;
+
+ unless (&Network::check_subnet($subnet)) {
+ push(@errormessages, $Lang::tr{'wg invalid local subnet'} . ": ${subnet}");
+ }
+ }
+ } else {
+ push(@errormessages, $Lang::tr{'wg no local subnets'});
+ }
+
+ # Check remote subnets
+ if (defined $cgiparams{'REMOTE_SUBNETS'}) {
+ @remote_subnets = split(/,/, $cgiparams{'REMOTE_SUBNETS'});
+
+ foreach my $subnet (@remote_subnets) {
+ $subnet =~ s/^\s+//g;
+ $subnet =~ s/\s+$//g;
+
+ unless (&Network::check_subnet($subnet)) {
+ push(@errormessages, $Lang::tr{'wg invalid remote subnet'} . ": ${subnet}");
+ }
+ }
+ } else {
+ push(@errormessages, $Lang::tr{'wg no remote subnets'});
+ }
+
+ # If there are any errors, we go back to the editor
+ goto CREATENET if (scalar @errormessages);
+
+ # Generate a new key pair
+ my $local_private_key = &Wireguard::generate_private_key();
+ my $remote_private_key = &Wireguard::generate_private_key();
+
+ # Derive the public key
+ my $remote_public_key = &Wireguard::derive_public_key($remote_private_key);
+
+ # Generate a new PSK
+ my $psk = &Wireguard::generate_private_key();
+
+ # Generate two new ports
+ my $local_port = &Wireguard::get_free_port();
+ my $remote_port = &Wireguard::get_free_port();
+
+ # Save the connection
+ $Wireguard::peers{$key} = [
+ # 0 = Enabled
+ "on",
+ # 1 = Type
+ "net",
+ # 2 = Name
+ $name,
+ # 3 = Remote Public Key
+ $remote_public_key,
+ # 4 = Local Private Key
+ $local_private_key,
+ # 5 = Port
+ $local_port,
+ # 6 = Endpoint Address
+ $cgiparams{"ENDPOINT_ADDRESS"},
+ # 7 = Endpoint Port
+ $remote_port,
+ # 8 = Remote Subnets
+ &Wireguard::encode_subnets(@remote_subnets),
+ # 9 = Remark
+ &Wireguard::encode_remarks($cgiparams{"REMARKS"}),
+ # 10 = Local Subnets
+ &Wireguard::encode_subnets(@local_subnets),
+ # 11 = PSK
+ $psk,
+ # 12 = Keepalive
+ $Wireguard::DEFAULT_KEEPALIVE,
+ ];
+
+ # Store the configuration
+ &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers);
+
+ # Reload if enabled
+ if ($Wireguard::settings{'ENABLED'} eq "on") {
+ &General::system("/usr/local/bin/wireguardctrl", "start");
+ }
+
+ # Send HTTP Headers
+ &Header::showhttpheaders();
+
+ # Open the page
+ &Header::openpage($Lang::tr{'wireguard'}, 1, '');
+
+ # Generate the client configuration
+ my $config = &Wireguard::generate_peer_configuration($key, $remote_private_key);
+
+ # Encode the configuration as Base64
+ $config = &MIME::Base64::encode_base64($config);
+
+ # Open a new box
+ &Header::openbox('100%', '', "$Lang::tr{'wg peer configuration'}: $name");
+
+ # Make the filename for files
+ my $filename = &Header::normalize("${name}.conf");
+
+ print <<END;
+ <div class="text-center">
+ <p>
+ <a href="data:text/plain;base64,${config}" download="${filename}">
+ $Lang::tr{'wg download configuration file'}
+ </a>
+ </p>
+
+ <p class="text-error">
+ $Lang::tr{'wg warning configuration only shown once'}
+ </p>
+
+ <p>
+ <form method="GET" action="">
+ <button type="submit">$Lang::tr{'done'}</button>
+ </form>
+ </p>
+ </div>
+END
+
+ &Header::closebox();
+ &Header::closepage();
+
+ exit(0);
+
+} elsif ($cgiparams{"ACTION"} eq "SAVE-PEER-NET") {
+ my @local_subnets = ();
+ my @remote_subnets = ();
+
+ # Fetch or allocate a new key
+ my $key = $cgiparams{'KEY'};
+
+ # Load the existing peer
+ my $peer = &Wireguard::load_peer($key);
+
+ # Check if the name is valid
+ unless (&Wireguard::name_is_valid($cgiparams{"NAME"})) {
+ push(@errormessages, $Lang::tr{'wg invalid name'});
+ }
+
+ # Check if the name is free
+ unless (&Wireguard::name_is_free($cgiparams{"NAME"}, $key)) {
+ push(@errormessages, $Lang::tr{'wg name is already used'});
+ }
+
+ # Check the public key
+ unless (&Wireguard::key_is_valid($cgiparams{'PUBLIC_KEY'})) {
+ push(@errormessages, $Lang::tr{'wg invalid public key'});
+ }
+
+ # Check PSK
+ if ($cgiparams{'PSK'} eq '') {
+ # The PSK may be empty
+ } elsif (!&Wireguard::key_is_valid($cgiparams{'PSK'})) {
+ push(@errormessages, $Lang::tr{'wg invalid psk'});
+ }
+
+ # Select a new random port if none given
+ if ($cgiparams{'PORT'} eq "") {
+ $cgiparams{'PORT'} = &Wireguard::get_free_port();
+
+ # If a port was given we check that it is valid
+ } elsif (!&General::validport($cgiparams{'PORT'})) {
+ push(@errormessages, $LANG::tr{'invalid port'});
+ }
+
+ # Check the endpoint address
+ if ($cgiparams{'ENDPOINT_ADDRESS'} eq '') {
+ # The endpoint address may be empty
+ } elsif (&General::validfqdn($cgiparams{'ENDPOINT_ADDRESS'})) {
+ # The endpoint is a valid FQDN
+ } elsif (&Network::check_ip_address($cgiparams{'ENDPOINT_ADDRESS'})) {
+ # The endpoint is a valid IP address
+ } else {
+ push(@errormessages, $Lang::tr{'wg invalid endpoint address'});
+ }
+
+ # Check the endpoint port
+ unless (&General::validport($cgiparams{'ENDPOINT_PORT'})) {
+ push(@errormessages, $Lang::tr{'wg invalid endpoint port'});
+ }
+
+ # Check keepalive
+ unless (&Wireguard::keepalive_is_valid($cgiparams{'KEEPALIVE'})) {
+ push(@errormessages, $Lang::tr{'wg invalid keepalive interval'});
+ }
+
+ # Check local subnets
+ if (defined $cgiparams{'LOCAL_SUBNETS'}) {
+ @local_subnets = split(/,/, $cgiparams{'LOCAL_SUBNETS'});
+
+ foreach my $subnet (@local_subnets) {
+ $subnet =~ s/^\s+//g;
+ $subnet =~ s/\s+$//g;
+
+ unless (&Network::check_subnet($subnet)) {
+ push(@errormessages, $Lang::tr{'wg invalid local subnet'} . ": ${subnet}");
+ }
+ }
+ } else {
+ push(@errormessages, $Lang::tr{'wg no local subnets'});
+ }
+
+ # Check remote subnets
+ if (defined $cgiparams{'REMOTE_SUBNETS'}) {
+ @remote_subnets = split(/,/, $cgiparams{'REMOTE_SUBNETS'});
+
+ foreach my $subnet (@remote_subnets) {
+ $subnet =~ s/^\s+//g;
+ $subnet =~ s/\s+$//g;
+
+ unless (&Network::check_subnet($subnet)) {
+ push(@errormessages, $Lang::tr{'wg invalid remote subnet'} . ": ${subnet}");
+ }
+ }
+ } else {
+ push(@errormessages, $Lang::tr{'wg no remote subnets'});
+ }
+
+ # If there are any errors, we go back to the editor
+ goto EDITNET if (scalar @errormessages);
+
+ # Save the connection
+ $Wireguard::peers{$key} = [
+ # 0 = Enabled
+ "on",
+ # 1 = Type
+ "net",
+ # 2 = Name
+ $cgiparams{"NAME"},
+ # 3 = Public Key
+ $cgiparams{"PUBLIC_KEY"},
+ # 4 = Private Key
+ $peer->{"PRIVATE_KEY"},
+ # 5 = Port
+ $cgiparams{"PORT"},
+ # 6 = Endpoint Address
+ $cgiparams{"ENDPOINT_ADDRESS"},
+ # 7 = Endpoint Port
+ $cgiparams{"ENDPOINT_PORT"},
+ # 8 = Remote Subnets
+ &Wireguard::encode_subnets(@remote_subnets),
+ # 9 = Remark
+ &Wireguard::encode_remarks($cgiparams{"REMARKS"}),
+ # 10 = Local Subnets
+ &Wireguard::encode_subnets(@local_subnets),
+ # 11 = PSK
+ $cgiparams{"PSK"} || "",
+ # 12 = Keepalive
+ $cgiparams{"KEEPALIVE"} || 0,
+ ];
+
+ # Store the configuration
+ &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers);
+
+ # Reload if enabled
+ if ($Wireguard::settings{'ENABLED'} eq "on") {
+ &General::system("/usr/local/bin/wireguardctrl", "start");
+ }
+
+} elsif ($cgiparams{"ACTION"} eq "SAVE-PEER-HOST") {
+ my $private_key;
+ my @free_addresses = ();
+ my @local_subnets = ();
+
+ # Fetch or allocate a new key
+ my $key = $cgiparams{'KEY'} || &General::findhasharraykey(\%Wireguard::peers);
+
+ # Is this a new connection?
