From f3a59d63e27648c56da7296f48fe7382d8daedad Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 12 Jun 2020 16:04:48 +0200 Subject: [PATCH 01/67] kernel: update to 4.14.184 Signed-off-by: Arne Fitzenreiter --- config/kernel/kernel.config.aarch64-ipfire | 9 ++++----- config/kernel/kernel.config.armv5tel-ipfire-multi | 10 ++++------ config/kernel/kernel.config.i586-ipfire | 4 ++-- config/kernel/kernel.config.x86_64-ipfire | 4 ++-- config/rootfiles/common/aarch64/linux | 8 ++++++++ config/rootfiles/common/armv5tel/linux-multi | 6 ++++++ config/rootfiles/common/i586/linux | 6 ------ config/rootfiles/common/x86_64/linux | 6 ------ lfs/linux | 8 ++++---- 9 files changed, 30 insertions(+), 31 deletions(-) diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index e78564569..c616cbb85 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 4.14.183-ipfire Kernel Configuration +# Linux/arm64 4.14.184-ipfire Kernel Configuration # CONFIG_ARM64=y CONFIG_64BIT=y @@ -227,7 +227,7 @@ CONFIG_TRACEPOINTS=y # CONFIG_KPROBES is not set CONFIG_JUMP_LABEL=y CONFIG_STATIC_KEYS_SELFTEST=y -# CONFIG_UPROBES is not set +CONFIG_UPROBES=y # CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y CONFIG_HAVE_KPROBES=y @@ -251,7 +251,6 @@ CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y -CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set @@ -299,6 +298,7 @@ CONFIG_REFCOUNT_FULL=y # CONFIG_GCOV_KERNEL is not set CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_HAVE_GENERIC_DMA_COHERENT=y +CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 CONFIG_MODULES=y @@ -525,7 +525,6 @@ CONFIG_HOLES_IN_ZONE=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set -CONFIG_SECCOMP=y CONFIG_HZ_100=y # CONFIG_HZ_250 is not set # CONFIG_HZ_300 is not set @@ -6362,6 +6361,7 @@ CONFIG_DEBUG_KERNEL=y # CONFIG_DEBUG_PAGE_REF is not set # CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set @@ -6459,7 +6459,6 @@ CONFIG_TRACER_SNAPSHOT=y # CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set CONFIG_BRANCH_PROFILE_NONE=y # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set -# CONFIG_PROFILE_ALL_BRANCHES is not set CONFIG_STACK_TRACER=y CONFIG_BLK_DEV_IO_TRACE=y CONFIG_UPROBE_EVENTS=y diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index 10ae01dcc..5280a6a62 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.14.183-ipfire-multi Kernel Configuration +# Linux/arm 4.14.184-ipfire-multi Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -225,7 +225,7 @@ CONFIG_HAVE_OPROFILE=y # CONFIG_KPROBES is not set CONFIG_JUMP_LABEL=y CONFIG_STATIC_KEYS_SELFTEST=y -# CONFIG_UPROBES is not set +CONFIG_UPROBES=y # CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y CONFIG_ARCH_USE_BUILTIN_BSWAP=y @@ -247,7 +247,6 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y -CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set @@ -294,6 +293,7 @@ CONFIG_REFCOUNT_FULL=y # CONFIG_GCOV_KERNEL is not set CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_HAVE_GENERIC_DMA_COHERENT=y +CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 CONFIG_MODULES=y @@ -782,7 +782,6 @@ CONFIG_ARCH_NR_GPIO=512 CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set -CONFIG_SECCOMP=y CONFIG_HZ_FIXED=0 CONFIG_HZ_100=y # CONFIG_HZ_200 is not set @@ -840,7 +839,6 @@ CONFIG_SWIOTLB=y CONFIG_IOMMU_HELPER=y # CONFIG_PARAVIRT is not set # CONFIG_PARAVIRT_TIME_ACCOUNTING is not set -CONFIG_RANDOMIZE_BASE=y # # Boot options @@ -6848,6 +6846,7 @@ CONFIG_DEBUG_KERNEL=y # CONFIG_DEBUG_PAGE_REF is not set # CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set @@ -7027,7 +7026,6 @@ CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_HARDENED_USERCOPY_PAGESPAN=y -CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 3cb89c86d..3e31119f6 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.183-ipfire Kernel Configuration +# Linux/x86 4.14.184-ipfire Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -242,7 +242,7 @@ CONFIG_OPROFILE_NMI_TIMER=y # CONFIG_KPROBES is not set CONFIG_JUMP_LABEL=y CONFIG_STATIC_KEYS_SELFTEST=y -# CONFIG_UPROBES is not set +CONFIG_UPROBES=y # CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y CONFIG_ARCH_USE_BUILTIN_BSWAP=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 974316c5d..f6953482f 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.183-ipfire Kernel Configuration +# Linux/x86 4.14.184-ipfire Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -251,7 +251,7 @@ CONFIG_OPROFILE_NMI_TIMER=y # CONFIG_KPROBES is not set CONFIG_JUMP_LABEL=y CONFIG_STATIC_KEYS_SELFTEST=y -# CONFIG_UPROBES is not set +CONFIG_UPROBES=y # CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y CONFIG_ARCH_USE_BUILTIN_BSWAP=y diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux index 5c2bba93f..2ca6e69ac 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -7172,6 +7172,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/force/max #lib/modules/KVER-ipfire/build/include/config/force/max/zoneorder.h #lib/modules/KVER-ipfire/build/include/config/forcedeth.h +#lib/modules/KVER-ipfire/build/include/config/fortify +#lib/modules/KVER-ipfire/build/include/config/fortify/source.h #lib/modules/KVER-ipfire/build/include/config/frame #lib/modules/KVER-ipfire/build/include/config/frame/pointer.h #lib/modules/KVER-ipfire/build/include/config/frame/vector.h @@ -7320,6 +7322,10 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/harden #lib/modules/KVER-ipfire/build/include/config/harden/branch #lib/modules/KVER-ipfire/build/include/config/harden/branch/predictor.h +#lib/modules/KVER-ipfire/build/include/config/hardened +#lib/modules/KVER-ipfire/build/include/config/hardened/usercopy +#lib/modules/KVER-ipfire/build/include/config/hardened/usercopy.h +#lib/modules/KVER-ipfire/build/include/config/hardened/usercopy/pagespan.h #lib/modules/KVER-ipfire/build/include/config/hardirqs #lib/modules/KVER-ipfire/build/include/config/hardirqs/sw #lib/modules/KVER-ipfire/build/include/config/hardirqs/sw/resend.h @@ -9828,12 +9834,14 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/slab/freelist/random.h #lib/modules/KVER-ipfire/build/include/config/slab/merge #lib/modules/KVER-ipfire/build/include/config/slab/merge/default.h +#lib/modules/KVER-ipfire/build/include/config/slabinfo.h #lib/modules/KVER-ipfire/build/include/config/slhc.h #lib/modules/KVER-ipfire/build/include/config/slicoss.h #lib/modules/KVER-ipfire/build/include/config/slub #lib/modules/KVER-ipfire/build/include/config/slub.h #lib/modules/KVER-ipfire/build/include/config/slub/cpu #lib/modules/KVER-ipfire/build/include/config/slub/cpu/partial.h +#lib/modules/KVER-ipfire/build/include/config/slub/debug.h #lib/modules/KVER-ipfire/build/include/config/smc91x.h #lib/modules/KVER-ipfire/build/include/config/smp.h #lib/modules/KVER-ipfire/build/include/config/sms diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index aab9e1737..26e448ea2 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -8008,6 +8008,10 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/harden #lib/modules/KVER-ipfire-multi/build/include/config/harden/branch #lib/modules/KVER-ipfire-multi/build/include/config/harden/branch/predictor.h +#lib/modules/KVER-ipfire-multi/build/include/config/hardened +#lib/modules/KVER-ipfire-multi/build/include/config/hardened/usercopy +#lib/modules/KVER-ipfire-multi/build/include/config/hardened/usercopy.h +#lib/modules/KVER-ipfire-multi/build/include/config/hardened/usercopy/pagespan.h #lib/modules/KVER-ipfire-multi/build/include/config/hardirqs #lib/modules/KVER-ipfire-multi/build/include/config/hardirqs/sw #lib/modules/KVER-ipfire-multi/build/include/config/hardirqs/sw/resend.h @@ -10754,12 +10758,14 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/slab/freelist/random.h #lib/modules/KVER-ipfire-multi/build/include/config/slab/merge #lib/modules/KVER-ipfire-multi/build/include/config/slab/merge/default.h +#lib/modules/KVER-ipfire-multi/build/include/config/slabinfo.h #lib/modules/KVER-ipfire-multi/build/include/config/slhc.h #lib/modules/KVER-ipfire-multi/build/include/config/slicoss.h #lib/modules/KVER-ipfire-multi/build/include/config/slub #lib/modules/KVER-ipfire-multi/build/include/config/slub.h #lib/modules/KVER-ipfire-multi/build/include/config/slub/cpu #lib/modules/KVER-ipfire-multi/build/include/config/slub/cpu/partial.h +#lib/modules/KVER-ipfire-multi/build/include/config/slub/debug.h #lib/modules/KVER-ipfire-multi/build/include/config/smc911x.h #lib/modules/KVER-ipfire-multi/build/include/config/smc91x.h #lib/modules/KVER-ipfire-multi/build/include/config/smp diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux index e7829cade..e611843cb 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -5942,8 +5942,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/acpi/cpu #lib/modules/KVER-ipfire/build/include/config/acpi/cpu/freq #lib/modules/KVER-ipfire/build/include/config/acpi/cpu/freq/pss.h -#lib/modules/KVER-ipfire/build/include/config/acpi/custom -#lib/modules/KVER-ipfire/build/include/config/acpi/custom/method.h #lib/modules/KVER-ipfire/build/include/config/acpi/dock.h #lib/modules/KVER-ipfire/build/include/config/acpi/ec #lib/modules/KVER-ipfire/build/include/config/acpi/ec/debugfs.h @@ -9025,9 +9023,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/mmu #lib/modules/KVER-ipfire/build/include/config/mmu.h #lib/modules/KVER-ipfire/build/include/config/mmu/notifier.h -#lib/modules/KVER-ipfire/build/include/config/modify -#lib/modules/KVER-ipfire/build/include/config/modify/ldt -#lib/modules/KVER-ipfire/build/include/config/modify/ldt/syscall.h #lib/modules/KVER-ipfire/build/include/config/module #lib/modules/KVER-ipfire/build/include/config/module/compress #lib/modules/KVER-ipfire/build/include/config/module/compress.h @@ -18519,7 +18514,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/acpi/acpi_extlog.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/acpi/acpi_ipmi.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/acpi/acpi_pad.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/acpi/custom_method.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/acpi/dptf #lib/modules/KVER-ipfire/kernel/drivers/acpi/dptf/dptf_power.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/acpi/ec_sys.ko.xz diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index caea5dae1..787ffa05e 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -5945,8 +5945,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/acpi/cpu #lib/modules/KVER-ipfire/build/include/config/acpi/cpu/freq #lib/modules/KVER-ipfire/build/include/config/acpi/cpu/freq/pss.h -#lib/modules/KVER-ipfire/build/include/config/acpi/custom -#lib/modules/KVER-ipfire/build/include/config/acpi/custom/method.h #lib/modules/KVER-ipfire/build/include/config/acpi/dock.h #lib/modules/KVER-ipfire/build/include/config/acpi/ec #lib/modules/KVER-ipfire/build/include/config/acpi/ec/debugfs.h @@ -9078,9 +9076,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/mmu #lib/modules/KVER-ipfire/build/include/config/mmu.h #lib/modules/KVER-ipfire/build/include/config/mmu/notifier.h -#lib/modules/KVER-ipfire/build/include/config/modify -#lib/modules/KVER-ipfire/build/include/config/modify/ldt -#lib/modules/KVER-ipfire/build/include/config/modify/ldt/syscall.h #lib/modules/KVER-ipfire/build/include/config/module #lib/modules/KVER-ipfire/build/include/config/module/compress #lib/modules/KVER-ipfire/build/include/config/module/compress.h @@ -18558,7 +18553,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/acpi/acpi_extlog.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/acpi/acpi_ipmi.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/acpi/acpi_pad.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/acpi/custom_method.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/acpi/dptf #lib/modules/KVER-ipfire/kernel/drivers/acpi/dptf/dptf_power.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/acpi/ec_sys.ko.xz diff --git a/lfs/linux b/lfs/linux index b71f0ead3..1d706b4a1 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,8 +24,8 @@ include Config -VER = 4.14.183 -ARM_PATCHES = 4.14.183-ipfire0 +VER = 4.14.184 +ARM_PATCHES = 4.14.184-ipfire0 THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -79,8 +79,8 @@ objects =$(DL_FILE) \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz -$(DL_FILE)_MD5 = bd6db02bdbe35609756842b8c4c72cad -arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 55f6b8d709919adb8791e507836ceedc +$(DL_FILE)_MD5 = 8d6e90aa90d2ae927f27404cb7674f28 +arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = e7a545581a7bd2333eaf271fba1aeadd install : $(TARGET) From 4d43b3dcb1b31444ff49f3cc0ea4b04d4e6599fb Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 12 Jun 2020 17:47:29 +0200 Subject: [PATCH 02/67] intel-microcode: update to 20200609 Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/146/filelists/i586/intel-microcode | 1 + config/rootfiles/core/146/filelists/x86_64/intel-microcode | 1 + lfs/intel-microcode | 6 +++--- 3 files changed, 5 insertions(+), 3 deletions(-) create mode 120000 config/rootfiles/core/146/filelists/i586/intel-microcode create mode 120000 config/rootfiles/core/146/filelists/x86_64/intel-microcode diff --git a/config/rootfiles/core/146/filelists/i586/intel-microcode b/config/rootfiles/core/146/filelists/i586/intel-microcode new file mode 120000 index 000000000..f03e84778 --- /dev/null +++ b/config/rootfiles/core/146/filelists/i586/intel-microcode @@ -0,0 +1 @@ +../../../../common/i586/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/146/filelists/x86_64/intel-microcode b/config/rootfiles/core/146/filelists/x86_64/intel-microcode new file mode 120000 index 000000000..d5ac074e2 --- /dev/null +++ b/config/rootfiles/core/146/filelists/x86_64/intel-microcode @@ -0,0 +1 @@ +../../../../common/x86_64/intel-microcode \ No newline at end of file diff --git a/lfs/intel-microcode b/lfs/intel-microcode index 0b60a0c77..494062784 100644 --- a/lfs/intel-microcode +++ b/lfs/intel-microcode @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 20191115 +VER = 20200609 THISAPP = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 49cc3595934772b54b6218f8dbe64a94 +$(DL_FILE)_MD5 = a03e827c5c43be594f7f34d75b1706f9 install : $(TARGET) From e9c62e37f42cbdf7c071abe6cb12ba81e0f3c123 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 13 Jun 2020 12:23:46 +0200 Subject: [PATCH 03/67] vulnerabilities.cgi: add srdbs (CVE-2020-0543) Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/146/filelists/files | 1 + html/cgi-bin/vulnerabilities.cgi | 3 ++- langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/146/filelists/files b/config/rootfiles/core/146/filelists/files index ce4e51768..393ad7227 100644 --- a/config/rootfiles/core/146/filelists/files +++ b/config/rootfiles/core/146/filelists/files @@ -2,3 +2,4 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs +srv/web/ipfire/cgi-bin/vulnerabilities.cgi diff --git a/html/cgi-bin/vulnerabilities.cgi b/html/cgi-bin/vulnerabilities.cgi index 333b03399..d5f81cdc1 100644 --- a/html/cgi-bin/vulnerabilities.cgi +++ b/html/cgi-bin/vulnerabilities.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -37,6 +37,7 @@ my %VULNERABILITIES = ( "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)", "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)", "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)", + "srbds" => "$Lang::tr{'srbds'} (CVE-2020-0543)", "tsx_async_abort" => "$Lang::tr{'taa zombieload2'} (CVE-2019-11135)", ); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 216d49d7c..26ad2ab1e 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2256,6 +2256,7 @@ 'squid extension methods' => 'Ihre extension_methods Liste', 'squid extension methods invalid' => 'Ihre \'extension_methods\' Liste darf nur Worte aus Großbuchstaben und Ziffer enthalten, die mittels eines Leerzeichens getrennt werden.', 'squid fix cache' => 'Zwischenspeicher reparieren', +'srbds' => 'Special Register Buffer Data Sampling', 'src port' => 'Quellport', 'srcprt range overlaps' => 'Quellportbereich überlappt mit einem bereits definierten Port.', 'srcprt within existing' => 'Quellport befindet sich innnerhalb eines bereits definierten Portbereichs.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index ff08bce0c..51483530b 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2284,6 +2284,7 @@ 'squid extension methods' => 'Your extension_methods list', 'squid extension methods invalid' => 'Your \'extension_methods\' list can only contain uppercase words of letters and digits, separated with a space. ', 'squid fix cache' => 'Repair cache', +'srbds' => 'Special register buffer data sampling', 'src port' => 'Src Port', 'srcprt range overlaps' => 'Source port range overlaps an already defined port.', 'srcprt within existing' => 'Source port is within an already defined port range.', From 46bccfc21946f027ff81349cf9af33c9564f9b0c Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 16 Jun 2020 11:36:20 +0000 Subject: [PATCH 04/67] core146: add openvpn openvpn was missed in core145 so add it again. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/146/filelists/openvpn | 1 + config/rootfiles/core/146/update.sh | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 120000 config/rootfiles/core/146/filelists/openvpn diff --git a/config/rootfiles/core/146/filelists/openvpn b/config/rootfiles/core/146/filelists/openvpn new file mode 120000 index 000000000..493f3f7a4 --- /dev/null +++ b/config/rootfiles/core/146/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/146/update.sh b/config/rootfiles/core/146/update.sh index da00a387a..c461d556f 100644 --- a/config/rootfiles/core/146/update.sh +++ b/config/rootfiles/core/146/update.sh @@ -89,6 +89,8 @@ rm -rf /lib/modules # Remove files # Stop services +/usr/local/bin/openvpnctrl -k +/usr/local/bin/openvpnctrl -kn2n # Extract files extract_files @@ -115,7 +117,19 @@ done # Filesytem cleanup /usr/local/bin/filesystem-cleanup +# Enable OpenVPN metrics collection +sed -E -i /var/ipfire/ovpn/server.conf \ + -e "/^client-(dis)?connect/d" + +cat <> /var/ipfire/ovpn/server.conf +# Log clients connecting/disconnecting +client-connect "/usr/sbin/openvpn-metrics client-connect" +client-disconnect "/usr/sbin/openvpn-metrics client-disconnect" +EOF + # Start services +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n # remove lm_sensor config after collectd was started # to reserch sensors at next boot with updated kernel From 86c645987374ac09e54027c252c308492205290f Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 28 Aug 2019 11:51:22 +0000 Subject: [PATCH 05/67] cloud-init: Launch custom script when detecting Google Cloud Signed-off-by: Michael Tremer --- src/initscripts/system/cloud-init | 7 +++++++ src/initscripts/system/functions | 12 ++++++++++++ 2 files changed, 19 insertions(+) diff --git a/src/initscripts/system/cloud-init b/src/initscripts/system/cloud-init index 79a762b2d..284e24d7b 100644 --- a/src/initscripts/system/cloud-init +++ b/src/initscripts/system/cloud-init @@ -13,6 +13,8 @@ case "${1}" in scriptname="/etc/rc.d/helper/aws-setup" elif running_on_azure; then scriptname="/etc/rc.d/helper/azure-setup" + elif running_on_gcp; then + scriptname="/etc/rc.d/helper/gcp-setup" else # This system is not running in the cloud exit 0 @@ -63,6 +65,11 @@ case "${1}" in echo "This system is running on Microsoft Azure" exit 0 + # Check Google + elif running_on_gcp; then + echo "This system is running on Google Cloud" + exit 0 + # The rest else echo "This system is NOT running in the cloud" diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions index 2127a5899..b6e6507d6 100644 --- a/src/initscripts/system/functions +++ b/src/initscripts/system/functions @@ -822,4 +822,16 @@ running_on_azure() { return 1 } +running_on_gcp() { + # Check if the BIOS vendor is "Google" + if [ -r "/sys/devices/virtual/dmi/id/bios_vendor" ]; then + local bios_vendor="$( Date: Fri, 12 Jun 2020 10:40:56 +0000 Subject: [PATCH 06/67] gcp: Add initscript to import configuration Signed-off-by: Michael Tremer --- config/rootfiles/common/aarch64/initscripts | 1 + config/rootfiles/common/armv5tel/initscripts | 1 + config/rootfiles/common/i586/initscripts | 1 + config/rootfiles/common/x86_64/initscripts | 1 + src/initscripts/helper/gcp-setup | 285 +++++++++++++++++++ 5 files changed, 289 insertions(+) create mode 100644 src/initscripts/helper/gcp-setup diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index 8d945f7a5..330bb532e 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -3,6 +3,7 @@ etc/init.d #etc/rc.d/helper etc/rc.d/helper/aws-setup etc/rc.d/helper/azure-setup +etc/rc.d/helper/gcp-setup etc/rc.d/helper/getdnsfromdhcpc.pl #etc/rc.d/init.d etc/rc.d/init.d/acpid diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index 8d945f7a5..330bb532e 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -3,6 +3,7 @@ etc/init.d #etc/rc.d/helper etc/rc.d/helper/aws-setup etc/rc.d/helper/azure-setup +etc/rc.d/helper/gcp-setup etc/rc.d/helper/getdnsfromdhcpc.pl #etc/rc.d/init.d etc/rc.d/init.d/acpid diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 996925b7a..c0fc18705 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -3,6 +3,7 @@ etc/init.d #etc/rc.d/helper etc/rc.d/helper/aws-setup etc/rc.d/helper/azure-setup +etc/rc.d/helper/gcp-setup etc/rc.d/helper/getdnsfromdhcpc.pl #etc/rc.d/init.d etc/rc.d/init.d/acpid diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 996925b7a..c0fc18705 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -3,6 +3,7 @@ etc/init.d #etc/rc.d/helper etc/rc.d/helper/aws-setup etc/rc.d/helper/azure-setup +etc/rc.d/helper/gcp-setup etc/rc.d/helper/getdnsfromdhcpc.pl #etc/rc.d/init.d etc/rc.d/init.d/acpid diff --git a/src/initscripts/helper/gcp-setup b/src/initscripts/helper/gcp-setup new file mode 100644 index 000000000..077a96dc6 --- /dev/null +++ b/src/initscripts/helper/gcp-setup @@ -0,0 +1,285 @@ +#!/bin/bash + +. /etc/sysconfig/rc +. ${rc_functions} + +# Set PATH to find our own executables +export PATH=/usr/local/sbin:/usr/local/bin:${PATH} + +get() { + local file="${1}" + + wget --header="Metadata-Flavor: Google" -qO - "http://169.254.169.254/computeMetadata/v1/${file}" +} + +to_address() { + local n="${1}" + + local o1=$(( (n & 0xff000000) >> 24 )) + local o2=$(( (n & 0xff0000) >> 16 )) + local o3=$(( (n & 0xff00) >> 8 )) + local o4=$(( (n & 0xff) )) + + printf "%d.%d.%d.%d\n" "${o1}" "${o2}" "${o3}" "${o4}" +} + +to_integer() { + local address="${1}" + + local integer=0 + + local i + for i in ${address//\./ }; do + integer=$(( (integer << 8) + i )) + done + + printf "%d\n" "${integer}" +} + +prefix2netmask() { + local prefix=${1} + + local zeros=$(( 32 - prefix )) + local netmask=0 + + local i + for (( i=0; i<${zeros}; i++ )); do + netmask=$(( (netmask << 1) ^ 1 )) + done + + to_address "$(( netmask ^ 0xffffffff ))" +} + +import_gcp_configuration() { + local instance_id="$(get instance/id)" + + boot_mesg "Importing Google Compute Platform configuration for instance ${instance_id}..." + + # Store instance ID + echo "${instance_id}" > /var/run/gcp-instance-id + + # Initialise system settings + local hostname=$(get instance/hostname) + + # Set hostname + if ! grep -q "^HOSTNAME=" /var/ipfire/main/settings; then + echo "HOSTNAME=${hostname%%.*}" >> /var/ipfire/main/settings + fi + + # Set domainname + if ! grep -q "^DOMAINNAME=" /var/ipfire/main/settings; then + echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings + fi + + # Create setup user + if ! getent passwd setup &>/dev/null; then + useradd setup -s /usr/bin/run-setup -g nobody -m + + # Unlock the account + usermod -p "x" setup + fi + + # Import SSH keys for setup user + local line + while read -r line; do + # Strip the username part from the key + local key="${line#*:}" + + if [ -n "${key}" ] && ! grep -q "^${key}$" "/home/setup/.ssh/authorized_keys" 2>/dev/null; then + mkdir -p "/home/setup/.ssh" + chmod 700 "/home/setup/.ssh" + chown setup.nobody "/home/setup/.ssh" + + echo "${key}" >> "/home/setup/.ssh/authorized_keys" + chmod 600 "/home/setup/.ssh/authorized_keys" + chown setup.nobody "/home/setup/.ssh/authorized_keys" + fi + done <<<"$(get instance/attributes/ssh-keys)" + + # Download the user-data script only on the first boot + if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then + # Download a startup script + local script="$(get instance/attributes/startup-script)" + + # Execute the script + if [ "${script:0:2}" = "#!" ]; then + echo "${script}" > /tmp/gcp-startup.script + chmod 700 /tmp/gcp-startup.script + + # Run the script + local now="$(date -u +"%s")" + /tmp/gcp-startup.script &>/var/log/startup-script.log.${now} + + # Delete the script right away + rm /tmp/gcp-startup.script + fi + fi + + # Import network configuration + # After this, no network connectivity will be available from this script due to the + # renaming of the network interfaces for which they have to be shut down + local config_type=1 + : > /var/ipfire/ethernet/settings + + local device_number + for device_number in $(get instance/network-interfaces/); do + # Remove trailing slash + device_number="${device_number//\//}" + + local mac="$(get "instance/network-interfaces/${device_number}/mac")" + + # XXX TODO read the MTU because Google seems to only support 1460 + + # First IPv4 address + local ipv4_address="$(get "instance/network-interfaces/${device_number}/ip")" + local ipv4_address_num="$(to_integer "${ipv4_address}")" + + local netmask="$(get "instance/network-interfaces/${device_number}/subnetmask")" + local netmask_num="$(to_integer "${netmask}")" + + # Calculate the network and broadcast addresses + local netaddress="$(to_address $(( ipv4_address_num & netmask_num )))" + local broadcast="$(to_address $(( ipv4_address_num | (0xffffffff ^ netmask_num) )))" + + case "${device_number}" in + # RED + 0) + local interface_name="red0" + local gateway="$(get instance/network-interfaces/${device_number}/gateway)" + + ( + echo "RED_TYPE=STATIC" + echo "RED_DEV=${interface_name}" + echo "RED_MACADDR=${mac}" + echo "RED_DESCRIPTION='${interface_id}'" + echo "RED_ADDRESS=${ipv4_address}" + echo "RED_NETMASK=${netmask}" + echo "RED_NETADDRESS=${netaddress}" + echo "RED_BROADCAST=${broadcast}" + echo "DEFAULT_GATEWAY=${gateway}" + ) >> /var/ipfire/ethernet/settings + + # Import aliases for RED + for alias in $(get "instance/network-interfaces/${device_number}/ip-aliases"); do + echo "${alias},on," + done > /var/ipfire/ethernet/aliases + ;; + + # GREEN + 1) + local interface_name="green0" + + ( + echo "GREEN_DEV=${interface_name}" + echo "GREEN_MACADDR=${mac}" + echo "GREEN_DESCRIPTION='${interface_id}'" + echo "GREEN_ADDRESS=${ipv4_address}" + echo "GREEN_NETMASK=${netmask}" + echo "GREEN_NETADDRESS=${netaddress}" + echo "GREEN_BROADCAST=${broadcast}" + ) >> /var/ipfire/ethernet/settings + ;; + + # ORANGE + 2) + local interface_name="orange0" + config_type=2 + + ( + echo "ORANGE_DEV=${interface_name}" + echo "ORANGE_MACADDR=${mac}" + echo "ORANGE_DESCRIPTION='${interface_id}'" + echo "ORANGE_ADDRESS=${ipv4_address}" + echo "ORANGE_NETMASK=${netmask}" + echo "ORANGE_NETADDRESS=${netaddress}" + echo "ORANGE_BROADCAST=${broadcast}" + ) >> /var/ipfire/ethernet/settings + ;; + esac + done + + # Save CONFIG_TYPE + echo "CONFIG_TYPE=${config_type}" >> /var/ipfire/ethernet/settings + + # Actions performed only on the very first start + if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then + # Disable using ISP nameservers + sed -e "s/^USE_ISP_NAMESERVERS=.*/USE_ISP_NAMESERVERS=off/" -i /var/ipfire/dns/settings + + # Enable SSH + sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings + + # Disable SSH password authentication + sed -e "s/^ENABLE_SSH_PASSWORDS=.*/ENABLE_SSH_PASSWORDS=off/" -i /var/ipfire/remote/settings + + # Enable SSH key authentication + sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings + + # Apply SSH settings + /usr/local/bin/sshctrl + + # Mark SSH to start immediately (but not right now) + touch /var/ipfire/remote/enablessh + chown nobody:nobody /var/ipfire/remote/enablessh + + # Firewall rules for SSH and WEBIF + ( + echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" + echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" + ) >> /var/ipfire/firewall/input + + # This script has now completed the first steps of setup + touch /var/ipfire/main/firstsetup_ok + fi + + # All done + echo_ok +} + +case "${reason}" in + PREINIT) + # Bring up the interface + ip link set "${interface}" up + ;; + + BOUND|RENEW|REBIND|REBOOT) + # Remove any previous IP addresses + ip addr flush dev "${interface}" + + # Add (or re-add) the new IP address + ip addr add "${new_ip_address}/${new_subnet_mask}" dev "${interface}" + + # Add the default route + ip route add default via "${new_routers}" + + # Setup DNS + for domain_name_server in ${new_domain_name_servers}; do + echo "nameserver ${domain_name_server}" + done > /etc/resolv.conf + + # The system is online now + touch /var/ipfire/red/active + + # Import GCP configuration + import_gcp_configuration + ;; + + EXPIRE|FAIL|RELEASE|STOP) + # The system is no longer online + rm -f /var/ipfire/red/active + + # Remove all IP addresses + ip addr flush dev "${interface}" + + # Shut down the interface + ip link set "${interface}" down + ;; + + *) + echo "Unhandled reason: ${reason}" >&2 + exit 2 + ;; +esac + +# Terminate +exit 0 From 45a2dcd09a9da9671c6f18f6c83375c3e414adb2 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 12 Jun 2020 10:43:26 +0000 Subject: [PATCH 07/67] gcp: Always automatically enable serial console Signed-off-by: Michael Tremer --- src/initscripts/system/partresize | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/initscripts/system/partresize b/src/initscripts/system/partresize index e7e3bf40b..20044b083 100644 --- a/src/initscripts/system/partresize +++ b/src/initscripts/system/partresize @@ -45,8 +45,8 @@ case "${1}" in esac fi - # Enable the serial console on all systems on Azure - if running_on_azure; then + # Enable the serial console on all systems on Azure and Google Compute Platform + if running_on_azure || running_on_gcp; then scon="on" fi From b6a5888105085a9142a9066614975fa138fea91a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 12 Jun 2020 16:05:00 +0000 Subject: [PATCH 08/67] gcp: Add host route for gateway during initialisation Signed-off-by: Michael Tremer --- src/initscripts/helper/gcp-setup | 1 + 1 file changed, 1 insertion(+) diff --git a/src/initscripts/helper/gcp-setup b/src/initscripts/helper/gcp-setup index 077a96dc6..184608f9f 100644 --- a/src/initscripts/helper/gcp-setup +++ b/src/initscripts/helper/gcp-setup @@ -250,6 +250,7 @@ case "${reason}" in ip addr add "${new_ip_address}/${new_subnet_mask}" dev "${interface}" # Add the default route + ip route add "${new_routers}" dev "${interface}" ip route add default via "${new_routers}" # Setup DNS From 4e58ab4bbf984b559a5f787628a86377d056fca9 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 15 Jun 2020 15:01:42 +0000 Subject: [PATCH 09/67] aws-functions.pl: Drop file and move functions to general-functions.pl There is not enough stuff that it is justified to have an own file. This patch therefore merges everything into general-functions.pl. There are no functional changes. Signed-off-by: Michael Tremer --- config/cfgroot/aws-functions.pl | 34 ----------------------------- config/cfgroot/general-functions.pl | 10 +++++++++ config/cfgroot/header.pl | 4 +--- config/rootfiles/common/configroot | 1 - lfs/configroot | 1 - 5 files changed, 11 insertions(+), 39 deletions(-) delete mode 100644 config/cfgroot/aws-functions.pl diff --git a/config/cfgroot/aws-functions.pl b/config/cfgroot/aws-functions.pl deleted file mode 100644 index 5fd97125c..000000000 --- a/config/cfgroot/aws-functions.pl +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/perl -w -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 2 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2018 IPFire Team . # -# # -############################################################################ - -package AWS; - -sub running_on_ec2() { - if (-e "/var/run/aws-instance-id") { - return 1; - } - - return 0; -} - -1; diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 4c7cf09a8..6ddad28d0 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -1286,4 +1286,14 @@ sub formatBytes { return sprintf("%.2f %s", $bytes, $unit); } +# Cloud Stuff + +sub running_on_ec2() { + if (-e "/var/run/aws-instance-id") { + return 1; + } + + return 0; +} + 1; diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index e8d9d377c..8b42bf023 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -19,8 +19,6 @@ use Time::Local; $|=1; # line buffering -require "/var/ipfire/aws-functions.pl"; - $Header::revision = 'final'; $Header::swroot = '/var/ipfire'; $Header::graphdir='/srv/web/ipfire/html/graphs'; @@ -173,7 +171,7 @@ sub genmenu { } # Disbale unusable things on EC2 - if (&AWS::running_on_ec2()) { + if (&General::running_on_ec2()) { $menu->{'03.network'}{'subMenu'}->{'30.dhcp'}{'enabled'} = 0; $menu->{'03.network'}{'subMenu'}->{'80.macadressmenu'}{'enabled'} = 0; $menu->{'03.network'}{'subMenu'}->{'90.wakeonlan'}{'enabled'} = 0; diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 67c4abc75..664247b12 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -9,7 +9,6 @@ usr/sbin/firewall-policy var/ipfire/addon-lang var/ipfire/auth #var/ipfire/auth/users -var/ipfire/aws-functions.pl #var/ipfire/backup var/ipfire/backup/exclude.user var/ipfire/backup/include.user diff --git a/lfs/configroot b/lfs/configroot index 2c9dbe0e3..ee320d8cf 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -79,7 +79,6 @@ $(TARGET) : cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl $(CONFIG_ROOT)/ - cp $(DIR_SRC)/config/cfgroot/aws-functions.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/ids-functions.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/ From e7978f5671c8266759b325ee8036b8394191489f Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 15 Jun 2020 15:07:15 +0000 Subject: [PATCH 10/67] gcloud: Add function to detect whether we are running on GCP Signed-off-by: Michael Tremer --- config/cfgroot/general-functions.pl | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 6ddad28d0..376b6a09a 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -1296,4 +1296,12 @@ sub running_on_ec2() { return 0; } +sub running_on_gcp() { + if (-e "/var/run/gcp-instance-id") { + return 1; + } + + return 0; +} + 1; From 46b0f9ab44754069f89a66bcd8e253c021ab5f26 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 15 Jun 2020 15:07:35 +0000 Subject: [PATCH 11/67] web: Hide certain menu items when running in cloud environments This used to be only hidden on AWS. Signed-off-by: Michael Tremer --- config/cfgroot/general-functions.pl | 4 ++++ config/cfgroot/header.pl | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 376b6a09a..8ee5eaa5d 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -1288,6 +1288,10 @@ sub formatBytes { # Cloud Stuff +sub running_in_cloud() { + return &running_on_ec2() || &running_on_gcp(); +} + sub running_on_ec2() { if (-e "/var/run/aws-instance-id") { return 1; diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index 8b42bf023..1046f5992 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -170,8 +170,8 @@ sub genmenu { $menu->{'02.status'}{'subMenu'}->{'74.modem-status'}{'enabled'} = 1; } - # Disbale unusable things on EC2 - if (&General::running_on_ec2()) { + # Disbale unusable things in cloud environments + if (&General::running_in_cloud()) { $menu->{'03.network'}{'subMenu'}->{'30.dhcp'}{'enabled'} = 0; $menu->{'03.network'}{'subMenu'}->{'80.macadressmenu'}{'enabled'} = 0; $menu->{'03.network'}{'subMenu'}->{'90.wakeonlan'}{'enabled'} = 0; From 68e060cb227fe7e0a2d16eb4340a5d3ddabadde9 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 15 Jun 2020 15:20:49 +0000 Subject: [PATCH 12/67] aws: Configure MTU to maximum of 9001 on GREEN/ORANGE AWS supports jumbo-frames which IPFire can take advantage of to increase network throughput internally. The MTU for RED was left as 1500 to avoid packet fragmentation in the cloud network and have IPFire do that job. Signed-off-by: Michael Tremer --- src/initscripts/helper/aws-setup | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-setup index 884319822..9b67019d6 100644 --- a/src/initscripts/helper/aws-setup +++ b/src/initscripts/helper/aws-setup @@ -6,6 +6,9 @@ # Set PATH to find our own executables export PATH=/usr/local/sbin:/usr/local/bin:${PATH} +# AWS supports an MTU of up to 9001 bytes +DEFAULT_MTU=9001 + get() { local file="${1}" @@ -167,6 +170,7 @@ import_aws_configuration() { echo "RED_NETMASK=${netmask}" echo "RED_NETADDRESS=${netaddress}" echo "RED_BROADCAST=${broadcast}" + echo "RED_MTU=1500" echo "DEFAULT_GATEWAY=${gateway}" ) >> /var/ipfire/ethernet/settings @@ -188,6 +192,7 @@ import_aws_configuration() { echo "GREEN_NETMASK=${netmask}" echo "GREEN_NETADDRESS=${netaddress}" echo "GREEN_BROADCAST=${broadcast}" + echo "GREEN_MTU=${DEFAULT_MTU}" ) >> /var/ipfire/ethernet/settings ;; @@ -204,6 +209,7 @@ import_aws_configuration() { echo "ORANGE_NETMASK=${netmask}" echo "ORANGE_NETADDRESS=${netaddress}" echo "ORANGE_BROADCAST=${broadcast}" + echo "ORANGE_MTU=${DEFAULT_MTU}" ) >> /var/ipfire/ethernet/settings ;; esac From bf1ae6aa6a6f0424e266fadd9459e7135bc3550e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 15 Jun 2020 15:22:00 +0000 Subject: [PATCH 13/67] gcp: Google Cloud only supports an MTU of 1460 Signed-off-by: Michael Tremer --- src/initscripts/helper/gcp-setup | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/initscripts/helper/gcp-setup b/src/initscripts/helper/gcp-setup index 184608f9f..eab09eb2c 100644 --- a/src/initscripts/helper/gcp-setup +++ b/src/initscripts/helper/gcp-setup @@ -6,6 +6,9 @@ # Set PATH to find our own executables export PATH=/usr/local/sbin:/usr/local/bin:${PATH} +# GCP only supports an MTU of 1460 +DEFAULT_MTU=1460 + get() { local file="${1}" @@ -156,6 +159,7 @@ import_gcp_configuration() { echo "RED_NETMASK=${netmask}" echo "RED_NETADDRESS=${netaddress}" echo "RED_BROADCAST=${broadcast}" + echo "RED_MTU=${DEFAULT_MTU}" echo "DEFAULT_GATEWAY=${gateway}" ) >> /var/ipfire/ethernet/settings @@ -177,6 +181,7 @@ import_gcp_configuration() { echo "GREEN_NETMASK=${netmask}" echo "GREEN_NETADDRESS=${netaddress}" echo "GREEN_BROADCAST=${broadcast}" + echo "GREEN_MTU=${DEFAULT_MTU}" ) >> /var/ipfire/ethernet/settings ;; @@ -193,6 +198,7 @@ import_gcp_configuration() { echo "ORANGE_NETMASK=${netmask}" echo "ORANGE_NETADDRESS=${netaddress}" echo "ORANGE_BROADCAST=${broadcast}" + echo "ORANGE_MTU=${DEFAULT_MTU}" ) >> /var/ipfire/ethernet/settings ;; esac From 9bdf5e71af93a54a3b88bdcd42e090cacf5ebd9c Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 15 Jun 2020 15:32:41 +0000 Subject: [PATCH 14/67] networking: Set configured MTU to all network zones Signed-off-by: Michael Tremer --- src/initscripts/networking/any | 11 +++++++++++ src/initscripts/networking/red | 11 ++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/initscripts/networking/any b/src/initscripts/networking/any index 5609a9efe..8d2300950 100644 --- a/src/initscripts/networking/any +++ b/src/initscripts/networking/any @@ -26,6 +26,7 @@ if [ "$(basename $0)" == "green" ]; then NETADDRESS="${GREEN_NETADDRESS}" NETMASK="${GREEN_NETMASK}" DEVICE="${GREEN_DEV}" + MTU="${GREEN_MTU}" elif [ "$(basename $0)" == "blue" ]; then DEVICE="${BLUE_DEV}" ADDRESS="${BLUE_ADDRESS}" @@ -33,6 +34,7 @@ elif [ "$(basename $0)" == "blue" ]; then NETADDRESS="${BLUE_NETADDRESS}" NETMASK="${BLUE_NETMASK}" DEVICE="${BLUE_DEV}" + MTU="${GREEN_MTU}" elif [ "$(basename $0)" == "orange" ]; then DEVICE="${ORANGE_DEV}" ADDRESS="${ORANGE_ADDRESS}" @@ -40,6 +42,7 @@ elif [ "$(basename $0)" == "orange" ]; then NETADDRESS="${ORANGE_NETADDRESS}" NETMASK="${ORANGE_NETMASK}" DEVICE="${ORANGE_DEV}" + MTU="${ORANGE_MTU}" fi if [ -z "${BROADCAST}" ]; then @@ -77,6 +80,14 @@ case "${1}" in exit 1 fi + # Set the MTU + if [ -n "${MTU}" ]; then + if ! ip link set dev "${DEVICE}" mtu "${MTU}" &>/dev/null; then + boot_mesg "Could not set MTU of ${MTU} to ${DEVICE}..." + echo_warning + fi + fi + # Create & Enable vnstat data collection /usr/bin/vnstat -u -i ${DEVICE} -r --enable --force > /dev/null 2>&1 diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red index db4209b44..44e0daa68 100644 --- a/src/initscripts/networking/red +++ b/src/initscripts/networking/red @@ -54,11 +54,13 @@ if [ "${TYPE}" == "STATIC" ]; then BROADCAST="${RED_BROADCAST}" NETADDRESS="${RED_NETADDRESS}" NETMASK="${RED_NETMASK}" + MTU="${RED_MTU}" else ADDRESS="${GREEN_ADDRESS}" BROADCAST="${GREEN_BROADCAST}" NETADDRESS="${GREEN_NETADDRESS}" NETMASK="${GREEN_NETMASK}" + MTU="${GREEN_MTU}" fi GATEWAY="${DEFAULT_GATEWAY}" # DNS1 @@ -108,7 +110,14 @@ case "${1}" in /usr/bin/vnstat -u -i ${DEVICE} -r --enable --force > /dev/null 2>&1 if [ "${TYPE}" == "STATIC" ]; then - + # Set the MTU + if [ -n "${MTU}" ]; then + if ! ip link set dev "${DEVICE}" mtu "${MTU}" &>/dev/null; then + boot_mesg "Could not set MTU of ${MTU} to ${DEVICE}..." + echo_warning + fi + fi + if [ "$DEVICE" != "${GREEN_DEV}" ]; then boot_mesg "Adding IPv4 address ${ADDRESS} to the ${DEVICE} interface..." ip addr add ${args} dev ${DEVICE} From 47686b1b6ee72893fcb649af269f60478759fa65 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jun 2020 08:35:09 +0000 Subject: [PATCH 15/67] Start Core Update 147 Signed-off-by: Michael Tremer --- config/rootfiles/core/{146 => 147}/exclude | 0 config/rootfiles/core/147/filelists/files | 4 ++ config/rootfiles/core/147/update.sh | 67 +++++++++++++++++++ config/rootfiles/oldcore/146/exclude | 28 ++++++++ .../146/filelists/aarch64/linux | 0 .../146/filelists/aarch64/linux-initrd | 0 .../146/filelists/armv5tel/linux-initrd-multi | 0 .../146/filelists/armv5tel/linux-multi | 0 .../{core => oldcore}/146/filelists/files | 0 .../146/filelists/i586/intel-microcode | 0 .../146/filelists/i586/linux | 0 .../146/filelists/i586/linux-initrd | 0 .../146/filelists/x86_64/intel-microcode | 0 .../146/filelists/x86_64/linux | 0 .../146/filelists/x86_64/linux-initrd | 0 .../rootfiles/{core => oldcore}/146/update.sh | 0 make.sh | 2 +- 17 files changed, 100 insertions(+), 1 deletion(-) rename config/rootfiles/core/{146 => 147}/exclude (100%) create mode 100644 config/rootfiles/core/147/filelists/files create mode 100644 config/rootfiles/core/147/update.sh create mode 100644 config/rootfiles/oldcore/146/exclude rename config/rootfiles/{core => oldcore}/146/filelists/aarch64/linux (100%) rename config/rootfiles/{core => oldcore}/146/filelists/aarch64/linux-initrd (100%) rename config/rootfiles/{core => oldcore}/146/filelists/armv5tel/linux-initrd-multi (100%) rename config/rootfiles/{core => oldcore}/146/filelists/armv5tel/linux-multi (100%) rename config/rootfiles/{core => oldcore}/146/filelists/files (100%) rename config/rootfiles/{core => oldcore}/146/filelists/i586/intel-microcode (100%) rename config/rootfiles/{core => oldcore}/146/filelists/i586/linux (100%) rename config/rootfiles/{core => oldcore}/146/filelists/i586/linux-initrd (100%) rename config/rootfiles/{core => oldcore}/146/filelists/x86_64/intel-microcode (100%) rename config/rootfiles/{core => oldcore}/146/filelists/x86_64/linux (100%) rename config/rootfiles/{core => oldcore}/146/filelists/x86_64/linux-initrd (100%) rename config/rootfiles/{core => oldcore}/146/update.sh (100%) diff --git a/config/rootfiles/core/146/exclude b/config/rootfiles/core/147/exclude similarity index 100% rename from config/rootfiles/core/146/exclude rename to config/rootfiles/core/147/exclude diff --git a/config/rootfiles/core/147/filelists/files b/config/rootfiles/core/147/filelists/files new file mode 100644 index 000000000..ce4e51768 --- /dev/null +++ b/config/rootfiles/core/147/filelists/files @@ -0,0 +1,4 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs diff --git a/config/rootfiles/core/147/update.sh b/config/rootfiles/core/147/update.sh new file mode 100644 index 000000000..a240fbf98 --- /dev/null +++ b/config/rootfiles/core/147/update.sh @@ -0,0 +1,67 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2020 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=147 + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Remove files + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Filesytem cleanup +/usr/local/bin/filesystem-cleanup + +# Start services + +# This update needs a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/146/exclude b/config/rootfiles/oldcore/146/exclude new file mode 100644 index 000000000..b22159878 --- /dev/null +++ b/config/rootfiles/oldcore/146/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/146/filelists/aarch64/linux b/config/rootfiles/oldcore/146/filelists/aarch64/linux similarity index 100% rename from config/rootfiles/core/146/filelists/aarch64/linux rename to config/rootfiles/oldcore/146/filelists/aarch64/linux diff --git a/config/rootfiles/core/146/filelists/aarch64/linux-initrd b/config/rootfiles/oldcore/146/filelists/aarch64/linux-initrd similarity index 100% rename from config/rootfiles/core/146/filelists/aarch64/linux-initrd rename to config/rootfiles/oldcore/146/filelists/aarch64/linux-initrd diff --git a/config/rootfiles/core/146/filelists/armv5tel/linux-initrd-multi b/config/rootfiles/oldcore/146/filelists/armv5tel/linux-initrd-multi similarity index 100% rename from config/rootfiles/core/146/filelists/armv5tel/linux-initrd-multi rename to config/rootfiles/oldcore/146/filelists/armv5tel/linux-initrd-multi diff --git a/config/rootfiles/core/146/filelists/armv5tel/linux-multi b/config/rootfiles/oldcore/146/filelists/armv5tel/linux-multi similarity index 100% rename from config/rootfiles/core/146/filelists/armv5tel/linux-multi rename to config/rootfiles/oldcore/146/filelists/armv5tel/linux-multi diff --git a/config/rootfiles/core/146/filelists/files b/config/rootfiles/oldcore/146/filelists/files similarity index 100% rename from config/rootfiles/core/146/filelists/files rename to config/rootfiles/oldcore/146/filelists/files diff --git a/config/rootfiles/core/146/filelists/i586/intel-microcode b/config/rootfiles/oldcore/146/filelists/i586/intel-microcode similarity index 100% rename from config/rootfiles/core/146/filelists/i586/intel-microcode rename to config/rootfiles/oldcore/146/filelists/i586/intel-microcode diff --git a/config/rootfiles/core/146/filelists/i586/linux b/config/rootfiles/oldcore/146/filelists/i586/linux similarity index 100% rename from config/rootfiles/core/146/filelists/i586/linux rename to config/rootfiles/oldcore/146/filelists/i586/linux diff --git a/config/rootfiles/core/146/filelists/i586/linux-initrd b/config/rootfiles/oldcore/146/filelists/i586/linux-initrd similarity index 100% rename from config/rootfiles/core/146/filelists/i586/linux-initrd rename to config/rootfiles/oldcore/146/filelists/i586/linux-initrd diff --git a/config/rootfiles/core/146/filelists/x86_64/intel-microcode b/config/rootfiles/oldcore/146/filelists/x86_64/intel-microcode similarity index 100% rename from config/rootfiles/core/146/filelists/x86_64/intel-microcode rename to config/rootfiles/oldcore/146/filelists/x86_64/intel-microcode diff --git a/config/rootfiles/core/146/filelists/x86_64/linux b/config/rootfiles/oldcore/146/filelists/x86_64/linux similarity index 100% rename from config/rootfiles/core/146/filelists/x86_64/linux rename to config/rootfiles/oldcore/146/filelists/x86_64/linux diff --git a/config/rootfiles/core/146/filelists/x86_64/linux-initrd b/config/rootfiles/oldcore/146/filelists/x86_64/linux-initrd similarity index 100% rename from config/rootfiles/core/146/filelists/x86_64/linux-initrd rename to config/rootfiles/oldcore/146/filelists/x86_64/linux-initrd diff --git a/config/rootfiles/core/146/update.sh b/config/rootfiles/oldcore/146/update.sh similarity index 100% rename from config/rootfiles/core/146/update.sh rename to config/rootfiles/oldcore/146/update.sh diff --git a/make.sh b/make.sh index 5ed15a0f5..2e54cec28 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.25" # Version number -CORE="146" # Core Level (Filename) +CORE="147" # Core Level (Filename) SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir NICE=10 # Nice level From 3a40d335830946fcaac286b58abdfaae15ed2cad Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Wed, 10 Jun 2020 23:38:52 +0200 Subject: [PATCH 16/67] squid: Update to 4.12 For details see: http://www.squid-cache.org/Versions/v4/changesets/ Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- lfs/squid | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/squid b/lfs/squid index 9c913b928..ebd25e42e 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@ include Config -VER = 4.11 +VER = 4.12 THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 10f34e852153a9996aa4614670e2bda1 +$(DL_FILE)_MD5 = ad7a4a8a0031cae3435717a759173829 install : $(TARGET) From 73c084b6a7bfc49b821c2998f00bb4d2b3a2d359 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jun 2020 08:37:48 +0000 Subject: [PATCH 17/67] core147: Ship squid Signed-off-by: Michael Tremer --- config/rootfiles/core/147/filelists/squid | 1 + config/rootfiles/core/147/update.sh | 2 ++ 2 files changed, 3 insertions(+) create mode 120000 config/rootfiles/core/147/filelists/squid diff --git a/config/rootfiles/core/147/filelists/squid b/config/rootfiles/core/147/filelists/squid new file mode 120000 index 000000000..2dc8372a0 --- /dev/null +++ b/config/rootfiles/core/147/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/147/update.sh b/config/rootfiles/core/147/update.sh index a240fbf98..ad542c691 100644 --- a/config/rootfiles/core/147/update.sh +++ b/config/rootfiles/core/147/update.sh @@ -34,6 +34,7 @@ done # Remove files # Stop services +/etc/init.d/squid stop # Extract files extract_files @@ -48,6 +49,7 @@ ldconfig /usr/local/bin/filesystem-cleanup # Start services +/etc/init.d/squid start # This update needs a reboot... touch /var/run/need_reboot From ea791f45b47a09f5765b1576ea3378b77faba40f Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Wed, 10 Jun 2020 23:46:15 +0200 Subject: [PATCH 18/67] haproxy: Update to 2.1.7 For details see: http://www.haproxy.org/download/2.1/src/CHANGELOG Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- lfs/haproxy | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/haproxy b/lfs/haproxy index 62a1c4d10..bc5ef8021 100644 --- a/lfs/haproxy +++ b/lfs/haproxy @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.1.4 +VER = 2.1.7 THISAPP = haproxy-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = haproxy -PAK_VER = 14 +PAK_VER = 15 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 100cccf98aaf3ba80b5fd070866ad115 +$(DL_FILE)_MD5 = f0ddf67e2be18cfe1b996f9914cfa67e install : $(TARGET) From c9f49bc69300d585bb6bfec6e26c969b36b7cd9c Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Wed, 10 Jun 2020 23:51:21 +0200 Subject: [PATCH 19/67] borgbackup: Update to 1.1.13 For details see: https://borgbackup.readthedocs.io/en/stable/changes.html#changelog Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- config/rootfiles/packages/armv5tel/borgbackup | 16 ++++++++-------- config/rootfiles/packages/borgbackup | 16 ++++++++-------- config/rootfiles/packages/i586/borgbackup | 16 ++++++++-------- lfs/borgbackup | 6 +++--- 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/config/rootfiles/packages/armv5tel/borgbackup b/config/rootfiles/packages/armv5tel/borgbackup index 245e54a19..276c9ea98 100644 --- a/config/rootfiles/packages/armv5tel/borgbackup +++ b/config/rootfiles/packages/armv5tel/borgbackup @@ -81,11 +81,11 @@ usr/lib/python3.8/site-packages/borg/shellpattern.py usr/lib/python3.8/site-packages/borg/upgrader.py usr/lib/python3.8/site-packages/borg/version.py usr/lib/python3.8/site-packages/borg/xattr.py -#usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/PKG-INFO -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/SOURCES.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/dependency_links.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/entry_points.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/not-zip-safe -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/requires.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/top_level.txt +#usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/PKG-INFO +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/SOURCES.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/dependency_links.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/entry_points.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/not-zip-safe +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/requires.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/top_level.txt diff --git a/config/rootfiles/packages/borgbackup b/config/rootfiles/packages/borgbackup index cdfe569b5..6fbe61429 100644 --- a/config/rootfiles/packages/borgbackup +++ b/config/rootfiles/packages/borgbackup @@ -81,11 +81,11 @@ usr/lib/python3.8/site-packages/borg/shellpattern.py usr/lib/python3.8/site-packages/borg/upgrader.py usr/lib/python3.8/site-packages/borg/version.py usr/lib/python3.8/site-packages/borg/xattr.py -#usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/PKG-INFO -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/SOURCES.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/dependency_links.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/entry_points.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/not-zip-safe -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/requires.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/top_level.txt +#usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/PKG-INFO +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/SOURCES.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/dependency_links.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/entry_points.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/not-zip-safe +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/requires.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/top_level.txt diff --git a/config/rootfiles/packages/i586/borgbackup b/config/rootfiles/packages/i586/borgbackup index 786d185bc..6865d7d20 100644 --- a/config/rootfiles/packages/i586/borgbackup +++ b/config/rootfiles/packages/i586/borgbackup @@ -81,11 +81,11 @@ usr/lib/python3.8/site-packages/borg/shellpattern.py usr/lib/python3.8/site-packages/borg/upgrader.py usr/lib/python3.8/site-packages/borg/version.py usr/lib/python3.8/site-packages/borg/xattr.py -#usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/PKG-INFO -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/SOURCES.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/dependency_links.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/entry_points.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/not-zip-safe -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/requires.txt -usr/lib/python3.8/site-packages/borgbackup-1.1.11-py3.8.egg-info/top_level.txt +#usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/PKG-INFO +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/SOURCES.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/dependency_links.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/entry_points.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/not-zip-safe +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/requires.txt +usr/lib/python3.8/site-packages/borgbackup-1.1.13-py3.8.egg-info/top_level.txt diff --git a/lfs/borgbackup b/lfs/borgbackup index bc1cfa2dd..ea87cf5ce 100644 --- a/lfs/borgbackup +++ b/lfs/borgbackup @@ -24,7 +24,7 @@ include Config -VER = 1.1.11 +VER = 1.1.13 THISAPP = borgbackup-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = borgbackup -PAK_VER = 5 +PAK_VER = 6 DEPS = python3-llfuse python3-msgpack @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = ab9721f10c2500e0ca872545c64b6e2f +$(DL_FILE)_MD5 = a82d2bdf61bfaeebb90ac8ab1347657a install : $(TARGET) From 44d2f538e18ac1e24d06a8d00bbe191a41d2a8ae Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Thu, 11 Jun 2020 00:08:12 +0200 Subject: [PATCH 20/67] gnutls: Update to 3.6.14 For details see: https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html "** libgnutls: Fixed insecure session ticket key construction, since 3.6.4. The TLS server would not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (#1011). [GNUTLS-SA-2020-06-03, CVSS: high] ** libgnutls: Fixed handling of certificate chain with cross-signed intermediate CA certificates (#1008). ** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). ** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority Key Identifier (AKI) properly (#989, #991). ** certtool: PKCS #7 attributes are now printed with symbolic names (!1246). ** libgnutls: Added several improvements on Windows Vista and later releases (!1257, !1254, !1256). Most notably the system random number generator now uses Windows BCrypt* API if available (!1255). ** libgnutls: Use accelerated AES-XTS implementation if possible (!1244). Also both accelerated and non-accelerated implementations check key block according to FIPS-140-2 IG A.9 (!1233). ** libgnutls: Added support for AES-SIV ciphers (#463). ** libgnutls: Added support for 192-bit AES-GCM cipher (!1267). ** libgnutls: No longer use internal symbols exported from Nettle (!1235) ** API and ABI modifications: GNUTLS_CIPHER_AES_128_SIV: Added GNUTLS_CIPHER_AES_256_SIV: Added GNUTLS_CIPHER_AES_192_GCM: Added gnutls_pkcs7_print_signature_info: Added" Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- config/rootfiles/common/gnutls | 25 ++++++++++++++++++++++++- lfs/gnutls | 9 ++++----- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls index b8adaa9d9..cb7ecf8e5 100644 --- a/config/rootfiles/common/gnutls +++ b/config/rootfiles/common/gnutls @@ -33,7 +33,7 @@ usr/lib/libgnutls-dane.so.0.4.1 #usr/lib/libgnutls.la #usr/lib/libgnutls.so usr/lib/libgnutls.so.30 -usr/lib/libgnutls.so.30.23.2 +usr/lib/libgnutls.so.30.28.0 #usr/lib/libgnutlsxx.la #usr/lib/libgnutlsxx.so usr/lib/libgnutlsxx.so.28 @@ -113,9 +113,11 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/dane_verify_crt_raw.3 #usr/share/man/man3/dane_verify_session_crt.3 #usr/share/man/man3/gnutls_aead_cipher_decrypt.3 +#usr/share/man/man3/gnutls_aead_cipher_decryptv2.3 #usr/share/man/man3/gnutls_aead_cipher_deinit.3 #usr/share/man/man3/gnutls_aead_cipher_encrypt.3 #usr/share/man/man3/gnutls_aead_cipher_encryptv.3 +#usr/share/man/man3/gnutls_aead_cipher_encryptv2.3 #usr/share/man/man3/gnutls_aead_cipher_init.3 #usr/share/man/man3/gnutls_alert_get.3 #usr/share/man/man3/gnutls_alert_get_name.3 @@ -206,6 +208,8 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_certificate_type_get_id.3 #usr/share/man/man3/gnutls_certificate_type_get_name.3 #usr/share/man/man3/gnutls_certificate_type_list.3 +#usr/share/man/man3/gnutls_certificate_verification_profile_get_id.3 +#usr/share/man/man3/gnutls_certificate_verification_profile_get_name.3 #usr/share/man/man3/gnutls_certificate_verification_status_print.3 #usr/share/man/man3/gnutls_certificate_verify_peers.3 #usr/share/man/man3/gnutls_certificate_verify_peers2.3 @@ -271,6 +275,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_dh_params_import_pkcs3.3 #usr/share/man/man3/gnutls_dh_params_import_raw.3 #usr/share/man/man3/gnutls_dh_params_import_raw2.3 +#usr/share/man/man3/gnutls_dh_params_import_raw3.3 #usr/share/man/man3/gnutls_dh_params_init.3 #usr/share/man/man3/gnutls_dh_set_prime_bits.3 #usr/share/man/man3/gnutls_digest_get_id.3 @@ -302,12 +307,14 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_ext_get_current_msg.3 #usr/share/man/man3/gnutls_ext_get_data.3 #usr/share/man/man3/gnutls_ext_get_name.3 +#usr/share/man/man3/gnutls_ext_get_name2.3 #usr/share/man/man3/gnutls_ext_raw_parse.3 #usr/share/man/man3/gnutls_ext_register.3 #usr/share/man/man3/gnutls_ext_set_data.3 #usr/share/man/man3/gnutls_fingerprint.3 #usr/share/man/man3/gnutls_fips140_mode_enabled.3 #usr/share/man/man3/gnutls_fips140_set_mode.3 +#usr/share/man/man3/gnutls_get_system_config_file.3 #usr/share/man/man3/gnutls_global_deinit.3 #usr/share/man/man3/gnutls_global_init.3 #usr/share/man/man3/gnutls_global_set_audit_log_function.3 @@ -333,6 +340,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_handshake_set_random.3 #usr/share/man/man3/gnutls_handshake_set_timeout.3 #usr/share/man/man3/gnutls_hash.3 +#usr/share/man/man3/gnutls_hash_copy.3 #usr/share/man/man3/gnutls_hash_deinit.3 #usr/share/man/man3/gnutls_hash_fast.3 #usr/share/man/man3/gnutls_hash_get_len.3 @@ -349,9 +357,13 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_hex_decode2.3 #usr/share/man/man3/gnutls_hex_encode.3 #usr/share/man/man3/gnutls_hex_encode2.3 +#usr/share/man/man3/gnutls_hkdf_expand.3 +#usr/share/man/man3/gnutls_hkdf_extract.3 #usr/share/man/man3/gnutls_hmac.3 +#usr/share/man/man3/gnutls_hmac_copy.3 #usr/share/man/man3/gnutls_hmac_deinit.3 #usr/share/man/man3/gnutls_hmac_fast.3 +#usr/share/man/man3/gnutls_hmac_get_key_size.3 #usr/share/man/man3/gnutls_hmac_get_len.3 #usr/share/man/man3/gnutls_hmac_init.3 #usr/share/man/man3/gnutls_hmac_output.3 @@ -425,6 +437,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_openpgp_send_cert.3 #usr/share/man/man3/gnutls_packet_deinit.3 #usr/share/man/man3/gnutls_packet_get.3 +#usr/share/man/man3/gnutls_pbkdf2.3 #usr/share/man/man3/gnutls_pcert_deinit.3 #usr/share/man/man3/gnutls_pcert_export_openpgp.3 #usr/share/man/man3/gnutls_pcert_export_x509.3 @@ -557,6 +570,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_pkcs7_import.3 #usr/share/man/man3/gnutls_pkcs7_init.3 #usr/share/man/man3/gnutls_pkcs7_print.3 +#usr/share/man/man3/gnutls_pkcs7_print_signature_info.3 #usr/share/man/man3/gnutls_pkcs7_set_crl.3 #usr/share/man/man3/gnutls_pkcs7_set_crl_raw.3 #usr/share/man/man3/gnutls_pkcs7_set_crt.3 @@ -569,6 +583,8 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_pkcs_schema_get_name.3 #usr/share/man/man3/gnutls_pkcs_schema_get_oid.3 #usr/share/man/man3/gnutls_prf.3 +#usr/share/man/man3/gnutls_prf_early.3 +#usr/share/man/man3/gnutls_prf_hash_get.3 #usr/share/man/man3/gnutls_prf_raw.3 #usr/share/man/man3/gnutls_prf_rfc5705.3 #usr/share/man/man3/gnutls_priority_certificate_type_list.3 @@ -645,11 +661,15 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_psk_free_client_credentials.3 #usr/share/man/man3/gnutls_psk_free_server_credentials.3 #usr/share/man/man3/gnutls_psk_server_get_username.3 +#usr/share/man/man3/gnutls_psk_server_get_username2.3 #usr/share/man/man3/gnutls_psk_set_client_credentials.3 +#usr/share/man/man3/gnutls_psk_set_client_credentials2.3 #usr/share/man/man3/gnutls_psk_set_client_credentials_function.3 +#usr/share/man/man3/gnutls_psk_set_client_credentials_function2.3 #usr/share/man/man3/gnutls_psk_set_params_function.3 #usr/share/man/man3/gnutls_psk_set_server_credentials_file.3 #usr/share/man/man3/gnutls_psk_set_server_credentials_function.3 +#usr/share/man/man3/gnutls_psk_set_server_credentials_function2.3 #usr/share/man/man3/gnutls_psk_set_server_credentials_hint.3 #usr/share/man/man3/gnutls_psk_set_server_dh_params.3 #usr/share/man/man3/gnutls_psk_set_server_known_dh_params.3 @@ -720,6 +740,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_record_send_early_data.3 #usr/share/man/man3/gnutls_record_send_range.3 #usr/share/man/man3/gnutls_record_set_max_early_data_size.3 +#usr/share/man/man3/gnutls_record_set_max_recv_size.3 #usr/share/man/man3/gnutls_record_set_max_size.3 #usr/share/man/man3/gnutls_record_set_state.3 #usr/share/man/man3/gnutls_record_set_timeout.3 @@ -746,6 +767,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_session_get_flags.3 #usr/share/man/man3/gnutls_session_get_id.3 #usr/share/man/man3/gnutls_session_get_id2.3 +#usr/share/man/man3/gnutls_session_get_keylog_function.3 #usr/share/man/man3/gnutls_session_get_master_secret.3 #usr/share/man/man3/gnutls_session_get_ptr.3 #usr/share/man/man3/gnutls_session_get_random.3 @@ -755,6 +777,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_session_resumption_requested.3 #usr/share/man/man3/gnutls_session_set_data.3 #usr/share/man/man3/gnutls_session_set_id.3 +#usr/share/man/man3/gnutls_session_set_keylog_function.3 #usr/share/man/man3/gnutls_session_set_premaster.3 #usr/share/man/man3/gnutls_session_set_ptr.3 #usr/share/man/man3/gnutls_session_set_verify_cert.3 diff --git a/lfs/gnutls b/lfs/gnutls index 6d24800b8..07344a8c4 100644 --- a/lfs/gnutls +++ b/lfs/gnutls @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,11 +24,10 @@ include Config -VER = 3.6.7 -SUBVER = .1 +VER = 3.6.14 THISAPP = gnutls-$(VER) -DL_FILE = $(THISAPP)$(SUBVER).tar.xz +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -41,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 92a8049e618afa60e2c852da1884c457 +$(DL_FILE)_MD5 = bf70632d420e421baff482247f01dbfe install : $(TARGET) From 63eacedabc44cd0b6d2a702f8f2da6fcb17f440c Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Thu, 11 Jun 2020 00:08:13 +0200 Subject: [PATCH 21/67] gmp: Update to 6.2.0 Needed for gnutls 3.6.14 For details see: https://gmplib.org/gmp6.2 Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- config/rootfiles/common/aarch64/gmp | 4 ++-- config/rootfiles/common/armv5tel/gmp | 4 ++-- config/rootfiles/common/i586/gmp | 8 ++++---- config/rootfiles/common/x86_64/gmp | 6 ++++-- lfs/gmp | 6 +++--- 5 files changed, 15 insertions(+), 13 deletions(-) diff --git a/config/rootfiles/common/aarch64/gmp b/config/rootfiles/common/aarch64/gmp index 919b0845a..8a95add05 100644 --- a/config/rootfiles/common/aarch64/gmp +++ b/config/rootfiles/common/aarch64/gmp @@ -4,12 +4,12 @@ #usr/lib/libgmp.la #usr/lib/libgmp.so usr/lib/libgmp.so.10 -usr/lib/libgmp.so.10.3.2 +usr/lib/libgmp.so.10.4.0 #usr/lib/libgmpxx.a #usr/lib/libgmpxx.la #usr/lib/libgmpxx.so usr/lib/libgmpxx.so.4 -usr/lib/libgmpxx.so.4.5.2 +usr/lib/libgmpxx.so.4.6.0 #usr/share/info/gmp.info #usr/share/info/gmp.info-1 #usr/share/info/gmp.info-2 diff --git a/config/rootfiles/common/armv5tel/gmp b/config/rootfiles/common/armv5tel/gmp index 919b0845a..8a95add05 100644 --- a/config/rootfiles/common/armv5tel/gmp +++ b/config/rootfiles/common/armv5tel/gmp @@ -4,12 +4,12 @@ #usr/lib/libgmp.la #usr/lib/libgmp.so usr/lib/libgmp.so.10 -usr/lib/libgmp.so.10.3.2 +usr/lib/libgmp.so.10.4.0 #usr/lib/libgmpxx.a #usr/lib/libgmpxx.la #usr/lib/libgmpxx.so usr/lib/libgmpxx.so.4 -usr/lib/libgmpxx.so.4.5.2 +usr/lib/libgmpxx.so.4.6.0 #usr/share/info/gmp.info #usr/share/info/gmp.info-1 #usr/share/info/gmp.info-2 diff --git a/config/rootfiles/common/i586/gmp b/config/rootfiles/common/i586/gmp index 636dc5c45..c1d6a7d9d 100644 --- a/config/rootfiles/common/i586/gmp +++ b/config/rootfiles/common/i586/gmp @@ -4,14 +4,14 @@ #usr/lib/libgmp.la #usr/lib/libgmp.so usr/lib/libgmp.so.10 -usr/lib/libgmp.so.10.3.2 +usr/lib/libgmp.so.10.4.0 #usr/lib/libgmpxx.a #usr/lib/libgmpxx.la #usr/lib/libgmpxx.so usr/lib/libgmpxx.so.4 -usr/lib/libgmpxx.so.4.5.2 -usr/lib/sse2/libgmp.so.10 -usr/lib/sse2/libgmp.so.10.3.2 +usr/lib/libgmpxx.so.4.6.0 +#usr/lib/pkgconfig/gmp.pc +#usr/lib/pkgconfig/gmpxx.pc #usr/share/info/gmp.info #usr/share/info/gmp.info-1 #usr/share/info/gmp.info-2 diff --git a/config/rootfiles/common/x86_64/gmp b/config/rootfiles/common/x86_64/gmp index 919b0845a..c1d6a7d9d 100644 --- a/config/rootfiles/common/x86_64/gmp +++ b/config/rootfiles/common/x86_64/gmp @@ -4,12 +4,14 @@ #usr/lib/libgmp.la #usr/lib/libgmp.so usr/lib/libgmp.so.10 -usr/lib/libgmp.so.10.3.2 +usr/lib/libgmp.so.10.4.0 #usr/lib/libgmpxx.a #usr/lib/libgmpxx.la #usr/lib/libgmpxx.so usr/lib/libgmpxx.so.4 -usr/lib/libgmpxx.so.4.5.2 +usr/lib/libgmpxx.so.4.6.0 +#usr/lib/pkgconfig/gmp.pc +#usr/lib/pkgconfig/gmpxx.pc #usr/share/info/gmp.info #usr/share/info/gmp.info-1 #usr/share/info/gmp.info-2 diff --git a/lfs/gmp b/lfs/gmp index 98671b594..ea6e96402 100644 --- a/lfs/gmp +++ b/lfs/gmp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 6.1.2 +VER = 6.2.0 THISAPP = gmp-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = f58fa8001d60c4c77595fbbb62b63c1d +$(DL_FILE)_MD5 = a325e3f09e6d91e62101e59f9bda3ec1 install : $(TARGET) From 32e4819b777f1d3ec36fcc2193821daf1fbbc044 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Thu, 11 Jun 2020 12:02:45 +0200 Subject: [PATCH 22/67] gmp 6.2.0: Fixed lfs for i586 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- lfs/gmp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/gmp b/lfs/gmp index ea6e96402..d09100981 100644 --- a/lfs/gmp +++ b/lfs/gmp @@ -100,7 +100,7 @@ ifeq "$(BUILD_ARCH)" "i586" cd $(DIR_APP) && make $(MAKETUNING) -mkdir -pv /usr/lib/sse2 - cd $(DIR_APP) && install -v -m 755 .libs/libgmp.so.10.3.2 /usr/lib/sse2 + cd $(DIR_APP) && install -v -m 755 .libs/libgmp.so.10.4.0 /usr/lib/sse2 endif @rm -rf $(DIR_APP) From acef0b81d3cc259f5d428e24bc163c274bed50c4 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Thu, 11 Jun 2020 18:05:05 +0200 Subject: [PATCH 23/67] libgcrypt: Update to 1.8.5 Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- config/rootfiles/common/libgcrypt | 3 ++- lfs/libgcrypt | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libgcrypt b/config/rootfiles/common/libgcrypt index efd9ac46a..50aa47867 100644 --- a/config/rootfiles/common/libgcrypt +++ b/config/rootfiles/common/libgcrypt @@ -6,7 +6,8 @@ #usr/lib/libgcrypt.la #usr/lib/libgcrypt.so usr/lib/libgcrypt.so.20 -usr/lib/libgcrypt.so.20.2.4 +usr/lib/libgcrypt.so.20.2.5 +#usr/lib/pkgconfig/libgcrypt.pc #usr/share/aclocal/libgcrypt.m4 #usr/share/info/gcrypt.info #usr/share/info/gcrypt.info-1 diff --git a/lfs/libgcrypt b/lfs/libgcrypt index 5beefbf12..57a456e7b 100644 --- a/lfs/libgcrypt +++ b/lfs/libgcrypt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.8.4 +VER = 1.8.5 THISAPP = libgcrypt-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = fbfdaebbbc6d7e5fbbf6ffdb3e139573 +$(DL_FILE)_MD5 = 348cc4601ca34307fc6cd6c945467743 install : $(TARGET) From 2944c59ea9f672d7f58bca64d6dc6a91570b52bd Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Thu, 11 Jun 2020 18:06:27 +0200 Subject: [PATCH 24/67] libassuan: Update to 2.5.3 Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- config/rootfiles/packages/libassuan | 3 ++- lfs/libassuan | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/packages/libassuan b/config/rootfiles/packages/libassuan index 8670ee704..d8e471773 100644 --- a/config/rootfiles/packages/libassuan +++ b/config/rootfiles/packages/libassuan @@ -3,6 +3,7 @@ usr/bin/libassuan-config #usr/lib/libassuan.la usr/lib/libassuan.so usr/lib/libassuan.so.0 -usr/lib/libassuan.so.0.7.3 +usr/lib/libassuan.so.0.8.3 +#usr/lib/pkgconfig/libassuan.pc #usr/share/aclocal/libassuan.m4 #usr/share/info/assuan.info diff --git a/lfs/libassuan b/lfs/libassuan index 78703e383..16619ae63 100644 --- a/lfs/libassuan +++ b/lfs/libassuan @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.4.3 +VER = 2.5.3 THISAPP = libassuan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libassuan -PAK_VER = 4 +PAK_VER = 5 DEPS = @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 8e01a7c72d3e5d154481230668e6eb5a +$(DL_FILE)_MD5 = 226c504ea78a232224bf3b6846b3adb9 install : $(TARGET) From a5427e456cb73b50ebeac0ed33b49c52efbf8144 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Thu, 11 Jun 2020 18:07:29 +0200 Subject: [PATCH 25/67] libgpg-error: Update to 1.38 Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- config/rootfiles/common/libgpg-error | 9 +++++++-- lfs/libgpg-error | 6 +++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error index 6945f3495..1b5b127b2 100644 --- a/config/rootfiles/common/libgpg-error +++ b/config/rootfiles/common/libgpg-error @@ -1,12 +1,16 @@ usr/bin/gpg-error #usr/bin/gpg-error-config +#usr/bin/gpgrt-config +#usr/bin/yat2m #usr/include/gpg-error.h #usr/include/gpgrt.h #usr/lib/libgpg-error.la #usr/lib/libgpg-error.so usr/lib/libgpg-error.so.0 -usr/lib/libgpg-error.so.0.22.0 +usr/lib/libgpg-error.so.0.29.0 +#usr/lib/pkgconfig/gpg-error.pc #usr/share/aclocal/gpg-error.m4 +#usr/share/aclocal/gpgrt.m4 #usr/share/common-lisp #usr/share/common-lisp/source #usr/share/common-lisp/source/gpg-error @@ -21,6 +25,7 @@ usr/lib/libgpg-error.so.0.22.0 #usr/share/locale/da/LC_MESSAGES/libgpg-error.mo #usr/share/locale/de/LC_MESSAGES/libgpg-error.mo #usr/share/locale/eo/LC_MESSAGES/libgpg-error.mo +#usr/share/locale/es/LC_MESSAGES/libgpg-error.mo #usr/share/locale/fr/LC_MESSAGES/libgpg-error.mo #usr/share/locale/hu/LC_MESSAGES/libgpg-error.mo #usr/share/locale/it/LC_MESSAGES/libgpg-error.mo @@ -36,4 +41,4 @@ usr/lib/libgpg-error.so.0.22.0 #usr/share/locale/vi/LC_MESSAGES/libgpg-error.mo #usr/share/locale/zh_CN/LC_MESSAGES/libgpg-error.mo #usr/share/locale/zh_TW/LC_MESSAGES/libgpg-error.mo -#usr/share/man/man1/gpg-error-config.1 +#usr/share/man/man1/gpgrt-config.1 diff --git a/lfs/libgpg-error b/lfs/libgpg-error index 6445c8d10..c8d85c3a7 100644 --- a/lfs/libgpg-error +++ b/lfs/libgpg-error @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.27 +VER = 1.38 THISAPP = libgpg-error-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 5217ef3e76a7275a2a3b569a12ddc989 +$(DL_FILE)_MD5 = f164ce3400c820907965fdc53e43acfc install : $(TARGET) From b11b4842c224b6196016d48e286b2b4dfe57c285 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Thu, 11 Jun 2020 19:20:08 +0200 Subject: [PATCH 26/67] gmp 6.2.0: Fixed rootfile for i586 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- config/rootfiles/common/i586/gmp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/rootfiles/common/i586/gmp b/config/rootfiles/common/i586/gmp index c1d6a7d9d..c0ec9a9b6 100644 --- a/config/rootfiles/common/i586/gmp +++ b/config/rootfiles/common/i586/gmp @@ -12,6 +12,8 @@ usr/lib/libgmpxx.so.4 usr/lib/libgmpxx.so.4.6.0 #usr/lib/pkgconfig/gmp.pc #usr/lib/pkgconfig/gmpxx.pc +usr/lib/sse2/libgmp.so.10 +usr/lib/sse2/libgmp.so.10.4.0 #usr/share/info/gmp.info #usr/share/info/gmp.info-1 #usr/share/info/gmp.info-2 From aee4a61ad37bcba5e754d1dc9e36de2a1cfc319d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jun 2020 08:46:51 +0000 Subject: [PATCH 27/67] core147: Ship updated crypto libraries Signed-off-by: Michael Tremer --- config/rootfiles/core/147/filelists/aarch64/gmp | 1 + config/rootfiles/core/147/filelists/armv5tel/gmp | 1 + config/rootfiles/core/147/filelists/gnutls | 1 + config/rootfiles/core/147/filelists/i586/gmp | 1 + config/rootfiles/core/147/filelists/libgcrypt | 1 + config/rootfiles/core/147/filelists/libgpg-error | 1 + config/rootfiles/core/147/filelists/x86_64/gmp | 1 + 7 files changed, 7 insertions(+) create mode 120000 config/rootfiles/core/147/filelists/aarch64/gmp create mode 120000 config/rootfiles/core/147/filelists/armv5tel/gmp create mode 120000 config/rootfiles/core/147/filelists/gnutls create mode 120000 config/rootfiles/core/147/filelists/i586/gmp create mode 120000 config/rootfiles/core/147/filelists/libgcrypt create mode 120000 config/rootfiles/core/147/filelists/libgpg-error create mode 120000 config/rootfiles/core/147/filelists/x86_64/gmp diff --git a/config/rootfiles/core/147/filelists/aarch64/gmp b/config/rootfiles/core/147/filelists/aarch64/gmp new file mode 120000 index 000000000..418f2f98b --- /dev/null +++ b/config/rootfiles/core/147/filelists/aarch64/gmp @@ -0,0 +1 @@ +../../../../common/aarch64/gmp \ No newline at end of file diff --git a/config/rootfiles/core/147/filelists/armv5tel/gmp b/config/rootfiles/core/147/filelists/armv5tel/gmp new file mode 120000 index 000000000..2bdf30dac --- /dev/null +++ b/config/rootfiles/core/147/filelists/armv5tel/gmp @@ -0,0 +1 @@ +../../../../common/armv5tel/gmp \ No newline at end of file diff --git a/config/rootfiles/core/147/filelists/gnutls b/config/rootfiles/core/147/filelists/gnutls new file mode 120000 index 000000000..8dbe60bc3 --- /dev/null +++ b/config/rootfiles/core/147/filelists/gnutls @@ -0,0 +1 @@ +../../../common/gnutls \ No newline at end of file diff --git a/config/rootfiles/core/147/filelists/i586/gmp b/config/rootfiles/core/147/filelists/i586/gmp new file mode 120000 index 000000000..52a09cd0b --- /dev/null +++ b/config/rootfiles/core/147/filelists/i586/gmp @@ -0,0 +1 @@ +../../../../common/i586/gmp \ No newline at end of file diff --git a/config/rootfiles/core/147/filelists/libgcrypt b/config/rootfiles/core/147/filelists/libgcrypt new file mode 120000 index 000000000..2df12a20e --- /dev/null +++ b/config/rootfiles/core/147/filelists/libgcrypt @@ -0,0 +1 @@ +../../../common/libgcrypt \ No newline at end of file diff --git a/config/rootfiles/core/147/filelists/libgpg-error b/config/rootfiles/core/147/filelists/libgpg-error new file mode 120000 index 000000000..cad431339 --- /dev/null +++ b/config/rootfiles/core/147/filelists/libgpg-error @@ -0,0 +1 @@ +../../../common/libgpg-error \ No newline at end of file diff --git a/config/rootfiles/core/147/filelists/x86_64/gmp b/config/rootfiles/core/147/filelists/x86_64/gmp new file mode 120000 index 000000000..7c59c60c6 --- /dev/null +++ b/config/rootfiles/core/147/filelists/x86_64/gmp @@ -0,0 +1 @@ +../../../../common/x86_64/gmp \ No newline at end of file From 8b245523e5253b6bc0a9e0002869e7ebe8eac780 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Sun, 14 Jun 2020 00:13:30 +0200 Subject: [PATCH 28/67] joe: Update to 4.6 For details see: https://joe-editor.sourceforge.io/NEWS.html Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- config/rootfiles/packages/joe | 69 +++++++++++++++++++++++++++++++---- lfs/joe | 8 ++-- 2 files changed, 65 insertions(+), 12 deletions(-) diff --git a/config/rootfiles/packages/joe b/config/rootfiles/packages/joe index 164ec79d9..5cc7a8d60 100644 --- a/config/rootfiles/packages/joe +++ b/config/rootfiles/packages/joe @@ -3,75 +3,128 @@ usr/bin/joe #usr/bin/jpico #usr/bin/jstar usr/bin/rjoe -#usr/bin/termidx #usr/etc/joe usr/etc/joe/ftyperc usr/etc/joe/jicerc.ru usr/etc/joe/jmacsrc usr/etc/joe/joerc +usr/etc/joe/joerc.zh_TW usr/etc/joe/jpicorc usr/etc/joe/jstarrc usr/etc/joe/rjoerc +usr/etc/joe/shell.csh +usr/etc/joe/shell.sh +#usr/share/applications/jmacs.desktop +#usr/share/applications/joe.desktop +#usr/share/applications/jpico.desktop +#usr/share/applications/jstar.desktop #usr/share/doc/joe #usr/share/doc/joe/ChangeLog -#usr/share/doc/joe/HACKING -#usr/share/doc/joe/HINTS -#usr/share/doc/joe/LIST -#usr/share/doc/joe/NEWS -#usr/share/doc/joe/README +#usr/share/doc/joe/NEWS.md +#usr/share/doc/joe/README.md +#usr/share/doc/joe/README.old +#usr/share/doc/joe/hacking.md +#usr/share/doc/joe/man.md #usr/share/joe #usr/share/joe/charmaps usr/share/joe/charmaps/klingon +usr/share/joe/colors +usr/share/joe/colors/default.jcf +usr/share/joe/colors/gruvbox.jcf +usr/share/joe/colors/ir_black.jcf +usr/share/joe/colors/molokai.jcf +usr/share/joe/colors/solarized.jcf +usr/share/joe/colors/wombat.jcf +usr/share/joe/colors/xoria.jcf +usr/share/joe/colors/zenburn-hc.jcf +usr/share/joe/colors/zenburn.jcf #usr/share/joe/lang usr/share/joe/lang/de.po #usr/share/joe/lang/fr.po #usr/share/joe/lang/ru.po usr/share/joe/lang/uk.po +usr/share/joe/lang/zh_TW.po #usr/share/joe/syntax usr/share/joe/syntax/4gl.jsf usr/share/joe/syntax/ada.jsf +usr/share/joe/syntax/ant.jsf usr/share/joe/syntax/asm.jsf +usr/share/joe/syntax/avr.jsf usr/share/joe/syntax/awk.jsf +usr/share/joe/syntax/batch.jsf usr/share/joe/syntax/c.jsf +usr/share/joe/syntax/clojure.jsf usr/share/joe/syntax/cobol.jsf +usr/share/joe/syntax/coffee.jsf +usr/share/joe/syntax/comment_todo.jsf usr/share/joe/syntax/conf.jsf +usr/share/joe/syntax/context.jsf usr/share/joe/syntax/csh.jsf +usr/share/joe/syntax/csharp.jsf usr/share/joe/syntax/css.jsf +usr/share/joe/syntax/d.jsf +usr/share/joe/syntax/debian.jsf usr/share/joe/syntax/diff.jsf +usr/share/joe/syntax/dockerfile.jsf +usr/share/joe/syntax/elixir.jsf +usr/share/joe/syntax/erb.jsf +usr/share/joe/syntax/erlang.jsf +usr/share/joe/syntax/filename.jsf usr/share/joe/syntax/fortran.jsf +usr/share/joe/syntax/git-commit.jsf +usr/share/joe/syntax/go.jsf +usr/share/joe/syntax/groovy.jsf +usr/share/joe/syntax/haml.jsf usr/share/joe/syntax/haskell.jsf usr/share/joe/syntax/html.jsf +usr/share/joe/syntax/htmlerb.jsf +usr/share/joe/syntax/ini.jsf +usr/share/joe/syntax/iptables.jsf usr/share/joe/syntax/java.jsf +usr/share/joe/syntax/jcf.jsf usr/share/joe/syntax/joerc.jsf +usr/share/joe/syntax/js.jsf usr/share/joe/syntax/jsf.jsf usr/share/joe/syntax/jsf_check.jsf +usr/share/joe/syntax/json.jsf usr/share/joe/syntax/lisp.jsf usr/share/joe/syntax/lua.jsf usr/share/joe/syntax/m4.jsf usr/share/joe/syntax/mail.jsf usr/share/joe/syntax/mason.jsf usr/share/joe/syntax/matlab.jsf +usr/share/joe/syntax/md.jsf usr/share/joe/syntax/ocaml.jsf usr/share/joe/syntax/pascal.jsf usr/share/joe/syntax/perl.jsf usr/share/joe/syntax/php.jsf +usr/share/joe/syntax/powershell.jsf +usr/share/joe/syntax/prolog.jsf +usr/share/joe/syntax/properties.jsf usr/share/joe/syntax/ps.jsf +usr/share/joe/syntax/puppet.jsf usr/share/joe/syntax/python.jsf +usr/share/joe/syntax/r.jsf usr/share/joe/syntax/rexx.jsf usr/share/joe/syntax/ruby.jsf +usr/share/joe/syntax/rust.jsf +usr/share/joe/syntax/scala.jsf usr/share/joe/syntax/sed.jsf usr/share/joe/syntax/sh.jsf +usr/share/joe/syntax/sieve.jsf usr/share/joe/syntax/skill.jsf usr/share/joe/syntax/sml.jsf usr/share/joe/syntax/spec.jsf usr/share/joe/syntax/sql.jsf +usr/share/joe/syntax/swift.jsf usr/share/joe/syntax/tcl.jsf usr/share/joe/syntax/tex.jsf usr/share/joe/syntax/troff.jsf +usr/share/joe/syntax/typescript.jsf usr/share/joe/syntax/verilog.jsf usr/share/joe/syntax/vhdl.jsf +usr/share/joe/syntax/whitespace.jsf usr/share/joe/syntax/xml.jsf +usr/share/joe/syntax/yaml.jsf usr/share/man/man1/joe.1 -#usr/share/man/ru -#usr/share/man/ru/man1 #usr/share/man/ru/man1/joe.1 diff --git a/lfs/joe b/lfs/joe index 70e8d735b..d89b44790 100644 --- a/lfs/joe +++ b/lfs/joe @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.7 +VER = 4.6 THISAPP = joe-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = joe -PAK_VER = 2 +PAK_VER = 3 DEPS = @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 66de1b073e869ba12abbfcde3885c577 +$(DL_FILE)_MD5 = 9017484e6116830d846678b625ea5c43 install : $(TARGET) From d289d6fb5c196b6c04510b83546babfb3bf9a928 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Sun, 14 Jun 2020 08:50:13 +0200 Subject: [PATCH 29/67] iproute2: Update to 5.7.0 For details see: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v5.7.0 Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- config/rootfiles/common/iproute2 | 3 +++ lfs/iproute2 | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/iproute2 b/config/rootfiles/common/iproute2 index eaa159ac7..e22f1649c 100644 --- a/config/rootfiles/common/iproute2 +++ b/config/rootfiles/common/iproute2 @@ -34,6 +34,7 @@ sbin/tc #usr/sbin/arpd #usr/share/bash-completion #usr/share/bash-completion/completions +#usr/share/bash-completion/completions/devlink usr/share/bash-completion/completions/tc #usr/share/man/man3/libnetlink.3 #usr/share/man/man7/tc-hfsc.7 @@ -41,6 +42,7 @@ usr/share/bash-completion/completions/tc #usr/share/man/man8/bridge.8 #usr/share/man/man8/ctstat.8 #usr/share/man/man8/devlink-dev.8 +#usr/share/man/man8/devlink-dpipe.8 #usr/share/man/man8/devlink-health.8 #usr/share/man/man8/devlink-monitor.8 #usr/share/man/man8/devlink-port.8 @@ -104,6 +106,7 @@ usr/share/bash-completion/completions/tc #usr/share/man/man8/tc-codel.8 #usr/share/man/man8/tc-connmark.8 #usr/share/man/man8/tc-csum.8 +#usr/share/man/man8/tc-ct.8 #usr/share/man/man8/tc-ctinfo.8 #usr/share/man/man8/tc-drr.8 #usr/share/man/man8/tc-ematch.8 diff --git a/lfs/iproute2 b/lfs/iproute2 index 2e8822902..f07a125cf 100644 --- a/lfs/iproute2 +++ b/lfs/iproute2 @@ -24,7 +24,7 @@ include Config -VER = 5.6.0 +VER = 5.7.0 THISAPP = iproute2-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 9da0c352707c34b8b1fec3bf42fcfd09 +$(DL_FILE)_MD5 = da22ab8562eda56ae232872fa72e4870 install : $(TARGET) From 38736148c72b9c46ef4426138d99c46fde5495ec Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jun 2020 08:49:36 +0000 Subject: [PATCH 30/67] core147: Ship iproute2 Signed-off-by: Michael Tremer --- config/rootfiles/core/147/filelists/iproute2 | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/147/filelists/iproute2 diff --git a/config/rootfiles/core/147/filelists/iproute2 b/config/rootfiles/core/147/filelists/iproute2 new file mode 120000 index 000000000..05f0f71fb --- /dev/null +++ b/config/rootfiles/core/147/filelists/iproute2 @@ -0,0 +1 @@ +../../../common/iproute2 \ No newline at end of file From 8365bd1aaac900fe409461b3b85c3becf0348605 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 10 Jun 2020 08:19:51 +0000 Subject: [PATCH 31/67] strace: This package now links against elfutils Signed-off-by: Michael Tremer --- lfs/strace | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/strace b/lfs/strace index 53e93b1ec..ec26bd299 100644 --- a/lfs/strace +++ b/lfs/strace @@ -33,9 +33,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = strace -PAK_VER = 2 +PAK_VER = 3 -DEPS = "" +DEPS = elfutils ############################################################################### # Top-level Rules From b2742aebf117da24053d81dbc669faf5a18c9006 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Sat, 31 Dec 2016 16:59:19 +0100 Subject: [PATCH 32/67] squidguard: Update to 1.5-beta MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changelog: "Release 1.5 2010-09-09 Fixed inconsistent blocking (bug 59). Replaced defined routine in sgDB.c 2010-09-08 Added Russian translation from Vladimir Ipatov to squidGuard.cgi.in. 2009-10-19 Fixed two bypass problems with URLs which length is close to the limit defined by MAX_BUF. The resulting proxy line exceeds this limit and causes either squid or squidGuard to properly block a site. 2009-10-15 Fixed a problem with very long URLs. SquidGuard will go into emergency mode when a overlong URLs are encountered. The emergency mode causes an entire stop of blocking. This is not appropriate in this situation. 2009-09-30 Added patch by beber and gentoo (thank you!) to fix a problem when cross compiling (bug 56). 2009-09-27 Added patch by gentoo to fix alocal warnings (bug 57). 2009-09-15 Added a feature to send log messages to syslog based on the patch from Jun Jiang (thank you). (bug 42) In order to use syslog you have to run configure with the new option "--with-syslog". In the configuration file you need to add a line "syslog enable". If any other value but "enable" is used syslog is disabled and logging to squidGuard.log takes place as usual. The following log level are used: DEBUG, NOTICE, WARN, ERROR and EMERG. The local4 syslog facility is used by default. If you want to change this, use the configure option "--with-syslog-facility=". 2009-09-12 Anonymized passwords (for connecting to the ldap or mysql server) written to logfiles when squidGuard is starting. Added two configure options for choosing different location for the LDAP include and library files. 2009-08-25 Added patch to check IP addresses against LDAP. Patch by Denis Bonnenfant (bug 41) - thank you. 2009-08-23 Added patch to allow quoted strings in the configuration file (bug 53). For more information see README.QuotedStrings. Thanks to Iain Fothergill for providing the patch. Removed the fix for usernames starting with a number because it breaks the time declarations. 2009-05-08 Added patch by INL to enable blocking against DNS based blacklists (bug 55). Fixed re-opened bug 12: a problem with regular expressions. An entry like "www\.google\.de" did not block www.google.de which it was supposed to do. Solving this issue solved bug 46 as well. 2009-03-08 Fixed bug 52: Sometimes squidGuard crashes with an overflow error message for vsprintf. Thanks to Dirk Schoebel for suggesting the proper fix. Fixed bug 49: Using numeric username made squidGuard goes into emergency mode. This has been fixed. Usernames can now start with a number, be numeric and can additionally contain the following characters: @,à,é,è,ñ,á,ì,í,ò,ó,ù,ú." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- lfs/squidguard | 32 +++-- .../01_squidguard-1.5-beta_db_v4_up.patch | 14 ++ ..._squidguard-1.5-beta_helper-protocol.patch | 125 ++++++++++++++++++ ...dguard-1.5-beta_remove-debug-logging.patch | 66 +++++++++ ...04_squidguard-1.5-beta_stdout-always.patch | 76 +++++++++++ ...unused_variables-noinput_and_nounput.patch | 56 ++++++++ .../squidguard/06_squidguard_version.patch | 8 ++ 7 files changed, 368 insertions(+), 9 deletions(-) create mode 100644 src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch create mode 100644 src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch create mode 100644 src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch create mode 100644 src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch create mode 100644 src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch create mode 100644 src/patches/squidguard/06_squidguard_version.patch diff --git a/lfs/squidguard b/lfs/squidguard index 38efab0ee..5d5f04163 100644 --- a/lfs/squidguard +++ b/lfs/squidguard @@ -24,7 +24,7 @@ include Config -VER = 1.4.1 +VER = 1.5-beta THISAPP = squidGuard-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 9ae7b62a63631bb2dd1f474cf2bbe4dc +$(DL_FILE)_MD5 = 85216992d14acb29d6f345608f21f268 install : $(TARGET) @@ -70,13 +70,27 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard-1.4-squid-helper-protocol.