+ my $is_new = !exists $Wireguard::peers{$key};
+
+ # Check if the name is valid
+ unless (&Wireguard::name_is_valid($cgiparams{"NAME"})) {
+ push(@errormessages, $Lang::tr{'wg invalid name'});
+ }
+
+ # Check if the name is free
+ unless (&Wireguard::name_is_free($cgiparams{"NAME"}, $key)) {
+ push(@errormessages, $Lang::tr{'wg name is already used'});
+ }
+
+ # Check local subnets
+ if (defined $cgiparams{'LOCAL_SUBNETS'}) {
+ @local_subnets = split(/,/, $cgiparams{'LOCAL_SUBNETS'});
+
+ foreach my $subnet (@local_subnets) {
+ $subnet =~ s/^\s+//g;
+ $subnet =~ s/\s+$//g;
+
+ unless (&Network::check_subnet($subnet)) {
+ push(@errormessages, $Lang::tr{'wg invalid local subnet'} . ": ${subnet}");
+ }
+ }
+ } else {
+ push(@errormessages, $Lang::tr{'wg no local subnets'});
+ }
+
+ # Check if we have address space left in the pool
+ if ($is_new) {
+ # Fetch the next free address
+ @free_addresses = &Wireguard::free_pool_addresses($Wireguard::settings{'CLIENT_POOL'}, 1);
+
+ # Fail if we ran out of addresses
+ if (scalar @free_addresses == 0) {
+ push(@errormessages, $Lang::tr{'wg no more free addresses in pool'});
+ }
+ }
+
+ # If there are any errors, we go back to the editor
+ goto EDITHOST if (scalar @errormessages);
+
+ # Generate things for a new peer
+ if ($is_new) {
+ # Generate a new private key
+ $private_key = &Wireguard::generate_private_key();
+
+ # Derive the public key
+ $cgiparams{"PUBLIC_KEY"} = &Wireguard::derive_public_key($private_key);
+
+ # Generate a new PSK
+ $cgiparams{"PSK"} = &Wireguard::generate_private_key();
+
+ # Fetch a free address from the pool
+ foreach (@free_addresses) {
+ $cgiparams{'CLIENT_ADDRESS'} = $_;
+ last;
+ }
+
+ # Fetch some configuration parts
+ } else {
+ $cgiparams{"PUBLIC_KEY"} = $Wireguard::peers{$key}[3];
+ $cgiparams{'CLIENT_ADDRESS'} = $Wireguard::peers{$key}[8];
+ $cgiparams{"PSK"} = $Wireguard::peers{$key}[11];
+ }
+
+ # Save the connection
+ $Wireguard::peers{$key} = [
+ # 0 = Enabled
+ "on",
+ # 1 = Type
+ "host",
+ # 2 = Name
+ $cgiparams{"NAME"},
+ # 3 = Public Key
+ $cgiparams{"PUBLIC_KEY"},
+ # 4 = Private Key
+ "",
+ # 5 = Port
+ "",
+ # 6 = Endpoint Address
+ "",
+ # 7 = Endpoint Port
+ "",
+ # 8 = Remote Subnets
+ $cgiparams{'CLIENT_ADDRESS'},
+ # 9 = Remark
+ &Wireguard::encode_remarks($cgiparams{"REMARKS"}),
+ # 10 = Local Subnets
+ &Wireguard::encode_subnets(@local_subnets),
+ # 11 = PSK
+ $cgiparams{"PSK"},
+ # 12 = Keepalive
+ 0,
+ ];
+
+ # Store the configuration
+ &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers);
+
+ # Reload if enabled
+ if ($Wireguard::settings{'ENABLED'} eq "on") {
+ &General::system("/usr/local/bin/wireguardctrl", "start");
+ }
+
+ # Show the client configuration when creating a new peer
+ if ($is_new) {
+ # Send HTTP Headers
+ &Header::showhttpheaders();
+
+ # Open the page
+ &Header::openpage($Lang::tr{'wireguard'}, 1, '');
+
+ # Load the peer
+ my $peer = &Wireguard::load_peer($key);
+
+ # Generate the client configuration
+ my $config = &Wireguard::generate_peer_configuration($key, $private_key);
+
+ # Create a QR code generator
+ my $qrgen = Imager::QRCode->new(
+ size => 6,
+ margin => 0,
+ version => 0,
+ level => 'M',
+ mode => '8-bit',
+ casesensitive => 1,
+ lightcolor => Imager::Color->new(255, 255, 255),
+ darkcolor => Imager::Color->new(0, 0, 0),
+ );
+
+ # The generated QR code
+ my $qrcode;
+
+ # Encode the configuration
+ my $img = $qrgen->plot("$config");
+
+ # Encode the image as PNG
+ $img->write(data => \$qrcode, type => "png") or die $img->errstr;
+
+ # Encode the image as bas64
+ $qrcode = &MIME::Base64::encode_base64($qrcode);
+
+ # Encode the configuration as Base64
+ $config = &MIME::Base64::encode_base64($config);
+
+ # Open a new box
+ &Header::openbox('100%', '', "$Lang::tr{'wg peer configuration'}: $peer->{'NAME'}");
+
+ # Make the filename for files
+ my $filename = &Header::normalize($peer->{'NAME'}) . ".conf";
+
+ print <<END;
+ <div class="text-center">
+ <p>
+ <img src="data:image/png;base64,${qrcode}" alt="$Lang::tr{'qr code'}">
+ </p>
+
+ <p>
+ $Lang::tr{'wg scan the qr code'}
+ </p>
+
+ <p>
+ <a href="data:text/plain;base64,${config}" download="${filename}">
+ $Lang::tr{'wg download configuration file'}
+ </a>
+ </p>
+
+ <p class="text-error">
+ $Lang::tr{'wg warning configuration only shown once'}
+ </p>
+
+ <p>
+ <form method="GET" action="">
+ <button type="submit">$Lang::tr{'done'}</button>
+ </form>
+ </p>
+ </div>
+END
+
+ &Header::closebox();
+ &Header::closepage();
+
+ exit(0);
+ }
+
+} elsif ($cgiparams{"ACTION"} eq $Lang::tr{'add'}) {
+ if ($cgiparams{"TYPE"} eq "net") {
+ goto CREATENET;
+
+ } elsif ($cgiparams{"TYPE"} eq "host") {
+ goto CREATEHOST;
+
+ } elsif ($cgiparams{"TYPE"} eq "import") {
+ # Parse the configuration file
+ (%cgiparams, @errormessages) = &Wireguard::parse_configuration($cgiparams{'FH'});
+
+ # We basically don't support importing RW connections, so we always
+ # need to go and show the N2N editor.
+ goto EDITNET;
+
+ # Ask the user what type they want
+ } else {
+ goto ADD;
+ }
+
+# Toggle Enable/Disable
+} elsif ($cgiparams{'ACTION'} eq 'TOGGLE-ENABLE-DISABLE') {
+ my $key = $cgiparams{'KEY'} || 0;
+
+ if (exists $Wireguard::peers{$key}) {
+ if ($Wireguard::peers{$key}[0] eq "on") {
+ $Wireguard::peers{$key}[0] = "off";
+ } else {
+ $Wireguard::peers{$key}[0] = "on";
+ }
+ }
+
+ # Store the configuration
+ &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers);
+
+ # Reload if enabled
+ if ($Wireguard::settings{'ENABLED'} eq "on") {
+ &General::system("/usr/local/bin/wireguardctrl", "start");
+ }
+}
+
+# The main page starts here
+MAIN:
+ # Send HTTP Headers
+ &Header::showhttpheaders();
+
+ # Open the page
+ &Header::openpage($Lang::tr{'wireguard'}, 1, '');
+
+ # Show any error messages
+ &Header::errorbox(@errormessages);
+
+ # Open a box for Global Settings
+ &Header::openbox('100%', '', $Lang::tr{'global settings'});
+
+ my %checked = (
+ "ENABLED" => ($Wireguard::settings{'ENABLED'} eq "on") ? "checked" : "",
+ );
+
+ my %readonly = (
+ "CLIENT_POOL" => (&Wireguard::pool_is_in_use($Wireguard::settings{'CLIENT_POOL'}) ? "readonly" : ""),
+ );
+
+ my $client_dns = $Wireguard::settings{'CLIENT_DNS'} =~ s/\|/, /gr;
+
+ print <<END;
+ <form method="POST" action="">
+ <table class="form">
+ <tr>
+ <td>$Lang::tr{'enabled'}</td>
+ <td>
+ <input type="checkbox" name="ENABLED" $checked{'ENABLED'} />
+ </td>
+ </tr>
+
+ <tr>
+ <td>$Lang::tr{'endpoint'}</td>
+ <td>
+ <input type="text" name="ENDPOINT" value="$Wireguard::settings{'ENDPOINT'}" placeholder="$General::mainsettings{'HOSTNAME'}.$General::mainsettings{'DOMAINNAME'}" />
+ </td>
+ </tr>
+
+ <tr>
+ <td>$Lang::tr{'port'}</td>
+ <td>
+ <input type="number" name="PORT" value="$Wireguard::settings{'PORT'}"
+ min="1024" max="65535" />
+ </td>
+ </tr>
+ </table>
+
+ <h6>$Lang::tr{'wg host to net client settings'}</h6>
+
+ <table class="form">
+ <tr>
+ <td>$Lang::tr{'wg client pool'}</td>
+ <td>
+ <input type="text" name="CLIENT_POOL"
+ value="$Wireguard::settings{'CLIENT_POOL'}" $readonly{'CLIENT_POOL'} />
+ </td>
+ </tr>
+
+ <tr>
+ <td>$Lang::tr{'wg dns'}</td>
+ <td>
+ <input type="text" name="CLIENT_DNS"
+ value="$client_dns" />
+ </td>
+ </tr>
+
+ <tr class="action">
+ <td colspan="2">
+ <input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
+ </td>
+ </tr>
+ </table>
+ </form>
+END
+ &Header::closebox();
+
+ # Show a list with all peers
+ &Header::opensection();
+
+ if (%Wireguard::peers) {
+ print <<END;
+ <table class='tbl'>
+ <tr>
+ <th width='15%'>
+ $Lang::tr{'name'}
+ </th>
+
+ <th>
+ $Lang::tr{'remark'}
+ </th>
+
+ <th width='20%' colspan='2'>
+ $Lang::tr{'status'}
+ </th>
+
+ <th width='10%' colspan='3'>
+ $Lang::tr{'action'}
+ </th>
+ </tr>
+END
+
+ # Dump all RW peers
+ my %DUMP = &Wireguard::dump("wg0");
+
+ # Iterate through all peers...
+ foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) {
+ my $enabled = $Wireguard::peers{$key}[0];
+ my $type = $Wireguard::peers{$key}[1];
+ my $name = $Wireguard::peers{$key}[2];
+ my $pubkey = $Wireguard::peers{$key}[3];
+ #my $privkey = $Wireguard::peers{$key}[4]
+ #my $port = $Wireguard::peers{$key}[5];
+ my $endpoint = $Wireguard::peers{$key}[6];
+ #my $endpport = $Wireguard::peers{$key}[7];
+ my $routes = $Wireguard::peers{$key}[8];
+ my $remarks = &Wireguard::decode_remarks($Wireguard::peers{$key}[9]);
+
+ my $connected = $Lang::tr{'capsclosed'};
+ my $country = "ZZ";
+ my $location = "";
+
+ my $gif = ($enabled eq "on") ? "on.gif" : "off.gif";
+ my @status = ("status");
+
+ # Fetch the dump
+ my %dump = ($type eq "net") ? &Wireguard::dump("wg$key") : %DUMP;
+
+ # Fetch the status of the peer (if possible)
+ my $status = $dump{$pubkey} || ();
+
+ # Fetch the actual endpoint
+ my ($actual_endpoint, $actual_port) = split(/:/, $status->{"endpoint"}, 2);
+
+ # WireGuard performs a handshake very two minutes, so we should be considered online then
+ my $is_connected = (time - $status->{"latest-handshake"}) <= 120;
+
+ # We are connected!
+ if ($is_connected) {
+ push(@status, "is-connected");
+
+ $connected = $Lang::tr{'capsopen'};
+
+ # If we have an endpoint lets lookup the country
+ if ($actual_endpoint) {
+ $country = &Location::Functions::lookup_country_code($actual_endpoint);
+
+ # If we found a country, let's show it
+ if ($country) {
+ my $icon = &Location::Functions::get_flag_icon($country);
+
+ $location = <<EOF;
+ <a href="country.cgi#$country">
+ <img src="$icon" border='0' align='absmiddle'
+ alt='$country' title='$actual_endpoint:$actual_port - $country' />
+ </a>
+EOF
+ }
+ }
+
+ # We are not connected...