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidGuard-1.4-db5.patch - cd $(DIR_APP) && ./configure --prefix=/usr --datadir=/usr/share \ - --sysconfdir=/etc --localstatedir=/var --infodir=/usr/info --mandir=/usr/man \ + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/06_squidguard_version.patch + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --datadir=/usr/share \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --infodir=/usr/info \ + --mandir=/usr/man \ --with-sg-config=/var/ipfire/urlfilter/squidGuard.conf \ - --with-sg-logdir=/var/log/squidGuard --with-sg-dbhome=/var/lib/squidguard \ - --with-db=/usr --with-db-inc=/usr/include --with-db-lib=/usr/lib + --with-sg-logdir=/var/log/squidGuard \ + --with-syslog=yes \ + --with-sg-dbhome=/var/lib/squidguard \ + --with-db=/usr \ + --with-db-inc=/usr/include \ + --with-db-lib=/usr/lib + cd $(DIR_APP) && make cd $(DIR_APP) && make install @@ -92,7 +106,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) chmod 755 /var/ipfire/urlfilter/bin/prebuild.pl cp -f $(DIR_CONF)/urlfilter/autoupdate.pl /var/ipfire/urlfilter/bin/autoupdate.pl chmod 755 /var/ipfire/urlfilter/bin/autoupdate.pl - echo "1.7.1" > /var/ipfire/urlfilter/version + echo "1.5-beta" > /var/ipfire/urlfilter/version # Wrapper cp -f $(DIR_CONF)/urlfilter/redirect_wrapper /usr/sbin diff --git a/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch b/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch new file mode 100644 index 000000000..bc50efd68 --- /dev/null +++ b/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch @@ -0,0 +1,14 @@ +Make BerkeleyDB version 4.7 and higher working. + +diff -Nur a/src/sgDb.c b/src/sgDb.c +--- a/src/sgDb.c 2010-09-09 12:35:22.000000000 +0200 ++++ b/src/sgDb.c 2013-11-23 10:05:55.000000000 +0100 +@@ -112,7 +112,7 @@ + } + } + #endif +-#if DB_VERSION_MAJOR == 4 ++#if DB_VERSION_MAJOR >= 4 + if(globalUpdate || createdb || (dbfile != NULL && stat(dbfile,&st))){ + flag = DB_CREATE; + if(createdb) diff --git a/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch b/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch new file mode 100644 index 000000000..a2f9177f5 --- /dev/null +++ b/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch @@ -0,0 +1,125 @@ + +From Jeffries Amos http://bugs.squid-cache.org/show_bug.cgi?id=3978#c5 + +--- squidGuard-1.5-beta.orig/src/main.c 2013-12-12 11:47:31.000000000 +1300 ++++ squidGuard-1.5-beta.orig/src/main.c 2013-12-12 11:50:38.000000000 +1300 +@@ -185,7 +185,7 @@ + sgReloadConfig(); + } + if(failsafe_mode) { +- puts(""); ++ puts("ERR message=\"squidGuard failsafe mode\""); + fflush(stdout); + if(sig_hup){ + sgReloadConfig(); +@@ -194,7 +194,7 @@ + } + if(parseLine(buf,&squidInfo) != 1){ + sgLogError("ERROR: Error parsing squid line: %s",buf); +- puts(""); ++ puts("BH message=\"squidGuard error parsing squid line\""); + } + else { + src = Source; +@@ -206,14 +206,14 @@ + acl = sgAclCheckSource(src); + if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ + if(src == NULL || src->cont_search == 0){ +- puts(""); ++ puts("ERR"); + break; + } else + if(src->next != NULL){ + src = src->next; + continue; + } else { +- puts(""); ++ puts("ERR"); + break; + } + } else { +@@ -228,6 +228,10 @@ + fprintf(stdout,"%s %s/%s %s %s\n",redirect,squidInfo.src, + squidInfo.srcDomain,squidInfo.ident, + squidInfo.method); ++ if (isdigit(redirect[0]) && isdigit(redirect[1]) && isdigit(redirect[2]) && redirect[3]==':') { ++ fprintf(stdout,"OK status=%c%c%c url=\"%s\"\n", redirect[0], redirect[1], redirect[2], &redirect[4]); ++ } else ++ fprintf(stdout,"OK rewrite-url=\"%s\"\n",redirect); + /* sgLogDebug("DEBUG: %s %s/%s %s %s\n",redirect,squidInfo.src,squidInfo.srcDomain,squidInfo.ident,squidInfo.method); */ + break; + } +--- squidGuard-1.5-beta.orig/src/main.c.in 2013-12-12 11:47:31.000000000 +1300 ++++ squidGuard-1.5-beta.orig/src/main.c.in 2013-12-12 11:53:18.000000000 +1300 +@@ -185,7 +185,7 @@ + sgReloadConfig(); + } + if(failsafe_mode) { +- puts(""); ++ puts("ERR message=\"squidGuard failsafe mode\""); + fflush(stdout); + if(sig_hup){ + sgReloadConfig(); +@@ -194,7 +194,7 @@ + } + if(parseLine(buf,&squidInfo) != 1){ + sgLogError("ERROR: Error parsing squid line: %s",buf); +- puts(""); ++ puts("BH message=\"squidGuard error parsing squid line\""); + } + else { + src = Source; +@@ -206,14 +206,14 @@ + acl = sgAclCheckSource(src); + if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ + if(src == NULL || src->cont_search == 0){ +- puts(""); ++ puts("ERR"); + break; + } else + if(src->next != NULL){ + src = src->next; + continue; + } else { +- puts(""); ++ puts("ERR"); + break; + } + } else { +@@ -225,9 +225,11 @@ + squidInfo.ident[0] = '-'; + squidInfo.ident[1] = '\0'; + } +- fprintf(stdout,"%s %s/%s %s %s\n",redirect,squidInfo.src, +- squidInfo.srcDomain,squidInfo.ident, +- squidInfo.method); ++ if (isdigit(redirect[0]) && isdigit(redirect[1]) && isdigit(redirect[2]) && redirect[3]==':') { ++ fprintf(stdout,"OK status=%c%c%c url=\"%s\"\n", redirect[0], redirect[1], redirect[2], &redirect[4]); ++ } else ++ fprintf(stdout,"OK rewrite-url=\"%s\"\n",redirect); ++ + /* sgLogDebug("DEBUG: %s %s/%s %s %s\n",redirect,squidInfo.src,squidInfo.srcDomain,squidInfo.ident,squidInfo.method); */ + break; + } +--- squidGuard-1.5-beta.orig/src/sgDiv.c 2013-12-12 11:47:31.000000000 +1300 ++++ squidGuard-1.5-beta.orig/src/sgDiv.c 2013-12-12 11:48:36.000000000 +1300 +@@ -782,7 +782,7 @@ + } + sgLogError("ERROR: Going into emergency mode"); + while(fgets(buf, MAX_BUF, stdin) != NULL){ +- puts(""); ++ puts("ERR"); + fflush(stdout); + } + sgLogError("ERROR: Ending emergency mode, stdin empty"); +--- squidGuard-1.5-beta.orig/src/sgDiv.c.in 2013-12-12 11:47:31.000000000 +1300 ++++ squidGuard-1.5-beta.orig/src/sgDiv.c.in 2013-12-12 11:48:36.000000000 +1300 +@@ -782,7 +782,7 @@ + } + sgLogError("ERROR: Going into emergency mode"); + while(fgets(buf, MAX_BUF, stdin) != NULL){ +- puts(""); ++ puts("ERR"); + fflush(stdout); + } + sgLogError("ERROR: Ending emergency mode, stdin empty"); diff --git a/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch b/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch new file mode 100644 index 000000000..ba2840bac --- /dev/null +++ b/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch @@ -0,0 +1,66 @@ +--- a/src/sg.y.in 2014-04-14 16:23:39.183396677 +0200 ++++ b/src/sg.y.in 2014-04-14 16:24:19.000000000 +0200 +@@ -795,9 +795,9 @@ + { + struct Source *sp; + sp = lastSource; +- ++/* DEBUG + @NOLOG1@ sgLogError("DEBUG: sgSourceLdapIpSearch called with: %s", url); @NOLOG2@ +- ++*/ + if(!ldap_is_ldap_url(url)) { + sgLogError("%s: can't parse LDAP url %s",progname, url); + return; +@@ -1311,10 +1311,12 @@ + } + sp->domainlistDb = (struct sgDb *) sgCalloc(1,sizeof(struct sgDb)); + sp->domainlistDb->type=SGDBTYPE_DOMAINLIST; ++/* DEBUG + sgLogError("init domainlist %s",sp->domainlist); ++*/ + sgDbInit(sp->domainlistDb,sp->domainlist); + if(sp->domainlistDb->entries == 0) { /* empty database */ +- sgLogError("domainlist empty, removed from memory"); ++ sgLogError("domainlist %s empty, removed from memory",sp->domainlist); + sgFree(sp->domainlistDb); + sp->domainlistDb = NULL; + } +@@ -1356,10 +1356,12 @@ + } + sp->urllistDb = (struct sgDb *) sgCalloc(1,sizeof(struct sgDb)); + sp->urllistDb->type=SGDBTYPE_URLLIST; ++/* DEBUG + sgLogError("init urllist %s",sp->urllist); ++*/ + sgDbInit(sp->urllistDb,sp->urllist); + if(sp->urllistDb->entries == 0) { /* empty database */ +- sgLogError("urllist empty, removed from memory"); ++ sgLogError("urllist empty %s, removed from memory",sp->urllist); + sgFree(sp->urllistDb); + sp->urllistDb = NULL; + } +@@ -2773,9 +2773,9 @@ + char *interval; + struct UserInfo *userinfo; + static struct UserInfo info; +- ++/* DEBUG + @NOLOG1@ sgLogError("DEBUG: sgFindUser called with: %s", ident); @NOLOG2@ +- ++*/ + /* defined in the userDB? */ + if(defined(src->userDb, ident, (char **) &userinfo) == 1) { + #ifdef HAVE_LIBLDAP +--- a/src/sgDb.c 2014-04-17 08:53:29.961367395 +0200 ++++ b/src/sgDb.c 2014-04-17 08:53:58.000000000 +0200 +@@ -48,7 +48,9 @@ + strcat(dbfile,".db"); + if(stat(dbfile,&st) == 0){ + if(!createdb){ ++/* DEBUG + sgLogNotice("INFO: loading dbfile %s",dbfile); ++*/ + } + } else { + if(!createdb){ diff --git a/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch b/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch new file mode 100644 index 000000000..dbc13e20e --- /dev/null +++ b/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch @@ -0,0 +1,76 @@ +Original input to stdout, to be useable with multiple redirectors +when option -f is given on squidGuard start +We have to remember the raw original URL as the URL is modified for testing +purpose. So the exisiting HTML entities like %3F (?), %26 (&), %3D (=) etc. are changed +which breaks the URL for further processing if it is send to stdout like we do it for the +redirector chain (THIS patch). +diff -Nur a/src/main.c.in b/src/main.c.in +--- a/src/main.c.in 2009-09-27 21:41:50.000000000 +0200 ++++ b/src/main.c.in 2013-06-01 21:18:55.000000000 +0200 +@@ -59,6 +59,7 @@ + char **globalEnvp ; + int globalDebugTimeDelta = 0; + int globalDebug = 0; ++int globalFullStdout = 0; + int globalPid = 0; + int globalUpdate = 0; + int passthrough = 0; +@@ -89,6 +90,7 @@ + struct Acl *acl; + struct timeval start_time,ready_time,stop_time; + char buf[MAX_BUF]; ++ char origraw[MAX_BUF]; + char *redirect,tmp[MAX_BUF]; + char *configFile = NULL; + time_t t; +@@ -101,11 +102,14 @@ + #ifdef USE_SYSLOG + openlog("squidGuard", LOG_PID | LOG_NDELAY | LOG_CONS, LOG_ at LOGFAC@); + #endif +- while ((ch = getopt(argc, argv, "hbduPC:t:c:v")) != EOF) ++ while ((ch = getopt(argc, argv, "hbdfuPC:t:c:v")) != EOF) + switch (ch) { + case 'd': + globalDebug = 1; + break; ++ case 'f': ++ globalFullStdout = 1; ++ break; + case 'c': + configFile = optarg; + break; +@@ -192,6 +193,8 @@ + } + continue; + } ++ strcpy(origraw,buf); ++ if (strlen(origraw) && (origraw[strlen(origraw)-1] == '\n')) origraw[strlen(origraw)-1] = 0; + if(parseLine(buf,&squidInfo) != 1){ + sgLogError("ERROR: Error parsing squid line: %s",buf); + puts("BH message=\"squidGuard error parsing squid line\""); +@@ -206,7 +210,12 @@ + acl = sgAclCheckSource(src); + if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ + if(src == NULL || src->cont_search == 0){ ++ if (globalFullStdout) { ++ puts(origraw); ++ } ++ else { + puts("ERR"); ++ } + break; + } else + if(src->next != NULL){ +@@ -213,7 +214,12 @@ + src = src->next; + continue; + } else { ++ if (globalFullStdout) { ++ puts(origraw); ++ } ++ else { + puts("ERR"); ++ } + break; + } + } else { diff --git a/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch b/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch new file mode 100644 index 000000000..33732deea --- /dev/null +++ b/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch @@ -0,0 +1,56 @@ +--- a/src/sg.l Sat Jan 30 13:51:12 2016 ++++ b/src/sg.l Sat Jan 30 14:01:28 2016 +@@ -23,6 +23,8 @@ + + %} + ++%option noinput ++%option nounput + ignore [,\t\r ]+ + s [\t ] + d [0-9] +--- a/src/sg.y.in Sat Jan 30 13:52:26 2016 ++++ b/src/sg.y.in Sat Jan 30 14:00:50 2016 +@@ -26,6 +26,7 @@ + + #ifdef HAVE_LIBLDAP + #include "lber.h" ++#define LDAP_DEPRECATED 1 + #include "ldap.h" + #endif + +@@ -1097,7 +1098,6 @@ + foundip = 1; + unblockedip = 1; + if(s->ipquota.seconds != 0){ +- struct IpInfo uq; + time_t t = time(NULL) + globalDebugTimeDelta; + sgLogError("status %d time %d lasttime %d consumed %d", ipquota->status, ipquota->time, ipquota->last, ipquota->consumed); + sgLogError("renew %d seconds %d", s->ipquota.renew, s->ipquota.seconds); +@@ -1157,7 +1157,6 @@ + founduser = 1; + unblockeduser = 1; + if(s->userquota.seconds != 0){ +- struct UserInfo uq; + time_t t = time(NULL) + globalDebugTimeDelta; + //sgLogError("status %d time %d lasttime %d consumed %d", userquota->status, userquota->time, userquota->last, userquota->consumed); + //sgLogError("renew %d seconds %d", s->userquota.renew, s->userquota.seconds); +--- a/src/sgDiv.c.in Sat Jan 30 13:52:10 2016 ++++ b/src/sgDiv.c.in Sat Jan 30 13:59:16 2016 +@@ -18,6 +18,7 @@ + + #include "sg.h" + #include "sgEx.h" ++#include "HTEscape.h" + + /* #define METEST 8; */ + +@@ -692,7 +693,7 @@ + struct UserInfo *userquota; + if(defined(s->userDb, req->ident, (char **) &userquota) == 1){ + char qbuf[150]; +- sprintf(qbuf, "%d-%d-%d-%d-%d-%d", s->userquota.renew, s->userquota.seconds, userquota->status, userquota->time, userquota->last, userquota->consumed); ++ sprintf(qbuf, "%d-%d-%d-%d-%d-%d", s->userquota.renew, (int)s->userquota.seconds, userquota->status, (int)userquota->time, (int)userquota->last, userquota->consumed); + strcat(buf, qbuf); + } else { + strcat(buf, "noquota"); diff --git a/src/patches/squidguard/06_squidguard_version.patch b/src/patches/squidguard/06_squidguard_version.patch new file mode 100644 index 000000000..351804c49 --- /dev/null +++ b/src/patches/squidguard/06_squidguard_version.patch @@ -0,0 +1,8 @@ +--- a/src/version.h Thu Apr 17 17:00:48 2008 ++++ b/src/version.h Fri May 08 20:44:48 2009 +@@ -16,4 +16,4 @@ + (GPL) along with this program. + */ + +-#define VERSION "1.5-alpha" ++#define VERSION "1.5-beta" From 9909ac8e808041f2d37650623cd3185477bc9d4c Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jun 2020 09:01:24 +0000 Subject: [PATCH 33/67] core147: Ship squidguard Signed-off-by: Michael Tremer --- config/rootfiles/core/147/filelists/squidguard | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/147/filelists/squidguard diff --git a/config/rootfiles/core/147/filelists/squidguard b/config/rootfiles/core/147/filelists/squidguard new file mode 120000 index 000000000..f87a5b0c6 --- /dev/null +++ b/config/rootfiles/core/147/filelists/squidguard @@ -0,0 +1 @@ +../../../common/squidguard \ No newline at end of file From 82db9e594563749d244a1cd658ca9ea5d18999b3 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jun 2020 10:35:26 +0000 Subject: [PATCH 34/67] squidGuard: Update to 1.6.0 Signed-off-by: Michael Tremer --- lfs/squidguard | 10 +- src/patches/squidGuard-1.4-db5.patch | 12 -- ...squidguard-1.4-squid-helper-protocol.patch | 75 ----------- .../01_squidguard-1.5-beta_db_v4_up.patch | 14 -- ..._squidguard-1.5-beta_helper-protocol.patch | 125 ------------------ ...dguard-1.5-beta_remove-debug-logging.patch | 66 --------- ...04_squidguard-1.5-beta_stdout-always.patch | 76 ----------- ...unused_variables-noinput_and_nounput.patch | 56 -------- .../squidguard/06_squidguard_version.patch | 8 -- 9 files changed, 2 insertions(+), 440 deletions(-) delete mode 100644 src/patches/squidGuard-1.4-db5.patch delete mode 100644 src/patches/squidguard-1.4-squid-helper-protocol.patch delete mode 100644 src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch delete mode 100644 src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch delete mode 100644 src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch delete mode 100644 src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch delete mode 100644 src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch delete mode 100644 src/patches/squidguard/06_squidguard_version.patch diff --git a/lfs/squidguard b/lfs/squidguard index 5d5f04163..06f2db001 100644 --- a/lfs/squidguard +++ b/lfs/squidguard @@ -24,7 +24,7 @@ include Config -VER = 1.5-beta +VER = 1.6.0 THISAPP = squidGuard-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 85216992d14acb29d6f345608f21f268 +$(DL_FILE)_MD5 = ebf207accc6da4ad07de2db6e71ce8dc install : $(TARGET) @@ -70,12 +70,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/06_squidguard_version.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --datadir=/usr/share \ diff --git a/src/patches/squidGuard-1.4-db5.patch b/src/patches/squidGuard-1.4-db5.patch deleted file mode 100644 index 733fbad2e..000000000 --- a/src/patches/squidGuard-1.4-db5.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ruN squidGuard-1.4-vanilla/src/sgDb.c squidGuard-1.4/src/sgDb.c ---- squidGuard-1.4-vanilla/src/sgDb.c 2008-07-15 04:29:41.000000000 +1000 -+++ squidGuard-1.4/src/sgDb.c 2013-01-21 12:47:41.049325756 +1100 -@@ -114,7 +114,7 @@ - } - } - #endif --#if DB_VERSION_MAJOR == 4 -+#if DB_VERSION_MAJOR >= 4 - if(globalUpdate || createdb || (dbfile != NULL && stat(dbfile,&st))){ - flag = DB_CREATE; - if(createdb) \ No newline at end of file diff --git a/src/patches/squidguard-1.4-squid-helper-protocol.patch b/src/patches/squidguard-1.4-squid-helper-protocol.patch deleted file mode 100644 index 98069465a..000000000 --- a/src/patches/squidguard-1.4-squid-helper-protocol.patch +++ /dev/null @@ -1,75 +0,0 @@ -http://bugs.squid-cache.org/show_bug.cgi?id=3978 - ---- squidGuard-1.4.orig/src/main.c 2013-12-11 17:42:15.000000000 +1300 -+++ squidGuard-1.4.orig/src/main.c 2013-12-11 19:04:09.000000000 +1300 -@@ -175,7 +175,7 @@ - sgReloadConfig(); - } - if(failsafe_mode) { -- puts(""); -+ puts("ERR message=\"squidGuard failsafe mode\""); - fflush(stdout); - if(sig_hup){ - sgReloadConfig(); -@@ -184,7 +184,7 @@ - } - if(parseLine(buf,&squidInfo) != 1){ - sgLogError("Error parsing squid line: %s",buf); -- puts(""); -+ puts("BH message=\"squidGuard error parsing squid line\""); - } - else { - src = Source; -@@ -196,14 +196,14 @@ - acl = sgAclCheckSource(src); - if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ - if(src == NULL || src->cont_search == 0){ -- puts(""); -+ puts("ERR"); - break; - } else - if(src->next != NULL){ - src = src->next; - continue; - } else { -- puts(""); -+ puts("ERR"); - break; - } - } else { -@@ -215,9 +215,10 @@ - squidInfo.ident[0] = '-'; - squidInfo.ident[1] = '\0'; - } -- fprintf(stdout,"%s %s/%s %s %s\n",redirect,squidInfo.src, -- squidInfo.srcDomain,squidInfo.ident, -- squidInfo.method); -+ if (isdigit(redirect[0]) && isdigit(redirect[1]) && isdigit(redirect[2]) && redirect[3]==':') { -+ fprintf(stdout,"OK status=%c%c%c url=\"%s\"\n", redirect[0], redirect[1], redirect[2], &redirect[4]); -+ } else -+ fprintf(stdout,"OK rewrite-url=\"%s\"\n",redirect); - /* sgLogError("%s %s/%s %s %s\n",redirect,squidInfo.src,squidInfo.srcDomain,squidInfo.ident,squidInfo.method); */ - break; - } ---- squidGuard-1.4.orig/src/sgDiv.c 2013-12-11 17:42:15.000000000 +1300 -+++ squidGuard-1.4.orig/src/sgDiv.c 2013-12-11 18:58:33.000000000 +1300 -@@ -771,7 +771,7 @@ - } - sgLogError("Going into emergency mode"); - while(fgets(buf, MAX_BUF, stdin) != NULL){ -- puts(""); -+ puts("ERR"); - fflush(stdout); - } - sgLogError("ending emergency mode, stdin empty"); ---- squidGuard-1.4.orig/src/sgDiv.c.in 2013-12-11 17:42:15.000000000 +1300 -+++ squidGuard-1.4.orig/src/sgDiv.c.in 2013-12-11 18:58:40.000000000 +1300 -@@ -782,7 +782,7 @@ - } - sgLogError("Going into emergency mode"); - while(fgets(buf, MAX_BUF, stdin) != NULL){ -- puts(""); -+ puts("ERR"); - fflush(stdout); - } - sgLogError("ending emergency mode, stdin empty"); diff --git a/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch b/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch deleted file mode 100644 index bc50efd68..000000000 --- a/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch +++ /dev/null @@ -1,14 +0,0 @@ -Make BerkeleyDB version 4.7 and higher working. - -diff -Nur a/src/sgDb.c b/src/sgDb.c ---- a/src/sgDb.c 2010-09-09 12:35:22.000000000 +0200 -+++ b/src/sgDb.c 2013-11-23 10:05:55.000000000 +0100 -@@ -112,7 +112,7 @@ - } - } - #endif --#if DB_VERSION_MAJOR == 4 -+#if DB_VERSION_MAJOR >= 4 - if(globalUpdate || createdb || (dbfile != NULL && stat(dbfile,&st))){ - flag = DB_CREATE; - if(createdb) diff --git a/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch b/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch deleted file mode 100644 index a2f9177f5..000000000 --- a/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch +++ /dev/null @@ -1,125 +0,0 @@ - -From Jeffries Amos http://bugs.squid-cache.org/show_bug.cgi?id=3978#c5 - ---- squidGuard-1.5-beta.orig/src/main.c 2013-12-12 11:47:31.000000000 +1300 -+++ squidGuard-1.5-beta.orig/src/main.c 2013-12-12 11:50:38.000000000 +1300 -@@ -185,7 +185,7 @@ - sgReloadConfig(); - } - if(failsafe_mode) { -- puts(""); -+ puts("ERR message=\"squidGuard failsafe mode\""); - fflush(stdout); - if(sig_hup){ - sgReloadConfig(); -@@ -194,7 +194,7 @@ - } - if(parseLine(buf,&squidInfo) != 1){ - sgLogError("ERROR: Error parsing squid line: %s",buf); -- puts(""); -+ puts("BH message=\"squidGuard error parsing squid line\""); - } - else { - src = Source; -@@ -206,14 +206,14 @@ - acl = sgAclCheckSource(src); - if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ - if(src == NULL || src->cont_search == 0){ -- puts(""); -+ puts("ERR"); - break; - } else - if(src->next != NULL){ - src = src->next; - continue; - } else { -- puts(""); -+ puts("ERR"); - break; - } - } else { -@@ -228,6 +228,10 @@ - fprintf(stdout,"%s %s/%s %s %s\n",redirect,squidInfo.src, - squidInfo.srcDomain,squidInfo.ident, - squidInfo.method); -+ if (isdigit(redirect[0]) && isdigit(redirect[1]) && isdigit(redirect[2]) && redirect[3]==':') { -+ fprintf(stdout,"OK status=%c%c%c url=\"%s\"\n", redirect[0], redirect[1], redirect[2], &redirect[4]); -+ } else -+ fprintf(stdout,"OK rewrite-url=\"%s\"\n",redirect); - /* sgLogDebug("DEBUG: %s %s/%s %s %s\n",redirect,squidInfo.src,squidInfo.srcDomain,squidInfo.ident,squidInfo.method); */ - break; - } ---- squidGuard-1.5-beta.orig/src/main.c.in 2013-12-12 11:47:31.000000000 +1300 -+++ squidGuard-1.5-beta.orig/src/main.c.in 2013-12-12 11:53:18.000000000 +1300 -@@ -185,7 +185,7 @@ - sgReloadConfig(); - } - if(failsafe_mode) { -- puts(""); -+ puts("ERR message=\"squidGuard failsafe mode\""); - fflush(stdout); - if(sig_hup){ - sgReloadConfig(); -@@ -194,7 +194,7 @@ - } - if(parseLine(buf,&squidInfo) != 1){ - sgLogError("ERROR: Error parsing squid line: %s",buf); -- puts(""); -+ puts("BH message=\"squidGuard error parsing squid line\""); - } - else { - src = Source; -@@ -206,14 +206,14 @@ - acl = sgAclCheckSource(src); - if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ - if(src == NULL || src->cont_search == 0){ -- puts(""); -+ puts("ERR"); - break; - } else - if(src->next != NULL){ - src = src->next; - continue; - } else { -- puts(""); -+ puts("ERR"); - break; - } - } else { -@@ -225,9 +225,11 @@ - squidInfo.ident[0] = '-'; - squidInfo.ident[1] = '\0'; - } -- fprintf(stdout,"%s %s/%s %s %s\n",redirect,squidInfo.src, -- squidInfo.srcDomain,squidInfo.ident, -- squidInfo.method); -+ if (isdigit(redirect[0]) && isdigit(redirect[1]) && isdigit(redirect[2]) && redirect[3]==':') { -+ fprintf(stdout,"OK status=%c%c%c url=\"%s\"\n", redirect[0], redirect[1], redirect[2], &redirect[4]); -+ } else -+ fprintf(stdout,"OK rewrite-url=\"%s\"\n",redirect); -+ - /* sgLogDebug("DEBUG: %s %s/%s %s %s\n",redirect,squidInfo.src,squidInfo.srcDomain,squidInfo.ident,squidInfo.method); */ - break; - } ---- squidGuard-1.5-beta.orig/src/sgDiv.c 2013-12-12 11:47:31.000000000 +1300 -+++ squidGuard-1.5-beta.orig/src/sgDiv.c 2013-12-12 11:48:36.000000000 +1300 -@@ -782,7 +782,7 @@ - } - sgLogError("ERROR: Going into emergency mode"); - while(fgets(buf, MAX_BUF, stdin) != NULL){ -- puts(""); -+ puts("ERR"); - fflush(stdout); - } - sgLogError("ERROR: Ending emergency mode, stdin empty"); ---- squidGuard-1.5-beta.orig/src/sgDiv.c.in 2013-12-12 11:47:31.000000000 +1300 -+++ squidGuard-1.5-beta.orig/src/sgDiv.c.in 2013-12-12 11:48:36.000000000 +1300 -@@ -782,7 +782,7 @@ - } - sgLogError("ERROR: Going into emergency mode"); - while(fgets(buf, MAX_BUF, stdin) != NULL){ -- puts(""); -+ puts("ERR"); - fflush(stdout); - } - sgLogError("ERROR: Ending emergency mode, stdin empty"); diff --git a/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch b/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch deleted file mode 100644 index ba2840bac..000000000 --- a/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch +++ /dev/null @@ -1,66 +0,0 @@ ---- a/src/sg.y.in 2014-04-14 16:23:39.183396677 +0200 -+++ b/src/sg.y.in 2014-04-14 16:24:19.000000000 +0200 -@@ -795,9 +795,9 @@ - { - struct Source *sp; - sp = lastSource; -- -+/* DEBUG - @NOLOG1@ sgLogError("DEBUG: sgSourceLdapIpSearch called with: %s", url); @NOLOG2@ -- -+*/ - if(!ldap_is_ldap_url(url)) { - sgLogError("%s: can't parse LDAP url %s",progname, url); - return; -@@ -1311,10 +1311,12 @@ - } - sp->domainlistDb = (struct sgDb *) sgCalloc(1,sizeof(struct sgDb)); - sp->domainlistDb->type=SGDBTYPE_DOMAINLIST; -+/* DEBUG - sgLogError("init domainlist %s",sp->domainlist); -+*/ - sgDbInit(sp->domainlistDb,sp->domainlist); - if(sp->domainlistDb->entries == 0) { /* empty database */ -- sgLogError("domainlist empty, removed from memory"); -+ sgLogError("domainlist %s empty, removed from memory",sp->domainlist); - sgFree(sp->domainlistDb); - sp->domainlistDb = NULL; - } -@@ -1356,10 +1356,12 @@ - } - sp->urllistDb = (struct sgDb *) sgCalloc(1,sizeof(struct sgDb)); - sp->urllistDb->type=SGDBTYPE_URLLIST; -+/* DEBUG - sgLogError("init urllist %s",sp->urllist); -+*/ - sgDbInit(sp->urllistDb,sp->urllist); - if(sp->urllistDb->entries == 0) { /* empty database */ -- sgLogError("urllist empty, removed from memory"); -+ sgLogError("urllist empty %s, removed from memory",sp->urllist); - sgFree(sp->urllistDb); - sp->urllistDb = NULL; - } -@@ -2773,9 +2773,9 @@ - char *interval; - struct UserInfo *userinfo; - static struct UserInfo info; -- -+/* DEBUG - @NOLOG1@ sgLogError("DEBUG: sgFindUser called with: %s", ident); @NOLOG2@ -- -+*/ - /* defined in the userDB? */ - if(defined(src->userDb, ident, (char **) &userinfo) == 1) { - #ifdef HAVE_LIBLDAP ---- a/src/sgDb.c 2014-04-17 08:53:29.961367395 +0200 -+++ b/src/sgDb.c 2014-04-17 08:53:58.000000000 +0200 -@@ -48,7 +48,9 @@ - strcat(dbfile,".db"); - if(stat(dbfile,&st) == 0){ - if(!createdb){ -+/* DEBUG - sgLogNotice("INFO: loading dbfile %s",dbfile); -+*/ - } - } else { - if(!createdb){ diff --git a/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch b/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch deleted file mode 100644 index dbc13e20e..000000000 --- a/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch +++ /dev/null @@ -1,76 +0,0 @@ -Original input to stdout, to be useable with multiple redirectors -when option -f is given on squidGuard start -We have to remember the raw original URL as the URL is modified for testing -purpose. So the exisiting HTML entities like %3F (?), %26 (&), %3D (=) etc. are changed -which breaks the URL for further processing if it is send to stdout like we do it for the -redirector chain (THIS patch). -diff -Nur a/src/main.c.in b/src/main.c.in ---- a/src/main.c.in 2009-09-27 21:41:50.000000000 +0200 -+++ b/src/main.c.in 2013-06-01 21:18:55.000000000 +0200 -@@ -59,6 +59,7 @@ - char **globalEnvp ; - int globalDebugTimeDelta = 0; - int globalDebug = 0; -+int globalFullStdout = 0; - int globalPid = 0; - int globalUpdate = 0; - int passthrough = 0; -@@ -89,6 +90,7 @@ - struct Acl *acl; - struct timeval start_time,ready_time,stop_time; - char buf[MAX_BUF]; -+ char origraw[MAX_BUF]; - char *redirect,tmp[MAX_BUF]; - char *configFile = NULL; - time_t t; -@@ -101,11 +102,14 @@ - #ifdef USE_SYSLOG - openlog("squidGuard", LOG_PID | LOG_NDELAY | LOG_CONS, LOG_ at LOGFAC@); - #endif -- while ((ch = getopt(argc, argv, "hbduPC:t:c:v")) != EOF) -+ while ((ch = getopt(argc, argv, "hbdfuPC:t:c:v")) != EOF) - switch (ch) { - case 'd': - globalDebug = 1; - break; -+ case 'f': -+ globalFullStdout = 1; -+ break; - case 'c': - configFile = optarg; - break; -@@ -192,6 +193,8 @@ - } - continue; - } -+ strcpy(origraw,buf); -+ if (strlen(origraw) && (origraw[strlen(origraw)-1] == '\n')) origraw[strlen(origraw)-1] = 0; - if(parseLine(buf,&squidInfo) != 1){ - sgLogError("ERROR: Error parsing squid line: %s",buf); - puts("BH message=\"squidGuard error parsing squid line\""); -@@ -206,7 +210,12 @@ - acl = sgAclCheckSource(src); - if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ - if(src == NULL || src->cont_search == 0){ -+ if (globalFullStdout) { -+ puts(origraw); -+ } -+ else { - puts("ERR"); -+ } - break; - } else - if(src->next != NULL){ -@@ -213,7 +214,12 @@ - src = src->next; - continue; - } else { -+ if (globalFullStdout) { -+ puts(origraw); -+ } -+ else { - puts("ERR"); -+ } - break; - } - } else { diff --git a/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch b/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch deleted file mode 100644 index 33732deea..000000000 --- a/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch +++ /dev/null @@ -1,56 +0,0 @@ ---- a/src/sg.l Sat Jan 30 13:51:12 2016 -+++ b/src/sg.l Sat Jan 30 14:01:28 2016 -@@ -23,6 +23,8 @@ - - %} - -+%option noinput -+%option nounput - ignore [,\t\r ]+ - s [\t ] - d [0-9] ---- a/src/sg.y.in Sat Jan 30 13:52:26 2016 -+++ b/src/sg.y.in Sat Jan 30 14:00:50 2016 -@@ -26,6 +26,7 @@ - - #ifdef HAVE_LIBLDAP - #include "lber.h" -+#define LDAP_DEPRECATED 1 - #include "ldap.h" - #endif - -@@ -1097,7 +1098,6 @@ - foundip = 1; - unblockedip = 1; - if(s->ipquota.seconds != 0){ -- struct IpInfo uq; - time_t t = time(NULL) + globalDebugTimeDelta; - sgLogError("status %d time %d lasttime %d consumed %d", ipquota->status, ipquota->time, ipquota->last, ipquota->consumed); - sgLogError("renew %d seconds %d", s->ipquota.renew, s->ipquota.seconds); -@@ -1157,7 +1157,6 @@ - founduser = 1; - unblockeduser = 1; - if(s->userquota.seconds != 0){ -- struct UserInfo uq; - time_t t = time(NULL) + globalDebugTimeDelta; - //sgLogError("status %d time %d lasttime %d consumed %d", userquota->status, userquota->time, userquota->last, userquota->consumed); - //sgLogError("renew %d seconds %d", s->userquota.renew, s->userquota.seconds); ---- a/src/sgDiv.c.in Sat Jan 30 13:52:10 2016 -+++ b/src/sgDiv.c.in Sat Jan 30 13:59:16 2016 -@@ -18,6 +18,7 @@ - - #include "sg.h" - #include "sgEx.h" -+#include "HTEscape.h" - - /* #define METEST 8; */ - -@@ -692,7 +693,7 @@ - struct UserInfo *userquota; - if(defined(s->userDb, req->ident, (char **) &userquota) == 1){ - char qbuf[150]; -- sprintf(qbuf, "%d-%d-%d-%d-%d-%d", s->userquota.renew, s->userquota.seconds, userquota->status, userquota->time, userquota->last, userquota->consumed); -+ sprintf(qbuf, "%d-%d-%d-%d-%d-%d", s->userquota.renew, (int)s->userquota.seconds, userquota->status, (int)userquota->time, (int)userquota->last, userquota->consumed); - strcat(buf, qbuf); - } else { - strcat(buf, "noquota"); diff --git a/src/patches/squidguard/06_squidguard_version.patch b/src/patches/squidguard/06_squidguard_version.patch deleted file mode 100644 index 351804c49..000000000 --- a/src/patches/squidguard/06_squidguard_version.patch +++ /dev/null @@ -1,8 +0,0 @@ ---- a/src/version.h Thu Apr 17 17:00:48 2008 -+++ b/src/version.h Fri May 08 20:44:48 2009 -@@ -16,4 +16,4 @@ - (GPL) along with this program. - */ - --#define VERSION "1.5-alpha" -+#define VERSION "1.5-beta" From 736c3b182d9b223c8794cf27a7b215b62b6ac122 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jun 2020 15:40:20 +0000 Subject: [PATCH 35/67] squidGuard: Update to 1.6.0 Signed-off-by: Michael Tremer --- lfs/squidguard | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lfs/squidguard b/lfs/squidguard index 06f2db001..0aea8dbb6 100644 --- a/lfs/squidguard +++ b/lfs/squidguard @@ -26,7 +26,7 @@ include Config VER = 1.6.0 -THISAPP = squidGuard-$(VER) +THISAPP = squidguard-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) @@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./autogen.sh cd $(DIR_APP) && ./configure \ --prefix=/usr \ --datadir=/usr/share \ From a5a0c8a530aba6b234bf941c1fe927475524c894 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jun 2020 15:40:44 +0000 Subject: [PATCH 36/67] firewall: Always enable connection tracking for GRE If this module is not being loaded, the kernel will mark any GRE connection as INVALID in connection tracking, which will be then silently dropped by a firewall rule. Signed-off-by: Michael Tremer --- config/rootfiles/core/147/filelists/files | 1 + src/initscripts/system/firewall | 3 +++ 2 files changed, 4 insertions(+) diff --git a/config/rootfiles/core/147/filelists/files b/config/rootfiles/core/147/filelists/files index ce4e51768..ec47d36d3 100644 --- a/config/rootfiles/core/147/filelists/files +++ b/config/rootfiles/core/147/filelists/files @@ -2,3 +2,4 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs +etc/rc.d/init.d/firewall diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 00512d9fa..b0890c717 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -96,6 +96,9 @@ iptables_init() { # Conntrack helpers (https://home.regit.org/netfilter-en/secure-use-of-helpers/) + # GRE (always enabled) + modprobe nf_conntrack_proto_gre + # SIP if [ "${CONNTRACK_SIP}" = "on" ]; then modprobe nf_nat_sip From 224adebdc44dece1e21193dd7ab4090e102349e8 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jun 2020 15:42:33 +0000 Subject: [PATCH 37/67] sysctl: Load nf_log_ipv4 as default logging module for TRACE target Signed-off-by: Michael Tremer --- config/etc/sysctl.conf | 3 +++ config/rootfiles/core/147/filelists/files | 1 + 2 files changed, 4 insertions(+) diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 7e7ebee44..98a0dbe63 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -34,6 +34,9 @@ net.ipv6.conf.default.disable_ipv6 = 1 # Enable netfilter accounting net.netfilter.nf_conntrack_acct=1 +# Enable TRACE logging to syslog +net.netfilter.nf_log.2=nf_log_ipv4 + # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 diff --git a/config/rootfiles/core/147/filelists/files b/config/rootfiles/core/147/filelists/files index ec47d36d3..0062d9b3e 100644 --- a/config/rootfiles/core/147/filelists/files +++ b/config/rootfiles/core/147/filelists/files @@ -3,3 +3,4 @@ etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs etc/rc.d/init.d/firewall +etc/sysctl.conf From f84b8d7aae8ef17e844f4922263af40e29e70ee9 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Tue, 16 Jun 2020 19:48:35 +0200 Subject: [PATCH 38/67] dhcpcd: Update to 9.1.2 For details see: https://roy.marples.name/blog/dhcpcd-9-1-2-released.html "Fix installing dhcpcd-definitions.conf rather than embedding it NetBSD: free ARP state once IPv4LL address announced Linux: fix compile for older distros udev: disable plugin for non Linux OS's BSD: Mark RA dervied addresses as AUTOCONF on NetBSD-current BSD: Only mark static routes from dhcpcd.conf as static DHCP6: Ensure requested addresses are requested DHCP6: Fix prefix length calculation when no prefix specified privsep: Implement a resource limited sandbox [1] privsep: Remove inet and dns pledges from master process privsep: call getifaddrs when the BSD lacks SIOCGIFALIAS privsep: free getifaddrs the right way if from privsep or not [1] You will see a control proxy process now. This is for the resource limited sandbox so that we can isolate requests over the control socket. For NetBSD, FreeBSD and derivatives such as DragonFlyBSD this is a massive win as these OS now enjoy a similar level of protection as Capsicum or Pledge, but without the syscall filtering." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- lfs/dhcpcd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/dhcpcd b/lfs/dhcpcd index bc55e9705..c5a2c1a25 100644 --- a/lfs/dhcpcd +++ b/lfs/dhcpcd @@ -24,7 +24,7 @@ include Config -VER = 9.0.2 +VER = 9.1.2 THISAPP = dhcpcd-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = f62118a576b01f5d0adf0c5ce617fbe7 +$(DL_FILE)_MD5 = 96fc03f0b57e85a2dca2854bf2ff762d install : $(TARGET) From aadd7678b55ade8325d4d243fd5e159ddfd62360 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 18 Jun 2020 10:39:03 +0000 Subject: [PATCH 39/67] core147: Ship dhcpcd Signed-off-by: Michael Tremer --- config/rootfiles/core/147/filelists/dhcpcd | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/147/filelists/dhcpcd diff --git a/config/rootfiles/core/147/filelists/dhcpcd b/config/rootfiles/core/147/filelists/dhcpcd new file mode 120000 index 000000000..1e799dabb --- /dev/null +++ b/config/rootfiles/core/147/filelists/dhcpcd @@ -0,0 +1 @@ +../../../common/dhcpcd \ No newline at end of file From 3b887740e8fccd554dda86279e93d8664835a26b Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 16 Jun 2020 20:43:52 +0200 Subject: [PATCH 40/67] bacula: Update to 9.6.5 - Update bacula from version 9.0.6 to 9.6.5 Version 9.0.6 is over two and a half years old. - Update config options in lfs to include bacula recommended smartalloc option. "This enables the inclusion of the Smartalloc orphaned buffer detection code. This option is highly recommended. Because we never build without this option, you may experience problems if it is not enabled. In this case, simply re-enable the option. We strongly recommend keeping this option enabled as it helps detect memory leaks. This configuration parameter is used while building Bacula" - Add install, uninstall and update files in src/paks/bacula - Updated backup/includes to backup the config file and the File Daemon state file. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/backup/includes/bacula | 3 ++- config/rootfiles/packages/bacula | 17 ++++++++-------- lfs/bacula | 9 ++++---- src/paks/bacula/install.sh | 35 ++++++++++++++++++++++++++++++++ src/paks/bacula/uninstall.sh | 32 +++++++++++++++++++++++++++++ src/paks/bacula/update.sh | 26 ++++++++++++++++++++++++ 6 files changed, 109 insertions(+), 13 deletions(-) create mode 100644 src/paks/bacula/install.sh create mode 100644 src/paks/bacula/uninstall.sh create mode 100644 src/paks/bacula/update.sh diff --git a/config/backup/includes/bacula b/config/backup/includes/bacula index 8d5c119f9..92bce0eba 100644 --- a/config/backup/includes/bacula +++ b/config/backup/includes/bacula @@ -1 +1,2 @@ -/etc/bacula/ +/etc/bacula/bacula-fd.conf +/var/bacula/working/bacula-fd.9102.state diff --git a/config/rootfiles/packages/bacula b/config/rootfiles/packages/bacula index 64fb0d2ca..4ee408fc4 100644 --- a/config/rootfiles/packages/bacula +++ b/config/rootfiles/packages/bacula @@ -13,22 +13,23 @@ etc/bacula/bacula-fd.conf #etc/bacula/btraceback.gdb #etc/bacula/btraceback.mdb #etc/bacula/disk-changer +#etc/bacula/isworm #etc/bacula/mtx-changer #etc/bacula/mtx-changer.conf #etc/bacula/tapealert etc/rc.d/init.d/bacula #opt/bacula #opt/bacula/log -usr/lib/bpipe-fd.so -usr/lib/libbac-9.0.6.so +#usr/lib/bpipe-fd.so +usr/lib/libbac-9.6.5.so #usr/lib/libbac.la -#usr/lib/libbac.so -usr/lib/libbaccfg-9.0.6.so +usr/lib/libbac.so +usr/lib/libbaccfg-9.6.5.so #usr/lib/libbaccfg.la -#usr/lib/libbaccfg.so -usr/lib/libbacfind-9.0.6.so +usr/lib/libbaccfg.so +usr/lib/libbacfind-9.6.5.so #usr/lib/libbacfind.la -#usr/lib/libbacfind.so +usr/lib/libbacfind.so #usr/sbin/bacula usr/sbin/bacula-fd #usr/sbin/bbconsjson @@ -61,4 +62,4 @@ usr/sbin/bacula-fd #usr/share/man/man8/bwild.8.gz #usr/share/man/man8/dbcheck.8.gz #var/bacula -var/bacula/working +#var/bacula/working diff --git a/lfs/bacula b/lfs/bacula index 8c96c7ba1..1e4db011b 100644 --- a/lfs/bacula +++ b/lfs/bacula @@ -24,7 +24,7 @@ include Config -VER = 9.0.6 +VER = 9.6.5 THISAPP = bacula-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = bacula -PAK_VER = 4 +PAK_VER = 5 DEPS = @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 9168e398808c42bf290515f60892f643 +$(DL_FILE)_MD5 = e58eb531483de98d0410b33e3ec3d96a install : $(TARGET) @@ -80,12 +80,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) $(UPDATE_AUTOMAKE) cd $(DIR_APP) && ./configure \ --prefix=/usr \ + --enable-smartalloc \ --sysconfdir=/etc/bacula \ --with-working-dir=/var/bacula/working \ --enable-client-only cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install - ln -s /etc/bacula/bacula-ctl-fd /etc/rc.d/init.d/bacula + ln -sf /etc/bacula/bacula-ctl-fd /etc/rc.d/init.d/bacula rm -f /root/.rnd @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/paks/bacula/install.sh b/src/paks/bacula/install.sh new file mode 100644 index 000000000..8bcd38032 --- /dev/null +++ b/src/paks/bacula/install.sh @@ -0,0 +1,35 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_files +if [ ! -d /var/bacula/working ]; then + mkdir -p /var/bacula/working +fi +restore_backup ${NAME} +# create startlinks +ln -sf ../init.d/bacula /etc/rc.d/rc0.d/K35bacula +ln -sf ../init.d/bacula /etc/rc.d/rc3.d/S65bacula +ln -sf ../init.d/bacula /etc/rc.d/rc6.d/K35bacula +start_service ${NAME} +exit 0 diff --git a/src/paks/bacula/uninstall.sh b/src/paks/bacula/uninstall.sh new file mode 100644 index 000000000..1a0a167a3 --- /dev/null +++ b/src/paks/bacula/uninstall.sh @@ -0,0 +1,32 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +stop_service ${NAME} +make_backup ${NAME} +# Remove /var/bacula/ directory +rm -r /var/bacula +remove_files +# Remove all start links. +rm -rf /etc/rc.d/rc*.d/*bacula +exit 0 diff --git a/src/paks/bacula/update.sh b/src/paks/bacula/update.sh new file mode 100644 index 000000000..89c40d0d7 --- /dev/null +++ b/src/paks/bacula/update.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +./uninstall.sh +./install.sh From 0a0738618f3a87046a026c0ad5d193e8e25eff70 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 19 Jun 2020 12:44:14 +0000 Subject: [PATCH 41/67] core174: Ship updated files from gcloud branch Signed-off-by: Michael Tremer --- config/rootfiles/core/147/filelists/files | 9 +++++++++ config/rootfiles/core/147/update.sh | 2 ++ 2 files changed, 11 insertions(+) diff --git a/config/rootfiles/core/147/filelists/files b/config/rootfiles/core/147/filelists/files index 0062d9b3e..fe33d7d71 100644 --- a/config/rootfiles/core/147/filelists/files +++ b/config/rootfiles/core/147/filelists/files @@ -2,5 +2,14 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs +etc/rc.d/helper/aws-setup +etc/rc.d/helper/gcp-setup +etc/rc.d/init.d/cloud-init etc/rc.d/init.d/firewall +etc/rc.d/init.d/functions +etc/rc.d/init.d/networking/any +etc/rc.d/init.d/networking/red +etc/rc.d/init.d/partresize etc/sysctl.conf +var/ipfire/header.pl +var/ipfire/general-functions.pl diff --git a/config/rootfiles/core/147/update.sh b/config/rootfiles/core/147/update.sh index ad542c691..8d8c04048 100644 --- a/config/rootfiles/core/147/update.sh +++ b/config/rootfiles/core/147/update.sh @@ -32,6 +32,8 @@ for (( i=1; i<=$core; i++ )); do done # Remove files +rm -vf \ + /var/ipfire/aws-functions.pl # Stop services /etc/init.d/squid stop From 1952d398441f9fcaed491757327cda5e634b4cd4 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 20 Jun 2020 08:53:31 +0200 Subject: [PATCH 42/67] remove old core146 openvpn symlink that break build. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/146/filelists/openvpn | 1 - 1 file changed, 1 deletion(-) delete mode 120000 config/rootfiles/core/146/filelists/openvpn diff --git a/config/rootfiles/core/146/filelists/openvpn b/config/rootfiles/core/146/filelists/openvpn deleted file mode 120000 index 493f3f7a4..000000000 --- a/config/rootfiles/core/146/filelists/openvpn +++ /dev/null @@ -1 +0,0 @@ -../../../common/openvpn \ No newline at end of file From e21c068f3370af12167f27be849d6e208c537120 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 20 Jun 2020 08:55:06 +0200 Subject: [PATCH 43/67] linux-firmware: update to 20200519 Signed-off-by: Arne Fitzenreiter --- config/rootfiles/common/linux-firmware | 593 ++++++++++-------- .../core/147/filelists/linux-firmware-updates | 252 ++++++++ lfs/linux-firmware | 6 +- 3 files changed, 588 insertions(+), 263 deletions(-) create mode 100644 config/rootfiles/core/147/filelists/linux-firmware-updates diff --git a/config/rootfiles/common/linux-firmware b/config/rootfiles/common/linux-firmware index 46ab00d33..02f78c0ee 100644 --- a/config/rootfiles/common/linux-firmware +++ b/config/rootfiles/common/linux-firmware @@ -1,83 +1,14 @@ #lib/firmware/3com lib/firmware/3com/3C359.bin lib/firmware/3com/typhoon.bin -lib/firmware/GPL-2 -lib/firmware/GPL-3 -lib/firmware/LICENCE.Abilis -lib/firmware/LICENCE.IntcSST2 -lib/firmware/LICENCE.Marvell -lib/firmware/LICENCE.Netronome -lib/firmware/LICENCE.OLPC -lib/firmware/LICENCE.adsp_sst -lib/firmware/LICENCE.agere -lib/firmware/LICENCE.atheros_firmware -lib/firmware/LICENCE.broadcom_bcm43xx -lib/firmware/LICENCE.ca0132 -lib/firmware/LICENCE.cadence -lib/firmware/LICENCE.cavium -lib/firmware/LICENCE.cavium_liquidio -lib/firmware/LICENCE.chelsio_firmware -lib/firmware/LICENCE.cw1200 -lib/firmware/LICENCE.cypress -lib/firmware/LICENCE.e100 -lib/firmware/LICENCE.ene_firmware -lib/firmware/LICENCE.fw_sst_0f28 -lib/firmware/LICENCE.go7007 -lib/firmware/LICENCE.i2400m -lib/firmware/LICENCE.ibt_firmware -lib/firmware/LICENCE.it913x -lib/firmware/LICENCE.iwlwifi_firmware -lib/firmware/LICENCE.kaweth -lib/firmware/LICENCE.mediatek -lib/firmware/LICENCE.microchip -lib/firmware/LICENCE.moxa -lib/firmware/LICENCE.myri10ge_firmware -lib/firmware/LICENCE.nvidia -lib/firmware/LICENCE.open-ath9k-htc-firmware -lib/firmware/LICENCE.phanfw -lib/firmware/LICENCE.qat_firmware -lib/firmware/LICENCE.qla1280 -lib/firmware/LICENCE.qla2xxx -lib/firmware/LICENCE.r8a779x_usb3 -lib/firmware/LICENCE.ralink-firmware.txt -lib/firmware/LICENCE.ralink_a_mediatek_company_firmware -lib/firmware/LICENCE.rockchip -lib/firmware/LICENCE.rtlwifi_firmware.txt -lib/firmware/LICENCE.siano -lib/firmware/LICENCE.tda7706-firmware.txt -lib/firmware/LICENCE.ti-connectivity -lib/firmware/LICENCE.ti-keystone -lib/firmware/LICENCE.ueagle-atm4-firmware -lib/firmware/LICENCE.via_vt6656 -lib/firmware/LICENCE.wl1251 -lib/firmware/LICENCE.xc4000 -lib/firmware/LICENCE.xc5000 -lib/firmware/LICENCE.xc5000c -lib/firmware/LICENSE.QualcommAtheros_ar3k -lib/firmware/LICENSE.QualcommAtheros_ath10k -lib/firmware/LICENSE.amd-sev -lib/firmware/LICENSE.amd-ucode -lib/firmware/LICENSE.amdgpu -lib/firmware/LICENSE.amlogic_vdec -lib/firmware/LICENSE.atmel -lib/firmware/LICENSE.dib0700 -lib/firmware/LICENSE.hfi1_firmware -lib/firmware/LICENSE.i915 -lib/firmware/LICENSE.ice -lib/firmware/LICENSE.ipu3_firmware -lib/firmware/LICENSE.nxp_mc_firmware -lib/firmware/LICENSE.qcom -lib/firmware/LICENSE.radeon -lib/firmware/LICENSE.sdma_firmware -#lib/firmware/Makefile -lib/firmware/README #lib/firmware/RTL8192E lib/firmware/RTL8192E/boot.img lib/firmware/RTL8192E/data.img lib/firmware/RTL8192E/main.img lib/firmware/TDA7706_OM_v2.5.1_boot.txt lib/firmware/TDA7706_OM_v3.0.2_boot.txt -lib/firmware/WHENCE +lib/firmware/a300_pfp.fw +lib/firmware/a300_pm4.fw #lib/firmware/acenic lib/firmware/acenic/tg1.bin lib/firmware/acenic/tg2.bin @@ -94,13 +25,9 @@ lib/firmware/agere_sta_fw.bin #lib/firmware/amd #lib/firmware/amd-ucode lib/firmware/amd-ucode/microcode_amd.bin -lib/firmware/amd-ucode/microcode_amd.bin.asc lib/firmware/amd-ucode/microcode_amd_fam15h.bin -lib/firmware/amd-ucode/microcode_amd_fam15h.bin.asc lib/firmware/amd-ucode/microcode_amd_fam16h.bin -lib/firmware/amd-ucode/microcode_amd_fam16h.bin.asc lib/firmware/amd-ucode/microcode_amd_fam17h.bin -lib/firmware/amd-ucode/microcode_amd_fam17h.bin.asc lib/firmware/amd/amd_sev_fam17h_model0xh.sbin #lib/firmware/amdgpu lib/firmware/amdgpu/banks_k_2_smc.bin @@ -197,19 +124,26 @@ lib/firmware/amdgpu/navi10_sdma.bin lib/firmware/amdgpu/navi10_sdma1.bin lib/firmware/amdgpu/navi10_smc.bin lib/firmware/amdgpu/navi10_sos.bin +lib/firmware/amdgpu/navi10_ta.bin lib/firmware/amdgpu/navi10_vcn.bin lib/firmware/amdgpu/navi14_asd.bin lib/firmware/amdgpu/navi14_ce.bin +lib/firmware/amdgpu/navi14_ce_wks.bin lib/firmware/amdgpu/navi14_gpu_info.bin lib/firmware/amdgpu/navi14_me.bin +lib/firmware/amdgpu/navi14_me_wks.bin lib/firmware/amdgpu/navi14_mec.bin lib/firmware/amdgpu/navi14_mec2.bin +lib/firmware/amdgpu/navi14_mec2_wks.bin +lib/firmware/amdgpu/navi14_mec_wks.bin lib/firmware/amdgpu/navi14_pfp.bin +lib/firmware/amdgpu/navi14_pfp_wks.bin lib/firmware/amdgpu/navi14_rlc.bin lib/firmware/amdgpu/navi14_sdma.bin lib/firmware/amdgpu/navi14_sdma1.bin lib/firmware/amdgpu/navi14_smc.bin lib/firmware/amdgpu/navi14_sos.bin +lib/firmware/amdgpu/navi14_ta.bin lib/firmware/amdgpu/navi14_vcn.bin lib/firmware/amdgpu/oland_ce.bin lib/firmware/amdgpu/oland_k_smc.bin @@ -228,6 +162,7 @@ lib/firmware/amdgpu/picasso_pfp.bin lib/firmware/amdgpu/picasso_rlc.bin lib/firmware/amdgpu/picasso_rlc_am4.bin lib/firmware/amdgpu/picasso_sdma.bin +lib/firmware/amdgpu/picasso_ta.bin lib/firmware/amdgpu/picasso_vcn.bin lib/firmware/amdgpu/pitcairn_ce.bin lib/firmware/amdgpu/pitcairn_k_smc.bin @@ -306,6 +241,7 @@ lib/firmware/amdgpu/raven2_mec2.bin lib/firmware/amdgpu/raven2_pfp.bin lib/firmware/amdgpu/raven2_rlc.bin lib/firmware/amdgpu/raven2_sdma.bin +lib/firmware/amdgpu/raven2_ta.bin lib/firmware/amdgpu/raven2_vcn.bin lib/firmware/amdgpu/raven_asd.bin lib/firmware/amdgpu/raven_ce.bin @@ -318,7 +254,19 @@ lib/firmware/amdgpu/raven_mec2.bin lib/firmware/amdgpu/raven_pfp.bin lib/firmware/amdgpu/raven_rlc.bin lib/firmware/amdgpu/raven_sdma.bin +lib/firmware/amdgpu/raven_ta.bin lib/firmware/amdgpu/raven_vcn.bin +lib/firmware/amdgpu/renoir_asd.bin +lib/firmware/amdgpu/renoir_ce.bin +lib/firmware/amdgpu/renoir_dmcub.bin +lib/firmware/amdgpu/renoir_gpu_info.bin +lib/firmware/amdgpu/renoir_me.bin +lib/firmware/amdgpu/renoir_mec.bin +lib/firmware/amdgpu/renoir_mec2.bin +lib/firmware/amdgpu/renoir_pfp.bin +lib/firmware/amdgpu/renoir_rlc.bin +lib/firmware/amdgpu/renoir_sdma.bin +lib/firmware/amdgpu/renoir_vcn.bin lib/firmware/amdgpu/si58_mc.bin lib/firmware/amdgpu/stoney_ce.bin lib/firmware/amdgpu/stoney_me.bin @@ -474,55 +422,47 @@ lib/firmware/as102_data2_st.hex #lib/firmware/ath10k/QCA4019/hw1.0 lib/firmware/ath10k/QCA4019/hw1.0/board-2.bin lib/firmware/ath10k/QCA4019/hw1.0/firmware-5.bin -lib/firmware/ath10k/QCA4019/hw1.0/notice_ath10k_firmware-5.txt #lib/firmware/ath10k/QCA6174 #lib/firmware/ath10k/QCA6174/hw2.1 lib/firmware/ath10k/QCA6174/hw2.1/board-2.bin lib/firmware/ath10k/QCA6174/hw2.1/board.bin lib/firmware/ath10k/QCA6174/hw2.1/firmware-5.bin -lib/firmware/ath10k/QCA6174/hw2.1/notice_ath10k_firmware-5.txt #lib/firmware/ath10k/QCA6174/hw3.0 lib/firmware/ath10k/QCA6174/hw3.0/board-2.bin lib/firmware/ath10k/QCA6174/hw3.0/board.bin lib/firmware/ath10k/QCA6174/hw3.0/firmware-4.bin lib/firmware/ath10k/QCA6174/hw3.0/firmware-6.bin -lib/firmware/ath10k/QCA6174/hw3.0/notice_ath10k_firmware-4.txt -lib/firmware/ath10k/QCA6174/hw3.0/notice_ath10k_firmware-6.txt #lib/firmware/ath10k/QCA9377 #lib/firmware/ath10k/QCA9377/hw1.0 lib/firmware/ath10k/QCA9377/hw1.0/board-2.bin lib/firmware/ath10k/QCA9377/hw1.0/board.bin lib/firmware/ath10k/QCA9377/hw1.0/firmware-5.bin lib/firmware/ath10k/QCA9377/hw1.0/firmware-6.bin -lib/firmware/ath10k/QCA9377/hw1.0/notice_ath10k_firmware-5.txt -lib/firmware/ath10k/QCA9377/hw1.0/notice_ath10k_firmware-6.txt #lib/firmware/ath10k/QCA9887 #lib/firmware/ath10k/QCA9887/hw1.0 lib/firmware/ath10k/QCA9887/hw1.0/board.bin lib/firmware/ath10k/QCA9887/hw1.0/firmware-5.bin -lib/firmware/ath10k/QCA9887/hw1.0/notice_ath10k_firmware-5.txt #lib/firmware/ath10k/QCA9888 #lib/firmware/ath10k/QCA9888/hw2.0 lib/firmware/ath10k/QCA9888/hw2.0/board-2.bin lib/firmware/ath10k/QCA9888/hw2.0/firmware-5.bin -lib/firmware/ath10k/QCA9888/hw2.0/notice_ath10k_firmware-5.txt #lib/firmware/ath10k/QCA988X #lib/firmware/ath10k/QCA988X/hw2.0 lib/firmware/ath10k/QCA988X/hw2.0/board.bin lib/firmware/ath10k/QCA988X/hw2.0/firmware-4.bin lib/firmware/ath10k/QCA988X/hw2.0/firmware-5.bin -lib/firmware/ath10k/QCA988X/hw2.0/notice_ath10k_firmware-4.txt -lib/firmware/ath10k/QCA988X/hw2.0/notice_ath10k_firmware-5.txt #lib/firmware/ath10k/QCA9984 #lib/firmware/ath10k/QCA9984/hw1.0 lib/firmware/ath10k/QCA9984/hw1.0/board-2.bin lib/firmware/ath10k/QCA9984/hw1.0/firmware-5.bin -lib/firmware/ath10k/QCA9984/hw1.0/notice_ath10k_firmware-5.txt #lib/firmware/ath10k/QCA99X0 #lib/firmware/ath10k/QCA99X0/hw2.0 lib/firmware/ath10k/QCA99X0/hw2.0/board.bin lib/firmware/ath10k/QCA99X0/hw2.0/firmware-5.bin -lib/firmware/ath10k/QCA99X0/hw2.0/notice_ath10k_firmware-5.txt +#lib/firmware/ath10k/WCN3990 +lib/firmware/ath10k/WCN3990/hw1.0 +lib/firmware/ath10k/WCN3990/hw1.0/firmware-5.bin +lib/firmware/ath10k/WCN3990/hw1.0/wlanmdsp.mbn lib/firmware/ath3k-1.fw #lib/firmware/ath6k #lib/firmware/ath6k/AR6002 @@ -581,13 +521,10 @@ lib/firmware/atmel/wilc1000_p2p_fw.bin lib/firmware/atmel/wilc1000_wifi_firmware.bin lib/firmware/atmsar11.fw #lib/firmware/atusb -lib/firmware/atusb/ChangeLog lib/firmware/atusb/atusb-0.2.dfu lib/firmware/atusb/atusb-0.3.dfu lib/firmware/atusb/rzusb-0.3.bin #lib/firmware/av7110 -#lib/firmware/av7110/Boot.S -#lib/firmware/av7110/Makefile lib/firmware/av7110/bootcode.bin #lib/firmware/bnx2 lib/firmware/bnx2/bnx2-mips-06-4.6.16.fw @@ -631,6 +568,7 @@ lib/firmware/bnx2x/bnx2x-e1-7.10.51.0.fw lib/firmware/bnx2x/bnx2x-e1-7.12.30.0.fw lib/firmware/bnx2x/bnx2x-e1-7.13.1.0.fw lib/firmware/bnx2x/bnx2x-e1-7.13.11.0.fw +lib/firmware/bnx2x/bnx2x-e1-7.13.15.0.fw lib/firmware/bnx2x/bnx2x-e1-7.2.16.0.fw lib/firmware/bnx2x/bnx2x-e1-7.2.51.0.fw lib/firmware/bnx2x/bnx2x-e1-7.8.17.0.fw @@ -646,6 +584,7 @@ lib/firmware/bnx2x/bnx2x-e1h-7.10.51.0.fw lib/firmware/bnx2x/bnx2x-e1h-7.12.30.0.fw lib/firmware/bnx2x/bnx2x-e1h-7.13.1.0.fw lib/firmware/bnx2x/bnx2x-e1h-7.13.11.0.fw +lib/firmware/bnx2x/bnx2x-e1h-7.13.15.0.fw lib/firmware/bnx2x/bnx2x-e1h-7.2.16.0.fw lib/firmware/bnx2x/bnx2x-e1h-7.2.51.0.fw lib/firmware/bnx2x/bnx2x-e1h-7.8.17.0.fw @@ -661,11 +600,13 @@ lib/firmware/bnx2x/bnx2x-e2-7.10.51.0.fw lib/firmware/bnx2x/bnx2x-e2-7.12.30.0.fw lib/firmware/bnx2x/bnx2x-e2-7.13.1.0.fw lib/firmware/bnx2x/bnx2x-e2-7.13.11.0.fw +lib/firmware/bnx2x/bnx2x-e2-7.13.15.0.fw lib/firmware/bnx2x/bnx2x-e2-7.2.16.0.fw lib/firmware/bnx2x/bnx2x-e2-7.2.51.0.fw lib/firmware/bnx2x/bnx2x-e2-7.8.17.0.fw lib/firmware/bnx2x/bnx2x-e2-7.8.19.0.fw lib/firmware/bnx2x/bnx2x-e2-7.8.2.0.fw +lib/firmware/brcm/BCM-0a5c-6410.hcd lib/firmware/brcm/BCM-0bb4-0306.hcd lib/firmware/brcm/bcm4329-fullmac-4.bin lib/firmware/brcm/bcm43xx-0.fw @@ -700,6 +641,7 @@ lib/firmware/brcm/brcmfmac43430a0-sdio.jumper-ezpad-mini3.txt lib/firmware/brcm/brcmfmac43455-sdio.MINIX-NEO_Z83-4.txt lib/firmware/brcm/brcmfmac43455-sdio.bin lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.txt +lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.txt lib/firmware/brcm/brcmfmac4350-pcie.bin lib/firmware/brcm/brcmfmac4350c2-pcie.bin lib/firmware/brcm/brcmfmac4354-sdio.bin @@ -719,143 +661,12 @@ lib/firmware/brcm/brcmfmac4373.bin #lib/firmware/cadence lib/firmware/cadence/mhdp8546.bin lib/firmware/carl9170-1.fw -#lib/firmware/carl9170fw -#lib/firmware/carl9170fw/CMakeLists.txt -#lib/firmware/carl9170fw/COPYRIGHT -#lib/firmware/carl9170fw/GPL -#lib/firmware/carl9170fw/Kconfig -#lib/firmware/carl9170fw/README -#lib/firmware/carl9170fw/autogen.sh -#lib/firmware/carl9170fw/carlfw -#lib/firmware/carl9170fw/carlfw/CMakeLists.txt -#lib/firmware/carl9170fw/carlfw/Kconfig -#lib/firmware/carl9170fw/carlfw/carl9170.lds -#lib/firmware/carl9170fw/carlfw/include -#lib/firmware/carl9170fw/carlfw/include/cam.h -#lib/firmware/carl9170fw/carlfw/include/carl9170.h -#lib/firmware/carl9170fw/carlfw/include/cmd.h -#lib/firmware/carl9170fw/carlfw/include/config.h -#lib/firmware/carl9170fw/carlfw/include/dma.h -#lib/firmware/carl9170fw/carlfw/include/fwdsc.h -#lib/firmware/carl9170fw/carlfw/include/gpio.h -#lib/firmware/carl9170fw/carlfw/include/hostif.h -#lib/firmware/carl9170fw/carlfw/include/io.h -#lib/firmware/carl9170fw/carlfw/include/printf.h -#lib/firmware/carl9170fw/carlfw/include/rf.h -#lib/firmware/carl9170fw/carlfw/include/rom.h -#lib/firmware/carl9170fw/carlfw/include/timer.h -#lib/firmware/carl9170fw/carlfw/include/uart.h -#lib/firmware/carl9170fw/carlfw/include/usb.h -#lib/firmware/carl9170fw/carlfw/include/usb_fifo.h -#lib/firmware/carl9170fw/carlfw/include/wl.h -#lib/firmware/carl9170fw/carlfw/include/wol.h -#lib/firmware/carl9170fw/carlfw/src -#lib/firmware/carl9170fw/carlfw/src/ashlsi3.S -#lib/firmware/carl9170fw/carlfw/src/cam.c -#lib/firmware/carl9170fw/carlfw/src/cmd.c -#lib/firmware/carl9170fw/carlfw/src/dma.c -#lib/firmware/carl9170fw/carlfw/src/fw.c -#lib/firmware/carl9170fw/carlfw/src/gpio.c -#lib/firmware/carl9170fw/carlfw/src/hostif.c -#lib/firmware/carl9170fw/carlfw/src/main.c -#lib/firmware/carl9170fw/carlfw/src/memcpy.S -#lib/firmware/carl9170fw/carlfw/src/memset.S -#lib/firmware/carl9170fw/carlfw/src/printf.c -#lib/firmware/carl9170fw/carlfw/src/reboot.S -#lib/firmware/carl9170fw/carlfw/src/rf.c -#lib/firmware/carl9170fw/carlfw/src/uart.c -#lib/firmware/carl9170fw/carlfw/src/udivsi3_i4i-Os.S -#lib/firmware/carl9170fw/carlfw/src/wlan.c -#lib/firmware/carl9170fw/carlfw/src/wol.c -#lib/firmware/carl9170fw/carlfw/usb -#lib/firmware/carl9170fw/carlfw/usb/Kconfig -#lib/firmware/carl9170fw/carlfw/usb/fifo.c -#lib/firmware/carl9170fw/carlfw/usb/main.c -#lib/firmware/carl9170fw/carlfw/usb/usb.c -#lib/firmware/carl9170fw/config -#lib/firmware/carl9170fw/config/CMakeLists.txt -#lib/firmware/carl9170fw/config/conf.c -#lib/firmware/carl9170fw/config/confdata.c -#lib/firmware/carl9170fw/config/expr.c -#lib/firmware/carl9170fw/config/expr.h -#lib/firmware/carl9170fw/config/lkc.h -#lib/firmware/carl9170fw/config/lkc_proto.h -#lib/firmware/carl9170fw/config/menu.c -#lib/firmware/carl9170fw/config/symbol.c -#lib/firmware/carl9170fw/config/util.c -#lib/firmware/carl9170fw/config/zconf.gperf -#lib/firmware/carl9170fw/config/zconf.l -#lib/firmware/carl9170fw/config/zconf.y -#lib/firmware/carl9170fw/extra -#lib/firmware/carl9170fw/extra/FindGPERF.cmake -#lib/firmware/carl9170fw/extra/FindPackageHandleStandardArgs.cmake -#lib/firmware/carl9170fw/extra/FindUSB-1.0.cmake -#lib/firmware/carl9170fw/extra/GCCVersion.cmake -#lib/firmware/carl9170fw/extra/libusb-zeropacket.diff -#lib/firmware/carl9170fw/extra/sh-elf-linux.cmake -#lib/firmware/carl9170fw/genapi.sh -#lib/firmware/carl9170fw/include -#lib/firmware/carl9170fw/include/linux -#lib/firmware/carl9170fw/include/linux/ch9.h -#lib/firmware/carl9170fw/include/linux/compiler.h -#lib/firmware/carl9170fw/include/linux/ieee80211.h -#lib/firmware/carl9170fw/include/linux/types.h -#lib/firmware/carl9170fw/include/shared -#lib/firmware/carl9170fw/include/shared/eeprom.h -#lib/firmware/carl9170fw/include/shared/fwcmd.h -#lib/firmware/carl9170fw/include/shared/fwdesc.h -#lib/firmware/carl9170fw/include/shared/hw.h -#lib/firmware/carl9170fw/include/shared/phy.h -#lib/firmware/carl9170fw/include/shared/version.h -#lib/firmware/carl9170fw/include/shared/wlan.h -#lib/firmware/carl9170fw/minifw -#lib/firmware/carl9170fw/minifw/CMakeLists.txt -#lib/firmware/carl9170fw/minifw/Kconfig -#lib/firmware/carl9170fw/minifw/miniboot.S -#lib/firmware/carl9170fw/minifw/miniboot.lds -#lib/firmware/carl9170fw/toolchain -#lib/firmware/carl9170fw/toolchain/Makefile -#lib/firmware/carl9170fw/toolchain/SHA256SUMS -#lib/firmware/carl9170fw/tools -#lib/firmware/carl9170fw/tools/CMakeLists.txt -#lib/firmware/carl9170fw/tools/Kconfig -#lib/firmware/carl9170fw/tools/carlu -#lib/firmware/carl9170fw/tools/carlu/CMakeLists.txt -#lib/firmware/carl9170fw/tools/carlu/src -#lib/firmware/carl9170fw/tools/carlu/src/carlu.h -#lib/firmware/carl9170fw/tools/carlu/src/cmd.c -#lib/firmware/carl9170fw/tools/carlu/src/cmd.h -#lib/firmware/carl9170fw/tools/carlu/src/debug.c -#lib/firmware/carl9170fw/tools/carlu/src/debug.h -#lib/firmware/carl9170fw/tools/carlu/src/fw.c -#lib/firmware/carl9170fw/tools/carlu/src/main.c -#lib/firmware/carl9170fw/tools/carlu/src/rx.c -#lib/firmware/carl9170fw/tools/carlu/src/test.c -#lib/firmware/carl9170fw/tools/carlu/src/test.h -#lib/firmware/carl9170fw/tools/carlu/src/tx.c -#lib/firmware/carl9170fw/tools/carlu/src/usb.c -#lib/firmware/carl9170fw/tools/carlu/src/usb.h -#lib/firmware/carl9170fw/tools/include -#lib/firmware/carl9170fw/tools/include/frame.h -#lib/firmware/carl9170fw/tools/include/list.h -#lib/firmware/carl9170fw/tools/lib -#lib/firmware/carl9170fw/tools/lib/CMakeLists.txt -#lib/firmware/carl9170fw/tools/lib/carlfw.c -#lib/firmware/carl9170fw/tools/lib/carlfw.h -#lib/firmware/carl9170fw/tools/src -#lib/firmware/carl9170fw/tools/src/CMakeLists.txt -#lib/firmware/carl9170fw/tools/src/checksum.c -#lib/firmware/carl9170fw/tools/src/eeprom_fix.c -#lib/firmware/carl9170fw/tools/src/fwinfo.c -#lib/firmware/carl9170fw/tools/src/miniboot.c -#lib/firmware/carl9170fw/tools/src/wol.c #lib/firmware/cavium lib/firmware/cavium/cnn55xx_ae.fw lib/firmware/cavium/cnn55xx_se.fw lib/firmware/cbfw-3.2.1.1.bin lib/firmware/cbfw-3.2.3.0.bin lib/firmware/cbfw-3.2.5.1.bin -lib/firmware/check_whence.py #lib/firmware/cis lib/firmware/cis/3CCFEM556.cis lib/firmware/cis/3CXEM556.cis @@ -864,7 +675,6 @@ lib/firmware/cis/COMpad4.cis lib/firmware/cis/DP83903.cis lib/firmware/cis/LA-PCM.cis lib/firmware/cis/MT5634ZLX.cis -#lib/firmware/cis/Makefile lib/firmware/cis/NE2K.cis lib/firmware/cis/PCMLM28.cis lib/firmware/cis/PE-200.cis @@ -873,25 +683,9 @@ lib/firmware/cis/RS-COM-2P.cis lib/firmware/cis/SW_555_SER.cis lib/firmware/cis/SW_7xx_SER.cis lib/firmware/cis/SW_8xx_SER.cis -#lib/firmware/cis/src -lib/firmware/cis/src/3CCFEM556.cis -lib/firmware/cis/src/3CXEM556.cis -lib/firmware/cis/src/COMpad2.cis -lib/firmware/cis/src/COMpad4.cis -lib/firmware/cis/src/DP83903.cis -lib/firmware/cis/src/LA-PCM.cis -lib/firmware/cis/src/MT5634ZLX.cis -lib/firmware/cis/src/NE2K.cis -lib/firmware/cis/src/PCMLM28.cis -lib/firmware/cis/src/PE-200.cis -lib/firmware/cis/src/PE520.cis -lib/firmware/cis/src/RS-COM-2P.cis -lib/firmware/cis/src/tamarack.cis lib/firmware/cis/tamarack.cis lib/firmware/cmmb_vega_12mhz.inp lib/firmware/cmmb_venice_12mhz.inp -#lib/firmware/configure -#lib/firmware/copy-firmware.sh #lib/firmware/cpia2 lib/firmware/cpia2/stv0672_vp4.bin lib/firmware/ct2fw-3.2.1.1.bin @@ -922,13 +716,19 @@ lib/firmware/cxgb4/configs/t5-config-default.txt lib/firmware/cxgb4/configs/t5-config-hashfilter.txt lib/firmware/cxgb4/configs/t6-config-default.txt lib/firmware/cxgb4/configs/t6-config-hashfilter.txt +lib/firmware/cxgb4/t4-config.txt lib/firmware/cxgb4/t4fw-1.14.4.0.bin lib/firmware/cxgb4/t4fw-1.15.37.0.bin -lib/firmware/cxgb4/t4fw-1.24.3.0.bin +lib/firmware/cxgb4/t4fw-1.24.14.0.bin +lib/firmware/cxgb4/t4fw.bin +lib/firmware/cxgb4/t5-config.txt lib/firmware/cxgb4/t5fw-1.14.4.0.bin lib/firmware/cxgb4/t5fw-1.15.37.0.bin -lib/firmware/cxgb4/t5fw-1.24.3.0.bin -lib/firmware/cxgb4/t6fw-1.24.3.0.bin +lib/firmware/cxgb4/t5fw-1.24.14.0.bin +lib/firmware/cxgb4/t5fw.bin +lib/firmware/cxgb4/t6-config.txt +lib/firmware/cxgb4/t6fw-1.24.14.0.bin +lib/firmware/cxgb4/t6fw.bin #lib/firmware/dabusb lib/firmware/dabusb/bitstream.bin lib/firmware/dabusb/firmware.fw @@ -943,11 +743,11 @@ lib/firmware/dpaa2/mc/mc_10.14.3_lx2160a.itb lib/firmware/dpaa2/mc/mc_10.16.2_ls1088a.itb lib/firmware/dpaa2/mc/mc_10.16.2_ls2088a.itb lib/firmware/dpaa2/mc/mc_10.16.2_lx2160a.itb +lib/firmware/dpaa2/mc/mc_10.18.0_ls1088a.itb +lib/firmware/dpaa2/mc/mc_10.18.0_ls2088a.itb +lib/firmware/dpaa2/mc/mc_10.18.0_lx2160a.itb #lib/firmware/dsp56k -#lib/firmware/dsp56k/Makefile -#lib/firmware/dsp56k/bootstrap.asm lib/firmware/dsp56k/bootstrap.bin -#lib/firmware/dsp56k/concat-bootstrap.pl lib/firmware/dvb-fe-xc4000-1.4.1.fw lib/firmware/dvb-fe-xc5000-1.6.114.fw lib/firmware/dvb-fe-xc5000c-4.1.30.7.fw @@ -1019,6 +819,8 @@ lib/firmware/i915/cml_guc_33.0.0.bin lib/firmware/i915/cml_huc_4.0.0.bin lib/firmware/i915/cnl_dmc_ver1_06.bin lib/firmware/i915/cnl_dmc_ver1_07.bin +lib/firmware/i915/ehl_guc_33.0.4.bin +lib/firmware/i915/ehl_huc_9.0.0.bin lib/firmware/i915/glk_dmc_ver1_04.bin lib/firmware/i915/glk_guc_32.0.3.bin lib/firmware/i915/glk_guc_33.0.0.bin @@ -1053,20 +855,32 @@ lib/firmware/i915/skl_guc_ver9_33.bin lib/firmware/i915/skl_huc_2.0.0.bin lib/firmware/i915/skl_huc_ver01_07_1398.bin lib/firmware/i915/tgl_dmc_ver2_04.bin +lib/firmware/i915/tgl_dmc_ver2_06.bin +lib/firmware/i915/tgl_guc_35.2.0.bin +lib/firmware/i915/tgl_huc_7.0.12.bin +lib/firmware/i915/tgl_huc_7.0.3.bin #lib/firmware/imx #lib/firmware/imx/sdma lib/firmware/imx/sdma/sdma-imx6q.bin lib/firmware/imx/sdma/sdma-imx7d.bin +#lib/firmware/inside-secure +lib/firmware/inside-secure/eip197_minifw +lib/firmware/inside-secure/eip197_minifw/ifpp.bin +lib/firmware/inside-secure/eip197_minifw/ipue.bin #lib/firmware/intel lib/firmware/intel/IntcSST2.bin +lib/firmware/intel/dsp_fw_bxtn.bin lib/firmware/intel/dsp_fw_bxtn_v2219.bin lib/firmware/intel/dsp_fw_bxtn_v3366.bin +lib/firmware/intel/dsp_fw_cnl.bin lib/firmware/intel/dsp_fw_cnl_v1191.bin lib/firmware/intel/dsp_fw_cnl_v1858.bin +lib/firmware/intel/dsp_fw_glk.bin lib/firmware/intel/dsp_fw_glk_v1814.bin lib/firmware/intel/dsp_fw_glk_v2768.bin lib/firmware/intel/dsp_fw_glk_v2880.bin lib/firmware/intel/dsp_fw_glk_v3366.bin +lib/firmware/intel/dsp_fw_kbl.bin lib/firmware/intel/dsp_fw_kbl_v1037.bin lib/firmware/intel/dsp_fw_kbl_v2042.bin lib/firmware/intel/dsp_fw_kbl_v2630.bin @@ -1074,6 +888,7 @@ lib/firmware/intel/dsp_fw_kbl_v3266.bin lib/firmware/intel/dsp_fw_kbl_v3402.bin lib/firmware/intel/dsp_fw_kbl_v3420.bin lib/firmware/intel/dsp_fw_kbl_v701.bin +lib/firmware/intel/dsp_fw_release.bin lib/firmware/intel/dsp_fw_release_v3402.bin lib/firmware/intel/dsp_fw_release_v969.bin lib/firmware/intel/fw_sst_0f28.bin @@ -1108,6 +923,10 @@ lib/firmware/intel/ibt-19-0-4.ddc lib/firmware/intel/ibt-19-0-4.sfi lib/firmware/intel/ibt-19-16-4.ddc lib/firmware/intel/ibt-19-16-4.sfi +lib/firmware/intel/ibt-19-240-1.ddc +lib/firmware/intel/ibt-19-240-1.sfi +lib/firmware/intel/ibt-19-240-4.ddc +lib/firmware/intel/ibt-19-240-4.sfi lib/firmware/intel/ibt-19-32-0.ddc lib/firmware/intel/ibt-19-32-0.sfi lib/firmware/intel/ibt-19-32-1.ddc @@ -1132,15 +951,12 @@ lib/firmware/intel/ibt-hw-37.8.bseq #lib/firmware/intel/ice #lib/firmware/intel/ice/ddp lib/firmware/intel/ice/ddp/ice-1.3.4.0.pkg +lib/firmware/intel/ice/ddp/ice.pkg +lib/firmware/intel/ipu3-fw.bin lib/firmware/intel/irci_irci_ecr-master_20161208_0213_20170112_1500.bin lib/firmware/intelliport2.bin #lib/firmware/isci -#lib/firmware/isci/Makefile -lib/firmware/isci/README -#lib/firmware/isci/create_fw.c -#lib/firmware/isci/create_fw.h lib/firmware/isci/isci_firmware.bin -#lib/firmware/isci/probe_roms.h lib/firmware/isdbt_nova_12mhz.inp lib/firmware/isdbt_nova_12mhz_b0.inp lib/firmware/isdbt_rio.inp @@ -1227,13 +1043,34 @@ lib/firmware/iwlwifi-9260-th-b0-jf-b0-41.ucode lib/firmware/iwlwifi-9260-th-b0-jf-b0-43.ucode lib/firmware/iwlwifi-9260-th-b0-jf-b0-46.ucode lib/firmware/iwlwifi-Qu-b0-hr-b0-48.ucode +lib/firmware/iwlwifi-Qu-b0-hr-b0-50.ucode +lib/firmware/iwlwifi-Qu-b0-hr-b0-53.ucode +lib/firmware/iwlwifi-Qu-b0-hr-b0-55.ucode lib/firmware/iwlwifi-Qu-b0-jf-b0-48.ucode +lib/firmware/iwlwifi-Qu-b0-jf-b0-50.ucode +lib/firmware/iwlwifi-Qu-b0-jf-b0-53.ucode +lib/firmware/iwlwifi-Qu-b0-jf-b0-55.ucode lib/firmware/iwlwifi-Qu-c0-hr-b0-48.ucode +lib/firmware/iwlwifi-Qu-c0-hr-b0-50.ucode +lib/firmware/iwlwifi-Qu-c0-hr-b0-53.ucode +lib/firmware/iwlwifi-Qu-c0-hr-b0-55.ucode lib/firmware/iwlwifi-Qu-c0-jf-b0-48.ucode +lib/firmware/iwlwifi-Qu-c0-jf-b0-50.ucode +lib/firmware/iwlwifi-Qu-c0-jf-b0-53.ucode +lib/firmware/iwlwifi-Qu-c0-jf-b0-55.ucode lib/firmware/iwlwifi-QuZ-a0-hr-b0-48.ucode +lib/firmware/iwlwifi-QuZ-a0-hr-b0-50.ucode +lib/firmware/iwlwifi-QuZ-a0-hr-b0-53.ucode +lib/firmware/iwlwifi-QuZ-a0-hr-b0-55.ucode lib/firmware/iwlwifi-QuZ-a0-jf-b0-48.ucode +lib/firmware/iwlwifi-QuZ-a0-jf-b0-50.ucode +lib/firmware/iwlwifi-QuZ-a0-jf-b0-53.ucode +lib/firmware/iwlwifi-QuZ-a0-jf-b0-55.ucode lib/firmware/iwlwifi-cc-a0-46.ucode lib/firmware/iwlwifi-cc-a0-48.ucode +lib/firmware/iwlwifi-cc-a0-50.ucode +lib/firmware/iwlwifi-cc-a0-53.ucode +lib/firmware/iwlwifi-cc-a0-55.ucode #lib/firmware/kaweth lib/firmware/kaweth/new_code.bin lib/firmware/kaweth/new_code_fix.bin @@ -1253,10 +1090,7 @@ lib/firmware/keyspan/usa28xb.fw lib/firmware/keyspan/usa49w.fw lib/firmware/keyspan/usa49wlc.fw #lib/firmware/keyspan_pda -#lib/firmware/keyspan_pda/Makefile -#lib/firmware/keyspan_pda/keyspan_pda.S lib/firmware/keyspan_pda/keyspan_pda.fw -#lib/firmware/keyspan_pda/xircom_pgs.S lib/firmware/keyspan_pda/xircom_pgs.fw #lib/firmware/korg lib/firmware/korg/k1212.dsp @@ -1282,6 +1116,8 @@ lib/firmware/libertas/sd8686_v8.bin lib/firmware/libertas/sd8686_v8_helper.bin lib/firmware/libertas/sd8686_v9.bin lib/firmware/libertas/sd8686_v9_helper.bin +lib/firmware/libertas/sd8688.bin +lib/firmware/libertas/sd8688_helper.bin lib/firmware/libertas/usb8388_olpc.bin lib/firmware/libertas/usb8388_v5.bin lib/firmware/libertas/usb8388_v9.bin @@ -1301,11 +1137,25 @@ lib/firmware/mediatek/mt7610u.bin lib/firmware/mediatek/mt7615_cr4.bin lib/firmware/mediatek/mt7615_n9.bin lib/firmware/mediatek/mt7615_rom_patch.bin +lib/firmware/mediatek/mt7622_n9.bin +lib/firmware/mediatek/mt7622_rom_patch.bin lib/firmware/mediatek/mt7622pr2h.bin lib/firmware/mediatek/mt7650e.bin lib/firmware/mediatek/mt7662u.bin lib/firmware/mediatek/mt7662u_rom_patch.bin +lib/firmware/mediatek/mt7663_n9_rebb.bin +lib/firmware/mediatek/mt7663_n9_v3.bin +lib/firmware/mediatek/mt7663pr2h.bin +lib/firmware/mediatek/mt7663pr2h_rebb.bin lib/firmware/mediatek/mt7668pr2h.bin +lib/firmware/mediatek/mt7915_rom_patch.bin +lib/firmware/mediatek/mt7915_wa.bin +lib/firmware/mediatek/mt7915_wm.bin +#lib/firmware/mediatek/mt8173 +lib/firmware/mediatek/mt8173/vpu_d.bin +lib/firmware/mediatek/mt8173/vpu_p.bin +#lib/firmware/mediatek/mt8183 +lib/firmware/mediatek/mt8183/scp.img #lib/firmware/mellanox lib/firmware/mellanox/mlxsw_spectrum-13.1420.122.mfa2 lib/firmware/mellanox/mlxsw_spectrum-13.1530.152.mfa2 @@ -1315,9 +1165,14 @@ lib/firmware/mellanox/mlxsw_spectrum-13.1703.4.mfa2 lib/firmware/mellanox/mlxsw_spectrum-13.1910.622.mfa2 lib/firmware/mellanox/mlxsw_spectrum-13.2000.1122.mfa2 lib/firmware/mellanox/mlxsw_spectrum-13.2000.1886.mfa2 +lib/firmware/mellanox/mlxsw_spectrum-13.2000.2308.mfa2 +lib/firmware/mellanox/mlxsw_spectrum-13.2000.2714.mfa2 +lib/firmware/mellanox/mlxsw_spectrum2-29.2000.2308.mfa2 +lib/firmware/mellanox/mlxsw_spectrum2-29.2000.2714.mfa2 #lib/firmware/meson #lib/firmware/meson/vdec lib/firmware/meson/vdec/g12a_h264.bin +lib/firmware/meson/vdec/g12a_hevc_mmu.bin lib/firmware/meson/vdec/g12a_vp9.bin lib/firmware/meson/vdec/gxbb_h264.bin lib/firmware/meson/vdec/gxl_h263.bin @@ -1327,7 +1182,10 @@ lib/firmware/meson/vdec/gxl_hevc_mmu.bin lib/firmware/meson/vdec/gxl_mjpeg.bin lib/firmware/meson/vdec/gxl_mpeg12.bin lib/firmware/meson/vdec/gxl_mpeg4_5.bin +lib/firmware/meson/vdec/gxl_vp9.bin lib/firmware/meson/vdec/gxm_h264.bin +lib/firmware/meson/vdec/sm1_hevc_mmu.bin +lib/firmware/meson/vdec/sm1_vp9_mmu.bin #lib/firmware/microchip lib/firmware/microchip/mscc_vsc8574_revb_int8051_29e8.bin lib/firmware/microchip/mscc_vsc8584_revb_int8051_fb48.bin @@ -1411,9 +1269,35 @@ lib/firmware/netronome/bpf/nic_AMDA0099-0001_1x10_1x25.nffw lib/firmware/netronome/bpf/nic_AMDA0099-0001_2x10.nffw lib/firmware/netronome/bpf/nic_AMDA0099-0001_2x25.nffw #lib/firmware/netronome/flower +lib/firmware/netronome/flower/nic_AMDA0058-0011_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0011_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0011_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0011_8x10.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_8x10.nffw lib/firmware/netronome/flower/nic_AMDA0058.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_8x10.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_8x10.nffw +lib/firmware/netronome/flower/nic_AMDA0081-0001_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0081-0001_4x10.nffw +lib/firmware/netronome/flower/nic_AMDA0081.nffw +lib/firmware/netronome/flower/nic_AMDA0096-0001_2x10.nffw lib/firmware/netronome/flower/nic_AMDA0096.nffw +lib/firmware/netronome/flower/nic_AMDA0097-0001_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0097-0001_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0097-0001_8x10.nffw lib/firmware/netronome/flower/nic_AMDA0097.nffw +lib/firmware/netronome/flower/nic_AMDA0099-0001_1x10_1x25.nffw +lib/firmware/netronome/flower/nic_AMDA0099-0001_2x10.nffw +lib/firmware/netronome/flower/nic_AMDA0099-0001_2x25.nffw lib/firmware/netronome/flower/nic_AMDA0099.nffw #lib/firmware/netronome/nic #lib/firmware/netronome/nic-sriov @@ -1441,6 +1325,18 @@ lib/firmware/netronome/nic/nic_AMDA0097-0001_8x10.nffw lib/firmware/netronome/nic/nic_AMDA0099-0001_1x10_1x25.nffw lib/firmware/netronome/nic/nic_AMDA0099-0001_2x10.nffw lib/firmware/netronome/nic/nic_AMDA0099-0001_2x25.nffw +lib/firmware/netronome/nic_AMDA0058-0011_2x40.nffw +lib/firmware/netronome/nic_AMDA0058-0012_2x40.nffw +lib/firmware/netronome/nic_AMDA0078-0011_1x100.nffw +lib/firmware/netronome/nic_AMDA0081-0001_1x40.nffw +lib/firmware/netronome/nic_AMDA0081-0001_4x10.nffw +lib/firmware/netronome/nic_AMDA0096-0001_2x10.nffw +lib/firmware/netronome/nic_AMDA0097-0001_2x40.nffw +lib/firmware/netronome/nic_AMDA0097-0001_4x10_1x40.nffw +lib/firmware/netronome/nic_AMDA0097-0001_8x10.nffw +lib/firmware/netronome/nic_AMDA0099-0001_1x10_1x25.nffw +lib/firmware/netronome/nic_AMDA0099-0001_2x10.nffw +lib/firmware/netronome/nic_AMDA0099-0001_2x25.nffw #lib/firmware/nvidia #lib/firmware/nvidia/gk20a lib/firmware/nvidia/gk20a/fecs_data.bin @@ -1726,21 +1622,159 @@ lib/firmware/nvidia/gv100/sec2/desc.bin lib/firmware/nvidia/gv100/sec2/image.bin lib/firmware/nvidia/gv100/sec2/sig.bin #lib/firmware/nvidia/tegra124 +lib/firmware/nvidia/tegra124/vic.bin lib/firmware/nvidia/tegra124/vic03_ucode.bin lib/firmware/nvidia/tegra124/xusb.bin #lib/firmware/nvidia/tegra186 +lib/firmware/nvidia/tegra186/vic.bin lib/firmware/nvidia/tegra186/vic04_ucode.bin lib/firmware/nvidia/tegra186/xusb.bin #lib/firmware/nvidia/tegra194 lib/firmware/nvidia/tegra194/xusb.bin #lib/firmware/nvidia/tegra210 +lib/firmware/nvidia/tegra210/vic.bin lib/firmware/nvidia/tegra210/vic04_ucode.bin lib/firmware/nvidia/tegra210/xusb.bin +#lib/firmware/nvidia/tu102 +#lib/firmware/nvidia/tu102/acr +lib/firmware/nvidia/tu102/acr/bl.bin +lib/firmware/nvidia/tu102/acr/ucode_ahesasc.bin +lib/firmware/nvidia/tu102/acr/ucode_asb.bin +lib/firmware/nvidia/tu102/acr/ucode_unload.bin +lib/firmware/nvidia/tu102/acr/unload_bl.bin +#lib/firmware/nvidia/tu102/gr +lib/firmware/nvidia/tu102/gr/fecs_bl.bin +lib/firmware/nvidia/tu102/gr/fecs_data.bin +lib/firmware/nvidia/tu102/gr/fecs_inst.bin +lib/firmware/nvidia/tu102/gr/fecs_sig.bin +lib/firmware/nvidia/tu102/gr/gpccs_bl.bin +lib/firmware/nvidia/tu102/gr/gpccs_data.bin +lib/firmware/nvidia/tu102/gr/gpccs_inst.bin +lib/firmware/nvidia/tu102/gr/gpccs_sig.bin +lib/firmware/nvidia/tu102/gr/sw_bundle_init.bin +lib/firmware/nvidia/tu102/gr/sw_ctx.bin +lib/firmware/nvidia/tu102/gr/sw_method_init.bin +lib/firmware/nvidia/tu102/gr/sw_nonctx.bin +lib/firmware/nvidia/tu102/gr/sw_veid_bundle_init.bin +#lib/firmware/nvidia/tu102/nvdec +lib/firmware/nvidia/tu102/nvdec/scrubber.bin +#lib/firmware/nvidia/tu102/sec2 +lib/firmware/nvidia/tu102/sec2/desc.bin +lib/firmware/nvidia/tu102/sec2/image.bin +lib/firmware/nvidia/tu102/sec2/sig.bin +#lib/firmware/nvidia/tu104 +#lib/firmware/nvidia/tu104/acr +lib/firmware/nvidia/tu104/acr/bl.bin +lib/firmware/nvidia/tu104/acr/ucode_ahesasc.bin +lib/firmware/nvidia/tu104/acr/ucode_asb.bin +lib/firmware/nvidia/tu104/acr/ucode_unload.bin +lib/firmware/nvidia/tu104/acr/unload_bl.bin +#lib/firmware/nvidia/tu104/gr +lib/firmware/nvidia/tu104/gr/fecs_bl.bin +lib/firmware/nvidia/tu104/gr/fecs_data.bin +lib/firmware/nvidia/tu104/gr/fecs_inst.bin +lib/firmware/nvidia/tu104/gr/fecs_sig.bin +lib/firmware/nvidia/tu104/gr/gpccs_bl.bin +lib/firmware/nvidia/tu104/gr/gpccs_data.bin +lib/firmware/nvidia/tu104/gr/gpccs_inst.bin +lib/firmware/nvidia/tu104/gr/gpccs_sig.bin +lib/firmware/nvidia/tu104/gr/sw_bundle_init.bin +lib/firmware/nvidia/tu104/gr/sw_ctx.bin +lib/firmware/nvidia/tu104/gr/sw_method_init.bin +lib/firmware/nvidia/tu104/gr/sw_nonctx.bin +lib/firmware/nvidia/tu104/gr/sw_veid_bundle_init.bin +#lib/firmware/nvidia/tu104/nvdec +lib/firmware/nvidia/tu104/nvdec/scrubber.bin +#lib/firmware/nvidia/tu104/sec2 +lib/firmware/nvidia/tu104/sec2/desc.bin +lib/firmware/nvidia/tu104/sec2/image.bin +lib/firmware/nvidia/tu104/sec2/sig.bin +#lib/firmware/nvidia/tu106 +#lib/firmware/nvidia/tu106/acr +lib/firmware/nvidia/tu106/acr/bl.bin +lib/firmware/nvidia/tu106/acr/ucode_ahesasc.bin +lib/firmware/nvidia/tu106/acr/ucode_asb.bin +lib/firmware/nvidia/tu106/acr/ucode_unload.bin +lib/firmware/nvidia/tu106/acr/unload_bl.bin +#lib/firmware/nvidia/tu106/gr +lib/firmware/nvidia/tu106/gr/fecs_bl.bin +lib/firmware/nvidia/tu106/gr/fecs_data.bin +lib/firmware/nvidia/tu106/gr/fecs_inst.bin +lib/firmware/nvidia/tu106/gr/fecs_sig.bin +lib/firmware/nvidia/tu106/gr/gpccs_bl.bin +lib/firmware/nvidia/tu106/gr/gpccs_data.bin +lib/firmware/nvidia/tu106/gr/gpccs_inst.bin +lib/firmware/nvidia/tu106/gr/gpccs_sig.bin +lib/firmware/nvidia/tu106/gr/sw_bundle_init.bin +lib/firmware/nvidia/tu106/gr/sw_ctx.bin +lib/firmware/nvidia/tu106/gr/sw_method_init.bin +lib/firmware/nvidia/tu106/gr/sw_nonctx.bin +lib/firmware/nvidia/tu106/gr/sw_veid_bundle_init.bin +#lib/firmware/nvidia/tu106/nvdec +lib/firmware/nvidia/tu106/nvdec/scrubber.bin +#lib/firmware/nvidia/tu106/sec2 +lib/firmware/nvidia/tu106/sec2/desc.bin +lib/firmware/nvidia/tu106/sec2/image.bin +lib/firmware/nvidia/tu106/sec2/sig.bin #lib/firmware/nvidia/tu10x #lib/firmware/nvidia/tu10x/typec lib/firmware/nvidia/tu10x/typec/ccg_boot.cyacd lib/firmware/nvidia/tu10x/typec/ccg_primary.cyacd lib/firmware/nvidia/tu10x/typec/ccg_secondary.cyacd +#lib/firmware/nvidia/tu116 +#lib/firmware/nvidia/tu116/acr +lib/firmware/nvidia/tu116/acr/bl.bin +lib/firmware/nvidia/tu116/acr/ucode_ahesasc.bin +lib/firmware/nvidia/tu116/acr/ucode_asb.bin +lib/firmware/nvidia/tu116/acr/ucode_unload.bin +lib/firmware/nvidia/tu116/acr/unload_bl.bin +#lib/firmware/nvidia/tu116/gr +lib/firmware/nvidia/tu116/gr/fecs_bl.bin +lib/firmware/nvidia/tu116/gr/fecs_data.bin +lib/firmware/nvidia/tu116/gr/fecs_inst.bin +lib/firmware/nvidia/tu116/gr/fecs_sig.bin +lib/firmware/nvidia/tu116/gr/gpccs_bl.bin +lib/firmware/nvidia/tu116/gr/gpccs_data.bin +lib/firmware/nvidia/tu116/gr/gpccs_inst.bin +lib/firmware/nvidia/tu116/gr/gpccs_sig.bin +lib/firmware/nvidia/tu116/gr/sw_bundle_init.bin +lib/firmware/nvidia/tu116/gr/sw_ctx.bin +lib/firmware/nvidia/tu116/gr/sw_method_init.bin +lib/firmware/nvidia/tu116/gr/sw_nonctx.bin +lib/firmware/nvidia/tu116/gr/sw_veid_bundle_init.bin +#lib/firmware/nvidia/tu116/nvdec +lib/firmware/nvidia/tu116/nvdec/scrubber.bin +#lib/firmware/nvidia/tu116/sec2 +lib/firmware/nvidia/tu116/sec2/desc.bin +lib/firmware/nvidia/tu116/sec2/image.bin +lib/firmware/nvidia/tu116/sec2/sig.bin +#lib/firmware/nvidia/tu117 +#lib/firmware/nvidia/tu117/acr +lib/firmware/nvidia/tu117/acr/bl.bin +lib/firmware/nvidia/tu117/acr/ucode_ahesasc.bin +lib/firmware/nvidia/tu117/acr/ucode_asb.bin +lib/firmware/nvidia/tu117/acr/ucode_unload.bin +lib/firmware/nvidia/tu117/acr/unload_bl.bin +#lib/firmware/nvidia/tu117/gr +lib/firmware/nvidia/tu117/gr/fecs_bl.bin +lib/firmware/nvidia/tu117/gr/fecs_data.bin +lib/firmware/nvidia/tu117/gr/fecs_inst.bin +lib/firmware/nvidia/tu117/gr/fecs_sig.bin +lib/firmware/nvidia/tu117/gr/gpccs_bl.bin +lib/firmware/nvidia/tu117/gr/gpccs_data.bin +lib/firmware/nvidia/tu117/gr/gpccs_inst.bin +lib/firmware/nvidia/tu117/gr/gpccs_sig.bin +lib/firmware/nvidia/tu117/gr/sw_bundle_init.bin +lib/firmware/nvidia/tu117/gr/sw_ctx.bin +lib/firmware/nvidia/tu117/gr/sw_method_init.bin +lib/firmware/nvidia/tu117/gr/sw_nonctx.bin +lib/firmware/nvidia/tu117/gr/sw_veid_bundle_init.bin +#lib/firmware/nvidia/tu117/nvdec +lib/firmware/nvidia/tu117/nvdec/scrubber.bin +#lib/firmware/nvidia/tu117/sec2 +lib/firmware/nvidia/tu117/sec2/desc.bin +lib/firmware/nvidia/tu117/sec2/image.bin +lib/firmware/nvidia/tu117/sec2/sig.bin #lib/firmware/ositech lib/firmware/ositech/Xilinx7OD.bin lib/firmware/phanfw.bin @@ -1750,26 +1784,34 @@ lib/firmware/qat_c3xxx.bin lib/firmware/qat_c3xxx_mmp.bin lib/firmware/qat_c62x.bin lib/firmware/qat_c62x_mmp.bin +lib/firmware/qat_mmp.bin #lib/firmware/qca -lib/firmware/qca/NOTICE.txt lib/firmware/qca/crbtfw21.tlv +lib/firmware/qca/crbtfw32.tlv lib/firmware/qca/crnv21.bin +lib/firmware/qca/crnv32.bin +lib/firmware/qca/htbtfw20.tlv +lib/firmware/qca/htnv20.bin lib/firmware/qca/nvm_00130300.bin lib/firmware/qca/nvm_00130302.bin +lib/firmware/qca/nvm_00230302.bin lib/firmware/qca/nvm_00440302.bin +lib/firmware/qca/nvm_00440302_eu.bin +lib/firmware/qca/nvm_00440302_i2s_eu.bin lib/firmware/qca/nvm_usb_00000200.bin lib/firmware/qca/nvm_usb_00000201.bin lib/firmware/qca/nvm_usb_00000300.bin lib/firmware/qca/nvm_usb_00000302.bin +lib/firmware/qca/nvm_usb_00000302_eu.bin lib/firmware/qca/rampatch_00130300.bin lib/firmware/qca/rampatch_00130302.bin +lib/firmware/qca/rampatch_00230302.bin lib/firmware/qca/rampatch_00440302.bin lib/firmware/qca/rampatch_usb_00000200.bin lib/firmware/qca/rampatch_usb_00000201.bin lib/firmware/qca/rampatch_usb_00000300.bin lib/firmware/qca/rampatch_usb_00000302.bin #lib/firmware/qcom -lib/firmware/qcom/NOTICE.txt lib/firmware/qcom/a300_pfp.fw lib/firmware/qcom/a300_pm4.fw lib/firmware/qcom/a530_pfp.fw @@ -1781,6 +1823,17 @@ lib/firmware/qcom/a530_zap.mdt lib/firmware/qcom/a530v3_gpmu.fw2 lib/firmware/qcom/a630_gmu.bin lib/firmware/qcom/a630_sqe.fw +#lib/firmware/qcom/sdm845 +lib/firmware/qcom/sdm845/a630_zap.mbn +lib/firmware/qcom/sdm845/adsp.mbn +lib/firmware/qcom/sdm845/adspr.jsn +lib/firmware/qcom/sdm845/adspua.jsn +lib/firmware/qcom/sdm845/cdsp.mbn +lib/firmware/qcom/sdm845/cdspr.jsn +lib/firmware/qcom/sdm845/mba.mbn +lib/firmware/qcom/sdm845/modem.mbn +lib/firmware/qcom/sdm845/modemuw.jsn +lib/firmware/qcom/sdm845/wlanmdsp.mbn #lib/firmware/qcom/venus-1.8 lib/firmware/qcom/venus-1.8/venus.b00 lib/firmware/qcom/venus-1.8/venus.b01 @@ -1803,6 +1856,14 @@ lib/firmware/qcom/venus-5.2/venus.b03 lib/firmware/qcom/venus-5.2/venus.b04 lib/firmware/qcom/venus-5.2/venus.mbn lib/firmware/qcom/venus-5.2/venus.mdt +#lib/firmware/qcom/venus-5.4 +lib/firmware/qcom/venus-5.4/venus.b00 +lib/firmware/qcom/venus-5.4/venus.b01 +lib/firmware/qcom/venus-5.4/venus.b02 +lib/firmware/qcom/venus-5.4/venus.b03 +lib/firmware/qcom/venus-5.4/venus.b04 +lib/firmware/qcom/venus-5.4/venus.mbn +lib/firmware/qcom/venus-5.4/venus.mdt #lib/firmware/qed lib/firmware/qed/qed_init_values-8.10.9.0.bin lib/firmware/qed/qed_init_values-8.14.6.0.bin @@ -1811,6 +1872,7 @@ lib/firmware/qed/qed_init_values-8.20.0.0.bin lib/firmware/qed/qed_init_values-8.30.12.0.bin lib/firmware/qed/qed_init_values-8.33.12.0.bin lib/firmware/qed/qed_init_values-8.37.7.0.bin +lib/firmware/qed/qed_init_values-8.40.33.0.bin lib/firmware/qed/qed_init_values_zipped-8.10.10.0.bin lib/firmware/qed/qed_init_values_zipped-8.10.5.0.bin lib/firmware/qed/qed_init_values_zipped-8.15.3.0.bin @@ -1820,6 +1882,7 @@ lib/firmware/qed/qed_init_values_zipped-8.33.11.0.bin lib/firmware/qed/qed_init_values_zipped-8.37.2.0.bin lib/firmware/qed/qed_init_values_zipped-8.37.7.0.bin lib/firmware/qed/qed_init_values_zipped-8.4.2.0.bin +lib/firmware/qed/qed_init_values_zipped-8.42.2.0.bin lib/firmware/qed/qed_init_values_zipped-8.7.3.0.bin lib/firmware/ql2100_fw.bin lib/firmware/ql2200_fw.bin @@ -2101,7 +2164,9 @@ lib/firmware/rt2561s.bin lib/firmware/rt2661.bin lib/firmware/rt2860.bin lib/firmware/rt2870.bin +lib/firmware/rt3070.bin lib/firmware/rt3071.bin +lib/firmware/rt3090.bin lib/firmware/rt3290.bin lib/firmware/rt73.bin #lib/firmware/rtl_bt @@ -2120,6 +2185,9 @@ lib/firmware/rtl_bt/rtl8821c_config.bin lib/firmware/rtl_bt/rtl8821c_fw.bin lib/firmware/rtl_bt/rtl8822b_config.bin lib/firmware/rtl_bt/rtl8822b_fw.bin +lib/firmware/rtl_bt/rtl8822cs_config.bin +lib/firmware/rtl_bt/rtl8822cs_fw.bin +lib/firmware/rtl_bt/rtl8822cu_config.bin lib/firmware/rtl_bt/rtl8822cu_fw.bin #lib/firmware/rtl_nic lib/firmware/rtl_nic/rtl8105e-1.fw @@ -2128,6 +2196,10 @@ lib/firmware/rtl_nic/rtl8106e-2.fw lib/firmware/rtl_nic/rtl8107e-1.fw lib/firmware/rtl_nic/rtl8107e-2.fw lib/firmware/rtl_nic/rtl8125a-3.fw +lib/firmware/rtl_nic/rtl8153a-2.fw +lib/firmware/rtl_nic/rtl8153a-3.fw +lib/firmware/rtl_nic/rtl8153a-4.fw +lib/firmware/rtl_nic/rtl8153b-2.fw lib/firmware/rtl_nic/rtl8168d-1.fw lib/firmware/rtl_nic/rtl8168d-2.fw lib/firmware/rtl_nic/rtl8168e-1.fw @@ -2135,6 +2207,7 @@ lib/firmware/rtl_nic/rtl8168e-2.fw lib/firmware/rtl_nic/rtl8168e-3.fw lib/firmware/rtl_nic/rtl8168f-1.fw lib/firmware/rtl_nic/rtl8168f-2.fw +lib/firmware/rtl_nic/rtl8168fp-3.fw lib/firmware/rtl_nic/rtl8168g-1.fw lib/firmware/rtl_nic/rtl8168g-2.fw lib/firmware/rtl_nic/rtl8168g-3.fw @@ -2183,9 +2256,13 @@ lib/firmware/rtlwifi/rtl8821aefw_wowlan.bin lib/firmware/rtlwifi/rtl8822befw.bin #lib/firmware/rtw88 lib/firmware/rtw88/README +lib/firmware/rtw88/rtw8723d_fw.bin +lib/firmware/rtw88/rtw8821c_fw.bin lib/firmware/rtw88/rtw8822b_fw.bin lib/firmware/rtw88/rtw8822c_fw.bin lib/firmware/rtw88/rtw8822c_wow_fw.bin +lib/firmware/s2250.fw +lib/firmware/s2250_loader.fw lib/firmware/s5p-mfc-v6-v2.fw lib/firmware/s5p-mfc-v6.fw lib/firmware/s5p-mfc-v7.fw @@ -2226,6 +2303,7 @@ lib/firmware/ti-connectivity/wl1251-nvs.bin lib/firmware/ti-connectivity/wl1271-fw-2.bin lib/firmware/ti-connectivity/wl1271-fw-ap.bin lib/firmware/ti-connectivity/wl1271-fw.bin +lib/firmware/ti-connectivity/wl1271-nvs.bin lib/firmware/ti-connectivity/wl127x-fw-3.bin lib/firmware/ti-connectivity/wl127x-fw-4-mr.bin lib/firmware/ti-connectivity/wl127x-fw-4-plt.bin @@ -2246,6 +2324,7 @@ lib/firmware/ti-connectivity/wl128x-fw-ap.bin lib/firmware/ti-connectivity/wl128x-fw-plt-3.bin lib/firmware/ti-connectivity/wl128x-fw.bin lib/firmware/ti-connectivity/wl128x-nvs.bin +lib/firmware/ti-connectivity/wl12xx-nvs.bin lib/firmware/ti-connectivity/wl18xx-fw-2.bin lib/firmware/ti-connectivity/wl18xx-fw-3.bin lib/firmware/ti-connectivity/wl18xx-fw-4.bin @@ -2288,12 +2367,6 @@ lib/firmware/ueagle-atm/eagleI.fw lib/firmware/ueagle-atm/eagleII.fw lib/firmware/ueagle-atm/eagleIII.fw lib/firmware/ueagle-atm/eagleIV.fw -#lib/firmware/usbdux -#lib/firmware/usbdux/Makefile_dux -#lib/firmware/usbdux/fx2-include.asm -#lib/firmware/usbdux/usbdux_firmware.asm -#lib/firmware/usbdux/usbduxfast_firmware.asm -#lib/firmware/usbdux/usbduxsigma_firmware.asm lib/firmware/usbdux_firmware.bin lib/firmware/usbduxfast_firmware.bin lib/firmware/usbduxsigma_firmware.bin diff --git a/config/rootfiles/core/147/filelists/linux-firmware-updates b/config/rootfiles/core/147/filelists/linux-firmware-updates new file mode 100644 index 000000000..90607af64 --- /dev/null +++ b/config/rootfiles/core/147/filelists/linux-firmware-updates @@ -0,0 +1,252 @@ +lib/firmware/amdgpu/navi10_asd.bin +lib/firmware/amdgpu/navi10_ce.bin +lib/firmware/amdgpu/navi10_me.bin +lib/firmware/amdgpu/navi10_mec2.bin +lib/firmware/amdgpu/navi10_mec.bin +lib/firmware/amdgpu/navi10_pfp.bin +lib/firmware/amdgpu/navi10_rlc.bin +lib/firmware/amdgpu/navi10_sdma1.bin +lib/firmware/amdgpu/navi10_sdma.bin +lib/firmware/amdgpu/navi10_smc.bin +lib/firmware/amdgpu/navi10_sos.bin +lib/firmware/amdgpu/navi10_ta.bin +lib/firmware/amdgpu/navi10_vcn.bin +lib/firmware/amdgpu/navi14_asd.bin +lib/firmware/amdgpu/navi14_ce.bin +lib/firmware/amdgpu/navi14_ce_wks.bin +lib/firmware/amdgpu/navi14_me.bin +lib/firmware/amdgpu/navi14_mec2.bin +lib/firmware/amdgpu/navi14_mec2_wks.bin +lib/firmware/amdgpu/navi14_mec.bin +lib/firmware/amdgpu/navi14_mec_wks.bin +lib/firmware/amdgpu/navi14_me_wks.bin +lib/firmware/amdgpu/navi14_pfp.bin +lib/firmware/amdgpu/navi14_pfp_wks.bin +lib/firmware/amdgpu/navi14_rlc.bin +lib/firmware/amdgpu/navi14_sdma1.bin +lib/firmware/amdgpu/navi14_sdma.bin +lib/firmware/amdgpu/navi14_smc.bin +lib/firmware/amdgpu/navi14_sos.bin +lib/firmware/amdgpu/navi14_ta.bin +lib/firmware/amdgpu/navi14_vcn.bin +lib/firmware/amdgpu/picasso_asd.bin +lib/firmware/amdgpu/picasso_ce.bin +lib/firmware/amdgpu/picasso_me.bin +lib/firmware/amdgpu/picasso_mec2.bin +lib/firmware/amdgpu/picasso_mec.bin +lib/firmware/amdgpu/picasso_pfp.bin +lib/firmware/amdgpu/picasso_rlc.bin +lib/firmware/amdgpu/picasso_ta.bin +lib/firmware/amdgpu/picasso_vcn.bin +lib/firmware/amdgpu/raven2_asd.bin +lib/firmware/amdgpu/raven2_ce.bin +lib/firmware/amdgpu/raven2_me.bin +lib/firmware/amdgpu/raven2_mec2.bin +lib/firmware/amdgpu/raven2_mec.bin +lib/firmware/amdgpu/raven2_pfp.bin +lib/firmware/amdgpu/raven2_rlc.bin +lib/firmware/amdgpu/raven2_ta.bin +lib/firmware/amdgpu/raven2_vcn.bin +lib/firmware/amdgpu/raven_asd.bin +lib/firmware/amdgpu/raven_ce.bin +lib/firmware/amdgpu/raven_dmcu.bin +lib/firmware/amdgpu/raven_kicker_rlc.bin +lib/firmware/amdgpu/raven_me.bin +lib/firmware/amdgpu/raven_mec2.bin +lib/firmware/amdgpu/raven_mec.bin +lib/firmware/amdgpu/raven_pfp.bin +lib/firmware/amdgpu/raven_rlc.bin +lib/firmware/amdgpu/raven_ta.bin +lib/firmware/amdgpu/raven_vcn.bin +lib/firmware/amdgpu/renoir_asd.bin +lib/firmware/amdgpu/renoir_ce.bin +lib/firmware/amdgpu/renoir_dmcub.bin +lib/firmware/amdgpu/renoir_gpu_info.bin +lib/firmware/amdgpu/renoir_me.bin +lib/firmware/amdgpu/renoir_mec2.bin +lib/firmware/amdgpu/renoir_mec.bin +lib/firmware/amdgpu/renoir_pfp.bin +lib/firmware/amdgpu/renoir_rlc.bin +lib/firmware/amdgpu/renoir_sdma.bin +lib/firmware/amdgpu/renoir_vcn.bin +lib/firmware/amdgpu/vega10_asd.bin +lib/firmware/amdgpu/vega10_ce.bin +lib/firmware/amdgpu/vega10_me.bin +lib/firmware/amdgpu/vega10_mec2.bin +lib/firmware/amdgpu/vega10_mec.bin +lib/firmware/amdgpu/vega10_pfp.bin +lib/firmware/amdgpu/vega10_rlc.bin +lib/firmware/amdgpu/vega10_sdma1.bin +lib/firmware/amdgpu/vega10_sdma.bin +lib/firmware/amdgpu/vega10_smc.bin +lib/firmware/amdgpu/vega10_sos.bin +lib/firmware/amdgpu/vega10_uvd.bin +lib/firmware/amdgpu/vega10_vce.bin +lib/firmware/amdgpu/vega12_asd.bin +lib/firmware/amdgpu/vega12_ce.bin +lib/firmware/amdgpu/vega12_me.bin +lib/firmware/amdgpu/vega12_mec2.bin +lib/firmware/amdgpu/vega12_mec.bin +lib/firmware/amdgpu/vega12_pfp.bin +lib/firmware/amdgpu/vega12_sdma1.bin +lib/firmware/amdgpu/vega12_sdma.bin +lib/firmware/amdgpu/vega12_sos.bin +lib/firmware/amdgpu/vega12_uvd.bin +lib/firmware/amdgpu/vega12_vce.bin +lib/firmware/amdgpu/vega20_asd.bin +lib/firmware/amdgpu/vega20_ce.bin +lib/firmware/amdgpu/vega20_me.bin +lib/firmware/amdgpu/vega20_mec2.bin +lib/firmware/amdgpu/vega20_mec.bin +lib/firmware/amdgpu/vega20_pfp.bin +lib/firmware/amdgpu/vega20_rlc.bin +lib/firmware/amdgpu/vega20_smc.bin +lib/firmware/amdgpu/vega20_sos.bin +lib/firmware/amdgpu/vega20_uvd.bin +lib/firmware/amdgpu/vega20_vce.bin +lib/firmware/amd-ucode/microcode_amd_fam17h.bin +lib/firmware/ath10k/QCA6174/hw3.0/board-2.bin +lib/firmware/ath10k/QCA9887/hw1.0/firmware-5.bin +lib/firmware/ath10k/QCA9888/hw2.0/firmware-5.bin +lib/firmware/ath10k/QCA988X/hw2.0/firmware-5.bin +lib/firmware/ath10k/QCA9984/hw1.0/firmware-5.bin +lib/firmware/ath10k/WCN3990 +lib/firmware/bnx2x/bnx2x-e1-7.13.15.0.fw +lib/firmware/bnx2x/bnx2x-e1h-7.13.15.0.fw +lib/firmware/bnx2x/bnx2x-e2-7.13.15.0.fw +lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.txt +lib/firmware/cxgb4/configs/t6-config-default.txt +lib/firmware/cxgb4/t4fw-1.24.14.0.bin +lib/firmware/cxgb4/t5fw-1.24.14.0.bin +lib/firmware/cxgb4/t6fw-1.24.14.0.bin +lib/firmware/dpaa2/mc/mc_10.18.0_ls1088a.itb +lib/firmware/dpaa2/mc/mc_10.18.0_ls2088a.itb +lib/firmware/dpaa2/mc/mc_10.18.0_lx2160a.itb +lib/firmware/i915/ehl_guc_33.0.4.bin +lib/firmware/i915/ehl_huc_9.0.0.bin +lib/firmware/i915/tgl_dmc_ver2_06.bin +lib/firmware/i915/tgl_guc_35.2.0.bin +lib/firmware/i915/tgl_huc_7.0.12.bin +lib/firmware/i915/tgl_huc_7.0.3.bin +lib/firmware/inside-secure +lib/firmware/intel/ibt-17-16-1.ddc +lib/firmware/intel/ibt-17-16-1.sfi +lib/firmware/intel/ibt-17-2.ddc +lib/firmware/intel/ibt-17-2.sfi +lib/firmware/intel/ibt-18-16-1.ddc +lib/firmware/intel/ibt-18-16-1.sfi +lib/firmware/intel/ibt-18-2.ddc +lib/firmware/intel/ibt-18-2.sfi +lib/firmware/intel/ibt-19-0-0.ddc +lib/firmware/intel/ibt-19-0-0.sfi +lib/firmware/intel/ibt-19-0-1.ddc +lib/firmware/intel/ibt-19-0-1.sfi +lib/firmware/intel/ibt-19-0-4.ddc +lib/firmware/intel/ibt-19-0-4.sfi +lib/firmware/intel/ibt-19-16-4.ddc +lib/firmware/intel/ibt-19-16-4.sfi +lib/firmware/intel/ibt-19-240-1.ddc +lib/firmware/intel/ibt-19-240-1.sfi +lib/firmware/intel/ibt-19-240-4.ddc +lib/firmware/intel/ibt-19-240-4.sfi +lib/firmware/intel/ibt-19-32-0.ddc +lib/firmware/intel/ibt-19-32-0.sfi +lib/firmware/intel/ibt-19-32-1.ddc +lib/firmware/intel/ibt-19-32-1.sfi +lib/firmware/intel/ibt-19-32-4.ddc +lib/firmware/intel/ibt-19-32-4.sfi +lib/firmware/intel/ibt-20-0-3.ddc +lib/firmware/intel/ibt-20-0-3.sfi +lib/firmware/intel/ibt-20-1-3.ddc +lib/firmware/intel/ibt-20-1-3.sfi +lib/firmware/intel/ibt-20-1-4.ddc +lib/firmware/intel/ibt-20-1-4.sfi +lib/firmware/iwlwifi-3168-29.ucode +lib/firmware/iwlwifi-7265D-29.ucode +lib/firmware/iwlwifi-8000C-36.ucode +lib/firmware/iwlwifi-8265-36.ucode +lib/firmware/iwlwifi-9000-pu-b0-jf-b0-46.ucode +lib/firmware/iwlwifi-9260-th-b0-jf-b0-46.ucode +lib/firmware/iwlwifi-cc-a0-50.ucode +lib/firmware/iwlwifi-cc-a0-53.ucode +lib/firmware/iwlwifi-cc-a0-55.ucode +lib/firmware/iwlwifi-Qu-b0-hr-b0-50.ucode +lib/firmware/iwlwifi-Qu-b0-hr-b0-53.ucode +lib/firmware/iwlwifi-Qu-b0-hr-b0-55.ucode +lib/firmware/iwlwifi-Qu-b0-jf-b0-50.ucode +lib/firmware/iwlwifi-Qu-b0-jf-b0-53.ucode +lib/firmware/iwlwifi-Qu-b0-jf-b0-55.ucode +lib/firmware/iwlwifi-Qu-c0-hr-b0-50.ucode +lib/firmware/iwlwifi-Qu-c0-hr-b0-53.ucode +lib/firmware/iwlwifi-Qu-c0-hr-b0-55.ucode +lib/firmware/iwlwifi-Qu-c0-jf-b0-50.ucode +lib/firmware/iwlwifi-Qu-c0-jf-b0-53.ucode +lib/firmware/iwlwifi-Qu-c0-jf-b0-55.ucode +lib/firmware/iwlwifi-QuZ-a0-hr-b0-50.ucode +lib/firmware/iwlwifi-QuZ-a0-hr-b0-53.ucode +lib/firmware/iwlwifi-QuZ-a0-hr-b0-55.ucode +lib/firmware/iwlwifi-QuZ-a0-jf-b0-50.ucode +lib/firmware/iwlwifi-QuZ-a0-jf-b0-53.ucode +lib/firmware/iwlwifi-QuZ-a0-jf-b0-55.ucode +lib/firmware/mediatek/mt7615_n9.bin +lib/firmware/mediatek/mt7622_n9.bin +lib/firmware/mediatek/mt7622_rom_patch.bin +lib/firmware/mediatek/mt7663_n9_rebb.bin +lib/firmware/mediatek/mt7663_n9_v3.bin +lib/firmware/mediatek/mt7663pr2h.bin +lib/firmware/mediatek/mt7663pr2h_rebb.bin +lib/firmware/mediatek/mt7915_rom_patch.bin +lib/firmware/mediatek/mt7915_wa.bin +lib/firmware/mediatek/mt7915_wm.bin +lib/firmware/mediatek/mt8173 +lib/firmware/mediatek/mt8183 +lib/firmware/mellanox/mlxsw_spectrum-13.2000.2308.mfa2 +lib/firmware/mellanox/mlxsw_spectrum-13.2000.2714.mfa2 +lib/firmware/mellanox/mlxsw_spectrum2-29.2000.2308.mfa2 +lib/firmware/mellanox/mlxsw_spectrum2-29.2000.2714.mfa2 +lib/firmware/meson/vdec/g12a_hevc_mmu.bin +lib/firmware/meson/vdec/g12a_vp9.bin +lib/firmware/meson/vdec/gxl_h264.bin +lib/firmware/meson/vdec/gxl_hevc.bin +lib/firmware/meson/vdec/gxl_hevc_mmu.bin +lib/firmware/meson/vdec/gxl_mjpeg.bin +lib/firmware/meson/vdec/gxl_mpeg12.bin +lib/firmware/meson/vdec/gxl_vp9.bin +lib/firmware/meson/vdec/gxm_h264.bin +lib/firmware/meson/vdec/sm1_hevc_mmu.bin +lib/firmware/meson/vdec/sm1_vp9_mmu.bin +lib/firmware/netronome/flower/nic_AMDA0058.nffw +lib/firmware/netronome/flower/nic_AMDA0096.nffw +lib/firmware/netronome/flower/nic_AMDA0097.nffw +lib/firmware/netronome/flower/nic_AMDA0099.nffw +lib/firmware/nvidia/tu102 +lib/firmware/nvidia/tu104 +lib/firmware/nvidia/tu106 +lib/firmware/nvidia/tu116 +lib/firmware/nvidia/tu117 +lib/firmware/qca/crbtfw32.tlv +lib/firmware/qca/crnv32.bin +lib/firmware/qca/htbtfw20.tlv +lib/firmware/qca/htnv20.bin +lib/firmware/qca/nvm_00230302.bin +lib/firmware/qca/nvm_00440302_eu.bin +lib/firmware/qca/nvm_00440302_i2s_eu.bin +lib/firmware/qca/nvm_usb_00000302_eu.bin +lib/firmware/qca/rampatch_00230302.bin +lib/firmware/qca/rampatch_00440302.bin +lib/firmware/qca/rampatch_usb_00000302.bin +lib/firmware/qcom/sdm845 +lib/firmware/qcom/venus-5.4 +lib/firmware/qed/qed_init_values-8.40.33.0.bin +lib/firmware/qed/qed_init_values_zipped-8.42.2.0.bin +lib/firmware/rtl_bt/rtl8822cs_config.bin +lib/firmware/rtl_bt/rtl8822cs_fw.bin +lib/firmware/rtl_bt/rtl8822cu_config.bin +lib/firmware/rtl_bt/rtl8822cu_fw.bin +lib/firmware/rtl_nic/rtl8153a-2.fw +lib/firmware/rtl_nic/rtl8153a-3.fw +lib/firmware/rtl_nic/rtl8153a-4.fw +lib/firmware/rtl_nic/rtl8153b-2.fw +lib/firmware/rtl_nic/rtl8168fp-3.fw +lib/firmware/rtw88/rtw8723d_fw.bin +lib/firmware/rtw88/rtw8821c_fw.bin diff --git a/lfs/linux-firmware b/lfs/linux-firmware index e66bade99..9f7152573 100644 --- a/lfs/linux-firmware +++ b/lfs/linux-firmware @@ -24,7 +24,7 @@ include Config -VER = 20191022 +VER = 20200519 THISAPP = linux-firmware-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = a9fa049840931f37469a8035b9c06318 +$(DL_FILE)_MD5 = 7ea1c59732569a01ec8b0e6a412a314c install : $(TARGET) @@ -71,7 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) mkdir -p /lib/firmware - cd $(DIR_APP) && cp -vr * /lib/firmware + cd $(DIR_APP) && make install # Remove Space from Filenames mv "/lib/firmware/brcm/brcmfmac43430a0-sdio.ONDA-V80 PLUS.txt" \ "/lib/firmware/brcm/brcmfmac43430a0-sdio.ONDA-V80_PLUS.txt" From 673a453b697faf02249f3a6fa7e02481f4e8f0d3 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 27 Jun 2020 07:47:43 +0200 Subject: [PATCH 44/67] gmp: update arm rootfiles Signed-off-by: Arne Fitzenreiter --- config/rootfiles/common/aarch64/gmp | 2 ++ config/rootfiles/common/armv5tel/gmp | 2 ++ 2 files changed, 4 insertions(+) diff --git a/config/rootfiles/common/aarch64/gmp b/config/rootfiles/common/aarch64/gmp index 8a95add05..c1d6a7d9d 100644 --- a/config/rootfiles/common/aarch64/gmp +++ b/config/rootfiles/common/aarch64/gmp @@ -10,6 +10,8 @@ usr/lib/libgmp.so.10.4.0 #usr/lib/libgmpxx.so usr/lib/libgmpxx.so.4 usr/lib/libgmpxx.so.4.6.0 +#usr/lib/pkgconfig/gmp.pc +#usr/lib/pkgconfig/gmpxx.pc #usr/share/info/gmp.info #usr/share/info/gmp.info-1 #usr/share/info/gmp.info-2 diff --git a/config/rootfiles/common/armv5tel/gmp b/config/rootfiles/common/armv5tel/gmp index 8a95add05..c1d6a7d9d 100644 --- a/config/rootfiles/common/armv5tel/gmp +++ b/config/rootfiles/common/armv5tel/gmp @@ -10,6 +10,8 @@ usr/lib/libgmp.so.10.4.0 #usr/lib/libgmpxx.so usr/lib/libgmpxx.so.4 usr/lib/libgmpxx.so.4.6.0 +#usr/lib/pkgconfig/gmp.pc +#usr/lib/pkgconfig/gmpxx.pc #usr/share/info/gmp.info #usr/share/info/gmp.info-1 #usr/share/info/gmp.info-2 From 5f34a67205dd3205838917c72e2f125eaa19cbd9 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 27 Jun 2020 12:27:10 +0200 Subject: [PATCH 45/67] installer: update filecount Signed-off-by: Arne Fitzenreiter --- src/installer/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/installer/main.c b/src/installer/main.c index 34b89ae3d..3eff481b0 100644 --- a/src/installer/main.c +++ b/src/installer/main.c @@ -23,7 +23,7 @@ #include #define _(x) dgettext("installer", x) -#define INST_FILECOUNT 24800 +#define INST_FILECOUNT 28000 #define LICENSE_FILE "/cdrom/COPYING" #define SOURCE_TEMPFILE "/tmp/downloads/image.iso" From ba036c14cb650fa99efab161cf37bc341a5f5e2a Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 19 Jun 2020 19:18:21 +0200 Subject: [PATCH 46/67] bind: Update to 9.11.20 For details see: https://downloads.isc.org/isc/bind9/9.11.20/RELEASE-NOTES-bind-9.11.20.html "Security Fixes It was possible to trigger an INSIST failure when a zone with an interior wildcard label was queried in a certain pattern. This was disclosed in CVE-2020-8619. [GL #1111] [GL #1718] New Features dig and other tools can now print the Extended DNS Error (EDE) option when it appears in a request or a response. [GL #1835] Bug Fixes When fully updating the NSEC3 chain for a large zone via IXFR, a temporary loss of performance could be experienced on the secondary server when answering queries for nonexistent data that required DNSSEC proof of non-existence (in other words, queries that required the server to find and to return NSEC3 data). The unnecessary processing step that was causing this delay has now been removed. [GL #1834] A data race in lib/dns/resolver.c:log_formerr() that could lead to an assertion failure was fixed. [GL #1808] Previously, provide-ixfr no; failed to return up-to-date responses when the serial number was greater than or equal to the current serial number. [GL #1714] named-checkconf -p could include spurious text in server-addresses statements due to an uninitialized DSCP value. This has been fixed. [GL #1812] The ARM has been updated to indicate that the TSIG session key is generated when named starts, regardless of whether it is needed. [GL #1842]" Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Arne Fitzenreiter --- config/rootfiles/common/bind | 9 +++++---- lfs/bind | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index d70ce3272..1fb79b894 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -213,6 +213,7 @@ usr/bin/nsupdate #usr/include/isc/timer.h #usr/include/isc/tm.h #usr/include/isc/types.h +#usr/include/isc/utf8.h #usr/include/isc/util.h #usr/include/isc/version.h #usr/include/isc/xml.h @@ -271,11 +272,11 @@ usr/lib/libbind9.so.161.0.4 #usr/lib/libdns.la #usr/lib/libdns.so usr/lib/libdns.so.1110 -usr/lib/libdns.so.1110.0.2 +usr/lib/libdns.so.1110.0.3 #usr/lib/libisc.la #usr/lib/libisc.so usr/lib/libisc.so.1105 -usr/lib/libisc.so.1105.0.2 +usr/lib/libisc.so.1105.1.0 #usr/lib/libisccc.la #usr/lib/libisccc.so usr/lib/libisccc.so.161 @@ -283,11 +284,11 @@ usr/lib/libisccc.so.161.0.1 #usr/lib/libisccfg.la #usr/lib/libisccfg.so usr/lib/libisccfg.so.163 -usr/lib/libisccfg.so.163.0.7 +usr/lib/libisccfg.so.163.0.8 #usr/lib/liblwres.la #usr/lib/liblwres.so usr/lib/liblwres.so.161 -usr/lib/liblwres.so.161.0.3 +usr/lib/liblwres.so.161.0.4 #usr/share/man/man1/dig.1 #usr/share/man/man1/host.1 #usr/share/man/man1/nslookup.1 diff --git a/lfs/bind b/lfs/bind index 4d0602eda..9ea6b6549 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ include Config -VER = 9.11.19 +VER = 9.11.20 THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 41bc2c6509a4c324e16775b462608820 +$(DL_FILE)_MD5 = bb64b1fd66a915af98fdf2ae2287ddb4 install : $(TARGET) From 19672b81cdbe3364edf5a9d67c4e4c78cafaa2f7 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 27 Jun 2020 14:24:44 +0000 Subject: [PATCH 47/67] core147: add bind Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/147/filelists/bind | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/147/filelists/bind diff --git a/config/rootfiles/core/147/filelists/bind b/config/rootfiles/core/147/filelists/bind new file mode 120000 index 000000000..48a0ebaef --- /dev/null +++ b/config/rootfiles/core/147/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file From 72418788613fd961d488e4ad03fd182a4a6da973 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20M=C3=BCller?= Date: Sat, 20 Jun 2020 09:37:22 +0000 Subject: [PATCH 48/67] update ca-certificates CA bundle MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update the CA certificates list to what Mozilla NSS ships currently. The original file can be retrieved from: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt Signed-off-by: Peter Müller Reviewed-by: Michael Tremer Signed-off-by: Arne Fitzenreiter --- config/ca-certificates/certdata.txt | 1856 ++++++++++----------------- lfs/ca-certificates | 4 +- 2 files changed, 646 insertions(+), 1214 deletions(-) diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt index 5b9d679d1..fcef935cb 100644 --- a/config/ca-certificates/certdata.txt +++ b/config/ca-certificates/certdata.txt @@ -674,285 +674,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Verisign Class 3 Public Primary Certification Authority - G3" -# -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Fri Oct 01 00:00:00 1999 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09 -# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161 -\051\357\127 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\032\060\202\003\002\002\021\000\233\176\006\111\243 -\076\142\271\325\356\220\110\161\051\357\127\060\015\006\011\052 -\206\110\206\367\015\001\001\005\005\000\060\201\312\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003 -\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111 -\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061\050 -\143\051\040\061\071\071\071\040\126\145\162\151\123\151\147\156 -\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164 -\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171 -\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151\123 -\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\063\060\036\027\015\071\071\061\060\060 -\061\060\060\060\060\060\060\132\027\015\063\066\060\067\061\066 -\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006\003 -\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004\012 -\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143\056 -\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123 -\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162 -\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040 -\061\071\071\071\040\126\145\162\151\123\151\147\156\054\040\111 -\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105\060 -\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147\156 -\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143\040 -\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\313\272\234\122\374\170\037\032\036\157\033 -\067\163\275\370\311\153\224\022\060\117\360\066\107\365\320\221 -\012\365\027\310\245\141\301\026\100\115\373\212\141\220\345\166 -\040\301\021\006\175\253\054\156\246\365\021\101\216\372\055\255 -\052\141\131\244\147\046\114\320\350\274\122\133\160\040\004\130 -\321\172\311\244\151\274\203\027\144\255\005\213\274\320\130\316 -\215\214\365\353\360\102\111\013\235\227\047\147\062\156\341\256 -\223\025\034\160\274\040\115\057\030\336\222\210\350\154\205\127 -\021\032\351\176\343\046\021\124\242\105\226\125\203\312\060\211 -\350\334\330\243\355\052\200\077\177\171\145\127\076\025\040\146 -\010\057\225\223\277\252\107\057\250\106\227\360\022\342\376\302 -\012\053\121\346\166\346\267\106\267\342\015\246\314\250\303\114 -\131\125\211\346\350\123\134\034\352\235\360\142\026\013\247\311 -\137\014\360\336\302\166\316\257\367\152\362\372\101\246\242\063 -\024\311\345\172\143\323\236\142\067\325\205\145\236\016\346\123 -\044\164\033\136\035\022\123\133\307\054\347\203\111\073\025\256 -\212\150\271\127\227\002\003\001\000\001\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\021\024 -\226\301\253\222\010\367\077\057\311\262\376\344\132\237\144\336 -\333\041\117\206\231\064\166\066\127\335\320\025\057\305\255\177 -\025\037\067\142\163\076\324\347\137\316\027\003\333\065\372\053 -\333\256\140\011\137\036\137\217\156\273\013\075\352\132\023\036 -\014\140\157\265\300\265\043\042\056\007\013\313\251\164\313\107 -\273\035\301\327\245\153\314\057\322\102\375\111\335\247\211\317 -\123\272\332\000\132\050\277\202\337\370\272\023\035\120\206\202 -\375\216\060\217\051\106\260\036\075\065\332\070\142\026\030\112 -\255\346\266\121\154\336\257\142\353\001\320\036\044\376\172\217 -\022\032\022\150\270\373\146\231\024\024\105\134\256\347\256\151 -\027\201\053\132\067\311\136\052\364\306\342\241\134\124\233\246 -\124\000\317\360\361\301\307\230\060\032\073\066\026\333\243\156 -\352\375\255\262\302\332\357\002\107\023\212\300\361\263\061\255 -\117\034\341\117\234\257\017\014\235\367\170\015\330\364\065\126 -\200\332\267\155\027\217\235\036\201\144\341\376\305\105\272\255 -\153\271\012\172\116\117\113\204\356\113\361\175\335\021 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3" -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Fri Oct 01 00:00:00 1999 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09 -# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\023\055\015\105\123\113\151\227\315\262\325\303\071\342\125\166 -\140\233\134\306 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\315\150\266\247\307\304\316\165\340\035\117\127\104\141\222\011 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161 -\051\357\127 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)" -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:4c:00:36:1b:e5:08:2b:a9:aa:ce:74:0a:05:3e:fb:34 -# Subject: CN=Egypt Trust Class 3 Managed PKI Enterprise Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG -# Not Valid Before: Sun May 18 00:00:00 2008 -# Not Valid After : Thu May 17 23:59:59 2018 -# Fingerprint (MD5): A7:91:05:96:B1:56:01:26:4E:BF:80:80:08:86:1B:4D -# Fingerprint (SHA1): 6A:2C:5C:B0:94:D5:E0:B7:57:FB:0F:58:42:AA:C8:13:A5:80:2F:E1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\114\000\066\033\345\010\053\251\252\316\164\012\005\076 -\373\064 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)" -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:3e:0c:9e:87:69:aa:95:5c:ea:23:d8:45:9e:d4:5b:51 -# Subject: CN=Egypt Trust Class 3 Managed PKI Operational Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG -# Not Valid Before: Sun May 18 00:00:00 2008 -# Not Valid After : Thu May 17 23:59:59 2018 -# Fingerprint (MD5): D0:C3:71:17:3E:39:80:C6:50:4F:04:22:DF:40:E1:34 -# Fingerprint (SHA1): 9C:65:5E:D5:FA:E3:B8:96:4D:89:72:F6:3A:63:53:59:3F:5E:B4:4E -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\076\014\236\207\151\252\225\134\352\043\330\105\236\324 -\133\121 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)" -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:12:bd:26:a2:ae:33:c0:7f:24:7b:6a:58:69:f2:0a:76 -# Subject: CN=Egypt Trust Class 3 Managed PKI SCO Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG -# Not Valid Before: Sun May 18 00:00:00 2008 -# Not Valid After : Thu May 17 23:59:59 2018 -# Fingerprint (MD5): C2:13:5E:B2:67:8A:5C:F7:91:EF:8F:29:0F:9B:77:6E -# Fingerprint (SHA1): 83:23:F1:4F:BC:9F:9B:80:B7:9D:ED:14:CD:01:57:CD:FB:08:95:D2 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\022\275\046\242\256\063\300\177\044\173\152\130\151\362 -\012\166 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Entrust.net Premium 2048 Secure Server CA" # @@ -1250,305 +971,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "AddTrust Low-Value Services Root" -# -# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE -# Serial Number: 1 (0x1) -# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE -# Not Valid Before: Tue May 30 10:38:31 2000 -# Not Valid After : Sat May 30 10:38:31 2020 -# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC -# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AddTrust Low-Value Services Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024 -\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164 -\167\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101 -\144\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040 -\103\101\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024 -\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164 -\167\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101 -\144\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040 -\103\101\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\030\060\202\003\000\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024 -\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163 -\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024\101 -\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164\167 -\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101\144 -\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040\103 -\101\040\122\157\157\164\060\036\027\015\060\060\060\065\063\060 -\061\060\063\070\063\061\132\027\015\062\060\060\065\063\060\061 -\060\063\070\063\061\132\060\145\061\013\060\011\006\003\125\004 -\006\023\002\123\105\061\024\060\022\006\003\125\004\012\023\013 -\101\144\144\124\162\165\163\164\040\101\102\061\035\060\033\006 -\003\125\004\013\023\024\101\144\144\124\162\165\163\164\040\124 -\124\120\040\116\145\164\167\157\162\153\061\041\060\037\006\003 -\125\004\003\023\030\101\144\144\124\162\165\163\164\040\103\154 -\141\163\163\040\061\040\103\101\040\122\157\157\164\060\202\001 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\226\226 -\324\041\111\140\342\153\350\101\007\014\336\304\340\334\023\043 -\315\301\065\307\373\326\116\021\012\147\136\365\006\133\153\245 -\010\073\133\051\026\072\347\207\262\064\006\305\274\005\245\003 -\174\202\313\051\020\256\341\210\201\275\326\236\323\376\055\126 -\301\025\316\343\046\235\025\056\020\373\006\217\060\004\336\247 -\264\143\264\377\261\234\256\074\257\167\266\126\305\265\253\242 -\351\151\072\075\016\063\171\062\077\160\202\222\231\141\155\215 -\060\010\217\161\077\246\110\127\031\370\045\334\113\146\134\245 -\164\217\230\256\310\371\300\006\042\347\254\163\337\245\056\373 -\122\334\261\025\145\040\372\065\146\151\336\337\054\361\156\274 -\060\333\054\044\022\333\353\065\065\150\220\313\000\260\227\041 -\075\164\041\043\145\064\053\273\170\131\243\326\341\166\071\232 -\244\111\216\214\164\257\156\244\232\243\331\233\322\070\134\233 -\242\030\314\165\043\204\276\353\342\115\063\161\216\032\360\302 -\370\307\035\242\255\003\227\054\370\317\045\306\366\270\044\061 -\261\143\135\222\177\143\360\045\311\123\056\037\277\115\002\003 -\001\000\001\243\201\322\060\201\317\060\035\006\003\125\035\016 -\004\026\004\024\225\261\264\360\224\266\275\307\332\321\021\011 -\041\276\301\257\111\375\020\173\060\013\006\003\125\035\017\004 -\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\201\217\006\003\125\035\043\004\201 -\207\060\201\204\200\024\225\261\264\360\224\266\275\307\332\321 -\021\011\041\276\301\257\111\375\020\173\241\151\244\147\060\145 -\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024\060 -\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163\164 -\040\101\102\061\035\060\033\006\003\125\004\013\023\024\101\144 -\144\124\162\165\163\164\040\124\124\120\040\116\145\164\167\157 -\162\153\061\041\060\037\006\003\125\004\003\023\030\101\144\144 -\124\162\165\163\164\040\103\154\141\163\163\040\061\040\103\101 -\040\122\157\157\164\202\001\001\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\003\202\001\001\000\054\155\144\033 -\037\315\015\335\271\001\372\226\143\064\062\110\107\231\256\227 -\355\375\162\026\246\163\107\132\364\353\335\351\365\326\373\105 -\314\051\211\104\135\277\106\071\075\350\356\274\115\124\206\036 -\035\154\343\027\047\103\341\211\126\053\251\157\162\116\111\063 -\343\162\174\052\043\232\274\076\377\050\052\355\243\377\034\043 -\272\103\127\011\147\115\113\142\006\055\370\377\154\235\140\036 -\330\034\113\175\265\061\057\331\320\174\135\370\336\153\203\030 -\170\067\127\057\350\063\007\147\337\036\307\153\052\225\166\256 -\217\127\243\360\364\122\264\251\123\010\317\340\117\323\172\123 -\213\375\273\034\126\066\362\376\262\266\345\166\273\325\042\145 -\247\077\376\321\146\255\013\274\153\231\206\357\077\175\363\030 -\062\312\173\306\343\253\144\106\225\370\046\151\331\125\203\173 -\054\226\007\377\131\054\104\243\306\345\351\251\334\241\143\200 -\132\041\136\041\317\123\124\360\272\157\211\333\250\252\225\317 -\213\343\161\314\036\033\040\104\010\300\172\266\100\375\304\344 -\065\341\035\026\034\320\274\053\216\326\161\331 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "AddTrust Low-Value Services Root" -# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE -# Serial Number: 1 (0x1) -# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE -# Not Valid Before: Tue May 30 10:38:31 2000 -# Not Valid After : Sat May 30 10:38:31 2020 -# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC -# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AddTrust Low-Value Services Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\314\253\016\240\114\043\001\326\151\173\335\067\237\315\022\353 -\044\343\224\235 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\036\102\225\002\063\222\153\271\137\300\177\332\326\262\113\374 -END -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024 -\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164 -\167\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101 -\144\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040 -\103\101\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "AddTrust External Root" -# -# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE -# Serial Number: 1 (0x1) -# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE -# Not Valid Before: Tue May 30 10:48:38 2000 -# Not Valid After : Sat May 30 10:48:38 2020 -# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F -# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AddTrust External Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035 -\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141 -\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060 -\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164 -\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157 -\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035 -\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141 -\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060 -\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164 -\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157 -\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\066\060\202\003\036\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024 -\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163 -\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035\101 -\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141\154 -\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060\040 -\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164\040 -\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157\164 -\060\036\027\015\060\060\060\065\063\060\061\060\064\070\063\070 -\132\027\015\062\060\060\065\063\060\061\060\064\070\063\070\132 -\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035 -\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141 -\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060 -\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164 -\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157 -\164\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001 -\001\000\267\367\032\063\346\362\000\004\055\071\340\116\133\355 -\037\274\154\017\315\265\372\043\266\316\336\233\021\063\227\244 -\051\114\175\223\237\275\112\274\223\355\003\032\343\217\317\345 -\155\120\132\326\227\051\224\132\200\260\111\172\333\056\225\375 -\270\312\277\067\070\055\036\076\221\101\255\160\126\307\360\117 -\077\350\062\236\164\312\310\220\124\351\306\137\017\170\235\232 -\100\074\016\254\141\252\136\024\217\236\207\241\152\120\334\327 -\232\116\257\005\263\246\161\224\234\161\263\120\140\012\307\023 -\235\070\007\206\002\250\351\250\151\046\030\220\253\114\260\117 -\043\253\072\117\204\330\337\316\237\341\151\157\273\327\102\327 -\153\104\344\307\255\356\155\101\137\162\132\161\010\067\263\171 -\145\244\131\240\224\067\367\000\057\015\302\222\162\332\320\070 -\162\333\024\250\105\304\135\052\175\267\264\326\304\356\254\315 -\023\104\267\311\053\335\103\000\045\372\141\271\151\152\130\043 -\021\267\247\063\217\126\165\131\365\315\051\327\106\267\012\053 -\145\266\323\102\157\025\262\270\173\373\357\351\135\123\325\064 -\132\047\002\003\001\000\001\243\201\334\060\201\331\060\035\006 -\003\125\035\016\004\026\004\024\255\275\230\172\064\264\046\367 -\372\304\046\124\357\003\275\340\044\313\124\032\060\013\006\003 -\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\201\231\006\003\125 -\035\043\004\201\221\060\201\216\200\024\255\275\230\172\064\264 -\046\367\372\304\046\124\357\003\275\340\044\313\124\032\241\163 -\244\161\060\157\061\013\060\011\006\003\125\004\006\023\002\123 -\105\061\024\060\022\006\003\125\004\012\023\013\101\144\144\124 -\162\165\163\164\040\101\102\061\046\060\044\006\003\125\004\013 -\023\035\101\144\144\124\162\165\163\164\040\105\170\164\145\162 -\156\141\154\040\124\124\120\040\116\145\164\167\157\162\153\061 -\042\060\040\006\003\125\004\003\023\031\101\144\144\124\162\165 -\163\164\040\105\170\164\145\162\156\141\154\040\103\101\040\122 -\157\157\164\202\001\001\060\015\006\011\052\206\110\206\367\015 -\001\001\005\005\000\003\202\001\001\000\260\233\340\205\045\302 -\326\043\342\017\226\006\222\235\101\230\234\331\204\171\201\331 -\036\133\024\007\043\066\145\217\260\330\167\273\254\101\154\107 -\140\203\121\260\371\062\075\347\374\366\046\023\307\200\026\245 -\277\132\374\207\317\170\171\211\041\232\342\114\007\012\206\065 -\274\362\336\121\304\322\226\267\334\176\116\356\160\375\034\071 -\353\014\002\121\024\055\216\275\026\340\301\337\106\165\347\044 -\255\354\364\102\264\205\223\160\020\147\272\235\006\065\112\030 -\323\053\172\314\121\102\241\172\143\321\346\273\241\305\053\302 -\066\276\023\015\346\275\143\176\171\173\247\011\015\100\253\152 -\335\217\212\303\366\366\214\032\102\005\121\324\105\365\237\247 -\142\041\150\025\040\103\074\231\347\174\275\044\330\251\221\027 -\163\210\077\126\033\061\070\030\264\161\017\232\315\310\016\236 -\216\056\033\341\214\230\203\313\037\061\361\104\114\306\004\163 -\111\166\140\017\307\370\275\027\200\153\056\351\314\114\016\132 -\232\171\017\040\012\056\325\236\143\046\036\125\222\224\330\202 -\027\132\173\320\274\307\217\116\206\004 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "AddTrust External Root" -# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE -# Serial Number: 1 (0x1) -# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE -# Not Valid Before: Tue May 30 10:48:38 2000 -# Not Valid After : Sat May 30 10:48:38 2020 -# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F -# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AddTrust External Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\002\372\363\342\221\103\124\150\140\170\127\151\115\365\344\133 -\150\205\030\150 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\035\065\124\004\205\170\260\077\102\102\115\277\040\163\012\077 -END -CKA_ISSUER MULTILINE_OCTAL -\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035 -\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141 -\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060 -\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164 -\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157 -\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Entrust Root Certification Authority" # @@ -1810,7 +1232,10 @@ CKA_VALUE MULTILINE_OCTAL \302\005\146\200\241\313\346\063 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Wed Jan 01 00:00:00 2020 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\060\060\061\060\061\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Global CA" @@ -1844,7 +1269,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\003\002\064\126 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -1972,7 +1397,10 @@ CKA_VALUE MULTILINE_OCTAL \244\346\216\330\371\051\110\212\316\163\376\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Sun Sep 30 00:00:00 2018 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\070\060\071\063\060\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Universal CA" @@ -2006,7 +1434,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\001\001 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -2134,7 +1562,10 @@ CKA_VALUE MULTILINE_OCTAL \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Wed Jan 01 00:00:00 2020 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\060\060\061\060\061\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Universal CA 2" @@ -2168,7 +1599,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\001\001 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -4131,7 +3562,10 @@ CKA_VALUE MULTILINE_OCTAL \245\206\054\174\364\022 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Thu Sep 19 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\071\061\071\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Taiwan GRCA" @@ -4166,7 +3600,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \136\366 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -5329,7 +4763,10 @@ CKA_VALUE MULTILINE_OCTAL \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority" @@ -5486,7 +4923,10 @@ CKA_VALUE MULTILINE_OCTAL \215\126\214\150 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA" @@ -5663,7 +5103,10 @@ CKA_VALUE MULTILINE_OCTAL \254\021\326\250\355\143\152 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" @@ -5706,7 +5149,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \073\112 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -7240,7 +6683,10 @@ CKA_VALUE MULTILINE_OCTAL \021\055 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority - G3" @@ -7280,7 +6726,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \017\037 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -7371,7 +6817,10 @@ CKA_VALUE MULTILINE_OCTAL \367\130\077\056\162\002\127\243\217\241\024\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Sun Sep 30 00:00:00 2018 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\070\060\071\063\060\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA - G2" @@ -7533,7 +6982,10 @@ CKA_VALUE MULTILINE_OCTAL \061\324\100\032\142\064\066\077\065\001\256\254\143\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA - G3" @@ -7671,7 +7123,10 @@ CKA_VALUE MULTILINE_OCTAL \017\212 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Wed Jan 01 00:00:00 2020 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\060\060\061\060\061\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority - G2" @@ -7711,7 +7166,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \303\153 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -7843,7 +7298,10 @@ CKA_VALUE MULTILINE_OCTAL \354\315\202\141\361\070\346\117\227\230\052\132\215 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Universal Root Certification Authority" @@ -8000,7 +7458,10 @@ CKA_VALUE MULTILINE_OCTAL \055\247\330\206\052\335\056\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Thu Jan 31 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\061\063\061\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" @@ -8043,7 +7504,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \254\263 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -8206,177 +7667,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Staat der Nederlanden Root CA - G2" -# -# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Serial Number: 10000012 (0x98968c) -# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Not Valid Before: Wed Mar 26 11:18:17 2008 -# Not Valid After : Wed Mar 25 11:03:10 2020 -# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A -# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\214 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\312\060\202\003\262\240\003\002\001\002\002\004\000 -\230\226\214\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116 -\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\061\053\060\051\006\003\125\004\003\014\042\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\040\122\157\157\164\040\103\101\040\055\040\107\062\060\036 -\027\015\060\070\060\063\062\066\061\061\061\070\061\067\132\027 -\015\062\060\060\063\062\065\061\061\060\063\061\060\132\060\132 -\061\013\060\011\006\003\125\004\006\023\002\116\114\061\036\060 -\034\006\003\125\004\012\014\025\123\164\141\141\164\040\144\145 -\162\040\116\145\144\145\162\154\141\156\144\145\156\061\053\060 -\051\006\003\125\004\003\014\042\123\164\141\141\164\040\144\145 -\162\040\116\145\144\145\162\154\141\156\144\145\156\040\122\157 -\157\164\040\103\101\040\055\040\107\062\060\202\002\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 -\017\000\060\202\002\012\002\202\002\001\000\305\131\347\157\165 -\252\076\113\234\265\270\254\236\013\344\371\331\312\253\135\217 -\265\071\020\202\327\257\121\340\073\341\000\110\152\317\332\341 -\006\103\021\231\252\024\045\022\255\042\350\000\155\103\304\251 -\270\345\037\211\113\147\275\141\110\357\375\322\340\140\210\345 -\271\030\140\050\303\167\053\255\260\067\252\067\336\144\131\052 -\106\127\344\113\271\370\067\174\325\066\347\200\301\266\363\324 -\147\233\226\350\316\327\306\012\123\320\153\111\226\363\243\013 -\005\167\110\367\045\345\160\254\060\024\040\045\343\177\165\132 -\345\110\370\116\173\003\007\004\372\202\141\207\156\360\073\304 -\244\307\320\365\164\076\245\135\032\010\362\233\045\322\366\254 -\004\046\076\125\072\142\050\245\173\262\060\257\370\067\302\321 -\272\326\070\375\364\357\111\060\067\231\046\041\110\205\001\251 -\345\026\347\334\220\125\337\017\350\070\315\231\067\041\117\135 -\365\042\157\152\305\022\026\140\027\125\362\145\146\246\247\060 -\221\070\301\070\035\206\004\204\272\032\045\170\136\235\257\314 -\120\140\326\023\207\122\355\143\037\155\145\175\302\025\030\164 -\312\341\176\144\051\214\162\330\026\023\175\013\111\112\361\050 -\033\040\164\153\305\075\335\260\252\110\011\075\056\202\224\315 -\032\145\331\053\210\232\231\274\030\176\237\356\175\146\174\076 -\275\224\270\201\316\315\230\060\170\301\157\147\320\276\137\340 -\150\355\336\342\261\311\054\131\170\222\252\337\053\140\143\362 -\345\136\271\343\312\372\177\120\206\076\242\064\030\014\011\150 -\050\021\034\344\341\271\134\076\107\272\062\077\030\314\133\204 -\365\363\153\164\304\162\164\341\343\213\240\112\275\215\146\057 -\352\255\065\332\040\323\210\202\141\360\022\042\266\274\320\325 -\244\354\257\124\210\045\044\074\247\155\261\162\051\077\076\127 -\246\177\125\257\156\046\306\376\347\314\100\134\121\104\201\012 -\170\336\112\316\125\277\035\325\331\267\126\357\360\166\377\013 -\171\265\257\275\373\251\151\221\106\227\150\200\024\066\035\263 -\177\273\051\230\066\245\040\372\202\140\142\063\244\354\326\272 -\007\247\156\305\317\024\246\347\326\222\064\330\201\365\374\035 -\135\252\134\036\366\243\115\073\270\367\071\002\003\001\000\001 -\243\201\227\060\201\224\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\122\006\003\125\035\040\004\113 -\060\111\060\107\006\004\125\035\040\000\060\077\060\075\006\010 -\053\006\001\005\005\007\002\001\026\061\150\164\164\160\072\057 -\057\167\167\167\056\160\153\151\157\166\145\162\150\145\151\144 -\056\156\154\057\160\157\154\151\143\151\145\163\057\162\157\157 -\164\055\160\157\154\151\143\171\055\107\062\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\221\150\062\207\025\035\211\342\265\361 -\254\066\050\064\215\013\174\142\210\353\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\003\202\002\001\000\250\101 -\112\147\052\222\201\202\120\156\341\327\330\263\071\073\363\002 -\025\011\120\121\357\055\275\044\173\210\206\073\371\264\274\222 -\011\226\271\366\300\253\043\140\006\171\214\021\116\121\322\171 -\200\063\373\235\110\276\354\101\103\201\037\176\107\100\034\345 -\172\010\312\252\213\165\255\024\304\302\350\146\074\202\007\247 -\346\047\202\133\030\346\017\156\331\120\076\212\102\030\051\306 -\264\126\374\126\020\240\005\027\275\014\043\177\364\223\355\234 -\032\121\276\335\105\101\277\221\044\264\037\214\351\137\317\173 -\041\231\237\225\237\071\072\106\034\154\371\315\173\234\220\315 -\050\251\307\251\125\273\254\142\064\142\065\023\113\024\072\125 -\203\271\206\215\222\246\306\364\007\045\124\314\026\127\022\112 -\202\170\310\024\331\027\202\046\055\135\040\037\171\256\376\324 -\160\026\026\225\203\330\065\071\377\122\135\165\034\026\305\023 -\125\317\107\314\165\145\122\112\336\360\260\247\344\012\226\013 -\373\255\302\342\045\204\262\335\344\275\176\131\154\233\360\360 -\330\347\312\362\351\227\070\176\211\276\314\373\071\027\141\077 -\162\333\072\221\330\145\001\031\035\255\120\244\127\012\174\113 -\274\234\161\163\052\105\121\031\205\314\216\375\107\247\164\225 -\035\250\321\257\116\027\261\151\046\302\252\170\127\133\305\115 -\247\345\236\005\027\224\312\262\137\240\111\030\215\064\351\046 -\154\110\036\252\150\222\005\341\202\163\132\233\334\007\133\010 -\155\175\235\327\215\041\331\374\024\040\252\302\105\337\077\347 -\000\262\121\344\302\370\005\271\171\032\214\064\363\236\133\344 -\067\133\153\112\337\054\127\212\100\132\066\272\335\165\104\010 -\067\102\160\014\376\334\136\041\240\243\212\300\220\234\150\332 -\120\346\105\020\107\170\266\116\322\145\311\303\067\337\341\102 -\143\260\127\067\105\055\173\212\234\277\005\352\145\125\063\367 -\071\020\305\050\052\041\172\033\212\304\044\371\077\025\310\232 -\025\040\365\125\142\226\355\155\223\120\274\344\252\170\255\331 -\313\012\145\207\246\146\301\304\201\243\167\072\130\036\013\356 -\203\213\235\036\322\122\244\314\035\157\260\230\155\224\061\265 -\370\161\012\334\271\374\175\062\140\346\353\257\212\001 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Staat der Nederlanden Root CA - G2" -# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Serial Number: 10000012 (0x98968c) -# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Not Valid Before: Wed Mar 26 11:18:17 2008 -# Not Valid After : Wed Mar 25 11:03:10 2020 -# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A -# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\131\257\202\171\221\206\307\264\165\007\313\317\003\127\106\353 -\004\335\267\026 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\174\245\017\370\133\232\175\155\060\256\124\132\343\102\242\212 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\214 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Hongkong Post Root CA 1" # @@ -11580,7 +10870,10 @@ CKA_VALUE MULTILINE_OCTAL \371\210\075\176\270\157\156\003\344\102 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Sat Dec 28 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\061\062\062\070\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "EC-ACC" @@ -12734,7 +12027,10 @@ CKA_VALUE MULTILINE_OCTAL \307\314\165\301\226\305\235 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Fri Sep 01 00:00:00 2017 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\067\060\071\060\061\060\060\060\060\060\060\132 +END CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "EE Certification Centre Root CA" @@ -18962,176 +18258,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "LuxTrust Global Root 2" -# -# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU -# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 -# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU -# Not Valid Before: Thu Mar 05 13:21:57 2015 -# Not Valid After : Mon Mar 05 13:21:57 2035 -# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 -# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "LuxTrust Global Root 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 -\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 -\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 -\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 -\154\040\122\157\157\164\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 -\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 -\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 -\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 -\154\040\122\157\157\164\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270 -\025\323\026\177\273\261 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\303\060\202\003\253\240\003\002\001\002\002\024\012 -\176\246\337\113\104\236\332\152\044\205\236\346\270\025\323\026 -\177\273\261\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\106\061\013\060\011\006\003\125\004\006\023\002\114 -\125\061\026\060\024\006\003\125\004\012\014\015\114\165\170\124 -\162\165\163\164\040\123\056\101\056\061\037\060\035\006\003\125 -\004\003\014\026\114\165\170\124\162\165\163\164\040\107\154\157 -\142\141\154\040\122\157\157\164\040\062\060\036\027\015\061\065 -\060\063\060\065\061\063\062\061\065\067\132\027\015\063\065\060 -\063\060\065\061\063\062\061\065\067\132\060\106\061\013\060\011 -\006\003\125\004\006\023\002\114\125\061\026\060\024\006\003\125 -\004\012\014\015\114\165\170\124\162\165\163\164\040\123\056\101 -\056\061\037\060\035\006\003\125\004\003\014\026\114\165\170\124 -\162\165\163\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 -\002\001\000\327\205\227\277\021\230\351\360\142\203\114\074\207 -\371\123\152\067\013\362\017\074\207\316\157\334\046\051\275\305 -\211\272\311\203\075\367\356\312\133\306\155\111\163\264\311\106 -\243\033\064\023\077\301\211\105\127\364\331\261\373\066\145\113 -\373\010\342\110\161\021\310\156\073\236\235\337\211\145\067\246 -\205\366\073\104\030\266\306\067\060\142\104\222\227\151\175\102 -\060\044\344\015\014\211\153\143\336\305\341\337\116\251\024\154 -\123\340\141\316\366\027\057\035\074\275\346\042\114\035\223\365 -\020\304\241\166\354\152\336\305\154\337\226\264\126\100\102\300 -\142\222\060\241\055\025\224\240\322\040\006\011\156\152\155\345 -\353\267\276\324\360\361\025\174\213\346\116\272\023\314\113\047 -\136\231\074\027\135\217\201\177\063\075\117\323\077\033\354\134 -\077\360\074\114\165\156\362\246\325\235\332\055\007\143\002\306 -\162\351\224\274\114\111\225\117\210\122\310\333\350\151\202\370 -\314\064\133\042\360\206\247\211\275\110\012\155\146\201\155\310 -\310\144\373\001\341\364\341\336\331\236\335\333\133\324\052\231 -\046\025\033\036\114\222\051\202\236\325\222\201\222\101\160\031 -\367\244\345\223\113\274\167\147\061\335\034\375\061\160\015\027 -\231\014\371\014\071\031\052\027\265\060\161\125\325\017\256\130 -\341\075\057\064\233\317\237\366\170\205\302\223\172\162\076\146 -\217\234\026\021\140\217\236\211\157\147\276\340\107\132\073\014 -\232\147\213\317\106\306\256\070\243\362\247\274\346\326\205\153 -\063\044\160\042\113\313\010\233\273\310\370\002\051\035\276\040 -\014\106\277\153\207\233\263\052\146\102\065\106\154\252\272\255 -\371\230\173\351\120\125\024\061\277\261\332\055\355\200\255\150 -\044\373\151\253\330\161\023\060\346\147\263\207\100\375\211\176 -\362\103\321\021\337\057\145\057\144\316\137\024\271\261\277\061 -\275\207\170\132\131\145\210\252\374\131\062\110\206\326\114\271 -\051\113\225\323\166\363\167\045\155\102\034\070\203\115\375\243 -\137\233\177\055\254\171\033\016\102\061\227\143\244\373\212\151 -\325\042\015\064\220\060\056\250\264\340\155\266\224\254\274\213 -\116\327\160\374\305\070\216\144\045\341\115\071\220\316\311\207 -\204\130\161\002\003\001\000\001\243\201\250\060\201\245\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\102\006\003\125\035\040\004\073\060\071\060\067\006\007\053\201 -\053\001\001\001\012\060\054\060\052\006\010\053\006\001\005\005 -\007\002\001\026\036\150\164\164\160\163\072\057\057\162\145\160 -\157\163\151\164\157\162\171\056\154\165\170\164\162\165\163\164 -\056\154\165\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\037\006\003\125\035\043\004\030\060\026\200\024 -\377\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123 -\370\113\174\263\060\035\006\003\125\035\016\004\026\004\024\377 -\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123\370 -\113\174\263\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\002\001\000\152\031\024\355\156\171\301\054\207 -\324\015\160\176\327\366\170\311\013\004\116\304\261\316\223\160 -\376\260\124\300\062\315\231\060\144\027\277\017\345\342\063\375 -\007\066\100\162\016\032\266\152\131\326\000\345\150\040\335\056 -\162\015\037\152\144\061\040\204\175\111\246\132\067\353\105\311 -\205\365\324\307\027\231\007\346\233\125\344\014\350\251\264\316 -\214\133\265\021\134\317\212\016\015\326\254\167\201\376\062\234 -\044\236\162\316\124\363\320\157\242\126\326\354\303\067\054\145 -\130\276\127\000\032\362\065\372\353\173\061\135\302\301\022\075 -\226\201\210\226\211\301\131\134\172\346\177\160\064\347\203\342 -\261\341\341\270\130\357\324\225\344\140\234\360\226\227\162\214 -\353\204\002\056\145\217\244\267\322\177\147\335\310\323\236\134 -\252\251\244\240\045\024\006\233\354\117\176\055\013\177\035\165 -\361\063\330\355\316\270\165\155\076\133\271\230\035\061\015\126 -\330\103\017\060\221\262\004\153\335\126\276\225\200\125\147\276 -\330\315\203\331\030\356\056\017\206\055\222\236\160\023\354\336 -\121\311\103\170\002\245\115\310\371\137\304\221\130\106\026\167 -\132\164\252\100\274\007\237\060\271\261\367\022\027\335\343\377 -\044\100\035\172\152\321\117\030\012\252\220\035\353\100\036\337 -\241\036\104\222\020\232\362\215\341\321\113\106\236\350\105\102 -\227\352\105\231\363\354\146\325\002\372\362\246\112\044\252\336 -\316\271\312\371\077\223\157\371\243\272\352\245\076\231\255\375 -\377\173\231\365\145\356\360\131\050\147\327\220\225\244\023\204 -\251\204\301\350\316\316\165\223\143\032\274\074\352\325\144\037 -\055\052\022\071\306\303\132\062\355\107\221\026\016\274\070\301 -\120\336\217\312\052\220\064\034\356\101\224\234\136\031\056\370 -\105\111\231\164\221\260\004\157\343\004\132\261\253\052\253\376 -\307\320\226\266\332\341\112\144\006\156\140\115\275\102\116\377 -\170\332\044\312\033\264\327\226\071\154\256\361\016\252\247\175 -\110\213\040\114\317\144\326\270\227\106\260\116\321\052\126\072 -\240\223\275\257\200\044\340\012\176\347\312\325\312\350\205\125 -\334\066\052\341\224\150\223\307\146\162\104\017\200\041\062\154 -\045\307\043\200\203\012\353 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "LuxTrust Global Root 2" -# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU -# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 -# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU -# Not Valid Before: Thu Mar 05 13:21:57 2015 -# Not Valid After : Mon Mar 05 13:21:57 2035 -# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 -# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "LuxTrust Global Root 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\036\016\126\031\012\321\213\045\230\262\004\104\377\146\212\004 -\027\231\137\077 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\262\341\011\000\141\257\367\361\221\157\304\255\215\136\073\174 -END -CKA_ISSUER MULTILINE_OCTAL -\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061 -\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165 -\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003 -\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141 -\154\040\122\157\157\164\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270 -\025\323\026\177\273\261 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Symantec Class 1 Public Primary Certification Authority - G6" # @@ -19444,276 +18570,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Symantec Class 1 Public Primary Certification Authority - G4" -# -# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 -# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Wed Oct 05 00:00:00 2011 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF -# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074 -\304\330 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\041 -\156\063\245\313\323\210\244\157\051\007\264\047\074\304\330\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006 -\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103 -\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003 -\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162 -\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006 -\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103 -\154\141\163\163\040\061\040\120\165\142\154\151\143\040\120\162 -\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040 -\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 -\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155 -\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157 -\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141 -\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157 -\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155 -\141\156\164\145\143\040\103\154\141\163\163\040\061\040\120\165 -\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\327\146\265\033\333\256\263\140\356\106\352\210\143\165\073 -\052\224\155\363\137\022\366\343\017\236\266\012\024\123\110\122 -\310\334\072\263\313\110\040\046\022\116\372\211\204\324\337\221 -\344\051\175\050\001\331\333\030\103\151\241\037\265\323\206\026 -\334\307\177\147\043\337\337\061\061\203\003\065\160\261\113\267 -\310\027\273\121\313\334\224\027\333\352\011\073\166\022\336\252 -\265\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 -\024\145\300\215\045\365\014\272\227\167\220\077\236\056\340\132 -\365\316\325\341\344\060\012\006\010\052\206\110\316\075\004\003 -\003\003\151\000\060\146\002\061\000\245\256\343\106\123\370\230 -\066\343\042\372\056\050\111\015\356\060\176\063\363\354\077\161 -\136\314\125\211\170\231\254\262\375\334\034\134\063\216\051\271 -\153\027\310\021\150\265\334\203\007\002\061\000\234\310\104\332 -\151\302\066\303\124\031\020\205\002\332\235\107\357\101\347\154 -\046\235\011\075\367\155\220\321\005\104\057\260\274\203\223\150 -\362\014\105\111\071\277\231\004\034\323\020\240 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Symantec Class 1 Public Primary Certification Authority - G4" -# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 -# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Wed Oct 05 00:00:00 2011 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF -# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\204\362\343\335\203\023\076\251\035\031\122\177\002\327\051\277 -\301\137\346\147 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\004\345\200\077\125\377\131\207\244\062\322\025\245\345\252\346 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074 -\304\330 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Symantec Class 2 Public Primary Certification Authority - G4" -# -# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e -# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Wed Oct 05 00:00:00 2011 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 -# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125 -\246\036 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\064 -\027\145\022\100\073\267\126\200\055\200\313\171\125\246\036\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006 -\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103 -\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003 -\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162 -\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006 -\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103 -\154\141\163\163\040\062\040\120\165\142\154\151\143\040\120\162 -\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040 -\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 -\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155 -\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157 -\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141 -\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157 -\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155 -\141\156\164\145\143\040\103\154\141\163\163\040\062\040\120\165 -\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\321\331\112\216\114\015\204\112\121\272\174\357\323\314\372 -\072\232\265\247\143\023\075\001\340\111\076\372\301\107\311\222 -\263\072\327\376\157\234\367\232\072\017\365\016\012\012\303\077 -\310\347\022\024\216\325\325\155\230\054\263\161\062\012\353\052 -\275\366\327\152\040\013\147\105\234\322\262\277\123\042\146\011 -\135\333\021\363\361\005\063\130\243\342\270\317\174\315\202\233 -\275\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 -\024\075\062\363\072\251\014\220\204\371\242\214\151\006\141\124 -\057\207\162\376\005\060\012\006\010\052\206\110\316\075\004\003 -\003\003\151\000\060\146\002\061\000\310\246\251\257\101\177\265 -\311\021\102\026\150\151\114\134\270\047\030\266\230\361\300\177 -\220\155\207\323\214\106\027\360\076\117\374\352\260\010\304\172 -\113\274\010\057\307\342\247\157\145\002\061\000\326\131\336\206 -\316\137\016\312\124\325\306\320\025\016\374\213\224\162\324\216 -\000\130\123\317\176\261\113\015\345\120\206\353\236\153\337\377 -\051\246\330\107\331\240\226\030\333\362\105\263 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Symantec Class 2 Public Primary Certification Authority - G4" -# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e -# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Wed Oct 05 00:00:00 2011 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 -# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\147\044\220\056\110\001\260\042\226\100\020\106\264\261\147\054 -\251\165\375\053 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\160\325\060\361\332\224\227\324\327\164\337\276\355\150\336\226 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125 -\246\036 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "D-TRUST Root CA 3 2013" # @@ -23545,3 +22401,579 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Microsoft ECC Root Certificate Authority 2017" +# +# Issuer: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US +# Serial Number:66:f2:3d:af:87:de:8b:b1:4a:ea:0c:57:31:01:c2:ec +# Subject: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US +# Not Valid Before: Wed Dec 18 23:06:45 2019 +# Not Valid After : Fri Jul 18 23:16:04 2042 +# Fingerprint (SHA-256): 35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02 +# Fingerprint (SHA1): 99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Microsoft ECC Root Certificate Authority 2017" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 +\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 +\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 +\157\146\164\040\105\103\103\040\122\157\157\164\040\103\145\162 +\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 +\164\171\040\062\060\061\067 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 +\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 +\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 +\157\146\164\040\105\103\103\040\122\157\157\164\040\103\145\162 +\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 +\164\171\040\062\060\061\067 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\146\362\075\257\207\336\213\261\112\352\014\127\061\001 +\302\354 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\131\060\202\001\337\240\003\002\001\002\002\020\146 +\362\075\257\207\336\213\261\112\352\014\127\061\001\302\354\060 +\012\006\010\052\206\110\316\075\004\003\003\060\145\061\013\060 +\011\006\003\125\004\006\023\002\125\123\061\036\060\034\006\003 +\125\004\012\023\025\115\151\143\162\157\163\157\146\164\040\103 +\157\162\160\157\162\141\164\151\157\156\061\066\060\064\006\003 +\125\004\003\023\055\115\151\143\162\157\163\157\146\164\040\105 +\103\103\040\122\157\157\164\040\103\145\162\164\151\146\151\143 +\141\164\145\040\101\165\164\150\157\162\151\164\171\040\062\060 +\061\067\060\036\027\015\061\071\061\062\061\070\062\063\060\066 +\064\065\132\027\015\064\062\060\067\061\070\062\063\061\066\060 +\064\132\060\145\061\013\060\011\006\003\125\004\006\023\002\125 +\123\061\036\060\034\006\003\125\004\012\023\025\115\151\143\162 +\157\163\157\146\164\040\103\157\162\160\157\162\141\164\151\157 +\156\061\066\060\064\006\003\125\004\003\023\055\115\151\143\162 +\157\163\157\146\164\040\105\103\103\040\122\157\157\164\040\103 +\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 +\162\151\164\171\040\062\060\061\067\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\324\274\075\002\102\165\101\023\043\315\200\004\206\002\121 +\057\152\250\201\142\013\145\314\366\312\235\036\157\112\146\121 +\242\003\331\235\221\372\266\026\261\214\156\336\174\315\333\171 +\246\057\316\273\316\161\057\345\245\253\050\354\143\004\146\231 +\370\372\362\223\020\005\341\201\050\102\343\306\150\364\346\033 +\204\140\112\211\257\355\171\017\073\316\361\366\104\365\001\170 +\300\243\124\060\122\060\016\006\003\125\035\017\001\001\377\004 +\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 +\024\310\313\231\162\160\122\014\370\346\276\262\004\127\051\052 +\317\102\020\355\065\060\020\006\011\053\006\001\004\001\202\067 +\025\001\004\003\002\001\000\060\012\006\010\052\206\110\316\075 +\004\003\003\003\150\000\060\145\002\060\130\362\115\352\014\371 +\137\136\356\140\051\313\072\362\333\326\062\204\031\077\174\325 +\057\302\261\314\223\256\120\273\011\062\306\306\355\176\311\066 +\224\022\344\150\205\006\242\033\320\057\002\061\000\231\351\026 +\264\016\372\126\110\324\244\060\026\221\170\333\124\214\145\001 +\212\347\120\146\302\061\267\071\272\270\032\042\007\116\374\153 +\124\026\040\377\053\265\347\114\014\115\246\117\163 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Microsoft ECC Root Certificate Authority 2017" +# Issuer: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US +# Serial Number:66:f2:3d:af:87:de:8b:b1:4a:ea:0c:57:31:01:c2:ec +# Subject: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US +# Not Valid Before: Wed Dec 18 23:06:45 2019 +# Not Valid After : Fri Jul 18 23:16:04 2042 +# Fingerprint (SHA-256): 35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02 +# Fingerprint (SHA1): 99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Microsoft ECC Root Certificate Authority 2017" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\231\232\144\303\177\364\175\237\253\225\361\107\151\211\024\140 +\356\304\303\305 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\335\241\003\346\112\223\020\321\277\360\031\102\313\376\355\147 +END +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 +\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 +\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 +\157\146\164\040\105\103\103\040\122\157\157\164\040\103\145\162 +\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 +\164\171\040\062\060\061\067 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\146\362\075\257\207\336\213\261\112\352\014\127\061\001 +\302\354 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Microsoft RSA Root Certificate Authority 2017" +# +# Issuer: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US +# Serial Number:1e:d3:97:09:5f:d8:b4:b3:47:70:1e:aa:be:7f:45:b3 +# Subject: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US +# Not Valid Before: Wed Dec 18 22:51:22 2019 +# Not Valid After : Fri Jul 18 23:00:23 2042 +# Fingerprint (SHA-256): C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0 +# Fingerprint (SHA1): 73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Microsoft RSA Root Certificate Authority 2017" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 +\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 +\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 +\157\146\164\040\122\123\101\040\122\157\157\164\040\103\145\162 +\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 +\164\171\040\062\060\061\067 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 +\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 +\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 +\157\146\164\040\122\123\101\040\122\157\157\164\040\103\145\162 +\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 +\164\171\040\062\060\061\067 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\036\323\227\011\137\330\264\263\107\160\036\252\276\177 +\105\263 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\250\060\202\003\220\240\003\002\001\002\002\020\036 +\323\227\011\137\330\264\263\107\160\036\252\276\177\105\263\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\145 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\036\060 +\034\006\003\125\004\012\023\025\115\151\143\162\157\163\157\146 +\164\040\103\157\162\160\157\162\141\164\151\157\156\061\066\060 +\064\006\003\125\004\003\023\055\115\151\143\162\157\163\157\146 +\164\040\122\123\101\040\122\157\157\164\040\103\145\162\164\151 +\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 +\040\062\060\061\067\060\036\027\015\061\071\061\062\061\070\062 +\062\065\061\062\062\132\027\015\064\062\060\067\061\070\062\063 +\060\060\062\063\132\060\145\061\013\060\011\006\003\125\004\006 +\023\002\125\123\061\036\060\034\006\003\125\004\012\023\025\115 +\151\143\162\157\163\157\146\164\040\103\157\162\160\157\162\141 +\164\151\157\156\061\066\060\064\006\003\125\004\003\023\055\115 +\151\143\162\157\163\157\146\164\040\122\123\101\040\122\157\157 +\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165 +\164\150\157\162\151\164\171\040\062\060\061\067\060\202\002\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\002\017\000\060\202\002\012\002\202\002\001\000\312\133\276 +\224\063\214\051\225\221\026\012\225\275\107\142\301\211\363\231 +\066\337\106\220\311\245\355\170\152\157\107\221\150\370\047\147 +\120\063\035\241\246\373\340\345\103\243\204\002\127\001\135\234 +\110\100\202\123\020\274\277\307\073\150\220\266\202\055\345\364 +\145\320\314\155\031\314\225\371\173\254\112\224\255\016\336\113 +\103\035\207\007\222\023\220\200\203\144\065\071\004\374\345\351 +\154\263\266\037\120\224\070\145\120\134\027\106\271\266\205\265 +\034\265\027\350\326\105\235\330\262\046\260\312\304\160\112\256 +\140\244\335\263\331\354\374\073\325\127\162\274\077\310\311\262 +\336\113\153\370\043\154\003\300\005\275\225\307\315\163\073\146 +\200\144\343\032\254\056\371\107\005\362\006\266\233\163\365\170 +\063\133\307\241\373\047\052\241\264\232\221\214\221\323\072\202 +\076\166\100\264\315\122\141\121\160\050\077\305\305\132\362\311 +\214\111\273\024\133\115\310\377\147\115\114\022\226\255\365\376 +\170\250\227\207\327\375\136\040\200\334\241\113\042\373\324\211 +\255\272\316\107\227\107\125\173\217\105\310\147\050\204\225\034 +\150\060\357\357\111\340\065\173\144\347\230\260\224\332\115\205 +\073\076\125\304\050\257\127\363\236\023\333\106\047\237\036\242 +\136\104\203\244\245\312\325\023\263\113\077\304\343\302\346\206 +\141\244\122\060\271\172\040\117\157\017\070\123\313\063\014\023 +\053\217\326\232\275\052\310\055\261\034\175\113\121\312\107\321 +\110\047\162\135\207\353\325\105\346\110\145\235\257\122\220\272 +\133\242\030\145\127\022\237\150\271\324\025\153\224\304\151\042 +\230\364\063\340\355\371\121\216\101\120\311\064\117\166\220\254 +\374\070\301\330\341\173\271\343\343\224\341\106\151\313\016\012 +\120\153\023\272\254\017\067\132\267\022\265\220\201\036\126\256 +\127\042\206\331\311\322\321\327\121\343\253\073\306\125\375\036 +\016\323\164\012\321\332\252\352\151\270\227\050\217\110\304\007 +\370\122\103\072\364\312\125\065\054\260\246\152\300\234\371\362 +\201\341\022\152\300\105\331\147\263\316\377\043\242\211\012\124 +\324\024\271\052\250\327\354\371\253\315\045\130\062\171\217\220 +\133\230\071\304\010\006\301\254\177\016\075\000\245\002\003\001 +\000\001\243\124\060\122\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 +\004\024\011\313\131\177\206\262\160\217\032\303\071\343\300\331 +\351\277\273\115\262\043\060\020\006\011\053\006\001\004\001\202 +\067\025\001\004\003\002\001\000\060\015\006\011\052\206\110\206 +\367\015\001\001\014\005\000\003\202\002\001\000\254\257\076\135 +\302\021\226\211\216\243\347\222\326\227\025\270\023\242\246\102 +\056\002\315\026\005\131\047\312\040\350\272\270\350\032\354\115 +\250\227\126\256\145\103\261\217\000\233\122\315\125\315\123\071 +\155\142\114\213\015\133\174\056\104\277\203\020\217\363\123\202 +\200\303\117\072\307\156\021\077\346\343\026\221\204\373\155\204 +\177\064\164\255\211\247\316\271\327\327\237\204\144\222\276\225 +\241\255\011\123\063\335\356\012\352\112\121\216\157\125\253\272 +\265\224\106\256\214\177\330\242\120\045\145\140\200\106\333\063 +\004\256\154\265\230\164\124\045\334\223\344\370\343\125\025\075 +\270\155\303\012\244\022\301\151\205\156\337\144\361\123\231\341 +\112\165\040\235\225\017\344\326\334\003\361\131\030\350\107\211 +\262\127\132\224\266\251\330\027\053\027\111\345\166\313\301\126 +\231\072\067\261\377\151\054\221\221\223\341\337\114\243\067\166 +\115\241\237\370\155\036\035\323\372\354\373\364\105\035\023\155 +\317\367\131\345\042\047\162\053\206\363\127\273\060\355\044\115 +\334\175\126\273\243\263\370\064\171\211\301\340\362\002\141\367 +\246\374\017\273\034\027\013\256\101\331\174\275\047\243\375\056 +\072\321\223\224\261\163\035\044\213\257\133\040\211\255\267\147 +\146\171\365\072\306\246\226\063\376\123\222\310\106\261\021\221 +\306\231\177\217\311\326\146\061\040\101\020\207\055\014\326\301 +\257\064\230\312\144\203\373\023\127\321\301\360\074\172\214\245 +\301\375\225\041\240\161\301\223\147\161\022\352\217\210\012\151 +\031\144\231\043\126\373\254\052\056\160\276\146\304\014\204\357 +\345\213\363\223\001\370\152\220\223\147\113\262\150\243\265\142 +\217\351\077\214\172\073\136\017\347\214\270\306\174\357\067\375 +\164\342\310\117\063\162\341\224\071\155\275\022\257\276\014\116 +\160\174\033\157\215\263\062\223\163\104\026\155\350\364\367\340 +\225\200\217\226\135\070\244\364\253\336\012\060\207\223\330\115 +\000\161\142\105\047\113\072\102\204\133\177\145\267\147\064\122 +\055\234\026\153\252\250\330\173\243\102\114\161\307\014\312\076 +\203\344\246\357\267\001\060\136\121\243\171\365\160\151\246\101 +\104\017\206\260\054\221\306\075\352\256\017\204 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Microsoft RSA Root Certificate Authority 2017" +# Issuer: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US +# Serial Number:1e:d3:97:09:5f:d8:b4:b3:47:70:1e:aa:be:7f:45:b3 +# Subject: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US +# Not Valid Before: Wed Dec 18 22:51:22 2019 +# Not Valid After : Fri Jul 18 23:00:23 2042 +# Fingerprint (SHA-256): C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0 +# Fingerprint (SHA1): 73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Microsoft RSA Root Certificate Authority 2017" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\163\245\346\112\073\377\203\026\377\016\334\314\141\212\220\156 +\116\256\115\164 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\020\377\000\377\317\311\370\307\172\300\356\065\216\311\017\107 +END +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 +\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 +\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 +\157\146\164\040\122\123\101\040\122\157\157\164\040\103\145\162 +\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 +\164\171\040\062\060\061\067 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\036\323\227\011\137\330\264\263\107\160\036\252\276\177 +\105\263 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "e-Szigno Root CA 2017" +# +# Issuer: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU +# Serial Number:01:54:48:ef:21:fd:97:59:0d:f5:04:0a +# Subject: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU +# Not Valid Before: Tue Aug 22 12:07:06 2017 +# Not Valid After : Fri Aug 22 12:07:06 2042 +# Fingerprint (SHA-256): BE:B0:0B:30:83:9B:9B:C3:2C:32:E4:44:79:05:95:06:41:F2:64:21:B1:5E:D0:89:19:8B:51:8A:E2:EA:1B:99 +# Fingerprint (SHA1): 89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "e-Szigno Root CA 2017" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\161\061\013\060\011\006\003\125\004\006\023\002\110\125\061 +\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145 +\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143 +\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003 +\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064 +\064\071\067\061\036\060\034\006\003\125\004\003\014\025\145\055 +\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040\062 +\060\061\067 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\161\061\013\060\011\006\003\125\004\006\023\002\110\125\061 +\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145 +\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143 +\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003 +\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064 +\064\071\067\061\036\060\034\006\003\125\004\003\014\025\145\055 +\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040\062 +\060\061\067 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\014\001\124\110\357\041\375\227\131\015\365\004\012 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\100\060\202\001\345\240\003\002\001\002\002\014\001 +\124\110\357\041\375\227\131\015\365\004\012\060\012\006\010\052 +\206\110\316\075\004\003\002\060\161\061\013\060\011\006\003\125 +\004\006\023\002\110\125\061\021\060\017\006\003\125\004\007\014 +\010\102\165\144\141\160\145\163\164\061\026\060\024\006\003\125 +\004\012\014\015\115\151\143\162\157\163\145\143\040\114\164\144 +\056\061\027\060\025\006\003\125\004\141\014\016\126\101\124\110 +\125\055\062\063\065\070\064\064\071\067\061\036\060\034\006\003 +\125\004\003\014\025\145\055\123\172\151\147\156\157\040\122\157 +\157\164\040\103\101\040\062\060\061\067\060\036\027\015\061\067 +\060\070\062\062\061\062\060\067\060\066\132\027\015\064\062\060 +\070\062\062\061\062\060\067\060\066\132\060\161\061\013\060\011 +\006\003\125\004\006\023\002\110\125\061\021\060\017\006\003\125 +\004\007\014\010\102\165\144\141\160\145\163\164\061\026\060\024 +\006\003\125\004\012\014\015\115\151\143\162\157\163\145\143\040 +\114\164\144\056\061\027\060\025\006\003\125\004\141\014\016\126 +\101\124\110\125\055\062\063\065\070\064\064\071\067\061\036\060 +\034\006\003\125\004\003\014\025\145\055\123\172\151\147\156\157 +\040\122\157\157\164\040\103\101\040\062\060\061\067\060\131\060 +\023\006\007\052\206\110\316\075\002\001\006\010\052\206\110\316 +\075\003\001\007\003\102\000\004\226\334\075\212\330\260\173\157 +\306\047\276\104\220\261\263\126\025\173\216\103\044\175\032\204 +\131\356\143\150\262\306\136\207\320\025\110\036\250\220\255\275 +\123\242\332\336\072\220\246\140\137\150\062\265\206\101\337\207 +\133\054\173\305\376\174\172\332\243\143\060\141\060\017\006\003 +\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006 +\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006 +\003\125\035\016\004\026\004\024\207\021\025\010\321\252\301\170 +\014\261\257\316\306\311\220\357\277\060\004\300\060\037\006\003 +\125\035\043\004\030\060\026\200\024\207\021\025\010\321\252\301 +\170\014\261\257\316\306\311\220\357\277\060\004\300\060\012\006 +\010\052\206\110\316\075\004\003\002\003\111\000\060\106\002\041 +\000\265\127\335\327\212\125\013\066\341\206\104\372\324\331\150 +\215\270\334\043\212\212\015\324\057\175\352\163\354\277\115\154 +\250\002\041\000\313\245\264\022\372\347\265\350\317\176\223\374 +\363\065\217\157\116\132\174\264\274\116\262\374\162\252\133\131 +\371\347\334\061 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "e-Szigno Root CA 2017" +# Issuer: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU +# Serial Number:01:54:48:ef:21:fd:97:59:0d:f5:04:0a +# Subject: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU +# Not Valid Before: Tue Aug 22 12:07:06 2017 +# Not Valid After : Fri Aug 22 12:07:06 2042 +# Fingerprint (SHA-256): BE:B0:0B:30:83:9B:9B:C3:2C:32:E4:44:79:05:95:06:41:F2:64:21:B1:5E:D0:89:19:8B:51:8A:E2:EA:1B:99 +# Fingerprint (SHA1): 89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "e-Szigno Root CA 2017" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\211\324\203\003\117\236\232\110\200\137\162\067\324\251\246\357 +\313\174\037\321 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\336\037\366\236\204\256\247\264\041\316\036\130\175\321\204\230 +END +CKA_ISSUER MULTILINE_OCTAL +\060\161\061\013\060\011\006\003\125\004\006\023\002\110\125\061 +\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145 +\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143 +\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003 +\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064 +\064\071\067\061\036\060\034\006\003\125\004\003\014\025\145\055 +\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040\062 +\060\061\067 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\014\001\124\110\357\041\375\227\131\015\365\004\012 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "certSIGN Root CA G2" +# +# Issuer: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO +# Serial Number:11:00:34:b6:4e:c6:36:2d:36 +# Subject: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO +# Not Valid Before: Mon Feb 06 09:27:35 2017 +# Not Valid After : Thu Feb 06 09:27:35 2042 +# Fingerprint (SHA-256): 65:7C:FE:2F:A7:3F:AA:38:46:25:71:F3:32:A2:36:3A:46:FC:E7:02:09:51:71:07:02:CD:FB:B6:EE:DA:33:05 +# Fingerprint (SHA1): 26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "certSIGN Root CA G2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\101\061\013\060\011\006\003\125\004\006\023\002\122\117\061 +\024\060\022\006\003\125\004\012\023\013\103\105\122\124\123\111 +\107\116\040\123\101\061\034\060\032\006\003\125\004\013\023\023 +\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103\101 +\040\107\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\101\061\013\060\011\006\003\125\004\006\023\002\122\117\061 +\024\060\022\006\003\125\004\012\023\013\103\105\122\124\123\111 +\107\116\040\123\101\061\034\060\032\006\003\125\004\013\023\023 +\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103\101 +\040\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\011\021\000\064\266\116\306\066\055\066 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\107\060\202\003\057\240\003\002\001\002\002\011\021 +\000\064\266\116\306\066\055\066\060\015\006\011\052\206\110\206 +\367\015\001\001\013\005\000\060\101\061\013\060\011\006\003\125 +\004\006\023\002\122\117\061\024\060\022\006\003\125\004\012\023 +\013\103\105\122\124\123\111\107\116\040\123\101\061\034\060\032 +\006\003\125\004\013\023\023\143\145\162\164\123\111\107\116\040 +\122\117\117\124\040\103\101\040\107\062\060\036\027\015\061\067 +\060\062\060\066\060\071\062\067\063\065\132\027\015\064\062\060 +\062\060\066\060\071\062\067\063\065\132\060\101\061\013\060\011 +\006\003\125\004\006\023\002\122\117\061\024\060\022\006\003\125 +\004\012\023\013\103\105\122\124\123\111\107\116\040\123\101\061 +\034\060\032\006\003\125\004\013\023\023\143\145\162\164\123\111 +\107\116\040\122\117\117\124\040\103\101\040\107\062\060\202\002 +\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 +\003\202\002\017\000\060\202\002\012\002\202\002\001\000\300\305 +\165\031\221\175\104\164\164\207\376\016\073\226\334\330\001\026 +\314\356\143\221\347\013\157\316\073\012\151\032\174\302\343\257 +\202\216\206\327\136\217\127\353\323\041\131\375\071\067\102\060 +\276\120\352\266\017\251\210\330\056\055\151\041\347\321\067\030 +\116\175\221\325\026\137\153\133\000\302\071\103\015\066\205\122 +\271\123\145\017\035\102\345\217\317\005\323\356\334\014\032\331 +\270\213\170\042\147\344\151\260\150\305\074\344\154\132\106\347 +\315\307\372\357\304\354\113\275\152\244\254\375\314\050\121\357 +\222\264\051\253\253\065\232\114\344\304\010\306\046\314\370\151 +\237\344\234\360\051\323\134\371\306\026\045\236\043\303\040\301 +\075\017\077\070\100\260\376\202\104\070\252\132\032\212\153\143 +\130\070\264\025\323\266\021\151\173\036\124\356\214\032\042\254 +\162\227\077\043\131\233\311\042\204\301\007\117\314\177\342\127 +\312\022\160\273\246\145\363\151\165\143\275\225\373\033\227\315 +\344\250\257\366\321\116\250\331\212\161\044\315\066\075\274\226 +\304\361\154\251\256\345\317\015\156\050\015\260\016\265\312\121 +\173\170\024\303\040\057\177\373\024\125\341\021\231\375\325\012 +\241\236\002\343\142\137\353\065\113\054\270\162\350\076\075\117 +\254\054\273\056\206\342\243\166\217\345\223\052\317\245\253\310 +\134\215\113\006\377\022\106\254\170\313\024\007\065\340\251\337 +\213\351\257\025\117\026\211\133\275\366\215\306\131\256\210\205 +\016\301\211\353\037\147\305\105\216\377\155\067\066\053\170\146 +\203\221\121\053\075\377\121\167\166\142\241\354\147\076\076\201 +\203\340\126\251\120\037\037\172\231\253\143\277\204\027\167\361 +\015\073\337\367\234\141\263\065\230\212\072\262\354\074\032\067 +\077\176\217\222\317\331\022\024\144\332\020\002\025\101\377\117 +\304\353\034\243\311\372\231\367\106\351\341\030\331\261\270\062 +\055\313\024\014\120\330\203\145\203\356\271\134\317\313\005\132 +\114\372\031\227\153\326\135\023\323\302\134\124\274\062\163\240 +\170\365\361\155\036\313\237\245\246\237\042\334\321\121\236\202 +\171\144\140\051\023\076\243\375\117\162\152\253\342\324\345\270 +\044\125\054\104\113\212\210\104\234\312\204\323\052\073\002\003 +\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001\001 +\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001 +\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016\004 +\026\004\024\202\041\055\146\306\327\240\340\025\353\316\114\011 +\167\304\140\236\124\156\003\060\015\006\011\052\206\110\206\367 +\015\001\001\013\005\000\003\202\002\001\000\140\336\032\270\347 +\362\140\202\325\003\063\201\313\006\212\361\042\111\351\350\352 +\221\177\306\063\136\150\031\003\206\073\103\001\317\007\160\344 +\010\036\145\205\221\346\021\042\267\365\002\043\216\256\271\036 +\175\037\176\154\346\275\045\325\225\032\362\005\246\257\205\002 +\157\256\370\326\061\377\045\311\112\310\307\212\251\331\237\113 +\111\233\021\127\231\222\103\021\336\266\063\244\314\327\215\144 +\175\324\315\074\050\054\264\232\226\352\115\365\304\104\304\045 +\252\040\200\330\051\125\367\340\101\374\006\046\377\271\066\365 +\103\024\003\146\170\341\021\261\332\040\137\106\000\170\000\041 +\245\036\000\050\141\170\157\250\001\001\217\235\064\232\377\364 +\070\220\373\270\321\263\162\006\311\161\346\201\305\171\355\013 +\246\171\362\023\013\234\367\135\016\173\044\223\264\110\333\206 +\137\336\120\206\170\347\100\346\061\250\220\166\160\141\257\234 +\067\054\021\265\202\267\252\256\044\064\133\162\014\151\015\315 +\131\237\366\161\257\234\013\321\012\070\371\006\042\203\123\045 +\014\374\121\304\346\276\342\071\225\013\044\255\257\321\225\344 +\226\327\164\144\153\161\116\002\074\252\205\363\040\243\103\071 +\166\133\154\120\376\232\234\024\036\145\024\212\025\275\243\202 +\105\132\111\126\152\322\234\261\143\062\345\141\340\123\042\016 +\247\012\111\352\313\176\037\250\342\142\200\366\020\105\122\230 +\006\030\336\245\315\057\177\252\324\351\076\010\162\354\043\003 +\002\074\246\252\330\274\147\164\075\024\027\373\124\113\027\343 +\323\171\075\155\153\111\311\050\016\056\164\120\277\014\331\106 +\072\020\206\311\247\077\351\240\354\177\353\245\167\130\151\161 +\346\203\012\067\362\206\111\152\276\171\010\220\366\002\026\144 +\076\345\332\114\176\014\064\311\371\137\266\263\050\121\247\247 +\053\252\111\372\215\145\051\116\343\153\023\247\224\243\055\121 +\155\170\014\104\313\337\336\010\157\316\243\144\253\323\225\204 +\324\271\122\124\162\173\226\045\314\274\151\343\110\156\015\320 +\307\235\047\232\252\370\023\222\335\036\337\143\237\065\251\026 +\066\354\214\270\203\364\075\211\217\315\264\027\136\327\263\027 +\101\020\135\047\163\140\205\127\111\042\007 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "certSIGN Root CA G2" +# Issuer: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO +# Serial Number:11:00:34:b6:4e:c6:36:2d:36 +# Subject: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO +# Not Valid Before: Mon Feb 06 09:27:35 2017 +# Not Valid After : Thu Feb 06 09:27:35 2042 +# Fingerprint (SHA-256): 65:7C:FE:2F:A7:3F:AA:38:46:25:71:F3:32:A2:36:3A:46:FC:E7:02:09:51:71:07:02:CD:FB:B6:EE:DA:33:05 +# Fingerprint (SHA1): 26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "certSIGN Root CA G2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\046\371\223\264\355\075\050\047\260\271\113\247\351\025\035\243 +\215\222\345\062 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\214\361\165\212\306\031\317\224\267\367\145\040\207\303\227\307 +END +CKA_ISSUER MULTILINE_OCTAL +\060\101\061\013\060\011\006\003\125\004\006\023\002\122\117\061 +\024\060\022\006\003\125\004\012\023\013\103\105\122\124\123\111 +\107\116\040\123\101\061\034\060\032\006\003\125\004\013\023\023 +\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103\101 +\040\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\011\021\000\064\266\116\306\066\055\066 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/lfs/ca-certificates b/lfs/ca-certificates index aea240a5d..96f778f93 100644 --- a/lfs/ca-certificates +++ b/lfs/ca-certificates @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 20191128 +VER = 20200620 THISAPP = ca-certificates DIR_APP = $(DIR_SRC)/$(THISAPP) From bbdfbd5036e4b9209325a8e2e403eba144eabb68 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 27 Jun 2020 14:28:18 +0000 Subject: [PATCH 49/67] core147: add ca-certificates Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/147/filelists/ca-certificates | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/147/filelists/ca-certificates diff --git a/config/rootfiles/core/147/filelists/ca-certificates b/config/rootfiles/core/147/filelists/ca-certificates new file mode 120000 index 000000000..320fea8f4 --- /dev/null +++ b/config/rootfiles/core/147/filelists/ca-certificates @@ -0,0 +1 @@ +../../../common/ca-certificates \ No newline at end of file From 421d057fd4abed0c06afb3cbe7b070b5b08ac656 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20M=C3=BCller?