+ } else {
+ push(@status, "is-disconnected");
+ }
+
+ # Escape remarks
+ if ($remarks) {
+ $remarks = &Header::escape($remarks);
+ }
+
+ print <<END;
+ <tr>
+ <th scope="row">
+ $name
+ </th>
+
+ <td>
+ $remarks
+ </td>
+END
+
+ if ($location) {
+ print <<END;
+ <td class="@status">
+ $connected
+ </td>
+
+ <td class="@status">
+ $location
+ </td>
+END
+ } else {
+ print <<END;
+ <td class="@status" colspan="2">
+ $connected
+ </td>
+END
+ }
+
+ print <<END;
+ <td class="text-center">
+ <form method='post'>
+ <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif'
+ alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' />
+ <input type='hidden' name='ACTION' value='TOGGLE-ENABLE-DISABLE' />
+ <input type='hidden' name='KEY' value='$key' />
+ </form>
+ </td>
+
+ <td class="text-center">
+ <form method='post'>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
+ <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif'
+ alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
+ <input type='hidden' name='KEY' value='$key' />
+ </form>
+ </td>
+
+ <td class="text-center">
+ <form method='post'>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
+ <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif'
+ alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
+ <input type='hidden' name='KEY' value='$key' />
+ </form>
+ </td>
+ </tr>
+END
+ }
+
+ print"</table>";
+ }
+
+ # Show controls
+ print <<END;
+ <table class="form">
+ <tr class="action">
+ <td>
+ <form method='post'>
+ <input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
+ </form>
+ </td>
+ </tr>
+ </table>
+END
+
+ &Header::closesection();
+ &Header::closepage();
+
+ exit(0);
+
+ADD:
+ # Send HTTP Headers
+ &Header::showhttpheaders();
+
+ # Open the page
+ &Header::openpage($Lang::tr{'wireguard'}, 1, '');
+
+ # Show any error messages
+ &Header::errorbox(@errormessages);
+
+ # Open a new box
+ &Header::openbox('100%', '', $Lang::tr{'connection type'});
+
+ my %disabled = (
+ "host" => "",
+ );
+
+ # If there is no CLIENT_POOL configured, we disable the option
+ if ($Wireguard::settings{'CLIENT_POOL'} eq "") {
+ $disabled{"host"} = "disabled";
+
+ # If the client pool is out of addresses, we do the same
+ } else {
+ my @free_addresses = &Wireguard::free_pool_addresses($Wireguard::settings{'CLIENT_POOL'}, 1);
+
+ if (scalar @free_addresses == 0) {
+ $disabled{"host"} = "disabled";
+ }
+ }
+
+ print <<END;
+ <form method="POST" ENCTYPE="multipart/form-data">
+ <ul>
+ <li>
+ <label>
+ <input type='radio' name='TYPE' value='host' $disabled{'host'} />
+ $Lang::tr{'host to net vpn'}
+ </label>
+ </li>
+
+ <li>
+ <label>
+ <input type='radio' name='TYPE' value='net' checked />
+ $Lang::tr{'net to net vpn'}
+ </label>
+ </li>
+
+ <li>
+ <label>
+ <input type='radio' name='TYPE' value='import' />
+ $Lang::tr{'import connection'}
+ </label>
+
+ <input type='file' name='FH' />
+ </li>
+ </ul>
+
+ <table class="form">
+ <tr class="action">
+ <td>
+ <input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
+ </td>
+ </tr>
+ </table>
+ </form>
+END
+
+ &Header::closebox();
+ &Header::closepage();
+
+ exit(0);
+
+CREATENET:
+ # Send HTTP Headers
+ &Header::showhttpheaders();
+
+ # Open the page
+ &Header::openpage($Lang::tr{'wireguard'}, 1, '');
+
+ # Show any error messages
+ &Header::errorbox(@errormessages);
+
+ # Open a new box
+ &Header::openbox('100%', '', $Lang::tr{'wg create net-to-net peer'});
+
+ # Set defaults
+ &General::set_defaults(\%cgiparams, {
+ "LOCAL_SUBNETS" =>
+ $Network::ethernet{"GREEN_NETADDRESS"}
+ . "/" . $Network::ethernet{"GREEN_NETMASK"},
+ });
+
+ print <<END;
+ <form method="POST" ENCTYPE="multipart/form-data">
+ <input type="hidden" name="ACTION" value="CREATE-PEER-NET">
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'name'}
+ </td>
+
+ <td>
+ <input type="text" name="NAME"
+ value="$cgiparams{'NAME'}" required />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'remarks'}
+ </td>
+
+ <td>
+ <input type="text" name="REMARKS"
+ value="$cgiparams{'REMARKS'}" />
+ </td>
+ </tr>
+ </table>
+
+ <h6>$Lang::tr{'endpoint'}</h6>
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'endpoint address'}
+ </td>
+
+ <td>
+ <input type="text" name="ENDPOINT_ADDRESS"
+ value="$cgiparams{'ENDPOINT_ADDRESS'}" />
+ </td>
+ </tr>
+ </table>
+
+ <h6>$Lang::tr{'routing'}</h6>
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'local subnets'}
+ </td>
+
+ <td>
+ <input type="text" name="LOCAL_SUBNETS"
+ value="$cgiparams{'LOCAL_SUBNETS'}" required />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'remote subnets'}
+ </td>
+
+ <td>
+ <input type="text" name="REMOTE_SUBNETS"
+ value="$cgiparams{'REMOTE_SUBNETS'}" required />
+ </td>
+ </tr>
+
+ <tr class="action">
+ <td colspan="2">
+ <input type='submit' value='$Lang::tr{'create'}' />
+ </td>
+ </tr>
+ </table>
+ </form>
+END
+
+ &Header::closebox();
+ &Header::closepage();
+
+ exit(0);
+
+EDITNET:
+ # Send HTTP Headers
+ &Header::showhttpheaders();
+
+ # Open the page
+ &Header::openpage($Lang::tr{'wireguard'}, 1, '');
+
+ # Show any error messages
+ &Header::errorbox(@errormessages);
+
+ # Fetch the key
+ my $key = $cgiparams{'KEY'};
+
+ # Open a new box
+ &Header::openbox('100%', '', $Lang::tr{'wg edit net-to-net peer'});
+
+ # Derive our own public key
+ my $public_key = &Wireguard::derive_public_key($cgiparams{'PRIVATE_KEY'});
+
+ print <<END;
+ <form method="POST" ENCTYPE="multipart/form-data">
+ <input type="hidden" name="ACTION" value="SAVE-PEER-NET">
+ <input type="hidden" name="KEY" value="$cgiparams{'KEY'}">
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'name'}
+ </td>
+
+ <td>
+ <input type="text" name="NAME"
+ value="$cgiparams{'NAME'}" required />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'remarks'}
+ </td>
+
+ <td>
+ <input type="text" name="REMARKS"
+ value="$cgiparams{'REMARKS'}" />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'public key'}
+ </td>
+
+ <td>
+ <input type="text" value="$public_key" readonly />
+ </td>
+ </tr>
+ </table>
+
+ <h6>$Lang::tr{'endpoint'}</h6>
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'endpoint address'}
+ </td>
+
+ <td>
+ <input type="text" name="ENDPOINT_ADDRESS"
+ value="$cgiparams{'ENDPOINT_ADDRESS'}" />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'endpoint port'}
+ </td>
+
+ <td>
+ <input type="number" name="ENDPOINT_PORT"
+ value="$cgiparams{'ENDPOINT_PORT'}" required
+ min="1" max="65535" placeholder="${Wireguard::DEFAULT_PORT}"/>
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'local port'}
+ </td>
+
+ <td>
+ <input type="number" name="PORT"
+ value="$cgiparams{'PORT'}" min="1" max="65535"
+ placeholder="$Lang::tr{'wg leave empty to automatically select'}" />
+ </td>
+ </tr>
+
+ <tr>
+ <td>$Lang::tr{'public key'}</td>
+ <td>
+ <input type="text" name="PUBLIC_KEY"
+ value="$cgiparams{'PUBLIC_KEY'}" required />
+ </td>
+ </tr>
+
+ <tr>
+ <td>$Lang::tr{'wg pre-shared key (optional)'}</td>
+ <td>
+ <input type="text" name="PSK"
+ value="$cgiparams{'PSK'}" />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'wg keepalive interval'}
+ </td>
+
+ <td>
+ <input type="number" name="KEEPALIVE"
+ value="$cgiparams{'KEEPALIVE'}" required
+ min="0" max="65535" />
+ </td>
+ </tr>
+ </table>
+
+ <h6>$Lang::tr{'routing'}</h6>
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'local subnets'}
+ </td>
+
+ <td>
+ <input type="text" name="LOCAL_SUBNETS"
+ value="$cgiparams{'LOCAL_SUBNETS'}" required />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'remote subnets'}
+ </td>
+
+ <td>
+ <input type="text" name="REMOTE_SUBNETS"
+ value="$cgiparams{'REMOTE_SUBNETS'}" required />
+ </td>
+ </tr>
+
+ <tr class="action">
+ <td colspan="2">
+ <input type='submit' value='$Lang::tr{'save'}' />
+ </td>
+ </tr>
+ </table>
+ </form>
+END
+
+ &Header::closebox();
+ &Header::closepage();
+
+ exit(0);
+
+CREATEHOST:
+EDITHOST:
+ # Send HTTP Headers
+ &Header::showhttpheaders();
+
+ # Open the page
+ &Header::openpage($Lang::tr{'wireguard'}, 1, '');
+
+ # Show any error messages
+ &Header::errorbox(@errormessages);
+
+ # Fetch the key
+ my $key = $cgiparams{'KEY'};
+
+ # Open a new box
+ &Header::openbox('100%', '',
+ (defined $key) ? $Lang::tr{'wg edit host-to-net peer'} : $Lang::tr{'wg create host-to-net peer'});
+
+ # Set defaults
+ unless (defined $key) {
+ &General::set_defaults(\%cgiparams, {
+ "LOCAL_SUBNETS" =>
+ $Network::ethernet{"GREEN_NETADDRESS"}
+ . "/" . $Network::ethernet{"GREEN_NETMASK"},
+ });
+ }
+
+ print <<END;
+ <form method="POST" ENCTYPE="multipart/form-data">
+ <input type="hidden" name="ACTION" value="SAVE-PEER-HOST">
+ <input type="hidden" name="KEY" value="$cgiparams{'KEY'}">
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'name'}
+ </td>
+
+ <td>
+ <input type="text" name="NAME"
+ value="$cgiparams{'NAME'}" required />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'remarks'}
+ </td>
+
+ <td>
+ <input type="text" name="REMARKS"
+ value="$cgiparams{'REMARKS'}" />
+ </td>
+ </tr>
+ </table>
+
+ <h6>$Lang::tr{'routing'}</h6>
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'allowed subnets'}
+ </td>
+
+ <td>
+ <input type="text" name="LOCAL_SUBNETS"
+ value="$cgiparams{'LOCAL_SUBNETS'}" required />
+ </td>
+ </tr>
+
+ <tr class="action">
+ <td colspan="2">
+ <input type='submit' value='$Lang::tr{'save'}' />
+ </td>
+ </tr>
+ </table>
+END
+
+ &Header::closebox();
+ &Header::closepage();
+
+ exit(0);
diff --git a/html/html/themes/ipfire/include/css/style.css b/html/html/themes/ipfire/include/css/style.css
index 56e6f26dff..c598893261 100644
--- a/html/html/themes/ipfire/include/css/style.css
+++ b/html/html/themes/ipfire/include/css/style.css
@@ -155,6 +155,13 @@ iframe {
text-align: right;
}
+/*
+ Text Colors
+*/
+.text-error {
+ color: var(--color-red);
+}
+
/* Header */
#header {
@@ -490,7 +497,9 @@ table.form tr.action td form {
.tbl .status.is-stopped, .tbl .status.is-disconnected {
background-color: var(--color-red);
color: var(--color-red-invert);
+}
+.tbl .status.is-fixed {
width: 33%;
}
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 44e327ef04..3ce02b657a 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -887,6 +887,7 @@
'donation' => 'Spenden',
'donation-link' => 'https://www.paypal.com/de_DE/DE/i/btn/btn_donateCC_LG.gif',
'donation-text' => '<strong>IPFire</strong> wird von Freiwilligen in ihrer Freizeit betreut und weiterentwickelt. Um dieses Projekt am Leben zu erhalten, entstehen uns natürlich auch Kosten. Wenn Sie uns unterstützen wollen, würden wir uns über eine kleine Spende sehr freuen.',
+'done' => 'Fertig',
'dos charset' => 'DOS-Zeichensatz',
'down and up speed' => 'Geben Sie bitte hier ihre Download- bzw. Upload-Geschwindigkeit ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
'downfall gather data sampling' => 'Downfall/Gather Data Sampling',
@@ -1430,6 +1431,7 @@
'ike lifetime should be between 1 and 24 hours' => 'IKE Lebensdauer sollte zwischen 1 und 24 Stunden betragen.',
'imei' => 'IMEI',
'import' => 'Import',
+'import connection' => 'Eine Verbindung importieren',
'importkey' => 'PSK importieren',
'imsi' => 'IMSI',
'in' => 'Ein',
@@ -1470,6 +1472,8 @@
'invalid domain name' => 'Ungültiger Domainname.',
'invalid downlink speed' => 'Ungültige Downlink-Gerschwindigkeit.',
'invalid end address' => 'Ungültige Endadresse.',
+'invalid endpoint' => 'Ungültige Gegenstelle',
+'invalid endpoint address' => 'Ungültige Endpoint-Adresse',
'invalid fixed ip address' => 'Ungültige feste IP-Adresse',
'invalid fixed mac address' => 'Ungültige feste MAC-Adresse',
'invalid hostname' => 'Ungültiger Hostname.',
@@ -1504,8 +1508,10 @@
'invalid input for state or province' => 'Ungültige Eingabe für Bundesstaat oder Provinz.',
'invalid input for valid till days' => 'Ungültige Eingabe für Gültig bis (Tage).',
'invalid ip' => 'Ungültige IP-Adresse',
+'invalid ip address' => 'Ungültige IP-Adresse',
'invalid ip or hostname' => 'Ungültige IP-Addresse oder Hostname',
'invalid keep time' => 'Die Aufbewahrungszeit muss eine gültige Zahl sein',
+'invalid keepalive interval' => 'Ungültiges Keepalive-Interval',
'invalid key' => 'Ungültiger Schlüssel.',
'invalid loaded file' => 'Ungültige geladene Datei',
'invalid local-remote id' => 'Local-Id und Remote-Id dürfen nicht gleich sein, und müssen einem "@"-Zeichen beginnen (in der strongSwan-Terminologie handelt es sich dabei um leftid und rightid).',
@@ -1520,6 +1526,7 @@
'invalid minimum object size' => 'Ungültige min. Objektgröße.',
'invalid mtu input' => 'Ungültige MTU',
'invalid netmask' => 'Ungültige Netzwerkmaske',
+'invalid network' => 'Ungültiges Netzwerk',
'invalid port' => 'Ungültiger Port. Bitte gültige Portnummer eingeben.',
'invalid port list' => 'Portlisten-Syntax lautet: port[,port]... wobei port in /etc/services enthalten ist, alternativ Portnummer',
'invalid primary dns' => 'Ungültiger primärer DNS.',
@@ -1623,6 +1630,7 @@
'local ip address' => 'Lokale IP-Adresse',
'local master' => 'Local Master',
'local ntp server specified but not enabled' => 'Lokaler NTP-Server angegeben aber nicht aktiviert',
+'local port' => 'Lokaler Port',
'local subnet' => 'Lokales Subnetz:',
'local subnet is invalid' => 'Lokales Subnetz ist ungültig.',
'local vpn hostname/ip' => 'Lokaler VPN Hostname/IP',
@@ -1692,6 +1700,9 @@
'mailmethod' => 'Mail Methode',
'mailprogramm' => 'Mail Programm',
'main page' => 'Startseite',
+'malformed preshared key' => 'Ungültiger Pre-Shared Key',
+'malformed private key' => 'Ungültiger privater Schlüssel',
+'malformed public key' => 'Ungültiger öffentlicher Schlüssel',
'manage ovpn' => '5. Tunnel Management',
'manage printers' => 'Drucker verwalten',
'manage shares' => 'Freigaben verwalten',
@@ -2010,6 +2021,7 @@
'pakfire ago' => 'her.',
'pakfire already busy' => 'Pakfire führt bereits eine Aufgabe aus. Bitte versuchen Sie es später erneut.',
'pakfire available addons' => 'Verfügbare Add-ons:',
+'pakfire check deps' => 'Überprüfung der Abhängigkeiten...',
'pakfire configuration' => 'Pakfire Konfiguration',
'pakfire confirm upgrades' => 'Möchten Sie alle Upgrades installieren?',
'pakfire core update auto' => 'Core- und Add-on-Updates automatisch installieren:',
@@ -2020,7 +2032,7 @@
'pakfire health check' => 'Mirrors auf Erreichbarkeit prüfen (Ping):',
'pakfire install' => 'Installieren',
'pakfire install description' => 'Bitte wählen Sie ein oder mehrere Add-Ons zur Installation aus.',
-'pakfire install package' => 'Sie möchten folgende Pakete installieren: ',
+'pakfire install package' => 'Zu installierende Pakete:',
'pakfire installed addons' => 'Installierte Add-ons:',
'pakfire invalid tree' => '',
'pakfire last core list update' => 'Letztes Corelisten Update ist',
@@ -2944,6 +2956,9 @@
'week-graph' => 'Woche',
'weekly firewallhits' => 'wöchentliche Firewalltreffer',
'weeks' => 'Wochen',
+'wg download configuration' => 'Konfiguration herunterladen',
+'wg leave empty to automatically select' => 'Leer lassen für automatische Wahl',
+'wg show configuration qrcode' => 'Konfigurations-QR-Code anzeigen',
'whitelisted' => 'Ausgenommen',
'whois results from' => 'WHOIS-Ergebnisse von',
'wildcards' => 'Wildcards',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index bf7ea0c3b4..3e647e6e53 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -433,6 +433,7 @@
'all services' => 'All Services',
'all updates installed' => 'All updates installed',
'allmsg' => 'show all',
+'allowed subnets' => 'Allowed Subnets',
'alt dialup' => 'Dialup',
'alt home' => 'Home',
'alt information' => 'Information',
@@ -931,7 +932,7 @@
'donation' => 'Donation',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
'donation-text' => '<strong>IPFire</strong> is driven and maintained by volunteers in their free time. To keep this project running costs incurred, if you like to support us we would be pleased by a small donation.',
-'done' => 'Do it',
+'done' => 'Done',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.',
'downfall gather data sampling' => 'Downfall/Gather Data Sampling',
@@ -1036,6 +1037,9 @@
'encrypted' => 'Encrypted',
'encryption' => 'Encryption:',
'end address' => 'End address:',
+'endpoint' => 'Endpoint',
+'endpoint address' => 'Endpoint Address',
+'endpoint port' => 'Endpoint Port',
'enter ack class' => 'Enter the ACK- Class <br /> and then press <i>Save</i>.',
'enter data' => 'Enter your settings <br /> and then press <i>Save</i>.',
'entropy' => 'Entropy',
@@ -1361,6 +1365,7 @@
'fwhost type' => 'Type',
'fwhost used' => 'Used',
'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.',
+'fwhost wg peers' => 'WireGuard Peers',
'fwhost wo subnet' => '(without subnet)',
'g.dtm' => 'TO BE REMOVED',
'g.lite' => 'TO BE REMOVED',
@@ -1485,6 +1490,7 @@
'ike lifetime should be between 1 and 24 hours' => 'IKE lifetime should be between 1 and 24 hours.',
'imei' => 'IMEI',
'import' => 'Import',
+'import connection' => 'Import a Connection',
'importkey' => 'Import PSK',
'imsi' => 'IMSI',
'in' => 'In',
@@ -1525,6 +1531,8 @@
'invalid domain name' => 'Invalid domain name.',
'invalid downlink speed' => 'Invalid downlink speed.',
'invalid end address' => 'Invalid end address.',
+'invalid endpoint' => 'Invalid Endpoint',
+'invalid endpoint address' => 'Invalid Endpoint Address',
'invalid fixed ip address' => 'Invalid fixed IP address',
'invalid fixed mac address' => 'Invalid fixed MAC address',
'invalid hostname' => 'Invalid hostname.',
@@ -1559,8 +1567,10 @@
'invalid input for subscription code' => 'Invalid input for subscription code',
'invalid input for valid till days' => 'Invalid input for Valid till (days).',
'invalid ip' => 'Invalid IP Address',
+'invalid ip address' => 'Invalid IP Address',
'invalid ip or hostname' => 'Invalid IP Address or Hostname',
'invalid keep time' => 'Keep time must be a valid number',
+'invalid keepalive interval' => 'Invalid Keepalive Interval',
'invalid key' => 'Invalid key.',
'invalid loaded file' => 'Invalid loaded file',
'invalid local-remote id' => 'local & remote id must not be equal and begin with a "@" sign. These are leftid and rightid in strongswan terminology.',
@@ -1575,6 +1585,7 @@
'invalid minimum object size' => 'Invalid minimum object size.',
'invalid mtu input' => 'Invalid MTU',
'invalid netmask' => 'Invalid netmask',
+'invalid network' => 'Invalid Network',
'invalid port' => 'Invalid port. Must be a valid port number.',
'invalid port list' => 'Port list syntax is: port[,port]... where port is in /etc/services or number',
'invalid primary dns' => 'Invalid primary DNS.',
@@ -1682,8 +1693,10 @@
'local ip address' => 'Local IP Address',
'local master' => 'Local Master',
'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled',
+'local port' => 'Local Port',
'local subnet' => 'Local subnet:',
'local subnet is invalid' => 'Local subnet is invalid.',
+'local subnets' => 'Local Subnets',
'local vpn hostname/ip' => 'Local VPN Hostname/IP',
'localkey' => 'Localkey',
'localkeyfile' => 'Localkeyfile',
@@ -1753,6 +1766,9 @@
'mailmethod' => 'Mailmethod',
'mailprogramm' => 'Mailprogramm',
'main page' => 'Main page',
+'malformed preshared key' => 'Malformed Pre-Shared Key',
+'malformed private key' => 'Malformed Private Key',
+'malformed public key' => 'Malformed Public Key',
'manage ovpn' => '5. Tunnel Management:',
'manage printers' => 'manage printers',
'manage shares' => 'Manage Shares',
@@ -2076,6 +2092,7 @@
'pakfire ago' => 'ago.',
'pakfire already busy' => 'Pakfire is already performing a task. Please try again later.',
'pakfire available addons' => 'Available Add-ons:',
+'pakfire check deps' => 'Checking dependencies...',
'pakfire configuration' => 'Pakfire Configuration',
'pakfire confirm upgrades' => 'Do you want to install all upgrades?',
'pakfire core update auto' => 'Install core and add-on updates automatically:',
@@ -2086,7 +2103,7 @@
'pakfire health check' => 'Check if mirror is reachable (ping):',
'pakfire install' => 'Install',
'pakfire install description' => 'Please select one or more add-ons to install.',
-'pakfire install package' => 'You want to install the following packages: ',
+'pakfire install package' => 'Packages to install:',
'pakfire installed addons' => 'Installed Add-ons:',
'pakfire invalid tree' => 'Invalid repository selected',
'pakfire last core list update' => 'Last core list update made',
@@ -2196,12 +2213,14 @@
'psk' => 'PSK',
'ptr' => 'PTR',
'ptr lookup failed' => 'Reverse lookup failed',
+'public key' => 'Public Key',
'pulse' => 'Pulse',
'pulse dial' => 'Pulse dial:',
'qos add subclass' => 'Add subclass',
'qos enter bandwidths' => 'You will need to enter your downstream and upstream bandwidth!',
'qos graphs' => 'Qos Graphs',
'qos warning' => 'The rule <strong>must</strong> be saved, otherwise it will be discarded!',
+'qr code' => 'QR Code',
'quick control' => 'Quick Control',
'quick playlist' => 'Quick Playlist',
'ram' => 'RAM',
@@ -2238,6 +2257,7 @@
'reload' => 'reload',
'remark' => 'Remark',
'remark title' => 'Remark:',
+'remarks' => 'Remarks',
'remote access' => 'Remote access',
'remote announce' => 'Remote Announce',
'remote browse sync' => 'Remote Browse Sync',
@@ -2245,6 +2265,7 @@
'remote logging' => 'Remote logging',
'remote subnet' => 'Remote subnet:',
'remote subnet is invalid' => 'Remote subnet is invalid.',
+'remote subnets' => 'Remote Subnets',
'removable device advice' => 'Plug in a device, refresh, select and mount before usage. Umount before removal.',
'remove' => 'Remove',
'remove ca certificate' => 'Remove CA certificate',
@@ -2278,6 +2299,7 @@
'root user password' => 'Root password',
'route subnet is invalid' => 'Additional push route subnet is invalid',
'router ip' => 'Router IP address:',
+'routing' => 'Routing',
'routing table entries' => 'Routing Table Entries',