= Date: Mon, 22 Jun 2020 15:39:33 +0000 Subject: [PATCH 50/67] OpenSSH: update to 8.3p1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: #12418 Cc: Matthias Fischer Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter --- lfs/openssh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/openssh b/lfs/openssh index 2f3eda74f..75210060e 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@ include Config -VER = 8.2p1 +VER = 8.3p1 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091 +$(DL_FILE)_MD5 = 68d7527bf2672153ca47402f6489a1af install : $(TARGET) From 822d70e10258829ac636e253c1ae78d464c22d9d Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 27 Jun 2020 14:34:22 +0000 Subject: [PATCH 51/67] core147: add openssh Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/147/filelists/openssh | 1 + config/rootfiles/core/147/update.sh | 4 ++++ 2 files changed, 5 insertions(+) create mode 120000 config/rootfiles/core/147/filelists/openssh diff --git a/config/rootfiles/core/147/filelists/openssh b/config/rootfiles/core/147/filelists/openssh new file mode 120000 index 000000000..d8c77fd8e --- /dev/null +++ b/config/rootfiles/core/147/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/147/update.sh b/config/rootfiles/core/147/update.sh index 8d8c04048..37590f73a 100644 --- a/config/rootfiles/core/147/update.sh +++ b/config/rootfiles/core/147/update.sh @@ -44,6 +44,9 @@ extract_files # update linker config ldconfig +# Apply local configuration to sshd_config +/usr/local/bin/sshctrl + # Update Language cache /usr/local/bin/update-lang-cache @@ -52,6 +55,7 @@ ldconfig # Start services /etc/init.d/squid start +/etc/init.d/sshd restart # This update needs a reboot... touch /var/run/need_reboot From abbec6069a551bc3dffd27ef7e0eaa53b0ba2412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20M=C3=BCller?= Date: Sun, 21 Jun 2020 10:57:00 +0000 Subject: [PATCH 52/67] proxy.cgi: remove old CVS licence clutter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter --- html/cgi-bin/proxy.cgi | 7 ------- 1 file changed, 7 deletions(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 73646a5ae..d1de4522d 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -18,13 +18,6 @@ # along with this program. If not, see . # # # ############################################################################### -# -# (c) 2004-2009 marco.s - http://www.advproxy.net -# -# This code is distributed under the terms of the GPL -# -# $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $ -# use strict; use Apache::Htpasswd; From 0f8251fe64dd8d799713e0f42cc01785f5ce2bc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20M=C3=BCller?= Date: Sun, 21 Jun 2020 10:57:29 +0000 Subject: [PATCH 53/67] Revert "proxy: Remove AUTH_IPCACHE_TTL" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit dc637f087fe07ab26ae1dee00133da69bab5e6a1. Rationale: "authenticate_ip_ttl" can be safely used as it does not introduces an authentication bypass, but saves relationships between successfully authenticated users and their IP addresses. "max_user_ip" depends on such an authentication cache, so credential sharing between several IPs (on purpose or by chance) can be detected properly. This is useful in case of crompromised machines and/or attackers in internal networks having stolen proxy authentication credentials. Quoted from squid.conf.documented or man 5 squid.conf: > acl aclname max_user_ip [-s] number > # This will be matched when the user attempts to log in from more > # than different ip addresses. The authenticate_ip_ttl > # parameter controls the timeout on the ip entries. [fast] > # If -s is specified the limit is strict, denying browsing > # from any further IP addresses until the ttl has expired. Without > # -s Squid will just annoy the user by "randomly" denying requests. > # (the counter is reset each time the limit is reached and a > # request is denied) > # NOTE: in acceleration mode or where there is mesh of child proxies, > # clients may appear to come from multiple addresses if they are > # going through proxy farms, so a limit of 1 may cause user problems. Fixes: #11994 Cc: Michael Tremer Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter --- doc/language_issues.de | 3 --- doc/language_issues.en | 2 ++ doc/language_issues.es | 7 ++----- doc/language_issues.fr | 3 --- doc/language_issues.it | 3 --- doc/language_issues.nl | 3 --- doc/language_issues.pl | 7 ++----- doc/language_issues.ru | 5 +---- doc/language_issues.tr | 3 --- html/cgi-bin/proxy.cgi | 32 +++++++++++++++++++++----------- 10 files changed, 28 insertions(+), 40 deletions(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index 2dc986d0a..f2d628d51 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -48,7 +48,6 @@ WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password WARNING: translation string unused: adsl settings WARNING: translation string unused: advproxy AUTH method ntlm -WARNING: translation string unused: advproxy AUTH user IP cache TTL WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM BDC hostname WARNING: translation string unused: advproxy NTLM PDC hostname @@ -73,8 +72,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username -WARNING: translation string unused: advproxy content based throttling -WARNING: translation string unused: advproxy errmsg auth ipcache ttl WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc diff --git a/doc/language_issues.en b/doc/language_issues.en index 88fa6ed79..76c4237d4 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -128,6 +128,7 @@ WARNING: untranslated string: advproxy AUTH method radius = RADIUS WARNING: untranslated string: advproxy AUTH no auth = Domains without authentication (one per line) WARNING: untranslated string: advproxy AUTH number of auth processes = Number of authentication processes WARNING: untranslated string: advproxy AUTH realm = Authentication realm prompt +WARNING: untranslated string: advproxy AUTH user IP cache TTL = User/IP cache TTL (in minutes) WARNING: untranslated string: advproxy IDENT authorized users = Authorized users (one per line) WARNING: untranslated string: advproxy IDENT aware hosts = Ident aware hosts (one per line) WARNING: untranslated string: advproxy IDENT identd settings = Common identd settings @@ -206,6 +207,7 @@ WARNING: untranslated string: advproxy errmsg acl cannot be empty = Access contr WARNING: untranslated string: advproxy errmsg auth cache ttl = Invalid value for authentication cache TTL WARNING: untranslated string: advproxy errmsg auth children = Invalid number of authentication processes WARNING: untranslated string: advproxy errmsg auth ipcache may not be null = Authentication cache TTL may not be 0 when using IP address limits +WARNING: untranslated string: advproxy errmsg auth ipcache ttl = Invalid value for user/IP cache TTL WARNING: untranslated string: advproxy errmsg cache = The RAM cache size is greater than the harddisk cache size: WARNING: untranslated string: advproxy errmsg hdd cache size = Invalid value for harddisk cache size (min 10 MB required) WARNING: untranslated string: advproxy errmsg ident timeout = Invalid ident timeout diff --git a/doc/language_issues.es b/doc/language_issues.es index ef78d6680..4d74fe91b 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -24,7 +24,6 @@ WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password -WARNING: translation string unused: advproxy AUTH user IP cache TTL WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM BDC hostname WARNING: translation string unused: advproxy NTLM PDC hostname @@ -49,8 +48,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username -WARNING: translation string unused: advproxy content based throttling -WARNING: translation string unused: advproxy errmsg auth ipcache ttl WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -900,7 +897,7 @@ WARNING: untranslated string: fireinfo please enable = Please enable the fireinf WARNING: untranslated string: fireinfo settings = Fireinfo settings WARNING: untranslated string: fireinfo system version = System versions WARNING: untranslated string: fireinfo why descr1 = It is very important for the development of IPFire that you enable this -WARNING: untranslated string: fireinfo why descr2 = service. +WARNING: untranslated string: fireinfo why descr2 = service. WARNING: untranslated string: fireinfo why enable = Why should I enable fireinfo? WARNING: untranslated string: fireinfo why read more = Read more about the reasons. WARNING: untranslated string: fireinfo your profile id = Your profile ID @@ -958,7 +955,7 @@ WARNING: untranslated string: fwdfw err tgt_port = Invalid destination port. WARNING: untranslated string: fwdfw err time = You have to select at least one day. WARNING: untranslated string: fwdfw external port nat = External port (NAT) WARNING: untranslated string: fwdfw hint ip1 = The last generated rule may never match, because source and destination subnets may overlap. -WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: +WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: WARNING: untranslated string: fwdfw hint mac = The destination group contains MAC addresses, which will be skipped during rule creation. WARNING: untranslated string: fwdfw iface = Interface WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections per IP address diff --git a/doc/language_issues.fr b/doc/language_issues.fr index fd10b171e..c5953d5ba 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -52,7 +52,6 @@ WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password WARNING: translation string unused: adsl settings WARNING: translation string unused: advproxy AUTH method ntlm -WARNING: translation string unused: advproxy AUTH user IP cache TTL WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM BDC hostname WARNING: translation string unused: advproxy NTLM PDC hostname @@ -77,8 +76,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username -WARNING: translation string unused: advproxy content based throttling -WARNING: translation string unused: advproxy errmsg auth ipcache ttl WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc diff --git a/doc/language_issues.it b/doc/language_issues.it index 16ff776b5..059c73a59 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -26,7 +26,6 @@ WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password WARNING: translation string unused: advproxy AUTH method ntlm -WARNING: translation string unused: advproxy AUTH user IP cache TTL WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM BDC hostname WARNING: translation string unused: advproxy NTLM PDC hostname @@ -51,8 +50,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username -WARNING: translation string unused: advproxy content based throttling -WARNING: translation string unused: advproxy errmsg auth ipcache ttl WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 328a8e1f2..8a79baa83 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -25,7 +25,6 @@ WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password -WARNING: translation string unused: advproxy AUTH user IP cache TTL WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM BDC hostname WARNING: translation string unused: advproxy NTLM PDC hostname @@ -50,8 +49,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username -WARNING: translation string unused: advproxy content based throttling -WARNING: translation string unused: advproxy errmsg auth ipcache ttl WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc diff --git a/doc/language_issues.pl b/doc/language_issues.pl index ef78d6680..4d74fe91b 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -24,7 +24,6 @@ WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password -WARNING: translation string unused: advproxy AUTH user IP cache TTL WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM BDC hostname WARNING: translation string unused: advproxy NTLM PDC hostname @@ -49,8 +48,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username -WARNING: translation string unused: advproxy content based throttling -WARNING: translation string unused: advproxy errmsg auth ipcache ttl WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -900,7 +897,7 @@ WARNING: untranslated string: fireinfo please enable = Please enable the fireinf WARNING: untranslated string: fireinfo settings = Fireinfo settings WARNING: untranslated string: fireinfo system version = System versions WARNING: untranslated string: fireinfo why descr1 = It is very important for the development of IPFire that you enable this -WARNING: untranslated string: fireinfo why descr2 = service. +WARNING: untranslated string: fireinfo why descr2 = service. WARNING: untranslated string: fireinfo why enable = Why should I enable fireinfo? WARNING: untranslated string: fireinfo why read more = Read more about the reasons. WARNING: untranslated string: fireinfo your profile id = Your profile ID @@ -958,7 +955,7 @@ WARNING: untranslated string: fwdfw err tgt_port = Invalid destination port. WARNING: untranslated string: fwdfw err time = You have to select at least one day. WARNING: untranslated string: fwdfw external port nat = External port (NAT) WARNING: untranslated string: fwdfw hint ip1 = The last generated rule may never match, because source and destination subnets may overlap. -WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: +WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: WARNING: untranslated string: fwdfw hint mac = The destination group contains MAC addresses, which will be skipped during rule creation. WARNING: untranslated string: fwdfw iface = Interface WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections per IP address diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 0a579d406..d435f0437 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -25,7 +25,6 @@ WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password -WARNING: translation string unused: advproxy AUTH user IP cache TTL WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM BDC hostname WARNING: translation string unused: advproxy NTLM PDC hostname @@ -50,8 +49,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username -WARNING: translation string unused: advproxy content based throttling -WARNING: translation string unused: advproxy errmsg auth ipcache ttl WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -952,7 +949,7 @@ WARNING: untranslated string: fwdfw err tgt_port = Invalid destination port. WARNING: untranslated string: fwdfw err time = You have to select at least one day. WARNING: untranslated string: fwdfw external port nat = External port (NAT) WARNING: untranslated string: fwdfw hint ip1 = The last generated rule may never match, because source and destination subnets may overlap. -WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: +WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: WARNING: untranslated string: fwdfw hint mac = The destination group contains MAC addresses, which will be skipped during rule creation. WARNING: untranslated string: fwdfw iface = Interface WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections per IP address diff --git a/doc/language_issues.tr b/doc/language_issues.tr index d04c99305..d4cbbac2d 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -48,7 +48,6 @@ WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password WARNING: translation string unused: adsl settings WARNING: translation string unused: advproxy AUTH method ntlm -WARNING: translation string unused: advproxy AUTH user IP cache TTL WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM BDC hostname WARNING: translation string unused: advproxy NTLM PDC hostname @@ -73,8 +72,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username -WARNING: translation string unused: advproxy content based throttling -WARNING: translation string unused: advproxy errmsg auth ipcache ttl WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index d1de4522d..fdf9bddaf 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -232,6 +232,7 @@ $proxysettings{'AUTH_METHOD'} = 'none'; $proxysettings{'AUTH_REALM'} = ''; $proxysettings{'AUTH_MAX_USERIP'} = ''; $proxysettings{'AUTH_CACHE_TTL'} = '60'; +$proxysettings{'AUTH_IPCACHE_TTL'} = '0'; $proxysettings{'AUTH_CHILDREN'} = '5'; $proxysettings{'NCSA_MIN_PASS_LEN'} = '6'; $proxysettings{'NCSA_BYPASS_REDIR'} = 'off'; @@ -437,18 +438,23 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} } } } - if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'}; - goto ERROR; - } if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255))) { $errormessage = $Lang::tr{'advproxy errmsg max userip'}; goto ERROR; } - if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) + if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/)) + { + $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'}; + goto ERROR; + } + if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/)) + { + $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'}; + goto ERROR; + } + if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'}; goto ERROR; @@ -1735,6 +1741,10 @@ print <$Lang::tr{'advproxy AUTH limit of IP addresses'}: + + $Lang::tr{'advproxy AUTH user IP cache TTL'}: + + $Lang::tr{'advproxy AUTH always required'}: @@ -2031,6 +2041,7 @@ print < + @@ -2042,6 +2053,7 @@ print < + END ; } @@ -3255,11 +3267,6 @@ END } print FILE "\n"; - # If we use authentication, users must always authenticate - unless ($proxysettings{"AUTH_METHOD"} eq "") { - print FILE "authenticate_ip_ttl 0\n\n"; - } - if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) { if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') @@ -3268,6 +3275,7 @@ END print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n"; print FILE "auth_param basic realm $authrealm\n"; print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n"; + if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } } if ($proxysettings{'AUTH_METHOD'} eq 'ldap') @@ -3312,6 +3320,7 @@ END print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n"; print FILE "auth_param basic realm $authrealm\n"; print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n"; + if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } } if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') @@ -3352,6 +3361,7 @@ END print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n"; print FILE "auth_param basic realm $authrealm\n"; print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n"; + if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } } print FILE "\n"; From 429f48bd38805d3ea624a94ff33ade4834d9ebf5 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 1 Jul 2020 12:09:45 +0000 Subject: [PATCH 54/67] core147: add proxy.cgi Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/147/filelists/files | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/147/filelists/files b/config/rootfiles/core/147/filelists/files index fe33d7d71..3c758bee9 100644 --- a/config/rootfiles/core/147/filelists/files +++ b/config/rootfiles/core/147/filelists/files @@ -11,5 +11,6 @@ etc/rc.d/init.d/networking/any etc/rc.d/init.d/networking/red etc/rc.d/init.d/partresize etc/sysctl.conf +srv/web/ipfire/cgi-bin/proxy.cgi var/ipfire/header.pl var/ipfire/general-functions.pl From ab88da11a6a6f69f68c84031ea084778607edb37 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Sun, 28 Jun 2020 09:01:33 +0200 Subject: [PATCH 55/67] ntp: Update to 4.2.8p15 For details see: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Arne Fitzenreiter --- lfs/ntp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/ntp b/lfs/ntp index 9a12e4e10..3c4a97033 100644 --- a/lfs/ntp +++ b/lfs/ntp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.2.8p14 +VER = 4.2.8p15 THISAPP = ntp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 783edaf1d68ddf651bde64eda54a579d +$(DL_FILE)_MD5 = e1e6b23d2fc75cced41801dbcd6c2561 install : $(TARGET) From dcbdc8f587a34e2790ac1e9caa7e804063d61a33 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 1 Jul 2020 12:11:51 +0000 Subject: [PATCH 56/67] core147: add ntp Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/147/filelists/ntp | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/147/filelists/ntp diff --git a/config/rootfiles/core/147/filelists/ntp b/config/rootfiles/core/147/filelists/ntp new file mode 120000 index 000000000..7542d86cb --- /dev/null +++ b/config/rootfiles/core/147/filelists/ntp @@ -0,0 +1 @@ +../../../common/ntp \ No newline at end of file From 78b65ea7e39c89573b7bf60c5d55b925363de832 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 29 Jun 2020 14:53:17 +0000 Subject: [PATCH 57/67] firewall: Configure TRACE target to log to syslog Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter --- src/initscripts/system/firewall | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index b0890c717..ab3a0bbf9 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -32,6 +32,10 @@ iptables_init() { iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT + # Enable TRACE logging to syslog + modprobe nf_log_ipv4 + sysctl -q -w net.netfilter.nf_log.2=nf_log_ipv4 + # Empty LOG_DROP and LOG_REJECT chains iptables -N LOG_DROP iptables -A LOG_DROP -m limit --limit 10/second -j LOG From a920fdc343fa2b681f7ace9b64274e746cd120ef Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 1 Jul 2020 12:17:11 +0000 Subject: [PATCH 58/67] remove nf_log_ipv4 from sysctl.conf the revert commit has failed and sysctl.conf should still shipped to fix machines in next tree. Signed-off-by: Arne Fitzenreiter --- config/etc/sysctl.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 98a0dbe63..7e7ebee44 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -34,9 +34,6 @@ net.ipv6.conf.default.disable_ipv6 = 1 # Enable netfilter accounting net.netfilter.nf_conntrack_acct=1 -# Enable TRACE logging to syslog -net.netfilter.nf_log.2=nf_log_ipv4 - # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 From ccf13cc9db7f98224b0c82e43dbe71eab449214b Mon Sep 17 00:00:00 2001 From: Stephan Feddersen Date: Sun, 28 Jun 2020 12:29:26 +0200 Subject: [PATCH 59/67] WIO - new version 1.3.2-9 Signed-off-by: Arne Fitzenreiter --- lfs/wio | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/wio b/lfs/wio index 57dee7e31..29581dca6 100644 --- a/lfs/wio +++ b/lfs/wio @@ -15,7 +15,7 @@ THISAPP = wio-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = wio -PAK_VER = 8 +PAK_VER = 9 ############################################################################### # Top-level Rules From 445c4ccd1eb34f038deeb73e38d3e775e53d8189 Mon Sep 17 00:00:00 2001 From: Stephan Feddersen Date: Sun, 28 Jun 2020 12:34:18 +0200 Subject: [PATCH 60/67] WIO - cleaned up language files Signed-off-by: Arne Fitzenreiter --- src/wio/lang/wio.de.pl | 19 +++++++++---------- src/wio/lang/wio.en.pl | 19 +++++++++---------- src/wio/lang/wio.fr.pl | 21 ++++++++++----------- src/wio/lang/wio.tr.pl | 15 +++++++-------- 4 files changed, 35 insertions(+), 39 deletions(-) diff --git a/src/wio/lang/wio.de.pl b/src/wio/lang/wio.de.pl index 2544cef82..78e4747b3 100644 --- a/src/wio/lang/wio.de.pl +++ b/src/wio/lang/wio.de.pl @@ -22,7 +22,7 @@ 'wio enabled' => 'Aktivieren?', 'wio min' => 'Minute(n)', 'wio cron' => 'Zeitintervall für die Überprüfung:', -'wio_ovpn_cron' => 'Zeitintervall für die Überprüfung des OpenVPN RW und IPSec Status:', +'wio_ovpn_cron' => 'Zeitintervall für die Überprüfung des OpenVPN RW und IPsec Status:', 'wio_save' => 'Speichern', 'wio_error' => 'Fehlermeldung:', 'wio_info' => 'Meldung:', @@ -61,18 +61,18 @@ 'wio_graphs' => 'Graphen anzeigen', 'wio_no_graphs' => 'Keine Graphen vorhanden', 'wio_graphs_stat' => 'Diagramme für', -'wio_vpn_con' => 'VPN - Verbindung(en):', +'wio_vpn_con' => 'IPsec - Verbindung(en):', 'wio_wan_con' => 'WAN - Verbindung:', 'wio_clients' => 'Clients:', 'wio click to disable' => 'Aktiviert', 'wio click to enable' => 'Deaktiviert', 'wio_net_scan' => 'Netzwerk(e) durchsuchen:', -'wio_net_scan_vl' => '', -'wio_net_scan_l' => 'Netzwerk an', -'wio_net_scan_r' => 'durchsuchen:', +'wio_net_scan_l' => '', +'wio_net_scan_r' => 'Netzwerk durchsuchen:', 'wio_net_scan_green' => 'grünes', 'wio_net_scan_blue' => 'blaues', 'wio_net_scan_orange' => 'oranges', +'wio_net_scan_red' => 'rotes', 'wio_net_scan_run' => 'Starten', 'wio_sort_host' => 'Nach Hostnamen (FQDN) sortieren', 'wio_sort_ip' => 'Nach IP Adressen sortieren', @@ -108,7 +108,6 @@ 'wio_fqdn_on' => 'Überprüfen per FQDN aktiviert (klicken, um per IP zu aktivieren)', 'wio_client_add' => 'Eingaben anwenden', 'wio_config' => 'Client(s) konfigurieren:', -'wio_settings_msg' => 'Einstellungen bearbeiten:', 'wio_settings_msg_hint' => 'Um Who Is Online? benutzen zu können, müssen hier grundsätzliche Einstellungen vorgenommen werden.', 'wio_sub' => 'WIO Client-Status-Mail', 'wio timeout' => 'Ping Timeout:', @@ -122,7 +121,7 @@ 'wio_mail_style' => 'WIO Client Statusmails versenden als', 'wio_mail_smail' => 'Sammelmail', 'wio_mail_email' => 'Einzelmails', -'wio_mail_ovpnrw' => 'OpenVPN RW und IPSec Statusmails aktivieren?', +'wio_mail_ovpnrw' => 'OpenVPN RW und IPsec Statusmails aktivieren?', 'wio_edit_set' => 'Konfiguration', 'wio_service' => 'Service:', 'wio_dyndns_success' => 'DynDNS IP ermittelt und eingetragen!', @@ -133,12 +132,13 @@ 'wio_arp_table_entries' => 'Client aus der ARP-Tabelle hinzufügen:', 'wio_activ' => 'Aktiv', 'wio_check' => 'Prüfen', -'wio_common_name' => 'Remote Host / IP', +'wio_common_name' => 'Remote Subnetz / RW IP', 'wio_msg_left' => 'Das', 'wio_msg_green' => 'grüne', 'wio_msg_blue' => 'blaue', +'wio_msg_red' => 'rote', 'wio_msg_orange' => 'orange', -'wio_msg_center' => 'Netzwerk an', +'wio_msg_center' => 'Netzwerk', 'wio_msg_right' => 'wird durchsucht.', 'wio_msg_hint' => 'Einen Moment bitte ...', 'wio_last_update' => 'Zuletzt aktualisiert', @@ -146,7 +146,6 @@ 'wio_clientremark' => 'Anmerkung anzeigen?', 'wio_already_running' => 'Die Prüfung wird bereits durchgeführt!', 'wio_error_function' => 'Diese Funktion kann im Moment nicht ausgeführt werden, da im Hintergrund gerade der Zustand (aktiv/inaktiv) der Clients aktualisiert wird.', -'wio_shutdown' => 'Herunterfahren, wenn alle Clients "offline" sind?', 'wio_unknown_lan' => 'UNBEKANNT', 'wio_red_lan' => 'ROT', 'wio_search' => 'Suche im lokalen Netzwerk nach aktiven Hosts ...', diff --git a/src/wio/lang/wio.en.pl b/src/wio/lang/wio.en.pl index be0046fe7..57ce6d200 100644 --- a/src/wio/lang/wio.en.pl +++ b/src/wio/lang/wio.en.pl @@ -22,7 +22,7 @@ 'wio enabled' => 'Enable?', 'wio min' => 'Minute(s)', 'wio cron' => 'Time interval for checking:', -'wio_ovpn_cron' => 'Time interval for checking the OpenVPN RW and IPSec Status:', +'wio_ovpn_cron' => 'Time interval for checking the OpenVPN RW and IPsec Status:', 'wio_save' => 'Save', 'wio_error' => 'errormessage:', 'wio_info' => 'message:', @@ -61,18 +61,18 @@ 'wio_graphs' => 'Show graphs', 'wio_no_graphs' => 'No graphs available', 'wio_graphs_stat' => 'Diagram for', -'wio_vpn_con' => 'VPN - Connection(s):', +'wio_vpn_con' => 'IPsec - Connection(s):', 'wio_wan_con' => 'WAN - Connection:', 'wio_clients' => 'clients:', 'wio click to disable' => 'Activated', 'wio click to enable' => 'Deactivated', 'wio_net_scan' => 'Scan network(s):', -'wio_net_scan_vl' => 'Scan', -'wio_net_scan_l' => 'network on', -'wio_net_scan_r' => '', +'wio_net_scan_l' => 'scan', +'wio_net_scan_r' => 'network', 'wio_net_scan_green' => 'green', 'wio_net_scan_blue' => 'blue', 'wio_net_scan_orange' => 'orange', +'wio_net_scan_red' => 'red', 'wio_net_scan_run' => 'Start', 'wio_sort_host' => 'Sort Hostnames (FQDN)', 'wio_sort_ip' => 'Sort IP-Adresses', @@ -108,7 +108,6 @@ 'wio_fqdn_on' => 'Send ping to FQDN enabled (click to enable IP)', 'wio_client_add' => 'Use settings', 'wio_config' => 'Configure Client(s):', -'wio_settings_msg' => 'Configure settings:', 'wio_settings_msg_hint' => 'Here you have to set some values to get the addon started.', 'wio_sub' => 'WIO Client-Status-Mail', 'wio timeout' => 'Ping Timeout:', @@ -122,7 +121,7 @@ 'wio_mail_style' => 'Send WIO client statusmails as', 'wio_mail_smail' => 'Collected mail', 'wio_mail_email' => 'Single mails', -'wio_mail_ovpnrw' => 'Enable OpenVPN RW and IPSec Statusmails?', +'wio_mail_ovpnrw' => 'Enable OpenVPN RW and IPsec Statusmails?', 'wio_edit_set' => 'Configuration', 'wio_service' => 'Service:', 'wio_dyndns_success' => 'DynDNS IP identified and registered!', @@ -133,12 +132,13 @@ 'wio_arp_table_entries' => 'Add client from ARP-Table:', 'wio_activ' => 'Active', 'wio_check' => 'Check', -'wio_common_name' => 'Remote Host/IP', +'wio_common_name' => 'Remote Subnet/RW IP', 'wio_msg_left' => 'Searching on the', 'wio_msg_green' => 'green', 'wio_msg_blue' => 'blue', +'wio_msg_red' => 'red', 'wio_msg_orange' => 'orange', -'wio_msg_center' => 'Interface on', +'wio_msg_center' => 'Interface', 'wio_msg_right' => 'is being examined.', 'wio_msg_hint' => 'One moment please ...', 'wio_last_update' => 'Last update', @@ -146,7 +146,6 @@ 'wio_clientremark' => 'Show remark?', 'wio_already_running' => 'This check is already running!', 'wio_error_function' => 'This function is temporarily unavailable, because in the background client states are being updated (active/inactive).', -'wio_shutdown' => 'Shutdown when all clients are "offline"?', 'wio_unknown_lan' => 'UNKNOWN', 'wio_red_lan' => 'RED', 'wio_search' => 'Searching for active hosts in the local network ...', diff --git a/src/wio/lang/wio.fr.pl b/src/wio/lang/wio.fr.pl index b9acd5c6d..9e8bdbc22 100644 --- a/src/wio/lang/wio.fr.pl +++ b/src/wio/lang/wio.fr.pl @@ -22,7 +22,7 @@ 'wio enabled' => 'Activer le service ?', 'wio min' => 'minute(s)', 'wio cron' => 'Interval de temps pour la mise à jour :', -'wio_ovpn_cron' => 'Interval de temps pour vérifier l\'état d\'OpenVPN RW et IPSec :', +'wio_ovpn_cron' => 'Interval de temps pour vérifier l\'état d\'OpenVPN RW et IPsec :', 'wio_save' => 'Sauvegarder', 'wio_error' => 'message d\'erreur :', 'wio_info' => 'message :', @@ -61,18 +61,18 @@ 'wio_graphs' => 'Afficher le graphique', 'wio_no_graphs' => 'Pas de graphique disponible', 'wio_graphs_stat' => 'Graphique pour', -'wio_vpn_con' => 'Connexion(s) VPN :', +'wio_vpn_con' => 'Connexion(s) IPsec :', 'wio_wan_con' => 'Connexion WAN :', 'wio_clients' => 'Clients :', 'wio click to disable' => 'Activé', 'wio click to enable' => 'Désactivé', 'wio_net_scan' => 'Scan réseau(s) :', -'wio_net_scan_vl' => 'Scan réseau', -'wio_net_scan_l' => 'sur', +'wio_net_scan_l' => 'Scan réseau', 'wio_net_scan_r' => '', 'wio_net_scan_green' => 'vert', 'wio_net_scan_blue' => 'bleu', 'wio_net_scan_orange' => 'orange', +'wio_net_scan_red' => 'rouge', 'wio_net_scan_run' => 'Démarrer la recherche', 'wio_sort_host' => 'Trier noms d\'hôtes (FQDN)', 'wio_sort_ip' => 'Trier adresses IP', @@ -108,7 +108,6 @@ 'wio_fqdn_on' => 'Envoi ping vers FQDN activé (cliquer pour activer IP)', 'wio_client_add' => 'Valider ces paramètres', 'wio_config' => 'Configurer client(s) :', -'wio_settings_msg' => 'Paramètres de configuration :', 'wio_settings_msg_hint' => 'Dans cette zone, vous pouvez personnaliser des paramètres du module.', 'wio_sub' => 'WIO Client-Status-Mail', 'wio timeout' => 'Temps de réponse max. du ping :', @@ -122,7 +121,7 @@ 'wio_mail_style' => 'Envoyer les messages d\'état du client WIO en tant que ', 'wio_mail_smail' => 'Email collectif', 'wio_mail_email' => 'Email simple', -'wio_mail_ovpnrw' => 'Activer les messages d\'état OpenVPN RW et IPSec ?', +'wio_mail_ovpnrw' => 'Activer les messages d\'état OpenVPN RW et IPsec ?', 'wio_edit_set' => 'Configuration', 'wio_service' => 'Paramètres du service "Qui est en ligne ?" :', 'wio_dyndns_success' => 'IP DynDNS identifié et enregistré !', @@ -137,20 +136,20 @@ 'wio_msg_left' => 'La recherche du réseau ', 'wio_msg_green' => 'vert', 'wio_msg_blue' => 'bleu', +'wio_msg_red' => 'rouge', 'wio_msg_orange' => 'orange', -'wio_msg_center' => 'sur l\'interface', +'wio_msg_center' => 'l\'interface', 'wio_msg_right' => 'est en cours.', 'wio_msg_hint' => 'Un moment SVP...', 'wio_last_update' => 'Dernière mise à jour', -'wio_disable_hint' => 'Attention ! Tous les paramètres vont être réinitialisés, y compris le client à vérifier !', +'wio_disable_hint' => 'Attention ! Tous les paramètres vont être réinitialisés , y compris le client à vérifier !', 'wio_clientremark' => 'Afficher la remarque ?', 'wio_already_running' => 'Cette vérification est déjà en cours d\'exécution !', -'wio_error_function' => 'Cette fonction est temporairement indisponible, car les états du client sont mis à jour en arrière-plan (actif / inactif).', -'wio_shutdown' => 'Arrêter IPFire quand tous les clients sont "hors ligne" ?', +'wio_error_function' => 'Cette fonction est temporairement indisponible, car en arrière-plan les états du client sont mis à jour (actif / inactif).', 'wio_unknown_lan' => 'INCONNU', 'wio_red_lan' => 'ROUGE', 'wio_search' => 'Recherche d\'hôtes actifs sur le réseau local...', -'wio_answer' => 'Réponse', +'wio_answer' => 'Answer', 'wio_answer_time' => 'Temps de réponse', 'wio_scriptruntime' => 'Temps d\'exécution du script', 'wio_show_table_off' => 'Cacher la table', diff --git a/src/wio/lang/wio.tr.pl b/src/wio/lang/wio.tr.pl index fb7137854..399011d5d 100644 --- a/src/wio/lang/wio.tr.pl +++ b/src/wio/lang/wio.tr.pl @@ -22,7 +22,7 @@ 'wio enabled' => 'Aktif', 'wio min' => 'dakika', 'wio cron' => 'Kontrol için zaman aralığı', -'wio_ovpn_cron' => 'OpenVPN RW ve IPSec durum kontrolü için zaman aralığı', +'wio_ovpn_cron' => 'OpenVPN RW ve IPsec durum kontrolü için zaman aralığı', 'wio_save' => 'Kaydet', 'wio_error' => 'Hata mesajı', 'wio_info' => 'Mesaj', @@ -62,18 +62,18 @@ 'wio_graphs' => 'Grafiği göster', 'wio_no_graphs' => 'Henüz grafik yok', 'wio_graphs_stat' => 'Diyagram - ', -'wio_vpn_con' => 'VPN - Bağlantı(lar)', +'wio_vpn_con' => 'IPsec - Bağlantı(lar)', 'wio_wan_con' => 'WAN - Bağlantı', 'wio_clients' => 'İstemciler', 'wio click to disable' => 'Aktifleştirildi', 'wio click to enable' => 'Pasifleştirildi', 'wio_net_scan' => 'Ağ tarama', -'wio_net_scan_vl' => 'Tara', -'wio_net_scan_l' => 'ağdaki', -'wio_net_scan_r' => '', +'wio_net_scan_l' => 'Tara', +'wio_net_scan_r' => 'ağdaki', 'wio_net_scan_green' => 'yeşil', 'wio_net_scan_blue' => 'mavi', 'wio_net_scan_orange' => 'turuncu', +'wio_net_scan_red' => 'kirmizi', 'wio_net_scan_run' => 'Tara', 'wio_sort_host' => 'Ana bilgisayar adlarına (FQDN) göre sırala', 'wio_sort_ip' => 'IP adreslerine göre sırala', @@ -109,7 +109,6 @@ 'wio_fqdn_on' => 'Aktif FQDN adresine ping gönderin (IP aktifleştirmek için tıklayın)', 'wio_client_add' => 'Kullanılan Ayarlar', 'wio_config' => 'İstemci(leri) yapılandır', -'wio_settings_msg' => 'Yapılandırma ayarları', 'wio_settings_msg_hint' => 'Eklentinin başlatılabilmesi için buradaki bazı seçeneklerin seçilmesi gerekir.', 'wio_sub' => 'WIO İstemci-Durup-Eposta', 'wio timeout' => 'Ping zaman aşımı', @@ -123,7 +122,7 @@ 'wio_mail_style' => 'Kimler çevrimiçi istemci durumunu e-posta olarak gönder', 'wio_mail_smail' => 'Toplam e-posta', 'wio_mail_email' => 'Tek e-posta', -'wio_mail_ovpnrw' => 'OpenVPN RW ve IPSec durumu e-postasını aktifleştir', +'wio_mail_ovpnrw' => 'OpenVPN RW ve IPsec durumu e-postasını aktifleştir', 'wio_edit_set' => 'Yapılandırma', 'wio_service' => 'Hizmetler', 'wio_dyndns_success' => 'esbit ve tescil edilen DynDNS IP!', @@ -138,6 +137,7 @@ 'wio_msg_left' => 'Taranıyor', 'wio_msg_green' => 'yeşil', 'wio_msg_blue' => 'mavi', +'wio_msg_red' => 'kirmizi', 'wio_msg_orange' => 'turuncu', 'wio_msg_center' => 'ağdaki', 'wio_msg_right' => 'incelenmektedir.', @@ -147,7 +147,6 @@ 'wio_clientremark' => 'Açıklamaları göster', 'wio_already_running' => 'Bu kontrol zaten çalışıyor!', 'wio_error_function' => 'Bu özellik geçici olarak kullanılamıyor çünkü arka planda istemci durumları güncellenmektedir (aktif/pasif)', -'wio_shutdown' => 'Tüm istemciler "çevrimdışı" olduğunda kapat', 'wio_unknown_lan' => 'BİLİNMEYEN', 'wio_red_lan' => 'KIRMIZI', 'wio_search' => 'Yerel ağda aktif ana bilgisayarlar aranıyor...', From 391a24591e67e4361fc8b84272d2b381d9d8357e Mon Sep 17 00:00:00 2001 From: Stephan Feddersen Date: Sun, 28 Jun 2020 12:41:55 +0200 Subject: [PATCH 61/67] WIO - shutdown function removed, adjustments to IPsec status display Signed-off-by: Arne Fitzenreiter --- src/wio/wio.cgi | 316 ++++++++++++++++++++++++------------------------ 1 file changed, 160 insertions(+), 156 deletions(-) diff --git a/src/wio/wio.cgi b/src/wio/wio.cgi index 3094ec30c..a92a44473 100644 --- a/src/wio/wio.cgi +++ b/src/wio/wio.cgi @@ -21,14 +21,14 @@ # # ############################################################################### # -# Version: 2020/26/04 19:35:23 +# Version: 2020/06/01 13:29:23 # -# This wio.cgi is based on the Code from the IPCop WIO Addon +# This wio.cgi is based on the code from the IPCop WIO Addon # and is extremly adapted to work with IPFire. # # Autor: Stephan Feddersen # Co-Autor: Alexander Marx -# Co-Autor: Frank Mainz (for some Code for the IPCop WIO Addon) +# Co-Autor: Frank Mainz (for some code for the IPCop WIO Addon) # use strict; @@ -55,7 +55,7 @@ require '/usr/lib/wio/wio-graphs.pl'; my $logdir = "/var/log/wio"; -my ( %mainsettings, %mailsettings, %wiosettings, %cgiparams, %netsettings, %ipshash, +my ( %mainsettings, %mailsettings, %wiosettings, %cgiparams, %netsettings, %ipshash, %vpnsettings, %vpnconfighash, %ovpnconfighash, %ovpnccdconfhash, %ovpnsettings, %checked, %selected, %color ) = (); &General::readhash('/var/ipfire/main/settings', \%mainsettings); @@ -67,6 +67,7 @@ my ( %mainsettings, %mailsettings, %wiosettings, %cgiparams, %netsettings, %ipsh &General::readhash('/var/ipfire/ovpn/settings', \%ovpnsettings); &General::readhasharray('/var/ipfire/ovpn/ccd.conf', \%ovpnccdconfhash); &General::readhasharray('/var/ipfire/vpn/config', \%vpnconfighash); +&General::readhash('/var/ipfire/vpn/settings', \%vpnsettings); my $ipadrfile = "$logdir/wioips"; my $onoffip = "$logdir/wioscip"; @@ -112,7 +113,7 @@ my $networksearchbuttontext = "$Lang::tr{'wio_show_table_on'}"; my ( $message, $infomessage, $errormessage, $importmessage ) = ''; my ( $buttontext, $host, $timestamp, $ipadr, $on, $remark, $dyndns, $dyndnsip, $sendemailon, $net, $dev, $iprange, $output, $write, $webinterface, - $sendemailoff, $pingmethode, $online, $color, $bgcolor, $exitcode, $id, $line, $interface, $counter, $vpnn2nip, $vpnn2nmask, $ddns, $edc, + $sendemailoff, $pingmethode, $online, $color, $bgcolor, $exitcode, $id, $line, $interface, $counter, $vpnn2nip, $vpnn2nmask, $edc, $edd, $wmon, $wmoff, $ipfqdn, $http, $wioscan, $statustxt, $status, $key, $ic, $text, $image ) = (); my ( @temp, @dates, @ipaddresses, @names, @remark, @sendemailon, @sendemailoff, @current, @ddns, @match, @webinterface, @arpcache, @arpadd, @line, @@ -127,6 +128,10 @@ my @devs_alt = ('green','blue','orange','red'); my %ifacecolor = ( GREEN => 'wio_run_green', BLUE => 'wio_run_blue', ORANGE => 'wio_run_orange'); +#if ( $netsettings{'RED_TYPE'} eq 'STATIC' || $netsettings{'RED_TYPE'} eq 'DHCP' ) { +# %ifacecolor = ( %ifacecolor, RED => 'wio_run_red' ); +#} + &loadips(); ## some wio settings @@ -156,7 +161,6 @@ $wiosettings{'LOGGING'} = 'off'; $wiosettings{'MAILREMARK'} = 'off'; $wiosettings{'MAILSTYLE'} = 'email'; $wiosettings{'OVPNRWMAIL'} = 'off'; -$wiosettings{'SHUTDOWN'} = 'off'; $wiosettings{'WIOGUISHOWARPTABLE'} = ''; $wiosettings{'WIOGUISHOWCLIENTIMPORTTABLE'} = ''; $wiosettings{'WIOGUISHOWNETWORKSEARCHTABLE'} = ''; @@ -194,7 +198,6 @@ if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_save'}.'1' ) { $cgiparams{'MAILREMARK'} = $wiosettings{'MAILREMARK'}; $cgiparams{'MAILSTYLE'} = $wiosettings{'MAILSTYLE'}; $cgiparams{'OVPNRWMAIL'} = $wiosettings{'OVPNRWMAIL'}; - $cgiparams{'SHUTDOWN'} = $wiosettings{'SHUTDOWN'}; &General::writehash($wiosettings, \%cgiparams); &General::readhash($wiosettings, \%wiosettings); @@ -535,6 +538,7 @@ if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_back'} ) { if ( $wiosettings{'ACTION'} eq 'wio_run_green' || $wiosettings{'ACTION'} eq 'wio_run_blue' || + $wiosettings{'ACTION'} eq 'wio_run_red' || $wiosettings{'ACTION'} eq 'wio_run_orange') { $wioscan = 'on'; } if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_import'}.'1' || @@ -599,13 +603,14 @@ elsif ( $wioscan eq 'on' ) { if ( $_ eq 'GREEN' ) { $color = "$Header::colourgreen"; $net = $Lang::tr{'wio_msg_green'}; } elsif ( $_ eq 'BLUE' ) { $color = "$Header::colourblue"; $net = $Lang::tr{'wio_msg_blue'}; } + elsif ( $_ eq 'RED' ) { $color = "$Header::colourred"; $net = $Lang::tr{'wio_msg_red'}; } else { $color = "$Header::colourorange"; $net = $Lang::tr{'wio_msg_orange'}; } } } &Header::openbox('100%', 'left', $Lang::tr{'wio_info'}); print" - +
$Lang::tr{'wio_msg_left'} $net $Lang::tr{'wio_msg_center'} $dev $Lang::tr{'wio_msg_right'} $Lang::tr{'wio_msg_hint'}
$Lang::tr{'wio_msg_left'} $net $Lang::tr{'wio_msg_center'} $Lang::tr{'wio_msg_right'} $Lang::tr{'wio_msg_hint'}
 
"; @@ -884,9 +889,6 @@ $checked{'MAILREMARK'}{$wiosettings{'MAILREMARK'}} = "checked='checked'"; $checked{'OVPNRWMAIL'}{'off'} = $checked{'OVPNRWMAIL'}{'on'} = ''; $checked{'OVPNRWMAIL'}{$wiosettings{'OVPNRWMAIL'}} = "checked='checked'"; -$checked{'SHUTDOWN'}{'off'} = $checked{'SHUTDOWN'}{'on'} = ''; -$checked{'SHUTDOWN'}{$wiosettings{'SHUTDOWN'}} = "checked='checked'"; - $checked{'MAILSTYLE'}{'smail'} = $checked{'MAILSTYLE'}{'email'} = ''; $checked{'MAILSTYLE'}{$wiosettings{'MAILSTYLE'}} = "checked='checked'"; @@ -942,15 +944,14 @@ print"
- - - + + - - + + + - "; @@ -966,12 +967,6 @@ else { print" - - - - - - @@ -1133,16 +1128,16 @@ print" - + - + - + @@ -1155,22 +1150,25 @@ open(FILE, "< $dyndnsconfig"); @ddns = ; close (FILE); -$ddns = @ddns; -$bgcolor = "blue"; - foreach (@ddns) { chomp; - + @temp = split (/\,/, $_); - if ( $temp[7] eq "on" ) { $bgcolor = ( &General::DyndnsServiceSync (&General::GetDyndnsRedIP,$temp[1],$temp[2]) ? "$Header::colourgreen" : "$Header::colourred" ); } - + if ( $temp[7] eq "on" ) { + $bgcolor = ( &General::DyndnsServiceSync (&General::GetDyndnsRedIP,$temp[1],$temp[2]) ? "$Header::colourgreen" : "$Header::colourred" ); + } + else { + $bgcolor = "blue"; + } + print"$temp[1].$temp[2]"; - - if ( $iddyndns++ ne ($ddns-1) ) { print", "; } + if ( $iddyndns++ ne (@ddns-1) ) { print"
\n"; } } } -else { print" - "; } +else { + print"-"; +} print" @@ -1217,19 +1215,23 @@ print" foreach $key (sort SortByTunnelName (keys(%vpnconfighash))) { -my ( $vpncheck, $vpntime, $vpnclient ) = ''; - -if ( -e '/var/log/wio/.vpncache' ) { - $vpncheck = strftime("%d.%m.%Y - %H:%M:%S",localtime(((stat('/var/log/wio/.vpncache'))[9]))); -} +my ( $vpnclient, $vpnclientip, $vpnrwnet, $vpnn2nnet, $vpntime, $vpncheck ) = ''; $status = "bgcolor='${Header::colourred}'"; $statustxt = "$Lang::tr{'capsclosed'}"; $vpnclient = $vpnconfighash{$key}[1]; +my ($ip,$sub) = split(/\//,$vpnsettings{'RW_NET'}); +my @ip = split( /\./, $ip); +$vpnrwnet = join( '.', ( $ip[0], $ip[1], $ip[2], ) ); + if ($vpnconfighash{$key}[0] eq 'off') { $status = "bgcolor='${Header::colourblue}'"; $statustxt = "$Lang::tr{'capsclosed'}"; + $vpnn2nnet = '-'; + } + else { + $vpnn2nnet = $vpnconfighash{$key}[11]; } foreach (@vpnstatus) { @@ -1238,6 +1240,8 @@ $vpnclient = $vpnconfighash{$key}[1]; $statustxt = "$Lang::tr{'capsopen'}"; $vpntime = `/usr/local/bin/ipsecctrl I | grep $vpnclient.*ESTABLISHED | sed 's/^[ \t]*//' | cut -d " " -f 3-4`; $vpntime = &WIO::contime($vpntime, "ipsec"); + $vpnclientip = `/usr/local/bin/ipsecctrl I | grep $vpnclient.*$vpnrwnet | sed 's/^[ \t]*//' | cut -d " " -f 6 | cut -d "/" -f 1`; + $vpncheck = strftime("%d.%m.%Y - %H:%M:%S",localtime); last; } } @@ -1248,10 +1252,10 @@ $vpnclient = $vpnconfighash{$key}[1]; printf ("", $vpnnr); - print" + print" - + - + "; -if ($vpnconfighash{$key}[25] && $wiosettings{'CLIENTREMARK'} eq 'on') { - print""; +if ($wiosettings{'CLIENTREMARK'} eq 'on') { + print""; } - print""; - $idvpn++ + +print""; +$idvpn++ } print"
 $Lang::tr{'wio_settings_msg'}  $Lang::tr{'wio_settings_msg_hint'} 
 
$Lang::tr{'wio_settings_msg_hint'}   
 
$Lang::tr{'wio enabled'}
 
$Lang::tr{'wio_shutdown'} 
 
$Lang::tr{'wio cron'}  
$Lang::tr{'wio_id'} $Lang::tr{'wio ipadress'}$Lang::tr{'wio network'}$Lang::tr{'wio network'} $Lang::tr{'wio_lanname'} $Lang::tr{'wio_wanname'}$Lang::tr{'wio_dyndns_hosts'}$Lang::tr{'wio_dyndns_hosts'} $Lang::tr{'wio image'} $Lang::tr{'wio_connected'}
01$redip$redip $Lang::tr{ ".$mainsettings{'HOSTNAME'}.".".$mainsettings{'DOMAINNAME'}." ".( $redip ne '-' ? (gethostbyaddr(pack("C4", split (/\./, $redip)), 2))[0] : '-' )."%02d$vpncheck".($vpncheck ne '' ? "$vpncheck" : "-")." $vpnclient $Lang::tr{".($vpnconfighash{$key}[2] eq '%auth-dn' ? "$vpnconfighash{$key}[9]" : ($vpnconfighash{$key}[4] eq 'cert' ? "$vpnconfighash{$key}[2]" : ($vpnconfighash{$key}[8] ne '' ? "$vpnconfighash{$key}[10]" : " ")))."".($vpnconfighash{$key}[3] eq 'host' ? (defined($vpnclientip) ? "$vpnclientip" : "-") : $vpnconfighash{$key}[3] eq 'net' ? "$vpnn2nnet" : "-")." @@ -1259,15 +1263,16 @@ $vpnclient = $vpnconfighash{$key}[1];
".(defined($vpntime)? "$vpntime" : "-")."".($vpntime ne '' ? "$vpntime" : "-")."