'rsvd dst port overlap' => 'Destination Port Range overlaps a port reserved for IPFire:',
'rsvd src port overlap' => 'Source Port Range overlaps a port reserved for IPFire:',
@@ -3031,6 +3053,41 @@
'weekly firewallhits' => 'weekly firewallhits',
'weeks' => 'Weeks',
'wg' => 'WireGuard',
+'wg client configuration file' => 'WireGuard Client Configuration File',
+'wg client pool' => 'Client Pool',
+'wg create host-to-net peer' => 'Create A New Host-To-Net Peer',
+'wg create net-to-net peer' => 'Create A New Net-To-Net Peer',
+'wg create peer' => 'Create A New Peer',
+'wg dns' => 'DNS',
+'wg download configuration' => 'Download Configuration',
+'wg download configuration file' => 'Download the configuration file',
+'wg edit host-to-net peer' => 'Edit Host-To-Net Peer',
+'wg edit net-to-net peer' => 'Edit Net-To-Net Peer',
+'wg edit peer' => 'Edit Peer',
+'wg host to net client settings' => 'Host-To-Net Client Settings',
+'wg invalid client dns' => 'Invalid client DNS address',
+'wg invalid client pool' => 'Invalid client pool',
+'wg invalid endpoint address' => 'Invalid endpoint address',
+'wg invalid endpoint port' => 'Invalid endpoint port',
+'wg invalid keepalive interval' => 'Invalid Keepalive Interval (Must be between 0 and 65535)',
+'wg invalid local subnet' => 'Invalid local subnet',
+'wg invalid name' => 'Invalid name (Only letters, numbers, space and hyphen are allowed)',
+'wg invalid psk' => 'Invalid pre-shared key',
+'wg invalid public key' => 'Invalid public key',
+'wg invalid remote subnet' => 'Invalid remote subnet',
+'wg keepalive interval' => 'Keepalive Interval',
+'wg leave empty to automatically select' => 'Leave empty to automatically select',
+'wg name is already used' => 'The name is already in use',
+'wg no local subnets' => 'No local subnets given',
+'wg no more free addresses in pool' => 'No more free addresses in pool',
+'wg no remote subnets' => 'No remote subnets given',
+'wg peer configuration' => 'Peer Configuration',
+'wg peer does not exist' => 'Peer does not exist',
+'wg pre-shared key (optional)' => 'Pre-Shared Key (optional)',
+'wg rw peers' => 'WireGuard Roadwarrior Peers',
+'wg scan the qr code' => 'Scan the QR code to import the WireGuard configuration into a mobile client.',
+'wg show configuration qrcode' => 'Show Configuration QR Code',
+'wg warning configuration only shown once' => 'Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.',
'whitelisted' => 'Whitelisted',
'whois results from' => 'WHOIS results from',
'wildcards' => 'Wildcards',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index 5707132ce0..a830b215ca 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -928,7 +928,6 @@
'donation' => 'Donación',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
'donation-text' => '<strong>IPFire</strong> es desarrollado y mantenido por voluntarios en su tiempo libre. Para ayudar con los costos de operación de este proyecto si usted gusta ayudarnos. Nos sería muy útil una pequeña donación.',
-'done' => 'Hecho',
'dos charset' => 'Juego de caracteres DOS',
'down and up speed' => 'Introduzca la velocidad de enlace de subida/bajada <br /> y después presione <i>Guardar</i>',
'downlink' => 'Vínculo de descarga',
@@ -2073,6 +2072,7 @@
'pakfire ago' => '',
'pakfire already busy' => 'Pakfire ya está realizando una tarea. Por favor, inténtelo de nuevo más tarde.',
'pakfire available addons' => 'Complementos disponibles:',
+'pakfire check deps' => 'Comprobando dependencias...',
'pakfire configuration' => 'Configuración de Pakfire',
'pakfire confirm upgrades' => '¿Quieres instalar todas las actualizaciones?',
'pakfire core update auto' => 'Instar actualizaciones principales y complementarias automáticamente:',
@@ -2083,7 +2083,7 @@
'pakfire health check' => 'Verificar disponibilidad del espejo (ping):',
'pakfire install' => 'Instalar',
'pakfire install description' => 'Seleccione uno o más complementos para instalar.',
-'pakfire install package' => 'Ud. desea instalar los siguientes paquetes:',
+'pakfire install package' => 'Paquetes a instalar:',
'pakfire installed addons' => 'Complementos instalados:',
'pakfire invalid tree' => 'Repositorio no válido seleccionado',
'pakfire last core list update' => 'Última lista de actualización de núcleo hecha',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index cf3db1eed1..06f50fd93a 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -933,7 +933,6 @@
'donation' => 'Faire un don',
'donation-link' => 'https://www.paypal.com/fr_fr/fr/i/btn/btn_donateCC_LG.gif',
'donation-text' => '<strong>IPFire</strong> est développé et maintenu par des bénévoles durant leur temps libre.<br>Afin de participer aux coûts du projet et nous encourager, vous pouvez faire un don.',
-'done' => 'Fait',
'dos charset' => 'Jeu de car. DOS',
'down and up speed' => 'Entrez votre débit descendant et montant <br /> et cliquez sur <i>Sauvegarder</i>.',
'downfall gather data sampling' => 'Chute / collecte échantillons de données - proc. Intel',
@@ -2071,6 +2070,7 @@
'pakfire ago' => '',
'pakfire already busy' => 'Pakfire est déjà en train d\'effectuer une tâche. Veuillez réessayer plus tard.',
'pakfire available addons' => 'Modules disponibles :',
+'pakfire check deps' => 'Vérification des dépendances...',
'pakfire configuration' => 'Configuration Pakfire',
'pakfire confirm upgrades' => 'Voulez-vous installer toutes les mises à niveau ?',
'pakfire core update auto' => 'Installer automatiquement les mises à jour du noyau et des modules :',
@@ -2081,7 +2081,7 @@
'pakfire health check' => 'Vérifier si le miroir est accessible (ping) :',
'pakfire install' => 'Installer',
'pakfire install description' => 'Veuillez sélectionner un ou plusieurs modules complémentaires à installer.',
-'pakfire install package' => 'Vous souhaitez installer le(s) module(s) suivant(s) : ',
+'pakfire install package' => 'Paquets à installer :',
'pakfire installed addons' => 'Modules installés :',
'pakfire invalid tree' => 'Dépôt choisi invalide',
'pakfire last core list update' => 'Dernière mise à jour de la liste du noyau : ',
diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl
index 936f426702..df3c1f9eb9 100644
--- a/langs/it/cgi-bin/it.pl
+++ b/langs/it/cgi-bin/it.pl
@@ -781,7 +781,6 @@
'donation' => 'Donazione',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
'donation-text' => '<strong>IPFire</strong> è sviluppato da volontari nel loro tempo libero. Per sostenere questo progetto e i relativi costi di gestione puoi effettuare una piccola donazione.',
-'done' => 'Do it',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.',
'downlink' => 'Downlink',
@@ -1711,6 +1710,7 @@
'pakfire accept all' => 'Vuoi installare tutti i pacchetti?',
'pakfire ago' => 'ago.',
'pakfire available addons' => 'Addons disponibili:',
+'pakfire check deps' => 'Controllo delle dipendenze...',
'pakfire configuration' => 'Configurazione Pakfire',
'pakfire confirm upgrades' => 'Vuoi installare tutti gli aggiornamenti?',
'pakfire core update auto' => 'Install core and addon updates automatically:',
@@ -1719,7 +1719,7 @@
'pakfire health check' => 'Controllare se il mirror è raggiungibile (ping):',
'pakfire install' => 'Installare',
'pakfire install description' => 'Selezionare uno o più componenti aggiuntivi da installare.',
-'pakfire install package' => 'You want to install the following packages: ',
+'pakfire install package' => 'Pacchetti da installare:',
'pakfire installed addons' => 'Addons installati:',
'pakfire last core list update' => 'Ultimo aggiornamento della lista di sistema',
'pakfire last package update' => 'Ultimo aggiornamento della lista pacchetti',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index 07643e0ab6..da01276a81 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -778,7 +778,6 @@
'donation' => 'Donatie',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
'donation-text' => '<strong>IPFire</strong> wordt ontwikkeld en onderhouden door vrijwilligers in hun vrije tijd. Om dit project draaiend te houden, zouden we het erg op prijs stellen als u een kleine donatie maakt.',
-'done' => 'Doe het',
'dos charset' => 'DOS tekenset',
'down and up speed' => 'Voer uw down- en uploadsnelheid in<br /> en klik dan op <i>Opslaan</i>.',
'downlink' => 'Downlink',
@@ -1686,6 +1685,7 @@
'pakfire accept all' => 'Wilt u alle pakketten installeren?',
'pakfire ago' => 'geleden.',
'pakfire available addons' => 'Beschikbare add-ons:',
+'pakfire check deps' => 'Afhankelijkheden controleren...',
'pakfire configuration' => 'Pakfire configuratie',
'pakfire confirm upgrades' => 'Wilt u alle upgrades installeren?',
'pakfire core update auto' => 'Installeer core- en extensie-updates automatisch:',
@@ -1694,7 +1694,7 @@
'pakfire health check' => 'Controleer of de mirror bereikbaar is (ping):',
'pakfire install' => 'Installeren',
'pakfire install description' => 'Selecteer een of meer add-ons om te installeren.',
-'pakfire install package' => 'U wilt de volgende pakketten installeren: ',
+'pakfire install package' => 'Pakketten om te installeren:',
'pakfire installed addons' => 'Geïnstalleerde add-ons:',
'pakfire last core list update' => 'Laatste core-lijst update gemaakt',
'pakfire last package update' => 'Laatste pakketlijst update gemaakt',
diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl
index cfe6745e53..9223fb152c 100644
--- a/langs/pl/cgi-bin/pl.pl
+++ b/langs/pl/cgi-bin/pl.pl
@@ -698,7 +698,6 @@
'donation' => 'Donation',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
'donation-text' => '<strong>IPFire</strong> jest tworzony przez wolontariuszy w ich wolnym czasie. Jeżeli chcesz pomóc w dalszym rozwoju projektu możesz nas wspomóc dowolną kwotą. ',
-'done' => 'Do it',
'dos charset' => 'Kodowanie DOS',
'down and up speed' => 'Wprowadź parametry Twojego łącza - prędkość pobierania i wysyłania danych <br /> i naciśnij <i>Zapisz</i>.',
'downlink speed' => 'Prędkość pobierania (kbit/sec)',
@@ -1351,6 +1350,7 @@
'pakfire accept all' => 'Czy chcesz zainstalować wszystkie pakiety?',
'pakfire ago' => 'temu.',
'pakfire available addons' => 'Dostępne dodatki:',
+'pakfire check deps' => 'Sprawdzanie zależności...',
'pakfire configuration' => 'Konfiguracja Pakfire',
'pakfire confirm upgrades' => 'Czy chcesz zainstalować wszystkie aktualizacje?',
'pakfire core update auto' => 'Instaluj aktualizacje jądra automatycznie:',
@@ -1359,7 +1359,7 @@
'pakfire health check' => 'Sprawdź czy mirror jest dostępny (ping):',
'pakfire install' => 'Instaluj',
'pakfire install description' => 'Wybierz jeden lub więcej dodatków do zainstalowania.',
-'pakfire install package' => 'Zamierzasz zainstalować następujące pakiety: ',
+'pakfire install package' => 'Pakiety do zainstalowania:',
'pakfire installed addons' => 'Zainstalowane dodatki:',
'pakfire last core list update' => 'Sprawdzenie aktualizacja jądra:',
'pakfire last package update' => 'Ostatnia aktualizacja listy pakietów:',
diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl
index 7027f2aa53..34da20ecc1 100644
--- a/langs/ru/cgi-bin/ru.pl
+++ b/langs/ru/cgi-bin/ru.pl
@@ -694,7 +694,6 @@
'donation' => 'Пожертвования',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
'donation-text' => '<strong>IPFire</strong> управляется и поддерживается добровольцами за счёт их собственного времени и сил. Мы будем признательны, если Вы внесёте небольшое пожертвование на поддержку и развитие проекта.',
-'done' => 'Выполнить',
'dos charset' => 'Символы DOS',
'down and up speed' => 'Введите свою входящую и исходящую скорость <br /> и нажмите <i>Сохранить</i>.',
'downlink speed' => 'Скорость загрузки (kbit/sec)',
@@ -1346,6 +1345,7 @@
'pakfire accept all' => 'Do you want to install all packages?',
'pakfire ago' => 'назад.',
'pakfire available addons' => 'Доступные Аддоны:',
+'pakfire check deps' => 'Проверка зависимостей...',
'pakfire configuration' => 'Pakfire Configuration',
'pakfire confirm upgrades' => 'Вы хотите установить все обновления?',
'pakfire core update auto' => 'Устанавливать обновления ядра и аддонов автоматически:',
@@ -1354,7 +1354,7 @@
'pakfire health check' => 'Пинговать зеркало на доступность:',
'pakfire install' => 'Установить',
'pakfire install description' => 'Пожалуйста, выберите одно или несколько дополнений для установки.',
-'pakfire install package' => 'Вы собираетесь установить следующие пакеты: ',
+'pakfire install package' => 'Пакеты для установки:',
'pakfire installed addons' => 'Установленные Аддоны:',
'pakfire last core list update' => 'Обновление core-списков',
'pakfire last package update' => 'Обновление списка пакетов',
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index d0d29c4fb3..4cba99ff16 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -853,7 +853,6 @@
'donation' => 'Bağış',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
'donation-text' => '<strong>IPFire</strong> boş zamanlarında gönüllüer tarafından geliştirlmektedir. Bu projeyi ayakta tutmak için eğer bize destek olmak isterseniz küçük bir bağıştan mutluluk duyarız.',
-'done' => 'Yap',
'dos charset' => 'DOS karakterleri',
'down and up speed' => 'Gönderme hızı düştüğünde <i>Kaydet</i> düğmesine basın.',
'downlink' => 'İndirme bağlantısı',
@@ -1855,6 +1854,7 @@
'pakfire accept all' => 'Tüm paketleri yüklemek istiyor musunuz?',
'pakfire ago' => 'önce yapıldı.',
'pakfire available addons' => 'Mevcut eklentiler:',
+'pakfire check deps' => 'Bağımlılıklar kontrol ediliyor...',
'pakfire configuration' => 'Pakfire yapılandırması',
'pakfire confirm upgrades' => 'Tüm yükseltmeleri yüklemek istiyor musunuz?',
'pakfire core update auto' => 'Otomatik olarak çekirdek ve eklenti güncelleştirmelerini yükle:',
@@ -1863,7 +1863,7 @@
'pakfire health check' => 'Yansımanın ulaşılabilir olup olmadığını kontrol et (ping):',
'pakfire install' => 'Yükle',
'pakfire install description' => 'Lütfen yüklemek için bir veya daha fazla eklenti seçin.',
-'pakfire install package' => 'Aşağıdaki paketleri yüklemek istediniz: ',
+'pakfire install package' => 'Kurulacak paketler:',
'pakfire installed addons' => 'Kurulu eklentiler:',
'pakfire last core list update' => 'Son çekirdek listesi güncellemesi',
'pakfire last package update' => 'Son paket listesi güncellemesi',
diff --git a/lfs/alsa b/lfs/alsa
index 18a7868b9f..fba9b47f59 100644
--- a/lfs/alsa
+++ b/lfs/alsa
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,16 +26,16 @@ include Config
SUMMARY = Advanced Linux Sound Architecture
-VER = 1.2.13
-UVER = 1.2.13
-CVER = 1.2.13
+VER = 1.2.14
+UVER = 1.2.14
+CVER = 1.2.14
THISAPP = alsa-lib-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
PROG = alsa
-PAK_VER = 22
+PAK_VER = 23
DEPS =
@@ -54,9 +54,9 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
alsa-utils-$(UVER).tar.bz2 = $(DL_FROM)/alsa-utils-$(UVER).tar.bz2
alsa-ucm-conf-$(CVER).tar.bz2 = $(DL_FROM)/alsa-ucm-conf-$(CVER).tar.bz2
-$(DL_FILE)_BLAKE2 = 1723ca5f191525e050f05423fb9ccf4501e4f20490d01b0c068493bbce279d3a067e8d0e5f52f9c76c2eaecb4c2b3fc42690193b88c313461fce2aec390175b3
-alsa-utils-$(UVER).tar.bz2_BLAKE2 = 9bc2bf8e21fb9308c2eabc6612da0848f9ddba45acb8bf8453d9cff7f73fa0267495430a150ea53b28fab8afb69a51e487e8b253dc7501e17d77ea3f6e90bcf7
-alsa-ucm-conf-$(CVER).tar.bz2_BLAKE2 = 87e4bf2285961e316ca853e9245e02447ea9e60fa506e124c072e2b6ed71345fc0c30b19bf8c849f8123a6b95a4facd22225eafccba8164266961110a60ef44c
+$(DL_FILE)_BLAKE2 = 6fee05f859a19b8ef0d9896d37442c55f602e8b4aaa7698f30c01e03a339d7a74b3214493b095a64b59ee581fb7756d903d4965e080db552e062e2001e0662ff
+alsa-utils-$(UVER).tar.bz2_BLAKE2 = 0f15f6f684bf17c0508b01eabd21917d8501b965074d3b42f6915e9bbafeafad894dcbd1a219008db0064fb98d6fb2be311e98c0b8bc7e91d1a0b8146dd02dfe
+alsa-ucm-conf-$(CVER).tar.bz2_BLAKE2 = cbb4b81db7670207cac5b85ba9cd4d9df93e4aca573da4caffe0f1e0386a9685b837e58b7ed85ddcfecf3c0f2469e706833dad6f0ef020440c943aa41520f8f0
install : $(TARGET)
diff --git a/lfs/btrfs-progs b/lfs/btrfs-progs
index 82473dbef6..cbeb179f3e 100644
--- a/lfs/btrfs-progs
+++ b/lfs/btrfs-progs
@@ -24,7 +24,7 @@
include Config
-VER = 6.13
+VER = 6.14
# https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs/
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = aaf536e17977c052dd0828501f5a91b85403d561301f10d8c7bf2f5abae30a323f781ef8727f8ca48efc6edf16000b3ee8435fd6a89d6d047dda289ad87e3f64
+$(DL_FILE)_BLAKE2 = fae9bdbacc093ba260d7740001eef98f4ffb72c30631c789a34fbd5f34283cbdfb9f1e6b2f6112fb769b90892b47ea2bcc0bcdab37748b8d23e3588051620b2a
install : $(TARGET)
diff --git a/lfs/configroot b/lfs/configroot
index 1f752ddb67..997b4908c1 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -56,7 +56,7 @@ $(TARGET) :
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
proxy/calamaris/bin qos/bin red remote sensors suricata time \
updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \
- wakeonlan wireless ; do \
+ wakeonlan wireguard wireless ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
done
@@ -70,7 +70,7 @@ $(TARGET) :
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
- vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
+ vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireguard/peers wireguard/settings wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \
done
@@ -82,6 +82,7 @@ $(TARGET) :
cp $(DIR_SRC)/config/cfgroot/location-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/ipblocklist-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/ids-functions.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/wireguard-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
diff --git a/lfs/coreutils b/lfs/coreutils
index 4220050da1..4241526491 100644
--- a/lfs/coreutils
+++ b/lfs/coreutils
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 9.5
+VER = 9.7
THISAPP = coreutils-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -58,7 +58,7 @@ objects =$(DL_FILE)
$(DL_FILE)= $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 6fd3a77697c9e85f31415c6ad66559faf18acc7d346677a89d4a999c2027886551e78842a7283e7b3b44fe8ef2fde04ba2f88df32a7844d5f69d45bcb7a04b6f
+$(DL_FILE)_BLAKE2 = e5e5f7ec26c3952eb6a25988f78d3a1f8a70cf97a2fbc7b433dfcd1721cd38e6e0a8b9cb83f854a22df325bcb5ea8c4534c5a217273762cd5d575b381db69ee8
install : $(TARGET)
diff --git a/lfs/fontconfig b/lfs/fontconfig
index 6b7af145a1..01c211b179 100644
--- a/lfs/fontconfig
+++ b/lfs/fontconfig
@@ -24,7 +24,7 @@
include Config
-VER = 2.16.0
+VER = 2.16.2
SUMMARY = Library for configuring and customizing font access
THISAPP = fontconfig-$(VER)
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 48d6fcbfe83f0a4c026a4f90d864a4195805e04cc6dd486bd18d68caa8b55fd51fc37822781298152d363b70dc103c9f8b216f6dc0193b2b192eb35565482ec4
+$(DL_FILE)_BLAKE2 = 24fdbfc573d1a97e08fc159b91e24b77ddeb646e59ab62bb154b18f07383103a8b1e00c635299e1209fb5965dc889b8ab8f5d7228083af1a916978fa69c71136
install : $(TARGET)
@@ -71,12 +71,13 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --disable-docs
- cd $(DIR_APP) && make $(MAKETUNING)
- cd $(DIR_APP) && make install
+ cd $(DIR_APP) && meson setup \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ -D doc=disabled \
+ builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
+ cd $(DIR_APP) && ninja -C builddir/ install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/initscripts b/lfs/initscripts
index 82e20bfa7e..700e912445 100644
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -99,6 +99,7 @@ $(TARGET) :
ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc0.d/K49cyrus-sasl
ln -sf ../init.d/vnstat /etc/rc.d/rc0.d/K51vnstat
+ ln -sf ../init.d/wireguard /etc/rc.d/rc0.d/K70wireguard
ln -sf ../init.d/conntrackd /etc/rc.d/rc0.d/K77conntrackd
ln -sf ../init.d/suricata /etc/rc.d/rc0.d/K78suricata
ln -sf ../init.d/leds /etc/rc.d/rc0.d/K79leds
@@ -128,6 +129,7 @@ $(TARGET) :
ln -sf ../init.d/sshd /etc/rc.d/rc3.d/S30sshd
ln -sf ../init.d/apache /etc/rc.d/rc3.d/S32apache
ln -sf ../init.d/fcron /etc/rc.d/rc3.d/S40fcron
+ ln -sf ../init.d/wireguard /etc/rc.d/rc3.d/S50wireguard
ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local
ln -sf ../init.d/grub-btrfsd /etc/rc.d/rc3.d/S99grub-btrfsd
ln -sf ../init.d/vdradmin /etc/rc.d/rc3.d/S99vdradmin
@@ -140,6 +142,7 @@ $(TARGET) :
ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc6.d/K49cyrus-sasl
ln -sf ../init.d/vnstat /etc/rc.d/rc6.d/K51vnstat
+ ln -sf ../init.d/wireguard /etc/rc.d/rc6.d/K70wireguard
ln -sf ../init.d/conntrackd /etc/rc.d/rc6.d/K77conntrackd
ln -sf ../init.d/suricata /etc/rc.d/rc6.d/K78suricata
ln -sf ../init.d/leds /etc/rc.d/rc6.d/K79leds
diff --git a/lfs/libcap b/lfs/libcap
index b3bbda4d0f..c0707a5e0c 100644
--- a/lfs/libcap
+++ b/lfs/libcap
@@ -6,7 +6,7 @@
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
+# (at your option) any later301c74ceae00e915f70ff8f0a32c86a5ddf405a00522f4299390e4e0b6bc4270fc7e3c4ba5c53db2ddc5f7de6a97b43e310097a4ecc1d678f721f9dfa53cef53 version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
@@ -24,7 +24,7 @@
include Config
-VER = 2.75
+VER = 2.76
THISAPP = libcap-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 88071f0ff6f786f42777853a03ae116b1175769b14b715dd1b3def7414fcf118dea56f80e14dc467f72d3cb1a091ab95fc2fc0a240552fedfbbb95a9fc94f2db
+$(DL_FILE)_BLAKE2 = 301c74ceae00e915f70ff8f0a32c86a5ddf405a00522f4299390e4e0b6bc4270fc7e3c4ba5c53db2ddc5f7de6a97b43e310097a4ecc1d678f721f9dfa53cef53
install : $(TARGET)
diff --git a/lfs/libffi b/lfs/libffi
index 546eba4767..ec8ea8f595 100644
--- a/lfs/libffi
+++ b/lfs/libffi
@@ -24,7 +24,7 @@
include Config
-VER = 3.4.7
+VER = 3.4.8
THISAPP = libffi-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 0dd17b4fd358beb9842889168437443137445a5dba1f0a7e8669ae420d8efb927815c08602c1b1b141acfdfdbaa12b417863402a5c8df5f36519fd3e772d3f37
+$(DL_FILE)_BLAKE2 = 10b3d970dc598fb8689bca49751cda499ddc5216baf89d38625385b0d42d57f10d15cce3c4c044c9c73a4fce384c26f2a8e1b99269e9db1174c2631201c6bfd4
install : $(TARGET)
diff --git a/lfs/libgpg-error b/lfs/libgpg-error
index 74604d343f..12ee9a5cf3 100644
--- a/lfs/libgpg-error
+++ b/lfs/libgpg-error
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.51
+VER = 1.54
THISAPP = libgpg-error-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8727a993fb5e589beceafce9d06d843b28ceff80398c33a5655608bdcd3d92ee363389bc209a1dff675b9f78d56f13b78d77e55696c0736612b09275ae0da7f3
+$(DL_FILE)_BLAKE2 = 75f0cd9f1cb8c85bd86f7f49c6be6ec7aa216e39a269b92c9231fa4c441e862ef0b666cc6639a154777f31526bb41b1f81796662c8b210616c4a04c3db8e3d68
install : $(TARGET)
diff --git a/lfs/nano b/lfs/nano
index 080506a0b4..f88ea70cd3 100644
--- a/lfs/nano
+++ b/lfs/nano
@@ -24,7 +24,7 @@
include Config
-VER = 8.3
+VER = 8.4
THISAPP = nano-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 39c400483f79f11da0f959fed769462b65007f9235cb76d38e71d0a63919b659dc553d44f5d13dd13db801ec361fd7a3ad68b68bfa456ac6c169c861e80c6067
+$(DL_FILE)_BLAKE2 = 2e5dbe6982ef9d284c6e018abad593bf383f27c85047241bafaa098948b73897c0a81b63aa453385ac93afc1c398936464d5a1fb024d00936ad383c5e5e4403f
install : $(TARGET)
@@ -74,13 +74,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --sysconfdir=/etc/nano \
- --enable-color \
- --enable-multibuffer \
- --enable-nanorc \
- --disable-nls
-
+ --prefix=/usr \
+ --sysconfdir=/etc/nano \
+ --enable-color \
+ --enable-multibuffer \
+ --enable-nanorc \
+ --disable-nls
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
cd $(DIR_APP) && install -v -m644 -D doc/sample.nanorc /etc/nano/sample.nanorc
diff --git a/lfs/nfs b/lfs/nfs
index 645aca3025..5f3f8190e3 100644
--- a/lfs/nfs
+++ b/lfs/nfs
@@ -26,7 +26,7 @@ include Config
SUMMARY = Support Utilities for Kernel nfsd
-VER = 2.8.2
+VER = 2.8.3
THISAPP = nfs-utils-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nfs
-PAK_VER = 26
+PAK_VER = 27
DEPS = rpcbind
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = b3b876dd1b4c745f4fe26b6ae9ec4690f7a946f5616276ce543a7cf0504156408e59682499b80aca4d09fe819de75c6499a11726bec0a392a277685199b56ac6
+$(DL_FILE)_BLAKE2 = 70fbba171697e13e0050cb146ff7e30ce53937d37882e4f53be62ee2792e8afee451a74e81d3b739a4d3c76ef444c5602a7a6a2a1e1148829a50f27e5da18533
install : $(TARGET)
@@ -82,11 +82,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --disable-gss \
- --without-tcp-wrappers \
- --disable-ipv6
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --disable-gss \
+ --without-tcp-wrappers \
+ --disable-ipv6
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
diff --git a/lfs/openssh b/lfs/openssh
index f2165a96de..46151228c8 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -24,7 +24,7 @@
include Config
-VER = 9.9p2
+VER = 10.0p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1b5bc09482b3a807ccfee52c86c6be3c363acf0c8e774862e0ae64f76bfeb4ce7cf29b3ed2f99c04c89bb4977da0cf50a7a175b15bf1d9925de1e03c66f8306d
+$(DL_FILE)_BLAKE2 = 4ce353adf75aade8f4b2a223ad13e2f92cd23d1e60b4ee52bad0eaf036571229438cd9760dfa99c0e10fa09a8ac47b2bfb04eb183fb7b9287ac564ec75316a75
install : $(TARGET)
@@ -73,13 +73,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && autoconf
cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --sysconfdir=/etc/ssh \
- --libexecdir=/usr/lib/openssh \
- --with-md5-passwords \
- --with-privsep-path=/var/empty \
- --with-superuser-path=/sbin:/usr/sbin:/bin:/usr/bin
-
+ --prefix=/usr \
+ --sysconfdir=/etc/ssh \
+ --libexecdir=/usr/lib/openssh \
+ --with-md5-passwords \
+ --with-privsep-path=/var/empty \
+ --with-superuser-path=/sbin:/usr/sbin:/bin:/usr/bin
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
diff --git a/lfs/openssl b/lfs/openssl
index c6f521d630..a94f325a0f 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
include Config
-VER = 3.4.1
+VER = 3.5.0
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 328a2a4f0536b15ffe6421afc99bdb5dcdf3d29f44437fdd80bbf4089f5f2658ca10907e033eda2e04c6b862e49b150ea59d8ab1807d14a3dcf64e10c32e78af
+$(DL_FILE)_BLAKE2 = 9bf55ad242863123ec117296ff4d3067a27da9e0aa104a70203009536440198bacbb155c6431801e139dee6deaf6a26e0ac9a5e71fdcf963d00ba3ec7434440f
install : $(TARGET)
diff --git a/lfs/protobuf b/lfs/protobuf
index 92d19de38f..664ac3a11a 100644
--- a/lfs/protobuf
+++ b/lfs/protobuf
@@ -24,7 +24,7 @@
include Config
-VER = 29.3
+VER = 30.2
THISAPP = protobuf-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8d37daac6f0d832e5bff5c56b9be73fce1fe016ca4e905f4c66d8fea20fabbee54a6be2c824f503d40f8492a4ec6280a539c454de9a118b69ebc57f2afe3d965
+$(DL_FILE)_BLAKE2 = 3a7d6bfa38500b16b1ce52b244fd9448fe7be2933a77224a1423a67e3ae3155846c0974ee1b6c579f6050f60b7784ace21b149b3cbdff2ef1e6bf954acbb1b51
install : $(TARGET)
@@ -71,10 +71,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && cmake . \
- -D CMAKE_INSTALL_PREFIX=/usr \
- -D protobuf_BUILD_TESTS=OFF \
- -D protobuf_BUILD_SHARED_LIBS=ON \
- -D protobuf_ABSL_PROVIDER=package
+ -D CMAKE_INSTALL_PREFIX=/usr \
+ -D protobuf_BUILD_TESTS=OFF \
+ -D protobuf_BUILD_SHARED_LIBS=ON \
+ -D protobuf_ABSL_PROVIDER=package
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/protobuf-c b/lfs/protobuf-c
index 6799778724..7ed7b93464 100644
--- a/lfs/protobuf-c
+++ b/lfs/protobuf-c
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.5.0
+VER = 1.5.2
THISAPP = protobuf-c-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 7b428655901f4fd74b67b75419552e7c02065a5291aed4dcc1d55b98c986caa9ccf846eb5e98e0954420c3e5bea559b0078843e00daa7b5c63465eec21e28204
+$(DL_FILE)_BLAKE2 = f6815319bad26095fe462b7a3da295594a853b131b565c7bc27d2d9ba1e51722ce8fefb408e37bc41b953de8ba51d4340b87a57fbb7163ce444e5aa2b99c9721
install : $(TARGET)
@@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/protobuf-c_1.5.0_protobuf-26.patch
cd $(DIR_APP) && ./configure \
--prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
diff --git a/lfs/wireguard-tools b/lfs/wireguard-tools
new file mode 100644
index 0000000000..5d0e820941
--- /dev/null
+++ b/lfs/wireguard-tools
@@ -0,0 +1,84 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.0.20210914
+
+THISAPP = wireguard-tools-$(VER)
+DL_FILE = $(THISAPP).tar.xz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+# Disable wg-quick
+export WITH_WGQUICK = no
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 020f4a61597dafc6663e9ee5659f9401416692f5dc8e23afe8d59054bffd32c92814ff2e1f99d6ffe558fdfcf756afc1838e4d425847f892ad4b627a077fe614
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP)/src && make $(MAKETUNING)
+ cd $(DIR_APP)/src && make install
+
+ # Install wg-dynamic
+ install -v -m 755 $(DIR_SRC)/config/wireguard/wg-dynamic \
+ /etc/fcron.cyclic/wg-dynamic
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 8da90d61d4..3643b469e2 100755
--- a/make.sh
+++ b/make.sh
@@ -1706,6 +1706,7 @@ build_system() {
lfsmake2 ntfs-3g
lfsmake2 ethtool
lfsmake2 fcron
+ lfsmake2 wireguard-tools
lfsmake2 perl-ExtUtils-PkgConfig
lfsmake2 perl-GD
lfsmake2 perl-GD-Graph
diff --git a/src/initscripts/networking/functions.network b/src/initscripts/networking/functions.network
index eb83b183da..3c0f2e3ad6 100644
--- a/src/initscripts/networking/functions.network
+++ b/src/initscripts/networking/functions.network
@@ -246,6 +246,46 @@ network_address_in_network() {
[ "${address}" -ge "${netaddr}" -a "${address}" -le "${broadcast}" ]
}
+# Takes a network and list of IP addresses and will return the first IP address
+# that is in the given network.
+first_address_in_network() {
+ local network="${1}"
+ shift
+
+ local addr
+ for addr in $@; do
+ if network_address_in_network "${addr}" "${network}"; then
+ echo "${addr}"
+ return 0
+ fi
+ done
+
+ return 1
+}
+
+# Returns the first of IPFire's own IP addresses that is in any of the given networks
+ipfire_address_in_networks() {
+ local addresses=()
+
+ local var
+ for var in GREEN_ADDRESS BLUE_ADDRESS ORANGE_ADDRESS; do
+ if [ -n "${!var}" ]; then
+ addresses+=( "${!var}" )
+ fi
+ done
+
+ local network
+ for network in $@; do
+ # Find and end after the first match
+ if first_address_in_network "${network}" "${addresses[@]}"; then
+ return 0
+ fi
+ done
+
+ # Nothing found
+ return 1
+}
+
dhcpcd_get_pid() {
# This function returns the pid of a dhcpcd by a given
# network device, if a pidfile exists.
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 6befa9fc39..c6e3e96716 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -215,6 +215,11 @@ iptables_init() {
iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
iptables -A OUTPUT -m policy --dir out --pol none -j IPSECBLOCK
+ # Block unauthorized WireGuard traffic
+ iptables -N WGBLOCK
+ iptables -A INPUT -i wg+ -j WGBLOCK
+ iptables -A FORWARD -i wg+ -j WGBLOCK
+
# Block OpenVPN transfer networks
iptables -N OVPNBLOCK
iptables -A INPUT -i tun+ -j OVPNBLOCK
@@ -319,6 +324,10 @@ iptables_init() {
iptables -N WIRELESSFORWARD
iptables -A FORWARD -m conntrack --ctstate NEW -j WIRELESSFORWARD
+ # WireGuard
+ iptables -N WGINPUT
+ iptables -A INPUT -j WGINPUT
+
# OpenVPN
iptables -N OVPNINPUT
iptables -A INPUT -j OVPNINPUT
diff --git a/src/initscripts/system/wireguard b/src/initscripts/system/wireguard
new file mode 100644
index 0000000000..7632d6114f
--- /dev/null
+++ b/src/initscripts/system/wireguard
@@ -0,0 +1,356 @@
+#!/bin/sh
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+. /etc/rc.d/init.d/networking/functions.network
+
+eval $(/usr/local/bin/readhash /var/ipfire/wireguard/settings)
+
+interfaces() {
+ local id
+ local enabled
+ local type
+ local _rest
+
+ local IFS=','
+
+ # wg0 will always be created for roadwarrior
+ echo "wg0"
+
+ while read -r id enabled type _rest; do
+ # Skip peers that are not enabled
+ [ "${enabled}" = "on" ] || continue
+
+ # Skip anything that isn't a net-to-net connection
+ [ "${type}" = "net" ] || continue
+
+ echo "wg${id}"
+ done < /var/ipfire/wireguard/peers
+
+ return 0
+}
+
+interface_is_rw() {
+ local intf="${1}"
+
+ [ "${intf}" = "wg0" ]
+}
+
+setup_interface() {
+ local intf="${1}"
+
+ # Create the interface if it does not exist
+ if [ ! -d "/sys/class/net/${intf}" ]; then
+ ip link add "${intf}" type wireguard || return $?
+ fi
+
+ # Set up the interface
+ ip link set "${intf}" up
+
+ # Set the MTU
+ if [ -n "${MTU}" ]; then
+ ip link set "${intf}" mtu "${MTU}" || return $?
+ fi
+
+ # Load the configuration into the kernel
+ wg syncconf "${intf}" <(generate_config "${intf}") || return $?
+
+ return 0
+}
+
+cleanup_interfaces() {
+ local interfaces=( "$(interfaces)" )
+
+ local intf
+ for intf in /sys/class/net/wg[0-9]*; do
+ [ -d "${intf}" ] || continue
+
+ # Remove the path
+ intf="${intf##*/}"
+
+ local found=0
+ local i
+
+ for i in ${interfaces[@]}; do
+ if [ "${intf}" = "${i}" ]; then
+ found=1
+ break
+ fi
+ done
+
+ if [ "${found}" -eq 0 ]; then
+ ip link del "${intf}"
+ fi
+ done
+
+ return 0
+}
+
+# Replaces 0.0.0.0/0 with 0.0.0.0/1 and 128.0.0.0/1 so that we can route all traffic
+# through a WireGuard tunnel.