 $vpnconfighash{$key}[25]
 ".($vpnconfighash{$key}[25] ne '' ? "$vpnconfighash{$key}[25]" : "-")."
"; @@ -1292,117 +1297,117 @@ print" $Lang::tr{'wio_id'} $Lang::tr{'wio checked'} - $Lang::tr{'wio ipadress'} + $Lang::tr{'name'} $Lang::tr{'type'} - $Lang::tr{'common name'} + $Lang::tr{'wio_common_name'} $Lang::tr{'wio image'} $Lang::tr{'wio_connected'} "; - foreach $key (keys %ovpnconfighash) { +foreach $key (keys %ovpnconfighash) { - my ( $ovpnclt, $ovpntime, $ovpnrwip, $ovpncheck ) = ''; + my ( $ovpncheck, $ovpntime, $ovpnclt, $ovpnrwip ) = ''; - if ( -e '/var/log/wio/.ovpncache' ) { - $ovpncheck = strftime("%d.%m.%Y - %H:%M:%S",localtime(((stat('/var/log/wio/.ovpncache'))[9]))); - } + print""; - print""; + my $ovpnnr = $idovpn+1; - my $ovpnnr = $idovpn+1; + printf (" %02d", $ovpnnr); - printf (" %02d", $ovpnnr); + if ($ovpnconfighash{$key}[3] eq 'net') { + $image = "$imgstatic/ovpnn2n.png"; + $text = "$Lang::tr{'wio_n2n'}"; + } + else { + $image = "$imgstatic/ovpnrw.png"; + $text = "$Lang::tr{'wio_rw'}"; + } + if ( $ovpnconfighash{$key}[0] eq 'off' ) { + $status = "${Header::colourblue}"; + $statustxt = "$Lang::tr{'capsclosed'}"; + $ovpncheck = "-"; + } + else { if ($ovpnconfighash{$key}[3] eq 'net') { - $image = "$imgstatic/ovpnn2n.png"; - $text = "$Lang::tr{'wio_n2n'}"; - } - else { - $image = "$imgstatic/ovpnrw.png"; - $text = "$Lang::tr{'wio_rw'}"; - } + if (-e "/var/run/$ovpnconfighash{$key}[1]n2n.pid") { + my ( @output, @tustate ) = ''; + my $tport = $ovpnconfighash{$key}[22]; + my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); + if ($tport ne '') { + $tnet->open('127.0.0.1'); + @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + @tustate = split(/\,/, $output[1]); + $ovpntime = &WIO::contime(scalar localtime($tustate[0]), "ovpn"); + $ovpncheck = strftime("%d.%m.%Y - %H:%M:%S", localtime); - if ( $ovpnconfighash{$key}[0] eq 'off' ) { - $status = "${Header::colourblue}"; - $statustxt = "$Lang::tr{'capsclosed'}"; - } - else { - if ($ovpnconfighash{$key}[3] eq 'net') { - if (-e "/var/run/$ovpnconfighash{$key}[1]n2n.pid") { - my @output = ""; - my @tustate = ""; - my $tport = $ovpnconfighash{$key}[22]; - my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); - if ($tport ne '') { - $tnet->open('127.0.0.1'); - @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); - @tustate = split(/\,/, $output[1]); - $ovpntime = &WIO::contime(scalar localtime($tustate[0]), "ovpn"); - - if (($tustate[1] eq 'CONNECTED')) { - $status = "${Header::colourgreen}"; - $statustxt = "$Lang::tr{'capsopen'}"; - }else { - $status = "${Header::colourred}"; - $statustxt = "$tustate[1]"; - } - } - } - } - else { - foreach (@ovpnstatus) { - if ( $_ =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ ) { - @match = split (m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $_); - $match[1] =~ s/[_]/ /g; - } - - if ( $match[1] ne "Common Name" && ($match[1] eq $ovpnconfighash{$key}[2]) ) { - $ovpnclt = $match[1]; - $ovpntime = &WIO::contime($match[5], "ovpn"); - } - - if ( $_ =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ ) { - @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $_); - } - - if ( $match[1] ne "Virtual Address" && $match[2] eq $ovpnclt ) { - $ovpnrwip = $match[1]; - $ovpncheck = &WIO::statustime($match[4]); - } - - if ( $ovpnclt eq $ovpnconfighash{$key}[2] ) { + if (($tustate[1] eq 'CONNECTED')) { $status = "${Header::colourgreen}"; $statustxt = "$Lang::tr{'capsopen'}"; + $ovpnrwip = $ovpnconfighash{$key}[11]; } else { $status = "${Header::colourred}"; - $statustxt = "$Lang::tr{'capsclosed'}"; + $statustxt = "$tustate[1]"; } } } -} + } + else { + foreach (@ovpnstatus) { + if ( $_ =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ ) { + @match = split (m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $_); + $match[1] =~ s/[_]/ /g; + } - print" - ".(defined($ovpncheck)? "$ovpncheck" : "-")." - ".(defined($ovpnrwip)? "$ovpnrwip" : "-")." + if ( $match[1] ne "Common Name" && ($match[1] eq $ovpnconfighash{$key}[2]) ) { + $ovpnclt = $match[1]; + $ovpntime = &WIO::contime($match[5], "ovpn"); + } + + if ( $_ =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ ) { + @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $_); + } + + if ( $match[1] ne "Virtual Address" && $match[2] eq $ovpnclt ) { + $ovpnrwip = $match[1]; + $ovpncheck = &WIO::statustime($match[4]); + } + + if ( $ovpnclt eq $ovpnconfighash{$key}[2] ) { + $status = "${Header::colourgreen}"; + $statustxt = "$Lang::tr{'capsopen'}"; + } + else { + $status = "${Header::colourred}"; + $statustxt = "$Lang::tr{'capsclosed'}"; + } + } + } + } + +print" + ".(defined($ovpncheck) ? "$ovpncheck" : "-")." + ".($ovpnconfighash{$key}[2] eq '%auth-dn' ? "$ovpnconfighash{$key}[9]" : ($ovpnconfighash{$key}[4] eq 'cert' ? "$ovpnconfighash{$key}[1]": "-"))." $text - ".($ovpnconfighash{$key}[2] eq '%auth-dn' ? "$ovpnconfighash{$key}[9]" : ($ovpnconfighash{$key}[4] eq 'cert' ? "$ovpnconfighash{$key}[2]": " "))." + ".($ovpnrwip ne '' ? "$ovpnrwip" : "-")."
$statustxt
- ".(defined($ovpntime)? "$ovpntime" : "-")." + ".(defined($ovpntime) ? "$ovpntime" : "-")." "; - if ($ovpnconfighash{$key}[25] && $wiosettings{'CLIENTREMARK'} eq 'on') { - print" $ovpnconfighash{$key}[25]"; - } - print""; - $idovpn++ - } - print""; - &hrline(); +if ($wiosettings{'CLIENTREMARK'} eq 'on') { + print" ".($ovpnconfighash{$key}[25] ne '' ? "$ovpnconfighash{$key}[25]" : "-").""; +} + +print""; +$idovpn++ +} + +print""; +&hrline(); } -#} ## client status @@ -1424,9 +1429,9 @@ print" $Lang::tr{'wio_webinterface'} $Lang::tr{'wio ipadress'} $Lang::tr{'wio network'} - $Lang::tr{'wio name'} - $Lang::tr{'wio image'} - + $Lang::tr{'wio name'} + $Lang::tr{'wio image'} +
$Lang::tr{'wio_dyndns'} $Lang::tr{'action'}
@@ -1525,8 +1530,14 @@ my $dotip = length($ipaddresses[$a]) - rindex($ipaddresses[$a],'.'); next if ( $netsettings{"$ic"."_DEV"} eq 'red0' && $netsettings{"RED_TYPE"} eq 'PPPOE'); if ( $netsettings{"$ic"."_DEV"} eq $interface ) { if ( &General::IpInSubnet($ipaddresses[$a], $netsettings{"$ic"."_NETADDRESS"}, $netsettings{"$ic"."_NETMASK"}) ) { - print"$Lang::tr{$devs_alt[$in]}"; - last SWITCH; + if ( $netsettings{"$ic"."_DEV"} eq 'red0' ) { + print"$Lang::tr{"; + } + else { + print"$Lang::tr{$devs_alt[$in]}"; + + } + last SWITCH; } } $in++; @@ -1545,7 +1556,7 @@ my $dotip = length($ipaddresses[$a]) - rindex($ipaddresses[$a],'.'); $vpnn2nmask = length($net[1]) - rindex($net[1],'.'); if (substr($ipaddresses[$a],0,length($ipaddresses[$a])-$dotip) eq substr($vpnn2nip,0,length($vpnn2nip)-$vpnn2nmask)) { - print"IPSec"; + print"IPsec"; last SWITCH; } } @@ -1584,7 +1595,7 @@ my $dotip = length($ipaddresses[$a]) - rindex($ipaddresses[$a],'.'); my $red_netaddress = Network::get_netaddress("$rednet[0]/$red_netmask"); if ( &General::IpInSubnet($ipaddresses[$a], $red_netaddress, $red_netmask) ) { - print"$Lang::tr{"; + print"$Lang::tr{"; last SWITCH; } } @@ -1671,8 +1682,8 @@ print" "; -if ($remark[$a] && $wiosettings{'CLIENTREMARK'} eq 'on') { - print" $remark[$a]"; +if ($wiosettings{'CLIENTREMARK'} eq 'on') { + print" ".($remark[$a] ne '' ? "$remark[$a]" : "-").""; } print""; } @@ -1898,7 +1909,7 @@ SWITCH: { my $red_netaddress = Network::get_netaddress("$rednet[0]/$red_netmask"); if ( &General::IpInSubnet($line[1], $red_netaddress, $red_netmask) ) { - print"$Lang::tr{"; + print"$Lang::tr{"; last SWITCH; } else { @@ -1949,32 +1960,32 @@ print"  
- $Lang::tr{'wio_import_csv'}  + $Lang::tr{'wio_import_csv'}  - +
 
- $Lang::tr{'wio_import_hosts'}  + $Lang::tr{'wio_import_hosts'}    - +
 
- $Lang::tr{'wio_import_fixleases'}  + $Lang::tr{'wio_import_fixleases'}    - +
"; } -&hrline; +&hrline(); print" @@ -1997,6 +2008,7 @@ print" foreach (keys(%ifacecolor)) { if ( $_ eq 'GREEN' ) { $color = "$Header::colourgreen"; $net = $Lang::tr{'wio_net_scan_green'}; } elsif ( $_ eq 'BLUE' ) { $color = "$Header::colourblue"; $net = $Lang::tr{'wio_net_scan_blue'}; } + elsif ( $_ eq 'RED' ) { $color = "$Header::colourred"; $net = $Lang::tr{'wio_net_scan_red'}; } else { $color = "$Header::colourorange"; $net = $Lang::tr{'wio_net_scan_orange'}; } if ( $netsettings{"${_}_DEV"} eq 'disabled' || $netsettings{"${_}_DEV"} eq '' || $netsettings{"${_}_ADDRESS"} eq '' ) { next; } @@ -2004,9 +2016,9 @@ foreach (keys(%ifacecolor)) { print < - + - + @@ -2149,14 +2161,6 @@ print"
$Lang::tr{'wio_net_scan_vl'} $net $Lang::tr{'wio_net_scan_l'} $netsettings{"${_}_DEV"} $Lang::tr{'wio_net_scan_r'}
$Lang::tr{'wio_net_scan_l'} $net $Lang::tr{'wio_net_scan_r'} -
 
############################################################################################################################ -sub back { - -print"
$Lang::tr{ 
"; - -} - -############################################################################################################################ - sub loadips { &General::readhasharray($ipadrfile, \%ipshash); From 9c5dbb24e044a31b54689ad26552301153c67891 Mon Sep 17 00:00:00 2001 From: Stephan Feddersen Date: Sun, 28 Jun 2020 12:44:18 +0200 Subject: [PATCH 62/67] WIO - shutdown function removed, adjustments to IPsec status display Signed-off-by: Arne Fitzenreiter --- src/wio/main/wio.pl | 56 ++++++++++++--------------------------------- 1 file changed, 15 insertions(+), 41 deletions(-) diff --git a/src/wio/main/wio.pl b/src/wio/main/wio.pl index 8e2fb8879..91c6c1494 100644 --- a/src/wio/main/wio.pl +++ b/src/wio/main/wio.pl @@ -3,7 +3,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2017-2018 Stephan Feddersen # +# Copyright (C) 2017-2020 Stephan Feddersen # # All Rights Reserved. # # # # This program is free software: you can redistribute it and/or modify # @@ -21,14 +21,14 @@ # # ############################################################################### # -# Version: 2019/06/04 21:12:23 +# Version: 2020/06/01 13:29:23 # -# This wio.pl is based on the Code from the IPCop WIO Addon +# This wio.pl is based on the code from the IPCop WIO Addon # and is extremly adapted to work with IPFire. # # Autor: Stephan Feddersen # Co-Autor: Alexander Marx -# Co-Autor: Frank Mainz +# Co-Autor: Frank Mainz (for some code for the IPCop WIO Addon) # # enable only the following on debugging purpose @@ -46,10 +46,9 @@ require '/var/ipfire/lang.pl'; require '/usr/lib/wio/wio-lib.pl'; my ( $debug, $i, $t, $ib, $tb, $ivpn, $tvpn ) = ''; -my $logdir = "/var/log/wio"; my $owner = getpwnam "nobody"; my $group = getgrnam "nobody"; -my $ipadrfile = "$logdir/wioips"; +my $ipadrfile = "/var/log/wio/wioips"; unless ( -e $ipadrfile ) { print ( "The file $ipadrfile doesn't exist!\n" ); exit; } @@ -70,9 +69,8 @@ my $logging = $wiosettings{'LOGGING'}; my $mailstyle = $wiosettings{'MAILSTYLE'}; my $mailremark = $wiosettings{'MAILREMARK'}; my $timeout = $wiosettings{'TIMEOUT'}; -my $shutdown = $wiosettings{'SHUTDOWN'}; my $rrddir = "/var/log/rrd/wio"; -my $onoffip = "$logdir/wioscip"; +my $onoffip = "/var/log/wio/wioscip"; my $hostname = "$mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}"; my $redactive = "/var/ipfire/red/active"; my $rediface = "/var/ipfire/red/iface"; @@ -91,7 +89,6 @@ my $i_ping = 'icmp'; my $t_ping = 'tcp'; my $nr = 1; -my $poweroff = 0; my ( $togglestat, $arp, $time, $start, $timestamp ) = 0; my ( $id, $ipadr, $ipadrnew, $host, $hostnew, $enable, $remark, $dyndns, $dyndnsip ) = ''; @@ -101,6 +98,10 @@ my ( $ping_i, $ping_t, $ping_ib, $ping_tb, $ping_iv, $ping_tv, $pingmode ) = ''; my ( @tmp, @arptmp, @myarray, @status, @arpclients ) = ''; my @ifaces = ('GREEN','BLUE','ORANGE'); +if ( $netsettings{'RED_TYPE'} eq 'STATIC' || $netsettings{'RED_TYPE'} eq 'DHCP' ) { + push (@ifaces, "RED"); +} + if ( $mailsettings{'USEMAIL'} eq 'on' ) { $mailen = 'on'; } else { $mailen = 'off'; } @@ -279,7 +280,7 @@ foreach (@myarray) { } } -# write adressfile new +# write ipadressfile new if ( !-e $onoffip ) { open( FILE, "> $ipadrfile" ); @@ -298,33 +299,6 @@ if ($debug) { if ( $smailtxt ne '' ) { &WIO::mailsender($Lang::tr{'wio_sub'}, $smailtxt); } -if ($shutdown eq 'on' && ! -e $onoffip) { - foreach (@status) { - chomp; - @tmp = split( /\,/, $_ ); - - ($id,$timestamp,$ipadr,$host,$enable,$remark,$dyndns,$mailon,$mailoff,$ping,$on,$httphost) = @tmp; - - if ( $on eq 'on' ) { - $poweroff = 0; - last; - } - else { - $poweroff = 1; - next; - } - } - - if ($poweroff == 1) { - if ($debug) { - printf "$Lang::tr{'shutting down ipfire'}!\n\n"; - } - - &General::log("wio","$Lang::tr{'shutting down ipfire'}!"); - system '/usr/local/bin/ipfirereboot down'; - } -} - undef (@tmp); undef (@myarray); undef (@status); @@ -355,7 +329,6 @@ sub updatewiodata { } sub startdebug { - printf " HOSTNAME : $hostname TIMEOUT : $timeout $Lang::tr{'age ssecond'} @@ -363,10 +336,11 @@ MAILSTYLE : $mailstyle RED TYPE : $netsettings{'RED_TYPE'} RED DEVICE : $reddev RED ADDRESS : $redip -SHUTDOWN : $shutdown "; - if ($ovpnpid) {printf "OVPN PID : $ovpnpid"} - if ($vpnpid) {printf "VPN PID : $vpnpid"} + +if ($ovpnpid) {printf "OpenVPN PID : $ovpnpid"} +if ($vpnpid) {printf "IPsec PID : $vpnpid"} + printf " $Lang::tr{'wio_search'} From b3f7628a9f4e6e72be3c0395150120a1814bbb7f Mon Sep 17 00:00:00 2001 From: Stephan Feddersen Date: Sun, 28 Jun 2020 12:45:41 +0200 Subject: [PATCH 63/67] WIO - hutdown function removed, adjustments to IPsec status display Signed-off-by: Arne Fitzenreiter --- src/wio/wiographs.cgi | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/wio/wiographs.cgi b/src/wio/wiographs.cgi index 29435f6b1..8d64325aa 100644 --- a/src/wio/wiographs.cgi +++ b/src/wio/wiographs.cgi @@ -21,9 +21,9 @@ # # ############################################################################### # -# Version: 2020/26/04 19:35:23 +# Version: 2020/05/26 11:01:23 # -# This wiographs.cgi is based on the Code from the IPCop WIO Addon +# This wiographs.cgi is based on the code from the IPCop WIO Addon # and is extremly adapted to work with IPFire. # # Autor: Stephan Feddersen @@ -56,7 +56,7 @@ $querry[2] = '' unless defined $querry[2]; # hostname if ($querry[0] =~ "$hostid") { print "Content-type: image/png\n\n"; binmode(STDOUT); - &WIOGraphs::wio($querry[0], $querry[2], $querry[1]); + &WIOGraphs::wiograph($querry[0], $querry[2], $querry[1]); } else { &Header::showhttpheaders(); From cf07214a9c18701bd82e1c8b602bd74e8e52fcf2 Mon Sep 17 00:00:00 2001 From: Stephan Feddersen Date: Sun, 28 Jun 2020 12:47:01 +0200 Subject: [PATCH 64/67] WIO - shutdown function removed, adjustments to IPsec status display Signed-off-by: Arne Fitzenreiter --- src/wio/wio-graphs.pl | 97 ++++++++++++++----------------------------- 1 file changed, 32 insertions(+), 65 deletions(-) diff --git a/src/wio/wio-graphs.pl b/src/wio/wio-graphs.pl index af5c52062..0cfac20d6 100644 --- a/src/wio/wio-graphs.pl +++ b/src/wio/wio-graphs.pl @@ -3,7 +3,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2017-2018 Stephan Feddersen # +# Copyright (C) 2017-2020 Stephan Feddersen # # All Rights Reserved. # # # # This program is free software: you can redistribute it and/or modify # @@ -21,9 +21,9 @@ # # ############################################################################### # -# Version: 2017/07/11 21:32:23 +# Version: 2020/05/26 10:34:23 # -# This wio-graphs.pl is based on the Code from the IPCop WIO Addon +# This wio-graphs.pl is based on the code from the IPCop WIO Addon # and is extremly adapted to work with IPFire. # # Autor: Stephan Feddersen @@ -45,18 +45,35 @@ require '/var/ipfire/lang.pl'; my ( %mainsettings, %color ) = (); &General::readhash('/var/ipfire/main/settings', \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); +&General::readhash('/srv/web/ipfire/html/themes/'.$mainsettings{'THEME'}.'/include/colors.txt', \%color); -sub wio { - my $hostid = $_[0]; - my $hostname = $_[1]; - my $period = $_[2]; +sub wiograph { + my $hostid = $_[0]; + my $host = $_[1]; + my $period = $_[2]; + + my $title = "$host ($Lang::tr{$period})\n"; my @rrd = (); push @rrd, ("-"); - push @rrd, @{&header($period, "$hostname ($Lang::tr{$period})")}; - push @rrd, @{&body($hostid)}; + push @rrd, ("--title", "$title"); + push @rrd, ("--start", "-1$period", "-aPNG", "-i", "-z"); + push @rrd, ("--border", "0"); + push @rrd, ("--full-size-mode"); + push @rrd, ("--slope-mode"); + push @rrd, ("--pango-markup"); + push @rrd, ("--alt-y-grid", "-w 910", "-h 300"); + if ( $period eq 'day' ) { push @rrd, ("--x-grid", "MINUTE:30:HOUR:1:HOUR:2:0:%H:%M"); } + push @rrd, ("--color", "SHADEA".$color{"color19"}); + push @rrd, ("--color", "SHADEB".$color{"color19"}); + push @rrd, ("--color", "BACK".$color{"color21"}); + push @rrd, "DEF:mode=/var/log/rrd/wio/$hostid.rrd:mode:AVERAGE"; + push @rrd, "CDEF:online=mode,UN,0,mode,IF,50,GT,100,0,IF"; + push @rrd, "CDEF:offline=mode,UN,100,mode,IF,50,LT,100,0,IF"; + push @rrd, "AREA:online".$color{"color12"}.":$Lang::tr{'wio up'}\\j"; + push @rrd, "AREA:offline".$color{"color13"}.":$Lang::tr{'wio down'}\\j"; + push @rrd, "-W www.ipfire.org"; RRDs::graph (@rrd); @@ -64,64 +81,14 @@ sub wio { print "Error in RRD::graph for Who Is Online: $error\n" if $error; } -sub body { - my $hostid = shift; - my $result = []; - - push @$result, "DEF:mode=/var/log/rrd/wio/$hostid.rrd:mode:AVERAGE"; - push @$result, "CDEF:online=mode,UN,0,mode,IF,50,GT,100,0,IF"; - push @$result, "CDEF:offline=mode,UN,100,mode,IF,50,LT,100,0,IF"; - push @$result, "AREA:online".$color{"color12"}.":$Lang::tr{'wio up'}\\j"; - push @$result, "AREA:offline".$color{"color13"}.":$Lang::tr{'wio down'}\\j"; - push @$result, "COMMENT:\r$Lang::tr{'wio_last_update'}\\: ". lastupdate(scalar localtime()) ."\\r"; - - return $result; -} - -sub lastupdate { - my $text = shift; - - return undef if not defined $text; - $text =~ s/\\/\\\\/g; - $text =~ s/:/\\:/g; - - return $text; -} - -sub header { - my $period = shift; - my $title = shift; - my $result = []; - - push @$result, ("--title", "$title"); - push @$result, ("--start", "-1$period", "-aPNG", "-i", "-z"); - push @$result, ("--border", "0"); - push @$result, ("--full-size-mode"); - push @$result, ("--slope-mode"); - push @$result, ("--pango-markup"); - push @$result, ("--alt-y-grid", "-w 910", "-h 300"); - if ( $period eq 'day' ) { push @$result, ("--x-grid", "MINUTE:30:HOUR:1:HOUR:2:0:%H:%M"); } - push @$result, ("--color", "SHADEA".$color{"color19"}); - push @$result, ("--color", "SHADEB".$color{"color19"}); - push @$result, ("--color", "BACK".$color{"color21"}); - - return $result; -} - sub wiographbox { - print "
"; - print ""; - print ""; - print ""; + print "
".$Lang::tr{'hour'}."
"; + print ""; print ""; print ""; print ""; - print ""; - print ""; + print ""; + print ""; + print ""; print "
".$Lang::tr{'hour'}."".$Lang::tr{'day'}."".$Lang::tr{'week'}."".$Lang::tr{'month'}."".$Lang::tr{'year'}."
".$Lang::tr{'year'}."
 
"; - print ""; - print ""; - print ""; - print "
 
"; - print "
"; } From 9755fdf9d21d70767e208a7499fc798c5899dbbe Mon Sep 17 00:00:00 2001 From: Stephan Feddersen Date: Sun, 28 Jun 2020 12:47:54 +0200 Subject: [PATCH 65/67] WIO - shutdown function removed, adjustments to IPsec status display Signed-off-by: Arne Fitzenreiter --- src/wio/wio-lib.pl | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/src/wio/wio-lib.pl b/src/wio/wio-lib.pl index 1ff7cfacc..eb7b33e7d 100644 --- a/src/wio/wio-lib.pl +++ b/src/wio/wio-lib.pl @@ -21,14 +21,14 @@ # # ############################################################################### # -# Version: 2020/26/04 19:35:23 +# Version: 2020/05/25 19:39:23 # -# This wio-lib.pl is based on the Code from the IPCop WIO Addon +# This wio-lib.pl is based on the code from the IPCop WIO Addon # and is extremly adapted to work with IPFire. # # Autor: Stephan Feddersen # Co-Autor: Alexander Marx -# Co-Autor: Frank Mainz +# Co-Autor: Frank Mainz (for some code for the IPCop WIO Addon) # package WIO; @@ -45,10 +45,9 @@ require '/var/ipfire/general-functions.pl'; require '/var/ipfire/header.pl'; require '/var/ipfire/lang.pl'; -my $mailfile = "${General::swroot}/dma/mail.conf"; -my %mail = (); +my %mailsettings = (); -&General::readhash($mailfile, \%mail); +&General::readhash('/var/ipfire/dma/mail.conf', \%mailsettings); ############################################################################################################################ @@ -91,6 +90,14 @@ sub contime { if ( $temp[1] eq 'minutes' ) { $totalsecs = $temp[0] * 60; } + + if ( $temp[1] eq 'hours' ) { + $totalsecs = $temp[0] * 3600; + } + + if ( $temp[1] eq 'days' ) { + $totalsecs = $temp[0] * 86400; + } } if ( $vpn eq 'ovpn' ) { @@ -147,8 +154,8 @@ sub mailsender { my $msg = ''; $msg = MIME::Lite->new( - From => $mail{'SENDER'}, - To => $mail{'RECIPIENT'}, + From => $mailsettings{'SENDER'}, + To => $mailsettings{'RECIPIENT'}, Subject => $_[0], Type => 'multipart/mixed' ); From cc864e3d122974f55a88347dbb58f2a469287ec3 Mon Sep 17 00:00:00 2001 From: Stephan Feddersen Date: Sun, 28 Jun 2020 12:48:59 +0200 Subject: [PATCH 66/67] WIO - shutdown function removed, adjustments to IPsec status display Signed-off-by: Arne Fitzenreiter --- src/wio/main/wiovpn.pl | 50 +++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 28 deletions(-) diff --git a/src/wio/main/wiovpn.pl b/src/wio/main/wiovpn.pl index c4c6b5739..22116cd62 100644 --- a/src/wio/main/wiovpn.pl +++ b/src/wio/main/wiovpn.pl @@ -3,7 +3,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2017-2018 Stephan Feddersen # +# Copyright (C) 2017-2020 Stephan Feddersen # # All Rights Reserved. # # # # This program is free software: you can redistribute it and/or modify # @@ -21,14 +21,14 @@ # # ############################################################################### # -# Version: 2018/01/05 12:32:23 +# Version: 2020/05/04 12:02:23 # -# This wioovpn.pl is based on the Code from the IPCop WIO Addon +# This wioovpn.pl is based on the code from the IPCop WIO Addon # and is extremly adapted to work with IPFire. # # Autor: Stephan Feddersen # Co-Autor: Alexander Marx -# Co-Autor: Frank Mainz +# Co-Autor: Frank Mainz (for some code for the IPCop WIO Addon) # # enable only the following on debugging purpose @@ -37,8 +37,6 @@ use strict; use POSIX qw(strftime); -my $logdir = "/var/log/wio"; - require '/var/ipfire/general-functions.pl'; require '/var/ipfire/lang.pl'; require '/usr/lib/wio/wio-lib.pl'; @@ -55,7 +53,7 @@ my ( @ovpnstatus, @ovpncfg, @ovpncache, @ovpnarray, @ovpnmatch, @ovpnwrite ); my $now = strftime "%a, %d.%m.%Y %H:%M:%S", localtime; my $ovpnpid = "/var/run/openvpn.pid"; my $ovpnmailmsg = ''; -my $ovpncache = "$logdir/.ovpncache"; +my $ovpncache = "/var/log/wio/.ovpncache"; my $ovpnconfig = "/var/ipfire/ovpn/ovpnconfig"; my ( $name, $nameul, $ovpnclt, $ovpncltip, $realipadr, $connected ) = ''; @@ -65,10 +63,10 @@ my ( @vpnstatus, @vpncfg, @vpncache, @vpnarray, @vpnwrite ); my $vpnpid = "/var/run/charon.pid"; my $vpnmailmsg = ''; -my $vpncache = "$logdir/.vpncache"; +my $vpncache = "/var/log/wio/.vpncache"; my $vpnconfig = "/var/ipfire/vpn/config"; -my ( $activ, $vpnmailsub, $vpnrwstatus, $status,) = ''; +my ( $vpnmailsub, $vpnrwstatus ) = ''; my $togglestat = 0; @@ -100,9 +98,7 @@ foreach (@ovpncfg) { ( $name, $remark ) = (split (/\,/, $_))[3, 26]; - $status = 'off'; - - unless ( grep (/$name/, @ovpncache) ) { push (@ovpncache, "$name,$remark,$status\n"); } + unless ( grep (/$name/, @ovpncache) ) { push (@ovpncache, "$name,$remark,off\n"); } } foreach (@ovpncache) { @@ -110,7 +106,7 @@ foreach (@ovpncache) { ( $name, $remark, $status ) = split (/\,/, $_); - if ( grep (/,$name,/, @ovpncfg) ) { push (@ovpnarray, "$name,$remark,$status\n"); } + if ( grep (/$name/, @ovpncfg) ) { push (@ovpnarray, "$name,$remark,$status\n"); } } foreach (@ovpnarray) { @@ -118,6 +114,9 @@ foreach (@ovpnarray) { ( $name, $remark, $status ) = split (/\,/, $_); + $remark = `/bin/cat $ovpnconfig | grep '$name' | cut -d "," -f 27`; + chomp ($remark); + if ( $name =~ m/_/ ) { $nameul = $name; } else { ($nameul = $name) =~ s/ /_/g; } @@ -196,15 +195,13 @@ if ( ! -e "$vpnpid" ) { } else { -if ( -e "$vpnpid" ) { - @vpnstatus = `/usr/local/bin/ipsecctrl I`; -} +@vpnstatus = `/usr/local/bin/ipsecctrl I`; open(FILE, "$vpnconfig"); @vpncfg = ; close (FILE); -if ( ! -e "$vpncache" ) { +unless ( -e "$vpncache" ) { open(FILE, ">$vpncache"); close (FILE); } @@ -217,15 +214,9 @@ else { foreach (@vpncfg) { chomp; - ( $activ, $name, $remark ) = (split (/\,/, $_))[1, 2, 26]; + ( $name, $remark ) = (split (/\,/, $_))[2, 26]; - if ( $remark eq 'off' ) { $remark = '-'; } - - $status = 'off'; - - if ( $activ eq "off" ) { next; } - - unless ( grep (/$name/, @vpncache) ) { push (@vpncache, "$name,$remark,$status\n"); } + unless ( grep (/$name/, @vpncache) ) { push (@vpncache, "$name,$remark,off\n"); } } foreach (@vpncache) { @@ -233,7 +224,7 @@ foreach (@vpncache) { ( $name, $remark, $status ) = split (/\,/, $_); - if ( grep (/,$name,/, @vpncfg) ) { push (@vpnarray, "$name,$remark,$status\n"); } + if ( grep (/$name/, @vpncfg) ) { push (@vpnarray, "$name,$remark,$status\n"); } } foreach (@vpnarray) { @@ -241,6 +232,9 @@ foreach (@vpnarray) { ( $name, $remark, $status ) = split (/\,/, $_); + $remark = `/bin/cat $vpnconfig | grep '$name' | cut -d "," -f 27`; + chomp ($remark); + if ( grep (/$name\{.*INSTALLED/ , @vpnstatus) ) { $vpnrwstatus = "$Lang::tr{'wio up'}"; $togglestat = ( $status ne 'on' ) ? 1 : 0; @@ -255,8 +249,8 @@ foreach (@vpnarray) { push (@vpnwrite, "$name,$remark,$status\n"); if ( $togglestat == 1 ) { - $vpnmailsub = "WIO VPN - $name - $vpnrwstatus - $now"; - $logmsg = "Client: WIO VPN $name - Status: $vpnrwstatus $now"; + $vpnmailsub = "WIO IPsec - $name - $vpnrwstatus - $now"; + $logmsg = "Client: WIO IPSec $name - Status: $vpnrwstatus $now"; $vpnmailmsg = "Client : $name\n"; if ( $status eq 'on' ) { From 96253783d49c51e953e8d10fb24b2486226ed75e Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 2 Jul 2020 11:22:17 +0000 Subject: [PATCH 67/67] update credits.cgi and langs doku Signed-off-by: Arne Fitzenreiter --- doc/language_issues.de | 1 + doc/language_issues.en | 1 + doc/language_issues.es | 6 ++++-- doc/language_issues.fr | 2 ++ doc/language_issues.it | 2 ++ doc/language_issues.nl | 2 ++ doc/language_issues.pl | 6 ++++-- doc/language_issues.ru | 4 +++- doc/language_issues.tr | 2 ++ doc/language_missings | 7 +++++++ html/cgi-bin/credits.cgi | 3 ++- 11 files changed, 30 insertions(+), 6 deletions(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index f2d628d51..1771de2fb 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -72,6 +72,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username +WARNING: translation string unused: advproxy content based throttling WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc diff --git a/doc/language_issues.en b/doc/language_issues.en index 76c4237d4..f651e76aa 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1665,6 +1665,7 @@ WARNING: untranslated string: speaker on = Speaker on: WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 +WARNING: untranslated string: srbds = Special register buffer data sampling WARNING: untranslated string: src port = Src Port WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh access = SSH Access diff --git a/doc/language_issues.es b/doc/language_issues.es index 4d74fe91b..885b44f62 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -48,6 +48,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username +WARNING: translation string unused: advproxy content based throttling WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -897,7 +898,7 @@ WARNING: untranslated string: fireinfo please enable = Please enable the fireinf WARNING: untranslated string: fireinfo settings = Fireinfo settings WARNING: untranslated string: fireinfo system version = System versions WARNING: untranslated string: fireinfo why descr1 = It is very important for the development of IPFire that you enable this -WARNING: untranslated string: fireinfo why descr2 = service. +WARNING: untranslated string: fireinfo why descr2 = service. WARNING: untranslated string: fireinfo why enable = Why should I enable fireinfo? WARNING: untranslated string: fireinfo why read more = Read more about the reasons. WARNING: untranslated string: fireinfo your profile id = Your profile ID @@ -955,7 +956,7 @@ WARNING: untranslated string: fwdfw err tgt_port = Invalid destination port. WARNING: untranslated string: fwdfw err time = You have to select at least one day. WARNING: untranslated string: fwdfw external port nat = External port (NAT) WARNING: untranslated string: fwdfw hint ip1 = The last generated rule may never match, because source and destination subnets may overlap. -WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: +WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: WARNING: untranslated string: fwdfw hint mac = The destination group contains MAC addresses, which will be skipped during rule creation. WARNING: untranslated string: fwdfw iface = Interface WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections per IP address @@ -1279,6 +1280,7 @@ WARNING: untranslated string: source ip country = Source IP Country WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 +WARNING: untranslated string: srbds = Special register buffer data sampling WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding diff --git a/doc/language_issues.fr b/doc/language_issues.fr index c5953d5ba..0b0508433 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -76,6 +76,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username +WARNING: translation string unused: advproxy content based throttling WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -839,3 +840,4 @@ WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string +WARNING: untranslated string: srbds = Special register buffer data sampling diff --git a/doc/language_issues.it b/doc/language_issues.it index 059c73a59..fa7a842dc 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -50,6 +50,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username +WARNING: translation string unused: advproxy content based throttling WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -1045,6 +1046,7 @@ WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading ( WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 +WARNING: untranslated string: srbds = Special register buffer data sampling WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 8a79baa83..dec6d6a79 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -49,6 +49,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username +WARNING: translation string unused: advproxy content based throttling WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -1082,6 +1083,7 @@ WARNING: untranslated string: source ip country = Source IP Country WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 +WARNING: untranslated string: srbds = Special register buffer data sampling WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 4d74fe91b..885b44f62 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -48,6 +48,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username +WARNING: translation string unused: advproxy content based throttling WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -897,7 +898,7 @@ WARNING: untranslated string: fireinfo please enable = Please enable the fireinf WARNING: untranslated string: fireinfo settings = Fireinfo settings WARNING: untranslated string: fireinfo system version = System versions WARNING: untranslated string: fireinfo why descr1 = It is very important for the development of IPFire that you enable this -WARNING: untranslated string: fireinfo why descr2 = service. +WARNING: untranslated string: fireinfo why descr2 = service. WARNING: untranslated string: fireinfo why enable = Why should I enable fireinfo? WARNING: untranslated string: fireinfo why read more = Read more about the reasons. WARNING: untranslated string: fireinfo your profile id = Your profile ID @@ -955,7 +956,7 @@ WARNING: untranslated string: fwdfw err tgt_port = Invalid destination port. WARNING: untranslated string: fwdfw err time = You have to select at least one day. WARNING: untranslated string: fwdfw external port nat = External port (NAT) WARNING: untranslated string: fwdfw hint ip1 = The last generated rule may never match, because source and destination subnets may overlap. -WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: +WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: WARNING: untranslated string: fwdfw hint mac = The destination group contains MAC addresses, which will be skipped during rule creation. WARNING: untranslated string: fwdfw iface = Interface WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections per IP address @@ -1279,6 +1280,7 @@ WARNING: untranslated string: source ip country = Source IP Country WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 +WARNING: untranslated string: srbds = Special register buffer data sampling WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding diff --git a/doc/language_issues.ru b/doc/language_issues.ru index d435f0437..d5433b37e 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -49,6 +49,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username +WARNING: translation string unused: advproxy content based throttling WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -949,7 +950,7 @@ WARNING: untranslated string: fwdfw err tgt_port = Invalid destination port. WARNING: untranslated string: fwdfw err time = You have to select at least one day. WARNING: untranslated string: fwdfw external port nat = External port (NAT) WARNING: untranslated string: fwdfw hint ip1 = The last generated rule may never match, because source and destination subnets may overlap. -WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: +WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense: WARNING: untranslated string: fwdfw hint mac = The destination group contains MAC addresses, which will be skipped during rule creation. WARNING: untranslated string: fwdfw iface = Interface WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections per IP address @@ -1275,6 +1276,7 @@ WARNING: untranslated string: source ip country = Source IP Country WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 +WARNING: untranslated string: srbds = Special register buffer data sampling WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding diff --git a/doc/language_issues.tr b/doc/language_issues.tr index d4cbbac2d..68fbb2972 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -72,6 +72,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password WARNING: translation string unused: advproxy chgwebpwd new password confirm WARNING: translation string unused: advproxy chgwebpwd old password WARNING: translation string unused: advproxy chgwebpwd username +WARNING: translation string unused: advproxy content based throttling WARNING: translation string unused: advproxy errmsg change fail WARNING: translation string unused: advproxy errmsg change success WARNING: translation string unused: advproxy errmsg invalid bdc @@ -947,6 +948,7 @@ WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading ( WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 +WARNING: untranslated string: srbds = Special register buffer data sampling WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since diff --git a/doc/language_missings b/doc/language_missings index bfc3ba41f..021a352bb 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -727,6 +727,7 @@ < spectre variant 1 < spectre variant 2 < spectre variant 4 +< srbds < ssh < ssh active sessions < ssh agent forwarding @@ -920,6 +921,7 @@ < bewan adsl usb < g.dtm < g.lite +< srbds < upload fcdsl.o ############################################################################ # Checking cgi-bin translations for language: it # @@ -1193,6 +1195,7 @@ < spectre variant 1 < spectre variant 2 < spectre variant 4 +< srbds < ssh active sessions < ssh agent forwarding < ssh login time @@ -1597,6 +1600,7 @@ < spectre variant 1 < spectre variant 2 < spectre variant 4 +< srbds < ssh active sessions < ssh agent forwarding < ssh login time @@ -2344,6 +2348,7 @@ < spectre variant 1 < spectre variant 2 < spectre variant 4 +< srbds < ssh < ssh active sessions < ssh agent forwarding @@ -3197,6 +3202,7 @@ < spectre variant 1 < spectre variant 2 < spectre variant 4 +< srbds < ssh < ssh active sessions < ssh agent forwarding @@ -3500,6 +3506,7 @@ < spectre variant 1 < spectre variant 2 < spectre variant 4 +< srbds < ssh active sessions < ssh agent forwarding < ssh login time diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index cd399ffed..08d5a98fb 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -78,8 +78,8 @@ Peter Pfeiffer, Daniel Glanzmann, Daniel Weismüller, Heiner Schmeling, -Timo Eissler, Stephan Feddersen, +Timo Eissler, Jan Lentfer, Marcus Scholz, Ersan Yildirim, @@ -110,6 +110,7 @@ Jorrit de Jonge, Jörn-Ingo Weigert, Przemek Zdroik, Ramax Lo, +Adolf Belka, Alexander Rudolf Gruber, Andrew Bellows, Axel Gembe,