+expand_subnets() {
+ local subnet
+
+ for subnet in $@; do
+ case "${subnet}" in
+ 0.0.0.0/0|0.0.0.0/0.0.0.0)
+ echo -n "0.0.0.0/1,"
+ echo -n "128.0.0.0/1,"
+ ;;
+
+ *)
+ echo -n "${subnet},"
+ ;;
+ esac
+ done
+
+ return 0
+}
+
+generate_config() {
+ local intf="${1}"
+
+ # Flush all previously set routes
+ ip route flush dev "${intf}"
+
+ local IFS=','
+
+ local id
+ local enabled
+ local type
+ local name
+ local pubkey
+ local privkey
+ local port
+ local endpoint_addr
+ local endpoint_port
+ local remote_subnets
+ local remarks
+ local local_subnets
+ local psk
+ local keepalive
+ local _rest
+
+ # Handles the special case of the RW interface
+ if interface_is_rw "${intf}"; then
+ echo "[Interface]"
+ echo "PrivateKey = ${PRIVATE_KEY}"
+
+ # Optionally set the port
+ if [ -n "${PORT}" ]; then
+ echo "ListenPort = ${PORT}"
+ fi
+
+ # Add the client pool
+ if [ -n "${CLIENT_POOL}" ]; then
+ ip route add "${CLIENT_POOL}" dev "${intf}"
+ fi
+
+ while read -r id enabled type name pubkey privkey port endpoint_addr endpoint_port \
+ remote_subnets remarks local_subnets psk keepalive _rest; do
+ # Skip peers that are not hosts or not enabled
+ [ "${type}" = "host" ] || continue
+ [ "${enabled}" = "on" ] || continue
+
+ echo "[Peer]"
+ echo "PublicKey = ${pubkey}"
+
+ # Set PSK (if set)
+ if [ -n "${psk}" ]; then
+ echo "PresharedKey = ${psk}"
+ fi
+
+ # Set routes
+ if [ -n "${remote_subnets}" ]; then
+ echo "AllowedIPs = ${remote_subnets//|/, }"
+ fi
+
+ echo # newline
+ done < /var/ipfire/wireguard/peers
+
+ return 0
+ fi
+
+ local local_subnet
+ local remote_subnet
+
+ while read -r id enabled type name pubkey privkey port endpoint_addr endpoint_port \
+ remote_subnets remarks local_subnets psk keepalive _rest; do
+ # Check for the matching connection
+ [ "${type}" = "net" ] || continue
+ [ "${intf}" = "wg${id}" ] || continue
+
+ # Skip peers that are not enabled
+ [ "${enabled}" = "on" ] || continue
+
+ # Update the interface alias
+ ip link set "${intf}" alias "${name}"
+
+ echo "[Interface]"
+
+ if [ -n "${privkey}" ]; then
+ echo "PrivateKey = ${privkey}"
+ fi
+
+ # Optionally set the port
+ if [ -n "${port}" ]; then
+ echo "ListenPort = ${port}"
+
+ # Open the port
+ iptables -A WGINPUT -p udp --dport "${port}" -j ACCEPT
+ fi
+
+ echo "[Peer]"
+ echo "PublicKey = ${pubkey}"
+
+ # Set PSK (if set)
+ if [ -n "${psk}" ]; then
+ echo "PresharedKey = ${psk}"
+ fi
+
+ # Set endpoint
+ if [ -n "${endpoint_addr}" ]; then
+ echo "Endpoint = ${endpoint_addr}${endpoint_port:+:}${endpoint_port}"
+ fi
+
+ # Set routes
+ if [ -n "${remote_subnets}" ]; then
+ echo "AllowedIPs = ${remote_subnets//|/, }"
+
+ # Apply the routes
+ local_subnets=( "${local_subnets//|/,}" )
+ remote_subnets=( "${remote_subnets//|/,}" )
+
+ # Find an IP address of the firewall that is inside the routed subnet
+ local src="$(ipfire_address_in_networks "${local_subnets[@]}")"
+
+ for remote_subnet in $(expand_subnets "${remote_subnets[@]}"); do
+ local args=(
+ "${remote_subnet}" "dev" "${intf}"
+ )
+
+ # Add the preferred source if we found one
+ if [ -n "${src}" ]; then
+ args+=( "src" "${src}" )
+ fi
+
+ ip route add "${args[@]}"
+ done
+ fi
+
+ # Set keepalive
+ if [ -n "${keepalive}" ]; then
+ echo "PersistentKeepalive = ${keepalive}"
+ fi
+
+ # Set blocking rules
+ for local_subnet in ${local_subnets//|/ }; do
+ for remote_subnet in ${remote_subnets//|/ }; do
+ iptables -I WGBLOCK \
+ -s "${remote_subnet}" -d "${local_subnet}" -j RETURN
+ done
+ done
+
+ # There will only be one match, so we can break as soon we get here
+ break
+ done < /var/ipfire/wireguard/peers
+}
+
+reload_firewall() {
+ # Flush all previous rules
+ iptables -F WGINPUT
+
+ if [ "${ENABLED}" = "on" ]; then
+ iptables -A WGINPUT -p udp --dport "${PORT}" -j ACCEPT
+ fi
+
+ iptables -F WGBLOCK
+
+ # Block all other traffic
+ iptables -A WGBLOCK -j REJECT --reject-with icmp-admin-prohibited
+}
+
+wg_start() {
+ local failed=0
+ local intf
+
+ # Find all interfaces
+ local interfaces=( "$(interfaces)" )
+
+ # Shut down any unwanted interfaces
+ cleanup_interfaces
+
+ # Reload the firewall
+ reload_firewall
+
+ # Setup all interfaces
+ for intf in ${interfaces[@]}; do
+ setup_interface "${intf}" || failed=1
+ done
+
+ return ${failed}
+}
+
+wg_stop() {
+ local intf
+
+ # Reload the firewall
+ ENABLED=off reload_firewall
+
+ for intf in /sys/class/net/wg[0-9]*; do
+ ip link del "${intf##*/}"
+ done
+
+ return 0
+}
+
+case "${1}" in
+ start)
+ if [ "${ENABLED}" != "on" ]; then
+ exit 0
+ fi
+
+ boot_mesg "Starting WireGuard VPN..."
+ wg_start; evaluate_retval
+ ;;
+
+ stop)
+ boot_mesg "Stopping WireGuard VPN..."
+ wg_stop; evaluate_retval
+ ;;
+
+ reload)
+ boot_mesg "Reloading WireGuard VPN..."
+ wg_start; evaluate_retval
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|reload|restart}"
+ exit 1
+ ;;
+esac
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index 1ae12b2946..9d380c158e 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -32,7 +32,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \
smartctrl clamavctrl addonctrl pakfire wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable wirelessclient torctrl ddnsctrl unboundctrl \
- captivectrl
+ captivectrl wireguardctrl
OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS))
diff --git a/src/misc-progs/wireguardctrl.c b/src/misc-progs/wireguardctrl.c
new file mode 100644
index 0000000000..24580c2ebb
--- /dev/null
+++ b/src/misc-progs/wireguardctrl.c
@@ -0,0 +1,44 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence. See the file COPYING for details.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "setuid.h"
+
+int main(int argc, char** argv) {
+ // Become root
+ if (!initsetuid())
+ exit(1);
+
+ // Check if we have enough arguments
+ if (argc < 2) {
+ fprintf(stderr, "\nNot enough arguments.\n\n");
+ exit(1);
+ }
+
+ if (strcmp(argv[1], "start") == 0) {
+ return run("/etc/rc.d/init.d/wireguard", argv + 1);
+
+ } else if (strcmp(argv[1], "stop") == 0) {
+ return run("/etc/rc.d/init.d/wireguard", argv + 1);
+
+ } else if (strcmp(argv[1], "dump") == 0) {
+ char* args[] = {
+ "show",
+ (argc > 2) ? argv[2] : "wg0",
+ "dump",
+ NULL,
+ };
+
+ return run("/usr/bin/wg", args);
+
+ }
+
+ fprintf(stderr, "Invalid command\n");
+ exit(1);
+}
diff --git a/src/patches/protobuf-c_1.5.0_protobuf-26.patch b/src/patches/protobuf-c_1.5.0_protobuf-26.patch
deleted file mode 100644
index 40c9e64d00..0000000000
--- a/src/patches/protobuf-c_1.5.0_protobuf-26.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From a6cf1aa386067e26d582cc1d1e327787595c9f13 Mon Sep 17 00:00:00 2001
-From: Robert Edmonds <edmonds@users.noreply.github.com>
-Date: Wed, 20 Mar 2024 21:48:10 -0400
-Subject: [PATCH 1/3] FileGenerator::GenerateHeader(): Set `min_header_version`
- unconditionally
-
-Previously, we were conditionally trying to set `min_header_version` to
-the lowest possible value, and relying on a "legacy" Google interface to
-determine the file descriptor's syntax version as part of that
-determination.
-
-Instead, simply bump the minimum version to 1003000 (1.3.0). This
-release was almost 7 years ago. In practice protobuf-c users should not
-be shipping pre-compiled .pb-c.c/.pb-c.h files, anyway.
----
- protoc-c/c_file.cc | 9 +--------
- 1 file changed, 1 insertion(+), 8 deletions(-)
-
-diff --git a/protoc-c/c_file.cc b/protoc-c/c_file.cc
-index ca0ad34e..c6d8a240 100644
---- a/protoc-c/c_file.cc
-+++ b/protoc-c/c_file.cc
-@@ -117,14 +117,7 @@ FileGenerator::~FileGenerator() {}
- void FileGenerator::GenerateHeader(io::Printer* printer) {
- std::string filename_identifier = FilenameIdentifier(file_->name());
-
-- int min_header_version = 1000000;
--#if GOOGLE_PROTOBUF_VERSION >= 4023000
-- if (FileDescriptorLegacy(file_).syntax() == FileDescriptorLegacy::SYNTAX_PROTO3) {
--#else
-- if (file_->syntax() == FileDescriptor::SYNTAX_PROTO3) {
--#endif
-- min_header_version = 1003000;
-- }
-+ const int min_header_version = 1003000;
-
- // Generate top of header.
- printer->Print(
-
-From ee3d9e5423c93ee6b828fdda8e7fef13a77634eb Mon Sep 17 00:00:00 2001
-From: Robert Edmonds <edmonds@users.noreply.github.com>
-Date: Wed, 20 Mar 2024 22:25:54 -0400
-Subject: [PATCH 2/3] Reimplement FieldSyntax() to maximize compatibility
- across protobuf versions
-
-Recent versions of Google protobuf have broken the interfaces for
-determining the syntax version of a .proto file. The current protobuf-c
-1.5.0 release does not compile with Google protobuf 26.0 due to the most
-recentage breakage. There is a possible workaround involving the Google
-protobuf `FileDescriptorLegacy` class, which is documented as:
-
-// TODO Remove this deprecated API entirely.
-
-So we probably shouldn't rely on it.
-
-Instead, this commit obtains the `FileDescriptorProto` corresponding
-to the passed in `FieldDescriptor` and interrogates the `syntax` field
-directly. This is a single implementation with no version-specific
-workarounds. Hopefully this won't break in the next Google protobuf
-release.
-
-I tested the `FieldSyntax()` implementation in this commit across a
-number of different Google protobuf releases and found that it worked
-(`make && make check`) on all of them:
-
-- Google protobuf 3.6.1.3 (Ubuntu 20.04)
-- Google protobuf 3.12.4 (Ubuntu 22.04)
-- Google protobuf 3.21.12 (Debian 12 + Debian unstable)
-- Google protobuf 3.25.2 (Debian experimental)
-- Google protobuf 26.1-dev
----
- protoc-c/c_helpers.h | 24 ++++++++++++++----------
- 1 file changed, 14 insertions(+), 10 deletions(-)
-
-diff --git a/protoc-c/c_helpers.h b/protoc-c/c_helpers.h
-index 062d330b..be28b601 100644
---- a/protoc-c/c_helpers.h
-+++ b/protoc-c/c_helpers.h
-@@ -70,10 +70,6 @@
- #include <protobuf-c/protobuf-c.pb.h>
- #include <google/protobuf/io/printer.h>
-
--#if GOOGLE_PROTOBUF_VERSION >= 4023000
--# include <google/protobuf/descriptor_legacy.h>
--#endif
--
- namespace google {
- namespace protobuf {
- namespace compiler {
-@@ -173,13 +169,21 @@ struct NameIndex
- int compare_name_indices_by_name(const void*, const void*);
-
- // Return the syntax version of the file containing the field.
--// This wrapper is needed to be able to compile against protobuf2.
- inline int FieldSyntax(const FieldDescriptor* field) {
--#if GOOGLE_PROTOBUF_VERSION >= 4023000
-- return FileDescriptorLegacy(field->file()).syntax() == FileDescriptorLegacy::SYNTAX_PROTO3 ? 3 : 2;
--#else
-- return field->file()->syntax() == FileDescriptor::SYNTAX_PROTO3 ? 3 : 2;
--#endif
-+ auto proto = FileDescriptorProto();
-+ field->file()->CopyTo(&proto);
-+
-+ if (proto.has_syntax()) {
-+ auto syntax = proto.syntax();
-+ assert(syntax == "proto2" || syntax == "proto3");
-+ if (syntax == "proto2") {
-+ return 2;
-+ } else if (syntax == "proto3") {
-+ return 3;
-+ }
-+ }
-+
-+ return 2;
- }
-
- // Work around changes in protobuf >= 22.x without breaking compilation against
-
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-04-24 15:02 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-04-24 15:02 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 3757b8ef10377e422f2c7b98d34f728ab0977809 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox