Merge remote-tracking branch 'earl/tor' into next

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Conflicts:
	lfs/tor

diff --git a/config/backup/include b/config/backup/include
index cc9546f8ef29bf39b09e3ea120c6cc7a032d216c..159ff9a5837a530d711c089d59b6265965eee0db 100644 (file)
--- a/config/backup/include
+++ b/config/backup/include
@@ -4,6 +4,7 @@
 /var/ipfire/*/config
 /var/ipfire/*/enable
 /var/ipfire/*/*enable*
+/var/ipfire/ovpn/collectd.vpn
 /etc/passwd
 /etc/shadow
 /etc/group
@@ -12,6 +13,7 @@
 /etc/hosts*
 /etc/httpd/*
 /etc/ssh/ssh_host*
+/etc/ssh/sshd_config
 /etc/logrotate.d
 /var/ipfire/auth/users
 /var/ipfire/dhcp/*

diff --git a/config/backup/includes/cyrus-imapd b/config/backup/includes/cyrus-imapd
new file mode 100644 (file)
index 0000000..bb1bb3b
--- /dev/null
+++ b/config/backup/includes/cyrus-imapd
@@ -0,0 +1,4 @@
+/usr/sieve
+/var/imap
+/var/ipfire/cyrusimap
+/var/log/imap

diff --git a/config/backup/includes/esniper b/config/backup/includes/esniper
deleted file mode 100644 (file)
index 14434aa..0000000
--- a/config/backup/includes/esniper
+++ /dev/null
@@ -1,5 +0,0 @@
-/srv/web/esniper/.htaccess
-/srv/web/esniper/.config.php
-/srv/web/esniper/.config.state.php
-/srv/web/esniper/local/
-/srv/web/esniper/.run/

diff --git a/config/backup/includes/netsnmpd b/config/backup/includes/netsnmpd
new file mode 100644 (file)
index 0000000..78ac6ac
--- /dev/null
+++ b/config/backup/includes/netsnmpd
@@ -0,0 +1 @@
+/etc/snmpd.conf

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 35ae7c0930e8fd91cae3d60e0558d6a5e06299cd..2b5cd1977f6502c024e0c9c4cbbfad22d87cd764 100644 (file)
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -17,6 +17,7 @@ package General;
 use strict;
 use Socket;
 use IO::Socket;
+use Locale::Codes::Country;
 use Net::SSLeay;
 use Net::IPv4Addr qw(:all);
 $|=1; # line buffering

diff --git a/config/cfgroot/geoip-functions.pl b/config/cfgroot/geoip-functions.pl
new file mode 100644 (file)
index 0000000..fc2dfdd
--- /dev/null
+++ b/config/cfgroot/geoip-functions.pl
@@ -0,0 +1,105 @@
+#!/usr/bin/perl -w
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2015 IPFire Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+
+package GeoIP;
+
+use Locale::Codes::Country;
+
+# Function to get the flag icon for a specified country code.
+sub get_flag_icon($) {
+       my ($input) = @_;
+
+       # Webserver's root dir. (Required for generating full path)
+       my $webroot = "/srv/web/ipfire/html";
+
+       # Directory which contains the flag icons.
+       my $flagdir = "/images/flags";
+
+       # File extension of the country flags.
+       my $ext = "png";
+
+       # Remove whitespaces.
+       chomp($input);
+
+       # Convert given country code to upper case.
+       my $ccode = uc($input);
+
+       # Generate filename, based on the contry code in lower case
+       # and the defined file extension.
+       my $file = join('.', $ccode,$ext);
+
+       # Generate path inside webroot to the previously generated file.
+       my $flag_icon = join('/', $flagdir,$file);
+
+       # Generate absolute path to the icon file.
+       my $absolute_path = join('', $webroot,$flag_icon);
+ 
+       # Check if the a icon file exists.
+       if (-e "$absolute_path") {
+               # Return content of flag_icon.
+               return $flag_icon;
+       } else {
+               # If no icon for the specified country exists, try to use
+               # the icon for "unknown".
+               my $ccode = "unknown";
+
+               # Redoing all the stuff from abouve for the "unknown" icon.
+               my $file = join('.', $ccode,$ext);
+               my $flag_icon = join('/', $flagdir,$file);
+               my $absolute_path = join('', $webroot,$flag_icon);
+
+               # Check if the icon is present.
+               if (-e "$absolute_path") {
+                       # Return "unknown" icon.
+                       return $flag_icon;
+               }
+       }
+}
+
+# Function to get the county name by a given country code.
+sub get_full_country_name($) {
+       my ($input) = @_;
+       my $name;
+
+       # Remove whitespaces.
+       chomp($input);
+
+       # Convert input into lower case format.
+       my $code = lc($input);
+
+       # Handle country codes which are not in the list.
+       if ($code eq "a1") { $name = "Anonymous Proxy" }
+       elsif ($code eq "a2") { $name = "Satellite Provider" }
+       elsif ($code eq "o1") { $name = "Other Country" }
+       elsif ($code eq "ap") { $name = "Asia/Pacific Region" }
+       elsif ($code eq "eu") { $name = "Europe" }
+       elsif ($code eq "yu") { $name = "Yugoslavia" }
+       else {
+               # Use perl built-in module to get the country code.
+               $name = &Locale::Codes::Country::code2country($code);
+       }
+
+       return $name;
+}
+
+1;

diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl
index 5e6fddbf6e42355b5ff4b90a852b9e1623203ca7..40c1bc87eba1c852b23dbc9230b996d04b2ac576 100644 (file)
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -664,32 +664,32 @@ sub updatevpnn2ngraph {
                "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
                "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
                "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
-               "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+               "AREA:incoming#00dd00:".sprintf("%-23s",$Lang::tr{'incoming traffic in bytes per second'}),
                "GPRINT:incoming:MAX:%8.1lf %sBps",
                "GPRINT:incoming:AVERAGE:%8.1lf %sBps",
                "GPRINT:incoming:MIN:%8.1lf %sBps",
                "GPRINT:incoming:LAST:%8.1lf %sBps\\j",
-               "STACK:overhead_in#116B11:".sprintf("%-20s",$Lang::tr{'incoming overhead in bytes per second'}),
+               "STACK:overhead_in#116B11:".sprintf("%-23s",$Lang::tr{'incoming overhead in bytes per second'}),
                "GPRINT:overhead_in:MAX:%8.1lf %sBps",
                "GPRINT:overhead_in:AVERAGE:%8.1lf %sBps",
                "GPRINT:overhead_in:MIN:%8.1lf %sBps",
                "GPRINT:overhead_in:LAST:%8.1lf %sBps\\j",
-               "LINE1:compression_in#ff00ff:".sprintf("%-20s",$Lang::tr{'incoming compression in bytes per second'}),
+               "LINE1:compression_in#ff00ff:".sprintf("%-23s",$Lang::tr{'incoming compression in bytes per second'}),
                "GPRINT:compression_in:MAX:%8.1lf %sBps",
                "GPRINT:compression_in:AVERAGE:%8.1lf %sBps",
                "GPRINT:compression_in:MIN:%8.1lf %sBps",
                "GPRINT:compression_in:LAST:%8.1lf %sBps\\j",
-               "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+               "AREA:outgoingn#dd0000:".sprintf("%-23s",$Lang::tr{'outgoing traffic in bytes per second'}),
                "GPRINT:outgoing:MAX:%8.1lf %sBps",
                "GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
                "GPRINT:outgoing:MIN:%8.1lf %sBps",
                "GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
-               "STACK:overhead_outn#870C0C:".sprintf("%-20s",$Lang::tr{'outgoing overhead in bytes per second'}),
+               "STACK:overhead_outn#870C0C:".sprintf("%-23s",$Lang::tr{'outgoing overhead in bytes per second'}),
                "GPRINT:overhead_out:MAX:%8.1lf %sBps",
                "GPRINT:overhead_out:AVERAGE:%8.1lf %sBps",
                "GPRINT:overhead_out:MIN:%8.1lf %sBps",
                "GPRINT:overhead_out:LAST:%8.1lf %sBps\\j",
-               "LINE1:compression_outn#000000:".sprintf("%-20s",$Lang::tr{'outgoing compression in bytes per second'}),
+               "LINE1:compression_outn#000000:".sprintf("%-23s",$Lang::tr{'outgoing compression in bytes per second'}),
                "GPRINT:compression_out:MAX:%8.1lf %sBps",
                "GPRINT:compression_out:AVERAGE:%8.1lf %sBps",
                "GPRINT:compression_out:MIN:%8.1lf %sBps",

diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index cf895bf246a01946ab4930b62bc329719d36bc0e..974c4d8b22458ab33d1a65044858804f040af9cc 100644 (file)
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -263,7 +263,7 @@ sub getcgihash {
        return if ($ENV{'REQUEST_METHOD'} ne 'POST');
        if (!$params->{'wantfile'}) {
                $CGI::DISABLE_UPLOADS = 1;
-               $CGI::POST_MAX        = 512 * 1024;
+               $CGI::POST_MAX        = 1024 * 1024;
        } else {
                $CGI::POST_MAX = 10 * 1024 * 1024;
        }

diff --git a/config/cron/crontab b/config/cron/crontab
index d78d08f593529a9209499bf3bc7a68777f324dc6..d5e5d7e9f040fcf409b8cd49e8630b6c298c4c7e 100644 (file)
--- a/config/cron/crontab
+++ b/config/cron/crontab
@@ -57,3 +57,6 @@ HOME=/
 # Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time
 00 3 * 3 0          /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
 00 2 * 10-11 0      /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
+
+# Update GeoIP database once a month.
+%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1

diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
old mode 100755 (executable)
new mode 100644 (file)
index f3cd67f..b389fac
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -27,6 +27,7 @@ package fwlib;
 my %customnetwork=();
 my %customhost=();
 my %customgrp=();
+my %customgeoipgrp=();
 my %customservice=();
 my %customservicegrp=();
 my %ccdnet=();
@@ -42,6 +43,7 @@ require '/var/ipfire/general-functions.pl';
 my $confignet          = "${General::swroot}/fwhosts/customnetworks";
 my $confighost         = "${General::swroot}/fwhosts/customhosts";
 my $configgrp          = "${General::swroot}/fwhosts/customgroups";
+my $configgeoipgrp     = "${General::swroot}/fwhosts/customgeoipgrp";
 my $configsrv          = "${General::swroot}/fwhosts/customservices";
 my $configsrvgrp       = "${General::swroot}/fwhosts/customservicegrp";
 my $configccdnet       = "${General::swroot}/ovpn/ccd.conf";
@@ -59,6 +61,7 @@ my $netsettings               = "${General::swroot}/ethernet/settings";
 &General::readhasharray("$confignet", \%customnetwork);
 &General::readhasharray("$confighost", \%customhost);
 &General::readhasharray("$configgrp", \%customgrp);
+&General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
 &General::readhasharray("$configccdnet", \%ccdnet);
 &General::readhasharray("$configccdhost", \%ccdhost);
 &General::readhasharray("$configipsec", \%ipsecconf);
@@ -295,6 +298,17 @@ sub get_addresses
                        if ($customgrp{$grp}[0] eq $value) {
                                my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type);
 
+                               if (@address) {
+                                       push(@addresses, @address);
+                               }
+                       }
+               }
+       }elsif ($addr_type ~~ ["cust_geoip_src", "cust_geoip_tgt"] && $value =~ "group:") {
+               $value=substr($value,6);
+               foreach my $grp (sort {$a <=> $b} keys %customgeoipgrp) {
+                       if ($customgeoipgrp{$grp}[0] eq $value) {
+                               my @address = &get_address($addr_type, $customgeoipgrp{$grp}[2], $type);
+
                                if (@address) {
                                        push(@addresses, @address);
                                }
@@ -414,6 +428,20 @@ sub get_address
                        }
                }
 
+       # Handle rule options with GeoIP as source.
+       } elsif ($key eq "cust_geoip_src") {
+               # Get external interface.
+               my $external_interface = &get_external_interface();
+
+               push(@ret, ["-m geoip --src-cc $value", "$external_interface"]);
+
+       # Handle rule options with GeoIP as target.
+       } elsif ($key eq "cust_geoip_tgt") {
+               # Get external interface.
+               my $external_interface = &get_external_interface();
+
+               push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]);
+
        # If nothing was selected, we assume "any".
        } else {
                push(@ret, ["0/0", ""]);
@@ -552,4 +580,37 @@ sub get_internal_firewall_ip_address
        return 0;
 }
 
+sub get_geoip_locations() {
+       # Path to the directory which contains the binary geoip
+       # databases.
+       my $directory="/usr/share/xt_geoip/LE";
+
+       # Array to store the final country list.
+       my @country_codes = ();
+
+       # Open location and do a directory listing.
+       opendir(DIR, "$directory");
+       my @locations = readdir(DIR);
+       closedir(DIR);
+
+       # Loop through the directory listing, and cut of the file extensions.
+       foreach my $location (sort @locations) {
+               # skip . and ..
+               next if($location =~ /^\.$/);
+               next if($location =~ /^\.\.$/);
+
+               # Remove whitespaces.
+               chomp($location);
+
+               # Cut-off file extension.
+               my ($country_code, $extension) = split(/\./, $location);
+
+               # Add country code to array.
+               push(@country_codes, $country_code);
+       }
+
+       # Return final array.
+       return @country_codes;
+}
+
 return 1;

diff --git a/config/firewall/geoipblock b/config/firewall/geoipblock
new file mode 100644 (file)
index 0000000..4d483d3
--- /dev/null
+++ b/config/firewall/geoipblock
@@ -0,0 +1 @@
+GEOIPBLOCK_ENABLED=off

diff --git a/config/firewall/p2protocols b/config/firewall/p2protocols
index 70005812684e5b4a3e9795107c7e4d89dcc0f3a0..d8998095c1177c376c358171b2fadf269e0cde61 100644 (file)
--- a/config/firewall/p2protocols
+++ b/config/firewall/p2protocols
@@ -1,9 +1,9 @@
-Applejuice;apple;off;
-Ares;ares;off;
-Bittorrent;bit;off;
-DirectConnect;dc;off;
-Edonkey;edk;off;
-Gnutella;gnu;off;
-KaZaA;kazaa;off;
-SoulSeek;soul;off;
-WinMX;winmx;off;
+Applejuice;apple;on;
+Ares;ares;on;
+Bittorrent;bit;on;
+DirectConnect;dc;on;
+Edonkey;edk;on;
+Gnutella;gnu;on;
+KaZaA;kazaa;on;
+SoulSeek;soul;on;
+WinMX;winmx;on;

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
old mode 100755 (executable)
new mode 100644 (file)
index 97b8897..daa9565
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -60,6 +60,7 @@ my $configfwdfw               = "${General::swroot}/firewall/config";
 my $configinput            = "${General::swroot}/firewall/input";
 my $configoutgoing  = "${General::swroot}/firewall/outgoing";
 my $p2pfile                    = "${General::swroot}/firewall/p2protocols";
+my $geoipfile          = "${General::swroot}/firewall/geoipblock";
 my $configgrp          = "${General::swroot}/fwhosts/customgroups";
 my $netsettings                = "${General::swroot}/ethernet/settings";
 
@@ -88,14 +89,30 @@ sub main {
        # Flush all chains.
        &flush();
 
-       # Reload firewall rules.
-       &preparerules();
+       # Prepare firewall rules.
+       if (! -z  "${General::swroot}/firewall/input"){
+               &buildrules(\%configinputfw);
+       }
+       if (! -z  "${General::swroot}/firewall/outgoing"){
+               &buildrules(\%configoutgoingfw);
+       }
+       if (! -z  "${General::swroot}/firewall/config"){
+               &buildrules(\%configfwdfw);
+       }
 
        # Load P2P block rules.
        &p2pblock();
 
+       # Load GeoIP block rules.
+       &geoipblock();
+
        # Reload firewall policy.
        run("/usr/sbin/firewall-policy");
+
+       #Reload firewall.local if present
+       if ( -f '/etc/sysconfig/firewall.local'){
+               run("/etc/sysconfig/firewall.local reload");
+       }
 }
 
 sub run {
@@ -146,18 +163,6 @@ sub flush {
        run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
 }
 
-sub preparerules {
-       if (! -z  "${General::swroot}/firewall/input"){
-               &buildrules(\%configinputfw);
-       }
-       if (! -z  "${General::swroot}/firewall/outgoing"){
-               &buildrules(\%configoutgoingfw);
-       }
-       if (! -z  "${General::swroot}/firewall/config"){
-               &buildrules(\%configfwdfw);
-       }
-}
-
 sub buildrules {
        my $hash = shift;
 
@@ -364,13 +369,17 @@ sub buildrules {
                                        my @source_options = ();
                                        if ($source =~ /mac/) {
                                                push(@source_options, $source);
-                                       } elsif ($source) {
+                                       } elsif ($source =~ /-m geoip/) {
+                                               push(@source_options, $source);
+                                       } elsif($source) {
                                                push(@source_options, ("-s", $source));
                                        }
 
                                        # Prepare destination options.
                                        my @destination_options = ();
-                                       if ($destination) {
+                                       if ($destination =~ /-m geoip/) {
+                                               push(@destination_options,  $destination);
+                                       } elsif ($destination) {
                                                push(@destination_options, ("-d", $destination));
                                        }
 
@@ -512,10 +521,6 @@ sub buildrules {
                        }
                }
        }
-       #Reload firewall.local if present
-       if ( -f '/etc/sysconfig/firewall.local'){
-               run("/etc/sysconfig/firewall.local reload");
-       }
 }
 
 # Formats the given timestamp into the iptables format which is "hh:mm" UTC.
@@ -573,6 +578,38 @@ sub p2pblock {
        }
 }
 
+sub geoipblock {
+       my %geoipsettings = ();
+       $geoipsettings{'GEOIPBLOCK_ENABLED'} = "off";
+
+       # Flush iptables chain.
+       run("$IPTABLES -F GEOIPBLOCK");
+
+       # Check if the geoip settings file exists
+       if (-e "$geoipfile") {
+               # Read settings file
+               &General::readhash("$geoipfile", \%geoipsettings);
+       }
+
+       # If geoip blocking is not enabled, we are finished here.
+       if ($geoipsettings{'GEOIPBLOCK_ENABLED'} ne "on") {
+               # Exit submodule. Process remaining script.
+               return;
+       }
+
+       # Get supported locations.
+       my @locations = &fwlib::get_geoip_locations();
+
+       # Loop through all supported geoip locations and
+       # create iptables rules, if blocking this country
+       # is enabled.
+       foreach my $location (@locations) {
+               if($geoipsettings{$location} eq "on") {
+                       run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc $location -j DROP");
+               }
+       }
+}
+
 sub get_protocols {
        my $hash = shift;
        my $key = shift;

diff --git a/config/haproxy/haproxy.cfg b/config/haproxy/haproxy.cfg
index 324ad5e2290ebb2d4afd662463830c1636111b61..9d372f63fbccff96c01afccf4f90613279ec0e7c 100644 (file)
--- a/config/haproxy/haproxy.cfg
+++ b/config/haproxy/haproxy.cfg
@@ -28,8 +28,8 @@ global
     chroot      /var/lib/haproxy
     pidfile     /var/run/haproxy.pid
     maxconn     4000
-    user        haproxy
-    group       haproxy
+    user        nobody
+    group       nobody
     daemon
 
     # turn on stats unix socket

diff --git a/config/hostapd/config b/config/hostapd/config
index 1cd76765a9a66cf92407d8de16e231c5a6e50597..c3672c52422979037e6035d074bdbdc8f27a320d 100644 (file)
--- a/config/hostapd/config
+++ b/config/hostapd/config
@@ -15,10 +15,6 @@ CONFIG_DRIVER_HOSTAP=y
 # Driver interface for wired authenticator
 #CONFIG_DRIVER_WIRED=y
 
-# Driver interface for madwifi driver
-#CONFIG_DRIVER_MADWIFI=y
-#CFLAGS += -I../../madwifi # change to the madwifi source directory
-
 # Driver interface for Prism54 driver
 CONFIG_DRIVER_PRISM54=y
 
@@ -49,14 +45,14 @@ CONFIG_RSN_PREAUTH=y
 CONFIG_PEERKEY=y
 
 # IEEE 802.11w (management frame protection)
-# This version is an experimental implementation based on IEEE 802.11w/D1.0
-# draft and is subject to change since the standard has not yet been finalized.
-# Driver support is also needed for IEEE 802.11w.
-#CONFIG_IEEE80211W=y
+CONFIG_IEEE80211W=y
 
 # Integrated EAP server
 CONFIG_EAP=y
 
+# EAP Re-authentication Protocol (ERP) in integrated EAP server
+CONFIG_ERP=y
+
 # EAP-MD5 for the integrated EAP server
 CONFIG_EAP_MD5=y
 
@@ -91,6 +87,9 @@ CONFIG_EAP_TTLS=y
 # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+#CONFIG_EAP_PWD=y
+
 # EAP-SAKE for the integrated EAP server
 #CONFIG_EAP_SAKE=y
 
@@ -110,6 +109,8 @@ CONFIG_EAP_TTLS=y
 CONFIG_WPS=y
 # Enable UPnP support for external WPS Registrars
 CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
 
 # EAP-IKEv2
 CONFIG_EAP_IKEV2=y
@@ -117,6 +118,9 @@ CONFIG_EAP_IKEV2=y
 # Trusted Network Connect (EAP-TNC)
 CONFIG_EAP_TNC=y
 
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
 # PKCS#12 (PFX) support (used to read private key and certificate file from
 # a file that usually has extension .p12 or .pfx)
 CONFIG_PKCS12=y
@@ -138,14 +142,171 @@ CONFIG_IEEE80211R=y
 # IEEE 802.11n (High Throughput) support
 CONFIG_IEEE80211N=y
 
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
 # Remove debugging code that is printing out debug messages to stdout.
 # This can be used to reduce the size of the hostapd considerably if debugging
 # code is not needed.
 CONFIG_NO_STDOUT_DEBUG=y
 
-# IEEE 802.11ac (Very High Throughput) support
-CONFIG_IEEE80211AC=y
 
-# Enable AUTO_CHANNEL_SELECTION
-# This is needed for dfs (radar detection) channels
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+#CONFIG_DEBUG_FILE=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+#CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+#CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+#CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+#CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+#CONFIG_SQLITE=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
 CONFIG_ACS=y

diff --git a/config/httpd/global.conf b/config/httpd/global.conf
index a9770264366361a611db5ea5e91238fa81289c6f..3fbd5e2946d9b36a7d225510e79715b9095a73b5 100644 (file)
--- a/config/httpd/global.conf
+++ b/config/httpd/global.conf
@@ -1,7 +1,7 @@
 Timeout 300
 ServerSignature on
 UseCanonicalName off
-ServerTokens Full
+ServerTokens Prod
 LogLevel warn
 CustomLog /var/log/httpd/access_log combined
 Include /etc/httpd/conf/hostname.conf

diff --git a/config/httpd/httpd.conf b/config/httpd/httpd.conf
index 7e00b88268105ebb93fa14f707143825a7b78cc7..9c1fb2b1001bf6e53ee5f79f112786b40e46fe27 100644 (file)
--- a/config/httpd/httpd.conf
+++ b/config/httpd/httpd.conf
@@ -117,4 +117,5 @@ Include /etc/httpd/conf/default-server.conf
 #
 Include /etc/httpd/conf/vhosts.d/*.conf
 
-
+# Dummy LoadModule directive to aid module installations
+#LoadModule dummy_module /usr/lib/apache2/modules/mod_dummy.so

diff --git a/config/httpd/vhosts.d/esniper.conf b/config/httpd/vhosts.d/esniper.conf
deleted file mode 100644 (file)
index e1c4dd4..0000000
--- a/config/httpd/vhosts.d/esniper.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-Listen 1006
-
-<VirtualHost *:1006>
-
-       SSLEngine on
-       SSLProtocol all -SSLv2
-       SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
-       SSLCertificateFile /etc/httpd/server.crt
-       SSLCertificateKeyFile /etc/httpd/server.key
-       
-       DocumentRoot /srv/web/esniper
-       
-       Include /etc/httpd/conf/conf.d/php*.conf
-       
-       <Directory /srv/web/esniper>
-               Options None
-               AllowOverride None
-               Order allow,deny
-               Allow from all
-       </Directory>
-       
-</VirtualHost>

diff --git a/config/httpd/vhosts.d/phpaj.conf b/config/httpd/vhosts.d/phpaj.conf
deleted file mode 100644 (file)
index a6b764e..0000000
--- a/config/httpd/vhosts.d/phpaj.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-Listen 1002
-
-<VirtualHost *:1002>
-       
-       DocumentRoot /srv/web/phpaj
-       
-       Include /etc/httpd/conf/conf.d/php*.conf
-       
-       <Directory /srv/web/phpaj>
-               Options None
-               AllowOverride None
-               Order allow,deny
-               Allow from all
-       </Directory>
-       
-</VirtualHost>

diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood
index 18ffcd77c739074dd887661fde4a3f31e4d47811..cf44486e5ae6c717e55aa5d99d40ef56d111eeea 100644 (file)
--- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood
+++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.14.30 Kernel Configuration
+# Linux/arm 3.14.37 Kernel Configuration
 #
 CONFIG_ARM=y
 CONFIG_SYS_SUPPORTS_APM_EMULATION=y
@@ -5042,7 +5042,6 @@ CONFIG_DEBUG_KERNEL=y
 #
 # Memory Debugging
 #
-# CONFIG_DEBUG_PAGEALLOC is not set
 # CONFIG_DEBUG_OBJECTS is not set
 # CONFIG_SLUB_DEBUG_ON is not set
 # CONFIG_SLUB_STATS is not set
@@ -5275,6 +5274,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y
 CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
 CONFIG_GRKERNSEC_CHROOT_NICE=y
 CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
 # CONFIG_GRKERNSEC_CHROOT_CAPS is not set
 CONFIG_GRKERNSEC_CHROOT_INITRD=y
 

diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi
index e3fa93e9d69f37be80c2a646bd150a813a536046..25de266d515acaa483bfd87a8043e4e66013e03c 100644 (file)
--- a/config/kernel/kernel.config.armv5tel-ipfire-multi
+++ b/config/kernel/kernel.config.armv5tel-ipfire-multi
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.14.30 Kernel Configuration
+# Linux/arm 3.14.37 Kernel Configuration
 #
 CONFIG_ARM=y
 CONFIG_MIGHT_HAVE_PCI=y
@@ -5530,7 +5530,6 @@ CONFIG_DEBUG_KERNEL=y
 #
 # Memory Debugging
 #
-# CONFIG_DEBUG_PAGEALLOC is not set
 # CONFIG_DEBUG_OBJECTS is not set
 # CONFIG_SLUB_STATS is not set
 CONFIG_HAVE_DEBUG_KMEMLEAK=y
@@ -5764,6 +5763,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y
 CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
 CONFIG_GRKERNSEC_CHROOT_NICE=y
 CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
 # CONFIG_GRKERNSEC_CHROOT_CAPS is not set
 CONFIG_GRKERNSEC_CHROOT_INITRD=y
 

diff --git a/config/kernel/kernel.config.armv5tel-ipfire-rpi b/config/kernel/kernel.config.armv5tel-ipfire-rpi
index 17a7305ebd0df2c61f0f858fff7d6cceb39f4935..b25210a17cbf91e2dfccdbda822de42f7d6e03d8 100644 (file)
--- a/config/kernel/kernel.config.armv5tel-ipfire-rpi
+++ b/config/kernel/kernel.config.armv5tel-ipfire-rpi
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.14.30 Kernel Configuration
+# Linux/arm 3.14.37 Kernel Configuration
 #
 CONFIG_ARM=y
 CONFIG_SYS_SUPPORTS_APM_EMULATION=y
@@ -3643,7 +3643,6 @@ CONFIG_DEBUG_KERNEL=y
 #
 # Memory Debugging
 #
-# CONFIG_DEBUG_PAGEALLOC is not set
 # CONFIG_DEBUG_OBJECTS is not set
 # CONFIG_SLUB_DEBUG_ON is not set
 # CONFIG_SLUB_STATS is not set
@@ -3858,6 +3857,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y
 CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
 CONFIG_GRKERNSEC_CHROOT_NICE=y
 CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
 # CONFIG_GRKERNSEC_CHROOT_CAPS is not set
 CONFIG_GRKERNSEC_CHROOT_INITRD=y
 

diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire
index 87687d962ee66c37826bba30edbc38b0d3b1bb52..f5ff73efb8759c9911e74f8266b16afcceadcc45 100644 (file)
--- a/config/kernel/kernel.config.i586-ipfire
+++ b/config/kernel/kernel.config.i586-ipfire
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.30 Kernel Configuration
+# Linux/x86 3.14.37 Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -410,6 +410,7 @@ CONFIG_SCHED_MC=y
 CONFIG_PREEMPT_NONE=y
 # CONFIG_PREEMPT_VOLUNTARY is not set
 # CONFIG_PREEMPT is not set
+CONFIG_X86_UP_APIC_MSI=y
 CONFIG_X86_LOCAL_APIC=y
 CONFIG_X86_IO_APIC=y
 CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
@@ -5494,7 +5495,6 @@ CONFIG_DEBUG_KERNEL=y
 #
 # Memory Debugging
 #
-# CONFIG_DEBUG_PAGEALLOC is not set
 # CONFIG_DEBUG_OBJECTS is not set
 # CONFIG_SLUB_DEBUG_ON is not set
 # CONFIG_SLUB_STATS is not set
@@ -5766,6 +5766,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y
 CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
 CONFIG_GRKERNSEC_CHROOT_NICE=y
 CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
 # CONFIG_GRKERNSEC_CHROOT_CAPS is not set
 CONFIG_GRKERNSEC_CHROOT_INITRD=y
 

diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae
index c5a437a59688d615af27b32a7fae0feedf9f0c5c..8e7220184af6ba4b55095d7d47acebc96f1141b3 100644 (file)
--- a/config/kernel/kernel.config.i586-ipfire-pae
+++ b/config/kernel/kernel.config.i586-ipfire-pae
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.30 Kernel Configuration
+# Linux/x86 3.14.37 Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -420,6 +420,7 @@ CONFIG_SCHED_MC=y
 CONFIG_PREEMPT_NONE=y
 # CONFIG_PREEMPT_VOLUNTARY is not set
 # CONFIG_PREEMPT is not set
+CONFIG_X86_UP_APIC_MSI=y
 CONFIG_X86_LOCAL_APIC=y
 CONFIG_X86_IO_APIC=y
 CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
@@ -5537,7 +5538,6 @@ CONFIG_DEBUG_KERNEL=y
 #
 # Memory Debugging
 #
-# CONFIG_DEBUG_PAGEALLOC is not set
 # CONFIG_DEBUG_OBJECTS is not set
 # CONFIG_SLUB_DEBUG_ON is not set
 # CONFIG_SLUB_STATS is not set
@@ -5807,6 +5807,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y
 CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
 CONFIG_GRKERNSEC_CHROOT_NICE=y
 CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
 # CONFIG_GRKERNSEC_CHROOT_CAPS is not set
 CONFIG_GRKERNSEC_CHROOT_INITRD=y
 

diff --git a/config/menu/20-status.menu b/config/menu/20-status.menu
index 802885ee3a441a29ca4da3fc33baf93621060481..2bcf0d5e8d0784ba5065005303c3cddc47e64557 100644 (file)
--- a/config/menu/20-status.menu
+++ b/config/menu/20-status.menu
@@ -41,15 +41,15 @@
                                'enabled' => 1,
                          };
        $substatus->{'53.networkovpn'} = {
-                               'caption' => "$Lang::tr{'openvpn client'}",
+                               'caption' => "$Lang::tr{'vpn statistic rw'}",
                                'uri' => '/cgi-bin/netovpnrw.cgi',
-                               'title' => "$Lang::tr{'openvpn client'}",
+                               'title' => "$Lang::tr{'vpn statistic rw'}",
                                'enabled' => 1,
                          };
        $substatus->{'54.networkovpnsrv'} = {
-                               'caption' => "$Lang::tr{'openvpn server'}",
+                               'caption' => "$Lang::tr{'vpn statistic n2n'}",
                                'uri' => '/cgi-bin/netovpnsrv.cgi',
-                               'title' => "$Lang::tr{'openvpn server'}",
+                               'title' => "$Lang::tr{'vpn statistics n2n'}",
                                'enabled' => 1,
                          };
     $substatus->{'60.hardwaregraphs'} = {

diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
index e872e6428c1d68395e974b6b596eebc7e6e8af48..7271b3212124c04a9d858c6a05d934ab3169bde6 100644 (file)
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -22,6 +22,12 @@
                                'title' => "P2P-Block",
                                'enabled' => 1,
                                };
+    $subfirewall->{'50.geoipblock'} = {
+                               'caption' => $Lang::tr{'geoipblock'},
+                               'uri' => '/cgi-bin/geoip-block.cgi',
+                               'title' => $Lang::tr{'geoipblock'},
+                               'enabled' => 1,
+                               };
     $subfirewall->{'60.wireless'} = {
                                'caption' => $Lang::tr{'blue access'},
                                'uri' => '/cgi-bin/wireless.cgi',

diff --git a/config/qemu/qemu b/config/qemu/qemu
new file mode 100644 (file)
index 0000000..64b458a
--- /dev/null
+++ b/config/qemu/qemu
@@ -0,0 +1,10 @@
+#!/bin/bash
+#
+# QEMU wrapper to enable kvm as default like old qemu-kvm...
+#
+if [[ $* == *" -no-kvm"* ]]; then
+       qemu-system-i386 $*
+else
+       qemu-system-i386 -enable-kvm $*
+fi
+exit ${?}

diff --git a/config/rootfiles/common/Locale-Country b/config/rootfiles/common/Locale-Country
index bbe51eee774dd6b1eef5e5780da33df301aaafe5..58c240625a0e7388f30699cdc0efea3a125f0532 100644 (file)
--- a/config/rootfiles/common/Locale-Country
+++ b/config/rootfiles/common/Locale-Country
@@ -1,13 +1,50 @@
-#usr/lib/perl5/site_perl/5.12.3/Locale
-usr/lib/perl5/site_perl/5.12.3/Locale/Constants.pm
-usr/lib/perl5/site_perl/5.12.3/Locale/Constants.pod
-usr/lib/perl5/site_perl/5.12.3/Locale/Country.pm
-usr/lib/perl5/site_perl/5.12.3/Locale/Country.pod
-usr/lib/perl5/site_perl/5.12.3/Locale/Currency.pm
-usr/lib/perl5/site_perl/5.12.3/Locale/Currency.pod
-usr/lib/perl5/site_perl/5.12.3/Locale/Language.pm
-usr/lib/perl5/site_perl/5.12.3/Locale/Language.pod
-usr/lib/perl5/site_perl/5.12.3/Locale/Script.pm
-usr/lib/perl5/site_perl/5.12.3/Locale/Script.pod
-#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Locale-Codes
-#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Locale-Codes/.packlist
+#usr/lib/perl5/5.12.3/Locale/Codes
+usr/lib/perl5/5.12.3/Locale/Codes.pm
+usr/lib/perl5/5.12.3/Locale/Codes.pod
+usr/lib/perl5/5.12.3/Locale/Codes/API.pod
+usr/lib/perl5/5.12.3/Locale/Codes/Changes.pod
+usr/lib/perl5/5.12.3/Locale/Codes/Constants.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Constants.pod
+usr/lib/perl5/5.12.3/Locale/Codes/Country.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Country.pod
+usr/lib/perl5/5.12.3/Locale/Codes/Country_Codes.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Country_Retired.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Currency.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Currency.pod
+usr/lib/perl5/5.12.3/Locale/Codes/Currency_Codes.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Currency_Retired.pm
+usr/lib/perl5/5.12.3/Locale/Codes/LangExt.pm
+usr/lib/perl5/5.12.3/Locale/Codes/LangExt.pod
+usr/lib/perl5/5.12.3/Locale/Codes/LangExt_Codes.pm
+usr/lib/perl5/5.12.3/Locale/Codes/LangExt_Retired.pm
+usr/lib/perl5/5.12.3/Locale/Codes/LangFam.pm
+usr/lib/perl5/5.12.3/Locale/Codes/LangFam.pod
+usr/lib/perl5/5.12.3/Locale/Codes/LangFam_Codes.pm
+usr/lib/perl5/5.12.3/Locale/Codes/LangFam_Retired.pm
+usr/lib/perl5/5.12.3/Locale/Codes/LangVar.pm
+usr/lib/perl5/5.12.3/Locale/Codes/LangVar.pod
+usr/lib/perl5/5.12.3/Locale/Codes/LangVar_Codes.pm
+usr/lib/perl5/5.12.3/Locale/Codes/LangVar_Retired.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Language.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Language.pod
+usr/lib/perl5/5.12.3/Locale/Codes/Language_Codes.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Language_Retired.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Script.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Script.pod
+usr/lib/perl5/5.12.3/Locale/Codes/Script_Codes.pm
+usr/lib/perl5/5.12.3/Locale/Codes/Script_Retired.pm
+#usr/lib/perl5/5.12.3/MACHINE-linux-thread-multi/auto/Locale
+#usr/lib/perl5/5.12.3/MACHINE-linux-thread-multi/auto/Locale/Codes
+#usr/lib/perl5/5.12.3/MACHINE-linux-thread-multi/auto/Locale/Codes/.packlist
+#usr/share/man/man3/Locale::Codes.3
+#usr/share/man/man3/Locale::Codes::API.3
+#usr/share/man/man3/Locale::Codes::Changes.3
+#usr/share/man/man3/Locale::Codes::Constants.3
+#usr/share/man/man3/Locale::Codes::Country.3
+#usr/share/man/man3/Locale::Codes::Currency.3
+#usr/share/man/man3/Locale::Codes::LangExt.3
+#usr/share/man/man3/Locale::Codes::LangFam.3
+#usr/share/man/man3/Locale::Codes::LangFam_Retired.3
+#usr/share/man/man3/Locale::Codes::LangVar.3
+#usr/share/man/man3/Locale::Codes::Language.3
+#usr/share/man/man3/Locale::Codes::Script.3

diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2
index 3eabe9f769c7ad2d10dbeffa62f178e3cabaff6d..7e33a155eee1f826334845cdc685ded290335058 100644 (file)
--- a/config/rootfiles/common/apache2
+++ b/config/rootfiles/common/apache2
@@ -1,5 +1,8 @@
 #etc/httpd
 #etc/httpd/conf
+#etc/httpd/conf/conf.d
+etc/httpd/conf/conf.d/php5.conf
+etc/httpd/conf/default-server.conf
 #etc/httpd/conf/extra
 #etc/httpd/conf/extra/httpd-autoindex.conf
 #etc/httpd/conf/extra/httpd-dav.conf
@@ -12,9 +15,14 @@
 #etc/httpd/conf/extra/httpd-ssl.conf
 #etc/httpd/conf/extra/httpd-userdir.conf
 #etc/httpd/conf/extra/httpd-vhosts.conf
+etc/httpd/conf/global.conf
+etc/httpd/conf/hostname.conf
 etc/httpd/conf/httpd.conf
+etc/httpd/conf/listen.conf
+etc/httpd/conf/loadmodule.conf
 etc/httpd/conf/magic
 etc/httpd/conf/mime.types
+etc/httpd/conf/mod_log_config.conf
 #etc/httpd/conf/original
 #etc/httpd/conf/original/extra
 #etc/httpd/conf/original/extra/httpd-autoindex.conf
@@ -29,6 +37,14 @@ etc/httpd/conf/mime.types
 #etc/httpd/conf/original/extra/httpd-userdir.conf
 #etc/httpd/conf/original/extra/httpd-vhosts.conf
 #etc/httpd/conf/original/httpd.conf
+etc/httpd/conf/server-tuning.conf
+etc/httpd/conf/ssl-global.conf
+etc/httpd/conf/uid.conf
+#etc/httpd/conf/vhosts.d
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
+etc/httpd/conf/vhosts.d/ipfire-interface.conf
+#etc/httpd/conf/vhosts.d/nagios.conf
+#etc/httpd/conf/vhosts.d/openmailadmin.conf
 #srv/web
 #srv/web/ipfire
 #srv/web/ipfire/cgi-bin
@@ -1336,7 +1352,7 @@ usr/lib/apr-util-1/apr_dbd_sqlite3.so
 #usr/lib/libapr-1.la
 usr/lib/libapr-1.so
 usr/lib/libapr-1.so.0
-usr/lib/libapr-1.so.0.5.0
+usr/lib/libapr-1.so.0.5.1
 #usr/lib/libaprutil-1.a
 #usr/lib/libaprutil-1.la
 usr/lib/libaprutil-1.so
@@ -1373,76 +1389,3 @@ usr/sbin/httpd
 #usr/share/man/man8/rotatelogs.8
 #usr/share/man/man8/suexec.8
 var/log/httpd
-etc/httpd/conf/conf.d
-etc/httpd/conf/default-server.conf
-etc/httpd/conf/global.conf
-etc/httpd/conf/hostname.conf
-etc/httpd/conf/listen.conf
-etc/httpd/conf/loadmodule.conf
-etc/httpd/conf/mod_log_config.conf
-etc/httpd/conf/server-tuning.conf
-etc/httpd/conf/ssl-global.conf
-etc/httpd/conf/uid.conf
-etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
-etc/httpd/conf/vhosts.d/ipfire-interface.conf
-srv/web/ipfire/cgi-bin/aliases.cgi
-srv/web/ipfire/cgi-bin/atm-status.cgi
-srv/web/ipfire/cgi-bin/backup.cgi
-srv/web/ipfire/cgi-bin/chpasswd.cgi
-srv/web/ipfire/cgi-bin/connections.cgi
-srv/web/ipfire/cgi-bin/connscheduler.cgi
-srv/web/ipfire/cgi-bin/country.cgi
-srv/web/ipfire/cgi-bin/credits.cgi
-srv/web/ipfire/cgi-bin/dns.cgi
-srv/web/ipfire/cgi-bin/dnsforward.cgi
-srv/web/ipfire/cgi-bin/ddns.cgi
-srv/web/ipfire/cgi-bin/dhcp.cgi
-srv/web/ipfire/cgi-bin/entropy.cgi
-srv/web/ipfire/cgi-bin/extrahd.cgi
-srv/web/ipfire/cgi-bin/fireinfo.cgi
-srv/web/ipfire/cgi-bin/firewall.cgi
-srv/web/ipfire/cgi-bin/fwhosts.cgi
-srv/web/ipfire/cgi-bin/gpl.cgi
-srv/web/ipfire/cgi-bin/gui.cgi
-srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
-srv/web/ipfire/cgi-bin/hosts.cgi
-srv/web/ipfire/cgi-bin/ids.cgi
-srv/web/ipfire/cgi-bin/index.cgi
-srv/web/ipfire/cgi-bin/ipinfo.cgi
-srv/web/ipfire/cgi-bin/iptables.cgi
-srv/web/ipfire/cgi-bin/logs.cgi
-srv/web/ipfire/cgi-bin/mac.cgi
-srv/web/ipfire/cgi-bin/media.cgi
-srv/web/ipfire/cgi-bin/memory.cgi
-srv/web/ipfire/cgi-bin/modem.cgi
-srv/web/ipfire/cgi-bin/modem-status.cgi
-srv/web/ipfire/cgi-bin/netexternal.cgi
-srv/web/ipfire/cgi-bin/netinternal.cgi
-srv/web/ipfire/cgi-bin/netother.cgi
-srv/web/ipfire/cgi-bin/netovpnrw.cgi
-srv/web/ipfire/cgi-bin/netovpnsrv.cgi
-srv/web/ipfire/cgi-bin/optionsfw.cgi
-srv/web/ipfire/cgi-bin/ovpnmain.cgi
-srv/web/ipfire/cgi-bin/p2p-block.cgi
-srv/web/ipfire/cgi-bin/pakfire.cgi
-srv/web/ipfire/cgi-bin/pppsetup.cgi
-srv/web/ipfire/cgi-bin/proxy.cgi
-srv/web/ipfire/cgi-bin/qos.cgi
-srv/web/ipfire/cgi-bin/remote.cgi
-srv/web/ipfire/cgi-bin/routing.cgi
-srv/web/ipfire/cgi-bin/services.cgi
-srv/web/ipfire/cgi-bin/shutdown.cgi
-srv/web/ipfire/cgi-bin/speed.cgi
-srv/web/ipfire/cgi-bin/system.cgi
-srv/web/ipfire/cgi-bin/time.cgi
-srv/web/ipfire/cgi-bin/traffic.cgi
-srv/web/ipfire/cgi-bin/updatexlrator.cgi
-srv/web/ipfire/cgi-bin/upnp.cgi
-srv/web/ipfire/cgi-bin/urlfilter.cgi
-srv/web/ipfire/cgi-bin/vpnmain.cgi
-srv/web/ipfire/cgi-bin/wakeonlan.cgi
-srv/web/ipfire/cgi-bin/webaccess.cgi
-srv/web/ipfire/cgi-bin/wireless.cgi
-srv/web/ipfire/cgi-bin/wirelessclient.cgi
-srv/web/ipfire/html
-var/updatecache

diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 52487669ae19830a73c17cb9f05804a56e4b0bf4..b4cd8f857192a330af409cf004e677fd54fad7c5 100644 (file)
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -61,6 +61,7 @@ etc/rc.d/init.d/mounttmpfs
 #etc/rc.d/init.d/mysql
 #etc/rc.d/init.d/netsnmpd
 etc/rc.d/init.d/network
+etc/rc.d/init.d/network-trigger
 etc/rc.d/init.d/network-vlans
 #etc/rc.d/init.d/networking
 etc/rc.d/init.d/networking/any
@@ -91,6 +92,7 @@ etc/rc.d/init.d/networking/red.up/50-ipsec
 etc/rc.d/init.d/networking/red.up/50-ovpn
 etc/rc.d/init.d/networking/red.up/98-leds
 etc/rc.d/init.d/networking/red.up/99-fireinfo
+etc/rc.d/init.d/networking/red.up/99-geoip-database
 etc/rc.d/init.d/networking/red.up/99-pakfire-update
 etc/rc.d/init.d/networking/wpa_supplicant.exe
 #etc/rc.d/init.d/nfs-server
@@ -229,6 +231,7 @@ etc/rc.d/rcsysinit.d/S73swconfig
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
 etc/rc.d/rcsysinit.d/S85firewall
+etc/rc.d/rcsysinit.d/S90network-trigger
 etc/rc.d/rcsysinit.d/S91network-vlans
 etc/rc.d/rcsysinit.d/S92rngd
 etc/rc.d/rc3.d/S15fireinfo

diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi
index fa07629b8d1c309d8c0b43980293ef61156602f7..c2d3cd27653ee73d8694d4e588b1971d592cac6b 100644 (file)
--- a/config/rootfiles/common/armv5tel/linux-multi
+++ b/config/rootfiles/common/armv5tel/linux-multi
@@ -53,6 +53,7 @@ boot/dtb-KVER-ipfire-multi
 #boot/dtb-KVER-ipfire-multi/imx6dl-sabresd.dtb
 #boot/dtb-KVER-ipfire-multi/imx6dl-wandboard.dtb
 #boot/dtb-KVER-ipfire-multi/imx6q-arm2.dtb
+#boot/dtb-KVER-ipfire-multi/imx6q-cm-fx6.dtb
 #boot/dtb-KVER-ipfire-multi/imx6q-cubox-i.dtb
 #boot/dtb-KVER-ipfire-multi/imx6q-gw51xx.dtb
 #boot/dtb-KVER-ipfire-multi/imx6q-gw52xx.dtb

diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd
index 72b2dee0336fdc56be788e5ec922e02483f3f8af..cac4c3de14a03b9bafad0fd8eaab48d6059c76dc 100644 (file)
--- a/config/rootfiles/common/collectd
+++ b/config/rootfiles/common/collectd
@@ -218,11 +218,11 @@ usr/lib/libcollectdclient.so.0.0.0
 #usr/lib/perl5/Collectd/Plugins
 #usr/lib/perl5/Collectd/Plugins/OpenVZ.pm
 #usr/lib/perl5/Collectd/Unixsock.pm
-#usr/lib/perl5/i586-linux-thread-multi
-#usr/lib/perl5/i586-linux-thread-multi/auto
-#usr/lib/perl5/i586-linux-thread-multi/auto/Collectd
-#usr/lib/perl5/i586-linux-thread-multi/auto/Collectd/.packlist
-#usr/lib/perl5/i586-linux-thread-multi/perllocal.pod
+#usr/lib/perl5/MACHINE-linux-thread-multi
+#usr/lib/perl5/MACHINE-linux-thread-multi/auto
+#usr/lib/perl5/MACHINE-linux-thread-multi/auto/Collectd
+#usr/lib/perl5/MACHINE-linux-thread-multi/auto/Collectd/.packlist
+#usr/lib/perl5/MACHINE-linux-thread-multi/perllocal.pod
 #usr/lib/pkgconfig/libcollectdclient.pc
 #usr/man/man3/Collectd::Unixsock.3
 usr/sbin/collectd
@@ -243,3 +243,4 @@ usr/share/collectd/types.db
 #usr/share/man/man5/collectd.conf.5
 #usr/share/man/man5/types.db.5
 #var/lib/collectd
+var/ipfire/ovpn/collectd.vpn

diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index eaf1af6ed8812879f6b33ca9bcfaf6d0b00db52a..f6cbb61efd1e8f5468dbbb785905732cb1f78634 100644 (file)
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -52,6 +52,7 @@ var/ipfire/extrahd
 var/ipfire/firewall
 #var/ipfire/firewall/config
 #var/ipfire/firewall/dmz
+#var/ipfire/firewall/geoipblock
 #var/ipfire/firewall/input
 #var/ipfire/firewall/nat
 #var/ipfire/firewall/outgoing
@@ -59,6 +60,7 @@ var/ipfire/firewall
 #var/ipfire/firewall/settings
 var/ipfire/fwhosts
 #var/ipfire/fwhosts/customgroups
+#var/ipfire/fwhosts/customgeoipgrp
 #var/ipfire/fwhosts/customhosts
 #var/ipfire/fwhosts/customnetworks
 #var/ipfire/fwhosts/customservicegrp
@@ -69,6 +71,7 @@ var/ipfire/fwlogs
 #var/ipfire/fwlogs/ipsettings
 #var/ipfire/fwlogs/portsettings
 var/ipfire/general-functions.pl
+var/ipfire/geoip-functions.pl
 var/ipfire/graphs.pl
 var/ipfire/header.pl
 var/ipfire/isdn

diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl
index c5567519b6d3d764e2fcdc8f3c1620895ef6e853..af32dfa6a13243921c0011a0e849e10c8fe0b8fc 100644 (file)
--- a/config/rootfiles/common/curl
+++ b/config/rootfiles/common/curl
@@ -10,7 +10,6 @@ usr/bin/curl
 #usr/include/curl/multi.h
 #usr/include/curl/stdcheaders.h
 #usr/include/curl/typecheck-gcc.h
-#usr/include/curl/types.h
 #usr/lib/libcurl.a
 #usr/lib/libcurl.la
 usr/lib/libcurl.so
@@ -18,9 +17,233 @@ usr/lib/libcurl.so.3
 usr/lib/libcurl.so.4
 usr/lib/libcurl.so.4.3.0
 #usr/lib/pkgconfig/libcurl.pc
+#usr/share/aclocal/libcurl.m4
 #usr/share/man/man1/curl-config.1
 #usr/share/man/man1/curl.1
-#usr/share/man/man1/mk-ca-bundle.1
+#usr/share/man/man3/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3
+#usr/share/man/man3/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3
+#usr/share/man/man3/CURLMOPT_MAXCONNECTS.3
+#usr/share/man/man3/CURLMOPT_MAX_HOST_CONNECTIONS.3
+#usr/share/man/man3/CURLMOPT_MAX_PIPELINE_LENGTH.3
+#usr/share/man/man3/CURLMOPT_MAX_TOTAL_CONNECTIONS.3
+#usr/share/man/man3/CURLMOPT_PIPELINING.3
+#usr/share/man/man3/CURLMOPT_PIPELINING_SERVER_BL.3
+#usr/share/man/man3/CURLMOPT_PIPELINING_SITE_BL.3
+#usr/share/man/man3/CURLMOPT_SOCKETDATA.3
+#usr/share/man/man3/CURLMOPT_SOCKETFUNCTION.3
+#usr/share/man/man3/CURLMOPT_TIMERDATA.3
+#usr/share/man/man3/CURLMOPT_TIMERFUNCTION.3
+#usr/share/man/man3/CURLOPT_ACCEPTTIMEOUT_MS.3
+#usr/share/man/man3/CURLOPT_ACCEPT_ENCODING.3
+#usr/share/man/man3/CURLOPT_ADDRESS_SCOPE.3
+#usr/share/man/man3/CURLOPT_APPEND.3
+#usr/share/man/man3/CURLOPT_AUTOREFERER.3
+#usr/share/man/man3/CURLOPT_BUFFERSIZE.3
+#usr/share/man/man3/CURLOPT_CAINFO.3
+#usr/share/man/man3/CURLOPT_CAPATH.3
+#usr/share/man/man3/CURLOPT_CERTINFO.3
+#usr/share/man/man3/CURLOPT_CHUNK_BGN_FUNCTION.3
+#usr/share/man/man3/CURLOPT_CHUNK_DATA.3
+#usr/share/man/man3/CURLOPT_CHUNK_END_FUNCTION.3
+#usr/share/man/man3/CURLOPT_CLOSESOCKETDATA.3
+#usr/share/man/man3/CURLOPT_CLOSESOCKETFUNCTION.3
+#usr/share/man/man3/CURLOPT_CONNECTTIMEOUT.3
+#usr/share/man/man3/CURLOPT_CONNECTTIMEOUT_MS.3
+#usr/share/man/man3/CURLOPT_CONNECT_ONLY.3
+#usr/share/man/man3/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3
+#usr/share/man/man3/CURLOPT_CONV_FROM_UTF8_FUNCTION.3
+#usr/share/man/man3/CURLOPT_CONV_TO_NETWORK_FUNCTION.3
+#usr/share/man/man3/CURLOPT_COOKIE.3
+#usr/share/man/man3/CURLOPT_COOKIEFILE.3
+#usr/share/man/man3/CURLOPT_COOKIEJAR.3
+#usr/share/man/man3/CURLOPT_COOKIELIST.3
+#usr/share/man/man3/CURLOPT_COOKIESESSION.3
+#usr/share/man/man3/CURLOPT_COPYPOSTFIELDS.3
+#usr/share/man/man3/CURLOPT_CRLF.3
+#usr/share/man/man3/CURLOPT_CRLFILE.3
+#usr/share/man/man3/CURLOPT_CUSTOMREQUEST.3
+#usr/share/man/man3/CURLOPT_DEBUGDATA.3
+#usr/share/man/man3/CURLOPT_DEBUGFUNCTION.3
+#usr/share/man/man3/CURLOPT_DIRLISTONLY.3
+#usr/share/man/man3/CURLOPT_DNS_CACHE_TIMEOUT.3
+#usr/share/man/man3/CURLOPT_DNS_INTERFACE.3
+#usr/share/man/man3/CURLOPT_DNS_LOCAL_IP4.3
+#usr/share/man/man3/CURLOPT_DNS_LOCAL_IP6.3
+#usr/share/man/man3/CURLOPT_DNS_SERVERS.3
+#usr/share/man/man3/CURLOPT_DNS_USE_GLOBAL_CACHE.3
+#usr/share/man/man3/CURLOPT_EGDSOCKET.3
+#usr/share/man/man3/CURLOPT_ERRORBUFFER.3
+#usr/share/man/man3/CURLOPT_EXPECT_100_TIMEOUT_MS.3
+#usr/share/man/man3/CURLOPT_FAILONERROR.3
+#usr/share/man/man3/CURLOPT_FILETIME.3
+#usr/share/man/man3/CURLOPT_FNMATCH_DATA.3
+#usr/share/man/man3/CURLOPT_FNMATCH_FUNCTION.3
+#usr/share/man/man3/CURLOPT_FOLLOWLOCATION.3
+#usr/share/man/man3/CURLOPT_FORBID_REUSE.3
+#usr/share/man/man3/CURLOPT_FRESH_CONNECT.3
+#usr/share/man/man3/CURLOPT_FTPPORT.3
+#usr/share/man/man3/CURLOPT_FTPSSLAUTH.3
+#usr/share/man/man3/CURLOPT_FTP_ACCOUNT.3
+#usr/share/man/man3/CURLOPT_FTP_ALTERNATIVE_TO_USER.3
+#usr/share/man/man3/CURLOPT_FTP_CREATE_MISSING_DIRS.3
+#usr/share/man/man3/CURLOPT_FTP_FILEMETHOD.3
+#usr/share/man/man3/CURLOPT_FTP_RESPONSE_TIMEOUT.3
+#usr/share/man/man3/CURLOPT_FTP_SKIP_PASV_IP.3
+#usr/share/man/man3/CURLOPT_FTP_SSL_CCC.3
+#usr/share/man/man3/CURLOPT_FTP_USE_EPRT.3
+#usr/share/man/man3/CURLOPT_FTP_USE_EPSV.3
+#usr/share/man/man3/CURLOPT_FTP_USE_PRET.3
+#usr/share/man/man3/CURLOPT_GSSAPI_DELEGATION.3
+#usr/share/man/man3/CURLOPT_HEADER.3
+#usr/share/man/man3/CURLOPT_HEADERDATA.3
+#usr/share/man/man3/CURLOPT_HEADERFUNCTION.3
+#usr/share/man/man3/CURLOPT_HEADEROPT.3
+#usr/share/man/man3/CURLOPT_HTTP200ALIASES.3
+#usr/share/man/man3/CURLOPT_HTTPAUTH.3
+#usr/share/man/man3/CURLOPT_HTTPGET.3
+#usr/share/man/man3/CURLOPT_HTTPHEADER.3
+#usr/share/man/man3/CURLOPT_HTTPPOST.3
+#usr/share/man/man3/CURLOPT_HTTPPROXYTUNNEL.3
+#usr/share/man/man3/CURLOPT_HTTP_CONTENT_DECODING.3
+#usr/share/man/man3/CURLOPT_HTTP_TRANSFER_DECODING.3
+#usr/share/man/man3/CURLOPT_HTTP_VERSION.3
+#usr/share/man/man3/CURLOPT_IGNORE_CONTENT_LENGTH.3
+#usr/share/man/man3/CURLOPT_INFILESIZE.3
+#usr/share/man/man3/CURLOPT_INFILESIZE_LARGE.3
+#usr/share/man/man3/CURLOPT_INTERFACE.3
+#usr/share/man/man3/CURLOPT_INTERLEAVEDATA.3
+#usr/share/man/man3/CURLOPT_INTERLEAVEFUNCTION.3
+#usr/share/man/man3/CURLOPT_IOCTLDATA.3
+#usr/share/man/man3/CURLOPT_IOCTLFUNCTION.3
+#usr/share/man/man3/CURLOPT_IPRESOLVE.3
+#usr/share/man/man3/CURLOPT_ISSUERCERT.3
+#usr/share/man/man3/CURLOPT_KEYPASSWD.3
+#usr/share/man/man3/CURLOPT_KRBLEVEL.3
+#usr/share/man/man3/CURLOPT_LOCALPORT.3
+#usr/share/man/man3/CURLOPT_LOCALPORTRANGE.3
+#usr/share/man/man3/CURLOPT_LOGIN_OPTIONS.3
+#usr/share/man/man3/CURLOPT_LOW_SPEED_LIMIT.3
+#usr/share/man/man3/CURLOPT_LOW_SPEED_TIME.3
+#usr/share/man/man3/CURLOPT_MAIL_AUTH.3
+#usr/share/man/man3/CURLOPT_MAIL_FROM.3
+#usr/share/man/man3/CURLOPT_MAIL_RCPT.3
+#usr/share/man/man3/CURLOPT_MAXCONNECTS.3
+#usr/share/man/man3/CURLOPT_MAXFILESIZE.3
+#usr/share/man/man3/CURLOPT_MAXFILESIZE_LARGE.3
+#usr/share/man/man3/CURLOPT_MAXREDIRS.3
+#usr/share/man/man3/CURLOPT_MAX_RECV_SPEED_LARGE.3
+#usr/share/man/man3/CURLOPT_MAX_SEND_SPEED_LARGE.3
+#usr/share/man/man3/CURLOPT_NETRC.3
+#usr/share/man/man3/CURLOPT_NETRC_FILE.3
+#usr/share/man/man3/CURLOPT_NEW_DIRECTORY_PERMS.3
+#usr/share/man/man3/CURLOPT_NEW_FILE_PERMS.3
+#usr/share/man/man3/CURLOPT_NOBODY.3
+#usr/share/man/man3/CURLOPT_NOPROGRESS.3
+#usr/share/man/man3/CURLOPT_NOPROXY.3
+#usr/share/man/man3/CURLOPT_NOSIGNAL.3
+#usr/share/man/man3/CURLOPT_OPENSOCKETDATA.3
+#usr/share/man/man3/CURLOPT_OPENSOCKETFUNCTION.3
+#usr/share/man/man3/CURLOPT_PASSWORD.3
+#usr/share/man/man3/CURLOPT_PORT.3
+#usr/share/man/man3/CURLOPT_POST.3
+#usr/share/man/man3/CURLOPT_POSTFIELDS.3
+#usr/share/man/man3/CURLOPT_POSTFIELDSIZE.3
+#usr/share/man/man3/CURLOPT_POSTFIELDSIZE_LARGE.3
+#usr/share/man/man3/CURLOPT_POSTQUOTE.3
+#usr/share/man/man3/CURLOPT_POSTREDIR.3
+#usr/share/man/man3/CURLOPT_PREQUOTE.3
+#usr/share/man/man3/CURLOPT_PRIVATE.3
+#usr/share/man/man3/CURLOPT_PROGRESSDATA.3
+#usr/share/man/man3/CURLOPT_PROGRESSFUNCTION.3
+#usr/share/man/man3/CURLOPT_PROTOCOLS.3
+#usr/share/man/man3/CURLOPT_PROXY.3
+#usr/share/man/man3/CURLOPT_PROXYAUTH.3
+#usr/share/man/man3/CURLOPT_PROXYHEADER.3
+#usr/share/man/man3/CURLOPT_PROXYPASSWORD.3
+#usr/share/man/man3/CURLOPT_PROXYPORT.3
+#usr/share/man/man3/CURLOPT_PROXYTYPE.3
+#usr/share/man/man3/CURLOPT_PROXYUSERNAME.3
+#usr/share/man/man3/CURLOPT_PROXYUSERPWD.3
+#usr/share/man/man3/CURLOPT_PROXY_TRANSFER_MODE.3
+#usr/share/man/man3/CURLOPT_PUT.3
+#usr/share/man/man3/CURLOPT_QUOTE.3
+#usr/share/man/man3/CURLOPT_RANDOM_FILE.3
+#usr/share/man/man3/CURLOPT_RANGE.3
+#usr/share/man/man3/CURLOPT_READDATA.3
+#usr/share/man/man3/CURLOPT_READFUNCTION.3
+#usr/share/man/man3/CURLOPT_REDIR_PROTOCOLS.3
+#usr/share/man/man3/CURLOPT_REFERER.3
+#usr/share/man/man3/CURLOPT_RESOLVE.3
+#usr/share/man/man3/CURLOPT_RESUME_FROM.3
+#usr/share/man/man3/CURLOPT_RESUME_FROM_LARGE.3
+#usr/share/man/man3/CURLOPT_RTSP_CLIENT_CSEQ.3
+#usr/share/man/man3/CURLOPT_RTSP_REQUEST.3
+#usr/share/man/man3/CURLOPT_RTSP_SERVER_CSEQ.3
+#usr/share/man/man3/CURLOPT_RTSP_SESSION_ID.3
+#usr/share/man/man3/CURLOPT_RTSP_STREAM_URI.3
+#usr/share/man/man3/CURLOPT_RTSP_TRANSPORT.3
+#usr/share/man/man3/CURLOPT_SASL_IR.3
+#usr/share/man/man3/CURLOPT_SEEKDATA.3
+#usr/share/man/man3/CURLOPT_SEEKFUNCTION.3
+#usr/share/man/man3/CURLOPT_SHARE.3
+#usr/share/man/man3/CURLOPT_SOCKOPTDATA.3
+#usr/share/man/man3/CURLOPT_SOCKOPTFUNCTION.3
+#usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_NEC.3
+#usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3
+#usr/share/man/man3/CURLOPT_SSH_AUTH_TYPES.3
+#usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3
+#usr/share/man/man3/CURLOPT_SSH_KEYDATA.3
+#usr/share/man/man3/CURLOPT_SSH_KEYFUNCTION.3
+#usr/share/man/man3/CURLOPT_SSH_KNOWNHOSTS.3
+#usr/share/man/man3/CURLOPT_SSH_PRIVATE_KEYFILE.3
+#usr/share/man/man3/CURLOPT_SSH_PUBLIC_KEYFILE.3
+#usr/share/man/man3/CURLOPT_SSLCERT.3
+#usr/share/man/man3/CURLOPT_SSLCERTTYPE.3
+#usr/share/man/man3/CURLOPT_SSLENGINE.3
+#usr/share/man/man3/CURLOPT_SSLENGINE_DEFAULT.3
+#usr/share/man/man3/CURLOPT_SSLKEY.3
+#usr/share/man/man3/CURLOPT_SSLKEYTYPE.3
+#usr/share/man/man3/CURLOPT_SSLVERSION.3
+#usr/share/man/man3/CURLOPT_SSL_CIPHER_LIST.3
+#usr/share/man/man3/CURLOPT_SSL_CTX_DATA.3
+#usr/share/man/man3/CURLOPT_SSL_CTX_FUNCTION.3
+#usr/share/man/man3/CURLOPT_SSL_ENABLE_ALPN.3
+#usr/share/man/man3/CURLOPT_SSL_ENABLE_NPN.3
+#usr/share/man/man3/CURLOPT_SSL_OPTIONS.3
+#usr/share/man/man3/CURLOPT_SSL_SESSIONID_CACHE.3
+#usr/share/man/man3/CURLOPT_SSL_VERIFYHOST.3
+#usr/share/man/man3/CURLOPT_SSL_VERIFYPEER.3
+#usr/share/man/man3/CURLOPT_STDERR.3
+#usr/share/man/man3/CURLOPT_TCP_KEEPALIVE.3
+#usr/share/man/man3/CURLOPT_TCP_KEEPIDLE.3
+#usr/share/man/man3/CURLOPT_TCP_KEEPINTVL.3
+#usr/share/man/man3/CURLOPT_TCP_NODELAY.3
+#usr/share/man/man3/CURLOPT_TELNETOPTIONS.3
+#usr/share/man/man3/CURLOPT_TFTP_BLKSIZE.3
+#usr/share/man/man3/CURLOPT_TIMECONDITION.3
+#usr/share/man/man3/CURLOPT_TIMEOUT.3
+#usr/share/man/man3/CURLOPT_TIMEOUT_MS.3
+#usr/share/man/man3/CURLOPT_TIMEVALUE.3
+#usr/share/man/man3/CURLOPT_TLSAUTH_PASSWORD.3
+#usr/share/man/man3/CURLOPT_TLSAUTH_TYPE.3
+#usr/share/man/man3/CURLOPT_TLSAUTH_USERNAME.3
+#usr/share/man/man3/CURLOPT_TRANSFERTEXT.3
+#usr/share/man/man3/CURLOPT_TRANSFER_ENCODING.3
+#usr/share/man/man3/CURLOPT_UNIX_SOCKET_PATH.3
+#usr/share/man/man3/CURLOPT_UNRESTRICTED_AUTH.3
+#usr/share/man/man3/CURLOPT_UPLOAD.3
+#usr/share/man/man3/CURLOPT_URL.3
+#usr/share/man/man3/CURLOPT_USERAGENT.3
+#usr/share/man/man3/CURLOPT_USERNAME.3
+#usr/share/man/man3/CURLOPT_USERPWD.3
+#usr/share/man/man3/CURLOPT_USE_SSL.3
+#usr/share/man/man3/CURLOPT_VERBOSE.3
+#usr/share/man/man3/CURLOPT_WILDCARDMATCH.3
+#usr/share/man/man3/CURLOPT_WRITEDATA.3
+#usr/share/man/man3/CURLOPT_WRITEFUNCTION.3
+#usr/share/man/man3/CURLOPT_XFERINFODATA.3
+#usr/share/man/man3/CURLOPT_XFERINFOFUNCTION.3
+#usr/share/man/man3/CURLOPT_XOAUTH2_BEARER.3
 #usr/share/man/man3/curl_easy_cleanup.3
 #usr/share/man/man3/curl_easy_duphandle.3
 #usr/share/man/man3/curl_easy_escape.3

diff --git a/config/rootfiles/common/cyrus-sasl b/config/rootfiles/common/cyrus-sasl
index 08a732182b60f04d9793a8602bf391d412380313..7934c1cf9827c20263ccd74a1d234d39935ca639 100644 (file)
--- a/config/rootfiles/common/cyrus-sasl
+++ b/config/rootfiles/common/cyrus-sasl
@@ -1,4 +1,3 @@
-etc/rc.d/init.d/cyrus-sasl
 #usr/include/sasl
 #usr/include/sasl/hmac-md5.h
 #usr/include/sasl/md5.h
@@ -9,39 +8,44 @@ etc/rc.d/init.d/cyrus-sasl
 #usr/include/sasl/saslutil.h
 #usr/lib/libsasl2.la
 usr/lib/libsasl2.so
-usr/lib/libsasl2.so.2
-usr/lib/libsasl2.so.2.0.21
+usr/lib/libsasl2.so.3
+usr/lib/libsasl2.so.3.0.0
+#usr/lib/pkgconfig/libsasl2.pc
 #usr/lib/sasl2
 #usr/lib/sasl2/libanonymous.la
 usr/lib/sasl2/libanonymous.so
-usr/lib/sasl2/libanonymous.so.2
-usr/lib/sasl2/libanonymous.so.2.0.21
+usr/lib/sasl2/libanonymous.so.3
+usr/lib/sasl2/libanonymous.so.3.0.0
 #usr/lib/sasl2/libcrammd5.la
 usr/lib/sasl2/libcrammd5.so
-usr/lib/sasl2/libcrammd5.so.2
-usr/lib/sasl2/libcrammd5.so.2.0.21
+usr/lib/sasl2/libcrammd5.so.3
+usr/lib/sasl2/libcrammd5.so.3.0.0
 #usr/lib/sasl2/libdigestmd5.la
 usr/lib/sasl2/libdigestmd5.so
-usr/lib/sasl2/libdigestmd5.so.2
-usr/lib/sasl2/libdigestmd5.so.2.0.21
+usr/lib/sasl2/libdigestmd5.so.3
+usr/lib/sasl2/libdigestmd5.so.3.0.0
 #usr/lib/sasl2/libotp.la
 usr/lib/sasl2/libotp.so
-usr/lib/sasl2/libotp.so.2
-usr/lib/sasl2/libotp.so.2.0.21
+usr/lib/sasl2/libotp.so.3
+usr/lib/sasl2/libotp.so.3.0.0
 #usr/lib/sasl2/libplain.la
 usr/lib/sasl2/libplain.so
-usr/lib/sasl2/libplain.so.2
-usr/lib/sasl2/libplain.so.2.0.21
+usr/lib/sasl2/libplain.so.3
+usr/lib/sasl2/libplain.so.3.0.0
 #usr/lib/sasl2/libsasldb.la
 usr/lib/sasl2/libsasldb.so
-usr/lib/sasl2/libsasldb.so.2
-usr/lib/sasl2/libsasldb.so.2.0.21
+usr/lib/sasl2/libsasldb.so.3
+usr/lib/sasl2/libsasldb.so.3.0.0
+#usr/lib/sasl2/libscram.la
+usr/lib/sasl2/libscram.so
+usr/lib/sasl2/libscram.so.3
+usr/lib/sasl2/libscram.so.3.0.0
 usr/lib/sasl2/smtpd.conf
-#usr/man/cat8
-#usr/man/cat8/saslauthd.8
+usr/sbin/pluginviewer
 usr/sbin/saslauthd
 usr/sbin/sasldblistusers2
 usr/sbin/saslpasswd2
+usr/sbin/testsaslauthd
 #usr/share/man/man3/sasl.3
 #usr/share/man/man3/sasl_authorize_t.3
 #usr/share/man/man3/sasl_auxprop.3
@@ -64,6 +68,7 @@ usr/sbin/saslpasswd2
 #usr/share/man/man3/sasl_errdetail.3
 #usr/share/man/man3/sasl_errors.3
 #usr/share/man/man3/sasl_errstring.3
+#usr/share/man/man3/sasl_getconfpath_t.3
 #usr/share/man/man3/sasl_getopt_t.3
 #usr/share/man/man3/sasl_getpath_t.3
 #usr/share/man/man3/sasl_getprop.3
@@ -84,6 +89,9 @@ usr/sbin/saslpasswd2
 #usr/share/man/man3/sasl_setprop.3
 #usr/share/man/man3/sasl_user_exists.3
 #usr/share/man/man3/sasl_verifyfile_t.3
+#usr/share/man/man8/pluginviewer.8
+#usr/share/man/man8/saslauthd.8
 #usr/share/man/man8/sasldblistusers2.8
 #usr/share/man/man8/saslpasswd2.8
 var/lib/sasl
+etc/rc.d/init.d/cyrus-sasl

diff --git a/config/rootfiles/common/dhcp b/config/rootfiles/common/dhcp
index 2c2cfeeb386de7b51520619a241b3947440b1995..ff225a5714b1cd34b032de240a7910d3fdf3427d 100644 (file)
--- a/config/rootfiles/common/dhcp
+++ b/config/rootfiles/common/dhcp
@@ -1,6 +1,7 @@
 #etc/dhcp
-#etc/dhcp/dhclient.conf
+#etc/dhcp/dhclient.conf.example
 etc/dhcp/dhcpd.conf
+#etc/dhcp/dhcpd.conf.example
 #usr/bin/omshell
 #usr/include/dhcpctl
 #usr/include/dhcpctl/dhcpctl.h

diff --git a/config/rootfiles/common/dhcpcd b/config/rootfiles/common/dhcpcd
index 3f62fc65599fef4f031eb7d02c76e48d9a9b8e75..ffbe04ae4d5ec0e6a2468355a10b662d907f5c35 100644 (file)
--- a/config/rootfiles/common/dhcpcd
+++ b/config/rootfiles/common/dhcpcd
@@ -1,3 +1,6 @@
+#lib/dhcpcd
+#lib/dhcpcd/dev
+#lib/dhcpcd/dev/udev.so
 sbin/dhcpcd
 #usr/share/man/man5/dhcpcd.conf.5
 #usr/share/man/man8/dhcpcd-run-hooks.8
@@ -6,6 +9,8 @@ var/ipfire/dhcpc/dhcpcd-hooks
 #var/ipfire/dhcpc/dhcpcd-hooks/01-test
 #var/ipfire/dhcpc/dhcpcd-hooks/02-dump
 #var/ipfire/dhcpc/dhcpcd-hooks/10-mtu
+#var/ipfire/dhcpc/dhcpcd-hooks/10-wpa_supplicant
+#var/ipfire/dhcpc/dhcpcd-hooks/15-timezone
 #var/ipfire/dhcpc/dhcpcd-hooks/29-lookup-hostname
 #var/ipfire/dhcpc/dhcpcd-hooks/30-hostname
 #var/ipfire/dhcpc/dhcpcd-hooks/70-dhcpcd.exe

diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 17081c415f165edb179416e60b2412f284fcbcc0..aaa8265cc3b923497e7599dc78757b9919756169 100644 (file)
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -5,10 +5,11 @@
 #usr/lib/libexpat.la
 usr/lib/libexpat.so
 usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.5.0
-#usr/man/man1/xmlwf.1
-#usr/share/doc/expat-2.0.0
-#usr/share/doc/expat-2.0.0/expat.png
-#usr/share/doc/expat-2.0.0/reference.html
-#usr/share/doc/expat-2.0.0/style.css
-#usr/share/doc/expat-2.0.0/valid-xhtml10.png
+usr/lib/libexpat.so.1.6.0
+#usr/lib/pkgconfig/expat.pc
+#usr/share/doc/expat-2.1.0
+#usr/share/doc/expat-2.1.0/expat.png
+#usr/share/doc/expat-2.1.0/reference.html
+#usr/share/doc/expat-2.1.0/style.css
+#usr/share/doc/expat-2.1.0/valid-xhtml10.png
+#usr/share/man/man1/xmlwf.1

diff --git a/config/rootfiles/common/flag-icons b/config/rootfiles/common/flag-icons
new file mode 100644 (file)
index 0000000..eee2c0c
--- /dev/null
+++ b/config/rootfiles/common/flag-icons
@@ -0,0 +1,243 @@
+srv/web/ipfire/html/images/flags
+#srv/web/ipfire/html/images/flags/AD.png
+#srv/web/ipfire/html/images/flags/AE.png
+#srv/web/ipfire/html/images/flags/AF.png
+#srv/web/ipfire/html/images/flags/AG.png
+#srv/web/ipfire/html/images/flags/AI.png
+#srv/web/ipfire/html/images/flags/AL.png
+#srv/web/ipfire/html/images/flags/AM.png
+#srv/web/ipfire/html/images/flags/AN.png
+#srv/web/ipfire/html/images/flags/AO.png
+#srv/web/ipfire/html/images/flags/AQ.png
+#srv/web/ipfire/html/images/flags/AR.png
+#srv/web/ipfire/html/images/flags/AS.png
+#srv/web/ipfire/html/images/flags/AT.png
+#srv/web/ipfire/html/images/flags/AU.png
+#srv/web/ipfire/html/images/flags/AW.png
+#srv/web/ipfire/html/images/flags/AX.png
+#srv/web/ipfire/html/images/flags/AZ.png
+#srv/web/ipfire/html/images/flags/BA.png
+#srv/web/ipfire/html/images/flags/BB.png
+#srv/web/ipfire/html/images/flags/BD.png
+#srv/web/ipfire/html/images/flags/BE.png
+#srv/web/ipfire/html/images/flags/BF.png
+#srv/web/ipfire/html/images/flags/BG.png
+#srv/web/ipfire/html/images/flags/BH.png
+#srv/web/ipfire/html/images/flags/BI.png
+#srv/web/ipfire/html/images/flags/BJ.png
+#srv/web/ipfire/html/images/flags/BL.png
+#srv/web/ipfire/html/images/flags/BM.png
+#srv/web/ipfire/html/images/flags/BN.png
+#srv/web/ipfire/html/images/flags/BO.png
+#srv/web/ipfire/html/images/flags/BR.png
+#srv/web/ipfire/html/images/flags/BS.png
+#srv/web/ipfire/html/images/flags/BT.png
+#srv/web/ipfire/html/images/flags/BW.png
+#srv/web/ipfire/html/images/flags/BY.png
+#srv/web/ipfire/html/images/flags/BZ.png
+#srv/web/ipfire/html/images/flags/CA.png
+#srv/web/ipfire/html/images/flags/CC.png
+#srv/web/ipfire/html/images/flags/CD.png
+#srv/web/ipfire/html/images/flags/CF.png
+#srv/web/ipfire/html/images/flags/CG.png
+#srv/web/ipfire/html/images/flags/CH.png
+#srv/web/ipfire/html/images/flags/CI.png
+#srv/web/ipfire/html/images/flags/CK.png
+#srv/web/ipfire/html/images/flags/CL.png
+#srv/web/ipfire/html/images/flags/CM.png
+#srv/web/ipfire/html/images/flags/CN.png
+#srv/web/ipfire/html/images/flags/CO.png
+#srv/web/ipfire/html/images/flags/CR.png
+#srv/web/ipfire/html/images/flags/CU.png
+#srv/web/ipfire/html/images/flags/CV.png
+#srv/web/ipfire/html/images/flags/CW.png
+#srv/web/ipfire/html/images/flags/CX.png
+#srv/web/ipfire/html/images/flags/CY.png
+#srv/web/ipfire/html/images/flags/CZ.png
+#srv/web/ipfire/html/images/flags/DE.png
+#srv/web/ipfire/html/images/flags/DJ.png
+#srv/web/ipfire/html/images/flags/DK.png
+#srv/web/ipfire/html/images/flags/DM.png
+#srv/web/ipfire/html/images/flags/DO.png
+#srv/web/ipfire/html/images/flags/DZ.png
+#srv/web/ipfire/html/images/flags/EC.png
+#srv/web/ipfire/html/images/flags/EE.png
+#srv/web/ipfire/html/images/flags/EG.png
+#srv/web/ipfire/html/images/flags/EH.png
+#srv/web/ipfire/html/images/flags/ER.png
+#srv/web/ipfire/html/images/flags/ES.png
+#srv/web/ipfire/html/images/flags/ET.png
+#srv/web/ipfire/html/images/flags/EU.png
+#srv/web/ipfire/html/images/flags/FI.png
+#srv/web/ipfire/html/images/flags/FJ.png
+#srv/web/ipfire/html/images/flags/FK.png
+#srv/web/ipfire/html/images/flags/FM.png
+#srv/web/ipfire/html/images/flags/FO.png
+#srv/web/ipfire/html/images/flags/FR.png
+#srv/web/ipfire/html/images/flags/GA.png
+#srv/web/ipfire/html/images/flags/GB.png
+#srv/web/ipfire/html/images/flags/GD.png
+#srv/web/ipfire/html/images/flags/GE.png
+#srv/web/ipfire/html/images/flags/GG.png
+#srv/web/ipfire/html/images/flags/GH.png
+#srv/web/ipfire/html/images/flags/GI.png
+#srv/web/ipfire/html/images/flags/GL.png
+#srv/web/ipfire/html/images/flags/GM.png
+#srv/web/ipfire/html/images/flags/GN.png
+#srv/web/ipfire/html/images/flags/GQ.png
+#srv/web/ipfire/html/images/flags/GR.png
+#srv/web/ipfire/html/images/flags/GS.png
+#srv/web/ipfire/html/images/flags/GT.png
+#srv/web/ipfire/html/images/flags/GU.png
+#srv/web/ipfire/html/images/flags/GW.png
+#srv/web/ipfire/html/images/flags/GY.png
+#srv/web/ipfire/html/images/flags/HK.png
+#srv/web/ipfire/html/images/flags/HN.png
+#srv/web/ipfire/html/images/flags/HR.png
+#srv/web/ipfire/html/images/flags/HT.png
+#srv/web/ipfire/html/images/flags/HU.png
+#srv/web/ipfire/html/images/flags/IC.png
+#srv/web/ipfire/html/images/flags/ID.png
+#srv/web/ipfire/html/images/flags/IE.png
+#srv/web/ipfire/html/images/flags/IL.png
+#srv/web/ipfire/html/images/flags/IM.png
+#srv/web/ipfire/html/images/flags/IN.png
+#srv/web/ipfire/html/images/flags/IQ.png
+#srv/web/ipfire/html/images/flags/IR.png
+#srv/web/ipfire/html/images/flags/IS.png
+#srv/web/ipfire/html/images/flags/IT.png
+#srv/web/ipfire/html/images/flags/JE.png
+#srv/web/ipfire/html/images/flags/JM.png
+#srv/web/ipfire/html/images/flags/JO.png
+#srv/web/ipfire/html/images/flags/JP.png
+#srv/web/ipfire/html/images/flags/KE.png
+#srv/web/ipfire/html/images/flags/KG.png
+#srv/web/ipfire/html/images/flags/KH.png
+#srv/web/ipfire/html/images/flags/KI.png
+#srv/web/ipfire/html/images/flags/KM.png
+#srv/web/ipfire/html/images/flags/KN.png
+#srv/web/ipfire/html/images/flags/KP.png
+#srv/web/ipfire/html/images/flags/KR.png
+#srv/web/ipfire/html/images/flags/KW.png
+#srv/web/ipfire/html/images/flags/KY.png
+#srv/web/ipfire/html/images/flags/KZ.png
+#srv/web/ipfire/html/images/flags/LA.png
+#srv/web/ipfire/html/images/flags/LB.png
+#srv/web/ipfire/html/images/flags/LC.png
+#srv/web/ipfire/html/images/flags/LI.png
+#srv/web/ipfire/html/images/flags/LK.png
+#srv/web/ipfire/html/images/flags/LR.png
+#srv/web/ipfire/html/images/flags/LS.png
+#srv/web/ipfire/html/images/flags/LT.png
+#srv/web/ipfire/html/images/flags/LU.png
+#srv/web/ipfire/html/images/flags/LV.png
+#srv/web/ipfire/html/images/flags/LY.png
+#srv/web/ipfire/html/images/flags/MA.png
+#srv/web/ipfire/html/images/flags/MC.png
+#srv/web/ipfire/html/images/flags/MD.png
+#srv/web/ipfire/html/images/flags/ME.png
+#srv/web/ipfire/html/images/flags/MF.png
+#srv/web/ipfire/html/images/flags/MG.png
+#srv/web/ipfire/html/images/flags/MH.png
+#srv/web/ipfire/html/images/flags/MK.png
+#srv/web/ipfire/html/images/flags/ML.png
+#srv/web/ipfire/html/images/flags/MM.png
+#srv/web/ipfire/html/images/flags/MN.png
+#srv/web/ipfire/html/images/flags/MO.png
+#srv/web/ipfire/html/images/flags/MP.png
+#srv/web/ipfire/html/images/flags/MQ.png
+#srv/web/ipfire/html/images/flags/MR.png
+#srv/web/ipfire/html/images/flags/MS.png
+#srv/web/ipfire/html/images/flags/MT.png
+#srv/web/ipfire/html/images/flags/MU.png
+#srv/web/ipfire/html/images/flags/MV.png
+#srv/web/ipfire/html/images/flags/MW.png
+#srv/web/ipfire/html/images/flags/MX.png
+#srv/web/ipfire/html/images/flags/MY.png
+#srv/web/ipfire/html/images/flags/MZ.png
+#srv/web/ipfire/html/images/flags/NA.png
+#srv/web/ipfire/html/images/flags/NC.png
+#srv/web/ipfire/html/images/flags/NE.png
+#srv/web/ipfire/html/images/flags/NF.png
+#srv/web/ipfire/html/images/flags/NG.png
+#srv/web/ipfire/html/images/flags/NI.png
+#srv/web/ipfire/html/images/flags/NL.png
+#srv/web/ipfire/html/images/flags/NO.png
+#srv/web/ipfire/html/images/flags/NP.png
+#srv/web/ipfire/html/images/flags/NR.png
+#srv/web/ipfire/html/images/flags/NU.png
+#srv/web/ipfire/html/images/flags/NZ.png
+#srv/web/ipfire/html/images/flags/OM.png
+#srv/web/ipfire/html/images/flags/PA.png
+#srv/web/ipfire/html/images/flags/PE.png
+#srv/web/ipfire/html/images/flags/PF.png
+#srv/web/ipfire/html/images/flags/PG.png
+#srv/web/ipfire/html/images/flags/PH.png
+#srv/web/ipfire/html/images/flags/PK.png
+#srv/web/ipfire/html/images/flags/PL.png
+#srv/web/ipfire/html/images/flags/PN.png
+#srv/web/ipfire/html/images/flags/PR.png
+#srv/web/ipfire/html/images/flags/PS.png
+#srv/web/ipfire/html/images/flags/PT.png
+#srv/web/ipfire/html/images/flags/PW.png
+#srv/web/ipfire/html/images/flags/PY.png
+#srv/web/ipfire/html/images/flags/QA.png
+#srv/web/ipfire/html/images/flags/RO.png
+#srv/web/ipfire/html/images/flags/RS.png
+#srv/web/ipfire/html/images/flags/RU.png
+#srv/web/ipfire/html/images/flags/RW.png
+#srv/web/ipfire/html/images/flags/SA.png
+#srv/web/ipfire/html/images/flags/SB.png
+#srv/web/ipfire/html/images/flags/SC.png
+#srv/web/ipfire/html/images/flags/SD.png
+#srv/web/ipfire/html/images/flags/SE.png
+#srv/web/ipfire/html/images/flags/SG.png
+#srv/web/ipfire/html/images/flags/SH.png
+#srv/web/ipfire/html/images/flags/SI.png
+#srv/web/ipfire/html/images/flags/SK.png
+#srv/web/ipfire/html/images/flags/SL.png
+#srv/web/ipfire/html/images/flags/SM.png
+#srv/web/ipfire/html/images/flags/SN.png
+#srv/web/ipfire/html/images/flags/SO.png
+#srv/web/ipfire/html/images/flags/SR.png
+#srv/web/ipfire/html/images/flags/SS.png
+#srv/web/ipfire/html/images/flags/ST.png
+#srv/web/ipfire/html/images/flags/SV.png
+#srv/web/ipfire/html/images/flags/SY.png
+#srv/web/ipfire/html/images/flags/SZ.png
+#srv/web/ipfire/html/images/flags/TC.png
+#srv/web/ipfire/html/images/flags/TD.png
+#srv/web/ipfire/html/images/flags/TF.png
+#srv/web/ipfire/html/images/flags/TG.png
+#srv/web/ipfire/html/images/flags/TH.png
+#srv/web/ipfire/html/images/flags/TJ.png
+#srv/web/ipfire/html/images/flags/TK.png
+#srv/web/ipfire/html/images/flags/TL.png
+#srv/web/ipfire/html/images/flags/TM.png
+#srv/web/ipfire/html/images/flags/TN.png
+#srv/web/ipfire/html/images/flags/TO.png
+#srv/web/ipfire/html/images/flags/TR.png
+#srv/web/ipfire/html/images/flags/TT.png
+#srv/web/ipfire/html/images/flags/TV.png
+#srv/web/ipfire/html/images/flags/TW.png
+#srv/web/ipfire/html/images/flags/TZ.png
+#srv/web/ipfire/html/images/flags/UA.png
+#srv/web/ipfire/html/images/flags/UG.png
+#srv/web/ipfire/html/images/flags/US.png
+#srv/web/ipfire/html/images/flags/UY.png
+#srv/web/ipfire/html/images/flags/UZ.png
+#srv/web/ipfire/html/images/flags/VA.png
+#srv/web/ipfire/html/images/flags/VC.png
+#srv/web/ipfire/html/images/flags/VE.png
+#srv/web/ipfire/html/images/flags/VG.png
+#srv/web/ipfire/html/images/flags/VI.png
+#srv/web/ipfire/html/images/flags/VN.png
+#srv/web/ipfire/html/images/flags/VU.png
+#srv/web/ipfire/html/images/flags/WF.png
+#srv/web/ipfire/html/images/flags/WS.png
+#srv/web/ipfire/html/images/flags/YE.png
+#srv/web/ipfire/html/images/flags/YT.png
+#srv/web/ipfire/html/images/flags/ZA.png
+#srv/web/ipfire/html/images/flags/ZM.png
+#srv/web/ipfire/html/images/flags/ZW.png
+#srv/web/ipfire/html/images/flags/unknown.png

diff --git a/config/rootfiles/common/groff b/config/rootfiles/common/groff
index c27e5947e03a66b38fb32ccb6116482184ea0c8c..de5908498bc6458c268b846ec79daa9eea5e9f34 100644 (file)
--- a/config/rootfiles/common/groff
+++ b/config/rootfiles/common/groff
@@ -5,6 +5,9 @@
 #usr/bin/eqn2graph
 #usr/bin/gdiffmk
 #usr/bin/geqn
+#usr/bin/glilypond
+#usr/bin/gperl
+#usr/bin/gpinyin
 #usr/bin/grap2graph
 #usr/bin/grn
 #usr/bin/grodvi
@@ -13,6 +16,7 @@
 #usr/bin/grog
 #usr/bin/grolbp
 #usr/bin/grolj4
+#usr/bin/gropdf
 #usr/bin/grops
 #usr/bin/grotty
 #usr/bin/gtbl
@@ -23,6 +27,7 @@
 #usr/bin/mmroff
 #usr/bin/neqn
 #usr/bin/nroff
+#usr/bin/pdfmom
 #usr/bin/pdfroff
 #usr/bin/pfbtops
 #usr/bin/pic
@@ -42,482 +47,530 @@
 #usr/bin/tfmtodit
 #usr/bin/troff
 #usr/lib/groff
+#usr/lib/groff/glilypond
+#usr/lib/groff/glilypond/args.pl
+#usr/lib/groff/glilypond/oop_fh.pl
+#usr/lib/groff/glilypond/subs.pl
+#usr/lib/groff/gpinyin
+#usr/lib/groff/gpinyin/subs.pl
+#usr/lib/groff/groff_opts_no_arg.txt
+#usr/lib/groff/groff_opts_with_arg.txt
 #usr/lib/groff/groffer
-#usr/lib/groff/groffer/func.pl
+#usr/lib/groff/groffer/main_subs.pl
 #usr/lib/groff/groffer/man.pl
-#usr/lib/groff/groffer/perl_test.pl
 #usr/lib/groff/groffer/split_env.sh
+#usr/lib/groff/groffer/subs.pl
 #usr/lib/groff/groffer/version.sh
+#usr/lib/groff/grog
+#usr/lib/groff/grog/subs.pl
+#usr/lib/groff/refer
 #usr/lib/groff/site-tmac
-#usr/share/doc/groff-1.21
-#usr/share/doc/groff-1.21/examples
-#usr/share/doc/groff-1.21/examples/chem
-#usr/share/doc/groff-1.21/examples/chem/122
-#usr/share/doc/groff-1.21/examples/chem/122/README
-#usr/share/doc/groff-1.21/examples/chem/122/ch2a_ethyl.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch2b_benzene.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch2c_benzene_right.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4a_stick.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4b_methyl_acetate.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4c_colon.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4d_HCl.H2O.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4e_CaSO4.2H2O.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4f_C.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4g_BP.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4h_methacrylate.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4i_cyclo.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4j_ring4.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4k_ring3.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4l_vertex.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4m_double.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4n_triple.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4o_aromatic.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4p_cholestanol.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4q_rings.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4r_spiro.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4s_heteroatoms.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4t_polycyclic.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4u_nicotine.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4v_histidine.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4w_lsd.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4x_anisole.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4y_reserpine.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4z1_eqn_glutamic.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch4z2_text.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch5a_size.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch6a_pic.chem
-#usr/share/doc/groff-1.21/examples/chem/122/ch6b_dna.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chAa_polymer.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chAb_vinyl_chloro.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chAc_morphine.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chAd_chlorophyll.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chAe_chair.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chAf_arrow.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chAg_circle.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chAh_brackets.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chAi_poly_vinyl_chloride.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chBa_jump.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chBb_bonds.chem
-#usr/share/doc/groff-1.21/examples/chem/122/chBc_rings.chem
-#usr/share/doc/groff-1.21/examples/chem/README
-#usr/share/doc/groff-1.21/examples/chem/atp.chem
-#usr/share/doc/groff-1.21/examples/chem/cholesterin.chem
-#usr/share/doc/groff-1.21/examples/chem/ethamivan.chem
-#usr/share/doc/groff-1.21/examples/chem/lsd.chem
-#usr/share/doc/groff-1.21/examples/chem/morphine.chem
-#usr/share/doc/groff-1.21/examples/chem/penicillin.chem
-#usr/share/doc/groff-1.21/examples/chem/reserpine.chem
-#usr/share/doc/groff-1.21/examples/gnu.eps
-#usr/share/doc/groff-1.21/examples/grnexmpl.g
-#usr/share/doc/groff-1.21/examples/grnexmpl.me
-#usr/share/doc/groff-1.21/examples/grnexmpl.ps
-#usr/share/doc/groff-1.21/examples/groff.css
-#usr/share/doc/groff-1.21/examples/hdtbl
-#usr/share/doc/groff-1.21/examples/hdtbl/chess_board.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/chess_board.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/col_rowspan_colors.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/col_rowspan_colors.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/color_boxes.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/color_boxes.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/color_nested_tables.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/color_nested_tables.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/color_table_cells.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/color_table_cells.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/color_transitions.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/color_transitions.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/common.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/fonts_n.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/fonts_n.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/fonts_x.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/fonts_x.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/gnu.eps
-#usr/share/doc/groff-1.21/examples/hdtbl/mixed_pickles.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/mixed_pickles.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/rainbow.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/rainbow.roff
-#usr/share/doc/groff-1.21/examples/hdtbl/short_reference.ps
-#usr/share/doc/groff-1.21/examples/hdtbl/short_reference.roff
-#usr/share/doc/groff-1.21/examples/mom
-#usr/share/doc/groff-1.21/examples/mom/README.txt
-#usr/share/doc/groff-1.21/examples/mom/elvis_syntax
-#usr/share/doc/groff-1.21/examples/mom/elvis_syntax.new
-#usr/share/doc/groff-1.21/examples/mom/letter.mom
-#usr/share/doc/groff-1.21/examples/mom/letter.ps
-#usr/share/doc/groff-1.21/examples/mom/penguin.ps
-#usr/share/doc/groff-1.21/examples/mom/sample_docs.mom
-#usr/share/doc/groff-1.21/examples/mom/sample_docs.ps
-#usr/share/doc/groff-1.21/examples/mom/typesetting.mom
-#usr/share/doc/groff-1.21/examples/mom/typesetting.ps
-#usr/share/doc/groff-1.21/examples/webpage.ms
-#usr/share/doc/groff-1.21/examples/webpage.ps
-#usr/share/doc/groff-1.21/html
-#usr/share/doc/groff-1.21/html/mom
-#usr/share/doc/groff-1.21/html/mom/appendices.html
-#usr/share/doc/groff-1.21/html/mom/color.html
-#usr/share/doc/groff-1.21/html/mom/cover.html
-#usr/share/doc/groff-1.21/html/mom/definitions.html
-#usr/share/doc/groff-1.21/html/mom/docelement.html
-#usr/share/doc/groff-1.21/html/mom/docprocessing.html
-#usr/share/doc/groff-1.21/html/mom/goodies.html
-#usr/share/doc/groff-1.21/html/mom/graphical.html
-#usr/share/doc/groff-1.21/html/mom/headfootpage.html
-#usr/share/doc/groff-1.21/html/mom/images.html
-#usr/share/doc/groff-1.21/html/mom/inlines.html
-#usr/share/doc/groff-1.21/html/mom/intro.html
-#usr/share/doc/groff-1.21/html/mom/letters.html
-#usr/share/doc/groff-1.21/html/mom/macrolist.html
-#usr/share/doc/groff-1.21/html/mom/rectoverso.html
-#usr/share/doc/groff-1.21/html/mom/refer.html
-#usr/share/doc/groff-1.21/html/mom/reserved.html
-#usr/share/doc/groff-1.21/html/mom/stylesheet.css
-#usr/share/doc/groff-1.21/html/mom/tables-of-contents.html
-#usr/share/doc/groff-1.21/html/mom/toc.html
-#usr/share/doc/groff-1.21/html/mom/typesetting.html
-#usr/share/doc/groff-1.21/html/mom/using.html
-#usr/share/doc/groff-1.21/meintro.me
-#usr/share/doc/groff-1.21/meintro.ps
-#usr/share/doc/groff-1.21/meref.me
-#usr/share/doc/groff-1.21/meref.ps
-#usr/share/doc/groff-1.21/pic.ms
-#usr/share/doc/groff-1.21/pic.ps
+#usr/share/doc/groff-1.22.3
+#usr/share/doc/groff-1.22.3/examples
+#usr/share/doc/groff-1.22.3/examples/chem
+#usr/share/doc/groff-1.22.3/examples/chem/122
+#usr/share/doc/groff-1.22.3/examples/chem/122/README
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch2a_ethyl.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch2b_benzene.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch2c_benzene_right.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4a_stick.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4b_methyl_acetate.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4c_colon.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4d_HCl.H2O.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4e_CaSO4.2H2O.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4f_C.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4g_BP.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4h_methacrylate.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4i_cyclo.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4j_ring4.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4k_ring3.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4l_vertex.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4m_double.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4n_triple.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4o_aromatic.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4p_cholestanol.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4q_rings.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4r_spiro.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4s_heteroatoms.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4t_polycyclic.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4u_nicotine.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4v_histidine.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4w_lsd.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4x_anisole.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4y_reserpine.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4z1_eqn_glutamic.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch4z2_text.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch5a_size.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch6a_pic.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/ch6b_dna.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chAa_polymer.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chAb_vinyl_chloro.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chAc_morphine.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chAd_chlorophyll.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chAe_chair.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chAf_arrow.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chAg_circle.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chAh_brackets.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chAi_poly_vinyl_chloride.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chBa_jump.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chBb_bonds.chem
+#usr/share/doc/groff-1.22.3/examples/chem/122/chBc_rings.chem
+#usr/share/doc/groff-1.22.3/examples/chem/README
+#usr/share/doc/groff-1.22.3/examples/chem/atp.chem
+#usr/share/doc/groff-1.22.3/examples/chem/cholesterin.chem
+#usr/share/doc/groff-1.22.3/examples/chem/ethamivan.chem
+#usr/share/doc/groff-1.22.3/examples/chem/lsd.chem
+#usr/share/doc/groff-1.22.3/examples/chem/morphine.chem
+#usr/share/doc/groff-1.22.3/examples/chem/penicillin.chem
+#usr/share/doc/groff-1.22.3/examples/chem/reserpine.chem
+#usr/share/doc/groff-1.22.3/examples/gnu.eps
+#usr/share/doc/groff-1.22.3/examples/grnexmpl.g
+#usr/share/doc/groff-1.22.3/examples/grnexmpl.me
+#usr/share/doc/groff-1.22.3/examples/grnexmpl.ps
+#usr/share/doc/groff-1.22.3/examples/groff.css
+#usr/share/doc/groff-1.22.3/examples/hdtbl
+#usr/share/doc/groff-1.22.3/examples/hdtbl/chess_board.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/chess_board.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/col_rowspan_colors.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/col_rowspan_colors.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/color_boxes.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/color_boxes.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/color_nested_tables.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/color_nested_tables.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/color_table_cells.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/color_table_cells.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/color_transitions.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/color_transitions.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/common.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/fonts_n.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/fonts_n.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/fonts_x.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/fonts_x.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/gnu.eps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/mixed_pickles.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/mixed_pickles.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/rainbow.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/rainbow.roff
+#usr/share/doc/groff-1.22.3/examples/hdtbl/short_reference.ps
+#usr/share/doc/groff-1.22.3/examples/hdtbl/short_reference.roff
+#usr/share/doc/groff-1.22.3/examples/mom
+#usr/share/doc/groff-1.22.3/examples/mom/README.txt
+#usr/share/doc/groff-1.22.3/examples/mom/elvis_syntax
+#usr/share/doc/groff-1.22.3/examples/mom/elvis_syntax.new
+#usr/share/doc/groff-1.22.3/examples/mom/letter.mom
+#usr/share/doc/groff-1.22.3/examples/mom/mom-pdf.mom
+#usr/share/doc/groff-1.22.3/examples/mom/mom.vim
+#usr/share/doc/groff-1.22.3/examples/mom/penguin.pdf
+#usr/share/doc/groff-1.22.3/examples/mom/penguin.ps
+#usr/share/doc/groff-1.22.3/examples/mom/sample_docs.mom
+#usr/share/doc/groff-1.22.3/examples/mom/typesetting.mom
+#usr/share/doc/groff-1.22.3/examples/webpage.ms
+#usr/share/doc/groff-1.22.3/examples/webpage.ps
+#usr/share/doc/groff-1.22.3/html
+#usr/share/doc/groff-1.22.3/html/mom
+#usr/share/doc/groff-1.22.3/html/mom/appendices.html
+#usr/share/doc/groff-1.22.3/html/mom/color.html
+#usr/share/doc/groff-1.22.3/html/mom/cover.html
+#usr/share/doc/groff-1.22.3/html/mom/definitions.html
+#usr/share/doc/groff-1.22.3/html/mom/docelement.html
+#usr/share/doc/groff-1.22.3/html/mom/docprocessing.html
+#usr/share/doc/groff-1.22.3/html/mom/goodies.html
+#usr/share/doc/groff-1.22.3/html/mom/graphical.html
+#usr/share/doc/groff-1.22.3/html/mom/headfootpage.html
+#usr/share/doc/groff-1.22.3/html/mom/images.html
+#usr/share/doc/groff-1.22.3/html/mom/inlines.html
+#usr/share/doc/groff-1.22.3/html/mom/intro.html
+#usr/share/doc/groff-1.22.3/html/mom/letters.html
+#usr/share/doc/groff-1.22.3/html/mom/macrolist.html
+#usr/share/doc/groff-1.22.3/html/mom/rectoverso.html
+#usr/share/doc/groff-1.22.3/html/mom/refer.html
+#usr/share/doc/groff-1.22.3/html/mom/reserved.html
+#usr/share/doc/groff-1.22.3/html/mom/stylesheet.css
+#usr/share/doc/groff-1.22.3/html/mom/tables-of-contents.html
+#usr/share/doc/groff-1.22.3/html/mom/toc.html
+#usr/share/doc/groff-1.22.3/html/mom/typesetting.html
+#usr/share/doc/groff-1.22.3/html/mom/using.html
+#usr/share/doc/groff-1.22.3/html/mom/version-2.html
+#usr/share/doc/groff-1.22.3/meintro.me
+#usr/share/doc/groff-1.22.3/meintro.ps
+#usr/share/doc/groff-1.22.3/meintro_fr.me
+#usr/share/doc/groff-1.22.3/meintro_fr.ps
+#usr/share/doc/groff-1.22.3/meref.me
+#usr/share/doc/groff-1.22.3/meref.ps
+#usr/share/doc/groff-1.22.3/pic.ms
+#usr/share/doc/groff-1.22.3/pic.ps
 #usr/share/groff
-#usr/share/groff/1.21
-#usr/share/groff/1.21/eign
-#usr/share/groff/1.21/font
-#usr/share/groff/1.21/font/devascii
-#usr/share/groff/1.21/font/devascii/B
-#usr/share/groff/1.21/font/devascii/BI
-#usr/share/groff/1.21/font/devascii/DESC
-#usr/share/groff/1.21/font/devascii/I
-#usr/share/groff/1.21/font/devascii/R
-#usr/share/groff/1.21/font/devdvi
-#usr/share/groff/1.21/font/devdvi/CW
-#usr/share/groff/1.21/font/devdvi/CWEC
-#usr/share/groff/1.21/font/devdvi/CWI
-#usr/share/groff/1.21/font/devdvi/CWIEC
-#usr/share/groff/1.21/font/devdvi/CWITC
-#usr/share/groff/1.21/font/devdvi/CWTC
-#usr/share/groff/1.21/font/devdvi/DESC
-#usr/share/groff/1.21/font/devdvi/EX
-#usr/share/groff/1.21/font/devdvi/HB
-#usr/share/groff/1.21/font/devdvi/HBEC
-#usr/share/groff/1.21/font/devdvi/HBI
-#usr/share/groff/1.21/font/devdvi/HBIEC
-#usr/share/groff/1.21/font/devdvi/HBITC
-#usr/share/groff/1.21/font/devdvi/HBTC
-#usr/share/groff/1.21/font/devdvi/HI
-#usr/share/groff/1.21/font/devdvi/HIEC
-#usr/share/groff/1.21/font/devdvi/HITC
-#usr/share/groff/1.21/font/devdvi/HR
-#usr/share/groff/1.21/font/devdvi/HREC
-#usr/share/groff/1.21/font/devdvi/HRTC
-#usr/share/groff/1.21/font/devdvi/MI
-#usr/share/groff/1.21/font/devdvi/S
-#usr/share/groff/1.21/font/devdvi/SA
-#usr/share/groff/1.21/font/devdvi/SB
-#usr/share/groff/1.21/font/devdvi/SC
-#usr/share/groff/1.21/font/devdvi/TB
-#usr/share/groff/1.21/font/devdvi/TBEC
-#usr/share/groff/1.21/font/devdvi/TBI
-#usr/share/groff/1.21/font/devdvi/TBIEC
-#usr/share/groff/1.21/font/devdvi/TBITC
-#usr/share/groff/1.21/font/devdvi/TBTC
-#usr/share/groff/1.21/font/devdvi/TI
-#usr/share/groff/1.21/font/devdvi/TIEC
-#usr/share/groff/1.21/font/devdvi/TITC
-#usr/share/groff/1.21/font/devdvi/TR
-#usr/share/groff/1.21/font/devdvi/TREC
-#usr/share/groff/1.21/font/devdvi/TRTC
-#usr/share/groff/1.21/font/devdvi/generate
-#usr/share/groff/1.21/font/devdvi/generate/CompileFonts
-#usr/share/groff/1.21/font/devdvi/generate/Makefile
-#usr/share/groff/1.21/font/devdvi/generate/ec.map
-#usr/share/groff/1.21/font/devdvi/generate/msam.map
-#usr/share/groff/1.21/font/devdvi/generate/msbm.map
-#usr/share/groff/1.21/font/devdvi/generate/tc.map
-#usr/share/groff/1.21/font/devdvi/generate/texb.map
-#usr/share/groff/1.21/font/devdvi/generate/texex.map
-#usr/share/groff/1.21/font/devdvi/generate/texi.map
-#usr/share/groff/1.21/font/devdvi/generate/texmi.map
-#usr/share/groff/1.21/font/devdvi/generate/texr.map
-#usr/share/groff/1.21/font/devdvi/generate/texsy.map
-#usr/share/groff/1.21/font/devdvi/generate/textex.map
-#usr/share/groff/1.21/font/devdvi/generate/textt.map
-#usr/share/groff/1.21/font/devhtml
-#usr/share/groff/1.21/font/devhtml/B
-#usr/share/groff/1.21/font/devhtml/BI
-#usr/share/groff/1.21/font/devhtml/CB
-#usr/share/groff/1.21/font/devhtml/CBI
-#usr/share/groff/1.21/font/devhtml/CI
-#usr/share/groff/1.21/font/devhtml/CR
-#usr/share/groff/1.21/font/devhtml/DESC
-#usr/share/groff/1.21/font/devhtml/I
-#usr/share/groff/1.21/font/devhtml/R
-#usr/share/groff/1.21/font/devhtml/S
-#usr/share/groff/1.21/font/devlatin1
-#usr/share/groff/1.21/font/devlatin1/B
-#usr/share/groff/1.21/font/devlatin1/BI
-#usr/share/groff/1.21/font/devlatin1/DESC
-#usr/share/groff/1.21/font/devlatin1/I
-#usr/share/groff/1.21/font/devlatin1/R
-#usr/share/groff/1.21/font/devlbp
-#usr/share/groff/1.21/font/devlbp/CB
-#usr/share/groff/1.21/font/devlbp/CI
-#usr/share/groff/1.21/font/devlbp/CR
-#usr/share/groff/1.21/font/devlbp/DESC
-#usr/share/groff/1.21/font/devlbp/EB
-#usr/share/groff/1.21/font/devlbp/EI
-#usr/share/groff/1.21/font/devlbp/ER
-#usr/share/groff/1.21/font/devlbp/HB
-#usr/share/groff/1.21/font/devlbp/HBI
-#usr/share/groff/1.21/font/devlbp/HI
-#usr/share/groff/1.21/font/devlbp/HNB
-#usr/share/groff/1.21/font/devlbp/HNBI
-#usr/share/groff/1.21/font/devlbp/HNI
-#usr/share/groff/1.21/font/devlbp/HNR
-#usr/share/groff/1.21/font/devlbp/HR
-#usr/share/groff/1.21/font/devlbp/TB
-#usr/share/groff/1.21/font/devlbp/TBI
-#usr/share/groff/1.21/font/devlbp/TI
-#usr/share/groff/1.21/font/devlbp/TR
-#usr/share/groff/1.21/font/devlj4
-#usr/share/groff/1.21/font/devlj4/AB
-#usr/share/groff/1.21/font/devlj4/ABI
-#usr/share/groff/1.21/font/devlj4/AI
-#usr/share/groff/1.21/font/devlj4/ALBB
-#usr/share/groff/1.21/font/devlj4/ALBR
-#usr/share/groff/1.21/font/devlj4/AOB
-#usr/share/groff/1.21/font/devlj4/AOI
-#usr/share/groff/1.21/font/devlj4/AOR
-#usr/share/groff/1.21/font/devlj4/AR
-#usr/share/groff/1.21/font/devlj4/CB
-#usr/share/groff/1.21/font/devlj4/CBI
-#usr/share/groff/1.21/font/devlj4/CI
-#usr/share/groff/1.21/font/devlj4/CLARENDON
-#usr/share/groff/1.21/font/devlj4/CORONET
-#usr/share/groff/1.21/font/devlj4/CR
-#usr/share/groff/1.21/font/devlj4/DESC
-#usr/share/groff/1.21/font/devlj4/GB
-#usr/share/groff/1.21/font/devlj4/GBI
-#usr/share/groff/1.21/font/devlj4/GI
-#usr/share/groff/1.21/font/devlj4/GR
-#usr/share/groff/1.21/font/devlj4/LGB
-#usr/share/groff/1.21/font/devlj4/LGI
-#usr/share/groff/1.21/font/devlj4/LGR
-#usr/share/groff/1.21/font/devlj4/MARIGOLD
-#usr/share/groff/1.21/font/devlj4/OB
-#usr/share/groff/1.21/font/devlj4/OBI
-#usr/share/groff/1.21/font/devlj4/OI
-#usr/share/groff/1.21/font/devlj4/OR
-#usr/share/groff/1.21/font/devlj4/S
-#usr/share/groff/1.21/font/devlj4/SYMBOL
-#usr/share/groff/1.21/font/devlj4/TB
-#usr/share/groff/1.21/font/devlj4/TBI
-#usr/share/groff/1.21/font/devlj4/TI
-#usr/share/groff/1.21/font/devlj4/TNRB
-#usr/share/groff/1.21/font/devlj4/TNRBI
-#usr/share/groff/1.21/font/devlj4/TNRI
-#usr/share/groff/1.21/font/devlj4/TNRR
-#usr/share/groff/1.21/font/devlj4/TR
-#usr/share/groff/1.21/font/devlj4/UB
-#usr/share/groff/1.21/font/devlj4/UBI
-#usr/share/groff/1.21/font/devlj4/UCB
-#usr/share/groff/1.21/font/devlj4/UCBI
-#usr/share/groff/1.21/font/devlj4/UCI
-#usr/share/groff/1.21/font/devlj4/UCR
-#usr/share/groff/1.21/font/devlj4/UI
-#usr/share/groff/1.21/font/devlj4/UR
-#usr/share/groff/1.21/font/devlj4/WINGDINGS
-#usr/share/groff/1.21/font/devlj4/generate
-#usr/share/groff/1.21/font/devlj4/generate/Makefile
-#usr/share/groff/1.21/font/devlj4/generate/special.awk
-#usr/share/groff/1.21/font/devlj4/generate/special.map
-#usr/share/groff/1.21/font/devlj4/generate/symbol.map
-#usr/share/groff/1.21/font/devlj4/generate/text.map
-#usr/share/groff/1.21/font/devlj4/generate/wingdings.map
-#usr/share/groff/1.21/font/devps
-#usr/share/groff/1.21/font/devps/AB
-#usr/share/groff/1.21/font/devps/ABI
-#usr/share/groff/1.21/font/devps/AI
-#usr/share/groff/1.21/font/devps/AR
-#usr/share/groff/1.21/font/devps/BMB
-#usr/share/groff/1.21/font/devps/BMBI
-#usr/share/groff/1.21/font/devps/BMI
-#usr/share/groff/1.21/font/devps/BMR
-#usr/share/groff/1.21/font/devps/CB
-#usr/share/groff/1.21/font/devps/CBI
-#usr/share/groff/1.21/font/devps/CI
-#usr/share/groff/1.21/font/devps/CR
-#usr/share/groff/1.21/font/devps/DESC
-#usr/share/groff/1.21/font/devps/EURO
-#usr/share/groff/1.21/font/devps/HB
-#usr/share/groff/1.21/font/devps/HBI
-#usr/share/groff/1.21/font/devps/HI
-#usr/share/groff/1.21/font/devps/HNB
-#usr/share/groff/1.21/font/devps/HNBI
-#usr/share/groff/1.21/font/devps/HNI
-#usr/share/groff/1.21/font/devps/HNR
-#usr/share/groff/1.21/font/devps/HR
-#usr/share/groff/1.21/font/devps/NB
-#usr/share/groff/1.21/font/devps/NBI
-#usr/share/groff/1.21/font/devps/NI
-#usr/share/groff/1.21/font/devps/NR
-#usr/share/groff/1.21/font/devps/PB
-#usr/share/groff/1.21/font/devps/PBI
-#usr/share/groff/1.21/font/devps/PI
-#usr/share/groff/1.21/font/devps/PR
-#usr/share/groff/1.21/font/devps/S
-#usr/share/groff/1.21/font/devps/SS
-#usr/share/groff/1.21/font/devps/TB
-#usr/share/groff/1.21/font/devps/TBI
-#usr/share/groff/1.21/font/devps/TI
-#usr/share/groff/1.21/font/devps/TR
-#usr/share/groff/1.21/font/devps/ZCMI
-#usr/share/groff/1.21/font/devps/ZD
-#usr/share/groff/1.21/font/devps/ZDR
-#usr/share/groff/1.21/font/devps/download
-#usr/share/groff/1.21/font/devps/freeeuro.afm
-#usr/share/groff/1.21/font/devps/freeeuro.pfa
-#usr/share/groff/1.21/font/devps/generate
-#usr/share/groff/1.21/font/devps/generate/Makefile
-#usr/share/groff/1.21/font/devps/generate/afmname
-#usr/share/groff/1.21/font/devps/generate/dingbats.map
-#usr/share/groff/1.21/font/devps/generate/dingbats.rmap
-#usr/share/groff/1.21/font/devps/generate/lgreekmap
-#usr/share/groff/1.21/font/devps/generate/symbol.sed
-#usr/share/groff/1.21/font/devps/generate/symbolchars
-#usr/share/groff/1.21/font/devps/generate/symbolsl.afm
-#usr/share/groff/1.21/font/devps/generate/textmap
-#usr/share/groff/1.21/font/devps/prologue
-#usr/share/groff/1.21/font/devps/symbolsl.pfa
-#usr/share/groff/1.21/font/devps/text.enc
-#usr/share/groff/1.21/font/devps/zapfdr.pfa
-#usr/share/groff/1.21/font/devutf8
-#usr/share/groff/1.21/font/devutf8/B
-#usr/share/groff/1.21/font/devutf8/BI
-#usr/share/groff/1.21/font/devutf8/DESC
-#usr/share/groff/1.21/font/devutf8/I
-#usr/share/groff/1.21/font/devutf8/R
-#usr/share/groff/1.21/oldfont
-#usr/share/groff/1.21/oldfont/devps
-#usr/share/groff/1.21/oldfont/devps/CB
-#usr/share/groff/1.21/oldfont/devps/CBI
-#usr/share/groff/1.21/oldfont/devps/CI
-#usr/share/groff/1.21/oldfont/devps/CR
-#usr/share/groff/1.21/oldfont/devps/HB
-#usr/share/groff/1.21/oldfont/devps/HBI
-#usr/share/groff/1.21/oldfont/devps/HI
-#usr/share/groff/1.21/oldfont/devps/HNB
-#usr/share/groff/1.21/oldfont/devps/HNBI
-#usr/share/groff/1.21/oldfont/devps/HNI
-#usr/share/groff/1.21/oldfont/devps/HNR
-#usr/share/groff/1.21/oldfont/devps/HR
-#usr/share/groff/1.21/oldfont/devps/NB
-#usr/share/groff/1.21/oldfont/devps/NBI
-#usr/share/groff/1.21/oldfont/devps/NI
-#usr/share/groff/1.21/oldfont/devps/NR
-#usr/share/groff/1.21/oldfont/devps/PB
-#usr/share/groff/1.21/oldfont/devps/PBI
-#usr/share/groff/1.21/oldfont/devps/PI
-#usr/share/groff/1.21/oldfont/devps/PR
-#usr/share/groff/1.21/oldfont/devps/S
-#usr/share/groff/1.21/oldfont/devps/SS
-#usr/share/groff/1.21/oldfont/devps/TB
-#usr/share/groff/1.21/oldfont/devps/TBI
-#usr/share/groff/1.21/oldfont/devps/TI
-#usr/share/groff/1.21/oldfont/devps/TR
-#usr/share/groff/1.21/oldfont/devps/symbol.afm
-#usr/share/groff/1.21/oldfont/devps/symbolsl.afm
-#usr/share/groff/1.21/oldfont/devps/zapfdr.afm
-#usr/share/groff/1.21/oldfont/devps/zapfdr.ps
-#usr/share/groff/1.21/pic
-#usr/share/groff/1.21/pic/chem.pic
-#usr/share/groff/1.21/tmac
-#usr/share/groff/1.21/tmac/62bit.tmac
-#usr/share/groff/1.21/tmac/X.tmac
-#usr/share/groff/1.21/tmac/Xps.tmac
-#usr/share/groff/1.21/tmac/a4.tmac
-#usr/share/groff/1.21/tmac/an-ext.tmac
-#usr/share/groff/1.21/tmac/an-old.tmac
-#usr/share/groff/1.21/tmac/an.tmac
-#usr/share/groff/1.21/tmac/andoc.tmac
-#usr/share/groff/1.21/tmac/composite.tmac
-#usr/share/groff/1.21/tmac/cp1047.tmac
-#usr/share/groff/1.21/tmac/cs.tmac
-#usr/share/groff/1.21/tmac/de.tmac
-#usr/share/groff/1.21/tmac/den.tmac
-#usr/share/groff/1.21/tmac/devtag.tmac
-#usr/share/groff/1.21/tmac/doc-old.tmac
-#usr/share/groff/1.21/tmac/doc.tmac
-#usr/share/groff/1.21/tmac/dvi.tmac
-#usr/share/groff/1.21/tmac/e.tmac
-#usr/share/groff/1.21/tmac/ec.tmac
-#usr/share/groff/1.21/tmac/eqnrc
-#usr/share/groff/1.21/tmac/europs.tmac
-#usr/share/groff/1.21/tmac/fr.tmac
-#usr/share/groff/1.21/tmac/hdmisc.tmac
-#usr/share/groff/1.21/tmac/hdtbl.tmac
-#usr/share/groff/1.21/tmac/html-end.tmac
-#usr/share/groff/1.21/tmac/html.tmac
-#usr/share/groff/1.21/tmac/hyphen.cs
-#usr/share/groff/1.21/tmac/hyphen.den
-#usr/share/groff/1.21/tmac/hyphen.det
-#usr/share/groff/1.21/tmac/hyphen.fr
-#usr/share/groff/1.21/tmac/hyphen.sv
-#usr/share/groff/1.21/tmac/hyphen.us
-#usr/share/groff/1.21/tmac/hyphenex.cs
-#usr/share/groff/1.21/tmac/hyphenex.det
-#usr/share/groff/1.21/tmac/hyphenex.us
-#usr/share/groff/1.21/tmac/ja.tmac
-#usr/share/groff/1.21/tmac/latin1.tmac
-#usr/share/groff/1.21/tmac/latin2.tmac
-#usr/share/groff/1.21/tmac/latin5.tmac
-#usr/share/groff/1.21/tmac/latin9.tmac
-#usr/share/groff/1.21/tmac/lbp.tmac
-#usr/share/groff/1.21/tmac/lj4.tmac
-#usr/share/groff/1.21/tmac/m.tmac
-#usr/share/groff/1.21/tmac/man.tmac
-#usr/share/groff/1.21/tmac/mandoc.tmac
-#usr/share/groff/1.21/tmac/mdoc
-#usr/share/groff/1.21/tmac/mdoc.tmac
-#usr/share/groff/1.21/tmac/mdoc/doc-common
-#usr/share/groff/1.21/tmac/mdoc/doc-ditroff
-#usr/share/groff/1.21/tmac/mdoc/doc-nroff
-#usr/share/groff/1.21/tmac/mdoc/doc-syms
-#usr/share/groff/1.21/tmac/me.tmac
-#usr/share/groff/1.21/tmac/mm
-#usr/share/groff/1.21/tmac/mm.tmac
-#usr/share/groff/1.21/tmac/mm/0.MT
-#usr/share/groff/1.21/tmac/mm/4.MT
-#usr/share/groff/1.21/tmac/mm/5.MT
-#usr/share/groff/1.21/tmac/mm/locale
-#usr/share/groff/1.21/tmac/mm/ms.cov
-#usr/share/groff/1.21/tmac/mm/se_locale
-#usr/share/groff/1.21/tmac/mm/se_ms.cov
-#usr/share/groff/1.21/tmac/mmse.tmac
-#usr/share/groff/1.21/tmac/mom.tmac
-#usr/share/groff/1.21/tmac/ms.tmac
-#usr/share/groff/1.21/tmac/mse.tmac
-#usr/share/groff/1.21/tmac/om.tmac
-#usr/share/groff/1.21/tmac/papersize.tmac
-#usr/share/groff/1.21/tmac/pdfmark.tmac
-#usr/share/groff/1.21/tmac/pic.tmac
-#usr/share/groff/1.21/tmac/ps.tmac
-#usr/share/groff/1.21/tmac/psatk.tmac
-#usr/share/groff/1.21/tmac/psold.tmac
-#usr/share/groff/1.21/tmac/pspic.tmac
-#usr/share/groff/1.21/tmac/s.tmac
-#usr/share/groff/1.21/tmac/safer.tmac
-#usr/share/groff/1.21/tmac/spdf.tmac
-#usr/share/groff/1.21/tmac/sv.tmac
-#usr/share/groff/1.21/tmac/trace.tmac
-#usr/share/groff/1.21/tmac/trans.tmac
-#usr/share/groff/1.21/tmac/troffrc
-#usr/share/groff/1.21/tmac/troffrc-end
-#usr/share/groff/1.21/tmac/tty-char.tmac
-#usr/share/groff/1.21/tmac/tty.tmac
-#usr/share/groff/1.21/tmac/unicode.tmac
-#usr/share/groff/1.21/tmac/www.tmac
+#usr/share/groff/1.22.3
+#usr/share/groff/1.22.3/eign
+#usr/share/groff/1.22.3/font
+#usr/share/groff/1.22.3/font/devascii
+#usr/share/groff/1.22.3/font/devascii/B
+#usr/share/groff/1.22.3/font/devascii/BI
+#usr/share/groff/1.22.3/font/devascii/DESC
+#usr/share/groff/1.22.3/font/devascii/I
+#usr/share/groff/1.22.3/font/devascii/R
+#usr/share/groff/1.22.3/font/devdvi
+#usr/share/groff/1.22.3/font/devdvi/CW
+#usr/share/groff/1.22.3/font/devdvi/CWEC
+#usr/share/groff/1.22.3/font/devdvi/CWI
+#usr/share/groff/1.22.3/font/devdvi/CWIEC
+#usr/share/groff/1.22.3/font/devdvi/CWITC
+#usr/share/groff/1.22.3/font/devdvi/CWTC
+#usr/share/groff/1.22.3/font/devdvi/DESC
+#usr/share/groff/1.22.3/font/devdvi/EX
+#usr/share/groff/1.22.3/font/devdvi/HB
+#usr/share/groff/1.22.3/font/devdvi/HBEC
+#usr/share/groff/1.22.3/font/devdvi/HBI
+#usr/share/groff/1.22.3/font/devdvi/HBIEC
+#usr/share/groff/1.22.3/font/devdvi/HBITC
+#usr/share/groff/1.22.3/font/devdvi/HBTC
+#usr/share/groff/1.22.3/font/devdvi/HI
+#usr/share/groff/1.22.3/font/devdvi/HIEC
+#usr/share/groff/1.22.3/font/devdvi/HITC
+#usr/share/groff/1.22.3/font/devdvi/HR
+#usr/share/groff/1.22.3/font/devdvi/HREC
+#usr/share/groff/1.22.3/font/devdvi/HRTC
+#usr/share/groff/1.22.3/font/devdvi/MI
+#usr/share/groff/1.22.3/font/devdvi/S
+#usr/share/groff/1.22.3/font/devdvi/SA
+#usr/share/groff/1.22.3/font/devdvi/SB
+#usr/share/groff/1.22.3/font/devdvi/SC
+#usr/share/groff/1.22.3/font/devdvi/TB
+#usr/share/groff/1.22.3/font/devdvi/TBEC
+#usr/share/groff/1.22.3/font/devdvi/TBI
+#usr/share/groff/1.22.3/font/devdvi/TBIEC
+#usr/share/groff/1.22.3/font/devdvi/TBITC
+#usr/share/groff/1.22.3/font/devdvi/TBTC
+#usr/share/groff/1.22.3/font/devdvi/TI
+#usr/share/groff/1.22.3/font/devdvi/TIEC
+#usr/share/groff/1.22.3/font/devdvi/TITC
+#usr/share/groff/1.22.3/font/devdvi/TR
+#usr/share/groff/1.22.3/font/devdvi/TREC
+#usr/share/groff/1.22.3/font/devdvi/TRTC
+#usr/share/groff/1.22.3/font/devdvi/generate
+#usr/share/groff/1.22.3/font/devdvi/generate/CompileFonts
+#usr/share/groff/1.22.3/font/devdvi/generate/Makefile
+#usr/share/groff/1.22.3/font/devdvi/generate/ec.map
+#usr/share/groff/1.22.3/font/devdvi/generate/msam.map
+#usr/share/groff/1.22.3/font/devdvi/generate/msbm.map
+#usr/share/groff/1.22.3/font/devdvi/generate/tc.map
+#usr/share/groff/1.22.3/font/devdvi/generate/texb.map
+#usr/share/groff/1.22.3/font/devdvi/generate/texex.map
+#usr/share/groff/1.22.3/font/devdvi/generate/texi.map
+#usr/share/groff/1.22.3/font/devdvi/generate/texmi.map
+#usr/share/groff/1.22.3/font/devdvi/generate/texr.map
+#usr/share/groff/1.22.3/font/devdvi/generate/texsy.map
+#usr/share/groff/1.22.3/font/devdvi/generate/textex.map
+#usr/share/groff/1.22.3/font/devdvi/generate/textt.map
+#usr/share/groff/1.22.3/font/devhtml
+#usr/share/groff/1.22.3/font/devhtml/B
+#usr/share/groff/1.22.3/font/devhtml/BI
+#usr/share/groff/1.22.3/font/devhtml/CB
+#usr/share/groff/1.22.3/font/devhtml/CBI
+#usr/share/groff/1.22.3/font/devhtml/CI
+#usr/share/groff/1.22.3/font/devhtml/CR
+#usr/share/groff/1.22.3/font/devhtml/DESC
+#usr/share/groff/1.22.3/font/devhtml/I
+#usr/share/groff/1.22.3/font/devhtml/R
+#usr/share/groff/1.22.3/font/devhtml/S
+#usr/share/groff/1.22.3/font/devlatin1
+#usr/share/groff/1.22.3/font/devlatin1/B
+#usr/share/groff/1.22.3/font/devlatin1/BI
+#usr/share/groff/1.22.3/font/devlatin1/DESC
+#usr/share/groff/1.22.3/font/devlatin1/I
+#usr/share/groff/1.22.3/font/devlatin1/R
+#usr/share/groff/1.22.3/font/devlbp
+#usr/share/groff/1.22.3/font/devlbp/CB
+#usr/share/groff/1.22.3/font/devlbp/CI
+#usr/share/groff/1.22.3/font/devlbp/CR
+#usr/share/groff/1.22.3/font/devlbp/DESC
+#usr/share/groff/1.22.3/font/devlbp/EB
+#usr/share/groff/1.22.3/font/devlbp/EI
+#usr/share/groff/1.22.3/font/devlbp/ER
+#usr/share/groff/1.22.3/font/devlbp/HB
+#usr/share/groff/1.22.3/font/devlbp/HBI
+#usr/share/groff/1.22.3/font/devlbp/HI
+#usr/share/groff/1.22.3/font/devlbp/HNB
+#usr/share/groff/1.22.3/font/devlbp/HNBI
+#usr/share/groff/1.22.3/font/devlbp/HNI
+#usr/share/groff/1.22.3/font/devlbp/HNR
+#usr/share/groff/1.22.3/font/devlbp/HR
+#usr/share/groff/1.22.3/font/devlbp/TB
+#usr/share/groff/1.22.3/font/devlbp/TBI
+#usr/share/groff/1.22.3/font/devlbp/TI
+#usr/share/groff/1.22.3/font/devlbp/TR
+#usr/share/groff/1.22.3/font/devlj4
+#usr/share/groff/1.22.3/font/devlj4/AB
+#usr/share/groff/1.22.3/font/devlj4/ABI
+#usr/share/groff/1.22.3/font/devlj4/AI
+#usr/share/groff/1.22.3/font/devlj4/ALBB
+#usr/share/groff/1.22.3/font/devlj4/ALBR
+#usr/share/groff/1.22.3/font/devlj4/AOB
+#usr/share/groff/1.22.3/font/devlj4/AOI
+#usr/share/groff/1.22.3/font/devlj4/AOR
+#usr/share/groff/1.22.3/font/devlj4/AR
+#usr/share/groff/1.22.3/font/devlj4/CB
+#usr/share/groff/1.22.3/font/devlj4/CBI
+#usr/share/groff/1.22.3/font/devlj4/CI
+#usr/share/groff/1.22.3/font/devlj4/CLARENDON
+#usr/share/groff/1.22.3/font/devlj4/CORONET
+#usr/share/groff/1.22.3/font/devlj4/CR
+#usr/share/groff/1.22.3/font/devlj4/DESC
+#usr/share/groff/1.22.3/font/devlj4/GB
+#usr/share/groff/1.22.3/font/devlj4/GBI
+#usr/share/groff/1.22.3/font/devlj4/GI
+#usr/share/groff/1.22.3/font/devlj4/GR
+#usr/share/groff/1.22.3/font/devlj4/LGB
+#usr/share/groff/1.22.3/font/devlj4/LGI
+#usr/share/groff/1.22.3/font/devlj4/LGR
+#usr/share/groff/1.22.3/font/devlj4/MARIGOLD
+#usr/share/groff/1.22.3/font/devlj4/OB
+#usr/share/groff/1.22.3/font/devlj4/OBI
+#usr/share/groff/1.22.3/font/devlj4/OI
+#usr/share/groff/1.22.3/font/devlj4/OR
+#usr/share/groff/1.22.3/font/devlj4/S
+#usr/share/groff/1.22.3/font/devlj4/SYMBOL
+#usr/share/groff/1.22.3/font/devlj4/TB
+#usr/share/groff/1.22.3/font/devlj4/TBI
+#usr/share/groff/1.22.3/font/devlj4/TI
+#usr/share/groff/1.22.3/font/devlj4/TNRB
+#usr/share/groff/1.22.3/font/devlj4/TNRBI
+#usr/share/groff/1.22.3/font/devlj4/TNRI
+#usr/share/groff/1.22.3/font/devlj4/TNRR
+#usr/share/groff/1.22.3/font/devlj4/TR
+#usr/share/groff/1.22.3/font/devlj4/UB
+#usr/share/groff/1.22.3/font/devlj4/UBI
+#usr/share/groff/1.22.3/font/devlj4/UCB
+#usr/share/groff/1.22.3/font/devlj4/UCBI
+#usr/share/groff/1.22.3/font/devlj4/UCI
+#usr/share/groff/1.22.3/font/devlj4/UCR
+#usr/share/groff/1.22.3/font/devlj4/UI
+#usr/share/groff/1.22.3/font/devlj4/UR
+#usr/share/groff/1.22.3/font/devlj4/WINGDINGS
+#usr/share/groff/1.22.3/font/devlj4/generate
+#usr/share/groff/1.22.3/font/devlj4/generate/Makefile
+#usr/share/groff/1.22.3/font/devlj4/generate/special.awk
+#usr/share/groff/1.22.3/font/devlj4/generate/special.map
+#usr/share/groff/1.22.3/font/devlj4/generate/symbol.map
+#usr/share/groff/1.22.3/font/devlj4/generate/text.map
+#usr/share/groff/1.22.3/font/devlj4/generate/wingdings.map
+#usr/share/groff/1.22.3/font/devpdf
+#usr/share/groff/1.22.3/font/devpdf/CB
+#usr/share/groff/1.22.3/font/devpdf/CBI
+#usr/share/groff/1.22.3/font/devpdf/CI
+#usr/share/groff/1.22.3/font/devpdf/CR
+#usr/share/groff/1.22.3/font/devpdf/DESC
+#usr/share/groff/1.22.3/font/devpdf/EURO
+#usr/share/groff/1.22.3/font/devpdf/Foundry
+#usr/share/groff/1.22.3/font/devpdf/HB
+#usr/share/groff/1.22.3/font/devpdf/HBI
+#usr/share/groff/1.22.3/font/devpdf/HI
+#usr/share/groff/1.22.3/font/devpdf/HR
+#usr/share/groff/1.22.3/font/devpdf/S
+#usr/share/groff/1.22.3/font/devpdf/TB
+#usr/share/groff/1.22.3/font/devpdf/TBI
+#usr/share/groff/1.22.3/font/devpdf/TI
+#usr/share/groff/1.22.3/font/devpdf/TR
+#usr/share/groff/1.22.3/font/devpdf/ZD
+#usr/share/groff/1.22.3/font/devpdf/download
+#usr/share/groff/1.22.3/font/devpdf/enc
+#usr/share/groff/1.22.3/font/devpdf/enc/text.enc
+#usr/share/groff/1.22.3/font/devpdf/map
+#usr/share/groff/1.22.3/font/devpdf/map/dingbats.map
+#usr/share/groff/1.22.3/font/devpdf/map/symbolchars
+#usr/share/groff/1.22.3/font/devpdf/map/symbolmap
+#usr/share/groff/1.22.3/font/devpdf/map/textmap
+#usr/share/groff/1.22.3/font/devpdf/util
+#usr/share/groff/1.22.3/font/devpdf/util/BuildFoundries
+#usr/share/groff/1.22.3/font/devps
+#usr/share/groff/1.22.3/font/devps/AB
+#usr/share/groff/1.22.3/font/devps/ABI
+#usr/share/groff/1.22.3/font/devps/AI
+#usr/share/groff/1.22.3/font/devps/AR
+#usr/share/groff/1.22.3/font/devps/BMB
+#usr/share/groff/1.22.3/font/devps/BMBI
+#usr/share/groff/1.22.3/font/devps/BMI
+#usr/share/groff/1.22.3/font/devps/BMR
+#usr/share/groff/1.22.3/font/devps/CB
+#usr/share/groff/1.22.3/font/devps/CBI
+#usr/share/groff/1.22.3/font/devps/CI
+#usr/share/groff/1.22.3/font/devps/CR
+#usr/share/groff/1.22.3/font/devps/DESC
+#usr/share/groff/1.22.3/font/devps/EURO
+#usr/share/groff/1.22.3/font/devps/HB
+#usr/share/groff/1.22.3/font/devps/HBI
+#usr/share/groff/1.22.3/font/devps/HI
+#usr/share/groff/1.22.3/font/devps/HNB
+#usr/share/groff/1.22.3/font/devps/HNBI
+#usr/share/groff/1.22.3/font/devps/HNI
+#usr/share/groff/1.22.3/font/devps/HNR
+#usr/share/groff/1.22.3/font/devps/HR
+#usr/share/groff/1.22.3/font/devps/NB
+#usr/share/groff/1.22.3/font/devps/NBI
+#usr/share/groff/1.22.3/font/devps/NI
+#usr/share/groff/1.22.3/font/devps/NR
+#usr/share/groff/1.22.3/font/devps/PB
+#usr/share/groff/1.22.3/font/devps/PBI
+#usr/share/groff/1.22.3/font/devps/PI
+#usr/share/groff/1.22.3/font/devps/PR
+#usr/share/groff/1.22.3/font/devps/S
+#usr/share/groff/1.22.3/font/devps/SS
+#usr/share/groff/1.22.3/font/devps/TB
+#usr/share/groff/1.22.3/font/devps/TBI
+#usr/share/groff/1.22.3/font/devps/TI
+#usr/share/groff/1.22.3/font/devps/TR
+#usr/share/groff/1.22.3/font/devps/ZCMI
+#usr/share/groff/1.22.3/font/devps/ZD
+#usr/share/groff/1.22.3/font/devps/ZDR
+#usr/share/groff/1.22.3/font/devps/download
+#usr/share/groff/1.22.3/font/devps/freeeuro.afm
+#usr/share/groff/1.22.3/font/devps/freeeuro.pfa
+#usr/share/groff/1.22.3/font/devps/generate
+#usr/share/groff/1.22.3/font/devps/generate/Makefile
+#usr/share/groff/1.22.3/font/devps/generate/afmname
+#usr/share/groff/1.22.3/font/devps/generate/dingbats.map
+#usr/share/groff/1.22.3/font/devps/generate/dingbats.rmap
+#usr/share/groff/1.22.3/font/devps/generate/lgreekmap
+#usr/share/groff/1.22.3/font/devps/generate/symbol.sed
+#usr/share/groff/1.22.3/font/devps/generate/symbolchars
+#usr/share/groff/1.22.3/font/devps/generate/symbolsl.afm
+#usr/share/groff/1.22.3/font/devps/generate/textmap
+#usr/share/groff/1.22.3/font/devps/prologue
+#usr/share/groff/1.22.3/font/devps/symbolsl.pfa
+#usr/share/groff/1.22.3/font/devps/text.enc
+#usr/share/groff/1.22.3/font/devps/zapfdr.pfa
+#usr/share/groff/1.22.3/font/devutf8
+#usr/share/groff/1.22.3/font/devutf8/B
+#usr/share/groff/1.22.3/font/devutf8/BI
+#usr/share/groff/1.22.3/font/devutf8/DESC
+#usr/share/groff/1.22.3/font/devutf8/I
+#usr/share/groff/1.22.3/font/devutf8/R
+#usr/share/groff/1.22.3/oldfont
+#usr/share/groff/1.22.3/oldfont/devps
+#usr/share/groff/1.22.3/oldfont/devps/CB
+#usr/share/groff/1.22.3/oldfont/devps/CBI
+#usr/share/groff/1.22.3/oldfont/devps/CI
+#usr/share/groff/1.22.3/oldfont/devps/CR
+#usr/share/groff/1.22.3/oldfont/devps/HB
+#usr/share/groff/1.22.3/oldfont/devps/HBI
+#usr/share/groff/1.22.3/oldfont/devps/HI
+#usr/share/groff/1.22.3/oldfont/devps/HNB
+#usr/share/groff/1.22.3/oldfont/devps/HNBI
+#usr/share/groff/1.22.3/oldfont/devps/HNI
+#usr/share/groff/1.22.3/oldfont/devps/HNR
+#usr/share/groff/1.22.3/oldfont/devps/HR
+#usr/share/groff/1.22.3/oldfont/devps/NB
+#usr/share/groff/1.22.3/oldfont/devps/NBI
+#usr/share/groff/1.22.3/oldfont/devps/NI
+#usr/share/groff/1.22.3/oldfont/devps/NR
+#usr/share/groff/1.22.3/oldfont/devps/PB
+#usr/share/groff/1.22.3/oldfont/devps/PBI
+#usr/share/groff/1.22.3/oldfont/devps/PI
+#usr/share/groff/1.22.3/oldfont/devps/PR
+#usr/share/groff/1.22.3/oldfont/devps/S
+#usr/share/groff/1.22.3/oldfont/devps/SS
+#usr/share/groff/1.22.3/oldfont/devps/TB
+#usr/share/groff/1.22.3/oldfont/devps/TBI
+#usr/share/groff/1.22.3/oldfont/devps/TI
+#usr/share/groff/1.22.3/oldfont/devps/TR
+#usr/share/groff/1.22.3/oldfont/devps/symbol.afm
+#usr/share/groff/1.22.3/oldfont/devps/symbolsl.afm
+#usr/share/groff/1.22.3/oldfont/devps/zapfdr.afm
+#usr/share/groff/1.22.3/oldfont/devps/zapfdr.ps
+#usr/share/groff/1.22.3/pic
+#usr/share/groff/1.22.3/pic/chem.pic
+#usr/share/groff/1.22.3/tmac
+#usr/share/groff/1.22.3/tmac/62bit.tmac
+#usr/share/groff/1.22.3/tmac/X.tmac
+#usr/share/groff/1.22.3/tmac/Xps.tmac
+#usr/share/groff/1.22.3/tmac/a4.tmac
+#usr/share/groff/1.22.3/tmac/an-ext.tmac
+#usr/share/groff/1.22.3/tmac/an-old.tmac
+#usr/share/groff/1.22.3/tmac/an.tmac
+#usr/share/groff/1.22.3/tmac/andoc.tmac
+#usr/share/groff/1.22.3/tmac/composite.tmac
+#usr/share/groff/1.22.3/tmac/cp1047.tmac
+#usr/share/groff/1.22.3/tmac/cs.tmac
+#usr/share/groff/1.22.3/tmac/de.tmac
+#usr/share/groff/1.22.3/tmac/den.tmac
+#usr/share/groff/1.22.3/tmac/devtag.tmac
+#usr/share/groff/1.22.3/tmac/doc-old.tmac
+#usr/share/groff/1.22.3/tmac/doc.tmac
+#usr/share/groff/1.22.3/tmac/dvi.tmac
+#usr/share/groff/1.22.3/tmac/e.tmac
+#usr/share/groff/1.22.3/tmac/ec.tmac
+#usr/share/groff/1.22.3/tmac/eqnrc
+#usr/share/groff/1.22.3/tmac/europs.tmac
+#usr/share/groff/1.22.3/tmac/fallbacks.tmac
+#usr/share/groff/1.22.3/tmac/fr.tmac
+#usr/share/groff/1.22.3/tmac/hdmisc.tmac
+#usr/share/groff/1.22.3/tmac/hdtbl.tmac
+#usr/share/groff/1.22.3/tmac/html-end.tmac
+#usr/share/groff/1.22.3/tmac/html.tmac
+#usr/share/groff/1.22.3/tmac/hyphen.cs
+#usr/share/groff/1.22.3/tmac/hyphen.den
+#usr/share/groff/1.22.3/tmac/hyphen.det
+#usr/share/groff/1.22.3/tmac/hyphen.fr
+#usr/share/groff/1.22.3/tmac/hyphen.sv
+#usr/share/groff/1.22.3/tmac/hyphen.us
+#usr/share/groff/1.22.3/tmac/hyphenex.cs
+#usr/share/groff/1.22.3/tmac/hyphenex.det
+#usr/share/groff/1.22.3/tmac/hyphenex.us
+#usr/share/groff/1.22.3/tmac/ja.tmac
+#usr/share/groff/1.22.3/tmac/latin1.tmac
+#usr/share/groff/1.22.3/tmac/latin2.tmac
+#usr/share/groff/1.22.3/tmac/latin5.tmac
+#usr/share/groff/1.22.3/tmac/latin9.tmac
+#usr/share/groff/1.22.3/tmac/lbp.tmac
+#usr/share/groff/1.22.3/tmac/lj4.tmac
+#usr/share/groff/1.22.3/tmac/m.tmac
+#usr/share/groff/1.22.3/tmac/man.tmac
+#usr/share/groff/1.22.3/tmac/mandoc.tmac
+#usr/share/groff/1.22.3/tmac/mdoc
+#usr/share/groff/1.22.3/tmac/mdoc.tmac
+#usr/share/groff/1.22.3/tmac/mdoc/doc-common
+#usr/share/groff/1.22.3/tmac/mdoc/doc-ditroff
+#usr/share/groff/1.22.3/tmac/mdoc/doc-nroff
+#usr/share/groff/1.22.3/tmac/mdoc/doc-syms
+#usr/share/groff/1.22.3/tmac/me.tmac
+#usr/share/groff/1.22.3/tmac/mm
+#usr/share/groff/1.22.3/tmac/mm.tmac
+#usr/share/groff/1.22.3/tmac/mm/0.MT
+#usr/share/groff/1.22.3/tmac/mm/4.MT
+#usr/share/groff/1.22.3/tmac/mm/5.MT
+#usr/share/groff/1.22.3/tmac/mm/locale
+#usr/share/groff/1.22.3/tmac/mm/ms.cov
+#usr/share/groff/1.22.3/tmac/mm/se_locale
+#usr/share/groff/1.22.3/tmac/mm/se_ms.cov
+#usr/share/groff/1.22.3/tmac/mmse.tmac
+#usr/share/groff/1.22.3/tmac/mom.tmac
+#usr/share/groff/1.22.3/tmac/ms.tmac
+#usr/share/groff/1.22.3/tmac/mse.tmac
+#usr/share/groff/1.22.3/tmac/om.tmac
+#usr/share/groff/1.22.3/tmac/papersize.tmac
+#usr/share/groff/1.22.3/tmac/pdf.tmac
+#usr/share/groff/1.22.3/tmac/pdfmark.tmac
+#usr/share/groff/1.22.3/tmac/pic.tmac
+#usr/share/groff/1.22.3/tmac/ps.tmac
+#usr/share/groff/1.22.3/tmac/psatk.tmac
+#usr/share/groff/1.22.3/tmac/psold.tmac
+#usr/share/groff/1.22.3/tmac/pspic.tmac
+#usr/share/groff/1.22.3/tmac/refer-me.tmac
+#usr/share/groff/1.22.3/tmac/refer-mm.tmac
+#usr/share/groff/1.22.3/tmac/refer-ms.tmac
+#usr/share/groff/1.22.3/tmac/refer.tmac
+#usr/share/groff/1.22.3/tmac/s.tmac
+#usr/share/groff/1.22.3/tmac/safer.tmac
+#usr/share/groff/1.22.3/tmac/spdf.tmac
+#usr/share/groff/1.22.3/tmac/sv.tmac
+#usr/share/groff/1.22.3/tmac/trace.tmac
+#usr/share/groff/1.22.3/tmac/trans.tmac
+#usr/share/groff/1.22.3/tmac/troffrc
+#usr/share/groff/1.22.3/tmac/troffrc-end
+#usr/share/groff/1.22.3/tmac/tty-char.tmac
+#usr/share/groff/1.22.3/tmac/tty.tmac
+#usr/share/groff/1.22.3/tmac/unicode.tmac
+#usr/share/groff/1.22.3/tmac/www.tmac
 #usr/share/groff/current
 #usr/share/groff/site-font
 #usr/share/groff/site-tmac
@@ -526,13 +579,15 @@
 #usr/share/info/groff.info
 #usr/share/info/groff.info-1
 #usr/share/info/groff.info-2
-#usr/share/info/groff.info-3
 #usr/share/man/man1/addftinfo.1
 #usr/share/man/man1/afmtodit.1
 #usr/share/man/man1/chem.1
 #usr/share/man/man1/eqn.1
 #usr/share/man/man1/eqn2graph.1
 #usr/share/man/man1/gdiffmk.1
+#usr/share/man/man1/glilypond.1
+#usr/share/man/man1/gperl.1
+#usr/share/man/man1/gpinyin.1
 #usr/share/man/man1/grap2graph.1
 #usr/share/man/man1/grn.1
 #usr/share/man/man1/grodvi.1
@@ -542,6 +597,7 @@
 #usr/share/man/man1/grohtml.1
 #usr/share/man/man1/grolbp.1
 #usr/share/man/man1/grolj4.1
+#usr/share/man/man1/gropdf.1
 #usr/share/man/man1/grops.1
 #usr/share/man/man1/grotty.1
 #usr/share/man/man1/hpftodit.1
@@ -551,6 +607,7 @@
 #usr/share/man/man1/mmroff.1
 #usr/share/man/man1/neqn.1
 #usr/share/man/man1/nroff.1
+#usr/share/man/man1/pdfmom.1
 #usr/share/man/man1/pdfroff.1
 #usr/share/man/man1/pfbtops.1
 #usr/share/man/man1/pic.1
@@ -575,6 +632,7 @@
 #usr/share/man/man7/groff.7
 #usr/share/man/man7/groff_char.7
 #usr/share/man/man7/groff_diff.7
+#usr/share/man/man7/groff_filenames.7
 #usr/share/man/man7/groff_hdtbl.7
 #usr/share/man/man7/groff_man.7
 #usr/share/man/man7/groff_mdoc.7

diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 845ae504b3f38327734ad393274a796542ed6745..878ba667e540fbf1daaa3e825a7584f0224463a7 100644 (file)
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -63,6 +63,7 @@ etc/rc.d/init.d/mounttmpfs
 #etc/rc.d/init.d/mysql
 #etc/rc.d/init.d/netsnmpd
 etc/rc.d/init.d/network
+etc/rc.d/init.d/network-trigger
 etc/rc.d/init.d/network-vlans
 #etc/rc.d/init.d/networking
 etc/rc.d/init.d/networking/any
@@ -93,6 +94,7 @@ etc/rc.d/init.d/networking/red.up/50-ipsec
 etc/rc.d/init.d/networking/red.up/50-ovpn
 etc/rc.d/init.d/networking/red.up/98-leds
 etc/rc.d/init.d/networking/red.up/99-fireinfo
+etc/rc.d/init.d/networking/red.up/99-geoip-database
 etc/rc.d/init.d/networking/red.up/99-pakfire-update
 etc/rc.d/init.d/networking/wpa_supplicant.exe
 #etc/rc.d/init.d/nfs-server
@@ -234,6 +236,7 @@ etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
 etc/rc.d/rcsysinit.d/S85firewall
+etc/rc.d/rcsysinit.d/S90network-trigger
 etc/rc.d/rcsysinit.d/S91network-vlans
 etc/rc.d/rcsysinit.d/S92rngd
 etc/rc.d/rc3.d/S15fireinfo

diff --git a/config/rootfiles/common/i586/openssl-sse2 b/config/rootfiles/common/i586/openssl-sse2
new file mode 100644 (file)
index 0000000..7f6ddd6
--- /dev/null
+++ b/config/rootfiles/common/i586/openssl-sse2
@@ -0,0 +1 @@
+usr/lib/sse2/libcrypto.so.10

diff --git a/config/rootfiles/common/libnet b/config/rootfiles/common/libnet
index 8fe7c1791ee09676a05024ae0c8e4e55ce3e2022..e36695e93dafbe722c8bf70f632df4147141437f 100644 (file)
--- a/config/rootfiles/common/libnet
+++ b/config/rootfiles/common/libnet
@@ -1,3 +1,4 @@
+#usr/bin/libnet-config
 #usr/include/libnet
 #usr/include/libnet.h
 #usr/include/libnet/libnet-asn1.h
@@ -7,3 +8,10 @@
 #usr/include/libnet/libnet-structures.h
 #usr/include/libnet/libnet-types.h
 #usr/lib/libnet.a
+#usr/lib/libnet.la
+#usr/lib/libnet.so
+#usr/lib/libnet.so.1
+#usr/lib/libnet.so.1.7.0
+#usr/share/man/man3/libnet-functions.h.3
+#usr/share/man/man3/libnet-macros.h.3
+#usr/share/man/man3/libnet.h.3

diff --git a/config/rootfiles/common/libtool b/config/rootfiles/common/libtool
index 5646be25ab600f9badfdb85843ca019911613339..23753c79ee92fb1b59a3c31334be642bf082b7dc 100644 (file)
--- a/config/rootfiles/common/libtool
+++ b/config/rootfiles/common/libtool
@@ -9,9 +9,10 @@
 #usr/lib/libltdl.la
 usr/lib/libltdl.so
 usr/lib/libltdl.so.7
-usr/lib/libltdl.so.7.3.0
+usr/lib/libltdl.so.7.3.1
 #usr/share/aclocal/argz.m4
 #usr/share/aclocal/libtool.m4
+#usr/share/aclocal/ltargz.m4
 #usr/share/aclocal/ltdl.m4
 #usr/share/aclocal/ltoptions.m4
 #usr/share/aclocal/ltsugar.m4
@@ -21,6 +22,32 @@ usr/lib/libltdl.so.7.3.0
 #usr/share/info/libtool.info-1
 #usr/share/info/libtool.info-2
 #usr/share/libtool
+#usr/share/libtool/config-h.in
+#usr/share/libtool/configure
+#usr/share/libtool/configure.ac
+#usr/share/libtool/COPYING.LIB
+#usr/share/libtool/Makefile.am
+#usr/share/libtool/Makefile.in
+#usr/share/libtool/README
+#usr/share/libtool/aclocal.m4
+#usr/share/libtool/lt__alloc.c
+#usr/share/libtool/lt__argz.c
+#usr/share/libtool/lt__dirent.c
+#usr/share/libtool/lt__strl.c
+#usr/share/libtool/lt_dlloader.c
+#usr/share/libtool/lt_error.c
+#usr/share/libtool/ltdl.c
+#usr/share/libtool/ltdl.h
+#usr/share/libtool/ltdl.mk
+#usr/share/libtool/slist.c
+#usr/share/libtool/build-aux
+#usr/share/libtool/build-aux/compile
+#usr/share/libtool/build-aux/config.guess
+#usr/share/libtool/build-aux/config.sub
+#usr/share/libtool/build-aux/depcomp
+#usr/share/libtool/build-aux/install-sh
+#usr/share/libtool/build-aux/ltmain.sh
+#usr/share/libtool/build-aux/missing
 #usr/share/libtool/config
 #usr/share/libtool/config/compile
 #usr/share/libtool/config/config.guess
@@ -41,6 +68,24 @@ usr/lib/libltdl.so.7.3.0
 #usr/share/libtool/libltdl/config-h.in
 #usr/share/libtool/libltdl/configure
 #usr/share/libtool/libltdl/configure.ac
+#usr/share/libtool/libltdl/lt__alloc.c
+#usr/share/libtool/libltdl/lt__dirent.c
+#usr/share/libtool/libltdl/lt__strl.c
+#usr/share/libtool/libltdl/lt_dlloader.c
+#usr/share/libtool/libltdl/lt_error.c
+#usr/share/libtool/libltdl/ltdl.c
+#usr/share/libtool/libltdl/ltdl.h
+#usr/share/libtool/libltdl/slist.c
+#usr/share/libtool/libltdl/lt__alloc.h
+#usr/share/libtool/libltdl/lt__argz_.h
+#usr/share/libtool/libltdl/lt__dirent.h
+#usr/share/libtool/libltdl/lt__glibc.h
+#usr/share/libtool/libltdl/lt__private.h
+#usr/share/libtool/libltdl/lt__strl.h
+#usr/share/libtool/libltdl/lt_dlloader.h
+#usr/share/libtool/libltdl/lt_error.h
+#usr/share/libtool/libltdl/lt_system.h
+#usr/share/libtool/libltdl/slist.h
 #usr/share/libtool/libltdl/libltdl
 #usr/share/libtool/libltdl/libltdl/lt__alloc.h
 #usr/share/libtool/libltdl/libltdl/lt__dirent.h
@@ -59,13 +104,13 @@ usr/lib/libltdl.so.7.3.0
 #usr/share/libtool/libltdl/loaders/loadlibrary.c
 #usr/share/libtool/libltdl/loaders/preopen.c
 #usr/share/libtool/libltdl/loaders/shl_load.c
-#usr/share/libtool/libltdl/lt__alloc.c
-#usr/share/libtool/libltdl/lt__dirent.c
-#usr/share/libtool/libltdl/lt__strl.c
-#usr/share/libtool/libltdl/lt_dlloader.c
-#usr/share/libtool/libltdl/lt_error.c
-#usr/share/libtool/libltdl/ltdl.c
-#usr/share/libtool/libltdl/ltdl.h
-#usr/share/libtool/libltdl/slist.c
+#usr/share/libtool/loaders
+#usr/share/libtool/loaders/dld_link.c
+#usr/share/libtool/loaders/dlopen.c
+#usr/share/libtool/loaders/dyld.c
+#usr/share/libtool/loaders/load_add_on.c
+#usr/share/libtool/loaders/loadlibrary.c
+#usr/share/libtool/loaders/preopen.c
+#usr/share/libtool/loaders/shl_load.c
 #usr/share/man/man1/libtool.1
 #usr/share/man/man1/libtoolize.1

diff --git a/config/rootfiles/common/libxml2 b/config/rootfiles/common/libxml2
index 07c1edda52a9062292fc3d1752d0559be475f746..1298651712ca5c791ba93149102f5757d20cbaae 100644 (file)
--- a/config/rootfiles/common/libxml2
+++ b/config/rootfiles/common/libxml2
@@ -50,11 +50,14 @@
 #usr/include/libxml2/libxml/xpath.h
 #usr/include/libxml2/libxml/xpathInternals.h
 #usr/include/libxml2/libxml/xpointer.h
+#usr/lib/cmake
+#usr/lib/cmake/libxml2
+#usr/lib/cmake/libxml2/libxml2-config.cmake
 #usr/lib/libxml2.a
 #usr/lib/libxml2.la
 usr/lib/libxml2.so
 usr/lib/libxml2.so.2
-usr/lib/libxml2.so.2.6.32
+usr/lib/libxml2.so.2.9.2
 #usr/lib/pkgconfig/libxml-2.0.pc
 usr/lib/python2.7/site-packages/drv_libxml2.py
 usr/lib/python2.7/site-packages/libxml2.py
@@ -63,218 +66,220 @@ usr/lib/python2.7/site-packages/libxml2.py
 usr/lib/python2.7/site-packages/libxml2mod.so
 #usr/lib/xml2Conf.sh
 #usr/share/aclocal/libxml.m4
-#usr/share/doc/libxml2-2.6.32
-#usr/share/doc/libxml2-2.6.32/Copyright
-#usr/share/doc/libxml2-2.6.32/examples
-#usr/share/doc/libxml2-2.6.32/examples/testHTML.c
-#usr/share/doc/libxml2-2.6.32/examples/testSAX.c
-#usr/share/doc/libxml2-2.6.32/examples/testXPath.c
-#usr/share/doc/libxml2-2.6.32/examples/xmllint.c
-#usr/share/doc/libxml2-2.6.32/html
-#usr/share/doc/libxml2-2.6.32/html/DOM.gif
-#usr/share/doc/libxml2-2.6.32/html/FAQ.html
-#usr/share/doc/libxml2-2.6.32/html/Libxml2-Logo-180x168.gif
-#usr/share/doc/libxml2-2.6.32/html/Libxml2-Logo-90x34.gif
-#usr/share/doc/libxml2-2.6.32/html/encoding.html
-#usr/share/doc/libxml2-2.6.32/html/examples.xml
-#usr/share/doc/libxml2-2.6.32/html/examples.xsl
-#usr/share/doc/libxml2-2.6.32/html/html
-#usr/share/doc/libxml2-2.6.32/html/html/book1.html
-#usr/share/doc/libxml2-2.6.32/html/html/home.png
-#usr/share/doc/libxml2-2.6.32/html/html/index.html
-#usr/share/doc/libxml2-2.6.32/html/html/left.png
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-DOCBparser.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-HTMLparser.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-HTMLtree.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-SAX.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-SAX2.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-c14n.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-catalog.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-chvalid.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-debugXML.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-dict.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-encoding.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-entities.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-globals.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-hash.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-lib.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-list.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-nanoftp.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-nanohttp.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-parser.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-parserInternals.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-pattern.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-relaxng.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-schemasInternals.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-schematron.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-threads.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-tree.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-uri.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-valid.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xinclude.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xlink.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlIO.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlautomata.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlerror.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlexports.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlmemory.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlmodule.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlreader.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlregexp.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlsave.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlschemas.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlschemastypes.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlstring.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlunicode.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlversion.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xmlwriter.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xpath.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xpathInternals.html
-#usr/share/doc/libxml2-2.6.32/html/html/libxml-xpointer.html
-#usr/share/doc/libxml2-2.6.32/html/html/right.png
-#usr/share/doc/libxml2-2.6.32/html/html/up.png
-#usr/share/doc/libxml2-2.6.32/html/io1.c
-#usr/share/doc/libxml2-2.6.32/html/io1.res
-#usr/share/doc/libxml2-2.6.32/html/io2.c
-#usr/share/doc/libxml2-2.6.32/html/io2.res
-#usr/share/doc/libxml2-2.6.32/html/libxml.gif
-#usr/share/doc/libxml2-2.6.32/html/parse1.c
-#usr/share/doc/libxml2-2.6.32/html/parse2.c
-#usr/share/doc/libxml2-2.6.32/html/parse3.c
-#usr/share/doc/libxml2-2.6.32/html/parse4.c
-#usr/share/doc/libxml2-2.6.32/html/reader1.c
-#usr/share/doc/libxml2-2.6.32/html/reader1.res
-#usr/share/doc/libxml2-2.6.32/html/reader2.c
-#usr/share/doc/libxml2-2.6.32/html/reader3.c
-#usr/share/doc/libxml2-2.6.32/html/reader3.res
-#usr/share/doc/libxml2-2.6.32/html/reader4.c
-#usr/share/doc/libxml2-2.6.32/html/reader4.res
-#usr/share/doc/libxml2-2.6.32/html/redhat.gif
-#usr/share/doc/libxml2-2.6.32/html/smallfootonly.gif
-#usr/share/doc/libxml2-2.6.32/html/structure.gif
-#usr/share/doc/libxml2-2.6.32/html/test1.xml
-#usr/share/doc/libxml2-2.6.32/html/test2.xml
-#usr/share/doc/libxml2-2.6.32/html/test3.xml
-#usr/share/doc/libxml2-2.6.32/html/testWriter.c
-#usr/share/doc/libxml2-2.6.32/html/tree1.c
-#usr/share/doc/libxml2-2.6.32/html/tree1.res
-#usr/share/doc/libxml2-2.6.32/html/tree2.c
-#usr/share/doc/libxml2-2.6.32/html/tree2.res
-#usr/share/doc/libxml2-2.6.32/html/tst.xml
-#usr/share/doc/libxml2-2.6.32/html/tutorial
-#usr/share/doc/libxml2-2.6.32/html/tutorial/apa.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/apb.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/apc.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/apd.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ape.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/apf.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/apg.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/aph.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/api.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ar01s02.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ar01s03.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ar01s04.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ar01s05.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ar01s06.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ar01s07.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ar01s08.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ar01s09.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/blank.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/1.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/10.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/2.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/3.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/4.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/5.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/6.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/7.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/8.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/callouts/9.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/caution.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/draft.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/home.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/important.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/next.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/note.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/prev.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/tip.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/toc-blank.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/toc-minus.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/toc-plus.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/up.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/images/warning.png
-#usr/share/doc/libxml2-2.6.32/html/tutorial/includeaddattribute.c
-#usr/share/doc/libxml2-2.6.32/html/tutorial/includeaddkeyword.c
-#usr/share/doc/libxml2-2.6.32/html/tutorial/includeconvert.c
-#usr/share/doc/libxml2-2.6.32/html/tutorial/includegetattribute.c
-#usr/share/doc/libxml2-2.6.32/html/tutorial/includekeyword.c
-#usr/share/doc/libxml2-2.6.32/html/tutorial/includexpath.c
-#usr/share/doc/libxml2-2.6.32/html/tutorial/index.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/ix01.html
-#usr/share/doc/libxml2-2.6.32/html/tutorial/xmltutorial.pdf
-#usr/share/doc/libxml2-2.6.32/html/w3c.png
-#usr/share/doc/libxml2-2.6.32/html/writer.xml
-#usr/share/doc/libxml2-2.6.32/html/xml.html
-#usr/share/doc/libxml2-2.6.32/html/xpath1.c
-#usr/share/doc/libxml2-2.6.32/html/xpath1.res
-#usr/share/doc/libxml2-2.6.32/html/xpath2.c
-#usr/share/doc/libxml2-2.6.32/html/xpath2.res
-#usr/share/doc/libxml2-python-2.6.32
-#usr/share/doc/libxml2-python-2.6.32/TODO
-#usr/share/doc/libxml2-python-2.6.32/examples
-#usr/share/doc/libxml2-python-2.6.32/examples/attribs.py
-#usr/share/doc/libxml2-python-2.6.32/examples/build.py
-#usr/share/doc/libxml2-python-2.6.32/examples/compareNodes.py
-#usr/share/doc/libxml2-python-2.6.32/examples/ctxterror.py
-#usr/share/doc/libxml2-python-2.6.32/examples/cutnpaste.py
-#usr/share/doc/libxml2-python-2.6.32/examples/dtdvalid.py
-#usr/share/doc/libxml2-python-2.6.32/examples/error.py
-#usr/share/doc/libxml2-python-2.6.32/examples/inbuf.py
-#usr/share/doc/libxml2-python-2.6.32/examples/indexes.py
-#usr/share/doc/libxml2-python-2.6.32/examples/invalid.xml
-#usr/share/doc/libxml2-python-2.6.32/examples/nsdel.py
-#usr/share/doc/libxml2-python-2.6.32/examples/outbuf.py
-#usr/share/doc/libxml2-python-2.6.32/examples/push.py
-#usr/share/doc/libxml2-python-2.6.32/examples/pushSAX.py
-#usr/share/doc/libxml2-python-2.6.32/examples/pushSAXhtml.py
-#usr/share/doc/libxml2-python-2.6.32/examples/reader.py
-#usr/share/doc/libxml2-python-2.6.32/examples/reader2.py
-#usr/share/doc/libxml2-python-2.6.32/examples/reader3.py
-#usr/share/doc/libxml2-python-2.6.32/examples/reader4.py
-#usr/share/doc/libxml2-python-2.6.32/examples/reader5.py
-#usr/share/doc/libxml2-python-2.6.32/examples/reader6.py
-#usr/share/doc/libxml2-python-2.6.32/examples/reader7.py
-#usr/share/doc/libxml2-python-2.6.32/examples/reader8.py
-#usr/share/doc/libxml2-python-2.6.32/examples/readererr.py
-#usr/share/doc/libxml2-python-2.6.32/examples/readernext.py
-#usr/share/doc/libxml2-python-2.6.32/examples/regexp.py
-#usr/share/doc/libxml2-python-2.6.32/examples/relaxng.py
-#usr/share/doc/libxml2-python-2.6.32/examples/resolver.py
-#usr/share/doc/libxml2-python-2.6.32/examples/schema.py
-#usr/share/doc/libxml2-python-2.6.32/examples/serialize.py
-#usr/share/doc/libxml2-python-2.6.32/examples/sync.py
-#usr/share/doc/libxml2-python-2.6.32/examples/test.dtd
-#usr/share/doc/libxml2-python-2.6.32/examples/thread2.py
-#usr/share/doc/libxml2-python-2.6.32/examples/tst.py
-#usr/share/doc/libxml2-python-2.6.32/examples/tst.xml
-#usr/share/doc/libxml2-python-2.6.32/examples/tstLastError.py
-#usr/share/doc/libxml2-python-2.6.32/examples/tstURI.py
-#usr/share/doc/libxml2-python-2.6.32/examples/tstmem.py
-#usr/share/doc/libxml2-python-2.6.32/examples/tstxpath.py
-#usr/share/doc/libxml2-python-2.6.32/examples/valid.xml
-#usr/share/doc/libxml2-python-2.6.32/examples/validDTD.py
-#usr/share/doc/libxml2-python-2.6.32/examples/validRNG.py
-#usr/share/doc/libxml2-python-2.6.32/examples/validSchemas.py
-#usr/share/doc/libxml2-python-2.6.32/examples/validate.py
-#usr/share/doc/libxml2-python-2.6.32/examples/walker.py
-#usr/share/doc/libxml2-python-2.6.32/examples/xpath.py
-#usr/share/doc/libxml2-python-2.6.32/examples/xpathext.py
-#usr/share/doc/libxml2-python-2.6.32/examples/xpathns.py
-#usr/share/doc/libxml2-python-2.6.32/examples/xpathret.py
-#usr/share/gtk-doc
-#usr/share/gtk-doc/html
+#usr/share/doc/libxml2-2.9.2
+#usr/share/doc/libxml2-2.9.2/Copyright
+#usr/share/doc/libxml2-2.9.2/examples
+#usr/share/doc/libxml2-2.9.2/examples/testHTML.c
+#usr/share/doc/libxml2-2.9.2/examples/testSAX.c
+#usr/share/doc/libxml2-2.9.2/examples/testXPath.c
+#usr/share/doc/libxml2-2.9.2/examples/xmllint.c
+#usr/share/doc/libxml2-2.9.2/html
+#usr/share/doc/libxml2-2.9.2/html/DOM.gif
+#usr/share/doc/libxml2-2.9.2/html/FAQ.html
+#usr/share/doc/libxml2-2.9.2/html/Libxml2-Logo-180x168.gif
+#usr/share/doc/libxml2-2.9.2/html/Libxml2-Logo-90x34.gif
+#usr/share/doc/libxml2-2.9.2/html/encoding.html
+#usr/share/doc/libxml2-2.9.2/html/examples.xml
+#usr/share/doc/libxml2-2.9.2/html/examples.xsl
+#usr/share/doc/libxml2-2.9.2/html/html
+#usr/share/doc/libxml2-2.9.2/html/html/book1.html
+#usr/share/doc/libxml2-2.9.2/html/html/home.png
+#usr/share/doc/libxml2-2.9.2/html/html/index.html
+#usr/share/doc/libxml2-2.9.2/html/html/left.png
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-DOCBparser.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-HTMLparser.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-HTMLtree.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-SAX.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-SAX2.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-c14n.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-catalog.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-chvalid.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-debugXML.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-dict.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-encoding.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-entities.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-globals.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-hash.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-lib.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-list.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-nanoftp.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-nanohttp.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-parser.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-parserInternals.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-pattern.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-relaxng.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-schemasInternals.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-schematron.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-threads.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-tree.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-uri.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-valid.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xinclude.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xlink.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlIO.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlautomata.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlerror.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlexports.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlmemory.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlmodule.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlreader.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlregexp.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlsave.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlschemas.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlschemastypes.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlstring.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlunicode.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlversion.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xmlwriter.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xpath.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xpathInternals.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xpointer.html
+#usr/share/doc/libxml2-2.9.2/html/html/libxml-xzlib.html
+#usr/share/doc/libxml2-2.9.2/html/html/right.png
+#usr/share/doc/libxml2-2.9.2/html/html/up.png
+#usr/share/doc/libxml2-2.9.2/html/index.html
+#usr/share/doc/libxml2-2.9.2/html/io1.c
+#usr/share/doc/libxml2-2.9.2/html/io1.res
+#usr/share/doc/libxml2-2.9.2/html/io2.c
+#usr/share/doc/libxml2-2.9.2/html/io2.res
+#usr/share/doc/libxml2-2.9.2/html/libxml.gif
+#usr/share/doc/libxml2-2.9.2/html/parse1.c
+#usr/share/doc/libxml2-2.9.2/html/parse2.c
+#usr/share/doc/libxml2-2.9.2/html/parse3.c
+#usr/share/doc/libxml2-2.9.2/html/parse4.c
+#usr/share/doc/libxml2-2.9.2/html/reader1.c
+#usr/share/doc/libxml2-2.9.2/html/reader1.res
+#usr/share/doc/libxml2-2.9.2/html/reader2.c
+#usr/share/doc/libxml2-2.9.2/html/reader3.c
+#usr/share/doc/libxml2-2.9.2/html/reader3.res
+#usr/share/doc/libxml2-2.9.2/html/reader4.c
+#usr/share/doc/libxml2-2.9.2/html/reader4.res
+#usr/share/doc/libxml2-2.9.2/html/redhat.gif
+#usr/share/doc/libxml2-2.9.2/html/smallfootonly.gif
+#usr/share/doc/libxml2-2.9.2/html/structure.gif
+#usr/share/doc/libxml2-2.9.2/html/test1.xml
+#usr/share/doc/libxml2-2.9.2/html/test2.xml
+#usr/share/doc/libxml2-2.9.2/html/test3.xml
+#usr/share/doc/libxml2-2.9.2/html/testWriter.c
+#usr/share/doc/libxml2-2.9.2/html/tree1.c
+#usr/share/doc/libxml2-2.9.2/html/tree1.res
+#usr/share/doc/libxml2-2.9.2/html/tree2.c
+#usr/share/doc/libxml2-2.9.2/html/tree2.res
+#usr/share/doc/libxml2-2.9.2/html/tst.xml
+#usr/share/doc/libxml2-2.9.2/html/tutorial
+#usr/share/doc/libxml2-2.9.2/html/tutorial/apa.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/apb.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/apc.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/apd.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ape.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/apf.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/apg.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/aph.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/api.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ar01s02.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ar01s03.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ar01s04.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ar01s05.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ar01s06.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ar01s07.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ar01s08.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ar01s09.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/blank.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/1.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/10.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/2.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/3.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/4.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/5.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/6.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/7.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/8.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/callouts/9.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/caution.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/draft.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/home.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/important.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/next.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/note.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/prev.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/tip.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/toc-blank.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/toc-minus.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/toc-plus.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/up.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/images/warning.png
+#usr/share/doc/libxml2-2.9.2/html/tutorial/includeaddattribute.c
+#usr/share/doc/libxml2-2.9.2/html/tutorial/includeaddkeyword.c
+#usr/share/doc/libxml2-2.9.2/html/tutorial/includeconvert.c
+#usr/share/doc/libxml2-2.9.2/html/tutorial/includegetattribute.c
+#usr/share/doc/libxml2-2.9.2/html/tutorial/includekeyword.c
+#usr/share/doc/libxml2-2.9.2/html/tutorial/includexpath.c
+#usr/share/doc/libxml2-2.9.2/html/tutorial/index.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/ix01.html
+#usr/share/doc/libxml2-2.9.2/html/tutorial/xmltutorial.pdf
+#usr/share/doc/libxml2-2.9.2/html/w3c.png
+#usr/share/doc/libxml2-2.9.2/html/writer.xml
+#usr/share/doc/libxml2-2.9.2/html/xml.html
+#usr/share/doc/libxml2-2.9.2/html/xpath1.c
+#usr/share/doc/libxml2-2.9.2/html/xpath1.res
+#usr/share/doc/libxml2-2.9.2/html/xpath2.c
+#usr/share/doc/libxml2-2.9.2/html/xpath2.res
+#usr/share/doc/libxml2-python-2.9.2
+#usr/share/doc/libxml2-python-2.9.2/TODO
+#usr/share/doc/libxml2-python-2.9.2/examples
+#usr/share/doc/libxml2-python-2.9.2/examples/attribs.py
+#usr/share/doc/libxml2-python-2.9.2/examples/build.py
+#usr/share/doc/libxml2-python-2.9.2/examples/compareNodes.py
+#usr/share/doc/libxml2-python-2.9.2/examples/ctxterror.py
+#usr/share/doc/libxml2-python-2.9.2/examples/cutnpaste.py
+#usr/share/doc/libxml2-python-2.9.2/examples/dtdvalid.py
+#usr/share/doc/libxml2-python-2.9.2/examples/error.py
+#usr/share/doc/libxml2-python-2.9.2/examples/inbuf.py
+#usr/share/doc/libxml2-python-2.9.2/examples/indexes.py
+#usr/share/doc/libxml2-python-2.9.2/examples/input_callback.py
+#usr/share/doc/libxml2-python-2.9.2/examples/invalid.xml
+#usr/share/doc/libxml2-python-2.9.2/examples/nsdel.py
+#usr/share/doc/libxml2-python-2.9.2/examples/outbuf.py
+#usr/share/doc/libxml2-python-2.9.2/examples/push.py
+#usr/share/doc/libxml2-python-2.9.2/examples/pushSAX.py
+#usr/share/doc/libxml2-python-2.9.2/examples/pushSAXhtml.py
+#usr/share/doc/libxml2-python-2.9.2/examples/reader.py
+#usr/share/doc/libxml2-python-2.9.2/examples/reader2.py
+#usr/share/doc/libxml2-python-2.9.2/examples/reader3.py
+#usr/share/doc/libxml2-python-2.9.2/examples/reader4.py
+#usr/share/doc/libxml2-python-2.9.2/examples/reader5.py
+#usr/share/doc/libxml2-python-2.9.2/examples/reader6.py
+#usr/share/doc/libxml2-python-2.9.2/examples/reader7.py
+#usr/share/doc/libxml2-python-2.9.2/examples/reader8.py
+#usr/share/doc/libxml2-python-2.9.2/examples/readererr.py
+#usr/share/doc/libxml2-python-2.9.2/examples/readernext.py
+#usr/share/doc/libxml2-python-2.9.2/examples/regexp.py
+#usr/share/doc/libxml2-python-2.9.2/examples/relaxng.py
+#usr/share/doc/libxml2-python-2.9.2/examples/resolver.py
+#usr/share/doc/libxml2-python-2.9.2/examples/schema.py
+#usr/share/doc/libxml2-python-2.9.2/examples/serialize.py
+#usr/share/doc/libxml2-python-2.9.2/examples/sync.py
+#usr/share/doc/libxml2-python-2.9.2/examples/test.dtd
+#usr/share/doc/libxml2-python-2.9.2/examples/thread2.py
+#usr/share/doc/libxml2-python-2.9.2/examples/tst.py
+#usr/share/doc/libxml2-python-2.9.2/examples/tst.xml
+#usr/share/doc/libxml2-python-2.9.2/examples/tstLastError.py
+#usr/share/doc/libxml2-python-2.9.2/examples/tstURI.py
+#usr/share/doc/libxml2-python-2.9.2/examples/tstmem.py
+#usr/share/doc/libxml2-python-2.9.2/examples/tstxpath.py
+#usr/share/doc/libxml2-python-2.9.2/examples/valid.xml
+#usr/share/doc/libxml2-python-2.9.2/examples/validDTD.py
+#usr/share/doc/libxml2-python-2.9.2/examples/validRNG.py
+#usr/share/doc/libxml2-python-2.9.2/examples/validSchemas.py
+#usr/share/doc/libxml2-python-2.9.2/examples/validate.py
+#usr/share/doc/libxml2-python-2.9.2/examples/walker.py
+#usr/share/doc/libxml2-python-2.9.2/examples/xpath.py
+#usr/share/doc/libxml2-python-2.9.2/examples/xpathext.py
+#usr/share/doc/libxml2-python-2.9.2/examples/xpathleak.py
+#usr/share/doc/libxml2-python-2.9.2/examples/xpathns.py
+#usr/share/doc/libxml2-python-2.9.2/examples/xpathret.py
 #usr/share/gtk-doc/html/libxml2
 #usr/share/gtk-doc/html/libxml2/general.html
 #usr/share/gtk-doc/html/libxml2/home.png

diff --git a/config/rootfiles/common/libxslt b/config/rootfiles/common/libxslt
index a6e2ab39a3b03991378330634339d029f7a71207..be00b2426c2bb91047b57a039e024c8481d7dfa6 100644 (file)
--- a/config/rootfiles/common/libxslt
+++ b/config/rootfiles/common/libxslt
@@ -24,18 +24,19 @@ usr/bin/xsltproc
 #usr/include/libxslt/xsltInternals.h
 #usr/include/libxslt/xsltconfig.h
 #usr/include/libxslt/xsltexports.h
+#usr/include/libxslt/xsltlocale.h
 #usr/include/libxslt/xsltutils.h
 #usr/lib/libexslt.a
 #usr/lib/libexslt.la
 usr/lib/libexslt.so
 usr/lib/libexslt.so.0
-usr/lib/libexslt.so.0.8.13
+usr/lib/libexslt.so.0.8.17
 #usr/lib/libxslt-plugins
 #usr/lib/libxslt.a
 #usr/lib/libxslt.la
 usr/lib/libxslt.so
 usr/lib/libxslt.so.1
-usr/lib/libxslt.so.1.1.17
+usr/lib/libxslt.so.1.1.28
 #usr/lib/pkgconfig/libexslt.pc
 #usr/lib/pkgconfig/libxslt.pc
 usr/lib/python2.7/site-packages/libxml2.pyc
@@ -44,108 +45,113 @@ usr/lib/python2.7/site-packages/libxml2.pyc
 #usr/lib/python2.7/site-packages/libxsltmod.la
 usr/lib/python2.7/site-packages/libxsltmod.so
 #usr/lib/xsltConf.sh
-#usr/man/man1/xsltproc.1
-#usr/man/man3/libexslt.3
-#usr/man/man3/libxslt.3
 #usr/share/aclocal/libxslt.m4
-#usr/share/doc/libxslt-1.1.17
-#usr/share/doc/libxslt-1.1.17/html
-#usr/share/doc/libxslt-1.1.17/html/API.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk0.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk1.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk2.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk3.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk4.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk5.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk6.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk7.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk8.html
-#usr/share/doc/libxslt-1.1.17/html/APIchunk9.html
-#usr/share/doc/libxslt-1.1.17/html/APIconstructors.html
-#usr/share/doc/libxslt-1.1.17/html/APIfiles.html
-#usr/share/doc/libxslt-1.1.17/html/APIfunctions.html
-#usr/share/doc/libxslt-1.1.17/html/APIsymbols.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIchunk0.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIconstructors.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIfiles.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIfunctions.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIsymbols.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/bugs.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/docs.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/downloads.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/exslt.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/help.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/index.html
-#usr/share/doc/libxslt-1.1.17/html/EXSLT/intro.html
-#usr/share/doc/libxslt-1.1.17/html/FAQ.html
-#usr/share/doc/libxslt-1.1.17/html/Libxslt-Logo-180x168.gif
-#usr/share/doc/libxslt-1.1.17/html/Libxslt-Logo-90x34.gif
-#usr/share/doc/libxslt-1.1.17/html/bugs.html
-#usr/share/doc/libxslt-1.1.17/html/contexts.gif
-#usr/share/doc/libxslt-1.1.17/html/contribs.html
-#usr/share/doc/libxslt-1.1.17/html/docbook.html
-#usr/share/doc/libxslt-1.1.17/html/docs.html
-#usr/share/doc/libxslt-1.1.17/html/downloads.html
-#usr/share/doc/libxslt-1.1.17/html/extensions.html
-#usr/share/doc/libxslt-1.1.17/html/help.html
-#usr/share/doc/libxslt-1.1.17/html/html
-#usr/share/doc/libxslt-1.1.17/html/html/book1.html
-#usr/share/doc/libxslt-1.1.17/html/html/home.png
-#usr/share/doc/libxslt-1.1.17/html/html/index.html
-#usr/share/doc/libxslt-1.1.17/html/html/left.png
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-attributes.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-documents.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-extensions.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-extra.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-functions.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-imports.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-keys.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-lib.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-namespaces.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-numbersInternals.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-pattern.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-preproc.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-security.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-templates.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-transform.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-variables.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-xslt.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-xsltInternals.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-xsltexports.html
-#usr/share/doc/libxslt-1.1.17/html/html/libxslt-xsltutils.html
-#usr/share/doc/libxslt-1.1.17/html/html/right.png
-#usr/share/doc/libxslt-1.1.17/html/html/up.png
-#usr/share/doc/libxslt-1.1.17/html/index.html
-#usr/share/doc/libxslt-1.1.17/html/internals.html
-#usr/share/doc/libxslt-1.1.17/html/intro.html
-#usr/share/doc/libxslt-1.1.17/html/news.html
-#usr/share/doc/libxslt-1.1.17/html/node.gif
-#usr/share/doc/libxslt-1.1.17/html/object.gif
-#usr/share/doc/libxslt-1.1.17/html/processing.gif
-#usr/share/doc/libxslt-1.1.17/html/python.html
-#usr/share/doc/libxslt-1.1.17/html/redhat.gif
-#usr/share/doc/libxslt-1.1.17/html/smallfootonly.gif
-#usr/share/doc/libxslt-1.1.17/html/stylesheet.gif
-#usr/share/doc/libxslt-1.1.17/html/templates.gif
-#usr/share/doc/libxslt-1.1.17/html/tutorial
-#usr/share/doc/libxslt-1.1.17/html/tutorial/libxslt_tutorial.c
-#usr/share/doc/libxslt-1.1.17/html/tutorial/libxslttutorial.html
-#usr/share/doc/libxslt-1.1.17/html/tutorial/libxslttutorial.xml
-#usr/share/doc/libxslt-1.1.17/html/tutorial2
-#usr/share/doc/libxslt-1.1.17/html/tutorial2/libxslt_pipes.c
-#usr/share/doc/libxslt-1.1.17/html/tutorial2/libxslt_pipes.html
-#usr/share/doc/libxslt-1.1.17/html/tutorial2/libxslt_pipes.xml
-#usr/share/doc/libxslt-1.1.17/html/xslt.html
-#usr/share/doc/libxslt-1.1.17/html/xsltproc.html
-#usr/share/doc/libxslt-1.1.17/html/xsltproc2.html
-#usr/share/doc/libxslt-python-1.1.17
-#usr/share/doc/libxslt-python-1.1.17/TODO
-#usr/share/doc/libxslt-python-1.1.17/examples
-#usr/share/doc/libxslt-python-1.1.17/examples/basic.py
-#usr/share/doc/libxslt-python-1.1.17/examples/exslt.py
-#usr/share/doc/libxslt-python-1.1.17/examples/extelem.py
-#usr/share/doc/libxslt-python-1.1.17/examples/extfunc.py
-#usr/share/doc/libxslt-python-1.1.17/examples/pyxsltproc.py
-#usr/share/doc/libxslt-python-1.1.17/examples/test.xml
-#usr/share/doc/libxslt-python-1.1.17/examples/test.xsl
+#usr/share/doc/libxslt-1.1.28
+#usr/share/doc/libxslt-1.1.28/html
+#usr/share/doc/libxslt-1.1.28/html/API.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk0.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk1.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk10.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk11.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk12.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk13.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk2.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk3.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk4.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk5.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk6.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk7.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk8.html
+#usr/share/doc/libxslt-1.1.28/html/APIchunk9.html
+#usr/share/doc/libxslt-1.1.28/html/APIconstructors.html
+#usr/share/doc/libxslt-1.1.28/html/APIfiles.html
+#usr/share/doc/libxslt-1.1.28/html/APIfunctions.html
+#usr/share/doc/libxslt-1.1.28/html/APIsymbols.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIchunk0.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIconstructors.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIfiles.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIfunctions.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIsymbols.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/bugs.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/docs.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/downloads.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/exslt.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/help.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/index.html
+#usr/share/doc/libxslt-1.1.28/html/EXSLT/intro.html
+#usr/share/doc/libxslt-1.1.28/html/FAQ.html
+#usr/share/doc/libxslt-1.1.28/html/Libxslt-Logo-180x168.gif
+#usr/share/doc/libxslt-1.1.28/html/Libxslt-Logo-90x34.gif
+#usr/share/doc/libxslt-1.1.28/html/bugs.html
+#usr/share/doc/libxslt-1.1.28/html/contexts.gif
+#usr/share/doc/libxslt-1.1.28/html/contribs.html
+#usr/share/doc/libxslt-1.1.28/html/docbook.html
+#usr/share/doc/libxslt-1.1.28/html/docs.html
+#usr/share/doc/libxslt-1.1.28/html/downloads.html
+#usr/share/doc/libxslt-1.1.28/html/extensions.html
+#usr/share/doc/libxslt-1.1.28/html/help.html
+#usr/share/doc/libxslt-1.1.28/html/html
+#usr/share/doc/libxslt-1.1.28/html/html/book1.html
+#usr/share/doc/libxslt-1.1.28/html/html/home.png
+#usr/share/doc/libxslt-1.1.28/html/html/index.html
+#usr/share/doc/libxslt-1.1.28/html/html/left.png
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-attributes.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-documents.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-extensions.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-extra.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-functions.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-imports.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-keys.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-lib.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-namespaces.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-numbersInternals.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-pattern.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-preproc.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-security.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-templates.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-transform.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-variables.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xslt.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltInternals.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltexports.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltlocale.html
+#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltutils.html
+#usr/share/doc/libxslt-1.1.28/html/html/right.png
+#usr/share/doc/libxslt-1.1.28/html/html/up.png
+#usr/share/doc/libxslt-1.1.28/html/index.html
+#usr/share/doc/libxslt-1.1.28/html/internals.html
+#usr/share/doc/libxslt-1.1.28/html/intro.html
+#usr/share/doc/libxslt-1.1.28/html/news.html
+#usr/share/doc/libxslt-1.1.28/html/node.gif
+#usr/share/doc/libxslt-1.1.28/html/object.gif
+#usr/share/doc/libxslt-1.1.28/html/processing.gif
+#usr/share/doc/libxslt-1.1.28/html/python.html
+#usr/share/doc/libxslt-1.1.28/html/redhat.gif
+#usr/share/doc/libxslt-1.1.28/html/smallfootonly.gif
+#usr/share/doc/libxslt-1.1.28/html/stylesheet.gif
+#usr/share/doc/libxslt-1.1.28/html/templates.gif
+#usr/share/doc/libxslt-1.1.28/html/tutorial
+#usr/share/doc/libxslt-1.1.28/html/tutorial/libxslt_tutorial.c
+#usr/share/doc/libxslt-1.1.28/html/tutorial/libxslttutorial.html
+#usr/share/doc/libxslt-1.1.28/html/tutorial/libxslttutorial.xml
+#usr/share/doc/libxslt-1.1.28/html/tutorial2
+#usr/share/doc/libxslt-1.1.28/html/tutorial2/libxslt_pipes.c
+#usr/share/doc/libxslt-1.1.28/html/tutorial2/libxslt_pipes.html
+#usr/share/doc/libxslt-1.1.28/html/tutorial2/libxslt_pipes.xml
+#usr/share/doc/libxslt-1.1.28/html/xslt.html
+#usr/share/doc/libxslt-1.1.28/html/xsltproc.html
+#usr/share/doc/libxslt-1.1.28/html/xsltproc2.html
+#usr/share/doc/libxslt-python-1.1.28
+#usr/share/doc/libxslt-python-1.1.28/TODO
+#usr/share/doc/libxslt-python-1.1.28/examples
+#usr/share/doc/libxslt-python-1.1.28/examples/basic.py
+#usr/share/doc/libxslt-python-1.1.28/examples/exslt.py
+#usr/share/doc/libxslt-python-1.1.28/examples/extelem.py
+#usr/share/doc/libxslt-python-1.1.28/examples/extfunc.py
+#usr/share/doc/libxslt-python-1.1.28/examples/pyxsltproc.py
+#usr/share/doc/libxslt-python-1.1.28/examples/test.xml
+#usr/share/doc/libxslt-python-1.1.28/examples/test.xsl
+#usr/share/man/man1/xsltproc.1
+#usr/share/man/man3/libexslt.3
+#usr/share/man/man3/libxslt.3

diff --git a/config/rootfiles/common/logrotate b/config/rootfiles/common/logrotate
index 7f3e709ead13609beb54da3f87e38941ad527d58..8ef728c94a1000f35e15d2bd3939d657e2a0a644 100644 (file)
--- a/config/rootfiles/common/logrotate
+++ b/config/rootfiles/common/logrotate
@@ -1,5 +1,6 @@
 #etc/logrotate.d
 etc/logrotate.d/.empty
+#usr/man/man5/logrotate.conf.5
 #usr/man/man8/logrotate.8
 usr/sbin/logrotate
 var/lib/logrotate.status

diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch
index 59d3a7ada4e7f41a67bebf6c2ff46d81f5481737..998ab8ae2a2d670ea0524eaa596f7a107a2e4aab 100644 (file)
--- a/config/rootfiles/common/logwatch
+++ b/config/rootfiles/common/logwatch
@@ -1,6 +1,6 @@
 #etc/logwatch
 etc/logwatch/conf
-#etc/logwatch/conf/html
+#etc/logwatch/logwatch.cron
 #etc/logwatch/conf/ignore.conf
 #etc/logwatch/conf/logfiles
 #etc/logwatch/conf/logwatch.conf
@@ -18,13 +18,17 @@ usr/sbin/logwatch
 #usr/share/logwatch/default.conf/html/header.html
 usr/share/logwatch/default.conf/ignore.conf
 #usr/share/logwatch/default.conf/logfiles
+#usr/share/logwatch/default.conf/logfiles/audit_log.conf
 #usr/share/logwatch/default.conf/logfiles/autorpm.conf
 #usr/share/logwatch/default.conf/logfiles/bfd.conf
 #usr/share/logwatch/default.conf/logfiles/cisco.conf
+#usr/share/logwatch/default.conf/logfiles/citadel.conf
 usr/share/logwatch/default.conf/logfiles/clam-update.conf
+#usr/share/logwatch/default.conf/logfiles/clamav.conf
 usr/share/logwatch/default.conf/logfiles/cron.conf
 #usr/share/logwatch/default.conf/logfiles/daemon.conf
 #usr/share/logwatch/default.conf/logfiles/denyhosts.conf
+#usr/share/logwatch/default.conf/logfiles/dirsrv.conf
 #usr/share/logwatch/default.conf/logfiles/dnssec.conf
 #usr/share/logwatch/default.conf/logfiles/dpkg.conf
 #usr/share/logwatch/default.conf/logfiles/emerge.conf
@@ -32,15 +36,20 @@ usr/share/logwatch/default.conf/logfiles/cron.conf
 #usr/share/logwatch/default.conf/logfiles/exim.conf
 #usr/share/logwatch/default.conf/logfiles/extreme-networks.conf
 #usr/share/logwatch/default.conf/logfiles/fail2ban.conf
+#usr/share/logwatch/default.conf/logfiles/freeradius.conf
+#usr/share/logwatch/default.conf/logfiles/http-error.conf
 usr/share/logwatch/default.conf/logfiles/http.conf
 usr/share/logwatch/default.conf/logfiles/iptables.conf
 usr/share/logwatch/default.conf/logfiles/kernel.conf
 usr/share/logwatch/default.conf/logfiles/maillog.conf
 usr/share/logwatch/default.conf/logfiles/messages.conf
+#usr/share/logwatch/default.conf/logfiles/mysql-mmm.conf
+#usr/share/logwatch/default.conf/logfiles/mysql.conf
 #usr/share/logwatch/default.conf/logfiles/netopia.conf
 #usr/share/logwatch/default.conf/logfiles/netscreen.conf
 usr/share/logwatch/default.conf/logfiles/php.conf
 #usr/share/logwatch/default.conf/logfiles/pix.conf
+#usr/share/logwatch/default.conf/logfiles/postgresql.conf
 #usr/share/logwatch/default.conf/logfiles/pureftp.conf
 #usr/share/logwatch/default.conf/logfiles/qmail-pop3d-current.conf
 #usr/share/logwatch/default.conf/logfiles/qmail-pop3ds-current.conf
@@ -51,13 +60,17 @@ usr/share/logwatch/default.conf/logfiles/resolver.conf
 usr/share/logwatch/default.conf/logfiles/samba.conf
 #usr/share/logwatch/default.conf/logfiles/secure.conf
 #usr/share/logwatch/default.conf/logfiles/sonicwall.conf
+#usr/share/logwatch/default.conf/logfiles/spamassassin.conf
 usr/share/logwatch/default.conf/logfiles/syslog.conf
 #usr/share/logwatch/default.conf/logfiles/tac_acc.conf
+#usr/share/logwatch/default.conf/logfiles/tivoli-smc.conf
 #usr/share/logwatch/default.conf/logfiles/up2date.conf
+#usr/share/logwatch/default.conf/logfiles/vdr.conf
 usr/share/logwatch/default.conf/logfiles/vsftpd.conf
 usr/share/logwatch/default.conf/logfiles/windows.conf
 usr/share/logwatch/default.conf/logfiles/xferlog.conf
 #usr/share/logwatch/default.conf/logfiles/yum.conf
+#usr/share/logwatch/default.conf/logfiles/zypp.conf
 usr/share/logwatch/default.conf/logwatch.conf
 usr/share/logwatch/default.conf/services
 #usr/share/logwatch/default.conf/services/afpd.conf
@@ -66,8 +79,10 @@ usr/share/logwatch/default.conf/services/amavis.conf
 #usr/share/logwatch/default.conf/services/audit.conf
 #usr/share/logwatch/default.conf/services/automount.conf
 #usr/share/logwatch/default.conf/services/autorpm.conf
+#usr/share/logwatch/default.conf/services/barracuda.conf
 #usr/share/logwatch/default.conf/services/bfd.conf
 #usr/share/logwatch/default.conf/services/cisco.conf
+#usr/share/logwatch/default.conf/services/citadel.conf
 usr/share/logwatch/default.conf/services/clam-update.conf
 #usr/share/logwatch/default.conf/services/clamav-milter.conf
 usr/share/logwatch/default.conf/services/clamav.conf
@@ -75,6 +90,7 @@ usr/share/logwatch/default.conf/services/clamav.conf
 usr/share/logwatch/default.conf/services/cron.conf
 #usr/share/logwatch/default.conf/services/denyhosts.conf
 usr/share/logwatch/default.conf/services/dhcpd.conf
+#usr/share/logwatch/default.conf/services/dirsrv.conf
 #usr/share/logwatch/default.conf/services/dnssec.conf
 #usr/share/logwatch/default.conf/services/dovecot.conf
 #usr/share/logwatch/default.conf/services/dpkg.conf
@@ -86,8 +102,11 @@ usr/share/logwatch/default.conf/services/dhcpd.conf
 #usr/share/logwatch/default.conf/services/eximstats.conf
 #usr/share/logwatch/default.conf/services/extreme-networks.conf
 #usr/share/logwatch/default.conf/services/fail2ban.conf
+#usr/share/logwatch/default.conf/services/fetchmail.conf
+#usr/share/logwatch/default.conf/services/freeradius.conf
 #usr/share/logwatch/default.conf/services/ftpd-messages.conf
 #usr/share/logwatch/default.conf/services/ftpd-xferlog.conf
+#usr/share/logwatch/default.conf/services/http-error.conf
 usr/share/logwatch/default.conf/services/http.conf
 #usr/share/logwatch/default.conf/services/identd.conf
 usr/share/logwatch/default.conf/services/imapd.conf
@@ -96,13 +115,20 @@ usr/share/logwatch/default.conf/services/init.conf
 usr/share/logwatch/default.conf/services/ipop3d.conf
 usr/share/logwatch/default.conf/services/iptables.conf
 usr/share/logwatch/default.conf/services/kernel.conf
+#usr/share/logwatch/default.conf/services/knockd.conf
+#usr/share/logwatch/default.conf/services/lvm.conf
 #usr/share/logwatch/default.conf/services/mailscanner.conf
+#usr/share/logwatch/default.conf/services/mdadm.conf
+#usr/share/logwatch/default.conf/services/mod_security2.conf
 usr/share/logwatch/default.conf/services/modprobe.conf
 #usr/share/logwatch/default.conf/services/mountd.conf
+#usr/share/logwatch/default.conf/services/mysql-mmm.conf
+#usr/share/logwatch/default.conf/services/mysql.conf
 #usr/share/logwatch/default.conf/services/named.conf
 #usr/share/logwatch/default.conf/services/netopia.conf
 #usr/share/logwatch/default.conf/services/netscreen.conf
 #usr/share/logwatch/default.conf/services/oidentd.conf
+#usr/share/logwatch/default.conf/services/omsa.conf
 usr/share/logwatch/default.conf/services/openvpn.conf
 usr/share/logwatch/default.conf/services/pam.conf
 usr/share/logwatch/default.conf/services/pam_pwdb.conf
@@ -113,8 +139,10 @@ usr/share/logwatch/default.conf/services/pluto.conf
 usr/share/logwatch/default.conf/services/pop3.conf
 #usr/share/logwatch/default.conf/services/portsentry.conf
 usr/share/logwatch/default.conf/services/postfix.conf
+#usr/share/logwatch/default.conf/services/postgresql.conf
 #usr/share/logwatch/default.conf/services/pound.conf
 #usr/share/logwatch/default.conf/services/proftpd-messages.conf
+#usr/share/logwatch/default.conf/services/puppet.conf
 #usr/share/logwatch/default.conf/services/pureftpd.conf
 #usr/share/logwatch/default.conf/services/qmail-pop3d.conf
 #usr/share/logwatch/default.conf/services/qmail-pop3ds.conf
@@ -123,6 +151,7 @@ usr/share/logwatch/default.conf/services/postfix.conf
 #usr/share/logwatch/default.conf/services/qmail.conf
 #usr/share/logwatch/default.conf/services/raid.conf
 usr/share/logwatch/default.conf/services/resolver.conf
+#usr/share/logwatch/default.conf/services/rsyslogd.conf
 #usr/share/logwatch/default.conf/services/rt314.conf
 usr/share/logwatch/default.conf/services/samba.conf
 usr/share/logwatch/default.conf/services/saslauthd.conf
@@ -134,23 +163,30 @@ usr/share/logwatch/default.conf/services/scsi.conf
 #usr/share/logwatch/default.conf/services/slon.conf
 #usr/share/logwatch/default.conf/services/smartd.conf
 #usr/share/logwatch/default.conf/services/sonicwall.conf
+#usr/share/logwatch/default.conf/services/spamassassin.conf
 usr/share/logwatch/default.conf/services/sshd.conf
 usr/share/logwatch/default.conf/services/sshd2.conf
 #usr/share/logwatch/default.conf/services/stunnel.conf
 usr/share/logwatch/default.conf/services/sudo.conf
+#usr/share/logwatch/default.conf/services/syslog-ng.conf
 usr/share/logwatch/default.conf/services/syslogd.conf
 #usr/share/logwatch/default.conf/services/tac_acc.conf
+#usr/share/logwatch/default.conf/services/tivoli-smc.conf
 #usr/share/logwatch/default.conf/services/up2date.conf
+#usr/share/logwatch/default.conf/services/vdr.conf
 #usr/share/logwatch/default.conf/services/vpopmail.conf
 usr/share/logwatch/default.conf/services/vsftpd.conf
 usr/share/logwatch/default.conf/services/windows.conf
 #usr/share/logwatch/default.conf/services/xntpd.conf
 #usr/share/logwatch/default.conf/services/yum.conf
+#usr/share/logwatch/default.conf/services/zypp.conf
 usr/share/logwatch/default.conf/services/zz-disk_space.conf
 #usr/share/logwatch/default.conf/services/zz-fortune.conf
+#usr/share/logwatch/default.conf/services/zz-lm_sensors.conf
 usr/share/logwatch/default.conf/services/zz-network.conf
 usr/share/logwatch/default.conf/services/zz-runtime.conf
 #usr/share/logwatch/default.conf/services/zz-sys.conf
+#usr/share/logwatch/default.conf/services/zz-zfs.conf
 #usr/share/logwatch/dist.conf
 usr/share/logwatch/dist.conf/logfiles
 usr/share/logwatch/dist.conf/services
@@ -184,8 +220,10 @@ usr/share/logwatch/scripts/services/amavis
 #usr/share/logwatch/scripts/services/audit
 #usr/share/logwatch/scripts/services/automount
 #usr/share/logwatch/scripts/services/autorpm
+#usr/share/logwatch/scripts/services/barracuda
 #usr/share/logwatch/scripts/services/bfd
 #usr/share/logwatch/scripts/services/cisco
+#usr/share/logwatch/scripts/services/citadel
 usr/share/logwatch/scripts/services/clam-update
 usr/share/logwatch/scripts/services/clamav
 #usr/share/logwatch/scripts/services/clamav-milter
@@ -194,6 +232,7 @@ usr/share/logwatch/scripts/services/cron
 #usr/share/logwatch/scripts/services/denyhosts
 usr/share/logwatch/scripts/services/dhcpd
 usr/share/logwatch/scripts/services/dialup
+#usr/share/logwatch/scripts/services/dirsrv
 #usr/share/logwatch/scripts/services/dnssec
 #usr/share/logwatch/scripts/services/dovecot
 #usr/share/logwatch/scripts/services/dpkg
@@ -205,9 +244,12 @@ usr/share/logwatch/scripts/services/dialup
 #usr/share/logwatch/scripts/services/eximstats
 #usr/share/logwatch/scripts/services/extreme-networks
 #usr/share/logwatch/scripts/services/fail2ban
+#usr/share/logwatch/scripts/services/fetchmail
+#usr/share/logwatch/scripts/services/freeradius
 #usr/share/logwatch/scripts/services/ftpd-messages
 #usr/share/logwatch/scripts/services/ftpd-xferlog
 usr/share/logwatch/scripts/services/http
+#usr/share/logwatch/scripts/services/http-error
 #usr/share/logwatch/scripts/services/identd
 usr/share/logwatch/scripts/services/imapd
 #usr/share/logwatch/scripts/services/in.qpopper
@@ -215,13 +257,20 @@ usr/share/logwatch/scripts/services/init
 usr/share/logwatch/scripts/services/ipop3d
 usr/share/logwatch/scripts/services/iptables
 usr/share/logwatch/scripts/services/kernel
+#usr/share/logwatch/scripts/services/knockd
+#usr/share/logwatch/scripts/services/lvm
 #usr/share/logwatch/scripts/services/mailscanner
+#usr/share/logwatch/scripts/services/mdadm
+#usr/share/logwatch/scripts/services/mod_security2
 usr/share/logwatch/scripts/services/modprobe
 #usr/share/logwatch/scripts/services/mountd
+#usr/share/logwatch/scripts/services/mysql
+#usr/share/logwatch/scripts/services/mysql-mmm
 #usr/share/logwatch/scripts/services/named
 #usr/share/logwatch/scripts/services/netopia
 #usr/share/logwatch/scripts/services/netscreen
 #usr/share/logwatch/scripts/services/oidentd
+#usr/share/logwatch/scripts/services/omsa
 usr/share/logwatch/scripts/services/openvpn
 usr/share/logwatch/scripts/services/pam
 usr/share/logwatch/scripts/services/pam_pwdb
@@ -232,8 +281,10 @@ usr/share/logwatch/scripts/services/pluto
 usr/share/logwatch/scripts/services/pop3
 #usr/share/logwatch/scripts/services/portsentry
 usr/share/logwatch/scripts/services/postfix
+#usr/share/logwatch/scripts/services/postgresql
 #usr/share/logwatch/scripts/services/pound
 #usr/share/logwatch/scripts/services/proftpd-messages
+#usr/share/logwatch/scripts/services/puppet
 #usr/share/logwatch/scripts/services/pureftpd
 #usr/share/logwatch/scripts/services/qmail
 #usr/share/logwatch/scripts/services/qmail-pop3d
@@ -242,6 +293,7 @@ usr/share/logwatch/scripts/services/postfix
 #usr/share/logwatch/scripts/services/qmail-smtpd
 #usr/share/logwatch/scripts/services/raid
 #usr/share/logwatch/scripts/services/resolver
+#usr/share/logwatch/scripts/services/rsyslogd
 #usr/share/logwatch/scripts/services/rt314
 usr/share/logwatch/scripts/services/samba
 usr/share/logwatch/scripts/services/saslauthd
@@ -253,23 +305,30 @@ usr/share/logwatch/scripts/services/scsi
 #usr/share/logwatch/scripts/services/slon
 #usr/share/logwatch/scripts/services/smartd
 #usr/share/logwatch/scripts/services/sonicwall
+#usr/share/logwatch/scripts/services/spamassassin
 usr/share/logwatch/scripts/services/sshd
 usr/share/logwatch/scripts/services/sshd2
 #usr/share/logwatch/scripts/services/stunnel
 usr/share/logwatch/scripts/services/sudo
+#usr/share/logwatch/scripts/services/syslog-ng
 usr/share/logwatch/scripts/services/syslogd
 #usr/share/logwatch/scripts/services/tac_acc
+#usr/share/logwatch/scripts/services/tivoli-smc
 #usr/share/logwatch/scripts/services/up2date
+#usr/share/logwatch/scripts/services/vdr
 #usr/share/logwatch/scripts/services/vpopmail
 usr/share/logwatch/scripts/services/vsftpd
 usr/share/logwatch/scripts/services/windows
 #usr/share/logwatch/scripts/services/xntpd
 #usr/share/logwatch/scripts/services/yum
+#usr/share/logwatch/scripts/services/zypp
 usr/share/logwatch/scripts/services/zz-disk_space
 #usr/share/logwatch/scripts/services/zz-fortune
+#usr/share/logwatch/scripts/services/zz-lm_sensors
 usr/share/logwatch/scripts/services/zz-network
 usr/share/logwatch/scripts/services/zz-runtime
 #usr/share/logwatch/scripts/services/zz-sys
+#usr/share/logwatch/scripts/services/zz-zfs
 #usr/share/logwatch/scripts/shared
 usr/share/logwatch/scripts/shared/applybinddate
 usr/share/logwatch/scripts/shared/applyeurodate
@@ -289,6 +348,11 @@ usr/share/logwatch/scripts/shared/onlyservice
 usr/share/logwatch/scripts/shared/remove
 usr/share/logwatch/scripts/shared/removeheaders
 usr/share/logwatch/scripts/shared/removeservice
+#usr/share/man/man1/amavis-logwatch.1
+#usr/share/man/man1/postfix-logwatch.1
+#usr/share/man/man5/ignore.conf.5
+#usr/share/man/man5/logwatch.conf.5
+#usr/share/man/man5/override.conf.5
 #usr/share/man/man8/logwatch.8
 var/cache/logwatch
 var/log/logwatch

diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index 1ab4dec5f1aa5053d5a8a96d798f08cf7c95e870..349aac76cbb18ea9773cc029485f152ec711b6ba 100644 (file)
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -2,6 +2,8 @@ usr/local/bin/addonctrl
 #usr/local/bin/applejuicectrl
 usr/local/bin/backupctrl
 #usr/local/bin/clamavctrl
+usr/local/bin/collectdctrl
+usr/local/bin/ddnsctrl
 usr/local/bin/dhcpctrl
 usr/local/bin/dnsmasqctrl
 usr/local/bin/extrahdctrl

diff --git a/config/rootfiles/common/newt b/config/rootfiles/common/newt
index 2fbd2b34c87623ab9b6aceaea7c9af854743f5b1..adc9b7581371c92e6174500b8b30d9efe0d9c3ec 100644 (file)
--- a/config/rootfiles/common/newt
+++ b/config/rootfiles/common/newt
@@ -3,7 +3,7 @@ usr/bin/whiptail
 #usr/lib/libnewt.a
 #usr/lib/libnewt.so
 usr/lib/libnewt.so.0.52
-usr/lib/libnewt.so.0.52.17
+usr/lib/libnewt.so.0.52.18
 #usr/lib/pkgconfig/libnewt.pc
 #usr/lib/python2.7/site-packages/_snack.so
 #usr/lib/python2.7/site-packages/snack.py
@@ -13,8 +13,6 @@ usr/lib/libnewt.so.0.52.17
 #usr/share/locale/as
 #usr/share/locale/as/LC_MESSAGES
 #usr/share/locale/as/LC_MESSAGES/newt.mo
-#usr/share/locale/ast
-#usr/share/locale/ast/LC_MESSAGES
 #usr/share/locale/ast/LC_MESSAGES/newt.mo
 #usr/share/locale/bal
 #usr/share/locale/bal/LC_MESSAGES
@@ -102,8 +100,6 @@ usr/lib/libnewt.so.0.52.17
 #usr/share/locale/nn
 #usr/share/locale/nn/LC_MESSAGES
 #usr/share/locale/nn/LC_MESSAGES/newt.mo
-#usr/share/locale/pa
-#usr/share/locale/pa/LC_MESSAGES
 #usr/share/locale/pa/LC_MESSAGES/newt.mo
 #usr/share/locale/pl/LC_MESSAGES/newt.mo
 #usr/share/locale/pt/LC_MESSAGES/newt.mo

diff --git a/config/rootfiles/common/openssl-compat b/config/rootfiles/common/openssl-compat
deleted file mode 100644 (file)
index ccf89d0..0000000
--- a/config/rootfiles/common/openssl-compat
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/lib/libcrypto.so.0.9.8
-usr/lib/libssl.so.0.9.8

diff --git a/config/rootfiles/common/pcre b/config/rootfiles/common/pcre
index 78ac2a24fba7e91a6ceb7a5b673a4f59d72988d4..8c4cc2ac2559da5ed84289c9286d11d33300586f 100644 (file)
--- a/config/rootfiles/common/pcre
+++ b/config/rootfiles/common/pcre
@@ -10,7 +10,7 @@
 #usr/lib/libpcre.la
 usr/lib/libpcre.so
 usr/lib/libpcre.so.1
-usr/lib/libpcre.so.1.2.4
+usr/lib/libpcre.so.1.2.5
 #usr/lib/libpcrecpp.la
 usr/lib/libpcrecpp.so
 usr/lib/libpcrecpp.so.0

diff --git a/config/rootfiles/common/perl-Text-CSV_XS b/config/rootfiles/common/perl-Text-CSV_XS
new file mode 100644 (file)
index 0000000..bbc7d9b
--- /dev/null
+++ b/config/rootfiles/common/perl-Text-CSV_XS
@@ -0,0 +1,8 @@
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Text
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Text/CSV_XS.pm
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS/.packlist
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS/CSV_XS.bs
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS/CSV_XS.so
+#usr/share/man/man3/Text::CSV_XS.3

diff --git a/config/rootfiles/common/slang b/config/rootfiles/common/slang
index 0ebef78c70cfcd4c3d9b5af57d1176bda54e290f..71802d44362cbf6e6b0c1c119f8b3487c0b38335 100644 (file)
--- a/config/rootfiles/common/slang
+++ b/config/rootfiles/common/slang
@@ -4,21 +4,26 @@
 #usr/include/slcurses.h
 #usr/lib/libslang.so
 usr/lib/libslang.so.2
-usr/lib/libslang.so.2.2.4
+usr/lib/libslang.so.2.3.0
 #usr/lib/pkgconfig/slang.pc
 #usr/lib/slang
 #usr/lib/slang/v2
 #usr/lib/slang/v2/modules
+usr/lib/slang/v2/modules/base64-module.so
+usr/lib/slang/v2/modules/chksum-module.so
 usr/lib/slang/v2/modules/csv-module.so
 usr/lib/slang/v2/modules/fcntl-module.so
 usr/lib/slang/v2/modules/fork-module.so
+usr/lib/slang/v2/modules/histogram-module.so
 usr/lib/slang/v2/modules/iconv-module.so
+usr/lib/slang/v2/modules/json-module.so
 usr/lib/slang/v2/modules/pcre-module.so
 usr/lib/slang/v2/modules/png-module.so
 usr/lib/slang/v2/modules/rand-module.so
 usr/lib/slang/v2/modules/select-module.so
 usr/lib/slang/v2/modules/slsmg-module.so
 usr/lib/slang/v2/modules/socket-module.so
+usr/lib/slang/v2/modules/stats-module.so
 usr/lib/slang/v2/modules/sysconf-module.so
 usr/lib/slang/v2/modules/termios-module.so
 usr/lib/slang/v2/modules/varray-module.so
@@ -35,6 +40,10 @@ usr/lib/slang/v2/modules/zlib-module.so
 #usr/share/doc/slsh
 #usr/share/doc/slsh/html
 #usr/share/doc/slsh/html/slshfun-1.html
+#usr/share/doc/slsh/html/slshfun-10.html
+#usr/share/doc/slsh/html/slshfun-11.html
+#usr/share/doc/slsh/html/slshfun-12.html
+#usr/share/doc/slsh/html/slshfun-13.html
 #usr/share/doc/slsh/html/slshfun-2.html
 #usr/share/doc/slsh/html/slshfun-3.html
 #usr/share/doc/slsh/html/slshfun-4.html
@@ -48,13 +57,18 @@ usr/lib/slang/v2/modules/zlib-module.so
 #usr/share/slsh
 #usr/share/slsh/arrayfuns.sl
 #usr/share/slsh/autoload.sl
+#usr/share/slsh/base64.sl
+#usr/share/slsh/chksum.sl
 #usr/share/slsh/cmaps
 #usr/share/slsh/cmaps/cool.map
 #usr/share/slsh/cmaps/coolwarm.map
 #usr/share/slsh/cmaps/copper.map
+#usr/share/slsh/cmaps/cubicl.map
+#usr/share/slsh/cmaps/cubicyf.map
 #usr/share/slsh/cmaps/drywet.map
 #usr/share/slsh/cmaps/ds9b.map
 #usr/share/slsh/cmaps/ds9sls.map
+#usr/share/slsh/cmaps/edge.map
 #usr/share/slsh/cmaps/gebco.map
 #usr/share/slsh/cmaps/globe.map
 #usr/share/slsh/cmaps/gray.map
@@ -76,13 +90,20 @@ usr/lib/slang/v2/modules/zlib-module.so
 #usr/share/slsh/csv.sl
 #usr/share/slsh/fcntl.sl
 #usr/share/slsh/fork.sl
+#usr/share/slsh/fswalk.sl
 #usr/share/slsh/glob.sl
 #usr/share/slsh/help
 #usr/share/slsh/help/arrayfuns.hlp
+#usr/share/slsh/help/base64funs.hlp
+#usr/share/slsh/help/chksumfuns.hlp
 #usr/share/slsh/help/cmdopt.hlp
 #usr/share/slsh/help/csvfuns.hlp
 #usr/share/slsh/help/forkfuns.hlp
+#usr/share/slsh/help/fswalk.hlp
 #usr/share/slsh/help/glob.hlp
+#usr/share/slsh/help/histfuns.hlp
+#usr/share/slsh/help/jsonfuns.hlp
+#usr/share/slsh/help/listfuns.hlp
 #usr/share/slsh/help/onigfuns.hlp
 #usr/share/slsh/help/pcrefuns.hlp
 #usr/share/slsh/help/pngfuns.hlp
@@ -95,8 +116,12 @@ usr/lib/slang/v2/modules/zlib-module.so
 #usr/share/slsh/help/setfuns.hlp
 #usr/share/slsh/help/slsmg.hlp
 #usr/share/slsh/help/sockfuns.hlp
+#usr/share/slsh/help/statsfuns.hlp
 #usr/share/slsh/help/structfuns.hlp
+#usr/share/slsh/histogram.sl
 #usr/share/slsh/iconv.sl
+#usr/share/slsh/json.sl
+#usr/share/slsh/listfuns.sl
 #usr/share/slsh/local-packages
 #usr/share/slsh/onig.sl
 #usr/share/slsh/pcre.sl
@@ -132,6 +157,7 @@ usr/lib/slang/v2/modules/zlib-module.so
 #usr/share/slsh/slshrl.sl
 #usr/share/slsh/slsmg.sl
 #usr/share/slsh/socket.sl
+#usr/share/slsh/stats.sl
 #usr/share/slsh/stkcheck.sl
 #usr/share/slsh/structfuns.sl
 #usr/share/slsh/sysconf.sl

diff --git a/config/rootfiles/common/squid b/config/rootfiles/common/squid
index 76abbe8516bf6fdce0e1fe1bcc702e0be92ad719..1b78c8e0cf2909257f9b95f394b7879a47333c5d 100644 (file)
--- a/config/rootfiles/common/squid
+++ b/config/rootfiles/common/squid
@@ -34,7 +34,6 @@ usr/lib/squid/basic_smb_auth
 usr/lib/squid/basic_smb_auth.sh
 #usr/lib/squid/cachemgr.cgi
 usr/lib/squid/cert_tool
-usr/lib/squid/cert_valid.pl
 usr/lib/squid/digest_file_auth
 usr/lib/squid/digest_ldap_auth
 usr/lib/squid/diskd

diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 44f24b4369504ec1bf84267b689b7244eb75f6c0..90e28d9c4c26cc7f404ae5766b4088de30215198 100644 (file)
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -101,6 +101,8 @@ usr/local/bin/timecheck
 usr/local/bin/timezone-transition
 usr/local/bin/update-bootloader
 usr/local/bin/update-lang-cache
+usr/local/bin/xt_geoip_build
+usr/local/bin/xt_geoip_update
 #usr/local/include
 #usr/local/lib
 #usr/local/lib/sse2
@@ -120,10 +122,12 @@ usr/local/bin/update-lang-cache
 #usr/local/share/man/man8
 #usr/local/share/misc
 #usr/local/share/terminfo
+#usr/local/share/xt_geoip
 #usr/local/share/zoneinfo
 #usr/local/src
 #usr/sbin
 usr/sbin/ovpn-ccd-convert
+usr/sbin/ovpn-collectd-convert
 #usr/share
 #usr/share/doc
 #usr/share/doc/licenses
@@ -141,6 +145,7 @@ usr/share/doc/licenses/GPLv3
 #usr/share/man/man8
 #usr/share/misc
 #usr/share/terminfo
+#usr/share/xt_geoip
 #usr/share/zoneinfo
 #var
 #var/cache

diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index e55c43c03b9975fe0f6dd106dc84dba5255cd018..7564d38c8b889e63ce9db24c2bf8ba90c5c13acf 100644 (file)
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -16,8 +16,10 @@ etc/strongswan.d/charon-logging.conf
 etc/strongswan.d/charon.conf
 etc/strongswan.d/charon/aes.conf
 etc/strongswan.d/charon/attr.conf
+etc/strongswan.d/charon/ccm.conf
 etc/strongswan.d/charon/cmac.conf
 etc/strongswan.d/charon/constraints.conf
+etc/strongswan.d/charon/ctr.conf
 etc/strongswan.d/charon/curl.conf
 etc/strongswan.d/charon/des.conf
 etc/strongswan.d/charon/dhcp.conf
@@ -30,6 +32,7 @@ etc/strongswan.d/charon/eap-tls.conf
 etc/strongswan.d/charon/eap-ttls.conf
 etc/strongswan.d/charon/farp.conf
 etc/strongswan.d/charon/fips-prf.conf
+etc/strongswan.d/charon/gcm.conf
 etc/strongswan.d/charon/gcrypt.conf
 etc/strongswan.d/charon/gmp.conf
 etc/strongswan.d/charon/hmac.conf
@@ -93,8 +96,10 @@ usr/lib/ipsec/libtls.so.0.0.0
 #usr/lib/ipsec/plugins
 usr/lib/ipsec/plugins/libstrongswan-aes.so
 usr/lib/ipsec/plugins/libstrongswan-attr.so
+usr/lib/ipsec/plugins/libstrongswan-ccm.so
 usr/lib/ipsec/plugins/libstrongswan-cmac.so
 usr/lib/ipsec/plugins/libstrongswan-constraints.so
+usr/lib/ipsec/plugins/libstrongswan-ctr.so
 usr/lib/ipsec/plugins/libstrongswan-curl.so
 usr/lib/ipsec/plugins/libstrongswan-dhcp.so
 usr/lib/ipsec/plugins/libstrongswan-des.so
@@ -107,6 +112,7 @@ usr/lib/ipsec/plugins/libstrongswan-eap-tls.so
 usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so
 usr/lib/ipsec/plugins/libstrongswan-farp.so
 usr/lib/ipsec/plugins/libstrongswan-fips-prf.so
+usr/lib/ipsec/plugins/libstrongswan-gcm.so
 usr/lib/ipsec/plugins/libstrongswan-gcrypt.so
 usr/lib/ipsec/plugins/libstrongswan-gmp.so
 usr/lib/ipsec/plugins/libstrongswan-hmac.so
@@ -141,7 +147,6 @@ usr/lib/ipsec/plugins/libstrongswan-xcbc.so
 #usr/libexec/ipsec
 usr/libexec/ipsec/_copyright
 usr/libexec/ipsec/_updown
-usr/libexec/ipsec/_updown_espmark
 usr/libexec/ipsec/charon
 usr/libexec/ipsec/scepclient
 usr/libexec/ipsec/starter
@@ -163,7 +168,6 @@ usr/sbin/ipsec
 #usr/share/man/man5/ipsec.secrets.5
 #usr/share/man/man5/strongswan.conf.5
 #usr/share/man/man8/_updown.8
-#usr/share/man/man8/_updown_espmark.8
 #usr/share/man/man8/ipsec.8
 #usr/share/man/man8/openac.8
 #usr/share/man/man8/scepclient.8
@@ -173,8 +177,10 @@ usr/sbin/ipsec
 #usr/share/strongswan/templates/config/plugins
 #usr/share/strongswan/templates/config/plugins/aes.conf
 #usr/share/strongswan/templates/config/plugins/attr.conf
+#usr/share/strongswan/templates/config/plugins/ccm.conf
 #usr/share/strongswan/templates/config/plugins/cmac.conf
 #usr/share/strongswan/templates/config/plugins/constraints.conf
+#usr/share/strongswan/templates/config/plugins/ctr.conf
 #usr/share/strongswan/templates/config/plugins/curl.conf
 #usr/share/strongswan/templates/config/plugins/des.conf
 #usr/share/strongswan/templates/config/plugins/dhcp.conf
@@ -187,6 +193,7 @@ usr/sbin/ipsec
 #usr/share/strongswan/templates/config/plugins/eap-ttls.conf
 #usr/share/strongswan/templates/config/plugins/farp.conf
 #usr/share/strongswan/templates/config/plugins/fips-prf.conf
+#usr/share/strongswan/templates/config/plugins/gcm.conf
 #usr/share/strongswan/templates/config/plugins/gcrypt.conf
 #usr/share/strongswan/templates/config/plugins/gmp.conf
 #usr/share/strongswan/templates/config/plugins/hmac.conf

diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev
index bc1cdaa1ff3ba1ceae448a37f13ed5b8314b6e85..d01c4610158f05d6da4b1febd2f1ac5b1e6ee772 100644 (file)
--- a/config/rootfiles/common/udev
+++ b/config/rootfiles/common/udev
@@ -2,7 +2,6 @@ bin/udevadm
 etc/modprobe.d/blacklist.conf
 etc/udev
 #etc/udev/rules.d
-#etc/udev/rules.d/30-persistent-network.rules
 #etc/udev/rules.d/55-lfs.rules
 #etc/udev/rules.d/81-cdrom.rules
 #etc/udev/rules.d/83-cdrom-symlinks.rules
@@ -29,6 +28,7 @@ lib/udev
 #lib/udev/hwdb.d/60-keyboard.hwdb
 #lib/udev/init-net-rules.sh
 #lib/udev/mtd_probe
+#lib/udev/network-hotplug-rename
 #lib/udev/rule_generator.functions
 #lib/udev/rules.d
 #lib/udev/rules.d/25-alsa.rules
@@ -37,6 +37,7 @@ lib/udev
 #lib/udev/rules.d/50-udev-default.rules
 #lib/udev/rules.d/60-cdrom_id.rules
 #lib/udev/rules.d/60-keyboard.rules
+#lib/udev/rules.d/60-net.rules
 #lib/udev/rules.d/60-persistent-alsa.rules
 #lib/udev/rules.d/60-persistent-input.rules
 #lib/udev/rules.d/60-persistent-serial.rules

diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
new file mode 100644 (file)
index 0000000..3f22b72
--- /dev/null
+++ b/config/rootfiles/common/web-user-interface
@@ -0,0 +1,360 @@
+srv/web/ipfire/cgi-bin/aliases.cgi
+#srv/web/ipfire/cgi-bin/asterisk
+#srv/web/ipfire/cgi-bin/asterisk/calls.cgi
+#srv/web/ipfire/cgi-bin/asterisk/conf
+#srv/web/ipfire/cgi-bin/asterisk/conf.cgi
+#srv/web/ipfire/cgi-bin/asterisk/conf/telbook.conf
+#srv/web/ipfire/cgi-bin/asterisk/status.cgi
+srv/web/ipfire/cgi-bin/atm-status.cgi
+srv/web/ipfire/cgi-bin/backup.cgi
+srv/web/ipfire/cgi-bin/bluetooth.cgi
+srv/web/ipfire/cgi-bin/chpasswd.cgi
+srv/web/ipfire/cgi-bin/connections.cgi
+srv/web/ipfire/cgi-bin/connscheduler.cgi
+srv/web/ipfire/cgi-bin/country.cgi
+srv/web/ipfire/cgi-bin/credits.cgi
+srv/web/ipfire/cgi-bin/ddns.cgi
+srv/web/ipfire/cgi-bin/dhcp.cgi
+srv/web/ipfire/cgi-bin/dns.cgi
+srv/web/ipfire/cgi-bin/dnsforward.cgi
+srv/web/ipfire/cgi-bin/entropy.cgi
+srv/web/ipfire/cgi-bin/extrahd.cgi
+srv/web/ipfire/cgi-bin/fireinfo.cgi
+srv/web/ipfire/cgi-bin/firewall.cgi
+srv/web/ipfire/cgi-bin/fwhosts.cgi
+srv/web/ipfire/cgi-bin/geoip-block.cgi
+srv/web/ipfire/cgi-bin/gpl.cgi
+srv/web/ipfire/cgi-bin/gui.cgi
+srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
+srv/web/ipfire/cgi-bin/hosts.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
+#srv/web/ipfire/cgi-bin/imspector.cgi
+srv/web/ipfire/cgi-bin/index.cgi
+srv/web/ipfire/cgi-bin/ipinfo.cgi
+srv/web/ipfire/cgi-bin/iptables.cgi
+srv/web/ipfire/cgi-bin/logs.cgi
+srv/web/ipfire/cgi-bin/logs.cgi/calamaris.dat
+srv/web/ipfire/cgi-bin/logs.cgi/config.dat
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllogip.dat
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllogport.dat
+srv/web/ipfire/cgi-bin/logs.cgi/ids.dat
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+srv/web/ipfire/cgi-bin/logs.cgi/proxylog.dat
+srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromcountry.dat
+srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromip.dat
+srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromport.dat
+srv/web/ipfire/cgi-bin/logs.cgi/summary.dat
+srv/web/ipfire/cgi-bin/logs.cgi/urlfilter.dat
+srv/web/ipfire/cgi-bin/mac.cgi
+srv/web/ipfire/cgi-bin/mdstat.cgi
+srv/web/ipfire/cgi-bin/media.cgi
+srv/web/ipfire/cgi-bin/memory.cgi
+srv/web/ipfire/cgi-bin/modem-status.cgi
+srv/web/ipfire/cgi-bin/modem.cgi
+#srv/web/ipfire/cgi-bin/mpfire.cgi
+srv/web/ipfire/cgi-bin/netexternal.cgi
+srv/web/ipfire/cgi-bin/netinternal.cgi
+srv/web/ipfire/cgi-bin/netother.cgi
+srv/web/ipfire/cgi-bin/netovpnrw.cgi
+srv/web/ipfire/cgi-bin/netovpnsrv.cgi
+srv/web/ipfire/cgi-bin/optionsfw.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/p2p-block.cgi
+srv/web/ipfire/cgi-bin/pakfire.cgi
+srv/web/ipfire/cgi-bin/pppsetup.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/cgi-bin/qos.cgi
+srv/web/ipfire/cgi-bin/remote.cgi
+srv/web/ipfire/cgi-bin/routing.cgi
+#srv/web/ipfire/cgi-bin/samba.cgi
+#srv/web/ipfire/cgi-bin/sambahlp.cgi
+srv/web/ipfire/cgi-bin/services.cgi
+srv/web/ipfire/cgi-bin/shutdown.cgi
+srv/web/ipfire/cgi-bin/speed.cgi
+srv/web/ipfire/cgi-bin/system.cgi
+srv/web/ipfire/cgi-bin/time.cgi
+#srv/web/ipfire/cgi-bin/tor.cgi
+srv/web/ipfire/cgi-bin/traffic.cgi
+#srv/web/ipfire/cgi-bin/tripwire.cgi
+srv/web/ipfire/cgi-bin/updatexlrator.cgi
+#srv/web/ipfire/cgi-bin/upnp.cgi
+srv/web/ipfire/cgi-bin/urlfilter.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+srv/web/ipfire/cgi-bin/wakeonlan.cgi
+srv/web/ipfire/cgi-bin/webaccess.cgi
+srv/web/ipfire/cgi-bin/wireless.cgi
+srv/web/ipfire/cgi-bin/wirelessclient.cgi
+srv/web/ipfire/cgi-bin/wlanap.cgi
+#srv/web/ipfire/html
+srv/web/ipfire/html/blob.gif
+srv/web/ipfire/html/clwarn.cgi
+srv/web/ipfire/html/dial.cgi
+srv/web/ipfire/html/favicon.ico
+#srv/web/ipfire/html/images
+srv/web/ipfire/html/images/IPFire.png
+srv/web/ipfire/html/images/add.gif
+srv/web/ipfire/html/images/addblue.gif
+srv/web/ipfire/html/images/addgreen.gif
+srv/web/ipfire/html/images/address-book-new.png
+srv/web/ipfire/html/images/application-certificate.png
+srv/web/ipfire/html/images/application-x-executable.png
+srv/web/ipfire/html/images/applications-accessories.png
+srv/web/ipfire/html/images/applications-development.png
+srv/web/ipfire/html/images/applications-games.png
+srv/web/ipfire/html/images/applications-graphics.png
+srv/web/ipfire/html/images/applications-internet.png
+srv/web/ipfire/html/images/applications-multimedia.png
+srv/web/ipfire/html/images/applications-office.png
+srv/web/ipfire/html/images/applications-other.png
+srv/web/ipfire/html/images/applications-system.png
+srv/web/ipfire/html/images/appointment-new.png
+srv/web/ipfire/html/images/audio-volume-high-red.png
+srv/web/ipfire/html/images/audio-volume-high.png
+srv/web/ipfire/html/images/audio-volume-low-red.png
+srv/web/ipfire/html/images/audio-volume-low.png
+srv/web/ipfire/html/images/audio-x-generic-red.png
+srv/web/ipfire/html/images/audio-x-generic.png
+srv/web/ipfire/html/images/background.gif
+srv/web/ipfire/html/images/bookmark-new.png
+srv/web/ipfire/html/images/clock.gif
+srv/web/ipfire/html/images/computer.png
+srv/web/ipfire/html/images/delete.gif
+srv/web/ipfire/html/images/dialog-error.png
+srv/web/ipfire/html/images/dialog-information.png
+srv/web/ipfire/html/images/dialog-warning.png
+srv/web/ipfire/html/images/dns_link.png
+srv/web/ipfire/html/images/document-new.png
+srv/web/ipfire/html/images/document-open.png
+srv/web/ipfire/html/images/document-print-preview.png
+srv/web/ipfire/html/images/document-print.png
+srv/web/ipfire/html/images/document-properties.png
+srv/web/ipfire/html/images/document-save-as.png
+srv/web/ipfire/html/images/document-save.png
+srv/web/ipfire/html/images/down.gif
+srv/web/ipfire/html/images/drive-harddisk.png
+srv/web/ipfire/html/images/drive-optical.png
+srv/web/ipfire/html/images/drive-removable-media.png
+srv/web/ipfire/html/images/edit-find.png
+srv/web/ipfire/html/images/edit-redo.png
+srv/web/ipfire/html/images/edit.gif
+srv/web/ipfire/html/images/floppy.gif
+srv/web/ipfire/html/images/folder-drag-accept.png
+srv/web/ipfire/html/images/folder-new.png
+srv/web/ipfire/html/images/folder-open.png
+srv/web/ipfire/html/images/folder-remote.png
+srv/web/ipfire/html/images/folder-saved-search.png
+srv/web/ipfire/html/images/folder-visiting.png
+srv/web/ipfire/html/images/folder.png
+srv/web/ipfire/html/images/format-indent-less.png
+srv/web/ipfire/html/images/format-indent-more.png
+srv/web/ipfire/html/images/format-justify-center.png
+srv/web/ipfire/html/images/format-justify-fill.png
+srv/web/ipfire/html/images/format-justify-left.png
+srv/web/ipfire/html/images/format-justify-right.png
+srv/web/ipfire/html/images/forward.gif
+srv/web/ipfire/html/images/go-bottom.png
+srv/web/ipfire/html/images/go-down.png
+srv/web/ipfire/html/images/go-first.png
+srv/web/ipfire/html/images/go-home.png
+srv/web/ipfire/html/images/go-jump.png
+srv/web/ipfire/html/images/go-last.png
+srv/web/ipfire/html/images/go-next.png
+srv/web/ipfire/html/images/go-previous.png
+srv/web/ipfire/html/images/go-top.png
+srv/web/ipfire/html/images/go-up.png
+srv/web/ipfire/html/images/help-browser.png
+srv/web/ipfire/html/images/help.gif
+srv/web/ipfire/html/images/image-loading.png
+srv/web/ipfire/html/images/image-missing.png
+srv/web/ipfire/html/images/image-x-generic.png
+srv/web/ipfire/html/images/indicator.gif
+srv/web/ipfire/html/images/info.gif
+srv/web/ipfire/html/images/input-gaming.png
+srv/web/ipfire/html/images/input-keyboard.png
+srv/web/ipfire/html/images/input-mouse.png
+srv/web/ipfire/html/images/internet-group-chat.png
+srv/web/ipfire/html/images/internet-mail.png
+srv/web/ipfire/html/images/internet-news-reader.png
+srv/web/ipfire/html/images/internet-web-browser.png
+srv/web/ipfire/html/images/list-add.png
+srv/web/ipfire/html/images/list-remove.png
+srv/web/ipfire/html/images/mail-attachment.png
+srv/web/ipfire/html/images/mail-forward.png
+srv/web/ipfire/html/images/mail-mark-junk.png
+srv/web/ipfire/html/images/mail-mark-not-junk.png
+srv/web/ipfire/html/images/mail-message-new.png
+srv/web/ipfire/html/images/mail-reply-all.png
+srv/web/ipfire/html/images/mail-reply-sender.png
+srv/web/ipfire/html/images/mail-send-receive.png
+srv/web/ipfire/html/images/media-flash.png
+srv/web/ipfire/html/images/media-floppy.png
+srv/web/ipfire/html/images/media-optical.png
+srv/web/ipfire/html/images/media-playback-start-all.png
+srv/web/ipfire/html/images/media-playback-start.png
+srv/web/ipfire/html/images/media-playback-stop.png
+srv/web/ipfire/html/images/media-repeat.png
+srv/web/ipfire/html/images/media-resume.png
+srv/web/ipfire/html/images/media-shuffle.png
+srv/web/ipfire/html/images/media-skip-backward.png
+srv/web/ipfire/html/images/media-skip-forward.png
+srv/web/ipfire/html/images/mpfire
+srv/web/ipfire/html/images/mpfire/box.png
+srv/web/ipfire/html/images/network-error.png
+srv/web/ipfire/html/images/network-idle.png
+srv/web/ipfire/html/images/network-offline.png
+srv/web/ipfire/html/images/network-receive.png
+srv/web/ipfire/html/images/network-server.png
+srv/web/ipfire/html/images/network-transmit-receive.png
+srv/web/ipfire/html/images/network-transmit.png
+srv/web/ipfire/html/images/network-wired.png
+srv/web/ipfire/html/images/network-wireless-encrypted.png
+srv/web/ipfire/html/images/network-wireless.png
+srv/web/ipfire/html/images/network-workgroup.png
+srv/web/ipfire/html/images/network.png
+srv/web/ipfire/html/images/null.gif
+srv/web/ipfire/html/images/off.gif
+srv/web/ipfire/html/images/on.gif
+srv/web/ipfire/html/images/openvpn.gif
+srv/web/ipfire/html/images/openvpn.png
+srv/web/ipfire/html/images/package-x-generic.png
+srv/web/ipfire/html/images/printer-error.png
+srv/web/ipfire/html/images/printer.png
+srv/web/ipfire/html/images/process-stop.png
+srv/web/ipfire/html/images/process-working.png
+srv/web/ipfire/html/images/reload.gif
+srv/web/ipfire/html/images/start-here.png
+srv/web/ipfire/html/images/stock_down-16.png
+srv/web/ipfire/html/images/stock_ok.png
+srv/web/ipfire/html/images/stock_stop.png
+srv/web/ipfire/html/images/stock_up-16.png
+srv/web/ipfire/html/images/system-file-manager.png
+srv/web/ipfire/html/images/system-installer.png
+srv/web/ipfire/html/images/system-lock-screen.png
+srv/web/ipfire/html/images/system-log-out.png
+srv/web/ipfire/html/images/system-search.png
+srv/web/ipfire/html/images/system-shutdown.png
+srv/web/ipfire/html/images/system-software-update.png
+srv/web/ipfire/html/images/system-users.png
+srv/web/ipfire/html/images/tab-new.png
+srv/web/ipfire/html/images/table-header.gif
+srv/web/ipfire/html/images/text-html.png
+srv/web/ipfire/html/images/text-x-generic-template.png
+srv/web/ipfire/html/images/text-x-generic.png
+srv/web/ipfire/html/images/text-x-script.png
+srv/web/ipfire/html/images/tux.png
+srv/web/ipfire/html/images/up.gif
+srv/web/ipfire/html/images/updbooster
+srv/web/ipfire/html/images/updbooster/updxl-globe.gif
+srv/web/ipfire/html/images/updbooster/updxl-gr.gif
+srv/web/ipfire/html/images/updbooster/updxl-led-blue.gif
+srv/web/ipfire/html/images/updbooster/updxl-led-gray.gif
+srv/web/ipfire/html/images/updbooster/updxl-led-green.gif
+srv/web/ipfire/html/images/updbooster/updxl-led-red.gif
+srv/web/ipfire/html/images/updbooster/updxl-led-yellow.gif
+srv/web/ipfire/html/images/updbooster/updxl-rd.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-adobe.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-apple.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-avast.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-avg.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-avira.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-kaspersky.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-linux.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-microsoft.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-symantec.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-trendmicro.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-unknown.gif
+srv/web/ipfire/html/images/updbooster/updxl-src-windows.gif
+srv/web/ipfire/html/images/updbooster/updxl-yl.gif
+srv/web/ipfire/html/images/urlfilter
+srv/web/ipfire/html/images/urlfilter/1x1.gif
+srv/web/ipfire/html/images/urlfilter/bg_cool_tux.jpg
+srv/web/ipfire/html/images/urlfilter/bgcool.gif
+srv/web/ipfire/html/images/urlfilter/copy.gif
+srv/web/ipfire/html/images/urlfilter/gmg_tux_ip_fire.gif
+srv/web/ipfire/html/images/urlfilter/led-green.gif
+srv/web/ipfire/html/images/urlfilter/led-red.gif
+srv/web/ipfire/html/images/user-home.png
+srv/web/ipfire/html/images/user-multiple.png
+srv/web/ipfire/html/images/user-option-add.png
+srv/web/ipfire/html/images/user-option-remove.png
+srv/web/ipfire/html/images/user-trash-full.png
+srv/web/ipfire/html/images/user-trash.png
+srv/web/ipfire/html/images/utilities-system-monitor.png
+srv/web/ipfire/html/images/utilities-terminal.png
+srv/web/ipfire/html/images/view-fullscreen.png
+srv/web/ipfire/html/images/view-refresh.png
+srv/web/ipfire/html/images/wakeup.gif
+srv/web/ipfire/html/images/window-new.png
+srv/web/ipfire/html/include
+srv/web/ipfire/html/include/snortupdateutility.js
+srv/web/ipfire/html/index.cgi
+srv/web/ipfire/html/redirect-templates
+srv/web/ipfire/html/redirect-templates/legacy
+srv/web/ipfire/html/redirect-templates/legacy/template.html
+srv/web/ipfire/html/redirect.cgi
+srv/web/ipfire/html/themes
+srv/web/ipfire/html/themes/darkdos
+srv/web/ipfire/html/themes/darkdos/images
+srv/web/ipfire/html/themes/darkdos/images/IPFire.png
+srv/web/ipfire/html/themes/darkdos/images/b1.gif
+srv/web/ipfire/html/themes/darkdos/images/b2.gif
+srv/web/ipfire/html/themes/darkdos/images/b3.gif
+srv/web/ipfire/html/themes/darkdos/images/b4.gif
+srv/web/ipfire/html/themes/darkdos/images/b5.gif
+srv/web/ipfire/html/themes/darkdos/images/b6.gif
+srv/web/ipfire/html/themes/darkdos/images/spacer.gif
+srv/web/ipfire/html/themes/darkdos/include
+srv/web/ipfire/html/themes/darkdos/include/colors.txt
+srv/web/ipfire/html/themes/darkdos/include/functions.pl
+srv/web/ipfire/html/themes/darkdos/include/style.css
+srv/web/ipfire/html/themes/ipfire
+srv/web/ipfire/html/themes/ipfire-legacy
+srv/web/ipfire/html/themes/ipfire-legacy/images
+srv/web/ipfire/html/themes/ipfire-legacy/images/n1.gif
+srv/web/ipfire/html/themes/ipfire-legacy/images/n2.gif
+srv/web/ipfire/html/themes/ipfire-legacy/images/n3.gif
+srv/web/ipfire/html/themes/ipfire-legacy/images/n4.gif
+srv/web/ipfire/html/themes/ipfire-legacy/images/n5.gif
+srv/web/ipfire/html/themes/ipfire-legacy/images/n6.gif
+srv/web/ipfire/html/themes/ipfire-legacy/images/spacer.gif
+srv/web/ipfire/html/themes/ipfire-legacy/include
+srv/web/ipfire/html/themes/ipfire-legacy/include/colors.txt
+srv/web/ipfire/html/themes/ipfire-legacy/include/functions.pl
+srv/web/ipfire/html/themes/ipfire-legacy/include/style.css
+srv/web/ipfire/html/themes/ipfire-rounded
+srv/web/ipfire/html/themes/ipfire/images
+srv/web/ipfire/html/themes/ipfire/images/n2.gif
+srv/web/ipfire/html/themes/ipfire/images/n3.gif
+srv/web/ipfire/html/themes/ipfire/images/n5.gif
+srv/web/ipfire/html/themes/ipfire/images/n6.gif
+srv/web/ipfire/html/themes/ipfire/images/tux2.png
+srv/web/ipfire/html/themes/ipfire/include
+srv/web/ipfire/html/themes/ipfire/include/colors.txt
+srv/web/ipfire/html/themes/ipfire/include/css
+srv/web/ipfire/html/themes/ipfire/include/css/style-rounded.css
+srv/web/ipfire/html/themes/ipfire/include/css/style.css
+srv/web/ipfire/html/themes/ipfire/include/functions.pl
+srv/web/ipfire/html/themes/ipfire/include/js
+srv/web/ipfire/html/themes/ipfire/include/js/refreshInetInfo.js
+srv/web/ipfire/html/themes/maniac
+srv/web/ipfire/html/themes/maniac/images
+srv/web/ipfire/html/themes/maniac/images/IPFire.png
+srv/web/ipfire/html/themes/maniac/images/Thumbs.db
+srv/web/ipfire/html/themes/maniac/images/b1.gif
+srv/web/ipfire/html/themes/maniac/images/b2.gif
+srv/web/ipfire/html/themes/maniac/images/b3.gif
+srv/web/ipfire/html/themes/maniac/images/b4.gif
+srv/web/ipfire/html/themes/maniac/images/b5.gif
+srv/web/ipfire/html/themes/maniac/images/b6.gif
+srv/web/ipfire/html/themes/maniac/images/spacer.gif
+srv/web/ipfire/html/themes/maniac/include
+srv/web/ipfire/html/themes/maniac/include/colors.txt
+srv/web/ipfire/html/themes/maniac/include/functions.pl
+srv/web/ipfire/html/themes/maniac/include/style.css
+var/updatecache
+var/updatecache/download
+var/updatecache/metadata
+srv/web/ipfire/html/accounting
+srv/web/ipfire/html/graphs

diff --git a/config/rootfiles/common/xtables-addons b/config/rootfiles/common/xtables-addons
new file mode 100644 (file)
index 0000000..f6e85ae
--- /dev/null
+++ b/config/rootfiles/common/xtables-addons
@@ -0,0 +1,33 @@
+lib/xtables/libxt_ACCOUNT.so
+lib/xtables/libxt_CHAOS.so
+lib/xtables/libxt_DELUDE.so
+lib/xtables/libxt_DHCPMAC.so
+lib/xtables/libxt_DNETMAP.so
+lib/xtables/libxt_ECHO.so
+lib/xtables/libxt_IPMARK.so
+lib/xtables/libxt_LOGMARK.so
+lib/xtables/libxt_TARPIT.so
+lib/xtables/libxt_condition.so
+lib/xtables/libxt_dhcpmac.so
+lib/xtables/libxt_fuzzy.so
+lib/xtables/libxt_geoip.so
+lib/xtables/libxt_iface.so
+lib/xtables/libxt_ipp2p.so
+lib/xtables/libxt_ipv4options.so
+lib/xtables/libxt_length2.so
+lib/xtables/libxt_lscan.so
+lib/xtables/libxt_pknock.so
+lib/xtables/libxt_psd.so
+lib/xtables/libxt_quota2.so
+#usr/lib/libxt_ACCOUNT_cl.la
+#usr/lib/libxt_ACCOUNT_cl.so
+usr/lib/libxt_ACCOUNT_cl.so.0
+usr/lib/libxt_ACCOUNT_cl.so.0.0.0
+#usr/libexec/xtables-addons
+usr/libexec/xtables-addons/xt_geoip_build
+usr/libexec/xtables-addons/xt_geoip_dl
+usr/sbin/iptaccount
+#usr/share/man/man1/xt_geoip_build.1
+#usr/share/man/man1/xt_geoip_dl.1
+#usr/share/man/man8/iptaccount.8
+#usr/share/man/man8/xtables-addons.8

diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz
index 7c83de7c7626553dc1fc7ec27ed15c295b6fbff3..b4053d9b71c40a42ad15ec9062d9c5e68720bee2 100644 (file)
--- a/config/rootfiles/common/xz
+++ b/config/rootfiles/common/xz
@@ -33,7 +33,7 @@ usr/bin/xzmore
 #usr/include/lzma/hardware.h
 #usr/include/lzma/index.h
 #usr/include/lzma/index_hash.h
-#usr/include/lzma/lzma.h
+#usr/include/lzma/lzma12.h
 #usr/include/lzma/stream_flags.h
 #usr/include/lzma/version.h
 #usr/include/lzma/vli.h
@@ -41,7 +41,7 @@ usr/bin/xzmore
 #usr/lib/liblzma.la
 usr/lib/liblzma.so
 usr/lib/liblzma.so.5
-usr/lib/liblzma.so.5.0.5
+usr/lib/liblzma.so.5.2.1
 #usr/lib/pkgconfig/liblzma.pc
 #usr/share/doc/xz
 #usr/share/doc/xz/AUTHORS
@@ -56,6 +56,7 @@ usr/lib/liblzma.so.5.0.5
 #usr/share/doc/xz/examples/01_compress_easy.c
 #usr/share/doc/xz/examples/02_decompress.c
 #usr/share/doc/xz/examples/03_compress_custom.c
+#usr/share/doc/xz/examples/04_compress_easy_mt.c
 #usr/share/doc/xz/examples/Makefile
 #usr/share/doc/xz/examples_old
 #usr/share/doc/xz/examples_old/xz_pipe_comp.c
@@ -69,6 +70,7 @@ usr/lib/liblzma.so.5.0.5
 #usr/share/locale/fr/LC_MESSAGES/xz.mo
 #usr/share/locale/it/LC_MESSAGES/xz.mo
 #usr/share/locale/pl/LC_MESSAGES/xz.mo
+#usr/share/locale/vi/LC_MESSAGES/xz.mo
 #usr/share/man/man1/lzcat.1
 #usr/share/man/man1/lzcmp.1
 #usr/share/man/man1/lzdiff.1

diff --git a/config/rootfiles/core/89/filelists/files b/config/rootfiles/core/89/filelists/files
index f344208d592b238e562f5bc42de064e16ef77a75..70c5f3d9b17ad22d3a82fa9187cf765df73f22ec 100644 (file)
--- a/config/rootfiles/core/89/filelists/files
+++ b/config/rootfiles/core/89/filelists/files
@@ -11,7 +11,10 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi
 srv/web/ipfire/cgi-bin/netovpnsrv.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/local/bin/collectdctrl
 usr/local/bin/openvpnctrl
+usr/sbin/ovpn-collectd-convert
+usr/sbin/setup
 var/ipfire/backup/bin/backup.pl
 var/ipfire/graphs.pl
 var/ipfire/langs

diff --git a/config/rootfiles/core/89/update.sh b/config/rootfiles/core/89/update.sh
index f3de863ec5aa311f5b2bf8363ea6909833a32ef9..13c645a1a2ffacdac7a34bc62ade0b2816bb2a27 100644 (file)
--- a/config/rootfiles/core/89/update.sh
+++ b/config/rootfiles/core/89/update.sh
@@ -35,10 +35,22 @@ done
 /etc/init.d/ipsec stop
 
 # Remove old files
+rm -f /usr/local/sbin/setup
 
 # Extract files
 extract_files
 
+# Update /etc/sysconfig/createfiles
+cat <<EOF >> /etc/sysconfig/createfiles
+/var/run/ovpnserver.log file    644     nobody  nobody
+/var/run/openvpn        dir     644     nobody  nobody
+EOF
+
+# Update /etc/collectd.conf
+if ! grep -q "collectd.vpn" /etc/collectd.conf; then
+       echo "include \"/etc/collectd.vpn\"" >> /etc/collectd.conf
+fi
+
 # Generate ddns configuration file
 sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi
 
@@ -56,6 +68,33 @@ rm -f \
        /opt/pakfire/db/*/meta-sqlite \
        /opt/pakfire/db/rootfiles/sqlite
 
+mkdir -p /var/run/openvpn
+touch /var/run/ovpnserver.log
+chown nobody.nobody \
+       /var/run/openvpn \
+       /var/run/ovpnserver.log
+
+# Update OpenVPN/collectd configuration
+for i in /var/ipfire/ovpn/n2nconf/*/*.conf; do
+       name="${i##*/}"
+       name="${name%*.conf}"
+
+       if ! grep -qE "^status-version" ${i}; then
+               echo "# Logfile" >> ${i}
+               echo "status-version 1" >> ${i}
+       fi
+
+       if ! grep -qE "^status " ${i}; then
+               echo "status /var/run/openvpn/${name}-n2n 10" >> ${i}
+       fi
+done
+
+/usr/sbin/ovpn-collectd-convert
+chown nobody.nobody /var/ipfire/ovpn/collectd.vpn
+
+# Fix permissions
+chown nobody.nobody /var/ipfire/dns
+
 # Fix #10625
 mkdir -p /etc/logrotate.d
 

diff --git a/config/rootfiles/core/90/exclude b/config/rootfiles/core/90/exclude
new file mode 100644 (file)
index 0000000..73b7b73
--- /dev/null
+++ b/config/rootfiles/core/90/exclude
@@ -0,0 +1,27 @@
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/rc.d/rcsysinit.d/S19checkfstab
+etc/rc.d/rcsysinit.d/S70console
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/modules
+etc/sysconfig/rc.local
+srv/web/ipfire/html/proxy.pac
+var/ipfire/firewall/geoipblock
+var/ipfire/fwhosts/custmgeoipgrp
+var/ipfire/ovpn/ccd.conf
+var/ipfire/ovpn/ccdroute
+var/ipfire/ovpn/ccdroute2
+var/ipfire/time
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache

diff --git a/config/rootfiles/core/90/filelists/Locale-Country b/config/rootfiles/core/90/filelists/Locale-Country
new file mode 120000 (symlink)
index 0000000..025c278
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/Locale-Country
@@ -0,0 +1 @@
+../../../common/Locale-Country
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/apache2 b/config/rootfiles/core/90/filelists/apache2
new file mode 120000 (symlink)
index 0000000..eef95ef
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/apache2
@@ -0,0 +1 @@
+../../../common/apache2
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/armv5tel/glibc b/config/rootfiles/core/90/filelists/armv5tel/glibc
new file mode 120000 (symlink)
index 0000000..4c70d72
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/armv5tel/glibc
@@ -0,0 +1 @@
+../../../../common/armv5tel/glibc
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/90/filelists/armv5tel/linux-kirkwood
new file mode 120000 (symlink)
index 0000000..7217107
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/armv5tel/linux-kirkwood
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-kirkwood
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/armv5tel/linux-multi b/config/rootfiles/core/90/filelists/armv5tel/linux-multi
new file mode 120000 (symlink)
index 0000000..204eb4c
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/armv5tel/linux-multi
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-multi
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/armv5tel/linux-rpi b/config/rootfiles/core/90/filelists/armv5tel/linux-rpi
new file mode 120000 (symlink)
index 0000000..a651a49
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/armv5tel/linux-rpi
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-rpi
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/curl b/config/rootfiles/core/90/filelists/curl
new file mode 120000 (symlink)
index 0000000..4b84bef
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/curl
@@ -0,0 +1 @@
+../../../common/curl
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/cyrus-sasl b/config/rootfiles/core/90/filelists/cyrus-sasl
new file mode 120000 (symlink)
index 0000000..bb51b4c
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/cyrus-sasl
@@ -0,0 +1 @@
+../../../common/cyrus-sasl
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/ddns b/config/rootfiles/core/90/filelists/ddns
new file mode 120000 (symlink)
index 0000000..7395164
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/ddns
@@ -0,0 +1 @@
+../../../common/ddns
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/dhcp b/config/rootfiles/core/90/filelists/dhcp
new file mode 120000 (symlink)
index 0000000..32d8da4
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/dhcp
@@ -0,0 +1 @@
+../../../common/dhcp
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/dhcpcd b/config/rootfiles/core/90/filelists/dhcpcd
new file mode 120000 (symlink)
index 0000000..1e799da
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/dhcpcd
@@ -0,0 +1 @@
+../../../common/dhcpcd
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/dnsmasq b/config/rootfiles/core/90/filelists/dnsmasq
new file mode 120000 (symlink)
index 0000000..d469c74
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/dnsmasq
@@ -0,0 +1 @@
+../../../common/dnsmasq
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/dracut b/config/rootfiles/core/90/filelists/dracut
new file mode 120000 (symlink)
index 0000000..1608699
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/dracut
@@ -0,0 +1 @@
+../../../common/dracut
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/expat b/config/rootfiles/core/90/filelists/expat
new file mode 120000 (symlink)
index 0000000..e1923cf
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/expat
@@ -0,0 +1 @@
+../../../common/expat
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/files b/config/rootfiles/core/90/filelists/files
new file mode 100644 (file)
index 0000000..ee596a0
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/files
@@ -0,0 +1,38 @@
+etc/system-release
+etc/issue
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/network-trigger
+etc/rc.d/init.d/networking/functions.network
+etc/rc.d/init.d/networking/red.up/99-geoip-database
+etc/rc.d/rcsysinit.d/S90network-trigger
+opt/pakfire/pakfire
+opt/pakfire/lib/functions.pl
+srv/web/ipfire/cgi-bin/country.cgi
+srv/web/ipfire/cgi-bin/ddns.cgi
+srv/web/ipfire/cgi-bin/firewall.cgi
+srv/web/ipfire/cgi-bin/fwhosts.cgi
+srv/web/ipfire/cgi-bin/geoip-block.cgi
+srv/web/ipfire/cgi-bin/index.cgi
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllogip.dat
+srv/web/ipfire/cgi-bin/netovpnsrv.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+srv/web/ipfire/html/themes/darkdos/include/style.css
+srv/web/ipfire/html/themes/ipfire-legacy/include/style.css
+srv/web/ipfire/html/themes/ipfire/include/css/style.css
+srv/web/ipfire/html/themes/maniac/include/style.css
+usr/lib/firewall/firewall-lib.pl
+usr/lib/firewall/rules.pl
+usr/local/bin/backupiso
+usr/local/bin/ddnsctrl
+usr/local/bin/ipsecctrl
+usr/local/bin/xt_geoip_build
+usr/local/bin/xt_geoip_update
+var/ipfire/general-functions.pl
+var/ipfire/geoip-functions.pl
+var/ipfire/header.pl
+var/ipfire/backup/include
+var/ipfire/langs
+var/ipfire/menu.d/50-firewall.menu

diff --git a/config/rootfiles/core/90/filelists/fireinfo b/config/rootfiles/core/90/filelists/fireinfo
new file mode 120000 (symlink)
index 0000000..c461155
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/fireinfo
@@ -0,0 +1 @@
+../../../common/fireinfo
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/flag-icons b/config/rootfiles/core/90/filelists/flag-icons
new file mode 120000 (symlink)
index 0000000..8776b6b
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/flag-icons
@@ -0,0 +1 @@
+../../../common/flag-icons
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/groff b/config/rootfiles/core/90/filelists/groff
new file mode 120000 (symlink)
index 0000000..232291e
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/groff
@@ -0,0 +1 @@
+../../../common/groff
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/i586/acpid b/config/rootfiles/core/90/filelists/i586/acpid
new file mode 120000 (symlink)
index 0000000..21d36ee
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/i586/acpid
@@ -0,0 +1 @@
+../../../../common/i586/acpid
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/i586/glibc b/config/rootfiles/core/90/filelists/i586/glibc
new file mode 120000 (symlink)
index 0000000..943021f
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/i586/glibc
@@ -0,0 +1 @@
+../../../../common/i586/glibc
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/i586/linux b/config/rootfiles/core/90/filelists/i586/linux
new file mode 120000 (symlink)
index 0000000..693ec4b
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/i586/linux
@@ -0,0 +1 @@
+../../../../common/i586/linux
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/i586/linux-initrd b/config/rootfiles/core/90/filelists/i586/linux-initrd
new file mode 120000 (symlink)
index 0000000..32a03e6
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/i586/linux-initrd
@@ -0,0 +1 @@
+../../../../common/i586/linux-initrd
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/i586/openssl-sse2 b/config/rootfiles/core/90/filelists/i586/openssl-sse2
new file mode 120000 (symlink)
index 0000000..f424713
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/i586/openssl-sse2
@@ -0,0 +1 @@
+../../../../common/i586/openssl-sse2
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/iptables b/config/rootfiles/core/90/filelists/iptables
new file mode 120000 (symlink)
index 0000000..8caf12b
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/iptables
@@ -0,0 +1 @@
+../../../common/iptables
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/iputils b/config/rootfiles/core/90/filelists/iputils
new file mode 120000 (symlink)
index 0000000..361c28f
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/iputils
@@ -0,0 +1 @@
+../../../common/iputils
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/libjpeg b/config/rootfiles/core/90/filelists/libjpeg
new file mode 120000 (symlink)
index 0000000..3b1a782
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/libjpeg
@@ -0,0 +1 @@
+../../../common/libjpeg
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/logrotate b/config/rootfiles/core/90/filelists/logrotate
new file mode 120000 (symlink)
index 0000000..bc192c0
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/logrotate
@@ -0,0 +1 @@
+../../../common/logrotate
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/logwatch b/config/rootfiles/core/90/filelists/logwatch
new file mode 120000 (symlink)
index 0000000..f14eabd
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/logwatch
@@ -0,0 +1 @@
+../../../common/logwatch
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/openldap b/config/rootfiles/core/90/filelists/openldap
new file mode 120000 (symlink)
index 0000000..80c324f
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/openldap
@@ -0,0 +1 @@
+../../../common/openldap
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/openssl b/config/rootfiles/core/90/filelists/openssl
new file mode 120000 (symlink)
index 0000000..e011a92
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/openssl-0.9.8-files b/config/rootfiles/core/90/filelists/openssl-0.9.8-files
new file mode 100644 (file)
index 0000000..e80a57d
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/openssl-0.9.8-files
@@ -0,0 +1,19 @@
+lib/security/pam_mysql.so
+usr/lib/gnupg/gpgkeys_ldap
+usr/lib/gnupg/gpgkeys_hkp
+usr/lib/gnupg/gpgkeys_curl
+usr/lib/apache/libphp5.so
+usr/lib/squid/digest_ldap_auth
+usr/lib/squid/basic_ldap_auth
+usr/lib/squid/ext_kerberos_ldap_group_acl
+usr/lib/squid/ext_edirectory_userip_acl
+usr/lib/squid/ext_ldap_group_acl
+usr/lib/python2.7/lib-dynload/_ssl.so
+usr/lib/python2.7/lib-dynload/_hashlib.so
+usr/lib/collectd/write_http.so
+usr/lib/collectd/ascent.so
+usr/lib/collectd/curl_xml.so
+usr/lib/collectd/apache.so
+usr/lib/collectd/bind.so
+usr/lib/collectd/curl.so
+usr/bin/php

diff --git a/config/rootfiles/core/90/filelists/perl-Text-CSV_XS b/config/rootfiles/core/90/filelists/perl-Text-CSV_XS
new file mode 120000 (symlink)
index 0000000..ec1202f
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/perl-Text-CSV_XS
@@ -0,0 +1 @@
+../../../common/perl-Text-CSV_XS
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/squid b/config/rootfiles/core/90/filelists/squid
new file mode 120000 (symlink)
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/strongswan b/config/rootfiles/core/90/filelists/strongswan
new file mode 120000 (symlink)
index 0000000..90c727e
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/tzdata b/config/rootfiles/core/90/filelists/tzdata
new file mode 120000 (symlink)
index 0000000..5a6e325
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/tzdata
@@ -0,0 +1 @@
+../../../common/tzdata
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/udev b/config/rootfiles/core/90/filelists/udev
new file mode 120000 (symlink)
index 0000000..e967a1c
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/udev
@@ -0,0 +1 @@
+../../../common/udev
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/wpa_supplicant b/config/rootfiles/core/90/filelists/wpa_supplicant
new file mode 120000 (symlink)
index 0000000..1d04c03
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/wpa_supplicant
@@ -0,0 +1 @@
+../../../common/wpa_supplicant
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/xtables-addons b/config/rootfiles/core/90/filelists/xtables-addons
new file mode 120000 (symlink)
index 0000000..2e24c42
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/xtables-addons
@@ -0,0 +1 @@
+../../../common/xtables-addons
\ No newline at end of file

diff --git a/config/rootfiles/core/90/filelists/xz b/config/rootfiles/core/90/filelists/xz
new file mode 120000 (symlink)
index 0000000..734e926
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/xz
@@ -0,0 +1 @@
+../../../common/xz
\ No newline at end of file

diff --git a/config/rootfiles/core/90/meta b/config/rootfiles/core/90/meta
new file mode 100644 (file)
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/core/90/meta
@@ -0,0 +1 @@
+DEPS=""

diff --git a/config/rootfiles/core/90/update.sh b/config/rootfiles/core/90/update.sh
new file mode 100644 (file)
index 0000000..34dacf1
--- /dev/null
+++ b/config/rootfiles/core/90/update.sh
@@ -0,0 +1,297 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2014 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+
+function find_device() {
+       local mountpoint="${1}"
+
+       local root
+       local dev mp fs flags rest
+       while read -r dev mp fs flags rest; do
+               # Skip unwanted entries
+               [ "${dev}" = "rootfs" ] && continue
+
+               if [ "${mp}" = "${mountpoint}" ] && [ -b "${dev}" ]; then
+                       root="$(basename "${dev}")"
+                       break
+               fi
+       done < /proc/mounts
+
+       # Get the actual device from the partition that holds /
+       while [ -n "${root}" ]; do
+               if [ -e "/sys/block/${root}" ]; then
+                       echo "${root}"
+                       return 0
+               fi
+
+               # Remove last character
+               root="${root::-1}"
+       done
+
+       return 1
+}
+
+
+#
+# Remove old core updates from pakfire cache to save space...
+core=90
+for (( i=1; i<=${core}; i++ ))
+do
+       rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+#
+# Do some sanity checks.
+case $(uname -r) in
+       *-ipfire-versatile )
+               /usr/bin/logger -p syslog.emerg -t ipfire \
+                       "core-update-${core}: ERROR cannot update. versatile support is dropped."
+               # Report no error to pakfire. So it does not try to install it again.
+               exit 0
+               ;;
+       *-ipfire* )
+               # Ok.
+               ;;
+       * )
+               /usr/bin/logger -p syslog.emerg -t ipfire \
+                       "core-update-${core}: ERROR cannot update. No IPFire Kernel."
+               exit 1
+       ;;
+esac
+
+
+#
+#
+KVER="xxxKVERxxx"
+
+# Check diskspace on root
+ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $ROOTSPACE -lt 100000 ]; then
+       /usr/bin/logger -p syslog.emerg -t ipfire \
+               "core-update-${core}: ERROR cannot update because not enough free space on root."
+       exit 2
+fi
+
+
+echo
+echo Update Kernel to $KVER ...
+#
+# Remove old kernel, configs, initrd, modules, dtb's ...
+#
+rm -rf /boot/System.map-*
+rm -rf /boot/config-*
+rm -rf /boot/ipfirerd-*
+rm -rf /boot/initramfs-*
+rm -rf /boot/vmlinuz-*
+rm -rf /boot/uImage-ipfire-*
+rm -rf /boot/uInit-ipfire-*
+rm -rf /boot/dtb-*-ipfire-*
+rm -rf /lib/modules
+
+case "$(uname -m)" in
+       armv*)
+               # Backup uEnv.txt if exist
+               if [ -e /boot/uEnv.txt ]; then
+                       cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
+               fi
+
+               # work around the u-boot folder detection bug
+               mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood
+               mkdir -pv /boot/dtb-$KVER-ipfire-multi
+               ;;
+esac
+
+#
+#Stop services
+/etc/init.d/snort stop
+/etc/init.d/squid stop
+/etc/init.d/ipsec stop
+/etc/init.d/apache stop
+
+# Drop old flag icons, before extracting the new ones.
+rm /srv/web/ipfire/html/images/flags/*
+
+#
+#Extract files
+tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
+
+#
+# restart init because glibc was updated.
+telinit u
+
+# Remove old openssl libraries
+rm -vf /usr/lib/libcrypto.so.0.9.8 /usr/lib/libssl.so.0.9.8
+
+# Check diskspace on boot
+BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $BOOTSPACE -lt 1000 ]; then
+       case $(uname -r) in
+               *-ipfire-kirkwood )
+                       # Special handling for old kirkwood images.
+                       # (install only kirkwood kernel)
+                       rm -rf /boot/*
+                       # work around the u-boot folder detection bug
+                       mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood
+                       tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \
+                               --numeric-owner -C / --wildcards 'boot/*-kirkwood*'
+                       ;;
+               * )
+                       /usr/bin/logger -p syslog.emerg -t ipfire \
+                               "core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..."
+                       /etc/init.d/apache start
+                       exit 4
+                       ;;
+       esac
+fi
+
+# Create GeoIP related files if they do not exist yet.
+if [ ! -e "/var/ipfire/firewall/geoipblock" ]; then
+       touch /var/ipfire/firewall/geoipblock
+       chown nobody:nobody /var/ipfire/firewall/geoipblock
+
+       # Insert default value into file.
+       echo "GEOIPBLOCK_ENABLED=off" >> /var/ipfire/firewall/geoipblock
+fi
+if [ ! -e "/var/ipfire/fwhosts/customgeoipgrp" ]; then
+       touch /var/ipfire/fwhosts/customgeoipgrp
+       chown nobody:nobody /var/ipfire/fwhosts/customgeoipgrp
+fi
+
+#Fix BUG10812 (openvpn server.conf has wrong collectd logfile path)
+if grep -q "status /var/log/ovpnserver.log 30" /var/ipfire/ovpn/server.conf; then
+       sed -i "s/\/var\/log\/ovpnserver.log 30/\/var\/run\/ovpnserver.log 30/" /var/ipfire/ovpn/server.conf
+fi
+
+# Download/Update GeoIP databases.
+/usr/local/bin/xt_geoip_update
+
+# Update crontab
+grep -q /usr/local/bin/xt_geoip_update /var/spool/cron/root.orig || cat <<EOF >> /var/spool/cron/root.orig
+
+# Update GeoIP database once a month.
+%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1
+EOF
+
+fcrontab -z &>/dev/null
+
+# Generate ddns configuration file
+sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi
+
+# Regenerate IPsec configuration
+sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
+
+# Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+# Remove old udev configuration
+rm -vf /etc/udev/rules.d/30-persistent-network.rules
+
+# Remove pids from dhcp client because it hang at normal shutdown
+# so let the sysvinit kill it
+rm -f /run/dhcpcd-*.pid
+
+#
+# Start services
+#
+/etc/init.d/apache start
+/etc/init.d/squid start
+/etc/init.d/snort start
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+       /etc/init.d/ipsec start
+fi
+
+if [ -e /boot/grub/grub.cfg ]; then
+               grub-mkconfig > /boot/grub/grub.cfg
+fi
+
+# Upadate Kernel version uEnv.txt
+if [ -e /boot/uEnv.txt ]; then
+       sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
+fi
+
+# call user update script (needed for some arm boards)
+if [ -e /boot/pakfire-kernel-update ]; then
+       /boot/pakfire-kernel-update ${KVER}
+fi
+
+
+# Force (re)install pae kernel if pae is supported
+rm -rf /opt/pakfire/db/installed/meta-linux-pae
+if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
+       ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+       BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+       if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then
+               /usr/bin/logger -p syslog.emerg -t ipfire \
+                       "core-update-${core}: WARNING not enough space for pae kernel."
+       else
+               echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
+               echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+               echo "Release: 0"     >> /opt/pakfire/db/installed/meta-linux-pae
+#              rm -f /opt/pakfire/db/meta/meta-linux-pae 2>&1 > /dev/null
+       fi
+fi
+
+#
+# After pakfire has ended run it again and update the lists and do upgrade
+#
+echo '#!/bin/bash'                                        >  /tmp/pak_update
+echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update
+echo '    sleep 1'                                        >> /tmp/pak_update
+echo 'done'                                               >> /tmp/pak_update
+echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do'   >> /tmp/pak_update
+echo '    sleep 1'                                        >> /tmp/pak_update
+echo 'done'                                               >> /tmp/pak_update
+echo '/opt/pakfire/pakfire update -y --force'             >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y'                    >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y'                    >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y'                    >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub/uboot config"' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update
+echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
+#
+killall -KILL pak_update
+chmod +x /tmp/pak_update
+/tmp/pak_update &
+
+sync
+
+#
+#Finish
+(
+       /etc/init.d/fireinfo start
+       sendprofile
+) >/dev/null 2>&1 &
+
+echo
+echo Please wait until pakfire has ended...
+echo
+
+# Don't report the exitcode last command
+exit 0
+

diff --git a/config/rootfiles/core/91/exclude b/config/rootfiles/core/91/exclude
new file mode 100644 (file)
index 0000000..18e9b4d
--- /dev/null
+++ b/config/rootfiles/core/91/exclude
@@ -0,0 +1,20 @@
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache

diff --git a/config/rootfiles/core/91/filelists/files b/config/rootfiles/core/91/filelists/files
new file mode 100644 (file)
index 0000000..7cc5aa2
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/files
@@ -0,0 +1,7 @@
+etc/system-release
+etc/issue
+opt/pakfire/lib/functions.pl
+srv/web/ipfire/cgi-bin/connections.cgi
+srv/web/ipfire/cgi-bin/dhcp.cgi
+srv/web/ipfire/cgi-bin/pppsetup.cgi
+var/ipfire/langs

diff --git a/config/rootfiles/core/91/filelists/i586/openssl-sse2 b/config/rootfiles/core/91/filelists/i586/openssl-sse2
new file mode 120000 (symlink)
index 0000000..f424713
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/i586/openssl-sse2
@@ -0,0 +1 @@
+../../../../common/i586/openssl-sse2
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/i586/strongswan-padlock b/config/rootfiles/core/91/filelists/i586/strongswan-padlock
new file mode 120000 (symlink)
index 0000000..2412824
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/i586/strongswan-padlock
@@ -0,0 +1 @@
+../../../../common/i586/strongswan-padlock
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/libnet b/config/rootfiles/core/91/filelists/libnet
new file mode 120000 (symlink)
index 0000000..26e5f79
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/libnet
@@ -0,0 +1 @@
+../../../common/libnet
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/libtool b/config/rootfiles/core/91/filelists/libtool
new file mode 120000 (symlink)
index 0000000..54f5666
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/libtool
@@ -0,0 +1 @@
+../../../common/libtool
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/libxml2 b/config/rootfiles/core/91/filelists/libxml2
new file mode 120000 (symlink)
index 0000000..242e69f
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/libxml2
@@ -0,0 +1 @@
+../../../common/libxml2
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/libxslt b/config/rootfiles/core/91/filelists/libxslt
new file mode 120000 (symlink)
index 0000000..bf9d766
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/libxslt
@@ -0,0 +1 @@
+../../../common/libxslt
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/newt b/config/rootfiles/core/91/filelists/newt
new file mode 120000 (symlink)
index 0000000..fb3eb20
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/newt
@@ -0,0 +1 @@
+../../../common/newt
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/openssh b/config/rootfiles/core/91/filelists/openssh
new file mode 120000 (symlink)
index 0000000..d8c77fd
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/openssl b/config/rootfiles/core/91/filelists/openssl
new file mode 120000 (symlink)
index 0000000..e011a92
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/pcre b/config/rootfiles/core/91/filelists/pcre
new file mode 120000 (symlink)
index 0000000..b390d9a
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/pcre
@@ -0,0 +1 @@
+../../../common/pcre
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/slang b/config/rootfiles/core/91/filelists/slang
new file mode 120000 (symlink)
index 0000000..228e45e
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/slang
@@ -0,0 +1 @@
+../../../common/slang
\ No newline at end of file

diff --git a/config/rootfiles/core/91/filelists/strongswan b/config/rootfiles/core/91/filelists/strongswan
new file mode 120000 (symlink)
index 0000000..90c727e
--- /dev/null
+++ b/config/rootfiles/core/91/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file

diff --git a/config/rootfiles/core/91/meta b/config/rootfiles/core/91/meta
new file mode 100644 (file)
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/core/91/meta
@@ -0,0 +1 @@
+DEPS=""

diff --git a/config/rootfiles/core/91/update.sh b/config/rootfiles/core/91/update.sh
new file mode 100644 (file)
index 0000000..1e55e8b
--- /dev/null
+++ b/config/rootfiles/core/91/update.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2015 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+# Remove old core updates from pakfire cache to save space...
+core=91
+for (( i=1; i<=$core; i++ ))
+do
+       rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+/etc/init.d/ipsec stop
+
+# Extract files
+extract_files
+
+# Create some missing graphs folders (core90)
+mkdir -p /srv/web/ipfire/html/{accounting,graphs}
+chmod 777 /srv/web/ipfire/html/{accounting,graphs}
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Regenerate IPsec configuration
+sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
+
+sync
+
+# Start services
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+       /etc/init.d/ipsec start
+fi
+
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Don't report the exitcode last command
+exit 0

diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index 73533130058563a3a2454e24ae3c2a32f47316ef..d79f6e6aaf285b4206f699719320baf7dcb90ca7 100644 (file)
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -11,15 +11,15 @@ usr/bin/sigtool
 #usr/lib/libclamav.la
 usr/lib/libclamav.so
 usr/lib/libclamav.so.6
-usr/lib/libclamav.so.6.1.25
+usr/lib/libclamav.so.6.1.26
 #usr/lib/libclamunrar.la
 usr/lib/libclamunrar.so
 usr/lib/libclamunrar.so.6
-usr/lib/libclamunrar.so.6.1.25
+usr/lib/libclamunrar.so.6.1.26
 #usr/lib/libclamunrar_iface.la
 usr/lib/libclamunrar_iface.so
 usr/lib/libclamunrar_iface.so.6
-usr/lib/libclamunrar_iface.so.6.1.25
+usr/lib/libclamunrar_iface.so.6.1.26
 #usr/lib/pkgconfig/libclamav.pc
 usr/sbin/clamd
 usr/share/clamav

diff --git a/config/rootfiles/packages/cyrus-imapd b/config/rootfiles/packages/cyrus-imapd
index 0c0485e4ef685cb8eea4c2ba9f27cc76b6dfe196..bbaec3ffb05ca2690c2a0d48863a0403f1f8d5ed 100644 (file)
--- a/config/rootfiles/packages/cyrus-imapd
+++ b/config/rootfiles/packages/cyrus-imapd
@@ -146,6 +146,7 @@ var/imap/msg
 var/imap/proc
 var/imap/ptclient
 var/imap/socket
+var/ipfire/backup/addons/includes/cyrus-imapd
 var/ipfire/cyrusimap
 var/ipfire/cyrusimap/cyrus.conf
 var/ipfire/cyrusimap/imapd.conf

diff --git a/config/rootfiles/packages/libsrtp b/config/rootfiles/packages/libsrtp
index 105f3f00e7e2dbfd5223108cce460c5694ffa010..3ee2e3b64c71f3e1b37d3704c2557be7a37e73ad 100644 (file)
--- a/config/rootfiles/packages/libsrtp
+++ b/config/rootfiles/packages/libsrtp
@@ -37,4 +37,5 @@
 #usr/include/srtp/ut_sim.h
 #usr/include/srtp/xfm.h
 usr/lib/libsrtp.so
+usr/lib/libsrtp.so.1
 #usr/lib/pkgconfig/libsrtp.pc

diff --git a/config/rootfiles/packages/netsnmpd b/config/rootfiles/packages/netsnmpd
index 30dbf93bce894309f53d25b9cda0182f5cbb56a6..63289492223b9c7ee176c023f81dbb766eb2ed60 100644 (file)
--- a/config/rootfiles/packages/netsnmpd
+++ b/config/rootfiles/packages/netsnmpd
@@ -2,12 +2,16 @@ etc/rc.d/rc0.d/K02netsnmpd
 etc/rc.d/rc3.d/S65netsnmpd
 etc/rc.d/rc6.d/K02netsnmpd
 etc/snmpd.conf
+usr/bin/agentxtrap
 usr/bin/encode_keychange
 usr/bin/fixproc
 usr/bin/ipf-mod.pl
 usr/bin/mib2c
 usr/bin/mib2c-update
+usr/bin/net-snmp-cert
 usr/bin/net-snmp-config
+usr/bin/net-snmp-create-v3-user
+usr/bin/snmp-bridge-mib
 usr/bin/snmpbulkget
 usr/bin/snmpbulkwalk
 usr/bin/snmpcheck
@@ -37,6 +41,7 @@ usr/bin/traptoemail
 #usr/include/net-snmp/agent/agent_module_config.h
 #usr/include/net-snmp/agent/agent_read_config.h
 #usr/include/net-snmp/agent/agent_registry.h
+#usr/include/net-snmp/agent/agent_sysORTable.h
 #usr/include/net-snmp/agent/agent_trap.h
 #usr/include/net-snmp/agent/all_helpers.h
 #usr/include/net-snmp/agent/auto_nlist.h
@@ -62,9 +67,12 @@ usr/bin/traptoemail
 #usr/include/net-snmp/agent/serialize.h
 #usr/include/net-snmp/agent/set_helper.h
 #usr/include/net-snmp/agent/snmp_agent.h
+#usr/include/net-snmp/agent/snmp_get_statistic.h
 #usr/include/net-snmp/agent/snmp_vars.h
 #usr/include/net-snmp/agent/stash_cache.h
 #usr/include/net-snmp/agent/stash_to_next.h
+#usr/include/net-snmp/agent/struct.h
+#usr/include/net-snmp/agent/sysORTable.h
 #usr/include/net-snmp/agent/table.h
 #usr/include/net-snmp/agent/table_array.h
 #usr/include/net-snmp/agent/table_container.h
@@ -72,7 +80,11 @@ usr/bin/traptoemail
 #usr/include/net-snmp/agent/table_dataset.h
 #usr/include/net-snmp/agent/table_iterator.h
 #usr/include/net-snmp/agent/table_tdata.h
+#usr/include/net-snmp/agent/util_funcs
 #usr/include/net-snmp/agent/util_funcs.h
+#usr/include/net-snmp/agent/util_funcs/MIB_STATS_CACHE_TIMEOUT.h
+#usr/include/net-snmp/agent/util_funcs/header_generic.h
+#usr/include/net-snmp/agent/util_funcs/header_simple_table.h
 #usr/include/net-snmp/agent/var_struct.h
 #usr/include/net-snmp/agent/watcher.h
 #usr/include/net-snmp/config_api.h
@@ -81,8 +93,8 @@ usr/bin/traptoemail
 #usr/include/net-snmp/library/README
 #usr/include/net-snmp/library/asn1.h
 #usr/include/net-snmp/library/callback.h
+#usr/include/net-snmp/library/cert_util.h
 #usr/include/net-snmp/library/check_varbind.h
-#usr/include/net-snmp/library/cmu_compat.h
 #usr/include/net-snmp/library/container.h
 #usr/include/net-snmp/library/container_binary_array.h
 #usr/include/net-snmp/library/container_iterator.h
@@ -90,25 +102,34 @@ usr/bin/traptoemail
 #usr/include/net-snmp/library/container_null.h
 #usr/include/net-snmp/library/data_list.h
 #usr/include/net-snmp/library/default_store.h
+#usr/include/net-snmp/library/dir_utils.h
 #usr/include/net-snmp/library/factory.h
 #usr/include/net-snmp/library/fd_event_manager.h
 #usr/include/net-snmp/library/file_utils.h
 #usr/include/net-snmp/library/getopt.h
 #usr/include/net-snmp/library/int64.h
 #usr/include/net-snmp/library/keytools.h
+#usr/include/net-snmp/library/large_fd_set.h
 #usr/include/net-snmp/library/lcd_time.h
 #usr/include/net-snmp/library/md5.h
 #usr/include/net-snmp/library/mib.h
 #usr/include/net-snmp/library/mt_support.h
+#usr/include/net-snmp/library/oid.h
 #usr/include/net-snmp/library/oid_stash.h
 #usr/include/net-snmp/library/parse.h
 #usr/include/net-snmp/library/read_config.h
 #usr/include/net-snmp/library/scapi.h
 #usr/include/net-snmp/library/snmp-tc.h
 #usr/include/net-snmp/library/snmp.h
+#usr/include/net-snmp/library/snmpAliasDomain.h
 #usr/include/net-snmp/library/snmpCallbackDomain.h
+#usr/include/net-snmp/library/snmpIPv4BaseDomain.h
+#usr/include/net-snmp/library/snmpSocketBaseDomain.h
+#usr/include/net-snmp/library/snmpTCPBaseDomain.h
 #usr/include/net-snmp/library/snmpTCPDomain.h
+#usr/include/net-snmp/library/snmpUDPBaseDomain.h
 #usr/include/net-snmp/library/snmpUDPDomain.h
+#usr/include/net-snmp/library/snmpUDPIPv4BaseDomain.h
 #usr/include/net-snmp/library/snmpUnixDomain.h
 #usr/include/net-snmp/library/snmp_alarm.h
 #usr/include/net-snmp/library/snmp_api.h
@@ -129,6 +150,7 @@ usr/bin/traptoemail
 #usr/include/net-snmp/library/text_utils.h
 #usr/include/net-snmp/library/tools.h
 #usr/include/net-snmp/library/transform_oids.h
+#usr/include/net-snmp/library/types.h
 #usr/include/net-snmp/library/ucd_compat.h
 #usr/include/net-snmp/library/vacm.h
 #usr/include/net-snmp/library/winpipe.h
@@ -137,6 +159,7 @@ usr/bin/traptoemail
 #usr/include/net-snmp/machine/generic.h
 #usr/include/net-snmp/mib_api.h
 #usr/include/net-snmp/net-snmp-config.h
+#usr/include/net-snmp/net-snmp-features.h
 #usr/include/net-snmp/net-snmp-includes.h
 #usr/include/net-snmp/output_api.h
 #usr/include/net-snmp/pdu_api.h
@@ -150,17 +173,24 @@ usr/bin/traptoemail
 #usr/include/net-snmp/system/bsdi4.h
 #usr/include/net-snmp/system/cygwin.h
 #usr/include/net-snmp/system/darwin.h
+#usr/include/net-snmp/system/darwin10.h
 #usr/include/net-snmp/system/darwin7.h
 #usr/include/net-snmp/system/darwin8.h
 #usr/include/net-snmp/system/darwin9.h
 #usr/include/net-snmp/system/dragonfly.h
 #usr/include/net-snmp/system/dynix.h
 #usr/include/net-snmp/system/freebsd.h
+#usr/include/net-snmp/system/freebsd10.h
+#usr/include/net-snmp/system/freebsd11.h
+#usr/include/net-snmp/system/freebsd12.h
 #usr/include/net-snmp/system/freebsd2.h
 #usr/include/net-snmp/system/freebsd3.h
 #usr/include/net-snmp/system/freebsd4.h
 #usr/include/net-snmp/system/freebsd5.h
 #usr/include/net-snmp/system/freebsd6.h
+#usr/include/net-snmp/system/freebsd7.h
+#usr/include/net-snmp/system/freebsd8.h
+#usr/include/net-snmp/system/freebsd9.h
 #usr/include/net-snmp/system/generic.h
 #usr/include/net-snmp/system/hpux.h
 #usr/include/net-snmp/system/irix.h
@@ -169,6 +199,8 @@ usr/bin/traptoemail
 #usr/include/net-snmp/system/mips.h
 #usr/include/net-snmp/system/netbsd.h
 #usr/include/net-snmp/system/openbsd.h
+#usr/include/net-snmp/system/openbsd4.h
+#usr/include/net-snmp/system/openbsd5.h
 #usr/include/net-snmp/system/osf5.h
 #usr/include/net-snmp/system/solaris.h
 #usr/include/net-snmp/system/solaris2.3.h
@@ -186,28 +218,28 @@ usr/bin/traptoemail
 #usr/lib/libnetsnmp.a
 #usr/lib/libnetsnmp.la
 usr/lib/libnetsnmp.so
-usr/lib/libnetsnmp.so.15
-usr/lib/libnetsnmp.so.15.1.2
+usr/lib/libnetsnmp.so.30
+usr/lib/libnetsnmp.so.30.0.3
 #usr/lib/libnetsnmpagent.a
 #usr/lib/libnetsnmpagent.la
 usr/lib/libnetsnmpagent.so
-usr/lib/libnetsnmpagent.so.15
-usr/lib/libnetsnmpagent.so.15.1.2
+usr/lib/libnetsnmpagent.so.30
+usr/lib/libnetsnmpagent.so.30.0.3
 #usr/lib/libnetsnmphelpers.a
 #usr/lib/libnetsnmphelpers.la
 usr/lib/libnetsnmphelpers.so
-usr/lib/libnetsnmphelpers.so.15
-usr/lib/libnetsnmphelpers.so.15.1.2
+usr/lib/libnetsnmphelpers.so.30
+usr/lib/libnetsnmphelpers.so.30.0.3
 #usr/lib/libnetsnmpmibs.a
 #usr/lib/libnetsnmpmibs.la
 usr/lib/libnetsnmpmibs.so
-usr/lib/libnetsnmpmibs.so.15
-usr/lib/libnetsnmpmibs.so.15.1.2
+usr/lib/libnetsnmpmibs.so.30
+usr/lib/libnetsnmpmibs.so.30.0.3
 #usr/lib/libnetsnmptrapd.a
 #usr/lib/libnetsnmptrapd.la
 usr/lib/libnetsnmptrapd.so
-usr/lib/libnetsnmptrapd.so.15
-usr/lib/libnetsnmptrapd.so.15.1.2
+usr/lib/libnetsnmptrapd.so.30
+usr/lib/libnetsnmptrapd.so.30.0.3
 #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Bundle
 #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Bundle/Makefile.subs.pl
 #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/NetSNMP
@@ -253,159 +285,37 @@ usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/NetSNMP/default_s
 #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/SNMP/SNMP.bs
 usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/SNMP/SNMP.so
 #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/SNMP/autosplit.ix
-#usr/man/man1/encode_keychange.1
-#usr/man/man1/fixproc.1
-#usr/man/man1/mib2c-update.1
-#usr/man/man1/mib2c.1
-#usr/man/man1/net-snmp-config.1
-#usr/man/man1/snmpbulkget.1
-#usr/man/man1/snmpbulkwalk.1
-#usr/man/man1/snmpcmd.1
-#usr/man/man1/snmpconf.1
-#usr/man/man1/snmpdelta.1
-#usr/man/man1/snmpdf.1
-#usr/man/man1/snmpget.1
-#usr/man/man1/snmpgetnext.1
-#usr/man/man1/snmpinform.1
-#usr/man/man1/snmpnetstat.1
-#usr/man/man1/snmpset.1
-#usr/man/man1/snmpstatus.1
-#usr/man/man1/snmptable.1
-#usr/man/man1/snmptest.1
-#usr/man/man1/snmptranslate.1
-#usr/man/man1/snmptrap.1
-#usr/man/man1/snmpusm.1
-#usr/man/man1/snmpvacm.1
-#usr/man/man1/snmpwalk.1
-#usr/man/man1/tkmib.1
-#usr/man/man1/traptoemail.1
-#usr/man/man3/add_mibdir.3
-#usr/man/man3/add_module_replacement.3
-#usr/man/man3/config_perror.3
-#usr/man/man3/config_pwarn.3
-#usr/man/man3/default_store.3
-#usr/man/man3/fprint_description.3
-#usr/man/man3/fprint_objid.3
-#usr/man/man3/fprint_value.3
-#usr/man/man3/fprint_variable.3
-#usr/man/man3/get_module_node.3
-#usr/man/man3/init_mib.3
-#usr/man/man3/init_mib_internals.3
-#usr/man/man3/mib_api.3
-#usr/man/man3/netsnmp_Container_iterator.3
-#usr/man/man3/netsnmp_agent.3
-#usr/man/man3/netsnmp_baby_steps.3
-#usr/man/man3/netsnmp_bulk_to_next.3
-#usr/man/man3/netsnmp_cache_handler.3
-#usr/man/man3/netsnmp_container.3
-#usr/man/man3/netsnmp_debug.3
-#usr/man/man3/netsnmp_ds_get_boolean.3
-#usr/man/man3/netsnmp_ds_get_int.3
-#usr/man/man3/netsnmp_ds_get_string.3
-#usr/man/man3/netsnmp_ds_register_config.3
-#usr/man/man3/netsnmp_ds_register_premib.3
-#usr/man/man3/netsnmp_ds_set_boolean.3
-#usr/man/man3/netsnmp_ds_set_int.3
-#usr/man/man3/netsnmp_ds_set_string.3
-#usr/man/man3/netsnmp_ds_shutdown.3
-#usr/man/man3/netsnmp_example_scalar_int.3
-#usr/man/man3/netsnmp_handler.3
-#usr/man/man3/netsnmp_instance.3
-#usr/man/man3/netsnmp_iterator_info_s.3
-#usr/man/man3/netsnmp_leaf.3
-#usr/man/man3/netsnmp_library.3
-#usr/man/man3/netsnmp_mib_handler_methods.3
-#usr/man/man3/netsnmp_mib_utilities.3
-#usr/man/man3/netsnmp_mode_end_call.3
-#usr/man/man3/netsnmp_multiplexer.3
-#usr/man/man3/netsnmp_old_api.3
-#usr/man/man3/netsnmp_read_only.3
-#usr/man/man3/netsnmp_row_merge.3
-#usr/man/man3/netsnmp_scalar.3
-#usr/man/man3/netsnmp_scalar_group_group.3
-#usr/man/man3/netsnmp_serialize.3
-#usr/man/man3/netsnmp_stash_cache.3
-#usr/man/man3/netsnmp_table.3
-#usr/man/man3/netsnmp_table_array.3
-#usr/man/man3/netsnmp_table_data.3
-#usr/man/man3/netsnmp_table_dataset.3
-#usr/man/man3/netsnmp_table_iterator.3
-#usr/man/man3/netsnmp_utilities.3
-#usr/man/man3/netsnmp_watcher.3
-#usr/man/man3/print_description.3
-#usr/man/man3/print_mib.3
-#usr/man/man3/print_objid.3
-#usr/man/man3/print_value.3
-#usr/man/man3/print_variable.3
-#usr/man/man3/read_all_mibs.3
-#usr/man/man3/read_config.3
-#usr/man/man3/read_config_print_usage.3
-#usr/man/man3/read_configs.3
-#usr/man/man3/read_mib.3
-#usr/man/man3/read_module.3
-#usr/man/man3/read_module_node.3
-#usr/man/man3/read_objid.3
-#usr/man/man3/read_premib_configs.3
-#usr/man/man3/register_app_config_handler.3
-#usr/man/man3/register_app_premib_handler.3
-#usr/man/man3/register_config_handler.3
-#usr/man/man3/register_mib_handlers.3
-#usr/man/man3/register_premib_handler.3
-#usr/man/man3/send_easy_trap.3
-#usr/man/man3/send_trap_vars.3
-#usr/man/man3/send_v2trap.3
-#usr/man/man3/shutdown_mib.3
-#usr/man/man3/snmp_agent_api.3
-#usr/man/man3/snmp_alarm.3
-#usr/man/man3/snmp_alarm_register.3
-#usr/man/man3/snmp_alarm_register_hr.3
-#usr/man/man3/snmp_alarm_unregister.3
-#usr/man/man3/snmp_api.3
-#usr/man/man3/snmp_api_errstring.3
-#usr/man/man3/snmp_close.3
-#usr/man/man3/snmp_error.3
-#usr/man/man3/snmp_free_pdu.3
-#usr/man/man3/snmp_open.3
-#usr/man/man3/snmp_perror.3
-#usr/man/man3/snmp_read.3
-#usr/man/man3/snmp_select_info.3
-#usr/man/man3/snmp_send.3
-#usr/man/man3/snmp_sess_api.3
-#usr/man/man3/snmp_sess_async_send.3
-#usr/man/man3/snmp_sess_close.3
-#usr/man/man3/snmp_sess_error.3
-#usr/man/man3/snmp_sess_init.3
-#usr/man/man3/snmp_sess_open.3
-#usr/man/man3/snmp_sess_perror.3
-#usr/man/man3/snmp_sess_read.3
-#usr/man/man3/snmp_sess_select_info.3
-#usr/man/man3/snmp_sess_send.3
-#usr/man/man3/snmp_sess_session.3
-#usr/man/man3/snmp_sess_timeout.3
-#usr/man/man3/snmp_set_mib_warnings.3
-#usr/man/man3/snmp_set_save_descriptions.3
-#usr/man/man3/snmp_timeout.3
-#usr/man/man3/snmp_trap_api.3
-#usr/man/man3/snprint_objid.3
-#usr/man/man3/snprint_value.3
-#usr/man/man3/snprint_variable.3
-#usr/man/man3/sprint_realloc_objid.3
-#usr/man/man3/sprint_realloc_value.3
-#usr/man/man3/sprint_realloc_variable.3
-#usr/man/man3/unregister_app_config_handler.3
-#usr/man/man3/unregister_config_handler.3
-#usr/man/man5/mib2c.conf.5
-#usr/man/man5/snmp.conf.5
-#usr/man/man5/snmp_config.5
-#usr/man/man5/snmpd.conf.5
-#usr/man/man5/snmpd.examples.5
-#usr/man/man5/snmpd.internal.5
-#usr/man/man5/snmptrapd.conf.5
-#usr/man/man5/variables.5
-#usr/man/man8/snmpd.8
-#usr/man/man8/snmptrapd.8
 usr/sbin/snmpd
 usr/sbin/snmptrapd
+#usr/share/man/man1/agentxtrap.1
+#usr/share/man/man1/encode_keychange.1
+#usr/share/man/man1/fixproc.1
+#usr/share/man/man1/mib2c-update.1
+#usr/share/man/man1/mib2c.1
+#usr/share/man/man1/net-snmp-config.1
+#usr/share/man/man1/net-snmp-create-v3-user.1
+#usr/share/man/man1/snmp-bridge-mib.1
+#usr/share/man/man1/snmpbulkget.1
+#usr/share/man/man1/snmpbulkwalk.1
+#usr/share/man/man1/snmpcmd.1
+#usr/share/man/man1/snmpconf.1
+#usr/share/man/man1/snmpdelta.1
+#usr/share/man/man1/snmpdf.1
+#usr/share/man/man1/snmpget.1
+#usr/share/man/man1/snmpgetnext.1
+#usr/share/man/man1/snmpinform.1
+#usr/share/man/man1/snmpnetstat.1
+#usr/share/man/man1/snmpset.1
+#usr/share/man/man1/snmpstatus.1
+#usr/share/man/man1/snmptable.1
+#usr/share/man/man1/snmptest.1
+#usr/share/man/man1/snmptranslate.1
+#usr/share/man/man1/snmptrap.1
+#usr/share/man/man1/snmpusm.1
+#usr/share/man/man1/snmpvacm.1
+#usr/share/man/man1/snmpwalk.1
+#usr/share/man/man1/tkmib.1
+#usr/share/man/man1/traptoemail.1
 #usr/share/man/man3/NetSNMP::ASN.3
 #usr/share/man/man3/NetSNMP::OID.3
 #usr/share/man/man3/NetSNMP::TrapReceiver.3
@@ -414,6 +324,109 @@ usr/sbin/snmptrapd
 #usr/share/man/man3/NetSNMP::default_store.3
 #usr/share/man/man3/NetSNMP::netsnmp_request_infoPtr.3
 #usr/share/man/man3/SNMP.3
+#usr/share/man/man3/add_mibdir.3
+#usr/share/man/man3/add_module_replacement.3
+#usr/share/man/man3/config_perror.3
+#usr/share/man/man3/config_pwarn.3
+#usr/share/man/man3/default_store.3
+#usr/share/man/man3/fprint_description.3
+#usr/share/man/man3/fprint_objid.3
+#usr/share/man/man3/fprint_value.3
+#usr/share/man/man3/fprint_variable.3
+#usr/share/man/man3/get_module_node.3
+#usr/share/man/man3/netsnmp_agent_api.3
+#usr/share/man/man3/netsnmp_config_api.3
+#usr/share/man/man3/netsnmp_init_mib.3
+#usr/share/man/man3/netsnmp_mib_api.3
+#usr/share/man/man3/netsnmp_pdu_api.3
+#usr/share/man/man3/netsnmp_read_module.3
+#usr/share/man/man3/netsnmp_sess_api.3
+#usr/share/man/man3/netsnmp_session_api.3
+#usr/share/man/man3/netsnmp_trap_api.3
+#usr/share/man/man3/netsnmp_varbind_api.3
+#usr/share/man/man3/print_description.3
+#usr/share/man/man3/print_mib.3
+#usr/share/man/man3/print_objid.3
+#usr/share/man/man3/print_value.3
+#usr/share/man/man3/print_variable.3
+#usr/share/man/man3/read_all_mibs.3
+#usr/share/man/man3/read_config_print_usage.3
+#usr/share/man/man3/read_configs.3
+#usr/share/man/man3/read_mib.3
+#usr/share/man/man3/read_objid.3
+#usr/share/man/man3/read_premib_configs.3
+#usr/share/man/man3/register_app_config_handler.3
+#usr/share/man/man3/register_app_prenetsnmp_mib_handler.3
+#usr/share/man/man3/register_config_handler.3
+#usr/share/man/man3/register_const_config_handler.3
+#usr/share/man/man3/register_mib_handlers.3
+#usr/share/man/man3/register_prenetsnmp_mib_handler.3
+#usr/share/man/man3/send_easy_trap.3
+#usr/share/man/man3/send_trap_vars.3
+#usr/share/man/man3/send_v2trap.3
+#usr/share/man/man3/shutdown_mib.3
+#usr/share/man/man3/snmp_add_null_var.3
+#usr/share/man/man3/snmp_alarm.3
+#usr/share/man/man3/snmp_alarm_register.3
+#usr/share/man/man3/snmp_alarm_register_hr.3
+#usr/share/man/man3/snmp_alarm_unregister.3
+#usr/share/man/man3/snmp_api_errstring.3
+#usr/share/man/man3/snmp_async_send.3
+#usr/share/man/man3/snmp_clone_pdu.3
+#usr/share/man/man3/snmp_clone_varbind.3
+#usr/share/man/man3/snmp_close.3
+#usr/share/man/man3/snmp_error.3
+#usr/share/man/man3/snmp_fix_pdu.3
+#usr/share/man/man3/snmp_free_pdu.3
+#usr/share/man/man3/snmp_free_var.3
+#usr/share/man/man3/snmp_free_varbind.3
+#usr/share/man/man3/snmp_open.3
+#usr/share/man/man3/snmp_parse_oid.3
+#usr/share/man/man3/snmp_pdu_add_variable.3
+#usr/share/man/man3/snmp_pdu_create.3
+#usr/share/man/man3/snmp_perror.3
+#usr/share/man/man3/snmp_read.3
+#usr/share/man/man3/snmp_select_info.3
+#usr/share/man/man3/snmp_send.3
+#usr/share/man/man3/snmp_sess_async_send.3
+#usr/share/man/man3/snmp_sess_close.3
+#usr/share/man/man3/snmp_sess_error.3
+#usr/share/man/man3/snmp_sess_init.3
+#usr/share/man/man3/snmp_sess_open.3
+#usr/share/man/man3/snmp_sess_perror.3
+#usr/share/man/man3/snmp_sess_read.3
+#usr/share/man/man3/snmp_sess_select_info.3
+#usr/share/man/man3/snmp_sess_send.3
+#usr/share/man/man3/snmp_sess_session.3
+#usr/share/man/man3/snmp_sess_synch_response.3
+#usr/share/man/man3/snmp_sess_timeout.3
+#usr/share/man/man3/snmp_set_mib_errors.3
+#usr/share/man/man3/snmp_set_mib_warnings.3
+#usr/share/man/man3/snmp_set_save_descriptions.3
+#usr/share/man/man3/snmp_set_var_objid.3
+#usr/share/man/man3/snmp_set_var_typed_integer.3
+#usr/share/man/man3/snmp_set_var_typed_value.3
+#usr/share/man/man3/snmp_set_var_value.3
+#usr/share/man/man3/snmp_synch_response.3
+#usr/share/man/man3/snmp_timeout.3
+#usr/share/man/man3/snmp_varlist_add_variable.3
+#usr/share/man/man3/snprint_description.3
+#usr/share/man/man3/snprint_objid.3
+#usr/share/man/man3/snprint_value.3
+#usr/share/man/man3/snprint_variable.3
+#usr/share/man/man3/unregister_all_config_handlers.3
+#usr/share/man/man3/unregister_app_config_handler.3
+#usr/share/man/man3/unregister_config_handler.3
+#usr/share/man/man5/mib2c.conf.5
+#usr/share/man/man5/snmp.conf.5
+#usr/share/man/man5/snmp_config.5
+#usr/share/man/man5/snmpd.conf.5
+#usr/share/man/man5/snmpd.examples.5
+#usr/share/man/man5/snmpd.internal.5
+#usr/share/man/man5/snmptrapd.conf.5
+#usr/share/man/man5/variables.5
+#usr/share/man/man8/snmpd.8
+#usr/share/man/man8/snmptrapd.8
 usr/share/snmp
 usr/share/snmp/mib2c-data
 usr/share/snmp/mib2c-data/default-mfd-top.m2c
@@ -425,6 +438,7 @@ usr/share/snmp/mib2c-data/generic-ctx-get.m2i
 usr/share/snmp/mib2c-data/generic-ctx-set.m2i
 usr/share/snmp/mib2c-data/generic-data-allocate.m2i
 usr/share/snmp/mib2c-data/generic-data-context.m2i
+usr/share/snmp/mib2c-data/generic-get-U64.m2i
 usr/share/snmp/mib2c-data/generic-get-char.m2i
 usr/share/snmp/mib2c-data/generic-get-decl-bot.m2i
 usr/share/snmp/mib2c-data/generic-get-decl.m2i
@@ -500,10 +514,12 @@ usr/share/snmp/mib2c.mfd.conf
 usr/share/snmp/mib2c.notify.conf
 usr/share/snmp/mib2c.old-api.conf
 usr/share/snmp/mib2c.perl.conf
+usr/share/snmp/mib2c.raw-table.conf
 usr/share/snmp/mib2c.scalar.conf
 usr/share/snmp/mib2c.table_data.conf
 usr/share/snmp/mibs
 usr/share/snmp/mibs/AGENTX-MIB.txt
+usr/share/snmp/mibs/BRIDGE-MIB.txt
 usr/share/snmp/mibs/DISMAN-EVENT-MIB.txt
 usr/share/snmp/mibs/DISMAN-SCHEDULE-MIB.txt
 usr/share/snmp/mibs/DISMAN-SCRIPT-MIB.txt
@@ -520,6 +536,7 @@ usr/share/snmp/mibs/IF-MIB.txt
 usr/share/snmp/mibs/INET-ADDRESS-MIB.txt
 usr/share/snmp/mibs/IP-FORWARD-MIB.txt
 usr/share/snmp/mibs/IP-MIB.txt
+usr/share/snmp/mibs/IPV6-FLOW-LABEL-MIB.txt
 usr/share/snmp/mibs/IPV6-ICMP-MIB.txt
 usr/share/snmp/mibs/IPV6-MIB.txt
 usr/share/snmp/mibs/IPV6-TC.txt
@@ -529,6 +546,7 @@ usr/share/snmp/mibs/NET-SNMP-AGENT-MIB.txt
 usr/share/snmp/mibs/NET-SNMP-EXAMPLES-MIB.txt
 usr/share/snmp/mibs/NET-SNMP-EXTEND-MIB.txt
 usr/share/snmp/mibs/NET-SNMP-MIB.txt
+usr/share/snmp/mibs/NET-SNMP-PASS-MIB.txt
 usr/share/snmp/mibs/NET-SNMP-TC.txt
 usr/share/snmp/mibs/NET-SNMP-VACM-MIB.txt
 usr/share/snmp/mibs/NOTIFICATION-LOG-MIB.txt
@@ -544,6 +562,8 @@ usr/share/snmp/mibs/SNMP-MPD-MIB.txt
 usr/share/snmp/mibs/SNMP-NOTIFICATION-MIB.txt
 usr/share/snmp/mibs/SNMP-PROXY-MIB.txt
 usr/share/snmp/mibs/SNMP-TARGET-MIB.txt
+usr/share/snmp/mibs/SNMP-TLS-TM-MIB.txt
+usr/share/snmp/mibs/SNMP-TSM-MIB.txt
 usr/share/snmp/mibs/SNMP-USER-BASED-SM-MIB.txt
 usr/share/snmp/mibs/SNMP-USM-AES-MIB.txt
 usr/share/snmp/mibs/SNMP-USM-DH-OBJECTS-MIB.txt
@@ -555,6 +575,7 @@ usr/share/snmp/mibs/SNMPv2-TC.txt
 usr/share/snmp/mibs/SNMPv2-TM.txt
 usr/share/snmp/mibs/TCP-MIB.txt
 usr/share/snmp/mibs/TRANSPORT-ADDRESS-MIB.txt
+usr/share/snmp/mibs/TUNNEL-MIB.txt
 usr/share/snmp/mibs/UCD-DEMO-MIB.txt
 usr/share/snmp/mibs/UCD-DISKIO-MIB.txt
 usr/share/snmp/mibs/UCD-DLMOD-MIB.txt
@@ -586,4 +607,5 @@ usr/share/snmp/snmpconf-data/snmptrapd-data/logging
 usr/share/snmp/snmpconf-data/snmptrapd-data/runtime
 usr/share/snmp/snmpconf-data/snmptrapd-data/snmpconf-config
 usr/share/snmp/snmpconf-data/snmptrapd-data/traphandle
+var/ipfire/backup/addons/includes/netsnmpd
 etc/rc.d/init.d/netsnmpd

diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu
index 50620663a059e9de2d0e63f90798c5d8b6c0a292..9896139ce2209ad06573002ca64870137a666ee5 100644 (file)
--- a/config/rootfiles/packages/qemu
+++ b/config/rootfiles/packages/qemu
@@ -7,19 +7,33 @@ usr/bin/qemu-img
 usr/bin/qemu-io
 usr/bin/qemu-nbd
 usr/bin/qemu-system-arm
+usr/bin/qemu-system-i386
+usr/libexec/qemu-bridge-helper
 #usr/share/doc/qemu
 #usr/share/doc/qemu/qemu-doc.html
 #usr/share/doc/qemu/qemu-tech.html
+#usr/share/doc/qemu/qmp-commands.txt
 #usr/share/man/man1/qemu-img.1
 #usr/share/man/man1/qemu.1
 #usr/share/man/man8/qemu-nbd.8
-usr/share/qemu
+#usr/share/qemu
+usr/share/qemu/QEMU,cgthree.bin
+usr/share/qemu/QEMU,tcx.bin
+usr/share/qemu/acpi-dsdt.aml
 usr/share/qemu/bamboo.dtb
+usr/share/qemu/bios-256k.bin
 usr/share/qemu/bios.bin
-usr/share/qemu/extboot.bin
+usr/share/qemu/efi-e1000.rom
+usr/share/qemu/efi-eepro100.rom
+usr/share/qemu/efi-ne2k_pci.rom
+usr/share/qemu/efi-pcnet.rom
+usr/share/qemu/efi-rtl8139.rom
+usr/share/qemu/efi-virtio.rom
 usr/share/qemu/keymaps
 usr/share/qemu/keymaps/ar
+usr/share/qemu/keymaps/bepo
 usr/share/qemu/keymaps/common
+usr/share/qemu/keymaps/cz
 usr/share/qemu/keymaps/da
 usr/share/qemu/keymaps/de
 usr/share/qemu/keymaps/de-ch
@@ -53,12 +67,13 @@ usr/share/qemu/keymaps/sl
 usr/share/qemu/keymaps/sv
 usr/share/qemu/keymaps/th
 usr/share/qemu/keymaps/tr
+usr/share/qemu/kvmvapic.bin
 usr/share/qemu/linuxboot.bin
-usr/share/qemu/mpc8544ds.dtb
 usr/share/qemu/multiboot.bin
 usr/share/qemu/openbios-ppc
 usr/share/qemu/openbios-sparc32
 usr/share/qemu/openbios-sparc64
+usr/share/qemu/palcode-clipper
 usr/share/qemu/petalogix-ml605.dtb
 usr/share/qemu/petalogix-s3adsp1800.dtb
 usr/share/qemu/ppc_rom.bin
@@ -68,12 +83,19 @@ usr/share/qemu/pxe-ne2k_pci.rom
 usr/share/qemu/pxe-pcnet.rom
 usr/share/qemu/pxe-rtl8139.rom
 usr/share/qemu/pxe-virtio.rom
+usr/share/qemu/q35-acpi-dsdt.aml
+usr/share/qemu/qemu-icon.bmp
+usr/share/qemu/qemu_logo_no_text.svg
+usr/share/qemu/s390-ccw.img
 usr/share/qemu/s390-zipl.rom
+usr/share/qemu/sgabios.bin
 usr/share/qemu/slof.bin
 usr/share/qemu/spapr-rtas.bin
-usr/share/qemu/vapic.bin
+usr/share/qemu/trace-events
+usr/share/qemu/u-boot.e500
 usr/share/qemu/vgabios-cirrus.bin
 usr/share/qemu/vgabios-qxl.bin
 usr/share/qemu/vgabios-stdvga.bin
 usr/share/qemu/vgabios-vmware.bin
 usr/share/qemu/vgabios.bin
+#usr/var/run

diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf
index f0906e5470dadb88bf4acec9acc45c5d5183f2b6..9d1e6e1ff5e5510483af261cb00eced32bb5893a 100644 (file)
--- a/config/ssl/openssl.cnf
+++ b/config/ssl/openssl.cnf
@@ -21,7 +21,7 @@ RANDFILE      = $dir/tmp/.rand
 x509_extensions        = usr_cert
 default_days   = 999999
 default_crl_days= 30
-default_md     = md5
+default_md     = sha256
 preserve       = no
 policy         = policy_match
 email_in_dn    = no
@@ -35,7 +35,7 @@ commonName            = supplied
 emailAddress           = optional
 
 [ req ]
-default_bits           = 1024
+default_bits           = 2048
 default_keyfile        = privkey.pem
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes

diff --git a/config/syslinux/syslinux.cfg b/config/syslinux/syslinux.cfg
index cfb8113cf6e57fc4cda28c730bd91f45b044bebe..39521675da77d42d730d9e9f8458e9f0f4ffd47f 100644 (file)
--- a/config/syslinux/syslinux.cfg
+++ b/config/syslinux/syslinux.cfg
@@ -50,6 +50,7 @@ Run the installer in text mode.
                ENDTEXT
                KERNEL vmlinuz
                INITRD instroot
+               APPEND novga
 
        LABEL unattended
                MENU LABEL Unattended installation

diff --git a/config/udev/60-net.rules b/config/udev/60-net.rules
new file mode 100644 (file)
index 0000000..4f22a1e
--- /dev/null
+++ b/config/udev/60-net.rules
@@ -0,0 +1,3 @@
+# Call a script that checks for the right name of the new device.
+# If it matches the configuration it will be renamed accordingly.
+ACTION=="add", SUBSYSTEM=="net", PROGRAM="/lib/udev/network-hotplug-rename", RESULT=="?*", NAME="$result"

diff --git a/config/udev/network-hotplug-rename b/config/udev/network-hotplug-rename
new file mode 100644 (file)
index 0000000..331b788
--- /dev/null
+++ b/config/udev/network-hotplug-rename
@@ -0,0 +1,75 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2015  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+# Check if all appropriate variables are set
+[ -n "${INTERFACE}" ] || exit 2
+
+# Ignore virtual interfaces, etc.
+case "${INTERFACE}" in
+       lo)
+               exit 0
+               ;;
+       tun*)
+               exit 0
+               ;;
+       ppp*)
+               exit 0
+               ;;
+esac
+
+# Check if INTERFACE actually exists
+[ -d "/sys/class/net/${INTERFACE}" ] || exit 1
+
+# If the network configuration is not readable,
+# we cannot go on.
+if [ ! -r "/var/ipfire/ethernet/settings" ]; then
+       exit 1
+fi
+
+# Read network settings
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+
+# Standard zones
+ZONES="RED GREEN ORANGE BLUE"
+
+# Determine the address of INTERFACE
+ADDRESS="$(</sys/class/net/${INTERFACE}/address)"
+
+# Walk through all zones and find the matching interface
+for zone in ${ZONES}; do
+       address="${zone}_MACADDR"
+       device="${zone}_DEV"
+
+       # Skip if address or device is unset
+       [ -n "${!address}" -a -n "${!device}" ] || continue
+
+       # If a matching interface has been found we will
+       # print the name to which udev will rename it.
+       if [ "${ADDRESS}" = "${!address}" ]; then
+               echo "${!device}"
+               exit 0
+       fi
+done
+
+# If we get here we have not found a matching device,
+# but we won't return an error any way. The new device
+# will remain with the previous name.
+exit 0

diff --git a/config/xtables-addons/mconfig b/config/xtables-addons/mconfig
new file mode 100644 (file)
index 0000000..933d717
--- /dev/null
+++ b/config/xtables-addons/mconfig
@@ -0,0 +1,24 @@
+# -*- Makefile -*-
+#
+build_ACCOUNT=m
+build_CHAOS=m
+build_DELUDE=m
+build_DHCPMAC=m
+build_DNETMAP=m
+build_ECHO=m
+build_IPMARK=m
+build_LOGMARK=m
+build_SYSRQ=n
+build_TARPIT=m
+build_condition=m
+build_fuzzy=m
+build_geoip=m
+build_gradm=n
+build_iface=m
+build_ipp2p=m
+build_ipv4options=m
+build_length2=m
+build_lscan=m
+build_pknock=m
+build_psd=m
+build_quota2=m

diff --git a/doc/language_issues.de b/doc/language_issues.de
index e41f48b7771daaac8759099ea634f2a21e7867ea..90accb3c006af286c1d56470df931d1734683a65 100644 (file)
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -75,6 +75,7 @@ WARNING: translation string unused: bad characters in
 WARNING: translation string unused: behind a proxy
 WARNING: translation string unused: bitrate
 WARNING: translation string unused: bleeding rules
+WARNING: translation string unused: block
 WARNING: translation string unused: blue access use hint
 WARNING: translation string unused: blue interface
 WARNING: translation string unused: cache management
@@ -243,6 +244,7 @@ WARNING: translation string unused: fwhost Standard Network
 WARNING: translation string unused: fwhost attention
 WARNING: translation string unused: fwhost blue
 WARNING: translation string unused: fwhost changeremark
+WARNING: translation string unused: fwhost cust geoip
 WARNING: translation string unused: fwhost err addrgrp
 WARNING: translation string unused: fwhost err hostorip
 WARNING: translation string unused: fwhost err mac
@@ -258,6 +260,9 @@ WARNING: translation string unused: fwhost wo subnet
 WARNING: translation string unused: gen static key
 WARNING: translation string unused: generate
 WARNING: translation string unused: genkey
+WARNING: translation string unused: geoipblock country code
+WARNING: translation string unused: geoipblock country name
+WARNING: translation string unused: geoipblock flag
 WARNING: translation string unused: green interface
 WARNING: translation string unused: gz with key
 WARNING: translation string unused: hint
@@ -275,6 +280,7 @@ WARNING: translation string unused: ike encryption
 WARNING: translation string unused: ike grouptype
 WARNING: translation string unused: ike integrity
 WARNING: translation string unused: ike lifetime
+WARNING: translation string unused: ike lifetime should be between 1 and 24 hours
 WARNING: translation string unused: import
 WARNING: translation string unused: importkey
 WARNING: translation string unused: in
@@ -417,6 +423,7 @@ WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
 WARNING: translation string unused: ovpn config
+WARNING: translation string unused: ovpn device
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn engines
 WARNING: translation string unused: ovpn log
@@ -575,6 +582,8 @@ WARNING: translation string unused: transfer limits
 WARNING: translation string unused: transparent on
 WARNING: translation string unused: umount
 WARNING: translation string unused: umount removable media before to unplug
+WARNING: translation string unused: unblock
+WARNING: translation string unused: unblock all
 WARNING: translation string unused: unencrypted
 WARNING: translation string unused: update transcript
 WARNING: translation string unused: updates
@@ -631,7 +640,9 @@ WARNING: untranslated string: bytes
 WARNING: untranslated string: community rules
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: emerging rules
+WARNING: untranslated string: fwhost cust geoipgrp
 WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: no data
 WARNING: untranslated string: qos add subclass
 WARNING: untranslated string: route config changed
@@ -639,3 +650,4 @@ WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: show tls-auth key
+WARNING: untranslated string: vpn statistics n2n

diff --git a/doc/language_issues.en b/doc/language_issues.en
index 290da0275e9423f74c88a5aaaf8f465df65f94a4..1f1c78d611d429299eeece9aaa2f4a1975cf77f5 100644 (file)
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -93,6 +93,7 @@ WARNING: translation string unused: bewan adsl pci st
 WARNING: translation string unused: bewan adsl usb
 WARNING: translation string unused: bitrate
 WARNING: translation string unused: bleeding rules
+WARNING: translation string unused: block
 WARNING: translation string unused: blue access use hint
 WARNING: translation string unused: blue interface
 WARNING: translation string unused: cache management
@@ -266,6 +267,7 @@ WARNING: translation string unused: fwhost Standard Network
 WARNING: translation string unused: fwhost attention
 WARNING: translation string unused: fwhost blue
 WARNING: translation string unused: fwhost changeremark
+WARNING: translation string unused: fwhost cust geoip
 WARNING: translation string unused: fwhost err addrgrp
 WARNING: translation string unused: fwhost err hostorip
 WARNING: translation string unused: fwhost err mac
@@ -283,6 +285,9 @@ WARNING: translation string unused: g.lite
 WARNING: translation string unused: gen static key
 WARNING: translation string unused: generate
 WARNING: translation string unused: genkey
+WARNING: translation string unused: geoipblock country code
+WARNING: translation string unused: geoipblock country name
+WARNING: translation string unused: geoipblock flag
 WARNING: translation string unused: green interface
 WARNING: translation string unused: gz with key
 WARNING: translation string unused: hint
@@ -300,6 +305,7 @@ WARNING: translation string unused: ike encryption
 WARNING: translation string unused: ike grouptype
 WARNING: translation string unused: ike integrity
 WARNING: translation string unused: ike lifetime
+WARNING: translation string unused: ike lifetime should be between 1 and 24 hours
 WARNING: translation string unused: import
 WARNING: translation string unused: importkey
 WARNING: translation string unused: in
@@ -444,6 +450,7 @@ WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
 WARNING: translation string unused: ovpn config
+WARNING: translation string unused: ovpn device
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn engines
 WARNING: translation string unused: ovpn log
@@ -608,6 +615,8 @@ WARNING: translation string unused: transfer limits
 WARNING: translation string unused: transparent on
 WARNING: translation string unused: umount
 WARNING: translation string unused: umount removable media before to unplug
+WARNING: translation string unused: unblock
+WARNING: translation string unused: unblock all
 WARNING: translation string unused: unencrypted
 WARNING: translation string unused: update transcript
 WARNING: translation string unused: updates
@@ -663,9 +672,12 @@ WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: bytes
+WARNING: untranslated string: fwhost cust geoipgrp
 WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: no data
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: vpn statistics n2n

diff --git a/doc/language_issues.es b/doc/language_issues.es
index c93d40cb4ff5c49c62fa71d3924b186fab0a3d8f..9910db6a0c1979a75885a9aab06994f209a6d350 100644 (file)
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -233,6 +233,9 @@ WARNING: translation string unused: g.lite
 WARNING: translation string unused: gen static key
 WARNING: translation string unused: generate
 WARNING: translation string unused: genkey
+WARNING: translation string unused: geoipblock country code
+WARNING: translation string unused: geoipblock country name
+WARNING: translation string unused: geoipblock flag
 WARNING: translation string unused: green interface
 WARNING: translation string unused: gz with key
 WARNING: translation string unused: hint
@@ -250,6 +253,7 @@ WARNING: translation string unused: ike encryption
 WARNING: translation string unused: ike grouptype
 WARNING: translation string unused: ike integrity
 WARNING: translation string unused: ike lifetime
+WARNING: translation string unused: ike lifetime should be between 1 and 24 hours
 WARNING: translation string unused: import
 WARNING: translation string unused: importkey
 WARNING: translation string unused: in
@@ -378,6 +382,7 @@ WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
 WARNING: translation string unused: ovpn config
+WARNING: translation string unused: ovpn device
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
 WARNING: translation string unused: ovpn_fastio
@@ -649,6 +654,7 @@ WARNING: untranslated string: ccd none
 WARNING: untranslated string: ccd routes
 WARNING: untranslated string: ccd subnet
 WARNING: untranslated string: ccd used
+WARNING: untranslated string: check all
 WARNING: untranslated string: count
 WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
@@ -793,6 +799,7 @@ WARNING: untranslated string: fwdfw wd_thu
 WARNING: untranslated string: fwdfw wd_tue
 WARNING: untranslated string: fwdfw wd_wed
 WARNING: untranslated string: fwhost OpenVPN N-2-N
+WARNING: untranslated string: fwhost addgeoipgrp
 WARNING: untranslated string: fwhost addgrp
 WARNING: untranslated string: fwhost addgrpname
 WARNING: untranslated string: fwhost addhost
@@ -805,6 +812,9 @@ WARNING: untranslated string: fwhost ccdhost
 WARNING: untranslated string: fwhost ccdnet
 WARNING: untranslated string: fwhost change
 WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
 WARNING: untranslated string: fwhost cust grp
 WARNING: untranslated string: fwhost cust net
 WARNING: untranslated string: fwhost cust service
@@ -844,6 +854,7 @@ WARNING: untranslated string: fwhost ip_mac
 WARNING: untranslated string: fwhost ipsec net
 WARNING: untranslated string: fwhost menu
 WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgeoipgrp
 WARNING: untranslated string: fwhost newgrp
 WARNING: untranslated string: fwhost newhost
 WARNING: untranslated string: fwhost newnet
@@ -862,6 +873,7 @@ WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
+WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming compression in bytes per second
@@ -948,6 +960,9 @@ WARNING: untranslated string: ovpn routes push options
 WARNING: untranslated string: p2p block
 WARNING: untranslated string: p2p block save notice
 WARNING: untranslated string: pakfire ago
+WARNING: untranslated string: pptp netconfig
+WARNING: untranslated string: pptp peer
+WARNING: untranslated string: pptp route
 WARNING: untranslated string: proxy reports
 WARNING: untranslated string: proxy reports daily
 WARNING: untranslated string: proxy reports monthly
@@ -962,6 +977,7 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: samba join a domain
 WARNING: untranslated string: samba join domain
+WARNING: untranslated string: search
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
@@ -1023,6 +1039,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uncheck all
 WARNING: untranslated string: uplink
 WARNING: untranslated string: upload dh key
 WARNING: untranslated string: uptime load average
@@ -1030,6 +1047,9 @@ WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn keyexchange
+WARNING: untranslated string: vpn statistic n2n
+WARNING: untranslated string: vpn statistic rw
+WARNING: untranslated string: vpn statistics n2n
 WARNING: untranslated string: wlan client
 WARNING: untranslated string: wlan client advanced settings
 WARNING: untranslated string: wlan client and

diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index c1dedc59c3cdb1d4ba97ea6d5c130af0b7b23f7d..ef01a1e106e5b4f2c561b06a1179201031e3b11f 100644 (file)
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -250,6 +250,7 @@ WARNING: translation string unused: ike encryption
 WARNING: translation string unused: ike grouptype
 WARNING: translation string unused: ike integrity
 WARNING: translation string unused: ike lifetime
+WARNING: translation string unused: ike lifetime should be between 1 and 24 hours
 WARNING: translation string unused: import
 WARNING: translation string unused: importkey
 WARNING: translation string unused: in
@@ -389,6 +390,7 @@ WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
 WARNING: translation string unused: ovpn config
+WARNING: translation string unused: ovpn device
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
 WARNING: translation string unused: ovpn_fastio
@@ -659,6 +661,7 @@ WARNING: untranslated string: ccd none
 WARNING: untranslated string: ccd routes
 WARNING: untranslated string: ccd subnet
 WARNING: untranslated string: ccd used
+WARNING: untranslated string: check all
 WARNING: untranslated string: count
 WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
@@ -804,6 +807,7 @@ WARNING: untranslated string: fwdfw wd_thu
 WARNING: untranslated string: fwdfw wd_tue
 WARNING: untranslated string: fwdfw wd_wed
 WARNING: untranslated string: fwhost OpenVPN N-2-N
+WARNING: untranslated string: fwhost addgeoipgrp
 WARNING: untranslated string: fwhost addgrp
 WARNING: untranslated string: fwhost addgrpname
 WARNING: untranslated string: fwhost addhost
@@ -816,6 +820,9 @@ WARNING: untranslated string: fwhost ccdhost
 WARNING: untranslated string: fwhost ccdnet
 WARNING: untranslated string: fwhost change
 WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
 WARNING: untranslated string: fwhost cust grp
 WARNING: untranslated string: fwhost cust net
 WARNING: untranslated string: fwhost cust service
@@ -855,6 +862,7 @@ WARNING: untranslated string: fwhost ip_mac
 WARNING: untranslated string: fwhost ipsec net
 WARNING: untranslated string: fwhost menu
 WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgeoipgrp
 WARNING: untranslated string: fwhost newgrp
 WARNING: untranslated string: fwhost newhost
 WARNING: untranslated string: fwhost newnet
@@ -871,8 +879,16 @@ WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
+WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming compression in bytes per second
@@ -955,6 +971,9 @@ WARNING: untranslated string: ovpn port in root range
 WARNING: untranslated string: p2p block
 WARNING: untranslated string: p2p block save notice
 WARNING: untranslated string: pakfire ago
+WARNING: untranslated string: pptp netconfig
+WARNING: untranslated string: pptp peer
+WARNING: untranslated string: pptp route
 WARNING: untranslated string: proxy reports
 WARNING: untranslated string: proxy reports daily
 WARNING: untranslated string: proxy reports monthly
@@ -969,6 +988,7 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: samba join a domain
 WARNING: untranslated string: samba join domain
+WARNING: untranslated string: search
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
@@ -1031,6 +1051,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uncheck all
 WARNING: untranslated string: uplink
 WARNING: untranslated string: upload dh key
 WARNING: untranslated string: upload new ruleset
@@ -1041,6 +1062,9 @@ WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn keyexchange
+WARNING: untranslated string: vpn statistic n2n
+WARNING: untranslated string: vpn statistic rw
+WARNING: untranslated string: vpn statistics n2n
 WARNING: untranslated string: wlan client
 WARNING: untranslated string: wlan client advanced settings
 WARNING: untranslated string: wlan client and

diff --git a/doc/language_issues.it b/doc/language_issues.it
new file mode 100644 (file)
index 0000000..522fee3
--- /dev/null
+++ b/doc/language_issues.it
@@ -0,0 +1,724 @@
+WARNING: translation string unused: Client status and controlc
+WARNING: translation string unused: ConnSched scheduler
+WARNING: translation string unused: ConnSched select profile
+WARNING: translation string unused: HDD temperature
+WARNING: translation string unused: Level7 rule
+WARNING: translation string unused: Local VPN IP
+WARNING: translation string unused: Ping
+WARNING: translation string unused: Queuelenght
+WARNING: translation string unused: Remote IP
+WARNING: translation string unused: Remote VPN IP
+WARNING: translation string unused: Resolv
+WARNING: translation string unused: TOS Bits
+WARNING: translation string unused: Verbose
+WARNING: translation string unused: access allowed
+WARNING: translation string unused: access refused with this oinkcode
+WARNING: translation string unused: add a new rule
+WARNING: translation string unused: add network
+WARNING: translation string unused: add new ovpn
+WARNING: translation string unused: add service
+WARNING: translation string unused: add xtaccess
+WARNING: translation string unused: add-route
+WARNING: translation string unused: admin user password has been changed
+WARNING: translation string unused: administrator user password
+WARNING: translation string unused: advproxy LDAP auth
+WARNING: translation string unused: advproxy NTLM auth
+WARNING: translation string unused: advproxy advanced proxy
+WARNING: translation string unused: advproxy chgwebpwd ERROR
+WARNING: translation string unused: advproxy chgwebpwd SUCCESS
+WARNING: translation string unused: advproxy chgwebpwd change password
+WARNING: translation string unused: advproxy chgwebpwd change web password
+WARNING: translation string unused: advproxy chgwebpwd new password
+WARNING: translation string unused: advproxy chgwebpwd new password confirm
+WARNING: translation string unused: advproxy chgwebpwd old password
+WARNING: translation string unused: advproxy chgwebpwd username
+WARNING: translation string unused: advproxy cre disabled
+WARNING: translation string unused: advproxy errmsg change fail
+WARNING: translation string unused: advproxy errmsg change success
+WARNING: translation string unused: advproxy errmsg invalid user
+WARNING: translation string unused: advproxy errmsg no password
+WARNING: translation string unused: advproxy errmsg password incorrect
+WARNING: translation string unused: advproxy no cre groups
+WARNING: translation string unused: advproxy ssadvanced proxy
+WARNING: translation string unused: advproxy update information
+WARNING: translation string unused: advproxy update notification
+WARNING: translation string unused: again
+WARNING: translation string unused: age seconds
+WARNING: translation string unused: age shour
+WARNING: translation string unused: age sminute
+WARNING: translation string unused: age ssecond
+WARNING: translation string unused: alcatelusb help
+WARNING: translation string unused: alcatelusb upload
+WARNING: translation string unused: all interfaces
+WARNING: translation string unused: all updates installed
+WARNING: translation string unused: allmsg
+WARNING: translation string unused: alt information
+WARNING: translation string unused: alt ovpn
+WARNING: translation string unused: alt vpn
+WARNING: translation string unused: and
+WARNING: translation string unused: ansi t1.483
+WARNING: translation string unused: apply
+WARNING: translation string unused: archive not exist
+WARNING: translation string unused: attemps
+WARNING: translation string unused: available updates
+WARNING: translation string unused: avoid dod
+WARNING: translation string unused: backup archive
+WARNING: translation string unused: backup clear archive
+WARNING: translation string unused: backup config floppy
+WARNING: translation string unused: backup configuration
+WARNING: translation string unused: backup erase key
+WARNING: translation string unused: backup explain key
+WARNING: translation string unused: backup explain key li1
+WARNING: translation string unused: backup explain key li2
+WARNING: translation string unused: backup explain key li3
+WARNING: translation string unused: backup explain key no1
+WARNING: translation string unused: backup explain key no2
+WARNING: translation string unused: backup export key
+WARNING: translation string unused: backup extract key
+WARNING: translation string unused: backup generate key
+WARNING: translation string unused: backup import dat file
+WARNING: translation string unused: backup import key
+WARNING: translation string unused: backup key
+WARNING: translation string unused: backup key file
+WARNING: translation string unused: backup key info
+WARNING: translation string unused: backup media info
+WARNING: translation string unused: backup missing key
+WARNING: translation string unused: backup password
+WARNING: translation string unused: backup protect key password
+WARNING: translation string unused: backup sets
+WARNING: translation string unused: backup to floppy
+WARNING: translation string unused: bad characters in
+WARNING: translation string unused: behind a proxy
+WARNING: translation string unused: bewan adsl pci st
+WARNING: translation string unused: bewan adsl usb
+WARNING: translation string unused: bitrate
+WARNING: translation string unused: bleeding rules
+WARNING: translation string unused: blue access use hint
+WARNING: translation string unused: blue interface
+WARNING: translation string unused: cache management
+WARNING: translation string unused: cache size
+WARNING: translation string unused: calamaris report interval (in minutes)
+WARNING: translation string unused: calc traffic all x minutes
+WARNING: translation string unused: cant enable xtaccess
+WARNING: translation string unused: capsinactive
+WARNING: translation string unused: ccd err iroute
+WARNING: translation string unused: ccd err netadr
+WARNING: translation string unused: cfg restart
+WARNING: translation string unused: check for net traffic update
+WARNING: translation string unused: choose config
+WARNING: translation string unused: choose media
+WARNING: translation string unused: clear cache
+WARNING: translation string unused: compression
+WARNING: translation string unused: connect
+WARNING: translation string unused: connect the modem
+WARNING: translation string unused: core notice 1
+WARNING: translation string unused: core notice 2
+WARNING: translation string unused: core notice 3
+WARNING: translation string unused: could not connect to
+WARNING: translation string unused: could not connect to www ipcop org
+WARNING: translation string unused: could not connect to www ipfire org
+WARNING: translation string unused: could not create directory
+WARNING: translation string unused: could not download latest patch list
+WARNING: translation string unused: could not download the available updates list
+WARNING: translation string unused: could not open available updates file
+WARNING: translation string unused: could not open installed updates file
+WARNING: translation string unused: could not open update information file
+WARNING: translation string unused: create
+WARNING: translation string unused: create new backup
+WARNING: translation string unused: current dynamic leases
+WARNING: translation string unused: current media
+WARNING: translation string unused: current ovpn
+WARNING: translation string unused: current profile
+WARNING: translation string unused: custom networks
+WARNING: translation string unused: custom services
+WARNING: translation string unused: daily firewallhits
+WARNING: translation string unused: dat without key
+WARNING: translation string unused: day-graph
+WARNING: translation string unused: dbfile
+WARNING: translation string unused: ddns help dnsmadeeasy
+WARNING: translation string unused: ddns help freedns
+WARNING: translation string unused: ddns help plus
+WARNING: translation string unused: ddns minimize updates
+WARNING: translation string unused: ddns noip prefix
+WARNING: translation string unused: debugme
+WARNING: translation string unused: deep scan directories
+WARNING: translation string unused: default ip
+WARNING: translation string unused: default networks
+WARNING: translation string unused: default services
+WARNING: translation string unused: description
+WARNING: translation string unused: destination ip bad
+WARNING: translation string unused: destination ip or net
+WARNING: translation string unused: destination net
+WARNING: translation string unused: destination port overlaps
+WARNING: translation string unused: dh name is invalid
+WARNING: translation string unused: dhcp base ip fixed lease
+WARNING: translation string unused: dhcp create fixed leases
+WARNING: translation string unused: dhcp fixed lease err1
+WARNING: translation string unused: dhcp fixed lease help1
+WARNING: translation string unused: dhcp mode
+WARNING: translation string unused: dhcp server disabled on blue interface
+WARNING: translation string unused: dhcp server enabled on blue interface
+WARNING: translation string unused: dial user password
+WARNING: translation string unused: dial user password has been changed
+WARNING: translation string unused: dialup settings
+WARNING: translation string unused: disconnect
+WARNING: translation string unused: disconnects
+WARNING: translation string unused: display traffic at home
+WARNING: translation string unused: display webinterface effects
+WARNING: translation string unused: dmz pinhole configuration
+WARNING: translation string unused: dmz pinhole rule added
+WARNING: translation string unused: dmz pinhole rule removed
+WARNING: translation string unused: dmzpinholes for same net not necessary
+WARNING: translation string unused: dns server
+WARNING: translation string unused: do not log this port list
+WARNING: translation string unused: domain not set
+WARNING: translation string unused: donation-link
+WARNING: translation string unused: done
+WARNING: translation string unused: download dh parameter
+WARNING: translation string unused: driver
+WARNING: translation string unused: dstprt range overlaps
+WARNING: translation string unused: dstprt within existing
+WARNING: translation string unused: dynamic dns client
+WARNING: translation string unused: eciadsl help
+WARNING: translation string unused: eciadsl upload
+WARNING: translation string unused: edit a rule
+WARNING: translation string unused: edit network
+WARNING: translation string unused: edit service
+WARNING: translation string unused: editor
+WARNING: translation string unused: eg
+WARNING: translation string unused: email server can not be empty
+WARNING: translation string unused: enable javascript
+WARNING: translation string unused: enable wildcards
+WARNING: translation string unused: enabled on
+WARNING: translation string unused: enabledtitle
+WARNING: translation string unused: encrypted
+WARNING: translation string unused: err bk 1
+WARNING: translation string unused: err bk 10 password
+WARNING: translation string unused: err bk 2 key
+WARNING: translation string unused: err bk 3 tar
+WARNING: translation string unused: err bk 4 gz
+WARNING: translation string unused: err bk 5 encrypt
+WARNING: translation string unused: err rs 1
+WARNING: translation string unused: err rs 6 decrypt
+WARNING: translation string unused: err rs 7 untartst
+WARNING: translation string unused: err rs 8 untar
+WARNING: translation string unused: error config
+WARNING: translation string unused: error external access
+WARNING: translation string unused: esp encryption
+WARNING: translation string unused: esp grouptype
+WARNING: translation string unused: esp integrity
+WARNING: translation string unused: esp keylife
+WARNING: translation string unused: expected
+WARNING: translation string unused: expertoptions
+WARNING: translation string unused: exportkey
+WARNING: translation string unused: external access
+WARNING: translation string unused: external access configuration
+WARNING: translation string unused: external access rule added
+WARNING: translation string unused: external access rule changed
+WARNING: translation string unused: external access rule removed
+WARNING: translation string unused: extrahd
+WARNING: translation string unused: extrahd unable to read
+WARNING: translation string unused: extrahd unable to write
+WARNING: translation string unused: filename
+WARNING: translation string unused: firewall graphs
+WARNING: translation string unused: firewall log viewer
+WARNING: translation string unused: firmware
+WARNING: translation string unused: firmware upload
+WARNING: translation string unused: force update
+WARNING: translation string unused: forward firewall
+WARNING: translation string unused: forwarding rule added
+WARNING: translation string unused: forwarding rule removed
+WARNING: translation string unused: forwarding rule updated
+WARNING: translation string unused: frequency
+WARNING: translation string unused: fritzdsl help
+WARNING: translation string unused: fritzdsl upload
+WARNING: translation string unused: from email adr
+WARNING: translation string unused: from email pw
+WARNING: translation string unused: from email server
+WARNING: translation string unused: from email user
+WARNING: translation string unused: from warn email bad
+WARNING: translation string unused: fwdfw MODE1
+WARNING: translation string unused: fwdfw MODE2
+WARNING: translation string unused: fwdfw addrule
+WARNING: translation string unused: fwdfw err nosrcip
+WARNING: translation string unused: fwdfw err notgtip
+WARNING: translation string unused: fwdfw err prot_port1
+WARNING: translation string unused: fwdfw final_rule
+WARNING: translation string unused: fwdfw from
+WARNING: translation string unused: fwdfw ipsec network
+WARNING: translation string unused: fwdfw man port
+WARNING: translation string unused: fwdfw menu
+WARNING: translation string unused: fwdfw natport used
+WARNING: translation string unused: fwdfw p2p txt
+WARNING: translation string unused: fwdfw rule action
+WARNING: translation string unused: fwdfw rules
+WARNING: translation string unused: fwdfw std network
+WARNING: translation string unused: fwdfw till
+WARNING: translation string unused: fwdfw time
+WARNING: translation string unused: fwdfw xt access
+WARNING: translation string unused: fwhost Custom Host
+WARNING: translation string unused: fwhost Custom Network
+WARNING: translation string unused: fwhost IpSec Host
+WARNING: translation string unused: fwhost IpSec Network
+WARNING: translation string unused: fwhost OpenVPN static host
+WARNING: translation string unused: fwhost OpenVPN static network
+WARNING: translation string unused: fwhost Standard Network
+WARNING: translation string unused: fwhost attention
+WARNING: translation string unused: fwhost blue
+WARNING: translation string unused: fwhost changeremark
+WARNING: translation string unused: fwhost err addrgrp
+WARNING: translation string unused: fwhost err hostorip
+WARNING: translation string unused: fwhost err mac
+WARNING: translation string unused: fwhost err partofnet
+WARNING: translation string unused: fwhost green
+WARNING: translation string unused: fwhost hosts
+WARNING: translation string unused: fwhost ipadr
+WARNING: translation string unused: fwhost ipsec host
+WARNING: translation string unused: fwhost orange
+WARNING: translation string unused: fwhost reread
+WARNING: translation string unused: fwhost reset
+WARNING: translation string unused: fwhost wo subnet
+WARNING: translation string unused: g.dtm
+WARNING: translation string unused: g.lite
+WARNING: translation string unused: gen static key
+WARNING: translation string unused: generate
+WARNING: translation string unused: genkey
+WARNING: translation string unused: green interface
+WARNING: translation string unused: gz with key
+WARNING: translation string unused: hint
+WARNING: translation string unused: host
+WARNING: translation string unused: host configuration
+WARNING: translation string unused: hostname and domain already in use
+WARNING: translation string unused: hour-graph
+WARNING: translation string unused: hours2
+WARNING: translation string unused: ibod for dual isdn only
+WARNING: translation string unused: icmp selected but no type
+WARNING: translation string unused: icmp type
+WARNING: translation string unused: id
+WARNING: translation string unused: ids preprocessor
+WARNING: translation string unused: ike encryption
+WARNING: translation string unused: ike grouptype
+WARNING: translation string unused: ike integrity
+WARNING: translation string unused: ike lifetime
+WARNING: translation string unused: ike lifetime should be between 1 and 24 hours
+WARNING: translation string unused: import
+WARNING: translation string unused: importkey
+WARNING: translation string unused: in
+WARNING: translation string unused: incorrect password
+WARNING: translation string unused: insert floppy
+WARNING: translation string unused: insert removable device
+WARNING: translation string unused: install new update
+WARNING: translation string unused: installed
+WARNING: translation string unused: installed updates
+WARNING: translation string unused: intrusion detection system log viewer
+WARNING: translation string unused: intrusion detection system2
+WARNING: translation string unused: invalid cache size
+WARNING: translation string unused: invalid date entered
+WARNING: translation string unused: invalid downlink speed
+WARNING: translation string unused: invalid loaded file
+WARNING: translation string unused: invalid md5sum
+WARNING: translation string unused: invalid port list
+WARNING: translation string unused: invalid time entered
+WARNING: translation string unused: invalid uplink speed
+WARNING: translation string unused: invalid upstream proxy username or password setting
+WARNING: translation string unused: invert
+WARNING: translation string unused: ip address in use
+WARNING: translation string unused: ipfire side
+WARNING: translation string unused: ipsec no connections
+WARNING: translation string unused: iptable rules
+WARNING: translation string unused: isdn
+WARNING: translation string unused: isdn settings
+WARNING: translation string unused: isdn1
+WARNING: translation string unused: isdn2
+WARNING: translation string unused: javascript menu error1
+WARNING: translation string unused: javascript menu error2
+WARNING: translation string unused: kernel version
+WARNING: translation string unused: key stuff
+WARNING: translation string unused: lateprompting
+WARNING: translation string unused: length
+WARNING: translation string unused: line
+WARNING: translation string unused: loaded modules
+WARNING: translation string unused: local hard disk
+WARNING: translation string unused: localkeyfile
+WARNING: translation string unused: log enabled
+WARNING: translation string unused: log viewer
+WARNING: translation string unused: logging
+WARNING: translation string unused: loosedirectorychecking
+WARNING: translation string unused: ls_dhcpd
+WARNING: translation string unused: ls_disk space
+WARNING: translation string unused: ls_free/swan
+WARNING: translation string unused: ls_httpd
+WARNING: translation string unused: ls_init
+WARNING: translation string unused: ls_kernel
+WARNING: translation string unused: ls_modprobe
+WARNING: translation string unused: ls_pam_unix
+WARNING: translation string unused: ls_sshd
+WARNING: translation string unused: ls_syslogd
+WARNING: translation string unused: mac address error not 00
+WARNING: translation string unused: manage ovpn
+WARNING: translation string unused: manual control and status
+WARNING: translation string unused: marked
+WARNING: translation string unused: max incoming size
+WARNING: translation string unused: max outgoing size
+WARNING: translation string unused: max size
+WARNING: translation string unused: mbmon fan in
+WARNING: translation string unused: mbmon graphs
+WARNING: translation string unused: mbmon temp in
+WARNING: translation string unused: mbmon value
+WARNING: translation string unused: min size
+WARNING: translation string unused: missing dat
+WARNING: translation string unused: missing gz
+WARNING: translation string unused: mode
+WARNING: translation string unused: modem on com1
+WARNING: translation string unused: modem on com2
+WARNING: translation string unused: modem on com3
+WARNING: translation string unused: modem on com4
+WARNING: translation string unused: modem on com5
+WARNING: translation string unused: modulation
+WARNING: translation string unused: month-graph
+WARNING: translation string unused: monthly firewallhits
+WARNING: translation string unused: monthly start day bad
+WARNING: translation string unused: monthly traffic bad
+WARNING: translation string unused: monthly volume
+WARNING: translation string unused: monthly volume start day
+WARNING: translation string unused: monthly volume start day short
+WARNING: translation string unused: mount
+WARNING: translation string unused: mtu QoS
+WARNING: translation string unused: nat-traversal
+WARNING: translation string unused: net
+WARNING: translation string unused: net address
+WARNING: translation string unused: net config type
+WARNING: translation string unused: net config type help
+WARNING: translation string unused: net-traffic configuration
+WARNING: translation string unused: network added
+WARNING: translation string unused: network configuration
+WARNING: translation string unused: network removed
+WARNING: translation string unused: network status information
+WARNING: translation string unused: network time
+WARNING: translation string unused: network traffic graphs
+WARNING: translation string unused: network updated
+WARNING: translation string unused: networks settings
+WARNING: translation string unused: never
+WARNING: translation string unused: new optionsfw must boot
+WARNING: translation string unused: no alcatelusb firmware
+WARNING: translation string unused: no cfg upload
+WARNING: translation string unused: no eciadsl synch.bin file
+WARNING: translation string unused: no fritzdsl driver
+WARNING: translation string unused: no information available
+WARNING: translation string unused: no modem selected
+WARNING: translation string unused: no set selected
+WARNING: translation string unused: nonetworkname
+WARNING: translation string unused: noservicename
+WARNING: translation string unused: notes
+WARNING: translation string unused: o-no
+WARNING: translation string unused: o-yes
+WARNING: translation string unused: online help en
+WARNING: translation string unused: only red
+WARNING: translation string unused: open to all
+WARNING: translation string unused: openvpn disabled
+WARNING: translation string unused: openvpn enabled
+WARNING: translation string unused: optional data
+WARNING: translation string unused: optionsfw portlist hint
+WARNING: translation string unused: optionsfw warning
+WARNING: translation string unused: or
+WARNING: translation string unused: original
+WARNING: translation string unused: our donors
+WARNING: translation string unused: out
+WARNING: translation string unused: outgoing firewall
+WARNING: translation string unused: outgoing firewall add ip group
+WARNING: translation string unused: outgoing firewall add mac group
+WARNING: translation string unused: outgoing firewall edit ip group
+WARNING: translation string unused: outgoing firewall edit mac group
+WARNING: translation string unused: outgoing firewall group error
+WARNING: translation string unused: outgoing firewall groups
+WARNING: translation string unused: outgoing firewall ip groups
+WARNING: translation string unused: outgoing firewall mac groups
+WARNING: translation string unused: outgoing firewall mode0
+WARNING: translation string unused: outgoing firewall mode1
+WARNING: translation string unused: outgoing firewall mode2
+WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
+WARNING: translation string unused: outgoing firewall p2p description 1
+WARNING: translation string unused: outgoing firewall p2p description 2
+WARNING: translation string unused: outgoing firewall p2p description 3
+WARNING: translation string unused: outgoing firewall reset
+WARNING: translation string unused: outgoing firewall view group
+WARNING: translation string unused: outgoing firewall warning
+WARNING: translation string unused: override mtu
+WARNING: translation string unused: ovpn config
+WARNING: translation string unused: ovpn device
+WARNING: translation string unused: ovpn dl
+WARNING: translation string unused: ovpn engines
+WARNING: translation string unused: ovpn log
+WARNING: translation string unused: ovpn reneg sec
+WARNING: translation string unused: ovpn_fastio
+WARNING: translation string unused: ovpn_mssfix
+WARNING: translation string unused: ovpn_mtudisc
+WARNING: translation string unused: ovpn_processprio
+WARNING: translation string unused: ovpn_processprioD
+WARNING: translation string unused: ovpn_processprioED
+WARNING: translation string unused: ovpn_processprioEH
+WARNING: translation string unused: ovpn_processprioEN
+WARNING: translation string unused: ovpn_processprioH
+WARNING: translation string unused: ovpn_processprioLN
+WARNING: translation string unused: ovpn_processprioN
+WARNING: translation string unused: ovpn_processprioVD
+WARNING: translation string unused: ovpn_processprioVH
+WARNING: translation string unused: ovpnstatus log
+WARNING: translation string unused: ovpnsys log
+WARNING: translation string unused: package failed to install
+WARNING: translation string unused: pakfire core update auto
+WARNING: translation string unused: pakfire updates
+WARNING: translation string unused: password contains illegal characters
+WARNING: translation string unused: password crypting key
+WARNING: translation string unused: passwords must be at least 6 characters in length
+WARNING: translation string unused: phase1 group
+WARNING: translation string unused: phonebook entry
+WARNING: translation string unused: ping disabled
+WARNING: translation string unused: polfile
+WARNING: translation string unused: port forwarding configuration
+WARNING: translation string unused: ports
+WARNING: translation string unused: pots
+WARNING: translation string unused: pppoe
+WARNING: translation string unused: present
+WARNING: translation string unused: profiles
+WARNING: translation string unused: proxy
+WARNING: translation string unused: proxy access graphs
+WARNING: translation string unused: proxy no proxy extend
+WARNING: translation string unused: proxy no proxy local
+WARNING: translation string unused: proxy port
+WARNING: translation string unused: psk
+WARNING: translation string unused: quick control
+WARNING: translation string unused: reboot ask
+WARNING: translation string unused: reboot question
+WARNING: translation string unused: reboot schedule
+WARNING: translation string unused: reboot sure
+WARNING: translation string unused: refresh update list
+WARNING: translation string unused: released
+WARNING: translation string unused: removable device advice
+WARNING: translation string unused: reportfile
+WARNING: translation string unused: requested data
+WARNING: translation string unused: reserved dst port
+WARNING: translation string unused: reserved src port
+WARNING: translation string unused: restore hardware settings
+WARNING: translation string unused: root
+WARNING: translation string unused: root path
+WARNING: translation string unused: root user password
+WARNING: translation string unused: route subnet is invalid
+WARNING: translation string unused: router ip
+WARNING: translation string unused: rsvd dst port overlap
+WARNING: translation string unused: rsvd src port overlap
+WARNING: translation string unused: rules already up to date
+WARNING: translation string unused: safe removal of umounted device
+WARNING: translation string unused: save error
+WARNING: translation string unused: select dest net
+WARNING: translation string unused: select media
+WARNING: translation string unused: select source net
+WARNING: translation string unused: selecttraffic
+WARNING: translation string unused: send email notification
+WARNING: translation string unused: send test mail
+WARNING: translation string unused: server reserved
+WARNING: translation string unused: service added
+WARNING: translation string unused: service removed
+WARNING: translation string unused: service updated
+WARNING: translation string unused: servicename
+WARNING: translation string unused: services settings
+WARNING: translation string unused: shaping add options
+WARNING: translation string unused: shaping list options
+WARNING: translation string unused: show areas
+WARNING: translation string unused: show lines
+WARNING: translation string unused: shutdown ask
+WARNING: translation string unused: shutdown sure
+WARNING: translation string unused: shutdown2
+WARNING: translation string unused: sitekeyfile
+WARNING: translation string unused: smbreload
+WARNING: translation string unused: source ip bad
+WARNING: translation string unused: source ip in use
+WARNING: translation string unused: source ip or net
+WARNING: translation string unused: source net
+WARNING: translation string unused: source network
+WARNING: translation string unused: source port in use
+WARNING: translation string unused: source port overlaps
+WARNING: translation string unused: squid extension methods
+WARNING: translation string unused: squid extension methods invalid
+WARNING: translation string unused: squid fix cache
+WARNING: translation string unused: srcprt range overlaps
+WARNING: translation string unused: srcprt within existing
+WARNING: translation string unused: ssdmz pinholes
+WARNING: translation string unused: ssh access tip
+WARNING: translation string unused: ssh1 disabled
+WARNING: translation string unused: ssh1 enabled
+WARNING: translation string unused: ssh1 support
+WARNING: translation string unused: ssnetwork status
+WARNING: translation string unused: sspasswords
+WARNING: translation string unused: ssport forwarding
+WARNING: translation string unused: ssproxy graphs
+WARNING: translation string unused: sssystem status
+WARNING: translation string unused: sstraffic graphs
+WARNING: translation string unused: subject test
+WARNING: translation string unused: subject warn
+WARNING: translation string unused: subnet
+WARNING: translation string unused: subnet is invalid
+WARNING: translation string unused: successfully refreshed updates list
+WARNING: translation string unused: system graphs
+WARNING: translation string unused: system log viewer
+WARNING: translation string unused: system status information
+WARNING: translation string unused: teovpn_fragment
+WARNING: translation string unused: test
+WARNING: translation string unused: test email could not be sent
+WARNING: translation string unused: test email was sent
+WARNING: translation string unused: the following update was successfully installed
+WARNING: translation string unused: there are updates
+WARNING: translation string unused: there are updates available
+WARNING: translation string unused: this feature has been sponsored by
+WARNING: translation string unused: this is not a valid archive
+WARNING: translation string unused: this is not an authorised update
+WARNING: translation string unused: this months volume
+WARNING: translation string unused: this update is already installed
+WARNING: translation string unused: this weeks volume
+WARNING: translation string unused: time date manually reset
+WARNING: translation string unused: to email adr
+WARNING: translation string unused: to install an update
+WARNING: translation string unused: to warn email bad
+WARNING: translation string unused: too long 80 char max
+WARNING: translation string unused: tor 0 = disabled
+WARNING: translation string unused: tor accounting period daily
+WARNING: translation string unused: tor accounting period monthly
+WARNING: translation string unused: tor accounting period weekly
+WARNING: translation string unused: tor bridge enabled
+WARNING: translation string unused: tor errmsg invalid node id
+WARNING: translation string unused: tor exit country
+WARNING: translation string unused: total connection time
+WARNING: translation string unused: traffic back
+WARNING: translation string unused: traffic calc time
+WARNING: translation string unused: traffic calc time bad
+WARNING: translation string unused: traffic info messages
+WARNING: translation string unused: traffic monitor
+WARNING: translation string unused: traffic shaping
+WARNING: translation string unused: traffic shaping settings
+WARNING: translation string unused: traffic warn level bad
+WARNING: translation string unused: trafficblue
+WARNING: translation string unused: trafficdate
+WARNING: translation string unused: trafficfrom
+WARNING: translation string unused: trafficgreen
+WARNING: translation string unused: trafficin
+WARNING: translation string unused: trafficorange
+WARNING: translation string unused: trafficout
+WARNING: translation string unused: trafficred
+WARNING: translation string unused: trafficsum
+WARNING: translation string unused: trafficto
+WARNING: translation string unused: transfer limits
+WARNING: translation string unused: transparent on
+WARNING: translation string unused: umount
+WARNING: translation string unused: umount removable media before to unplug
+WARNING: translation string unused: unencrypted
+WARNING: translation string unused: update transcript
+WARNING: translation string unused: updates
+WARNING: translation string unused: updates is old1
+WARNING: translation string unused: updates is old2
+WARNING: translation string unused: updxlrtr children
+WARNING: translation string unused: updxlrtr invalid num of children
+WARNING: translation string unused: updxlrtr sources
+WARNING: translation string unused: updxlrtr standard view
+WARNING: translation string unused: updxlrtr unknown
+WARNING: translation string unused: updxlrtr update information
+WARNING: translation string unused: updxlrtr update notification
+WARNING: translation string unused: updxlrtr used by
+WARNING: translation string unused: upload fcdsl.o
+WARNING: translation string unused: upload file
+WARNING: translation string unused: upload static key
+WARNING: translation string unused: upload successful
+WARNING: translation string unused: upload synch.bin
+WARNING: translation string unused: upload update file
+WARNING: translation string unused: upstream password
+WARNING: translation string unused: upstream proxy host:port
+WARNING: translation string unused: upstream username
+WARNING: translation string unused: uptime
+WARNING: translation string unused: uptime and users
+WARNING: translation string unused: urlfilter background image
+WARNING: translation string unused: urlfilter background text
+WARNING: translation string unused: urlfilter enable jpeg
+WARNING: translation string unused: urlfilter update information
+WARNING: translation string unused: urlfilter update notification
+WARNING: translation string unused: urlfilter update results
+WARNING: translation string unused: urlfilter upload background
+WARNING: translation string unused: use
+WARNING: translation string unused: use dov
+WARNING: translation string unused: use ibod
+WARNING: translation string unused: view log
+WARNING: translation string unused: vpn aggrmode
+WARNING: translation string unused: vpn configuration main
+WARNING: translation string unused: vpn incompatible use of defaultroute
+WARNING: translation string unused: vpn mtu invalid
+WARNING: translation string unused: vpn on blue
+WARNING: translation string unused: vpn on green
+WARNING: translation string unused: vpn on orange
+WARNING: translation string unused: vpn watch
+WARNING: translation string unused: warn when traffic reaches
+WARNING: translation string unused: web proxy configuration
+WARNING: translation string unused: week-graph
+WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: wildcards
+WARNING: translation string unused: wlanap wlan services
+WARNING: translation string unused: xtaccess all error
+WARNING: translation string unused: xtaccess bad transfert
+WARNING: translation string unused: year-graph
+WARNING: translation string unused: yearly firewallhits
+WARNING: untranslated string: MTU settings
+WARNING: untranslated string: Number of Countries for the pie chart
+WARNING: untranslated string: Scan for Songs
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy basic authentication
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
+WARNING: untranslated string: bytes
+WARNING: untranslated string: check all
+WARNING: untranslated string: fwdfw err concon
+WARNING: untranslated string: fwdfw err ratecon
+WARNING: untranslated string: fwdfw limitconcon
+WARNING: untranslated string: fwdfw maxconcon
+WARNING: untranslated string: fwdfw numcon
+WARNING: untranslated string: fwdfw ratelimit
+WARNING: untranslated string: fwhost addgeoipgrp
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
+WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost newgeoipgrp
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
+WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
+WARNING: untranslated string: incoming compression in bytes per second
+WARNING: untranslated string: incoming overhead in bytes per second
+WARNING: untranslated string: invalid input for valid till days
+WARNING: untranslated string: masquerade blue
+WARNING: untranslated string: masquerade green
+WARNING: untranslated string: masquerade orange
+WARNING: untranslated string: masquerading
+WARNING: untranslated string: masquerading disabled
+WARNING: untranslated string: masquerading enabled
+WARNING: untranslated string: messages
+WARNING: untranslated string: no data
+WARNING: untranslated string: outgoing compression in bytes per second
+WARNING: untranslated string: outgoing overhead in bytes per second
+WARNING: untranslated string: ovpn add conf
+WARNING: untranslated string: pptp netconfig
+WARNING: untranslated string: pptp peer
+WARNING: untranslated string: pptp route
+WARNING: untranslated string: route config changed
+WARNING: untranslated string: routing config added
+WARNING: untranslated string: routing config changed
+WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
+WARNING: untranslated string: search
+WARNING: untranslated string: uncheck all
+WARNING: untranslated string: vpn statistic n2n
+WARNING: untranslated string: vpn statistic rw
+WARNING: untranslated string: vpn statistics n2n

diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 859cc1fd166ce8cb26e8dbbb2f591d351ca320b1..e7d8e08eaef9825c0f2be6cbd3cca3ebfb01e2ce 100644 (file)
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -299,6 +299,7 @@ WARNING: translation string unused: ike encryption
 WARNING: translation string unused: ike grouptype
 WARNING: translation string unused: ike integrity
 WARNING: translation string unused: ike lifetime
+WARNING: translation string unused: ike lifetime should be between 1 and 24 hours
 WARNING: translation string unused: import
 WARNING: translation string unused: importkey
 WARNING: translation string unused: in
@@ -442,6 +443,7 @@ WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
 WARNING: translation string unused: ovpn config
+WARNING: translation string unused: ovpn device
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
 WARNING: translation string unused: ovpn_fastio
@@ -670,6 +672,7 @@ WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: atm device
 WARNING: untranslated string: bytes
 WARNING: untranslated string: capabilities
+WARNING: untranslated string: check all
 WARNING: untranslated string: default
 WARNING: untranslated string: dh
 WARNING: untranslated string: dh key move failed
@@ -690,9 +693,22 @@ WARNING: untranslated string: fwdfw limitconcon
 WARNING: untranslated string: fwdfw maxconcon
 WARNING: untranslated string: fwdfw numcon
 WARNING: untranslated string: fwdfw ratelimit
+WARNING: untranslated string: fwhost addgeoipgrp
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
 WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost newgeoipgrp
 WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
+WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming compression in bytes per second
@@ -733,6 +749,9 @@ WARNING: untranslated string: ovpn dh upload
 WARNING: untranslated string: ovpn generating the root and host certificates
 WARNING: untranslated string: ovpn ha
 WARNING: untranslated string: ovpn hmac
+WARNING: untranslated string: pptp netconfig
+WARNING: untranslated string: pptp peer
+WARNING: untranslated string: pptp route
 WARNING: untranslated string: random number generator daemon
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
@@ -740,10 +759,15 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: samba join a domain
 WARNING: untranslated string: samba join domain
+WARNING: untranslated string: search
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: software version
 WARNING: untranslated string: source ip country
 WARNING: untranslated string: ta key
+WARNING: untranslated string: uncheck all
 WARNING: untranslated string: upload dh key
 WARNING: untranslated string: vendor
+WARNING: untranslated string: vpn statistic n2n
+WARNING: untranslated string: vpn statistic rw
+WARNING: untranslated string: vpn statistics n2n

diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index c93d40cb4ff5c49c62fa71d3924b186fab0a3d8f..9910db6a0c1979a75885a9aab06994f209a6d350 100644 (file)
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -233,6 +233,9 @@ WARNING: translation string unused: g.lite
 WARNING: translation string unused: gen static key
 WARNING: translation string unused: generate
 WARNING: translation string unused: genkey
+WARNING: translation string unused: geoipblock country code
+WARNING: translation string unused: geoipblock country name
+WARNING: translation string unused: geoipblock flag
 WARNING: translation string unused: green interface
 WARNING: translation string unused: gz with key
 WARNING: translation string unused: hint
@@ -250,6 +253,7 @@ WARNING: translation string unused: ike encryption
 WARNING: translation string unused: ike grouptype
 WARNING: translation string unused: ike integrity
 WARNING: translation string unused: ike lifetime
+WARNING: translation string unused: ike lifetime should be between 1 and 24 hours
 WARNING: translation string unused: import
 WARNING: translation string unused: importkey
 WARNING: translation string unused: in
@@ -378,6 +382,7 @@ WARNING: translation string unused: outgoing firewall reset
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
 WARNING: translation string unused: ovpn config
+WARNING: translation string unused: ovpn device
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
 WARNING: translation string unused: ovpn_fastio
@@ -649,6 +654,7 @@ WARNING: untranslated string: ccd none
 WARNING: untranslated string: ccd routes
 WARNING: untranslated string: ccd subnet
 WARNING: untranslated string: ccd used
+WARNING: untranslated string: check all
 WARNING: untranslated string: count
 WARNING: untranslated string: countries
 WARNING: untranslated string: country codes and flags
@@ -793,6 +799,7 @@ WARNING: untranslated string: fwdfw wd_thu
 WARNING: untranslated string: fwdfw wd_tue
 WARNING: untranslated string: fwdfw wd_wed
 WARNING: untranslated string: fwhost OpenVPN N-2-N
+WARNING: untranslated string: fwhost addgeoipgrp
 WARNING: untranslated string: fwhost addgrp
 WARNING: untranslated string: fwhost addgrpname
 WARNING: untranslated string: fwhost addhost
@@ -805,6 +812,9 @@ WARNING: untranslated string: fwhost ccdhost
 WARNING: untranslated string: fwhost ccdnet
 WARNING: untranslated string: fwhost change
 WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
 WARNING: untranslated string: fwhost cust grp
 WARNING: untranslated string: fwhost cust net
 WARNING: untranslated string: fwhost cust service
@@ -844,6 +854,7 @@ WARNING: untranslated string: fwhost ip_mac
 WARNING: untranslated string: fwhost ipsec net
 WARNING: untranslated string: fwhost menu
 WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgeoipgrp
 WARNING: untranslated string: fwhost newgrp
 WARNING: untranslated string: fwhost newhost
 WARNING: untranslated string: fwhost newnet
@@ -862,6 +873,7 @@ WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
+WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming compression in bytes per second
@@ -948,6 +960,9 @@ WARNING: untranslated string: ovpn routes push options
 WARNING: untranslated string: p2p block
 WARNING: untranslated string: p2p block save notice
 WARNING: untranslated string: pakfire ago
+WARNING: untranslated string: pptp netconfig
+WARNING: untranslated string: pptp peer
+WARNING: untranslated string: pptp route
 WARNING: untranslated string: proxy reports
 WARNING: untranslated string: proxy reports daily
 WARNING: untranslated string: proxy reports monthly
@@ -962,6 +977,7 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: samba join a domain
 WARNING: untranslated string: samba join domain
+WARNING: untranslated string: search
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
@@ -1023,6 +1039,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uncheck all
 WARNING: untranslated string: uplink
 WARNING: untranslated string: upload dh key
 WARNING: untranslated string: uptime load average
@@ -1030,6 +1047,9 @@ WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn keyexchange
+WARNING: untranslated string: vpn statistic n2n
+WARNING: untranslated string: vpn statistic rw
+WARNING: untranslated string: vpn statistics n2n
 WARNING: untranslated string: wlan client
 WARNING: untranslated string: wlan client advanced settings
 WARNING: untranslated string: wlan client and

diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 17e3199b11d391e498f399b20e0750233563de3d..95caaa53f10eb82bb0d2133b19eb2ee346f7af16 100644 (file)
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -245,6 +245,7 @@ WARNING: translation string unused: ike encryption
 WARNING: translation string unused: ike grouptype
 WARNING: translation string unused: ike integrity
 WARNING: translation string unused: ike lifetime
+WARNING: translation string unused: ike lifetime should be between 1 and 24 hours
 WARNING: translation string unused: import
 WARNING: translation string unused: importkey
 WARNING: translation string unused: in
@@ -383,6 +384,7 @@ WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
 WARNING: translation string unused: ovpn config
+WARNING: translation string unused: ovpn device
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn log
 WARNING: translation string unused: ovpn_fastio
@@ -652,6 +654,7 @@ WARNING: untranslated string: ccd none
 WARNING: untranslated string: ccd routes
 WARNING: untranslated string: ccd subnet
 WARNING: untranslated string: ccd used
+WARNING: untranslated string: check all
 WARNING: untranslated string: community rules
 WARNING: untranslated string: count
 WARNING: untranslated string: countries
@@ -788,6 +791,7 @@ WARNING: untranslated string: fwdfw wd_thu
 WARNING: untranslated string: fwdfw wd_tue
 WARNING: untranslated string: fwdfw wd_wed
 WARNING: untranslated string: fwhost OpenVPN N-2-N
+WARNING: untranslated string: fwhost addgeoipgrp
 WARNING: untranslated string: fwhost addgrp
 WARNING: untranslated string: fwhost addgrpname
 WARNING: untranslated string: fwhost addhost
@@ -800,6 +804,9 @@ WARNING: untranslated string: fwhost ccdhost
 WARNING: untranslated string: fwhost ccdnet
 WARNING: untranslated string: fwhost change
 WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
 WARNING: untranslated string: fwhost cust grp
 WARNING: untranslated string: fwhost cust net
 WARNING: untranslated string: fwhost cust service
@@ -839,6 +846,7 @@ WARNING: untranslated string: fwhost ip_mac
 WARNING: untranslated string: fwhost ipsec net
 WARNING: untranslated string: fwhost menu
 WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgeoipgrp
 WARNING: untranslated string: fwhost newgrp
 WARNING: untranslated string: fwhost newhost
 WARNING: untranslated string: fwhost newnet
@@ -855,8 +863,16 @@ WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
+WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming compression in bytes per second
@@ -938,6 +954,9 @@ WARNING: untranslated string: ovpn no connections
 WARNING: untranslated string: ovpn port in root range
 WARNING: untranslated string: p2p block
 WARNING: untranslated string: p2p block save notice
+WARNING: untranslated string: pptp netconfig
+WARNING: untranslated string: pptp peer
+WARNING: untranslated string: pptp route
 WARNING: untranslated string: proxy reports
 WARNING: untranslated string: proxy reports daily
 WARNING: untranslated string: proxy reports monthly
@@ -952,6 +971,7 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: samba join a domain
 WARNING: untranslated string: samba join domain
+WARNING: untranslated string: search
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
@@ -1012,6 +1032,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uncheck all
 WARNING: untranslated string: uplink
 WARNING: untranslated string: upload dh key
 WARNING: untranslated string: uptime load average
@@ -1019,6 +1040,9 @@ WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn keyexchange
+WARNING: untranslated string: vpn statistic n2n
+WARNING: untranslated string: vpn statistic rw
+WARNING: untranslated string: vpn statistics n2n
 WARNING: untranslated string: wlan client
 WARNING: untranslated string: wlan client advanced settings
 WARNING: untranslated string: wlan client and

diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 0ebd3988f913e3e078d93d7fed0de1557162aa8d..d57c721a1eb5888c0a63d6ebf1dc474b8ff2a5a4 100644 (file)
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -300,6 +300,7 @@ WARNING: translation string unused: ike encryption
 WARNING: translation string unused: ike grouptype
 WARNING: translation string unused: ike integrity
 WARNING: translation string unused: ike lifetime
+WARNING: translation string unused: ike lifetime should be between 1 and 24 hours
 WARNING: translation string unused: import
 WARNING: translation string unused: importkey
 WARNING: translation string unused: in
@@ -444,6 +445,7 @@ WARNING: translation string unused: outgoing firewall view group
 WARNING: translation string unused: outgoing firewall warning
 WARNING: translation string unused: override mtu
 WARNING: translation string unused: ovpn config
+WARNING: translation string unused: ovpn device
 WARNING: translation string unused: ovpn dl
 WARNING: translation string unused: ovpn engines
 WARNING: translation string unused: ovpn log
@@ -663,7 +665,21 @@ WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: bytes
+WARNING: untranslated string: check all
+WARNING: untranslated string: fwhost addgeoipgrp
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
 WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost newgeoipgrp
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
+WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: incoming compression in bytes per second
 WARNING: untranslated string: incoming overhead in bytes per second
 WARNING: untranslated string: invalid input for valid till days
@@ -671,7 +687,15 @@ WARNING: untranslated string: no data
 WARNING: untranslated string: outgoing compression in bytes per second
 WARNING: untranslated string: outgoing overhead in bytes per second
 WARNING: untranslated string: ovpn add conf
+WARNING: untranslated string: pptp netconfig
+WARNING: untranslated string: pptp peer
+WARNING: untranslated string: pptp route
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: search
+WARNING: untranslated string: uncheck all
+WARNING: untranslated string: vpn statistic n2n
+WARNING: untranslated string: vpn statistic rw
+WARNING: untranslated string: vpn statistics n2n

diff --git a/doc/language_missings b/doc/language_missings
index 05798b91145465f748a1d3aea7123c4814ec687b..b88db57542753842130c1be4a7a8f9655c92dc76 100644 (file)
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -29,6 +29,7 @@
 < atm device
 < attention
 < bit
+< block
 < capabilities
 < ccd add
 < ccd choose net
@@ -70,6 +71,7 @@
 < ccd routes
 < ccd subnet
 < ccd used
+< check all
 < ConnSched dial
 < ConnSched hangup
 < ConnSched reboot
@@ -233,6 +235,7 @@
 < fwdfw wd_tue
 < fwdfw wd_wed
 < fwdfw xt access
+< fwhost addgeoipgrp
 < fwhost addgrp
 < fwhost addgrpname
 < fwhost addhost
@@ -248,6 +251,9 @@
 < fwhost change
 < fwhost changeremark
 < fwhost cust addr
+< fwhost cust geoip
+< fwhost cust geoipgroup
+< fwhost cust geoiplocation
 < fwhost cust grp
 < fwhost cust net
 < fwhost Custom Host
@@ -298,6 +304,7 @@
 < fwhost IpSec Network
 < fwhost menu
 < fwhost netaddress
+< fwhost newgeoipgrp
 < fwhost newgrp
 < fwhost newhost
 < fwhost newnet
@@ -327,6 +334,16 @@
 < fw settings ruletable
 < gen dh
 < generate dh key
+< geoip
+< geoipblock
+< geoipblock block countries
+< geoipblock configuration
+< geoipblock country code
+< geoipblock country is allowed
+< geoipblock country is blocked
+< geoipblock country name
+< geoipblock enable feature
+< geoipblock flag
 < grouptype
 < hardware support
 < imei
@@ -420,6 +437,9 @@
 < ovpn reneg sec
 < p2p block
 < p2p block save notice
+< pptp netconfig
+< pptp peer
+< pptp route
 < proxy reports
 < proxy reports daily
 < proxy reports monthly
@@ -430,6 +450,7 @@
 < red1
 < samba join a domain
 < samba join domain
+< search
 < server restart
 < show dh
 < snat new source ip address
@@ -496,6 +517,9 @@
 < tor traffic limit soft
 < tor traffic read written
 < tor use exit nodes
+< unblock
+< unblock all
+< uncheck all
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
@@ -509,6 +533,8 @@
 < vendor
 < visit us at
 < vpn keyexchange
+< vpn statistic n2n
+< vpn statistic rw
 < wlanap access point
 < wlanap channel
 < wlanap country
@@ -587,6 +613,7 @@
 < atm device
 < attention
 < bit
+< block
 < capabilities
 < ccd add
 < ccd choose net
@@ -628,6 +655,7 @@
 < ccd routes
 < ccd subnet
 < ccd used
+< check all
 < ConnSched dial
 < ConnSched hangup
 < ConnSched reboot
@@ -790,6 +818,7 @@
 < fwdfw wd_tue
 < fwdfw wd_wed
 < fwdfw xt access
+< fwhost addgeoipgrp
 < fwhost addgrp
 < fwhost addgrpname
 < fwhost addhost
@@ -805,6 +834,9 @@
 < fwhost change
 < fwhost changeremark
 < fwhost cust addr
+< fwhost cust geoip
+< fwhost cust geoipgroup
+< fwhost cust geoiplocation
 < fwhost cust grp
 < fwhost cust net
 < fwhost Custom Host
@@ -855,6 +887,7 @@
 < fwhost IpSec Network
 < fwhost menu
 < fwhost netaddress
+< fwhost newgeoipgrp
 < fwhost newgrp
 < fwhost newhost
 < fwhost newnet
@@ -993,6 +1026,9 @@
 < ovpn routes push options
 < p2p block
 < p2p block save notice
+< pptp netconfig
+< pptp peer
+< pptp route
 < proxy reports
 < proxy reports daily
 < proxy reports monthly
@@ -1003,6 +1039,7 @@
 < red1
 < samba join a domain
 < samba join domain
+< search
 < server restart
 < Set time on boot
 < show dh
@@ -1069,6 +1106,9 @@
 < tor traffic limit soft
 < tor traffic read written
 < tor use exit nodes
+< unblock
+< unblock all
+< uncheck all
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
@@ -1079,6 +1119,8 @@
 < vendor
 < visit us at
 < vpn keyexchange
+< vpn statistic n2n
+< vpn statistic rw
 < wlanap country
 < wlan client
 < wlan client advanced settings
@@ -1136,6 +1178,7 @@
 < atm device
 < attention
 < bit
+< block
 < capabilities
 < ccd add
 < ccd choose net
@@ -1177,6 +1220,7 @@
 < ccd routes
 < ccd subnet
 < ccd used
+< check all
 < ConnSched dial
 < ConnSched hangup
 < ConnSched reboot
@@ -1331,6 +1375,7 @@
 < fwdfw wd_tue
 < fwdfw wd_wed
 < fwdfw xt access
+< fwhost addgeoipgrp
 < fwhost addgrp
 < fwhost addgrpname
 < fwhost addhost
@@ -1346,6 +1391,9 @@
 < fwhost change
 < fwhost changeremark
 < fwhost cust addr
+< fwhost cust geoip
+< fwhost cust geoipgroup
+< fwhost cust geoiplocation
 < fwhost cust grp
 < fwhost cust net
 < fwhost Custom Host
@@ -1396,6 +1444,7 @@
 < fwhost IpSec Network
 < fwhost menu
 < fwhost netaddress
+< fwhost newgeoipgrp
 < fwhost newgrp
 < fwhost newhost
 < fwhost newnet
@@ -1425,6 +1474,16 @@
 < fw settings ruletable
 < gen dh
 < generate dh key
+< geoip
+< geoipblock
+< geoipblock block countries
+< geoipblock configuration
+< geoipblock country code
+< geoipblock country is allowed
+< geoipblock country is blocked
+< geoipblock country name
+< geoipblock enable feature
+< geoipblock flag
 < grouptype
 < hardware support
 < imei
@@ -1520,6 +1579,9 @@
 < ovpn routes push options
 < p2p block
 < p2p block save notice
+< pptp netconfig
+< pptp peer
+< pptp route
 < proxy reports
 < proxy reports daily
 < proxy reports monthly
@@ -1530,6 +1592,7 @@
 < red1
 < samba join a domain
 < samba join domain
+< search
 < server restart
 < show dh
 < snat new source ip address
@@ -1594,6 +1657,9 @@
 < tor traffic limit soft
 < tor traffic read written
 < tor use exit nodes
+< unblock
+< unblock all
+< uncheck all
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
@@ -1604,6 +1670,8 @@
 < vendor
 < visit us at
 < vpn keyexchange
+< vpn statistic n2n
+< vpn statistic rw
 < wlanap country
 < wlan client
 < wlan client advanced settings
@@ -1662,6 +1730,7 @@
 < atm device
 < attention
 < bit
+< block
 < capabilities
 < ccd add
 < ccd choose net
@@ -1703,6 +1772,7 @@
 < ccd routes
 < ccd subnet
 < ccd used
+< check all
 < ConnSched dial
 < ConnSched hangup
 < ConnSched reboot
@@ -1861,6 +1931,7 @@
 < fwdfw wd_tue
 < fwdfw wd_wed
 < fwdfw xt access
+< fwhost addgeoipgrp
 < fwhost addgrp
 < fwhost addgrpname
 < fwhost addhost
@@ -1876,6 +1947,9 @@
 < fwhost change
 < fwhost changeremark
 < fwhost cust addr
+< fwhost cust geoip
+< fwhost cust geoipgroup
+< fwhost cust geoiplocation
 < fwhost cust grp
 < fwhost cust net
 < fwhost Custom Host
@@ -1926,6 +2000,7 @@
 < fwhost IpSec Network
 < fwhost menu
 < fwhost netaddress
+< fwhost newgeoipgrp
 < fwhost newgrp
 < fwhost newhost
 < fwhost newnet
@@ -1955,6 +2030,16 @@
 < fw settings ruletable
 < gen dh
 < generate dh key
+< geoip
+< geoipblock
+< geoipblock block countries
+< geoipblock configuration
+< geoipblock country code
+< geoipblock country is allowed
+< geoipblock country is blocked
+< geoipblock country name
+< geoipblock enable feature
+< geoipblock flag
 < grouptype
 < hardware support
 < hour-graph
@@ -2050,6 +2135,9 @@
 < ovpn reneg sec
 < p2p block
 < p2p block save notice
+< pptp netconfig
+< pptp peer
+< pptp route
 < proxy reports
 < proxy reports daily
 < proxy reports monthly
@@ -2060,6 +2148,7 @@
 < red1
 < samba join a domain
 < samba join domain
+< search
 < server restart
 < show dh
 < snat new source ip address
@@ -2124,6 +2213,9 @@
 < tor traffic limit soft
 < tor traffic read written
 < tor use exit nodes
+< unblock
+< unblock all
+< uncheck all
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
@@ -2134,6 +2226,8 @@
 < vendor
 < visit us at
 < vpn keyexchange
+< vpn statistic n2n
+< vpn statistic rw
 < week-graph
 < wlanap country
 < wlan client

diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi
index f1ed2125a2cb9e253ca332f7de01c1b09985e601..5c17d33e276a51c4a90bda383e2c616af012c818 100644 (file)
--- a/html/cgi-bin/connections.cgi
+++ b/html/cgi-bin/connections.cgi
@@ -520,7 +520,8 @@ foreach my $line (@conntrack) {
        }
 
        my $sip_colour = ipcolour($sip);
-       my $dip_colour = ipcolour($dip);
+       # use colour of destination network for DNAT
+       my $dip_colour = $dip ne $dip_ret ? ipcolour($dip_ret) : ipcolour($dip);
 
        my $sserv = '';
        if ($sport < 1024) {

diff --git a/html/cgi-bin/country.cgi b/html/cgi-bin/country.cgi
index 76035fb46d76ad0c4775e300e8d4c975dcc2b36f..f2ae81300905ee5fafb995224471cdbe5a09aa54 100644 (file)
--- a/html/cgi-bin/country.cgi
+++ b/html/cgi-bin/country.cgi
@@ -21,16 +21,14 @@
 
 use strict;
 
-use Locale::Country;
+use Locale::Codes::Country;
 
-my $flagdir = '/srv/web/ipfire/html/images/flags';
+my $col;
 my $lines = '1';
 my $lines2 = '';
-my @flaglist=();
-my @flaglistfiles=();
-my $flag = '';
 
 require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/geoip-functions.pl";
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 
@@ -40,40 +38,41 @@ require "${General::swroot}/header.pl";
 &Header::openbigbox('100%', 'left');
 
 &Header::openbox('100%', 'left', $Lang::tr{'country codes and flags'});
-print "<table class='tbl'>";
-print "<tr><th style='width=5%;'><b>$Lang::tr{'flag'}</b></th>";
-print "<th style='width=5%;'><b>$Lang::tr{'countrycode'}</b></th>";
-print "<th style='width=40%; text-align:left;'><b>$Lang::tr{'country'}</b></th>";
-print "<th>&nbsp;</th>";
-print "<th style='width=5%;'><b>$Lang::tr{'flag'}</b></th>";
-print "<th style='width=5%;'><b>$Lang::tr{'countrycode'}</b></th>";
-print "<th style='width=40%; text-align:left;'><b>$Lang::tr{'country'}</b></th></tr>";
-
-@flaglist = <$flagdir/*>;
-
-undef @flaglistfiles;
-
-foreach (@flaglist)
-{
-       if (!-d) { push(@flaglistfiles,substr($_,rindex($_,"/")+1));    }
-}
-my $col="";
-foreach $flag (@flaglistfiles)
-{
+
+print<<END;
+<table class='tbl'>
+       <tr>
+               <th style='width=5%'><b>$Lang::tr{'flag'}</b></th>
+               <th style='width=5%'><b>$Lang::tr{'countrycode'}</b></th>
+               <th style='width=40% text-align:left'><b>$Lang::tr{'country'}</b></th>
+               <th>&nbsp;</th>
+               <th style='width=5%'><b>$Lang::tr{'flag'}</b></th>
+               <th style='width=5%;'><b>$Lang::tr{'countrycode'}</b></th>
+               <th style='width=40% text-align:left;'><b>$Lang::tr{'country'}</b></th>
+       </tr>
+END
+
+# Get a list of all supported country codes.
+my @countries = Locale::Codes::Country::all_country_codes();
+
+# Loop through whole country list.
+foreach my $country (@countries) {
        $lines++;
 
-       my $flagcode = uc(substr($flag, 0, 2));
-       my $fcode = lc($flagcode);
-       my $country = Locale::Country::code2country($fcode);
-       if($fcode eq 'eu') { $country = 'Europe'; }
-       if($fcode eq 'tp') { $country = 'East Timor'; }
-       if($fcode eq 'yu') { $country = 'Yugoslavia'; }
+       # Convert country code into upper case.
+       my $country_uc = uc($country);
+
+       # Get flag icon for of the country.
+       my $flag_icon = &GeoIP::get_flag_icon($country);
+
+       # Get country name.
+       my $name = &GeoIP::get_full_country_name($country);
+
        if ($lines % 2) {
-               print "<td $col><a id='$fcode'><img src='/images/flags/$fcode.png' alt='$flagcode' title='$flagcode'/></a></td>";
-               print "<td $col>$flagcode</td>";
-               print "<td $col>$country</td></tr>\n";
-       }
-       else {
+               print "<td $col><a id='$country'><img src='$flag_icon' alt='$country_uc' title='$country_uc'/></a></td>";
+               print "<td $col>$country_uc</td>";
+               print "<td $col>$name</td></tr>\n";
+       } else {
                $lines2++;
                if($lines2 % 2) {
                        $col="style='background-color:${Header::table2colour};'";
@@ -81,25 +80,25 @@ foreach $flag (@flaglistfiles)
                        $col="style='background-color:${Header::table1colour};'";
                }
                print "<tr>";
-               print "<td $col><a id='$fcode'><img src='/images/flags/$fcode.png' alt='$flagcode' title='$flagcode'/></a></td>";
-               print "<td $col>$flagcode</td>";
-               print "<td $col>$country</td>";
+               print "<td $col><a id='$country'><img src='$flag_icon' alt='$country_uc' title='$country_uc'/></a></td>";
+               print "<td $col>$country_uc</td>";
+               print "<td $col>$name</td>";
                print "<td $col>&nbsp;</td>";
+
+               # Finish column when the last element in the array has passed and we have an uneven amount of items.
+               if ( $country eq $countries[-1] ) {
+                       print "<td $col>&nbsp;</td>\n";
+                       print "<td $col>&nbsp;</td>\n";
+                       print "<td $col>&nbsp;</td></tr>\n";
+               }
        }
 }
-
-
 print "</table>";
 &Header::closebox();
 
 &Header::closebigbox();
 
-print <<END
-<div style='text-align:center'>
-<a href='$ENV{'HTTP_REFERER'}'>$Lang::tr{'back'}</a>
-</div>
-END
-; 
+print "<div style='text-align:center'><a href='$ENV{'HTTP_REFERER'}'>$Lang::tr{'back'}</a></div>\n";
 
 &Header::closepage();
 

diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi
index 044aa971849ea4132c7702a7ceb885e1a2cb7857..73a41d903fae41b47024f38ce18237adca36556c 100644 (file)
--- a/html/cgi-bin/ddns.cgi
+++ b/html/cgi-bin/ddns.cgi
@@ -44,10 +44,8 @@ my $settingsfile = "${General::swroot}/ddns/settings";
 # Config file to store the configured ddns providers.
 my $datafile = "${General::swroot}/ddns/config";
 
-# Dynamic ddns programm call.
-my @ddnsprog = ("/usr/bin/ddns", "--config",
-               "/var/ipfire/ddns/ddns.conf",
-               "update-all");
+# Call the ddnsctrl helper binary to perform the update.
+my @ddnsprog = ("/usr/local/bin/ddnsctrl", "update-all");
 
 my %settings=();
 my $errormessage = '';
@@ -700,11 +698,6 @@ sub GenerateDDNSConfigFile {
                        print FILE "password = $password\n";
                }
 
-               # These providers need to be set to only use IPv4.
-               if ($provider ~~ ["freedns.afraid.org", "nsupdate.info", "opendns.com", "variomedia.de", "zoneedit.com"]) {
-                       print FILE "proto = ipv4\n";
-               }
-
                print FILE "\n";
        }
 

diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
index 9a7d983eefd0233693a9e647a4c692ef2ef05442..dd48d58cb0d5cca8347e3ce93ca7361c6d48dc77 100644 (file)
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -438,6 +438,9 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'add'}.'2') {
        if ($dhcpsettings{'KEY2'} eq '') { #add or edit ?
            unshift (@current2, "$dhcpsettings{'FIX_MAC'},$dhcpsettings{'FIX_ADDR'},$dhcpsettings{'FIX_ENABLED'},$dhcpsettings{'FIX_NEXTADDR'},$dhcpsettings{'FIX_FILENAME'},$dhcpsettings{'FIX_ROOTPATH'},$dhcpsettings{'FIX_REMARK'}\n");
            &General::log($Lang::tr{'fixed ip lease added'});
+
+           # Enter edit mode
+           $dhcpsettings{'KEY2'} = $key;
        } else {
            @current2[$dhcpsettings{'KEY2'}] = "$dhcpsettings{'FIX_MAC'},$dhcpsettings{'FIX_ADDR'},$dhcpsettings{'FIX_ENABLED'},$dhcpsettings{'FIX_NEXTADDR'},$dhcpsettings{'FIX_FILENAME'},$dhcpsettings{'FIX_ROOTPATH'},$dhcpsettings{'FIX_REMARK'}\n";
            $dhcpsettings{'KEY2'} = '';       # End edit mode
@@ -857,12 +860,31 @@ print <<END
 </tr>
 </table>
 </form>
+<hr />
 END
 ;
 #Edited line number (KEY2) passed until cleared by 'save' or 'remove' or 'new sort order'
 
+# Search for static leases
+my $search_query = $dhcpsettings{'q'};
+
+if (scalar @current2 >= 10) {
+       print <<END;
+               <form method="POST" action="#search">
+                       <a name="search"></a>
+                       <table width='100%'>
+                               <tr>
+                                       <td>
+                                               <input type="text" name="q" value="$search_query">
+                                               <input type="submit" value="$Lang::tr{'search'}">
+                                       </td>
+                               </tr>
+                       </table>
+               </form>
+END
+}
+
 print <<END
-<hr />
 <table width='100%' class='tbl'>
 <tr>
     <th width='20%' align='center'><a href='$ENV{'SCRIPT_NAME'}?FETHER'><b>$Lang::tr{'mac address'}</b></a></th>
@@ -918,6 +940,11 @@ foreach my $line (@current2) {
        $gdesc = $Lang::tr{'click to enable'}; 
     }
 
+    # Skip all entries that do not match the search query
+    if ($search_query ne "") {
+       next if (!grep(/$search_query/, @temp));
+    }
+
     if ($dhcpsettings{'KEY2'} eq $key) {
        print "<tr>";
        $col="bgcolor='${Header::colouryellow}'";

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 39b732ce36b77d073d064758cbefbc9d77e314b3..c207ec74873aff8c68185fe199eb9ca30afcdb7d 100644 (file)
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -33,6 +33,7 @@ no warnings 'uninitialized';
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
+require "${General::swroot}/geoip-functions.pl";
 require "/usr/lib/firewall/firewall-lib.pl";
 
 unless (-d "${General::swroot}/firewall")                      { system("mkdir ${General::swroot}/firewall"); }
@@ -47,6 +48,7 @@ my %defaultNetworks=();
 my %netsettings=();
 my %customhost=();
 my %customgrp=();
+my %customgeoipgrp=();
 my %customnetworks=();
 my %customservice=();
 my %customservicegrp=();
@@ -74,6 +76,7 @@ my $color;
 my $confignet          = "${General::swroot}/fwhosts/customnetworks";
 my $confighost         = "${General::swroot}/fwhosts/customhosts";
 my $configgrp          = "${General::swroot}/fwhosts/customgroups";
+my $configgeoipgrp     = "${General::swroot}/fwhosts/customgeoipgrp";
 my $configsrv          = "${General::swroot}/fwhosts/customservices";
 my $configsrvgrp       = "${General::swroot}/fwhosts/customservicegrp";
 my $configccdnet       = "${General::swroot}/ovpn/ccd.conf";
@@ -154,6 +157,19 @@ print<<END;
                        \$("#actions").toggle();
                });
 
+               // Hide SNAT items when DNAT is selected and vice versa.
+               if (\$('input[name=nat]:checked').val() == 'dnat') {
+                       \$('.snat').hide();
+               } else {
+                       \$('.dnat').hide();
+               }
+
+               // Show/Hide elements when SNAT/DNAT get changed.
+               \$('input[name=nat]').change(function() {
+                       \$('.snat').toggle();
+                       \$('.dnat').toggle();
+               });
+
                // Time constraints
                if(!\$("#USE_TIME_CONSTRAINTS").attr("checked")) {
                        \$("#TIME_CONSTRAINTS").hide();
@@ -1060,6 +1076,54 @@ END
                }
                print"</select></td>";
        }
+       # geoip locations / groups.
+       my @geoip_locations = &fwlib::get_geoip_locations();
+
+       print "<tr>\n";
+       print "<td valign='top'><input type='radio' name='$grp' id='cust_geoip_$srctgt' value='cust_geoip_$srctgt' $checked{$grp}{'cust_geoip_'.$srctgt}></td>\n";
+       print "<td>$Lang::tr{'geoip'}</td>\n";
+       print "<td align='right'><select name='cust_geoip_$srctgt' style='width:200px;'>\n";
+
+       # Add GeoIP groups to dropdown.
+       if (!-z $configgeoipgrp) {
+               print "<optgroup label='$Lang::tr{'fwhost cust geoipgroup'}'>\n";
+               foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } keys %customgeoipgrp) {
+                       my $selected;
+
+                       # Generate stored value for select detection.
+                       my $stored = join(':', "group",$customgeoipgrp{$key}[0]);
+
+                       # Only show a group once and group with elements.
+                       if($helper ne $customgeoipgrp{$key}[0] && $customgeoipgrp{$key}[2] ne 'none') {
+                               # Mark current entry as selected.
+                               if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $stored) {
+                                       $selected = "selected='selected'";
+                               }
+                                print"<option $selected value='group:$customgeoipgrp{$key}[0]'>$customgeoipgrp{$key}[0]</option>\n";
+                        }
+                        $helper=$customgeoipgrp{$key}[0];
+                }
+               print "</optgroup>\n";
+       }
+
+       # Add locations.
+       print "<optgroup label='$Lang::tr{'fwhost cust geoiplocation'}'>\n";
+       foreach my $location (@geoip_locations) {
+               # Get country name.
+               my $country_name = &GeoIP::get_full_country_name($location);
+
+               # Mark current entry as selected.
+               my $selected;
+               if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $location) {
+                       $selected = "selected='selected'";
+               }
+               print "<option $selected value='$location'>$location - $country_name</option>\n";
+       }
+       print "</optgroup>\n";
+
+       # Close GeoIP dropdown.
+       print "</select></td>\n";
+
        #End left table. start right table (vpn)
        print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>";
        # CCD networks
@@ -1397,6 +1461,7 @@ sub newrule
        &General::readhasharray("$confighost", \%customhost);
        &General::readhasharray("$configccdhost", \%ccdhost);
        &General::readhasharray("$configgrp", \%customgrp);
+       &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
        &General::readhasharray("$configipsec", \%ipsecconf);
        &General::get_aliases(\%aliases);
        my %checked=();
@@ -1591,7 +1656,7 @@ END
                                $Lang::tr{'fwdfw use nat'}
                        </label>
                        <div class="NAT">
-                               <table width='100%' border='0'>
+                               <table class='fw-nat' width='100%' border='0'>
                                        <tr>
                                                <td width='5%'></td>
                                                <td width='40%'>
@@ -1603,9 +1668,9 @@ END
 END
 
        print <<END;
-                                               <td width='25%' align='right'>$Lang::tr{'dnat address'}:</td>
+                                               <td width='25%' align='right'><span class='dnat'>$Lang::tr{'dnat address'}:</span></td>
                                                <td width='30%'>
-                                                       <select name='dnat' style='width: 100%;'>
+                                                       <select name='dnat' class='dnat' style='width: 100%;'>
                                                                <option value='AUTO' $selected{'dnat'}{'AUTO'}>- $Lang::tr{'automatic'} -</option>
                                                                <option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($redip)</option>
 END
@@ -1636,9 +1701,9 @@ END
                                                                $Lang::tr{'fwdfw snat'}
                                                        </label>
                                                </td>
-                                               <td width='25%' align='right'>$Lang::tr{'snat new source ip address'}:</td>
+                                               <td width='25%' align='right'><span class='snat'>$Lang::tr{'snat new source ip address'}:</span></td>
                                                <td width='30%'>
-                                                       <select name='snat' style='width: 100%;'>
+                                                       <select name='snat' class='snat' style='width: 100%;'>
 END
 
                foreach my $alias (sort keys %aliases) {
@@ -2525,6 +2590,13 @@ END
                                }else{
                                        print $$hash{$key}[4];
                                }
+                       }elsif ($$hash{$key}[3] eq 'cust_geoip_src') {
+                               my ($split1,$split2) = split(":", $$hash{$key}[4]);
+                               if ($split2) {
+                                       print "$split2\n";
+                               }else{
+                                       print "$Lang::tr{'geoip'}: $$hash{$key}[4]\n";
+                               }
                        }elsif ($$hash{$key}[4] eq 'RED1'){
                                print "$ipfireiface $Lang::tr{'fwdfw red'}";
                        }elsif ($$hash{$key}[4] eq 'ALL'){
@@ -2601,6 +2673,13 @@ END
                                }else{
                                        print $$hash{$key}[6];
                                }
+                       }elsif ($$hash{$key}[5] eq 'cust_geoip_tgt') {
+                               my ($split1,$split2) = split(":", $$hash{$key}[6]);
+                               if ($split2) {
+                                       print "$split2\n";
+                               }else{
+                                       print "$Lang::tr{'geoip'}: $$hash{$key}[6]\n";
+                               }
                        }elsif ($$hash{$key}[5] eq 'tgt_addr'){
                                my ($split1,$split2) = split("/",$$hash{$key}[6]);
                                if ($split2 eq '32'){
@@ -2618,7 +2697,6 @@ END
                        #RULE ACTIVE
                        if($$hash{$key}[2] eq 'ON'){
                                $gif="/images/on.gif"
-                               
                        }else{
                                $gif="/images/off.gif"
                        }

diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index f42947e8c7e99d056375fbd8165801ea9c68db44..994a50a1048c581a7259c20de4e578d59af0b62e 100644 (file)
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -27,6 +27,8 @@ use Sort::Naturally;
 use CGI::Carp 'fatalsToBrowser';
 no warnings 'uninitialized';
 require '/var/ipfire/general-functions.pl';
+require "/var/ipfire/geoip-functions.pl";
+require "/usr/lib/firewall/firewall-lib.pl";
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 
@@ -36,6 +38,7 @@ my %customhost=();
 my %customgrp=();
 my %customservice=();
 my %customservicegrp=();
+my %customgeoipgrp=();
 my %ccdnet=();
 my %ccdhost=();
 my %ipsecconf=();
@@ -62,6 +65,7 @@ my $configccdhost     = "${General::swroot}/ovpn/ovpnconfig";
 my $configipsec                = "${General::swroot}/vpn/config";
 my $configsrv          = "${General::swroot}/fwhosts/customservices";
 my $configsrvgrp       = "${General::swroot}/fwhosts/customservicegrp";
+my $configgeoipgrp     = "${General::swroot}/fwhosts/customgeoipgrp";
 my $fwconfigfwd                = "${General::swroot}/firewall/config";
 my $fwconfiginp                = "${General::swroot}/firewall/input";
 my $fwconfigout                = "${General::swroot}/firewall/outgoing";
@@ -73,6 +77,7 @@ unless (-e $confighost)   { system("touch $confighost"); }
 unless (-e $configgrp)    { system("touch $configgrp"); }
 unless (-e $configsrv)    { system("touch $configsrv"); }
 unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
+unless (-e $configgeoipgrp) { system("touch $configgeoipgrp"); }
 
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
@@ -671,6 +676,87 @@ if ($fwhostsettings{'ACTION'} eq 'savegrp')
                &addgrp;
                &viewtablegrp;
 }
+if ($fwhostsettings{'ACTION'} eq 'savegeoipgrp')
+{
+       my $grp=$fwhostsettings{'grp_name'};
+       my $rem=$fwhostsettings{'remark'};
+       my $count;
+       my $type;
+       my @target;
+       my @newgrp;
+       &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+       &General::readhasharray("$fwconfigfwd", \%fwfwd);
+       &General::readhasharray("$fwconfiginp", \%fwinp);
+       &General::readhasharray("$fwconfigout", \%fwout);
+
+       # Check for existing group name.
+       if (!&checkgroup($grp) && $fwhostsettings{'update'} ne 'on'){
+               $errormessage = $Lang::tr{'fwhost err grpexist'};
+       }
+
+       # Check remark.
+       if ($rem ne '' && !&validremark($rem) && $fwhostsettings{'update'} ne 'on'){
+               $errormessage = $Lang::tr{'fwhost err remark'};
+       }
+
+       if ($fwhostsettings{'update'} eq 'on'){
+               @target=$fwhostsettings{'COUNTRY_CODE'};
+               $type='GeoIP Group';
+
+               #check if host/net exists in grp
+               my $test="$grp,$fwhostsettings{'oldremark'},@target";
+               foreach my $key (keys %customgeoipgrp) {
+                       my $test1="$customgeoipgrp{$key}[0],$customgeoipgrp{$key}[1],$customgeoipgrp{$key}[2]";
+                       if ($test1 eq $test){
+                               $errormessage=$Lang::tr{'fwhost err isingrp'};
+                               $fwhostsettings{'update'} = 'on';
+                       }
+               }
+       }
+
+       if (!$errormessage){
+               #on first save, we have an empty @target, so fill it with nothing
+               my $targetvalues=@target;
+               if ($targetvalues == '0'){
+                       @target="none";
+               }
+               #on update, we have to delete the dummy entry
+               foreach my $key (keys %customgeoipgrp){
+                       if ($customgeoipgrp{$key}[0] eq $grp && $customgeoipgrp{$key}[2] eq "none"){
+                               delete $customgeoipgrp{$key};
+                               last;
+                       }
+               }
+               &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+               &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+               #create array with new lines
+               foreach my $line (@target){
+                       push (@newgrp,"$grp,$rem,$line");
+               }
+               #append new entries
+               my $key = &General::findhasharraykey (\%customgeoipgrp);
+               foreach my $line (@newgrp){
+                       foreach my $i (0 .. 3) { $customgeoipgrp{$key}[$i] = "";}
+                       my ($a,$b,$c,$d) = split (",",$line);
+                       $customgeoipgrp{$key}[0] = $a;
+                       $customgeoipgrp{$key}[1] = $b;
+                       $customgeoipgrp{$key}[2] = $c;
+                       $customgeoipgrp{$key}[3] = $type;
+               }
+               &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+               #update counter in Host/Net
+               $fwhostsettings{'update'}='on';
+       }
+               #check if ruleupdate is needed
+               my $geoipgrpcount=0;
+               $geoipgrpcount=&getgeoipcount($grp);
+               if($geoipgrpcount > 0 )
+               {
+                       &General::firewall_config_changed();
+               }
+               &addgeoipgrp;
+               &viewtablegeoipgrp;
+}
 if ($fwhostsettings{'ACTION'} eq 'saveservice')
 {
        my $ICMP;
@@ -798,6 +884,12 @@ if ($fwhostsettings{'ACTION'} eq 'editgrp')
        &addgrp;
        &viewtablegrp;
 }
+if ($fwhostsettings{'ACTION'} eq 'editgeoipgrp')
+{
+       $fwhostsettings{'update'}='on';
+       &addgeoipgrp;
+       &viewtablegeoipgrp;
+}
 if ($fwhostsettings{'ACTION'} eq 'editservice')
 {
        $fwhostsettings{'updatesrv'}='on';
@@ -830,6 +922,12 @@ if ($fwhostsettings{'ACTION'} eq 'resetgrp')
        $fwhostsettings{'remark'}       ="";
        &showmenu;
 }
+if ($fwhostsettings{'ACTION'} eq 'resetgeoipgrp')
+{
+       $fwhostsettings{'grp_name'} ="";
+       $fwhostsettings{'remark'}       ="";
+       &showmenu;
+}
 # delete
 if ($fwhostsettings{'ACTION'} eq 'delnet')
 {
@@ -887,6 +985,37 @@ if ($fwhostsettings{'ACTION'} eq 'deletegrphost')
        &addgrp;
        &viewtablegrp;
 }
+if ($fwhostsettings{'ACTION'} eq 'deletegeoipgrpentry')
+{
+        my $grpremark;
+        my $grpname;
+        &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+        foreach my $key (keys %customgeoipgrp){
+                if($customgeoipgrp{$key}[0].",".$customgeoipgrp{$key}[1].",".$customgeoipgrp{$key}[2].",".$customgeoipgrp{$key}[3] eq $fwhostsettings{'delentry'}){
+                        $grpname=$customgeoipgrp{$key}[0];
+                        $grpremark=$customgeoipgrp{$key}[1];
+                        #check if we delete the last entry, then generate dummy
+                        if ($fwhostsettings{'last'} eq 'on'){
+                                $customgeoipgrp{$key}[1] = '';
+                                $customgeoipgrp{$key}[2] = 'none';
+                                $customgeoipgrp{$key}[3] = '';
+                                $fwhostsettings{'last'}='';
+                                last;
+                        }else{
+                                delete $customgeoipgrp{$key};
+                        }
+                }
+        }
+        &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+        &General::firewall_config_changed();
+        if ($fwhostsettings{'update'} eq 'on'){
+                $fwhostsettings{'remark'}= $grpremark;
+                $fwhostsettings{'grp_name'}=$grpname;
+        }
+        &addgeoipgrp;
+        &viewtablegeoipgrp;
+}
+
 if ($fwhostsettings{'ACTION'} eq 'delgrp')
 {
        &General::readhasharray("$configgrp", \%customgrp);
@@ -903,6 +1032,22 @@ if ($fwhostsettings{'ACTION'} eq 'delgrp')
        &addgrp;
        &viewtablegrp;
 }
+if ($fwhostsettings{'ACTION'} eq 'delgeoipgrp')
+{
+       &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+       &decrease($fwhostsettings{'grp_name'});
+       foreach my $key (sort keys %customgeoipgrp)
+       {
+               if($customgeoipgrp{$key}[0] eq $fwhostsettings{'grp_name'})
+               {
+                       delete $customgeoipgrp{$key};
+               }
+       }
+       &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+       $fwhostsettings{'grp_name'}='';
+       &addgeoipgrp;
+       &viewtablegeoipgrp;
+}
 if ($fwhostsettings{'ACTION'} eq 'delservice')
 {
        &General::readhasharray("$configsrv", \%customservice);
@@ -977,6 +1122,11 @@ if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgrp'})
        &addgrp;
        &viewtablegrp;
 }
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgeoipgrp'})
+{
+       &addgeoipgrp;
+       &viewtablegeoipgrp;
+}
 if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservice'})
 {
        &addservice;
@@ -1011,6 +1161,31 @@ if ($fwhostsettings{'ACTION'} eq 'changegrpremark')
        &addgrp;
        &viewtablegrp;
 }
+if ($fwhostsettings{'ACTION'} eq 'changegeoipgrpremark')
+{
+       &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+       if ($fwhostsettings{'oldrem'} ne $fwhostsettings{'newrem'} && (&validremark($fwhostsettings{'newrem'}) || $fwhostsettings{'newrem'} eq '')){
+               foreach my $key (sort keys %customgeoipgrp)
+                       {
+                               if($customgeoipgrp{$key}[0] eq $fwhostsettings{'grp'} && $customgeoipgrp{$key}[1] eq $fwhostsettings{'oldrem'})
+                               {
+                                       $customgeoipgrp{$key}[1]='';
+                                       $customgeoipgrp{$key}[1]=$fwhostsettings{'newrem'};
+                               }
+                       }
+                       &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+                       $fwhostsettings{'update'}='on';
+                       $fwhostsettings{'remark'}=$fwhostsettings{'newrem'};
+       }else{
+               $errormessage=$Lang::tr{'fwhost err remark'};
+               $fwhostsettings{'remark'}=$fwhostsettings{'oldrem'};
+               $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'};
+               $fwhostsettings{'update'} = 'on';
+       }
+       $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'};
+       &addgeoipgrp;
+       &viewtablegeoipgrp;
+}
 if ($fwhostsettings{'ACTION'} eq 'changesrvgrpremark')
 {
        &General::readhasharray("$configsrvgrp", \%customservicegrp );
@@ -1085,6 +1260,29 @@ if ($fwhostsettings{'ACTION'} eq 'changegrpname')
        &addgrp;
        &viewtablegrp;
 }
+if ($fwhostsettings{'ACTION'} eq 'changegeoipgrpname')
+{
+       &General::readhasharray("$configgeoipgrp", \%customgeoipgrp );
+       if ($fwhostsettings{'oldgrpname'} ne $fwhostsettings{'grp'}){
+               #Check new groupname
+               if (!&validhostname($fwhostsettings{'grp'})){
+                       $errormessage.=$Lang::tr{'fwhost err name'}."<br>";
+               }
+               if (!$errormessage){
+                       # Rename group.
+                       foreach my $key (keys %customgeoipgrp) {
+                               if($customgeoipgrp{$key}[0] eq $fwhostsettings{'oldgrpname'}){
+                                       $customgeoipgrp{$key}[0]=$fwhostsettings{'grp'};
+                               }
+                       }
+                       &General::writehasharray("$configgeoipgrp", \%customgeoipgrp );
+                       #change name in FW Rules
+                       &changenameinfw($fwhostsettings{'oldgrpname'},$fwhostsettings{'grp'},6);
+               }
+       }
+       &addgeoipgrp;
+       &viewtablegeoipgrp;
+}
 ###  VIEW  ###
 if($fwhostsettings{'ACTION'} eq '')
 {
@@ -1096,7 +1294,7 @@ sub showmenu {
        print "$Lang::tr{'fwhost welcome'}";
        print<<END;
        <br><br><table border='0' width='100%'>
-       <tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ></form></td>
+       <tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgeoipgrp'}' ></form></td>
        <td align='right'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}' ></form></td></tr>
        <tr><td colspan='6'></td></tr></table>
 END
@@ -1381,6 +1579,113 @@ END
                print"<tr><td style='text-align:right;'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='update' value=\"$fwhostsettings{'update'}\"><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='resetgrp'></form></td></table>";
        &Header::closebox();
 }
+sub addgeoipgrp
+{
+       &hint;
+       &error;
+       &showmenu;
+       &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgeoipgrp'});
+
+       my %checked=();
+       my $show='';
+       $checked{'check1'}{'off'} = '';
+       $checked{'check1'}{'on'} = '';
+       $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED';
+       $fwhostsettings{'oldremark'}=$fwhostsettings{'remark'};
+       $fwhostsettings{'oldgrpname'}=$fwhostsettings{'grp_name'};
+       my $grp=$fwhostsettings{'grp_name'};
+       my $rem=$fwhostsettings{'remark'};
+               if ($fwhostsettings{'update'} eq ''){
+                       print<<END;
+               <table width='100%' border='0'>
+                       <tr>
+                               <td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td>
+                               <td><form method='post'><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='30'></td>
+                       </tr>
+                       <tr>
+                               <td>$Lang::tr{'remark'}:</td>
+                               <td ><input type='TEXT' name='remark' value='$fwhostsettings{'remark'}' style='width: 99%;'></td>
+                       </tr>
+                       <tr>
+                               <td colspan='2'><br></td>
+                       </tr>
+               </table>
+END
+               } else {
+                       print<<END;
+                       <table width='100%' border='0'>
+                               <form method='post'><tr>
+                                       <td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td>
+                                       <td style='width:30%;'><input type='TEXT' name='grp'  value='$fwhostsettings{'grp_name'}' size='30'></td>
+                                       <td>
+                                               <input type='submit' value='$Lang::tr{'fwhost change'}'>
+                                               <input type='hidden' name='oldgrpname' value='$fwhostsettings{'oldgrpname'}'>
+                                               <input type='hidden' name='ACTION' value='changegeoipgrpname'>
+                                       </td>
+                                       <td></td>
+                               </tr></form>
+                               <tr><form method='post' style='display:inline'>
+                                       <td>$Lang::tr{'remark'}:</td>
+                                       <td colspan='2' style='width:98%;'>
+                                               <input type='TEXT' name='newrem' value='$fwhostsettings{'remark'}' style='width:98%;'>
+                                       </td>
+                                       <td align='right'>
+                                               <input type='submit' value='$Lang::tr{'fwhost change'}'>
+                                               <input type='hidden' name='grp' value='$fwhostsettings{'grp_name'}'>
+                                               <input type='hidden' name='oldrem' value='$fwhostsettings{'oldremark'}'>
+                                               <input type='hidden' name='ACTION' value='changegeoipgrpremark'>
+                                       </td>
+                               </tr></form>
+                       </table>
+                       <br><br>
+END
+               }
+               if ($fwhostsettings{'update'} eq 'on') {
+                       my @geoip_locations = &fwlib::get_geoip_locations();
+
+                       print<<END;
+                       <form method='post'>
+                       <input type='hidden' name='remark' value='$rem'>
+                       <input type='hidden' name='grp_name' value='$grp'>
+
+                       <table width='100%' border='0'>
+                               <tr>
+                                       <td style='text-align:left;'>
+                                               <select name='COUNTRY_CODE' style='width:16em;'>";
+END
+                               foreach my $location (@geoip_locations) {
+                                       # Get full country name.
+                                       my $fullname = &GeoIP::get_full_country_name($location);
+
+                                       print"<option value='$location'>$location - $fullname</option>\n";
+                               }
+       print <<END;
+                                               </select>
+                                       </td>
+                               </tr>
+                       </table>
+                       <br><br>
+END
+               }
+       print <<END;
+               <table width='100%'>
+                       <tr><td style='text-align:right;'>
+                               <input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' />
+                               <input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'>
+                               <input type='hidden' name='update' value=\"$fwhostsettings{'update'}\">
+                               <input type='hidden' name='ACTION' value='savegeoipgrp' >
+                       </form>
+
+                       <form method='post' style='display:inline'>
+
+                       <input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'>
+                       <input type='hidden' name='ACTION' value='resetgeoipgrp'>
+
+                       </form>
+                       </td></tr></table>
+END
+       &Header::closebox();
+}
 sub addservice
 {
        &error;
@@ -1838,6 +2143,195 @@ sub viewtablegrp
        &Header::closebox();
 }
 
+}
+sub viewtablegeoipgrp
+{
+       # If our filesize is "zero" there is nothing to read-in.
+       if (-z "$configgeoipgrp") {
+               return;
+       }
+
+       &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust geoipgrp'});
+       &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+       &General::readhasharray("$fwconfigfwd", \%fwfwd);
+       &General::readhasharray("$fwconfiginp", \%fwinp);
+       &General::readhasharray("$fwconfigout", \%fwout);
+       my @grp=();
+       my $helper='';
+       my $count=1;
+       my $country_code;
+       my $grpname;
+       my $remark;
+       my $number;
+       my $delflag;
+       my @counter;
+       my %hash;
+
+       # If there are no groups we are finished here.
+       if (!keys %customgeoipgrp) {
+               print "<center><b>$Lang::tr{'fwhost err emptytable'}</b>";
+               return;
+       }
+
+       # Put all groups in a hash.
+       foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) }
+                        sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) {
+                               push (@counter,$customgeoipgrp{$key}[0]);
+       }
+
+       # Increase current used key.
+       foreach my $key1 (@counter) {
+               $hash{$key1}++ ;
+       }
+
+       # Sort hash.
+       foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) }
+                        sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) {
+               $count++;
+               if ($helper ne $customgeoipgrp{$key}[0]) {
+                       $delflag='0';
+
+                       foreach my $key1 (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) }
+                                         sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) {
+
+                               if ($customgeoipgrp{$key}[0] eq $customgeoipgrp{$key1}[0])
+                               {
+                                       $delflag++;
+                               }
+                               if($delflag > 1){
+                                       last;
+                               }
+                       }
+
+                       $number=1;
+
+                       # Groupname.
+                       $grpname=$customgeoipgrp{$key}[0];
+
+                       # Group remark.
+                       $remark="$customgeoipgrp{$key}[1]";
+
+                       # Country code.
+                       $country_code="$customgeoipgrp{$key}[2]";
+
+                       if ($count gt 1){
+                               print"</table>";
+                               $count=1;
+                       }
+
+                       # Display groups header.
+                       print "<br><b><u>$grpname</u></b>&nbsp; &nbsp;\n";
+                       print "<b>$Lang::tr{'remark'}:</b>&nbsp $remark &nbsp\n" if ($remark ne '');
+
+                       # Get group count.
+                       my $geoipgrpcount=&getgeoipcount($grpname);
+                       print "<b>$Lang::tr{'used'}:</b> $geoipgrpcount x";
+
+                       # Only display delete icon, if the group is not used by a firewall rule.
+                       if($geoipgrpcount == '0') {
+                               print"<form method='post' style='display:inline'>\n";
+                               print"<input type='image' src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' align='right' />\n";
+                               print"<input type='hidden' name='grp_name' value='$grpname' >\n";
+                               print"<input type='hidden' name='ACTION' value='delgeoipgrp'>\n";
+                               print"</form>";
+                       }
+
+                       # Icon for group editing.
+print <<END;
+                       <form method='post' style='display:inline'>
+                               <input type='image' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' align='right'/>
+                               <input type='hidden' name='grp_name' value='$grpname' >
+                               <input type='hidden' name='remark' value='$remark' >
+                               <input type='hidden' name='ACTION' value='editgeoipgrp'>
+                       </form>
+
+                       <table width='100%' cellspacing='0' class='tbl'>
+END
+                       # Display headlines if the group contains any entries.
+                       if ($country_code ne "none") {
+print <<END;
+                               <tr>
+                                       <td width='10%' align='center'>
+                                               <b>$Lang::tr{'flag'}</b>
+                                       </td>
+
+                                       <td width='10%'align='center'>
+                                               <b>$Lang::tr{'countrycode'}</b>
+                                       </td>
+
+                                       <td width='70%'align='left'>
+                                               <b>$Lang::tr{'country'}</b>
+                                       </td>
+
+                                       <td width='10%' align='right'></td>
+                               </tr>
+END
+                       }
+               }
+
+               # Check if our group contains any entries.
+               if ($country_code eq "none") {
+                       print "<tr><td>$Lang::tr{'fwhost err emptytable'}</td></tr>\n";
+               } else {
+                       # Check if we are currently editing a group and assign column backgound colors.
+                       my $col='';
+                       if ( ($fwhostsettings{'ACTION'} eq 'editgeoipgrp' || $fwhostsettings{'update'} ne '')
+                               && $fwhostsettings{'grp_name'} eq $customgeoipgrp{$key}[0]) {
+                               $col="bgcolor='${Header::colouryellow}'";
+                       } elsif ($count %2 == 0){
+                               $col="bgcolor='$color{'color20'}'";
+                       } else {
+                               $col="bgcolor='$color{'color22'}'";
+                       }
+
+                       # Get country flag.
+                       my $icon = &GeoIP::get_flag_icon($customgeoipgrp{$key}[2]);
+
+                       # Print column with flag icon.
+                       my $col_content;
+                       if ($icon) {
+                               $col_content = "<img src='$icon' alt='$customgeoipgrp{$key}[2]' title='$customgeoipgrp{$key}[2]'>";
+                       } else {
+                               $col_content = "<b>N/A</b>";
+                       }
+
+                       print "<td align='center' $col>$col_content</td>\n";
+
+                       # Print column with country code.
+                       print "<td align='center' $col>$customgeoipgrp{$key}[2]</td>\n";
+
+                       # Print column with full country name.
+                       my $country_name = &GeoIP::get_full_country_name($customgeoipgrp{$key}[2]);
+                       print "<td align='left' $col>$country_name</td>\n";
+
+                       # Generate from for removing entries from a group.
+                       print "<td align='right' width='1%' $col><form method='post'>\n";
+
+                       if ($delflag > 0){
+                               print"<input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}'/>\n";
+
+                               # Check if this group only has a single entry.
+                               foreach my $key2 (keys %hash) {
+                                       if ($hash{$key2}<2 && $key2 eq $customgeoipgrp{$key}[0]){
+                                               print "<input type='hidden' name='last' value='on'>"  ;
+                                       }
+                               }
+                       }
+
+                       print "<input type='hidden' name='ACTION' value='deletegeoipgrpentry'>\n";
+                       print "<input type='hidden' name='update' value='$fwhostsettings{'update'}'>\n";
+                       print "<input type='hidden' name='delentry' value='$grpname,$remark,$customgeoipgrp{$key}[2],$customgeoipgrp{$key}[3]'>\n";
+                       print "</form>\n";
+                       print "</td>\n";
+                       print "</tr>\n";
+               }
+
+               $helper=$customgeoipgrp{$key}[0];
+               $number++;
+       }
+
+       print"</table>\n";
+       &Header::closebox();
 }
 sub viewtableservice
 {
@@ -2196,6 +2690,44 @@ sub gethostcount
        }
        return $srvcounter;
 }
+sub getgeoipcount
+{
+       my $groupname=shift;
+       my $counter=0;
+
+       # GeoIP groups are stored as "group:groupname" in the
+       # firewall settings files.
+       my $searchstring = join(':', "group",$groupname);
+
+       # Count services used in firewall - forward
+       foreach my $key1 (keys %fwfwd) {
+               if($fwfwd{$key1}[4] eq $searchstring){
+                       $counter++;
+               }
+               if($fwfwd{$key1}[6] eq $searchstring){
+                       $counter++;
+               }
+       }
+       #Count services used in firewall - input
+       foreach my $key2 (keys %fwinp) {
+               if($fwinp{$key2}[4] eq $searchstring){
+                       $counter++;
+               }
+               if($fwinp{$key2}[6] eq $searchstring){
+                       $counter++;
+               }
+       }
+       #Count services used in firewall - outgoing
+       foreach my $key3 (keys %fwout) {
+               if($fwout{$key3}[4] eq $searchstring){
+                       $counter++;
+               }
+               if($fwout{$key3}[6] eq $searchstring){
+                       $counter++;
+               }
+       }
+       return $counter;
+}
 sub getnetcount
 {
        my $searchstring=shift;

diff --git a/html/cgi-bin/geoip-block.cgi b/html/cgi-bin/geoip-block.cgi
new file mode 100644 (file)
index 0000000..056b333
--- /dev/null
+++ b/html/cgi-bin/geoip-block.cgi
@@ -0,0 +1,272 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2014 IPFire Developemnt Team <info@ipfire.org>                #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/geoip-functions.pl";
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "/usr/lib/firewall/firewall-lib.pl";
+
+my $notice;
+my $settingsfile = "${General::swroot}/firewall/geoipblock";
+
+my %color = ();
+my %mainsettings = ();
+my %settings = ();
+my %cgiparams = ();
+
+# Read configuration file.
+&General::readhash("$settingsfile", \%settings);
+
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+&Header::showhttpheaders();
+
+#Get GUI values
+&Header::getcgihash(\%cgiparams);
+
+# Call subfunction to get all available locations.
+my @locations = &fwlib::get_geoip_locations();
+
+if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
+       # Check if we want to disable geoipblock.
+       if (exists $cgiparams{'GEOIPBLOCK_ENABLED'}) {
+               $settings{'GEOIPBLOCK_ENABLED'} = "on";
+       } else {
+               $settings{'GEOIPBLOCK_ENABLED'} = "off";
+       }
+
+       # Loop through our locations array to prevent from
+       # non existing countries or code.
+       foreach my $cn (@locations) {
+               # Check if blocking for this country should be enabled/disabled.
+               if (exists $cgiparams{$cn}) {
+                       $settings{$cn} = "on";
+               } else {
+                       $settings{$cn} = "off";
+               }
+       }
+
+       &General::writehash("$settingsfile", \%settings);
+
+       # Mark the firewall config as changed.
+       &General::firewall_config_changed();
+
+       # Assign reload notice. We directly can use
+       # the notice from p2p block.
+       $notice = $Lang::tr{'p2p block save notice'};
+}
+
+&Header::openpage($Lang::tr{'geoipblock configuration'}, 1, '');
+
+# Print notice that a firewall reload is required.
+if ($notice) {
+       &Header::openbox('100%', 'left', $Lang::tr{'notice'});
+       print "<font class='base'>$notice</font>";
+       &Header::closebox();
+}
+
+# Checkbox pre-selection.
+my $checked;
+if ($settings{'GEOIPBLOCK_ENABLED'} eq "on") {
+       $checked = "checked='checked'";
+}
+
+# Print box to enable/disable geoipblock.
+print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
+
+&Header::openbox('100%', 'center', $Lang::tr{'geoipblock'});
+print <<END;
+       <table width='95%'>
+               <tr>
+                       <td width='25%' class='base'>$Lang::tr{'geoipblock enable feature'}
+                       <td><input type='checkbox' name='GEOIPBLOCK_ENABLED' $checked></td>
+               </tr>
+               <tr>
+                       <td colspan='2'><br></td>
+               </tr>
+       </table>
+
+       <hr>
+
+       <table width='95%'>
+               <tr>
+                       <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
+               </tr>
+       </table>
+END
+
+&Header::closebox();
+
+&Header::openbox('100%', 'center', $Lang::tr{'geoipblock block countries'});
+### JAVA SCRIPT ###
+print <<END;
+<script>
+       // Function to allow checking all checkboxes at once.
+       function check_all() {
+               \$("#countries").find(":checkbox").prop("checked", true);
+       }
+
+       function uncheck_all() {
+               \$("#countries").find(":checkbox").prop("checked", false);
+       }
+</script>
+
+<table width='95%' class='tbl' id="countries">
+       <tr>
+               <td width='5%' align='center' bgcolor='$color{'color20'}'></td>
+               <td width='5%' align='center' bgcolor='$color{'color20'}'>
+                       <b>$Lang::tr{'flag'}</b>
+               </td>
+               <td width='5%' align='center' bgcolor='$color{'color20'}'>
+                       <b>$Lang::tr{'countrycode'}</b>
+               </td>
+               <td with='35%' align='left' bgcolor='$color{'color20'}'>
+                       <b>$Lang::tr{'country'}</b>
+               </td>
+
+               <td width='5%' bgcolor='$color{'color20'}'>&nbsp;</td>
+
+               <td width='5%' align='center' bgcolor='$color{'color20'}'></td>
+               <td width='5%' align='center' bgcolor='$color{'color20'}'>
+                       <b>$Lang::tr{'flag'}</b>
+               </td>
+               <td width='5%' align='center' bgcolor='$color{'color20'}'>
+                       <b>$Lang::tr{'countrycode'}</b>
+               </td>
+               <td with='35%' align='left' bgcolor='$color{'color20'}'>
+                       <b>$Lang::tr{'country'}</b>
+               </td>
+       </tr>
+END
+
+my $lines;
+my $lines2;
+my $col;
+foreach my $location (@locations) {
+       # Country code in upper case. (DE)
+       my $ccode_uc = $location;
+
+       # County code in lower case. (de)
+       my $ccode_lc = lc($location);
+
+       # Full name of the country based on the country code.
+       my $cname = &GeoIP::get_full_country_name($ccode_lc);
+
+       # Get flag icon for of the country.
+       my $flag_icon = &GeoIP::get_flag_icon($ccode_uc);
+
+       my $flag;
+       # Check if a flag for the country is available.
+       if ($flag_icon) {
+               $flag="<img src='$flag_icon' alt='$ccode_uc' title='$ccode_uc'>";
+       } else {
+               $flag="<b>N/A</b>";
+       }
+
+       # Checkbox pre-selection.
+       my $checked;
+       if ($settings{$ccode_uc} eq "on") {
+               $checked = "checked='checked'";
+       }
+
+       # Colour lines.
+       if ($lines % 2) {
+               $col="bgcolor='$color{'color20'}'";
+       } else {
+               $col="bgcolor='$color{'color22'}'";
+       }
+
+       # Grouping elements.
+       my $line_start;
+       my $line_end;
+       if ($lines2 % 2) {
+               # Increase lines (background color by once.
+               $lines++;
+
+               # Add empty column in front.
+               $line_start="<td $col>&nbsp;</td>";
+
+               # When the line number can be diveded by "2",
+               # we are going to close the line.
+               $line_end="</tr>";
+       } else {
+               # When the line number is  not divideable by "2",
+               # we are starting a new line.
+               $line_start="<tr>";
+               $line_end;
+       }
+
+       print "$line_start<td align='center' $col><input type='checkbox' name='$ccode_uc' $checked></td>\n";
+       print "<td align='center' $col>$flag</td>\n";
+       print "<td align='center' $col>$ccode_uc</td>\n";
+       print "<td align='left' $col>$cname</td>$line_end\n";
+
+       # Finish column when the last element in the array has passed and we have an uneven amount of items.
+       if(! ($lines2 % 2) && ($location eq $locations[-1] )) {
+               print "<td $col>&nbsp;</td>\n";
+               print "<td $col>&nbsp;</td>\n";
+               print "<td $col>&nbsp;</td>\n";
+               print "<td $col>&nbsp;</td>\n";
+               print "<td $col>&nbsp;</td></tr>\n";
+       }
+
+$lines2++;
+}
+
+print <<END;
+</table>
+
+<table width='95%'>
+       <tr>
+               <td align='right'>
+                       <a href="javascript:check_all()">$Lang::tr{'check all'}</a> /
+                       <a href="javascript:uncheck_all()">$Lang::tr{'uncheck all'}</a>
+               </td>
+       </tr>
+       <tr>
+               <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
+       </tr>
+</table>
+
+<hr>
+
+<table width='70%'>
+       <tr>
+               <td width='5%'><img src='/images/on.gif'></td>
+               <td>$Lang::tr{'geoipblock country is blocked'}</td>
+               <td width='5%'><img src='/images/off.gif'></td>
+               <td>$Lang::tr{'geoipblock country is allowed'}</td>
+       </tr>
+</table>
+END
+
+&Header::closebox();
+print"</form>\n";
+
+&Header::closebigbox();
+&Header::closepage();

diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 53adeacce8c9d852a99fc79629157eb53531b0a7..eafbdb1376b0b921fe36ebf61970fcf3bd0c7922 100644 (file)
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -301,7 +301,7 @@ END
                print '</td>';
                print '</tr>';
        }
-if ( $netsettings{'BLUE_DEV'} ) {
+if (&Header::blue_used()) {
                my $sub=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
                print <<END;
                <tr>
@@ -318,7 +318,7 @@ END
                print '</td>';
                print '</tr>';
        }
-if ( $netsettings{'ORANGE_DEV'} ) {
+if (&Header::orange_used()) {
                my $sub=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
                print <<END;
                <tr>

diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat
index 8bb4900638b7b1ce431c99c18d568c65f159aa84..5a584d60debb6bdcd9709ea0525ca273e4db4bdc 100644 (file)
--- a/html/cgi-bin/logs.cgi/firewalllog.dat
+++ b/html/cgi-bin/logs.cgi/firewalllog.dat
@@ -21,6 +21,7 @@ use Getopt::Std;
 #use CGI::Carp 'fatalsToBrowser';
 
 require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/geoip-functions.pl";
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 
@@ -334,13 +335,14 @@ foreach $_ (@log)
         my $comment = $3; 
         my $packet = $4;
 
-        $packet =~ /IN=(\w+)/;       my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
-        $packet =~ /SRC=([\d\.]+)/;  my $srcaddr=$1;
-        $packet =~ /DST=([\d\.]+)/;  my $dstaddr=$1;
-        $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;
-        $packet =~ /PROTO=(\w+)/;    my $proto=$1;
-        $packet =~ /SPT=(\d+)/;      my $srcport=$1;
-        $packet =~ /DPT=(\d+)/;      my $dstport=$1;
+               my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport);
+               $iface=$1   if $packet =~ /IN=(\w+)/;
+               $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
+               $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
+               $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
+               $proto=$1   if $packet =~ /PROTO=(\w+)/;
+               $srcport=$1 if $packet =~ /SPT=(\d+)/;
+               $dstport=$1 if $packet =~ /DPT=(\d+)/;
 
         my $gi = Geo::IP::PurePerl->new();
         my $ccode = $gi->country_code_by_name($srcaddr);
@@ -371,10 +373,15 @@ foreach $_ (@log)
         <td align='center' $col>$srcport<br/>$dstport</td>
 END
 ;
-        if ( $fcode ne "" ){
-        print "<td align='center' $col><a href='../country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$ccode'></a></td>";}
-        else {
-        print "<td align='center' $col></td>";}
+       # Get flag icon for of the country.
+       my $flag_icon = &GeoIP::get_flag_icon($fcode);
+
+        if ( $flag_icon) {
+               print "<td align='center' $col><a href='../country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode'></a></td>";
+       } else {
+               print "<td align='center' $col></td>";
+       }
+
         print <<END
         <td align='center' $col>$macaddr</td>
 </tr>

diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
index 3a774f92298f198b50ebf82c61b81a83967cd75e..29c0842188b8974e1e08b3812e65be2bb18bfa52 100644 (file)
--- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
@@ -19,6 +19,7 @@ use Getopt::Std;
 #use CGI::Carp 'fatalsToBrowser';
 
 require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/geoip-functions.pl";
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 
@@ -460,11 +461,15 @@ for($s=0;$s<$lines;$s++)
       print "<td align='center' $col>$key[$s]</td>";
   }
   else {
-      if($key[$s] ne 'unknown' ) {
-          my $fcode = lc($key[$s]);
-          print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$key[$s]' title='$key[$s]'></a></td>";}
-      else {
-          print "<td align='center' $col>$key[$s]</td>";
+       my $fcode = lc($key[$s]);
+
+       # Get flag icon for of the country.
+       my $flag_icon = &GeoIP::get_flag_icon($fcode);
+
+       if($flag_icon) {
+               print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$key[$s]' title='$key[$s]'></a></td>";
+       } else {
+               print "<td align='center' $col>$key[$s]</td>";
       }
   }
   print "<td align='center' $col>$value[$s]</td>";

diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-bin/logs.cgi/firewalllogip.dat
index 07bcc77f813bdfd2ed17988103c717584dd37c23..7d82d20e725e07f3569921a51ef030650b5e2510 100644 (file)
--- a/html/cgi-bin/logs.cgi/firewalllogip.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
@@ -19,6 +19,7 @@ use Getopt::Std;
 #use CGI::Carp 'fatalsToBrowser';
 
 require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/geoip-functions.pl";
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 
@@ -441,13 +442,19 @@ for($s=0;$s<$lines;$s++)
   $color++;
   print "<td align='center' $col><form method='post' action='showrequestfromip.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='ip' value='$key[$s]'> <input type='submit' value='$Lang::tr{'details'}'></form></td>";
   print "<td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$key[$s]'>$key[$s]</a></td>";
-  if ( $fcode ne "" ){
-    print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$ccode' title='$ccode'></a></td>";}
-  else {
-    print "<td align='center' $col></td>";}
-    print "<td align='center' $col>$value[$s]</td>";
-    print "<td align='center' $col>$percent</td>";
-    print "</tr>";
+
+  # Get flag icon for of the country.
+  my $flag_icon = &GeoIP::get_flag_icon($ccode);
+
+  if ( $flag_icon ) {
+       print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode'></a></td>";
+  } else {
+       print "<td align='center' $col></td>";
+  }
+
+  print "<td align='center' $col>$value[$s]</td>";
+  print "<td align='center' $col>$percent</td>";
+  print "</tr>";
   }
 
 if($cgiparams{'otherspie'} == 2 ){}

diff --git a/html/cgi-bin/netovpnrw.cgi b/html/cgi-bin/netovpnrw.cgi
index f775b23dcc28614d3410dabeb6c0a294a51ac6b5..cae7770bb0f897b3a3a8aa8f258258373681551e 100755 (executable)
--- a/html/cgi-bin/netovpnrw.cgi
+++ b/html/cgi-bin/netovpnrw.cgi
@@ -20,7 +20,7 @@
 ###############################################################################
 
 use strict;
-
+use URI::Escape;
 # enable only the following on debugging purpose
 #use warnings;
 #use CGI::Carp 'fatalsToBrowser';
@@ -37,7 +37,7 @@ my %mainsettings = ();
 
 my @vpns=();
 
-my @querry = split(/\?/,$ENV{'QUERY_STRING'});
+my @querry = split(/\?/,uri_unescape($ENV{'QUERY_STRING'}));
 $querry[0] = '' unless defined $querry[0];
 $querry[1] = 'week' unless defined $querry[1];
 
@@ -47,10 +47,10 @@ if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){
        &Graphs::updatevpngraph($querry[0],$querry[1]);
 }else{
        &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'host to net vpn'}, 1, '');
+       &Header::openpage($Lang::tr{'vpn statistic rw'}, 1, '');
        &Header::openbigbox('100%', 'left');
 
-       my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not  -path *openvpn-UNDEF*  -not -path *openvpn-*n2n* -name *.rrd|sort`;
+       my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not  -path *openvpn-UNDEF*  -not -path *openvpn-*n2n* -name *.rrd 2>/dev/null|sort`;
        foreach (@vpngraphs){
                if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive.rrd/){
                        push(@vpns,$2);
@@ -59,7 +59,7 @@ if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){
        if(@vpns){
                foreach (@vpns) {
                        &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
-                       &Graphs::makegraphbox("netovpnrw.cgi",$_,"week");
+                       &Graphs::makegraphbox("netovpnrw.cgi",$_, "day");
                        &Header::closebox();
                }
        }else{

diff --git a/html/cgi-bin/netovpnsrv.cgi b/html/cgi-bin/netovpnsrv.cgi
index 0ec9c679d519a8cc587dcaa3232f431872fc4f2e..15a95b6b9f7e063627484836482b5e19fd3a0d73 100755 (executable)
--- a/html/cgi-bin/netovpnsrv.cgi
+++ b/html/cgi-bin/netovpnsrv.cgi
@@ -47,10 +47,10 @@ if ( $querry[0] ne ""){
        &Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
 }else{
        &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'openvpn server'}, 1, '');
+       &Header::openpage($Lang::tr{'vpn statistic n2n'}, 1, '');
        &Header::openbigbox('100%', 'left');
 
-       my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not  -path *openvpn-UNDEF* -name *traffic.rrd|sort`;
+       my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not  -path *openvpn-UNDEF* -name *traffic.rrd 2>/dev/null|sort`;
        foreach (@vpngraphs){
                if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive-traffic.rrd/){
                        push(@vpns,$2);
@@ -59,7 +59,7 @@ if ( $querry[0] ne ""){
        if (@vpns){
                foreach (@vpns) {
                        &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
-                       &Graphs::makegraphbox("netovpnsrv.cgi",$_,"week");
+                       &Graphs::makegraphbox("netovpnsrv.cgi",$_, "day",320);
                        &Header::closebox();
                }
        }else{

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 1e074928f29507143d98d40ba0ab5deeec4b0c21..fb52e680162b3429769e8e441519dcbe55c44874 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -213,7 +213,7 @@ sub writeserverconf {
     print CONF "writepid /var/run/openvpn.pid\n";
     print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
     print CONF ";local $sovpnsettings{'VPN_IP'}\n";
-    print CONF "dev $sovpnsettings{'DDEVICE'}\n";
+    print CONF "dev tun\n";
     print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
     print CONF "script-security 3 system\n";
@@ -231,15 +231,15 @@ sub writeserverconf {
     # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
     # If we doesn't use one of them, we can use the configured mtu value.
     if ($sovpnsettings{'MSSFIX'} eq 'on') 
-       { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+       { print CONF "tun-mtu 1500\n"; }
     elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') 
-       { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+       { print CONF "tun-mtu 1500\n"; }
     elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
        ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
        ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
-       { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } 
+       { print CONF "tun-mtu 1500\n"; } 
     else 
-       { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
+       { print CONF "tun-mtu $sovpnsettings{'DMTU'}\n"; }
 
     if ($vpnsettings{'ROUTES_PUSH'} ne '') {
                @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
@@ -668,6 +668,29 @@ sub read_routepushfile
        }
 }
 
+sub writecollectdconf {
+       my $vpncollectd;
+       my %ccdhash=();
+
+       open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
+       print COLLECTDVPN "Loadplugin openvpn\n";
+       print COLLECTDVPN "\n";
+       print COLLECTDVPN "<Plugin openvpn>\n";
+       print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
+
+       &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+       foreach my $key (keys %ccdhash) {
+               if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') {
+                       print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n";
+               }
+       }
+
+       print COLLECTDVPN "</Plugin>\n";
+       close(COLLECTDVPN);
+
+       # Reload collectd afterwards
+       system("/usr/local/bin/collectdctrl restart &>/dev/null");
+}
 
 #hier die refresh page
 if ( -e "${General::swroot}/ovpn/gencanow") {
@@ -1144,7 +1167,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
     $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
 #new settings for daemon
     $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
-    $vpnsettings{'DDEVICE'} = $cgiparams{'DDEVICE'};
     $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
     $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
     $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
@@ -1166,10 +1188,17 @@ SETTINGS_ERROR:
     my $file = '';
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
+    # Kill all N2N connections
+    system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
+
     foreach my $key (keys %confighash) {
+       my $name = $confighash{$cgiparams{'$key'}}[1];
+
        if ($confighash{$key}[4] eq 'cert') {
            delete $confighash{$cgiparams{'$key'}};
        }
+
+       system ("/usr/local/bin/openvpnctrl -drrd $name");
     }
     while ($file = glob("${General::swroot}/ovpn/ca/*")) {
        unlink $file;
@@ -1196,11 +1225,6 @@ SETTINGS_ERROR:
     while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
        unlink $file
     }
-# Delete all RRD files for Roadwarrior connections
-    chdir('/var/ipfire/ovpn/ccd');
-       while ($file = glob("*")) {
-       system ("/usr/local/bin/openvpnctrl -drrd $file");
-       }
     while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
        unlink $file
     }
@@ -1216,6 +1240,9 @@ SETTINGS_ERROR:
        system ("rm -rf $file");
     }
 
+    # Remove everything from the collectd configuration
+    &writecollectdconf();
+
     #&writeserverconf();
 ###
 ### Reset all step 1
@@ -2041,7 +2068,8 @@ END
                        &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
                        if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
-                 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+                               system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+                               &writecollectdconf();
                        }
                } else {
 
@@ -2049,14 +2077,15 @@ END
                        &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
                        if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
-                    if ($n2nactive ne ''){                             
-                                               system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
-                                       }
+                               if ($n2nactive ne '') {
+                                       system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+                                       &writecollectdconf();
+                               }
  
                        } else {
-                 $errormessage = $Lang::tr{'invalid key'};
+                               $errormessage = $Lang::tr{'invalid key'};
                        }
-      }
+               }
   }
 
 ###
@@ -2108,7 +2137,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    print CLIENTCONF "# Server Gateway Network\n"; 
    print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
    print CLIENTCONF "# tun Device\n"; 
-   print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n"; 
+   print CLIENTCONF "dev tun\n"; 
    print CLIENTCONF "# Port and Protokoll\n"; 
    print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n"; 
    
@@ -2200,21 +2229,21 @@ else
     print CLIENTCONF "tls-client\r\n";
     print CLIENTCONF "client\r\n";
     print CLIENTCONF "nobind\r\n";
-    print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
+    print CLIENTCONF "dev tun\r\n";
     print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
 
     # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
     # or use configured value.
     if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
-       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
+       { print CLIENTCONF "tun-mtu 1500\r\n"; }
     elsif ($vpnsettings{MSSFIX} eq 'on')
-       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
+       { print CLIENTCONF "tun-mtu 1500\r\n"; }
     elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
            ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
            ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) 
-       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
+       { print CLIENTCONF "tun-mtu 1500\r\n"; }
     else
-       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
+       { print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n"; }
 
     if ( $vpnsettings{'ENABLED'} eq 'on'){
        print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
@@ -2313,75 +2342,71 @@ else
 
 
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
-    &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
-    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+       &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+       &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-    if ($confighash{$cgiparams{'KEY'}}) {
-#      if ($vpnsettings{'ENABLED'} eq 'on' ||
-#          $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-#          system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-#      }
-#
-       my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+       if ($confighash{$cgiparams{'KEY'}}) {
+               # Revoke certificate if certificate was deleted and rewrite the CRL
+               my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+               my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
 
 ###
 # m.a.d net2net
 ###
 
-if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
-       my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
-       my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
-       unlink ($certfile);
-       unlink ($conffile);
+               if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
+                       # Stop the N2N connection before it is removed
+                       system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null");
 
-       if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
-               rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
-       }
-}
+                       my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
+                       my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+                       unlink ($certfile);
+                       unlink ($conffile);
+
+                       if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
+                               rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+                       }
+               }
 
-  unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-  unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+               unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+               unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
 
 # A.Marx CCD delete ccd files and routes
 
-       
-       if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
-       {
-               unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
-       }
-       
-       &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
-       foreach my $key (keys %ccdroutehash) {
-               if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
-                       delete $ccdroutehash{$key};
+               if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
+               {
+                       unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
                }
-       }
-       &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
        
-       &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-       foreach my $key (keys %ccdroute2hash) {
-               if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
-                       delete $ccdroute2hash{$key};
+               &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+               foreach my $key (keys %ccdroutehash) {
+                       if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+                               delete $ccdroutehash{$key};
+                       }
                }
-       }
-       &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-       &writeserverconf;
-       
+               &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
        
-# CCD end 
+               &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+               foreach my $key (keys %ccdroute2hash) {
+                       if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+                               delete $ccdroute2hash{$key};
+                       }
+               }
+               &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+               &writeserverconf;
 
-###
-###  Delete all RRD's for client
-###
-       system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
-       delete $confighash{$cgiparams{'KEY'}};
-       my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
-       &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+# CCD end
+               # Update collectd configuration and delete all RRD files of the removed connection
+               &writecollectdconf();
+               system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
 
-       #&writeserverconf();
-    } else {
-       $errormessage = $Lang::tr{'invalid key'};
-    }
+               delete $confighash{$cgiparams{'KEY'}};
+               my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+               &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+       } else {
+               $errormessage = $Lang::tr{'invalid key'};
+       }
        &General::firewall_reload();
 
 ###
@@ -3053,32 +3078,6 @@ END
        $errormessage = $Lang::tr{'invalid key'};
     }
 
-###
-### Remove connection
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
-    &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
-    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
-    if ($confighash{$cgiparams{'KEY'}}) {
-#      if ($vpnsettings{'ENABLED'} eq 'on' ||
-#          $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-#          system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-#      }
-       unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-       unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
-       delete $confighash{$cgiparams{'KEY'}};
-       &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-       #&writeserverconf();
-    } else {
-       $errormessage = $Lang::tr{'invalid key'};
-    }
-#test33
-
-###
-### Choose between adding a host-net or net-net connection
-###
-
 ###
 # m.a.d net2net
 ###
@@ -3200,7 +3199,6 @@ END
                @firen2nconf = <FILE>;
                close (FILE);
                chomp(@firen2nconf);
-
        } else {
 
                $errormessage = "Filecount does not match only 2 files are allowed\n";
@@ -3241,6 +3239,13 @@ END
     unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
     unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}   
 
+       #Add collectd settings to configfile
+       open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.';
+       print FILE "# Logfile\n";
+       print FILE "status-version 1\n";
+       print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
+       close FILE;
+
        move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
 
        if ($? ne 0) {
@@ -4953,9 +4958,6 @@ END
     $checked{'ENABLED_ORANGE'}{'off'} = '';
     $checked{'ENABLED_ORANGE'}{'on'} = '';
     $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
-    $selected{'DDEVICE'}{'tun'} = '';
-    $selected{'DDEVICE'}{'tap'} = '';
-    $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
 
     $selected{'DPROTOCOL'}{'udp'} = '';
     $selected{'DPROTOCOL'}{'tcp'} = '';
@@ -5047,10 +5049,6 @@ END
     print <<END;
     <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
        <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
-    <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td>
-        <td><select name='DDEVICE' ><option value='tun' $selected{'DDEVICE'}{'tun'}>TUN</option>
-                                       <!-- this is still not working
-                                           <option value='tap' $selected{'DDEVICE'}{'tap'}>TAP</option></select>--> </td>                                  
     <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
         <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
                                            <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>                                    
@@ -5551,42 +5549,49 @@ END
     }
 
        print <<END
-       <hr size='1'>
+
+       <br><hr><br>
+
        <form method='post' enctype='multipart/form-data'>
-       <table width='100%' border='0'cellspacing='1' cellpadding='0'>
-       <tr>
-               <td class'base'><b>$Lang::tr{'upload ca certificate'}</b></td>
-       </tr>
-       <tr>
-               <td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
-               <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td>
-               <td nowrap='nowrap'><input type='file' name='FH' size='25' />
-               <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td>
-       </tr>
+               <table border='0' width='100%'>
+                       <tr>
+                               <td colspan='4'><b>$Lang::tr{'upload ca certificate'}</b></td>
+                       </tr>
 
-       <tr align='right'>
-               <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
-       </tr>
+                       <tr>
+                               <td width='10%'>$Lang::tr{'ca name'}:</td>
+                               <td width='30%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'></td>
+                               <td width='30%'><input type='file' name='FH' size='25'>
+                               <td width='30%'align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}'></td>
+                       </tr>
 
-       <tr><td colspan=4><hr /></td></tr><tr>
-       <tr>
-               <td class'base'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
-       </tr>
+                       <tr>
+                               <td colspan='3'>&nbsp;</td>
+                               <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
+                       </tr>
+               </table>
 
-       <tr>
-               <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh upload'}:</td>
-               <td nowrap='nowrap'><size='15' align='left'/></td>
-               <td nowrap='nowrap'><input type='file' name='FH' size='25' />
-               <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td>
-       </tr>
-       <tr>
-               <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh new key'}:</td>
-               <td nowrap='nowrap'><size='15' align='left'/></td>
-               <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
-       </tr>
-       </table>
+               <br>
+
+               <table border='0' width='100%'>
+                       <tr>
+                               <td colspan='4'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
+                       </tr>
+
+                       <tr>
+                               <td width='40%'>$Lang::tr{'ovpn dh upload'}:</td>
+                               <td width='30%'><input type='file' name='FH' size='25'>
+                               <td width='30%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}'></td>
+                       </tr>
+
+                       <tr>
+                               <td width='40%'>$Lang::tr{'ovpn dh new key'}:</td>
+                               <td colspan='2' width='60%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
+                       </tr>
+               </table>
+       </form>
        
-       <tr><td colspan=4><hr /></td></tr><tr>
+       <br><hr>
 END
        ;
 

diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi
index 2a7ca8407f08a29546cb5bf9148a2cc824ac4dc6..143f123b7f71853905175421fe21c55cb73ea96f 100644 (file)
--- a/html/cgi-bin/pakfire.cgi
+++ b/html/cgi-bin/pakfire.cgi
@@ -191,14 +191,14 @@ if ($return) {
                        <form method='post' action='$ENV{'SCRIPT_NAME'}'>
                                <input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
                        </form>
-               <tr><td colspan='2' align='left'><pre>
+               <tr><td colspan='2' align='left'><code>
 END
        my @output = `grep pakfire /var/log/messages | tail -20`;
        foreach (@output) {
-               print "$_";
+               print "$_<br>";
        }
        print <<END;
-                       </pre>
+                       </code>
                </table>
 END
        &Header::closebox();

diff --git a/html/cgi-bin/pppsetup.cgi b/html/cgi-bin/pppsetup.cgi
index 33f521e7569adcb7bf640ce44e0b81c59be280ab..59677a4d114a8088fe8e24accc15ca6f39258919 100644 (file)
--- a/html/cgi-bin/pppsetup.cgi
+++ b/html/cgi-bin/pppsetup.cgi
@@ -793,15 +793,15 @@ print <<END
         <td colspan='4' width='100%' bgcolor='$color{'color20'}'><b>$Lang::tr{'pptp settings'}</b></td>
 </tr>
 <tr>
-        <td width='25%'>Peer</td>
+        <td width='25%'>$Lang::tr{'pptp peer'}:</td>
         <td colspan='3'><input size=50 type='text' name='PPTP_PEER' value='$pppsettings{'PPTP_PEER'}' /></td>
 </tr>
 <tr>
-        <td width='25%'>My Netconfig</td>
+        <td width='25%'>$Lang::tr{'pptp netconfig'}:</td>
         <td colspan='3'><input size=50 type='text' name='PPTP_NICCFG' value='$pppsettings{'PPTP_NICCFG'}' /></td>
 </tr>
 <tr>
-        <td width='25%'>PPTP Route&nbsp;<img src='/blob.gif' alt='*' /></td>
+        <td width='25%'>$Lang::tr{'pptp route'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
         <td colspan='3'><input size=50 type='text' name='PPTP_ROUTE' value='$pppsettings{'PPTP_ROUTE'}' /></td>
 </tr>
 

diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi
index 6bfa5bbbe81a5607b91deb6991a70b0ee055e72c..76bd9edebc048213fe2040ae0bba11267ef8fefb 100644 (file)
--- a/html/cgi-bin/services.cgi
+++ b/html/cgi-bin/services.cgi
@@ -188,6 +188,9 @@ END
                        # mdadm should not stopped with webif because this could crash the system
                        #
                        chomp($_);
+                       if ( $_ eq 'squid' ) {
+                               next;
+                       }
                        if ( ($_ ne "alsa") && ($_ ne "mdadm") ) {
                                $lines++;
                                if ($lines % 2){

diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
index 228b5d48c2ca14598a22cc3431b02adf85dfb766..e00bc5fd50b7649b8d7542c7de2807a7c463d8e4 100644 (file)
--- a/html/cgi-bin/tor.cgi
+++ b/html/cgi-bin/tor.cgi
@@ -20,7 +20,7 @@
 ###############################################################################
 
 use strict;
-use Locale::Country;
+use Locale::Codes::Country;
 
 # enable only the following on debugging purpose
 use warnings;
@@ -323,9 +323,9 @@ END
                                                <option value=''>- $Lang::tr{'tor exit country any'} -</option>
 END
 
-               my @country_names = Locale::Country::all_country_names();
+               my @country_names = Locale::Codes::Country::all_country_names();
                foreach my $country_name (sort @country_names) {
-                       my $country_code = Locale::Country::country2code($country_name);
+                       my $country_code = Locale::Codes::Country::country2code($country_name);
                        $country_code = uc($country_code);
                        print "<option value='$country_code'";
 

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index a6d7056191a5024f414ed778e30beb34c17270e8..218dafa26814624dd2e3358cf661c3e7566a8087 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -253,8 +253,10 @@ sub writeipsecfiles {
     print CONF "\n";
 
     # Add user includes to config file
-    print CONF "include /etc/ipsec.user.conf\n";
-    print CONF "\n";
+    if (-e "/etc/ipsec.user.conf") {
+        print CONF "include /etc/ipsec.user.conf\n";
+        print CONF "\n";
+    }
 
     print SECRETS "include /etc/ipsec.user.secrets\n";
 
@@ -310,67 +312,33 @@ sub writeipsecfiles {
 
        # Algorithms
        if ($lconfighash{$key}[18] && $lconfighash{$key}[19] && $lconfighash{$key}[20]) {
-           print CONF "\tike=";
-           my @encs   = split('\|', $lconfighash{$key}[18]);
-           my @ints   = split('\|', $lconfighash{$key}[19]);
-           my @groups = split('\|', $lconfighash{$key}[20]);
-           my $comma = 0;
-           foreach my $i (@encs) {
-               foreach my $j (@ints) {
-                   foreach my $k (@groups) {
-                       if ($comma != 0) { print CONF ","; } else { $comma = 1; }
-
-                       my @l = split("", $k);
-                       if ($l[0] eq "e") {
-                           shift @l;
-                           print CONF "$i-$j-ecp".join("", @l);
-                       } else {
-                           print CONF "$i-$j-modp$k";
-                       }
-                   }
-               }
-           }
-           if ($lconfighash{$key}[24] eq 'on') {       #only proposed algorythms?
-               print CONF "!\n";
-           } else {
-               print CONF "\n";
-           }
+               my @encs   = split('\|', $lconfighash{$key}[18]);
+               my @ints   = split('\|', $lconfighash{$key}[19]);
+               my @groups = split('\|', $lconfighash{$key}[20]);
+
+               my @algos = &make_algos("ike", \@encs, \@ints, \@groups, 1);
+               print CONF "\tike=" . join(",", @algos);
+
+               if ($lconfighash{$key}[24] eq 'on') {   #only proposed algorythms?
+                       print CONF "!\n";
+               } else {
+                       print CONF "\n";
+               }
        }
+
        if ($lconfighash{$key}[21] && $lconfighash{$key}[22]) {
-           print CONF "\tesp=";
-           my @encs   = split('\|', $lconfighash{$key}[21]);
-           my @ints   = split('\|', $lconfighash{$key}[22]);
-           my @groups = split('\|', $lconfighash{$key}[20]);
-           my $comma = 0;
-           foreach my $i (@encs) {
-               foreach my $j (@ints) {
-                       my $modp = "";
-                       if ($pfs eq "on") {
-                               foreach my $k (@groups) {
-                                   if ($comma != 0) { print CONF ","; } else { $comma = 1; }
-                                   if ($pfs eq "on") {
-                                       my @l = split("", $k);
-                                       if ($l[0] eq "e") {
-                                               $modp = "";
-                                       } else {
-                                               $modp = "-modp$k";
-                                       }
-                                   } else {
-                                       $modp = "";
-                                   }
-                                   print CONF "$i-$j$modp";
-                               }
-                       } else {
-                               if ($comma != 0) { print CONF ","; } else { $comma = 1; }
-                               print CONF "$i-$j";
-                       }
+               my @encs   = split('\|', $lconfighash{$key}[21]);
+               my @ints   = split('\|', $lconfighash{$key}[22]);
+               my @groups = split('\|', $lconfighash{$key}[20]);
+
+               my @algos = &make_algos("esp", \@encs, \@ints, \@groups, ($pfs eq "on"));
+               print CONF "\tesp=" . join(",", @algos);
+
+               if ($lconfighash{$key}[24] eq 'on') {   #only proposed algorythms?
+                       print CONF "!\n";
+               } else {
+                       print CONF "\n";
                }
-           }
-           if ($lconfighash{$key}[24] eq 'on') {       #only proposed algorythms?
-               print CONF "!\n";
-           } else {
-               print CONF "\n";
-           }
        }
 
        # IKE V1 or V2
@@ -397,12 +365,12 @@ sub writeipsecfiles {
                        print CONF "\tdpddelay=0\n";
                }
        } else {
-               my $dpddelay = $lconfighash{$key}[30];
+               my $dpddelay = $lconfighash{$key}[31];
                if (!$dpddelay) {
                        $dpddelay = 30;
                }
                print CONF "\tdpddelay=$dpddelay\n";
-               my $dpdtimeout = $lconfighash{$key}[31];
+               my $dpdtimeout = $lconfighash{$key}[30];
                if (!$dpdtimeout) {
                        $dpdtimeout = 120;
                }
@@ -435,6 +403,10 @@ sub writeipsecfiles {
        } else {
            print CONF "\tauto=start\n";
        }
+
+       # Fragmentation
+       print CONF "\tfragmentation=yes\n";
+
        print CONF "\n";
     }#foreach key
 
@@ -969,9 +941,9 @@ END
        if (!$errormessage) {
            &General::log("ipsec", "Creating cacert...");
            if (open(STDIN, "-|")) {
-               my $opt  = " req -x509 -nodes -rand /proc/interrupts:/proc/net/rt_cache";
+               my $opt  = " req -x509 -sha256 -nodes";
                   $opt .= " -days 999999";
-                  $opt .= " -newkey rsa:2048";
+                  $opt .= " -newkey rsa:4096";
                   $opt .= " -keyout ${General::swroot}/private/cakey.pem";
                   $opt .= " -out ${General::swroot}/ca/cacert.pem";
 
@@ -992,8 +964,8 @@ END
        if (!$errormessage) {
            &General::log("ipsec", "Creating host cert...");
            if (open(STDIN, "-|")) {
-               my $opt  = " req -nodes -rand /proc/interrupts:/proc/net/rt_cache";
-                  $opt .= " -newkey rsa:1024";
+               my $opt  = " req -sha256 -nodes";
+                  $opt .= " -newkey rsa:2048";
                   $opt .= " -keyout ${General::swroot}/certs/hostkey.pem";
                   $opt .= " -out ${General::swroot}/certs/hostreq.pem";
                $errormessage = &callssl ($opt);
@@ -1028,7 +1000,7 @@ END
            print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'});
            close ($fh);
            
-           my  $opt  = " ca -days 999999";
+           my  $opt  = " ca -md sha256 -days 999999";
                $opt .= " -batch -notext";
                $opt .= " -in ${General::swroot}/certs/hostreq.pem";
                $opt .= " -out ${General::swroot}/certs/hostcert.pem";
@@ -1451,7 +1423,7 @@ END
 
            # Sign the certificate request
            &General::log("ipsec", "Signing your cert $cgiparams{'NAME'}...");
-           my  $opt  = " ca -days 999999";
+           my  $opt  = " ca -md sha256 -days 999999";
                $opt .= " -batch -notext";
                $opt .= " -in $filename";
                $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem";
@@ -1681,12 +1653,12 @@ END
            (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
            (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
 
-           # Create the Host certificate request
+           # Create the Client certificate request
            &General::log("ipsec", "Creating a cert...");
 
            if (open(STDIN, "-|")) {
                my $opt  = " req -nodes -rand /proc/interrupts:/proc/net/rt_cache";
-                  $opt .= " -newkey rsa:1024";
+                  $opt .= " -newkey rsa:2048";
                   $opt .= " -keyout ${General::swroot}/certs/$cgiparams{'NAME'}key.pem";
                   $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}req.pem";
 
@@ -1708,7 +1680,7 @@ END
                exit (0);
            }
            
-           # Sign the host certificate request
+           # Sign the client certificate request
            &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}...");
 
            #No easy way for specifying the contain of subjectAltName without writing a config file...
@@ -1717,13 +1689,14 @@ END
            basicConstraints=CA:FALSE
            nsComment="OpenSSL Generated Certificate"
            subjectKeyIdentifier=hash
+           extendedKeyUsage=clientAuth
            authorityKeyIdentifier=keyid,issuer:always
 END
 ;
            print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'});
            close ($fh);
 
-           my $opt  = " ca -days 999999 -batch -notext";
+           my $opt  = " ca -md sha256 -days 999999 -batch -notext";
               $opt .= " -in ${General::swroot}/certs/$cgiparams{'NAME'}req.pem";
               $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem";
               $opt .= " -extfile $v3extname";
@@ -1886,12 +1859,12 @@ END
        $cgiparams{'REMOTE_ID'} = '';
 
        #use default advanced value
-       $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des';     #[18];
-       $cgiparams{'IKE_INTEGRITY'}  = 'sha2_256|sha|md5';      #[19];
+       $cgiparams{'IKE_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128';   #[18];
+       $cgiparams{'IKE_INTEGRITY'}  = 'sha2_512|sha2_256|sha'; #[19];
        $cgiparams{'IKE_GROUPTYPE'}  = '4096|3072|2048|1536|1024';              #[20];
        $cgiparams{'IKE_LIFETIME'}   = '3';             #[16];
-       $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des';     #[21];
-       $cgiparams{'ESP_INTEGRITY'}  = 'sha2_256|sha1|md5';     #[22];
+       $cgiparams{'ESP_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128';   #[21];
+       $cgiparams{'ESP_INTEGRITY'}  = 'sha2_512|sha2_256|sha1';        #[22];
        $cgiparams{'ESP_GROUPTYPE'}  = '';              #[23];
        $cgiparams{'ESP_KEYLIFE'}    = '1';             #[17];
        $cgiparams{'COMPRESSION'}    = 'on';            #[13];
@@ -2145,7 +2118,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
            goto ADVANCED_ERROR;
        }
        foreach my $val (@temp) {
-           if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) {
+           if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) {
                $errormessage = $Lang::tr{'invalid input'};
                goto ADVANCED_ERROR;
            }
@@ -2156,7 +2129,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
            goto ADVANCED_ERROR;
        }
        foreach my $val (@temp) {
-           if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha|md5|aesxcbc)$/) {
+           if ($val !~ /^(sha2_(512|384|256)|sha|md5|aesxcbc)$/) {
                $errormessage = $Lang::tr{'invalid input'};
                goto ADVANCED_ERROR;
            }
@@ -2176,8 +2149,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
            $errormessage = $Lang::tr{'invalid input for ike lifetime'};
            goto ADVANCED_ERROR;
        }
-       if ($cgiparams{'IKE_LIFETIME'} < 1 || $cgiparams{'IKE_LIFETIME'} > 24) {
-           $errormessage = $Lang::tr{'ike lifetime should be between 1 and 24 hours'};
+       if ($cgiparams{'IKE_LIFETIME'} < 1 || $cgiparams{'IKE_LIFETIME'} > 8) {
+           $errormessage = $Lang::tr{'ike lifetime should be between 1 and 8 hours'};
            goto ADVANCED_ERROR;
        }
        @temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
@@ -2186,7 +2159,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
            goto ADVANCED_ERROR;
        }
        foreach my $val (@temp) {
-           if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) {
+           if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) {
                $errormessage = $Lang::tr{'invalid input'};
                goto ADVANCED_ERROR;
            }
@@ -2197,7 +2170,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
            goto ADVANCED_ERROR;
        }
        foreach my $val (@temp) {
-           if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha1|md5|aesxcbc)$/) {
+           if ($val !~ /^(sha2_(512|384|256)|sha1|md5|aesxcbc)$/) {
                $errormessage = $Lang::tr{'invalid input'};
                goto ADVANCED_ERROR;
            }
@@ -2297,6 +2270,15 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
     $checked{'IKE_ENCRYPTION'}{'aes256'} = '';
     $checked{'IKE_ENCRYPTION'}{'aes192'} = '';
     $checked{'IKE_ENCRYPTION'}{'aes128'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes256gcm128'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes192gcm128'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes128gcm128'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes256gcm96'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes192gcm96'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes128gcm96'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes256gcm64'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes192gcm64'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes128gcm64'} = '';
     $checked{'IKE_ENCRYPTION'}{'3des'} = '';
     $checked{'IKE_ENCRYPTION'}{'camellia256'} = '';
     $checked{'IKE_ENCRYPTION'}{'camellia192'} = '';
@@ -2328,6 +2310,15 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
     $checked{'ESP_ENCRYPTION'}{'aes256'} = '';
     $checked{'ESP_ENCRYPTION'}{'aes192'} = '';
     $checked{'ESP_ENCRYPTION'}{'aes128'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes256gcm128'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes192gcm128'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes128gcm128'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes256gcm96'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes192gcm96'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes128gcm96'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes256gcm64'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes192gcm64'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes128gcm64'} = '';
     $checked{'ESP_ENCRYPTION'}{'3des'} = '';
     $checked{'ESP_ENCRYPTION'}{'camellia256'} = '';
     $checked{'ESP_ENCRYPTION'}{'camellia192'} = '';
@@ -2406,24 +2397,42 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
                        <td class='boldbase' width="15%">$Lang::tr{'encryption'}</td>
                        <td class='boldbase'>
                                <select name='IKE_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'>
-                                       <option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
-                                       <option value='aes192' $checked{'IKE_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
-                                       <option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
-                                       <option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>3DES</option>
-                                       <option value='camellia256' $checked{'IKE_ENCRYPTION'}{'camellia256'}>Camellia (256 bit)</option>
-                                       <option value='camellia192' $checked{'IKE_ENCRYPTION'}{'camellia192'}>Camellia (192 bit)</option>
-                                       <option value='camellia128' $checked{'IKE_ENCRYPTION'}{'camellia128'}>Camellia (128 bit)</option>
+                                       <option value='aes256gcm128' $checked{'IKE_ENCRYPTION'}{'aes256gcm128'}>256 bit AES-GCM/128 bit ICV</option>
+                                       <option value='aes256gcm96' $checked{'IKE_ENCRYPTION'}{'aes256gcm96'}>256 bit AES-GCM/96 bit ICV</option>
+                                       <option value='aes256gcm64' $checked{'IKE_ENCRYPTION'}{'aes256gcm64'}>256 bit AES-GCM/64 bit ICV</option>
+                                       <option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>256 bit AES-CBC</option>
+                                       <option value='camellia256' $checked{'IKE_ENCRYPTION'}{'camellia256'}>256 bit Camellia-CBC</option>
+                                       <option value='aes192gcm128' $checked{'IKE_ENCRYPTION'}{'aes192gcm128'}>192 bit AES-GCM/128 bit ICV</option>
+                                       <option value='aes192gcm96' $checked{'IKE_ENCRYPTION'}{'aes192gcm96'}>192 bit AES-GCM/96 bit ICV</option>
+                                       <option value='aes192gcm64' $checked{'IKE_ENCRYPTION'}{'aes192gcm64'}>192 bit AES-GCM/64 bit ICV</option>
+                                       <option value='aes192' $checked{'IKE_ENCRYPTION'}{'aes192'}>192 bit AES-CBC</option>
+                                       <option value='camellia192' $checked{'IKE_ENCRYPTION'}{'camellia192'}>192 bit Camellia-CBC</option>
+                                       <option value='aes128gcm128' $checked{'IKE_ENCRYPTION'}{'aes128gcm128'}>128 bit AES-GCM/128 bit ICV</option>
+                                       <option value='aes128gcm96' $checked{'IKE_ENCRYPTION'}{'aes128gcm96'}>128 bit AES-GCM/96 bit ICV</option>
+                                       <option value='aes128gcm64' $checked{'IKE_ENCRYPTION'}{'aes128gcm64'}>128 bit AES-GCM/64 bit ICV</option>
+                                       <option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>128 bit AES-CBC</option>
+                                       <option value='camellia128' $checked{'IKE_ENCRYPTION'}{'camellia128'}>128 bit Camellia-CBC</option>
+                                       <option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC</option>
                                </select>
                        </td>
                        <td class='boldbase'>
                                <select name='ESP_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'>
-                                       <option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
-                                       <option value='aes192' $checked{'ESP_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
-                                       <option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
-                                       <option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>3DES</option>
-                                       <option value='camellia256' $checked{'ESP_ENCRYPTION'}{'camellia256'}>Camellia (256 bit)</option>
-                                       <option value='camellia192' $checked{'ESP_ENCRYPTION'}{'camellia192'}>Camellia (192 bit)</option>
-                                       <option value='camellia128' $checked{'ESP_ENCRYPTION'}{'camellia128'}>Camellia (128 bit)</option>
+                                       <option value='aes256gcm128' $checked{'ESP_ENCRYPTION'}{'aes256gcm128'}>256 bit AES-GCM/128 bit ICV</option>
+                                       <option value='aes256gcm96' $checked{'ESP_ENCRYPTION'}{'aes256gcm96'}>256 bit AES-GCM/96 bit ICV</option>
+                                       <option value='aes256gcm64' $checked{'ESP_ENCRYPTION'}{'aes256gcm64'}>256 bit AES-GCM/64 bit ICV</option>
+                                       <option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>256 bit AES-CBC</option>
+                                       <option value='camellia256' $checked{'ESP_ENCRYPTION'}{'camellia256'}>256 bit Camellia-CBC</option>
+                                       <option value='aes192gcm128' $checked{'ESP_ENCRYPTION'}{'aes192gcm128'}>192 bit AES-GCM/128 bit ICV</option>
+                                       <option value='aes192gcm96' $checked{'ESP_ENCRYPTION'}{'aes192gcm96'}>192 bit AES-GCM/96 bit ICV</option>
+                                       <option value='aes192gcm64' $checked{'ESP_ENCRYPTION'}{'aes192gcm64'}>192 bit AES-GCM/64 bit ICV</option>
+                                       <option value='aes192' $checked{'ESP_ENCRYPTION'}{'aes192'}>192 bit AES-CBC</option>
+                                       <option value='camellia192' $checked{'ESP_ENCRYPTION'}{'camellia192'}>192 bit Camellia-CBC</option>
+                                       <option value='aes128gcm128' $checked{'ESP_ENCRYPTION'}{'aes128gcm128'}>128 bit AES-GCM/128 bit ICV</option>
+                                       <option value='aes128gcm96' $checked{'ESP_ENCRYPTION'}{'aes128gcm96'}>128 bit AES-GCM/96 bit ICV</option>
+                                       <option value='aes128gcm64' $checked{'ESP_ENCRYPTION'}{'aes128gcm64'}>128 bit AES-GCM/64 bit ICV</option>
+                                       <option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>128 bit AES-CBC</option>
+                                       <option value='camellia128' $checked{'ESP_ENCRYPTION'}{'camellia128'}>128 bit Camellia-CBC</option>
+                                       <option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC</option>
                                </select>
                        </td>
                </tr>
@@ -2435,9 +2444,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
                                        <option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
                                        <option value='sha2_384' $checked{'IKE_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
                                        <option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
+                                       <option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
                                        <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1</option>
                                        <option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option>
-                                       <option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
                                </select>
                        </td>
                        <td class='boldbase'>
@@ -2445,9 +2454,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
                                        <option value='sha2_512' $checked{'ESP_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
                                        <option value='sha2_384' $checked{'ESP_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
                                        <option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
+                                       <option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
                                        <option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option>
                                        <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option>
-                                       <option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
                                </select>
                        </td>
                </tr>
@@ -2465,14 +2474,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
                        <td class='boldbase'>
                                <select name='IKE_GROUPTYPE' multiple='multiple' size='6' style='width: 100%'>
                                        <option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521 (NIST)</option>
-                                       <option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384 (NIST)</option>
-                                       <option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256 (NIST)</option>
-                                       <option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224 (NIST)</option>
-                                       <option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192 (NIST)</option>
                                        <option value='e512bp' $checked{'IKE_GROUPTYPE'}{'e512bp'}>ECP-512 (Brainpool)</option>
+                                       <option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384 (NIST)</option>
                                        <option value='e384bp' $checked{'IKE_GROUPTYPE'}{'e384bp'}>ECP-384 (Brainpool)</option>
+                                       <option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256 (NIST)</option>
                                        <option value='e256bp' $checked{'IKE_GROUPTYPE'}{'e256bp'}>ECP-256 (Brainpool)</option>
+                                       <option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224 (NIST)</option>
                                        <option value='e224bp' $checked{'IKE_GROUPTYPE'}{'e224bp'}>ECP-224 (Brainpool)</option>
+                                       <option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192 (NIST)</option>
                                        <option value='8192' $checked{'IKE_GROUPTYPE'}{'8192'}>MODP-8192</option>
                                        <option value='6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</option>
                                        <option value='4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</option>
@@ -2992,3 +3001,50 @@ END
     &Header::closebox();
     &Header::closebigbox();
     &Header::closepage();
+
+sub array_unique($) {
+       my $array = shift;
+       my @unique = ();
+
+       my %seen = ();
+       foreach my $e (@$array) {
+               next if $seen{$e}++;
+               push(@unique, $e);
+       }
+
+       return @unique;
+}
+
+sub make_algos($$$$$) {
+       my ($mode, $encs, $ints, $grps, $pfs) = @_;
+       my @algos = ();
+
+       foreach my $enc (@$encs) {
+               foreach my $int (@$ints) {
+                       foreach my $grp (@$grps) {
+                               my @algo = ($enc);
+
+                               if ($mode eq "ike") {
+                                       push(@algo, $int);
+
+                                       if ($grp =~ m/^e(.*)$/) {
+                                               push(@algo, "ecp$1");
+                                       } else {
+                                               push(@algo, "modp$grp");
+                                       }
+
+                               } elsif ($mode eq "esp" && $pfs) {
+                                       my $is_aead = ($enc =~ m/[cg]cm/);
+
+                                       if (!$is_aead) {
+                                               push(@algo, $int);
+                                       }
+                               }
+
+                               push(@algos, join("-", @algo));
+                       }
+               }
+       }
+
+       return &array_unique(\@algos);
+}

diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi
index ec9022ddfad8305013f9efd1200818726c33bbf2..844c395e2f7738dddd26cd3c36ad5bcfe8577c93 100644 (file)
--- a/html/cgi-bin/wlanap.cgi
+++ b/html/cgi-bin/wlanap.cgi
@@ -71,7 +71,7 @@ $wlanapsettings{'HW_MODE'} = 'g';
 $wlanapsettings{'PWD'} = 'IPFire-2.x';
 $wlanapsettings{'SYSLOGLEVEL'} = '0';
 $wlanapsettings{'DEBUG'} = '4';
-$wlanapsettings{'DRIVER'} = 'MADWIFI';
+$wlanapsettings{'DRIVER'} = 'NL80211';
 $wlanapsettings{'HTCAPS'} = '';
 
 &General::readhash("/var/ipfire/wlanap/settings", \%wlanapsettings);
@@ -265,7 +265,7 @@ if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){
 my $wiphy = `iw dev $wlanapsettings{'INTERFACE'} info | grep wiphy | cut -d" " -f2`;
 chomp $wiphy;
 
-@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \\\[" | grep -v "(disabled)" | grep -v "no IBSS" | grep -v "passive scanning" 2>/dev/null`;
+@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \\\[" | grep -v "(disabled)" | grep -v "no IBSS" | grep -v "no IR" | grep -v "passive scanning" 2>/dev/null`;
 # get available channels
 
 my @temp;
@@ -306,15 +306,6 @@ if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){
 }
 # get available power
 
-my @temp;
-foreach (@txpower_cmd){
-$_ =~ /(\s)(\d+)(\s)dBm(\s)(.*)(\W)(\d+)(.*)/;
-$txpower = $7;chomp $txpower;
-if ( $txpower =~ /\d+/ ){push(@temp,$txpower."mW");}
-}
-my @txpower = @temp;
-push(@txpower,"auto");
-
 $selected{'SYSLOGLEVEL'}{$wlanapsettings{'SYSLOGLEVEL'}} = "selected='selected'";
 $selected{'DEBUG'}{$wlanapsettings{'DEBUG'}} = "selected='selected'";
 
@@ -437,20 +428,7 @@ END
 ;
 print <<END
 <tr><td width='25%' class='base'>HT Caps:&nbsp;</td><td class='base' colspan='3'><input type='text' name='HTCAPS' size='30' value='$wlanapsettings{'HTCAPS'}' /></td></tr>
-<tr><td width='25%' class='base'>Tx Power:&nbsp;</td><td class='base' colspan='3'>
-END
-;
-
-if ( $wlanapsettings{'DRIVER'} eq 'MADWIFI' ){
-       print "<select name='TXPOWER'>";
-       foreach $txpower (@txpower){
-               print "<option $selected{'TXPOWER'}{$txpower}>$txpower</option>&nbsp;dBm";
-       }
-       print " </select></td></tr>";
-} else {
-       print "<input type='text' name='TXPOWER' size='10' value='$wlanapsettings{'TXPOWER'}' /></td></tr>"
-}
-print <<END
+<tr><td width='25%' class='base'>Tx Power:&nbsp;</td><td class='base' colspan='3'><input type='text' name='TXPOWER' size='10' value='$wlanapsettings{'TXPOWER'}' /></td></tr>
 <tr><td width='25%' class='base'>Loglevel (hostapd):&nbsp;</td><td class='base' width='25%'>
        <select name='SYSLOGLEVEL'>
                <option value='0' $selected{'SYSLOGLEVEL'}{'0'}>0 ($Lang::tr{'wlanap verbose'})</option>
@@ -508,9 +486,6 @@ print <<END
 END
 ;
 my @status;
-if ( $wlanapsettings{'DRIVER'} eq 'MADWIFI' ){
-        @status =  `wlanconfig $wlanapsettings{'INTERFACE'} list`;
-}
 if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){
         @status =  `iw dev $wlanapsettings{'INTERFACE'} info && iw dev $wlanapsettings{'INTERFACE'} station dump && echo ""`;
 }

diff --git a/html/html/images/flags/ad.png b/html/html/images/flags/ad.png
deleted file mode 100644 (file)
index ffbe26a..0000000
Binary files a/html/html/images/flags/ad.png and /dev/null differ

diff --git a/html/html/images/flags/ae.png b/html/html/images/flags/ae.png
deleted file mode 100644 (file)
index 0ee169b..0000000
Binary files a/html/html/images/flags/ae.png and /dev/null differ

diff --git a/html/html/images/flags/af.png b/html/html/images/flags/af.png
deleted file mode 100644 (file)
index f6d8f25..0000000
Binary files a/html/html/images/flags/af.png and /dev/null differ

diff --git a/html/html/images/flags/ag.png b/html/html/images/flags/ag.png
deleted file mode 100644 (file)
index 1c731ba..0000000
Binary files a/html/html/images/flags/ag.png and /dev/null differ

diff --git a/html/html/images/flags/ai.png b/html/html/images/flags/ai.png
deleted file mode 100644 (file)
index afc38d9..0000000
Binary files a/html/html/images/flags/ai.png and /dev/null differ

diff --git a/html/html/images/flags/al.png b/html/html/images/flags/al.png
deleted file mode 100644 (file)
index 79d6bac..0000000
Binary files a/html/html/images/flags/al.png and /dev/null differ

diff --git a/html/html/images/flags/am.png b/html/html/images/flags/am.png
deleted file mode 100644 (file)
index 7d57f50..0000000
Binary files a/html/html/images/flags/am.png and /dev/null differ

diff --git a/html/html/images/flags/an.png b/html/html/images/flags/an.png
deleted file mode 100644 (file)
index bf9d233..0000000
Binary files a/html/html/images/flags/an.png and /dev/null differ

diff --git a/html/html/images/flags/ao.png b/html/html/images/flags/ao.png
deleted file mode 100644 (file)
index c971840..0000000
Binary files a/html/html/images/flags/ao.png and /dev/null differ

diff --git a/html/html/images/flags/aq.png b/html/html/images/flags/aq.png
deleted file mode 100644 (file)
index a4f9700..0000000
Binary files a/html/html/images/flags/aq.png and /dev/null differ

diff --git a/html/html/images/flags/ar.png b/html/html/images/flags/ar.png
deleted file mode 100644 (file)
index d3a0d9d..0000000
Binary files a/html/html/images/flags/ar.png and /dev/null differ

diff --git a/html/html/images/flags/as.png b/html/html/images/flags/as.png
deleted file mode 100644 (file)
index d881283..0000000
Binary files a/html/html/images/flags/as.png and /dev/null differ

diff --git a/html/html/images/flags/at.png b/html/html/images/flags/at.png
deleted file mode 100644 (file)
index bd0cbe1..0000000
Binary files a/html/html/images/flags/at.png and /dev/null differ

diff --git a/html/html/images/flags/au.png b/html/html/images/flags/au.png
deleted file mode 100644 (file)
index 65fd911..0000000
Binary files a/html/html/images/flags/au.png and /dev/null differ

diff --git a/html/html/images/flags/aw.png b/html/html/images/flags/aw.png
deleted file mode 100644 (file)
index 1e5aff9..0000000
Binary files a/html/html/images/flags/aw.png and /dev/null differ

diff --git a/html/html/images/flags/az.png b/html/html/images/flags/az.png
deleted file mode 100644 (file)
index f2137c2..0000000
Binary files a/html/html/images/flags/az.png and /dev/null differ

diff --git a/html/html/images/flags/ba.png b/html/html/images/flags/ba.png
deleted file mode 100644 (file)
index 39dbca8..0000000
Binary files a/html/html/images/flags/ba.png and /dev/null differ

diff --git a/html/html/images/flags/bb.png b/html/html/images/flags/bb.png
deleted file mode 100644 (file)
index 726ab5a..0000000
Binary files a/html/html/images/flags/bb.png and /dev/null differ

diff --git a/html/html/images/flags/bd.png b/html/html/images/flags/bd.png
deleted file mode 100644 (file)
index e68816f..0000000
Binary files a/html/html/images/flags/bd.png and /dev/null differ

diff --git a/html/html/images/flags/be.png b/html/html/images/flags/be.png
deleted file mode 100644 (file)
index 2f92d5f..0000000
Binary files a/html/html/images/flags/be.png and /dev/null differ

diff --git a/html/html/images/flags/bf.png b/html/html/images/flags/bf.png
deleted file mode 100644 (file)
index 618fd04..0000000
Binary files a/html/html/images/flags/bf.png and /dev/null differ

diff --git a/html/html/images/flags/bg.png b/html/html/images/flags/bg.png
deleted file mode 100644 (file)
index 70d4b20..0000000
Binary files a/html/html/images/flags/bg.png and /dev/null differ

diff --git a/html/html/images/flags/bh.png b/html/html/images/flags/bh.png
deleted file mode 100644 (file)
index e92bd20..0000000
Binary files a/html/html/images/flags/bh.png and /dev/null differ

diff --git a/html/html/images/flags/bi.png b/html/html/images/flags/bi.png
deleted file mode 100644 (file)
index 3b4ebca..0000000
Binary files a/html/html/images/flags/bi.png and /dev/null differ

diff --git a/html/html/images/flags/bj.png b/html/html/images/flags/bj.png
deleted file mode 100644 (file)
index f6b89d9..0000000
Binary files a/html/html/images/flags/bj.png and /dev/null differ

diff --git a/html/html/images/flags/bm.png b/html/html/images/flags/bm.png
deleted file mode 100644 (file)
index 092852d..0000000
Binary files a/html/html/images/flags/bm.png and /dev/null differ

diff --git a/html/html/images/flags/bn.png b/html/html/images/flags/bn.png
deleted file mode 100644 (file)
index 2cf8b8e..0000000
Binary files a/html/html/images/flags/bn.png and /dev/null differ

diff --git a/html/html/images/flags/bo.png b/html/html/images/flags/bo.png
deleted file mode 100644 (file)
index bcf7986..0000000
Binary files a/html/html/images/flags/bo.png and /dev/null differ

diff --git a/html/html/images/flags/br.png b/html/html/images/flags/br.png
deleted file mode 100644 (file)
index 73e9370..0000000
Binary files a/html/html/images/flags/br.png and /dev/null differ

diff --git a/html/html/images/flags/bs.png b/html/html/images/flags/bs.png
deleted file mode 100644 (file)
index 799df4d..0000000
Binary files a/html/html/images/flags/bs.png and /dev/null differ

diff --git a/html/html/images/flags/bt.png b/html/html/images/flags/bt.png
deleted file mode 100644 (file)
index 796a073..0000000
Binary files a/html/html/images/flags/bt.png and /dev/null differ

diff --git a/html/html/images/flags/bv.png b/html/html/images/flags/bv.png
deleted file mode 100644 (file)
index 90661b4..0000000
Binary files a/html/html/images/flags/bv.png and /dev/null differ

diff --git a/html/html/images/flags/bw.png b/html/html/images/flags/bw.png
deleted file mode 100644 (file)
index 913580d..0000000
Binary files a/html/html/images/flags/bw.png and /dev/null differ

diff --git a/html/html/images/flags/by.png b/html/html/images/flags/by.png
deleted file mode 100644 (file)
index 80cd890..0000000
Binary files a/html/html/images/flags/by.png and /dev/null differ

diff --git a/html/html/images/flags/bz.png b/html/html/images/flags/bz.png
deleted file mode 100644 (file)
index bcfd37e..0000000
Binary files a/html/html/images/flags/bz.png and /dev/null differ

diff --git a/html/html/images/flags/ca.png b/html/html/images/flags/ca.png
deleted file mode 100644 (file)
index 0a50034..0000000
Binary files a/html/html/images/flags/ca.png and /dev/null differ

diff --git a/html/html/images/flags/cc.png b/html/html/images/flags/cc.png
deleted file mode 100644 (file)
index 6e29f45..0000000
Binary files a/html/html/images/flags/cc.png and /dev/null differ

diff --git a/html/html/images/flags/cd.png b/html/html/images/flags/cd.png
deleted file mode 100644 (file)
index daa30a3..0000000
Binary files a/html/html/images/flags/cd.png and /dev/null differ

diff --git a/html/html/images/flags/cf.png b/html/html/images/flags/cf.png
deleted file mode 100644 (file)
index d31de15..0000000
Binary files a/html/html/images/flags/cf.png and /dev/null differ

diff --git a/html/html/images/flags/cg.png b/html/html/images/flags/cg.png
deleted file mode 100644 (file)
index 1d712ff..0000000
Binary files a/html/html/images/flags/cg.png and /dev/null differ

diff --git a/html/html/images/flags/ch.png b/html/html/images/flags/ch.png
deleted file mode 100644 (file)
index b5b5902..0000000
Binary files a/html/html/images/flags/ch.png and /dev/null differ

diff --git a/html/html/images/flags/ci.png b/html/html/images/flags/ci.png
deleted file mode 100644 (file)
index 3f34f51..0000000
Binary files a/html/html/images/flags/ci.png and /dev/null differ

diff --git a/html/html/images/flags/ck.png b/html/html/images/flags/ck.png
deleted file mode 100644 (file)
index c86af2c..0000000
Binary files a/html/html/images/flags/ck.png and /dev/null differ

diff --git a/html/html/images/flags/cl.png b/html/html/images/flags/cl.png
deleted file mode 100644 (file)
index 194fd91..0000000
Binary files a/html/html/images/flags/cl.png and /dev/null differ

diff --git a/html/html/images/flags/cm.png b/html/html/images/flags/cm.png
deleted file mode 100644 (file)
index 00fc991..0000000
Binary files a/html/html/images/flags/cm.png and /dev/null differ

diff --git a/html/html/images/flags/cn.png b/html/html/images/flags/cn.png
deleted file mode 100644 (file)
index e9e8261..0000000
Binary files a/html/html/images/flags/cn.png and /dev/null differ

diff --git a/html/html/images/flags/co.png b/html/html/images/flags/co.png
deleted file mode 100644 (file)
index cba9e49..0000000
Binary files a/html/html/images/flags/co.png and /dev/null differ

diff --git a/html/html/images/flags/cr.png b/html/html/images/flags/cr.png
deleted file mode 100644 (file)
index 9088a35..0000000
Binary files a/html/html/images/flags/cr.png and /dev/null differ

diff --git a/html/html/images/flags/cs.png b/html/html/images/flags/cs.png
deleted file mode 100644 (file)
index bbd5aca..0000000
Binary files a/html/html/images/flags/cs.png and /dev/null differ

diff --git a/html/html/images/flags/cu.png b/html/html/images/flags/cu.png
deleted file mode 100644 (file)
index ff1b7ea..0000000
Binary files a/html/html/images/flags/cu.png and /dev/null differ

diff --git a/html/html/images/flags/cv.png b/html/html/images/flags/cv.png
deleted file mode 100644 (file)
index 49e7738..0000000
Binary files a/html/html/images/flags/cv.png and /dev/null differ

diff --git a/html/html/images/flags/cx.png b/html/html/images/flags/cx.png
deleted file mode 100644 (file)
index a64c13f..0000000
Binary files a/html/html/images/flags/cx.png and /dev/null differ

diff --git a/html/html/images/flags/cy.png b/html/html/images/flags/cy.png
deleted file mode 100644 (file)
index c3a559c..0000000
Binary files a/html/html/images/flags/cy.png and /dev/null differ

diff --git a/html/html/images/flags/cz.png b/html/html/images/flags/cz.png
deleted file mode 100644 (file)
index 5caf0ec..0000000
Binary files a/html/html/images/flags/cz.png and /dev/null differ

diff --git a/html/html/images/flags/de.png b/html/html/images/flags/de.png
deleted file mode 100644 (file)
index b142f7b..0000000
Binary files a/html/html/images/flags/de.png and /dev/null differ

diff --git a/html/html/images/flags/dj.png b/html/html/images/flags/dj.png
deleted file mode 100644 (file)
index c71b38f..0000000
Binary files a/html/html/images/flags/dj.png and /dev/null differ

diff --git a/html/html/images/flags/dk.png b/html/html/images/flags/dk.png
deleted file mode 100644 (file)
index b2b9b12..0000000
Binary files a/html/html/images/flags/dk.png and /dev/null differ

diff --git a/html/html/images/flags/dm.png b/html/html/images/flags/dm.png
deleted file mode 100644 (file)
index 0b1aab6..0000000
Binary files a/html/html/images/flags/dm.png and /dev/null differ

diff --git a/html/html/images/flags/do.png b/html/html/images/flags/do.png
deleted file mode 100644 (file)
index 5afc6d0..0000000
Binary files a/html/html/images/flags/do.png and /dev/null differ

diff --git a/html/html/images/flags/dz.png b/html/html/images/flags/dz.png
deleted file mode 100644 (file)
index 9132046..0000000
Binary files a/html/html/images/flags/dz.png and /dev/null differ

diff --git a/html/html/images/flags/ec.png b/html/html/images/flags/ec.png
deleted file mode 100644 (file)
index bdae8d2..0000000
Binary files a/html/html/images/flags/ec.png and /dev/null differ

diff --git a/html/html/images/flags/ee.png b/html/html/images/flags/ee.png
deleted file mode 100644 (file)
index 516e5a3..0000000
Binary files a/html/html/images/flags/ee.png and /dev/null differ

diff --git a/html/html/images/flags/eg.png b/html/html/images/flags/eg.png
deleted file mode 100644 (file)
index 0f47afc..0000000
Binary files a/html/html/images/flags/eg.png and /dev/null differ

diff --git a/html/html/images/flags/eh.png b/html/html/images/flags/eh.png
deleted file mode 100644 (file)
index 927b3cb..0000000
Binary files a/html/html/images/flags/eh.png and /dev/null differ

diff --git a/html/html/images/flags/er.png b/html/html/images/flags/er.png
deleted file mode 100644 (file)
index 10ded53..0000000
Binary files a/html/html/images/flags/er.png and /dev/null differ

diff --git a/html/html/images/flags/es.png b/html/html/images/flags/es.png
deleted file mode 100644 (file)
index 40cbfa6..0000000
Binary files a/html/html/images/flags/es.png and /dev/null differ

diff --git a/html/html/images/flags/et.png b/html/html/images/flags/et.png
deleted file mode 100644 (file)
index 17a252e..0000000
Binary files a/html/html/images/flags/et.png and /dev/null differ

diff --git a/html/html/images/flags/eu.png b/html/html/images/flags/eu.png
deleted file mode 100644 (file)
index 4c09a5a..0000000
Binary files a/html/html/images/flags/eu.png and /dev/null differ

diff --git a/html/html/images/flags/fi.png b/html/html/images/flags/fi.png
deleted file mode 100644 (file)
index 78b9ab6..0000000
Binary files a/html/html/images/flags/fi.png and /dev/null differ

diff --git a/html/html/images/flags/fj.png b/html/html/images/flags/fj.png
deleted file mode 100644 (file)
index a02aaa3..0000000
Binary files a/html/html/images/flags/fj.png and /dev/null differ

diff --git a/html/html/images/flags/fk.png b/html/html/images/flags/fk.png
deleted file mode 100644 (file)
index b6189f9..0000000
Binary files a/html/html/images/flags/fk.png and /dev/null differ

diff --git a/html/html/images/flags/fm.png b/html/html/images/flags/fm.png
deleted file mode 100644 (file)
index 7302d22..0000000
Binary files a/html/html/images/flags/fm.png and /dev/null differ

diff --git a/html/html/images/flags/fo.png b/html/html/images/flags/fo.png
deleted file mode 100644 (file)
index 6bb5557..0000000
Binary files a/html/html/images/flags/fo.png and /dev/null differ

diff --git a/html/html/images/flags/fr.png b/html/html/images/flags/fr.png
deleted file mode 100644 (file)
index bfd4a21..0000000
Binary files a/html/html/images/flags/fr.png and /dev/null differ

diff --git a/html/html/images/flags/ga.png b/html/html/images/flags/ga.png
deleted file mode 100644 (file)
index 18eed1a..0000000
Binary files a/html/html/images/flags/ga.png and /dev/null differ

diff --git a/html/html/images/flags/gb.png b/html/html/images/flags/gb.png
deleted file mode 100644 (file)
index db134f1..0000000
Binary files a/html/html/images/flags/gb.png and /dev/null differ

diff --git a/html/html/images/flags/gd.png b/html/html/images/flags/gd.png
deleted file mode 100644 (file)
index bde8e2e..0000000
Binary files a/html/html/images/flags/gd.png and /dev/null differ

diff --git a/html/html/images/flags/ge.png b/html/html/images/flags/ge.png
deleted file mode 100644 (file)
index cf5a612..0000000
Binary files a/html/html/images/flags/ge.png and /dev/null differ

diff --git a/html/html/images/flags/gf.png b/html/html/images/flags/gf.png
deleted file mode 100644 (file)
index df12fb4..0000000
Binary files a/html/html/images/flags/gf.png and /dev/null differ

diff --git a/html/html/images/flags/gh.png b/html/html/images/flags/gh.png
deleted file mode 100644 (file)
index e47b266..0000000
Binary files a/html/html/images/flags/gh.png and /dev/null differ

diff --git a/html/html/images/flags/gi.png b/html/html/images/flags/gi.png
deleted file mode 100644 (file)
index d3f23b3..0000000
Binary files a/html/html/images/flags/gi.png and /dev/null differ

diff --git a/html/html/images/flags/gl.png b/html/html/images/flags/gl.png
deleted file mode 100644 (file)
index 565c7a1..0000000
Binary files a/html/html/images/flags/gl.png and /dev/null differ

diff --git a/html/html/images/flags/gm.png b/html/html/images/flags/gm.png
deleted file mode 100644 (file)
index cdecab3..0000000
Binary files a/html/html/images/flags/gm.png and /dev/null differ

diff --git a/html/html/images/flags/gn.png b/html/html/images/flags/gn.png
deleted file mode 100644 (file)
index 56db38e..0000000
Binary files a/html/html/images/flags/gn.png and /dev/null differ

diff --git a/html/html/images/flags/gp.png b/html/html/images/flags/gp.png
deleted file mode 100644 (file)
index d7fbdfc..0000000
Binary files a/html/html/images/flags/gp.png and /dev/null differ

diff --git a/html/html/images/flags/gq.png b/html/html/images/flags/gq.png
deleted file mode 100644 (file)
index 71496cd..0000000
Binary files a/html/html/images/flags/gq.png and /dev/null differ

diff --git a/html/html/images/flags/gr.png b/html/html/images/flags/gr.png
deleted file mode 100644 (file)
index cf10a25..0000000
Binary files a/html/html/images/flags/gr.png and /dev/null differ

diff --git a/html/html/images/flags/gs.png b/html/html/images/flags/gs.png
deleted file mode 100644 (file)
index 6fd7edf..0000000
Binary files a/html/html/images/flags/gs.png and /dev/null differ

diff --git a/html/html/images/flags/gt.png b/html/html/images/flags/gt.png
deleted file mode 100644 (file)
index 2be4460..0000000
Binary files a/html/html/images/flags/gt.png and /dev/null differ

diff --git a/html/html/images/flags/gu.png b/html/html/images/flags/gu.png
deleted file mode 100644 (file)
index 2e6f0e0..0000000
Binary files a/html/html/images/flags/gu.png and /dev/null differ

diff --git a/html/html/images/flags/gw.png b/html/html/images/flags/gw.png
deleted file mode 100644 (file)
index ae52ec3..0000000
Binary files a/html/html/images/flags/gw.png and /dev/null differ

diff --git a/html/html/images/flags/gy.png b/html/html/images/flags/gy.png
deleted file mode 100644 (file)
index 1b20de4..0000000
Binary files a/html/html/images/flags/gy.png and /dev/null differ

diff --git a/html/html/images/flags/hk.png b/html/html/images/flags/hk.png
deleted file mode 100644 (file)
index d5435b6..0000000
Binary files a/html/html/images/flags/hk.png and /dev/null differ

diff --git a/html/html/images/flags/hm.png b/html/html/images/flags/hm.png
deleted file mode 100644 (file)
index ec0d223..0000000
Binary files a/html/html/images/flags/hm.png and /dev/null differ

diff --git a/html/html/images/flags/hn.png b/html/html/images/flags/hn.png
deleted file mode 100644 (file)
index 56e0b02..0000000
Binary files a/html/html/images/flags/hn.png and /dev/null differ

diff --git a/html/html/images/flags/hr.png b/html/html/images/flags/hr.png
deleted file mode 100644 (file)
index bd133ba..0000000
Binary files a/html/html/images/flags/hr.png and /dev/null differ

diff --git a/html/html/images/flags/ht.png b/html/html/images/flags/ht.png
deleted file mode 100644 (file)
index a982940..0000000
Binary files a/html/html/images/flags/ht.png and /dev/null differ

diff --git a/html/html/images/flags/hu.png b/html/html/images/flags/hu.png
deleted file mode 100644 (file)
index fd76de3..0000000
Binary files a/html/html/images/flags/hu.png and /dev/null differ

diff --git a/html/html/images/flags/id.png b/html/html/images/flags/id.png
deleted file mode 100644 (file)
index cf72330..0000000
Binary files a/html/html/images/flags/id.png and /dev/null differ

diff --git a/html/html/images/flags/ie.png b/html/html/images/flags/ie.png
deleted file mode 100644 (file)
index ddbbc74..0000000
Binary files a/html/html/images/flags/ie.png and /dev/null differ

diff --git a/html/html/images/flags/il.png b/html/html/images/flags/il.png
deleted file mode 100644 (file)
index 52dc8d3..0000000
Binary files a/html/html/images/flags/il.png and /dev/null differ

diff --git a/html/html/images/flags/in.png b/html/html/images/flags/in.png
deleted file mode 100644 (file)
index 771f217..0000000
Binary files a/html/html/images/flags/in.png and /dev/null differ

diff --git a/html/html/images/flags/io.png b/html/html/images/flags/io.png
deleted file mode 100644 (file)
index 96bc118..0000000
Binary files a/html/html/images/flags/io.png and /dev/null differ

diff --git a/html/html/images/flags/iq.png b/html/html/images/flags/iq.png
deleted file mode 100644 (file)
index 3097303..0000000
Binary files a/html/html/images/flags/iq.png and /dev/null differ

diff --git a/html/html/images/flags/ir.png b/html/html/images/flags/ir.png
deleted file mode 100644 (file)
index 395b28a..0000000
Binary files a/html/html/images/flags/ir.png and /dev/null differ

diff --git a/html/html/images/flags/is.png b/html/html/images/flags/is.png
deleted file mode 100644 (file)
index ea1c493..0000000
Binary files a/html/html/images/flags/is.png and /dev/null differ

diff --git a/html/html/images/flags/it.png b/html/html/images/flags/it.png
deleted file mode 100644 (file)
index de7427b..0000000
Binary files a/html/html/images/flags/it.png and /dev/null differ

diff --git a/html/html/images/flags/jm.png b/html/html/images/flags/jm.png
deleted file mode 100644 (file)
index 2a8a899..0000000
Binary files a/html/html/images/flags/jm.png and /dev/null differ

diff --git a/html/html/images/flags/jo.png b/html/html/images/flags/jo.png
deleted file mode 100644 (file)
index dbdca50..0000000
Binary files a/html/html/images/flags/jo.png and /dev/null differ

diff --git a/html/html/images/flags/jp.png b/html/html/images/flags/jp.png
deleted file mode 100644 (file)
index 5e342fd..0000000
Binary files a/html/html/images/flags/jp.png and /dev/null differ

diff --git a/html/html/images/flags/ke.png b/html/html/images/flags/ke.png
deleted file mode 100644 (file)
index d55331a..0000000
Binary files a/html/html/images/flags/ke.png and /dev/null differ

diff --git a/html/html/images/flags/kg.png b/html/html/images/flags/kg.png
deleted file mode 100644 (file)
index 230b1f6..0000000
Binary files a/html/html/images/flags/kg.png and /dev/null differ

diff --git a/html/html/images/flags/kh.png b/html/html/images/flags/kh.png
deleted file mode 100644 (file)
index 2ad8e35..0000000
Binary files a/html/html/images/flags/kh.png and /dev/null differ

diff --git a/html/html/images/flags/ki.png b/html/html/images/flags/ki.png
deleted file mode 100644 (file)
index 244104a..0000000
Binary files a/html/html/images/flags/ki.png and /dev/null differ

diff --git a/html/html/images/flags/km.png b/html/html/images/flags/km.png
deleted file mode 100644 (file)
index eb69544..0000000
Binary files a/html/html/images/flags/km.png and /dev/null differ

diff --git a/html/html/images/flags/kn.png b/html/html/images/flags/kn.png
deleted file mode 100644 (file)
index 3ce4018..0000000
Binary files a/html/html/images/flags/kn.png and /dev/null differ

diff --git a/html/html/images/flags/kp.png b/html/html/images/flags/kp.png
deleted file mode 100644 (file)
index f53c71a..0000000
Binary files a/html/html/images/flags/kp.png and /dev/null differ

diff --git a/html/html/images/flags/kr.png b/html/html/images/flags/kr.png
deleted file mode 100644 (file)
index 2b4e7b9..0000000
Binary files a/html/html/images/flags/kr.png and /dev/null differ

diff --git a/html/html/images/flags/kw.png b/html/html/images/flags/kw.png
deleted file mode 100644 (file)
index 19c8dc2..0000000
Binary files a/html/html/images/flags/kw.png and /dev/null differ

diff --git a/html/html/images/flags/ky.png b/html/html/images/flags/ky.png
deleted file mode 100644 (file)
index fa5ba07..0000000
Binary files a/html/html/images/flags/ky.png and /dev/null differ

diff --git a/html/html/images/flags/kz.png b/html/html/images/flags/kz.png
deleted file mode 100644 (file)
index f90f0ef..0000000
Binary files a/html/html/images/flags/kz.png and /dev/null differ

diff --git a/html/html/images/flags/la.png b/html/html/images/flags/la.png
deleted file mode 100644 (file)
index c3e9154..0000000
Binary files a/html/html/images/flags/la.png and /dev/null differ

diff --git a/html/html/images/flags/lb.png b/html/html/images/flags/lb.png
deleted file mode 100644 (file)
index e18a577..0000000
Binary files a/html/html/images/flags/lb.png and /dev/null differ

diff --git a/html/html/images/flags/lc.png b/html/html/images/flags/lc.png
deleted file mode 100644 (file)
index 78c606f..0000000
Binary files a/html/html/images/flags/lc.png and /dev/null differ

diff --git a/html/html/images/flags/li.png b/html/html/images/flags/li.png
deleted file mode 100644 (file)
index e991d1f..0000000
Binary files a/html/html/images/flags/li.png and /dev/null differ

diff --git a/html/html/images/flags/lk.png b/html/html/images/flags/lk.png
deleted file mode 100644 (file)
index f9e227f..0000000
Binary files a/html/html/images/flags/lk.png and /dev/null differ

diff --git a/html/html/images/flags/lr.png b/html/html/images/flags/lr.png
deleted file mode 100644 (file)
index 1c826c8..0000000
Binary files a/html/html/images/flags/lr.png and /dev/null differ

diff --git a/html/html/images/flags/ls.png b/html/html/images/flags/ls.png
deleted file mode 100644 (file)
index bd78c5b..0000000
Binary files a/html/html/images/flags/ls.png and /dev/null differ

diff --git a/html/html/images/flags/lt.png b/html/html/images/flags/lt.png
deleted file mode 100644 (file)
index 212d16b..0000000
Binary files a/html/html/images/flags/lt.png and /dev/null differ

diff --git a/html/html/images/flags/lu.png b/html/html/images/flags/lu.png
deleted file mode 100644 (file)
index 7182373..0000000
Binary files a/html/html/images/flags/lu.png and /dev/null differ

diff --git a/html/html/images/flags/lv.png b/html/html/images/flags/lv.png
deleted file mode 100644 (file)
index fa94bb2..0000000
Binary files a/html/html/images/flags/lv.png and /dev/null differ

diff --git a/html/html/images/flags/ly.png b/html/html/images/flags/ly.png
deleted file mode 100644 (file)
index 7afd8a6..0000000
Binary files a/html/html/images/flags/ly.png and /dev/null differ

diff --git a/html/html/images/flags/ma.png b/html/html/images/flags/ma.png
deleted file mode 100644 (file)
index 05448bf..0000000
Binary files a/html/html/images/flags/ma.png and /dev/null differ

diff --git a/html/html/images/flags/mc.png b/html/html/images/flags/mc.png
deleted file mode 100644 (file)
index c6f5809..0000000
Binary files a/html/html/images/flags/mc.png and /dev/null differ

diff --git a/html/html/images/flags/md.png b/html/html/images/flags/md.png
deleted file mode 100644 (file)
index e100650..0000000
Binary files a/html/html/images/flags/md.png and /dev/null differ

diff --git a/html/html/images/flags/mg.png b/html/html/images/flags/mg.png
deleted file mode 100644 (file)
index 080b0d4..0000000
Binary files a/html/html/images/flags/mg.png and /dev/null differ

diff --git a/html/html/images/flags/mh.png b/html/html/images/flags/mh.png
deleted file mode 100644 (file)
index 132ad60..0000000
Binary files a/html/html/images/flags/mh.png and /dev/null differ

diff --git a/html/html/images/flags/mk.png b/html/html/images/flags/mk.png
deleted file mode 100644 (file)
index acf5e44..0000000
Binary files a/html/html/images/flags/mk.png and /dev/null differ

diff --git a/html/html/images/flags/ml.png b/html/html/images/flags/ml.png
deleted file mode 100644 (file)
index cf0412f..0000000
Binary files a/html/html/images/flags/ml.png and /dev/null differ

diff --git a/html/html/images/flags/mm.png b/html/html/images/flags/mm.png
deleted file mode 100644 (file)
index 6467831..0000000
Binary files a/html/html/images/flags/mm.png and /dev/null differ

diff --git a/html/html/images/flags/mn.png b/html/html/images/flags/mn.png
deleted file mode 100644 (file)
index 81f355b..0000000
Binary files a/html/html/images/flags/mn.png and /dev/null differ

diff --git a/html/html/images/flags/mo.png b/html/html/images/flags/mo.png
deleted file mode 100644 (file)
index 8a033f3..0000000
Binary files a/html/html/images/flags/mo.png and /dev/null differ

diff --git a/html/html/images/flags/mp.png b/html/html/images/flags/mp.png
deleted file mode 100644 (file)
index 1bf8975..0000000
Binary files a/html/html/images/flags/mp.png and /dev/null differ

diff --git a/html/html/images/flags/mq.png b/html/html/images/flags/mq.png
deleted file mode 100644 (file)
index 00a8cc4..0000000
Binary files a/html/html/images/flags/mq.png and /dev/null differ

diff --git a/html/html/images/flags/mr.png b/html/html/images/flags/mr.png
deleted file mode 100644 (file)
index 5c40c89..0000000
Binary files a/html/html/images/flags/mr.png and /dev/null differ

diff --git a/html/html/images/flags/ms.png b/html/html/images/flags/ms.png
deleted file mode 100644 (file)
index 82dfd87..0000000
Binary files a/html/html/images/flags/ms.png and /dev/null differ

diff --git a/html/html/images/flags/mt.png b/html/html/images/flags/mt.png
deleted file mode 100644 (file)
index df86154..0000000
Binary files a/html/html/images/flags/mt.png and /dev/null differ

diff --git a/html/html/images/flags/mu.png b/html/html/images/flags/mu.png
deleted file mode 100644 (file)
index b146f38..0000000
Binary files a/html/html/images/flags/mu.png and /dev/null differ

diff --git a/html/html/images/flags/mv.png b/html/html/images/flags/mv.png
deleted file mode 100644 (file)
index 9d8704b..0000000
Binary files a/html/html/images/flags/mv.png and /dev/null differ

diff --git a/html/html/images/flags/mw.png b/html/html/images/flags/mw.png
deleted file mode 100644 (file)
index ddbe257..0000000
Binary files a/html/html/images/flags/mw.png and /dev/null differ

diff --git a/html/html/images/flags/mx.png b/html/html/images/flags/mx.png
deleted file mode 100644 (file)
index d69e87f..0000000
Binary files a/html/html/images/flags/mx.png and /dev/null differ

diff --git a/html/html/images/flags/my.png b/html/html/images/flags/my.png
deleted file mode 100644 (file)
index 54534e9..0000000
Binary files a/html/html/images/flags/my.png and /dev/null differ

diff --git a/html/html/images/flags/mz.png b/html/html/images/flags/mz.png
deleted file mode 100644 (file)
index bc3cf9b..0000000
Binary files a/html/html/images/flags/mz.png and /dev/null differ

diff --git a/html/html/images/flags/na.png b/html/html/images/flags/na.png
deleted file mode 100644 (file)
index f44ed28..0000000
Binary files a/html/html/images/flags/na.png and /dev/null differ

diff --git a/html/html/images/flags/nc.png b/html/html/images/flags/nc.png
deleted file mode 100644 (file)
index ee025d7..0000000
Binary files a/html/html/images/flags/nc.png and /dev/null differ

diff --git a/html/html/images/flags/ne.png b/html/html/images/flags/ne.png
deleted file mode 100644 (file)
index aeb771d..0000000
Binary files a/html/html/images/flags/ne.png and /dev/null differ

diff --git a/html/html/images/flags/nf.png b/html/html/images/flags/nf.png
deleted file mode 100644 (file)
index 2f9ae94..0000000
Binary files a/html/html/images/flags/nf.png and /dev/null differ

diff --git a/html/html/images/flags/ng.png b/html/html/images/flags/ng.png
deleted file mode 100644 (file)
index cc4dcd1..0000000
Binary files a/html/html/images/flags/ng.png and /dev/null differ

diff --git a/html/html/images/flags/ni.png b/html/html/images/flags/ni.png
deleted file mode 100644 (file)
index f679bf2..0000000
Binary files a/html/html/images/flags/ni.png and /dev/null differ

diff --git a/html/html/images/flags/nl.png b/html/html/images/flags/nl.png
deleted file mode 100644 (file)
index b0e12c2..0000000
Binary files a/html/html/images/flags/nl.png and /dev/null differ

diff --git a/html/html/images/flags/no.png b/html/html/images/flags/no.png
deleted file mode 100644 (file)
index de11ab7..0000000
Binary files a/html/html/images/flags/no.png and /dev/null differ

diff --git a/html/html/images/flags/np.png b/html/html/images/flags/np.png
deleted file mode 100644 (file)
index eb365c9..0000000
Binary files a/html/html/images/flags/np.png and /dev/null differ

diff --git a/html/html/images/flags/nr.png b/html/html/images/flags/nr.png
deleted file mode 100644 (file)
index 12f0cfe..0000000
Binary files a/html/html/images/flags/nr.png and /dev/null differ

diff --git a/html/html/images/flags/nu.png b/html/html/images/flags/nu.png
deleted file mode 100644 (file)
index 99ce198..0000000
Binary files a/html/html/images/flags/nu.png and /dev/null differ

diff --git a/html/html/images/flags/nz.png b/html/html/images/flags/nz.png
deleted file mode 100644 (file)
index c50ae5f..0000000
Binary files a/html/html/images/flags/nz.png and /dev/null differ

diff --git a/html/html/images/flags/om.png b/html/html/images/flags/om.png
deleted file mode 100644 (file)
index 0076b11..0000000
Binary files a/html/html/images/flags/om.png and /dev/null differ

diff --git a/html/html/images/flags/pa.png b/html/html/images/flags/pa.png
deleted file mode 100644 (file)
index ea4adb2..0000000
Binary files a/html/html/images/flags/pa.png and /dev/null differ

diff --git a/html/html/images/flags/pe.png b/html/html/images/flags/pe.png
deleted file mode 100644 (file)
index 38563b8..0000000
Binary files a/html/html/images/flags/pe.png and /dev/null differ

diff --git a/html/html/images/flags/pf.png b/html/html/images/flags/pf.png
deleted file mode 100644 (file)
index 832a5da..0000000
Binary files a/html/html/images/flags/pf.png and /dev/null differ

diff --git a/html/html/images/flags/pg.png b/html/html/images/flags/pg.png
deleted file mode 100644 (file)
index 96da94f..0000000
Binary files a/html/html/images/flags/pg.png and /dev/null differ

diff --git a/html/html/images/flags/ph.png b/html/html/images/flags/ph.png
deleted file mode 100644 (file)
index c8868b6..0000000
Binary files a/html/html/images/flags/ph.png and /dev/null differ

diff --git a/html/html/images/flags/pk.png b/html/html/images/flags/pk.png
deleted file mode 100644 (file)
index d86edf1..0000000
Binary files a/html/html/images/flags/pk.png and /dev/null differ

diff --git a/html/html/images/flags/pl.png b/html/html/images/flags/pl.png
deleted file mode 100644 (file)
index 251ee0a..0000000
Binary files a/html/html/images/flags/pl.png and /dev/null differ

diff --git a/html/html/images/flags/pm.png b/html/html/images/flags/pm.png
deleted file mode 100644 (file)
index 3d23d0e..0000000
Binary files a/html/html/images/flags/pm.png and /dev/null differ

diff --git a/html/html/images/flags/pn.png b/html/html/images/flags/pn.png
deleted file mode 100644 (file)
index b39911c..0000000
Binary files a/html/html/images/flags/pn.png and /dev/null differ

diff --git a/html/html/images/flags/pr.png b/html/html/images/flags/pr.png
deleted file mode 100644 (file)
index 2877e34..0000000
Binary files a/html/html/images/flags/pr.png and /dev/null differ

diff --git a/html/html/images/flags/ps.png b/html/html/images/flags/ps.png
deleted file mode 100644 (file)
index 7080b85..0000000
Binary files a/html/html/images/flags/ps.png and /dev/null differ

diff --git a/html/html/images/flags/pt.png b/html/html/images/flags/pt.png
deleted file mode 100644 (file)
index c61d7ca..0000000
Binary files a/html/html/images/flags/pt.png and /dev/null differ

diff --git a/html/html/images/flags/pw.png b/html/html/images/flags/pw.png
deleted file mode 100644 (file)
index 063d17f..0000000
Binary files a/html/html/images/flags/pw.png and /dev/null differ

diff --git a/html/html/images/flags/py.png b/html/html/images/flags/py.png
deleted file mode 100644 (file)
index 7bc1c87..0000000
Binary files a/html/html/images/flags/py.png and /dev/null differ

diff --git a/html/html/images/flags/qa.png b/html/html/images/flags/qa.png
deleted file mode 100644 (file)
index 9619da6..0000000
Binary files a/html/html/images/flags/qa.png and /dev/null differ

diff --git a/html/html/images/flags/re.png b/html/html/images/flags/re.png
deleted file mode 100644 (file)
index 422ee9d..0000000
Binary files a/html/html/images/flags/re.png and /dev/null differ

diff --git a/html/html/images/flags/ro.png b/html/html/images/flags/ro.png
deleted file mode 100644 (file)
index 7f72dd8..0000000
Binary files a/html/html/images/flags/ro.png and /dev/null differ

diff --git a/html/html/images/flags/ru.png b/html/html/images/flags/ru.png
deleted file mode 100644 (file)
index c76f646..0000000
Binary files a/html/html/images/flags/ru.png and /dev/null differ

diff --git a/html/html/images/flags/rw.png b/html/html/images/flags/rw.png
deleted file mode 100644 (file)
index b05833b..0000000
Binary files a/html/html/images/flags/rw.png and /dev/null differ

diff --git a/html/html/images/flags/sa.png b/html/html/images/flags/sa.png
deleted file mode 100644 (file)
index 1771430..0000000
Binary files a/html/html/images/flags/sa.png and /dev/null differ

diff --git a/html/html/images/flags/sb.png b/html/html/images/flags/sb.png
deleted file mode 100644 (file)
index e1ca39b..0000000
Binary files a/html/html/images/flags/sb.png and /dev/null differ

diff --git a/html/html/images/flags/sc.png b/html/html/images/flags/sc.png
deleted file mode 100644 (file)
index 0d42691..0000000
Binary files a/html/html/images/flags/sc.png and /dev/null differ

diff --git a/html/html/images/flags/sd.png b/html/html/images/flags/sd.png
deleted file mode 100644 (file)
index d9a8e94..0000000
Binary files a/html/html/images/flags/sd.png and /dev/null differ

diff --git a/html/html/images/flags/se.png b/html/html/images/flags/se.png
deleted file mode 100644 (file)
index 56f8579..0000000
Binary files a/html/html/images/flags/se.png and /dev/null differ

diff --git a/html/html/images/flags/sg.png b/html/html/images/flags/sg.png
deleted file mode 100644 (file)
index debeda7..0000000
Binary files a/html/html/images/flags/sg.png and /dev/null differ

diff --git a/html/html/images/flags/sh.png b/html/html/images/flags/sh.png
deleted file mode 100644 (file)
index 070cd3b..0000000
Binary files a/html/html/images/flags/sh.png and /dev/null differ

diff --git a/html/html/images/flags/si.png b/html/html/images/flags/si.png
deleted file mode 100644 (file)
index a8525d4..0000000
Binary files a/html/html/images/flags/si.png and /dev/null differ

diff --git a/html/html/images/flags/sj.png b/html/html/images/flags/sj.png
deleted file mode 100644 (file)
index 2b44b90..0000000
Binary files a/html/html/images/flags/sj.png and /dev/null differ

diff --git a/html/html/images/flags/sk.png b/html/html/images/flags/sk.png
deleted file mode 100644 (file)
index 9477a58..0000000
Binary files a/html/html/images/flags/sk.png and /dev/null differ

diff --git a/html/html/images/flags/sl.png b/html/html/images/flags/sl.png
deleted file mode 100644 (file)
index 9178f63..0000000
Binary files a/html/html/images/flags/sl.png and /dev/null differ

diff --git a/html/html/images/flags/sm.png b/html/html/images/flags/sm.png
deleted file mode 100644 (file)
index 9dc99fa..0000000
Binary files a/html/html/images/flags/sm.png and /dev/null differ

diff --git a/html/html/images/flags/sn.png b/html/html/images/flags/sn.png
deleted file mode 100644 (file)
index 0f0e66c..0000000
Binary files a/html/html/images/flags/sn.png and /dev/null differ

diff --git a/html/html/images/flags/so.png b/html/html/images/flags/so.png
deleted file mode 100644 (file)
index 680bfc2..0000000
Binary files a/html/html/images/flags/so.png and /dev/null differ

diff --git a/html/html/images/flags/sr.png b/html/html/images/flags/sr.png
deleted file mode 100644 (file)
index 339bbb6..0000000
Binary files a/html/html/images/flags/sr.png and /dev/null differ

diff --git a/html/html/images/flags/st.png b/html/html/images/flags/st.png
deleted file mode 100644 (file)
index 3b6db16..0000000
Binary files a/html/html/images/flags/st.png and /dev/null differ

diff --git a/html/html/images/flags/sv.png b/html/html/images/flags/sv.png
deleted file mode 100644 (file)
index d71be3e..0000000
Binary files a/html/html/images/flags/sv.png and /dev/null differ

diff --git a/html/html/images/flags/sy.png b/html/html/images/flags/sy.png
deleted file mode 100644 (file)
index 5b350b7..0000000
Binary files a/html/html/images/flags/sy.png and /dev/null differ

diff --git a/html/html/images/flags/sz.png b/html/html/images/flags/sz.png
deleted file mode 100644 (file)
index 48deaaf..0000000
Binary files a/html/html/images/flags/sz.png and /dev/null differ

diff --git a/html/html/images/flags/tc.png b/html/html/images/flags/tc.png
deleted file mode 100644 (file)
index 6e164c3..0000000
Binary files a/html/html/images/flags/tc.png and /dev/null differ

diff --git a/html/html/images/flags/td.png b/html/html/images/flags/td.png
deleted file mode 100644 (file)
index 0fb0e32..0000000
Binary files a/html/html/images/flags/td.png and /dev/null differ

diff --git a/html/html/images/flags/tf.png b/html/html/images/flags/tf.png
deleted file mode 100644 (file)
index d986c06..0000000
Binary files a/html/html/images/flags/tf.png and /dev/null differ

diff --git a/html/html/images/flags/tg.png b/html/html/images/flags/tg.png
deleted file mode 100644 (file)
index 354772f..0000000
Binary files a/html/html/images/flags/tg.png and /dev/null differ

diff --git a/html/html/images/flags/th.png b/html/html/images/flags/th.png
deleted file mode 100644 (file)
index 88e94a0..0000000
Binary files a/html/html/images/flags/th.png and /dev/null differ

diff --git a/html/html/images/flags/tj.png b/html/html/images/flags/tj.png
deleted file mode 100644 (file)
index dd802f0..0000000
Binary files a/html/html/images/flags/tj.png and /dev/null differ

diff --git a/html/html/images/flags/tk.png b/html/html/images/flags/tk.png
deleted file mode 100644 (file)
index 233a7af..0000000
Binary files a/html/html/images/flags/tk.png and /dev/null differ

diff --git a/html/html/images/flags/tl.png b/html/html/images/flags/tl.png
deleted file mode 100644 (file)
index 2216921..0000000
Binary files a/html/html/images/flags/tl.png and /dev/null differ

diff --git a/html/html/images/flags/tm.png b/html/html/images/flags/tm.png
deleted file mode 100644 (file)
index efc4867..0000000
Binary files a/html/html/images/flags/tm.png and /dev/null differ

diff --git a/html/html/images/flags/tn.png b/html/html/images/flags/tn.png
deleted file mode 100644 (file)
index 7dc6df9..0000000
Binary files a/html/html/images/flags/tn.png and /dev/null differ

diff --git a/html/html/images/flags/to.png b/html/html/images/flags/to.png
deleted file mode 100644 (file)
index 27df6fd..0000000
Binary files a/html/html/images/flags/to.png and /dev/null differ

diff --git a/html/html/images/flags/tp.png b/html/html/images/flags/tp.png
deleted file mode 100644 (file)
index f612ed8..0000000
Binary files a/html/html/images/flags/tp.png and /dev/null differ

diff --git a/html/html/images/flags/tr.png b/html/html/images/flags/tr.png
deleted file mode 100644 (file)
index ca88f97..0000000
Binary files a/html/html/images/flags/tr.png and /dev/null differ

diff --git a/html/html/images/flags/tt.png b/html/html/images/flags/tt.png
deleted file mode 100644 (file)
index 37d38fe..0000000
Binary files a/html/html/images/flags/tt.png and /dev/null differ

diff --git a/html/html/images/flags/tv.png b/html/html/images/flags/tv.png
deleted file mode 100644 (file)
index b86f1bc..0000000
Binary files a/html/html/images/flags/tv.png and /dev/null differ

diff --git a/html/html/images/flags/tw.png b/html/html/images/flags/tw.png
deleted file mode 100644 (file)
index 85eb1ff..0000000
Binary files a/html/html/images/flags/tw.png and /dev/null differ

diff --git a/html/html/images/flags/tz.png b/html/html/images/flags/tz.png
deleted file mode 100644 (file)
index 2b0880a..0000000
Binary files a/html/html/images/flags/tz.png and /dev/null differ

diff --git a/html/html/images/flags/ua.png b/html/html/images/flags/ua.png
deleted file mode 100644 (file)
index 46b0aaf..0000000
Binary files a/html/html/images/flags/ua.png and /dev/null differ

diff --git a/html/html/images/flags/ug.png b/html/html/images/flags/ug.png
deleted file mode 100644 (file)
index 22dd07f..0000000
Binary files a/html/html/images/flags/ug.png and /dev/null differ

diff --git a/html/html/images/flags/um.png b/html/html/images/flags/um.png
deleted file mode 100644 (file)
index e959d31..0000000
Binary files a/html/html/images/flags/um.png and /dev/null differ

diff --git a/html/html/images/flags/us.png b/html/html/images/flags/us.png
deleted file mode 100644 (file)
index cebf562..0000000
Binary files a/html/html/images/flags/us.png and /dev/null differ

diff --git a/html/html/images/flags/uy.png b/html/html/images/flags/uy.png
deleted file mode 100644 (file)
index 3aed8f7..0000000
Binary files a/html/html/images/flags/uy.png and /dev/null differ

diff --git a/html/html/images/flags/uz.png b/html/html/images/flags/uz.png
deleted file mode 100644 (file)
index 1c9ca15..0000000
Binary files a/html/html/images/flags/uz.png and /dev/null differ

diff --git a/html/html/images/flags/va.png b/html/html/images/flags/va.png
deleted file mode 100644 (file)
index fd3984b..0000000
Binary files a/html/html/images/flags/va.png and /dev/null differ

diff --git a/html/html/images/flags/vc.png b/html/html/images/flags/vc.png
deleted file mode 100644 (file)
index 230ef4c..0000000
Binary files a/html/html/images/flags/vc.png and /dev/null differ

diff --git a/html/html/images/flags/ve.png b/html/html/images/flags/ve.png
deleted file mode 100644 (file)
index 292db90..0000000
Binary files a/html/html/images/flags/ve.png and /dev/null differ

diff --git a/html/html/images/flags/vg.png b/html/html/images/flags/vg.png
deleted file mode 100644 (file)
index 5c0acd3..0000000
Binary files a/html/html/images/flags/vg.png and /dev/null differ

diff --git a/html/html/images/flags/vi.png b/html/html/images/flags/vi.png
deleted file mode 100644 (file)
index a9a9c6b..0000000
Binary files a/html/html/images/flags/vi.png and /dev/null differ

diff --git a/html/html/images/flags/vn.png b/html/html/images/flags/vn.png
deleted file mode 100644 (file)
index 20ef1c2..0000000
Binary files a/html/html/images/flags/vn.png and /dev/null differ

diff --git a/html/html/images/flags/vu.png b/html/html/images/flags/vu.png
deleted file mode 100644 (file)
index 0ce47d0..0000000
Binary files a/html/html/images/flags/vu.png and /dev/null differ

diff --git a/html/html/images/flags/wf.png b/html/html/images/flags/wf.png
deleted file mode 100644 (file)
index 98cf4f5..0000000
Binary files a/html/html/images/flags/wf.png and /dev/null differ

diff --git a/html/html/images/flags/ws.png b/html/html/images/flags/ws.png
deleted file mode 100644 (file)
index 9d8cc2c..0000000
Binary files a/html/html/images/flags/ws.png and /dev/null differ

diff --git a/html/html/images/flags/ye.png b/html/html/images/flags/ye.png
deleted file mode 100644 (file)
index 09199ca..0000000
Binary files a/html/html/images/flags/ye.png and /dev/null differ

diff --git a/html/html/images/flags/yt.png b/html/html/images/flags/yt.png
deleted file mode 100644 (file)
index 2fdd8d4..0000000
Binary files a/html/html/images/flags/yt.png and /dev/null differ

diff --git a/html/html/images/flags/yu.png b/html/html/images/flags/yu.png
deleted file mode 100644 (file)
index 0560483..0000000
Binary files a/html/html/images/flags/yu.png and /dev/null differ

diff --git a/html/html/images/flags/za.png b/html/html/images/flags/za.png
deleted file mode 100644 (file)
index 77f4aa5..0000000
Binary files a/html/html/images/flags/za.png and /dev/null differ

diff --git a/html/html/images/flags/zm.png b/html/html/images/flags/zm.png
deleted file mode 100644 (file)
index b053a8d..0000000
Binary files a/html/html/images/flags/zm.png and /dev/null differ

diff --git a/html/html/images/flags/zw.png b/html/html/images/flags/zw.png
deleted file mode 100644 (file)
index 98095df..0000000
Binary files a/html/html/images/flags/zw.png and /dev/null differ

diff --git a/html/html/themes/darkdos/include/style.css b/html/html/themes/darkdos/include/style.css
index e7140cde8818794fbeb7903d6175e1f0a7ac61df..cc4b3c965359f6a047a0dd76cc7a57abd2dfc69b 100644 (file)
--- a/html/html/themes/darkdos/include/style.css
+++ b/html/html/themes/darkdos/include/style.css
@@ -366,6 +366,10 @@ min-width: 2.0em;
 max-width: 2.5em;
 }
 
+table.fw-nat tbody tr td {
+       height: 2.25em;
+}
+
 /* LAYOUT - 3 COLUMNS */
 
        /* Primary content */

diff --git a/html/html/themes/ipfire-legacy/include/style.css b/html/html/themes/ipfire-legacy/include/style.css
index d2c458e51012025594181b91bed960092203e6b0..288a0feeb3ccd0585ee0986b69fc818db7e9abe6 100644 (file)
--- a/html/html/themes/ipfire-legacy/include/style.css
+++ b/html/html/themes/ipfire-legacy/include/style.css
@@ -343,6 +343,10 @@ min-width: 2.0em;
 max-width: 2.5em;
 }
 
+table.fw-nat tbody tr td {
+       height: 2.25em;
+}
+
 /* LAYOUT - 3 COLUMNS */
 
        /* Primary content */

diff --git a/html/html/themes/ipfire/include/css/style.css b/html/html/themes/ipfire/include/css/style.css
index 0e990d68114e74e5a9478aba8b4a8b39b08e3c1b..e0ac3cd1168c9869397f266638acc40aeff5ee01 100644 (file)
--- a/html/html/themes/ipfire/include/css/style.css
+++ b/html/html/themes/ipfire/include/css/style.css
@@ -324,3 +324,7 @@ table {
 .tbl tr:last-child td {
        border-bottom: 1px solid lightgrey;
 }
+
+table.fw-nat tbody tr td {
+       height: 2.25em;
+}

diff --git a/html/html/themes/maniac/include/style.css b/html/html/themes/maniac/include/style.css
index eca34cb850349501cdc01f5dcfee927a117a5695..3cb2741301c5a606cc2fe29ee6dc1682849689fe 100644 (file)
--- a/html/html/themes/maniac/include/style.css
+++ b/html/html/themes/maniac/include/style.css
@@ -372,6 +372,10 @@ min-width: 2.0em;
 max-width: 2.5em;
 }
 
+table.fw-nat tbody tr td {
+       height: 2.25em;
+}
+
 /* LAYOUT - 3 COLUMNS */
 
        /* Primary content */

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index eb29b5fbf257a054dc46a0be89f9145b1f77e446..48ade280a866034f59cf4deca47cd8f6421ec2d7 100644 (file)
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -416,6 +416,7 @@
 'bit' => 'Bit',
 'bitrate' => 'Bitrate',
 'bleeding rules' => 'Bleeding Edge Snort Rules',
+'block' => 'Blocken',
 'blue' => 'BLAU',
 'blue access' => 'Zugriff auf Blau',
 'blue access use hint' => 'Sie müssen mindestens die MAC- oder die IP-Adresse für ein Gerät angeben. Optional können Sie sowohl MAC- als auch IP-Adresse angeben.',
@@ -532,6 +533,7 @@
 'chain' => 'Verknüpfung',
 'change passwords' => 'Passwörter ändern',
 'change share' => 'Freigabeeinstellungen ändern',
+'check all' => 'Alle auswählen',
 'check for net traffic update' => 'Prüfe auf Net-Traffic-Updates',
 'check vpn lr' => 'Überprüfen',
 'choose config' => 'Konfiguration auswählen',
@@ -689,7 +691,7 @@
 'dhcp advopt removed' => 'DHCP Option entfernt',
 'dhcp advopt scope' => 'Options-Wertebereich',
 'dhcp advopt scope global' => 'Global',
-'dhcp advopt scope help' => 'Globaler Bereich oder begenze Bereich auf überprüfte Schnittstellen',
+'dhcp advopt scope help' => 'Globaler Bereich oder begrenze Bereich auf überprüfte Schnittstellen',
 'dhcp advopt unknown' => 'Name der DHCP Option wurde nicht erkannt',
 'dhcp advopt value' => 'Optionswert',
 'dhcp allow bootp' => 'BOOTP Clients zulassen',
@@ -1067,6 +1069,7 @@
 'fwhost OpenVPN static host' => 'OpenVPN statischer Host',
 'fwhost OpenVPN static network' => 'OpenVPN statisches Netzwerk',
 'fwhost Standard Network' => 'Standard-Netzwerk',
+'fwhost addgeoipgrp' => 'Neue GeoIP-Gruppe hinzufügen',
 'fwhost addgrp' => 'Neue Gruppe hinzufügen',
 'fwhost addgrpname' => 'Gruppenname:',
 'fwhost addhost' => 'Neuen Host hinzufügen',
@@ -1082,6 +1085,9 @@
 'fwhost change' => 'Ändern',
 'fwhost changeremark' => 'Es wurde nur die Bemerkung angepasst.',
 'fwhost cust addr' => 'Hosts',
+'fwhost cust geoip' => 'GeoIP-Gruppen',
+'fwhost cust geoipgroup' => 'GeoIP-Gruppen',
+'fwhost cust geoiplocation' => 'GeoIP Ländercodes',
 'fwhost cust grp' => 'Gruppen',
 'fwhost cust net' => 'Netzwerke',
 'fwhost cust service' => 'Dienste',
@@ -1128,6 +1134,7 @@
 'fwhost ipsec net' => 'IPsec-Netzwerke:',
 'fwhost menu' => 'Firewallgruppen',
 'fwhost netaddress' => 'Netzwerkadresse',
+'fwhost newgeoipgrp' => 'GeoIP-Gruppen',
 'fwhost newgrp' => 'Netzwerk-/Hostgruppen',
 'fwhost newhost' => 'Hosts',
 'fwhost newnet' => 'Netzwerke',
@@ -1162,6 +1169,16 @@
 'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.  Auf älterer Hardware kann es mehrere Minuten lang dauern. Bitte haben Sie etwas Geduld.',
 'genkey' => 'PSK erzeugen',
 'genre' => 'Genre',
+'geoip' => 'GeoIP',
+'geoipblock' => 'GeoIP Block',
+'geoipblock block countries' => 'Länderfilter',
+'geoipblock configuration' => 'GeoIP Konfiguration',
+'geoipblock country code' => 'Ländercode',
+'geoipblock country is allowed' => 'Eingehende Verbindungen aus diesem Land sind erlaubt.',
+'geoipblock country is blocked' => 'Eingehende Verbindungen aus diesem Land werden blockiert.',
+'geoipblock country name' => 'Ländername',
+'geoipblock enable feature' => 'GeoIP basierte Filterung aktivieren:',
+'geoipblock flag' => 'Flagge',
 'global settings' => 'Globale Einstellungen',
 'gpl i accept these terms and conditions' => 'Ich akzeptiere diese Bedingungen und Konditionen',
 'gpl license agreement' => 'Lizenz-Vereinbarung',
@@ -1805,6 +1822,9 @@
 'ppp setup' => 'PPP-Einstellungen',
 'pppoe' => 'PPPoE',
 'pppoe settings' => 'Zusätzliche PPPoE-Einstellungen:',
+'pptp netconfig' => 'Eigene Netzkonfiguration',
+'pptp peer' => 'Gegenstelle',
+'pptp route' => 'PPTP-Route',
 'pptp settings' => 'Zusätzliche PPTP-Einstellungen:',
 'pre-shared key is too short' => 'Pre-shared Schlüsel ist zu kurz',
 'prefered master' => 'Prefered Master',
@@ -1933,6 +1953,7 @@
 'save settings' => 'Einstellungen speichern',
 'save-adv-options' => 'Erweiterte Optionen speichern',
 'script name' => 'Skriptname:',
+'search' => 'Suchen',
 'secondary dns' => 'Sekundärer DNS:',
 'secondary ntp server' => 'Sekundärer NTP-Server',
 'secondary wins server address' => 'Sekundäre WINS-Server Adresse',
@@ -2216,6 +2237,9 @@
 'umount removable media before to unplug' => 'Wechselmedien vor dem Entfernen unbedingt abmelden',
 'unable to alter profiles while red is active' => 'Profile können nicht geändert werden, solange ROT aktiv ist.',
 'unable to contact' => 'Kann nicht erreicht werden',
+'unblock' => 'Entblocken',
+'unblock all' => 'Alle entblocken',
+'uncheck all' => 'Alle abwählen',
 'unencrypted' => 'Nicht verschlüsselt',
 'uninstall' => 'Deinstallieren',
 'unix charset' => 'UNIX-Charset',
@@ -2573,6 +2597,8 @@
 'vpn payload compression' => 'Datennutzlast-Kompression aushandeln',
 'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>',
 'vpn remote id' => 'Remote ID',
+'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
+'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
 'vpn subjectaltname' => 'Subjekt Alternativer Name',
 'vpn vhost' => 'Roadwarrior virtuelle IP (manchmal auch Inner-IP genannt)',
 'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 8c049fffa987fa0af6dcceefe0498caf418cc7a8..7964644b78f1bf097b5e3060f6d2f70a026a8559 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -435,6 +435,7 @@
 'bit' => 'bit',
 'bitrate' => 'Bitrate',
 'bleeding rules' => 'Bleeding Edge Snort Rules',
+'block' => 'Block',
 'blue' => 'BLUE',
 'blue access' => 'Blue Access',
 'blue access use hint' => 'You have to enter the MAC or the IP Address for a device. To enter both is also possible',
@@ -550,6 +551,7 @@
 'chain' => 'Chain',
 'change passwords' => 'Change passwords',
 'change share' => 'edit share options',
+'check all' => 'Check all',
 'check for net traffic update' => 'Check for Net-Traffic updates',
 'check vpn lr' => 'Check',
 'choose config' => 'Choose config',
@@ -1094,6 +1096,7 @@
 'fwhost OpenVPN static host' => 'OpenVPN static host',
 'fwhost OpenVPN static network' => 'OpenVPN static network',
 'fwhost Standard Network' => 'Standard network',
+'fwhost addgeoipgrp' => 'Add new GeoIP group',
 'fwhost addgrp' => 'Add new network/host group',
 'fwhost addgrpname' => 'Group name:',
 'fwhost addhost' => 'Add new host',
@@ -1109,6 +1112,9 @@
 'fwhost change' => 'Modify',
 'fwhost changeremark' => 'You modified just the remark',
 'fwhost cust addr' => 'Hosts',
+'fwhost cust geoip' => 'GeoIP Groups',
+'fwhost cust geoipgroup' => 'GeoIP Groups',
+'fwhost cust geoiplocation' => 'GeoIP Locations',
 'fwhost cust grp' => 'Network/Host Groups',
 'fwhost cust net' => 'Networks',
 'fwhost cust service' => 'Services',
@@ -1155,6 +1161,7 @@
 'fwhost ipsec net' => 'IPsec networks:',
 'fwhost menu' => 'Firewall Groups',
 'fwhost netaddress' => 'Network address',
+'fwhost newgeoipgrp' => 'GeoIP Groups',
 'fwhost newgrp' => 'Network/Host Groups',
 'fwhost newhost' => 'Hosts',
 'fwhost newnet' => 'Networks',
@@ -1191,6 +1198,16 @@
 'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Generating the root and host certificates may take a long time.  It can take up to several minutes on older hardware. Please be patient.',
 'genkey' => 'Generate PSK',
 'genre' => 'Genre',
+'geoip' => 'GeoIP',
+'geoipblock' => 'GeoIP Block',
+'geoipblock block countries' => 'Block countries',
+'geoipblock configuration' => 'GeoIP Configuration',
+'geoipblock country code' => 'Country Code',
+'geoipblock country is allowed' => 'Incoming traffic from this country is allowed',
+'geoipblock country is blocked' => 'Incoming traffic from this country will be blocked',
+'geoipblock country name' => 'Country Name',
+'geoipblock enable feature' => 'Enable GeoIP based blocking:',
+'geoipblock flag' => 'Flag',
 'global settings' => 'Global Settings',
 'gpl i accept these terms and conditions' => 'I accept these terms and conditions',
 'gpl license agreement' => 'License Agreement',
@@ -1835,6 +1852,9 @@
 'ppp setup' => 'PPP setup',
 'pppoe' => 'PPPoE',
 'pppoe settings' => 'Additional PPPoE settings:',
+'pptp netconfig' => 'My Net Config',
+'pptp peer' => 'Peer',
+'pptp route' => 'PPTP Route',
 'pptp settings' => 'Additional PPTP settings:',
 'pre-shared key is too short' => 'Pre-shared key is too short.',
 'prefered master' => 'Prefered Master',
@@ -1965,6 +1985,7 @@
 'save settings' => 'Save settings',
 'save-adv-options' => 'Save advanced options',
 'script name' => 'Script name:',
+'search' => 'Search',
 'secondary dns' => 'Secondary DNS:',
 'secondary ntp server' => 'Secondary NTP server',
 'secondary wins server address' => 'Secondary WINS server address',
@@ -2255,6 +2276,9 @@
 'umount removable media before to unplug' => 'Umount removable media before unplugging the device',
 'unable to alter profiles while red is active' => 'Unable to alter profiles while RED is active.',
 'unable to contact' => 'Unable to contact',
+'unblock' => 'Unblock',
+'unblock all' => 'Unblock all',
+'uncheck all' => 'Uncheck all',
 'unencrypted' => 'Unencrypted',
 'uninstall' => 'Uninstall',
 'unix charset' => 'UNIX Charset',
@@ -2615,6 +2639,8 @@
 'vpn payload compression' => 'Negotiate payload compression',
 'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>',
 'vpn remote id' => 'Remote ID',
+'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
+'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
 'vpn subjectaltname' => 'Subject Alt Name',
 'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',

diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index b7c50ff108a9f30e98752aa8d208b13019b7c56d..90f4237fbb87c8c7274d40ec20759d08e6f476b1 100644 (file)
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -866,6 +866,16 @@
 'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Generar los certificador root y host puede tomar mucho tiempo. Puede durar varios minutos en equipos antiguos. Por favor sea paciente.',
 'genkey' => 'Generar PSK',
 'genre' => 'Género',
+'geoip' => 'GeoIP',
+'geoipblock' => 'GeoIP Block',
+'geoipblock block countries' => 'Países bloqueados',
+'geoipblock configuration' => 'Configuración GeoIP',
+'geoipblock country code' => 'Código del País',
+'geoipblock country is allowed' => 'Se permite el tráfico procedente de este País',
+'geoipblock country is blocked' => 'Se deniega el tráfico procedente de este País',
+'geoipblock country name' => 'Nombre del País',
+'geoipblock enable feature' => 'Habilitar bloqueo basado GeoIP:',
+'geoipblock flag' => 'Bandera',
 'global settings' => 'Configuraciones globales',
 'gpl i accept these terms and conditions' => 'I accept these terms and conditions',
 'gpl license agreement' => 'License Agreement',

diff --git a/lfs/Locale-Country b/lfs/Locale-Country
index b2c1455efe75262191cb2a0cf4584e97ed593321..02bf7a026e32e1a7e0292db8f07e43f70423124f 100644 (file)
--- a/lfs/Locale-Country
+++ b/lfs/Locale-Country
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.07
+VER        = 3.33
 
 THISAPP    = Locale-Codes-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = af0537cc4a882096d0320612c440df6d
+$(DL_FILE)_MD5 = bc7496f97889de8504e80addaa0ee40c
 
 install : $(TARGET)
 

diff --git a/lfs/acpid b/lfs/acpid
index ff85e1cb5d36a2371e19bd082c703cdaf64baf38..686fadad1ca80039c131d5cf4a84025cd67229ba 100644 (file)
--- a/lfs/acpid
+++ b/lfs/acpid
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.0.16
+VER        = 2.0.23
 
 THISAPP    = acpid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = d59fc02c9c34f0d5c137495302e2c074
+$(DL_FILE)_MD5 = d7bcdcdefcd53b03730e50ba842554ea
 
 install : $(TARGET)
 

diff --git a/lfs/apache2 b/lfs/apache2
index 5e886254694793fb355db4612de48d8b208d7430..57c344718ae51aadbbf77eb40070c7053d97f1fa 100644 (file)
--- a/lfs/apache2
+++ b/lfs/apache2
@@ -25,17 +25,14 @@
 
 include Config
 
-VER        = 2.2.27
+VER        = 2.2.29
 
 THISAPP    = httpd-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
-ifeq "$(PASS)" "C"
-       TARGET     = $(DIR_INFO)/$(THISAPP)-config
-else
-       TARGET     = $(DIR_INFO)/$(THISAPP)
-endif
+
+TARGET     = $(DIR_INFO)/$(THISAPP)
 
 ###############################################################################
 # Top-level Rules
@@ -47,7 +44,7 @@ objects = $(DL_FILE) \
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 httpd-2.2.2-config-1.patch = $(DL_FROM)/httpd-2.2.2-config-1.patch
 
-$(DL_FILE)_MD5 = 8faef0decf3fa7e69b2568eb2105a3d8
+$(DL_FILE)_MD5 = 579342fdeaa7b8b68d17fee91f8fab6e
 httpd-2.2.2-config-1.patch_MD5 = e02a3ec5925eb9e111400b9aa229f822
 
 install : $(TARGET)
@@ -77,32 +74,6 @@ $(subst %,%_MD5,$(objects)) :
 
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
-ifeq "$(PASS)" "C"
-       # DO THIS IN AN EXTRA STEP BECAUSE PHP AND SUBVERSION WILL FAIL.
-
-       cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
-       ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/
-
-       # Copy all html/cgi-bin files
-       mkdir -p /srv/web/ipfire/{cgi-bin,html}
-       mkdir -p /var/updatecache/{download,metadata}
-       cp -aR $(DIR_SRC)/html/* /srv/web/ipfire
-
-       # Change CONFIG_ROOT in cgi-scripts
-       for i in /srv/web/ipfire/cgi-bin/{*,logs.cgi/*,vpn.cgi/*}; do \
-           if [ -f $$i ]; then \
-               sed -i "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" $$i; \
-           fi; \
-       done
-       chown -R root:root /srv/web/ipfire
-       chmod -R 755 /srv/web/ipfire/cgi-bin
-       chmod -R 644 /srv/web/ipfire/html
-       chmod 755 /srv/web/ipfire/html /srv/web/ipfire/html/{index.cgi,redirect.cgi,dial.cgi,images,include,themes,themes/*,themes/*/*}
-       ln -svf ipfire /srv/web/ipfire/html/themes/ipfire-rounded
-
-       # Reset permissions of redirect templates and theme directories
-       find /srv/web/ipfire/html/{redirect-templates,themes} -type d | xargs chmod -v 755
-else
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && patch -Np1 -i $(DIR_DL)/httpd-2.2.2-config-1.patch
 
@@ -140,6 +111,10 @@ else
            /usr/share/man/man1/{dbmmanage,ht{dbm,digest,passwd,txt2dbm}}.1 \
            /usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \
            /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8
+
+       # Install apache config
+       cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
+       ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/
+
        @rm -rf $(DIR_APP)
-endif
        @$(POSTBUILD)

diff --git a/lfs/asterisk b/lfs/asterisk
index f886225257c6d21e903d7ccb7859e7a4031fd5e9..7575246c50f057e9b521ebdbdc546dd34d6fa65b 100755 (executable)
--- a/lfs/asterisk
+++ b/lfs/asterisk
@@ -20,7 +20,7 @@
 
 include Config
 
-VER        = 11.15.0
+VER        = 11.17.1
 
 THISAPP    = asterisk-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -28,7 +28,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = asterisk
-PAK_VER    = 14
+PAK_VER    = 16
 
 DEPS       = "libsrtp"
 
@@ -46,7 +46,7 @@ asterisk-extra-sounds-en-gsm-1.4.15.tar.gz = $(URL_IPFIRE)/asterisk-extra-sounds
 asterisk-moh-opsound-gsm-2.03.tar.gz = $(URL_IPFIRE)/asterisk-moh-opsound-gsm-2.03.tar.gz
 asterisk-1.4-de-prompts.tar.gz = $(URL_IPFIRE)/asterisk-1.4-de-prompts.tar.gz
 
-$(DL_FILE)_MD5 = 71e8c2e207255f7ef12b81b7f0da30ea
+$(DL_FILE)_MD5 = 2c6cd0f499152d0d5ff32f36e274fc2e
 asterisk-extra-sounds-en-gsm-1.4.15.tar.gz_MD5 = 5099fc65f49008e33ba7fb043a4ec995
 asterisk-moh-opsound-gsm-2.03.tar.gz_MD5 = 09066f55f1358f298bc1a6e4678a3ddf
 asterisk-1.4-de-prompts.tar.gz_MD5 = 626a2b95071a5505851e43874dfbfd5c

diff --git a/lfs/backports b/lfs/backports
index 0eebe818db76d2fdfb745ae1136043bc7a2e3971..59baaccb239e761b505ff79903393b9bdee563e7 100644 (file)
--- a/lfs/backports
+++ b/lfs/backports
@@ -90,6 +90,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/compat-drivers-3.8.3-ath_ignore_eeprom_regdomain.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.22-iwlwifi-noibss_only_on_radar_chan.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.37-rt2800usb_add_dlink_dwa137_usbid.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports-3.18.1-1_rt2x00usb_suppress_queue_warnings.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports-3.18.1-1_add_libertas_uap.patch
 
        # smsc mac address patch for pandaboard and raspberry pi

diff --git a/lfs/clamav b/lfs/clamav
index 2e07ed03449dbe4a5d6df207f1cc6ffd6ec9c85e..5fd8426e3b10e59ca93c63e19e01da0ecb838226 100644 (file)
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.98.6
+VER        = 0.98.7
 
 THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 28
+PAK_VER    = 29
 
 DEPS       = ""
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 7f4f7e82a09e42c4ebf153d6d452d9d8
+$(DL_FILE)_MD5 = 157c601161da1c2d5a0e48ea1b49e067
 
 install : $(TARGET)
 

diff --git a/lfs/collectd b/lfs/collectd
index f01c92a8a92ba956019f7b13d2ee3d7df10a9f6a..1573e3874d718918914567e6de04b10b8473a3a8 100644 (file)
--- a/lfs/collectd
+++ b/lfs/collectd
@@ -101,6 +101,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0020-openvpn-Make-read-functions-robust-like-in-8516f9abb.patch
        cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0021-openvpn-Fix-copy-and-paste-error.patch
        cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
+       cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/silence-openvpn-errors.patch
        cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var \
                --disable-{apple_sensors,csv,ipvs,mbmon,memcached,mysql} \
                --disable-{netlink,nginx,nut,perl,serial,snmp,tape,vserver,xmms} \
@@ -112,6 +113,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --with-librrd=/usr/share/rrdtool-1.2.30
        cd $(DIR_APP) && make install
        cp -vf $(DIR_SRC)/config/collectd/collectd.* /etc/
+       mv /etc/collectd.vpn /var/ipfire/ovpn/collectd.vpn
+       chown nobody.nobody /var/ipfire/ovpn/collectd.vpn
+       ln -f -s ../var/ipfire/ovpn/collectd.vpn /etc/collectd.vpn
        ln -f -s ../init.d/collectd /etc/rc.d/rc0.d/K50collectd 
        ln -f -s ../init.d/collectd /etc/rc.d/rc3.d/S29collectd
        ln -f -s ../init.d/collectd /etc/rc.d/rc6.d/K50collectd 

diff --git a/lfs/configroot b/lfs/configroot
index e0bb346d0ffab1588c9c1533beb9e6b4f7ad138d..601cdf6d38a22d7ef0899c203359f3742682e078 100644 (file)
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -64,8 +64,8 @@ $(TARGET) :
        for i in auth/users backup/include.user backup/exclude.user \
            certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \
            dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
-           ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/input firewall/outgoing \
-           fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwlogs/ipsettings fwlogs/portsettings \
+           ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \
+           fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \
            isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \
            ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
            ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
@@ -78,6 +78,7 @@ $(TARGET) :
        cp $(DIR_SRC)/config/cfgroot/header.pl                  $(CONFIG_ROOT)/
        cp $(DIR_SRC)/config/cfgroot/general-functions.pl       $(CONFIG_ROOT)/
        cp $(DIR_SRC)/config/cfgroot/network-functions.pl       $(CONFIG_ROOT)/
+       cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl         $(CONFIG_ROOT)/
        cp $(DIR_SRC)/config/cfgroot/lang.pl                    $(CONFIG_ROOT)/
        cp $(DIR_SRC)/config/cfgroot/countries.pl               $(CONFIG_ROOT)/
        cp $(DIR_SRC)/config/cfgroot/graphs.pl                  $(CONFIG_ROOT)/

diff --git a/lfs/curl b/lfs/curl
index 715d79d07c305e1f80153fbd159ce37d346a8a53..0fd92c1848a32b4814cba48b2e369ab6330cb21b 100644 (file)
--- a/lfs/curl
+++ b/lfs/curl
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 7.31.0
+VER        = 7.40.0
 
 THISAPP    = curl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 6f26843f7e3a2fb06e02f68a55efe8c7
+$(DL_FILE)_MD5 = 58943642ea0ed050ab0431ea1caf3a6f
 
 install : $(TARGET)
 

diff --git a/lfs/cyrus-imapd b/lfs/cyrus-imapd
index 2a826cd7039b7996feab4e4ce242189739167f6b..fc87bd62b472be117b8024551fcd9bd7e30b37f4 100644 (file)
--- a/lfs/cyrus-imapd
+++ b/lfs/cyrus-imapd
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2011  IPFire Team  <info@ipfire.org>                          #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = cyrus-imapd
-PAK_VER    = 3
+PAK_VER    = 5
 
 DEPS       = ""
 
@@ -100,5 +100,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cp -f $(DIR_APP)/tools/mkimap /usr/bin
        sudo -u cyrus /usr/bin/mkimap /var/ipfire/cyrusimap/imapd.conf
        chown cyrus.mail /var/imap/socket
+       install -v -m 644 $(DIR_SRC)/config/backup/includes/cyrus-imapd \
+               /var/ipfire/backup/addons/includes/cyrus-imapd
        @rm -rf $(DIR_APP) /usr/include/com_err.h
        @$(POSTBUILD)

diff --git a/lfs/cyrus-sasl b/lfs/cyrus-sasl
index af2b1488939563cbbe97351c33888524a280437d..84f49d93554194a139d9d4494da584f68e536c07 100644 (file)
--- a/lfs/cyrus-sasl
+++ b/lfs/cyrus-sasl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.1.21
+VER        = 2.1.26
 
 THISAPP    = cyrus-sasl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = dde02db234dea892bee298390890502e
+$(DL_FILE)_MD5 = a7f4e5e559a0e37b3ffc438c9456e425
 
 install : $(TARGET)
 
@@ -82,7 +82,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/cyrus-sasl-2.1.22-bad-elif.patch
        cd $(DIR_APP) && sed -i '/sasl_global/s/^static //' lib/client.c
        cd $(DIR_APP) && sed -i 's/cat8/man8/' saslauthd/Makefile.am
        cd $(DIR_APP) && autoconf
@@ -90,7 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 ifeq "$(PASS)" ""
        cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \
                            --with-dbpath=/var/lib/sasl/sasldb2 \
-                           --with-saslauthd=/var/run/saslauthd
+                           --with-saslauthd=/var/run/saslauthd \
+                           --with-des=no --with-rc4=no
        cd $(DIR_APP) && make
        cd $(DIR_APP) && make install
        install -v -m700 -d /var/lib/sasl

diff --git a/lfs/ddns b/lfs/ddns
index e736e101ce3ce4f4d7a1e1a83a63c130db399528..463ae28a9d2e86ac985112059cc88d4934966ce4 100644 (file)
--- a/lfs/ddns
+++ b/lfs/ddns
@@ -71,6 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch
+
        cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
        cd $(DIR_APP) && ./configure \
                --prefix=/usr \

diff --git a/lfs/dhcp b/lfs/dhcp
index 083c31fa1107bc70daf28789d5d386f4893b8891..9a89d40bf0aa34d60e67be124e2b016292c53516 100644 (file)
--- a/lfs/dhcp
+++ b/lfs/dhcp
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2012  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4.2.2
+VER        = 4.3.1
 
 THISAPP    = dhcp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = bb0f0434cd796f76aa7cead391d71f31
+$(DL_FILE)_MD5 = b3a42ece3c7f2cd2e74a3e12ca881d20
 
 install : $(TARGET)
 
@@ -71,38 +71,33 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-remove-bind.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-errwarn-message.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-options.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-release-by-ifup.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-dhclient-decline-backoff.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-unicast-bootp.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-dhclient-usage.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-default-requested-options.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-xen-checksum.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-manpages.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-paths.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-CLOEXEC.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-inherit-leases.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-garbage-chars.patch
-       # ???
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-missing-ipv6-not-fatal.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-64_bit_lease_parse.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-capability.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-logpid.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-UseMulticast.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-sendDecline.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-retransmission.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-rfc3442-classless-static-routes.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-honor-expired.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-noprefixavail.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-sharedlib.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-PPP.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-lpf-ib.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-improved-xid.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-gpxe-cid.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-remove-bind.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-errwarn-message.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-dhclient-options.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-release-by-ifup.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-unicast-bootp.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-default-requested-options.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-xen-checksum.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-manpages.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-paths.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-CLOEXEC.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-garbage-chars.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-64_bit_lease_parse.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-capability.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-logpid.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-UseMulticast.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-sendDecline.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-honor-expired.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-sharedlib.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-PPP.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-paranoia.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-lpf-ib.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-improved-xid.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-gpxe-cid.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch
 
        # Remove bundled BIND stuff.
        # (requires newer autoconf)

diff --git a/lfs/dhcpcd b/lfs/dhcpcd
index f7a8c361c6f5ce495d37f8368211ddd45c079fc2..e73d99c653f3f3f07cd77175949a8aeddec431c4 100644 (file)
--- a/lfs/dhcpcd
+++ b/lfs/dhcpcd
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2012  IPFire Team  <info@ipfire.org>                          #
+# Copyright (C) 2015  IPFire Team  <info@ipfire.org>                          #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.2.9
+VER        = 6.7.1
 
 THISAPP    = dhcpcd-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = aabe4a3c1f23c55f2c99a416c9085de9
+$(DL_FILE)_MD5 = ffb716b0e9327968e7200d519e1d4c0d
 
 install : $(TARGET)
 

diff --git a/lfs/dnsmasq b/lfs/dnsmasq
index 4bb7f9f0d116d8dfad9e58e37c4919f90c2565f6..857434c3d7015ecc3aa16da04ef404604a4a3832 100644 (file)
--- a/lfs/dnsmasq
+++ b/lfs/dnsmasq
@@ -130,6 +130,47 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0067-Merge-message-translations.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0069-Whitespace-fixes.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0093-Tweak-last-commit.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
        cd $(DIR_APP) && sed -i src/config.h \
                -e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \

diff --git a/lfs/dracut b/lfs/dracut
index fef3ad77d3b074621345923fc123869f6d0da997..97d12f3f55246f5512ce6bf6e5706d659071b1b8 100644 (file)
--- a/lfs/dracut
+++ b/lfs/dracut
@@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dracut-038-always-enable-mdraid.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dracut-038_add_sdhci-pci.patch
 
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install sbindir=/sbin sysconfdir=/etc

diff --git a/lfs/elinks b/lfs/elinks
index 59f1426ead95a57304beb675cc97e5cc161b268b..2727423f0269a565d5ed7a2f0e993695740bcdd9 100644 (file)
--- a/lfs/elinks
+++ b/lfs/elinks
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = elinks
-PAK_VER    = 4
+PAK_VER    = 5
 
 DEPS       = ""
 

diff --git a/lfs/expat b/lfs/expat
index 8e4db755959b9ac1d3533b0b88277281015ac41a..99e458d15e634d9d3077f57a1469576509c6ec67 100644 (file)
--- a/lfs/expat
+++ b/lfs/expat
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2014  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.0.0
+VER        = 2.1.0
 
 THISAPP    = expat-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = d945df7f1c0868c5c73cf66ba9596f3f
+$(DL_FILE)_MD5 = dd7dab7a5fea97d2a6a43f511449b7cd
 
 install : $(TARGET)
 
@@ -73,7 +73,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install
-       cd $(DIR_APP) && install -v -m755 -d /usr/share/doc/expat-2.0.0
-       cd $(DIR_APP) && install -v -m644 doc/*.{html,png,css} /usr/share/doc/expat-2.0.0
+       cd $(DIR_APP) && install -v -m755 -d /usr/share/doc/expat-2.1.0
+       cd $(DIR_APP) && install -v -m644 doc/*.{html,png,css} /usr/share/doc/expat-2.1.0
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/lfs/fireinfo b/lfs/fireinfo
index e63bdc812cff1b4e5f509ef5c60756591a40c500..9d657653ec1ac27f5d1853682f84729b0ceafc0c 100644 (file)
--- a/lfs/fireinfo
+++ b/lfs/fireinfo
@@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch
 
        cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
        cd $(DIR_APP) && ./configure --prefix=/usr

diff --git a/lfs/flag-icons b/lfs/flag-icons
new file mode 100644 (file)
index 0000000..8f3364c
--- /dev/null
+++ b/lfs/flag-icons
@@ -0,0 +1,90 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 2.6
+
+THISAPP    = flag-icons-$(VER)
+DL_FILE    = $(THISAPP).zip
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 992db1bc950dfdd436699b7d2ad33c2d
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       # Create DIR_APP and move the source tarball to its location.
+       @rm -rf $(DIR_APP) && mkdir -pv $(DIR_APP) && cd $(DIR_SRC) && cp -avf $(DIR_DL)/$(DL_FILE) $(DIR_APP)
+
+       # Extract the source tarball.
+       cd $(DIR_APP) && unzip $(DL_FILE)
+
+       # Create flage image folder.
+       cd $(DIR_APP) && mkdir -pv /srv/web/ipfire/html/images/flags/
+
+       # Only copy the country flags.
+       cd $(DIR_APP) && cp -avf flags-iso/shiny/16/??.png \
+               /srv/web/ipfire/html/images/flags/
+
+       # Copy flag icon for unknown countries.
+       cd $(DIR_APP) && cp -avf flags-iso/shiny/16/_unknown.png \
+               /srv/web/ipfire/html/images/flags/unknown.png
+
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)

diff --git a/lfs/flash-images b/lfs/flash-images
index 6c88180598b659dfa2ae79f77a5be3e9c4cf6592..530bf339b80b95ae2e86bec54ed7a0d91cd212f7 100644 (file)
--- a/lfs/flash-images
+++ b/lfs/flash-images
@@ -211,6 +211,7 @@ endif
        -fsck.ext4 -f -y $(PART_ROOT)
        fsck.ext4 -f -y $(PART_ROOT)
 
+       sleep 10     #Ubuntu compiling: allow time to automount/dismount
        kpartx -d -v $(DEVICE)
        losetup -d $(DEVICE)
 

diff --git a/lfs/glibc b/lfs/glibc
index 11d374e3b886a13fabdfbfca70309112c22ef3e7..4ec71a788e6bf683d0204112c622621c34e1eeaf 100644 (file)
--- a/lfs/glibc
+++ b/lfs/glibc
@@ -283,6 +283,8 @@ endif
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1154563.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1170121.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1183533.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1207995.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1209375.patch
 
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch

diff --git a/lfs/groff b/lfs/groff
index 1739fee23b16952105477b7ff5e8e77fb0481e4a..a0bb0bd3f9edef46c6d065bd2dcc45fea11e2bef 100644 (file)
--- a/lfs/groff
+++ b/lfs/groff
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2011  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.21
+VER        = 1.22.3
 
 THISAPP    = groff-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 8b8cd29385b97616a0f0d96d0951c5bf
+$(DL_FILE)_MD5 = cc825fa64bc7306a885f2fb2268d3ec5
 
 install : $(TARGET)
 

diff --git a/lfs/haproxy b/lfs/haproxy
index febb65a5d3718b164f2409a0c5596bfe96b09510..4af22730772d6f7205890048af8b8ed26ed98420 100644 (file)
--- a/lfs/haproxy
+++ b/lfs/haproxy
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = haproxy
-PAK_VER    = 1
+PAK_VER    = 2
 
 DEPS       = ""
 

diff --git a/lfs/hostapd b/lfs/hostapd
index 74c2ae86ef37a644b8bbce04b51995ba374ca6e3..e9286684bf6b8dc64abde07aa5fc082670027ff4 100644 (file)
--- a/lfs/hostapd
+++ b/lfs/hostapd
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.3
+VER        = 2.4
 
 THISAPP    = hostapd-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = hostapd
-PAK_VER    = 33
+PAK_VER    = 34
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 40b89c61036add0c2dd1fc10767d3b5f
+$(DL_FILE)_MD5 = 04578f3f2c3eb1bec1adf30473813912
 
 install : $(TARGET)
 
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd-2.3_increase_EAPOL-timeouts.patch
        cd $(DIR_APP)/hostapd && cp $(DIR_SRC)/config/hostapd/config ./.config
        cd $(DIR_APP)/hostapd && sed -e "s@/usr/local@/usr@g" -i Makefile
        cd $(DIR_APP)/hostapd && make $(MAKETUNING) $(EXTRA_MAKE)

diff --git a/lfs/initscripts b/lfs/initscripts
index f656c72a7458025459f1481a568a1721f4059804..400594136230363a5ea32c29bab06658cffbe7bb 100755 (executable)
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -176,6 +176,7 @@ $(TARGET) :
        ln -sf ../init.d/firstsetup  /etc/rc.d/rcsysinit.d/S75firstsetup
        ln -sf ../init.d/localnet    /etc/rc.d/rcsysinit.d/S80localnet
        ln -sf ../init.d/firewall    /etc/rc.d/rcsysinit.d/S85firewall
+       ln -sf ../init.d/network-trigger /etc/rc.d/rcsysinit.d/S90network-trigger
        ln -sf ../init.d/network-vlans /etc/rc.d/rcsysinit.d/S91network-vlans
        ln -sf ../init.d/rngd        /etc/rc.d/rcsysinit.d/S92rngd
        ln -sf ../init.d/wlanclient  /etc/rc.d/rc0.d/K82wlanclient

diff --git a/lfs/iptables b/lfs/iptables
index d3c8402b0756e0f230571c01acfb9a53f2489eff..ec65ae04a0543dd02dee35028f860202747b1e9b 100644 (file)
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -93,9 +93,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
                         ./extensions/
 
-       # ipp2p 0.8.2-pomng
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch
-
        # imq
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff
 

diff --git a/lfs/iputils b/lfs/iputils
index 7741c0ed0dee2adf77c7297c2e85a3d6840aa936..bb0879369597c1f40d1defe6c02a53f834b3566b 100644 (file)
--- a/lfs/iputils
+++ b/lfs/iputils
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2014  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,12 +24,12 @@
 
 include Config
 
-VER        = ss020927
+VER        = s20121221
 
 THISAPP    = iputils-$(VER)
-DL_FILE    = $(THISAPP).tar.gz
+DL_FILE    = $(THISAPP).tar.bz2
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/iputils
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 ###############################################################################
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = b5493f7a2997130a4f86c486c9993b86
+$(DL_FILE)_MD5 = 6072aef64205720dd1893b375e184171
 
 install : $(TARGET)
 
@@ -69,10 +69,7 @@ $(subst %,%_MD5,$(objects)) :
 
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
-       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/iputils-20020927-headers.patch
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/iputils-20020927-rh.patch
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/iputils-glibckernheaders.patch
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && make ping tracepath
        cd $(DIR_APP) && install -m 4755 ping /usr/bin
        cd $(DIR_APP) && install -m 0755 tracepath /usr/bin

diff --git a/lfs/libjpeg b/lfs/libjpeg
index 5e0785926eb3d07e5d90e99bf5495bee4dc3a142..8b4c0778c980b9dd6a5ab5c99a23ff44dc404a6c 100644 (file)
--- a/lfs/libjpeg
+++ b/lfs/libjpeg
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.3.0
+VER        = 1.3.1
 
 THISAPP    = libjpeg-turbo-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = e1e65cc711a1ade1322c06ad4a647741
+$(DL_FILE)_MD5 = 2c3a68129dac443a72815ff5bb374b05
 
 install : $(TARGET)
 

diff --git a/lfs/libnet b/lfs/libnet
index 0547589805cb28f25d9bfc3905471a68db6508cc..a9efd99b3c2559caa134dc4a02f42e52b0eeca63 100644 (file)
--- a/lfs/libnet
+++ b/lfs/libnet
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,12 +24,12 @@
 
 include Config
 
-VER        = 1.1.2.1
+VER        = 1.1.6
 
 THISAPP    = libnet-$(VER)
-DL_FILE    = libnet.tar.gz
+DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/libnet
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 ###############################################################################
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = be845c41170d72c7db524f3411b50256
+$(DL_FILE)_MD5 = 710296fe424a49344e5fcc0d09e53317
 
 install : $(TARGET)
 

diff --git a/lfs/libsrtp b/lfs/libsrtp
index 6dfef3b1977c3ac8d45d75ad5447837ea1be9af3..47c0cad57c04248cc863b2a8de3d90dfdf65edc7 100644 (file)
--- a/lfs/libsrtp
+++ b/lfs/libsrtp
@@ -24,14 +24,14 @@
 
 include Config
 
-VER        = 1.5.0
+VER        = 1.5.2
 THISAPP    = libsrtp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = libsrtp
-PAK_VER    = 1
+PAK_VER    = 2
 
 DEPS       = ""
 
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ec49ba558b4fd056114df2c76935aa8e
+$(DL_FILE)_MD5 = 2309aa6027992810a4285b042c71e644
 
 install : $(TARGET)
 
@@ -78,7 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 
        cd $(DIR_APP) && ./configure --prefix=/usr 
-       cd $(DIR_APP) && make uninstall && make $(MAKETUNING) libsrtp.so
+       cd $(DIR_APP) && make uninstall && make $(MAKETUNING) shared_library
        cd $(DIR_APP) && make install
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/lfs/libtool b/lfs/libtool
index e6bcd4060cebb5be364c57ad899722871e497a55..01721450553d5d88009ba56b80458e8134361263 100644 (file)
--- a/lfs/libtool
+++ b/lfs/libtool
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2012  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.4.2
+VER        = 2.4.4
 
 THISAPP    = libtool-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 2ec8997e0c07249eb4cbd072417d70fe
+$(DL_FILE)_MD5 = 51bf400de3354687d68dfa2392506b7e
 
 install : $(TARGET)
 

diff --git a/lfs/libxml2 b/lfs/libxml2
index 4a25c4ca5f81a66af1d77f297d04dfebcb119a06..ae2621b032376ee0e4c8ef211b811113dc367e6f 100644 (file)
--- a/lfs/libxml2
+++ b/lfs/libxml2
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.6.32
+VER        = 2.9.2
 
 THISAPP    = libxml2-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 2621d322c16f0257e30f0ff2b13384de
+$(DL_FILE)_MD5 = 9e6a9aca9d155737868b3dc5fd82f788
 
 install : $(TARGET)
 

diff --git a/lfs/libxslt b/lfs/libxslt
index 47ee4f8cd9c0bf0ed671d6af73cd624368cff799..1339f42f9545170b9c0016855e661b973f145912 100644 (file)
--- a/lfs/libxslt
+++ b/lfs/libxslt
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.1.17
+VER        = 1.1.28
 
 THISAPP    = libxslt-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = fde6a7a93c0eb14cba628692fa3a1000
+$(DL_FILE)_MD5 = 9667bf6f9310b957254fdcf6596600b7
 
 install : $(TARGET)
 

diff --git a/lfs/linux b/lfs/linux
index ef30fa673cf5ee6d980f89dbecb299d9aaad3efd..f59a709a5827eeab1e70cb3b54dea57011b5074b 100644 (file)
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,11 +24,11 @@
 
 include Config
 
-VER        = 3.14.33
+VER        = 3.14.43
 
-RPI_PATCHES = 3.14.33-grsec-ipfire1
-A7M_PATCHES = 3.14.33-grsec-ipfire1
-GRS_PATCHES = grsecurity-3.0-3.14.33-201502180832.patch.xz
+RPI_PATCHES = 3.14.43-grsec-ipfire1
+A7M_PATCHES = 3.14.43-grsec-ipfire1
+GRS_PATCHES = grsecurity-3.1-3.14.43-201505191737.patch.xz
 
 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -37,7 +37,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 CFLAGS     =
 CXXFLAGS   =
 
-PAK_VER    = 58
+PAK_VER    = 61
 DEPS      = ""
 
 VERSUFIX=ipfire$(KCFG)
@@ -77,10 +77,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz         = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).
 arm7-multi-patches-$(A7M_PATCHES).patch.xz     = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz
 $(GRS_PATCHES)                                 = $(URL_IPFIRE)/$(GRS_PATCHES)
 
-$(DL_FILE)_MD5                                 = c19feb0646fde7e96602ac313fb7e5d6
-rpi-patches-$(RPI_PATCHES).patch.xz_MD5                = e423c8b3a408f23b9a26f8f0f4384c50
-arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = f147ce7c81889d2c5134304f3a6e60e3
-$(GRS_PATCHES)_MD5                             = 119943451628ff5a62437637d60a585d
+$(DL_FILE)_MD5                                 = 927f2343f298dfe531a8371f81356e53
+rpi-patches-$(RPI_PATCHES).patch.xz_MD5                = b5ba925ae1d4279d3ac0f03c27dd16eb
+arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = b9c696fe4f22b05b81c168329ca33c94
+$(GRS_PATCHES)_MD5                             = 35e26b1214b1b0b515ee67e5ce50633a
 
 install : $(TARGET)
 
@@ -118,9 +118,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        # Linux Intermediate Queueing Device
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.22-imq.patch
 
-       # ipp2p 0.8.2-ipfire
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-ipp2p-0.8.2-ipfire.patch
-
        # Layer7-patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14-layer7-filter.patch
 
@@ -164,6 +161,9 @@ endif
        # r8169 L23 patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.32-r8169_disable_L23.patch
 
+       # HyperV 2008 patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.x-hyperv-2008-fix.patch
+
 ifeq "$(KCFG)" "-kirkwood"
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.10-mv_cesa_disable_failing_hmac_sha1.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.22-kirkwood_legacy_boot.patch
@@ -178,8 +178,6 @@ ifeq "$(KCFG)" "-multi"
        # Install switch api userspace header
        cd $(DIR_APP) && install -v -m644 include/uapi/linux/switch.h /usr/include/linux/
 
-       # Fix Lamobo-R1 SATA Power
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch
 endif
 
 ifeq "$(KCFG)" "-rpi"

diff --git a/lfs/logrotate b/lfs/logrotate
index 8f81b2df546cac234a664b0e89c61000a75487dc..0904074ba9b0ef5f98b024e9d867b6a3d7a9c1eb 100644 (file)
--- a/lfs/logrotate
+++ b/lfs/logrotate
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2014  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.7.1
+VER        = 3.8.1
 
 THISAPP    = logrotate-$(VER)
 DL_FILE    = logrotate_$(VER).orig.tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 552639142e163745f6bcd4f1f3816d8a
+$(DL_FILE)_MD5 = bd2e20d8dc644291b08f9215397d28a5
 
 install : $(TARGET)
 

diff --git a/lfs/logwatch b/lfs/logwatch
index 755557a0b93e73275e5897e2cd6227a6b1674374..7144d07f3ba0f4ef3b60567d6a06959fcaa32264 100644 (file)
--- a/lfs/logwatch
+++ b/lfs/logwatch
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 7.3.6
+VER        = 7.4.1
 
 THISAPP    = logwatch-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 937d982006b2a76a83edfcfd2e5a9d7d
+$(DL_FILE)_MD5 = a0c3d8721f877bdcd4a9089eb1b4691b
 
 install : $(TARGET)
 
@@ -99,7 +99,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        -mkdir -p /var/log/logwatch
        chmod -v 755 /var/log/logwatch
        -rm -rf /etc/logwatch/conf
-       ln -vsf /usr/share/logwatch/default.config /etc/logwatch/conf
+       ln -vsf /usr/share/logwatch/default.conf /etc/logwatch/conf
        
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/lfs/monit b/lfs/monit
index 0998d59ee740ae04cc68d170595d3dabff192434..92e0760023b1780efd930dd44220d442e977d2e4 100644 (file)
--- a/lfs/monit
+++ b/lfs/monit
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.11
+VER        = 5.12.1
 
 THISAPP    = monit-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = monit
-PAK_VER    = 4
+PAK_VER    = 6
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ff00f39d248ed7068932ed82211da9e6
+$(DL_FILE)_MD5 = 1ffde79207270925f6f7df787d19100a
 
 install : $(TARGET)
 

diff --git a/lfs/nasm b/lfs/nasm
index f6aeac7a8fca79659e2f01f4aba4e6e6ce8ed4a0..b77e7cbfd63ec51b3ae711057e4fa0f379d5c6c2 100644 (file)
--- a/lfs/nasm
+++ b/lfs/nasm
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.10.03
+VER        = 2.11.06
 
 THISAPP    = nasm-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = a5d0ed070476a7c5b4f0893dc4a4ea4b
+$(DL_FILE)_MD5 = 2b958e9f5d200641e6fc9564977aecc5
 
 install : $(TARGET)
 

diff --git a/lfs/netsnmpd b/lfs/netsnmpd
index 388b20b120d68a5396e7568e275901b85faf5a22..b51367855f714f3b330790da7d05aa24ee335c64 100644 (file)
--- a/lfs/netsnmpd
+++ b/lfs/netsnmpd
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2011  IPFire Team  <info@ipfire.org>                          #
+# Copyright (C) 2015  IPFire Team  <info@ipfire.org>                          #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,15 +24,15 @@
 
 include Config
 
-VER        = 5.4.2.1
+VER        = 5.7.3
 
 THISAPP    = net-snmp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
-PROG      = netsnmpd
-PAK_VER           = 2
+PROG       = netsnmpd
+PAK_VER    = 4
 DEPS       = ""
 
 ###############################################################################
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 984932520143f0c8bf7b7ce1fc9e1da1
+$(DL_FILE)_MD5 = d4a3459e1577d0efa8d96ca70a885e53
 
 install : $(TARGET)
 
@@ -77,21 +77,22 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && ./configure \
-                                   --prefix=/usr \
-                                   --with-default-snmp-version="2" \
-                                   --with-sys-contact="root@" \
-                                   --with-sys-location="localhost" \
-                                   --with-logfile="/var/log/snmpd.log" \
-                                   --with-persistent-directory="/var/net-snmp" \
-                                   --libdir=/usr/lib \
-                                   --sysconfdir="/etc"
+               --prefix=/usr \
+               --with-default-snmp-version="2" \
+               --with-sys-contact="root@" \
+               --with-sys-location="localhost" \
+               --with-logfile="/var/log/snmpd.log" \
+               --with-persistent-directory="/var/net-snmp" \
+               --libdir=/usr/lib \
+               --sysconfdir="/etc"
        cd $(DIR_APP) && make 
        cd $(DIR_APP) && make install
        install -v -m644 $(DIR_SRC)/config/netsnmpd/snmpd.conf /etc/snmpd.conf
+       install -v -m 644 $(DIR_SRC)/config/backup/includes/netsnmpd \
+               /var/ipfire/backup/addons/includes/netsnmpd
        install -v -m755 $(DIR_SRC)/src/initscripts/init.d/netsnmpd /etc/init.d/netsnmpd
        ln -sf ../init.d/netsnmpd /etc/rc.d/rc3.d/S65netsnmpd
        ln -sf ../init.d/netsnmpd /etc/rc.d/rc0.d/K02netsnmpd
        ln -sf ../init.d/netsnmpd /etc/rc.d/rc6.d/K02netsnmpd
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)
-       

diff --git a/lfs/newt b/lfs/newt
index daad9dce9198f9714152ac2836395f8b0dfc1fdb..ed535620c75124b43f5216e225321f3e7479fdcd 100644 (file)
--- a/lfs/newt
+++ b/lfs/newt
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.52.17
+VER        = 0.52.18
 
 THISAPP    = newt-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = f36d4d908965a0c89fd6fd8b61a6118b
+$(DL_FILE)_MD5 = 685721bee1a318570704b19dcf31d268
 
 install : $(TARGET)
 

diff --git a/lfs/nfs b/lfs/nfs
index d18487baa8c3685f02db75f2a10894b0d8099428..417f155fd287167b65237badcd0a3fd13629acbc 100644 (file)
--- a/lfs/nfs
+++ b/lfs/nfs
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = nfs
-PAK_VER    = 5
+PAK_VER    = 6
 
 DEPS       = "portmap"
 

diff --git a/lfs/openssh b/lfs/openssh
index d8f337baf873ba5d4c91d490499af9d07545f1c1..7e6e3764152c30b6a8badca9a76114085ab74a10 100644 (file)
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -70,9 +70,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-ifeq "$(PADLOCK)" "1"
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssh-4.7p1-padlock.patch
-endif
        cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure
        cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc/ssh \
                    --libexecdir=/usr/lib/openssh --with-md5-passwords \

diff --git a/lfs/openssl b/lfs/openssl
index 588cf045e2e9fc0c41f672af89d8a18e5ace8257..3b9f3e1210b68b13894bf768057c18559c21f86d 100644 (file)
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2014  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,25 +24,56 @@
 
 include Config
 
-VER        = 1.0.1m
+VER        = 1.0.2b
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
-TARGET     = $(DIR_INFO)/$(THISAPP)
+
+TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)
+
+ifneq "$(KCFG)" "-sse2"
+CFLAGS += -DPURIFY
+else
+CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
+CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
+CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
+CFLAGS+= -fomit-frame-pointer -DPURIFY
+CXXFLAGS="${CFLAGS}"
+endif
+
+export RPM_OPT_FLAGS = $(CFLAGS)
+
+CONFIGURE_OPTIONS = \
+       --prefix=/usr \
+       --openssldir=/etc/ssl \
+       --enginesdir=/usr/lib/openssl/engines \
+       shared \
+       zlib-dynamic \
+       enable-camellia \
+       enable-md2 \
+       enable-seed \
+       enable-tlsext \
+       enable-rfc3779 \
+       no-idea \
+       no-mdc2 \
+       no-rc5 \
+       no-srp \
+       -DSSL_FORBID_ENULL
 
 ifeq "$(MACHINE)" "i586"
-       CONFIGURE_ARGS = linux-elf no-asm 386
+       CONFIGURE_OPTIONS += linux-elf
+
+ifneq "$(KCFG)" "-sse2"
+       CONFIGURE_OPTIONS += no-sse2
+endif
 endif
 
 ifeq "$(MACHINE)" "armv5tel"
-       CONFIGURE_ARGS = linux-generic32
+       CONFIGURE_OPTIONS += linux-generic32
 endif
 
-CFLAGS += -DPURIFY
-export RPM_OPT_FLAGS = $(CFLAGS)
-
 ###############################################################################
 # Top-level Rules
 ###############################################################################
@@ -51,7 +82,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = d143d1555d842a069cb7cc34ba745a06
+$(DL_FILE)_MD5 = 7729b259e2dea7d60b32fc3934d6984b
 
 install : $(TARGET)
 
@@ -82,10 +113,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-rpmbuild.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
 
+       # i586 specific patches
+ifeq "$(MACHINE)" "i586"
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
+endif
+
        # Apply our CFLAGS
        cd $(DIR_APP) && sed -i Configure \
                -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
@@ -93,27 +130,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && find crypto/ -name Makefile -exec \
                sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
 
-       cd $(DIR_APP) && ./Configure \
-               --prefix=/usr \
-               --openssldir=/etc/ssl \
-               --enginesdir=/usr/lib/openssl/engines \
-               shared \
-               zlib-dynamic \
-               enable-camellia \
-               enable-md2 \
-               enable-seed \
-               enable-tlsext \
-               enable-rfc3779 \
-               no-idea \
-               no-mdc2 \
-               no-rc5 \
-               no-srp \
-               $(CONFIGURE_ARGS) \
-               -DSSL_FORBID_ENULL
+       cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)
 
        cd $(DIR_APP) && make depend
        cd $(DIR_APP) && make
 
+ifeq "$(KCFG)" "-sse2"
+       -mkdir -pv /usr/lib/sse2
+       cd $(DIR_APP) && install -m 755 \
+               libcrypto.so.10 /usr/lib/sse2
+else
        # Install everything.
        cd $(DIR_APP) && make install
        install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
@@ -125,6 +151,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        -mkdir -pv /usr/lib/openssl
        rm -vfr /usr/lib/openssl/engines
        mv -v /usr/lib/engines /usr/lib/openssl
+endif
 
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/lfs/pcre b/lfs/pcre
index f5c771ca81ea21ab838fb71b03cbbd67c36e6666..175afc09e246b06db8cb96cd16403eedfb15235d 100644 (file)
--- a/lfs/pcre
+++ b/lfs/pcre
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 8.36
+VER        = 8.37
 
 THISAPP    = pcre-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ff7b4bb14e355f04885cf18ff4125c98
+$(DL_FILE)_MD5 = 6e0cc6d1bdac7a4308151f9b3571b86e
 
 install : $(TARGET)
 

diff --git a/lfs/openssl-compat b/lfs/perl-Text-CSV_XS
similarity index 73%
rename from lfs/openssl-compat
rename to lfs/perl-Text-CSV_XS
index ad5d6649f1cfd3a438f801b2b16fa8f662b40491..f94593f983a21bbfa95d82be1376d689651ad6fb 100644 (file)
--- a/lfs/openssl-compat
+++ b/lfs/perl-Text-CSV_XS
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2014  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2014  IPFire Team  <info@ipfire.org>                          #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -18,16 +18,16 @@
 #                                                                             #
 ###############################################################################
 
+
 ###############################################################################
 # Definitions
 ###############################################################################
 
 include Config
+VER        = 1.12
 
-VER        = 0.9.8zf
-
-THISAPP    = openssl-$(VER)
-DL_FILE    = $(THISAPP).tar.gz
+THISAPP    = Text-CSV_XS-$(VER)
+DL_FILE    = ${THISAPP}.tgz
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = c69a4a679233f7df189e1ad6659511ec
+$(DL_FILE)_MD5 = b91f2d806054b68c2a29d3da5821fe87
 
 install : $(TARGET)
 
@@ -70,33 +70,8 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
-
-       # Apply our CFLAGS
-       cd $(DIR_APP) && sed -i Configure \
-               -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
-
-       cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config
-       cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
-
-       # Support for engines is disabled, because the shared objects from the
-       # new version of openssl cannot be loaded by the old one.
-
-       cd $(DIR_APP) && ./Configure \
-               --prefix=/usr \
-               --openssldir=/etc/ssl \
-               shared linux-elf \
-               zlib-dynamic \
-               no-engines \
-               no-asm 386 \
-               -DSSL_FORBID_ENULL
-
-       cd $(DIR_APP) && make depend
-       cd $(DIR_APP) && make
-
-       cd $(DIR_APP) && install -v -m 755 libcrypto.so.0.9.8 /usr/lib
-       cd $(DIR_APP) && install -v -m 755 libssl.so.0.9.8 /usr/lib
-
+       cd $(DIR_APP) && perl Makefile.PL
+       cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+       cd $(DIR_APP) && make install
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/lfs/postfix b/lfs/postfix
index 77c6dd0e4aefbccb08c5bd9a6a45492a7e79e005..fd332537a78cae1262f1a2bb7479b383d3c3182d 100644 (file)
--- a/lfs/postfix
+++ b/lfs/postfix
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = postfix
-PAK_VER    = 7
+PAK_VER    = 8
 
 DEPS       = "amavisd mysql"
 

diff --git a/lfs/pound b/lfs/pound
index a0f6f290652137c4ee2b0f54517a19c04ffc645e..3860122a9f9d9a434941cd8adf0a132b83add0ce 100644 (file)
--- a/lfs/pound
+++ b/lfs/pound
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = pound
-PAK_VER    = 7
+PAK_VER    = 8
 
 DEPS       = ""
 
@@ -77,7 +77,8 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc
+       cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \
+               --with-dh=1024
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install
        install -v -m 644 $(DIR_SRC)/config/backup/includes/pound \

diff --git a/lfs/python-optional-src b/lfs/python-optional-src
index 7b9e0c7c8625bd8aadf6b8c3a5dd62b691ca8cb8..3b9f1c5c6f1760d09c154f8e6de317adf8f0a0b3 100644 (file)
--- a/lfs/python-optional-src
+++ b/lfs/python-optional-src
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2011  IPFire Team <info@ipfire.org>                      #
+# Copyright (C) 2007-2015  IPFire Team <info@ipfire.org>                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,12 +24,12 @@
 
 include Config
 
-VER       = 2.7.1
+VER       = 2.7.3
 
 include python
 
 PROG      = python-optional-src
-PAK_VER    = 2
+PAK_VER    = 3
 DEPS       =
 
 dist: 

diff --git a/lfs/qemu b/lfs/qemu
index 2fc0476b0a8e5c93bc0264074a3edca341f6641e..8512568b60db06e5101498127868679894f85f8d 100644 (file)
--- a/lfs/qemu
+++ b/lfs/qemu
@@ -24,16 +24,16 @@
 
 include Config
 
-VER        = 0.15.0
+VER        = 2.3.0
 
-THISAPP    = qemu-kvm-$(VER)
-DL_FILE    = $(THISAPP).tar.gz
+THISAPP    = qemu-$(VER)
+DL_FILE    = $(THISAPP).tar.bz2
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 SUP_ARCH   = i586
 PROG       = qemu
-PAK_VER    = 14
+PAK_VER    = 15
 
 DEPS       = "sdl"
 
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = b45b0deebba4ce47dcaaab3807f6ed47
+$(DL_FILE)_MD5 = 2fab3ea4460de9b57192e5b8b311f221
 
 install : $(TARGET)
 
@@ -77,12 +77,20 @@ $(subst %,%_MD5,$(objects)) :
 
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
-       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/qemu-0.15.0_missing_definitions_hack.patch
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \
+               --enable-kvm --disable-attr \
                --target-list="i386-linux-user i386-softmmu arm-softmmu" \
                --extra-cflags="$(CFLAGS)"
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install
+
+       # install wrapper for old kvm parameter handling
+       install -m 755 $(DIR_SRC)/config/qemu/qemu /usr/bin/qemu
+
+       # disable PaX MPROTECT
+       paxctl -m /usr/bin/qemu-system-arm
+       paxctl -m /usr/bin/qemu-system-i386
+
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/lfs/sarg b/lfs/sarg
index c8794fe7e0c7790c2014ffb1c05cd9170a619dad..ce309a12bb601154542f7a908b188b7cbb801900 100644 (file)
--- a/lfs/sarg
+++ b/lfs/sarg
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - An Open Source Firewall Solution                               #
-# Copyright (C) 2012 Michael Tremer                                           #
+# Copyright (C) 2014 Michael Tremer                                           #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.3.3
+VER        = 2.3.9
 
 THISAPP    = sarg-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = sarg
-PAK_VER    = 1
+PAK_VER    = 2
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 09dba9a960d500acd7f17802de62512c
+$(DL_FILE)_MD5 = d6e8b854950f1bebb953e0ea2ca13428
 
 install : $(TARGET)
 

diff --git a/lfs/slang b/lfs/slang
index 55590f7cb2c8bff423d8f5328d7589a0ab9925e8..d913cdf2547b270d26f0300f4bc8e05d4efe7ab3 100644 (file)
--- a/lfs/slang
+++ b/lfs/slang
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.2.4
+VER        = 2.3.0
 
 THISAPP    = slang-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 86cd8689cd71e281b4720fef8453ceeb
+$(DL_FILE)_MD5 = 80f4e64189b6f28fd420b829b44a6723
 
 install : $(TARGET)
 

diff --git a/lfs/squid b/lfs/squid
index 67e4a7db15536331f162baf394117c49dddbd6bf..d4fc4c5a13682a0d04cb49230694f312d171512a 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.4.9
+VER        = 3.4.13
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 497e5be7b3430d12667628296760beca
+$(DL_FILE)_MD5 = a5f6c978b2d7a99b161c8275e1acb470
 
 install : $(TARGET)
 
@@ -78,12 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --libexecdir=/usr/lib/squid \
                --localstatedir=/var \
                --disable-ipv6 \
+               --disable-ssl \
                --enable-poll \
                --disable-icmp \
                --disable-wccp \
                --enable-ident-lookups \
                --enable-storeio="aufs,diskd,ufs" \
-               --enable-ssl \
                --enable-underscores \
                --enable-http-violations \
                --enable-removal-policies="heap,lru" \

diff --git a/lfs/squid-accounting b/lfs/squid-accounting
index 7eae4fbb624e7e865a0aebc5a0f2d732fc86e002..af7b281e4f477943b3cddfe1301464c9486de09e 100644 (file)
--- a/lfs/squid-accounting
+++ b/lfs/squid-accounting
@@ -9,13 +9,13 @@
 
 include Config
 
-VER        = 1.0.2
+VER        = 1.0.3
 
 THISAPP    = squid-accounting-$(VER)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = squid-accounting
-PAK_VER    = 4
+PAK_VER    = 5
 
 DEPS       = "perl-DBI perl-DBD-SQLite perl-File-ReadBackwards perl-PDF-API2 sendEmail"
 

diff --git a/lfs/stage2 b/lfs/stage2
index 895ee153bc5a35b90eaad5cdce98f389d5426f03..3203983e287a386515a787e278d41f2bde2a4677 100644 (file)
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -55,7 +55,7 @@ $(TARGET) :
        -install -dv -m 1777 /tmp /var/tmp
        -mkdir -pv /usr/{,local/}{bin,include,lib{,/sse2},sbin,src}
        -mkdir -pv /usr/{,local/}share/{doc,info,locale,man}
-       -mkdir -v  /usr/{,local/}share/{misc,terminfo,zoneinfo}
+       -mkdir -v  /usr/{,local/}share/{misc,terminfo,xt_geoip,zoneinfo}
        -mkdir -pv /usr/{,local/}share/man/man{1..8}
        #-for dir in /usr /usr/local; do \
        #  ln -sv share/{man,doc,info} $$dir; \
@@ -101,7 +101,8 @@ $(TARGET) :
 
        # Move script to correct place.
        mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
-
+       mv -vf /usr/local/bin/ovpn-collectd-convert /usr/sbin/
+       
        # Install firewall scripts.
        mkdir -pv /usr/lib/firewall
        install -m 755 $(DIR_SRC)/config/firewall/rules.pl \

diff --git a/lfs/strongswan b/lfs/strongswan
index 43995b5a118d7b4d00e9737e8a595a9fe87a9ddb..d1a5b8c1507c4941f15384b1231e777f2dcda93c 100644 (file)
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.2.2
+VER        = 5.3.1
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 7ee1a33060b2bde35be0f6d78a1d26d0
+$(DL_FILE)_MD5 = 66f258901a3d6c271da1a0c7fb3e5013
 
 install : $(TARGET)
 
@@ -78,13 +78,10 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-eb25190.patch
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.3.1-build-timeattack.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch
 
-       cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
+       cd $(DIR_APP) && autoreconf -vfi
        cd $(DIR_APP) && ./configure \
                --prefix="/usr" \
                --sysconfdir="/etc" \
@@ -93,6 +90,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --enable-farp \
                --enable-openssl \
                --enable-gcrypt \
+               --enable-ccm \
+               --enable-ctr \
+               --enable-gcm \
                --enable-xauth-eap \
                --enable-xauth-noauth \
                --enable-eap-radius \

diff --git a/lfs/tzdata b/lfs/tzdata
index 11dc03f3d05350ba6632ae3f2a6b91d7f46f388b..dfb54e6639bacf62319473599ffbf83127d67989 100644 (file)
--- a/lfs/tzdata
+++ b/lfs/tzdata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2015a
+VER        = 2015d
 TZDATA_VER = $(VER)
 TZCODE_VER = $(VER)
 
@@ -45,8 +45,8 @@ objects = tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz
 tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz
 tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz
 
-tzdata$(TZDATA_VER).tar.gz_MD5 = 4ed11c894a74a5ea64201b1c6dbb8831
-tzcode$(TZCODE_VER).tar.gz_MD5 = 8f375ede46ae137fbac047ac431bda37
+tzdata$(TZDATA_VER).tar.gz_MD5 = b595bdc4474b8fc1a15cffc67c66025b
+tzcode$(TZCODE_VER).tar.gz_MD5 = 4008a3abc025a398697b2587c48258b9
 
 install : $(TARGET)
 

diff --git a/lfs/udev b/lfs/udev
index 15dae817b2b35dd6d02f7ccbfb80be7dbdb487b1..e58839c405e93a214b37774d3cb06cf83fe1a996 100644 (file)
--- a/lfs/udev
+++ b/lfs/udev
@@ -93,9 +93,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        rm -f /lib/udev/rules.d/75-persistent-net-generator.rules
        rm -f /lib/udev/rules.d/80-net-name-slot.rules
 
-       # Create rule file for the setup
-       touch /etc/udev/rules.d/30-persistent-network.rules
-
        # Blacklist some modules
        cp -vf $(DIR_SRC)/config/udev/blacklist.conf /etc/modprobe.d/blacklist.conf
 
@@ -107,6 +104,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        install -v -m 644 $(DIR_SRC)/config/udev/25-alsa.rules \
                /lib/udev/rules.d
 
+       # Install network rules.
+       install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-rename \
+               /lib/udev/network-hotplug-rename
+       install -v -m 644 $(DIR_SRC)/config/udev/60-net.rules \
+               /lib/udev/rules.d
+
        # Install hwrng rules.
        install -v -m 644 $(DIR_SRC)/config/udev/90-hwrng.rules \
                /lib/udev/rules.d

diff --git a/lfs/vsftpd b/lfs/vsftpd
index f3e74a00e1ac37e0e8b1f0656e107dd7d106b71a..7284be96150a4987b7a812b3b30a08fd42c7d9f9 100644 (file)
--- a/lfs/vsftpd
+++ b/lfs/vsftpd
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = vsftpd
-PAK_VER    = 7
+PAK_VER    = 8
 
 DEPS       = ""
 

diff --git a/lfs/web-user-interface b/lfs/web-user-interface
new file mode 100644 (file)
index 0000000..919acbe
--- /dev/null
+++ b/lfs/web-user-interface
@@ -0,0 +1,72 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2015   IPFire Team  <info@ipfire.org>                    #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = ipfire
+
+THISAPP    = web-user-interface-$(VER)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+install: $(TARGET)
+
+check: 
+
+download:
+
+md5: 
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+
+       # Copy all html/cgi-bin files
+       mkdir -p /srv/web/ipfire/{cgi-bin,html}
+       mkdir -p /var/updatecache/{download,metadata}
+       cp -aR $(DIR_SRC)/html/* /srv/web/ipfire
+
+       # Change CONFIG_ROOT in cgi-scripts
+       for i in /srv/web/ipfire/cgi-bin/{*,logs.cgi/*,vpn.cgi/*}; do \
+           if [ -f $$i ]; then \
+               sed -i "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" $$i; \
+           fi; \
+       done
+       chown -R root:root /srv/web/ipfire
+       chmod -R 755 /srv/web/ipfire/cgi-bin
+       chmod -R 644 /srv/web/ipfire/html
+       chmod 755 /srv/web/ipfire/html /srv/web/ipfire/html/{index.cgi,redirect.cgi,dial.cgi,images,include,themes,themes/*,themes/*/*}
+       ln -svf ipfire /srv/web/ipfire/html/themes/ipfire-rounded
+
+       # Reset permissions of redirect templates and theme directories
+       find /srv/web/ipfire/html/{redirect-templates,themes} -type d | xargs chmod -v 755
+       @$(POSTBUILD)

diff --git a/lfs/wpa_supplicant b/lfs/wpa_supplicant
index 1cebaabb3a9b0ae14930ff10f4669b53a0027c1b..e7f46de9aa427a2d4929120a8a0622ce410cf5ba 100644 (file)
--- a/lfs/wpa_supplicant
+++ b/lfs/wpa_supplicant
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.3
+VER        = 2.4
 
 THISAPP    = wpa_supplicant-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = f2ed8fef72cf63d8d446a2d0a6da630a
+$(DL_FILE)_MD5 = f0037dbe03897dcaf2ad2722e659095d
 
 install : $(TARGET)
 

diff --git a/lfs/xtables-addons b/lfs/xtables-addons
new file mode 100644 (file)
index 0000000..1848dc9
--- /dev/null
+++ b/lfs/xtables-addons
@@ -0,0 +1,110 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2014  IPFire Team <info@ipfire.org>                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VERSUFIX = ipfire$(KCFG)
+MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/
+
+VER        = 2.6
+
+THISAPP    = xtables-addons-$(VER)
+DL_FILE    = $(THISAPP).tar.xz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+
+ifeq "$(USPACE)" "1"
+  TARGET = $(DIR_INFO)/$(THISAPP)
+else
+  TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)-$(VERSUFIX)
+endif
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 087835ba7e564481b6fd398692268340
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+       $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+       # Only build the specified modules.
+       cp -avf $(DIR_SRC)/config/xtables-addons/mconfig \
+               $(DIR_APP)/mconfig
+
+# Check if we build the modules for a kernel or the userspace parts.
+ifeq "$(USPACE)" "1"
+       cd $(DIR_APP) && ./configure \
+               --prefix=/usr \
+               --without-kbuild
+
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+else
+       cd $(DIR_APP) && ./configure \
+               --with-kbuild=/usr/src/linux-$(KVER)/
+
+       cd $(DIR_APP) && make $(MAKETUNING)
+
+       # Install the built kernel modules.
+       cd $(DIR_APP) && for f in $$(ls extensions/*.ko); do \
+               install -m 644 $$f $(MODPATH); \
+       done
+endif
+
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)

diff --git a/lfs/xz b/lfs/xz
index fce71598b38b35de0ff747b245bcc4d2c6bfeb94..c1d3ef789082f374950b9dbf84e777cc07f29ec8 100644 (file)
--- a/lfs/xz
+++ b/lfs/xz
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.0.5
+VER        = 5.2.1
 
 THISAPP    = xz-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = aa17280f4521dbeebed0fbd11cd7fa30
+$(DL_FILE)_MD5 = b5e2dd95dc8498cea5354377ed89aa65
 
 install : $(TARGET)
 

diff --git a/make.sh b/make.sh
index 4deb3c88273cb8a41ace11372337cc3470ad67bd..29245bc59debe70b7350791372ea79db0bc38e39 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -17,7 +17,7 @@
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
-# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org>.                   #
+# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #
@@ -25,8 +25,8 @@
 NAME="IPFire"                                                  # Software name
 SNAME="ipfire"                                                 # Short name
 VERSION="2.17"                                                 # Version number
-CORE="89"                                                      # Core Level (Filename)
-PAKFIRE_CORE="89"                                              # Core Level (PAKFIRE)
+CORE="91"                                                      # Core Level (Filename)
+PAKFIRE_CORE="91"                                              # Core Level (PAKFIRE)
 GIT_BRANCH=`git rev-parse --abbrev-ref HEAD`                   # Git Branch
 SLOGAN="www.ipfire.org"                                                # Software slogan
 CONFIG_ROOT=/var/ipfire                                                # Configuration rootdir
@@ -36,7 +36,7 @@ BUILD_IMAGES=1                                                        # Flash and Xen Downloader
 KVER=`grep --max-count=1 VER lfs/linux | awk '{ print $3 }'`
 GIT_TAG=$(git tag | tail -1)                                   # Git Tag
 GIT_LASTCOMMIT=$(git log | head -n1 | cut -d" " -f2 |head -c8) # Last commit
-TOOLCHAINVER=8
+TOOLCHAINVER=9
 
 # New architecture variables
 BUILD_ARCH="$(uname -m)"
@@ -383,6 +383,7 @@ buildipfire() {
   export LOGFILE
   ipfiremake configroot
   ipfiremake backup
+  ipfiremake pkg-config
   ipfiremake libusb
   ipfiremake libusbx
   ipfiremake libpcap
@@ -403,6 +404,8 @@ buildipfire() {
   ipfiremake multipath-tools
   ipfiremake freetype
   ipfiremake grub
+  ipfiremake libmnl
+  ipfiremake iptables
 
   case "${TARGET_ARCH}" in
        i586)
@@ -411,8 +414,9 @@ buildipfire() {
                ipfiremake backports                    KCFG="-pae"
                ipfiremake cryptodev                    KCFG="-pae"
                ipfiremake e1000e                       KCFG="-pae"
-               ipfiremake igb                          KCFG="-pae"
+#              ipfiremake igb                          KCFG="-pae"
                ipfiremake ixgbe                        KCFG="-pae"
+               ipfiremake xtables-addons               KCFG="-pae"
                ipfiremake linux-initrd                 KCFG="-pae"
 
                # x86 kernel build
@@ -420,8 +424,9 @@ buildipfire() {
                ipfiremake backports                    KCFG=""
                ipfiremake cryptodev                    KCFG=""
                ipfiremake e1000e                       KCFG=""
-               ipfiremake igb                          KCFG=""
+#              ipfiremake igb                          KCFG=""
                ipfiremake ixgbe                        KCFG=""
+               ipfiremake xtables-addons               KCFG=""
                ipfiremake linux-initrd                 KCFG=""
                ;;
 
@@ -430,6 +435,7 @@ buildipfire() {
                ipfiremake linux                        KCFG="-rpi"
                ipfiremake backports                    KCFG="-rpi"
                ipfiremake cryptodev                    KCFG="-rpi"
+               ipfiremake xtables-addons               KCFG="-rpi"
                ipfiremake linux-initrd                 KCFG="-rpi"
 
                # arm multi platform (Panda, Wandboard ...) kernel build
@@ -437,8 +443,9 @@ buildipfire() {
                ipfiremake backports                    KCFG="-multi"
                ipfiremake cryptodev                    KCFG="-multi"
                ipfiremake e1000e                       KCFG="-multi"
-               ipfiremake igb                          KCFG="-multi"
+#              ipfiremake igb                          KCFG="-multi"
                ipfiremake ixgbe                        KCFG="-multi"
+               ipfiremake xtables-addons               KCFG="-multi"
                ipfiremake linux-initrd                 KCFG="-multi"
 
                # arm-kirkwood (Dreamplug, ICY-Box ...) kernel build
@@ -446,14 +453,15 @@ buildipfire() {
                ipfiremake backports                    KCFG="-kirkwood"
                ipfiremake cryptodev                    KCFG="-kirkwood"
                ipfiremake e1000e                       KCFG="-kirkwood"
-               ipfiremake igb                          KCFG="-kirkwood"
+#              ipfiremake igb                          KCFG="-kirkwood"
                ipfiremake ixgbe                        KCFG="-kirkwood"
+               ipfiremake xtables-addons               KCFG="-kirkwood"
                ipfiremake linux-initrd                 KCFG="-kirkwood"
                ;;
   esac
-  ipfiremake pkg-config
+  ipfiremake xtables-addons                    USPACE="1"
   ipfiremake openssl
-  ipfiremake openssl-compat
+  [ "${TARGET_ARCH}" = "i586" ] && ipfiremake openssl KCFG='-sse2'
   ipfiremake libgpg-error
   ipfiremake libgcrypt
   ipfiremake libassuan
@@ -499,7 +507,8 @@ buildipfire() {
   ipfiremake openldap
   ipfiremake apache2
   ipfiremake php
-  ipfiremake apache2                   PASS=C
+  ipfiremake web-user-interface
+  ipfiremake flag-icons
   ipfiremake jquery
   ipfiremake arping
   ipfiremake beep
@@ -526,8 +535,6 @@ buildipfire() {
   ipfiremake mtools
   ipfiremake initscripts
   ipfiremake whatmask
-  ipfiremake libmnl
-  ipfiremake iptables
   ipfiremake conntrack-tools
   ipfiremake libupnp
   ipfiremake ipaddr
@@ -810,6 +817,7 @@ buildipfire() {
   ipfiremake squid-accounting
   ipfiremake pigz
   ipfiremake tmux
+  ipfiremake perl-Text-CSV_XS
   ipfiremake swconfig
   ipfiremake haproxy
 }
@@ -971,7 +979,7 @@ build)
 
        cd $BASEDIR
        tools/checknewlog.pl
-       tools/checkwronginitlinks
+       tools/checkrootfiles
        cd $PWD
 
        beautify build_end

diff --git a/src/initscripts/init.d/dnsmasq b/src/initscripts/init.d/dnsmasq
index 4e37925171a4687d056f4f93ef3ec7b317ed8e3d..ce7689f4e1ed874d666bf46cb58f3673bcc5916f 100644 (file)
--- a/src/initscripts/init.d/dnsmasq
+++ b/src/initscripts/init.d/dnsmasq
@@ -15,18 +15,19 @@
 . /etc/sysconfig/rc
 . ${rc_functions}
 
-# Pull custom configuration file
-if [ -e "/etc/sysconfig/dnsmasq" ]; then
-       . /etc/sysconfig/dnsmasq
-fi
-
 CACHE_SIZE=2500
 ENABLE_DNSSEC=1
 SHOW_SRV=1
 TRUST_ANCHOR=".,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
+TIMESTAMP_FILE="/var/ipfire/dns/dnssec-timestamp"
+
+# Pull custom configuration file
+if [ -e "/etc/sysconfig/dnsmasq" ]; then
+       . /etc/sysconfig/dnsmasq
+fi
 
 function dnssec_args() {
-       local cmdline="--dnssec --dnssec-timestamp"
+       local cmdline="--dnssec --dnssec-timestamp ${TIMESTAMP_FILE}"
 
        if [ -n "${TRUST_ANCHOR}" ]; then
                cmdline="${cmdline} --trust-anchor=${TRUST_ANCHOR}"

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index c383652e0b5e89b086caac5a1d745181fb113b6b..8ca02bc9d1932b4530556d5baf29ef0053eb090d 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -179,6 +179,11 @@ iptables_init() {
                iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
        fi
 
+       # GeoIP block
+       iptables -N GEOIPBLOCK
+       iptables -A INPUT -j GEOIPBLOCK
+       iptables -A FORWARD -j GEOIPBLOCK
+
        # trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
        iptables -N IPSECINPUT
        iptables -N IPSECFORWARD

diff --git a/src/initscripts/init.d/firstsetup b/src/initscripts/init.d/firstsetup
index dca3e40163caeb050dc546684ff0d00258171851..70c30b4e230fb8b9fcff9e4f607394f2f948e8b1 100644 (file)
--- a/src/initscripts/init.d/firstsetup
+++ b/src/initscripts/init.d/firstsetup
@@ -40,9 +40,6 @@ if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
                echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
                echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
                echo "Release: 0"     >> /opt/pakfire/db/installed/meta-linux-pae
-               echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae
-               echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae
-               echo "Release: 0"     >> /opt/pakfire/db/meta/meta-linux-pae
        fi
 fi
 

diff --git a/src/initscripts/init.d/hostapd b/src/initscripts/init.d/hostapd
index 1e7cec48097ee35f4cd1408ad5bb728d09c20fc0..209f969def7c93d043c77b46069deed5145b7551 100644 (file)
--- a/src/initscripts/init.d/hostapd
+++ b/src/initscripts/init.d/hostapd
@@ -2,7 +2,7 @@
 . /etc/sysconfig/rc
 . ${rc_functions}
 
-CHANNEL="05"
+CHANNEL="6"
 COUNTRY="00"
 TXPOWER="auto"
 INTERFACE="blue0"
@@ -38,9 +38,6 @@ case "${1}" in
                if [ -e "/sys/class/net/$INTERFACE/phy80211" ]; then
                        DRIVER="NL80211"
                        driver="nl80211"
-               elif [ -e "/sys/class/net/$INTERFACE/madwifi_name_type" ]; then
-                       DRIVER="MADWIFI"
-                       driver="madwifi"
                elif [ "$(/bin/grep hostap /sys/class/net/$INTERFACE/uevent)" != "" ]; then
                        DRIVER="HOSTAP"
                        driver="hostap"
@@ -60,14 +57,7 @@ case "${1}" in
                chmod 644 /var/ipfire/wlanap/settings.tmp
                mv /var/ipfire/wlanap/settings.tmp /var/ipfire/wlanap/settings
 
-               if [ "$DRIVER" == "MADWIFI" ]; then
-                       if [ "$(/usr/sbin/iwconfig $INTERFACE | /bin/grep "Mode:Master")" == "" ]; then
-                               boot_mesg "Setting MADWIFI wlan $INTERFACE to Master mode... "
-                               # Set Atheros Cards to master mode
-                               /usr/bin/wlanconfig $INTERFACE destroy > /dev/null
-                               /usr/bin/wlanconfig $INTERFACE create wlandev wifi0 wlanmode ap > /dev/null
-                       fi
-               elif [ "$DRIVER" == "HOSTAP" ]; then
+               if [ "$DRIVER" == "HOSTAP" ]; then
                        if [ "$(/usr/sbin/iwconfig $INTERFACE | /bin/grep "Mode:Master")" == "" ]; then
                                boot_mesg "Setting HOSTAP wlan $INTERFACE to Master mode... "
                                # Set Prism Cards to master mode
@@ -87,23 +77,7 @@ case "${1}" in
 
                /usr/bin/hostapd -P /var/run/hostapd /etc/hostapd.conf >/dev/null 2>&1 &
 
-               sleep 2
-
-               if [ $DRIVER == "MADWIFI" ]; then
-                       iwpriv $INTERFACE maccmd 3
-                       if [ $MACMODE != 0 ]; then
-                               FILE="/var/ipfire/wlanap/macfile"
-                               exec < $FILE
-                               while read LINE
-                               do
-                                       iwpriv $INTERFACE addmac $LINE
-                               done
-
-                               iwpriv $INTERFACE maccmd $MACMODE
-                       fi
-               fi
-
-               sleep 2
+               sleep 3
 
                if [ "$(/usr/sbin/iwconfig $INTERFACE | /bin/grep "Mode:Master")" == "" ]; then
                        killproc /usr/bin/hostapd > /dev/null 2>&1

diff --git a/src/initscripts/init.d/network-trigger b/src/initscripts/init.d/network-trigger
new file mode 100644 (file)
index 0000000..0d9de45
--- /dev/null
+++ b/src/initscripts/init.d/network-trigger
@@ -0,0 +1,22 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/network-trigger
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+case "${1}" in
+       start)
+               boot_mesg "Triggering network devices..."
+               udevadm trigger --action="add" --subsystem-match="net"
+               evaluate_retval
+               ;;
+
+       *)
+               echo "Usage: ${0} {start}"
+               exit 1
+               ;;
+esac
+
+# End $rc_base/init.d/network-trigger

diff --git a/src/initscripts/init.d/networking/functions.network b/src/initscripts/init.d/networking/functions.network
index f459b77759af45419dce40ff02bbf1a341945930..1af3482df48df17bb8a362cb2185a4d1852a36cb 100644 (file)
--- a/src/initscripts/init.d/networking/functions.network
+++ b/src/initscripts/init.d/networking/functions.network
@@ -75,7 +75,7 @@ dhcpcd_start() {
        fi
 
        # Start dhcpcd.
-       /sbin/dhcpcd "${device}" "${dhcp_start}" >/dev/null 2>&1
+       /sbin/dhcpcd ${dhcp_start} ${device} >/dev/null 2>&1
        ret="$?"
 
        if [ "${ret}" -eq 0 ]; then
@@ -124,7 +124,7 @@ dhcpcd_stop() {
        fi
 
        # Stop dhcpcd.
-       /sbin/dhcpcd "${device}" "${dhcp_stop}" &> /dev/null
+       /sbin/dhcpcd ${dhcp_stop} ${device} &> /dev/null
        ret="$?"
 
        # Wait until dhcpd has stopped.

diff --git a/src/initscripts/init.d/networking/red.up/99-geoip-database b/src/initscripts/init.d/networking/red.up/99-geoip-database
new file mode 100644 (file)
index 0000000..4bd3ee2
--- /dev/null
+++ b/src/initscripts/init.d/networking/red.up/99-geoip-database
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Get the GeoIP database if no one exists yet.
+
+DIR="/usr/share/xt_geoip/*"
+
+found=false
+
+# Check if the directory contains any data.
+for i in $DIR; do
+       # Ignore "." and ".."
+       if [ -d "$i" ]; then
+               found=true
+               break
+       fi
+done
+
+# Download ruleset if none has been found.
+if ! ${found}; then
+       /usr/local/bin/xt_geoip_update >/dev/null 2>&1
+fi
+
+exit 0

diff --git a/src/initscripts/init.d/nfs-server b/src/initscripts/init.d/nfs-server
index 397722c1c2967570a6a761077b860e483c391020..15284e88a36519e4d85220ae4cac8005535b2f6e 100644 (file)
--- a/src/initscripts/init.d/nfs-server
+++ b/src/initscripts/init.d/nfs-server
@@ -27,13 +27,9 @@ case "$1" in
                        loadproc /usr/sbin/rpc.rquotad
                fi
 
-               # NFSD support only in 2.6 kernel
-               /bin/uname -r | /bin/grep "2.6" 2>&1 > /dev/null
-               if [ $? = 0 ]; then
-                       boot_mesg "Mounting nfsd virtual filesystem..."
-                       /bin/mount -t nfsd none /proc/fs/nfsd 2>&1 > /dev/null
-                       evaluate_retval
-               fi
+               boot_mesg "Mounting nfsd virtual filesystem..."
+               /bin/mount -t nfsd none /proc/fs/nfsd 2>&1 > /dev/null
+               evaluate_retval
 
                # Make ceratin that the list is refreshed on
                # a restart.
@@ -62,13 +58,9 @@ case "$1" in
                /usr/sbin/exportfs -au 2>&1 > /dev/null
                evaluate_retval
 
-               # NFSD support only in 2.6 kernel
-                /bin/uname -r | /bin/grep "2.6" 2>&1 > /dev/null
-                if [ $? = 0 ]; then
-                       boot_mesg "Unmounting NFS Virtual Filesystem..."
-                       /bin/umount /proc/fs/nfsd 2>&1 > /dev/null
-                       evaluate_retval
-               fi
+               boot_mesg "Unmounting NFS Virtual Filesystem..."
+               /bin/umount /proc/fs/nfsd 2>&1 > /dev/null
+               evaluate_retval
 
                # Remove a pid file that isn't done automatically
                boot_mesg "Removing the rpc.statd pid file if it exists"

diff --git a/src/initscripts/sysconfig/createfiles b/src/initscripts/sysconfig/createfiles
index 8d1f89dc65a7f4c5c32f6d1ff09f97af51462571..cf7d6e1469918dceefab63bd43ac53344f8ea48e 100644 (file)
--- a/src/initscripts/sysconfig/createfiles
+++ b/src/initscripts/sysconfig/createfiles
@@ -25,4 +25,7 @@
 #              <major> and <minor> are the major and minor numbers used for the device.
 ########################################################################
 
+/var/run/ovpnserver.log        file    644     nobody  nobody
+/var/run/openvpn       dir     644     nobody  nobody
+
 # End /etc/sysconfig/createfiles

diff --git a/src/installer/main.c b/src/installer/main.c
index 358b2c46ffdf892a17a894ec7f6fbb6c2d367259..c420de3a18572760fa1a1eff837213f8be276153 100644 (file)
--- a/src/installer/main.c
+++ b/src/installer/main.c
@@ -271,6 +271,7 @@ static struct lang {
 static struct config {
        int unattended;
        int serial_console;
+       int novga;
        int require_networking;
        int perform_download;
        int disable_swap;
@@ -280,6 +281,7 @@ static struct config {
 } config = {
        .unattended = 0,
        .serial_console = 0,
+       .novga = 0,
        .require_networking = 0,
        .perform_download = 0,
        .disable_swap = 0,
@@ -309,6 +311,10 @@ static void parse_command_line(struct config* c) {
                        if ((strcmp(key, "console") == 0) && (strncmp(val, "ttyS", 4) == 0))
                                c->serial_console = 1;
 
+                       // novga
+                       else if (strcmp(key, "novga") == 0)
+                               c->novga = 1;
+
                        // enable networking?
                        else if (strcmp(token, "installer.net") == 0)
                                c->require_networking = 1;
@@ -825,6 +831,19 @@ int main(int argc, char *argv[]) {
                replace("/harddisk/etc/inittab", "#7:2345:respawn:", "7:2345:respawn:");
        }
 
+       /* novga */
+       if (config.novga) {
+               /* grub */
+               FILE* f = fopen(DESTINATION_MOUNT_PATH "/etc/default/grub", "a");
+               if (!f) {
+                       errorbox(_("Unable to open /etc/default/grub for writing."));
+                       goto EXIT;
+               }
+
+               fprintf(f, "GRUB_GFXMODE=\"none\"\n");
+               fclose(f);
+       }
+
        rc = hw_install_bootloader(destination, logfile);
        if (rc) {
                errorbox(_("Unable to install the bootloader."));
@@ -833,8 +852,11 @@ int main(int argc, char *argv[]) {
 
        newtPopWindow();
 
-       /* Set marker that the user has already accepted the gpl */
-       mysystem(logfile, "/usr/bin/touch /harddisk/var/ipfire/main/gpl_accepted");
+       /* Set marker that the user has already accepted the GPL if the license has been shown
+        * in the installation process. In unatteded mode, the user will be presented the
+        * license when he or she logs on to the web user interface for the first time. */
+       if (!config.unattended)
+               mysystem(logfile, "/usr/bin/touch /harddisk/var/ipfire/main/gpl_accepted");
 
        /* Copy restore file from cdrom */
        char* backup_file = hw_find_backup_file(logfile, SOURCE_MOUNT_PATH);

diff --git a/src/installer/po/pt_BR.po b/src/installer/po/pt_BR.po
index 4a5d137a6eee9d5e2d5364d756d9cd055d4f1319..e78c1b452170fc9363e1b1762cc2bdb2b051fdc5 100644 (file)
--- a/src/installer/po/pt_BR.po
+++ b/src/installer/po/pt_BR.po
@@ -6,13 +6,14 @@
 # André Felipe Morro <andre@andremorro.com>, 2014
 # Evertton de Lima <e.everttonlima@gmail.com>, 2015
 # Leandro Luquetti Basilio da Silva <leandroluquetti@gmail.com>, 2014
+# Moisés Bites Borges de Castro <moisesbites@gmail.com>, 2015
 msgid ""
 msgstr ""
 "Project-Id-Version: IPFire Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2014-11-05 01:29+0000\n"
-"PO-Revision-Date: 2015-02-16 23:04+0000\n"
-"Last-Translator: Evertton de Lima <e.everttonlima@gmail.com>\n"
+"PO-Revision-Date: 2015-03-24 21:30+0000\n"
+"Last-Translator: Moisés Bites Borges de Castro <moisesbites@gmail.com>\n"
 "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/ipfire/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -76,13 +77,13 @@ msgid ""
 "No source drive could be found.\n"
 "\n"
 "You can try downloading the required installation image."
-msgstr ""
+msgstr "Nenhum Drive de origem foi encontrado.\n\nVocê pode tentar baixar a imagem da instalação solicitada. "
 
 #: main.c:456
 msgid ""
 "Please make sure to connect your machine to a network and the installer will"
 " try connect to acquire an IP address."
-msgstr ""
+msgstr "Por favor certifique que sua máquina está conectada com uma rede e o instalador irá tentar conectar para pegar um endereço IP;"
 
 #: main.c:460
 msgid "Download installation image"
@@ -110,7 +111,7 @@ msgstr "Baixando imagem de instalação..."
 #: main.c:510
 #, c-format
 msgid "MD5 checksum mismatch"
-msgstr ""
+msgstr "Assinatura MD5 incompatível"
 
 #: main.c:513
 #, c-format
@@ -301,15 +302,15 @@ msgstr "Não"
 
 #: main.c:834
 msgid "An error occured when the backup file was restored."
-msgstr "Um erro ocorreu enquanto a cópia de segurança foi restaurada."
+msgstr "Um erro ocorreu enquanto a cópia de segurança era restaurada."
 
 #: main.c:869
 msgid "Running post-install script..."
-msgstr "Executando post-install script..."
+msgstr "Executando script pós instalação..."
 
 #: main.c:870
 msgid "Post-install script failed."
-msgstr "Post-install script falhou."
+msgstr "Script de pós instalação falhou."
 
 #: main.c:877
 #, c-format
@@ -317,7 +318,7 @@ msgid ""
 "%s was successfully installed!\n"
 "\n"
 "Please remove any installation mediums from this system and hit the reboot button. Once the system has restarted you will be asked to setup networking and system passwords. After that, you should point your web browser at https://%s:444 (or what ever you name your %s) for the web configuration console."
-msgstr ""
+msgstr "%s está instalado com sucesso!\n\nPor favor, remova qualquer mídia de instalação desse sistema e o reinicie. Assim que o sistema for reiniciado você será solicitado a configurar a rede e especificar as senhas de sistema. Após isso, você deve  apontar seu navegador para https://%s:444 (ou use nome de %s) para a página de configuração web."
 
 #: main.c:882
 msgid "Congratulations!"

diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index f5802d26ac2c7918d43e4f998e100fb5f8f1a0a9..e4bf04972803480be0208b8e5a3032a0170bb07c 100644 (file)
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -25,13 +25,13 @@ LIBS    = -lsmooth -lnewt
 PROGS = iowrap
 SUID_PROGS = squidctrl sshctrl ipfirereboot \
        ipsecctrl timectrl dhcpctrl snortctrl \
-       applejuicectrl rebuildhosts backupctrl \
+       applejuicectrl rebuildhosts backupctrl collectdctrl \
        logwatch openvpnctrl firewallctrl \
        wirelessctrl getipstat qosctrl launch-ether-wake \
        redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
        smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
        setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
-       getconntracktable wirelessclient dnsmasqctrl torctrl
+       getconntracktable wirelessclient dnsmasqctrl torctrl ddnsctrl
 SUID_UPDX = updxsetperms
 
 OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS))

diff --git a/src/misc-progs/collectdctrl.c b/src/misc-progs/collectdctrl.c
new file mode 100644 (file)
index 0000000..86e4b2a
--- /dev/null
+++ b/src/misc-progs/collectdctrl.c
@@ -0,0 +1,39 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+       if (!(initsetuid()))
+               exit(1);
+
+       if (argc < 2) {
+               fprintf(stderr, "\nNo argument given.\n\ncollectdctrl (start|stop|restart)\n\n");
+               exit(1);
+       }
+
+       if (strcmp(argv[1], "restart") == 0) {
+               safe_system("/etc/rc.d/init.d/collectd restart");
+
+       } else if (strcmp(argv[1], "stop") == 0) {
+               safe_system("/etc/rc.d/init.d/collectd stop");
+
+       } else if (strcmp(argv[1], "start") == 0) {
+               safe_system("/etc/rc.d/init.d/collectd start");
+
+       } else {
+               fprintf(stderr, "\nBad argument given.\n\ncollectdctrl (start|stop|restart)\n\n");
+               exit(1);
+       }
+
+       return 0;
+}

diff --git a/src/misc-progs/ddnsctrl.c b/src/misc-progs/ddnsctrl.c
new file mode 100644 (file)
index 0000000..7c41033
--- /dev/null
+++ b/src/misc-progs/ddnsctrl.c
@@ -0,0 +1,37 @@
+/* This file is part of the IPFire Firewall.
+*
+* This program is distributed under the terms of the GNU General Public
+* Licence.  See the file COPYING for details.
+*
+*/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "setuid.h"
+
+const char *conffile = "/var/ipfire/ddns/ddns.conf";
+
+int main(int argc, char *argv[]) {
+       char cmd[STRING_SIZE];
+
+        if (!(initsetuid()))
+                exit(1);
+
+        if (argc < 2) {
+                fprintf(stderr, "\nNo argument given.\n\nddnsctrl (update-all)\n\n");
+                exit(1);
+        }
+
+       if (strcmp(argv[1], "update-all") == 0) {
+               snprintf(cmd, sizeof(cmd), "/usr/bin/ddns --config %s update-all >/dev/null 2>&1", conffile);
+               safe_system(cmd);
+       } else {
+                fprintf(stderr, "\nBad argument given.\n\nddnsctrl (update-all)\n\n");
+                exit(1);
+        }
+
+        return 0;
+}

diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index eb3fc4984f22ccfe4e46a2f2f804a60bf4386559..e99202d9fa33cb5ab35121d09ff59f9ed633fd10 100644 (file)
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -58,36 +58,26 @@ static void ipsec_reload() {
 void open_physical (char *interface, int nat_traversal_port) {
         char str[STRING_SIZE];
 
-        // GRE ???
-//        sprintf(str, "/sbin/iptables -A " phystable " -p 47  -i %s -j ACCEPT", interface);
-//        safe_system(str);
-        // ESP
-//        sprintf(str, "/sbin/iptables -A " phystable " -p 50  -i %s -j ACCEPT", interface);
-//        safe_system(str);
-        // AH
-//        sprintf(str, "/sbin/iptables -A " phystable " -p 51  -i %s -j ACCEPT", interface);
-//        safe_system(str);
         // IKE
-
-        sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
+        sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
         safe_system(str);
-        sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
+        sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
         safe_system(str);
 
         if (! nat_traversal_port) 
             return;
 
-        sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
+        sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
         safe_system(str);
-        sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
+        sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
         safe_system(str);
 }
 
 void ipsec_norules() {
         /* clear input rules */
-        safe_system("/sbin/iptables -F IPSECINPUT");
-        safe_system("/sbin/iptables -F IPSECFORWARD");
-        safe_system("/sbin/iptables -F IPSECOUTPUT");
+        safe_system("/sbin/iptables --wait -F IPSECINPUT");
+        safe_system("/sbin/iptables --wait -F IPSECFORWARD");
+        safe_system("/sbin/iptables --wait -F IPSECOUTPUT");
 }
 
 /*

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index d20cced7743b80bdfc91c1875b54c2e33d0ca337..20967e471c4085bcb30cf375882c9ed71d8aff44 100644 (file)
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -1,3 +1,4 @@
+#define _XOPEN_SOURCE 500
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -7,6 +8,7 @@
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <fcntl.h>
+#include <ftw.h>
 #include "setuid.h"
 #include "netutil.h"
 #include "libsmooth.h"
@@ -44,6 +46,18 @@ struct connection_struct {
 
 typedef struct connection_struct connection;
 
+static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) {
+       int rv = remove(fpath);
+       if (rv)
+               perror(fpath);
+
+       return rv;
+}
+
+static int recursive_remove(const char* path) {
+       return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS);
+}
+
 void exithandler(void)
 {
        if(kv)
@@ -537,6 +551,7 @@ int startNet2Net(char *name) {
 int killNet2Net(char *name) {
        connection *conn = NULL;
        connection *conn_iter;
+       int rc = 0;
 
        conn_iter = getConnections();
 
@@ -569,26 +584,40 @@ int killNet2Net(char *name) {
        snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
        executeCommand(command);
 
+       char runfile[STRING_SIZE];
+       snprintf(runfile, STRING_SIZE - 1, "/var/run/openvpn/%s-n2n", conn->name);
+       rc = recursive_remove(runfile);
+       if (rc)
+               perror(runfile);
+
        return 0;
 }
 
 int deleterrd(char *name) {
+       char rrd_dir[STRING_SIZE];
+
        connection *conn = getConnections();
+       while(conn) {
+               if (strcmp(conn->name, name) != 0) {
+                       conn = conn->next;
+                       continue;
+               }
 
-       char rrd_file[STRING_SIZE];
-       snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name);
+               // Handle RW connections
+               if (strcmp(conn->type, "host") == 0) {
+                       snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/", name);
 
-       char rrd_dir[STRING_SIZE];
-       snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);
+               // Handle N2N connections
+               } else if (strcmp(conn->type, "net") == 0) {
+                       snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s-n2n/", name);
 
-       while(conn) {
-               /* Find only RW-Connections with the given name. */
-               if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) {
-                       remove(rrd_file);
-                       remove(rrd_dir);
-                       return 0;
+               // Unhandled connection type
+               } else {
+                       conn = conn->next;
+                       continue;
                }
-               conn = conn->next;
+
+               return recursive_remove(rrd_dir);
        }
 
        return 1;

diff --git a/src/misc-progs/rebuildhosts.c b/src/misc-progs/rebuildhosts.c
index 21c523600c75b5223106d6aeb284db40f30e9531..f77c2dfb53da72f7cf4371110d219f34591fb308 100644 (file)
--- a/src/misc-progs/rebuildhosts.c
+++ b/src/misc-progs/rebuildhosts.c
@@ -79,18 +79,13 @@ int main(int argc, char *argv[])
        freekeyvalues(kv);
        kv = NULL;
 
-       if (!(gw = fopen(CONFIG_ROOT "/red/remote-ipaddress", "r")))
-       {
+       if ((gw = fopen(CONFIG_ROOT "/red/remote-ipaddress", "r"))) {
+               if (fgets(gateway, STRING_SIZE, gw) == NULL) {
+                       fprintf(stderr, "Couldn't read remote-ipaddress\n");
+                       exit(1);
+               }
+       } else {
                fprintf(stderr, "Couldn't open remote-ipaddress file\n");
-               fclose(gw);
-               gw = NULL;
-               exit(1);
-       }
-
-       if (fgets(gateway, STRING_SIZE, gw) == NULL)
-       {
-               fprintf(stderr, "Couldn't read remote-ipaddress\n");
-               exit(1);
        }
 
        if (!(fd = fopen(CONFIG_ROOT "/main/hosts", "r")))
@@ -112,7 +107,8 @@ int main(int argc, char *argv[])
        else
                fprintf(hosts, "%s\t%s\n",address,hostname);
 
-       fprintf(hosts, "%s\tgateway\n",gateway);
+       if (strlen(gateway) > 0)
+               fprintf(hosts, "%s\tgateway\n", gateway);
 
        while (fgets(buffer, STRING_SIZE, fd))
        {

diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl
index d14e0314da05e1a7bfd5377cd7811c1812e22afd..d2f77fa8f18134d421e166ce808901dc2ae67b54 100644 (file)
--- a/src/pakfire/lib/functions.pl
+++ b/src/pakfire/lib/functions.pl
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2015   IPFire Team   <info@ipfire.org>                   #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -393,6 +393,7 @@ sub dbgetlist {
        foreach $file (@files) {
                next if ( $file eq "." );
                next if ( $file eq ".." );
+               next if ( $file eq "meta-" );
                next if ( $file =~ /^old/ );
                open(FILE, "<$Conf::dbdir/meta/$file");
                @meta = <FILE>;
@@ -589,6 +590,25 @@ sub resolvedeps {
        return @all;
 }
 
+sub resolvedeps_recursive {
+       my @packages = shift;
+       my @result = ();
+
+       foreach my $pkg (@packages) {
+               my @deps = &Pakfire::resolvedeps($pkg);
+
+               foreach my $dep (@deps) {
+                       push(@result, $dep);
+               }
+       }
+
+       # Sort the result array and remove dupes
+       my %sort = map{ $_, 1 } @result;
+       @result = keys %sort;
+
+       return @result;
+}
+
 sub cleanup {
        my $dir = shift;
        my $path;
@@ -695,7 +715,7 @@ sub getpak {
        }
        
        unless ($file) {
-               message("No filename given in meta-file. Please phone the developers.");
+               message("No filename given in meta-file.");
                exit 1;
        }
        
@@ -870,6 +890,7 @@ sub checkcryptodb {
        unless ( "$ret" eq "0" ) {
                message("CRYPTO WARN: The GnuPG isn't configured corectly. Trying now to fix this.");
                message("CRYPTO WARN: It's normal to see this on first execution.");
+               message("CRYPTO WARN: If this message is being shown repeatedly, check if time and date are set correctly, and if IPFire can connect via port 11371 TCP.");
                my $command = "gpg --keyserver pgp.ipfire.org --always-trust --status-fd 2";
                system("$command --recv-key $myid >> $Conf::logdir/gnupg-database.log 2>&1");
                system("$command --recv-key $trustid >> $Conf::logdir/gnupg-database.log 2>&1");

diff --git a/src/pakfire/pakfire b/src/pakfire/pakfire
index 3d0270aa41db8fb49f0f4f1002c9ba1e826606e6..8bca061aba696b34807c6cda0e19f928fa668736 100644 (file)
--- a/src/pakfire/pakfire
+++ b/src/pakfire/pakfire
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2015   IPFire Team   <info@ipfire.org>                   #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -255,14 +255,11 @@
        } elsif ("$ARGV[0]" eq "upgrade") {
                &Pakfire::upgradecore();
                my @upgradepaks = &Pakfire::dblist("upgrade", "noweb");
-               my @temp, $pak;
-               
-               foreach (@upgradepaks) {
-                       @temp = &Pakfire::resolvedeps("$_");
-                       foreach (@temp) { push(@upgradepaks,$_) if $_; }
-               }
-               
+
                if (@upgradepaks) {
+                       # Resolve the dependencies of the to be upgraded packages
+                       my @deps = &Pakfire::resolvedeps_recursive(@upgradepaks);
+
                        &Pakfire::message("");
                        &Pakfire::message("PAKFIRE UPGR: We are going to install all packages listed above.");
                        if ($interactive) {
@@ -277,16 +274,24 @@
                        }
                }
                
-               ### Download first
+               # Download packages
                foreach $pak (@upgradepaks) {
-                       #system("mv $Conf::dbdir/meta/meta-$pak $Conf::dbdir/meta/old-meta-$pak");
                        &Pakfire::getpak("$pak", "");
                }
-               
+
+               # Download dependencies
+               foreach $pak (@deps) {
+                       &Pakfire::getpak("$pak", "");
+               }
+
+               # Install dependencies first
+               foreach $pak (@deps) {
+                       &Pakfire::setuppak("$pak");
+               }
+
+               # Install all upgrades
                foreach $pak (@upgradepaks) {
-                       if (&Pakfire::upgradepak("$pak")) {
-                               #system("mv $Conf::dbdir/meta/old-meta-$pak $Conf::dbdir/meta/meta-$pak");
-                       }
+                       &Pakfire::upgradepak("$pak");
                }
                
        } elsif ("$ARGV[0]" eq "list") {

diff --git a/src/paks/cyrus-imapd/uninstall.sh b/src/paks/cyrus-imapd/uninstall.sh
index 0d2109eb9e6337d1c5838982f6b82f04e7f4e4d1..e34fa5698fd7c31fca33c23ec6b928071079d4a8 100644 (file)
--- a/src/paks/cyrus-imapd/uninstall.sh
+++ b/src/paks/cyrus-imapd/uninstall.sh
@@ -22,6 +22,7 @@
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
+extract_backup_includes
 stop_service ${NAME}
 make_backup ${NAME}
 remove_files

diff --git a/src/paks/haproxy/install.sh b/src/paks/haproxy/install.sh
new file mode 100644 (file)
index 0000000..45b2161
--- /dev/null
+++ b/src/paks/haproxy/install.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_files
+
+# Enable autostart
+ln -sf  ../init.d/haproxy /etc/rc.d/rc0.d/K25haproxy
+ln -sf  ../init.d/haproxy /etc/rc.d/rc3.d/S35haproxy
+ln -sf  ../init.d/haproxy /etc/rc.d/rc6.d/K25haproxy

diff --git a/src/paks/haproxy/uninstall.sh b/src/paks/haproxy/uninstall.sh
new file mode 100644 (file)
index 0000000..b01ee11
--- /dev/null
+++ b/src/paks/haproxy/uninstall.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+remove_files
+rm -rfv /etc/rc.d/rc*.d/*haproxy

diff --git a/src/paks/net-snmp/update.sh b/src/paks/haproxy/update.sh
similarity index 100%
rename from src/paks/net-snmp/update.sh
rename to src/paks/haproxy/update.sh

diff --git a/src/paks/linux-pae/install.sh b/src/paks/linux-pae/install.sh
index c980a0136bfd81732965bfda823522846531895d..27e665f9243b1e18be7a31b5d23b6843be7957fe 100644 (file)
--- a/src/paks/linux-pae/install.sh
+++ b/src/paks/linux-pae/install.sh
@@ -55,29 +55,24 @@ depmod -a $KVER-ipfire-pae
 #
 /usr/bin/dracut --force --xz /boot/initramfs-$KVER-ipfire-pae.img $KVER-ipfire-pae  
 
-
-ROOT="$(find_partition "/")"
-case $ROOT in
-       xvd* )
-               #
-               # We are on XEN so create new grub.conf / menu.lst for pygrub
-               #
-               echo "timeout 10"                          > /boot/grub/grub.conf
-               echo "default 0"                          >> /boot/grub/grub.conf
-               echo "title IPFire (pae-kernel)"          >> /boot/grub/grub.conf
-               echo "  kernel /vmlinuz-$KVER-ipfire-pae root=/dev/$ROOT rootdelay=10 panic=10 console=hvc0" \
-                                                         >> /boot/grub/grub.conf
-               echo "  initrd /initramfs-$KVER-ipfire-pae.img" >> /boot/grub/grub.conf
-               echo "# savedefault 0"                    >> /boot/grub/grub.conf
-               ln -s grub.conf $MNThdd/boot/grub/menu.lst
-               ;;
-       * )
-               #
-               # Update grub2 config
-               #
-               grub-mkconfig > /boot/grub/grub.cfg
-               ;;
-esac
+if [ -e /boot/grub/grub.cfg ]; then
+       #
+       # Update grub2 config
+       #
+       grub-mkconfig > /boot/grub/grub.cfg
+else
+       #
+       # xen pv with pygrub need grub.conf / menu.lst
+       #
+       echo "timeout 10"                          > /boot/grub/grub.conf
+       echo "default 0"                          >> /boot/grub/grub.conf
+       echo "title IPFire (pae-kernel)"          >> /boot/grub/grub.conf
+       echo "  kernel /vmlinuz-$KVER-ipfire-pae root=/dev/$ROOT rootdelay=10 panic=10 console=hvc0" \
+                                                 >> /boot/grub/grub.conf
+       echo "  initrd /initramfs-$KVER-ipfire-pae.img" >> /boot/grub/grub.conf
+       echo "# savedefault 0"                    >> /boot/grub/grub.conf
+       ln -s grub.conf $MNThdd/boot/grub/menu.lst
+fi
 
 # request a reboot if pae is supported
 if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then

diff --git a/src/paks/net-snmp/install.sh b/src/paks/netsnmpd/install.sh
similarity index 100%
rename from src/paks/net-snmp/install.sh
rename to src/paks/netsnmpd/install.sh

diff --git a/src/paks/net-snmp/uninstall.sh b/src/paks/netsnmpd/uninstall.sh
similarity index 98%
rename from src/paks/net-snmp/uninstall.sh
rename to src/paks/netsnmpd/uninstall.sh
index a7b8a5370f68e23809d3bd94083f0150545980cb..278218b26066bb104c4e310d58e5e9f4782f00e4 100644 (file)
--- a/src/paks/net-snmp/uninstall.sh
+++ b/src/paks/netsnmpd/uninstall.sh
@@ -22,6 +22,7 @@
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
+extract_backup_includes
 stop_service ${NAME}
 make_backup ${NAME}
 remove_files

diff --git a/src/paks/netsnmpd/update.sh b/src/paks/netsnmpd/update.sh
new file mode 100644 (file)
index 0000000..89c40d0
--- /dev/null
+++ b/src/paks/netsnmpd/update.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+./uninstall.sh
+./install.sh

diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh
index 56c23e2c26bdea3576128c2881ab25171122267d..0932d2e54e46c5af3360449669dec2c27d9dcf8a 100644 (file)
--- a/src/paks/postfix/install.sh
+++ b/src/paks/postfix/install.sh
@@ -23,10 +23,12 @@
 #
 . /opt/pakfire/lib/functions.sh
 extract_files
+restore_backup ${NAME}
 postalias /etc/aliases
 # Set postfix's hostname
 postconf -e "myhostname=$(hostname -f)"
-/etc/init.d/postfix start
+
+start_service ${NAME}
 
 # Enable autostart for postfix
 ln -sf  ../init.d/postfix /etc/rc.d/rc0.d/K25postfix

diff --git a/src/paks/postfix/uninstall.sh b/src/paks/postfix/uninstall.sh
index 39f1ef969c3b233713530dc1a8ae23e3f039f3f9..bc70451a17f90af3ae12de6fc4d87894e8d2118a 100644 (file)
--- a/src/paks/postfix/uninstall.sh
+++ b/src/paks/postfix/uninstall.sh
@@ -22,5 +22,8 @@
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
+extract_backup_includes
+stop_service ${NAME}
+make_backup ${NAME}
 remove_files
 rm -rfv /etc/rc.d/rc*.d/*postfix

diff --git a/src/patches/backports-3.18.1-1_rt2x00usb_suppress_queue_warnings.patch b/src/patches/backports-3.18.1-1_rt2x00usb_suppress_queue_warnings.patch
new file mode 100644 (file)
index 0000000..3f9308e
--- /dev/null
+++ b/src/patches/backports-3.18.1-1_rt2x00usb_suppress_queue_warnings.patch
@@ -0,0 +1,42 @@
+diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2800usb.c backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2800usb.c
+--- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2800usb.c     2014-12-21 22:37:14.000000000 +0100
++++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2800usb.c 2015-04-07 11:44:16.647963570 +0200
+@@ -444,7 +444,7 @@
+ 
+       rt2x00usb_register_read(rt2x00dev, TXRXQ_PCNT, &reg);
+       if (rt2x00_get_field32(reg, TXRXQ_PCNT_TX0Q)) {
+-              rt2x00_warn(rt2x00dev, "TX HW queue 0 timed out, invoke forced kick\n");
++              rt2x00_dbg(rt2x00dev, "TX HW queue 0 timed out, invoke forced kick\n");
+ 
+               rt2x00usb_register_write(rt2x00dev, PBF_CFG, 0xf40012);
+ 
+@@ -459,7 +459,7 @@
+ 
+       rt2x00usb_register_read(rt2x00dev, TXRXQ_PCNT, &reg);
+       if (rt2x00_get_field32(reg, TXRXQ_PCNT_TX1Q)) {
+-              rt2x00_warn(rt2x00dev, "TX HW queue 1 timed out, invoke forced kick\n");
++              rt2x00_dbg(rt2x00dev, "TX HW queue 1 timed out, invoke forced kick\n");
+ 
+               rt2x00usb_register_write(rt2x00dev, PBF_CFG, 0xf4000a);
+ 
+@@ -609,7 +609,7 @@
+ 
+               if (unlikely(test_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags) ||
+                            !test_bit(ENTRY_DATA_STATUS_PENDING, &entry->flags))) {
+-                      rt2x00_warn(rt2x00dev, "Data pending for entry %u in queue %u\n",
++                      rt2x00_dbg(rt2x00dev, "Data pending for entry %u in queue %u\n",
+                                   entry->entry_idx, qid);
+                       break;
+               }
+diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00usb.c backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00usb.c
+--- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00usb.c     2014-12-21 22:37:14.000000000 +0100
++++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00usb.c 2015-04-07 11:42:41.723492892 +0200
+@@ -524,7 +524,7 @@
+ 
+ static void rt2x00usb_watchdog_tx_dma(struct data_queue *queue)
+ {
+-      rt2x00_warn(queue->rt2x00dev, "TX queue %d DMA timed out, invoke forced forced reset\n",
++      rt2x00_dbg(queue->rt2x00dev, "TX queue %d DMA timed out, invoke forced reset\n",
+                   queue->qid);
+ 
+       rt2x00queue_stop_queue(queue);

diff --git a/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch b/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
index ec6819c9fad5211677f33c62ec0a8be843393ef5..0704a6b7f017f153690312ad3ed6a4e3b1c2f6e9 100644 (file)
--- a/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
+++ b/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
@@ -61,7 +61,7 @@ index 2db3677..d446e99 100644
                sstrncpy (vl.plugin_instance, pinst,
                                sizeof (vl.plugin_instance));
 -      sstrncpy (vl.type, "compression", sizeof (vl.type));
-+      sstrncpy (vl.type, "compression_dervice", sizeof (vl.type));
++      sstrncpy (vl.type, "compression_derive", sizeof (vl.type));
        if (tinst != NULL)
                sstrncpy (vl.type_instance, tinst, sizeof (vl.type_instance));
  

diff --git a/src/patches/collectd/silence-openvpn-errors.patch b/src/patches/collectd/silence-openvpn-errors.patch
new file mode 100644 (file)
index 0000000..c258486
--- /dev/null
+++ b/src/patches/collectd/silence-openvpn-errors.patch
@@ -0,0 +1,64 @@
+diff --git a/src/openvpn.c b/src/openvpn.c
+index d446e9957b68..ef5bf1078285 100644
+--- a/src/openvpn.c
++++ b/src/openvpn.c
+@@ -70,6 +70,7 @@ static const char *config_keys[] =
+ };
+ static int config_keys_num = STATIC_ARRAY_SIZE (config_keys);
+ 
++static int version_detect (const char *filename);
+ 
+ /* Helper function
+  * copy-n-pasted from common.c - changed delim to ","  */
+@@ -540,6 +541,11 @@ static int openvpn_read (void)
+                       continue;
+               }
+ 
++              // If the version was not detected yet, we try to guess again
++              if (vpn_list[i]->version == 0) {
++                      vpn_list[i]->version = version_detect(vpn_list[i]->file);
++              }
++
+               switch (vpn_list[i]->version)
+               {
+                       case SINGLE:
+@@ -567,7 +573,7 @@ static int openvpn_read (void)
+               read += vpn_read;
+       }
+ 
+-      return (read ? 0 : -1);
++      return 0;
+ } /* int openvpn_read */
+ 
+ static int version_detect (const char *filename)
+@@ -630,16 +636,6 @@ static int version_detect (const char *filename)
+               }
+       }
+ 
+-      if (version == 0)
+-      {
+-              /* This is only reached during configuration, so complaining to
+-               * the user is in order. */
+-              NOTICE ("openvpn plugin: %s: Unknown file format, please "
+-                              "report this as bug. Make sure to include "
+-                              "your status file, so the plugin can "
+-                              "be adapted.", filename);
+-      }
+-
+       fclose (fh);
+ 
+       return version;
+@@ -656,13 +652,6 @@ static int openvpn_config (const char *key, const char *value)
+               /* try to detect the status file format */
+               status_version = version_detect (value);
+ 
+-              if (status_version == 0)
+-              {
+-                      WARNING ("openvpn plugin: unable to detect status version, \
+-                                      discarding status file \"%s\".", value);
+-                      return (1);
+-              }
+-
+               status_file = sstrdup (value);
+               if (status_file == NULL)
+               {

diff --git a/src/patches/cyrus-sasl-2.1.22-bad-elif.patch b/src/patches/cyrus-sasl-2.1.22-bad-elif.patch
deleted file mode 100644 (file)
index 33550c4..0000000
--- a/src/patches/cyrus-sasl-2.1.22-bad-elif.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up cyrus-sasl-2.1.22/plugins/digestmd5.c.elif cyrus-sasl-2.1.22/plugins/digestmd5.c
---- cyrus-sasl-2.1.22/plugins/digestmd5.c.elif 2009-01-23 09:40:31.000000000 +0100
-+++ cyrus-sasl-2.1.22/plugins/digestmd5.c      2009-02-06 15:20:15.000000000 +0100
-@@ -2743,7 +2743,7 @@ static sasl_server_plug_t digestmd5_serv
-       "DIGEST-MD5",                   /* mech_name */
- #ifdef WITH_RC4
-       128,                            /* max_ssf */
--#elif WITH_DES
-+#elif defined(WITH_DES)
-       112,
- #else 
-       1,
-@@ -4071,7 +4071,7 @@ static sasl_client_plug_t digestmd5_clie
-       "DIGEST-MD5",
- #ifdef WITH_RC4                               /* mech_name */
-       128,                            /* max ssf */
--#elif WITH_DES
-+#elif defined(WITH_DES)
-       112,
- #else
-       1,

diff --git a/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch b/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch
new file mode 100644 (file)
index 0000000..c9b893e
--- /dev/null
+++ b/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch
@@ -0,0 +1,89 @@
+commit 63e16feedea3639ef1f21fecbff9ed2ae256728b
+Author: Michael Tremer <michael.tremer@ipfire.org>
+Date:   Sat Apr 25 13:18:07 2015 +0200
+
+    Perform lazy initialization of the database
+    
+    The database will only be initialized when it is actually
+    needed. That makes starting up ddns a bit faster and allows
+    us to execute it as non-root for simple commands like
+    "list-providers".
+    
+    If the database path is not writable at all, the database
+    feature is disable and an error message is logged. This
+    will hopefully help us to perform the DNS update even when
+    there is a local misconfiguration.
+
+diff --git a/src/ddns/database.py b/src/ddns/database.py
+index 5d4ffc9..42c3433 100644
+--- a/src/ddns/database.py
++++ b/src/ddns/database.py
+@@ -20,7 +20,7 @@
+ ###############################################################################
+ 
+ import datetime
+-import os.path
++import os
+ import sqlite3
+ 
+ # Initialize the logger.
+@@ -31,9 +31,11 @@ logger.propagate = 1
+ class DDNSDatabase(object):
+       def __init__(self, core, path):
+               self.core = core
++              self.path = path
+ 
+-              # Open the database file
+-              self._db = self._open_database(path)
++              # We won't open the connection to the database directly
++              # so that we do not do it unnecessarily.
++              self._db = None
+ 
+       def __del__(self):
+               self._close_database()
+@@ -46,7 +48,7 @@ class DDNSDatabase(object):
+               conn = sqlite3.connect(path, detect_types=sqlite3.PARSE_DECLTYPES|sqlite3.PARSE_COLNAMES)
+               conn.isolation_level = None
+ 
+-              if not exists:
++              if not exists and self.is_writable():
+                       logger.debug("Initialising database layout")
+                       c = conn.cursor()
+                       c.executescript("""
+@@ -68,12 +70,25 @@ class DDNSDatabase(object):
+ 
+               return conn
+ 
++      def is_writable(self):
++              # Check if the database file exists and is writable.
++              ret = os.access(self.path, os.W_OK)
++              if ret:
++                      return True
++
++              # If not, we check if we are able to write to the directory.
++              # In that case the database file will be created in _open_database().
++              return os.access(os.path.dirname(self.path), os.W_OK)
++
+       def _close_database(self):
+               if self._db:
+                       self._db_close()
+                       self._db = None
+ 
+       def _execute(self, query, *parameters):
++              if self._db is None:
++                      self._db = self._open_database(self.path)
++
+               c = self._db.cursor()
+               try:
+                       c.execute(query, parameters)
+@@ -81,6 +96,10 @@ class DDNSDatabase(object):
+                       c.close()
+ 
+       def add_update(self, hostname, status, message=None):
++              if not self.is_writable():
++                      logger.warning("Could not log any updates because the database is not writable")
++                      return
++
+               self._execute("INSERT INTO updates(hostname, status, message, timestamp) \
+                       VALUES(?, ?, ?, ?)", hostname, status, message, datetime.datetime.utcnow())
+ 

diff --git a/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch b/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch
new file mode 100644 (file)
index 0000000..19534f3
--- /dev/null
+++ b/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch
@@ -0,0 +1,40 @@
+commit f62fa5baffe2d225604460ecd03b8159b987df8f
+Author: Michael Tremer <michael.tremer@ipfire.org>
+Date:   Sun Apr 26 20:15:33 2015 +0200
+
+    database: Open database for the search operations, too
+
+diff --git a/src/ddns/database.py b/src/ddns/database.py
+index 42c3433..70a7363 100644
+--- a/src/ddns/database.py
++++ b/src/ddns/database.py
+@@ -122,6 +122,9 @@ class DDNSDatabase(object):
+               """
+                       Returns the timestamp of the last update (with the given status code).
+               """
++              if self._db is None:
++                      self._db = self._open_database(self.path)
++
+               c = self._db.cursor()
+ 
+               try:
+@@ -141,6 +144,9 @@ class DDNSDatabase(object):
+               """
+                       Returns the update status of the last update.
+               """
++              if self._db is None:
++                      self._db = self._open_database(self.path)
++
+               c = self._db.cursor()
+ 
+               try:
+@@ -156,6 +162,9 @@ class DDNSDatabase(object):
+               """
+                       Returns the reason string for the last failed update (if any).
+               """
++              if self._db is None:
++                      self._db = self._open_database(self.path)
++
+               c = self._db.cursor()
+ 
+               try:

diff --git a/src/patches/ddns/ddns-005-Add-changeip-com.patch b/src/patches/ddns/ddns-005-Add-changeip-com.patch
deleted file mode 100644 (file)
index 15bcd46..0000000
--- a/src/patches/ddns/ddns-005-Add-changeip-com.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-commit 78046ffe2187d91c61d6c2f910249b8a5be71b08
-Author: Stefan Schantl <stefan.schantl@ipfire.org>
-Date:   Wed Oct 22 21:39:09 2014 +0200
-
-    Add changeip.com as new provider.
-    
-    Fixes #10639.
-
-diff --git a/README b/README
-index 5944102..6a06f4b 100644
---- a/README
-+++ b/README
-@@ -49,6 +49,7 @@ INSTALLATION:
- 
- SUPPORTED PROVIDERS:
-       all-inkl.com
-+      changeip.com
-       dhs.org
-       dns.lightningwirelabs.com
-       dnspark.com
-diff --git a/ddns.conf.sample b/ddns.conf.sample
-index d3ac53f..0048a46 100644
---- a/ddns.conf.sample
-+++ b/ddns.conf.sample
-@@ -30,6 +30,11 @@
- # secret = XYZ
- # ttl = 60
- 
-+# [test.changeip.com]
-+# provider = changeip.com
-+# username = user
-+# password = pass
-+
- # [test.dhs.org]
- # provider = dhs.org
- # username = user
-diff --git a/src/ddns/providers.py b/src/ddns/providers.py
-index 1e88995..587d5ff 100644
---- a/src/ddns/providers.py
-+++ b/src/ddns/providers.py
-@@ -539,6 +539,44 @@ class DDNSProviderBindNsupdate(DDNSProvider):
-               return "\n".join(scriptlet)
- 
- 
-+class DDNSProviderChangeIP(DDNSProvider):
-+      handle    = "changeip.com"
-+      name      = "ChangeIP.com"
-+      website   = "https://changeip.com"
-+      protocols = ("ipv4",)
-+
-+      # Detailed information about the update api can be found here.
-+      # http://www.changeip.com/accounts/knowledgebase.php?action=displayarticle&id=34
-+
-+      url = "https://nic.changeip.com/nic/update"
-+      can_remove_records = False
-+
-+      def update_protocol(self, proto):
-+              data = {
-+                      "hostname" : self.hostname,
-+                      "myip"     : self.get_address(proto),
-+              }
-+
-+              # Send update to the server.
-+              try:
-+                      response = self.send_request(self.url, username=self.username, password=self.password,
-+                              data=data)
-+
-+              # Handle error codes.
-+              except urllib2.HTTPError, e:
-+                      if e.code == 422:
-+                              raise DDNSRequestError(_("Domain not found."))
-+
-+                      raise
-+
-+              # Handle success message.
-+              if response.code == 200:
-+                      return
-+
-+              # If we got here, some other update error happened.
-+              raise DDNSUpdateError(_("Server response: %s") % output)
-+
-+
- class DDNSProviderDHS(DDNSProvider):
-       handle    = "dhs.org"
-       name      = "DHS International"

diff --git a/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch b/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch
deleted file mode 100644 (file)
index 1d91baa..0000000
--- a/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-commit 25f39b4e437627bd1a49393280271d59ad28b86e
-Author: Stefan Schantl <stefan.schantl@ipfire.org>
-Date:   Mon Jan 5 21:37:55 2015 +0100
-
-    spdns.de: Fix authentication.
-    
-    There was a simple copy and paste issue which prevents a
-    correct authentication with username and password against the
-    providers API.
-
-diff --git a/src/ddns/providers.py b/src/ddns/providers.py
-index 587d5ff..bcfb088 100644
---- a/src/ddns/providers.py
-+++ b/src/ddns/providers.py
-@@ -1271,7 +1271,7 @@ class DDNSProviderSPDNS(DDNSProtocolDynDNS2, DDNSProvider):
- 
-       @property
-       def password(self):
--              return self.get("username") or self.token
-+              return self.get("password") or self.token
- 
- 
- class DDNSProviderStrato(DDNSProtocolDynDNS2, DDNSProvider):

diff --git a/src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch b/src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch
deleted file mode 100644 (file)
index 4784d5a..0000000
--- a/src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -up dhcp-4.2.0/common/dispatch.c.dracut dhcp-4.2.0/common/dispatch.c
---- dhcp-4.2.0/common/dispatch.c.dracut        2010-06-01 19:29:59.000000000 +0200
-+++ dhcp-4.2.0/common/dispatch.c       2010-07-21 16:10:09.000000000 +0200
-@@ -189,6 +189,10 @@ void add_timeout (when, where, what, ref
-       isc_interval_t interval;
-       isc_time_t expires;
- 
-+      if (when == NULL) {
-+              return;
-+      }
-+
-       /* See if this timeout supersedes an existing timeout. */
-       t = (struct timeout *)0;
-       for (q = timeouts; q; q = q->next) {

diff --git a/src/patches/dhcp-4.2.0-errwarn-message.patch b/src/patches/dhcp-4.2.0-errwarn-message.patch
deleted file mode 100644 (file)
index a0f70cd..0000000
--- a/src/patches/dhcp-4.2.0-errwarn-message.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff -up dhcp-4.2.0/omapip/errwarn.c.errwarn dhcp-4.2.0/omapip/errwarn.c
---- dhcp-4.2.0/omapip/errwarn.c.errwarn        2009-07-23 20:52:21.000000000 +0200
-+++ dhcp-4.2.0/omapip/errwarn.c        2010-07-21 13:23:47.000000000 +0200
-@@ -76,20 +76,13 @@ void log_fatal (const char * fmt, ... )
- 
- #if !defined (NOMINUM)
-   log_error ("%s", "");
--  log_error ("If you did not get this software from ftp.isc.org, please");
--  log_error ("get the latest from ftp.isc.org and install that before");
--  log_error ("requesting help.");
-+  log_error ("This version of ISC DHCP is based on the release available");
-+  log_error ("on ftp.isc.org.  Features have been added and other changes");
-+  log_error ("have been made to the base software release in order to make");
-+  log_error ("it work better with this distribution.");
-   log_error ("%s", "");
--  log_error ("If you did get this software from ftp.isc.org and have not");
--  log_error ("yet read the README, please read it before requesting help.");
--  log_error ("If you intend to request help from the dhcp-server@isc.org");
--  log_error ("mailing list, please read the section on the README about");
--  log_error ("submitting bug reports and requests for help.");
--  log_error ("%s", "");
--  log_error ("Please do not under any circumstances send requests for");
--  log_error ("help directly to the authors of this software - please");
--  log_error ("send them to the appropriate mailing list as described in");
--  log_error ("the README file.");
-+  log_error ("Please report for this software via the Red Hat Bugzilla site:");
-+  log_error ("    http://bugzilla.redhat.com");
-   log_error ("%s", "");
-   log_error ("exiting.");
- #endif

diff --git a/src/patches/dhcp-4.2.0-garbage-chars.patch b/src/patches/dhcp-4.2.0-garbage-chars.patch
deleted file mode 100644 (file)
index 118ff3f..0000000
--- a/src/patches/dhcp-4.2.0-garbage-chars.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up dhcp-4.2.0/common/tables.c.garbage dhcp-4.2.0/common/tables.c
---- dhcp-4.2.0/common/tables.c.garbage 2009-11-20 02:49:01.000000000 +0100
-+++ dhcp-4.2.0/common/tables.c 2010-07-21 14:40:56.000000000 +0200
-@@ -207,7 +207,7 @@ static struct option dhcp_options[] = {
-       { "netinfo-server-tag", "t",            &dhcp_universe, 113, 1 },
-       { "default-url", "t",                   &dhcp_universe, 114, 1 },
-       { "subnet-selection", "I",              &dhcp_universe, 118, 1 },
--      { "domain-search", "Dc",                &dhcp_universe, 119, 1 },
-+      { "domain-search", "D",         &dhcp_universe, 119, 1 },
-       { "vivco", "Evendor-class.",            &dhcp_universe, 124, 1 },
-       { "vivso", "Evendor.",                  &dhcp_universe, 125, 1 },
- #if 0

diff --git a/src/patches/dhcp-4.2.0-inherit-leases.patch b/src/patches/dhcp-4.2.0-inherit-leases.patch
deleted file mode 100644 (file)
index 052f642..0000000
--- a/src/patches/dhcp-4.2.0-inherit-leases.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-diff -up dhcp-4.2.0/client/dhclient.c.inherit dhcp-4.2.0/client/dhclient.c
---- dhcp-4.2.0/client/dhclient.c.inherit       2010-07-21 14:33:44.000000000 +0200
-+++ dhcp-4.2.0/client/dhclient.c       2010-07-21 14:40:05.000000000 +0200
-@@ -2322,6 +2322,7 @@ void send_request (cpp)
- {
-       struct client_state *client = cpp;
- 
-+      int i;
-       int result;
-       int interval;
-       struct sockaddr_in destination;
-@@ -2381,6 +2382,22 @@ void send_request (cpp)
-               /* Now do a preinit on the interface so that we can
-                  discover a new address. */
-               script_init (client, "PREINIT", (struct string_list *)0);
-+
-+              /* Has an active lease */
-+              if (client -> interface -> addresses != NULL) {
-+                      for (i = 0; i < client -> interface -> address_count; i++) {
-+                              if (client -> active &&
-+                                  client -> active -> is_bootp &&
-+                                  client -> active -> expiry > cur_time &&
-+                                  client -> interface -> addresses[i].s_addr != 0 &&
-+                                  client -> active -> address.len == 4 &&
-+                                  memcpy (client -> active -> address.iabuf, &(client -> interface -> addresses[i]), 4) == 0) {
-+                                      client_envadd (client, "", "keep_old_ip", "%s", "yes");
-+                                      break;
-+                              }
-+                      }
-+              }
-+
-               if (client -> alias)
-                       script_write_params (client, "alias_",
-                                            client -> alias);

diff --git a/src/patches/dhcp-4.2.0-logpid.patch b/src/patches/dhcp-4.2.0-logpid.patch
deleted file mode 100644 (file)
index c24adb1..0000000
--- a/src/patches/dhcp-4.2.0-logpid.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up dhcp-4.2.0/client/dhclient.c.logpid dhcp-4.2.0/client/dhclient.c
---- dhcp-4.2.0/client/dhclient.c.logpid        2010-07-21 16:13:52.000000000 +0200
-+++ dhcp-4.2.0/client/dhclient.c       2010-07-21 16:16:51.000000000 +0200
-@@ -154,7 +154,7 @@ main(int argc, char **argv) {
-       else if (fd != -1)
-               close(fd);
- 
--      openlog("dhclient", LOG_NDELAY, LOG_DAEMON);
-+      openlog("dhclient", LOG_NDELAY | LOG_PID, LOG_DAEMON);
- 
- #if !(defined(DEBUG) || defined(__CYGWIN32__))
-       setlogmask(LOG_UPTO(LOG_INFO));

diff --git a/src/patches/dhcp-4.2.0-missing-ipv6-not-fatal.patch b/src/patches/dhcp-4.2.0-missing-ipv6-not-fatal.patch
deleted file mode 100644 (file)
index b604115..0000000
--- a/src/patches/dhcp-4.2.0-missing-ipv6-not-fatal.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff -up dhcp-4.2.0/common/discover.c.noipv6 dhcp-4.2.0/common/discover.c
---- dhcp-4.2.0/common/discover.c.noipv6        2010-07-21 14:31:13.000000000 +0200
-+++ dhcp-4.2.0/common/discover.c       2010-07-21 16:04:57.000000000 +0200
-@@ -443,7 +443,7 @@ begin_iface_scan(struct iface_conf_list 
-       }
- 
- #ifdef DHCPv6
--      if (local_family == AF_INET6) {
-+      if ((local_family == AF_INET6) && !access("/proc/net/if_inet6", R_OK)) {
-               ifaces->fp6 = fopen("/proc/net/if_inet6", "re");
-               if (ifaces->fp6 == NULL) {
-                       log_error("Error opening '/proc/net/if_inet6' to "
-@@ -454,6 +454,8 @@ begin_iface_scan(struct iface_conf_list 
-                       ifaces->fp = NULL;
-                       return 0;
-               }
-+      } else {
-+              ifaces->fp6 = NULL;
-       }
- #endif
- 
-@@ -721,7 +723,7 @@ next_iface(struct iface_info *info, int 
-               return 1;
-       }
- #ifdef DHCPv6
--      if (!(*err)) {
-+      if (!(*err) && ifaces->fp6) {
-               if (local_family == AF_INET6)
-                       return next_iface6(info, err, ifaces);
-       }
-@@ -740,7 +742,8 @@ end_iface_scan(struct iface_conf_list *i
-       ifaces->sock = -1;
- #ifdef DHCPv6
-       if (local_family == AF_INET6) {
--              fclose(ifaces->fp6);
-+              if (ifaces->fp6)
-+                      fclose(ifaces->fp6);
-               ifaces->fp6 = NULL;
-       }
- #endif

diff --git a/src/patches/dhcp-4.2.0-noprefixavail.patch b/src/patches/dhcp-4.2.0-noprefixavail.patch
deleted file mode 100644 (file)
index 729a172..0000000
--- a/src/patches/dhcp-4.2.0-noprefixavail.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-diff -up dhcp-4.2.0/server/dhcpv6.c.noprefixavail dhcp-4.2.0/server/dhcpv6.c
---- dhcp-4.2.0/server/dhcpv6.c.noprefixavail   2010-10-07 13:48:45.000000000 +0200
-+++ dhcp-4.2.0/server/dhcpv6.c 2010-10-13 11:00:25.000000000 +0200
-@@ -1134,7 +1134,7 @@ try_client_v6_prefix(struct iasubopt **p
-               return DHCP_R_INVALIDARG;
-       }
-       tmp_plen = (int) requested_pref->data[0];
--      if ((tmp_plen < 3) || (tmp_plen > 128)) {
-+      if ((tmp_plen < 3) || (tmp_plen > 128) ||((int)tmp_plen != pool->units)) {
-               return ISC_R_FAILURE;
-       }
-       memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
-@@ -1147,9 +1147,8 @@ try_client_v6_prefix(struct iasubopt **p
-               return ISC_R_FAILURE;
-       }
- 
--      if (((int)tmp_plen != pool->units) ||
--          !ipv6_in_pool(&tmp_pref, pool)) {
--              return ISC_R_FAILURE;
-+      if (!ipv6_in_pool(&tmp_pref, pool)) {
-+              return ISC_R_ADDRNOTAVAIL;
-       }
- 
-       if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
-@@ -1409,13 +1408,6 @@ lease_to_client(struct data_string *repl
-               if ((status != ISC_R_SUCCESS) &&
-                   (status != ISC_R_NORESOURCES))
-                       goto exit;
--
--              /*
--               * If any prefix cannot be given to any IA_PD, then
--               * set the NoPrefixAvail status code.
--               */
--              if (reply.client_resources == 0)
--                      no_resources_avail = ISC_TRUE;
-       }
- 
-       /*
-@@ -1549,36 +1541,6 @@ lease_to_client(struct data_string *repl
-                                              reply.opt_state, reply.packet,
-                                              required_opts_NAA,
-                                              NULL);
--      } else if (no_resources_avail && (reply.ia_count == 0) &&
--                 (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT))
--      {
--              /* Set the NoPrefixAvail status code. */
--              if (!set_status_code(STATUS_NoPrefixAvail,
--                                   "No prefixes available for this "
--                                   "interface.", reply.opt_state)) {
--                      log_error("lease_to_client: Unable to set "
--                                "NoPrefixAvail status code.");
--                      goto exit;
--              }
--
--              /* Rewind the cursor to the start. */
--              reply.cursor = REPLY_OPTIONS_INDEX;
--
--              /*
--               * Produce an advertise that includes only:
--               *
--               * Status code.
--               * Server DUID.
--               * Client DUID.
--               */
--              reply.buf.reply.msg_type = DHCPV6_ADVERTISE;
--              reply.cursor += store_options6((char *)reply.buf.data +
--                                                      reply.cursor,
--                                             sizeof(reply.buf) -
--                                                      reply.cursor,
--                                             reply.opt_state, reply.packet,
--                                             required_opts_NAA,
--                                             NULL);
-       } else {
-               /*
-                * Having stored the client's IA's, store any options that
-@@ -2793,16 +2755,18 @@ find_client_temporaries(struct reply_sta
-  */
- static isc_result_t
- reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
--      isc_result_t status = ISC_R_NORESOURCES;
-+      isc_result_t status = ISC_R_ADDRNOTAVAIL;
-       struct ipv6_pool *pool;
-       int i;
-       struct data_string data_addr;
- 
-       if ((reply == NULL) || (reply->shared == NULL) ||
--          (reply->shared->ipv6_pools == NULL) || (addr == NULL) ||
--          (reply->lease != NULL))
-+          (addr == NULL) || (reply->lease != NULL))
-               return DHCP_R_INVALIDARG;
- 
-+      if (reply->shared->ipv6_pools == NULL)
-+              return ISC_R_ADDRNOTAVAIL;
-+
-       memset(&data_addr, 0, sizeof(data_addr));
-       data_addr.len = addr->len;
-       data_addr.data = addr->iabuf;
-@@ -3314,7 +3278,9 @@ reply_process_ia_pd(struct reply_state *
-               if (status == ISC_R_CANCELED)
-                       break;
- 
--              if ((status != ISC_R_SUCCESS) && (status != ISC_R_ADDRINUSE))
-+              if ((status != ISC_R_SUCCESS) &&
-+                  (status != ISC_R_ADDRINUSE) &&
-+                  (status != ISC_R_ADDRNOTAVAIL))
-                       goto cleanup;
-       }
- 
-@@ -3594,7 +3560,8 @@ reply_process_prefix(struct reply_state 
- 
-                       /* Either error out or skip this prefix. */
-                       if ((status != ISC_R_SUCCESS) && 
--                          (status != ISC_R_ADDRINUSE)) 
-+                          (status != ISC_R_ADDRINUSE) &&
-+                          (status != ISC_R_ADDRNOTAVAIL))
-                               goto cleanup;
- 
-                       if (reply->lease == NULL) {
-@@ -3773,16 +3740,18 @@ prefix_is_owned(struct reply_state *repl
- static isc_result_t
- reply_process_try_prefix(struct reply_state *reply,
-                        struct iaddrcidrnet *pref) {
--      isc_result_t status = ISC_R_NORESOURCES;
-+      isc_result_t status = ISC_R_ADDRNOTAVAIL;
-       struct ipv6_pool *pool;
-       int i;
-       struct data_string data_pref;
- 
-       if ((reply == NULL) || (reply->shared == NULL) ||
--          (reply->shared->ipv6_pools == NULL) || (pref == NULL) ||
--          (reply->lease != NULL))
-+          (pref == NULL) || (reply->lease != NULL))
-               return DHCP_R_INVALIDARG;
- 
-+      if (reply->shared->ipv6_pools == NULL)
-+              return ISC_R_ADDRNOTAVAIL;
-+
-       memset(&data_pref, 0, sizeof(data_pref));
-       data_pref.len = 17;
-       if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {

diff --git a/src/patches/dhcp-4.2.1-64_bit_lease_parse.patch b/src/patches/dhcp-4.2.1-64_bit_lease_parse.patch
deleted file mode 100644 (file)
index a540bc1..0000000
--- a/src/patches/dhcp-4.2.1-64_bit_lease_parse.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-diff -up dhcp-4.2.1b1/common/dispatch.c.64-bit_lease_parse dhcp-4.2.1b1/common/dispatch.c
-diff -up dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse dhcp-4.2.1b1/common/parse.c
---- dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse     2010-12-30 00:01:42.000000000 +0100
-+++ dhcp-4.2.1b1/common/parse.c        2011-01-28 08:01:10.000000000 +0100
-@@ -909,8 +909,8 @@ TIME 
- parse_date_core(cfile)
-       struct parse *cfile;
- {
--      int guess;
--      int tzoff, wday, year, mon, mday, hour, min, sec;
-+      TIME guess;
-+      long int tzoff, wday, year, mon, mday, hour, min, sec;
-       const char *val;
-       enum dhcp_token token;
-       static int months[11] = { 31, 59, 90, 120, 151, 181,
-@@ -936,7 +936,7 @@ parse_date_core(cfile)
-               }
- 
-               token = next_token(&val, NULL, cfile); /* consume number */
--              guess = atoi(val);
-+              guess = atol(val);
- 
-               return((TIME)guess);
-       }
-@@ -948,7 +948,7 @@ parse_date_core(cfile)
-               return((TIME)0);
-       }
-       token = next_token(&val, NULL, cfile); /* consume day of week */
--      wday = atoi(val);
-+      wday = atol(val);
- 
-       /* Year... */
-       token = peek_token(&val, NULL, cfile);
-@@ -964,7 +964,7 @@ parse_date_core(cfile)
-          somebody invents a time machine, I think we can safely disregard
-          it.   This actually works around a stupid Y2K bug that was present
-          in a very early beta release of dhcpd. */
--      year = atoi(val);
-+      year = atol(val);
-       if (year > 1900)
-               year -= 1900;
- 
-@@ -988,7 +988,7 @@ parse_date_core(cfile)
-               return((TIME)0);
-       }
-       token = next_token(&val, NULL, cfile); /* consume month */      
--      mon = atoi(val) - 1;
-+      mon = atol(val) - 1;
- 
-       /* Slash separating month from day... */
-       token = peek_token(&val, NULL, cfile);
-@@ -1010,7 +1010,7 @@ parse_date_core(cfile)
-               return((TIME)0);
-       }
-       token = next_token(&val, NULL, cfile); /* consume day of month */
--      mday = atoi(val);
-+      mday = atol(val);
- 
-       /* Hour... */
-       token = peek_token(&val, NULL, cfile);
-@@ -1021,7 +1021,7 @@ parse_date_core(cfile)
-               return((TIME)0);
-       }
-       token = next_token(&val, NULL, cfile); /* consume hour */
--      hour = atoi(val);
-+      hour = atol(val);
- 
-       /* Colon separating hour from minute... */
-       token = peek_token(&val, NULL, cfile);
-@@ -1043,7 +1043,7 @@ parse_date_core(cfile)
-               return((TIME)0);
-       }
-       token = next_token(&val, NULL, cfile); /* consume minute */
--      min = atoi(val);
-+      min = atol(val);
- 
-       /* Colon separating minute from second... */
-       token = peek_token(&val, NULL, cfile);
-@@ -1065,13 +1065,13 @@ parse_date_core(cfile)
-               return((TIME)0);
-       }
-       token = next_token(&val, NULL, cfile); /* consume second */
--      sec = atoi(val);
-+      sec = atol(val);
- 
-       tzoff = 0;
-       token = peek_token(&val, NULL, cfile);
-       if (token == NUMBER) {
-               token = next_token(&val, NULL, cfile); /* consume tzoff */
--              tzoff = atoi(val);
-+              tzoff = atol(val);
-       } else if (token != SEMI) {
-               token = next_token(&val, NULL, cfile);
-               parse_warn(cfile,

diff --git a/src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch b/src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch
deleted file mode 100644 (file)
index eeeea84..0000000
--- a/src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up dhcp-4.2.1b1/client/dhclient.conf.supersede dhcp-4.2.1b1/client/dhclient.conf
---- dhcp-4.2.1b1/client/dhclient.conf.supersede        2010-09-15 01:03:56.000000000 +0200
-+++ dhcp-4.2.1b1/client/dhclient.conf  2011-01-27 18:38:28.000000000 +0100
-@@ -4,7 +4,7 @@ send dhcp-lease-time 3600;
- supersede domain-search "fugue.com", "home.vix.com";
- prepend domain-name-servers 127.0.0.1;
- request subnet-mask, broadcast-address, time-offset, routers,
--      domain-name, domain-name-servers, host-name;
-+      domain-search, domain-name-servers, host-name;
- require subnet-mask, domain-name-servers;
- timeout 60;
- retry 60;

diff --git a/src/patches/dhcp-4.2.1-retransmission.patch b/src/patches/dhcp-4.2.1-retransmission.patch
deleted file mode 100644 (file)
index 18e447f..0000000
--- a/src/patches/dhcp-4.2.1-retransmission.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-diff -up dhcp-4.2.1b1/client/dhc6.c.retransmission dhcp-4.2.1b1/client/dhc6.c
---- dhcp-4.2.1b1/client/dhc6.c.retransmission  2011-01-28 08:40:56.000000000 +0100
-+++ dhcp-4.2.1b1/client/dhc6.c 2011-01-28 08:39:22.000000000 +0100
-@@ -361,7 +361,7 @@ dhc6_retrans_init(struct client_state *c
- static void
- dhc6_retrans_advance(struct client_state *client)
- {
--      struct timeval elapsed;
-+      struct timeval elapsed, elapsed_after_RT;
- 
-       /* elapsed = cur - start */
-       elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec;
-@@ -378,6 +378,8 @@ dhc6_retrans_advance(struct client_state
-               elapsed.tv_sec += 1;
-               elapsed.tv_usec -= 1000000;
-       }
-+      elapsed_after_RT.tv_sec = elapsed.tv_sec;
-+      elapsed_after_RT.tv_usec = elapsed.tv_usec;
- 
-       /*
-        * RT for each subsequent message transmission is based on the previous
-@@ -415,13 +417,10 @@ dhc6_retrans_advance(struct client_state
-               elapsed.tv_usec -= 1000000;
-       }
-       if (elapsed.tv_sec >= client->MRD) {
--              /*
--               * wake at RT + cur = start + MRD
--               */
--              client->RT = client->MRD +
--                      (client->start_time.tv_sec - cur_tv.tv_sec);
--              client->RT = client->RT * 100 +
--                      (client->start_time.tv_usec - cur_tv.tv_usec) / 10000;
-+              client->RT = client->MRD - elapsed_after_RT.tv_sec;
-+              client->RT = client->RT * 100 - elapsed_after_RT.tv_usec / 10000;
-+              if (client->RT < 0)
-+                      client->RT = 0;
-       }
-       client->txcount++;
- }
-@@ -1497,7 +1496,7 @@ check_timing6 (struct client_state *clie
-       }
- 
-       /* Check if finished (-1 argument). */
--      if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) {
-+      if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) {
-               log_info("Max retransmission duration exceeded.");
-               return(CHK_TIM_MRD_EXCEEDED);
-       }

diff --git a/src/patches/dhcp-4.2.2-dhclient-usage.patch b/src/patches/dhcp-4.2.2-dhclient-usage.patch
deleted file mode 100644 (file)
index 0d41943..0000000
--- a/src/patches/dhcp-4.2.2-dhclient-usage.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -up dhcp-4.2.2b1/client/dhclient.c.usage dhcp-4.2.2b1/client/dhclient.c
---- dhcp-4.2.2b1/client/dhclient.c.usage       2011-07-01 13:55:16.000000000 +0200
-+++ dhcp-4.2.2b1/client/dhclient.c     2011-07-01 13:58:55.243800602 +0200
-@@ -1047,6 +1047,10 @@ static void usage()
-                 "                [-s server-addr] [-cf config-file] "
-                 "[-lf lease-file]\n"
-                 "                [-pf pid-file] [--no-pid] [-e VAR=val]\n"
-+                "                [-I <dhcp-client-identifier>] [-B]\n"
-+                "                [-H <host-name> | -F <fqdn.fqdn>] [-timeout <timeout>]\n"
-+                "                [-V <vendor-class-identifier>]\n"
-+                "                [-R <request option list>]\n"
-                 "                [-sf script-file] [interface]");
- }
- 

diff --git a/src/patches/dhcp-4.2.2-remove-bind.patch b/src/patches/dhcp-4.2.2-remove-bind.patch
deleted file mode 100644 (file)
index 6297772..0000000
--- a/src/patches/dhcp-4.2.2-remove-bind.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-diff -up dhcp-4.2.2/client/Makefile.am.rh637017 dhcp-4.2.2/client/Makefile.am
---- dhcp-4.2.2/client/Makefile.am.rh637017     2010-09-15 00:32:36.000000000 +0200
-+++ dhcp-4.2.2/client/Makefile.am      2011-08-11 17:28:58.923897561 +0200
-@@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c 
-                  scripts/netbsd scripts/nextstep scripts/openbsd \
-                  scripts/solaris scripts/openwrt
- dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--               ../bind/lib/libdns.a ../bind/lib/libisc.a
-+               $(BIND9_LIBDIR) -ldns-export -lisc-export
- man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
- EXTRA_DIST = $(man_MANS)
- 
-diff -up dhcp-4.2.2/common/tests/Makefile.am.rh637017 dhcp-4.2.2/common/tests/Makefile.am
---- dhcp-4.2.2/common/tests/Makefile.am.rh637017       2009-10-28 05:12:30.000000000 +0100
-+++ dhcp-4.2.2/common/tests/Makefile.am        2011-08-11 17:33:45.258637236 +0200
-@@ -6,6 +6,5 @@ TESTS = test_alloc
- 
- test_alloc_SOURCES = test_alloc.c
- test_alloc_LDADD = ../libdhcp.a ../../tests/libt_api.a \
--      ../../omapip/libomapi.a ../../bind/lib/libdns.a \
--        ../../bind/lib/libisc.a
--
-+      ../../omapip/libomapi.a \
-+       $(BIND9_LIBDIR) -ldns-export -lisc-export
-diff -up dhcp-4.2.2/configure.ac.rh637017 dhcp-4.2.2/configure.ac
---- dhcp-4.2.2/configure.ac.rh637017   2011-07-20 02:32:18.000000000 +0200
-+++ dhcp-4.2.2/configure.ac    2011-08-11 17:28:58.924897535 +0200
-@@ -512,20 +512,37 @@ AC_CHECK_MEMBER(struct msghdr.msg_contro
- libbind=
- AC_ARG_WITH(libbind,
-       AC_HELP_STRING([--with-libbind=PATH],
--                     [bind includes and libraries are in PATH 
--                      (default is ./bind)]),
-+                     [bind includes are in PATH 
-+                      (default is ./bind/includes)]),
-       use_libbind="$withval", use_libbind="no")
- case "$use_libbind" in 
-+yes|no)
-+      libbind="\${top_srcdir}/bind/include"
-+      ;;
-+*)
-+      libbind="$use_libbind"
-+      ;;
-+esac
-+
-+BIND9_LIBDIR='-L$(top_builddir)/bind/lib'
-+AC_ARG_WITH(libbind-libs,
-+      AC_HELP_STRING([--with-libbind-libs=PATH],
-+                     [bind9 export libraries are in PATH]),
-+                     [libbind_libs="$withval"], [libbind_libs='no'])
-+case "$libbind_libs" in
- yes)
--      libbind="\${top_srcdir}/bind"
-+      AC_MSG_ERROR([Specify path to bind9 libraries])
-       ;;
- no)
--      libbind="\${top_srcdir}/bind"
-+      BUNDLED_BIND=yes
-       ;;
- *)
--      libbind="$use_libbind"
-+      BIND9_LIBDIR="-L$libbind_libs"
-+      BUNDLED_BIND=no
-       ;;
- esac
-+AM_CONDITIONAL([BUNDLED_BIND], [test "$BUNDLED_BIND" = yes])
-+AC_SUBST([BIND9_LIBDIR])
- 
- # OpenLDAP support.
- AC_ARG_WITH(ldap,
-@@ -562,7 +579,7 @@ fi
- CFLAGS="$CFLAGS $STD_CWARNINGS"
- 
- # Try to add the bind include directory
--CFLAGS="$CFLAGS -I$libbind/include"
-+CFLAGS="$CFLAGS -I$libbind"
- 
- AC_C_FLEXIBLE_ARRAY_MEMBER
- 
-diff -up dhcp-4.2.2/dhcpctl/Makefile.am.rh637017 dhcp-4.2.2/dhcpctl/Makefile.am
---- dhcp-4.2.2/dhcpctl/Makefile.am.rh637017    2009-10-28 05:12:30.000000000 +0100
-+++ dhcp-4.2.2/dhcpctl/Makefile.am     2011-08-11 17:28:58.924897535 +0200
-@@ -6,10 +6,10 @@ EXTRA_DIST = $(man_MANS)
- 
- omshell_SOURCES = omshell.c
- omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
--              ../bind/lib/libdns.a ../bind/lib/libisc.a
-+              $(BIND9_LIBDIR) -ldns-export -lisc-export
- 
- libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
- 
- cltest_SOURCES = cltest.c
- cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
--             ../bind/lib/libdns.a ../bind/lib/libisc.a
-\ No newline at end of file
-+             $(BIND9_LIBDIR) -ldns-export -lisc-export
-diff -up dhcp-4.2.2/Makefile.am.rh637017 dhcp-4.2.2/Makefile.am
---- dhcp-4.2.2/Makefile.am.rh637017    2010-03-25 00:30:38.000000000 +0100
-+++ dhcp-4.2.2/Makefile.am     2011-08-11 17:28:58.925897509 +0200
-@@ -21,7 +21,13 @@ EXTRA_DIST = RELNOTES LICENSE \
-            util/bindvar.sh \
-            bind/Makefile bind/bind.tar.gz bind/version.tmp 
- 
--SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
-+if BUNDLED_BIND
-+SUBDIRS = bind
-+else
-+SUBDIRS = 
-+endif
-+
-+SUBDIRS += includes tests common dst omapip client dhcpctl relay server
- 
- nobase_include_HEADERS = dhcpctl/dhcpctl.h
- 
-diff -up dhcp-4.2.2/omapip/Makefile.am.rh637017 dhcp-4.2.2/omapip/Makefile.am
---- dhcp-4.2.2/omapip/Makefile.am.rh637017     2010-02-12 01:13:54.000000000 +0100
-+++ dhcp-4.2.2/omapip/Makefile.am      2011-08-11 17:28:58.939897149 +0200
-@@ -10,5 +10,5 @@ man_MANS = omapi.3
- EXTRA_DIST = $(man_MANS)
- 
- svtest_SOURCES = test.c
--svtest_LDADD = libomapi.a ../bind/lib/libdns.a ../bind/lib/libisc.a
-+svtest_LDADD = libomapi.a $(BIND9_LIBDIR) -ldns-export -lisc-export
- 
-diff -up dhcp-4.2.2/relay/Makefile.am.rh637017 dhcp-4.2.2/relay/Makefile.am
---- dhcp-4.2.2/relay/Makefile.am.rh637017      2009-10-28 05:12:30.000000000 +0100
-+++ dhcp-4.2.2/relay/Makefile.am       2011-08-11 17:28:58.940897123 +0200
-@@ -3,7 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
- sbin_PROGRAMS = dhcrelay
- dhcrelay_SOURCES = dhcrelay.c
- dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--               ../bind/lib/libdns.a ../bind/lib/libisc.a
-+               $(BIND9_LIBDIR) -ldns-export -lisc-export
- man_MANS = dhcrelay.8
- EXTRA_DIST = $(man_MANS)
- 
-diff -up dhcp-4.2.2/server/Makefile.am.rh637017 dhcp-4.2.2/server/Makefile.am
---- dhcp-4.2.2/server/Makefile.am.rh637017     2010-03-24 22:49:47.000000000 +0100
-+++ dhcp-4.2.2/server/Makefile.am      2011-08-11 17:28:58.944897021 +0200
-@@ -8,8 +8,7 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
- 
- dhcpd_CFLAGS = $(LDAP_CFLAGS)
- dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--            ../dhcpctl/libdhcpctl.a ../bind/lib/libdns.a \
--            ../bind/lib/libisc.a
-+            ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export
- 
- man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
- EXTRA_DIST = $(man_MANS)

diff --git a/src/patches/dhcp-4.2.2-sharedlib.patch b/src/patches/dhcp-4.2.2-sharedlib.patch
deleted file mode 100644 (file)
index 74fe9f1..0000000
--- a/src/patches/dhcp-4.2.2-sharedlib.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-diff -up dhcp-4.2.2/client/Makefile.am.sharedlib dhcp-4.2.2/client/Makefile.am
---- dhcp-4.2.2/client/Makefile.am.sharedlib    2011-09-09 16:35:56.000000000 +0200
-+++ dhcp-4.2.2/client/Makefile.am      2011-09-09 16:36:29.849007951 +0200
-@@ -4,7 +4,7 @@ dhclient_SOURCES = clparse.c dhclient.c
-                  scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
-                  scripts/netbsd scripts/nextstep scripts/openbsd \
-                  scripts/solaris scripts/openwrt
--dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
-+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
-                $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
- man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
- EXTRA_DIST = $(man_MANS)
-diff -up dhcp-4.2.2/configure.ac.sharedlib dhcp-4.2.2/configure.ac
---- dhcp-4.2.2/configure.ac.sharedlib  2011-09-09 16:35:56.097000001 +0200
-+++ dhcp-4.2.2/configure.ac    2011-09-09 16:35:56.383000000 +0200
-@@ -30,7 +30,8 @@ fi
- # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
- AC_USE_SYSTEM_EXTENSIONS
- 
--AC_PROG_RANLIB
-+# Use libtool to simplify building of shared libraries
-+AC_PROG_LIBTOOL
- AC_CONFIG_HEADERS([includes/config.h])
- 
- # we sometimes need to know byte order for building packets
-diff -up dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib dhcp-4.2.2/dhcpctl/Makefile.am
---- dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib   2011-09-09 16:35:55.459000001 +0200
-+++ dhcp-4.2.2/dhcpctl/Makefile.am     2011-09-09 16:35:56.384000000 +0200
-@@ -1,15 +1,15 @@
- bin_PROGRAMS = omshell
--lib_LIBRARIES = libdhcpctl.a
-+lib_LTLIBRARIES = libdhcpctl.la
- noinst_PROGRAMS = cltest
- man_MANS = omshell.1 dhcpctl.3
- EXTRA_DIST = $(man_MANS)
- 
- omshell_SOURCES = omshell.c
--omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
-+omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
-               $(BIND9_LIBDIR) -ldns-export -lisc-export
- 
--libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
-+libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c
- 
- cltest_SOURCES = cltest.c
--cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
-+cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
-              $(BIND9_LIBDIR) -ldns-export -lisc-export
-diff -up dhcp-4.2.2/dst/base64.c.sharedlib dhcp-4.2.2/dst/base64.c
---- dhcp-4.2.2/dst/base64.c.sharedlib  2009-11-20 02:49:01.000000000 +0100
-+++ dhcp-4.2.2/dst/base64.c    2011-09-09 16:35:56.385000000 +0200
-@@ -64,6 +64,7 @@ static const char rcsid[] = "$Id: base64
- 
- #include <sys/socket.h>
- 
-+#include "dst_internal.h"
- #include "cdefs.h"
- #include "osdep.h"
- #include "arpa/nameser.h"
-diff -up dhcp-4.2.2/dst/Makefile.am.sharedlib dhcp-4.2.2/dst/Makefile.am
---- dhcp-4.2.2/dst/Makefile.am.sharedlib       2007-05-29 18:32:10.000000000 +0200
-+++ dhcp-4.2.2/dst/Makefile.am 2011-09-09 16:35:56.386000000 +0200
-@@ -1,8 +1,8 @@
- AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
- 
--lib_LIBRARIES = libdst.a
-+lib_LTLIBRARIES = libdst.la
- 
--libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
-+libdst_la_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
-                  base64.c prandom.c
- 
- EXTRA_DIST = dst_internal.h md5.h md5_locl.h
-diff -up dhcp-4.2.2/omapip/Makefile.am.sharedlib dhcp-4.2.2/omapip/Makefile.am
---- dhcp-4.2.2/omapip/Makefile.am.sharedlib    2011-09-09 16:35:55.000000000 +0200
-+++ dhcp-4.2.2/omapip/Makefile.am      2011-09-09 16:37:36.734000324 +0200
-@@ -1,7 +1,7 @@
--lib_LIBRARIES = libomapi.a
-+lib_LTLIBRARIES = libomapi.la
- noinst_PROGRAMS = svtest
- 
--libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
-+libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
-                    errwarn.c listener.c dispatch.c generic.c support.c \
-                    handle.c message.c convert.c hash.c auth.c inet_addr.c \
-                    array.c trace.c toisc.c iscprint.c isclib.c
-@@ -10,5 +10,5 @@ man_MANS = omapi.3
- EXTRA_DIST = $(man_MANS)
- 
- svtest_SOURCES = test.c
--svtest_LDADD = libomapi.a $(BIND9_LIBDIR) -ldns-export -lisc-export
-+svtest_LDADD = libomapi.la $(BIND9_LIBDIR) -ldns-export -lisc-export
- 
-diff -up dhcp-4.2.2/relay/Makefile.am.sharedlib dhcp-4.2.2/relay/Makefile.am
---- dhcp-4.2.2/relay/Makefile.am.sharedlib     2011-09-09 16:35:56.000000000 +0200
-+++ dhcp-4.2.2/relay/Makefile.am       2011-09-09 16:37:57.058019749 +0200
-@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
- 
- sbin_PROGRAMS = dhcrelay
- dhcrelay_SOURCES = dhcrelay.c
--dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
-+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
-                $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
- man_MANS = dhcrelay.8
- EXTRA_DIST = $(man_MANS)
-diff -up dhcp-4.2.2/server/Makefile.am.sharedlib dhcp-4.2.2/server/Makefile.am
---- dhcp-4.2.2/server/Makefile.am.sharedlib    2011-09-09 16:35:56.000000000 +0200
-+++ dhcp-4.2.2/server/Makefile.am      2011-09-09 16:38:56.291004599 +0200
-@@ -7,8 +7,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
-               dhcpv6.c mdb6.c ldap.c ldap_casa.c
- 
- dhcpd_CFLAGS = $(LDAP_CFLAGS)
--dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--            ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \
-+dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
-+            ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export \
-             $(CAPNG_LDADD)
- 
- man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5

diff --git a/src/patches/dhcp/dhcp-64_bit_lease_parse.patch b/src/patches/dhcp/dhcp-64_bit_lease_parse.patch
new file mode 100644 (file)
index 0000000..a07b5b0
--- /dev/null
+++ b/src/patches/dhcp/dhcp-64_bit_lease_parse.patch
@@ -0,0 +1,75 @@
+diff -up dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse dhcp-4.3.0a1/common/parse.c
+--- dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse     2013-12-11 01:25:12.000000000 +0100
++++ dhcp-4.3.0a1/common/parse.c        2013-12-19 15:45:25.990771814 +0100
+@@ -938,8 +938,8 @@ TIME
+ parse_date_core(cfile)
+       struct parse *cfile;
+ {
+-      int guess;
+-      int tzoff, year, mon, mday, hour, min, sec;
++      TIME guess;
++      long int tzoff, year, mon, mday, hour, min, sec;
+       const char *val;
+       enum dhcp_token token;
+       static int months[11] = { 31, 59, 90, 120, 151, 181,
+@@ -965,7 +965,7 @@ parse_date_core(cfile)
+               }
+ 
+               skip_token(&val, NULL, cfile); /* consume number */
+-              guess = atoi(val);
++              guess = atol(val);
+ 
+               return((TIME)guess);
+       }
+@@ -993,7 +993,7 @@ parse_date_core(cfile)
+          somebody invents a time machine, I think we can safely disregard
+          it.   This actually works around a stupid Y2K bug that was present
+          in a very early beta release of dhcpd. */
+-      year = atoi(val);
++      year = atol(val);
+       if (year > 1900)
+               year -= 1900;
+ 
+@@ -1039,7 +1039,7 @@ parse_date_core(cfile)
+               return((TIME)0);
+       }
+       skip_token(&val, NULL, cfile); /* consume day of month */
+-      mday = atoi(val);
++      mday = atol(val);
+ 
+       /* Hour... */
+       token = peek_token(&val, NULL, cfile);
+@@ -1050,7 +1050,7 @@ parse_date_core(cfile)
+               return((TIME)0);
+       }
+       skip_token(&val, NULL, cfile); /* consume hour */
+-      hour = atoi(val);
++      hour = atol(val);
+ 
+       /* Colon separating hour from minute... */
+       token = peek_token(&val, NULL, cfile);
+@@ -1072,7 +1072,7 @@ parse_date_core(cfile)
+               return((TIME)0);
+       }
+       skip_token(&val, NULL, cfile); /* consume minute */
+-      min = atoi(val);
++      min = atol(val);
+ 
+       /* Colon separating minute from second... */
+       token = peek_token(&val, NULL, cfile);
+@@ -1094,13 +1094,13 @@ parse_date_core(cfile)
+               return((TIME)0);
+       }
+       skip_token(&val, NULL, cfile); /* consume second */
+-      sec = atoi(val);
++      sec = atol(val);
+ 
+       tzoff = 0;
+       token = peek_token(&val, NULL, cfile);
+       if (token == NUMBER) {
+               skip_token(&val, NULL, cfile); /* consume tzoff */
+-              tzoff = atoi(val);
++              tzoff = atol(val);
+       } else if (token != SEMI) {
+               skip_token(&val, NULL, cfile);
+               parse_warn(cfile,

diff --git a/src/patches/dhcp-4.2.2-CLOEXEC.patch b/src/patches/dhcp/dhcp-CLOEXEC.patch
similarity index 52%
rename from src/patches/dhcp-4.2.2-CLOEXEC.patch
rename to src/patches/dhcp/dhcp-CLOEXEC.patch
index b07e2ff06155c3ce211571fafcce0cc5b6916347..722865e4f6890ff0e9b0332d333f7d84686573df 100644 (file)
--- a/src/patches/dhcp-4.2.2-CLOEXEC.patch
+++ b/src/patches/dhcp/dhcp-CLOEXEC.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.2b1/client/clparse.c.cloexec dhcp-4.2.2b1/client/clparse.c
---- dhcp-4.2.2b1/client/clparse.c.cloexec      2011-07-01 14:13:30.973887714 +0200
-+++ dhcp-4.2.2b1/client/clparse.c      2011-07-01 14:15:15.021580693 +0200
-@@ -246,7 +246,7 @@ int read_client_conf_file (const char *n
+diff -up dhcp-4.3.0a1/client/clparse.c.cloexec dhcp-4.3.0a1/client/clparse.c
+--- dhcp-4.3.0a1/client/clparse.c.cloexec      2013-12-19 15:34:41.638886256 +0100
++++ dhcp-4.3.0a1/client/clparse.c      2013-12-19 15:34:41.657885985 +0100
+@@ -253,7 +253,7 @@ int read_client_conf_file (const char *n
        int token;
        isc_result_t status;
  
@@ -10,7 +10,7 @@ diff -up dhcp-4.2.2b1/client/clparse.c.cloexec dhcp-4.2.2b1/client/clparse.c
                return uerr2isc (errno);
  
        cfile = NULL;
-@@ -283,7 +283,7 @@ void read_client_leases ()
+@@ -290,7 +290,7 @@ void read_client_leases ()
  
        /* Open the lease file.   If we can't open it, just return -
           we can safely trust the server to remember our state. */
@@ -19,9 +19,9 @@ diff -up dhcp-4.2.2b1/client/clparse.c.cloexec dhcp-4.2.2b1/client/clparse.c
                return;
  
        cfile = NULL;
-diff -up dhcp-4.2.2b1/client/dhclient.c.cloexec dhcp-4.2.2b1/client/dhclient.c
---- dhcp-4.2.2b1/client/dhclient.c.cloexec     2011-07-01 14:13:30.970887717 +0200
-+++ dhcp-4.2.2b1/client/dhclient.c     2011-07-01 14:16:51.485930388 +0200
+diff -up dhcp-4.3.0a1/client/dhclient.c.cloexec dhcp-4.3.0a1/client/dhclient.c
+--- dhcp-4.3.0a1/client/dhclient.c.cloexec     2013-12-19 15:34:41.629886384 +0100
++++ dhcp-4.3.0a1/client/dhclient.c     2013-12-19 15:36:41.608180467 +0100
 @@ -148,11 +148,11 @@ main(int argc, char **argv) {
        /* Make sure that file descriptors 0 (stdin), 1, (stdout), and
           2 (stderr) are open. To do this, we assume that when we
@@ -37,16 +37,16 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.cloexec dhcp-4.2.2b1/client/dhclient.c
        if (fd == 2)
                log_perror = 0; /* No sense logging to /dev/null. */
        else if (fd != -1)
-@@ -506,7 +506,7 @@ main(int argc, char **argv) {
+@@ -504,7 +504,7 @@ main(int argc, char **argv) {
+               long temp;
                int e;
  
-               oldpid = 0;
 -              if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) {
 +              if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) {
                        e = fscanf(pidfd, "%ld\n", &temp);
                        oldpid = (pid_t)temp;
  
-@@ -548,7 +548,7 @@ main(int argc, char **argv) {
+@@ -554,7 +554,7 @@ main(int argc, char **argv) {
                                        strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx);
                                        sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name);
  
@@ -55,7 +55,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.cloexec dhcp-4.2.2b1/client/dhclient.c
                                                e = fscanf(pidfd, "%ld\n", &temp);
                                                oldpid = (pid_t)temp;
  
-@@ -573,7 +573,7 @@ main(int argc, char **argv) {
+@@ -579,7 +579,7 @@ main(int argc, char **argv) {
                int dhc_running = 0;
                char procfn[256] = "";
  
@@ -64,7 +64,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.cloexec dhcp-4.2.2b1/client/dhclient.c
                        if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) {
                                snprintf(procfn,256,"/proc/%u",dhcpid);
                                dhc_running = (access(procfn, F_OK) == 0);
-@@ -2995,7 +2995,7 @@ void rewrite_client_leases ()
+@@ -3077,7 +3077,7 @@ void rewrite_client_leases ()
  
        if (leaseFile != NULL)
                fclose (leaseFile);
@@ -73,7 +73,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.cloexec dhcp-4.2.2b1/client/dhclient.c
        if (leaseFile == NULL) {
                log_error ("can't create %s: %m", path_dhclient_db);
                return;
-@@ -3105,7 +3105,7 @@ write_duid(struct data_string *duid)
+@@ -3261,7 +3261,7 @@ write_duid(struct data_string *duid)
                return DHCP_R_INVALIDARG;
  
        if (leaseFile == NULL) {        /* XXX? */
@@ -82,7 +82,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.cloexec dhcp-4.2.2b1/client/dhclient.c
                if (leaseFile == NULL) {
                        log_error("can't create %s: %m", path_dhclient_db);
                        return ISC_R_IOERROR;
-@@ -3285,7 +3285,7 @@ int write_client_lease (client, lease, r
+@@ -3441,7 +3441,7 @@ int write_client_lease (client, lease, r
                return 1;
  
        if (leaseFile == NULL) {        /* XXX */
@@ -91,20 +91,20 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.cloexec dhcp-4.2.2b1/client/dhclient.c
                if (leaseFile == NULL) {
                        log_error ("can't create %s: %m", path_dhclient_db);
                        return 0;
-@@ -3772,9 +3772,9 @@ void go_daemon ()
-       close(2);
+@@ -3952,9 +3952,9 @@ void go_daemon ()
+       (void) close(2);
  
        /* Reopen them on /dev/null. */
--      open("/dev/null", O_RDWR);
--      open("/dev/null", O_RDWR);
--      open("/dev/null", O_RDWR);
-+      open("/dev/null", O_RDWR | O_CLOEXEC);
-+      open("/dev/null", O_RDWR | O_CLOEXEC);
-+      open("/dev/null", O_RDWR | O_CLOEXEC);
+-      (void) open("/dev/null", O_RDWR);
+-      (void) open("/dev/null", O_RDWR);
+-      (void) open("/dev/null", O_RDWR);
++      (void) open("/dev/null", O_RDWR | O_CLOEXEC);
++      (void) open("/dev/null", O_RDWR | O_CLOEXEC);
++      (void) open("/dev/null", O_RDWR | O_CLOEXEC);
  
        write_client_pid_file ();
  
-@@ -3791,14 +3791,14 @@ void write_client_pid_file ()
+@@ -3971,14 +3971,14 @@ void write_client_pid_file ()
                return;
        }
  
@@ -121,10 +121,10 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.cloexec dhcp-4.2.2b1/client/dhclient.c
        if (!pf) {
                close(pfdesc);
                log_error ("Can't fdopen %s: %m", path_dhclient_pid);
-diff -up dhcp-4.2.2b1/common/bpf.c.cloexec dhcp-4.2.2b1/common/bpf.c
---- dhcp-4.2.2b1/common/bpf.c.cloexec  2011-07-01 14:13:30.976887712 +0200
-+++ dhcp-4.2.2b1/common/bpf.c  2011-07-01 14:13:31.030887673 +0200
-@@ -94,7 +94,7 @@ int if_register_bpf (info)
+diff -up dhcp-4.3.0a1/common/bpf.c.cloexec dhcp-4.3.0a1/common/bpf.c
+--- dhcp-4.3.0a1/common/bpf.c.cloexec  2013-12-19 15:34:41.640886227 +0100
++++ dhcp-4.3.0a1/common/bpf.c  2013-12-19 15:34:41.661885928 +0100
+@@ -95,7 +95,7 @@ int if_register_bpf (info)
        for (b = 0; 1; b++) {
                /* %Audit% 31 bytes max. %2004.06.17,Safe% */
                sprintf(filename, BPF_FORMAT, b);
@@ -133,31 +133,10 @@ diff -up dhcp-4.2.2b1/common/bpf.c.cloexec dhcp-4.2.2b1/common/bpf.c
                if (sock < 0) {
                        if (errno == EBUSY) {
                                continue;
-diff -up dhcp-4.2.2b1/common/discover.c.cloexec dhcp-4.2.2b1/common/discover.c
---- dhcp-4.2.2b1/common/discover.c.cloexec     2011-06-27 18:18:20.000000000 +0200
-+++ dhcp-4.2.2b1/common/discover.c     2011-07-01 14:13:31.031887673 +0200
-@@ -421,7 +421,7 @@ begin_iface_scan(struct iface_conf_list 
-       int len;
-       int i;
- 
--      ifaces->fp = fopen("/proc/net/dev", "r");
-+      ifaces->fp = fopen("/proc/net/dev", "re");
-       if (ifaces->fp == NULL) {
-               log_error("Error opening '/proc/net/dev' to list interfaces");
-               return 0;
-@@ -456,7 +456,7 @@ begin_iface_scan(struct iface_conf_list 
- 
- #ifdef DHCPv6
-       if (local_family == AF_INET6) {
--              ifaces->fp6 = fopen("/proc/net/if_inet6", "r");
-+              ifaces->fp6 = fopen("/proc/net/if_inet6", "re");
-               if (ifaces->fp6 == NULL) {
-                       log_error("Error opening '/proc/net/if_inet6' to "
-                                 "list IPv6 interfaces; %m");
-diff -up dhcp-4.2.2b1/common/dlpi.c.cloexec dhcp-4.2.2b1/common/dlpi.c
---- dhcp-4.2.2b1/common/dlpi.c.cloexec 2011-07-01 14:13:30.977887712 +0200
-+++ dhcp-4.2.2b1/common/dlpi.c 2011-07-01 14:13:31.032887673 +0200
-@@ -806,7 +806,7 @@ dlpiopen(const char *ifname) {
+diff -up dhcp-4.3.0a1/common/dlpi.c.cloexec dhcp-4.3.0a1/common/dlpi.c
+--- dhcp-4.3.0a1/common/dlpi.c.cloexec 2013-12-19 15:34:41.641886213 +0100
++++ dhcp-4.3.0a1/common/dlpi.c 2013-12-19 15:34:41.662885914 +0100
+@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) {
        }
        *dp = '\0';
        
@@ -166,9 +145,9 @@ diff -up dhcp-4.2.2b1/common/dlpi.c.cloexec dhcp-4.2.2b1/common/dlpi.c
  }
  
  /*
-diff -up dhcp-4.2.2b1/common/nit.c.cloexec dhcp-4.2.2b1/common/nit.c
---- dhcp-4.2.2b1/common/nit.c.cloexec  2011-07-01 14:13:30.978887712 +0200
-+++ dhcp-4.2.2b1/common/nit.c  2011-07-01 14:13:31.033887672 +0200
+diff -up dhcp-4.3.0a1/common/nit.c.cloexec dhcp-4.3.0a1/common/nit.c
+--- dhcp-4.3.0a1/common/nit.c.cloexec  2013-12-19 15:34:41.642886199 +0100
++++ dhcp-4.3.0a1/common/nit.c  2013-12-19 15:34:41.662885914 +0100
 @@ -81,7 +81,7 @@ int if_register_nit (info)
        struct strioctl sio;
  
@@ -178,10 +157,10 @@ diff -up dhcp-4.2.2b1/common/nit.c.cloexec dhcp-4.2.2b1/common/nit.c
        if (sock < 0)
                log_fatal ("Can't open NIT device for %s: %m", info -> name);
  
-diff -up dhcp-4.2.2b1/common/resolv.c.cloexec dhcp-4.2.2b1/common/resolv.c
---- dhcp-4.2.2b1/common/resolv.c.cloexec       2009-11-20 02:49:01.000000000 +0100
-+++ dhcp-4.2.2b1/common/resolv.c       2011-07-01 14:13:31.033887672 +0200
-@@ -49,7 +49,7 @@ void read_resolv_conf (parse_time)
+diff -up dhcp-4.3.0a1/common/resolv.c.cloexec dhcp-4.3.0a1/common/resolv.c
+--- dhcp-4.3.0a1/common/resolv.c.cloexec       2013-12-11 01:25:12.000000000 +0100
++++ dhcp-4.3.0a1/common/resolv.c       2013-12-19 15:34:41.663885900 +0100
+@@ -50,7 +50,7 @@ void read_resolv_conf (parse_time)
        struct domain_search_list *dp, *dl, *nd;
        isc_result_t status;
  
@@ -190,9 +169,9 @@ diff -up dhcp-4.2.2b1/common/resolv.c.cloexec dhcp-4.2.2b1/common/resolv.c
                log_error ("Can't open %s: %m", path_resolv_conf);
                return;
        }
-diff -up dhcp-4.2.2b1/common/upf.c.cloexec dhcp-4.2.2b1/common/upf.c
---- dhcp-4.2.2b1/common/upf.c.cloexec  2011-07-01 14:13:30.979887712 +0200
-+++ dhcp-4.2.2b1/common/upf.c  2011-07-01 14:13:31.034887671 +0200
+diff -up dhcp-4.3.0a1/common/upf.c.cloexec dhcp-4.3.0a1/common/upf.c
+--- dhcp-4.3.0a1/common/upf.c.cloexec  2013-12-19 15:34:41.642886199 +0100
++++ dhcp-4.3.0a1/common/upf.c  2013-12-19 15:34:41.663885900 +0100
 @@ -77,7 +77,7 @@ int if_register_upf (info)
                /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
                sprintf(filename, "/dev/pf/pfilt%d", b);
@@ -202,70 +181,10 @@ diff -up dhcp-4.2.2b1/common/upf.c.cloexec dhcp-4.2.2b1/common/upf.c
                if (sock < 0) {
                        if (errno == EBUSY) {
                                continue;
-diff -up dhcp-4.2.2b1/dst/dst_api.c.cloexec dhcp-4.2.2b1/dst/dst_api.c
---- dhcp-4.2.2b1/dst/dst_api.c.cloexec 2009-10-29 01:46:48.000000000 +0100
-+++ dhcp-4.2.2b1/dst/dst_api.c 2011-07-01 14:13:31.035887670 +0200
-@@ -437,7 +437,7 @@ dst_s_write_private_key(const DST_KEY *k
-                            PRIVATE_KEY, PATH_MAX);
- 
-       /* Do not overwrite an existing file */
--      if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) {
-+      if ((fp = dst_s_fopen(file, "we", 0600)) != NULL) {
-               int nn;
-               if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {
-                       EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",
-@@ -494,7 +494,7 @@ dst_s_read_public_key(const char *in_nam
-        * flags, proto, alg stored as decimal (or hex numbers FIXME).
-        * (FIXME: handle parentheses for line continuation.)
-        */
--      if ((fp = dst_s_fopen(name, "r", 0)) == NULL) {
-+      if ((fp = dst_s_fopen(name, "re", 0)) == NULL) {
-               EREPORT(("dst_read_public_key(): Public Key not found %s\n",
-                        name));
-               return (NULL);
-@@ -620,7 +620,7 @@ dst_s_write_public_key(const DST_KEY *ke
-               return (0);
-       }
-       /* create public key file */
--      if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) {
-+      if ((fp = dst_s_fopen(filename, "w+e", 0644)) == NULL) {
-               EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n",
-                        filename, errno));
-               return (0);
-@@ -854,7 +854,7 @@ dst_s_read_private_key_file(char *name, 
-               return (0);
-       }
-       /* first check if we can find the key file */
--      if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) {
-+      if ((fp = dst_s_fopen(filename, "re", 0)) == NULL) {
-               EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n",
-                        filename, dst_path[0] ? dst_path :
-                        (char *) getcwd(NULL, PATH_MAX - 1)));
-diff -up dhcp-4.2.2b1/dst/prandom.c.cloexec dhcp-4.2.2b1/dst/prandom.c
---- dhcp-4.2.2b1/dst/prandom.c.cloexec 2009-11-20 02:49:01.000000000 +0100
-+++ dhcp-4.2.2b1/dst/prandom.c 2011-07-01 14:13:31.035887670 +0200
-@@ -269,7 +269,7 @@ get_dev_random(u_char *output, unsigned 
- 
-       s = stat("/dev/random", &st);
-       if (s == 0 && S_ISCHR(st.st_mode)) {
--              if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) {
-+              if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) {
-                       if ((n = read(fd, output, size)) < 0)
-                               n = 0;
-                       close(fd);
-@@ -480,7 +480,7 @@ digest_file(dst_work *work) 
-               work->file_digest = dst_free_key(work->file_digest);
-               return (0);
-       }
--      if ((fp = fopen(name, "r")) == NULL) 
-+      if ((fp = fopen(name, "re")) == NULL) 
-               return (0);
-       for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; 
-            no += i) 
-diff -up dhcp-4.2.2b1/omapip/trace.c.cloexec dhcp-4.2.2b1/omapip/trace.c
---- dhcp-4.2.2b1/omapip/trace.c.cloexec        2010-05-27 02:34:57.000000000 +0200
-+++ dhcp-4.2.2b1/omapip/trace.c        2011-07-01 14:13:31.036887669 +0200
-@@ -141,10 +141,10 @@ isc_result_t trace_begin (const char *fi
+diff -up dhcp-4.3.0a1/omapip/trace.c.cloexec dhcp-4.3.0a1/omapip/trace.c
+--- dhcp-4.3.0a1/omapip/trace.c.cloexec        2013-12-11 01:01:03.000000000 +0100
++++ dhcp-4.3.0a1/omapip/trace.c        2013-12-19 15:34:41.663885900 +0100
+@@ -142,10 +142,10 @@ isc_result_t trace_begin (const char *fi
                return DHCP_R_INVALIDARG;
        }
  
@@ -278,7 +197,7 @@ diff -up dhcp-4.2.2b1/omapip/trace.c.cloexec dhcp-4.2.2b1/omapip/trace.c
                                     0600);
        }
  
-@@ -431,7 +431,7 @@ void trace_file_replay (const char *file
+@@ -433,7 +433,7 @@ void trace_file_replay (const char *file
        isc_result_t result;
        int len;
  
@@ -287,10 +206,10 @@ diff -up dhcp-4.2.2b1/omapip/trace.c.cloexec dhcp-4.2.2b1/omapip/trace.c
        if (!traceinfile) {
                log_error("Can't open tracefile %s: %m", filename);
                return;
-diff -up dhcp-4.2.2b1/relay/dhcrelay.c.cloexec dhcp-4.2.2b1/relay/dhcrelay.c
---- dhcp-4.2.2b1/relay/dhcrelay.c.cloexec      2011-05-10 15:07:37.000000000 +0200
-+++ dhcp-4.2.2b1/relay/dhcrelay.c      2011-07-01 14:18:07.630209767 +0200
-@@ -183,11 +183,11 @@ main(int argc, char **argv) {
+diff -up dhcp-4.3.0a1/relay/dhcrelay.c.cloexec dhcp-4.3.0a1/relay/dhcrelay.c
+--- dhcp-4.3.0a1/relay/dhcrelay.c.cloexec      2013-12-13 22:26:21.000000000 +0100
++++ dhcp-4.3.0a1/relay/dhcrelay.c      2013-12-19 15:34:41.664885886 +0100
+@@ -193,11 +193,11 @@ main(int argc, char **argv) {
        /* Make sure that file descriptors 0(stdin), 1,(stdout), and
           2(stderr) are open. To do this, we assume that when we
           open a file the lowest available file descriptor is used. */
@@ -305,7 +224,7 @@ diff -up dhcp-4.2.2b1/relay/dhcrelay.c.cloexec dhcp-4.2.2b1/relay/dhcrelay.c
        if (fd == 2)
                log_perror = 0; /* No sense logging to /dev/null. */
        else if (fd != -1)
-@@ -540,13 +540,13 @@ main(int argc, char **argv) {
+@@ -564,13 +564,13 @@ main(int argc, char **argv) {
  
                if (no_pid_file == ISC_FALSE) {
                        pfdesc = open(path_dhcrelay_pid,
@@ -321,10 +240,10 @@ diff -up dhcp-4.2.2b1/relay/dhcrelay.c.cloexec dhcp-4.2.2b1/relay/dhcrelay.c
                                if (!pf)
                                        log_error("Can't fdopen %s: %m",
                                                  path_dhcrelay_pid);
-diff -up dhcp-4.2.2b1/server/confpars.c.cloexec dhcp-4.2.2b1/server/confpars.c
---- dhcp-4.2.2b1/server/confpars.c.cloexec     2010-10-14 00:34:45.000000000 +0200
-+++ dhcp-4.2.2b1/server/confpars.c     2011-07-01 14:13:31.039887666 +0200
-@@ -116,7 +116,7 @@ isc_result_t read_conf_file (const char 
+diff -up dhcp-4.3.0a1/server/confpars.c.cloexec dhcp-4.3.0a1/server/confpars.c
+--- dhcp-4.3.0a1/server/confpars.c.cloexec     2013-12-11 01:25:12.000000000 +0100
++++ dhcp-4.3.0a1/server/confpars.c     2013-12-19 15:34:41.665885871 +0100
+@@ -117,7 +117,7 @@ isc_result_t read_conf_file (const char
        }
  #endif
  
@@ -333,10 +252,10 @@ diff -up dhcp-4.2.2b1/server/confpars.c.cloexec dhcp-4.2.2b1/server/confpars.c
                if (leasep) {
                        log_error ("Can't open lease database %s: %m --",
                                   path_dhcpd_db);
-diff -up dhcp-4.2.2b1/server/db.c.cloexec dhcp-4.2.2b1/server/db.c
---- dhcp-4.2.2b1/server/db.c.cloexec   2010-09-14 00:15:26.000000000 +0200
-+++ dhcp-4.2.2b1/server/db.c   2011-07-01 14:13:31.040887665 +0200
-@@ -1035,7 +1035,7 @@ void db_startup (testp)
+diff -up dhcp-4.3.0a1/server/db.c.cloexec dhcp-4.3.0a1/server/db.c
+--- dhcp-4.3.0a1/server/db.c.cloexec   2013-12-11 01:25:12.000000000 +0100
++++ dhcp-4.3.0a1/server/db.c   2013-12-19 15:34:41.666885857 +0100
+@@ -1081,7 +1081,7 @@ void db_startup (testp)
        }
  #endif
        if (!testp) {
@@ -345,7 +264,7 @@ diff -up dhcp-4.2.2b1/server/db.c.cloexec dhcp-4.2.2b1/server/db.c
                if (!db_file)
                        log_fatal ("Can't open %s for append.", path_dhcpd_db);
                expire_all_pools ();
-@@ -1083,12 +1083,12 @@ int new_lease_file ()
+@@ -1129,12 +1129,12 @@ int new_lease_file ()
                     path_dhcpd_db, (int)t) >= sizeof newfname)
                log_fatal("new_lease_file: lease file path too long");
  
@@ -360,10 +279,10 @@ diff -up dhcp-4.2.2b1/server/db.c.cloexec dhcp-4.2.2b1/server/db.c
                log_error("Can't fdopen new lease file: %m");
                close(db_fd);
                goto fdfail;
-diff -up dhcp-4.2.2b1/server/dhcpd.c.cloexec dhcp-4.2.2b1/server/dhcpd.c
---- dhcp-4.2.2b1/server/dhcpd.c.cloexec        2011-04-21 16:08:15.000000000 +0200
-+++ dhcp-4.2.2b1/server/dhcpd.c        2011-07-01 14:19:40.354124505 +0200
-@@ -270,11 +270,11 @@ main(int argc, char **argv) {
+diff -up dhcp-4.3.0a1/server/dhcpd.c.cloexec dhcp-4.3.0a1/server/dhcpd.c
+--- dhcp-4.3.0a1/server/dhcpd.c.cloexec        2013-12-13 22:26:01.000000000 +0100
++++ dhcp-4.3.0a1/server/dhcpd.c        2013-12-19 15:37:17.258674472 +0100
+@@ -193,11 +193,11 @@ main(int argc, char **argv) {
          /* Make sure that file descriptors 0 (stdin), 1, (stdout), and
             2 (stderr) are open. To do this, we assume that when we
             open a file the lowest available file descriptor is used. */
@@ -378,7 +297,7 @@ diff -up dhcp-4.2.2b1/server/dhcpd.c.cloexec dhcp-4.2.2b1/server/dhcpd.c
          if (fd == 2)
                  log_perror = 0; /* No sense logging to /dev/null. */
          else if (fd != -1)
-@@ -793,7 +793,7 @@ main(int argc, char **argv) {
+@@ -716,7 +716,7 @@ main(int argc, char **argv) {
         */
        if (no_pid_file == ISC_FALSE) {
                /*Read previous pid file. */
@@ -387,7 +306,7 @@ diff -up dhcp-4.2.2b1/server/dhcpd.c.cloexec dhcp-4.2.2b1/server/dhcpd.c
                        status = read(i, pbuf, (sizeof pbuf) - 1);
                        close (i);
                        if (status > 0) {
-@@ -812,7 +812,7 @@ main(int argc, char **argv) {
+@@ -735,7 +735,7 @@ main(int argc, char **argv) {
                }
  
                /* Write new pid file. */
@@ -396,23 +315,23 @@ diff -up dhcp-4.2.2b1/server/dhcpd.c.cloexec dhcp-4.2.2b1/server/dhcpd.c
                if (i >= 0) {
                        sprintf(pbuf, "%d\n", (int) getpid());
                        IGNORE_RET (write(i, pbuf, strlen(pbuf)));
-@@ -840,9 +840,9 @@ main(int argc, char **argv) {
-                 close(2);
+@@ -763,9 +763,9 @@ main(int argc, char **argv) {
+                 (void) close(2);
  
                  /* Reopen them on /dev/null. */
--                open("/dev/null", O_RDWR);
--                open("/dev/null", O_RDWR);
--                open("/dev/null", O_RDWR);
-+                open("/dev/null", O_RDWR | O_CLOEXEC);
-+                open("/dev/null", O_RDWR | O_CLOEXEC);
-+                open("/dev/null", O_RDWR | O_CLOEXEC);
+-                (void) open("/dev/null", O_RDWR);
+-                (void) open("/dev/null", O_RDWR);
+-                (void) open("/dev/null", O_RDWR);
++                (void) open("/dev/null", O_RDWR | O_CLOEXEC);
++                (void) open("/dev/null", O_RDWR | O_CLOEXEC);
++                (void) open("/dev/null", O_RDWR | O_CLOEXEC);
                  log_perror = 0; /* No sense logging to /dev/null. */
  
                        IGNORE_RET (chdir("/"));
-diff -up dhcp-4.2.2b1/server/ldap.c.cloexec dhcp-4.2.2b1/server/ldap.c
---- dhcp-4.2.2b1/server/ldap.c.cloexec 2010-03-25 16:26:58.000000000 +0100
-+++ dhcp-4.2.2b1/server/ldap.c 2011-07-01 14:13:31.043887665 +0200
-@@ -685,7 +685,7 @@ ldap_start (void)
+diff -up dhcp-4.3.0a1/server/ldap.c.cloexec dhcp-4.3.0a1/server/ldap.c
+--- dhcp-4.3.0a1/server/ldap.c.cloexec 2013-12-11 01:25:12.000000000 +0100
++++ dhcp-4.3.0a1/server/ldap.c 2013-12-19 15:34:41.667885843 +0100
+@@ -684,7 +684,7 @@ ldap_start (void)
  
    if (ldap_debug_file != NULL && ldap_debug_fd == -1)
      {

diff --git a/src/patches/dhcp-4.2.0-PPP.patch b/src/patches/dhcp/dhcp-PPP.patch
similarity index 59%
rename from src/patches/dhcp-4.2.0-PPP.patch
rename to src/patches/dhcp/dhcp-PPP.patch
index bef2be7f08b059e6819584285f2567e229e9d066..5d022e43209213ab6dd355a14c6d5ef6a369ed1f 100644 (file)
--- a/src/patches/dhcp-4.2.0-PPP.patch
+++ b/src/patches/dhcp/dhcp-PPP.patch
@@ -1,7 +1,31 @@
-diff -up dhcp-4.2.0-P1/client/dhc6.c.PPP dhcp-4.2.0-P1/client/dhc6.c
---- dhcp-4.2.0-P1/client/dhc6.c.PPP    2010-11-05 10:47:37.000000000 +0100
-+++ dhcp-4.2.0-P1/client/dhc6.c        2010-11-09 15:54:12.000000000 +0100
-@@ -129,7 +129,7 @@ extern int stateless;
+diff -up dhcp-4.3.1b1/client/dhc6.c.mRfpsB dhcp-4.3.1b1/client/dhc6.c
+--- dhcp-4.3.1b1/client/dhc6.c.mRfpsB  2014-07-10 17:48:03.779424870 +0200
++++ dhcp-4.3.1b1/client/dhc6.c 2014-07-10 17:48:03.795424644 +0200
+@@ -5088,7 +5088,8 @@ make_client6_options(struct client_state
+        */
+       if ((oc = lookup_option(&dhcpv6_universe, *op,
+                               D6O_CLIENTID)) == NULL) {
+-              if (!option_cache(&oc, &default_duid, NULL, clientid_option,
++              if (default_duid.len == 0 ||
++                  !option_cache(&oc, &default_duid, NULL, clientid_option,
+                                 MDL))
+                       log_fatal("Failure assembling a DUID.");
+ 
+diff -up dhcp-4.3.1b1/client/dhclient.c.mRfpsB dhcp-4.3.1b1/client/dhclient.c
+--- dhcp-4.3.1b1/client/dhclient.c.mRfpsB      2014-07-10 17:39:25.853763858 +0200
++++ dhcp-4.3.1b1/client/dhclient.c     2014-07-10 17:49:49.882925843 +0200
+@@ -948,8 +948,8 @@ main(int argc, char **argv) {
+                       if (default_duid.buffer != NULL)
+                               data_string_forget(&default_duid, MDL);
+ 
+-                      form_duid(&default_duid, MDL);
+-                      write_duid(&default_duid);
++                      if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS)
++                              write_duid(&default_duid);
+               }
+       }
+ 
+@@ -3267,7 +3267,7 @@ write_options(struct client_state *clien
   * is not how it is intended.  Upcoming rearchitecting the client should
   * address this "one daemon model."
   */
@@ -10,7 +34,7 @@ diff -up dhcp-4.2.0-P1/client/dhc6.c.PPP dhcp-4.2.0-P1/client/dhc6.c
  form_duid(struct data_string *duid, const char *file, int line)
  {
        struct interface_info *ip;
-@@ -141,6 +141,15 @@ form_duid(struct data_string *duid, cons
+@@ -3280,6 +3280,15 @@ form_duid(struct data_string *duid, cons
        if (ip == NULL)
                log_fatal("Impossible condition at %s:%d.", MDL);
  
@@ -26,43 +50,19 @@ diff -up dhcp-4.2.0-P1/client/dhc6.c.PPP dhcp-4.2.0-P1/client/dhc6.c
        if ((ip->hw_address.hlen == 0) ||
            (ip->hw_address.hlen > sizeof(ip->hw_address.hbuf)))
                log_fatal("Impossible hardware address length at %s:%d.", MDL);
-@@ -176,6 +185,8 @@ form_duid(struct data_string *duid, cons
-               memcpy(duid->buffer->data + 4, ip->hw_address.hbuf + 1,
-                      ip->hw_address.hlen - 1);
+@@ -3323,6 +3332,8 @@ form_duid(struct data_string *duid, cons
+               log_info("Created duid %s.", str);
+               dfree(str, MDL);
        }
-+
++      
 +      return ISC_R_SUCCESS;
  }
  
- /*
-@@ -5289,7 +5300,8 @@ make_client6_options(struct client_state
-        */
-       if ((oc = lookup_option(&dhcpv6_universe, *op,
-                               D6O_CLIENTID)) == NULL) {
--              if (!option_cache(&oc, &default_duid, NULL, clientid_option,
-+              if (default_duid.len == 0 ||
-+                  !option_cache(&oc, &default_duid, NULL, clientid_option,
-                                 MDL))
-                       log_fatal("Failure assembling a DUID.");
- 
-diff -up dhcp-4.2.0-P1/client/dhclient.c.PPP dhcp-4.2.0-P1/client/dhclient.c
---- dhcp-4.2.0-P1/client/dhclient.c.PPP        2010-11-05 10:47:37.000000000 +0100
-+++ dhcp-4.2.0-P1/client/dhclient.c    2010-11-09 15:37:26.000000000 +0100
-@@ -911,8 +911,8 @@ main(int argc, char **argv) {
-                       if (default_duid.buffer != NULL)
-                               data_string_forget(&default_duid, MDL);
- 
--                      form_duid(&default_duid, MDL);
--                      write_duid(&default_duid);
-+                      if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS)
-+                              write_duid(&default_duid);
-               }
- 
-               for (ip = interfaces ; ip != NULL ; ip = ip->next) {
-diff -up dhcp-4.2.0-P1/common/bpf.c.PPP dhcp-4.2.0-P1/common/bpf.c
---- dhcp-4.2.0-P1/common/bpf.c.PPP     2010-11-05 10:47:37.000000000 +0100
-+++ dhcp-4.2.0-P1/common/bpf.c 2010-11-09 15:42:42.000000000 +0100
-@@ -599,6 +599,22 @@ get_hw_addr(const char *name, struct har
+ /* Write the default DUID to the lease store. */
+diff -up dhcp-4.3.1b1/common/bpf.c.mRfpsB dhcp-4.3.1b1/common/bpf.c
+--- dhcp-4.3.1b1/common/bpf.c.mRfpsB   2014-07-10 17:39:25.797764653 +0200
++++ dhcp-4.3.1b1/common/bpf.c  2014-07-10 17:48:03.797424616 +0200
+@@ -600,6 +600,22 @@ get_hw_addr(const char *name, struct har
                          memcpy(&hw->hbuf[1], LLADDR(sa), sa->sdl_alen);
                          break;
  #endif /* IFT_FDDI */
@@ -85,12 +85,12 @@ diff -up dhcp-4.2.0-P1/common/bpf.c.PPP dhcp-4.2.0-P1/common/bpf.c
                  default:
                          log_fatal("Unsupported device type %d for \"%s\"",
                                    sa->sdl_type, name);
-diff -up dhcp-4.2.0-P1/common/lpf.c.PPP dhcp-4.2.0-P1/common/lpf.c
---- dhcp-4.2.0-P1/common/lpf.c.PPP     2010-11-05 10:47:37.000000000 +0100
-+++ dhcp-4.2.0-P1/common/lpf.c 2010-11-09 15:45:40.000000000 +0100
-@@ -502,6 +502,22 @@ get_hw_addr(const char *name, struct har
+diff -up dhcp-4.3.1b1/common/lpf.c.mRfpsB dhcp-4.3.1b1/common/lpf.c
+--- dhcp-4.3.1b1/common/lpf.c.mRfpsB   2014-07-10 17:39:25.744765404 +0200
++++ dhcp-4.3.1b1/common/lpf.c  2014-07-10 17:48:03.797424616 +0200
+@@ -511,6 +511,22 @@ get_hw_addr(const char *name, struct har
                        hw->hbuf[0] = HTYPE_FDDI;
-                       memcpy(&hw->hbuf[1], sa->sa_data, 16);
+                       memcpy(&hw->hbuf[1], sa->sa_data, 6);
                        break;
 +#if defined(ARPHRD_PPP)
 +              case ARPHRD_PPP:
@@ -111,34 +111,34 @@ diff -up dhcp-4.2.0-P1/common/lpf.c.PPP dhcp-4.2.0-P1/common/lpf.c
                default:
                        log_fatal("Unsupported device type %ld for \"%s\"",
                                  (long int)sa->sa_family, name);
-diff -up dhcp-4.2.0-P1/includes/dhcpd.h.PPP dhcp-4.2.0-P1/includes/dhcpd.h
---- dhcp-4.2.0-P1/includes/dhcpd.h.PPP 2010-11-05 10:47:37.000000000 +0100
-+++ dhcp-4.2.0-P1/includes/dhcpd.h     2010-11-09 15:46:58.000000000 +0100
-@@ -2733,7 +2733,7 @@ void dhcpv4_client_assignments(void);
- void dhcpv6_client_assignments(void);
+diff -up dhcp-4.3.1b1/includes/dhcpd.h.mRfpsB dhcp-4.3.1b1/includes/dhcpd.h
+--- dhcp-4.3.1b1/includes/dhcpd.h.mRfpsB       2014-07-10 17:48:03.761425124 +0200
++++ dhcp-4.3.1b1/includes/dhcpd.h      2014-07-10 17:48:03.798424601 +0200
+@@ -2839,7 +2839,7 @@ void client_dns_remove(struct client_sta
  
- /* dhc6.c */
+ void dhcpv4_client_assignments(void);
+ void dhcpv6_client_assignments(void);
 -void form_duid(struct data_string *duid, const char *file, int line);
 +isc_result_t form_duid(struct data_string *duid, const char *file, int line);
+ 
+ /* dhc6.c */
  void dhc6_lease_destroy(struct dhc6_lease **src, const char *file, int line);
- void start_init6(struct client_state *client);
- void start_info_request6(struct client_state *client);
-diff -up dhcp-4.2.0-P1/includes/dhcp.h.PPP dhcp-4.2.0-P1/includes/dhcp.h
---- dhcp-4.2.0-P1/includes/dhcp.h.PPP  2010-11-05 10:47:37.000000000 +0100
-+++ dhcp-4.2.0-P1/includes/dhcp.h      2010-11-09 15:48:53.000000000 +0100
-@@ -80,6 +80,8 @@ struct dhcp_packet {
- #define HTYPE_IEEE802 6               /* IEEE 802.2 Token Ring...     */
- #define HTYPE_FDDI    8               /* FDDI...                      */
+diff -up dhcp-4.3.1b1/includes/dhcp.h.mRfpsB dhcp-4.3.1b1/includes/dhcp.h
+--- dhcp-4.3.1b1/includes/dhcp.h.mRfpsB        2014-07-10 17:48:03.761425124 +0200
++++ dhcp-4.3.1b1/includes/dhcp.h       2014-07-10 17:48:03.798424601 +0200
+@@ -81,6 +81,8 @@ struct dhcp_packet {
+                                        * is no standard for this so we
+                                        * just steal a type            */
  
-+#define HTYPE_RESERVED  0               /* RFC 5494 */
++#define HTYPE_RESERVED        0               /* RFC 5494 */
 +
  /* Magic cookie validating dhcp options field (and bootp vendor
     extensions field). */
  #define DHCP_OPTIONS_COOKIE   "\143\202\123\143"
-diff -up dhcp-4.2.0-P1/server/dhcpv6.c.PPP dhcp-4.2.0-P1/server/dhcpv6.c
---- dhcp-4.2.0-P1/server/dhcpv6.c.PPP  2010-11-05 10:47:37.000000000 +0100
-+++ dhcp-4.2.0-P1/server/dhcpv6.c      2010-11-09 15:50:17.000000000 +0100
-@@ -300,6 +300,9 @@ generate_new_server_duid(void) {
+diff -up dhcp-4.3.1b1/server/dhcpv6.c.mRfpsB dhcp-4.3.1b1/server/dhcpv6.c
+--- dhcp-4.3.1b1/server/dhcpv6.c.mRfpsB        2014-07-10 17:47:31.464881409 +0200
++++ dhcp-4.3.1b1/server/dhcpv6.c       2014-07-10 17:48:03.800424573 +0200
+@@ -330,6 +330,9 @@ generate_new_server_duid(void) {
                if (p->hw_address.hlen > 0) {
                        break;
                }

diff --git a/src/patches/dhcp-4.2.0-UseMulticast.patch b/src/patches/dhcp/dhcp-UseMulticast.patch
similarity index 83%
rename from src/patches/dhcp-4.2.0-UseMulticast.patch
rename to src/patches/dhcp/dhcp-UseMulticast.patch
index 319344aa5d489f7d8d8d9b8c8aa0c1dff1d9597b..ee0ea6b9af0c8fe00903f78f6c40299bbb1d63e9 100644 (file)
--- a/src/patches/dhcp-4.2.0-UseMulticast.patch
+++ b/src/patches/dhcp/dhcp-UseMulticast.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c
---- dhcp-4.2.0/server/dhcpv6.c.UseMulticast    2010-06-01 19:30:00.000000000 +0200
-+++ dhcp-4.2.0/server/dhcpv6.c 2010-07-21 16:17:30.000000000 +0200
-@@ -346,6 +346,48 @@ generate_new_server_duid(void) {
+diff -up dhcp-4.3.1b1/server/dhcpv6.c.UseMulticast dhcp-4.3.1b1/server/dhcpv6.c
+--- dhcp-4.3.1b1/server/dhcpv6.c.UseMulticast  2014-07-02 19:58:40.000000000 +0200
++++ dhcp-4.3.1b1/server/dhcpv6.c       2014-07-10 18:20:03.066256219 +0200
+@@ -376,6 +376,48 @@ generate_new_server_duid(void) {
  }
  
  /*
@@ -35,7 +35,7 @@ diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c
 +              }
 +
 +              execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
-+                              opt_state, &global_scope, root_group, NULL);
++                           opt_state, &global_scope, root_group, NULL, NULL);
 +
 +              oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
 +              unicast_option_defined = (oc != NULL);
@@ -50,8 +50,21 @@ diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c
   * Get the client identifier from the packet.
   */
  isc_result_t
-@@ -1405,6 +1447,56 @@ lease_to_client(struct data_string *repl
-                                                   reply.shared->group);
+@@ -706,6 +748,12 @@ static const int required_opts[] = {
+       D6O_PREFERENCE,
+       0
+ };
++static const int required_opts_NAA[] = {
++      D6O_CLIENTID,
++      D6O_SERVERID,
++      D6O_STATUS_CODE,
++      0
++};
+ static const int required_opts_solicit[] = {
+       D6O_CLIENTID,
+       D6O_SERVERID,
+@@ -1587,6 +1635,56 @@ lease_to_client(struct data_string *repl
+                                                   reply.shared->group, NULL);
        }
  
 +      /* reject unicast message, unless we set unicast option */
@@ -102,21 +115,20 @@ diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c
 +                                      reply.opt_state, reply.packet,
 +                                      required_opts_NAA,
 +                                      NULL);
-+      } else if (no_resources_avail && (reply.ia_count != 0) &&
-+          (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT))
++      }
++
        /*
         * RFC3315 section 17.2.2 (Solicit):
         *
-@@ -1429,8 +1521,6 @@ lease_to_client(struct data_string *repl
-        * the server.
-        * Sends a Renew/Rebind if the IA is not in the Reply message.
+@@ -1619,6 +1717,7 @@ lease_to_client(struct data_string *repl
+        * Having stored the client's IA's, store any options that
+        * will fit in the remaining space.
         */
--      if (no_resources_avail && (reply.ia_count != 0) &&
--          (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT))
-       {
-               /* Set the NoAddrsAvail status code. */
-               if (!set_status_code(STATUS_NoAddrsAvail,
-@@ -4128,7 +4218,6 @@ dhcpv6_solicit(struct data_string *reply
++      else 
+       reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
+                                      sizeof(reply.buf) - reply.cursor,
+                                      reply.opt_state, reply.packet,
+@@ -4748,7 +4847,6 @@ dhcpv6_solicit(struct data_string *reply
   * Very similar to Solicit handling, except the server DUID is required.
   */
  
@@ -124,7 +136,7 @@ diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c
  static void
  dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
        struct data_string client_id;
-@@ -4443,7 +4532,6 @@ exit:
+@@ -5078,7 +5176,6 @@ exit:
   * except for the error code of when addresses don't match.
   */
  
@@ -132,7 +144,7 @@ diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c
  static void
  dhcpv6_renew(struct data_string *reply, struct packet *packet) {
        struct data_string client_id;
-@@ -4688,18 +4776,60 @@ iterate_over_ia_na(struct data_string *r
+@@ -5322,18 +5419,60 @@ iterate_over_ia_na(struct data_string *r
                goto exit;
        }
  
@@ -203,7 +215,7 @@ diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c
  
        /*
         * Loop through the IA_NA reported by the client, and deal with
-@@ -4838,6 +4968,7 @@ iterate_over_ia_na(struct data_string *r
+@@ -5471,6 +5610,7 @@ iterate_over_ia_na(struct data_string *r
        /* 
         * Return our reply to the caller.
         */
@@ -211,7 +223,7 @@ diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c
        reply_ret->len = reply_ofs;
        reply_ret->buffer = NULL;
        if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
-@@ -4883,7 +5014,6 @@ exit:
+@@ -5516,7 +5656,6 @@ exit:
   * we still need to be aware of this possibility.
   */
  
@@ -219,7 +231,7 @@ diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c
  /* TODO: IA_TA */
  static void
  dhcpv6_decline(struct data_string *reply, struct packet *packet) {
-@@ -5355,7 +5485,6 @@ exit:
+@@ -5986,7 +6125,6 @@ exit:
   * Release means a client is done with the leases.
   */
  

diff --git a/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch b/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch
new file mode 100644 (file)
index 0000000..103824c
--- /dev/null
+++ b/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch
@@ -0,0 +1,14 @@
+diff -up dhcp-4.3.0a1/common/dispatch.c.dracut dhcp-4.3.0a1/common/dispatch.c
+--- dhcp-4.3.0a1/common/dispatch.c.dracut      2013-12-11 01:25:12.000000000 +0100
++++ dhcp-4.3.0a1/common/dispatch.c     2013-12-19 15:39:50.350505860 +0100
+@@ -210,6 +210,10 @@ void add_timeout (when, where, what, ref
+       isc_interval_t interval;
+       isc_time_t expires;
+ 
++      if (when == NULL) {
++              return;
++      }
++
+       /* See if this timeout supersedes an existing timeout. */
+       t = (struct timeout *)0;
+       for (q = timeouts; q; q = q->next) {

diff --git a/src/patches/dhcp-4.2.2-capability.patch b/src/patches/dhcp/dhcp-capability.patch
similarity index 51%
rename from src/patches/dhcp-4.2.2-capability.patch
rename to src/patches/dhcp/dhcp-capability.patch
index 79af036f2af6e7cb3c2c4ac013e470952f50c82f..91a1baef525a32edeeb7c6ce43edad8ec2907013 100644 (file)
--- a/src/patches/dhcp-4.2.2-capability.patch
+++ b/src/patches/dhcp/dhcp-capability.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.2b1/client/dhclient.8.capability dhcp-4.2.2b1/client/dhclient.8
---- dhcp-4.2.2b1/client/dhclient.8.capability  2011-07-01 15:09:06.603784531 +0200
-+++ dhcp-4.2.2b1/client/dhclient.8     2011-07-01 15:09:06.663783913 +0200
-@@ -118,6 +118,9 @@ dhclient - Dynamic Host Configuration Pr
+diff -up dhcp-4.3.1b1/client/dhclient.8.zzftXp dhcp-4.3.1b1/client/dhclient.8
+--- dhcp-4.3.1b1/client/dhclient.8.zzftXp      2014-07-10 17:38:26.938599402 +0200
++++ dhcp-4.3.1b1/client/dhclient.8     2014-07-10 17:39:25.852763873 +0200
+@@ -128,6 +128,9 @@ dhclient - Dynamic Host Configuration Pr
  .B -w
  ]
  [
@@ -11,7 +11,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.8.capability dhcp-4.2.2b1/client/dhclient.
  .B -B
  ]
  [
-@@ -296,6 +299,32 @@ has been added or removed, so that the c
+@@ -304,6 +307,32 @@ has been added or removed, so that the c
  address on that interface.
  
  .TP
@@ -44,9 +44,9 @@ diff -up dhcp-4.2.2b1/client/dhclient.8.capability dhcp-4.2.2b1/client/dhclient.
  .BI \-B
  Set the BOOTP broadcast flag in request packets so servers will always
  broadcast replies.
-diff -up dhcp-4.2.2b1/client/dhclient.c.capability dhcp-4.2.2b1/client/dhclient.c
---- dhcp-4.2.2b1/client/dhclient.c.capability  2011-07-01 15:09:06.644784107 +0200
-+++ dhcp-4.2.2b1/client/dhclient.c     2011-07-01 15:09:06.664783903 +0200
+diff -up dhcp-4.3.1b1/client/dhclient.c.zzftXp dhcp-4.3.1b1/client/dhclient.c
+--- dhcp-4.3.1b1/client/dhclient.c.zzftXp      2014-07-10 17:39:25.797764653 +0200
++++ dhcp-4.3.1b1/client/dhclient.c     2014-07-10 17:39:25.853763858 +0200
 @@ -39,6 +39,10 @@
  #include <limits.h>
  #include <dns/result.h>
@@ -58,7 +58,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.capability dhcp-4.2.2b1/client/dhclient.
  /*
   * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define
   * that when building ISC code.
-@@ -141,6 +145,9 @@ main(int argc, char **argv) {
+@@ -143,6 +147,9 @@ main(int argc, char **argv) {
        int timeout_arg = 0;
        char *arg_conf = NULL;
        int arg_conf_len = 0;
@@ -68,7 +68,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.capability dhcp-4.2.2b1/client/dhclient.
  
        /* Initialize client globals. */
        memset(&default_duid, 0, sizeof(default_duid));
-@@ -410,6 +417,10 @@ main(int argc, char **argv) {
+@@ -425,6 +432,10 @@ main(int argc, char **argv) {
                        }
  
                        dhclient_request_options = argv[i];
@@ -79,7 +79,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.capability dhcp-4.2.2b1/client/dhclient.
                } else if (argv[i][0] == '-') {
                    usage();
                } else if (interfaces_requested < 0) {
-@@ -458,6 +469,19 @@ main(int argc, char **argv) {
+@@ -473,6 +484,19 @@ main(int argc, char **argv) {
                path_dhclient_script = s;
        }
  
@@ -99,10 +99,10 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.capability dhcp-4.2.2b1/client/dhclient.
        /* Set up the initial dhcp option universe. */
        initialize_common_option_spaces();
  
-diff -up dhcp-4.2.2b1/client/dhclient-script.8.capability dhcp-4.2.2b1/client/dhclient-script.8
---- dhcp-4.2.2b1/client/dhclient-script.8.capability   2011-07-01 15:09:06.604784521 +0200
-+++ dhcp-4.2.2b1/client/dhclient-script.8      2011-07-01 15:09:06.666783883 +0200
-@@ -239,6 +239,16 @@ repeatedly initialized to the values pro
+diff -up dhcp-4.3.1b1/client/dhclient-script.8.zzftXp dhcp-4.3.1b1/client/dhclient-script.8
+--- dhcp-4.3.1b1/client/dhclient-script.8.zzftXp       2014-07-10 17:39:25.761765163 +0200
++++ dhcp-4.3.1b1/client/dhclient-script.8      2014-07-10 17:39:25.851763887 +0200
+@@ -243,6 +243,16 @@ repeatedly initialized to the values pro
  the other.   Assuming the information provided by both servers is
  valid, this shouldn't cause any real problems, but it could be
  confusing.
@@ -119,22 +119,22 @@ diff -up dhcp-4.2.2b1/client/dhclient-script.8.capability dhcp-4.2.2b1/client/dh
  .SH SEE ALSO
  dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
  dhclient.leases(5).
-diff -up dhcp-4.2.2b1/client/Makefile.am.capability dhcp-4.2.2b1/client/Makefile.am
---- dhcp-4.2.2b1/client/Makefile.am.capability 2011-07-01 15:09:06.526785327 +0200
-+++ dhcp-4.2.2b1/client/Makefile.am    2011-07-01 15:09:06.667783873 +0200
-@@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c 
+diff -up dhcp-4.3.1b1/client/Makefile.am.zzftXp dhcp-4.3.1b1/client/Makefile.am
+--- dhcp-4.3.1b1/client/Makefile.am.zzftXp     2014-07-10 17:38:10.778828583 +0200
++++ dhcp-4.3.1b1/client/Makefile.am    2014-07-10 17:39:25.851763887 +0200
+@@ -10,7 +10,7 @@ dhclient_SOURCES = clparse.c dhclient.c
+                  scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
                   scripts/netbsd scripts/nextstep scripts/openbsd \
                   scripts/solaris scripts/openwrt
- dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--               $(BIND9_LIBDIR) -ldns-export -lisc-export
-+               $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
+-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
+                $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
  man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
  EXTRA_DIST = $(man_MANS)
- 
-diff -up dhcp-4.2.2b1/configure.ac.capability dhcp-4.2.2b1/configure.ac
---- dhcp-4.2.2b1/configure.ac.capability       2011-07-01 15:09:06.527785317 +0200
-+++ dhcp-4.2.2b1/configure.ac  2011-07-01 15:09:06.667783873 +0200
-@@ -449,6 +449,41 @@ AC_TRY_LINK(
+diff -up dhcp-4.3.1b1/configure.ac.zzftXp dhcp-4.3.1b1/configure.ac
+--- dhcp-4.3.1b1/configure.ac.zzftXp   2014-07-10 17:38:10.779828569 +0200
++++ dhcp-4.3.1b1/configure.ac  2014-07-10 17:39:25.854763844 +0200
+@@ -499,6 +499,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
  # Look for optional headers.
  AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
  
@@ -176,11 +176,11 @@ diff -up dhcp-4.2.2b1/configure.ac.capability dhcp-4.2.2b1/configure.ac
  # Solaris needs some libraries for functions
  AC_SEARCH_LIBS(socket, [socket])
  AC_SEARCH_LIBS(inet_ntoa, [nsl])
-diff -up dhcp-4.2.2b1/relay/dhcrelay.c.capability dhcp-4.2.2b1/relay/dhcrelay.c
---- dhcp-4.2.2b1/relay/dhcrelay.c.capability   2011-07-01 15:09:06.626784295 +0200
-+++ dhcp-4.2.2b1/relay/dhcrelay.c      2011-07-01 15:12:05.362223794 +0200
-@@ -36,6 +36,11 @@
- #include <syslog.h>
+diff -up dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp dhcp-4.3.1b1/relay/dhcrelay.c
+--- dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp       2014-07-10 17:39:25.799764624 +0200
++++ dhcp-4.3.1b1/relay/dhcrelay.c      2014-07-10 17:40:19.191007421 +0200
+@@ -31,6 +31,11 @@
+ #include <signal.h>
  #include <sys/time.h>
  
 +#ifdef HAVE_LIBCAP_NG
@@ -191,9 +191,9 @@ diff -up dhcp-4.2.2b1/relay/dhcrelay.c.capability dhcp-4.2.2b1/relay/dhcrelay.c
  TIME default_lease_time = 43200; /* 12 hours... */
  TIME max_lease_time = 86400; /* 24 hours... */
  struct tree_cache *global_options[256];
-@@ -356,6 +361,10 @@ main(int argc, char **argv) {
-                       sl->next = upstreams;
-                       upstreams = sl;
+@@ -376,6 +381,10 @@ main(int argc, char **argv) {
+                               usage();
+                       dhcrelay_sub_id = argv[i];
  #endif
 +              } else if (!strcmp(argv[i], "-nc")) {
 +#ifdef HAVE_LIBCAP_NG
@@ -202,7 +202,7 @@ diff -up dhcp-4.2.2b1/relay/dhcrelay.c.capability dhcp-4.2.2b1/relay/dhcrelay.c
                } else if (!strcmp(argv[i], "-pf")) {
                        if (++i == argc)
                                usage();
-@@ -426,6 +435,17 @@ main(int argc, char **argv) {
+@@ -446,6 +455,17 @@ main(int argc, char **argv) {
  #endif
        }
  
@@ -220,8 +220,8 @@ diff -up dhcp-4.2.2b1/relay/dhcrelay.c.capability dhcp-4.2.2b1/relay/dhcrelay.c
        if (!quiet) {
                log_info("%s %s", message, PACKAGE_VERSION);
                log_info(copyright);
-@@ -573,6 +593,15 @@ main(int argc, char **argv) {
-               dhcpv6_packet_handler = do_packet6;
+@@ -598,6 +618,15 @@ main(int argc, char **argv) {
+       signal(SIGTERM, dhcp_signal_handler);  /* kill */
  #endif
  
 +#ifdef HAVE_LIBCAP_NG
@@ -236,88 +236,15 @@ diff -up dhcp-4.2.2b1/relay/dhcrelay.c.capability dhcp-4.2.2b1/relay/dhcrelay.c
        /* Start dispatching packets and timeouts... */
        dispatch();
  
-diff -up dhcp-4.2.2b1/relay/Makefile.am.capability dhcp-4.2.2b1/relay/Makefile.am
---- dhcp-4.2.2b1/relay/Makefile.am.capability  2011-07-01 15:09:06.546785121 +0200
-+++ dhcp-4.2.2b1/relay/Makefile.am     2011-07-01 15:09:06.670783841 +0200
-@@ -3,7 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
+diff -up dhcp-4.3.1b1/relay/Makefile.am.zzftXp dhcp-4.3.1b1/relay/Makefile.am
+--- dhcp-4.3.1b1/relay/Makefile.am.zzftXp      2014-07-10 17:38:10.780828554 +0200
++++ dhcp-4.3.1b1/relay/Makefile.am     2014-07-10 17:39:25.854763844 +0200
+@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
+ 
  sbin_PROGRAMS = dhcrelay
  dhcrelay_SOURCES = dhcrelay.c
- dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--               $(BIND9_LIBDIR) -ldns-export -lisc-export
-+               $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
+-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
++dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
+                $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
  man_MANS = dhcrelay.8
  EXTRA_DIST = $(man_MANS)
- 
-diff -up dhcp-4.2.2b1/server/dhcpd.c.capability dhcp-4.2.2b1/server/dhcpd.c
---- dhcp-4.2.2b1/server/dhcpd.c.capability     2011-07-01 15:09:06.636784192 +0200
-+++ dhcp-4.2.2b1/server/dhcpd.c        2011-07-01 15:09:06.670783841 +0200
-@@ -58,6 +58,11 @@ static const char url [] =
- #  undef group
- #endif /* PARANOIA */
- 
-+#ifdef HAVE_LIBCAP_NG
-+#  include <cap-ng.h>
-+   int keep_capabilities = 0;
-+#endif
-+
- static void usage(void);
- 
- struct iaddr server_identifier;
-@@ -403,6 +408,10 @@ main(int argc, char **argv) {
-                       traceinfile = argv [i];
-                       trace_replay_init ();
- #endif /* TRACING */
-+              } else if (!strcmp(argv[i], "-nc")) {
-+#ifdef HAVE_LIBCAP_NG
-+                      keep_capabilities = 1;
-+#endif
-               } else if (argv [i][0] == '-') {
-                       usage ();
-               } else {
-@@ -459,6 +468,17 @@ main(int argc, char **argv) {
-         }
- #endif /* DHCPv6 */
- 
-+#ifdef HAVE_LIBCAP_NG
-+      /* Drop capabilities */
-+      if (!keep_capabilities) {
-+              capng_clear(CAPNG_SELECT_BOTH);
-+              capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-+                              CAP_NET_RAW, CAP_NET_BIND_SERVICE, CAP_SYS_CHROOT, CAP_SETUID, CAP_SETGID, -1);
-+              capng_apply(CAPNG_SELECT_BOTH);
-+              log_info ("Dropped all unnecessary capabilities.");
-+      }
-+#endif
-+
-         /*
-          * convert relative path names to absolute, for files that need
-          * to be reopened after chdir() has been called
-@@ -859,6 +879,15 @@ main(int argc, char **argv) {
-       omapi_set_int_value ((omapi_object_t *)dhcp_control_object,
-                            (omapi_object_t *)0, "state", server_running);
- 
-+#ifdef HAVE_LIBCAP_NG
-+      /* Drop all capabilities */
-+      if (!keep_capabilities) {
-+              capng_clear(CAPNG_SELECT_BOTH);
-+              capng_apply(CAPNG_SELECT_BOTH);
-+              log_info ("Dropped all capabilities.");
-+      }
-+#endif
-+
-       /* Receive packets and dispatch them... */
-       dispatch ();
- 
-diff -up dhcp-4.2.2b1/server/Makefile.am.capability dhcp-4.2.2b1/server/Makefile.am
---- dhcp-4.2.2b1/server/Makefile.am.capability 2011-07-01 15:09:06.546785121 +0200
-+++ dhcp-4.2.2b1/server/Makefile.am    2011-07-01 15:09:06.671783830 +0200
-@@ -8,7 +8,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
- 
- dhcpd_CFLAGS = $(LDAP_CFLAGS)
- dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--            ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export
-+            ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \
-+            $(CAPNG_LDADD)
- 
- man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
- EXTRA_DIST = $(man_MANS)

diff --git a/src/patches/dhcp-4.2.0-default-requested-options.patch b/src/patches/dhcp/dhcp-default-requested-options.patch
similarity index 81%
rename from src/patches/dhcp-4.2.0-default-requested-options.patch
rename to src/patches/dhcp/dhcp-default-requested-options.patch
index fea8a4b99c02e55f64353a1e41f28e491054a2d0..afda222e657bc8fc070c58bfb40be16304ac3751 100644 (file)
--- a/src/patches/dhcp-4.2.0-default-requested-options.patch
+++ b/src/patches/dhcp/dhcp-default-requested-options.patch
@@ -1,6 +1,6 @@
-diff -up dhcp-4.2.0/client/clparse.c.requested dhcp-4.2.0/client/clparse.c
---- dhcp-4.2.0/client/clparse.c.requested      2010-07-21 13:29:05.000000000 +0200
-+++ dhcp-4.2.0/client/clparse.c        2010-07-21 13:50:29.000000000 +0200
+diff -up dhcp-4.3.0a1/client/clparse.c.requested dhcp-4.3.0a1/client/clparse.c
+--- dhcp-4.3.0a1/client/clparse.c.requested    2013-12-19 15:13:27.276631307 +0100
++++ dhcp-4.3.0a1/client/clparse.c      2013-12-19 15:13:27.313630789 +0100
 @@ -37,7 +37,7 @@
  
  struct client_config top_level_config;
@@ -10,7 +10,7 @@ diff -up dhcp-4.2.0/client/clparse.c.requested dhcp-4.2.0/client/clparse.c
  struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1];
  
  static void parse_client_default_duid(struct parse *cfile);
-@@ -111,6 +111,31 @@ isc_result_t read_client_conf ()
+@@ -119,6 +119,31 @@ isc_result_t read_client_conf ()
        option_code_hash_lookup(&default_requested_options[8],
                                dhcpv6_universe.code_hash, &code, 0, MDL);
  

diff --git a/src/patches/dhcp-4.2.0-dhclient-decline-backoff.patch b/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch
similarity index 58%
rename from src/patches/dhcp-4.2.0-dhclient-decline-backoff.patch
rename to src/patches/dhcp/dhcp-dhclient-decline-backoff.patch
index 81bec7bd4757506c6e77231c8aef0e9bb6fbd0e0..3e52e6400e3a27dcb0c39fd9c6b8aa5660341390 100644 (file)
--- a/src/patches/dhcp-4.2.0-dhclient-decline-backoff.patch
+++ b/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.0/client/dhclient.c.backoff dhcp-4.2.0/client/dhclient.c
---- dhcp-4.2.0/client/dhclient.c.backoff       2010-07-21 13:37:03.000000000 +0200
-+++ dhcp-4.2.0/client/dhclient.c       2010-07-21 13:38:31.000000000 +0200
-@@ -1208,6 +1208,8 @@ void state_init (cpp)
+diff -up dhcp-4.3.1b1/client/dhclient.c.JwFUZj dhcp-4.3.1b1/client/dhclient.c
+--- dhcp-4.3.1b1/client/dhclient.c.JwFUZj      2014-07-10 17:38:50.511265091 +0200
++++ dhcp-4.3.1b1/client/dhclient.c     2014-07-10 17:39:16.164901267 +0200
+@@ -1281,6 +1281,8 @@ void state_init (cpp)
        void *cpp;
  {
        struct client_state *client = cpp;
@@ -10,7 +10,7 @@ diff -up dhcp-4.2.0/client/dhclient.c.backoff dhcp-4.2.0/client/dhclient.c
  
        ASSERT_STATE(state, S_INIT);
  
-@@ -1220,9 +1222,18 @@ void state_init (cpp)
+@@ -1293,9 +1295,18 @@ void state_init (cpp)
        client -> first_sending = cur_time;
        client -> interval = client -> config -> initial_interval;
  
@@ -32,15 +32,15 @@ diff -up dhcp-4.2.0/client/dhclient.c.backoff dhcp-4.2.0/client/dhclient.c
  }
  
  /*
-@@ -1501,6 +1512,7 @@ void bind_lease (client)
-               send_decline (client);
-               destroy_client_lease (client -> new);
-               client -> new = (struct client_lease *)0;
-+              client -> state = S_DECLINED;
-               state_init (client);
-               return;
-       }
-@@ -3711,6 +3723,7 @@ void client_location_changed ()
+@@ -1592,6 +1603,7 @@ void bind_lease (client)
+                                        "try (declined).  Exiting.");
+                       exit(2);
+               } else {
++                      client -> state = S_DECLINED;
+                       state_init(client);
+                       return;
+               }
+@@ -4059,6 +4071,7 @@ void client_location_changed ()
                              case S_INIT:
                              case S_REBINDING:
                              case S_STOPPED:
@@ -48,10 +48,10 @@ diff -up dhcp-4.2.0/client/dhclient.c.backoff dhcp-4.2.0/client/dhclient.c
                                break;
                        }
                        client -> state = S_INIT;
-diff -up dhcp-4.2.0/includes/dhcpd.h.backoff dhcp-4.2.0/includes/dhcpd.h
---- dhcp-4.2.0/includes/dhcpd.h.backoff        2010-07-21 13:29:05.000000000 +0200
-+++ dhcp-4.2.0/includes/dhcpd.h        2010-07-21 13:38:31.000000000 +0200
-@@ -1056,7 +1056,8 @@ enum dhcp_state {
+diff -up dhcp-4.3.1b1/includes/dhcpd.h.JwFUZj dhcp-4.3.1b1/includes/dhcpd.h
+--- dhcp-4.3.1b1/includes/dhcpd.h.JwFUZj       2014-07-10 17:38:26.941599360 +0200
++++ dhcp-4.3.1b1/includes/dhcpd.h      2014-07-10 17:38:50.526264878 +0200
+@@ -1087,7 +1087,8 @@ enum dhcp_state {
        S_BOUND = 5,
        S_RENEWING = 6,
        S_REBINDING = 7,

diff --git a/src/patches/dhcp-4.2.2-options.patch b/src/patches/dhcp/dhcp-dhclient-options.patch
similarity index 65%
rename from src/patches/dhcp-4.2.2-options.patch
rename to src/patches/dhcp/dhcp-dhclient-options.patch
index 32e2add7762706ccace98806e5d95acff645b0a4..67f144ecb7c30547949d76a325443fe1308b2ae8 100644 (file)
--- a/src/patches/dhcp-4.2.2-options.patch
+++ b/src/patches/dhcp/dhcp-dhclient-options.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.2b1/client/clparse.c.options dhcp-4.2.2b1/client/clparse.c
---- dhcp-4.2.2b1/client/clparse.c.options      2011-04-21 16:08:14.000000000 +0200
-+++ dhcp-4.2.2b1/client/clparse.c      2011-07-01 13:51:52.935755570 +0200
-@@ -146,6 +146,7 @@ isc_result_t read_client_conf ()
+diff -up dhcp-4.3.1b1/client/clparse.c.fLPqYB dhcp-4.3.1b1/client/clparse.c
+--- dhcp-4.3.1b1/client/clparse.c.fLPqYB       2014-07-02 19:58:38.000000000 +0200
++++ dhcp-4.3.1b1/client/clparse.c      2014-07-10 17:38:26.938599402 +0200
+@@ -148,6 +148,7 @@ isc_result_t read_client_conf ()
        /* Requested lease time, used by DHCPv6 (DHCPv4 uses the option cache)
         */
        top_level_config.requested_lease = 7200;
@@ -9,7 +9,7 @@ diff -up dhcp-4.2.2b1/client/clparse.c.options dhcp-4.2.2b1/client/clparse.c
  
        group_allocate (&top_level_config.on_receipt, MDL);
        if (!top_level_config.on_receipt)
-@@ -313,7 +314,8 @@ void read_client_leases ()
+@@ -353,7 +354,8 @@ void read_client_leases ()
        interface-declaration |
        LEASE client-lease-statement |
        ALIAS client-lease-statement |
@@ -19,7 +19,7 @@ diff -up dhcp-4.2.2b1/client/clparse.c.options dhcp-4.2.2b1/client/clparse.c
  
  void parse_client_statement (cfile, ip, config)
        struct parse *cfile;
-@@ -732,6 +734,12 @@ void parse_client_statement (cfile, ip, 
+@@ -771,6 +773,12 @@ void parse_client_statement (cfile, ip,
                parse_reject_statement (cfile, config);
                return;
  
@@ -32,9 +32,116 @@ diff -up dhcp-4.2.2b1/client/clparse.c.options dhcp-4.2.2b1/client/clparse.c
              default:
                lose = 0;
                stmt = (struct executable_statement *)0;
-diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
---- dhcp-4.2.2b1/client/dhclient.c.options     2011-05-11 16:20:59.000000000 +0200
-+++ dhcp-4.2.2b1/client/dhclient.c     2011-07-01 13:51:52.936755545 +0200
+diff -up dhcp-4.3.1b1/client/dhclient.8.fLPqYB dhcp-4.3.1b1/client/dhclient.8
+--- dhcp-4.3.1b1/client/dhclient.8.fLPqYB      2014-07-02 19:58:38.000000000 +0200
++++ dhcp-4.3.1b1/client/dhclient.8     2014-07-10 17:38:26.938599402 +0200
+@@ -128,6 +128,33 @@ dhclient - Dynamic Host Configuration Pr
+ .B -w
+ ]
+ [
++.B -B
++]
++[
++.B -C
++.I dhcp-client-identifier
++]
++[
++.B -H
++.I host-name
++]
++[
++.B -F
++.I fqdn.fqdn
++]
++[
++.B -V
++.I vendor-class-identifier
++]
++[
++.B -R
++.I request-option-list
++]
++[
++.B -timeout
++.I timeout
++]
++[
+ .B -v
+ ]
+ [
+@@ -275,6 +302,69 @@ not to exit when it doesn't find any suc
+ program can then be used to notify the client when a network interface
+ has been added or removed, so that the client can attempt to configure an IP
+ address on that interface.
++
++.TP
++.BI \-B
++Set the BOOTP broadcast flag in request packets so servers will always
++broadcast replies.
++
++.TP
++.BI \-C\ <dhcp-client-identifier>
++Specify the dhcp-client-identifier option to send to the DHCP server.
++
++.TP
++.BI \-H\ <host-name>
++Specify the host-name option to send to the DHCP server.  The host-name
++string only contains the client's hostname prefix, to which the server will
++append the ddns-domainname or domain-name options, if any, to derive the
++fully qualified domain name of the client.  The
++.B -H
++option cannot be used with the
++.B -F
++option.
++
++.TP
++.BI \-F\ <fqdn.fqdn>
++Specify the fqdn.fqdn option to send to the DHCP server.  This option cannot
++be used with the
++.B -H
++option.  The fqdn.fqdn option must specify the complete domain name of the
++client host, which the server may use for dynamic DNS updates.
++
++.TP
++.BI \-V\ <vendor-class-identifier>
++Specify the vendor-class-identifier option to send to the DHCP server.
++
++.TP
++.BI \-R\ <option>[,<option>...]
++Specify the list of options the client is to request from the server.  The
++option list must be a single string consisting of option names separated
++by at least one command and optional space characters.  The default option
++list is:
++
++.BR
++    subnet-mask, broadcast-address, time-offset, routers,
++.BR
++    domain-search, domain-name, domain-name-servers, host-name, 
++.BR
++    nis-domain, nis-servers, ntp-servers, interface-mtu
++
++.TP
++.B -R
++option does not append options to the default request, it overrides the
++default request list.  Keep this in mind if you want to request an
++additional option besides the default request list.  You will have to
++specify all option names for the
++.B -R
++parameter.
++
++.TP
++.BI \-timeout\ <timeout>
++Specify the time after which
++.B dhclient
++will decide that no DHCP servers can be contacted when no responses have been
++received.
++
+ .TP
+ .BI \-n
+ Do not configure any interfaces.  This is most likely to be useful in
+diff -up dhcp-4.3.1b1/client/dhclient.c.fLPqYB dhcp-4.3.1b1/client/dhclient.c
+--- dhcp-4.3.1b1/client/dhclient.c.fLPqYB      2014-07-02 19:58:38.000000000 +0200
++++ dhcp-4.3.1b1/client/dhclient.c     2014-07-10 17:38:44.520350055 +0200
 @@ -39,6 +39,12 @@
  #include <limits.h>
  #include <dns/result.h>
@@ -48,17 +155,17 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
  TIME default_lease_time = 43200; /* 12 hours... */
  TIME max_lease_time = 86400; /* 24 hours... */
  
-@@ -87,6 +93,9 @@ int wanted_ia_na = -1;               /* the absolute 
+@@ -88,6 +94,9 @@ int wanted_ia_na = -1;               /* the absolute
  int wanted_ia_ta = 0;
  int wanted_ia_pd = 0;
  char *mockup_relay = NULL;
 +int bootp_broadcast_always = 0;
 +
-+extern u_int32_t default_requested_options[];
++extern struct option *default_requested_options[];
  
  void run_stateless(int exit_mode);
  
-@@ -123,6 +132,15 @@ main(int argc, char **argv) {
+@@ -125,6 +134,15 @@ main(int argc, char **argv) {
        int local_family_set = 0;
  #endif /* DHCPv6 */
        char *s;
@@ -74,18 +181,18 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
  
        /* Initialize client globals. */
        memset(&default_duid, 0, sizeof(default_duid));
-@@ -310,6 +328,88 @@ main(int argc, char **argv) {
-               } else if (!strcmp(argv[i], "--version")) {
-                       log_info("isc-dhclient-%s", PACKAGE_VERSION);
+@@ -325,6 +343,88 @@ main(int argc, char **argv) {
+                                        strlen(PACKAGE_VERSION)));
+                       IGNORE_RET(write(STDERR_FILENO, "\n", 1));
                        exit(0);
-+              } else if (!strcmp(argv[i], "-I")) {
++              } else if (!strcmp(argv[i], "-C")) {
 +                      if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) {
 +                              usage();
 +                              exit(1);
 +                      }
 +
 +                      if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) {
-+                              log_error("-I option dhcp-client-identifier string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1);
++                              log_error("-C option dhcp-client-identifier string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1);
 +                              exit(1);
 +                      }
 +
@@ -138,7 +245,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
 +                      }
 +
 +                      if ((timeout_arg = atoi(argv[i])) <= 0) {
-+                              log_error("-T timeout option must be > 0 - bad value: %s",argv[i]);
++                              log_error("timeout option must be > 0 - bad value: %s",argv[i]);
 +                              exit(1);
 +                      }
 +              } else if (!strcmp(argv[i], "-V")) {
@@ -163,7 +270,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
                } else if (argv[i][0] == '-') {
                    usage();
                } else if (interfaces_requested < 0) {
-@@ -484,6 +584,166 @@ main(int argc, char **argv) {
+@@ -507,6 +607,156 @@ main(int argc, char **argv) {
        /* Parse the dhclient.conf file. */
        read_client_conf();
  
@@ -172,7 +279,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
 +              arg_conf_len = asprintf(&arg_conf, "send dhcp-client-identifier \"%s\";", dhcp_client_identifier_arg);
 +
 +              if ((arg_conf == 0) || (arg_conf_len <= 0))
-+                      log_fatal("Unable to send -I option dhcp-client-identifier");
++                      log_fatal("Unable to send -C option dhcp-client-identifier");
 +      }
 +
 +      if ((dhcp_host_name_arg != NULL) && (*dhcp_host_name_arg != '\0')) {
@@ -269,7 +376,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
 +              if (arg_conf_len == 0)
 +                      if ((arg_conf_len = strlen(arg_conf)) == 0)
 +                              /* huh ? cannot happen ! */
-+                              log_fatal("Unable to process -I/-H/-F/-timeout/-V/-R configuration arguments");
++                              log_fatal("Unable to process -C/-H/-F/-timeout/-V/-R configuration arguments");
 +
 +              /* parse the extra dhclient.conf configuration arguments
 +               * into top level config: */
@@ -277,10 +384,10 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
 +              const char *val = NULL;
 +              int token;
 +
-+              status = new_parse(&cfile, -1, arg_conf, arg_conf_len, "extra dhclient -I/-H/-F/-timeout/-V/-R configuration arguments", 0);
++              status = new_parse(&cfile, -1, arg_conf, arg_conf_len, "extra dhclient -C/-H/-F/-timeout/-V/-R configuration arguments", 0);
 +
 +              if ((status != ISC_R_SUCCESS) || (cfile -> warnings_occurred))
-+                      log_fatal("Cannot parse -I/-H/-F/-timeout/-V/-R configuration arguments !");
++                      log_fatal("Cannot parse -C/-H/-F/-timeout/-V/-R configuration arguments !");
 +              /* more detailed parse failures will be logged */
 +
 +              do {
@@ -292,26 +399,16 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
 +              } while (1);
 +
 +              if (cfile -> warnings_occurred)
-+                      log_fatal("Cannot parse -I/-H/-F/-timeout/-V/-R configuration arguments !");
++                      log_fatal("Cannot parse -C/-H/-F/-timeout/-V/-R configuration arguments !");
 +              end_parse(&cfile);
 +
 +              if (timeout_arg) {
 +                      /* we just set the toplevel timeout, but per-client
-+                       * timeouts may still be at defaults. Also, it makes no
-+                       * sense having the reboot_timeout or backoff_cutoff
-+                       * greater than the timeout:
++                       * timeouts may still be at defaults.
 +                       */
-+                      if ((top_level_config.backoff_cutoff == 15) && (top_level_config.backoff_cutoff > (timeout_arg / 2)))
-+                              top_level_config.backoff_cutoff = (((unsigned long)(timeout_arg / 2)) == 0) ? timeout_arg : (unsigned long)(timeout_arg / 2);
-+
 +                      for (ip=interfaces; ip; ip = ip->next) {
 +                              if (ip->client->config->timeout == 60)
 +                                      ip->client->config->timeout = timeout_arg;
-+
-+                              if ((ip->client->config->reboot_timeout == 10) && (ip->client->config->reboot_timeout > ip->client->config->timeout))
-+                                      ip->client->config->reboot_timeout = ip->client->config->timeout;
-+                              if ((ip->client->config->backoff_cutoff == 15) && (ip->client->config->backoff_cutoff > top_level_config.backoff_cutoff))
-+                                      ip->client->config->backoff_cutoff = top_level_config.backoff_cutoff;
 +                      }
 +              }
 +
@@ -330,7 +427,18 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
        /* Parse the lease database. */
        read_client_leases();
  
-@@ -2397,7 +2657,8 @@ void make_discover (client, lease)
+@@ -756,6 +1006,10 @@ static void usage()
+                 "                [-s server-addr] [-cf config-file]\n"
+                 "                [-df duid-file] [-lf lease-file]\n"
+                 "                [-pf pid-file] [--no-pid] [-e VAR=val]\n"
++                "                [-C <dhcp-client-identifier>] [-B]\n"
++                "                [-H <host-name> | -F <fqdn.fqdn>] [-timeout <timeout>]\n"
++                "                [-V <vendor-class-identifier>]\n"
++                "                [-R <request option list>]\n"
+                 "                [-sf script-file] [interface]");
+ }
+ 
+@@ -2531,7 +2785,8 @@ void make_discover (client, lease)
        client -> packet.xid = random ();
        client -> packet.secs = 0; /* filled in by send_discover. */
  
@@ -340,7 +448,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
                client -> packet.flags = 0;
        else
                client -> packet.flags = htons (BOOTP_BROADCAST);
-@@ -2481,7 +2742,9 @@ void make_request (client, lease)
+@@ -2615,7 +2870,9 @@ void make_request (client, lease)
        } else {
                memset (&client -> packet.ciaddr, 0,
                        sizeof client -> packet.ciaddr);
@@ -351,7 +459,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
                        client -> packet.flags = 0;
                else
                        client -> packet.flags = htons (BOOTP_BROADCAST);
-@@ -2543,7 +2806,8 @@ void make_decline (client, lease)
+@@ -2677,7 +2934,8 @@ void make_decline (client, lease)
        client -> packet.hops = 0;
        client -> packet.xid = client -> xid;
        client -> packet.secs = 0; /* Filled in by send_request. */
@@ -361,10 +469,10 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
                client -> packet.flags = 0;
        else
                client -> packet.flags = htons (BOOTP_BROADCAST);
-diff -up dhcp-4.2.2b1/common/conflex.c.options dhcp-4.2.2b1/common/conflex.c
---- dhcp-4.2.2b1/common/conflex.c.options      2011-05-11 16:20:59.000000000 +0200
-+++ dhcp-4.2.2b1/common/conflex.c      2011-07-01 13:51:52.938755494 +0200
-@@ -808,6 +808,8 @@ intern(char *atom, enum dhcp_token dfv) 
+diff -up dhcp-4.3.1b1/common/conflex.c.fLPqYB dhcp-4.3.1b1/common/conflex.c
+--- dhcp-4.3.1b1/common/conflex.c.fLPqYB       2014-07-02 19:58:38.000000000 +0200
++++ dhcp-4.3.1b1/common/conflex.c      2014-07-10 17:38:26.940599374 +0200
+@@ -811,6 +811,8 @@ intern(char *atom, enum dhcp_token dfv)
                        return BALANCE;
                if (!strcasecmp (atom + 1, "ound"))
                        return BOUND;
@@ -373,10 +481,10 @@ diff -up dhcp-4.2.2b1/common/conflex.c.options dhcp-4.2.2b1/common/conflex.c
                break;
              case 'c':
                if (!strcasecmp(atom + 1, "ase"))
-diff -up dhcp-4.2.2b1/includes/dhcpd.h.options dhcp-4.2.2b1/includes/dhcpd.h
---- dhcp-4.2.2b1/includes/dhcpd.h.options      2011-05-20 16:21:11.000000000 +0200
-+++ dhcp-4.2.2b1/includes/dhcpd.h      2011-07-01 13:51:52.940755442 +0200
-@@ -1147,6 +1147,9 @@ struct client_config {
+diff -up dhcp-4.3.1b1/includes/dhcpd.h.fLPqYB dhcp-4.3.1b1/includes/dhcpd.h
+--- dhcp-4.3.1b1/includes/dhcpd.h.fLPqYB       2014-07-02 19:58:39.000000000 +0200
++++ dhcp-4.3.1b1/includes/dhcpd.h      2014-07-10 17:38:26.941599360 +0200
+@@ -1152,6 +1152,9 @@ struct client_config {
        int do_forward_update;          /* If nonzero, and if we have the
                                           information we need, update the
                                           A record for the address we get. */
@@ -386,16 +494,16 @@ diff -up dhcp-4.2.2b1/includes/dhcpd.h.options dhcp-4.2.2b1/includes/dhcpd.h
  };
  
  /* Per-interface state used in the dhcp client... */
-diff -up dhcp-4.2.2b1/includes/dhctoken.h.options dhcp-4.2.2b1/includes/dhctoken.h
---- dhcp-4.2.2b1/includes/dhctoken.h.options   2011-05-12 14:02:47.000000000 +0200
-+++ dhcp-4.2.2b1/includes/dhctoken.h   2011-07-01 13:53:43.316861637 +0200
-@@ -361,7 +361,8 @@ enum dhcp_token {
-       GETHOSTNAME = 662,
-       REWIND = 663,
-       INITIAL_DELAY = 664,
--      GETHOSTBYNAME = 665
-+      GETHOSTBYNAME = 665,
-+      BOOTP_BROADCAST_ALWAYS = 666
+diff -up dhcp-4.3.1b1/includes/dhctoken.h.fLPqYB dhcp-4.3.1b1/includes/dhctoken.h
+--- dhcp-4.3.1b1/includes/dhctoken.h.fLPqYB    2014-07-02 19:58:39.000000000 +0200
++++ dhcp-4.3.1b1/includes/dhctoken.h   2014-07-10 17:38:26.942599346 +0200
+@@ -367,7 +367,8 @@ enum dhcp_token {
+       TOKEN_INFINIBAND = 668,
+       POOL6 = 669,
+       V6RELAY = 670,
+-      V6RELOPT = 671
++      V6RELOPT = 671,
++      BOOTP_BROADCAST_ALWAYS = 672
  };
  
  #define is_identifier(x)      ((x) >= FIRST_TOKEN &&  \

diff --git a/src/patches/dhcp/dhcp-errwarn-message.patch b/src/patches/dhcp/dhcp-errwarn-message.patch
new file mode 100644 (file)
index 0000000..a65c2c2
--- /dev/null
+++ b/src/patches/dhcp/dhcp-errwarn-message.patch
@@ -0,0 +1,22 @@
+diff -up dhcp-4.3.0b1/omapip/errwarn.c.errwarn dhcp-4.3.0b1/omapip/errwarn.c
+--- dhcp-4.3.0b1/omapip/errwarn.c.errwarn      2014-01-21 09:31:47.301334249 +0100
++++ dhcp-4.3.0b1/omapip/errwarn.c      2014-01-21 09:33:20.569039072 +0100
+@@ -76,11 +76,13 @@ void log_fatal (const char * fmt, ... )
+   }
+ 
+   log_error ("%s", "");
+-  log_error ("If you think you have received this message due to a bug rather");
+-  log_error ("than a configuration issue please read the section on submitting");
+-  log_error ("bugs on either our web page at www.isc.org or in the README file");
+-  log_error ("before submitting a bug.  These pages explain the proper");
+-  log_error ("process and the information we find helpful for debugging..");
++  log_error ("This version of ISC DHCP is based on the release available");
++  log_error ("on ftp.isc.org.  Features have been added and other changes");
++  log_error ("have been made to the base software release in order to make");
++  log_error ("it work better with this distribution.");
++  log_error ("%s", "");
++  log_error ("Please report for this software via the Red Hat Bugzilla site:");
++  log_error ("    http://bugzilla.redhat.com");
+   log_error ("%s", "");
+   log_error ("exiting.");
+ 

diff --git a/src/patches/dhcp/dhcp-garbage-chars.patch b/src/patches/dhcp/dhcp-garbage-chars.patch
new file mode 100644 (file)
index 0000000..131360b
--- /dev/null
+++ b/src/patches/dhcp/dhcp-garbage-chars.patch
@@ -0,0 +1,12 @@
+diff -up dhcp-4.3.0rc1/common/tables.c.garbage dhcp-4.3.0rc1/common/tables.c
+--- dhcp-4.3.0rc1/common/tables.c.garbage      2014-01-29 10:03:52.132624677 +0100
++++ dhcp-4.3.0rc1/common/tables.c      2014-01-29 10:04:51.413875343 +0100
+@@ -213,7 +213,7 @@ static struct option dhcp_options[] = {
+       { "name-service-search", "Sa",          &dhcp_universe, 117, 1 },
+ #endif
+       { "subnet-selection", "I",              &dhcp_universe, 118, 1 },
+-      { "domain-search", "Dc",                &dhcp_universe, 119, 1 },
++      { "domain-search", "D",                 &dhcp_universe, 119, 1 },
+       { "vivco", "Evendor-class.",            &dhcp_universe, 124, 1 },
+       { "vivso", "Evendor.",                  &dhcp_universe, 125, 1 },
+ #if 0

diff --git a/src/patches/dhcp-4.2.2-gpxe-cid.patch b/src/patches/dhcp/dhcp-gpxe-cid.patch
similarity index 50%
rename from src/patches/dhcp-4.2.2-gpxe-cid.patch
rename to src/patches/dhcp/dhcp-gpxe-cid.patch
index c0be4c2396acedd815544d296146804b1b08ce7f..c8c2b84f97a80196725ff7a47e1c5d8ab082b238 100644 (file)
--- a/src/patches/dhcp-4.2.2-gpxe-cid.patch
+++ b/src/patches/dhcp/dhcp-gpxe-cid.patch
@@ -1,10 +1,11 @@
-diff -up dhcp-4.2.2/client/dhclient.c.gpxe-cid dhcp-4.2.2/client/dhclient.c
---- dhcp-4.2.2/client/dhclient.c.gpxe-cid      2011-09-16 18:23:20.190453902 +0200
-+++ dhcp-4.2.2/client/dhclient.c       2011-09-16 18:27:15.568463599 +0200
-@@ -58,6 +58,13 @@ const char *path_dhclient_pid = NULL;
+diff -up dhcp-4.3.0a1/client/dhclient.c.gpxe-cid dhcp-4.3.0a1/client/dhclient.c
+--- dhcp-4.3.0a1/client/dhclient.c.gpxe-cid    2013-12-20 13:28:45.105048317 +0100
++++ dhcp-4.3.0a1/client/dhclient.c     2013-12-20 13:28:45.109048261 +0100
+@@ -47,6 +47,14 @@
+ const char *path_dhclient_pid = NULL;
  static char path_dhclient_script_array[] = _PATH_DHCLIENT_SCRIPT;
  char *path_dhclient_script = path_dhclient_script_array;
- 
++
 +/* Default Prefix */
 +static unsigned char default_prefix[12] = {
 +      0xff, 0x00, 0x00, 0x00,
@@ -12,10 +13,10 @@ diff -up dhcp-4.2.2/client/dhclient.c.gpxe-cid dhcp-4.2.2/client/dhclient.c
 +      0x00, 0x02, 0xc9, 0x00
 +};
 +
- /* False (default) => we write and use a pid file */
- isc_boolean_t no_pid_file = ISC_FALSE;
+ const char *path_dhclient_duid = NULL;
  
-@@ -1250,6 +1257,12 @@ int find_subnet (struct subnet **sp,
+ /* False (default) => we write and use a pid file */
+@@ -1253,6 +1260,12 @@ int find_subnet (struct subnet **sp,
  static void setup_ib_interface(struct interface_info *ip)
  {
        struct group *g;
@@ -28,7 +29,7 @@ diff -up dhcp-4.2.2/client/dhclient.c.gpxe-cid dhcp-4.2.2/client/dhclient.c
  
        /* Set the broadcast flag */
        ip->client->config->bootp_broadcast_always = 1;
-@@ -1266,8 +1279,39 @@ static void setup_ib_interface(struct in
+@@ -1269,8 +1282,39 @@ static void setup_ib_interface(struct in
                }
        }
  
@@ -70,63 +71,3 @@ diff -up dhcp-4.2.2/client/dhclient.c.gpxe-cid dhcp-4.2.2/client/dhclient.c
  }
  
  /* Individual States:
-diff -up dhcp-4.2.2/common/lpf.c.gpxe-cid dhcp-4.2.2/common/lpf.c
---- dhcp-4.2.2/common/lpf.c.gpxe-cid   2011-09-16 18:23:20.183453996 +0200
-+++ dhcp-4.2.2/common/lpf.c    2011-09-16 18:25:28.235804421 +0200
-@@ -591,6 +591,37 @@ void maybe_setup_fallback ()
-       }
- }
- 
-+static unsigned char * get_ib_hw_addr(char * name)
-+{
-+      struct ifaddrs *ifaddrs;
-+      struct ifaddrs *ifa;
-+      struct sockaddr_ll *sll = NULL;
-+      static unsigned char hw_addr[8];
-+
-+      if (getifaddrs(&ifaddrs) == -1)
-+              return NULL;
-+
-+      for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
-+              if (ifa->ifa_addr == NULL)
-+                      continue;
-+              if (ifa->ifa_addr->sa_family != AF_PACKET)
-+                      continue;
-+              if (ifa->ifa_flags & IFF_LOOPBACK)
-+                      continue;
-+              if (strcmp(ifa->ifa_name, name) == 0) {
-+                      sll = (struct sockaddr_ll *)(void *)ifa->ifa_addr;
-+                      break;
-+              }
-+      }
-+      if (sll == NULL) {
-+              freeifaddrs(ifaddrs);
-+              return NULL;
-+      }
-+      memcpy(hw_addr, &sll->sll_addr[sll->sll_halen - 8], 8);
-+      freeifaddrs(ifaddrs);
-+      return (unsigned char *)&hw_addr;
-+}
-+
- void
- get_hw_addr(struct interface_info *info)
- {
-@@ -599,6 +630,7 @@ get_hw_addr(struct interface_info *info)
-       struct ifaddrs *ifaddrs;
-       struct ifaddrs *ifa;
-       struct sockaddr_ll *sll = NULL;
-+      unsigned char *hw_addr;
- 
-       if (getifaddrs(&ifaddrs) == -1)
-               log_fatal("Failed to get interfaces");
-@@ -660,6 +692,10 @@ get_hw_addr(struct interface_info *info)
- 
-                       hw->hlen = 1;
-                       hw->hbuf[0] = HTYPE_INFINIBAND;
-+                      hw_addr = get_ib_hw_addr(name);
-+                      if (!hw_addr)
-+                              log_fatal("Failed getting %s hw addr", name);
-+                      memcpy (&hw->hbuf [1], hw_addr, 8);
-                       break;
- #if defined(ARPHRD_PPP)
-               case ARPHRD_PPP:

diff --git a/src/patches/dhcp-4.2.0-honor-expired.patch b/src/patches/dhcp/dhcp-honor-expired.patch
similarity index 77%
rename from src/patches/dhcp-4.2.0-honor-expired.patch
rename to src/patches/dhcp/dhcp-honor-expired.patch
index 0ae9128481f42b9d9e0935f727fe37b16dc1c4a0..bd892975be1baa06e52b16f9293e978e2d4c9f53 100644 (file)
--- a/src/patches/dhcp-4.2.0-honor-expired.patch
+++ b/src/patches/dhcp/dhcp-honor-expired.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.0/client/dhc6.c.honor-expired dhcp-4.2.0/client/dhc6.c
---- dhcp-4.2.0/client/dhc6.c.honor-expired     2010-10-07 12:55:37.000000000 +0200
-+++ dhcp-4.2.0/client/dhc6.c   2010-10-07 12:56:43.000000000 +0200
-@@ -1405,6 +1405,32 @@ start_info_request6(struct client_state 
+diff -up dhcp-4.3.0a1/client/dhc6.c.honor-expired dhcp-4.3.0a1/client/dhc6.c
+--- dhcp-4.3.0a1/client/dhc6.c.honor-expired   2013-12-19 16:00:28.062183037 +0100
++++ dhcp-4.3.0a1/client/dhc6.c 2013-12-19 16:00:28.076182842 +0100
+@@ -1351,6 +1351,32 @@ start_info_request6(struct client_state
                go_daemon();
  }
  
@@ -34,7 +34,7 @@ diff -up dhcp-4.2.0/client/dhc6.c.honor-expired dhcp-4.2.0/client/dhc6.c
  /*
   * start_confirm6() kicks off an "init-reboot" version of the process, at
   * startup to find out if old bindings are 'fair' and at runtime whenever
-@@ -1417,8 +1446,10 @@ start_confirm6(struct client_state *clie
+@@ -1363,8 +1389,10 @@ start_confirm6(struct client_state *clie
  
        /* If there is no active lease, there is nothing to check. */
        if ((client->active_lease == NULL) ||

diff --git a/src/patches/dhcp-4.2.2-improved-xid.patch b/src/patches/dhcp/dhcp-improved-xid.patch
similarity index 78%
rename from src/patches/dhcp-4.2.2-improved-xid.patch
rename to src/patches/dhcp/dhcp-improved-xid.patch
index f49fc7845967ebe20a64e6dbc9d4191ddd9e2baf..eccff49875fba59d1514b4ba8236644d37df4bea 100644 (file)
--- a/src/patches/dhcp-4.2.2-improved-xid.patch
+++ b/src/patches/dhcp/dhcp-improved-xid.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.2/client/dhclient.c.improved-xid dhcp-4.2.2/client/dhclient.c
---- dhcp-4.2.2/client/dhclient.c.improved-xid  2011-09-16 18:18:00.649730661 +0200
-+++ dhcp-4.2.2/client/dhclient.c       2011-09-16 18:22:36.815035513 +0200
-@@ -898,6 +898,26 @@ main(int argc, char **argv) {
+diff -up dhcp-4.3.0a1/client/dhclient.c.improved-xid dhcp-4.3.0a1/client/dhclient.c
+--- dhcp-4.3.0a1/client/dhclient.c.improved-xid        2013-12-20 13:29:41.836260810 +0100
++++ dhcp-4.3.0a1/client/dhclient.c     2013-12-20 13:29:41.843260713 +0100
+@@ -894,6 +894,26 @@ main(int argc, char **argv) {
                }
        }
  
@@ -28,7 +28,7 @@ diff -up dhcp-4.2.2/client/dhclient.c.improved-xid dhcp-4.2.2/client/dhclient.c
        /* At this point, all the interfaces that the script thinks
           are relevant should be running, so now we once again call
           discover_interfaces(), and this time ask it to actually set
-@@ -912,14 +932,36 @@ main(int argc, char **argv) {
+@@ -908,14 +928,36 @@ main(int argc, char **argv) {
           Not much entropy, but we're booting, so we're not likely to
           find anything better. */
        seed = 0;
@@ -66,7 +66,7 @@ diff -up dhcp-4.2.2/client/dhclient.c.improved-xid dhcp-4.2.2/client/dhclient.c
  
        /* Setup specific Infiniband options */
        for (ip = interfaces; ip; ip = ip->next) {
-@@ -1457,7 +1499,7 @@ void dhcpack (packet)
+@@ -1460,7 +1502,7 @@ void dhcpack (packet)
                return;
        }
  
@@ -75,7 +75,7 @@ diff -up dhcp-4.2.2/client/dhclient.c.improved-xid dhcp-4.2.2/client/dhclient.c
  
        lease = packet_to_lease (packet, client);
        if (!lease) {
-@@ -2174,7 +2216,7 @@ void dhcpnak (packet)
+@@ -2171,7 +2213,7 @@ void dhcpnak (packet)
                return;
        }
  
@@ -84,7 +84,7 @@ diff -up dhcp-4.2.2/client/dhclient.c.improved-xid dhcp-4.2.2/client/dhclient.c
  
        if (!client -> active) {
  #if defined (DEBUG)
-@@ -2300,10 +2342,10 @@ void send_discover (cpp)
+@@ -2298,10 +2340,10 @@ void send_discover (cpp)
                client -> packet.secs = htons (65535);
        client -> secs = client -> packet.secs;
  
@@ -96,8 +96,8 @@ diff -up dhcp-4.2.2/client/dhclient.c.improved-xid dhcp-4.2.2/client/dhclient.c
 +            ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval), client -> xid);
  
        /* Send out a packet. */
-       result = send_packet (client -> interface, (struct packet *)0,
-@@ -2584,10 +2626,10 @@ void send_request (cpp)
+       result = send_packet(client->interface, NULL, &client->packet,
+@@ -2570,10 +2612,10 @@ void send_request (cpp)
                        client -> packet.secs = htons (65535);
        }
  
@@ -109,21 +109,21 @@ diff -up dhcp-4.2.2/client/dhclient.c.improved-xid dhcp-4.2.2/client/dhclient.c
 +            ntohs (destination.sin_port), client -> xid);
  
        if (destination.sin_addr.s_addr != INADDR_BROADCAST &&
-           fallback_interface)
-@@ -2618,10 +2660,10 @@ void send_decline (cpp)
+           fallback_interface) {
+@@ -2613,10 +2655,10 @@ void send_decline (cpp)
  
        int result;
  
 -      log_info ("DHCPDECLINE on %s to %s port %d",
 +      log_info ("DHCPDECLINE on %s to %s port %d (xid=0x%x)",
-             client -> name ? client -> name : client -> interface -> name,
-             inet_ntoa (sockaddr_broadcast.sin_addr),
--            ntohs (sockaddr_broadcast.sin_port));
-+            ntohs (sockaddr_broadcast.sin_port), client -> xid);
+             client->name ? client->name : client->interface->name,
+             inet_ntoa(sockaddr_broadcast.sin_addr),
+-            ntohs(sockaddr_broadcast.sin_port));
++            ntohs(sockaddr_broadcast.sin_port), client -> xid);
  
        /* Send out a packet. */
-       result = send_packet (client -> interface, (struct packet *)0,
-@@ -2661,10 +2703,10 @@ void send_release (cpp)
+       result = send_packet(client->interface, NULL, &client->packet,
+@@ -2659,10 +2701,10 @@ void send_release (cpp)
                return;
        }
  
@@ -134,5 +134,5 @@ diff -up dhcp-4.2.2/client/dhclient.c.improved-xid dhcp-4.2.2/client/dhclient.c
 -            ntohs (destination.sin_port));
 +            ntohs (destination.sin_port), client -> xid);
  
-       if (fallback_interface)
-               result = send_packet (fallback_interface,
+       if (fallback_interface) {
+               result = send_packet(fallback_interface, NULL, &client->packet,

diff --git a/src/patches/dhcp/dhcp-logpid.patch b/src/patches/dhcp/dhcp-logpid.patch
new file mode 100644 (file)
index 0000000..e1a6ebd
--- /dev/null
+++ b/src/patches/dhcp/dhcp-logpid.patch
@@ -0,0 +1,11 @@
+--- expanded_org/client/dhclient.c     Wed Aug 06 23:35:00 2014
++++ expanded_logpid/client/dhclient.c  Mon Feb 16 13:35:31 2015
+@@ -142,7 +142,7 @@
+       else if (fd != -1)
+               close(fd);
+ 
+-      openlog("dhclient", DHCP_LOG_OPTIONS, LOG_DAEMON);
++      openlog("dhclient", LOG_NDELAY | LOG_PID, LOG_DAEMON);
+ 
+ #if !(defined(DEBUG) || defined(__CYGWIN32__))
+       setlogmask(LOG_UPTO(LOG_INFO));

diff --git a/src/patches/dhcp-4.2.2-lpf-ib.patch b/src/patches/dhcp/dhcp-lpf-ib.patch
similarity index 67%
rename from src/patches/dhcp-4.2.2-lpf-ib.patch
rename to src/patches/dhcp/dhcp-lpf-ib.patch
index 4034028b835076d2024e66220d14bc2d8627800f..8e094d64976164c12eb0f0a9733695016ad49d56 100644 (file)
--- a/src/patches/dhcp-4.2.2-lpf-ib.patch
+++ b/src/patches/dhcp/dhcp-lpf-ib.patch
@@ -1,16 +1,16 @@
-diff -up dhcp-4.2.2/client/dhclient.c.lpf-ib dhcp-4.2.2/client/dhclient.c
---- dhcp-4.2.2/client/dhclient.c.lpf-ib        2011-09-19 11:24:08.693775799 +0200
-+++ dhcp-4.2.2/client/dhclient.c       2011-09-19 11:24:08.703775541 +0200
-@@ -113,6 +113,8 @@ static int check_domain_name_list(const 
+diff -up dhcp-4.3.1b1/client/dhclient.c.bmgpWV dhcp-4.3.1b1/client/dhclient.c
+--- dhcp-4.3.1b1/client/dhclient.c.bmgpWV      2014-07-10 17:50:26.922402550 +0200
++++ dhcp-4.3.1b1/client/dhclient.c     2014-07-10 17:53:43.629623477 +0200
+@@ -114,6 +114,8 @@ static int check_domain_name_list(const
  static int check_option_values(struct universe *universe, unsigned int opt,
                               const char *ptr, size_t len);
  
 +static void setup_ib_interface(struct interface_info *ip);
 +
+ #ifndef UNIT_TEST
  int
  main(int argc, char **argv) {
-       int fd;
-@@ -919,6 +921,14 @@ main(int argc, char **argv) {
+@@ -937,6 +939,13 @@ main(int argc, char **argv) {
        }
        srandom(seed + cur_time + (unsigned)getpid());
  
@@ -21,11 +21,10 @@ diff -up dhcp-4.2.2/client/dhclient.c.lpf-ib dhcp-4.2.2/client/dhclient.c
 +                      setup_ib_interface(ip);
 +              }
 +      }
-+
-       /* Start a configuration state machine for each interface. */
- #ifdef DHCPv6
-       if (local_family == AF_INET6) {
-@@ -1195,6 +1205,29 @@ int find_subnet (struct subnet **sp,
+ 
+       /*
+        * Establish a default DUID.  We always do so for v6 and
+@@ -1230,6 +1239,29 @@ int find_subnet (struct subnet **sp,
        return 0;
  }
  
@@ -55,10 +54,10 @@ diff -up dhcp-4.2.2/client/dhclient.c.lpf-ib dhcp-4.2.2/client/dhclient.c
  /* Individual States:
   *
   * Each routine is called from the dhclient_state_machine() in one of
-diff -up dhcp-4.2.2/common/bpf.c.lpf-ib dhcp-4.2.2/common/bpf.c
---- dhcp-4.2.2/common/bpf.c.lpf-ib     2011-09-19 11:24:08.694775773 +0200
-+++ dhcp-4.2.2/common/bpf.c    2011-09-19 11:24:08.704775516 +0200
-@@ -198,11 +198,44 @@ struct bpf_insn dhcp_bpf_filter [] = {
+diff -up dhcp-4.3.1b1/common/bpf.c.bmgpWV dhcp-4.3.1b1/common/bpf.c
+--- dhcp-4.3.1b1/common/bpf.c.bmgpWV   2014-07-10 17:48:03.797424616 +0200
++++ dhcp-4.3.1b1/common/bpf.c  2014-07-10 17:52:57.705272295 +0200
+@@ -199,11 +199,44 @@ struct bpf_insn dhcp_bpf_filter [] = {
        BPF_STMT(BPF_RET+BPF_K, 0),
  };
  
@@ -103,21 +102,15 @@ diff -up dhcp-4.2.2/common/bpf.c.lpf-ib dhcp-4.2.2/common/bpf.c
  #if defined (HAVE_TR_SUPPORT)
  struct bpf_insn dhcp_bpf_tr_filter [] = {
          /* accept all token ring packets due to variable length header */
-diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
---- dhcp-4.2.2/common/lpf.c.lpf-ib     2011-09-19 11:24:08.694775773 +0200
-+++ dhcp-4.2.2/common/lpf.c    2011-09-19 11:26:15.107109935 +0200
-@@ -42,6 +42,7 @@
- #include "includes/netinet/udp.h"
- #include "includes/netinet/if_ether.h"
+diff -up dhcp-4.3.1b1/common/lpf.c.bmgpWV dhcp-4.3.1b1/common/lpf.c
+--- dhcp-4.3.1b1/common/lpf.c.bmgpWV   2014-07-10 17:48:03.797424616 +0200
++++ dhcp-4.3.1b1/common/lpf.c  2014-07-10 17:52:57.706272281 +0200
+@@ -46,6 +46,17 @@
+ #if defined (USE_LPF_RECEIVE) || defined (USE_LPF_HWADDR)
+ #include <sys/ioctl.h>
  #include <net/if.h>
 +#include <ifaddrs.h>
- 
- #ifndef PACKET_AUXDATA
- #define PACKET_AUXDATA 8
-@@ -59,6 +60,15 @@ struct tpacket_auxdata
- /* Reinitializes the specified interface after an address change.   This
-    is not required for packet-filter APIs. */
- 
++
 +/* Default broadcast address for IPoIB */
 +static unsigned char default_ib_bcast_addr[20] = {
 +      0x00, 0xff, 0xff, 0xff,
@@ -127,10 +120,10 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
 +      0xff, 0xff, 0xff, 0xff
 +};
 +
- #ifdef USE_LPF_SEND
- void if_reinitialize_send (info)
-       struct interface_info *info;
-@@ -86,10 +96,21 @@ int if_register_lpf (info)
+ #endif
+ 
+ #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE)
+@@ -92,10 +103,21 @@ int if_register_lpf (info)
                struct sockaddr common;
        } sa;
        struct ifreq ifr;
@@ -154,7 +147,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
                if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
                    errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
                    errno == EAFNOSUPPORT || errno == EINVAL) {
-@@ -112,6 +133,7 @@ int if_register_lpf (info)
+@@ -118,6 +140,7 @@ int if_register_lpf (info)
        /* Bind to the interface name */
        memset (&sa, 0, sizeof sa);
        sa.ll.sll_family = AF_PACKET;
@@ -162,7 +155,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
        sa.ll.sll_ifindex = ifr.ifr_ifindex;
        if (bind (sock, &sa.common, sizeof sa)) {
                if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
-@@ -127,8 +149,6 @@ int if_register_lpf (info)
+@@ -133,8 +156,6 @@ int if_register_lpf (info)
                log_fatal ("Bind socket to interface: %m");
        }
  
@@ -171,7 +164,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
        return sock;
  }
  #endif /* USE_LPF_SEND || USE_LPF_RECEIVE */
-@@ -183,6 +203,8 @@ void if_deregister_send (info)
+@@ -189,6 +210,8 @@ void if_deregister_send (info)
     in bpf includes... */
  extern struct sock_filter dhcp_bpf_filter [];
  extern int dhcp_bpf_filter_len;
@@ -180,7 +173,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
  
  #if defined (HAVE_TR_SUPPORT)
  extern struct sock_filter dhcp_bpf_tr_filter [];
-@@ -200,11 +222,13 @@ void if_register_receive (info)
+@@ -206,11 +229,13 @@ void if_register_receive (info)
        /* Open a LPF device and hang it on this interface... */
        info -> rfdesc = if_register_lpf (info);
  
@@ -199,7 +192,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
        }
  
  #if defined (HAVE_TR_SUPPORT)
-@@ -250,15 +274,28 @@ static void lpf_gen_filter_setup (info)
+@@ -256,15 +281,28 @@ static void lpf_gen_filter_setup (info)
  
        memset(&p, 0, sizeof(p));
  
@@ -237,7 +230,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
  
        if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p,
                        sizeof p) < 0) {
-@@ -315,6 +352,54 @@ static void lpf_tr_filter_setup (info)
+@@ -321,6 +359,54 @@ static void lpf_tr_filter_setup (info)
  #endif /* USE_LPF_RECEIVE */
  
  #ifdef USE_LPF_SEND
@@ -292,7 +285,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
  ssize_t send_packet (interface, packet, raw, len, from, to, hto)
        struct interface_info *interface;
        struct packet *packet;
-@@ -335,6 +420,11 @@ ssize_t send_packet (interface, packet, 
+@@ -341,6 +427,11 @@ ssize_t send_packet (interface, packet,
                return send_fallback (interface, packet, raw,
                                      len, from, to, hto);
  
@@ -304,7 +297,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
        if (hto == NULL && interface->anycast_mac_addr.hlen)
                hto = &interface->anycast_mac_addr;
  
-@@ -356,6 +446,42 @@ ssize_t send_packet (interface, packet, 
+@@ -362,6 +453,42 @@ ssize_t send_packet (interface, packet,
  #endif /* USE_LPF_SEND */
  
  #ifdef USE_LPF_RECEIVE
@@ -347,7 +340,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
  ssize_t receive_packet (interface, buf, len, from, hfrom)
        struct interface_info *interface;
        unsigned char *buf;
-@@ -382,6 +508,10 @@ ssize_t receive_packet (interface, buf, 
+@@ -388,6 +515,10 @@ ssize_t receive_packet (interface, buf,
        };
        struct cmsghdr *cmsg;
  
@@ -358,60 +351,100 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
        length = recvmsg (interface -> rfdesc, &msg, 0);
        if (length <= 0)
                return length;
-@@ -462,33 +592,44 @@ void maybe_setup_fallback ()
- }
+@@ -469,11 +600,33 @@ void maybe_setup_fallback ()
+ #endif
  
- void
+ #if defined (USE_LPF_RECEIVE) || defined (USE_LPF_HWADDR)
+-void
 -get_hw_addr(const char *name, struct hardware *hw) {
--      int sock;
--      struct ifreq tmp;
--      struct sockaddr *sa;
-+get_hw_addr(struct interface_info *info)
++struct sockaddr_ll *
++get_ll (struct ifaddrs *ifaddrs, struct ifaddrs **ifa, char *name)
 +{
-+      struct hardware *hw = &info->hw_address;
-+      char *name = info->name;
-+      struct ifaddrs *ifaddrs;
-+      struct ifaddrs *ifa;
-+      struct sockaddr_ll *sll = NULL;
- 
--      if (strlen(name) >= sizeof(tmp.ifr_name)) {
--              log_fatal("Device name too long: \"%s\"", name);
--      }
-+      if (getifaddrs(&ifaddrs) == -1)
-+              log_fatal("Failed to get interfaces");
- 
--      sock = socket(AF_INET, SOCK_DGRAM, 0);
--      if (sock < 0) {
--              log_fatal("Can't create socket for \"%s\": %m", name);
-+      for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
-+
-+              if (ifa->ifa_addr == NULL)
++      for (*ifa = ifaddrs; *ifa != NULL; *ifa = (*ifa)->ifa_next) {
++              if ((*ifa)->ifa_addr == NULL)
 +                      continue;
 +
-+              if (ifa->ifa_addr->sa_family != AF_PACKET)
++              if ((*ifa)->ifa_addr->sa_family != AF_PACKET)
 +                      continue;
 +
-+              if (ifa->ifa_flags & IFF_LOOPBACK)
++              if ((*ifa)->ifa_flags & IFF_LOOPBACK)
 +                      continue;
 +
-+              if (strcmp(ifa->ifa_name, name) == 0) {
-+                      sll = (struct sockaddr_ll *)(void *)ifa->ifa_addr;
-+                      break;
-+              }
-       }
++              if (strcmp((*ifa)->ifa_name, name) == 0)
++                      return (struct sockaddr_ll *)(void *)(*ifa)->ifa_addr;
++      }
++      *ifa = NULL;
++      return NULL;
++}
++
++struct sockaddr_ll *
++ioctl_get_ll(char *name)
++{
+       int sock;
+       struct ifreq tmp;
+-      struct sockaddr *sa;
++      struct sockaddr *sa = NULL;
++      struct sockaddr_ll *sll = NULL;
  
--      memset(&tmp, 0, sizeof(tmp));
--      strcpy(tmp.ifr_name, name);
--      if (ioctl(sock, SIOCGIFHWADDR, &tmp) < 0) {
+       if (strlen(name) >= sizeof(tmp.ifr_name)) {
+               log_fatal("Device name too long: \"%s\"", name);
+@@ -487,16 +640,62 @@ get_hw_addr(const char *name, struct har
+       memset(&tmp, 0, sizeof(tmp));
+       strcpy(tmp.ifr_name, name);
+       if (ioctl(sock, SIOCGIFHWADDR, &tmp) < 0) {
 -              log_fatal("Error getting hardware address for \"%s\": %m", 
--                        name);
-+      if (sll == NULL) {
-+              freeifaddrs(ifaddrs);
-+              log_fatal("Failed to get HW address for %s\n", name);
++              log_fatal("Error getting hardware address for \"%s\": %m",
+                         name);
        }
++      close(sock);
  
--      sa = &tmp.ifr_hwaddr;
+       sa = &tmp.ifr_hwaddr;
 -      switch (sa->sa_family) {
++      // needs to be freed outside this function
++      sll = dmalloc (sizeof (struct sockaddr_ll), MDL);
++      if (!sll)
++              log_fatal("Unable to allocate memory for link layer address");
++      memcpy(&sll->sll_hatype, &sa->sa_family, sizeof (sll->sll_hatype));
++      memcpy(sll->sll_addr, sa->sa_data, sizeof (sll->sll_addr));
++      switch (sll->sll_hatype) {
++              case ARPHRD_INFINIBAND:
++                      /* ioctl limits hardware addresses to 8 bytes */
++                      sll->sll_halen = 8;
++                      break;
++              default:
++                      break;
++      }
++      return sll;
++}
++
++void
++get_hw_addr(struct interface_info *info)
++{
++      struct hardware *hw = &info->hw_address;
++      char *name = info->name;
++      struct ifaddrs *ifaddrs = NULL;
++      struct ifaddrs *ifa = NULL;
++      struct sockaddr_ll *sll = NULL;
++      int sll_allocated = 0;
++      char *dup = NULL;
++      char *colon = NULL;
++
++      if (getifaddrs(&ifaddrs) == -1)
++              log_fatal("Failed to get interfaces");
++
++      if ((sll = get_ll(ifaddrs, &ifa, name)) == NULL) {
++              /*
++               * We were unable to get link-layer address for name.
++               * Fall back to ioctl(SIOCGIFHWADDR).
++               */
++              sll = ioctl_get_ll(name);
++              if (sll != NULL)
++                      sll_allocated = 1;
++              else
++                      // shouldn't happen
++                      log_fatal("Unexpected internal error");
++      }
++
 +      switch (sll->sll_hatype) {
                case ARPHRD_ETHER:
                        hw->hlen = 7;
@@ -421,7 +454,7 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
                        break;
                case ARPHRD_IEEE802:
  #ifdef ARPHRD_IEEE802_TR
-@@ -496,18 +637,35 @@ get_hw_addr(const char *name, struct har
+@@ -504,18 +703,48 @@ get_hw_addr(const char *name, struct har
  #endif /* ARPHRD_IEEE802_TR */
                        hw->hlen = 7;
                        hw->hbuf[0] = HTYPE_IEEE802;
@@ -429,16 +462,28 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
 +                      memcpy(&hw->hbuf[1], sll->sll_addr, 6);
                        break;
                case ARPHRD_FDDI:
-                       hw->hlen = 17;
+                       hw->hlen = 7;
                        hw->hbuf[0] = HTYPE_FDDI;
--                      memcpy(&hw->hbuf[1], sa->sa_data, 16);
-+                      memcpy(&hw->hbuf[1], sll->sll_addr, 16);
+-                      memcpy(&hw->hbuf[1], sa->sa_data, 6);
++                      memcpy(&hw->hbuf[1], sll->sll_addr, 6);
 +                      break;
 +              case ARPHRD_INFINIBAND:
++                      dup = strdup(name);
++                      /* Aliased infiniband interface is special case where
++                       * neither get_ll() nor ioctl_get_ll() get's correct hw
++                       * address, so we have to truncate the :0 and run
++                       * get_ll() again for the rest.
++                      */
++                      if ((colon = strchr(dup, ':')) != NULL) {
++                              *colon = '\0';
++                              if ((sll = get_ll(ifaddrs, &ifa, dup)) == NULL)
++                                      log_fatal("Error getting hardware address for \"%s\": %m", name);
++                      }
++                      free (dup);
 +                      /* For Infiniband, save the broadcast address and store
 +                       * the port GUID into the hardware address.
 +                       */
-+                      if (ifa->ifa_flags & IFF_BROADCAST) {
++                      if (ifa && (ifa->ifa_flags & IFF_BROADCAST)) {
 +                              struct sockaddr_ll *bll;
 +
 +                              bll = (struct sockaddr_ll *)ifa->ifa_broadaddr;
@@ -450,36 +495,40 @@ diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c
 +
 +                      hw->hlen = 1;
 +                      hw->hbuf[0] = HTYPE_INFINIBAND;
++                      memcpy(&hw->hbuf[1], &sll->sll_addr[sll->sll_halen - 8], 8);
                        break;
  #if defined(ARPHRD_PPP)
                case ARPHRD_PPP:
                        if (local_family != AF_INET6)
 -                              log_fatal("Unsupported device type %d for \"%s\"",
 -                                         sa->sa_family, name);
-+                              log_fatal("Unsupported device type %ld for \"%s\"",
-+                                        (long int)sll->sll_family, name);
++                              log_fatal("local_family != AF_INET6 for \"%s\"",
++                                        name);
                        hw->hlen = 0;
                        hw->hbuf[0] = HTYPE_RESERVED;
                        /* 0xdeadbeef should never occur on the wire,
-@@ -520,10 +678,11 @@ get_hw_addr(const char *name, struct har
+@@ -528,10 +757,13 @@ get_hw_addr(const char *name, struct har
                        break;
  #endif
                default:
-+                      freeifaddrs(ifaddrs);
-                       log_fatal("Unsupported device type %ld for \"%s\"",
+-                      log_fatal("Unsupported device type %ld for \"%s\"",
 -                                (long int)sa->sa_family, name);
-+                                (long int)sll->sll_family, name);
++                      freeifaddrs(ifaddrs);
++                      log_fatal("Unsupported device type %hu for \"%s\"",
++                                sll->sll_hatype, name);
        }
  
 -      close(sock);
++      if (sll_allocated)
++              dfree(sll, MDL);
 +      freeifaddrs(ifaddrs);
  }
  #endif
-diff -up dhcp-4.2.2/common/socket.c.lpf-ib dhcp-4.2.2/common/socket.c
---- dhcp-4.2.2/common/socket.c.lpf-ib  2011-06-27 18:18:20.000000000 +0200
-+++ dhcp-4.2.2/common/socket.c 2011-09-19 11:24:08.705775490 +0200
-@@ -324,7 +324,7 @@ void if_register_send (info)
-       info->wfdesc = if_register_socket(info, AF_INET, 0);
+diff -up dhcp-4.3.1b1/common/socket.c.bmgpWV dhcp-4.3.1b1/common/socket.c
+--- dhcp-4.3.1b1/common/socket.c.bmgpWV        2014-07-02 19:58:38.000000000 +0200
++++ dhcp-4.3.1b1/common/socket.c       2014-07-10 17:52:57.706272281 +0200
+@@ -322,7 +322,7 @@ void if_register_send (info)
+       info->wfdesc = if_register_socket(info, AF_INET, 0, NULL);
        /* If this is a normal IPv4 address, get the hardware address. */
        if (strcmp(info->name, "fallback") != 0)
 -              get_hw_addr(info->name, &info->hw_address);
@@ -487,7 +536,7 @@ diff -up dhcp-4.2.2/common/socket.c.lpf-ib dhcp-4.2.2/common/socket.c
  #if defined (USE_SOCKET_FALLBACK)
        /* Fallback only registers for send, but may need to receive as
           well. */
-@@ -387,7 +387,7 @@ void if_register_receive (info)
+@@ -385,7 +385,7 @@ void if_register_receive (info)
  #endif /* IP_PKTINFO... */
        /* If this is a normal IPv4 address, get the hardware address. */
        if (strcmp(info->name, "fallback") != 0)
@@ -496,7 +545,7 @@ diff -up dhcp-4.2.2/common/socket.c.lpf-ib dhcp-4.2.2/common/socket.c
  
        if (!quiet_interface_discovery)
                log_info ("Listening on Socket/%s%s%s",
-@@ -497,7 +497,7 @@ if_register6(struct interface_info *info
+@@ -499,7 +499,7 @@ if_register6(struct interface_info *info
        if (req_multi)
                if_register_multicast(info);
  
@@ -505,10 +554,19 @@ diff -up dhcp-4.2.2/common/socket.c.lpf-ib dhcp-4.2.2/common/socket.c
  
        if (!quiet_interface_discovery) {
                if (info->shared_network != NULL) {
-diff -up dhcp-4.2.2/includes/dhcpd.h.lpf-ib dhcp-4.2.2/includes/dhcpd.h
---- dhcp-4.2.2/includes/dhcpd.h.lpf-ib 2011-09-19 11:24:08.696775721 +0200
-+++ dhcp-4.2.2/includes/dhcpd.h        2011-09-19 11:24:08.707775438 +0200
-@@ -1243,6 +1243,7 @@ struct interface_info {
+@@ -555,7 +555,7 @@ if_register_linklocal6(struct interface_
+       info->rfdesc = sock;
+       info->wfdesc = sock;
+ 
+-      get_hw_addr(info->name, &info->hw_address);
++      get_hw_addr(info);
+ 
+       if (!quiet_interface_discovery) {
+               if (info->shared_network != NULL) {
+diff -up dhcp-4.3.1b1/includes/dhcpd.h.bmgpWV dhcp-4.3.1b1/includes/dhcpd.h
+--- dhcp-4.3.1b1/includes/dhcpd.h.bmgpWV       2014-07-10 17:50:26.923402536 +0200
++++ dhcp-4.3.1b1/includes/dhcpd.h      2014-07-10 17:52:57.707272266 +0200
+@@ -1248,6 +1248,7 @@ struct interface_info {
        struct shared_network *shared_network;
                                /* Networks connected to this interface. */
        struct hardware hw_address;     /* Its physical address. */
@@ -516,7 +574,7 @@ diff -up dhcp-4.2.2/includes/dhcpd.h.lpf-ib dhcp-4.2.2/includes/dhcpd.h
        struct in_addr *addresses;      /* Addresses associated with this
                                         * interface.
                                         */
-@@ -2356,7 +2357,7 @@ void print_dns_status (int, struct dhcp_
+@@ -2439,7 +2440,7 @@ void print_dns_status (int, struct dhcp_
  #endif
  const char *print_time(TIME);
  
@@ -525,14 +583,3 @@ diff -up dhcp-4.2.2/includes/dhcpd.h.lpf-ib dhcp-4.2.2/includes/dhcpd.h
  
  /* socket.c */
  #if defined (USE_SOCKET_SEND) || defined (USE_SOCKET_RECEIVE) \
-diff -up dhcp-4.2.2/includes/dhcp.h.lpf-ib dhcp-4.2.2/includes/dhcp.h
---- dhcp-4.2.2/includes/dhcp.h.lpf-ib  2011-09-19 11:24:08.696775721 +0200
-+++ dhcp-4.2.2/includes/dhcp.h 2011-09-19 11:24:08.707775438 +0200
-@@ -79,6 +79,7 @@ struct dhcp_packet {
- #define HTYPE_ETHER   1               /* Ethernet 10Mbps              */
- #define HTYPE_IEEE802 6               /* IEEE 802.2 Token Ring...     */
- #define HTYPE_FDDI    8               /* FDDI...                      */
-+#define HTYPE_INFINIBAND 32           /* Infiniband IPoIB             */
- 
- #define HTYPE_RESERVED  0               /* RFC 5494 */
- 

diff --git a/src/patches/dhcp-4.2.1-manpages.patch b/src/patches/dhcp/dhcp-manpages.patch
similarity index 53%
rename from src/patches/dhcp-4.2.1-manpages.patch
rename to src/patches/dhcp/dhcp-manpages.patch
index 9a42b7fc72c9a27b028daf7fcb482fe2257adf66..dde16c73525d16b93eff756c4a38a4fcc5576f9b 100644 (file)
--- a/src/patches/dhcp-4.2.1-manpages.patch
+++ b/src/patches/dhcp/dhcp-manpages.patch
@@ -1,154 +1,7 @@
-diff -up dhcp-4.2.1b1/client/dhclient.8.man dhcp-4.2.1b1/client/dhclient.8
---- dhcp-4.2.1b1/client/dhclient.8.man 2010-07-14 22:09:34.000000000 +0200
-+++ dhcp-4.2.1b1/client/dhclient.8     2011-01-27 18:19:07.000000000 +0100
-@@ -115,6 +115,33 @@ dhclient - Dynamic Host Configuration Pr
- .B -w
- ]
- [
-+.B -B
-+]
-+[
-+.B -I
-+.I dhcp-client-identifier
-+]
-+[
-+.B -H
-+.I host-name
-+]
-+[
-+.B -F
-+.I fqdn.fqdn
-+]
-+[
-+.B -V
-+.I vendor-class-identifier
-+]
-+[
-+.B -R
-+.I request-option-list
-+]
-+[
-+.B -timeout
-+.I timeout
-+]
-+[
- .B -v
- ]
- [
-@@ -264,6 +291,69 @@ not to exit when it doesn't find any suc
- program can then be used to notify the client when a network interface
- has been added or removed, so that the client can attempt to configure an IP
- address on that interface.
-+
-+.TP
-+.BI \-B
-+Set the BOOTP broadcast flag in request packets so servers will always
-+broadcast replies.
-+
-+.TP
-+.BI \-I\ <dhcp-client-identifier>
-+Specify the dhcp-client-identifier option to send to the DHCP server.
-+
-+.TP
-+.BI \-H\ <host-name>
-+Specify the host-name option to send to the DHCP server.  The host-name
-+string only contains the client's hostname prefix, to which the server will
-+append the ddns-domainname or domain-name options, if any, to derive the
-+fully qualified domain name of the client.  The
-+.B -H
-+option cannot be used with the
-+.B -F
-+option.
-+
-+.TP
-+.BI \-F\ <fqdn.fqdn>
-+Specify the fqdn.fqdn option to send to the DHCP server.  This option cannot
-+be used with the
-+.B -H
-+option.  The fqdn.fqdn option must specify the complete domain name of the
-+client host, which the server may use for dynamic DNS updates.
-+
-+.TP
-+.BI \-V\ <vendor-class-identifier>
-+Specify the vendor-class-identifier option to send to the DHCP server.
-+
-+.TP
-+.BI \-R\ <option>[,<option>...]
-+Specify the list of options the client is to request from the server.  The
-+option list must be a single string consisting of option names separated
-+by at least one command and optional space characters.  The default option
-+list is:
-+
-+.BR
-+    subnet-mask, broadcast-address, time-offset, routers,
-+.BR
-+    domain-search, domain-name, domain-name-servers, host-name, 
-+.BR
-+    nis-domain, nis-servers, ntp-servers, interface-mtu
-+
-+.TP
-+.B -R
-+option does not append options to the default request, it overrides the
-+default request list.  Keep this in mind if you want to request an
-+additional option besides the default request list.  You will have to
-+specify all option names for the
-+.B -R
-+parameter.
-+
-+.TP
-+.BI \-timeout\ <timeout>
-+Specify the time after which
-+.B dhclient
-+will decide that no DHCP servers can be contacted when no responses have been
-+received.
-+
- .TP
- .BI \-n
- Do not configure any interfaces.  This is most likely to be useful in
-diff -up dhcp-4.2.1b1/client/dhclient.conf.5.man dhcp-4.2.1b1/client/dhclient.conf.5
---- dhcp-4.2.1b1/client/dhclient.conf.5.man    2010-09-15 01:03:56.000000000 +0200
-+++ dhcp-4.2.1b1/client/dhclient.conf.5        2011-01-27 18:22:56.000000000 +0100
-@@ -186,7 +186,8 @@ responding to the client send the client
- options.   Only the option names should be specified in the request
- statement - not option parameters.   By default, the DHCPv4 client
- requests the subnet-mask, broadcast-address, time-offset, routers,
--domain-name, domain-name-servers and host-name options while the DHCPv6
-+domain-search, domain-name, domain-name-servers, host-name, nis-domain,
-+nis-servers, ntp-servers and interface-mtu options while the DHCPv6
- client requests the dhcp6 name-servers and domain-search options.  Note
- that if you enter a \'request\' statement, you over-ride these defaults
- and these options will not be requested.
-@@ -672,6 +673,17 @@ know the DHCP service(s) anycast MAC add
- client.  The \fIlink-type\fR and \fImac-address\fR parameters are configured
- in a similar manner to the \fBhardware\fR statement.
- .PP
-+ \fBbootp-broadcast-always;\fR
-+.PP
-+The
-+.B bootp-broadcast-always
-+statement instructs dhclient to always set the bootp broadcast flag in
-+request packets, so that servers will always broadcast replies.
-+This is equivalent to supplying the dhclient -B argument, and has
-+the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
-+This option is provided as an extension to enable dhclient to work
-+on IBM s390 Linux guests.
-+.PP
- .SH SAMPLE
- The following configuration file is used on a laptop running NetBSD
- 1.3.   The laptop has an IP alias of 192.5.5.213, and has one
-@@ -697,7 +709,7 @@ interface "ep0" {
-     supersede domain-search "fugue.com", "rc.vix.com", "home.vix.com";
-     prepend domain-name-servers 127.0.0.1;
-     request subnet-mask, broadcast-address, time-offset, routers,
--          domain-name, domain-name-servers, host-name;
-+          domain-search, domain-name, domain-name-servers, host-name;
-     require subnet-mask, domain-name-servers;
-     script "CLIENTBINDIR/dhclient-script";
-     media "media 10baseT/UTP", "media 10base2/BNC";
-diff -up dhcp-4.2.1b1/client/dhclient-script.8.man dhcp-4.2.1b1/client/dhclient-script.8
---- dhcp-4.2.1b1/client/dhclient-script.8.man  2010-07-06 21:03:11.000000000 +0200
-+++ dhcp-4.2.1b1/client/dhclient-script.8      2011-01-27 18:24:44.000000000 +0100
-@@ -47,7 +47,7 @@ customizations are needed, they should b
+diff -up dhcp-4.3.0a1/client/dhclient-script.8.man dhcp-4.3.0a1/client/dhclient-script.8
+--- dhcp-4.3.0a1/client/dhclient-script.8.man  2013-12-11 01:01:02.000000000 +0100
++++ dhcp-4.3.0a1/client/dhclient-script.8      2013-12-19 15:27:17.617118805 +0100
+@@ -48,7 +48,7 @@ customizations are needed, they should b
  exit hooks provided (see HOOKS for details).   These hooks will allow the
  user to override the default behaviour of the client in creating a
  .B /etc/resolv.conf
@@ -157,7 +10,7 @@ diff -up dhcp-4.2.1b1/client/dhclient-script.8.man dhcp-4.2.1b1/client/dhclient-
  .PP
  No standard client script exists for some operating systems, even though
  the actual client may work, so a pioneering user may well need to create
-@@ -91,6 +91,26 @@ present.   The
+@@ -92,6 +92,26 @@ present.   The
  .B ETCDIR/dhclient-exit-hooks
  script can modify the valid of exit_status to change the exit status
  of dhclient-script.
@@ -184,10 +37,50 @@ diff -up dhcp-4.2.1b1/client/dhclient-script.8.man dhcp-4.2.1b1/client/dhclient-
  .SH OPERATION
  When dhclient needs to invoke the client configuration script, it
  defines a set of variables in the environment, and then invokes
-diff -up dhcp-4.2.1b1/common/dhcp-options.5.man dhcp-4.2.1b1/common/dhcp-options.5
---- dhcp-4.2.1b1/common/dhcp-options.5.man     2010-07-13 22:56:56.000000000 +0200
-+++ dhcp-4.2.1b1/common/dhcp-options.5 2011-01-27 18:25:57.000000000 +0100
-@@ -913,6 +913,21 @@ classless IP routing - it does not inclu
+diff -up dhcp-4.3.0a1/client/dhclient.conf.5.man dhcp-4.3.0a1/client/dhclient.conf.5
+--- dhcp-4.3.0a1/client/dhclient.conf.5.man    2013-12-11 01:01:02.000000000 +0100
++++ dhcp-4.3.0a1/client/dhclient.conf.5        2013-12-19 15:27:17.617118805 +0100
+@@ -202,7 +202,8 @@ responding to the client send the client
+ options.  Only the option names should be specified in the request
+ statement - not option parameters.  By default, the DHCPv4 client
+ requests the subnet-mask, broadcast-address, time-offset, routers,
+-domain-name, domain-name-servers and host-name options while the DHCPv6
++domain-search, domain-name, domain-name-servers, host-name, nis-domain,
++nis-servers, ntp-servers and interface-mtu options while the DHCPv6
+ client requests the dhcp6 name-servers and domain-search options.  Note
+ that if you enter a \'request\' statement, you over-ride these defaults
+ and these options will not be requested.
+@@ -688,6 +689,17 @@ know the DHCP service(s) anycast MAC add
+ client.  The \fIlink-type\fR and \fImac-address\fR parameters are configured
+ in a similar manner to the \fBhardware\fR statement.
+ .PP
++ \fBbootp-broadcast-always;\fR
++.PP
++The
++.B bootp-broadcast-always
++statement instructs dhclient to always set the bootp broadcast flag in
++request packets, so that servers will always broadcast replies.
++This is equivalent to supplying the dhclient -B argument, and has
++the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
++This option is provided as an extension to enable dhclient to work
++on IBM s390 Linux guests.
++.PP
+ .SH SAMPLE
+ The following configuration file is used on a laptop running NetBSD
+ 1.3.  The laptop has an IP alias of 192.5.5.213, and has one
+@@ -713,7 +725,7 @@ interface "ep0" {
+     supersede domain-search "fugue.com", "rc.vix.com", "home.vix.com";
+     prepend domain-name-servers 127.0.0.1;
+     request subnet-mask, broadcast-address, time-offset, routers,
+-          domain-name, domain-name-servers, host-name;
++          domain-search, domain-name, domain-name-servers, host-name;
+     require subnet-mask, domain-name-servers;
+     script "CLIENTBINDIR/dhclient-script";
+     media "media 10baseT/UTP", "media 10base2/BNC";
+diff -up dhcp-4.3.0a1/common/dhcp-options.5.man dhcp-4.3.0a1/common/dhcp-options.5
+--- dhcp-4.3.0a1/common/dhcp-options.5.man     2013-12-11 01:25:12.000000000 +0100
++++ dhcp-4.3.0a1/common/dhcp-options.5 2013-12-19 15:27:17.618118791 +0100
+@@ -914,6 +914,21 @@ classless IP routing - it does not inclu
  classless IP routing is now the most widely deployed routing standard,
  this option is virtually useless, and is not implemented by any of the
  popular DHCP clients, for example the Microsoft DHCP client.
@@ -209,10 +102,10 @@ diff -up dhcp-4.2.1b1/common/dhcp-options.5.man dhcp-4.2.1b1/common/dhcp-options
  .RE
  .PP
  .nf
-diff -up dhcp-4.2.1b1/server/dhcpd.conf.5.man dhcp-4.2.1b1/server/dhcpd.conf.5
---- dhcp-4.2.1b1/server/dhcpd.conf.5.man       2010-07-06 21:03:12.000000000 +0200
-+++ dhcp-4.2.1b1/server/dhcpd.conf.5   2011-01-27 18:29:12.000000000 +0100
-@@ -519,6 +519,9 @@ pool {
+diff -up dhcp-4.3.0a1/server/dhcpd.conf.5.man dhcp-4.3.0a1/server/dhcpd.conf.5
+--- dhcp-4.3.0a1/server/dhcpd.conf.5.man       2013-12-13 21:49:44.000000000 +0100
++++ dhcp-4.3.0a1/server/dhcpd.conf.5   2013-12-19 15:30:14.266670962 +0100
+@@ -527,6 +527,9 @@ pool {
  };
  .fi
  .PP
@@ -222,7 +115,7 @@ diff -up dhcp-4.2.1b1/server/dhcpd.conf.5.man dhcp-4.2.1b1/server/dhcpd.conf.5
  The  server currently  does very  little  sanity checking,  so if  you
  configure it wrong, it will just  fail in odd ways.  I would recommend
  therefore that you either do  failover or don't do failover, but don't
-@@ -533,9 +536,9 @@ primary server might look like this:
+@@ -541,9 +544,9 @@ primary server might look like this:
  failover peer "foo" {
    primary;
    address anthrax.rc.vix.com;
@@ -234,7 +127,7 @@ diff -up dhcp-4.2.1b1/server/dhcpd.conf.5.man dhcp-4.2.1b1/server/dhcpd.conf.5
    max-response-delay 60;
    max-unacked-updates 10;
    mclt 3600;
-@@ -1305,7 +1308,7 @@ the zone containing PTR records - for IS
+@@ -1241,7 +1244,7 @@ the zone containing PTR records - for IS
  .PP
  .nf
  key DHCP_UPDATER {
@@ -243,7 +136,7 @@ diff -up dhcp-4.2.1b1/server/dhcpd.conf.5.man dhcp-4.2.1b1/server/dhcpd.conf.5
    secret pRP5FapFoJ95JEL06sv4PQ==;
  };
  
-@@ -1328,7 +1331,7 @@ dhcpd.conf file:
+@@ -1264,7 +1267,7 @@ dhcpd.conf file:
  .PP
  .nf
  key DHCP_UPDATER {
@@ -252,10 +145,10 @@ diff -up dhcp-4.2.1b1/server/dhcpd.conf.5.man dhcp-4.2.1b1/server/dhcpd.conf.5
    secret pRP5FapFoJ95JEL06sv4PQ==;
  };
  
-@@ -2540,7 +2543,8 @@ statement
+@@ -2539,7 +2542,8 @@ statement
  The \fInext-server\fR statement is used to specify the host address of
  the server from which the initial boot file (specified in the
- \fIfilename\fR statement) is to be loaded.   \fIServer-name\fR should
+ \fIfilename\fR statement) is to be loaded.  \fIServer-name\fR should
 -be a numeric IP address or a domain name.
 +be a numeric IP address or a domain name.  If no \fInext-server\fR statement
 +applies to a given client, the address 0.0.0.0 is used.

diff --git a/src/patches/dhcp/dhcp-paranoia.patch b/src/patches/dhcp/dhcp-paranoia.patch
new file mode 100644 (file)
index 0000000..0f2db8c
--- /dev/null
+++ b/src/patches/dhcp/dhcp-paranoia.patch
@@ -0,0 +1,156 @@
+diff -up dhcp-4.3.1b1/client/dhclient.c.dlTsyN dhcp-4.3.1b1/client/dhclient.c
+--- dhcp-4.3.1b1/client/dhclient.c.dlTsyN      2014-07-10 17:49:49.882925843 +0200
++++ dhcp-4.3.1b1/client/dhclient.c     2014-07-10 17:50:26.922402550 +0200
+@@ -1748,11 +1748,6 @@ int write_host (host)
+       return 0;
+ }
+ 
+-void db_startup (testp)
+-      int testp;
+-{
+-}
+-
+ void bootp (packet)
+       struct packet *packet;
+ {
+diff -up dhcp-4.3.1b1/includes/dhcpd.h.dlTsyN dhcp-4.3.1b1/includes/dhcpd.h
+--- dhcp-4.3.1b1/includes/dhcpd.h.dlTsyN       2014-07-10 17:48:03.798424601 +0200
++++ dhcp-4.3.1b1/includes/dhcpd.h      2014-07-10 17:50:26.923402536 +0200
+@@ -2866,7 +2866,11 @@ void commit_leases_timeout (void *);
+ void commit_leases_readerdry(void *);
+ int commit_leases (void);
+ int commit_leases_timed (void);
++#if defined (PARANOIA)
++void db_startup (int, uid_t, gid_t);
++#else
+ void db_startup (int);
++#endif /* PARANOIA */
+ int new_lease_file (void);
+ int group_writer (struct group_object *);
+ int write_ia(const struct ia_xx *);
+diff -up dhcp-4.3.1b1/server/confpars.c.dlTsyN dhcp-4.3.1b1/server/confpars.c
+--- dhcp-4.3.1b1/server/confpars.c.dlTsyN      2014-07-10 17:39:25.801764596 +0200
++++ dhcp-4.3.1b1/server/confpars.c     2014-07-10 17:50:26.924402522 +0200
+@@ -219,7 +219,11 @@ void trace_conf_input (trace_type_t *tty
+       }
+ 
+       if (!leaseconf_initialized && ttype == trace_readleases_type) {
++#if defined (PARANOIA)
++              db_startup (0, 0, 0);
++#else
+               db_startup (0);
++#endif /* PARANOIA */
+               leaseconf_initialized = 1;
+               postdb_startup ();
+       }
+diff -up dhcp-4.3.1b1/server/db.c.dlTsyN dhcp-4.3.1b1/server/db.c
+--- dhcp-4.3.1b1/server/db.c.dlTsyN    2014-07-10 17:39:25.801764596 +0200
++++ dhcp-4.3.1b1/server/db.c   2014-07-10 17:50:26.925402508 +0200
+@@ -42,6 +42,10 @@ static int counting = 0;
+ static int count = 0;
+ TIME write_time;
+ int lease_file_is_corrupt = 0;
++#if defined (PARANOIA)
++uid_t global_set_uid = 0;
++gid_t global_set_gid = 0;
++#endif /* PARANOIA */
+ 
+ /* Write a single binding scope value in parsable format.
+  */
+@@ -1046,8 +1050,11 @@ int commit_leases_timed()
+       return (1);
+ }
+ 
+-void db_startup (testp)
+-      int testp;
++#if defined (PARANOIA)
++void db_startup (int testp, uid_t set_uid, gid_t set_gid)
++#else
++void db_startup (int testp)
++#endif /* PARANOIA */
+ {
+       isc_result_t status;
+ 
+@@ -1066,6 +1073,11 @@ void db_startup (testp)
+       }
+ #endif
+ 
++#if defined (PARANOIA)
++      global_set_uid = set_uid;
++      global_set_gid = set_gid;
++#endif /* PARANOIA */
++
+ #if defined (TRACING)
+       /* If we're playing back, there is no lease file, so we can't
+          append it, so we create one immediately (maybe this isn't
+@@ -1128,6 +1140,17 @@ int new_lease_file ()
+               log_error ("Can't create new lease file: %m");
+               return 0;
+       }
++
++#if defined (PARANOIA)
++      if (global_set_uid && !geteuid() &&
++          global_set_gid && !getegid())
++              if (fchown(db_fd, global_set_uid, global_set_gid)) {
++                      log_fatal ("Can't chown new lease file: %m");
++                      close(db_fd);
++                      goto fdfail;
++      }
++#endif /* PARANOIA */
++
+       if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
+               log_error("Can't fdopen new lease file: %m");
+               close(db_fd);
+diff -up dhcp-4.3.1b1/server/dhcpd.8.dlTsyN dhcp-4.3.1b1/server/dhcpd.8
+--- dhcp-4.3.1b1/server/dhcpd.8.dlTsyN 2014-07-02 19:58:39.000000000 +0200
++++ dhcp-4.3.1b1/server/dhcpd.8        2014-07-10 17:50:26.925402508 +0200
+@@ -82,6 +82,18 @@ dhcpd - Dynamic Host Configuration Proto
+ .I trace-output-file
+ ]
+ [
++.B -user
++.I user
++]
++[
++.B -group
++.I group
++]
++[
++.B -chroot
++.I dir
++]
++[
+ .B -play
+ .I trace-playback-file
+ ]
+@@ -269,6 +281,15 @@ lease file.
+ .TP
+ .BI --version
+ Print version number and exit.
++.TP
++.BI \-user \ user
++Setuid to user after completing privileged operations, such as creating sockets that listen on privileged ports.
++.TP
++.BI \-group \ group
++Setgid to group after completing privileged operations, such as creating sockets that listen on privileged ports.
++.TP
++.BI \-chroot \ dir
++Chroot to directory after processing the command line arguments, but before reading the configuration file.
+ .PP
+ .I Modifying default file locations:
+ The following options can be used to modify the locations 
+diff -up dhcp-4.3.1b1/server/dhcpd.c.dlTsyN dhcp-4.3.1b1/server/dhcpd.c
+--- dhcp-4.3.1b1/server/dhcpd.c.dlTsyN 2014-07-10 17:39:25.802764582 +0200
++++ dhcp-4.3.1b1/server/dhcpd.c        2014-07-10 17:52:35.341588248 +0200
+@@ -628,7 +628,11 @@ main(int argc, char **argv) {
+       group_write_hook = group_writer;
+ 
+       /* Start up the database... */
++#if defined (PARANOIA)
++      db_startup (lftest, set_uid, set_gid);
++#else
+       db_startup (lftest);
++#endif /* PARANOIA */
+ 
+       if (lftest)
+               exit (0);

diff --git a/src/patches/dhcp-4.2.0-paths.patch b/src/patches/dhcp/dhcp-paths.patch
similarity index 72%
rename from src/patches/dhcp-4.2.0-paths.patch
rename to src/patches/dhcp/dhcp-paths.patch
index 54c7aba8e62152db5ace5a75f97e67781b51d002..2f43e51fec2240401fdb4a4e5e955fb0963e83f1 100644 (file)
--- a/src/patches/dhcp-4.2.0-paths.patch
+++ b/src/patches/dhcp/dhcp-paths.patch
@@ -1,7 +1,6 @@
-diff -up dhcp-4.2.0/includes/dhcpd.h.paths dhcp-4.2.0/includes/dhcpd.h
---- dhcp-4.2.0/includes/dhcpd.h.paths  2010-07-21 13:55:42.000000000 +0200
-+++ dhcp-4.2.0/includes/dhcpd.h        2010-07-21 14:29:57.000000000 +0200
-@@ -1390,15 +1390,15 @@ typedef unsigned char option_mask [16];
+--- expanded_org/includes/dhcpd.h      Wed Aug 06 23:35:02 2014
++++ expanded_patched_51_4_2_0_paths_patch/includes/dhcpd.h     Mon Feb 16 13:22:11 2015
+@@ -1424,15 +1424,15 @@
  #else /* !DEBUG */
  
  #ifndef _PATH_DHCPD_CONF
@@ -20,7 +19,7 @@ diff -up dhcp-4.2.0/includes/dhcpd.h.paths dhcp-4.2.0/includes/dhcpd.h
  #endif
  
  #ifndef _PATH_DHCPD_PID
-@@ -1412,7 +1412,7 @@ typedef unsigned char option_mask [16];
+@@ -1446,7 +1446,7 @@
  #endif /* DEBUG */
  
  #ifndef _PATH_DHCLIENT_CONF
@@ -29,7 +28,7 @@ diff -up dhcp-4.2.0/includes/dhcpd.h.paths dhcp-4.2.0/includes/dhcpd.h
  #endif
  
  #ifndef _PATH_DHCLIENT_SCRIPT
-@@ -1428,11 +1428,11 @@ typedef unsigned char option_mask [16];
+@@ -1462,11 +1462,11 @@
  #endif
  
  #ifndef _PATH_DHCLIENT_DB

diff --git a/src/patches/dhcp-4.2.0-release-by-ifup.patch b/src/patches/dhcp/dhcp-release-by-ifup.patch
similarity index 88%
rename from src/patches/dhcp-4.2.0-release-by-ifup.patch
rename to src/patches/dhcp/dhcp-release-by-ifup.patch
index 300c5f334b7eaa85c23c0fbc23845df6c8bfec7b..677eb5c752f0713bac56e01e83f972d911e5e2a1 100644 (file)
--- a/src/patches/dhcp-4.2.0-release-by-ifup.patch
+++ b/src/patches/dhcp/dhcp-release-by-ifup.patch
@@ -1,8 +1,8 @@
-diff -up dhcp-4.2.0/client/dhclient.c.ifup dhcp-4.2.0/client/dhclient.c
---- dhcp-4.2.0/client/dhclient.c.ifup  2010-07-21 13:30:10.000000000 +0200
-+++ dhcp-4.2.0/client/dhclient.c       2010-07-21 13:37:03.000000000 +0200
-@@ -497,9 +497,81 @@ main(int argc, char **argv) {
-                                       kill(oldpid, SIGTERM);
+diff -up dhcp-4.3.0a1/client/dhclient.c.ifup dhcp-4.3.0a1/client/dhclient.c
+--- dhcp-4.3.0a1/client/dhclient.c.ifup        2013-12-19 14:53:08.817760677 +0100
++++ dhcp-4.3.0a1/client/dhclient.c     2013-12-19 15:05:16.290518574 +0100
+@@ -521,9 +521,81 @@ main(int argc, char **argv) {
+                               }
                        }
                        fclose(pidfd);
 +              } else {

diff --git a/src/patches/dhcp/dhcp-remove-bind.patch b/src/patches/dhcp/dhcp-remove-bind.patch
new file mode 100644 (file)
index 0000000..5ab0338
--- /dev/null
+++ b/src/patches/dhcp/dhcp-remove-bind.patch
@@ -0,0 +1,192 @@
+diff -up dhcp-4.3.1b1/client/Makefile.am.brGmwh dhcp-4.3.1b1/client/Makefile.am
+--- dhcp-4.3.1b1/client/Makefile.am.brGmwh     2014-07-02 19:58:38.000000000 +0200
++++ dhcp-4.3.1b1/client/Makefile.am    2014-07-10 17:36:30.484250976 +0200
+@@ -10,8 +10,8 @@ dhclient_SOURCES = clparse.c dhclient.c
+                  scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
+                  scripts/netbsd scripts/nextstep scripts/openbsd \
+                  scripts/solaris scripts/openwrt
+-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../bind/lib/libirs.a \
+-               ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a
++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
++               $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
+ EXTRA_DIST = $(man_MANS)
+ 
+diff -up dhcp-4.3.1b1/common/tests/Makefile.am.brGmwh dhcp-4.3.1b1/common/tests/Makefile.am
+--- dhcp-4.3.1b1/common/tests/Makefile.am.brGmwh       2014-07-10 17:36:30.485250962 +0200
++++ dhcp-4.3.1b1/common/tests/Makefile.am      2014-07-10 17:38:04.010924566 +0200
+@@ -13,21 +13,20 @@ ATF_TESTS += alloc_unittest dns_unittest
+ alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
+ alloc_unittest_LDADD = $(ATF_LDFLAGS)
+ alloc_unittest_LDADD += ../libdhcp.a  \
+-      ../../omapip/libomapi.a ../../bind/lib/libirs.a \
+-      ../../bind/lib/libdns.a ../../bind/lib/libisccfg.a  ../../bind/lib/libisc.a
++      ../../omapip/libomapi.a \
++      $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ 
+ dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
+ dns_unittest_LDADD = $(ATF_LDFLAGS)
+ dns_unittest_LDADD += ../libdhcp.a  \
+-      ../../omapip/libomapi.a ../../bind/lib/libirs.a \
+-      ../../bind/lib/libdns.a ../../bind/lib/libisccfg.a  ../../bind/lib/libisc.a
++      ../../omapip/libomapi.a \
++      $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ 
+ misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
+ misc_unittest_LDADD = $(ATF_LDFLAGS)
+ misc_unittest_LDADD += ../libdhcp.a  \
+-      ../../omapip/libomapi.a ../../bind/lib/libirs.a \
+-      ../../bind/lib/libdns.a ../../bind/lib/libisccfg.a  ../../bind/lib/libisc.a
+-
++      ../../omapip/libomapi.a \
++      $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ check: $(ATF_TESTS)
+       atf-run | atf-report
+ 
+diff -up dhcp-4.3.1b1/configure.ac.brGmwh dhcp-4.3.1b1/configure.ac
+--- dhcp-4.3.1b1/configure.ac.brGmwh   2014-07-02 20:01:26.000000000 +0200
++++ dhcp-4.3.1b1/configure.ac  2014-07-10 17:36:30.485250962 +0200
+@@ -562,20 +562,37 @@ AC_CHECK_MEMBER(struct msghdr.msg_contro
+ 
+ libbind=
+ AC_ARG_WITH(libbind,
+-      AS_HELP_STRING([--with-libbind=PATH],[bind includes and libraries are in PATH 
+-                      (default is ./bind)]),
++      AS_HELP_STRING([--with-libbind=PATH],[bind includes are in PATH 
++                      (default is ./bind/includes)]),
+       use_libbind="$withval", use_libbind="no")
+ case "$use_libbind" in 
++yes|no)
++      libbind="\${top_srcdir}/bind/include"
++      ;;
++*)
++      libbind="$use_libbind"
++      ;;
++esac
++
++BIND9_LIBDIR='-L$(top_builddir)/bind/lib'
++AC_ARG_WITH(libbind-libs,
++      AC_HELP_STRING([--with-libbind-libs=PATH],
++                     [bind9 export libraries are in PATH]),
++                     [libbind_libs="$withval"], [libbind_libs='no'])
++case "$libbind_libs" in
+ yes)
+-      libbind="\${top_srcdir}/bind"
++      AC_MSG_ERROR([Specify path to bind9 libraries])
+       ;;
+ no)
+-      libbind="\${top_srcdir}/bind"
++      BUNDLED_BIND=yes
+       ;;
+ *)
+-      libbind="$use_libbind"
++      BIND9_LIBDIR="-L$libbind_libs"
++      BUNDLED_BIND=no
+       ;;
+ esac
++AM_CONDITIONAL([BUNDLED_BIND], [test "$BUNDLED_BIND" = yes])
++AC_SUBST([BIND9_LIBDIR])
+ 
+ # OpenLDAP support.
+ AC_ARG_WITH(ldap,
+@@ -610,7 +627,7 @@ fi
+ CFLAGS="$CFLAGS $STD_CWARNINGS"
+ 
+ # Try to add the bind include directory
+-CFLAGS="$CFLAGS -I$libbind/include"
++CFLAGS="$CFLAGS -I$libbind"
+ 
+ case "$host" in
+ *-darwin*)
+diff -up dhcp-4.3.1b1/dhcpctl/Makefile.am.brGmwh dhcp-4.3.1b1/dhcpctl/Makefile.am
+--- dhcp-4.3.1b1/dhcpctl/Makefile.am.brGmwh    2014-07-02 19:58:38.000000000 +0200
++++ dhcp-4.3.1b1/dhcpctl/Makefile.am   2014-07-10 17:36:30.485250962 +0200
+@@ -6,12 +6,9 @@ EXTRA_DIST = $(man_MANS)
+ 
+ omshell_SOURCES = omshell.c
+ omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
+-              ../bind/lib/libirs.a ../bind/lib/libdns.a \
+-              ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+-
++              $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
+ 
+ cltest_SOURCES = cltest.c
+ cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
+-             ../bind/lib/libirs.a ../bind/lib/libdns.a \
+-               ../bind/lib/libisccfg.a ../bind/lib/libisc.a
++             $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+diff -up dhcp-4.3.1b1/Makefile.am.brGmwh dhcp-4.3.1b1/Makefile.am
+--- dhcp-4.3.1b1/Makefile.am.brGmwh    2014-07-02 19:58:38.000000000 +0200
++++ dhcp-4.3.1b1/Makefile.am   2014-07-10 17:36:30.484250976 +0200
+@@ -25,7 +25,13 @@ EXTRA_DIST = RELNOTES LICENSE \
+            bind/Makefile bind/bind.tar.gz bind/version.tmp \
+            common/tests/Atffile server/tests/Atffile
+ 
+-SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
++if BUNDLED_BIND
++SUBDIRS = bind
++else
++SUBDIRS = 
++endif
++
++SUBDIRS += includes tests common dst omapip client dhcpctl relay server
+ 
+ nobase_include_HEADERS = dhcpctl/dhcpctl.h
+ 
+diff -up dhcp-4.3.1b1/omapip/Makefile.am.brGmwh dhcp-4.3.1b1/omapip/Makefile.am
+--- dhcp-4.3.1b1/omapip/Makefile.am.brGmwh     2014-07-02 19:58:39.000000000 +0200
++++ dhcp-4.3.1b1/omapip/Makefile.am    2014-07-10 17:36:30.486250948 +0200
+@@ -10,6 +10,5 @@ man_MANS = omapi.3
+ EXTRA_DIST = $(man_MANS)
+ 
+ svtest_SOURCES = test.c
+-svtest_LDADD = libomapi.a ../bind/lib/libirs.a ../bind/lib/libdns.a \
+-              ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+-
++svtest_LDADD = libomapi.a \
++             $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+diff -up dhcp-4.3.1b1/relay/Makefile.am.brGmwh dhcp-4.3.1b1/relay/Makefile.am
+--- dhcp-4.3.1b1/relay/Makefile.am.brGmwh      2014-07-02 19:58:39.000000000 +0200
++++ dhcp-4.3.1b1/relay/Makefile.am     2014-07-10 17:36:30.486250948 +0200
+@@ -3,8 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
+ sbin_PROGRAMS = dhcrelay
+ dhcrelay_SOURCES = dhcrelay.c
+ dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+-               ../bind/lib/libirs.a ../bind/lib/libdns.a \
+-               ../bind/lib/libisccfg.a ../bind/lib/libisc.a
++               $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ man_MANS = dhcrelay.8
+ EXTRA_DIST = $(man_MANS)
+ 
+diff -up dhcp-4.3.1b1/server/Makefile.am.brGmwh dhcp-4.3.1b1/server/Makefile.am
+--- dhcp-4.3.1b1/server/Makefile.am.brGmwh     2014-07-02 19:58:39.000000000 +0200
++++ dhcp-4.3.1b1/server/Makefile.am    2014-07-10 17:36:30.486250948 +0200
+@@ -13,10 +13,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
+               dhcpv6.c mdb6.c ldap.c ldap_casa.c
+ 
+ dhcpd_CFLAGS = $(LDAP_CFLAGS)
+-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+-            ../dhcpctl/libdhcpctl.a ../bind/lib/libirs.a \
+-            ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+-
++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dhcpctl/libdhcpctl.a \
++            $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)
+ 
+diff -up dhcp-4.3.1b1/server/tests/Makefile.am.brGmwh dhcp-4.3.1b1/server/tests/Makefile.am
+--- dhcp-4.3.1b1/server/tests/Makefile.am.brGmwh       2014-07-02 19:58:40.000000000 +0200
++++ dhcp-4.3.1b1/server/tests/Makefile.am      2014-07-10 17:36:30.486250948 +0200
+@@ -18,9 +18,8 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpa
+           ../ldap.c ../ldap_casa.c ../dhcpd.c
+ 
+ DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a    \
+-          $(top_builddir)/dhcpctl/libdhcpctl.a $(top_builddir)/bind/lib/libirs.a \
+-        $(top_builddir)/bind/lib/libdns.a $(top_builddir)/bind/lib/libisccfg.a \
+-        $(top_builddir)/bind/lib/libisc.a
++          $(top_builddir)/dhcpctl/libdhcpctl.a \
++          $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ 
+ ATF_TESTS =
+ TESTS = 

diff --git a/src/patches/dhcp-4.2.2-rfc3442-classless-static-routes.patch b/src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch
similarity index 74%
rename from src/patches/dhcp-4.2.2-rfc3442-classless-static-routes.patch
rename to src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch
index 0a0bfcb66d32d0fb961d853816044bd664c0f1f1..94ed5ba24ebd8c7de38bc349cfe2975b6410109d 100644 (file)
--- a/src/patches/dhcp-4.2.2-rfc3442-classless-static-routes.patch
+++ b/src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.2b1/client/clparse.c.rfc3442 dhcp-4.2.2b1/client/clparse.c
---- dhcp-4.2.2b1/client/clparse.c.rfc3442      2011-07-01 14:22:38.031534508 +0200
-+++ dhcp-4.2.2b1/client/clparse.c      2011-07-01 14:22:38.128532940 +0200
-@@ -37,7 +37,7 @@
+diff -up dhcp-4.3.0rc1/client/clparse.c.rfc3442 dhcp-4.3.0rc1/client/clparse.c
+--- dhcp-4.3.0rc1/client/clparse.c.rfc3442     2014-01-29 10:05:48.474400352 +0100
++++ dhcp-4.3.0rc1/client/clparse.c     2014-01-29 10:05:48.517399955 +0100
+@@ -31,7 +31,7 @@
  
  struct client_config top_level_config;
  
@@ -10,7 +10,7 @@ diff -up dhcp-4.2.2b1/client/clparse.c.rfc3442 dhcp-4.2.2b1/client/clparse.c
  struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1];
  
  static void parse_client_default_duid(struct parse *cfile);
-@@ -82,7 +82,11 @@ isc_result_t read_client_conf ()
+@@ -84,7 +84,11 @@ isc_result_t read_client_conf ()
                                dhcp_universe.code_hash, &code, 0, MDL);
  
        /* 4 */
@@ -23,7 +23,7 @@ diff -up dhcp-4.2.2b1/client/clparse.c.rfc3442 dhcp-4.2.2b1/client/clparse.c
        option_code_hash_lookup(&default_requested_options[3],
                                dhcp_universe.code_hash, &code, 0, MDL);
  
-@@ -136,6 +140,11 @@ isc_result_t read_client_conf ()
+@@ -138,6 +142,11 @@ isc_result_t read_client_conf ()
        option_code_hash_lookup(&default_requested_options[13],
                                dhcp_universe.code_hash, &code, 0, MDL);
  
@@ -35,10 +35,10 @@ diff -up dhcp-4.2.2b1/client/clparse.c.rfc3442 dhcp-4.2.2b1/client/clparse.c
        for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) {
                if (default_requested_options[code] == NULL)
                        log_fatal("Unable to find option definition for "
-diff -up dhcp-4.2.2b1/common/dhcp-options.5.rfc3442 dhcp-4.2.2b1/common/dhcp-options.5
---- dhcp-4.2.2b1/common/dhcp-options.5.rfc3442 2011-07-01 14:22:38.020534686 +0200
-+++ dhcp-4.2.2b1/common/dhcp-options.5 2011-07-01 14:22:38.129532924 +0200
-@@ -115,6 +115,26 @@ hexadecimal, separated by colons.   For 
+diff -up dhcp-4.3.0rc1/common/dhcp-options.5.rfc3442 dhcp-4.3.0rc1/common/dhcp-options.5
+--- dhcp-4.3.0rc1/common/dhcp-options.5.rfc3442        2014-01-29 10:05:48.466400426 +0100
++++ dhcp-4.3.0rc1/common/dhcp-options.5        2014-01-29 10:05:48.518399945 +0100
+@@ -111,6 +111,26 @@ hexadecimal, separated by colons.  For e
  or
    option dhcp-client-identifier 43:4c:49:45:54:2d:46:4f:4f;
  .fi
@@ -64,8 +64,8 @@ diff -up dhcp-4.2.2b1/common/dhcp-options.5.rfc3442 dhcp-4.2.2b1/common/dhcp-opt
 +.fi
  .SH SETTING OPTION VALUES USING EXPRESSIONS
  Sometimes it's helpful to be able to set the value of a DHCP option
- based on some value that the client has sent.   To do this, you can
-@@ -931,6 +951,29 @@ dhclient-script will create routes:
+ based on some value that the client has sent.  To do this, you can
+@@ -972,6 +992,29 @@ dhclient-script will create routes:
  .RE
  .PP
  .nf
@@ -95,10 +95,10 @@ diff -up dhcp-4.2.2b1/common/dhcp-options.5.rfc3442 dhcp-4.2.2b1/common/dhcp-opt
  .B option \fBstreettalk-directory-assistance-server\fR \fIip-address\fR
                                             [\fB,\fR \fIip-address\fR...]\fB;\fR
  .fi
-diff -up dhcp-4.2.2b1/common/inet.c.rfc3442 dhcp-4.2.2b1/common/inet.c
---- dhcp-4.2.2b1/common/inet.c.rfc3442 2011-05-11 02:47:22.000000000 +0200
-+++ dhcp-4.2.2b1/common/inet.c 2011-07-01 14:22:38.130532908 +0200
-@@ -528,6 +528,60 @@ free_iaddrcidrnetlist(struct iaddrcidrne
+diff -up dhcp-4.3.0rc1/common/inet.c.rfc3442 dhcp-4.3.0rc1/common/inet.c
+--- dhcp-4.3.0rc1/common/inet.c.rfc3442        2014-01-26 19:40:44.000000000 +0100
++++ dhcp-4.3.0rc1/common/inet.c        2014-01-29 10:05:48.519399936 +0100
+@@ -521,6 +521,60 @@ free_iaddrcidrnetlist(struct iaddrcidrne
        return ISC_R_SUCCESS;
  }
  
@@ -159,10 +159,10 @@ diff -up dhcp-4.2.2b1/common/inet.c.rfc3442 dhcp-4.2.2b1/common/inet.c
  /* piaddr() turns an iaddr structure into a printable address. */
  /* XXX: should use a const pointer rather than passing the structure */
  const char *
-diff -up dhcp-4.2.2b1/common/options.c.rfc3442 dhcp-4.2.2b1/common/options.c
---- dhcp-4.2.2b1/common/options.c.rfc3442      2011-03-24 22:57:13.000000000 +0100
-+++ dhcp-4.2.2b1/common/options.c      2011-07-01 14:22:38.132532876 +0200
-@@ -706,7 +706,11 @@ cons_options(struct packet *inpacket, st
+diff -up dhcp-4.3.0rc1/common/options.c.rfc3442 dhcp-4.3.0rc1/common/options.c
+--- dhcp-4.3.0rc1/common/options.c.rfc3442     2014-01-26 19:40:44.000000000 +0100
++++ dhcp-4.3.0rc1/common/options.c     2014-01-29 10:05:48.520399927 +0100
+@@ -707,7 +707,11 @@ cons_options(struct packet *inpacket, st
                 * packet.
                 */
                priority_list[priority_len++] = DHO_SUBNET_MASK;
@@ -175,15 +175,15 @@ diff -up dhcp-4.2.2b1/common/options.c.rfc3442 dhcp-4.2.2b1/common/options.c
                priority_list[priority_len++] = DHO_DOMAIN_NAME_SERVERS;
                priority_list[priority_len++] = DHO_HOST_NAME;
                priority_list[priority_len++] = DHO_FQDN;
-@@ -1683,6 +1687,7 @@ const char *pretty_print_option (option,
-       const unsigned char *dp = data;
-       char comma;
+@@ -1688,6 +1692,7 @@ const char *pretty_print_option (option,
        unsigned long tval;
-+        unsigned int octets = 0;
+       isc_boolean_t a_array = ISC_FALSE;
+       int len_used;
++      unsigned int octets = 0;
  
        if (emit_commas)
                comma = ',';
-@@ -1691,6 +1696,7 @@ const char *pretty_print_option (option,
+@@ -1696,6 +1701,7 @@ const char *pretty_print_option (option,
  
        memset (enumbuf, 0, sizeof enumbuf);
  
@@ -191,7 +191,7 @@ diff -up dhcp-4.2.2b1/common/options.c.rfc3442 dhcp-4.2.2b1/common/options.c
        /* Figure out the size of the data. */
        for (l = i = 0; option -> format [i]; i++, l++) {
                if (l >= sizeof(fmtbuf) - 1)
-@@ -1840,6 +1846,33 @@ const char *pretty_print_option (option,
+@@ -1870,6 +1876,33 @@ const char *pretty_print_option (option,
        if (numhunk < 0)
                numhunk = 1;
  
@@ -224,8 +224,8 @@ diff -up dhcp-4.2.2b1/common/options.c.rfc3442 dhcp-4.2.2b1/common/options.c
 +
        /* Cycle through the array (or hunk) printing the data. */
        for (i = 0; i < numhunk; i++) {
-               for (j = 0; j < numelem; j++) {
-@@ -1978,6 +2011,20 @@ const char *pretty_print_option (option,
+               if ((a_array == ISC_TRUE) && (i != 0) && (numelem > 0)) {
+@@ -2025,6 +2058,20 @@ const char *pretty_print_option (option,
                                strcpy(op, piaddr(iaddr));
                                dp += 4;
                                break;
@@ -246,10 +246,10 @@ diff -up dhcp-4.2.2b1/common/options.c.rfc3442 dhcp-4.2.2b1/common/options.c
                              case '6':
                                iaddr.len = 16;
                                memcpy(iaddr.iabuf, dp, 16);
-diff -up dhcp-4.2.2b1/common/parse.c.rfc3442 dhcp-4.2.2b1/common/parse.c
---- dhcp-4.2.2b1/common/parse.c.rfc3442        2011-07-01 14:22:38.097533441 +0200
-+++ dhcp-4.2.2b1/common/parse.c        2011-07-01 14:22:38.135532828 +0200
-@@ -341,6 +341,39 @@ int parse_ip_addr (cfile, addr)
+diff -up dhcp-4.3.0rc1/common/parse.c.rfc3442 dhcp-4.3.0rc1/common/parse.c
+--- dhcp-4.3.0rc1/common/parse.c.rfc3442       2014-01-29 10:05:48.491400195 +0100
++++ dhcp-4.3.0rc1/common/parse.c       2014-01-29 10:05:48.522399908 +0100
+@@ -335,6 +335,39 @@ int parse_ip_addr (cfile, addr)
  }     
  
  /*
@@ -289,7 +289,7 @@ diff -up dhcp-4.2.2b1/common/parse.c.rfc3442 dhcp-4.2.2b1/common/parse.c
   * Return true if every character in the string is hexadecimal.
   */
  static int
-@@ -700,8 +733,10 @@ unsigned char *parse_numeric_aggregate (
+@@ -713,8 +746,10 @@ unsigned char *parse_numeric_aggregate (
                if (count) {
                        token = peek_token (&val, (unsigned *)0, cfile);
                        if (token != separator) {
@@ -301,7 +301,7 @@ diff -up dhcp-4.2.2b1/common/parse.c.rfc3442 dhcp-4.2.2b1/common/parse.c
                                if (token != RBRACE && token != LBRACE)
                                        token = next_token (&val,
                                                            (unsigned *)0,
-@@ -1624,6 +1659,9 @@ int parse_option_code_definition (cfile,
+@@ -1654,6 +1689,9 @@ int parse_option_code_definition (cfile,
              case IP_ADDRESS:
                type = 'I';
                break;
@@ -311,7 +311,7 @@ diff -up dhcp-4.2.2b1/common/parse.c.rfc3442 dhcp-4.2.2b1/common/parse.c
              case IP6_ADDRESS:
                type = '6';
                break;
-@@ -5288,6 +5326,15 @@ int parse_option_token (rv, cfile, fmt, 
+@@ -5071,6 +5109,15 @@ int parse_option_token (rv, cfile, fmt,
                }
                break;
  
@@ -327,7 +327,7 @@ diff -up dhcp-4.2.2b1/common/parse.c.rfc3442 dhcp-4.2.2b1/common/parse.c
              case '6': /* IPv6 address. */
                if (!parse_ip6_addr(cfile, &addr)) {
                        return 0;
-@@ -5548,6 +5595,13 @@ int parse_option_decl (oc, cfile)
+@@ -5348,6 +5395,13 @@ int parse_option_decl (oc, cfile)
                                        goto exit;
                                len = ip_addr.len;
                                dp = ip_addr.iabuf;
@@ -341,10 +341,10 @@ diff -up dhcp-4.2.2b1/common/parse.c.rfc3442 dhcp-4.2.2b1/common/parse.c
  
                              alloc:
                                if (hunkix + len > sizeof hunkbuf) {
-diff -up dhcp-4.2.2b1/common/tables.c.rfc3442 dhcp-4.2.2b1/common/tables.c
---- dhcp-4.2.2b1/common/tables.c.rfc3442       2011-07-01 14:22:38.087533601 +0200
-+++ dhcp-4.2.2b1/common/tables.c       2011-07-01 14:22:38.137532796 +0200
-@@ -51,6 +51,7 @@ HASH_FUNCTIONS (option_code, const unsig
+diff -up dhcp-4.3.0rc1/common/tables.c.rfc3442 dhcp-4.3.0rc1/common/tables.c
+--- dhcp-4.3.0rc1/common/tables.c.rfc3442      2014-01-29 10:05:48.485400250 +0100
++++ dhcp-4.3.0rc1/common/tables.c      2014-01-29 10:06:25.724038563 +0100
+@@ -46,6 +46,7 @@ HASH_FUNCTIONS (option_code, const unsig
     Format codes:
  
     I - IPv4 address
@@ -352,18 +352,18 @@ diff -up dhcp-4.2.2b1/common/tables.c.rfc3442 dhcp-4.2.2b1/common/tables.c
     6 - IPv6 address
     l - 32-bit signed integer
     L - 32-bit unsigned integer
-@@ -208,6 +209,7 @@ static struct option dhcp_options[] = {
-       { "default-url", "t",                   &dhcp_universe, 114, 1 },
+@@ -214,6 +215,7 @@ static struct option dhcp_options[] = {
+ #endif
        { "subnet-selection", "I",              &dhcp_universe, 118, 1 },
-       { "domain-search", "D",         &dhcp_universe, 119, 1 },
+       { "domain-search", "D",                 &dhcp_universe, 119, 1 },
 +      { "classless-static-routes", "RIA",     &dhcp_universe, 121, 1 },
        { "vivco", "Evendor-class.",            &dhcp_universe, 124, 1 },
        { "vivso", "Evendor.",                  &dhcp_universe, 125, 1 },
  #if 0
-diff -up dhcp-4.2.2b1/includes/dhcpd.h.rfc3442 dhcp-4.2.2b1/includes/dhcpd.h
---- dhcp-4.2.2b1/includes/dhcpd.h.rfc3442      2011-07-01 14:22:38.000000000 +0200
-+++ dhcp-4.2.2b1/includes/dhcpd.h      2011-07-01 14:24:19.999810333 +0200
-@@ -2662,6 +2662,7 @@ isc_result_t range2cidr(struct iaddrcidr
+diff -up dhcp-4.3.0rc1/includes/dhcpd.h.rfc3442 dhcp-4.3.0rc1/includes/dhcpd.h
+--- dhcp-4.3.0rc1/includes/dhcpd.h.rfc3442     2014-01-29 10:05:48.470400389 +0100
++++ dhcp-4.3.0rc1/includes/dhcpd.h     2014-01-29 10:05:48.525399881 +0100
+@@ -2725,6 +2725,7 @@ isc_result_t range2cidr(struct iaddrcidr
                        const struct iaddr *lo, const struct iaddr *hi);
  isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result);
  const char *piaddr (struct iaddr);
@@ -371,7 +371,7 @@ diff -up dhcp-4.2.2b1/includes/dhcpd.h.rfc3442 dhcp-4.2.2b1/includes/dhcpd.h
  char *piaddrmask(struct iaddr *, struct iaddr *);
  char *piaddrcidr(const struct iaddr *, unsigned int);
  u_int16_t validate_port(char *);
-@@ -2869,6 +2870,7 @@ void parse_client_lease_declaration (str
+@@ -2934,6 +2935,7 @@ void parse_client_lease_declaration (str
  int parse_option_decl (struct option_cache **, struct parse *);
  void parse_string_list (struct parse *, struct string_list **, int);
  int parse_ip_addr (struct parse *, struct iaddr *);
@@ -379,10 +379,10 @@ diff -up dhcp-4.2.2b1/includes/dhcpd.h.rfc3442 dhcp-4.2.2b1/includes/dhcpd.h
  int parse_ip_addr_with_subnet(struct parse *, struct iaddrmatch *);
  void parse_reject_statement (struct parse *, struct client_config *);
  
-diff -up dhcp-4.2.2b1/includes/dhcp.h.rfc3442 dhcp-4.2.2b1/includes/dhcp.h
---- dhcp-4.2.2b1/includes/dhcp.h.rfc3442       2009-11-20 02:49:01.000000000 +0100
-+++ dhcp-4.2.2b1/includes/dhcp.h       2011-07-01 14:22:38.145532665 +0200
-@@ -158,6 +158,7 @@ struct dhcp_packet {
+diff -up dhcp-4.3.0rc1/includes/dhcp.h.rfc3442 dhcp-4.3.0rc1/includes/dhcp.h
+--- dhcp-4.3.0rc1/includes/dhcp.h.rfc3442      2014-01-26 19:40:44.000000000 +0100
++++ dhcp-4.3.0rc1/includes/dhcp.h      2014-01-29 10:05:48.524399890 +0100
+@@ -159,6 +159,7 @@ struct dhcp_packet {
  #define DHO_ASSOCIATED_IP                     92
  #define DHO_SUBNET_SELECTION                  118 /* RFC3011! */
  #define DHO_DOMAIN_SEARCH                     119 /* RFC3397 */
@@ -390,16 +390,16 @@ diff -up dhcp-4.2.2b1/includes/dhcp.h.rfc3442 dhcp-4.2.2b1/includes/dhcp.h
  #define DHO_VIVCO_SUBOPTIONS                  124
  #define DHO_VIVSO_SUBOPTIONS                  125
  
-diff -up dhcp-4.2.2b1/includes/dhctoken.h.rfc3442 dhcp-4.2.2b1/includes/dhctoken.h
---- dhcp-4.2.2b1/includes/dhctoken.h.rfc3442   2011-07-01 14:22:37.000000000 +0200
-+++ dhcp-4.2.2b1/includes/dhctoken.h   2011-07-01 14:25:12.541867623 +0200
-@@ -362,7 +362,8 @@ enum dhcp_token {
-       REWIND = 663,
-       INITIAL_DELAY = 664,
-       GETHOSTBYNAME = 665,
--      BOOTP_BROADCAST_ALWAYS = 666
-+      BOOTP_BROADCAST_ALWAYS = 666,
-+      DESTINATION_DESCRIPTOR = 667
+diff -up dhcp-4.3.0rc1/includes/dhctoken.h.rfc3442 dhcp-4.3.0rc1/includes/dhctoken.h
+--- dhcp-4.3.0rc1/includes/dhctoken.h.rfc3442  2014-01-29 10:05:48.435400713 +0100
++++ dhcp-4.3.0rc1/includes/dhctoken.h  2014-01-29 10:05:48.526399871 +0100
+@@ -368,7 +368,8 @@ enum dhcp_token {
+       POOL6 = 669,
+       V6RELAY = 670,
+       V6RELOPT = 671,
+-      BOOTP_BROADCAST_ALWAYS = 672
++      BOOTP_BROADCAST_ALWAYS = 672,
++      DESTINATION_DESCRIPTOR = 673
  };
  
  #define is_identifier(x)      ((x) >= FIRST_TOKEN &&  \

diff --git a/src/patches/dhcp-4.2.1-sendDecline.patch b/src/patches/dhcp/dhcp-sendDecline.patch
similarity index 89%
rename from src/patches/dhcp-4.2.1-sendDecline.patch
rename to src/patches/dhcp/dhcp-sendDecline.patch
index b2fa4affbd6a2c82643369fef5b1ae9d4c13a7e2..e68336634593db963c02b74e54af45e443e90b0b 100644 (file)
--- a/src/patches/dhcp-4.2.1-sendDecline.patch
+++ b/src/patches/dhcp/dhcp-sendDecline.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.1-P1/client/dhc6.c.sendDecline dhcp-4.2.1-P1/client/dhc6.c
---- dhcp-4.2.1-P1/client/dhc6.c.sendDecline    2010-09-10 22:27:11.000000000 +0200
-+++ dhcp-4.2.1-P1/client/dhc6.c        2011-06-17 14:19:48.992099868 +0200
-@@ -95,6 +95,8 @@ void do_select6(void *input);
+diff -up dhcp-4.3.0a1/client/dhc6.c.sendDecline dhcp-4.3.0a1/client/dhc6.c
+--- dhcp-4.3.0a1/client/dhc6.c.sendDecline     2013-12-11 01:25:12.000000000 +0100
++++ dhcp-4.3.0a1/client/dhc6.c 2013-12-19 15:56:18.297660118 +0100
+@@ -96,6 +96,8 @@ void do_select6(void *input);
  void do_refresh6(void *input);
  static void do_release6(void *input);
  static void start_bound(struct client_state *client);
@@ -10,7 +10,7 @@ diff -up dhcp-4.2.1-P1/client/dhc6.c.sendDecline dhcp-4.2.1-P1/client/dhc6.c
  static void start_informed(struct client_state *client);
  void informed_handler(struct packet *packet, struct client_state *client);
  void bound_handler(struct packet *packet, struct client_state *client);
-@@ -2075,6 +2077,7 @@ start_release6(struct client_state *clie
+@@ -2017,6 +2019,7 @@ start_release6(struct client_state *clie
        cancel_timeout(do_select6, client);
        cancel_timeout(do_refresh6, client);
        cancel_timeout(do_release6, client);
@@ -18,7 +18,7 @@ diff -up dhcp-4.2.1-P1/client/dhc6.c.sendDecline dhcp-4.2.1-P1/client/dhc6.c
        client->state = S_STOPPED;
  
        /*
-@@ -2708,6 +2711,7 @@ dhc6_check_reply(struct client_state *cl
+@@ -2650,6 +2653,7 @@ dhc6_check_reply(struct client_state *cl
                break;
  
              case S_STOPPED:
@@ -26,7 +26,7 @@ diff -up dhcp-4.2.1-P1/client/dhc6.c.sendDecline dhcp-4.2.1-P1/client/dhc6.c
                action = dhc6_stop_action;
                break;
  
-@@ -2809,6 +2813,7 @@ dhc6_check_reply(struct client_state *cl
+@@ -2751,6 +2755,7 @@ dhc6_check_reply(struct client_state *cl
                break;
  
              case S_STOPPED:
@@ -34,7 +34,7 @@ diff -up dhcp-4.2.1-P1/client/dhc6.c.sendDecline dhcp-4.2.1-P1/client/dhc6.c
                /* Nothing critical to do at this stage. */
                break;
  
-@@ -3799,17 +3804,23 @@ reply_handler(struct packet *packet, str
+@@ -3741,17 +3746,23 @@ reply_handler(struct packet *packet, str
        cancel_timeout(do_select6, client);
        cancel_timeout(do_refresh6, client);
        cancel_timeout(do_release6, client);
@@ -66,9 +66,9 @@ diff -up dhcp-4.2.1-P1/client/dhc6.c.sendDecline dhcp-4.2.1-P1/client/dhc6.c
                return;
        }
  
-@@ -4336,7 +4347,11 @@ start_bound(struct client_state *client)
-                                                    oldia, oldaddr);
+@@ -4279,7 +4290,11 @@ start_bound(struct client_state *client)
                        dhc6_marshall_values("new_", client, lease, ia, addr);
+                       script_write_requested6(client);
  
 -                      script_go(client);
 +                      // when script returns 3, DAD failed
@@ -79,7 +79,7 @@ diff -up dhcp-4.2.1-P1/client/dhc6.c.sendDecline dhcp-4.2.1-P1/client/dhc6.c
                }
  
                /* XXX: maybe we should loop on the old values instead? */
-@@ -4382,6 +4397,149 @@ start_bound(struct client_state *client)
+@@ -4327,6 +4342,149 @@ start_bound(struct client_state *client)
        dhc6_check_times(client);
  }
  

diff --git a/src/patches/dhcp/dhcp-sharedlib.patch b/src/patches/dhcp/dhcp-sharedlib.patch
new file mode 100644 (file)
index 0000000..abb2acc
--- /dev/null
+++ b/src/patches/dhcp/dhcp-sharedlib.patch
@@ -0,0 +1,107 @@
+diff -up dhcp-4.3.1b1/common/tests/Makefile.am.uCWMBl dhcp-4.3.1b1/common/tests/Makefile.am
+--- dhcp-4.3.1b1/common/tests/Makefile.am.uCWMBl       2014-07-10 17:38:10.779828569 +0200
++++ dhcp-4.3.1b1/common/tests/Makefile.am      2014-07-10 17:38:21.355678580 +0200
+@@ -13,19 +13,19 @@ ATF_TESTS += alloc_unittest dns_unittest
+ alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
+ alloc_unittest_LDADD = $(ATF_LDFLAGS)
+ alloc_unittest_LDADD += ../libdhcp.a  \
+-      ../../omapip/libomapi.a \
++      ../../omapip/libomapi.la \
+       $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ 
+ dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
+ dns_unittest_LDADD = $(ATF_LDFLAGS)
+-dns_unittest_LDADD += ../libdhcp.a  \
++dns_unittest_LDADD += ../libdhcp.la  \
+       ../../omapip/libomapi.a \
+       $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ 
+ misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
+ misc_unittest_LDADD = $(ATF_LDFLAGS)
+ misc_unittest_LDADD += ../libdhcp.a  \
+-      ../../omapip/libomapi.a \
++      ../../omapip/libomapi.la \
+       $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ check: $(ATF_TESTS)
+       atf-run | atf-report
+diff -up dhcp-4.3.1b1/configure.ac.uCWMBl dhcp-4.3.1b1/configure.ac
+--- dhcp-4.3.1b1/configure.ac.uCWMBl   2014-07-10 17:38:10.766828753 +0200
++++ dhcp-4.3.1b1/configure.ac  2014-07-10 17:38:10.779828569 +0200
+@@ -39,7 +39,8 @@ fi
+ # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
+ AC_USE_SYSTEM_EXTENSIONS
+ 
+-AC_PROG_RANLIB
++# Use libtool to simplify building of shared libraries
++AC_PROG_LIBTOOL
+ AC_CONFIG_HEADERS([includes/config.h])
+ 
+ # we sometimes need to know byte order for building packets
+diff -up dhcp-4.3.1b1/dhcpctl/Makefile.am.uCWMBl dhcp-4.3.1b1/dhcpctl/Makefile.am
+--- dhcp-4.3.1b1/dhcpctl/Makefile.am.uCWMBl    2014-07-10 17:36:30.485250962 +0200
++++ dhcp-4.3.1b1/dhcpctl/Makefile.am   2014-07-10 17:38:10.780828554 +0200
+@@ -1,14 +1,14 @@
+ bin_PROGRAMS = omshell
+-lib_LIBRARIES = libdhcpctl.a
++lib_LTLIBRARIES = libdhcpctl.la
+ noinst_PROGRAMS = cltest
+ man_MANS = omshell.1 dhcpctl.3
+ EXTRA_DIST = $(man_MANS)
+ 
+ omshell_SOURCES = omshell.c
+-omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
++omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
+               $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+-libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
++libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c
+ 
+ cltest_SOURCES = cltest.c
+-cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
++cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
+              $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+diff -up dhcp-4.3.1b1/omapip/Makefile.am.uCWMBl dhcp-4.3.1b1/omapip/Makefile.am
+--- dhcp-4.3.1b1/omapip/Makefile.am.uCWMBl     2014-07-10 17:36:30.486250948 +0200
++++ dhcp-4.3.1b1/omapip/Makefile.am    2014-07-10 17:38:10.780828554 +0200
+@@ -1,7 +1,7 @@
+-lib_LIBRARIES = libomapi.a
++lib_LTLIBRARIES = libomapi.la
+ noinst_PROGRAMS = svtest
+ 
+-libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
++libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
+                    errwarn.c listener.c dispatch.c generic.c support.c \
+                    handle.c message.c convert.c hash.c auth.c inet_addr.c \
+                    array.c trace.c toisc.c iscprint.c isclib.c
+@@ -10,5 +10,5 @@ man_MANS = omapi.3
+ EXTRA_DIST = $(man_MANS)
+ 
+ svtest_SOURCES = test.c
+-svtest_LDADD = libomapi.a \
++svtest_LDADD = libomapi.la \
+              $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+diff -up dhcp-4.3.1b1/server/Makefile.am.uCWMBl dhcp-4.3.1b1/server/Makefile.am
+--- dhcp-4.3.1b1/server/Makefile.am.uCWMBl     2014-07-10 17:36:30.486250948 +0200
++++ dhcp-4.3.1b1/server/Makefile.am    2014-07-10 17:38:10.780828554 +0200
+@@ -13,7 +13,7 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
+               dhcpv6.c mdb6.c ldap.c ldap_casa.c
+ 
+ dhcpd_CFLAGS = $(LDAP_CFLAGS)
+-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dhcpctl/libdhcpctl.a \
++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la ../dhcpctl/libdhcpctl.la \
+             $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)
+diff -up dhcp-4.3.1b1/server/tests/Makefile.am.uCWMBl dhcp-4.3.1b1/server/tests/Makefile.am
+--- dhcp-4.3.1b1/server/tests/Makefile.am.uCWMBl       2014-07-10 17:36:30.486250948 +0200
++++ dhcp-4.3.1b1/server/tests/Makefile.am      2014-07-10 17:38:10.780828554 +0200
+@@ -17,8 +17,8 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpa
+           ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c        \
+           ../ldap.c ../ldap_casa.c ../dhcpd.c
+ 
+-DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a    \
+-          $(top_builddir)/dhcpctl/libdhcpctl.a \
++DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la \
++          $(top_builddir)/dhcpctl/libdhcpctl.la \
+           $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
+ 
+ ATF_TESTS =

diff --git a/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch b/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch
new file mode 100644 (file)
index 0000000..a7f22b5
--- /dev/null
+++ b/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch
@@ -0,0 +1,48 @@
+From 61fa3dd9e789997f66e848c7e3fb2f554ee374e2 Mon Sep 17 00:00:00 2001
+From: Jiri Popelka <jpopelka@redhat.com>
+Date: Thu, 18 Dec 2014 11:53:26 +0100
+Subject: [PATCH] Write DUID_LLT even in stateless mode.
+
+By default, DHCPv6 dhclient creates DUID-LL
+if it is running in stateless mode (-6 -S) and
+doesn't write it into leases file, most likely
+because the DUID-LL is always generated the same.
+
+It's however possible to specify DUID to be of type LLT instead of LL
+with '-D LLT'. Rfc 3315 says that:
+'Clients and servers using this type of DUID MUST
+store the DUID-LLT in stable storage.'
+That's not fulfiled in this case (-6 -S -D LLT),
+because it's generated each time again.
+
+It's not a big deal because the server doesn't store any
+info about 'stateless' clients, so it doesn't matter
+that the DUID-LLT is different each time.
+But there's a TAHI test which tests this, i.e. that
+DUID-LLT is still the same even in stateless mode.
+It's a test DHCP_CONF.7.1.9, part B.
+https://www.ipv6ready.org/docs/Phase2_DHCPv6_Conformance_Latest.pdf
+
+Signed-off-by: Jiri Popelka <jpopelka@redhat.com>
+---
+ client/dhclient.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/client/dhclient.c b/client/dhclient.c
+index 5ef59cd..026e3fe 100644
+--- a/client/dhclient.c
++++ b/client/dhclient.c
+@@ -788,7 +788,9 @@ void run_stateless(int exit_mode)
+               if (default_duid.buffer != NULL)
+                       data_string_forget(&default_duid, MDL);
+ 
+-              form_duid(&default_duid, MDL);
++              if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS &&
++                  duid_type == DUID_LLT)
++                      write_duid(&default_duid);
+       }
+ 
+       /* Start a configuration state machine. */
+-- 
+2.1.0
+

diff --git a/src/patches/dhcp-4.2.0-unicast-bootp.patch b/src/patches/dhcp/dhcp-unicast-bootp.patch
similarity index 72%
rename from src/patches/dhcp-4.2.0-unicast-bootp.patch
rename to src/patches/dhcp/dhcp-unicast-bootp.patch
index 78bc078dcff6dbaef8c7b9edd9f45dfd7fabcb4f..a0db9de6929b3c2275e4efa083cb75ea245770e0 100644 (file)
--- a/src/patches/dhcp-4.2.0-unicast-bootp.patch
+++ b/src/patches/dhcp/dhcp-unicast-bootp.patch
@@ -1,7 +1,7 @@
-diff -up dhcp-4.2.0/server/bootp.c.unicast dhcp-4.2.0/server/bootp.c
---- dhcp-4.2.0/server/bootp.c.unicast  2009-11-20 02:49:03.000000000 +0100
-+++ dhcp-4.2.0/server/bootp.c  2010-07-21 13:40:25.000000000 +0200
-@@ -58,6 +58,7 @@ void bootp (packet)
+diff -up dhcp-4.3.0a1/server/bootp.c.unicast dhcp-4.3.0a1/server/bootp.c
+--- dhcp-4.3.0a1/server/bootp.c.unicast        2013-12-11 01:25:12.000000000 +0100
++++ dhcp-4.3.0a1/server/bootp.c        2013-12-19 15:12:12.974671154 +0100
+@@ -59,6 +59,7 @@ void bootp (packet)
        char msgbuf [1024];
        int ignorep;
        int peer_has_leases = 0;
@@ -9,7 +9,7 @@ diff -up dhcp-4.2.0/server/bootp.c.unicast dhcp-4.2.0/server/bootp.c
  
        if (packet -> raw -> op != BOOTREQUEST)
                return;
-@@ -73,7 +74,7 @@ void bootp (packet)
+@@ -74,7 +75,7 @@ void bootp (packet)
                 ? inet_ntoa (packet -> raw -> giaddr)
                 : packet -> interface -> name);
  
@@ -18,24 +18,26 @@ diff -up dhcp-4.2.0/server/bootp.c.unicast dhcp-4.2.0/server/bootp.c
                log_info ("%s: network unknown", msgbuf);
                return;
        }
-@@ -390,6 +391,13 @@ void bootp (packet)
-                                             from, &to, &hto);
+@@ -396,6 +397,15 @@ void bootp (packet)
+ 
                        goto out;
                }
 +      } else if (norelay == 2) {
 +              to.sin_addr = raw.ciaddr;
 +              to.sin_port = remote_port;
 +              if (fallback_interface) {
-+                      result = send_packet (fallback_interface, (struct packet *)0, &raw, outgoing.packet_length, from, &to, &hto);
++                      result = send_packet (fallback_interface, NULL, &raw,
++                                            outgoing.packet_length, from,
++                                            &to, &hto);
 +                      goto out;
 +              }
  
        /* If it comes from a client that already knows its address
           and is not requesting a broadcast response, and we can
-diff -up dhcp-4.2.0/server/dhcp.c.unicast dhcp-4.2.0/server/dhcp.c
---- dhcp-4.2.0/server/dhcp.c.unicast   2010-06-01 19:29:59.000000000 +0200
-+++ dhcp-4.2.0/server/dhcp.c   2010-07-21 13:40:25.000000000 +0200
-@@ -4185,6 +4185,7 @@ int locate_network (packet)
+diff -up dhcp-4.3.0a1/server/dhcp.c.unicast dhcp-4.3.0a1/server/dhcp.c
+--- dhcp-4.3.0a1/server/dhcp.c.unicast 2013-12-13 21:50:38.000000000 +0100
++++ dhcp-4.3.0a1/server/dhcp.c 2013-12-19 15:12:12.975671140 +0100
+@@ -4627,6 +4627,7 @@ int locate_network (packet)
        struct data_string data;
        struct subnet *subnet = (struct subnet *)0;
        struct option_cache *oc;
@@ -43,7 +45,7 @@ diff -up dhcp-4.2.0/server/dhcp.c.unicast dhcp-4.2.0/server/dhcp.c
  
        /* See if there's a Relay Agent Link Selection Option, or a
         * Subnet Selection Option.  The Link-Select and Subnet-Select
-@@ -4200,12 +4201,24 @@ int locate_network (packet)
+@@ -4642,12 +4643,24 @@ int locate_network (packet)
           from the interface, if there is one.   If not, fail. */
        if (!oc && !packet -> raw -> giaddr.s_addr) {
                if (packet -> interface -> shared_network) {
@@ -73,7 +75,7 @@ diff -up dhcp-4.2.0/server/dhcp.c.unicast dhcp-4.2.0/server/dhcp.c
        }
  
        /* If there's an option indicating link connection, and it's valid,
-@@ -4228,7 +4241,10 @@ int locate_network (packet)
+@@ -4670,7 +4683,10 @@ int locate_network (packet)
                data_string_forget (&data, MDL);
        } else {
                ia.len = 4;
@@ -85,7 +87,7 @@ diff -up dhcp-4.2.0/server/dhcp.c.unicast dhcp-4.2.0/server/dhcp.c
        }
  
        /* If we know the subnet on which the IP address lives, use it. */
-@@ -4236,7 +4252,10 @@ int locate_network (packet)
+@@ -4678,7 +4694,10 @@ int locate_network (packet)
                shared_network_reference (&packet -> shared_network,
                                          subnet -> shared_network, MDL);
                subnet_dereference (&subnet, MDL);

diff --git a/src/patches/dhcp-4.2.2-xen-checksum.patch b/src/patches/dhcp/dhcp-xen-checksum.patch
similarity index 71%
rename from src/patches/dhcp-4.2.2-xen-checksum.patch
rename to src/patches/dhcp/dhcp-xen-checksum.patch
index 038d346d726e131f1ab2579fe015a72b49733a0d..eabc3c12711130c0f8476bf7d9127d086bc9e814 100644 (file)
--- a/src/patches/dhcp-4.2.2-xen-checksum.patch
+++ b/src/patches/dhcp/dhcp-xen-checksum.patch
@@ -1,19 +1,19 @@
-diff -up dhcp-4.2.2b1/common/bpf.c.xen dhcp-4.2.2b1/common/bpf.c
---- dhcp-4.2.2b1/common/bpf.c.xen      2009-11-20 02:48:59.000000000 +0100
-+++ dhcp-4.2.2b1/common/bpf.c  2011-07-01 14:00:16.936959001 +0200
-@@ -485,7 +485,7 @@ ssize_t receive_packet (interface, buf, 
-               offset = decode_udp_ip_header (interface,
-                                              interface -> rbuf,
-                                              interface -> rbuf_offset,
+diff -up dhcp-4.3.0rc1/common/bpf.c.xen dhcp-4.3.0rc1/common/bpf.c
+--- dhcp-4.3.0rc1/common/bpf.c.xen     2014-01-29 10:03:27.503941664 +0100
++++ dhcp-4.3.0rc1/common/bpf.c 2014-01-29 10:03:37.564812175 +0100
+@@ -481,7 +481,7 @@ ssize_t receive_packet (interface, buf,
+               /* Decode the IP and UDP headers... */
+               offset = decode_udp_ip_header(interface, interface->rbuf,
+                                              interface->rbuf_offset,
 -                                             from, hdr.bh_caplen, &paylen);
 +                                             from, hdr.bh_caplen, &paylen, 0);
  
                /* If the IP or UDP checksum was bad, skip the packet... */
                if (offset < 0) {
-diff -up dhcp-4.2.2b1/common/dlpi.c.xen dhcp-4.2.2b1/common/dlpi.c
---- dhcp-4.2.2b1/common/dlpi.c.xen     2011-05-11 16:20:59.000000000 +0200
-+++ dhcp-4.2.2b1/common/dlpi.c 2011-07-01 14:00:16.937958997 +0200
-@@ -693,7 +693,7 @@ ssize_t receive_packet (interface, buf, 
+diff -up dhcp-4.3.0rc1/common/dlpi.c.xen dhcp-4.3.0rc1/common/dlpi.c
+--- dhcp-4.3.0rc1/common/dlpi.c.xen    2014-01-25 05:18:03.000000000 +0100
++++ dhcp-4.3.0rc1/common/dlpi.c        2014-01-29 10:03:27.503941664 +0100
+@@ -691,7 +691,7 @@ ssize_t receive_packet (interface, buf,
        length -= offset;
  #endif
        offset = decode_udp_ip_header (interface, dbuf, bufix,
@@ -22,13 +22,13 @@ diff -up dhcp-4.2.2b1/common/dlpi.c.xen dhcp-4.2.2b1/common/dlpi.c
  
        /*
         * If the IP or UDP checksum was bad, skip the packet...
-diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
---- dhcp-4.2.2b1/common/lpf.c.xen      2011-05-10 16:38:58.000000000 +0200
-+++ dhcp-4.2.2b1/common/lpf.c  2011-07-01 14:11:24.725748028 +0200
-@@ -29,19 +29,33 @@
+diff -up dhcp-4.3.0rc1/common/lpf.c.xen dhcp-4.3.0rc1/common/lpf.c
+--- dhcp-4.3.0rc1/common/lpf.c.xen     2014-01-25 05:18:03.000000000 +0100
++++ dhcp-4.3.0rc1/common/lpf.c 2014-01-29 10:03:27.504941651 +0100
+@@ -29,14 +29,15 @@
+ 
  #include "dhcpd.h"
  #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE)
- #include <sys/ioctl.h>
 +#include <sys/socket.h>
  #include <sys/uio.h>
  #include <errno.h>
@@ -42,7 +42,9 @@ diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
  #include "includes/netinet/ip.h"
  #include "includes/netinet/udp.h"
  #include "includes/netinet/if_ether.h"
- #include <net/if.h>
+@@ -51,6 +52,19 @@
+ /* Reinitializes the specified interface after an address change.   This
+    is not required for packet-filter APIs. */
  
 +#ifndef PACKET_AUXDATA
 +#define PACKET_AUXDATA 8
@@ -57,10 +59,10 @@ diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
 +};
 +#endif
 +
- /* Reinitializes the specified interface after an address change.   This
-    is not required for packet-filter APIs. */
- 
-@@ -67,10 +81,14 @@ int if_register_lpf (info)
+ #ifdef USE_LPF_SEND
+ void if_reinitialize_send (info)
+       struct interface_info *info;
+@@ -73,10 +87,14 @@ int if_register_lpf (info)
        struct interface_info *info;
  {
        int sock;
@@ -77,7 +79,7 @@ diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
                           htons((short)ETH_P_ALL))) < 0) {
                if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
                    errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
-@@ -85,11 +103,17 @@ int if_register_lpf (info)
+@@ -91,11 +109,17 @@ int if_register_lpf (info)
                log_fatal ("Open a socket for LPF: %m");
        }
  
@@ -98,7 +100,7 @@ diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
                if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
                    errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
                    errno == EAFNOSUPPORT || errno == EINVAL) {
-@@ -171,9 +195,18 @@ static void lpf_gen_filter_setup (struct
+@@ -177,9 +201,18 @@ static void lpf_gen_filter_setup (struct
  void if_register_receive (info)
        struct interface_info *info;
  {
@@ -117,7 +119,7 @@ diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
  #if defined (HAVE_TR_SUPPORT)
        if (info -> hw_address.hbuf [0] == HTYPE_IEEE802)
                lpf_tr_filter_setup (info);
-@@ -295,7 +328,6 @@ ssize_t send_packet (interface, packet, 
+@@ -301,7 +334,6 @@ ssize_t send_packet (interface, packet,
        double hh [16];
        double ih [1536 / sizeof (double)];
        unsigned char *buf = (unsigned char *)ih;
@@ -125,7 +127,7 @@ diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
        int result;
        int fudge;
  
-@@ -316,17 +348,7 @@ ssize_t send_packet (interface, packet, 
+@@ -322,17 +354,7 @@ ssize_t send_packet (interface, packet,
                                (unsigned char *)raw, len);
        memcpy (buf + ibufp, raw, len);
  
@@ -144,7 +146,7 @@ diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
        if (result < 0)
                log_error ("send_packet: %m");
        return result;
-@@ -343,14 +365,35 @@ ssize_t receive_packet (interface, buf, 
+@@ -349,14 +371,35 @@ ssize_t receive_packet (interface, buf,
  {
        int length = 0;
        int offset = 0;
@@ -181,7 +183,7 @@ diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
        bufix = 0;
        /* Decode the physical header... */
        offset = decode_hw_header (interface, ibuf, bufix, hfrom);
-@@ -367,7 +410,7 @@ ssize_t receive_packet (interface, buf, 
+@@ -373,7 +416,7 @@ ssize_t receive_packet (interface, buf,
  
        /* Decode the IP and UDP headers... */
        offset = decode_udp_ip_header (interface, ibuf, bufix, from,
@@ -190,10 +192,10 @@ diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c
  
        /* If the IP or UDP checksum was bad, skip the packet... */
        if (offset < 0)
-diff -up dhcp-4.2.2b1/common/nit.c.xen dhcp-4.2.2b1/common/nit.c
---- dhcp-4.2.2b1/common/nit.c.xen      2009-11-20 02:49:01.000000000 +0100
-+++ dhcp-4.2.2b1/common/nit.c  2011-07-01 14:00:16.939958989 +0200
-@@ -369,7 +369,7 @@ ssize_t receive_packet (interface, buf, 
+diff -up dhcp-4.3.0rc1/common/nit.c.xen dhcp-4.3.0rc1/common/nit.c
+--- dhcp-4.3.0rc1/common/nit.c.xen     2014-01-26 19:40:44.000000000 +0100
++++ dhcp-4.3.0rc1/common/nit.c 2014-01-29 10:03:27.504941651 +0100
+@@ -363,7 +363,7 @@ ssize_t receive_packet (interface, buf,
  
        /* Decode the IP and UDP headers... */
        offset = decode_udp_ip_header (interface, ibuf, bufix,
@@ -202,10 +204,10 @@ diff -up dhcp-4.2.2b1/common/nit.c.xen dhcp-4.2.2b1/common/nit.c
  
        /* If the IP or UDP checksum was bad, skip the packet... */
        if (offset < 0)
-diff -up dhcp-4.2.2b1/common/packet.c.xen dhcp-4.2.2b1/common/packet.c
---- dhcp-4.2.2b1/common/packet.c.xen   2009-07-23 20:52:20.000000000 +0200
-+++ dhcp-4.2.2b1/common/packet.c       2011-07-01 14:00:16.939958989 +0200
-@@ -211,7 +211,7 @@ ssize_t
+diff -up dhcp-4.3.0rc1/common/packet.c.xen dhcp-4.3.0rc1/common/packet.c
+--- dhcp-4.3.0rc1/common/packet.c.xen  2013-12-11 01:01:02.000000000 +0100
++++ dhcp-4.3.0rc1/common/packet.c      2014-01-29 10:03:27.504941651 +0100
+@@ -226,7 +226,7 @@ ssize_t
  decode_udp_ip_header(struct interface_info *interface,
                     unsigned char *buf, unsigned bufix,
                     struct sockaddr_in *from, unsigned buflen,
@@ -214,7 +216,7 @@ diff -up dhcp-4.2.2b1/common/packet.c.xen dhcp-4.2.2b1/common/packet.c
  {
    unsigned char *data;
    struct ip ip;
-@@ -322,7 +322,7 @@ decode_udp_ip_header(struct interface_in
+@@ -337,7 +337,7 @@ decode_udp_ip_header(struct interface_in
                                           8, IPPROTO_UDP + ulen))));
  
    udp_packets_seen++;
@@ -223,10 +225,10 @@ diff -up dhcp-4.2.2b1/common/packet.c.xen dhcp-4.2.2b1/common/packet.c
          udp_packets_bad_checksum++;
          if (udp_packets_seen > 4 &&
              (udp_packets_seen / udp_packets_bad_checksum) < 2) {
-diff -up dhcp-4.2.2b1/common/upf.c.xen dhcp-4.2.2b1/common/upf.c
---- dhcp-4.2.2b1/common/upf.c.xen      2009-11-20 02:49:01.000000000 +0100
-+++ dhcp-4.2.2b1/common/upf.c  2011-07-01 14:00:16.940958986 +0200
-@@ -320,7 +320,7 @@ ssize_t receive_packet (interface, buf, 
+diff -up dhcp-4.3.0rc1/common/upf.c.xen dhcp-4.3.0rc1/common/upf.c
+--- dhcp-4.3.0rc1/common/upf.c.xen     2014-01-26 19:40:44.000000000 +0100
++++ dhcp-4.3.0rc1/common/upf.c 2014-01-29 10:03:27.505941638 +0100
+@@ -314,7 +314,7 @@ ssize_t receive_packet (interface, buf,
  
        /* Decode the IP and UDP headers... */
        offset = decode_udp_ip_header (interface, ibuf, bufix,
@@ -235,10 +237,10 @@ diff -up dhcp-4.2.2b1/common/upf.c.xen dhcp-4.2.2b1/common/upf.c
  
        /* If the IP or UDP checksum was bad, skip the packet... */
        if (offset < 0)
-diff -up dhcp-4.2.2b1/includes/dhcpd.h.xen dhcp-4.2.2b1/includes/dhcpd.h
---- dhcp-4.2.2b1/includes/dhcpd.h.xen  2011-07-01 14:00:16.000000000 +0200
-+++ dhcp-4.2.2b1/includes/dhcpd.h      2011-07-01 14:12:18.069642470 +0200
-@@ -2796,7 +2796,7 @@ ssize_t decode_hw_header (struct interfa
+diff -up dhcp-4.3.0rc1/includes/dhcpd.h.xen dhcp-4.3.0rc1/includes/dhcpd.h
+--- dhcp-4.3.0rc1/includes/dhcpd.h.xen 2014-01-29 10:03:27.489941844 +0100
++++ dhcp-4.3.0rc1/includes/dhcpd.h     2014-01-29 10:03:27.506941626 +0100
+@@ -2861,7 +2861,7 @@ ssize_t decode_hw_header (struct interfa
                          unsigned, struct hardware *);
  ssize_t decode_udp_ip_header (struct interface_info *, unsigned char *,
                              unsigned, struct sockaddr_in *,

diff --git a/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch b/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch
index adcb44fff7cf657f781fd8360403c819eab7406f..57c9ff13fcf76f45e5d45a3163289d721355ea89 100644 (file)
--- a/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch
+++ b/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch
@@ -1,7 +1,7 @@
 From f2658275b25ebfe691cdcb9fede85a3088cca168 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Thu, 25 Sep 2014 21:51:25 +0100
-Subject: [PATCH 01/55] Add newline at the end of example config file.
+Subject: [PATCH 01/98] Add newline at the end of example config file.
 
 ---
  dnsmasq.conf.example | 2 +-

diff --git a/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch b/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch
index b84440baf1592dab43184b55b5cc3d8fa0423c1c..86eb603ae796817552cef15f3cdeb353fa11e6b1 100644 (file)
--- a/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch
+++ b/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch
@@ -1,7 +1,7 @@
 From 00cd9d551998307225312fd21f761cfa8868bd2c Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Thu, 2 Oct 2014 21:44:21 +0100
-Subject: [PATCH 02/55] crash at startup when an empty suffix is supplied to
+Subject: [PATCH 02/98] crash at startup when an empty suffix is supplied to
  --conf-dir
 
 ---

diff --git a/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch b/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch
index fe73acd641f4b37469623e28fcc76ac3c739ddc7..b0badb1f00f9658b0aaef24b2451ef3a998c2a8a 100644 (file)
--- a/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch
+++ b/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch
@@ -1,7 +1,7 @@
 From 6ac3bc0452a74e16e3d620a0757b0f8caab182ec Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Fri, 3 Oct 2014 08:48:11 +0100
-Subject: [PATCH 03/55] Debian build fixes for kFreeBSD
+Subject: [PATCH 03/98] Debian build fixes for kFreeBSD
 
 ---
  src/tables.c | 6 +++++-

diff --git a/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch b/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch
index 5d7c3c4e88c23f92fb9a052095fb963fbf1b7c9c..b2725d4a27a74133d590135813beeae7126bf7cf 100644 (file)
--- a/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch
+++ b/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch
@@ -1,7 +1,7 @@
 From e9828b6f66b22ce8873f8d30a773137d1aef1b92 Mon Sep 17 00:00:00 2001
 From: Karl Vogel <karl.vogel@gmail.com>
 Date: Fri, 3 Oct 2014 21:45:15 +0100
-Subject: [PATCH 04/55] Set conntrack mark before connect() call.
+Subject: [PATCH 04/98] Set conntrack mark before connect() call.
 
 SO_MARK has to be done before issuing the connect() call on the
 TCP socket.

diff --git a/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch b/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch
index 80c55f684957672faa0a0385787276a3e19d24e7..84be7de37a06dacc0f016b325ef211ee5743f938 100644 (file)
--- a/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch
+++ b/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch
@@ -1,7 +1,7 @@
 From 17b475912f6a4e72797a543dad59d4d5dde6bb1b Mon Sep 17 00:00:00 2001
 From: Daniel Collins <daniel.collins@smoothwall.net>
 Date: Fri, 3 Oct 2014 21:58:43 +0100
-Subject: [PATCH 05/55] Fix typo in new Dbus code.
+Subject: [PATCH 05/98] Fix typo in new Dbus code.
 
 Simon's fault.
 ---

diff --git a/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch b/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch
index 5f9f572765001b6b3e62df4c7c373d69e0eb0344..0cb139f8164e96a2f51de99e8edc2c06090a1712 100644 (file)
--- a/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch
+++ b/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch
@@ -1,7 +1,7 @@
 From 3d9d2dd0018603a2ae4b9cd65ac6ff959f4fd8c7 Mon Sep 17 00:00:00 2001
 From: Tomas Hozza <thozza@redhat.com>
 Date: Mon, 6 Oct 2014 10:46:48 +0100
-Subject: [PATCH 06/55] Fit example conf file typo.
+Subject: [PATCH 06/98] Fit example conf file typo.
 
 ---
  dnsmasq.conf.example | 2 +-

diff --git a/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch b/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch
index 370d1065c03f5f60b9911d8c74af5cfba3848b1e..286ddcf682bbba43b5a30b2b8cc7ee0a733bd78b 100644 (file)
--- a/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch
+++ b/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch
@@ -1,7 +1,7 @@
 From b9ff5c8f435173cfa616e3c398bdc089ef690a07 Mon Sep 17 00:00:00 2001
 From: Vladislav Grishenko <themiron@mail.ru>
 Date: Mon, 6 Oct 2014 14:34:24 +0100
-Subject: [PATCH 07/55] Improve RFC-compliance when unable to supply addresses
+Subject: [PATCH 07/98] Improve RFC-compliance when unable to supply addresses
  in DHCPv6
 
 While testing https://github.com/sbyx/odhcp6c client I have noticed it

diff --git a/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch b/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch
index 3f8bad331bb49ed5bfc6652acb9db8898fa61f66..f667cf3cedbb24ee37be6069da42270524ede29b 100644 (file)
--- a/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch
+++ b/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch
@@ -1,7 +1,7 @@
 From 98906275a02ae260fe3f82133bd79054f8315f06 Mon Sep 17 00:00:00 2001
 From: Hans Dedecker <dedeckeh@gmail.com>
 Date: Tue, 9 Dec 2014 22:22:53 +0000
-Subject: [PATCH 08/55] Fix conntrack with --bind-interfaces
+Subject: [PATCH 08/98] Fix conntrack with --bind-interfaces
 
 Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is
 enabled so the assigned mark can be correctly retrieved and set in forward_query when

diff --git a/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch b/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch
index 81939202b9221f1096aeec0de66c2c21d23cbfe5..3d6654068a3c15ae3d298e2b576826787a98715e 100644 (file)
--- a/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch
+++ b/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch
@@ -1,7 +1,7 @@
 From 193de4abf59e49c6b70d54cfe9720fcb95ca2f71 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Wed, 10 Dec 2014 17:32:16 +0000
-Subject: [PATCH 09/55] Use inotify instead of polling on Linux.
+Subject: [PATCH 09/98] Use inotify instead of polling on Linux.
 
 This should solve problems people are seeing when a file changes
 twice within a second and thus is missed for polling.

diff --git a/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch b/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch
index 70fc5c3f854bd94283ca3182949d76a56b20cee4..2ddef28b6969d92a417fcabe9bc7fe7ae768d12d 100644 (file)
--- a/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch
+++ b/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch
@@ -1,7 +1,7 @@
 From 857973e6f7e0a3d03535a9df7f9373fd7a0b65cc Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Mon, 15 Dec 2014 15:58:13 +0000
-Subject: [PATCH 10/55] Teach the new inotify code about symlinks.
+Subject: [PATCH 10/98] Teach the new inotify code about symlinks.
 
 ---
  src/inotify.c | 43 +++++++++++++++++++++++++++----------------

diff --git a/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch b/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch
index 095253b184b61c14d8db21e6de9207d1479d5d07..c4dd777cbbf79c39f47fe8172e22609b98fb9ca6 100644 (file)
--- a/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch
+++ b/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch
@@ -1,7 +1,7 @@
 From 800c5cc1e7438818fd80f08c2d472df249a6942d Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Mon, 15 Dec 2014 17:50:15 +0000
-Subject: [PATCH 11/55] Remove floor on EDNS0 packet size with DNSSEC.
+Subject: [PATCH 11/98] Remove floor on EDNS0 packet size with DNSSEC.
 
 ---
  CHANGELOG     | 6 +++++-

diff --git a/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch b/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch
index b71e58b75bcc0ca3109bed0fe081f080024aaa3d..0044a39a2972b891ad1897aa32609780801ef58a 100644 (file)
--- a/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch
+++ b/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch
@@ -1,7 +1,7 @@
 From ad946d555dce44eb690c7699933b6ff40ab85bb6 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Mon, 15 Dec 2014 17:52:22 +0000
-Subject: [PATCH 12/55] CHANGELOG re. inotify.
+Subject: [PATCH 12/98] CHANGELOG re. inotify.
 
 ---
  CHANGELOG | 4 ++++

diff --git a/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch b/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch
index 2ff5acd14a8c88e598cba8dfc6b3942c8392b515..8f67d2a81e8f2e19ba7e8dfc99c583aa59111982 100644 (file)
--- a/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch
+++ b/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch
@@ -1,7 +1,7 @@
 From 3ad3f3bbd4ee716a7d2fb1e115cf89bd1b1a5de9 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Tue, 16 Dec 2014 18:25:17 +0000
-Subject: [PATCH 13/55] Fix breakage of --domain=<domain>,<subnet>,local
+Subject: [PATCH 13/98] Fix breakage of --domain=<domain>,<subnet>,local
 
 ---
  CHANGELOG    |  4 ++++

diff --git a/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch b/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch
index a0e647f8af48dee1c7eedf0c64a6b099567214f8..19f03225dcb6df1e243337821b64ec8b42109442 100644 (file)
--- a/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch
+++ b/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch
@@ -1,7 +1,7 @@
 From bd9520b7ade7098ee423acc38965376aa57feb07 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Tue, 16 Dec 2014 20:41:29 +0000
-Subject: [PATCH 14/55] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
+Subject: [PATCH 14/98] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
 
 ---
  src/network.c | 4 ----

diff --git a/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch b/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch
index 114a4f371cd14fd770bf5fb20ef2068f2473f265..2c9c2a64a863d2535555b74883c6ebbd46471f38 100644 (file)
--- a/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch
+++ b/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch
@@ -1,7 +1,7 @@
 From 476693678e778886b64d0b56e27eb7695cbcca99 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Wed, 17 Dec 2014 12:41:56 +0000
-Subject: [PATCH 15/55] Eliminate IPv6 privacy addresses from --interface-name
+Subject: [PATCH 15/98] Eliminate IPv6 privacy addresses from --interface-name
  answers.
 
 ---

diff --git a/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch b/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch
index d072c0379d3add481b6b506be3e4091d73806207..3b984f34f9e0f567834bcb1b32efe0df82e93109 100644 (file)
--- a/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch
+++ b/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch
@@ -1,7 +1,7 @@
 From 3267804598047bd1781cab91508d1bc516e5ddbb Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Wed, 17 Dec 2014 20:38:20 +0000
-Subject: [PATCH 16/55] Tweak field width in cache dump to avoid truncating
+Subject: [PATCH 16/98] Tweak field width in cache dump to avoid truncating
  IPv6 addresses.
 
 ---

diff --git a/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch b/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch
index 944afaf15d32cd1048c227cb2f86b3122c2201d0..0aa4fe912dbe5051a975fad2da1b99deb3ee8e0f 100644 (file)
--- a/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch
+++ b/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch
@@ -1,7 +1,7 @@
 From 094b5c3d904bae9aeb3206d9f3b8348926b84975 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sun, 21 Dec 2014 16:11:52 +0000
-Subject: [PATCH 17/55] Fix crash in DNSSEC code when attempting to verify
+Subject: [PATCH 17/98] Fix crash in DNSSEC code when attempting to verify
  large RRs.
 
 ---

diff --git a/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch b/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch
index de66adb9bc6a171b0cb6414dd4f5c68c7de28940..e80f0e3957bd7c6f3034d9df8db533ba58e5a833 100644 (file)
--- a/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch
+++ b/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch
@@ -1,7 +1,7 @@
 From cbc652423403e3cef00e00240f6beef713142246 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sun, 21 Dec 2014 21:21:53 +0000
-Subject: [PATCH 18/55] Make caching work for CNAMEs pointing to A/AAAA records
+Subject: [PATCH 18/98] Make caching work for CNAMEs pointing to A/AAAA records
  shadowed in /etc/hosts
 
 If the answer to an upstream query is a CNAME which points to an

diff --git a/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch b/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch
index 0ee2e657b792ed8d486c1be5d8fc4ede08d2b202..7bd143ede6656ff4803f5ee8c5d3df45e4a46300 100644 (file)
--- a/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch
+++ b/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch
@@ -1,7 +1,7 @@
 From fbc5205702c7f6f431d9f1043c553d7fb62ddfdb Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Tue, 23 Dec 2014 15:46:08 +0000
-Subject: [PATCH 19/55] Fix problems validating NSEC3 and wildcards.
+Subject: [PATCH 19/98] Fix problems validating NSEC3 and wildcards.
 
 ---
  src/dnssec.c | 253 ++++++++++++++++++++++++++++++-----------------------------

diff --git a/src/patches/dnsmasq/0020-Initialise-return-value.patch b/src/patches/dnsmasq/0020-Initialise-return-value.patch
index 2f70ee5873b703110e5455e392c7da23bc7922ca..27d121710b7ec6f1d01fa97f0cfe968c93e63768 100644 (file)
--- a/src/patches/dnsmasq/0020-Initialise-return-value.patch
+++ b/src/patches/dnsmasq/0020-Initialise-return-value.patch
@@ -1,7 +1,7 @@
 From 83d2ed09fc0216b567d7fb2197e4ff3eae150b0d Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Tue, 23 Dec 2014 18:42:38 +0000
-Subject: [PATCH 20/55] Initialise return value.
+Subject: [PATCH 20/98] Initialise return value.
 
 ---
  src/dnssec.c | 7 +++++--

diff --git a/src/patches/dnsmasq/0021-Add-ignore-address-option.patch b/src/patches/dnsmasq/0021-Add-ignore-address-option.patch
index 6c88f2d188c76d4dcc1b49495dd8cb9ee9772f3c..ab6e7a514c711b8bd25443244e9d3dfc6eb6d2f6 100644 (file)
--- a/src/patches/dnsmasq/0021-Add-ignore-address-option.patch
+++ b/src/patches/dnsmasq/0021-Add-ignore-address-option.patch
@@ -1,7 +1,7 @@
 From 32fc6dbe03569d70dd394420ceb73532cf303c33 Mon Sep 17 00:00:00 2001
 From: Glen Huang <curvedmark@gmail.com>
 Date: Sat, 27 Dec 2014 15:28:12 +0000
-Subject: [PATCH 21/55] Add --ignore-address option.
+Subject: [PATCH 21/98] Add --ignore-address option.
 
 ---
  CHANGELOG     |  8 ++++++++

diff --git a/src/patches/dnsmasq/0022-Bad-packet-protection.patch b/src/patches/dnsmasq/0022-Bad-packet-protection.patch
index 1b37202c46088edcb9ec1b69b1f58b820a809bfd..0c8250614385f97f7c5f610dfe269e095ae93876 100644 (file)
--- a/src/patches/dnsmasq/0022-Bad-packet-protection.patch
+++ b/src/patches/dnsmasq/0022-Bad-packet-protection.patch
@@ -1,7 +1,7 @@
 From 0b1008d367d44e77352134a4c5178f896f0db3e7 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sat, 27 Dec 2014 15:33:32 +0000
-Subject: [PATCH 22/55] Bad packet protection.
+Subject: [PATCH 22/98] Bad packet protection.
 
 ---
  src/dnssec.c | 2 +-

diff --git a/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch b/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch
index 3bc3f792676bf99fbc42d5c369bd91e735071ac3..5bf7d6300eb84abd581061418552e4dee1fef202 100644 (file)
--- a/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch
+++ b/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch
@@ -1,7 +1,7 @@
 From d310ab7ecbffce79d3d90debba621e0222f9bced Mon Sep 17 00:00:00 2001
 From: Matthias Andree <matthias.andree@gmx.de>
 Date: Sat, 27 Dec 2014 15:36:38 +0000
-Subject: [PATCH 23/55] Fix build failure in new inotify code on BSD.
+Subject: [PATCH 23/98] Fix build failure in new inotify code on BSD.
 
 ---
  src/inotify.c | 4 ++--

diff --git a/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch b/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch
index e3074fa3e15c1fbc07e50530071da71f9ab1d802..41662b7e3ce7506a5cc3fe17af0b20dc2c900e6e 100644 (file)
--- a/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch
+++ b/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch
@@ -1,7 +1,7 @@
 From 81c538efcebfce2ce4a1d3a420b6c885b8f08df9 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Sat, 3 Jan 2015 16:36:14 +0000
-Subject: [PATCH 24/55] Implement makefile dependencies on COPTS variable.
+Subject: [PATCH 24/98] Implement makefile dependencies on COPTS variable.
 
 ---
  .gitignore |  2 +-

diff --git a/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch b/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch
index b1c42aef412ab36d73633acd996cbcb3fd64f7e4..4de48837e344c4f0edb69d8fe0bf16314adcb0f2 100644 (file)
--- a/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch
+++ b/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch
@@ -1,7 +1,7 @@
 From d8dbd903d024f84a149dac2f8a674a68dfed47a3 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Mon, 5 Jan 2015 17:03:35 +0000
-Subject: [PATCH 25/55] Fix race condition issue in makefile.
+Subject: [PATCH 25/98] Fix race condition issue in makefile.
 
 ---
  Makefile | 4 +++-

diff --git a/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch b/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch
index 7f01ee73e9e1f79d8d6f1706ab12ccc6b06d1906..cb9c925ecca63b54489202eafb409319ebe35302 100644 (file)
--- a/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch
+++ b/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch
@@ -1,7 +1,7 @@
 From 97e618a0e3f29465acc689d87288596b006f197e Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Wed, 7 Jan 2015 21:55:43 +0000
-Subject: [PATCH 26/55] DNSSEC: do top-down search for limit of secure
+Subject: [PATCH 26/98] DNSSEC: do top-down search for limit of secure
  delegation.
 
 ---

diff --git a/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch b/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch
index e258d56da04fe23f101bae8d312d712855ffb21b..6b752538b0b8b00b13bcf01315260fc90429e295 100644 (file)
--- a/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch
+++ b/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch
@@ -1,7 +1,7 @@
 From 25cf5e373eb41c088d4ee5e625209c4cf6a5659e Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Fri, 9 Jan 2015 15:53:03 +0000
-Subject: [PATCH 27/55] Add --log-queries=extra option for more complete
+Subject: [PATCH 27/98] Add --log-queries=extra option for more complete
  logging.
 
 ---

diff --git a/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch b/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch
index e8a61b7c1535e902f94e4316a36dae7a42000c9c..6bb1c97fbb8d37c211f7e792bb8642eb8161016b 100644 (file)
--- a/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch
+++ b/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch
@@ -1,7 +1,7 @@
 From 28de38768e2c7d763b9aa5b7a4d251d5e56bab0b Mon Sep 17 00:00:00 2001
 From: RinSatsuki <aa65535@live.com>
 Date: Sat, 10 Jan 2015 15:22:21 +0000
-Subject: [PATCH 28/55] Add --min-cache-ttl option.
+Subject: [PATCH 28/98] Add --min-cache-ttl option.
 
 ---
  CHANGELOG     |  7 +++++++

diff --git a/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch b/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch
index d3c484727eba2fafd9e256181feaf66a6bf51431..0e63180c2d5a65031134ff2f0b4ad379b0016f7a 100644 (file)
--- a/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch
+++ b/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch
@@ -1,7 +1,7 @@
 From 9f79ee4ae34886c0319f06d8f162b81ef79d62fb Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Mon, 12 Jan 2015 20:18:18 +0000
-Subject: [PATCH 29/55] Log port of requestor when doing extra logging.
+Subject: [PATCH 29/98] Log port of requestor when doing extra logging.
 
 ---
  src/cache.c | 6 +++---

diff --git a/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch b/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch
index 5f489e2146a358237da6ee5089da41fff04902a5..6817da140b901f925610a4670fd74b5dd590f192 100644 (file)
--- a/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch
+++ b/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch
@@ -1,7 +1,7 @@
 From 5e321739db381a1d7b5964d76e9c81471d2564c9 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Mon, 12 Jan 2015 23:16:56 +0000
-Subject: [PATCH 30/55] Don't answer from cache RRsets from wildcards, as we
+Subject: [PATCH 30/98] Don't answer from cache RRsets from wildcards, as we
  don't have NSECs.
 
 ---

diff --git a/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch b/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch
index 1a2d3e4645cf4bfcc0caaf5e05a3c8e44d77bb41..2b86121b1fcd3fb3be1fd259ee3c7e484eb1e362 100644 (file)
--- a/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch
+++ b/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch
@@ -1,7 +1,7 @@
 From ae4624bf46b5e37ff1a9a2ba3c927e0dede95adb Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Mon, 12 Jan 2015 23:22:08 +0000
-Subject: [PATCH 31/55] Logs for DS records consistent.
+Subject: [PATCH 31/98] Logs for DS records consistent.
 
 ---
  src/rfc1035.c | 2 +-

diff --git a/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch b/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch
index 81b02cc4776e9fd418a8d7218910cb942f57e8f7..d3d1277fc49b6b80711534ddecb0e99d938ef9f5 100644 (file)
--- a/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch
+++ b/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch
@@ -1,7 +1,7 @@
 From 393415597c8b5b09558b789ab9ac238dbe3db65d Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sun, 18 Jan 2015 22:11:10 +0000
-Subject: [PATCH 32/55] Cope with multiple interfaces with the same LL address.
+Subject: [PATCH 32/98] Cope with multiple interfaces with the same LL address.
 
 ---
  CHANGELOG  | 4 ++++

diff --git a/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch b/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch
index e88a94b965f95ce0c8a371c02f5c4eb87f0493ba..07cc0804b24c0496b2e67656e9efe111da96fbee 100644 (file)
--- a/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch
+++ b/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch
@@ -1,7 +1,7 @@
 From 2ae195f5a71f7c5a75717845de1bd72fc7dd67f3 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sun, 18 Jan 2015 22:20:48 +0000
-Subject: [PATCH 33/55] Don't treat SERVFAIL as a recoverable error.....
+Subject: [PATCH 33/98] Don't treat SERVFAIL as a recoverable error.....
 
 ---
  src/forward.c | 2 +-

diff --git a/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch b/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch
index c6b6703b094a5019c3046d4e1e24732e6f8e119b..b93d9cce5c8116eaa5dc03afd3642463c5c93cba 100644 (file)
--- a/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch
+++ b/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch
@@ -1,7 +1,7 @@
 From 5f4dc5c6ca50655ab14f572c7e30815ed74cd51a Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Tue, 20 Jan 2015 20:51:02 +0000
-Subject: [PATCH 34/55] Add --dhcp-hostsdir config option.
+Subject: [PATCH 34/98] Add --dhcp-hostsdir config option.
 
 ---
  CHANGELOG     |   5 +++

diff --git a/src/patches/dnsmasq/0035-Update-German-translation.patch b/src/patches/dnsmasq/0035-Update-German-translation.patch
index af45a1c3e6d6dd8ef45b76093a0a51e2b9106cc1..820bce138eb4d89ad3f4263ddaa535df8063e285 100644 (file)
--- a/src/patches/dnsmasq/0035-Update-German-translation.patch
+++ b/src/patches/dnsmasq/0035-Update-German-translation.patch
@@ -1,7 +1,7 @@
 From fbf01f7046e75f9aa73fd4aab2a94e43386d9052 Mon Sep 17 00:00:00 2001
 From: Conrad Kostecki <ck@conrad-kostecki.de>
 Date: Tue, 20 Jan 2015 21:07:56 +0000
-Subject: [PATCH 35/55] Update German translation.
+Subject: [PATCH 35/98] Update German translation.
 
 ---
  po/de.po | 101 +++++++++++++++++++++++++++++----------------------------------

diff --git a/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch b/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch
index 25007de58b87e86722a2cd26c2e44e256903126f..88562363e15bb4013fe60af7a73f1c848084fa6b 100644 (file)
--- a/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch
+++ b/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch
@@ -1,7 +1,7 @@
 From 61b838dd574c51d96fef100285a0d225824534f9 Mon Sep 17 00:00:00 2001
 From: Win King Wan <pinwing+dnsmasq@gmail.com>
 Date: Wed, 21 Jan 2015 20:41:48 +0000
-Subject: [PATCH 36/55] Don't reply to DHCPv6 SOLICIT messages when not
+Subject: [PATCH 36/98] Don't reply to DHCPv6 SOLICIT messages when not
  configured for statefull DHCPv6.
 
 ---

diff --git a/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch b/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch
index 731868871677f7be942716c4c460aed028fb37cc..2a4df45c0531e70077473c33a8f0047451cd84bd 100644 (file)
--- a/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch
+++ b/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch
@@ -1,7 +1,7 @@
 From 0491805d2ff6e7727f0272c94fd97d9897d1e22c Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Mon, 26 Jan 2015 11:23:43 +0000
-Subject: [PATCH 37/55] Allow inotify to be disabled at compile time on Linux.
+Subject: [PATCH 37/98] Allow inotify to be disabled at compile time on Linux.
 
 ---
  CHANGELOG     |  4 +++-

diff --git a/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch b/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch
index 75140347bd55fdcc81c47b75f570b8fcbfb2105a..cd35f366ae699810f3348b4e846f76536b2a6d14 100644 (file)
--- a/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch
+++ b/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch
@@ -1,7 +1,7 @@
 From 70d1873dd9e70041ed4bb88c69d5b886b7cc634c Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sat, 31 Jan 2015 19:59:29 +0000
-Subject: [PATCH 38/55] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and
+Subject: [PATCH 38/98] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and
  hostsdir.
 
 ---

diff --git a/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch b/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch
index 11bde00b0623955049e347793a6a3c04dfcc2a74..7cf3fa7cc579190bc8b65fc3cd8bf5ec63501d25 100644 (file)
--- a/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch
+++ b/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch
@@ -1,7 +1,7 @@
 From aff3396280e944833f0e23d834aa6acd5fe2605a Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sat, 31 Jan 2015 20:13:40 +0000
-Subject: [PATCH 39/55] Update copyrights for dawn of 2015.
+Subject: [PATCH 39/98] Update copyrights for dawn of 2015.
 
 ---
  Makefile             | 2 +-

diff --git a/src/patches/dnsmasq/0040-inotify-documentation-updates.patch b/src/patches/dnsmasq/0040-inotify-documentation-updates.patch
index 981e553e98f3a1bba7c034aa859901968bf67df7..3ed1b15eabfc3d528785c358039b94693d16952f 100644 (file)
--- a/src/patches/dnsmasq/0040-inotify-documentation-updates.patch
+++ b/src/patches/dnsmasq/0040-inotify-documentation-updates.patch
@@ -1,7 +1,7 @@
 From 3d04f46334d0e345f589eda1372e638b946fe637 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sat, 31 Jan 2015 21:59:13 +0000
-Subject: [PATCH 40/55] inotify documentation updates.
+Subject: [PATCH 40/98] inotify documentation updates.
 
 ---
  man/dnsmasq.8 | 11 +++++++++--

diff --git a/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch b/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch
index 0c8aa9be304b4e16fdc11262db350cf48accfdfd..56dcc5f137c072f82aec25c6ba4eb2ddc6ee0d60 100644 (file)
--- a/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch
+++ b/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch
@@ -1,7 +1,7 @@
 From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sat, 31 Jan 2015 22:44:26 +0000
-Subject: [PATCH 41/55] Fix broken ECDSA DNSSEC signatures.
+Subject: [PATCH 41/98] Fix broken ECDSA DNSSEC signatures.
 
 ---
  CHANGELOG    | 2 ++

diff --git a/src/patches/dnsmasq/0042-BSD-make-support.patch b/src/patches/dnsmasq/0042-BSD-make-support.patch
index 76f76ef757c9a33f8ad2cfd0bb1188f32537c765..65842537c08f757de0a27b24a75786f0882219b3 100644 (file)
--- a/src/patches/dnsmasq/0042-BSD-make-support.patch
+++ b/src/patches/dnsmasq/0042-BSD-make-support.patch
@@ -1,7 +1,7 @@
 From 106266761828a0acb006346ae47bf031dee46a5d Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sun, 1 Feb 2015 00:15:16 +0000
-Subject: [PATCH 42/55] BSD make support
+Subject: [PATCH 42/98] BSD make support
 
 ---
  Makefile | 6 ++++--

diff --git a/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch b/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch
index a3df61b89c54caf0110764a85c615185f061166c..a8c26bf393af8a72a3a715713bd4508c9a7c0abc 100644 (file)
--- a/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch
+++ b/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch
@@ -1,7 +1,7 @@
 From 8d8a54ec79d9f96979fabbd97b1dd2ddebc7d78f Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sun, 1 Feb 2015 21:48:46 +0000
-Subject: [PATCH 43/55] Fix build failure on openBSD.
+Subject: [PATCH 43/98] Fix build failure on openBSD.
 
 ---
  src/tables.c | 2 +-

diff --git a/src/patches/dnsmasq/0044-Manpage-typo-fix.patch b/src/patches/dnsmasq/0044-Manpage-typo-fix.patch
index e0e384f54671d072d1ba031c6d24e2ec8fde20ce..f8bd5fc1834579ed9b97b1f8799ff57146b92bd6 100644 (file)
--- a/src/patches/dnsmasq/0044-Manpage-typo-fix.patch
+++ b/src/patches/dnsmasq/0044-Manpage-typo-fix.patch
@@ -1,7 +1,7 @@
 From d36b732c4cfa91ea09af64b5dc0f3a85a075e5bc Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= <thiebaud@weksteen.fr>
 Date: Mon, 2 Feb 2015 21:37:27 +0000
-Subject: [PATCH 44/55] Manpage typo fix.
+Subject: [PATCH 44/98] Manpage typo fix.
 
 ---
  man/dnsmasq.8 | 2 +-

diff --git a/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch b/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch
index fc1b98a7055df0e895384a4291ed1eb773157899..7f6d39f6cfe6088630bfb59f78ae2faee5991411 100644 (file)
--- a/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch
+++ b/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch
@@ -1,7 +1,7 @@
 From 2941d3ac898cf84b544e47c9735c5e4111711db1 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Mon, 2 Feb 2015 22:36:42 +0000
-Subject: [PATCH 45/55] Fixup dhcp-configs after reading extra hostfiles with
+Subject: [PATCH 45/98] Fixup dhcp-configs after reading extra hostfiles with
  inotify.
 
 ---

diff --git a/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch b/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch
index 803174af05e6dccc52e44ee1ff83dd11a45affee..b15ef9a65a0203f060ed29e822b42506ce7c7799 100644 (file)
--- a/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch
+++ b/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch
@@ -1,7 +1,7 @@
 From f9c863708c6b0aea31ff7a466647685dc739de50 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Tue, 3 Feb 2015 21:52:48 +0000
-Subject: [PATCH 46/55] Extra logging for inotify code.
+Subject: [PATCH 46/98] Extra logging for inotify code.
 
 ---
  src/cache.c   | 9 ++++-----

diff --git a/src/patches/dnsmasq/0047-man-page-typo.patch b/src/patches/dnsmasq/0047-man-page-typo.patch
index 6606a7ac41f8a79ef2b3919604d7e67b4b3b55f2..5557b51318ac260369be9b20d7535fb5b24e6e2b 100644 (file)
--- a/src/patches/dnsmasq/0047-man-page-typo.patch
+++ b/src/patches/dnsmasq/0047-man-page-typo.patch
@@ -1,7 +1,7 @@
 From efb8b5566aafc1f3ce18514a2df93af5a2e4998c Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sat, 7 Feb 2015 22:36:34 +0000
-Subject: [PATCH 47/55] man page typo.
+Subject: [PATCH 47/98] man page typo.
 
 ---
  man/dnsmasq.8 | 1 +

diff --git a/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch b/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch
index 5633d9d00b53e9da8ef91366e238f1d9e060091b..c70ca461294456d204018e443a4493cf20facc7b 100644 (file)
--- a/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch
+++ b/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch
@@ -1,7 +1,7 @@
 From f4f400776b3c1aa303d1a0fcd500f0ab5bc970f2 Mon Sep 17 00:00:00 2001
 From: Shantanu Gadgil <shantanugadgil@yahoo.com>
 Date: Wed, 11 Feb 2015 20:16:59 +0000
-Subject: [PATCH 48/55] Fix get-version script which returned wrong tag in some
+Subject: [PATCH 48/98] Fix get-version script which returned wrong tag in some
  situations.
 
 ---

diff --git a/src/patches/dnsmasq/0049-Typos.patch b/src/patches/dnsmasq/0049-Typos.patch
index 8f64b39d5ab26a3f03dcddaf3a5fcf8476d3e619..1c711806e5bc265c82b5e1b9b171688934978e17 100644 (file)
--- a/src/patches/dnsmasq/0049-Typos.patch
+++ b/src/patches/dnsmasq/0049-Typos.patch
@@ -1,7 +1,7 @@
 From 8ff70de618eb7de9147dbfbd4deca4a2dd62f0cb Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sat, 14 Feb 2015 20:02:37 +0000
-Subject: [PATCH 49/55] Typos.
+Subject: [PATCH 49/98] Typos.
 
 ---
  src/inotify.c | 3 ++-

diff --git a/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch b/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch
index af79802025299aafb2b55b44670fcdfb26c3971b..38736c7a741b700df365cda31d01494d63154f9a 100644 (file)
--- a/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch
+++ b/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch
@@ -1,7 +1,7 @@
 From caeea190f12efd20139f694aac4942d1ac00019f Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sat, 14 Feb 2015 20:08:56 +0000
-Subject: [PATCH 50/55] Make dynamic hosts files work when --no-hosts set.
+Subject: [PATCH 50/98] Make dynamic hosts files work when --no-hosts set.
 
 ---
  src/cache.c | 21 +++++++++++----------

diff --git a/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch b/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch
index 2c38cfc1a80d403efdb4f8442970e9c3c59dde69..fb15cc2b9e8bd13fff42030114d36a8d9798c718 100644 (file)
--- a/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch
+++ b/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch
@@ -1,7 +1,7 @@
 From 28b879ac47b872af6e8c5e86d76806c69338434d Mon Sep 17 00:00:00 2001
 From: Chen Wei <weichen302@icloud.com>
 Date: Tue, 17 Feb 2015 22:07:35 +0000
-Subject: [PATCH 51/55] Fix trivial memory leaks to quieten valgrind.
+Subject: [PATCH 51/98] Fix trivial memory leaks to quieten valgrind.
 
 ---
  src/dnsmasq.c |  2 ++

diff --git a/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch b/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch
index 46277fb4a644005eb8d4b55b7427c65f05594c99..dabc770a4dc50fce66e16e90648b354f2cf1e846 100644 (file)
--- a/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch
+++ b/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch
@@ -1,7 +1,7 @@
 From 0705a7e2d57654b27c7e14f35ca77241c1821f4d Mon Sep 17 00:00:00 2001
 From: Tomas Hozza <thozza@redhat.com>
 Date: Mon, 23 Feb 2015 21:26:26 +0000
-Subject: [PATCH 52/55] Fix uninitialized value used in get_client_mac()
+Subject: [PATCH 52/98] Fix uninitialized value used in get_client_mac()
 
 ---
  src/dhcp6.c | 4 +++-

diff --git a/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch b/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch
index 95270301fc37480fcf36b34516e104451e059b7f..82e38fcdef8b0bcb7c83edc5adf63d476508080d 100644 (file)
--- a/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch
+++ b/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch
@@ -1,15 +1,13 @@
 From 47b9ac59c715827252ae6e6732903c3dabb697fb Mon Sep 17 00:00:00 2001
 From: Joachim Zobel <jz-2014@heute-morgen.de>
 Date: Mon, 23 Feb 2015 21:38:11 +0000
-Subject: [PATCH 53/55] Log parsing utils in contrib/reverse-dns
+Subject: [PATCH 53/98] Log parsing utils in contrib/reverse-dns
 
 ---
  contrib/reverse-dns/README             | 18 ++++++++++++++++++
- contrib/reverse-dns/reverse_dns.sh     | 29 +++++++++++++++++++++++++++++
  contrib/reverse-dns/reverse_replace.sh | 28 ++++++++++++++++++++++++++++
- 3 files changed, 75 insertions(+)
+ 2 files changed, 46 insertions(+)
  create mode 100644 contrib/reverse-dns/README
- create mode 100644 contrib/reverse-dns/reverse_dns.sh
  create mode 100644 contrib/reverse-dns/reverse_replace.sh
 
 diff --git a/contrib/reverse-dns/README b/contrib/reverse-dns/README
@@ -36,41 +34,6 @@ index 000000000000..f87eb77c4c22
 +Joachim\r
 +\r
 +\r
-diff --git a/contrib/reverse-dns/reverse_dns.sh b/contrib/reverse-dns/reverse_dns.sh
-new file mode 100644
-index 000000000000..c0fff300a947
---- /dev/null
-+++ b/contrib/reverse-dns/reverse_dns.sh
-@@ -0,0 +1,29 @@
-+#!/bin/bash
-+# $Id: reverse_dns.sh 4 2015-02-17 20:14:59Z jo $
-+#
-+# Usage: reverse_dns.sh IP
-+# Uses the dnsmasq query log to lookup the name 
-+# that was last queried to return the given IP.
-+#
-+
-+IP=$1
-+qmIP=`echo $IP | sed 's#\.#\\.#g'`
-+LOG=/var/log/dnsmasq.log
-+
-+IP_regex='^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'
-+
-+if ! [[ $IP =~ $IP_regex ]]; then
-+  echo -n $IP
-+  exit
-+fi
-+
-+NAME=`tac $LOG | \
-+  grep " is $IP" | head -1 | \
-+  sed "s#.* \([^ ]*\) is $qmIP.*#\1#" `
-+
-+if [ -z "$NAME" ]; then
-+  echo -n $IP
-+else
-+  echo -n $NAME
-+fi
-+
 diff --git a/contrib/reverse-dns/reverse_replace.sh b/contrib/reverse-dns/reverse_replace.sh
 new file mode 100644
 index 000000000000..a11c164b7f19

diff --git a/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch b/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch
index 2ff79d526bde3d144009ad9ef998de3b095ad277..6d57b653af04c41dd8ce6fc96ce232c79d05e428 100644 (file)
--- a/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch
+++ b/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch
@@ -1,7 +1,7 @@
 From f6e62e2af96f5fa0d1e3d93167a93a8f09bf6e61 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sun, 1 Mar 2015 18:17:54 +0000
-Subject: [PATCH 54/55] Add --dnssec-timestamp option and facility.
+Subject: [PATCH 54/98] Add --dnssec-timestamp option and facility.
 
 ---
  CHANGELOG     |  6 +++++

diff --git a/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch b/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch
index 54bb5d597c3494522d8b5c3c41a68a6f07d68c0a..53e1388b973fca4508eee4cbf94a8e0c4e9d0df7 100644 (file)
--- a/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch
+++ b/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch
@@ -1,7 +1,7 @@
 From 9003b50b13da624ca45f3e0cf99abb623b8d026b Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Mon, 2 Mar 2015 22:47:23 +0000
-Subject: [PATCH 55/55] Fix last commit to not crash if uid changing not
+Subject: [PATCH 55/98] Fix last commit to not crash if uid changing not
  configured.
 
 ---

diff --git a/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch b/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch
index 9a052152c260a2786f8438c5ea03294f0b740d4b..32cd7431aaf2a3a509a7b16eb1a1517cb354d366 100644 (file)
--- a/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch
+++ b/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch
@@ -1,7 +1,7 @@
 From 4c960fa90a975d20f75a1ecabd217247f1922c8f Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Wed, 4 Mar 2015 20:32:26 +0000
-Subject: [PATCH 56/57] New version of contrib/reverse-dns
+Subject: [PATCH 56/98] New version of contrib/reverse-dns
 
 ---
  contrib/reverse-dns/README             |  22 +++---

diff --git a/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch b/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch
index df47cd0e3a5f829b0977652d525d90db52694fb3..d63c0474489005705ef781726798206060b6dcb2 100644 (file)
--- a/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch
+++ b/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch
@@ -1,7 +1,7 @@
 From 360f2513ab12a9bf1e262d388dd2ea8a566590a3 Mon Sep 17 00:00:00 2001
 From: Simon Kelley <simon@thekelleys.org.uk>
 Date: Sat, 7 Mar 2015 18:28:06 +0000
-Subject: [PATCH 57/57] Tweak DNSSEC timestamp code to create file later,
+Subject: [PATCH 57/98] Tweak DNSSEC timestamp code to create file later,
  removing need to chown it.
 
 ---

diff --git a/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch b/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch
new file mode 100644 (file)
index 0000000..f746fcf
--- /dev/null
+++ b/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch
@@ -0,0 +1,458 @@
+From ff841ebf5a5d6864ff48571f607c32ce80dbb75a Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 11 Mar 2015 21:36:30 +0000
+Subject: [PATCH 58/98] Fix boilerplate code for re-running system calls on
+ EINTR and EAGAIN etc.
+
+The nasty code with static variable in retry_send() which
+avoids looping forever needs to be called on success of the syscall,
+to reset the static variable.
+---
+ src/bpf.c     |  2 +-
+ src/dhcp.c    |  2 +-
+ src/dhcp6.c   |  6 +++---
+ src/dnsmasq.c | 35 +++++++++++++++++----------------
+ src/dnsmasq.h |  2 +-
+ src/forward.c | 41 ++++++++++++++++++--------------------
+ src/ipset.c   |  8 ++++----
+ src/loop.c    |  5 +++--
+ src/netlink.c |  8 ++++----
+ src/radv.c    |  5 +++--
+ src/util.c    | 63 ++++++++++++++++++++++++++++++++++-------------------------
+ 11 files changed, 93 insertions(+), 84 deletions(-)
+
+diff --git a/src/bpf.c b/src/bpf.c
+index 997d87421bed..a066641f969f 100644
+--- a/src/bpf.c
++++ b/src/bpf.c
+@@ -359,7 +359,7 @@ void send_via_bpf(struct dhcp_packet *mess, size_t len,
+   iov[3].iov_base = mess;
+   iov[3].iov_len = len;
+ 
+-  while (writev(daemon->dhcp_raw_fd, iov, 4) == -1 && retry_send());
++  while (retry_send(writev(daemon->dhcp_raw_fd, iov, 4)));
+ }
+ 
+ #endif /* defined(HAVE_BSD_NETWORK) && defined(HAVE_DHCP) */
+diff --git a/src/dhcp.c b/src/dhcp.c
+index f29be9b489a7..5c3089ab94ff 100644
+--- a/src/dhcp.c
++++ b/src/dhcp.c
+@@ -443,7 +443,7 @@ void dhcp_packet(time_t now, int pxe_fd)
+   setsockopt(fd, IPPROTO_IP, IP_BOUND_IF, &iface_index, sizeof(iface_index));
+ #endif
+   
+-  while(sendmsg(fd, &msg, 0) == -1 && retry_send());
++  while(retry_send(sendmsg(fd, &msg, 0)));
+ }
+  
+ /* check against secondary interface addresses */
+diff --git a/src/dhcp6.c b/src/dhcp6.c
+index c7144f5fee7c..ee2aa5d3bf3c 100644
+--- a/src/dhcp6.c
++++ b/src/dhcp6.c
+@@ -225,9 +225,9 @@ void dhcp6_packet(time_t now)
+   if (port != 0)
+     {
+       from.sin6_port = htons(port);
+-      while (sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, save_counter(0), 
+-                  0, (struct sockaddr *)&from, sizeof(from)) == -1 &&
+-         retry_send());
++      while (retry_send(sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, 
++                             save_counter(0), 0, (struct sockaddr *)&from, 
++                             sizeof(from))));
+     }
+ }
+ 
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index f3e5bcffec4f..b784951950d4 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -444,7 +444,7 @@ int main (int argc, char **argv)
+             char *msg;
+ 
+             /* close our copy of write-end */
+-            close(err_pipe[1]);
++            while (retry_send(close(err_pipe[1])));
+             
+             /* check for errors after the fork */
+             if (read_event(err_pipe[0], &ev, &msg))
+@@ -453,7 +453,7 @@ int main (int argc, char **argv)
+             _exit(EC_GOOD);
+           } 
+         
+-        close(err_pipe[0]);
++        while (retry_send(close(err_pipe[0])));
+ 
+         /* NO calls to die() from here on. */
+         
+@@ -505,10 +505,12 @@ int main (int argc, char **argv)
+           {
+             if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
+               err = 1;
+-            
+-            while (!err && close(fd) == -1)
+-              if (!retry_send())
+-                err = 1;
++            else 
++              {
++                while (retry_send(close(fd)));
++                if (errno != 0)
++                  err = 1;
++              }
+           }
+ 
+         if (err)
+@@ -813,7 +815,7 @@ int main (int argc, char **argv)
+ 
+   /* finished start-up - release original process */
+   if (err_pipe[1] != -1)
+-    close(err_pipe[1]);
++    while (retry_send(close(err_pipe[1])));
+   
+   if (daemon->port != 0)
+     check_servers();
+@@ -1319,7 +1321,7 @@ static void async_event(int pipe, time_t now)
+           do {
+             helper_write();
+           } while (!helper_buf_empty() || do_script_run(now));
+-          close(daemon->helperfd);
++          while (retry_send(close(daemon->helperfd)));
+         }
+ #endif
+       
+@@ -1544,7 +1546,7 @@ static void check_dns_listeners(fd_set *set, time_t now)
+         
+         if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
+           {
+-            close(confd);
++            while (retry_send(close(confd)));
+             continue;
+           }
+         
+@@ -1609,7 +1611,7 @@ static void check_dns_listeners(fd_set *set, time_t now)
+         if (!client_ok)
+           {
+             shutdown(confd, SHUT_RDWR);
+-            close(confd);
++            while (retry_send(close(confd)));
+           }
+ #ifndef NO_FORK
+         else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
+@@ -1624,7 +1626,7 @@ static void check_dns_listeners(fd_set *set, time_t now)
+                       break;
+                     }
+               }
+-            close(confd);
++            while (retry_send(close(confd)));
+ 
+             /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
+             daemon->log_id += TCP_MAX_QUERIES;
+@@ -1669,7 +1671,7 @@ static void check_dns_listeners(fd_set *set, time_t now)
+             buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
+              
+             shutdown(confd, SHUT_RDWR);
+-            close(confd);
++            while (retry_send(close(confd)));
+             
+             if (buff)
+               free(buff);
+@@ -1678,7 +1680,7 @@ static void check_dns_listeners(fd_set *set, time_t now)
+               if (s->tcpfd != -1)
+                 {
+                   shutdown(s->tcpfd, SHUT_RDWR);
+-                  close(s->tcpfd);
++                  while (retry_send(close(s->tcpfd)));
+                 }
+ #ifndef NO_FORK                  
+             if (!option_bool(OPT_DEBUG))
+@@ -1756,9 +1758,8 @@ int icmp_ping(struct in_addr addr)
+     j = (j & 0xffff) + (j >> 16);  
+   packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
+   
+-  while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0, 
+-              (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
+-       retry_send());
++  while (retry_send(sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0, 
++                         (struct sockaddr *)&saddr, sizeof(saddr))));
+   
+   for (now = start = dnsmasq_time(); 
+        difftime(now, start) < (float)PING_WAIT;)
+@@ -1820,7 +1821,7 @@ int icmp_ping(struct in_addr addr)
+     }
+   
+ #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
+-  close(fd);
++  while (retry_send(close(fd)));
+ #else
+   opt = 1;
+   setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index fc7259881358..de95d0e875e3 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -1177,7 +1177,7 @@ int is_same_net6(struct in6_addr *a, struct in6_addr *b, int prefixlen);
+ u64 addr6part(struct in6_addr *addr);
+ void setaddr6part(struct in6_addr *addr, u64 host);
+ #endif
+-int retry_send(void);
++int retry_send(ssize_t rc);
+ void prettyprint_time(char *buf, unsigned int t);
+ int prettyprint_addr(union mysockaddr *addr, char *buf);
+ int parse_hex(char *in, unsigned char *out, int maxlen, 
+diff --git a/src/forward.c b/src/forward.c
+index 438e9fa490b8..7c0fa8da3fdf 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -103,15 +103,11 @@ int send_from(int fd, int nowild, char *packet, size_t len,
+ #endif
+     }
+   
+-  while (sendmsg(fd, &msg, 0) == -1)
++  while (retry_send(sendmsg(fd, &msg, 0)));
++
++  /* If interface is still in DAD, EINVAL results - ignore that. */
++  if (errno != 0 && errno != EINVAL)
+     {
+-      if (retry_send())
+-      continue;
+-      
+-      /* If interface is still in DAD, EINVAL results - ignore that. */
+-      if (errno == EINVAL)
+-      break;
+-      
+       my_syslog(LOG_ERR, _("failed to send packet: %s"), strerror(errno));
+       return 0;
+     }
+@@ -297,9 +293,9 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
+               fd = forward->rfd4->fd;
+           }
+         
+-        while (sendto(fd, (char *)header, plen, 0,
+-                      &forward->sentto->addr.sa,
+-                      sa_len(&forward->sentto->addr)) == -1 && retry_send());
++        while (retry_send( sendto(fd, (char *)header, plen, 0,
++                                  &forward->sentto->addr.sa,
++                                  sa_len(&forward->sentto->addr))));
+         
+         return 1;
+       }
+@@ -469,14 +465,12 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
+ #endif
+               }
+             
+-            if (sendto(fd, (char *)header, plen, 0,
+-                       &start->addr.sa,
+-                       sa_len(&start->addr)) == -1)
+-              {
+-                if (retry_send())
+-                  continue;
+-              }
+-            else
++            if (retry_send(sendto(fd, (char *)header, plen, 0,
++                                  &start->addr.sa,
++                                  sa_len(&start->addr))))
++              continue;
++          
++            if (errno == 0)
+               {
+                 /* Keep info in case we want to re-send this packet */
+                 daemon->srv_save = start;
+@@ -932,7 +926,9 @@ void reply_query(int fd, int family, time_t now)
+                 
+                 if (fd != -1)
+                   {
+-                    while (sendto(fd, (char *)header, nn, 0, &server->addr.sa, sa_len(&server->addr)) == -1 && retry_send()); 
++                    while (retry_send(sendto(fd, (char *)header, nn, 0, 
++                                             &server->addr.sa, 
++                                             sa_len(&server->addr)))); 
+                     server->queries++;
+                   }
+                 
+@@ -2228,8 +2224,9 @@ void resend_query()
+       else
+       return;
+       
+-      while(sendto(fd, daemon->packet, daemon->packet_len, 0,
+-                 &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
++      while(retry_send(sendto(fd, daemon->packet, daemon->packet_len, 0,
++                            &daemon->srv_save->addr.sa, 
++                            sa_len(&daemon->srv_save->addr)))); 
+     }
+ }
+ 
+diff --git a/src/ipset.c b/src/ipset.c
+index 8c5b72722371..a315e86bc7f4 100644
+--- a/src/ipset.c
++++ b/src/ipset.c
+@@ -121,7 +121,6 @@ static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr,
+   struct my_nlattr *nested[2];
+   uint8_t proto;
+   int addrsz = INADDRSZ;
+-  ssize_t rc;
+ 
+ #ifdef HAVE_IPV6
+   if (af == AF_INET6)
+@@ -162,9 +161,10 @@ static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr,
+   nested[1]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[1];
+   nested[0]->nla_len = (void *)buffer + NL_ALIGN(nlh->nlmsg_len) - (void *)nested[0];
+       
+-  while ((rc = sendto(ipset_sock, buffer, nlh->nlmsg_len, 0,
+-                    (struct sockaddr *)&snl, sizeof(snl))) == -1 && retry_send());
+-  return rc;
++  while (retry_send(sendto(ipset_sock, buffer, nlh->nlmsg_len, 0,
++                         (struct sockaddr *)&snl, sizeof(snl))));
++                                                                  
++  return errno == 0 ? 0 : -1;
+ }
+ 
+ 
+diff --git a/src/loop.c b/src/loop.c
+index 565f7d8e58e0..c9ed075670de 100644
+--- a/src/loop.c
++++ b/src/loop.c
+@@ -45,8 +45,9 @@ void loop_send_probes()
+            fd = rfd->fd;
+          }
+ 
+-       while (sendto(fd, daemon->packet, len, 0, &serv->addr.sa, sa_len(&serv->addr)) == -1 && retry_send());
+-
++       while (retry_send(sendto(fd, daemon->packet, len, 0, 
++                                &serv->addr.sa, sa_len(&serv->addr))));
++       
+        free_rfd(rfd);
+        }
+ }
+diff --git a/src/netlink.c b/src/netlink.c
+index 10f94db25a14..753784dc20b4 100644
+--- a/src/netlink.c
++++ b/src/netlink.c
+@@ -169,10 +169,10 @@ int iface_enumerate(int family, void *parm, int (*callback)())
+   req.g.rtgen_family = family; 
+ 
+   /* Don't block in recvfrom if send fails */
+-  while((len = sendto(daemon->netlinkfd, (void *)&req, sizeof(req), 0, 
+-                    (struct sockaddr *)&addr, sizeof(addr))) == -1 && retry_send());
+-  
+-  if (len == -1)
++  while(retry_send(sendto(daemon->netlinkfd, (void *)&req, sizeof(req), 0, 
++                        (struct sockaddr *)&addr, sizeof(addr))));
++
++  if (errno != 0)
+     return 0;
+     
+   while (1)
+diff --git a/src/radv.c b/src/radv.c
+index 6da125b864ae..d0faddf8684a 100644
+--- a/src/radv.c
++++ b/src/radv.c
+@@ -479,8 +479,9 @@ static void send_ra(time_t now, int iface, char *iface_name, struct in6_addr *de
+       setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, &iface, sizeof(iface));
+     }
+   
+-  while (sendto(daemon->icmp6fd, daemon->outpacket.iov_base, save_counter(0), 0, 
+-              (struct sockaddr *)&addr, sizeof(addr)) == -1 && retry_send());
++  while (retry_send(sendto(daemon->icmp6fd, daemon->outpacket.iov_base, 
++                         save_counter(0), 0, (struct sockaddr *)&addr, 
++                         sizeof(addr))));
+   
+ }
+ 
+diff --git a/src/util.c b/src/util.c
+index 91d02410b13f..648bc4d4b428 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -569,17 +569,27 @@ void bump_maxfd(int fd, int *max)
+     *max = fd;
+ }
+ 
+-int retry_send(void)
++/* rc is return from sendto and friends.
++   Return 1 if we should retry.
++   Set errno to zero if we succeeded. */
++int retry_send(ssize_t rc)
+ {
++  static int retries = 0;
++  struct timespec waiter;
++  
++  if (rc != -1)
++    {
++      retries = 0;
++      errno = 0;
++      return 0;
++    }
++  
+   /* Linux kernels can return EAGAIN in perpetuity when calling
+      sendmsg() and the relevant interface has gone. Here we loop
+      retrying in EAGAIN for 1 second max, to avoid this hanging 
+      dnsmasq. */
+ 
+-  static int retries = 0;
+-  struct timespec waiter;
+-
+-   if (errno == EAGAIN || errno == EWOULDBLOCK)
++  if (errno == EAGAIN || errno == EWOULDBLOCK)
+      {
+        waiter.tv_sec = 0;
+        waiter.tv_nsec = 10000;
+@@ -587,13 +597,13 @@ int retry_send(void)
+        if (retries++ < 1000)
+        return 1;
+      }
+-
+-   retries = 0;
+-   
+-   if (errno == EINTR)
+-     return 1;
+-   
+-   return 0;
++  
++  retries = 0;
++  
++  if (errno == EINTR)
++    return 1;
++  
++  return 0;
+ }
+ 
+ int read_write(int fd, unsigned char *packet, int size, int rw)
+@@ -602,22 +612,21 @@ int read_write(int fd, unsigned char *packet, int size, int rw)
+   
+   for (done = 0; done < size; done += n)
+     {
+-    retry:
+-      if (rw)
+-        n = read(fd, &packet[done], (size_t)(size - done));
+-      else
+-        n = write(fd, &packet[done], (size_t)(size - done));
+-
+-      if (n == 0)
+-        return 0;
+-      else if (n == -1)
+-        {
+-          if (retry_send() || errno == ENOMEM || errno == ENOBUFS)
+-            goto retry;
+-          else
+-            return 0;
+-        }
++      do { 
++      if (rw)
++        n = read(fd, &packet[done], (size_t)(size - done));
++      else
++        n = write(fd, &packet[done], (size_t)(size - done));
++      
++      if (n == 0)
++        return 0;
++      
++      } while (retry_send(n) || errno == ENOMEM || errno == ENOBUFS);
++
++      if (errno != 0)
++      return 0;
+     }
++     
+   return 1;
+ }
+ 
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch b/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch
new file mode 100644 (file)
index 0000000..d986e8e
--- /dev/null
+++ b/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch
@@ -0,0 +1,75 @@
+From 979fe86bc8693f660eddea232ae39cbbb50b294c Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 19 Mar 2015 22:50:22 +0000
+Subject: [PATCH 59/98] Make --address=/example.com/ equivalent to
+ --server=/example.com/
+
+---
+ man/dnsmasq.8 | 7 +++++--
+ src/network.c | 4 ++--
+ src/option.c  | 2 --
+ 3 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 2db780d90987..1f1dd7b69c53 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -460,7 +460,7 @@ but provides some syntactic sugar to make specifying address-to-name queries eas
+ is exactly equivalent to 
+ .B --server=/3.2.1.in-addr.arpa/192.168.0.1
+ .TP
+-.B \-A, --address=/<domain>/[domain/]<ipaddr>
++.B \-A, --address=/<domain>/[domain/][<ipaddr>]
+ Specify an IP address to return for any host in the given domains.
+ Queries in the domains are never forwarded and always replied to
+ with the specified IP address which may be IPv4 or IPv6. To give
+@@ -472,7 +472,10 @@ domain specification works in the same was as for --server, with the
+ additional facility that /#/ matches any domain. Thus
+ --address=/#/1.2.3.4 will always return 1.2.3.4 for any query not
+ answered from /etc/hosts or DHCP and not sent to an upstream
+-nameserver by a more specific --server directive.
++nameserver by a more specific --server directive. As for --server,
++one or more domains with no address returns a no-such-domain answer, so
++--address=/example.com/ is equivalent to --server=/example.com/ and returns 
++NXDOMAIN for example.com and all its subdomains.
+ .TP
+ .B --ipset=/<domain>/[domain/]<ipset>[,<ipset>]
+ Places the resolved IP addresses of queries for the specified domains
+diff --git a/src/network.c b/src/network.c
+index 7045253d467b..992f023c31de 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -1459,7 +1459,7 @@ void check_servers(void)
+           }
+       }
+       
+-      if (!(serv->flags & SERV_NO_REBIND))
++      if (!(serv->flags & SERV_NO_REBIND) && !(serv->flags & SERV_LITERAL_ADDRESS))
+       {
+         if (serv->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_USE_RESOLV))
+           {
+@@ -1475,7 +1475,7 @@ void check_servers(void)
+               my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2);
+             else if (serv->flags & SERV_USE_RESOLV)
+               my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2);
+-            else if (!(serv->flags & SERV_LITERAL_ADDRESS))
++            else 
+               my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2);
+           }
+ #ifdef HAVE_LOOP
+diff --git a/src/option.c b/src/option.c
+index eace40bb566c..3009eb545fde 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -2284,8 +2284,6 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+         {
+           if (!(newlist->flags & SERV_NO_REBIND))
+             newlist->flags |= SERV_NO_ADDR; /* no server */
+-          if (newlist->flags & SERV_LITERAL_ADDRESS)
+-            ret_err(gen_err);
+         }
+ 
+       else if (strcmp(arg, "#") == 0)
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch b/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch
new file mode 100644 (file)
index 0000000..6810930
--- /dev/null
+++ b/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch
@@ -0,0 +1,80 @@
+From 65c721200023ef0023114459a8d12f8b0a24cfd8 Mon Sep 17 00:00:00 2001
+From: Lung-Pin Chang <changlp@cs.nctu.edu.tw>
+Date: Thu, 19 Mar 2015 23:22:21 +0000
+Subject: [PATCH 60/98] dhcp: set outbound interface via cmsg in unicast reply
+
+  If multiple routes to the same network exist, Linux blindly picks
+  the first interface (route) based on destination address, which might not be
+  the one we're actually offering leases. Rather than relying on this,
+  always set the interface for outgoing unicast DHCP packets.
+---
+ src/dhcp.c | 45 +++++++++++++++++++++++++--------------------
+ 1 file changed, 25 insertions(+), 20 deletions(-)
+
+diff --git a/src/dhcp.c b/src/dhcp.c
+index 5c3089ab94ff..f1f43f8d8f90 100644
+--- a/src/dhcp.c
++++ b/src/dhcp.c
+@@ -376,10 +376,9 @@ void dhcp_packet(time_t now, int pxe_fd)
+       }
+     } 
+ #if defined(HAVE_LINUX_NETWORK)
+-  else if ((ntohs(mess->flags) & 0x8000) || mess->hlen == 0 ||
+-         mess->hlen > sizeof(ifr.ifr_addr.sa_data) || mess->htype == 0)
++  else
+     {
+-      /* broadcast to 255.255.255.255 (or mac address invalid) */
++      /* fill cmsg for outbound interface (both broadcast & unicast) */
+       struct in_pktinfo *pkt;
+       msg.msg_control = control_u.control;
+       msg.msg_controllen = sizeof(control_u);
+@@ -389,23 +388,29 @@ void dhcp_packet(time_t now, int pxe_fd)
+       pkt->ipi_spec_dst.s_addr = 0;
+       msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+       cmptr->cmsg_level = IPPROTO_IP;
+-      cmptr->cmsg_type = IP_PKTINFO;  
+-      dest.sin_addr.s_addr = INADDR_BROADCAST;
+-      dest.sin_port = htons(daemon->dhcp_client_port);
+-    }
+-  else
+-    {
+-      /* unicast to unconfigured client. Inject mac address direct into ARP cache. 
+-       struct sockaddr limits size to 14 bytes. */
+-      dest.sin_addr = mess->yiaddr;
+-      dest.sin_port = htons(daemon->dhcp_client_port);
+-      memcpy(&arp_req.arp_pa, &dest, sizeof(struct sockaddr_in));
+-      arp_req.arp_ha.sa_family = mess->htype;
+-      memcpy(arp_req.arp_ha.sa_data, mess->chaddr, mess->hlen);
+-      /* interface name already copied in */
+-      arp_req.arp_flags = ATF_COM;
+-      if (ioctl(daemon->dhcpfd, SIOCSARP, &arp_req) == -1)
+-      my_syslog(MS_DHCP | LOG_ERR, _("ARP-cache injection failed: %s"), strerror(errno));
++      cmptr->cmsg_type = IP_PKTINFO;
++
++      if ((ntohs(mess->flags) & 0x8000) || mess->hlen == 0 ||
++         mess->hlen > sizeof(ifr.ifr_addr.sa_data) || mess->htype == 0)
++        {
++          /* broadcast to 255.255.255.255 (or mac address invalid) */
++          dest.sin_addr.s_addr = INADDR_BROADCAST;
++          dest.sin_port = htons(daemon->dhcp_client_port);
++        }
++      else
++        {
++          /* unicast to unconfigured client. Inject mac address direct into ARP cache.
++          struct sockaddr limits size to 14 bytes. */
++          dest.sin_addr = mess->yiaddr;
++          dest.sin_port = htons(daemon->dhcp_client_port);
++          memcpy(&arp_req.arp_pa, &dest, sizeof(struct sockaddr_in));
++          arp_req.arp_ha.sa_family = mess->htype;
++          memcpy(arp_req.arp_ha.sa_data, mess->chaddr, mess->hlen);
++          /* interface name already copied in */
++          arp_req.arp_flags = ATF_COM;
++          if (ioctl(daemon->dhcpfd, SIOCSARP, &arp_req) == -1)
++            my_syslog(MS_DHCP | LOG_ERR, _("ARP-cache injection failed: %s"), strerror(errno));
++        }
+     }
+ #elif defined(HAVE_SOLARIS_NETWORK)
+   else if ((ntohs(mess->flags) & 0x8000) || mess->hlen != ETHER_ADDR_LEN || mess->htype != ARPHRD_ETHER)
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch b/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch
new file mode 100644 (file)
index 0000000..af79f15
--- /dev/null
+++ b/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch
@@ -0,0 +1,27 @@
+From 8805283088d670baecb92569252c01cf754cda51 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 26 Mar 2015 21:15:43 +0000
+Subject: [PATCH 61/98] Don't fail DNSSEC when a signed CNAME dangles into an
+ unsigned zone.
+
+---
+ src/dnssec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index ad0d6f072ba2..db5c768bd751 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -2032,7 +2032,8 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+   /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
+   /* First marshall the NSEC records, if we've not done it previously */
+   if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
+-    return STAT_BOGUS; /* No NSECs */
++    return STAT_NO_SIG; /* No NSECs, this is probably a dangling CNAME pointing into
++                         an unsigned zone. Return STAT_NO_SIG to cause this to be proved. */
+    
+   /* Get name of missing answer */
+   if (!extract_name(header, plen, &qname, name, 1, 0))
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch b/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch
new file mode 100644 (file)
index 0000000..0b64aa7
--- /dev/null
+++ b/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch
@@ -0,0 +1,48 @@
+From 150162bc37170a6edae9d488435e836b1e4e3a4e Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 27 Mar 2015 09:58:26 +0000
+Subject: [PATCH 62/98] Return SERVFAIL when validation abandoned.
+
+---
+ src/forward.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index 7c0fa8da3fdf..985814c3aec5 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -663,6 +663,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
+       header->ancount = htons(0);
+       header->nscount = htons(0);
+       header->arcount = htons(0);
++      header->hb3 &= ~HB3_TC;
+     }
+   
+   /* the bogus-nxdomain stuff, doctor and NXDOMAIN->NODATA munging can all elide
+@@ -991,7 +992,10 @@ void reply_query(int fd, int family, time_t now)
+             char *result;
+             
+             if (forward->work_counter == 0)
+-              result = "ABANDONED";
++              {
++                result = "ABANDONED";
++                status = STAT_BOGUS;
++              }
+             else
+               result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
+             
+@@ -1938,7 +1942,10 @@ unsigned char *tcp_request(int confd, time_t now,
+                         char *result;
+ 
+                         if (keycount == 0)
+-                          result = "ABANDONED";
++                          {
++                            result = "ABANDONED";
++                            status = STAT_BOGUS;
++                          }
+                         else
+                           result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
+                         
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch b/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch
new file mode 100644 (file)
index 0000000..9ecd43b
--- /dev/null
+++ b/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch
@@ -0,0 +1,37 @@
+From 0b8a5a30a77331974ba24a04e43e720585dfbc61 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 27 Mar 2015 11:44:55 +0000
+Subject: [PATCH 63/98] Protect against broken DNSSEC upstreams.
+
+---
+ src/dnssec.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index db5c768bd751..14bae7e9bf75 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -1177,7 +1177,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+    STAT_NO_DS       It's proved there's no DS here.
+    STAT_NO_NS       It's proved there's no DS _or_ NS here.
+    STAT_BOGUS       no DS in reply or not signed, fails validation, bad packet.
+-   STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
++   STAT_NEED_KEY    DNSKEY records to validate a DS not found, name in keyname
+ */
+ 
+ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
+@@ -1208,7 +1208,10 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
+   if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
+     val = STAT_BOGUS;
+   
+-  if (val == STAT_BOGUS)
++  /* If the key needed to validate the DS is on the same domain as the DS, we'll
++     loop getting nowhere. Stop that now. This can happen of the DS answer comes
++     from the DS's zone, and not the parent zone. */
++  if (val == STAT_BOGUS ||  (val == STAT_NEED_KEY && hostname_isequal(name, keyname)))
+     {
+       log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
+       return STAT_BOGUS;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch b/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch
new file mode 100644 (file)
index 0000000..bfd703d
--- /dev/null
+++ b/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch
@@ -0,0 +1,197 @@
+From 1e153945def3c50d1e59ceea6a768db0ac770f98 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 28 Mar 2015 21:34:07 +0000
+Subject: [PATCH 64/98] DNSSEC fix for non-ascii characters in labels.
+
+---
+ src/dnssec.c  | 34 +++++++++++++++++-----------------
+ src/rfc1035.c |  5 +++--
+ 2 files changed, 20 insertions(+), 19 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 14bae7e9bf75..8bd5294ce773 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -552,7 +552,7 @@ static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end,
+  
+   (*desc)++;
+   
+-  if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
++  if (d == 0 && extract_name(header, plen, p, buff, 2, 0))
+     /* domain-name, canonicalise */
+     return to_wire(buff);
+   else
+@@ -811,7 +811,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+       GETLONG(sig_inception, p);
+       GETSHORT(key_tag, p);
+       
+-      if (!extract_name(header, plen, &p, keyname, 1, 0))
++      if (!extract_name(header, plen, &p, keyname, 2, 0))
+       return STAT_BOGUS;
+ 
+       /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
+@@ -866,7 +866,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+         u16 len, *dp;
+         
+         p = rrset[i];
+-        if (!extract_name(header, plen, &p, name, 1, 10)) 
++        if (!extract_name(header, plen, &p, name, 2, 10)) 
+           return STAT_BOGUS;
+ 
+         name_start = name;
+@@ -923,7 +923,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+       
+       /* namebuff used for workspace above, restore to leave unchanged on exit */
+       p = (unsigned char*)(rrset[0]);
+-      extract_name(header, plen, &p, name, 1, 0);
++      extract_name(header, plen, &p, name, 2, 0);
+ 
+       if (key)
+       {
+@@ -963,7 +963,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+   struct all_addr a;
+ 
+   if (ntohs(header->qdcount) != 1 ||
+-      !extract_name(header, plen, &p, name, 1, 4))
++      !extract_name(header, plen, &p, name, 2, 4))
+     return STAT_BOGUS;
+ 
+   GETSHORT(qtype, p);
+@@ -1202,7 +1202,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
+     val = STAT_BOGUS;
+   
+   p = (unsigned char *)(header+1);
+-  extract_name(header, plen, &p, name, 1, 4);
++  extract_name(header, plen, &p, name, 2, 4);
+   p += 4; /* qtype, qclass */
+   
+   if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
+@@ -1419,12 +1419,12 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
+   for (i = 0; i < nsec_count; i++)
+     {
+       p = nsecs[i];
+-      if (!extract_name(header, plen, &p, workspace1, 1, 10))
++      if (!extract_name(header, plen, &p, workspace1, 2, 10))
+       return STAT_BOGUS;
+       p += 8; /* class, type, TTL */
+       GETSHORT(rdlen, p);
+       psave = p;
+-      if (!extract_name(header, plen, &p, workspace2, 1, 10))
++      if (!extract_name(header, plen, &p, workspace2, 2, 10))
+       return STAT_BOGUS;
+       
+       rc = hostname_cmp(workspace1, name);
+@@ -1553,7 +1553,7 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige
+   for (i = 0; i < nsec_count; i++)
+     if ((p = nsecs[i]))
+       {
+-              if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
++              if (!extract_name(header, plen, &p, workspace1, 2, 0) ||
+           !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
+         return 0;
+       
+@@ -1730,7 +1730,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+       for (i = 0; i < nsec_count; i++)
+       if ((p = nsecs[i]))
+         {
+-          if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
++          if (!extract_name(header, plen, &p, workspace1, 2, 0) ||
+               !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
+             return STAT_BOGUS;
+         
+@@ -1796,7 +1796,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ 
+   qname = p1 = (unsigned char *)(header+1);
+   
+-  if (!extract_name(header, plen, &p1, name, 1, 4))
++  if (!extract_name(header, plen, &p1, name, 2, 4))
+     return STAT_BOGUS;
+ 
+   GETSHORT(qtype, p1);
+@@ -1836,7 +1836,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+             qname = p1;
+             
+             /* looped CNAMES */
+-            if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
++            if (!cname_count-- || !extract_name(header, plen, &p1, name, 2, 0))
+               return STAT_BOGUS;
+              
+             p1 = ans_start;
+@@ -1857,7 +1857,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+   
+   for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
+     {
+-      if (!extract_name(header, plen, &p1, name, 1, 10))
++      if (!extract_name(header, plen, &p1, name, 2, 10))
+       return STAT_BOGUS; /* bad packet */
+       
+       GETSHORT(type1, p1);
+@@ -2039,7 +2039,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+                          an unsigned zone. Return STAT_NO_SIG to cause this to be proved. */
+    
+   /* Get name of missing answer */
+-  if (!extract_name(header, plen, &qname, name, 1, 0))
++  if (!extract_name(header, plen, &qname, name, 2, 0))
+     return STAT_BOGUS;
+   
+   if (nsec_type == T_NSEC)
+@@ -2061,7 +2061,7 @@ int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char
+   int cname_count = CNAME_CHAIN;
+ 
+   /* Get question */
+-  if (!extract_name(header, plen, &p, name, 1, 4))
++  if (!extract_name(header, plen, &p, name, 2, 4))
+     return STAT_BOGUS;
+   
+   p +=2; /* type */
+@@ -2102,7 +2102,7 @@ int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char
+ 
+         /* Loop down CNAME chain/ */
+         if (!cname_count-- || 
+-            !extract_name(header, plen, &p, name, 1, 0) ||
++            !extract_name(header, plen, &p, name, 2, 0) ||
+             !(p = skip_questions(header, plen)))
+           return STAT_BOGUS;
+         
+@@ -2419,7 +2419,7 @@ unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name
+   
+   for (q = ntohs(header->qdcount); q != 0; q--) 
+     {
+-      if (!extract_name(header, plen, &p, name, 1, 4))
++      if (!extract_name(header, plen, &p, name, 2, 4))
+       break; /* bad packet */
+       
+       len = to_wire(name);
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 5ef5ddb7485e..10832a3d5d2e 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -16,6 +16,7 @@
+ 
+ #include "dnsmasq.h"
+ 
++/* isExtract == 2 -> DNSSEC mode, no bitstrings, no ascii checks. */
+ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, 
+                char *name, int isExtract, int extrabytes)
+ {
+@@ -86,7 +87,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+         if ((l & 0x3f) != 1)
+           return 0; /* we only understand bitstrings */
+ 
+-        if (!isExtract)
++        if (isExtract != 1)
+           return 0; /* Cannot compare bitsrings */
+         
+         count = *p++;
+@@ -128,7 +129,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+           if (isExtract)
+             {
+               unsigned char c = *p;
+-              if (isascii(c) && !iscntrl(c) && c != '.')
++              if ((isExtract == 2 || (isascii(c) && !iscntrl(c))) && c != '.')
+                 *cp++ = *p;
+               else
+                 return 0;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch b/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch
new file mode 100644 (file)
index 0000000..f67b65a
--- /dev/null
+++ b/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch
@@ -0,0 +1,246 @@
+From 394ff492da6af5da7e7d356be9586683bc5fc011 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 29 Mar 2015 22:17:14 +0100
+Subject: [PATCH 65/98] Allow control characters in names in the cache, handle
+ when logging.
+
+---
+ src/cache.c   | 19 +++++++++++++++++--
+ src/dnssec.c  | 34 +++++++++++++++++-----------------
+ src/rfc1035.c |  7 +++----
+ 3 files changed, 37 insertions(+), 23 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index c95624c42b1c..873c5779044c 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1399,6 +1399,19 @@ int cache_make_stat(struct txt_record *t)
+   return 1;
+ }
+ 
++/* There can be names in the cache containing control chars, don't 
++   mess up logging or open security holes. */
++static char *sanitise(char *name)
++{
++  unsigned char *r;
++  for (r = (unsigned char *)name; *r; r++)
++    if (!isprint((int)*r))
++      return "<name unprintable>";
++
++  return name;
++}
++
++
+ void dump_cache(time_t now)
+ {
+   struct server *serv, *serv1;
+@@ -1452,9 +1465,9 @@ void dump_cache(time_t now)
+           *a = 0;
+           if (strlen(n) == 0 && !(cache->flags & F_REVERSE))
+             n = "<Root>";
+-          p += sprintf(p, "%-30.30s ", n);
++          p += sprintf(p, "%-30.30s ", sanitise(n));
+           if ((cache->flags & F_CNAME) && !is_outdated_cname_pointer(cache))
+-            a = cache_get_cname_target(cache);
++            a = sanitise(cache_get_cname_target(cache));
+ #ifdef HAVE_DNSSEC
+           else if (cache->flags & F_DS)
+             {
+@@ -1587,6 +1600,8 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg)
+   if (!option_bool(OPT_LOG))
+     return;
+ 
++  name = sanitise(name);
++
+   if (addr)
+     {
+       if (flags & F_KEYTAG)
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 8bd5294ce773..14bae7e9bf75 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -552,7 +552,7 @@ static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end,
+  
+   (*desc)++;
+   
+-  if (d == 0 && extract_name(header, plen, p, buff, 2, 0))
++  if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
+     /* domain-name, canonicalise */
+     return to_wire(buff);
+   else
+@@ -811,7 +811,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+       GETLONG(sig_inception, p);
+       GETSHORT(key_tag, p);
+       
+-      if (!extract_name(header, plen, &p, keyname, 2, 0))
++      if (!extract_name(header, plen, &p, keyname, 1, 0))
+       return STAT_BOGUS;
+ 
+       /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
+@@ -866,7 +866,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+         u16 len, *dp;
+         
+         p = rrset[i];
+-        if (!extract_name(header, plen, &p, name, 2, 10)) 
++        if (!extract_name(header, plen, &p, name, 1, 10)) 
+           return STAT_BOGUS;
+ 
+         name_start = name;
+@@ -923,7 +923,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+       
+       /* namebuff used for workspace above, restore to leave unchanged on exit */
+       p = (unsigned char*)(rrset[0]);
+-      extract_name(header, plen, &p, name, 2, 0);
++      extract_name(header, plen, &p, name, 1, 0);
+ 
+       if (key)
+       {
+@@ -963,7 +963,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+   struct all_addr a;
+ 
+   if (ntohs(header->qdcount) != 1 ||
+-      !extract_name(header, plen, &p, name, 2, 4))
++      !extract_name(header, plen, &p, name, 1, 4))
+     return STAT_BOGUS;
+ 
+   GETSHORT(qtype, p);
+@@ -1202,7 +1202,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
+     val = STAT_BOGUS;
+   
+   p = (unsigned char *)(header+1);
+-  extract_name(header, plen, &p, name, 2, 4);
++  extract_name(header, plen, &p, name, 1, 4);
+   p += 4; /* qtype, qclass */
+   
+   if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
+@@ -1419,12 +1419,12 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
+   for (i = 0; i < nsec_count; i++)
+     {
+       p = nsecs[i];
+-      if (!extract_name(header, plen, &p, workspace1, 2, 10))
++      if (!extract_name(header, plen, &p, workspace1, 1, 10))
+       return STAT_BOGUS;
+       p += 8; /* class, type, TTL */
+       GETSHORT(rdlen, p);
+       psave = p;
+-      if (!extract_name(header, plen, &p, workspace2, 2, 10))
++      if (!extract_name(header, plen, &p, workspace2, 1, 10))
+       return STAT_BOGUS;
+       
+       rc = hostname_cmp(workspace1, name);
+@@ -1553,7 +1553,7 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige
+   for (i = 0; i < nsec_count; i++)
+     if ((p = nsecs[i]))
+       {
+-              if (!extract_name(header, plen, &p, workspace1, 2, 0) ||
++              if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
+           !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
+         return 0;
+       
+@@ -1730,7 +1730,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+       for (i = 0; i < nsec_count; i++)
+       if ((p = nsecs[i]))
+         {
+-          if (!extract_name(header, plen, &p, workspace1, 2, 0) ||
++          if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
+               !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
+             return STAT_BOGUS;
+         
+@@ -1796,7 +1796,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ 
+   qname = p1 = (unsigned char *)(header+1);
+   
+-  if (!extract_name(header, plen, &p1, name, 2, 4))
++  if (!extract_name(header, plen, &p1, name, 1, 4))
+     return STAT_BOGUS;
+ 
+   GETSHORT(qtype, p1);
+@@ -1836,7 +1836,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+             qname = p1;
+             
+             /* looped CNAMES */
+-            if (!cname_count-- || !extract_name(header, plen, &p1, name, 2, 0))
++            if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
+               return STAT_BOGUS;
+              
+             p1 = ans_start;
+@@ -1857,7 +1857,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+   
+   for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
+     {
+-      if (!extract_name(header, plen, &p1, name, 2, 10))
++      if (!extract_name(header, plen, &p1, name, 1, 10))
+       return STAT_BOGUS; /* bad packet */
+       
+       GETSHORT(type1, p1);
+@@ -2039,7 +2039,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+                          an unsigned zone. Return STAT_NO_SIG to cause this to be proved. */
+    
+   /* Get name of missing answer */
+-  if (!extract_name(header, plen, &qname, name, 2, 0))
++  if (!extract_name(header, plen, &qname, name, 1, 0))
+     return STAT_BOGUS;
+   
+   if (nsec_type == T_NSEC)
+@@ -2061,7 +2061,7 @@ int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char
+   int cname_count = CNAME_CHAIN;
+ 
+   /* Get question */
+-  if (!extract_name(header, plen, &p, name, 2, 4))
++  if (!extract_name(header, plen, &p, name, 1, 4))
+     return STAT_BOGUS;
+   
+   p +=2; /* type */
+@@ -2102,7 +2102,7 @@ int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char
+ 
+         /* Loop down CNAME chain/ */
+         if (!cname_count-- || 
+-            !extract_name(header, plen, &p, name, 2, 0) ||
++            !extract_name(header, plen, &p, name, 1, 0) ||
+             !(p = skip_questions(header, plen)))
+           return STAT_BOGUS;
+         
+@@ -2419,7 +2419,7 @@ unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name
+   
+   for (q = ntohs(header->qdcount); q != 0; q--) 
+     {
+-      if (!extract_name(header, plen, &p, name, 2, 4))
++      if (!extract_name(header, plen, &p, name, 1, 4))
+       break; /* bad packet */
+       
+       len = to_wire(name);
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 10832a3d5d2e..7a07b0cee906 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -16,7 +16,6 @@
+ 
+ #include "dnsmasq.h"
+ 
+-/* isExtract == 2 -> DNSSEC mode, no bitstrings, no ascii checks. */
+ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, 
+                char *name, int isExtract, int extrabytes)
+ {
+@@ -87,7 +86,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+         if ((l & 0x3f) != 1)
+           return 0; /* we only understand bitstrings */
+ 
+-        if (isExtract != 1)
++        if (!isExtract)
+           return 0; /* Cannot compare bitsrings */
+         
+         count = *p++;
+@@ -129,8 +128,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+           if (isExtract)
+             {
+               unsigned char c = *p;
+-              if ((isExtract == 2 || (isascii(c) && !iscntrl(c))) && c != '.')
+-                *cp++ = *p;
++              if (c != 0 && c != '.')
++                *cp++ = c;
+               else
+                 return 0;
+             }
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch b/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch
new file mode 100644 (file)
index 0000000..7a227d5
--- /dev/null
+++ b/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch
@@ -0,0 +1,30 @@
+From 794fccca7ffebfba4468bfffc6276b68bbf6afd9 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 29 Mar 2015 22:35:44 +0100
+Subject: [PATCH 66/98] Fix crash in last commit.
+
+---
+ src/cache.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index 873c5779044c..d7bea574c0d8 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1404,9 +1404,10 @@ int cache_make_stat(struct txt_record *t)
+ static char *sanitise(char *name)
+ {
+   unsigned char *r;
+-  for (r = (unsigned char *)name; *r; r++)
+-    if (!isprint((int)*r))
+-      return "<name unprintable>";
++  if (name)
++    for (r = (unsigned char *)name; *r; r++)
++      if (!isprint((int)*r))
++      return "<name unprintable>";
+ 
+   return name;
+ }
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0067-Merge-message-translations.patch b/src/patches/dnsmasq/0067-Merge-message-translations.patch
new file mode 100644 (file)
index 0000000..a88db22
--- /dev/null
+++ b/src/patches/dnsmasq/0067-Merge-message-translations.patch
@@ -0,0 +1,20329 @@
+From fd6ad9e481ab7c812a6b1515244908818cbb0442 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 30 Mar 2015 07:52:21 +0100
+Subject: [PATCH 67/98] Merge message translations.
+
+---
+ po/de.po    | 803 +++++++++++++++++++++++++++++++++--------------------------
+ po/es.po    | 798 ++++++++++++++++++++++++++++++++--------------------------
+ po/fi.po    | 786 +++++++++++++++++++++++++++++++--------------------------
+ po/fr.po    | 799 ++++++++++++++++++++++++++++++++--------------------------
+ po/id.po    | 814 +++++++++++++++++++++++++++++++++---------------------------
+ po/it.po    | 786 +++++++++++++++++++++++++++++++--------------------------
+ po/no.po    | 797 ++++++++++++++++++++++++++++++++--------------------------
+ po/pl.po    | 803 +++++++++++++++++++++++++++++++++--------------------------
+ po/pt_BR.po | 786 +++++++++++++++++++++++++++++++--------------------------
+ po/ro.po    | 797 ++++++++++++++++++++++++++++++++--------------------------
+ 10 files changed, 4396 insertions(+), 3573 deletions(-)
+
+diff --git a/po/de.po b/po/de.po
+index 4c93c5b28ef2..a03173845b35 100644
+--- a/po/de.po
++++ b/po/de.po
+@@ -23,70 +23,70 @@ msgstr ""
+ "X-Generator: Poedit 1.7.3\n"
+ "X-Poedit-SourceCharset: UTF-8\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr "Interner Fehler im Cache."
+ 
+-#: cache.c:908
++#: cache.c:941
+ #, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr "Fehler beim Laden der Namen von %s: %s"
+ 
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, c-format
+ msgid "bad address at %s line %d"
+ msgstr "Fehlerhafte Adresse in %s Zeile %d"
+ 
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr "Fehlerhafter Name in %s Zeile %d"
+ 
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr "%s gelesen - %d Adressen"
+ 
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr "Cache geleert"
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr "Keine IPv4-Adresse für %s gefunden"
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr "%s ist ein CNAME, weise es der DHCP-Lease von %s nicht zu"
+ 
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr "Name %s wurde dem DHCP-Lease von %s nicht zugewiesen, da der Name in %s bereits mit Adresse %s existiert"
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr "Zeit %lu"
+ 
+-#: cache.c:1367
++#: cache.c:1422
+ #, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr "Cache Größe %d, %d/%d Cache-Einfügungen verwendeten nicht abgelaufene Cache-Einträge wieder."
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr "%u weitergeleitete Anfragen, %u lokal beantwortete Anfragen"
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr "Anfragen nach autoritativen Zonen %u"
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr "Server %s#%d: %u Anfragen gesendet, %u erneut versucht oder fehlgeschlagen"
+@@ -100,7 +100,7 @@ msgstr "Konnte den Zufallszahlengenerator nicht initialisieren: %s"
+ msgid "failed to allocate memory"
+ msgstr "Konnte Speicher nicht belegen"
+ 
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr "Speicher nicht verfügbar"
+ 
+@@ -115,593 +115,626 @@ msgid "failed to allocate %d bytes"
+ msgstr "Konnte %d Bytes nicht belegen"
+ 
+ # @Simon: not perfect but I cannot get nearer right now.
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr "unendlich"
+ 
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr "Lokale abzuhörende Adresse(n) angeben."
+ 
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr "IP-Adresse für alle Hosts in angegebenen Domänen festlegen."
+ 
+ # FIXME: the English test is not to the point. Just use a shortened description
+ # from the manpage instead. -- MA
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr "Für private Adressbereiche nach RFC1918 \"keine solche Domain\" liefern."
+ 
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr "Diese IP-Adresse als NXDOMAIN interpretieren (wehrt \"Suchhilfen\" ab)."
+ 
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr "Größe des Caches (Zahl der Einträge) festlegen (Voreinstellung: %s)."
+ 
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr "Konfigurationsdatei festlegen (Voreinstellung: %s)."
+ 
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr "NICHT in den Hintergrund gehen: Betrieb im Debug-Modus"
+ 
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr "Anfragen ohne Domänen-Teil NICHT weiterschicken."
+ 
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr "Für lokale Einträge MX-Einträge liefern, die auf sich selbst zeigen."
+ 
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr "Erweitere einfache Namen in /etc/hosts mit der Domänen-Endung."
+ 
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr "'unechte' DNS-Anfragen von Windows-Rechnern nicht weiterleiten"
+ 
+ # @Simon: I'm a bit unsure about "spurious"
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr "DHCP für angegebenen Bereich und Dauer einschalten"
+ 
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr "Nach dem Start in diese Benutzergruppe wechseln (Voreinstellung %s)."
+ 
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr "Adresse oder Hostnamen für einen angegebenen Computer setzen."
+ 
+-#: option.c:332
++#: option.c:344
+ msgid "Read DHCP host specs from file."
+ msgstr "DHCP-Host-Angaben aus Datei lesen."
+ 
+-#: option.c:333
++#: option.c:345
+ msgid "Read DHCP option specs from file."
+ msgstr "DHCP-Optionen aus Datei lesen."
+ 
+-#: option.c:334
++#: option.c:346
++#, fuzzy
++msgid "Read DHCP host specs from a directory."
++msgstr "DHCP-Host-Angaben aus Datei lesen."
++
++#: option.c:347
++#, fuzzy
++msgid "Read DHCP options from a directory."
++msgstr "DHCP-Optionen aus Datei lesen."
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr "Auswertung eines Ausdrucks bedingter Marken."
+ 
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr "%s-Datei NICHT laden."
+ 
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr "Hosts-Datei festlegen, die zusätzlich zu %s gelesen wird."
+ 
+-#: option.c:337
++#: option.c:351
++#, fuzzy
++msgid "Read hosts files from a directory."
++msgstr "DHCP-Host-Angaben aus Datei lesen."
++
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr "Schnittstelle(n) zum Empfang festlegen."
+ 
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr "Schnittstelle(n) festlegen, die NICHT empfangen sollen."
+ 
+-#: option.c:339
++#: option.c:354
+ msgid "Map DHCP user class to tag."
+ msgstr "DHCP-Benutzerklasse auf Marke abbilden."
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr "RFC3046 \"circuit-id\" auf Marke abbilden."
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr "RFC3046 \"remote-id\" auf Marke abbilden."
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr "RFC3993 \"subscriber-id\" auf Marke abbilden."
+ 
+-#: option.c:343
++#: option.c:358
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr "Kein DHCP für Hosts mit gesetzter Marke verwenden."
+ 
+-#: option.c:344
++#: option.c:359
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr "Rundsendung für Hosts mit gesetzter Marke erzwingen."
+ 
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr "NICHT in den Hintergrund wechseln, NICHT im Debug-Modus laufen."
+ 
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr "Voraussetzen, dass wir der einzige DHCP-Server im lokalen Netz sind."
+ 
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr "Festlegen, wo DHCP-Leases gespeichert werden (Voreinstellung %s)."
+ 
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr "MX-Einträge für lokale Hosts liefern."
+ 
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr "Einen MX-Eintrag festlegen."
+ 
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr "BOOTP-Optionen für DHCP-Server festlegen."
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr "%s-Datei NICHT abfragen, nur bei SIGHUP neu laden."
+ 
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr "Fehlerhafte Suchergebnisse NICHT zwischenspeichern."
+ 
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr "Namensserver streng in der in %s angegebenen Reihenfolge verwenden."
+ 
+-#: option.c:354
++#: option.c:369
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr "Optionen festlegen, die an DHCP-Klienten gesendet werden."
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr "DHCP-Option, die selbst ohne Klientenanfrage gesendet wird."
+ 
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr "Port zum Abhören der DNS-Anfragen festlegen (53 voreingestellt)."
+ 
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr "Maximale unterstützte UDP-Paketgröße für EDNS.0 (Voreinstellung %s)."
+ 
+-#: option.c:358
++#: option.c:373
+ msgid "Log DNS queries."
+ msgstr "DNS-Anfragen protokollieren."
+ 
+-#: option.c:359
++#: option.c:374
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr "Ausgehenden Port erzwingen für DNS-Anfragen an vorgelagerte Server."
+ 
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr "resolv.conf NICHT lesen."
+ 
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr "Pfad zu resolv.conf festlegen (%s voreingestellt)."
+ 
+-#: option.c:362
++#: option.c:377
+ msgid "Specify path to file with server= options"
+ msgstr " Dateipfad mit der Option server= angeben"
+ 
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr "Adresse(n) vorgelagerter Server festlegen, optional mit Domänen."
+ 
+-#: option.c:364
++#: option.c:379
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr "Adresse(n) vorgelagerter Server festlegen, für reverse Adressanfragen"
+ 
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr "Anfragen für angegebene Domänen niemals weiterleiten."
+ 
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr "Domäne festlegen, die für DHCP-Leases zugewiesen wird."
+ 
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr "Voreingestelltes Ziel für MX-Einträge festlegen."
+ 
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr "Gültigkeitsdauer für Antworten aus /etc/hosts festlegen."
+ 
+-#: option.c:369
++#: option.c:384
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr "Gültigkeitsdauer in Sekunden für Caching negativer Ergebnisse festlegen."
+ 
+-#: option.c:370
++#: option.c:385
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr "Gültigkeitsdauer in Sekunden für Caching negativer Ergebnisse festlegen."
+ 
+-#: option.c:371
++#: option.c:386
++#, fuzzy
++msgid "Specify time-to-live ceiling for cache."
++msgstr "Gültigkeitsdauer in Sekunden für Caching negativer Ergebnisse festlegen."
++
++#: option.c:387
++#, fuzzy
++msgid "Specify time-to-live floor for cache."
++msgstr "Gültigkeitsdauer in Sekunden für Caching negativer Ergebnisse festlegen."
++
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr "Nach dem Start diese Benutzerrechte annehmen (%s voreingestellt)."
+ 
+-#: option.c:372
++#: option.c:389
+ msgid "Map DHCP vendor class to tag."
+ msgstr "DHCP-\"vendor class\" auf Marke abbilden."
+ 
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr "dnsmasq-Version und Urheberrecht anzeigen."
+ 
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr "IPv4-Adressen von vorgelagerten Servern übersetzen."
+ 
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr "SRV-Eintrag festlegen."
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr "Diese Hilfe anzeigen. Benutzen Sie --help dhcp für bekannte DHCP-Optionen."
+ 
+-#: option.c:377
++#: option.c:394
+ #, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr "Dateipfad für Prozesskennung (PID) festlegen (Voreinstellung: %s)."
+ 
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr "Höchstzahl der DHCP-Leases festlegen (%s voreingestellt)."
+ 
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr "DNS-Anfragen abhängig der Emfpangsschnittstelle beantworten."
+ 
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr "DNS-TXT-Eintrag festlegen."
+ 
+-#: option.c:381
++#: option.c:398
+ msgid "Specify PTR DNS record."
+ msgstr "DNS-PTR-Eintrag festlegen."
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr "Schnittstellennamen zur IPv4-Adresse des Interfaces auflösen."
+ 
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr "Nur an verwendete Schnittstellen binden."
+ 
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr "Statische DHCP-Host-Information aus %s lesen."
+ 
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr "DBus-Schnittstelle zum Festlegen vorgelagerter Server usw. festlegen."
+ 
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr "Auf dieser Schnittstelle kein DHCP anbieten, sondern nur DNS."
+ 
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr "Dynamische Adressbelegung für bootp einschalten."
+ 
+-#: option.c:388
++#: option.c:405
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr "MAC-Adresse (mit Jokerzeichen) auf Netzmarke abbilden."
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr "DHCP-Anfragen von Alias-Schnittstellen für die Hauptschnittstelle beantworten."
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr "ICMP-Echo-Adressprüfung im DHCP-Server abschalten."
+ 
+-#: option.c:391
++#: option.c:408
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr "Skript, das bei Erzeugung/Löschung einer DHCP-Lease laufen soll."
+ 
+-#: option.c:392
++#: option.c:409
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr "Lua-Skript, welches bei Erzeugung/Löschung eines DHCP-Leases laufen soll."
+ 
+-#: option.c:393
++#: option.c:410
+ msgid "Run lease-change scripts as this user."
+ msgstr "Lease-Änderungs-Skript mit den Rechten dieses Nutzers ausführen."
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr "Konfiguration aus allen Dateien in diesem Verzeichnis lesen."
+ 
+-#: option.c:395
++#: option.c:412
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr "Für diese Syslog-Anlage oder in Datei loggen (Voreinstellung DAEMON)."
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr "Keine Lease-Datei benützen."
+ 
+-#: option.c:397
++#: option.c:414
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr "Höchstzahl nebenläufiger DNS-Anfragen (%s voreingestellt)."
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr "DNS-Cache beim Neuladen von %s löschen."
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr "Von DHCP-Clients gelieferte Hostnamen ignorieren."
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr "Dateinamen und Server-Datenfehler für zusätzliche DHCP-Optionen NICHT wiederverwenden."
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr "Eingebauten Nur-Lese-TFTP-Server einschalten."
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr "Nur vom festgelegten Unterbaum Dateien per TFTP exportieren."
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr "IP-Adresse des Klienten an tftp-root anhängen."
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr "Zugriff nur auf Dateien gestatten, die dem dnsmasq aufrufenden Benutzer gehören."
+ 
+-#: option.c:405
++#: option.c:422
+ #, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr "Höchstzahl nebenläufiger TFTP-Übertragungen (%s voreingestellt)."
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr "TFTP-Blockgrößen-Erweiterung abschalten."
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr "Konvertiere TFTP Dateinamen in Kleinschreibung"
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr "Bereich für vorübergehende Ports für TFTP-Übertragungen."
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr "Erweiterte DHCP-Protokollierung."
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr "Asynchrone Protokollierung einschalten, opt. Warteschlangenlänge festlegen."
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr "DNS-Rebinding unterbinden, private IP-Bereiche bei der Auflösung ausfiltern."
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr "Auflösung zu 127.0.0.0/8 erlauben, für RBL-Server."
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr "DNS-Rebind-Schutz für diese Domäne sperren."
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr "DNS-Anfragen immer an alle Server weiterleiten."
+ 
+-#: option.c:415
++#: option.c:432
+ msgid "Set tag if client includes matching option in request."
+ msgstr "Marke setzen, wenn Klient eine entsprechende Option anfragt."
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr "Alternative Ports für DHCP verwenden."
+ 
+-#: option.c:417
++#: option.c:434
+ msgid "Specify NAPTR DNS record."
+ msgstr "DNS-NAPTR-Eintrag festlegen."
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr "Niedrigsten verfügbaren Port für Übertragung von DNS-Anfragen festlegen."
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr "Für DHCP-Klienten nur vollständig bestimmte Domänennamen benutzen."
+ 
+ # FIXME: probably typo in original message. -- MA
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr "Generiere Hostnamen auf Basis der MAC-Adresse für namenlose Klienten."
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr "Diese DHCP-Relais als vollwertige Proxies verwenden."
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr "Leute DHCP Anfragen an entfernten Server weiter"
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr "Alias für LOKALEN DNS-Namen festlegen."
+ 
+-#: option.c:424
++#: option.c:441
+ msgid "Prompt to send to PXE clients."
+ msgstr "Aufforderung, die an PXE-Klienten geschickt wird."
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr "Boot-Dienst für PXE-Menü."
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr "Konfigurationssyntax prüfen."
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr "Anfragende MAC-Adresse in die weiterleitende DNS-Anfrage einfügen"
+ 
+-#: option.c:428
++#: option.c:445
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr "Füge das IP-Subnetz des Anfragenden in die weitergeleiteten DNS-Anfragen hinzu."
+ 
+-#: option.c:429
++#: option.c:446
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr "Proxy-DNSSEC-Validierung-Ergebnisse von Upstream-Namensservern."
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr "Versuche sequenzielle IP-Adressen an DHCP-Klienten zu vergeben."
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr "Kopiere \"connection-track mark\" von Anfragen nach Upstream-Verbindungen."
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr "Erlaube DHCP-Klienten ihre eigenen DDNS-Updates durchzuführen."
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr "Sende \"Router-Advertisments\" für Netzwerkschnittstellen, welche DHCPv6 nutzen"
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr "Spezifiziere DUID_EN-type DHCPv6 Server DUID"
+ 
+-#: option.c:435
++#: option.c:452
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr "Spezifiziere Host (A/AAAA und PTR) Einträge"
+ 
+-#: option.c:436
++#: option.c:453
+ msgid "Specify arbitrary DNS resource record"
+ msgstr "Spezifiziere einen beliebiegen DNS Eintrag"
+ 
+-#: option.c:437
++#: option.c:454
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr "Bindung zu Schnittstellen in Benutzung - prüfe auf neue Schnittstellen"
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr "Exportiere lokale Namen in das globale DNS"
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr "Domain für das Exportieren des globalen DNS"
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr "Setzte TTL für autoritative Antworten"
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr "Setze autoritative Zoneninformationen"
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr "Sekundärer autoritativer Nameserver für weitergeleitete Domains"
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr "Peers welche einen Zonentransfer durchführen dürfen"
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr "Spezifiziere IPSets zu welcher passende Domains hinzugefügt werden sollen"
+ 
+-#: option.c:445
++#: option.c:462
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr "Spezifiziere eine Domain und Adressbereich für synthetisierte Namen"
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr "Aktiviere DNSSEC-Validierung"
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr "Spezifiziere Vertrauensursprung (Trust Anchor) der Schlüssel-Prüfdaten (Key Digest)."
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr "Deaktiviere die Überprüfung vorgelagerter Server für DNSSEC-Debugging"
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr "Stellt sicher, dass Antworten ohne DNSSEC sich in einer unsignierten Zone befinden."
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr "DNSSEC Signatur-Zeitstempel nicht prüfen, bis erstmalig der Cache neugeladen wird"
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr "Spezifiziere DHCPv6 Prefix Klasse"
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr "Setze Priorität, Intervall des erneuten Sendens und Router Lebenszeit"
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr "Protokolliere kein DHCP."
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr "Protokolliere kein DHCPv6."
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr "RA nicht protokollieren."
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr "Akzeptiere nur Anfragen von direkt verbundenen Netzwerken"
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr "Erkennen und Entfernen von DNS-Weiterleitungsschleifen"
+ 
+-#: option.c:661
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+@@ -710,312 +743,312 @@ msgstr ""
+ "Verwendung: dnsmasq [Optionen]\n"
+ "\n"
+ 
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr "Auf der Befehlszeile nur kurze Optionen verwenden!\n"
+ 
+-#: option.c:665
++#: option.c:684
+ #, c-format
+ msgid "Valid options are:\n"
+ msgstr "Gültige Optionen sind:\n"
+ 
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr "unzulässiger Port"
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr "Schnittstellenbindung nicht unterstützt"
+ 
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ msgid "bad interface name"
+ msgstr "unzulässiger Schnittestellenname"
+ 
+-#: option.c:792
++#: option.c:811
+ msgid "bad address"
+ msgstr "Fehlerhafte Adresse"
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr "Nicht unterstützte Verkapselung für eine IPv6-Option"
+ 
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr "Fehlerhafte DHCP-Option"
+ 
+-#: option.c:1056
++#: option.c:1075
+ msgid "bad IP address"
+ msgstr "Fehlerhafte IP-Adresse"
+ 
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ msgid "bad IPv6 address"
+ msgstr "Fehlerhafte IPv6-Adresse"
+ 
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr "Fehlerhafte Domäne in DHCP-Option"
+ 
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr "DHCP-Option zu lang"
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr "Unzulässige dhcp-match-Option"
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr "unzulässig wiederholte Markierung"
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr "unzulässig wiederholtes Schlüsselwort"
+ 
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr "Kann auf Verzeichnis %s nicht zugreifen: %s"
+ 
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, c-format
+ msgid "cannot access %s: %s"
+ msgstr "Kann auf %s nicht zugreifen: %s"
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr "Die Einstellung Protokolliereinrichtung kann unter Android nicht gesetzt werden"
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr "Falsche Protokolliereinrichtung"
+ 
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr "unzulässige MX-Präferenz-Angabe"
+ 
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr "unzulässiger MX-Name"
+ 
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr "unzulässiges MX-Ziel"
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr "unter uClinux ist die Skriptausführung nicht möglich"
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr "Neuübersetzung mit HAVE_SCRIPT nötig, um Lease-Änderungs-Skripte auszuführen"
+ 
+-#: option.c:1687
++#: option.c:1714
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr "Um Benutzerdefinierte Lua-Scripte zu ermöglichen, muss mit HAVE_LUASCRIPT neu kompiliert werden"
+ 
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ msgid "bad prefix"
+ msgstr "unzulässiger Präfix"
+ 
+-#: option.c:2289
++#: option.c:2352
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr "Um IPSet-Direktiven zu aktivieren, muss mit HAVE_IPSET neu übersetzt werden"
+ 
+-#: option.c:2469
++#: option.c:2545
+ msgid "bad port range"
+ msgstr "unzulässiger Portbereich"
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr "unzulässige Brücken-Schnittstelle"
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr "nur eine Marke zulässig"
+ 
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr "unzulässiger DHCP-Bereich"
+ 
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr "inkonsistenter DHCP-Bereich"
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr "Die Präfixlenge muss genau 64 für RA Subnetze sein"
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr "Die Präfixlenge muss genau 64 für Subnet Konstruktoren sein"
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr "Die Präfixlänge muss mindestens 64 sein"
+ 
+-#: option.c:2660
++#: option.c:2736
+ msgid "inconsistent DHCPv6 range"
+ msgstr "Inkonsistenter DHCPv6-Bereich"
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr "Prefix muss mit dem \"constructor:\" Argument Null sein"
+ 
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ msgid "bad hex constant"
+ msgstr "Falscher Hexwert"
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr "Kann die Tags in --dhcp-host nicht abgleichen"
+ 
+-#: option.c:2852
++#: option.c:2928
+ #, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr "doppelte dhcp-host IP-Adresse %s"
+ 
+-#: option.c:2910
++#: option.c:2986
+ msgid "bad DHCP host name"
+ msgstr "unzulässiger DHCP-Hostname"
+ 
+-#: option.c:2992
++#: option.c:3068
+ msgid "bad tag-if"
+ msgstr "unzulässige bedingte Marke (tag-if)"
+ 
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr "unzulässige Portnummer"
+ 
+-#: option.c:3378
++#: option.c:3454
+ msgid "bad dhcp-proxy address"
+ msgstr "Fehlerhafte DHCP-Proxy-Adresse"
+ 
+-#: option.c:3404
++#: option.c:3480
+ msgid "Bad dhcp-relay"
+ msgstr "unzulässiger dhcp-relay"
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr "unzulässige RA-Parameter"
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr "unzulässige DUID"
+ 
+-#: option.c:3481
++#: option.c:3557
+ msgid "invalid alias range"
+ msgstr "unzulässiger Alias-Bereich"
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr "unzulässiger CNAME"
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr "doppelter CNAME"
+ 
+-#: option.c:3560
++#: option.c:3636
+ msgid "bad PTR record"
+ msgstr "unzulässiger PTR-Eintrag"
+ 
+-#: option.c:3591
++#: option.c:3667
+ msgid "bad NAPTR record"
+ msgstr "unzulässiger NAPTR-Eintrag"
+ 
+-#: option.c:3625
++#: option.c:3701
+ msgid "bad RR record"
+ msgstr "unzulässiger RR-Eintrag"
+ 
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr "unzulässiger TXT-Eintrag"
+ 
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr "unzulässiger SRV-Eintrag"
+ 
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr "unzulässiges SRV-Ziel"
+ 
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr "unzulässige Priorität"
+ 
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr "unzulässige Wichtung"
+ 
+-#: option.c:3748
++#: option.c:3824
+ msgid "Bad host-record"
+ msgstr "unzulässiger host-record"
+ 
+-#: option.c:3765
++#: option.c:3841
+ msgid "Bad name in host-record"
+ msgstr "Unzulässiger Name in host-record"
+ 
+-#: option.c:3826
++#: option.c:3906
+ msgid "bad trust anchor"
+ msgstr "unzulässiger Vertrauensursprung (Trust Anchor)"
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr "unzulässiger Hexwert in Vertrauensursprung (Trust Anchor)"
+ 
+-#: option.c:3850
++#: option.c:3930
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr "Nicht unterstützte Option (prüfen Sie, ob DNSMasq mit DHCP/TFTP/DNSSEC/DBus-Unterstützung übersetzt wurde)"
+ 
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr "fehlende \\\""
+ 
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr "unzulässige Option"
+ 
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr "überschüssiger Parameter"
+ 
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr "fehler Parameter"
+ 
+-#: option.c:3972
++#: option.c:4052
+ msgid "illegal option"
+ msgstr "unzulässige Option"
+ 
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr "Fehler"
+ 
+-#: option.c:3981
++#: option.c:4061
+ #, c-format
+ msgid " at line %d of %s"
+ msgstr " in Zeile %d von %s"
+ 
+-#: option.c:4045 option.c:4168 tftp.c:667
+-#, c-format
+-msgid "cannot read %s: %s"
+-msgstr "kann %s nicht lesen: %s"
+-
+-#: option.c:4229 option.c:4265
++#: option.c:4076 option.c:4323 option.c:4359
+ #, c-format
+ msgid "read %s"
+ msgstr "%s gelesen"
+ 
+-#: option.c:4331
++#: option.c:4139 option.c:4262 tftp.c:667
++#, c-format
++msgid "cannot read %s: %s"
++msgstr "kann %s nicht lesen: %s"
++
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr "Mist in der Kommandozeile gefunden"
+ 
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr "Dnsmasq Version %s  %s\n"
+ 
+-#: option.c:4367
++#: option.c:4461
+ #, c-format
+ msgid ""
+ "Compile time options: %s\n"
+@@ -1024,90 +1057,90 @@ msgstr ""
+ "Kompilierungs-Optionen %s\n"
+ "\n"
+ 
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr "Für diese Software wird ABSOLUT KEINE GARANTIE gewährt.\n"
+ 
+ # FIXME: this must be one long string! -- MA
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr "Dnsmasq ist freie Software, und du bist willkommen es weiter zu verteilen\n"
+ 
+-#: option.c:4370
++#: option.c:4464
+ #, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr "unter den Bedingungen der GNU General Public Lizenz, Version 2 oder 3.\n"
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr "versuchen Sie --help"
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr "versuchen Sie -w"
+ 
+-#: option.c:4385
++#: option.c:4479
+ #, c-format
+ msgid "bad command line options: %s"
+ msgstr "unzulässige Optionen auf der Befehlszeile: %s"
+ 
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr "kann Hostnamen nicht ermitteln: %s"
+ 
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr "mit -n/--no-poll ist nur eine resolv.conf-Datei zulässig."
+ 
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr "Um die Domäne zu lesen, muss genau eine resolv.conf-Datei verwendet werden."
+ 
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, c-format
+ msgid "failed to read %s: %s"
+ msgstr "konnte %s nicht lesen: %s"
+ 
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr "keine \"search\"-Anweisung in %s gefunden"
+ 
+-#: option.c:4513
++#: option.c:4614
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr "Es muss eine standard Domain gesetzt sein, wenn --dhcp-fqdn gesetzt ist"
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr "Syntaxprüfung OK"
+ 
+-#: forward.c:114
++#: forward.c:111
+ #, c-format
+ msgid "failed to send packet: %s"
+ msgstr "Fehlgeschlagen, folgendes Paket zu senden: %s"
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr "Verwerfe DNS Antwort: Subnetoption stimmt nicht überrein"
+ 
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr "Namensserver %s hat eine rekursive Anfrage verweigert"
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr "möglichen DNS-Rebind-Angriff entdeckt: %s"
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr "Ignoriere Anfragen vom nicht lokalen Netzwerk"
+ 
+-#: forward.c:2101
++#: forward.c:2178
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr "Maximale Anzahl an nebenläufiger DNS-Anfragen erreicht (Max: %d)"
+@@ -1198,265 +1231,284 @@ msgstr "Benutze Namensserver %s#%d(via %s)"
+ msgid "using nameserver %s#%d"
+ msgstr "Benutze Namensserver %s#%d"
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
++msgstr ""
++
++#: dnsmasq.c:156
++#, fuzzy
++msgid "no trust anchors provided for DNSSEC"
+ msgstr "Keine Vertrauensursprünge (Trust Anchor) für DNSSEC verfügbar"
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:159
++#, fuzzy
++msgid "cannot reduce cache size from default when DNSSEC enabled"
+ msgstr "Kann die Standard Cachegröße nicht verkleinern, wenn DNSSEC aktiviert ist"
+ 
+-#: dnsmasq.c:159
++#: dnsmasq.c:161
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr "DNSSEC nicht verfügbar: setzen Sie HAVE_DNSSEC in src/config.h"
+ 
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr "TFTP-Server nicht verfügbar, setzen Sie HAVE_TFTP in src/config.h"
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++#, fuzzy
++msgid "cannot use --conntrack AND --query-port"
+ msgstr "Kann nicht --conntrack UND --query-port einsetzen"
+ 
+-#: dnsmasq.c:173
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++#: dnsmasq.c:175
++#, fuzzy
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr "Conntrack-Unterstützung nicht verfügbar: setze HAVE_CONNTRACK in src/config.h"
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ msgid "asychronous logging is not available under Solaris"
+ msgstr "asynchrone Protokollierung unter Solaris nicht verfügbar"
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ msgid "asychronous logging is not available under Android"
+ msgstr "Asynchrone Protokollierung unter Android nicht verfügbar"
+ 
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr "Authoritatives DNS nicht verfügbar: Es muss HAVE_AUTH in src/config.h gesetzt sein"
+ 
+-#: dnsmasq.c:193
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++#: dnsmasq.c:195
++#, fuzzy
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr "Loop-Erkennung nicht verfügbar, setzen Sie HAVE_LOOP in src/config.h"
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr "Zonen Seriennummer muss mit --auth-soa konfiguriert werden"
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr "dhcp-range Konstruktor ist auf dieser Plattform nicht verfübar"
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr "Kann nicht --bind-interfaces und --bind-dynamic setzen"
+ 
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr "konnte Schnitstellenliste nicht beziehen: %s"
+ 
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr "unbekannte Schnittstelle %s"
+ 
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr "DBus-Fehler: %s"
+ 
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr "DBus nicht verfügbar: setzen Sie HAVE_DBUS in src/config.h"
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr "Unbekannter Benutzer oder Gruppe: %s"
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr "kann nicht ins Wurzelverzeichnis des Dateisystems wechseln: %s"
+ 
+ # FIXME: this and the next would need commas after the version
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr "gestartet, Version %s, DNS abgeschaltet"
+ 
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr "gestartet, Version %s, Cachegröße %d"
+ 
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr "Gestartet, Version %s Cache deaktiviert"
+ 
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr "Übersetzungsoptionen: %s"
+ 
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr "DBus-Unterstützung eingeschaltet: mit Systembus verbunden"
+ 
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr "DBus-Unterstützung eingeschaltet: warte auf Systembus-Verbindung"
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr "DNS-Dienst auf lokale Subnetze eingeschränkt"
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr "DNSSEC-Validierung aktiviert"
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr "DNSSEC Signatur-Zeitstempel werden erst ab dem ersten Neuladen des Caches überprüft"
+ 
+-#: dnsmasq.c:684
++#: dnsmasq.c:708
++#, fuzzy
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr "DNSSEC Signatur-Zeitstempel werden erst ab dem ersten Neuladen des Caches überprüft"
++
++#: dnsmasq.c:713
+ #, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr "Warnung: konnte den Besitzer von %s nicht ändern: %s"
+ 
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr "Aktiviere --bind-interfaces wegen Einschränkungen des Betriebssystems"
+ 
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr "Warnung: Schnittstelle %s existiert derzeit nicht"
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr "Warnung: Ignoriere \"resolv-file\", weil \"no-resolv\" aktiv ist"
+ 
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ msgid "warning: no upstream servers configured"
+ msgstr "Warnung: keine vorgelagerten (Upstream) Server konfiguriert"
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr "asynchrone Protokollierung eingeschaltet, Warteschlange fasst %d Nachrichten"
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr "IPv6-Router-Advertisement aktiviert"
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr "DHCP, Sockets exklusiv an das Interface %s gebunden"
+ 
+ # FIXME: this and the next few must be full strings to be translatable - do not assemble in code"
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr "Wurzel ist "
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "enabled"
+ msgstr "Aktiviert"
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr "sicherer Modus"
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr "Begrenze gleichzeitige TFTP-Übertragungen auf maximal %d"
+ 
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr "Mit System-DBus verbunden"
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr "kann nicht in den Hintergrund abspalten: %s"
+ 
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, c-format
+ msgid "failed to create helper: %s"
+ msgstr "kann Helfer nicht erzeugen: %s"
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr "kann \"capabilities\" nicht setzen: %s"
+ 
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr "Kann nicht Benutzerrechte %s annehmen: %s"
+ 
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr "Kann nicht Gruppenrechte %s annehmen: %s"
+ 
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr "kann die Prozessidentifikations-(PID)-Datei %s nicht öffnen: %s"
+ 
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, c-format
+ msgid "cannot open log %s: %s"
+ msgstr "Kann Logdatei %s nicht öffnen: %s"
+ 
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr "Konnte Lua-Script nicht laden: %s"
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr "Das TFTP-Verzeichnis %s ist nicht zugreifbar: %s"
+ 
+-#: dnsmasq.c:1151
++#: dnsmasq.c:1183
++#, fuzzy, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr "kann Lease-Datei %s nicht öffnen: %s"
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr "Prüfe jetzt DNSSEC Signatur-Zeitstempel"
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, c-format
+ msgid "script process killed by signal %d"
+ msgstr "Scriptprozess durch Signal %d getötet"
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, c-format
+ msgid "script process exited with status %d"
+ msgstr "Scriptprozess hat sich mit Status %d beendet"
+ 
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, c-format
+ msgid "failed to execute %s: %s"
+ msgstr "konnte %s nicht ausführen: %s"
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr "beende nach Empfang von SIGTERM"
+ 
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, c-format
+ msgid "failed to access %s: %s"
+ msgstr "konnte auf %s nicht zugreifen: %s"
+ 
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr "lese %s"
+ 
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr "keine Server in %s gefunden, werde es später neu versuchen"
+@@ -1496,27 +1548,27 @@ msgstr "unbekannte Schnittstelle %s in bridge-interface"
+ msgid "DHCP packet received on %s which has no address"
+ msgstr "DHCP-Paket ohne Adresse an Schnittstelle %s empfangen"
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr "APR-Cache Injektion fehlgeschlagen: %s"
+ 
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr "DHCP-Bereich %s - %s passt nicht zur Netzmaske %s"
+ 
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, c-format
+ msgid "bad line at %s line %d"
+ msgstr "ungültige Zeile %2$d in Datei %1$s"
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr "ignoriere %s Zeile %d, doppelter Name oder doppelte IP-Adresse"
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr "DHCP Weiterleitung %s -> %s"
+@@ -1591,12 +1643,12 @@ msgstr "%u Benutzerklasse: %s"
+ msgid "disabled"
+ msgstr "deaktiviert"
+ 
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr "ignoriert"
+ 
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr "Adresse in Nutzung"
+ 
+@@ -1616,7 +1668,7 @@ msgstr "Keine Adresse konfiguriert"
+ msgid "no leases left"
+ msgstr "Keine Leases übrig"
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, c-format
+ msgid "%u client provides name: %s"
+ msgstr "%u Klient stellt Name bereit: %s"
+@@ -1625,7 +1677,7 @@ msgstr "%u Klient stellt Name bereit: %s"
+ msgid "PXE BIS not supported"
+ msgstr "PXE BIS nicht unterstützt"
+ 
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr "schalte statische DHCP-Adresse %s für %s ab"
+@@ -1663,7 +1715,7 @@ msgstr "Falsche Server-ID"
+ msgid "wrong address"
+ msgstr "Falsche Adresse"
+ 
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr "Lease nicht gefunden"
+ 
+@@ -1713,7 +1765,7 @@ msgstr "kann DHCP/BOOTP-Opition %d nicht setzen: kein Platz mehr im Paket"
+ msgid "PXE menu too large"
+ msgstr "PXE-Menüeintrag zu groß"
+ 
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, c-format
+ msgid "%u requested options: %s"
+ msgstr "%u angeforderte Optionen: %s"
+@@ -1728,7 +1780,7 @@ msgstr "Kann RFC3925-Option nicht senden: zu viele Optionen für Unternehmen Nr.
+ msgid "cannot create netlink socket: %s"
+ msgstr "kann Netlink-Socket nicht erzeugen: %s"
+ 
+-#: netlink.c:347
++#: netlink.c:348
+ #, c-format
+ msgid "netlink returns error: %s"
+ msgstr "Netlink liefert Fehler %s"
+@@ -1846,63 +1898,63 @@ msgstr "Kein Adressbereich verfügbar für die DHCPv6-Anfrage via %s"
+ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr "%u verfügbare(s) DHCPv6-Subnetz: %s/%d"
+ 
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, c-format
+ msgid "%u vendor class: %u"
+ msgstr "%u Herstellerklasse: %u"
+ 
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, c-format
+ msgid "%u client MAC address: %s"
+ msgstr "%u Klient MAC-Adresse: %s"
+ 
+ # FIXME: do not assemble
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, c-format
+ msgid "unknown prefix-class %d"
+ msgstr "unbekannte Präfixklasse %d"
+ 
+-#: rfc3315.c:791 rfc3315.c:913
++#: rfc3315.c:803 rfc3315.c:902
++msgid "address unavailable"
++msgstr "Adresse nicht verfügbar"
++
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
+ msgid "success"
+ msgstr "Erfolg"
+ 
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
+ msgid "no addresses available"
+ msgstr "Keine Adressen verfügbar"
+ 
+-#: rfc3315.c:865
+-msgid "address unavailable"
+-msgstr "Adresse nicht verfügbar"
+-
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr "nicht on link"
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr "Keine Bindung gefunden"
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr "veraltet"
+ 
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ msgid "address invalid"
+ msgstr "Adresse ungültig"
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr "Bestätigung fehlgeschlagen"
+ 
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ msgid "all addresses still on link"
+ msgstr "Alle Adressen immer noch on link"
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr "Freigabe empfangen"
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr "Kann nicht zum DHCPv6 Server multicasten ohne korrekte Schnittstelle"
+ 
+@@ -1995,7 +2047,7 @@ msgstr "DHCP Weiterleitung von %s nach %s"
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr "Kann ICMPv6-Socket nicht erzeugen: %s"
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr "ignoriere Zonentransfer-Anfrage von %s"
+@@ -2010,54 +2062,89 @@ msgstr "konnte Kernelversion nicht finden: %s"
+ msgid "failed to create IPset control socket: %s"
+ msgstr "konnte IPset-Kontroll-Socket nicht erzeugen: %s"
+ 
++#: dnssec.c:425 dnssec.c:469
++#, fuzzy, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr "kann die Prozessidentifikations-(PID)-Datei %s nicht öffnen: %s"
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr "DNSSEC Speicher in Benutzung %u, Max %u, zugewiesen %u"
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr "Fehler: fill_addr falsch verwendet"
+ 
+-#: tables.c:105
++#: tables.c:109
+ #, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr "konnte auf pf Geräte nicht zugreifen: %s"
+ 
+-#: tables.c:119
++#: tables.c:123
+ #, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr "Warnung: Keine geöffneten pf Geräte %s"
+ 
+-#: tables.c:127
++#: tables.c:131
+ #, c-format
+ msgid "error: cannot use table name %s"
+ msgstr "Fehler: Kann Tabellenname %s nicht benutzen"
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr "Fehler: Kann den Tabellennamen %s nicht strlcpy"
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr "Warnung: pfr_add_tables: %s(%d)"
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr "Info: Tabelle erstellt"
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr "Warnung: DIOCR%sADDRS: %s"
+ 
+-#: tables.c:162
++#: tables.c:166
+ #, c-format
+ msgid "%d addresses %s"
+ msgstr "%d Adressen %s"
+ 
++#: inotify.c:46
++#, fuzzy, c-format
++msgid "failed to create inotify: %s"
++msgstr "kann Helfer nicht erzeugen: %s"
++
++#: inotify.c:60
++#, fuzzy, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr "kann Lease-Datei %s nicht öffnen: %s"
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++#: inotify.c:75 inotify.c:112
++#, fuzzy, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr "Konnte Empfangs-Socket für %s: %s nicht erzeugen"
++
++#: inotify.c:97
++#, fuzzy, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr "Kann auf Verzeichnis %s nicht zugreifen: %s"
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
++
+ #~ msgid "no interface with address %s"
+ #~ msgstr "keine Schnittstelle mit Adresse %s"
+ 
+diff --git a/po/es.po b/po/es.po
+index 0bdff67f720b..b85696072661 100644
+--- a/po/es.po
++++ b/po/es.po
+@@ -16,70 +16,70 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr ""
+ 
+-#: cache.c:908
++#: cache.c:941
+ #, fuzzy, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr "no se pudo cargar nombres desde %s: %s"
+ 
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, fuzzy, c-format
+ msgid "bad address at %s line %d"
+ msgstr "dirección errónea en %s línea %d"
+ 
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr "nombre erróneo en %s línea %d"
+ 
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr "direcciónes %s - %d leídas"
+ 
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr "el caché fue liberado"
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr ""
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr "%s es un CNAME, no se le está dando concesión DHCP de %s"
+ 
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr "no otorgando nombre %s a concesión DHCP de %s porque el nombre existe en %s con dirección %s"
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr "tiempo %lu"
+ 
+-#: cache.c:1367
++#: cache.c:1422
+ #, fuzzy, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr "tamaño de caché %d, %d/%d inserciónes de caché reutilizaron objetos no vencidos."
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr "búsquedas reenviadas %u, búsquedas respondidas localmente %u"
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, fuzzy, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr "Fijar TTL para respuestas autoritarias"
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr "servidor %s#%d: búsquedas enviadas %u, reintentadas o fallidas %u"
+@@ -94,7 +94,7 @@ msgstr "no se pudo crear valor semilla para el generador de n
+ msgid "failed to allocate memory"
+ msgstr "no se pudo asignar memoria"
+ 
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr "no se pudo adquirir memoria"
+ 
+@@ -108,617 +108,650 @@ msgstr "no se puede crear pipe: %s"
+ msgid "failed to allocate %d bytes"
+ msgstr "no se pudo asignar %d bytes"
+ 
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr "infinito"
+ 
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr "Especificar dirección(es) locales dónde escuchar."
+ 
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr "Retornar ipaddr (dirección IP) para todos los hosts en los dominios especificados."
+ 
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr "Falsificar búsquedas reversas para rangos de dirección privados RFC1918."
+ 
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr "Tratar ipaddr (dirección IP) como NXDOMAIN (derrota comodín Verisign)."
+ 
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr "Especificar tamaño de caché en cuanto a cantidad de objetos (%s por predeterminado)."
+ 
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr "Especificar archivo de configuración (%s por predeterminado)."
+ 
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr "NO hacer un fork hacia el fondo: correr en modo debug."
+ 
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr "NO reenviar búsquedas sin parte de dominio."
+ 
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr "Retornar expedientes MX auto-señaladores para hosts locales."
+ 
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr "Expandir nombres simples en /etc/hosts con domain-suffix (sufijo de dominio)."
+ 
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr "No reenviar pedidos DNS falsos desde máquinas Windows."
+ 
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr "Habilitar DHCP dentro del rango brindado con duración de concesión."
+ 
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr "Cambiar a este grupo después del inicio (%s por predeterminado)."
+ 
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr "Fijar dirección o nombre de host para una máquina especificada."
+ 
+-#: option.c:332
++#: option.c:344
+ #, fuzzy
+ msgid "Read DHCP host specs from file."
+ msgstr "Leer especificaciones DHCP de host desde archivo"
+ 
+-#: option.c:333
++#: option.c:345
+ #, fuzzy
+ msgid "Read DHCP option specs from file."
+ msgstr "Leer opciones DHCP de host desde archivo"
+ 
+-#: option.c:334
++#: option.c:346
++#, fuzzy
++msgid "Read DHCP host specs from a directory."
++msgstr "Leer especificaciones DHCP de host desde archivo"
++
++#: option.c:347
++#, fuzzy
++msgid "Read DHCP options from a directory."
++msgstr "Leer opciones DHCP de host desde archivo"
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr "Evaluar expresión condicional de etiqueta."
+ 
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr "NO cargar archivo %s."
+ 
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr "Especificar un archivo de hosts para ser leído adicionalmente a %s."
+ 
+-#: option.c:337
++#: option.c:351
++#, fuzzy
++msgid "Read hosts files from a directory."
++msgstr "Leer especificaciones DHCP de host desde archivo"
++
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr "Especificar interfase(s) donde escuchar."
+ 
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr "Especificar interfase(s) donde NO escuchar."
+ 
+-#: option.c:339
++#: option.c:354
+ #, fuzzy
+ msgid "Map DHCP user class to tag."
+ msgstr "Trazar clase de usuario DHCP a etiqueta."
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr "Trazar circuit-id (identificación de circuito) RFC3046 a etiqueta."
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr "Trazar remote-id (identificación remota) RFC3046 a etiqueta."
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr "Trazar subscriber-id (identificación de suscritor) RFC3993 a etiqueta."
+ 
+-#: option.c:343
++#: option.c:358
+ #, fuzzy
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr "No hacer DHCP para hosts con etiqueta fijada."
+ 
+-#: option.c:344
++#: option.c:359
+ #, fuzzy
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr "Forzar respuestas broadcast para hosts con etiqueta fijada."
+ 
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr "NO hacer un fork hacia el fondo, NO correr en modo debug."
+ 
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr "Asumir que somos el único servidor DHCP en la red local."
+ 
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr "Especificar donde almacenar concesión DHCP (%s por predeterminado)."
+ 
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr "Retornar expedientes MX para hosts locales."
+ 
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr "Especificar un expediente MX."
+ 
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr "Especificar opciones BOOTP a servidor DHCP."
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr "NO revisar archivo %s periódicamente, recargar solo con SIGHUP."
+ 
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr "NO almacenar en caché resultados de búsquedas fallidas."
+ 
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr "Usar servidores DNS estrictamente en el órden brindado en %s."
+ 
+-#: option.c:354
++#: option.c:369
+ #, fuzzy
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr "Especificar opciones para ser enviadas a clientes DHCP."
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr "Opción DHCP enviada aún si el cliente no la pide."
+ 
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr "Especificar puerto donde escuchar por búsquedas DNS (53 por predeterminado)."
+ 
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr "Tamaño máximo de paquetes UDP soportado para EDNS.0 (%s por predeterminado)."
+ 
+-#: option.c:358
++#: option.c:373
+ #, fuzzy
+ msgid "Log DNS queries."
+ msgstr "Bitacorear búsquedas DNS."
+ 
+-#: option.c:359
++#: option.c:374
+ #, fuzzy
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr "Enforzar el puerto original para búsquedas DNS subida."
+ 
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr "NO leer resolv.conf."
+ 
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr "Especificar el path hacia resolv.conf (%s por predeterminado)."
+ 
+-#: option.c:362
++#: option.c:377
+ #, fuzzy
+ msgid "Specify path to file with server= options"
+ msgstr "Especificar path de archivo PID (%s por predeterminado)."
+ 
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr "Especificar dirección(es) de servidores subida con dominios opcionales."
+ 
+-#: option.c:364
++#: option.c:379
+ #, fuzzy
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr "Especificar dirección(es) de servidores subida con dominios opcionales."
+ 
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr "Nunca reenviar búsquedas a dominios especificados."
+ 
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr "Especificar el dominio para ser asignado en concesión DHCP."
+ 
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr "Especificar destino predeterminado en un expediente MX."
+ 
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr "Especificar tiempo de vida en segundos para respuestas desde /etc/hosts."
+ 
+-#: option.c:369
++#: option.c:384
+ #, fuzzy
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr "Especificar tiempo de vida en segundos para caché negativo."
+ 
+-#: option.c:370
++#: option.c:385
+ #, fuzzy
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr "Especificar tiempo de vida en segundos para respuestas desde /etc/hosts."
+ 
+-#: option.c:371
++#: option.c:386
++#, fuzzy
++msgid "Specify time-to-live ceiling for cache."
++msgstr "Especificar tiempo de vida en segundos para caché negativo."
++
++#: option.c:387
++#, fuzzy
++msgid "Specify time-to-live floor for cache."
++msgstr "Especificar tiempo de vida en segundos para caché negativo."
++
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr "Cambiar a este usuario despues del inicio (%s por predeterminado)."
+ 
+-#: option.c:372
++#: option.c:389
+ #, fuzzy
+ msgid "Map DHCP vendor class to tag."
+ msgstr "Trazar clase de vendedor DHCP a etiqueta."
+ 
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr "Mostrar información sobre la versión y copyright de dnsmasq."
+ 
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr "Traducir direcciones IPv4 desde servidores subida."
+ 
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr "Especificar un expediente SRV."
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr "Mostrar este mensaje. Usar --help dhcp para opciones DHCP conocidas."
+ 
+-#: option.c:377
++#: option.c:394
+ #, fuzzy, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr "Especificar path de archivo PID (%s por predeterminado)."
+ 
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr "Especificar número máximo de concesión DHCP (%s por predeterminado)."
+ 
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr "Responder a búsquedas DNS en base a la interfase a la cuál fueron enviadas."
+ 
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr "Especificar expediente DNS TXT."
+ 
+-#: option.c:381
++#: option.c:398
+ #, fuzzy
+ msgid "Specify PTR DNS record."
+ msgstr "Especificar expediente DNS PTR."
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr "Otorgar nombre DNS a dirección IPv4 de interfase."
+ 
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr "Acoplar solo a interfases en uso."
+ 
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr "Leer información sobre hosts DHCP estáticos desde %s."
+ 
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr "Habilitar la interfase DBus para fijar servidores subida, etc."
+ 
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr "No proveer DHCP en esta interfase, sólo proveer DNS."
+ 
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr "Habilitar alocación dinámica de direcciónes para BOOTP."
+ 
+-#: option.c:388
++#: option.c:405
+ #, fuzzy
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr "Trazar dirección MAC (con comodínes) a opción fijada."
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr "Tratar pedidos DHCP en alias como si llegaran de la interfase."
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr "Deshabilitar verificación de direcciónes para echo ICMP en el servidor DHCP."
+ 
+-#: option.c:391
++#: option.c:408
+ #, fuzzy
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr "Archivo guión para ejecutar cuando se crea o destruye una concesión DHCP."
+ 
+-#: option.c:392
++#: option.c:409
+ #, fuzzy
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr "Archivo guión para ejecutar cuando se crea o destruye una concesión DHCP."
+ 
+-#: option.c:393
++#: option.c:410
+ #, fuzzy
+ msgid "Run lease-change scripts as this user."
+ msgstr "Correr archivo guión de cambio de concesión como este usuario."
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr "Leer configuración desde todos los archivos en este directorio."
+ 
+-#: option.c:395
++#: option.c:412
+ #, fuzzy
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr "Bitacorear a esta facilidad syslog o archivo. (DAEMON por predeterminado)"
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr "No usar archivo de concesión."
+ 
+-#: option.c:397
++#: option.c:414
+ #, fuzzy, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr "Número máximo de búsquedas DNS simultáneas. (%s por predeterminado)"
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr "Liberar caché DNS al recargar %s."
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr "Ignorar nombres de host brindados por clientes DHCP."
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr "NO reutilizar campos de nombre de archivo y servidor para opciones DHCP extra."
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr "Habilitar servidor integrado TFTP solo-lectura."
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr "Exportar archivos vía TFTP solo del sub-árbol especificado."
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr "Agregar IP de cliente a tftp-root."
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr "Permitir acceso solo a archivos pertenecientes al usuario que corre dnsmasq."
+ 
+-#: option.c:405
++#: option.c:422
+ #, fuzzy, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr "Número máximo de transferencias TFTP simultáneas (%s por predeterminado)."
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr "Deshabilitar la extensión TFTP blocksize (tamaño de bloque)."
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr "Convertir a minúsculas los nombres de archivos TFTP"
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr "Rango de puertos efímeros para ser usados en transferencias TFTP."
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr "Log extra para DHCP."
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr "Habilitar registro asíncrono; opcionalmente fijar tamaño de cola."
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr "Detener revinculación DNS. Filtrar rangos de IP privados al resolver."
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr "Permitir revinculación de 127.0.0.0/8, para servidores RBL."
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr "Inhibir protección de revinculación DNS en este dominio."
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr "Siempre realizar búsquedas DNS a todos los servidores."
+ 
+-#: option.c:415
++#: option.c:432
+ #, fuzzy
+ msgid "Set tag if client includes matching option in request."
+ msgstr "Fijar etiqueta si cliente incluye opción coincidente en pedido."
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr "Usar puertos alternativos para DHCP."
+ 
+-#: option.c:417
++#: option.c:434
+ #, fuzzy
+ msgid "Specify NAPTR DNS record."
+ msgstr "Especificar expediente DNS NAPTR."
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr "Especificar puerto más bajo disponible para transmisión de búsquedas DNS."
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr "Usar solo nombres de dominio completamente calificados para clientes DHCP."
+ 
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr "Generar hostnames basados en direcciones MAC para clientes sin nombre."
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr "Usar estos relays DHCP como proxies completos."
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr ""
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr "Especificar nombre alias para nombre DNS LOCAL."
+ 
+-#: option.c:424
++#: option.c:441
+ #, fuzzy
+ msgid "Prompt to send to PXE clients."
+ msgstr "Aviso a ser enviado a clientes PXE."
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr "Servicio de arranque para menú PXE."
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr "Revisar sintaxis de configuración."
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr "Añadir direcciones MAC de los peticionarios a los filtros DNS enviados"
+ 
+-#: option.c:428
++#: option.c:445
+ #, fuzzy
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr "Añadir direcciones MAC de los peticionarios a los filtros DNS enviados"
+ 
+-#: option.c:429
++#: option.c:446
+ #, fuzzy
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr "Traducir direcciones IPv4 desde servidores subida."
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr "Intento de instaurar direcciones IP secuenciales a cliente DHCP"
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr "Copiar la marca de connection-track desde los filtros a las conexiones salientes"
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr "Permite a clientes DHCP realizar sus propias actualizaciones DDNS"
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr "Enviar anuncios del router a los interfases realizando DHCPv6"
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr ""
+ 
+-#: option.c:435
++#: option.c:452
+ #, fuzzy
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr "Especificar un expediente MX."
+ 
+-#: option.c:436
++#: option.c:453
+ #, fuzzy
+ msgid "Specify arbitrary DNS resource record"
+ msgstr "Especificar expediente DNS TXT."
+ 
+-#: option.c:437
++#: option.c:454
+ #, fuzzy
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr "interfase desconocida %s en bridge-interfase"
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr "Exportar nombres DNS locales a globales"
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr "Dominio a exportar a DNS global"
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr "Fijar TTL para respuestas autoritarias"
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr "Fijar información de zona autoritaria"
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr "Nombres de servidor secundario autoritatorios para dominios enviados"
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr "Colegas autorizados a la zona de transferencia (transfer)"
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr "Especificar los ipsets coincidentes en dominio que debrían ser añadidos"
+ 
+-#: option.c:445
++#: option.c:462
+ #, fuzzy
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr "Especificar dominio y rango de direcciones para los nombres acrónimos"
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr ""
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr ""
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr ""
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr ""
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr ""
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr "Especificar prefijo de clase DHCPv6"
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr ""
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr ""
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr ""
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr ""
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr ""
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr ""
+ 
+-#: option.c:661
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+@@ -727,335 +760,335 @@ msgstr ""
+ "Modo de uso: dnsmasq [opciones]\n"
+ "\n"
+ 
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr "Usar opciones cortas solo en la línea de comandos.\n"
+ 
+-#: option.c:665
++#: option.c:684
+ #, fuzzy, c-format
+ msgid "Valid options are:\n"
+ msgstr "Opciones válidas son :\n"
+ 
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr "puerto erróneo"
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr "vinculación de interfase no está soportado"
+ 
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ #, fuzzy
+ msgid "bad interface name"
+ msgstr "nombre de interfase erróneo"
+ 
+-#: option.c:792
++#: option.c:811
+ #, fuzzy
+ msgid "bad address"
+ msgstr "dirección IP errónea"
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr "Encapsulación no soportada para opción IPv6"
+ 
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr "opción dhcp-option errónea"
+ 
+-#: option.c:1056
++#: option.c:1075
+ #, fuzzy
+ msgid "bad IP address"
+ msgstr "dirección IP errónea"
+ 
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ #, fuzzy
+ msgid "bad IPv6 address"
+ msgstr "dirección IP errónea"
+ 
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr "dominio erróneo en dhcp-option"
+ 
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr "opción dhcp-option demasiado larga"
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr "dhcp-match ilegal"
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr "opción repetida ilegal"
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr "palabra clave repetida ilegal"
+ 
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, fuzzy, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr "no se puede acceder a directorio %s: %s"
+ 
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, fuzzy, c-format
+ msgid "cannot access %s: %s"
+ msgstr "no se puede acceder %s: %s"
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr "la creación de un registro no es posible en Android"
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr "ubicación del registro errónea"
+ 
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr "preferencia MX errónea"
+ 
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr "nombre MX erróneo"
+ 
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr "destino MX erróneo"
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr "no se pueden correr archivos 'script' bajo uClinux"
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr "recompilar con HAVE_SCRIPT definido para habilitar guiónes de cambio de concesión"
+ 
+-#: option.c:1687
++#: option.c:1714
+ #, fuzzy
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr "recompilar con HAVE_SCRIPT definido para habilitar 'scripts' en Lua"
+ 
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ #, fuzzy
+ msgid "bad prefix"
+ msgstr "prefijo erróneo"
+ 
+-#: option.c:2289
++#: option.c:2352
+ #, fuzzy
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr "recompilar con HAVE_SCRIPT definido para habilitar directivas ipset"
+ 
+-#: option.c:2469
++#: option.c:2545
+ #, fuzzy
+ msgid "bad port range"
+ msgstr "rango de puertos erróneo"
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr "opción bridge-interface (interfase puente) errónea"
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr "solo una etiqueta permitida"
+ 
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr "opción dhcp-range (rango DHCP) errónea"
+ 
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr "rango DHCP inconsistente"
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr "la longitud del prefijo debe ser 64 exacto para subredes RA"
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr "la longitud del prefijo debe ser 64 exacto para subredes constructoras"
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr "la longitud del prefijo debe ser al menos 64"
+ 
+-#: option.c:2660
++#: option.c:2736
+ #, fuzzy
+ msgid "inconsistent DHCPv6 range"
+ msgstr "rango DHCP inconsistente"
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr "prefijo debe ser cero con argumento \"constructor:\""
+ 
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ #, fuzzy
+ msgid "bad hex constant"
+ msgstr "constante hexadecimal errónea"
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr "no coinciden etiquetas en --dhcp-host"
+ 
+-#: option.c:2852
++#: option.c:2928
+ #, fuzzy, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr "dirección IP duplicada %s en %s."
+ 
+-#: option.c:2910
++#: option.c:2986
+ #, fuzzy
+ msgid "bad DHCP host name"
+ msgstr "nombre de host DHCP erróneo"
+ 
+-#: option.c:2992
++#: option.c:3068
+ #, fuzzy
+ msgid "bad tag-if"
+ msgstr "etiqueta tag-if errónea"
+ 
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr "número de puerto inválido"
+ 
+-#: option.c:3378
++#: option.c:3454
+ #, fuzzy
+ msgid "bad dhcp-proxy address"
+ msgstr "dirección IP errónea"
+ 
+-#: option.c:3404
++#: option.c:3480
+ #, fuzzy
+ msgid "Bad dhcp-relay"
+ msgstr "opción dhcp-range (rango DHCP) errónea"
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr ""
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr "DUID erróneo"
+ 
+-#: option.c:3481
++#: option.c:3557
+ #, fuzzy
+ msgid "invalid alias range"
+ msgstr "rango alias inválido"
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr "CNAME erróneo"
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr "CNAME duplicado"
+ 
+-#: option.c:3560
++#: option.c:3636
+ #, fuzzy
+ msgid "bad PTR record"
+ msgstr "registro PTR erróneo"
+ 
+-#: option.c:3591
++#: option.c:3667
+ #, fuzzy
+ msgid "bad NAPTR record"
+ msgstr "registro NAPTR erróneo"
+ 
+-#: option.c:3625
++#: option.c:3701
+ #, fuzzy
+ msgid "bad RR record"
+ msgstr "registro PTR erróneo"
+ 
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr "registro TXT erróneo"
+ 
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr "registro SRV erróneo"
+ 
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr "destino SRV erróneo"
+ 
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr "prioridad inválida"
+ 
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr "peso inválido"
+ 
+-#: option.c:3748
++#: option.c:3824
+ #, fuzzy
+ msgid "Bad host-record"
+ msgstr "registro PTR erróneo"
+ 
+-#: option.c:3765
++#: option.c:3841
+ #, fuzzy
+ msgid "Bad name in host-record"
+ msgstr "nombre erróneo en %s"
+ 
+-#: option.c:3826
++#: option.c:3906
+ #, fuzzy
+ msgid "bad trust anchor"
+ msgstr "rango de puertos erróneo"
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr ""
+ 
+-#: option.c:3850
++#: option.c:3930
+ #, fuzzy
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr "opción no soportada (verificar que dnsmasq fue compilado con soporte para DHCP/TFTP/DBus)"
+ 
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr "falta \""
+ 
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr "opción errónea"
+ 
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr "parámetro extraño"
+ 
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr "parámetro ausente"
+ 
+-#: option.c:3972
++#: option.c:4052
+ #, fuzzy
+ msgid "illegal option"
+ msgstr "opción errónea"
+ 
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr "error"
+ 
+-#: option.c:3981
++#: option.c:4061
+ #, fuzzy, c-format
+ msgid " at line %d of %s"
+ msgstr "%s en línea %d de %%s"
+ 
+-#: option.c:4045 option.c:4168 tftp.c:667
+-#, c-format
+-msgid "cannot read %s: %s"
+-msgstr "no se puede leer %s: %s"
+-
+-#: option.c:4229 option.c:4265
++#: option.c:4076 option.c:4323 option.c:4359
+ #, fuzzy, c-format
+ msgid "read %s"
+ msgstr "lee %s"
+ 
+-#: option.c:4331
++#: option.c:4139 option.c:4262 tftp.c:667
++#, c-format
++msgid "cannot read %s: %s"
++msgstr "no se puede leer %s: %s"
++
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr "basura encontrada en linea de comando"
+ 
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr "Versión dnsmasq %s  %s\n"
+ 
+-#: option.c:4367
++#: option.c:4461
+ #, fuzzy, c-format
+ msgid ""
+ "Compile time options: %s\n"
+@@ -1064,90 +1097,90 @@ msgstr ""
+ "Opciones de compilación %s\n"
+ "\n"
+ 
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr "Este software viene SIN NINGUNA GARANTIA.\n"
+ 
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr "Dnsmasq es software libre, y usted está autorizado a redistribuirlo\n"
+ 
+-#: option.c:4370
++#: option.c:4464
+ #, fuzzy, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr "bajo los términos de la GNU General Public License, versión 2 o 3.\n"
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr "pruebe --help"
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr "pruebe -w"
+ 
+-#: option.c:4385
++#: option.c:4479
+ #, fuzzy, c-format
+ msgid "bad command line options: %s"
+ msgstr "opciones de línea de comandos erróneas: %s"
+ 
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr "no se puede obtener host-name (nombre de host): %s"
+ 
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr "solo un archivo resolv.conf está permitido en modo no-poll."
+ 
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr "debe haber exáctamente un resolv.conf desde donde leer dominio."
+ 
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, fuzzy, c-format
+ msgid "failed to read %s: %s"
+ msgstr "no se pudo leer %s: %s"
+ 
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr "ninguna directiva de búsqueda encontrada en %s"
+ 
+-#: option.c:4513
++#: option.c:4614
+ #, fuzzy
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr "debe haber un dominio predeterminado cuando --dhcp-fqdn está fijado"
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr "revisión de sintaxis OK"
+ 
+-#: forward.c:114
++#: forward.c:111
+ #, fuzzy, c-format
+ msgid "failed to send packet: %s"
+ msgstr "no se pudo escuchar en socket: %s"
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr ""
+ 
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr "servidor DNS %s rechazó realizar una búsqueda recursiva"
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, fuzzy, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr "posible ataque de revinculación DNS detectado"
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr ""
+ 
+-#: forward.c:2101
++#: forward.c:2178
+ #, fuzzy, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr "Número máximo de búsquedas DNS simultáneas alcanzado. (%s por predeterminado)"
+@@ -1237,272 +1270,286 @@ msgstr "usando nombre de servidor %s#%d(v
+ msgid "using nameserver %s#%d"
+ msgstr "usando nombre de servidor %s#%d"
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:156
++msgid "no trust anchors provided for DNSSEC"
+ msgstr ""
+ 
+ #: dnsmasq.c:159
++msgid "cannot reduce cache size from default when DNSSEC enabled"
++msgstr ""
++
++#: dnsmasq.c:161
+ #, fuzzy
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
+ 
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ #, fuzzy
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr "servidor TFTP no disponible: fijar HAVE_TFTP en src/config.h"
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++#, fuzzy
++msgid "cannot use --conntrack AND --query-port"
+ msgstr "No puede usar --conntrack AND --query-port"
+ 
+-#: dnsmasq.c:173
++#: dnsmasq.c:175
+ #, fuzzy
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr "servidor TFTP no disponible: fijar HAVE_TFTP en src/config.h"
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ #, fuzzy
+ msgid "asychronous logging is not available under Solaris"
+ msgstr "registro asíncrono no está disponible bajo Solaris"
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ #, fuzzy
+ msgid "asychronous logging is not available under Android"
+ msgstr "registro asíncrono no está disponible bajo Solaris"
+ 
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ #, fuzzy
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
+ 
+-#: dnsmasq.c:193
++#: dnsmasq.c:195
+ #, fuzzy
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr "servidor TFTP no disponible: fijar HAVE_TFTP en src/config.h"
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr "zona serie debe ser configurada en --auth-soa"
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr "constructor rango dhcp no disponible en esta plataforma"
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr "no puede usar --bind-interfases y --bind-dynamic"
+ 
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr "no se pudo encontrar lista de interfases: %s"
+ 
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr "interfase desconocida %s"
+ 
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr "error DBus: %s"
+ 
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr "usuario o grupo desconocido: %s"
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr "no se puede cambiar directorio a raíz de sistema de archivos: %s"
+ 
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, fuzzy, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr "iniciado, versión %s DNS deshabilitado"
+ 
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr "iniciado, versión %s tamaño de caché %d"
+ 
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr "iniciado, versión %s caché deshabilitado"
+ 
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr "opciones de compilación: %s"
+ 
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr "soporte DBus habilitado: conectado a bus de sistema"
+ 
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr "soporte DBus habilitado: conexión a bus pendiente"
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr ""
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr ""
+ 
+-#: dnsmasq.c:684
++#: dnsmasq.c:708
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr ""
++
++#: dnsmasq.c:713
+ #, fuzzy, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr "advertencia: no se pudo cambiar propietario de %s: %s"
+ 
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr "fijando opción --bind-interfases debido a limitaciones de sistema operativo"
+ 
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr "advertencia: interfase %s no existe actualmente"
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr "advertencia: ignorando opción resolv-file porque no-resolv está fijado"
+ 
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ #, fuzzy
+ msgid "warning: no upstream servers configured"
+ msgstr "advertencia: ningún servidor de subida configurado"
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr "registro asíncrono habilitado, el límite de la cola es %d mensajes"
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr "Anuncio de router IPv6 habilitado"
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr "root está "
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ #, fuzzy
+ msgid "enabled"
+ msgstr "habilitado"
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr "modo seguro"
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr "limitando número máximo de transferencias TFTP simultáneas a %d"
+ 
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr "conectado a DBus de sistema"
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr "no se puede hacer fork en background: %s"
+ 
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, fuzzy, c-format
+ msgid "failed to create helper: %s"
+ msgstr "no se pudo crear ayudante: %s"
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, fuzzy, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr "configuración de capacidades ha fallado: %s"
+ 
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, fuzzy, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr "no se pudo cambiar user-id a %s: %s"
+ 
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, fuzzy, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr "no se pudo cambiar group-id a %s: %s"
+ 
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, fuzzy, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr "no se pudo abrir archivo PID %s: %s"
+ 
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, fuzzy, c-format
+ msgid "cannot open log %s: %s"
+ msgstr "no se puede abrir registro %s: %s"
+ 
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, fuzzy, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr "no se pudo cargar script Lua %s: %s"
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr "directorio TFTP % inaccesible: %s"
+ 
+-#: dnsmasq.c:1151
++#: dnsmasq.c:1183
++#, fuzzy, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr "no se puede abrir o crear archivo de concesión %s: %s"
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr ""
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, fuzzy, c-format
+ msgid "script process killed by signal %d"
+ msgstr "proceso script eliminado por señal %d"
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, fuzzy, c-format
+ msgid "script process exited with status %d"
+ msgstr "proceso script salió con con estado %d"
+ 
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, fuzzy, c-format
+ msgid "failed to execute %s: %s"
+ msgstr "no se pudo ejecutar %s: %s"
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr "saliendo al recibir SIGTERM"
+ 
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, fuzzy, c-format
+ msgid "failed to access %s: %s"
+ msgstr "no se pudo acceder %s: %s"
+ 
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr "leyendo %s"
+ 
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, fuzzy, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr "ningún servidor encontrado en %s, se reintentará"
+@@ -1542,27 +1589,27 @@ msgstr "interfase desconocida %s en bridge-interface"
+ msgid "DHCP packet received on %s which has no address"
+ msgstr "Paquete DHCP recibido en %s que no tiene dirección"
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr ""
+ 
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr "rango DHCP %s -- %s no coincide con máscara de subred %s"
+ 
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, fuzzy, c-format
+ msgid "bad line at %s line %d"
+ msgstr "línea errónea en %s línea %d"
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr "ignorando %s línea %d, nombre o dirección IP duplicada"
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr "DHCP relay %s -> %s"
+@@ -1633,12 +1680,12 @@ msgstr "%u Clase de usuario: %s"
+ msgid "disabled"
+ msgstr "deshabilitado"
+ 
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr "ignorado"
+ 
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr "dirección en uso"
+ 
+@@ -1658,7 +1705,7 @@ msgstr "ninguna direcci
+ msgid "no leases left"
+ msgstr "no sobra ninguna concesión"
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, fuzzy, c-format
+ msgid "%u client provides name: %s"
+ msgstr "%u cliente provee nombre: %s"
+@@ -1667,7 +1714,7 @@ msgstr "%u cliente provee nombre: %s"
+ msgid "PXE BIS not supported"
+ msgstr "no hay soporte para BIS PXE"
+ 
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, fuzzy, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr "deshabilitando dirección DHCP estática %s para %s"
+@@ -1703,7 +1750,7 @@ msgstr "ID de servidor equivocada"
+ msgid "wrong address"
+ msgstr "dirección equivocada"
+ 
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr "concesión no encontrada"
+ 
+@@ -1753,7 +1800,7 @@ msgstr "no se puede enviar opci
+ msgid "PXE menu too large"
+ msgstr "menú PXE demasiado largo"
+ 
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, fuzzy, c-format
+ msgid "%u requested options: %s"
+ msgstr "%u opciones solicitadas: %s"
+@@ -1768,7 +1815,7 @@ msgstr "no se puede enviar opci
+ msgid "cannot create netlink socket: %s"
+ msgstr "no se puede crear zócalo netlink: %s"
+ 
+-#: netlink.c:347
++#: netlink.c:348
+ #, fuzzy, c-format
+ msgid "netlink returns error: %s"
+ msgstr "netlink retorna error: %s"
+@@ -1886,66 +1933,66 @@ msgstr "ning
+ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr "%u Subred DHCP disponible: %s/%s"
+ 
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, fuzzy, c-format
+ msgid "%u vendor class: %u"
+ msgstr "%u Clase de vendedor: %s"
+ 
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, fuzzy, c-format
+ msgid "%u client MAC address: %s"
+ msgstr "%u cliente provee nombre: %s"
+ 
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, fuzzy, c-format
+ msgid "unknown prefix-class %d"
+ msgstr "clase de prefijo desconocida"
+ 
+-#: rfc3315.c:791 rfc3315.c:913
++#: rfc3315.c:803 rfc3315.c:902
++#, fuzzy
++msgid "address unavailable"
++msgstr "dirección no disponible"
++
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
+ msgid "success"
+ msgstr ""
+ 
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
+ #, fuzzy
+ msgid "no addresses available"
+ msgstr "ninguna dirección disponible"
+ 
+-#: rfc3315.c:865
+-#, fuzzy
+-msgid "address unavailable"
+-msgstr "dirección no disponible"
+-
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr "no en el enlace"
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr "uniones no encontradas"
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr "descartado"
+ 
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ #, fuzzy
+ msgid "address invalid"
+ msgstr "dirección en uso"
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr "confirmación falló"
+ 
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ #, fuzzy
+ msgid "all addresses still on link"
+ msgstr "dirección errónea en %s línea %d"
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr "concesión recibida"
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr "No puede hacer multicast DHCPv6 sin el interfase correcto"
+ 
+@@ -2038,7 +2085,7 @@ msgstr ""
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr "no se puede crear socket DHCP: %s"
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, fuzzy, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr "pedido no-soportado desde %s"
+@@ -2053,54 +2100,89 @@ msgstr "no se pudo acoplar socket de servidor DHCP: %s"
+ msgid "failed to create IPset control socket: %s"
+ msgstr "no se pudo crear socket TFTP: %s"
+ 
++#: dnssec.c:425 dnssec.c:469
++#, fuzzy, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr "no se pudo abrir archivo PID %s: %s"
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr ""
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr ""
+ 
+-#: tables.c:105
++#: tables.c:109
+ #, fuzzy, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr "no se pudo acceder %s: %s"
+ 
+-#: tables.c:119
++#: tables.c:123
+ #, fuzzy, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr "usando direcciones locales solo para %s %s"
+ 
+-#: tables.c:127
++#: tables.c:131
+ #, fuzzy, c-format
+ msgid "error: cannot use table name %s"
+ msgstr "no se puede obtener host-name (nombre de host): %s"
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr ""
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr ""
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr ""
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr ""
+ 
+-#: tables.c:162
++#: tables.c:166
+ #, fuzzy, c-format
+ msgid "%d addresses %s"
+ msgstr "dirección IP errónea"
+ 
++#: inotify.c:46
++#, fuzzy, c-format
++msgid "failed to create inotify: %s"
++msgstr "no se pudo crear ayudante: %s"
++
++#: inotify.c:60
++#, fuzzy, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr "no se puede abrir o crear archivo de concesión %s: %s"
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++#: inotify.c:75 inotify.c:112
++#, fuzzy, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr "no se pudo crear un zócalo de escucha: %s"
++
++#: inotify.c:97
++#, fuzzy, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr "no se puede acceder a directorio %s: %s"
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
++
+ #~ msgid "no interface with address %s"
+ #~ msgstr "ninguna interfase con dirección %s"
+ 
+diff --git a/po/fi.po b/po/fi.po
+index 36f430986e79..760b08107510 100644
+--- a/po/fi.po
++++ b/po/fi.po
+@@ -16,70 +16,70 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr ""
+ 
+-#: cache.c:908
++#: cache.c:941
+ #, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr ""
+ 
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, c-format
+ msgid "bad address at %s line %d"
+ msgstr ""
+ 
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr ""
+ 
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr ""
+ 
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr ""
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr ""
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr ""
+ 
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr ""
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr ""
+ 
+-#: cache.c:1367
++#: cache.c:1422
+ #, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr ""
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr ""
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr ""
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr ""
+@@ -93,7 +93,7 @@ msgstr ""
+ msgid "failed to allocate memory"
+ msgstr ""
+ 
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr ""
+ 
+@@ -107,990 +107,1018 @@ msgstr ""
+ msgid "failed to allocate %d bytes"
+ msgstr ""
+ 
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr ""
+ 
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr ""
+ 
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr ""
+ 
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr ""
+ 
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr ""
+ 
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr ""
+ 
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr ""
+ 
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr ""
+ 
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr ""
+ 
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr ""
+ 
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr ""
+ 
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr ""
+ 
+-#: option.c:332
++#: option.c:344
+ msgid "Read DHCP host specs from file."
+ msgstr ""
+ 
+-#: option.c:333
++#: option.c:345
+ msgid "Read DHCP option specs from file."
+ msgstr ""
+ 
+-#: option.c:334
++#: option.c:346
++msgid "Read DHCP host specs from a directory."
++msgstr ""
++
++#: option.c:347
++msgid "Read DHCP options from a directory."
++msgstr ""
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr ""
+ 
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr ""
+ 
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr ""
+ 
+-#: option.c:337
++#: option.c:351
++msgid "Read hosts files from a directory."
++msgstr ""
++
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr ""
+ 
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr ""
+ 
+-#: option.c:339
++#: option.c:354
+ msgid "Map DHCP user class to tag."
+ msgstr ""
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr ""
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr ""
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr ""
+ 
+-#: option.c:343
++#: option.c:358
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr ""
+ 
+-#: option.c:344
++#: option.c:359
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr ""
+ 
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr ""
+ 
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr ""
+ 
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr ""
+ 
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr ""
+ 
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr ""
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr ""
+ 
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr ""
+ 
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr ""
+ 
+-#: option.c:354
++#: option.c:369
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr ""
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr ""
+ 
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr ""
+ 
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:358
++#: option.c:373
+ msgid "Log DNS queries."
+ msgstr ""
+ 
+-#: option.c:359
++#: option.c:374
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr ""
+ 
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr ""
+ 
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:362
++#: option.c:377
+ msgid "Specify path to file with server= options"
+ msgstr ""
+ 
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr ""
+ 
+-#: option.c:364
++#: option.c:379
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr ""
+ 
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr ""
+ 
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr ""
+ 
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr ""
+ 
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr ""
+ 
+-#: option.c:369
++#: option.c:384
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr ""
+ 
+-#: option.c:370
++#: option.c:385
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr ""
+ 
+-#: option.c:371
++#: option.c:386
++msgid "Specify time-to-live ceiling for cache."
++msgstr ""
++
++#: option.c:387
++msgid "Specify time-to-live floor for cache."
++msgstr ""
++
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:372
++#: option.c:389
+ msgid "Map DHCP vendor class to tag."
+ msgstr ""
+ 
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr ""
+ 
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr ""
+ 
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr ""
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr ""
+ 
+-#: option.c:377
++#: option.c:394
+ #, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr ""
+ 
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr ""
+ 
+-#: option.c:381
++#: option.c:398
+ msgid "Specify PTR DNS record."
+ msgstr ""
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr ""
+ 
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr ""
+ 
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr ""
+ 
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr ""
+ 
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr ""
+ 
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr ""
+ 
+-#: option.c:388
++#: option.c:405
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr ""
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr ""
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr ""
+ 
+-#: option.c:391
++#: option.c:408
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:392
++#: option.c:409
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:393
++#: option.c:410
+ msgid "Run lease-change scripts as this user."
+ msgstr ""
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr ""
+ 
+-#: option.c:395
++#: option.c:412
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr ""
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr ""
+ 
+-#: option.c:397
++#: option.c:414
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr ""
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr ""
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr ""
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr ""
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr ""
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr ""
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr ""
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr ""
+ 
+-#: option.c:405
++#: option.c:422
+ #, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr ""
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr ""
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr ""
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr ""
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr ""
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr ""
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr ""
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr ""
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr ""
+ 
+-#: option.c:415
++#: option.c:432
+ msgid "Set tag if client includes matching option in request."
+ msgstr ""
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr ""
+ 
+-#: option.c:417
++#: option.c:434
+ msgid "Specify NAPTR DNS record."
+ msgstr ""
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr ""
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr ""
+ 
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr ""
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr ""
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr ""
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr ""
+ 
+-#: option.c:424
++#: option.c:441
+ msgid "Prompt to send to PXE clients."
+ msgstr ""
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr ""
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr ""
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:428
++#: option.c:445
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:429
++#: option.c:446
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr ""
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr ""
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr ""
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr ""
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr ""
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr ""
+ 
+-#: option.c:435
++#: option.c:452
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr ""
+ 
+-#: option.c:436
++#: option.c:453
+ msgid "Specify arbitrary DNS resource record"
+ msgstr ""
+ 
+-#: option.c:437
++#: option.c:454
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr ""
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr ""
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr ""
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr ""
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr ""
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr ""
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr ""
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr ""
+ 
+-#: option.c:445
++#: option.c:462
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr ""
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr ""
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr ""
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr ""
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr ""
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr ""
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr ""
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr ""
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr ""
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr ""
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr ""
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr ""
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr ""
+ 
+-#: option.c:661
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+ "\n"
+ msgstr ""
+ 
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr ""
+ 
+-#: option.c:665
++#: option.c:684
+ #, c-format
+ msgid "Valid options are:\n"
+ msgstr ""
+ 
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr ""
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr ""
+ 
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ msgid "bad interface name"
+ msgstr ""
+ 
+-#: option.c:792
++#: option.c:811
+ msgid "bad address"
+ msgstr ""
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr ""
+ 
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr ""
+ 
+-#: option.c:1056
++#: option.c:1075
+ msgid "bad IP address"
+ msgstr ""
+ 
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ msgid "bad IPv6 address"
+ msgstr ""
+ 
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr ""
+ 
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr ""
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr ""
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr ""
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr ""
+ 
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr ""
+ 
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, c-format
+ msgid "cannot access %s: %s"
+ msgstr ""
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr ""
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr ""
+ 
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr ""
+ 
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr ""
+ 
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr ""
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr ""
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr ""
+ 
+-#: option.c:1687
++#: option.c:1714
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr ""
+ 
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ msgid "bad prefix"
+ msgstr ""
+ 
+-#: option.c:2289
++#: option.c:2352
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr ""
+ 
+-#: option.c:2469
++#: option.c:2545
+ msgid "bad port range"
+ msgstr ""
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr ""
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr ""
+ 
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr ""
+ 
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr ""
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr ""
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr ""
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr ""
+ 
+-#: option.c:2660
++#: option.c:2736
+ msgid "inconsistent DHCPv6 range"
+ msgstr ""
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr ""
+ 
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ msgid "bad hex constant"
+ msgstr ""
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr ""
+ 
+-#: option.c:2852
++#: option.c:2928
+ #, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr ""
+ 
+-#: option.c:2910
++#: option.c:2986
+ msgid "bad DHCP host name"
+ msgstr ""
+ 
+-#: option.c:2992
++#: option.c:3068
+ msgid "bad tag-if"
+ msgstr ""
+ 
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr ""
+ 
+-#: option.c:3378
++#: option.c:3454
+ msgid "bad dhcp-proxy address"
+ msgstr ""
+ 
+-#: option.c:3404
++#: option.c:3480
+ msgid "Bad dhcp-relay"
+ msgstr ""
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr ""
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr ""
+ 
+-#: option.c:3481
++#: option.c:3557
+ msgid "invalid alias range"
+ msgstr ""
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr ""
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr ""
+ 
+-#: option.c:3560
++#: option.c:3636
+ msgid "bad PTR record"
+ msgstr ""
+ 
+-#: option.c:3591
++#: option.c:3667
+ msgid "bad NAPTR record"
+ msgstr ""
+ 
+-#: option.c:3625
++#: option.c:3701
+ msgid "bad RR record"
+ msgstr ""
+ 
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr ""
+ 
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr ""
+ 
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr ""
+ 
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr ""
+ 
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr ""
+ 
+-#: option.c:3748
++#: option.c:3824
+ msgid "Bad host-record"
+ msgstr ""
+ 
+-#: option.c:3765
++#: option.c:3841
+ msgid "Bad name in host-record"
+ msgstr ""
+ 
+-#: option.c:3826
++#: option.c:3906
+ msgid "bad trust anchor"
+ msgstr ""
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr ""
+ 
+-#: option.c:3850
++#: option.c:3930
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr ""
+ 
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr ""
+ 
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr ""
+ 
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr ""
+ 
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr ""
+ 
+-#: option.c:3972
++#: option.c:4052
+ msgid "illegal option"
+ msgstr ""
+ 
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr ""
+ 
+-#: option.c:3981
++#: option.c:4061
+ #, c-format
+ msgid " at line %d of %s"
+ msgstr ""
+ 
+-#: option.c:4045 option.c:4168 tftp.c:667
++#: option.c:4076 option.c:4323 option.c:4359
+ #, c-format
+-msgid "cannot read %s: %s"
++msgid "read %s"
+ msgstr ""
+ 
+-#: option.c:4229 option.c:4265
++#: option.c:4139 option.c:4262 tftp.c:667
+ #, c-format
+-msgid "read %s"
++msgid "cannot read %s: %s"
+ msgstr ""
+ 
+-#: option.c:4331
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr ""
+ 
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr ""
+ 
+-#: option.c:4367
++#: option.c:4461
+ #, c-format
+ msgid ""
+ "Compile time options: %s\n"
+ "\n"
+ msgstr ""
+ 
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr ""
+ 
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr ""
+ 
+-#: option.c:4370
++#: option.c:4464
+ #, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr ""
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr ""
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr ""
+ 
+-#: option.c:4385
++#: option.c:4479
+ #, c-format
+ msgid "bad command line options: %s"
+ msgstr ""
+ 
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr ""
+ 
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr ""
+ 
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr ""
+ 
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, c-format
+ msgid "failed to read %s: %s"
+ msgstr ""
+ 
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr ""
+ 
+-#: option.c:4513
++#: option.c:4614
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr ""
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr ""
+ 
+-#: forward.c:114
++#: forward.c:111
+ #, c-format
+ msgid "failed to send packet: %s"
+ msgstr ""
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr ""
+ 
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr ""
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr ""
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr ""
+ 
+-#: forward.c:2101
++#: forward.c:2178
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr ""
+@@ -1180,263 +1208,276 @@ msgstr ""
+ msgid "using nameserver %s#%d"
+ msgstr ""
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:156
++msgid "no trust anchors provided for DNSSEC"
+ msgstr ""
+ 
+ #: dnsmasq.c:159
++msgid "cannot reduce cache size from default when DNSSEC enabled"
++msgstr ""
++
++#: dnsmasq.c:161
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++msgid "cannot use --conntrack AND --query-port"
+ msgstr ""
+ 
+-#: dnsmasq.c:173
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++#: dnsmasq.c:175
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ msgid "asychronous logging is not available under Solaris"
+ msgstr ""
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ msgid "asychronous logging is not available under Android"
+ msgstr ""
+ 
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:193
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++#: dnsmasq.c:195
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr ""
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr ""
+ 
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr ""
+ 
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr ""
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr ""
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr ""
+ 
+-#: dnsmasq.c:684
++#: dnsmasq.c:708
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr ""
++
++#: dnsmasq.c:713
+ #, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr ""
+ 
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr ""
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr ""
+ 
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ msgid "warning: no upstream servers configured"
+ msgstr ""
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr ""
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr ""
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr ""
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, c-format
+ msgid "failed to create helper: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, c-format
+ msgid "cannot open log %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1151
++#: dnsmasq.c:1183
++#, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr ""
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr ""
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, c-format
+ msgid "script process killed by signal %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, c-format
+ msgid "script process exited with status %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, c-format
+ msgid "failed to execute %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr ""
+ 
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, c-format
+ msgid "failed to access %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr ""
+@@ -1476,27 +1517,27 @@ msgstr ""
+ msgid "DHCP packet received on %s which has no address"
+ msgstr ""
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr ""
+ 
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr ""
+ 
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, c-format
+ msgid "bad line at %s line %d"
+ msgstr ""
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr ""
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr ""
+@@ -1567,12 +1608,12 @@ msgstr ""
+ msgid "disabled"
+ msgstr ""
+ 
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr ""
+ 
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr ""
+ 
+@@ -1592,7 +1633,7 @@ msgstr ""
+ msgid "no leases left"
+ msgstr ""
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, c-format
+ msgid "%u client provides name: %s"
+ msgstr ""
+@@ -1601,7 +1642,7 @@ msgstr ""
+ msgid "PXE BIS not supported"
+ msgstr ""
+ 
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr ""
+@@ -1637,7 +1678,7 @@ msgstr ""
+ msgid "wrong address"
+ msgstr ""
+ 
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr ""
+ 
+@@ -1687,7 +1728,7 @@ msgstr ""
+ msgid "PXE menu too large"
+ msgstr ""
+ 
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, c-format
+ msgid "%u requested options: %s"
+ msgstr ""
+@@ -1702,7 +1743,7 @@ msgstr ""
+ msgid "cannot create netlink socket: %s"
+ msgstr ""
+ 
+-#: netlink.c:347
++#: netlink.c:348
+ #, c-format
+ msgid "netlink returns error: %s"
+ msgstr ""
+@@ -1820,62 +1861,62 @@ msgstr ""
+ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr ""
+ 
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, c-format
+ msgid "%u vendor class: %u"
+ msgstr ""
+ 
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, c-format
+ msgid "%u client MAC address: %s"
+ msgstr ""
+ 
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, c-format
+ msgid "unknown prefix-class %d"
+ msgstr ""
+ 
+-#: rfc3315.c:791 rfc3315.c:913
+-msgid "success"
++#: rfc3315.c:803 rfc3315.c:902
++msgid "address unavailable"
+ msgstr ""
+ 
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
+-msgid "no addresses available"
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
++msgid "success"
+ msgstr ""
+ 
+-#: rfc3315.c:865
+-msgid "address unavailable"
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
++msgid "no addresses available"
+ msgstr ""
+ 
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr ""
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr ""
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr ""
+ 
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ msgid "address invalid"
+ msgstr ""
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr ""
+ 
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ msgid "all addresses still on link"
+ msgstr ""
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr ""
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr ""
+ 
+@@ -1968,7 +2009,7 @@ msgstr ""
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr ""
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr ""
+@@ -1983,50 +2024,85 @@ msgstr ""
+ msgid "failed to create IPset control socket: %s"
+ msgstr ""
+ 
++#: dnssec.c:425 dnssec.c:469
++#, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr ""
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr ""
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr ""
+ 
+-#: tables.c:105
++#: tables.c:109
+ #, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr ""
+ 
+-#: tables.c:119
++#: tables.c:123
+ #, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr ""
+ 
+-#: tables.c:127
++#: tables.c:131
+ #, c-format
+ msgid "error: cannot use table name %s"
+ msgstr ""
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr ""
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr ""
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr ""
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr ""
+ 
+-#: tables.c:162
++#: tables.c:166
+ #, c-format
+ msgid "%d addresses %s"
+ msgstr ""
++
++#: inotify.c:46
++#, c-format
++msgid "failed to create inotify: %s"
++msgstr ""
++
++#: inotify.c:60
++#, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr ""
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++#: inotify.c:75 inotify.c:112
++#, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr ""
++
++#: inotify.c:97
++#, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr ""
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
+diff --git a/po/fr.po b/po/fr.po
+index 1ac4848b9fa9..fbddad73887a 100644
+--- a/po/fr.po
++++ b/po/fr.po
+@@ -14,70 +14,70 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=2; plural=(n > 1);\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr ""
+ 
+-#: cache.c:908
++#: cache.c:941
+ #, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr "Impossible de charger les noms à partir de %s : %s"
+ 
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, c-format
+ msgid "bad address at %s line %d"
+ msgstr "mauvaise adresse dans %s ligne %d"
+ 
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr "mauvais nom dans %s ligne %d"
+ 
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr "lecture %s - %d adresses"
+ 
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr "cache vidé"
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr "Aucune adresse IPv4 trouvée pour %s"
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr "%s est un CNAME, il ne sera pas donné au bail DHCP de %s"
+ 
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr "ne donne pas de nom %s au bail DHCP de %s parce-que le nom existe dans %s avec l'adresse %s"
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr "horodatage %lu"
+ 
+-#: cache.c:1367
++#: cache.c:1422
+ #, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr "taille de cache %d, %d/%d insertions dans le cache entrées non-expirées réutilisées"
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr "requêtes transmises %u, requêtes résolues localement %u"
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, fuzzy, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr "Configure la durée de vie (Time To Live) pour les réponses faisant autorité"
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr "serveur %s#%d: requêtes envoyées %u, requêtes réessayées ou échouées %u"
+@@ -91,7 +91,7 @@ msgstr "impossible d'initialiser le g
+ msgid "failed to allocate memory"
+ msgstr "impossible d'allouer la mémoire"
+ 
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr "impossible d'allouer de la mémoire"
+ 
+@@ -105,607 +105,642 @@ msgstr "Ne peut pas cr
+ msgid "failed to allocate %d bytes"
+ msgstr "impossible d'allouer %d octets"
+ 
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr "illimité(e)"
+ 
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr "Spécifie la ou les adresse(s) locales où le démon doit se mettre à l'écoute."
+ 
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr "Retourne les adresses IP pour toutes les machines présentes dans les domaines spécifiés"
+ 
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr "Traduction inverse truquée pour la plage d'adresse privée RFC1918"
+ 
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr "Traite l'adresse IP comme un domaine inexistant NXDOMAIN (contourne le systeme de redirection de Verisign)"
+ 
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr "Spécifie le nombre d'entrées que contiendra le cache (par défaut : %s)."
+ 
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr "Spécifie le nom du fichier de configuration (par défaut : %s)"
+ 
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr "Ne passe pas en tâche de fond : démarre en mode debug"
+ 
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr "Ne retransmet pas les requêtes qui n'ont pas de domaine."
+ 
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr "Retourne les champs MX pour les machines locales."
+ 
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr "Etend les noms uniques des machines dans /etc/hosts avec le suffixe du domaine."
+ 
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr "Ne retransmet pas les fausses requêtes DNS en provenance des machines Windows."
+ 
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr "Autorise DHCP dans la plage d'adresses donnée sur la durée de validité du bail."
+ 
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr "On change pour ce groupe après le démarrage (par défaut : %s)."
+ 
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr "On assigne une adresse ou un nom pour une machine spécifiée."
+ 
+-#: option.c:332
++#: option.c:344
+ msgid "Read DHCP host specs from file."
+ msgstr "Lecture des spécifications d'hôtes DHCP à partir du fichier"
+ 
+-#: option.c:333
++#: option.c:345
+ msgid "Read DHCP option specs from file."
+ msgstr "Lecture des options DHCP à partir du fichier"
+ 
+-#: option.c:334
++#: option.c:346
++#, fuzzy
++msgid "Read DHCP host specs from a directory."
++msgstr "Lecture des spécifications d'hôtes DHCP à partir du fichier"
++
++#: option.c:347
++#, fuzzy
++msgid "Read DHCP options from a directory."
++msgstr "Lecture des options DHCP à partir du fichier"
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr "Expression d'évaluation conditionnelle d'étiquette"
+ 
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr "Ne charge PAS le fichier %s."
+ 
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr "Spécifie un nom de fichier hosts à lire en complément de %s"
+ 
+-#: option.c:337
++#: option.c:351
++#, fuzzy
++msgid "Read hosts files from a directory."
++msgstr "Lecture des spécifications d'hôtes DHCP à partir du fichier"
++
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr "Spécifie la ou les interface(s) où le démon doit se mettre à l'écoute."
+ 
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr "Spécifie la ou les interface(s) que le démon ne doit PAS traiter."
+ 
+ #
+-#: option.c:339
++#: option.c:354
+ msgid "Map DHCP user class to tag."
+ msgstr "Associe les classes d'utilisateurs ('user class') DHCP aux options."
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr "Associe les identifiants de circuits RFC3046 ('circuit-id') aux options"
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr "Associe les identifiants distants RFC3046 ('remote-id') aux options"
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr "Associe les identifiants de souscripteurs RFC3993 ('subscriber-id') aux options"
+ 
+ #
+-#: option.c:343
++#: option.c:358
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr "Ne pas autoriser DHCP pour les machines énumerées dans les options."
+ 
+ #
+-#: option.c:344
++#: option.c:359
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr "Forcer les réponses par 'broadcast' pour les machines énumerées dans les options."
+ 
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr "Ne passe pas en tâche de fond, ne pas s'exécuter en mode debug."
+ 
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr "On considère que l'on est le seul serveur DHCP sur le réseau local."
+ 
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr "Spécifie où il faut sauvegarder les baux DHCP (par défaut : %s)."
+ 
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr "Retourne les champs MX pour les machines locales."
+ 
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr "Spécifie un champ MX."
+ 
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr "Spécifie les options BOOTP pour le serveur DHCP."
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr "Ne pas scruter le fichier %s, ne recharger les modifications que sur réception du signal SIGHUP."
+ 
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr "Ne place pas en cache le résultat des requêtes qui ont échouées."
+ 
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr "Utilise les serveurs de noms dans l'ordre donné dans %s."
+ 
+ #
+-#: option.c:354
++#: option.c:369
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr "Options supplémentaires à associer aux clients DHCP."
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr "Option DHCP envoyée même si le client de la demande pas."
+ 
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr "Spécifie le port où il faut écouter les requêtes DNS (par défaut : 53)."
+ 
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr "Taille maximale des paquets UDP supportés pour EDNS.0 (par défaut : %s)."
+ 
+ #
+-#: option.c:358
++#: option.c:373
+ msgid "Log DNS queries."
+ msgstr "Enregistre les requêtes DNS dans un journal d'activité."
+ 
+ #
+-#: option.c:359
++#: option.c:374
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr "Force le port d'origine pour les requêtes vers les serveurs amonts."
+ 
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr "Ne pas lire le fichier resolv.conf."
+ 
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr "Spécifie le chemin pour le fichier resolv.conf (par défaut : %s)."
+ 
+-#: option.c:362
++#: option.c:377
+ #, fuzzy
+ msgid "Specify path to file with server= options"
+ msgstr "Spécifie un chemin pour le fichier PID (par défaut : %s)."
+ 
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr "Spécifie la ou les adresses des serveurs amonts avec des domaines optionels."
+ 
+-#: option.c:364
++#: option.c:379
+ #, fuzzy
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr "Spécifie la ou les adresses des serveurs amonts avec des domaines optionels."
+ 
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr "Ne jamais retransmettre les requêtes pour les domaines spécifiés."
+ 
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr "Spécifie le domaine qui doit etre assigné aux baux DHCP."
+ 
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr "Spécifie la cible par défaut dans un champ MX."
+ 
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr "Spécifie le TTL en secondes pour les réponses qui utilisent /etc/hosts."
+ 
+ #
+-#: option.c:369
++#: option.c:384
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr "Spécifie le TTL en secondes pour les réponses qui utilisent /etc/hosts."
+ 
+-#: option.c:370
++#: option.c:385
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr "Spécifie, en secondes, la valeur maximum de TTL à renvoyer aux clients."
+ 
+-#: option.c:371
++#
++#: option.c:386
++#, fuzzy
++msgid "Specify time-to-live ceiling for cache."
++msgstr "Spécifie le TTL en secondes pour les réponses qui utilisent /etc/hosts."
++
++#
++#: option.c:387
++#, fuzzy
++msgid "Specify time-to-live floor for cache."
++msgstr "Spécifie le TTL en secondes pour les réponses qui utilisent /etc/hosts."
++
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr "Change pour cet utilisateur après le démarrage (par défaut : %s)."
+ 
+ #
+-#: option.c:372
++#: option.c:389
+ msgid "Map DHCP vendor class to tag."
+ msgstr "Associe les classes de fournisseurs ('vendor class') DHCP aux options."
+ 
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr "Affiche la version de Dnsmasq et les informations liées au copyright."
+ 
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr "Traduit les adresses IPV4 des serveurs amonts."
+ 
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr "Spécifie un champ SRV."
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr "Afficher ce message. Utiliser --help dhcp pour obtenir la liste des options DHCP connues."
+ 
+-#: option.c:377
++#: option.c:394
+ #, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr "Spécifie un chemin pour le fichier PID (par défaut : %s)."
+ 
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr "Spécifie le nombre maximum de baux DHCP (par défaut : %s)."
+ 
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr "Repond aux requêtes DNS en se basant sur l'interface ou a été envoyée la requête."
+ 
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr "Spécifie un champ DNS TXT"
+ 
+ #
+-#: option.c:381
++#: option.c:398
+ msgid "Specify PTR DNS record."
+ msgstr "Spécifie un champ DNS PTR"
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr "Donne le nom DNS pour l'adresse IPv4 de l'interface."
+ 
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr "Association uniquement aux interfaces réseau actuellement actives."
+ 
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr "Lecture des informations de DHCP statique à partir de %s."
+ 
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr "Autorise l'interface DBus pour la configuration des serveurs amonts, etc."
+ 
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr "Ne pas assurer de fonction DHCP sur cette interface, mais seulement la fonction DNS."
+ 
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr "Autorise l'allocation dynamique d'adresse pour bootp."
+ 
+ #
+-#: option.c:388
++#: option.c:405
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr "Associe l'adresse MAC (avec les jokers) aux options."
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr "Traiter les requêtes DHCP sur les alias comme arrivant de l'interface."
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr "Supprime la vérification d'adresse sur le serveur au moyen de paquets ICMP echo"
+ 
+-#: option.c:391
++#: option.c:408
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr "Script shell à exécuter lors de la création ou destruction de bail DHCP."
+ 
+-#: option.c:392
++#: option.c:409
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr "Script Lua à exécuter lors de la création ou destruction de bail DHCP."
+ 
+-#: option.c:393
++#: option.c:410
+ msgid "Run lease-change scripts as this user."
+ msgstr "Lancer le script 'lease-change' avec cet utilisateur."
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr "Lecture de la configuration dans tous les fichiers de ce répertoire."
+ 
+ #
+-#: option.c:395
++#: option.c:412
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr "Enregistrer les journaux d'activité dans cette facilité syslog. (défaut : DAEMON)"
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr "Ne pas utiliser de fichier de baux."
+ 
+-#: option.c:397
++#: option.c:414
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr "Spécifie le nombre maximum de requêtes DHCP concurrentes (par défaut : %s)."
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr "Vider le cache DNS lors du rechargement de %s."
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr "Ignorer les noms d'hôtes fournis par les clients DHCP"
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr "Ne pas réutiliser les champs nom de fichier et serveur dans les options DHCP supplémentaires."
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr "Activer le server TFTP intégré (fonctionnant en lecture seulement)"
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr "N'exporter par TFTP que les fichiers de l'arborescence de fichier spécifiée"
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr "Ajouter les adresses IP clientes à la racine tftp ('tftp-root')."
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr "Accès aux seuls fichiers appartenants à l'utilisateur sous lequel tourne dnsmasq"
+ 
+-#: option.c:405
++#: option.c:422
+ #, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr "Spécifie le nombre maximum de transfert TFTP concurrents (défaut : %s)."
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr "Désactivation de l'extension TFTP « taille de bloc »"
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr "Convertis les noms de fichiers TFTP en minuscule"
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr "Gamme de ports dans laquelle seront choisis les ports temporaires utilisés dans les transferts TFTP."
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr "Traces supplémentaires pour le DHCP."
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr "Active l'écriture de traces en mode asynchrone. Peut prendre en option la valeur de la longueur de la queue."
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr "Stopper la réassociation DNS ('DNS rebinding'). Filtre les gammes d'adresses IP privées lors de la résolution."
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr "Autorise la réassociation de 127.0.0/8, pour les serveurs RBL (Realtime Blackhole List)"
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr "Désactive la protection contre les réassociation DNS pour ce domaine"
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr "Toujours effectuer les requêtes DNS à tous les serveurs."
+ 
+ #
+-#: option.c:415
++#: option.c:432
+ msgid "Set tag if client includes matching option in request."
+ msgstr "Spécifie le label si le client inclus l'option dans la requête."
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr "Utiliser des ports alternatifs pour le DHCP."
+ 
+ #
+-#: option.c:417
++#: option.c:434
+ msgid "Specify NAPTR DNS record."
+ msgstr "Spécifie un champ DNS NAPTR."
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr "Définie le plus petit port utilisé pour la transmission d'une requête DNS."
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr "Utilise seulement les noms de domaine pleinement qualifiés pour les clients DHCP."
+ 
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr "Génère les noms d'hôtes à partir de l'adresse MAC pour les clients sans nom."
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr "Utilise ces relais DHCP en temps que proxy complets."
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr "Requêtes de relais DHCP à un serveur distant"
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr "Spécifie un alias pour un nom DNS local."
+ 
+ #
+-#: option.c:424
++#: option.c:441
+ msgid "Prompt to send to PXE clients."
+ msgstr "Invite à envoyer aux clients PXE."
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr "Service de démarrage pour menu PXE."
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr "vérification de la syntaxe de la configuration."
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr "Ajoute l'adresse MAC du requêteur aux requêtes DNS transmises"
+ 
+-#: option.c:428
++#: option.c:445
+ #, fuzzy
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr "Ajoute l'adresse MAC du requêteur aux requêtes DNS transmises"
+ 
+-#: option.c:429
++#: option.c:446
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr "Copie dans la réponse DNS le résultat de la validation DNSSEC effectuée par les serveurs DNS amonts."
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr "Essaie d'allouer des adresses IP séquentielles aux clients DHCP."
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr "Copie les marques de suivi de connexion pour les requêtes amont."
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr "Autoriser les clients DHCP à faire leurs propres mises à jour DDNS (Dynamic DNS)"
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr "Envoyer des annonces de routeurs pour toutes les interfaces faisant du DHCPv6"
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr "Spécifie pour le serveur DHCPv6 un identifiant unique DHCP (DUID) basé sur un numéro unique de vendeur (DUID_EN)"
+ 
+-#: option.c:435
++#: option.c:452
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr "Spécifie les enregistrements (A/AAAA et PTR) d'un hôte."
+ 
+-#: option.c:436
++#: option.c:453
+ msgid "Specify arbitrary DNS resource record"
+ msgstr "Définie une resource DNS d'un type spécifique"
+ 
+-#: option.c:437
++#: option.c:454
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr "Se lie aux interfaces préexistantes - vérifie l'apparition de nouvelles interfaces"
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr "Exporte les noms locaux dans le DNS global"
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr "Domaine à exporter dans le DNS global"
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr "Configure la durée de vie (Time To Live) pour les réponses faisant autorité"
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr "Configure les informations pour une zone de nom faisant autorité"
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr "Serveurs de noms secondaires faisant autorité pour les domaines délégués"
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr "Pairs autorisés à faire des transferts de zone"
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr "Spécifie les ipsets auxquels les domaines correspondants doivent-être ajoutés"
+ 
+-#: option.c:445
++#: option.c:462
+ #, fuzzy
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr "Spécifie un domaine et une plage d'adresses pour les noms auto-générés"
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr ""
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr ""
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr ""
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr ""
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr ""
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr "Spécifie le préfixe de classe DHCPv6"
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr ""
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr ""
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr ""
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr ""
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr ""
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr ""
+ 
+-#: option.c:661
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+@@ -714,328 +749,328 @@ msgstr ""
+ "Usage : dnsmasq [options]\n"
+ "\n"
+ 
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr "Utilisez les options courtes uniquement sur la ligne de commande.\n"
+ 
+-#: option.c:665
++#: option.c:684
+ #, c-format
+ msgid "Valid options are:\n"
+ msgstr "Les options valides sont :\n"
+ 
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr "numéro de port incorrect"
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr "association d'interface non supportée"
+ 
+ #
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ msgid "bad interface name"
+ msgstr "nom d'interface invalide"
+ 
+ #
+-#: option.c:792
++#: option.c:811
+ msgid "bad address"
+ msgstr "mauvaise adresse"
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr "encapsulation d'option non supportée pour IPv6"
+ 
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr "mauvaise valeur de 'dhcp-option'"
+ 
+ #
+-#: option.c:1056
++#: option.c:1075
+ msgid "bad IP address"
+ msgstr "mauvaise adresse IP"
+ 
+ #
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ msgid "bad IPv6 address"
+ msgstr "mauvaise adresse IPv6"
+ 
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr "mauvais domaine dans dhcp-option"
+ 
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr "dhcp-option trop long"
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr "valeur illégale pour 'dhcp-match'"
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr "Une option ne pouvant être spécifié qu'une seule fois à été donnée plusieurs fois"
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr "Mot-clef ne pouvant être répété"
+ 
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr "Ne peut pas lire le répertoire %s : %s"
+ 
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, c-format
+ msgid "cannot access %s: %s"
+ msgstr "Ne peut pas lire %s : %s"
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr "Sous android, impossible de positionner la cible (facility) pour les traces (logs)."
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr "Mauvaise cible (facility) pour les traces."
+ 
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr "préference MX incorrecte"
+ 
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr "nom MX incorrect"
+ 
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr "valeur MX cible incorrecte"
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr "ne peut exécuter de script sous uClinux"
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr "recompiler en définissant HAVE_SCRIPT pour permettre l'exécution de scripts shell au changement de bail (lease-change)"
+ 
+-#: option.c:1687
++#: option.c:1714
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr "recompiler en définissant HAVE_LUASCRIPT pour permettre l'exécution de scripts LUA au changement de bail (lease-change)"
+ 
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ msgid "bad prefix"
+ msgstr "mauvais préfixe"
+ 
+-#: option.c:2289
++#: option.c:2352
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr "recompiler en définissant HAVE_IPSET pour permettre l'utilisation de directives de groupes d'IP (IPset)"
+ 
+ #
+-#: option.c:2469
++#: option.c:2545
+ msgid "bad port range"
+ msgstr "gamme de ports incorrecte"
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr "interface-pont incorrecte"
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr "une seule étiquette est autorisée"
+ 
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr "plage d'adresses DHCP (dhcp-range) incorrecte"
+ 
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr "plage d'adresses DHCP incohérente"
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr "la taille du préfixe doit être exactement 64 pour les sous-réseaux d'annonces de routeurs (RA)"
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr "la taille du préfixe doit être exactement 64 pour le constructeur de sous-réseaux"
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr "la taille de préfixe doit être au minimum 64"
+ 
+-#: option.c:2660
++#: option.c:2736
+ msgid "inconsistent DHCPv6 range"
+ msgstr "plage d'adresses DHCPv6 incohérente"
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr "le préfixe doit avoir une taille de 0 lorsque l'argument \"constructor:\" est utilisé"
+ 
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ msgid "bad hex constant"
+ msgstr "mauvaise constante hexadecimale"
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr "L'utilisation de labels est prohibée dans --dhcp-host"
+ 
+-#: option.c:2852
++#: option.c:2928
+ #, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr "adresse IP dhcp-host dupliquée dans %s."
+ 
+ #
+-#: option.c:2910
++#: option.c:2986
+ msgid "bad DHCP host name"
+ msgstr "nom d'hôte DHCP incorrect"
+ 
+-#: option.c:2992
++#: option.c:3068
+ msgid "bad tag-if"
+ msgstr "mauvaise étiquette tag-if"
+ 
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr "numéro de port invalide"
+ 
+ #
+-#: option.c:3378
++#: option.c:3454
+ msgid "bad dhcp-proxy address"
+ msgstr "adresse dhcp-proxy incorrecte"
+ 
+-#: option.c:3404
++#: option.c:3480
+ msgid "Bad dhcp-relay"
+ msgstr "valeur incorrecte pour le relais DHCP (dhcp-relay)"
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr ""
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr "mauvais identifiant unique DHCP (DUID)"
+ 
+ #
+-#: option.c:3481
++#: option.c:3557
+ msgid "invalid alias range"
+ msgstr "poids invalide"
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr "mauvais CNAME"
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr "ce CNAME existe déja"
+ 
+ #
+-#: option.c:3560
++#: option.c:3636
+ msgid "bad PTR record"
+ msgstr "mauvais champ PTR"
+ 
+ #
+-#: option.c:3591
++#: option.c:3667
+ msgid "bad NAPTR record"
+ msgstr "mauvais champ NAPTR"
+ 
+ #
+-#: option.c:3625
++#: option.c:3701
+ msgid "bad RR record"
+ msgstr "mauvais enregistrement RR"
+ 
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr "champ TXT invalide"
+ 
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr "champ SRV invalide"
+ 
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr "cible SRV invalide"
+ 
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr "priorité invalide"
+ 
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr "poids invalide"
+ 
+ #
+-#: option.c:3748
++#: option.c:3824
+ msgid "Bad host-record"
+ msgstr "mauvais champ host-record"
+ 
+-#: option.c:3765
++#: option.c:3841
+ msgid "Bad name in host-record"
+ msgstr "mauvais nom dans le champ host-record"
+ 
+ #
+-#: option.c:3826
++#: option.c:3906
+ #, fuzzy
+ msgid "bad trust anchor"
+ msgstr "gamme de ports incorrecte"
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr ""
+ 
+-#: option.c:3850
++#: option.c:3930
+ #, fuzzy
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr "option non supportée (vérifier que Dnsmasq a été compilé avec le support DHCP/TFTP/DBus)"
+ 
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr "il manque \""
+ 
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr "mauvaise option"
+ 
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr "paramètre en trop"
+ 
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr "paramètre manquant"
+ 
+-#: option.c:3972
++#: option.c:4052
+ #, fuzzy
+ msgid "illegal option"
+ msgstr "mauvaise option"
+ 
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr "erreur"
+ 
+-#: option.c:3981
++#: option.c:4061
+ #, c-format
+ msgid " at line %d of %s"
+ msgstr "à la ligne %d de %s"
+ 
+-#: option.c:4045 option.c:4168 tftp.c:667
+-#, c-format
+-msgid "cannot read %s: %s"
+-msgstr "Ne peut pas lire %s : %s"
+-
+-#: option.c:4229 option.c:4265
++#: option.c:4076 option.c:4323 option.c:4359
+ #, c-format
+ msgid "read %s"
+ msgstr "Lecture de %s"
+ 
+-#: option.c:4331
++#: option.c:4139 option.c:4262 tftp.c:667
++#, c-format
++msgid "cannot read %s: %s"
++msgstr "Ne peut pas lire %s : %s"
++
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr "la ligne de commande contient des éléments indésirables ou incompréhensibles"
+ 
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr "Version de Dnsmasq %s  %s\n"
+ 
+-#: option.c:4367
++#: option.c:4461
+ #, c-format
+ msgid ""
+ "Compile time options: %s\n"
+@@ -1044,89 +1079,89 @@ msgstr ""
+ "Options à la compilation %s\n"
+ "\n"
+ 
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr "Ce logiciel est fourni sans AUCUNE GARANTIE.\n"
+ 
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr "Dnsmasq est un logiciel libre, il vous est permis de le redistribuer\n"
+ 
+-#: option.c:4370
++#: option.c:4464
+ #, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr "sous les termes de la licence GPL (GNU General Public License), version 2 ou 3.\n"
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr "essayez avec --help"
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr "essayez avec -w"
+ 
+-#: option.c:4385
++#: option.c:4479
+ #, c-format
+ msgid "bad command line options: %s"
+ msgstr "mauvaises options en ligne de commande : %s."
+ 
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr "ne peut pas obtenir le nom de la machine : %s"
+ 
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr "seul un fichier resolv.conf est autorisé dans le mode no-poll"
+ 
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr "un fichier resolv.conf (et un seul) est nécessaire pour y récuperer le nom de domaine."
+ 
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, c-format
+ msgid "failed to read %s: %s"
+ msgstr "impossible de lire %s : %s"
+ 
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr "pas de directive de recherche trouvée dans %s"
+ 
+-#: option.c:4513
++#: option.c:4614
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr "un domaine par défaut doit être spécifié lorsque l'option --dhcp-fqdn est utilisée"
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr "vérification de syntaxe OK"
+ 
+-#: forward.c:114
++#: forward.c:111
+ #, c-format
+ msgid "failed to send packet: %s"
+ msgstr "impossible d'envoyer le paquet : %s"
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr ""
+ 
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr "le serveur de nom %s a refusé de faire une recherche récursive"
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr "détection d'une possible attaque de type DNS-rebind: %s"
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr ""
+ 
+-#: forward.c:2101
++#: forward.c:2178
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr "Nombre maximum de requêtes DNS concurrentes atteint (maximum : %d)."
+@@ -1216,271 +1251,286 @@ msgstr "utilise le serveur de nom %s#%d (via %s)"
+ msgid "using nameserver %s#%d"
+ msgstr "utilise le serveur de nom %s#%d"
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:156
++msgid "no trust anchors provided for DNSSEC"
+ msgstr ""
+ 
+ #: dnsmasq.c:159
++msgid "cannot reduce cache size from default when DNSSEC enabled"
++msgstr ""
++
++#: dnsmasq.c:161
+ #, fuzzy
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr "DBus n'est pas disponible : activez HAVE_DBUS dans src/config.h"
+ 
+ #
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr "TFTP n'est pas disponible : activez HAVE_TFTP dans src/config.h"
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++#, fuzzy
++msgid "cannot use --conntrack AND --query-port"
+ msgstr "impossible d'utiliser conjointement --conntrack et --query-port"
+ 
+ #
+-#: dnsmasq.c:173
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++#: dnsmasq.c:175
++#, fuzzy
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr "Support de suivi de connexion non disponible : activez HAVE_CONNTRACK dans src/config.h"
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ msgid "asychronous logging is not available under Solaris"
+ msgstr "l'écriture de traces en mode asynchrone n'est pas disponible sous Solaris."
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ msgid "asychronous logging is not available under Android"
+ msgstr "l'écriture de traces en mode asynchrone n'est pas disponible sous Android."
+ 
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr "le mode « autorité DNS » n'est pas disponible : activez HAVE_AUTH dans src/config.h"
+ 
+ #
+-#: dnsmasq.c:193
++#: dnsmasq.c:195
+ #, fuzzy
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr "TFTP n'est pas disponible : activez HAVE_TFTP dans src/config.h"
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr "le numéro de série de la zone doit être configuré dans --auth-soa"
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr "le constructeur de plage dhcp n'est pas disponible sur cette plate-forme"
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr "--bind-interfaces et --bind-dynamic sont mutuellement exclusives"
+ 
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr "impossible de trouver la liste des interfaces : %s"
+ 
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr "interface %s inconnue"
+ 
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr "Erreur DBus : %s"
+ 
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr "DBus n'est pas disponible : activez HAVE_DBUS dans src/config.h"
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr "utilisateur ou groupe inconnu : %s"
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr "Ne peut effectuer un 'chdir' à la racine du système de fichier : %s"
+ 
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr "démarrage avec le DNS désactivé (version %s)"
+ 
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr "demarré, version %s (taille de cache %d)"
+ 
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr "démarrage avec le cache désactivé (version %s)"
+ 
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr "options à la compilation : %s"
+ 
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr "Support DBus autorisé : connecté au bus système"
+ 
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr "Support DBus autorisé : connexion au bus en attente"
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr ""
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr ""
+ 
+-#: dnsmasq.c:684
++#: dnsmasq.c:708
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr ""
++
++#: dnsmasq.c:713
+ #, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr "Impossible de changer pour l'utilisateur %s : %s"
+ 
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr "active l'option --bind-interfaces à cause de limitations dans le système d'exploitation"
+ 
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr "attention : l'interface %s n'existe pas actuellement"
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr "attention : l'option « resolv-file » sera ignorée car « no-resolv » a été spécifié"
+ 
+ #
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ msgid "warning: no upstream servers configured"
+ msgstr "attention : aucun serveur amont n'est configuré"
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr "mode asynchrone d'écriture de traces, la taille maximum de la queue est de %d messages."
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr "annonces de routeur IPv6 activées"
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr "root est"
+ 
+ #
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "enabled"
+ msgstr "activé"
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr "mode sécurisé"
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr "le nombre maximum de transferts TFTP simultanés sera restreint à %d"
+ 
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr "connecté au systeme DBus"
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr "Ne peut se lancer en tâche de fond : %s"
+ 
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, c-format
+ msgid "failed to create helper: %s"
+ msgstr "impossible de créer le 'helper' : %s"
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr "impossible de configurer la capacité %s"
+ 
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr "Impossible de changer l'identifiant utilisateur pour %s : %s"
+ 
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr "Impossible de changer l'identifiant de groupe pour %s : %s"
+ 
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr "impossible de lire le fichier de PID %s : %s"
+ 
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, c-format
+ msgid "cannot open log %s: %s"
+ msgstr "Ne peut ouvrir le fichier de log %s : %s"
+ 
+ #
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr "impossible de charger le script Lua : %s"
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr "répertoire TFTP %s inaccessible : %s"
+ 
+-#: dnsmasq.c:1151
++#: dnsmasq.c:1183
++#, fuzzy, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr "ne peut ouvrir ou créer le fichiers de baux %s : %s"
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr ""
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, c-format
+ msgid "script process killed by signal %d"
+ msgstr "Le script a été terminé par le signal %d"
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, c-format
+ msgid "script process exited with status %d"
+ msgstr "Le script s'est terminé avec le statut %d"
+ 
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, c-format
+ msgid "failed to execute %s: %s"
+ msgstr "impossible d'exécuter à %s : %s"
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr "sortie sur réception du signal SIGTERM"
+ 
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, c-format
+ msgid "failed to access %s: %s"
+ msgstr "impossible d'accéder à %s : %s"
+ 
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr "Lecture de %s"
+ 
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr "aucun serveur trouvé dans %s, va réessayer"
+@@ -1520,27 +1570,27 @@ msgstr "interface %s inconnue sp
+ msgid "DHCP packet received on %s which has no address"
+ msgstr "Paquet DHCP reçu sur %s qui n'a pas d'adresse"
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr ""
+ 
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr "La plage d'adresses DHCP %s -- %s n'est pas cohérente avec le masque de réseau %s"
+ 
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, c-format
+ msgid "bad line at %s line %d"
+ msgstr "mauvaise ligne dans %s ligne %d"
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr "ignore %s à la ligne %d : duplication de nom ou d'adresse IP"
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr "Relais DHCP %s -> %s"
+@@ -1611,12 +1661,12 @@ msgstr "%u Classe d'utilisateur : %s"
+ msgid "disabled"
+ msgstr "désactivé"
+ 
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr "ignoré"
+ 
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr "adresse déjà utilisée"
+ 
+@@ -1636,7 +1686,7 @@ msgstr "pas d'adresse configur
+ msgid "no leases left"
+ msgstr "plus aucun bail disponible"
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, c-format
+ msgid "%u client provides name: %s"
+ msgstr "le client %u fourni le nom : %s"
+@@ -1645,7 +1695,7 @@ msgstr "le client %u fourni le nom : %s"
+ msgid "PXE BIS not supported"
+ msgstr "Service PXE BIS (Boot Integrity Services) non supporté"
+ 
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr "désactive l'adresse statique DHCP %s pour %s"
+@@ -1681,7 +1731,7 @@ msgstr "mauvais identifiant de serveur"
+ msgid "wrong address"
+ msgstr "mauvaise adresse"
+ 
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr "bail non trouvé"
+ 
+@@ -1731,7 +1781,7 @@ msgstr "Impossible d'envoyer l'option DHCP/BOOTP %d : pas assez d'espace dans le
+ msgid "PXE menu too large"
+ msgstr "menu PXE trop grand"
+ 
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, c-format
+ msgid "%u requested options: %s"
+ msgstr "%u options demandées : %s"
+@@ -1746,7 +1796,7 @@ msgstr "ne peux envoyer l'option RFC3925 : trop d'options pour le num
+ msgid "cannot create netlink socket: %s"
+ msgstr "ne peux lier une socket netlink : %s"
+ 
+-#: netlink.c:347
++#: netlink.c:348
+ #, c-format
+ msgid "netlink returns error: %s"
+ msgstr "Erreur netlink : %s"
+@@ -1864,62 +1914,62 @@ msgstr "pas de plage d'adresse disponible pour la requ
+ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr "%u sous-réseaux DHCPv6 disponibles : %s/%d"
+ 
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, c-format
+ msgid "%u vendor class: %u"
+ msgstr "%u Classe de vendeur ('Vendor Class') : %u"
+ 
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, c-format
+ msgid "%u client MAC address: %s"
+ msgstr "%u MAC adresse du client : %s"
+ 
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, c-format
+ msgid "unknown prefix-class %d"
+ msgstr "préfixe de classe inconnu %d"
+ 
+-#: rfc3315.c:791 rfc3315.c:913
++#: rfc3315.c:803 rfc3315.c:902
++msgid "address unavailable"
++msgstr "adresse non disponible"
++
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
+ msgid "success"
+ msgstr "réussi"
+ 
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
+ msgid "no addresses available"
+ msgstr "pas d'adresse disponible"
+ 
+-#: rfc3315.c:865
+-msgid "address unavailable"
+-msgstr "adresse non disponible"
+-
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr "pas sur ce lien"
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr "aucune liaison trouvée"
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr "obsolète"
+ 
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ msgid "address invalid"
+ msgstr "adresse non valide"
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr "confirmation d'échec"
+ 
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ msgid "all addresses still on link"
+ msgstr "toutes les adresses sont toujours sur le lien"
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr "libération reçue"
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr "Impossible de faire du multicast au server DHCPv6 sans interface valide"
+ 
+@@ -2012,7 +2062,7 @@ msgstr "Relais DHCP de %s 
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr "ne peut créer la socket ICMPv6: %s"
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr "la requête de transfert de zone en provenance de %s est ignorée"
+@@ -2027,55 +2077,90 @@ msgstr "impossible de trouver la version de noyau : %s"
+ msgid "failed to create IPset control socket: %s"
+ msgstr "impossible de créer une socket de contrôle IPset : %s"
+ 
++#: dnssec.c:425 dnssec.c:469
++#, fuzzy, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr "impossible de lire le fichier de PID %s : %s"
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr ""
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr ""
+ 
+-#: tables.c:105
++#: tables.c:109
+ #, fuzzy, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr "impossible d'accéder à %s : %s"
+ 
+-#: tables.c:119
++#: tables.c:123
+ #, fuzzy, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr "utilise les adresses locales seulement pour %s %s"
+ 
+-#: tables.c:127
++#: tables.c:131
+ #, fuzzy, c-format
+ msgid "error: cannot use table name %s"
+ msgstr "ne peut pas obtenir le nom de la machine : %s"
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr ""
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr ""
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr ""
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr ""
+ 
+ #
+-#: tables.c:162
++#: tables.c:166
+ #, fuzzy, c-format
+ msgid "%d addresses %s"
+ msgstr "mauvaise adresse"
+ 
++#: inotify.c:46
++#, fuzzy, c-format
++msgid "failed to create inotify: %s"
++msgstr "impossible de créer le 'helper' : %s"
++
++#: inotify.c:60
++#, fuzzy, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr "ne peut ouvrir ou créer le fichiers de baux %s : %s"
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++#: inotify.c:75 inotify.c:112
++#, fuzzy, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr "impossible de créer une socket d'écoute pour %s : %s"
++
++#: inotify.c:97
++#, fuzzy, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr "Ne peut pas lire le répertoire %s : %s"
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
++
+ #~ msgid "Always send frequent router-advertisements"
+ #~ msgstr "Envoyer des annonces de routeurs fréquentes"
+ 
+diff --git a/po/id.po b/po/id.po
+index b1809b695168..a0ff0f062e8b 100644
+--- a/po/id.po
++++ b/po/id.po
+@@ -15,77 +15,77 @@ msgstr ""
+ "Content-Type: text/plain; charset=ASCII\n"
+ "Content-Transfer-Encoding: 8bit\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr ""
+ 
+ # OK
+-#: cache.c:908
++#: cache.c:941
+ #, fuzzy, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr "gagal memuat nama-nama dari %s: %s"
+ 
+ # OK
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, fuzzy, c-format
+ msgid "bad address at %s line %d"
+ msgstr "kesalahan nama pada %s baris %d"
+ 
+ # OK
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr "kesalahan nama pada %s baris %d"
+ 
+ # OK
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr "membaca %s - %d alamat"
+ 
+ # OK
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr "cache telah dihapus"
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr ""
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr ""
+ 
+ # OK
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr "tidak memberikan nama %s kepada lease DHCP %s karena nama telah ada dalam %sdengan alamat %s"
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr ""
+ 
+ # OK
+-#: cache.c:1367
++#: cache.c:1422
+ #, fuzzy, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr "ukuran cache %d, %d/%d penyisipan cache menimpa cache yang belum kadaluwarsa"
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr ""
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr ""
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr ""
+@@ -103,7 +103,7 @@ msgid "failed to allocate memory"
+ msgstr "gagal memuat %S: %m"
+ 
+ # OK
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr "tidak bisa mendapatkan memory"
+ 
+@@ -120,682 +120,720 @@ msgid "failed to allocate %d bytes"
+ msgstr "gagal memuat %S: %m"
+ 
+ # OK
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr "tak terbatas"
+ 
+ # OK
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr "Tentukan alamat lokal untuk mendengarkan."
+ 
+ # OK
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr "Menghasilkan ipaddr untuk semua host dalam domain yang dipilih."
+ 
+ # OK
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr "Fake pencarian balik untuk alamat private sesuai dengan RFC1918."
+ 
+ # OK
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr "Perlakukan ipaddr sebagai NXDOMAIN (mengalahkan wildcard Verisign)."
+ 
+ # OK
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr "Tentukan ukuran cache, dalam jumlah isian (default %s)."
+ 
+ # OK
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr "Tentukan file konfigurasi (default %s)."
+ 
+ # OK
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr "JANGAN berjalan di background: berjalan dalam modus debug."
+ 
+ # OK
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr "JANGAN teruskan permintaan tanpa bagian domain."
+ 
+ # OK
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr "Mengembalikan record MX untuk diri sendiri host-host lokal."
+ 
+ # OK
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr "Melengkapi nama-nama di /etc/hosts dengan akhiran domain."
+ 
+ # OK
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr "Jangan meneruskan permintaan DNS spurious dari host-host Windows."
+ 
+ # OK
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr "Bolehkan DHCP dalam jangkauan yang diberikan dengan durasi lease."
+ 
+ # OK
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr "Ubah ke group ini setelah mulai (default %s)."
+ 
+ # OK
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr "Setel alamat atau nama host untuk mesin yang disebutkan."
+ 
+ # OK
+-#: option.c:332
++#: option.c:344
+ #, fuzzy
+ msgid "Read DHCP host specs from file."
+ msgstr "nama MX salah"
+ 
+-#: option.c:333
++#: option.c:345
+ msgid "Read DHCP option specs from file."
+ msgstr ""
+ 
+-#: option.c:334
++# OK
++#: option.c:346
++#, fuzzy
++msgid "Read DHCP host specs from a directory."
++msgstr "nama MX salah"
++
++# OK
++#: option.c:347
++#, fuzzy
++msgid "Read DHCP options from a directory."
++msgstr "nama MX salah"
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr ""
+ 
+ # OK
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr "JANGAN muat file %s."
+ 
+ # OK
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr "Sebutkan sebuah file hosts yang harus dibaca sebagai tambahan untuk %s."
+ 
+ # OK
+-#: option.c:337
++#: option.c:351
++#, fuzzy
++msgid "Read hosts files from a directory."
++msgstr "nama MX salah"
++
++# OK
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr "Sebutkan antarmuka untuk mendengarkan."
+ 
+ # OK
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr "Sebutkan antarmuka untuk TIDAK mendengarkan."
+ 
+ # OK
+-#: option.c:339
++#: option.c:354
+ #, fuzzy
+ msgid "Map DHCP user class to tag."
+ msgstr "Petakan kelas user DHCP ke setelan yang dipilih."
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr ""
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr ""
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr ""
+ 
+ # OK
+-#: option.c:343
++#: option.c:358
+ #, fuzzy
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr "Jangan menggunakan DHCP untuk host-host yang dipilih."
+ 
+ # OK
+-#: option.c:344
++#: option.c:359
+ #, fuzzy
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr "Jangan menggunakan DHCP untuk host-host yang dipilih."
+ 
+ # OK
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr "JANGAN berjalan di background, jangan berjalan dalam modus debug."
+ 
+ # OK
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr "Berpikir bahwa kita satu-satunya DHCP server dalam jaringan."
+ 
+ # OK
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr "Sebutkan lokasi untuk menyimpan lease DHCP (default %s)."
+ 
+ # OK
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr "Kembalikan rekord MX untuk host-host lokal."
+ 
+ # OK
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr "Sebutkan sebuah rekord MX."
+ 
+ # OK
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr "Sebutkan pilihan-pilihan BOOTP untuk DHCP server."
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr "Jangan kumpulkan file %s, muat kembali saat SIGHUP."
+ 
+ # OK
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr "JANGAN menyimpan hasil pencarian yang gagal."
+ 
+ # OK
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr "Gunakan secara ketat namaserver yang disebutkan sesuai urutan di %s."
+ 
+ # OK
+-#: option.c:354
++#: option.c:369
+ #, fuzzy
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr "Setel pilihan-pilihan tambahan yang akan disetel untuk klien-klien DHCP."
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr ""
+ 
+ # OK
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr "Sebutkan port untuk mendengarkan permintaan DNS (default port 53)."
+ 
+ # OK
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr "Ukuran maksimum paket UDP yang didukung untuk EDNS.0 (default %s)."
+ 
+ # OK
+-#: option.c:358
++#: option.c:373
+ #, fuzzy
+ msgid "Log DNS queries."
+ msgstr "Permintaan log."
+ 
+ # OK
+-#: option.c:359
++#: option.c:374
+ #, fuzzy
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr "Paksa port asal untuk permintaan ke atas."
+ 
+ # OK
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr "JANGAN baca resolv.conf."
+ 
+ # OK
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr "Sebutkan path ke resolv.conf (default %s)."
+ 
+ # OK
+-#: option.c:362
++#: option.c:377
+ #, fuzzy
+ msgid "Specify path to file with server= options"
+ msgstr "Sebutkan path file PID. (default %s)."
+ 
+ # OK
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr "Sebutkan alamat-alamat server di atas, boleh dilengkapi dengan nama domain."
+ 
+ # OK
+-#: option.c:364
++#: option.c:379
+ #, fuzzy
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr "Sebutkan alamat-alamat server di atas, boleh dilengkapi dengan nama domain."
+ 
+ # OK
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr "JANGAN pernah meneruskan permintaan ke domain yang disebutkan."
+ 
+ # OK
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr "Sebutkan domain yang digunakan dalam lease DHCP."
+ 
+ # OK
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr "Sebutkan tujuan default dalam rekord MX."
+ 
+ # OK
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
+ 
+ # OK
+-#: option.c:369
++#: option.c:384
+ #, fuzzy
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
+ 
+ # OK
+-#: option.c:370
++#: option.c:385
+ #, fuzzy
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
+ 
+ # OK
+-#: option.c:371
++#: option.c:386
++#, fuzzy
++msgid "Specify time-to-live ceiling for cache."
++msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
++
++# OK
++#: option.c:387
++#, fuzzy
++msgid "Specify time-to-live floor for cache."
++msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
++
++# OK
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr "Ubah ke user ini setelah mulai. (default %s)."
+ 
+ # OK
+-#: option.c:372
++#: option.c:389
+ #, fuzzy
+ msgid "Map DHCP vendor class to tag."
+ msgstr "Memetakan kelas vendor DHCP ke daftar pilihan."
+ 
+ # OK
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr "Menampilkan versi dan informasi hak cipta dnsmasq."
+ 
+ # OK
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr "Terjemahkan alamat-alamat IPv4 dari server-server di atas."
+ 
+ # OK
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr "Sebutkan rekord SRV."
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr ""
+ 
+ # OK
+-#: option.c:377
++#: option.c:394
+ #, fuzzy, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr "Sebutkan path file PID. (default %s)."
+ 
+ # OK
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
+ 
+ # OK
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr "Jawab permintaan DNS berdasarkan antarmuka dimana permintaan dikirimkan."
+ 
+ # OK
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr "Sebutkan rekord TXT DNS."
+ 
+ # OK
+-#: option.c:381
++#: option.c:398
+ #, fuzzy
+ msgid "Specify PTR DNS record."
+ msgstr "Sebutkan rekord TXT DNS."
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr ""
+ 
+ # OK
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr "Hanya kaitkan ke antarmuka yang sedang digunakan saja."
+ 
+ # OK
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr "Baca informasi statik host DHCP dari %s."
+ 
+ # OK
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr "Mungkinkan antar muka DBus untuk menyetel server-server di atas, dsb."
+ 
+ # OK
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr "JANGAN menyediakan DHCP pada antarmuka ini, hanya menyediakan DNS."
+ 
+ # OK
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr "Mungkinkan alokasi alamat dinamis untuk bootp."
+ 
+ # OK
+-#: option.c:388
++#: option.c:405
+ #, fuzzy
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr "Memetakan kelas vendor DHCP ke daftar pilihan."
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr ""
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr ""
+ 
+-#: option.c:391
++#: option.c:408
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:392
++#: option.c:409
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:393
++#: option.c:410
+ msgid "Run lease-change scripts as this user."
+ msgstr ""
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr ""
+ 
+ # OK
+-#: option.c:395
++#: option.c:412
+ #, fuzzy
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr "Ubah ke user ini setelah mulai. (default %s)."
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr ""
+ 
+ # OK
+-#: option.c:397
++#: option.c:414
+ #, fuzzy, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr ""
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr ""
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr ""
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr ""
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr ""
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr ""
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr ""
+ 
+ # OK
+-#: option.c:405
++#: option.c:422
+ #, fuzzy, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr ""
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr ""
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr ""
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr ""
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr ""
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr ""
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr ""
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr ""
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr ""
+ 
+-#: option.c:415
++#: option.c:432
+ msgid "Set tag if client includes matching option in request."
+ msgstr ""
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr ""
+ 
+ # OK
+-#: option.c:417
++#: option.c:434
+ #, fuzzy
+ msgid "Specify NAPTR DNS record."
+ msgstr "Sebutkan rekord TXT DNS."
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr ""
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr ""
+ 
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr ""
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr ""
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr ""
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr ""
+ 
+ # OK
+-#: option.c:424
++#: option.c:441
+ #, fuzzy
+ msgid "Prompt to send to PXE clients."
+ msgstr "Setel pilihan-pilihan tambahan yang akan disetel untuk klien-klien DHCP."
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr ""
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr ""
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:428
++#: option.c:445
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr ""
+ 
+ # OK
+-#: option.c:429
++#: option.c:446
+ #, fuzzy
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr "Terjemahkan alamat-alamat IPv4 dari server-server di atas."
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr ""
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr ""
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr ""
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr ""
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr ""
+ 
+ # OK
+-#: option.c:435
++#: option.c:452
+ #, fuzzy
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr "Sebutkan sebuah rekord MX."
+ 
+ # OK
+-#: option.c:436
++#: option.c:453
+ #, fuzzy
+ msgid "Specify arbitrary DNS resource record"
+ msgstr "Sebutkan rekord TXT DNS."
+ 
+ # OK
+-#: option.c:437
++#: option.c:454
+ #, fuzzy
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr "antarmuka tidak dikenal %s"
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr ""
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr ""
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr ""
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr ""
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr ""
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr ""
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr ""
+ 
+-#: option.c:445
++#: option.c:462
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr ""
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr ""
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr ""
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr ""
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr ""
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr ""
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr ""
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr ""
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr ""
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr ""
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr ""
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr ""
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr ""
+ 
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
+ # OK
+-#: option.c:661
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+@@ -805,381 +843,381 @@ msgstr ""
+ "\n"
+ 
+ # OK
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr "Gunakan pilihan pendek saja pada perintah baris.\n"
+ 
+ # OK
+-#: option.c:665
++#: option.c:684
+ #, fuzzy, c-format
+ msgid "Valid options are:\n"
+ msgstr "Pilihan yang boleh adalah:\n"
+ 
+ # OK
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr "port salah"
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr ""
+ 
+ # OK
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ #, fuzzy
+ msgid "bad interface name"
+ msgstr "nama MX salah"
+ 
+ # OK
+-#: option.c:792
++#: option.c:811
+ #, fuzzy
+ msgid "bad address"
+ msgstr "membaca %s - %d alamat"
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr ""
+ 
+ # OK
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr "dhcp-option salah"
+ 
+ # OK
+-#: option.c:1056
++#: option.c:1075
+ #, fuzzy
+ msgid "bad IP address"
+ msgstr "membaca %s - %d alamat"
+ 
+ # OK
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ #, fuzzy
+ msgid "bad IPv6 address"
+ msgstr "membaca %s - %d alamat"
+ 
+ # OK
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr "domain dalam dhcp-option salah"
+ 
+ # OK
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr "dhcp-option terlalu panjang"
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr ""
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr ""
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr ""
+ 
+ # OK
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, fuzzy, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr "tidak bisa membaca %s: %s"
+ 
+ # OK
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, fuzzy, c-format
+ msgid "cannot access %s: %s"
+ msgstr "tidak bisa membaca %s: %s"
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr ""
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr ""
+ 
+ # OK
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr "kesukaan MX salah"
+ 
+ # OK
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr "nama MX salah"
+ 
+ # OK
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr "target MX salah"
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr ""
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr ""
+ 
+-#: option.c:1687
++#: option.c:1714
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr ""
+ 
+ # OK
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ #, fuzzy
+ msgid "bad prefix"
+ msgstr "port salah"
+ 
+-#: option.c:2289
++#: option.c:2352
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr ""
+ 
+ # OK
+-#: option.c:2469
++#: option.c:2545
+ #, fuzzy
+ msgid "bad port range"
+ msgstr "port salah"
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr ""
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr ""
+ 
+ # OK
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr "dhcp-range salah"
+ 
+ # OK
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr "jangkauan DHCP tidak konsisten"
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr ""
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr ""
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr ""
+ 
+ # OK
+-#: option.c:2660
++#: option.c:2736
+ #, fuzzy
+ msgid "inconsistent DHCPv6 range"
+ msgstr "jangkauan DHCP tidak konsisten"
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr ""
+ 
+ # OK
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ #, fuzzy
+ msgid "bad hex constant"
+ msgstr "dhcp-host salah"
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr ""
+ 
+ # OK
+-#: option.c:2852
++#: option.c:2928
+ #, fuzzy, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr "alamat IP kembar %s dalam direktif dhcp-config"
+ 
+ # OK
+-#: option.c:2910
++#: option.c:2986
+ #, fuzzy
+ msgid "bad DHCP host name"
+ msgstr "nama MX salah"
+ 
+ # OK
+-#: option.c:2992
++#: option.c:3068
+ #, fuzzy
+ msgid "bad tag-if"
+ msgstr "target MX salah"
+ 
+ # OK
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr "nomor port tidak benar"
+ 
+ # OK
+-#: option.c:3378
++#: option.c:3454
+ #, fuzzy
+ msgid "bad dhcp-proxy address"
+ msgstr "membaca %s - %d alamat"
+ 
+ # OK
+-#: option.c:3404
++#: option.c:3480
+ #, fuzzy
+ msgid "Bad dhcp-relay"
+ msgstr "dhcp-range salah"
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr ""
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr ""
+ 
+ # OK
+-#: option.c:3481
++#: option.c:3557
+ #, fuzzy
+ msgid "invalid alias range"
+ msgstr "weight tidak benar"
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr ""
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr ""
+ 
+ # OK
+-#: option.c:3560
++#: option.c:3636
+ #, fuzzy
+ msgid "bad PTR record"
+ msgstr "rekord SRV salah"
+ 
+ # OK
+-#: option.c:3591
++#: option.c:3667
+ #, fuzzy
+ msgid "bad NAPTR record"
+ msgstr "rekord SRV salah"
+ 
+ # OK
+-#: option.c:3625
++#: option.c:3701
+ #, fuzzy
+ msgid "bad RR record"
+ msgstr "rekord SRV salah"
+ 
+ # OK
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr "rekord TXT salah"
+ 
+ # OK
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr "rekord SRV salah"
+ 
+ # OK
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr "target SRV salah"
+ 
+ # OK
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr "prioritas tidak benar"
+ 
+ # OK
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr "weight tidak benar"
+ 
+ # OK
+-#: option.c:3748
++#: option.c:3824
+ #, fuzzy
+ msgid "Bad host-record"
+ msgstr "rekord SRV salah"
+ 
+ # OK
+-#: option.c:3765
++#: option.c:3841
+ #, fuzzy
+ msgid "Bad name in host-record"
+ msgstr "kesalahan nama di %s"
+ 
+ # OK
+-#: option.c:3826
++#: option.c:3906
+ #, fuzzy
+ msgid "bad trust anchor"
+ msgstr "port salah"
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr ""
+ 
+-#: option.c:3850
++#: option.c:3930
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr ""
+ 
+ # OK
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr "kurang \""
+ 
+ # OK
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr "pilihan salah"
+ 
+ # OK
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr "parameter berlebihan"
+ 
+ # OK
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr "parameter kurang"
+ 
+ # OK
+-#: option.c:3972
++#: option.c:4052
+ #, fuzzy
+ msgid "illegal option"
+ msgstr "pilihan salah"
+ 
+ # OK
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr "kesalahan"
+ 
+ # OK
+-#: option.c:3981
++#: option.c:4061
+ #, fuzzy, c-format
+ msgid " at line %d of %s"
+ msgstr "%s pada baris %d dari %%s"
+ 
+ # OK
+-#: option.c:4045 option.c:4168 tftp.c:667
+-#, c-format
+-msgid "cannot read %s: %s"
+-msgstr "tidak bisa membaca %s: %s"
+-
+-# OK
+-#: option.c:4229 option.c:4265
++#: option.c:4076 option.c:4323 option.c:4359
+ #, fuzzy, c-format
+ msgid "read %s"
+ msgstr "membaca %s"
+ 
+-#: option.c:4331
++# OK
++#: option.c:4139 option.c:4262 tftp.c:667
++#, c-format
++msgid "cannot read %s: %s"
++msgstr "tidak bisa membaca %s: %s"
++
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr ""
+ 
+ # OK
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr "Dnsmasq versi %s  %s\n"
+ 
+ # OK
+-#: option.c:4367
++#: option.c:4461
+ #, fuzzy, c-format
+ msgid ""
+ "Compile time options: %s\n"
+@@ -1189,100 +1227,100 @@ msgstr ""
+ "\n"
+ 
+ # OK
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr "Perangkat lunak ini tersedia TANPA JAMINAN SEDIKITPUN.\n"
+ 
+ # OK
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr "Dnsdmasq adalah perangkat lunak bebas, dan Anda dipersilahkan untuk membagikannya\n"
+ 
+ # OK
+-#: option.c:4370
++#: option.c:4464
+ #, fuzzy, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr "dengan aturan GNU General Public License, versi 2.\n"
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr ""
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr ""
+ 
+ # OK
+-#: option.c:4385
++#: option.c:4479
+ #, fuzzy, c-format
+ msgid "bad command line options: %s"
+ msgstr "pilihan baris perintah salah: %s."
+ 
+ # OK
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr "tidak bisa mendapatkan host-name: %s"
+ 
+ # OK
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr "hanya satu file resolv.conf yang diperbolehkan dalam modus no-poll."
+ 
+ # OK
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr "harus mempunyai tepat satu resolv.conf untuk mendapatkan nama domain."
+ 
+ # OK
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, fuzzy, c-format
+ msgid "failed to read %s: %s"
+ msgstr "gagal membaca %s: %s"
+ 
+ # OK
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr "tidak ditemukan direktif search di %s"
+ 
+-#: option.c:4513
++#: option.c:4614
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr ""
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr ""
+ 
+ # OK
+-#: forward.c:114
++#: forward.c:111
+ #, fuzzy, c-format
+ msgid "failed to send packet: %s"
+ msgstr "gagal mendengarkan di socket: %s"
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr ""
+ 
+ # OK
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr "nameserver %s menolak melakukan resolusi rekursif"
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr ""
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr ""
+ 
+ # OK
+-#: forward.c:2101
++#: forward.c:2178
+ #, fuzzy, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
+@@ -1385,301 +1423,315 @@ msgstr "menggunakan nameserver %s#%d"
+ msgid "using nameserver %s#%d"
+ msgstr "menggunakan nameserver %s#%d"
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:156
++msgid "no trust anchors provided for DNSSEC"
+ msgstr ""
+ 
+-# OK
+ #: dnsmasq.c:159
++msgid "cannot reduce cache size from default when DNSSEC enabled"
++msgstr ""
++
++# OK
++#: dnsmasq.c:161
+ #, fuzzy
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
+ 
+ # OK
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ #, fuzzy
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++msgid "cannot use --conntrack AND --query-port"
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:173
++#: dnsmasq.c:175
+ #, fuzzy
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ msgid "asychronous logging is not available under Solaris"
+ msgstr ""
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ msgid "asychronous logging is not available under Android"
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ #, fuzzy
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
+ 
+ # OK
+-#: dnsmasq.c:193
++#: dnsmasq.c:195
+ #, fuzzy
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr ""
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr "gagal mendapatkan daftar antarmuka: %s"
+ 
+ # OK
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr "antarmuka tidak dikenal %s"
+ 
+ # OK
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr "DBus error: %s"
+ 
+ # OK
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, fuzzy, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr "dimulai, cache versi %s di disable"
+ 
+ # OK
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr "dimulai, versi %s ukuran cache %d"
+ 
+ # OK
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr "dimulai, cache versi %s di disable"
+ 
+ # OK
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr "pilihan-pilihan saat kompilasi: %s"
+ 
+ # OK
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr "dukungan DBus dimungkinkan: terkoneksi pada bus sistem"
+ 
+ # OK
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr "dukungan DBus dimungkinkan: koneksi bus ditunda"
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr ""
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr ""
+ 
++#: dnsmasq.c:708
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr ""
++
+ # OK
+-#: dnsmasq.c:684
++#: dnsmasq.c:713
+ #, fuzzy, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr "gagal memuat nama-nama dari %s: %s"
+ 
+ # OK
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr "setelan opsi --bind-interfaces disebabkan keterbatasan OS"
+ 
+ # OK
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr "peringatan: antarmuka %s tidak ada"
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ #, fuzzy
+ msgid "warning: no upstream servers configured"
+ msgstr "menyetel server-server di atas dengan DBus"
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr ""
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ #, fuzzy
+ msgid "enabled"
+ msgstr "di disable"
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr ""
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr "terhubung ke sistem DBus"
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, fuzzy, c-format
+ msgid "failed to create helper: %s"
+ msgstr "gagal membaca %s: %s"
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, fuzzy, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr "gagal memuat nama-nama dari %s: %s"
+ 
+ # OK
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, fuzzy, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr "gagal memuat nama-nama dari %s: %s"
+ 
+ # OK
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, fuzzy, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr "gagal membaca %s: %s"
+ 
+ # OK
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, fuzzy, c-format
+ msgid "cannot open log %s: %s"
+ msgstr "tidak bisa membuka %s:%s"
+ 
+ # OK
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, fuzzy, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr "gagal memuat %S: %s"
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1151
++# OK
++#: dnsmasq.c:1183
++#, fuzzy, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr "tidak dapat membuka atau membuat file lease: %s"
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr ""
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, c-format
+ msgid "script process killed by signal %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, c-format
+ msgid "script process exited with status %d"
+ msgstr ""
+ 
+ # OK
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, fuzzy, c-format
+ msgid "failed to execute %s: %s"
+ msgstr "gagal mengakses %s: %s"
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr "keluar karena menerima SIGTERM"
+ 
+ # OK
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, fuzzy, c-format
+ msgid "failed to access %s: %s"
+ msgstr "gagal mengakses %s: %s"
+ 
+ # OK
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr "membaca %s"
+ 
+ # OK
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, fuzzy, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr "tidak ditemukan direktif search di %s"
+@@ -1725,29 +1777,29 @@ msgstr "antarmuka tidak dikenal %s"
+ msgid "DHCP packet received on %s which has no address"
+ msgstr ""
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr ""
+ 
+ # OK
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr "jangkauan DHCP %s -- %s tidak konsisten dengan netmask %s"
+ 
+ # OK
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, fuzzy, c-format
+ msgid "bad line at %s line %d"
+ msgstr "kesalahan nama pada %s baris %d"
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr ""
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr ""
+@@ -1830,13 +1882,13 @@ msgid "disabled"
+ msgstr "di disable"
+ 
+ # OK
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr "diabaikan"
+ 
+ # OK
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr "alamat telah digunakan"
+ 
+@@ -1860,7 +1912,7 @@ msgstr "tak ada alamat yang disetel"
+ msgid "no leases left"
+ msgstr "tak ada lease yang tersisa"
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, c-format
+ msgid "%u client provides name: %s"
+ msgstr ""
+@@ -1870,7 +1922,7 @@ msgid "PXE BIS not supported"
+ msgstr ""
+ 
+ # OK
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, fuzzy, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr "men-disable alamat statik DHCP %s"
+@@ -1909,7 +1961,7 @@ msgid "wrong address"
+ msgstr "alamat salah"
+ 
+ # OK
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr "lease tak ditemukan"
+ 
+@@ -1965,7 +2017,7 @@ msgid "PXE menu too large"
+ msgstr ""
+ 
+ # OK
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, fuzzy, c-format
+ msgid "%u requested options: %s"
+ msgstr "pilihan-pilihan saat kompilasi: %s"
+@@ -1982,7 +2034,7 @@ msgid "cannot create netlink socket: %s"
+ msgstr "tidak bisa mem-bind netlink socket: %s"
+ 
+ # OK
+-#: netlink.c:347
++#: netlink.c:348
+ #, fuzzy, c-format
+ msgid "netlink returns error: %s"
+ msgstr "DBus error: %s"
+@@ -2116,72 +2168,72 @@ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr "tidak ada alamat yang bisa dipakai untuk permintaan DHCP %s %s"
+ 
+ # OK
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, fuzzy, c-format
+ msgid "%u vendor class: %u"
+ msgstr "DBus error: %s"
+ 
+ # OK
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, fuzzy, c-format
+ msgid "%u client MAC address: %s"
+ msgstr "tidak ada antarmuka dengan alamat %s"
+ 
+ # OK
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, fuzzy, c-format
+ msgid "unknown prefix-class %d"
+ msgstr "lease tidak diketahui"
+ 
+-#: rfc3315.c:791 rfc3315.c:913
++# OK
++#: rfc3315.c:803 rfc3315.c:902
++#, fuzzy
++msgid "address unavailable"
++msgstr "alamat tak tersedia"
++
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
+ msgid "success"
+ msgstr ""
+ 
+ # OK
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
+ #, fuzzy
+ msgid "no addresses available"
+ msgstr "tak ada alamat yang tersedia"
+ 
+-# OK
+-#: rfc3315.c:865
+-#, fuzzy
+-msgid "address unavailable"
+-msgstr "alamat tak tersedia"
+-
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr ""
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr ""
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr ""
+ 
+ # OK
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ #, fuzzy
+ msgid "address invalid"
+ msgstr "alamat telah digunakan"
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr ""
+ 
+ # OK
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ #, fuzzy
+ msgid "all addresses still on link"
+ msgstr "kesalahan nama pada %s baris %d"
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr ""
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr ""
+ 
+@@ -2280,7 +2332,7 @@ msgstr ""
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr "tidak bisa membuat socket DHCP: %s"
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr ""
+@@ -2297,59 +2349,99 @@ msgstr "gagal mem-bind socket server DHCP: %s"
+ msgid "failed to create IPset control socket: %s"
+ msgstr "gagal membuat socket: %s "
+ 
++# OK
++#: dnssec.c:425 dnssec.c:469
++#, fuzzy, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr "gagal membaca %s: %s"
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr ""
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr ""
+ 
+ # OK
+-#: tables.c:105
++#: tables.c:109
+ #, fuzzy, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr "gagal mengakses %s: %s"
+ 
+ # OK
+-#: tables.c:119
++#: tables.c:123
+ #, fuzzy, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr "menggunakan alamat lokal saja untuk %s %s"
+ 
+ # OK
+-#: tables.c:127
++#: tables.c:131
+ #, fuzzy, c-format
+ msgid "error: cannot use table name %s"
+ msgstr "tidak bisa mendapatkan host-name: %s"
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr ""
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr ""
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr ""
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr ""
+ 
+ # OK
+-#: tables.c:162
++#: tables.c:166
+ #, fuzzy, c-format
+ msgid "%d addresses %s"
+ msgstr "membaca %s - %d alamat"
+ 
+ # OK
++#: inotify.c:46
++#, fuzzy, c-format
++msgid "failed to create inotify: %s"
++msgstr "gagal membaca %s: %s"
++
++# OK
++#: inotify.c:60
++#, fuzzy, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr "tidak dapat membuka atau membuat file lease: %s"
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++# OK
++#: inotify.c:75 inotify.c:112
++#, fuzzy, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr "gagal membuat socket: %s "
++
++# OK
++#: inotify.c:97
++#, fuzzy, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr "tidak bisa membaca %s: %s"
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
++
++# OK
+ #~ msgid "duplicate IP address %s in dhcp-config directive."
+ #~ msgstr "alamat IP kembar %s dalam direktif dhcp-config"
+ 
+diff --git a/po/it.po b/po/it.po
+index f3b547576ba4..64342c9804ba 100644
+--- a/po/it.po
++++ b/po/it.po
+@@ -16,70 +16,70 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr ""
+ 
+-#: cache.c:908
++#: cache.c:941
+ #, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr ""
+ 
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, c-format
+ msgid "bad address at %s line %d"
+ msgstr ""
+ 
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr ""
+ 
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr ""
+ 
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr ""
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr ""
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr ""
+ 
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr ""
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr ""
+ 
+-#: cache.c:1367
++#: cache.c:1422
+ #, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr ""
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr ""
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr ""
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr ""
+@@ -93,7 +93,7 @@ msgstr ""
+ msgid "failed to allocate memory"
+ msgstr ""
+ 
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr ""
+ 
+@@ -107,990 +107,1018 @@ msgstr ""
+ msgid "failed to allocate %d bytes"
+ msgstr ""
+ 
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr ""
+ 
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr ""
+ 
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr ""
+ 
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr ""
+ 
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr ""
+ 
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr ""
+ 
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr ""
+ 
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr ""
+ 
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr ""
+ 
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr ""
+ 
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr ""
+ 
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr ""
+ 
+-#: option.c:332
++#: option.c:344
+ msgid "Read DHCP host specs from file."
+ msgstr ""
+ 
+-#: option.c:333
++#: option.c:345
+ msgid "Read DHCP option specs from file."
+ msgstr ""
+ 
+-#: option.c:334
++#: option.c:346
++msgid "Read DHCP host specs from a directory."
++msgstr ""
++
++#: option.c:347
++msgid "Read DHCP options from a directory."
++msgstr ""
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr ""
+ 
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr ""
+ 
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr ""
+ 
+-#: option.c:337
++#: option.c:351
++msgid "Read hosts files from a directory."
++msgstr ""
++
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr ""
+ 
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr ""
+ 
+-#: option.c:339
++#: option.c:354
+ msgid "Map DHCP user class to tag."
+ msgstr ""
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr ""
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr ""
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr ""
+ 
+-#: option.c:343
++#: option.c:358
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr ""
+ 
+-#: option.c:344
++#: option.c:359
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr ""
+ 
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr ""
+ 
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr ""
+ 
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr ""
+ 
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr ""
+ 
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr ""
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr ""
+ 
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr ""
+ 
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr ""
+ 
+-#: option.c:354
++#: option.c:369
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr ""
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr ""
+ 
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr ""
+ 
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:358
++#: option.c:373
+ msgid "Log DNS queries."
+ msgstr ""
+ 
+-#: option.c:359
++#: option.c:374
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr ""
+ 
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr ""
+ 
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:362
++#: option.c:377
+ msgid "Specify path to file with server= options"
+ msgstr ""
+ 
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr ""
+ 
+-#: option.c:364
++#: option.c:379
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr ""
+ 
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr ""
+ 
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr ""
+ 
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr ""
+ 
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr ""
+ 
+-#: option.c:369
++#: option.c:384
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr ""
+ 
+-#: option.c:370
++#: option.c:385
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr ""
+ 
+-#: option.c:371
++#: option.c:386
++msgid "Specify time-to-live ceiling for cache."
++msgstr ""
++
++#: option.c:387
++msgid "Specify time-to-live floor for cache."
++msgstr ""
++
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:372
++#: option.c:389
+ msgid "Map DHCP vendor class to tag."
+ msgstr ""
+ 
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr ""
+ 
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr ""
+ 
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr ""
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr ""
+ 
+-#: option.c:377
++#: option.c:394
+ #, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr ""
+ 
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr ""
+ 
+-#: option.c:381
++#: option.c:398
+ msgid "Specify PTR DNS record."
+ msgstr ""
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr ""
+ 
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr ""
+ 
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr ""
+ 
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr ""
+ 
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr ""
+ 
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr ""
+ 
+-#: option.c:388
++#: option.c:405
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr ""
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr ""
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr ""
+ 
+-#: option.c:391
++#: option.c:408
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:392
++#: option.c:409
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:393
++#: option.c:410
+ msgid "Run lease-change scripts as this user."
+ msgstr ""
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr ""
+ 
+-#: option.c:395
++#: option.c:412
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr ""
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr ""
+ 
+-#: option.c:397
++#: option.c:414
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr ""
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr ""
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr ""
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr ""
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr ""
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr ""
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr ""
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr ""
+ 
+-#: option.c:405
++#: option.c:422
+ #, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr ""
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr ""
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr ""
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr ""
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr ""
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr ""
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr ""
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr ""
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr ""
+ 
+-#: option.c:415
++#: option.c:432
+ msgid "Set tag if client includes matching option in request."
+ msgstr ""
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr ""
+ 
+-#: option.c:417
++#: option.c:434
+ msgid "Specify NAPTR DNS record."
+ msgstr ""
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr ""
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr ""
+ 
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr ""
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr ""
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr ""
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr ""
+ 
+-#: option.c:424
++#: option.c:441
+ msgid "Prompt to send to PXE clients."
+ msgstr ""
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr ""
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr ""
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:428
++#: option.c:445
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:429
++#: option.c:446
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr ""
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr ""
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr ""
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr ""
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr ""
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr ""
+ 
+-#: option.c:435
++#: option.c:452
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr ""
+ 
+-#: option.c:436
++#: option.c:453
+ msgid "Specify arbitrary DNS resource record"
+ msgstr ""
+ 
+-#: option.c:437
++#: option.c:454
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr ""
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr ""
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr ""
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr ""
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr ""
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr ""
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr ""
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr ""
+ 
+-#: option.c:445
++#: option.c:462
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr ""
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr ""
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr ""
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr ""
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr ""
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr ""
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr ""
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr ""
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr ""
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr ""
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr ""
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr ""
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr ""
+ 
+-#: option.c:661
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+ "\n"
+ msgstr ""
+ 
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr ""
+ 
+-#: option.c:665
++#: option.c:684
+ #, c-format
+ msgid "Valid options are:\n"
+ msgstr ""
+ 
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr ""
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr ""
+ 
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ msgid "bad interface name"
+ msgstr ""
+ 
+-#: option.c:792
++#: option.c:811
+ msgid "bad address"
+ msgstr ""
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr ""
+ 
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr ""
+ 
+-#: option.c:1056
++#: option.c:1075
+ msgid "bad IP address"
+ msgstr ""
+ 
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ msgid "bad IPv6 address"
+ msgstr ""
+ 
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr ""
+ 
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr ""
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr ""
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr ""
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr ""
+ 
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr ""
+ 
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, c-format
+ msgid "cannot access %s: %s"
+ msgstr ""
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr ""
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr ""
+ 
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr ""
+ 
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr ""
+ 
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr ""
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr ""
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr ""
+ 
+-#: option.c:1687
++#: option.c:1714
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr ""
+ 
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ msgid "bad prefix"
+ msgstr ""
+ 
+-#: option.c:2289
++#: option.c:2352
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr ""
+ 
+-#: option.c:2469
++#: option.c:2545
+ msgid "bad port range"
+ msgstr ""
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr ""
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr ""
+ 
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr ""
+ 
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr ""
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr ""
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr ""
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr ""
+ 
+-#: option.c:2660
++#: option.c:2736
+ msgid "inconsistent DHCPv6 range"
+ msgstr ""
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr ""
+ 
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ msgid "bad hex constant"
+ msgstr ""
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr ""
+ 
+-#: option.c:2852
++#: option.c:2928
+ #, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr ""
+ 
+-#: option.c:2910
++#: option.c:2986
+ msgid "bad DHCP host name"
+ msgstr ""
+ 
+-#: option.c:2992
++#: option.c:3068
+ msgid "bad tag-if"
+ msgstr ""
+ 
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr ""
+ 
+-#: option.c:3378
++#: option.c:3454
+ msgid "bad dhcp-proxy address"
+ msgstr ""
+ 
+-#: option.c:3404
++#: option.c:3480
+ msgid "Bad dhcp-relay"
+ msgstr ""
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr ""
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr ""
+ 
+-#: option.c:3481
++#: option.c:3557
+ msgid "invalid alias range"
+ msgstr ""
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr ""
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr ""
+ 
+-#: option.c:3560
++#: option.c:3636
+ msgid "bad PTR record"
+ msgstr ""
+ 
+-#: option.c:3591
++#: option.c:3667
+ msgid "bad NAPTR record"
+ msgstr ""
+ 
+-#: option.c:3625
++#: option.c:3701
+ msgid "bad RR record"
+ msgstr ""
+ 
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr ""
+ 
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr ""
+ 
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr ""
+ 
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr ""
+ 
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr ""
+ 
+-#: option.c:3748
++#: option.c:3824
+ msgid "Bad host-record"
+ msgstr ""
+ 
+-#: option.c:3765
++#: option.c:3841
+ msgid "Bad name in host-record"
+ msgstr ""
+ 
+-#: option.c:3826
++#: option.c:3906
+ msgid "bad trust anchor"
+ msgstr ""
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr ""
+ 
+-#: option.c:3850
++#: option.c:3930
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr ""
+ 
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr ""
+ 
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr ""
+ 
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr ""
+ 
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr ""
+ 
+-#: option.c:3972
++#: option.c:4052
+ msgid "illegal option"
+ msgstr ""
+ 
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr ""
+ 
+-#: option.c:3981
++#: option.c:4061
+ #, c-format
+ msgid " at line %d of %s"
+ msgstr ""
+ 
+-#: option.c:4045 option.c:4168 tftp.c:667
++#: option.c:4076 option.c:4323 option.c:4359
+ #, c-format
+-msgid "cannot read %s: %s"
++msgid "read %s"
+ msgstr ""
+ 
+-#: option.c:4229 option.c:4265
++#: option.c:4139 option.c:4262 tftp.c:667
+ #, c-format
+-msgid "read %s"
++msgid "cannot read %s: %s"
+ msgstr ""
+ 
+-#: option.c:4331
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr ""
+ 
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr ""
+ 
+-#: option.c:4367
++#: option.c:4461
+ #, c-format
+ msgid ""
+ "Compile time options: %s\n"
+ "\n"
+ msgstr ""
+ 
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr ""
+ 
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr ""
+ 
+-#: option.c:4370
++#: option.c:4464
+ #, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr ""
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr ""
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr ""
+ 
+-#: option.c:4385
++#: option.c:4479
+ #, c-format
+ msgid "bad command line options: %s"
+ msgstr ""
+ 
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr ""
+ 
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr ""
+ 
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr ""
+ 
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, c-format
+ msgid "failed to read %s: %s"
+ msgstr ""
+ 
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr ""
+ 
+-#: option.c:4513
++#: option.c:4614
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr ""
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr ""
+ 
+-#: forward.c:114
++#: forward.c:111
+ #, c-format
+ msgid "failed to send packet: %s"
+ msgstr ""
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr ""
+ 
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr ""
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr ""
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr ""
+ 
+-#: forward.c:2101
++#: forward.c:2178
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr ""
+@@ -1180,263 +1208,276 @@ msgstr ""
+ msgid "using nameserver %s#%d"
+ msgstr ""
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:156
++msgid "no trust anchors provided for DNSSEC"
+ msgstr ""
+ 
+ #: dnsmasq.c:159
++msgid "cannot reduce cache size from default when DNSSEC enabled"
++msgstr ""
++
++#: dnsmasq.c:161
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++msgid "cannot use --conntrack AND --query-port"
+ msgstr ""
+ 
+-#: dnsmasq.c:173
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++#: dnsmasq.c:175
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ msgid "asychronous logging is not available under Solaris"
+ msgstr ""
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ msgid "asychronous logging is not available under Android"
+ msgstr ""
+ 
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:193
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++#: dnsmasq.c:195
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr ""
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr ""
+ 
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr ""
+ 
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr ""
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr ""
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr ""
+ 
+-#: dnsmasq.c:684
++#: dnsmasq.c:708
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr ""
++
++#: dnsmasq.c:713
+ #, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr ""
+ 
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr ""
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr ""
+ 
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ msgid "warning: no upstream servers configured"
+ msgstr ""
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr ""
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr ""
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr ""
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, c-format
+ msgid "failed to create helper: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, c-format
+ msgid "cannot open log %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1151
++#: dnsmasq.c:1183
++#, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr ""
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr ""
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, c-format
+ msgid "script process killed by signal %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, c-format
+ msgid "script process exited with status %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, c-format
+ msgid "failed to execute %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr ""
+ 
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, c-format
+ msgid "failed to access %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr ""
+@@ -1476,27 +1517,27 @@ msgstr ""
+ msgid "DHCP packet received on %s which has no address"
+ msgstr ""
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr ""
+ 
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr ""
+ 
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, c-format
+ msgid "bad line at %s line %d"
+ msgstr ""
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr ""
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr ""
+@@ -1567,12 +1608,12 @@ msgstr ""
+ msgid "disabled"
+ msgstr ""
+ 
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr ""
+ 
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr ""
+ 
+@@ -1592,7 +1633,7 @@ msgstr ""
+ msgid "no leases left"
+ msgstr ""
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, c-format
+ msgid "%u client provides name: %s"
+ msgstr ""
+@@ -1601,7 +1642,7 @@ msgstr ""
+ msgid "PXE BIS not supported"
+ msgstr ""
+ 
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr ""
+@@ -1637,7 +1678,7 @@ msgstr ""
+ msgid "wrong address"
+ msgstr ""
+ 
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr ""
+ 
+@@ -1687,7 +1728,7 @@ msgstr ""
+ msgid "PXE menu too large"
+ msgstr ""
+ 
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, c-format
+ msgid "%u requested options: %s"
+ msgstr ""
+@@ -1702,7 +1743,7 @@ msgstr ""
+ msgid "cannot create netlink socket: %s"
+ msgstr ""
+ 
+-#: netlink.c:347
++#: netlink.c:348
+ #, c-format
+ msgid "netlink returns error: %s"
+ msgstr ""
+@@ -1820,62 +1861,62 @@ msgstr ""
+ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr ""
+ 
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, c-format
+ msgid "%u vendor class: %u"
+ msgstr ""
+ 
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, c-format
+ msgid "%u client MAC address: %s"
+ msgstr ""
+ 
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, c-format
+ msgid "unknown prefix-class %d"
+ msgstr ""
+ 
+-#: rfc3315.c:791 rfc3315.c:913
+-msgid "success"
++#: rfc3315.c:803 rfc3315.c:902
++msgid "address unavailable"
+ msgstr ""
+ 
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
+-msgid "no addresses available"
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
++msgid "success"
+ msgstr ""
+ 
+-#: rfc3315.c:865
+-msgid "address unavailable"
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
++msgid "no addresses available"
+ msgstr ""
+ 
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr ""
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr ""
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr ""
+ 
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ msgid "address invalid"
+ msgstr ""
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr ""
+ 
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ msgid "all addresses still on link"
+ msgstr ""
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr ""
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr ""
+ 
+@@ -1968,7 +2009,7 @@ msgstr ""
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr ""
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr ""
+@@ -1983,50 +2024,85 @@ msgstr ""
+ msgid "failed to create IPset control socket: %s"
+ msgstr ""
+ 
++#: dnssec.c:425 dnssec.c:469
++#, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr ""
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr ""
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr ""
+ 
+-#: tables.c:105
++#: tables.c:109
+ #, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr ""
+ 
+-#: tables.c:119
++#: tables.c:123
+ #, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr ""
+ 
+-#: tables.c:127
++#: tables.c:131
+ #, c-format
+ msgid "error: cannot use table name %s"
+ msgstr ""
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr ""
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr ""
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr ""
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr ""
+ 
+-#: tables.c:162
++#: tables.c:166
+ #, c-format
+ msgid "%d addresses %s"
+ msgstr ""
++
++#: inotify.c:46
++#, c-format
++msgid "failed to create inotify: %s"
++msgstr ""
++
++#: inotify.c:60
++#, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr ""
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++#: inotify.c:75 inotify.c:112
++#, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr ""
++
++#: inotify.c:97
++#, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr ""
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
+diff --git a/po/no.po b/po/no.po
+index ff7eaad9cad1..c2e7067d2304 100644
+--- a/po/no.po
++++ b/po/no.po
+@@ -18,70 +18,70 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr ""
+ 
+-#: cache.c:908
++#: cache.c:941
+ #, fuzzy, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr "feilet å laste navn fra %s: %s"
+ 
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, c-format
+ msgid "bad address at %s line %d"
+ msgstr "dårlig adresse ved %s linje %d"
+ 
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr "dårlig navn ved %s linje %d"
+ 
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr "les %s - %d adresser"
+ 
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr "mellomlager tømt"
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr ""
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr ""
+ 
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr "gir ikke navnet %s til DHCP leien for %s fordi navnet eksisterer i %s med adressen %s"
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr ""
+ 
+-#: cache.c:1367
++#: cache.c:1422
+ #, fuzzy, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr "mellomlager størrelse %d, %d/%d mellomlager innsettinger re-bruker mellomlager plasser som ikke er utløpt"
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr ""
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr ""
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr ""
+@@ -96,7 +96,7 @@ msgstr "feilet 
+ msgid "failed to allocate memory"
+ msgstr "feilet å laste %d bytes"
+ 
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr "kunne ikke få minne"
+ 
+@@ -110,610 +110,643 @@ msgstr "kan ikke lese %s: %s"
+ msgid "failed to allocate %d bytes"
+ msgstr "feilet å laste %d bytes"
+ 
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr "uendelig"
+ 
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr "Spesifiser lokal(e) adresse(r) å lytte på."
+ 
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr "Returner ipaddr for alle verter i det spesifiserte domenet."
+ 
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr "Forfalsk revers oppslag for RFC1918 private adresse områder."
+ 
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr "Behandle ipaddr som NXDOMAIN (omgår Verisign wildcard)."
+ 
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr "Spesifiser størrelsen på mellomlager plassene (standard er %s)."
+ 
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr "Spesifiser konfigurasjonsfil (standard er %s)."
+ 
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr "IKKE legg (fork) som bakgrunnsprosess: kjør i debug modus."
+ 
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr "IKKE videresend oppslag som mangler domene del."
+ 
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr "Returner selv-pekende MX post for lokale verter."
+ 
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr "Utvid enkle navn i /etc/hosts med domene-suffiks."
+ 
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr "Ikke videresend falske/uekte DNS forespørsler fra Windows verter."
+ 
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr "Aktiver DHCP i det gitte området med leie varighet"
+ 
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr "Skift til denne gruppen etter oppstart (standard er %s)."
+ 
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr "Sett adresse eller vertsnavn for en spesifikk maskin."
+ 
+-#: option.c:332
++#: option.c:344
+ #, fuzzy
+ msgid "Read DHCP host specs from file."
+ msgstr "dårlig MX navn"
+ 
+-#: option.c:333
++#: option.c:345
+ msgid "Read DHCP option specs from file."
+ msgstr ""
+ 
+-#: option.c:334
++#: option.c:346
++#, fuzzy
++msgid "Read DHCP host specs from a directory."
++msgstr "dårlig MX navn"
++
++#: option.c:347
++#, fuzzy
++msgid "Read DHCP options from a directory."
++msgstr "dårlig MX navn"
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr ""
+ 
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr "IKKE last %s filen."
+ 
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr "Spesifiser en verts (hosts) fil som skal leses i tilleg til %s."
+ 
+-#: option.c:337
++#: option.c:351
++#, fuzzy
++msgid "Read hosts files from a directory."
++msgstr "dårlig MX navn"
++
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr "Spesifiser nettverkskort det skal lyttes på."
+ 
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr "Spesifiser nettverkskort det IKKE skal lyttes på."
+ 
+-#: option.c:339
++#: option.c:354
+ #, fuzzy
+ msgid "Map DHCP user class to tag."
+ msgstr "Map DHCP bruker klasse til opsjon sett."
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr ""
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr ""
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr ""
+ 
+-#: option.c:343
++#: option.c:358
+ #, fuzzy
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr "Ikke utfør DHCP for klienter i opsjon sett."
+ 
+-#: option.c:344
++#: option.c:359
+ #, fuzzy
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr "Ikke utfør DHCP for klienter i opsjon sett."
+ 
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr "IKKE last (fork) som bakgrunnsprosess, IKKE kjør i debug modus."
+ 
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr "Anta at vi er den eneste DHCP tjeneren på det lokale nettverket."
+ 
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr "Spesifiser hvor DHCP leiene skal lagres (standard er %s)."
+ 
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr "Returner MX records for lokale verter."
+ 
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr "Spesifiser en MX post."
+ 
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr "Spesifiser BOOTP opsjoner til DHCP tjener."
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr "IKKE spør (poll) %s fil, les på nytt kun ved SIGHUP"
+ 
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr "IKKE mellomlagre søkeresultater som feiler."
+ 
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr "Bruk navnetjenere kun som bestemt i rekkefølgen gitt i %s."
+ 
+-#: option.c:354
++#: option.c:369
+ #, fuzzy
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr "Sett ekstra opsjoner som skal fordeles til DHCP klientene."
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr ""
+ 
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr "Spesifiser lytteport for DNS oppslag (standard er 53)."
+ 
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr "Maksimal støttet UDP pakkestørrelse for EDNS.0 (standard er %s)."
+ 
+-#: option.c:358
++#: option.c:373
+ #, fuzzy
+ msgid "Log DNS queries."
+ msgstr "Logg oppslag."
+ 
+-#: option.c:359
++#: option.c:374
+ #, fuzzy
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr "Tving bruk av opprinnelig port for oppstrøms oppslag."
+ 
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr "IKKE les resolv.conf."
+ 
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr "Spesifiser stien til resolv.conf (standard er %s)."
+ 
+-#: option.c:362
++#: option.c:377
+ #, fuzzy
+ msgid "Specify path to file with server= options"
+ msgstr "Spesifiser stien til PID fil. (standard er %s)."
+ 
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr "Spesifiser adressen(e) til oppstrøms tjenere med valgfrie domener."
+ 
+-#: option.c:364
++#: option.c:379
+ #, fuzzy
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr "Spesifiser adressen(e) til oppstrøms tjenere med valgfrie domener."
+ 
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr "Aldri videresend oppslag til spesifiserte domener."
+ 
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr "Spesifiser domenet som skal tildeles i DHCP leien."
+ 
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr "Spesifiser default mål i en MX post."
+ 
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
+ 
+-#: option.c:369
++#: option.c:384
+ #, fuzzy
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
+ 
+-#: option.c:370
++#: option.c:385
+ #, fuzzy
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
+ 
+-#: option.c:371
++#: option.c:386
++#, fuzzy
++msgid "Specify time-to-live ceiling for cache."
++msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
++
++#: option.c:387
++#, fuzzy
++msgid "Specify time-to-live floor for cache."
++msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
++
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr "Skift til denne bruker etter oppstart (standard er %s)."
+ 
+-#: option.c:372
++#: option.c:389
+ #, fuzzy
+ msgid "Map DHCP vendor class to tag."
+ msgstr "Map DHCP produsent klasse til opsjon sett."
+ 
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr "Vis dnsmasq versjon og copyright informasjon."
+ 
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr "Oversett IPv4 adresser fra oppstrøms tjenere."
+ 
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr "Spesifiser en SRV post."
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr ""
+ 
+-#: option.c:377
++#: option.c:394
+ #, fuzzy, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr "Spesifiser stien til PID fil. (standard er %s)."
+ 
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
+ 
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr "Svar DNS oppslag basert på nettverkskortet oppslaget ble sendt til."
+ 
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr "Spesifiser TXT DNS post."
+ 
+-#: option.c:381
++#: option.c:398
+ #, fuzzy
+ msgid "Specify PTR DNS record."
+ msgstr "Spesifiser TXT DNS post."
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr ""
+ 
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr "Bind kun til nettverkskort som er i bruk."
+ 
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr "Les DHCP statisk vert informasjon fra %s."
+ 
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr "Aktiver DBus interface for å sette oppstrøms tjenere, osv."
+ 
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr "Ikke lever DHCP på dette nettverkskortet, kun lever DNS."
+ 
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr "Aktiver dynamisk adresse allokering for bootp."
+ 
+-#: option.c:388
++#: option.c:405
+ #, fuzzy
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr "Map DHCP produsent klasse til opsjon sett."
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr ""
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr ""
+ 
+-#: option.c:391
++#: option.c:408
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:392
++#: option.c:409
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:393
++#: option.c:410
+ msgid "Run lease-change scripts as this user."
+ msgstr ""
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr ""
+ 
+-#: option.c:395
++#: option.c:412
+ #, fuzzy
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr "Skift til denne bruker etter oppstart (standard er %s)."
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr ""
+ 
+-#: option.c:397
++#: option.c:414
+ #, fuzzy, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr ""
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr ""
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr ""
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr ""
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr ""
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr ""
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr ""
+ 
+-#: option.c:405
++#: option.c:422
+ #, fuzzy, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr ""
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr ""
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr ""
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr ""
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr ""
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr ""
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr ""
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr ""
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr ""
+ 
+-#: option.c:415
++#: option.c:432
+ msgid "Set tag if client includes matching option in request."
+ msgstr ""
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr ""
+ 
+-#: option.c:417
++#: option.c:434
+ #, fuzzy
+ msgid "Specify NAPTR DNS record."
+ msgstr "Spesifiser TXT DNS post."
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr ""
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr ""
+ 
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr ""
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr ""
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr ""
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr ""
+ 
+-#: option.c:424
++#: option.c:441
+ #, fuzzy
+ msgid "Prompt to send to PXE clients."
+ msgstr "Sett ekstra opsjoner som skal fordeles til DHCP klientene."
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr ""
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr ""
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:428
++#: option.c:445
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:429
++#: option.c:446
+ #, fuzzy
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr "Oversett IPv4 adresser fra oppstrøms tjenere."
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr ""
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr ""
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr ""
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr ""
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr ""
+ 
+-#: option.c:435
++#: option.c:452
+ #, fuzzy
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr "Spesifiser en MX post."
+ 
+-#: option.c:436
++#: option.c:453
+ #, fuzzy
+ msgid "Specify arbitrary DNS resource record"
+ msgstr "Spesifiser TXT DNS post."
+ 
+-#: option.c:437
++#: option.c:454
+ #, fuzzy
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr "ukjent tilknytning (interface) %s"
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr ""
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr ""
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr ""
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr ""
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr ""
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr ""
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr ""
+ 
+-#: option.c:445
++#: option.c:462
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr ""
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr ""
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr ""
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr ""
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr ""
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr ""
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr ""
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr ""
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr ""
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr ""
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr ""
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr ""
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr ""
+ 
+-#: option.c:661
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+@@ -722,332 +755,332 @@ msgstr ""
+ "Bruk: dnsmasq [opsjoner]\n"
+ "\n"
+ 
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr "Bruk korte opsjoner kun på kommandolinjen.\n"
+ 
+-#: option.c:665
++#: option.c:684
+ #, fuzzy, c-format
+ msgid "Valid options are:\n"
+ msgstr "Gyldige opsjoner er :\n"
+ 
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr "dårlig port"
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr ""
+ 
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ #, fuzzy
+ msgid "bad interface name"
+ msgstr "dårlig MX navn"
+ 
+-#: option.c:792
++#: option.c:811
+ #, fuzzy
+ msgid "bad address"
+ msgstr "les %s - %d adresser"
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr ""
+ 
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr "dårlig dhcp-opsjon"
+ 
+-#: option.c:1056
++#: option.c:1075
+ #, fuzzy
+ msgid "bad IP address"
+ msgstr "les %s - %d adresser"
+ 
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ #, fuzzy
+ msgid "bad IPv6 address"
+ msgstr "les %s - %d adresser"
+ 
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr "dårlig domene i dhcp-opsjon"
+ 
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr "dhcp-opsjon for lang"
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr ""
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr ""
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr ""
+ 
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, fuzzy, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr "kan ikke lese %s: %s"
+ 
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, fuzzy, c-format
+ msgid "cannot access %s: %s"
+ msgstr "kan ikke lese %s: %s"
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr ""
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr ""
+ 
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr "dårlig MX preferanse"
+ 
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr "dårlig MX navn"
+ 
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr "dårlig MX mål"
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr ""
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr ""
+ 
+-#: option.c:1687
++#: option.c:1714
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr ""
+ 
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ #, fuzzy
+ msgid "bad prefix"
+ msgstr "dårlig port"
+ 
+-#: option.c:2289
++#: option.c:2352
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr ""
+ 
+-#: option.c:2469
++#: option.c:2545
+ #, fuzzy
+ msgid "bad port range"
+ msgstr "dårlig port"
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr ""
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr ""
+ 
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr "dårlig dhcp-område"
+ 
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr "ikke konsistent DHCP område"
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr ""
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr ""
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr ""
+ 
+-#: option.c:2660
++#: option.c:2736
+ #, fuzzy
+ msgid "inconsistent DHCPv6 range"
+ msgstr "ikke konsistent DHCP område"
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr ""
+ 
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ #, fuzzy
+ msgid "bad hex constant"
+ msgstr "dårlig dhcp-vert"
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr ""
+ 
+-#: option.c:2852
++#: option.c:2928
+ #, fuzzy, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr "dubliserte IP adresser i %s dhcp-config direktiv."
+ 
+-#: option.c:2910
++#: option.c:2986
+ #, fuzzy
+ msgid "bad DHCP host name"
+ msgstr "dårlig MX navn"
+ 
+-#: option.c:2992
++#: option.c:3068
+ #, fuzzy
+ msgid "bad tag-if"
+ msgstr "dårlig MX mål"
+ 
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr "ugyldig portnummer"
+ 
+-#: option.c:3378
++#: option.c:3454
+ #, fuzzy
+ msgid "bad dhcp-proxy address"
+ msgstr "les %s - %d adresser"
+ 
+-#: option.c:3404
++#: option.c:3480
+ #, fuzzy
+ msgid "Bad dhcp-relay"
+ msgstr "dårlig dhcp-område"
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr ""
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr ""
+ 
+-#: option.c:3481
++#: option.c:3557
+ #, fuzzy
+ msgid "invalid alias range"
+ msgstr "ugyldig vekt"
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr ""
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr ""
+ 
+-#: option.c:3560
++#: option.c:3636
+ #, fuzzy
+ msgid "bad PTR record"
+ msgstr "dårlig SRV post"
+ 
+-#: option.c:3591
++#: option.c:3667
+ #, fuzzy
+ msgid "bad NAPTR record"
+ msgstr "dårlig SRV post"
+ 
+-#: option.c:3625
++#: option.c:3701
+ #, fuzzy
+ msgid "bad RR record"
+ msgstr "dårlig SRV post"
+ 
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr "dårlig TXT post"
+ 
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr "dårlig SRV post"
+ 
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr "dårlig SRV mål"
+ 
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr "ugyldig prioritet"
+ 
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr "ugyldig vekt"
+ 
+-#: option.c:3748
++#: option.c:3824
+ #, fuzzy
+ msgid "Bad host-record"
+ msgstr "dårlig SRV post"
+ 
+-#: option.c:3765
++#: option.c:3841
+ #, fuzzy
+ msgid "Bad name in host-record"
+ msgstr "dårlig navn i %s"
+ 
+-#: option.c:3826
++#: option.c:3906
+ #, fuzzy
+ msgid "bad trust anchor"
+ msgstr "dårlig port"
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr ""
+ 
+-#: option.c:3850
++#: option.c:3930
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr ""
+ 
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr "mangler \""
+ 
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr "dårlig opsjon"
+ 
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr "overflødig parameter"
+ 
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr "mangler parameter"
+ 
+-#: option.c:3972
++#: option.c:4052
+ #, fuzzy
+ msgid "illegal option"
+ msgstr "dårlig opsjon"
+ 
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr "feil"
+ 
+-#: option.c:3981
++#: option.c:4061
+ #, fuzzy, c-format
+ msgid " at line %d of %s"
+ msgstr "%s på linje %d av %%s"
+ 
+-#: option.c:4045 option.c:4168 tftp.c:667
+-#, c-format
+-msgid "cannot read %s: %s"
+-msgstr "kan ikke lese %s: %s"
+-
+-#: option.c:4229 option.c:4265
++#: option.c:4076 option.c:4323 option.c:4359
+ #, fuzzy, c-format
+ msgid "read %s"
+ msgstr "leser %s"
+ 
+-#: option.c:4331
++#: option.c:4139 option.c:4262 tftp.c:667
++#, c-format
++msgid "cannot read %s: %s"
++msgstr "kan ikke lese %s: %s"
++
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr ""
+ 
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr "Dnsmasq versjon %s %s\n"
+ 
+-#: option.c:4367
++#: option.c:4461
+ #, fuzzy, c-format
+ msgid ""
+ "Compile time options: %s\n"
+@@ -1056,89 +1089,89 @@ msgstr ""
+ "Kompileringsopsjoner %s\n"
+ "\n"
+ 
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr "Denne programvaren kommer med ABSOLUTT INGEN GARANTI.\n"
+ 
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr "DNsmasq er fri programvare, du er velkommen til å redistribuere den\n"
+ 
+-#: option.c:4370
++#: option.c:4464
+ #, fuzzy, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr "under vilkårene gitt i GNU General Public License, versjon 2.\n"
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr ""
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr ""
+ 
+-#: option.c:4385
++#: option.c:4479
+ #, fuzzy, c-format
+ msgid "bad command line options: %s"
+ msgstr "dårlige kommandlinje opsjoner: %s."
+ 
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr "klarer ikke å få vertsnavn: %s"
+ 
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr "kun en resolv.conf fil tillat i no-poll modus."
+ 
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr "må ha nøyaktig en resolv.conf å lese domene fra."
+ 
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, fuzzy, c-format
+ msgid "failed to read %s: %s"
+ msgstr "feilet å lese %s: %s"
+ 
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr "intet søke direktiv funnet i %s"
+ 
+-#: option.c:4513
++#: option.c:4614
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr ""
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr ""
+ 
+-#: forward.c:114
++#: forward.c:111
+ #, fuzzy, c-format
+ msgid "failed to send packet: %s"
+ msgstr "feilet å lytte på socket: %s"
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr ""
+ 
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr "navnetjener %s nektet å gjøre et rekursivt oppslag"
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr ""
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr ""
+ 
+-#: forward.c:2101
++#: forward.c:2178
+ #, fuzzy, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
+@@ -1228,270 +1261,283 @@ msgstr "benytter navnetjener %s#%d"
+ msgid "using nameserver %s#%d"
+ msgstr "benytter navnetjener %s#%d"
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:156
++msgid "no trust anchors provided for DNSSEC"
+ msgstr ""
+ 
+ #: dnsmasq.c:159
++msgid "cannot reduce cache size from default when DNSSEC enabled"
++msgstr ""
++
++#: dnsmasq.c:161
+ #, fuzzy
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
+ 
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ #, fuzzy
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++msgid "cannot use --conntrack AND --query-port"
+ msgstr ""
+ 
+-#: dnsmasq.c:173
++#: dnsmasq.c:175
+ #, fuzzy
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ msgid "asychronous logging is not available under Solaris"
+ msgstr ""
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ msgid "asychronous logging is not available under Android"
+ msgstr ""
+ 
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ #, fuzzy
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
+ 
+-#: dnsmasq.c:193
++#: dnsmasq.c:195
+ #, fuzzy
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr ""
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr ""
+ 
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr "feilet å finne liste av tilknytninger (interfaces): %s"
+ 
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr "ukjent tilknytning (interface) %s"
+ 
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr "DBus feil: %s"
+ 
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, fuzzy, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr "startet, versjon %s mellomlager deaktivert"
+ 
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr "startet, versjon %s mellomlager størrelse %d"
+ 
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr "startet, versjon %s mellomlager deaktivert"
+ 
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr "kompilerings opsjoner: %s"
+ 
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr "DBus støtte aktivert: koblet til system buss"
+ 
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr "DBus støtte aktivert: avventer buss tilkobling"
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr ""
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr ""
+ 
+-#: dnsmasq.c:684
++#: dnsmasq.c:708
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr ""
++
++#: dnsmasq.c:713
+ #, fuzzy, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr "feilet å laste navn fra %s: %s"
+ 
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr "setter --bind-interfaces opsjon på grunn av OS begrensninger"
+ 
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr "advarsel: nettverkskort %s eksisterer ikke for tiden"
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr ""
+ 
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ #, fuzzy
+ msgid "warning: no upstream servers configured"
+ msgstr "setter oppstrøms tjener fra DBus"
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr ""
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ #, fuzzy
+ msgid "enabled"
+ msgstr "deaktivert"
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr ""
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr "tilkoblet til system DBus"
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, fuzzy, c-format
+ msgid "failed to create helper: %s"
+ msgstr "feilet å lese %s: %s"
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, fuzzy, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr "feilet å laste navn fra %s: %s"
+ 
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, fuzzy, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr "feilet å laste navn fra %s: %s"
+ 
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, fuzzy, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr "feilet å lese %s: %s"
+ 
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, fuzzy, c-format
+ msgid "cannot open log %s: %s"
+ msgstr "kan ikke åpne %s:%s"
+ 
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, fuzzy, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr "feilet å laste %s: %s"
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1151
++#: dnsmasq.c:1183
++#, fuzzy, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr "kan ikke åpne eller lage leie fil: %s"
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr ""
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, c-format
+ msgid "script process killed by signal %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, c-format
+ msgid "script process exited with status %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, fuzzy, c-format
+ msgid "failed to execute %s: %s"
+ msgstr "feilet å få tilgang til %s: %s"
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr "avslutter etter mottak av SIGTERM"
+ 
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, fuzzy, c-format
+ msgid "failed to access %s: %s"
+ msgstr "feilet å få tilgang til %s: %s"
+ 
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr "leser %s"
+ 
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, fuzzy, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr "intet søke direktiv funnet i %s"
+@@ -1531,27 +1577,27 @@ msgstr "ukjent tilknytning (interface) %s"
+ msgid "DHCP packet received on %s which has no address"
+ msgstr ""
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr ""
+ 
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr "DHCP område %s -- %s er ikke konsistent med nettmaske %s"
+ 
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, c-format
+ msgid "bad line at %s line %d"
+ msgstr "dårlig linje ved %s linje %d"
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr ""
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr ""
+@@ -1622,12 +1668,12 @@ msgstr "DBus feil: %s"
+ msgid "disabled"
+ msgstr "deaktivert"
+ 
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr "oversett"
+ 
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr "adresse i bruk"
+ 
+@@ -1647,7 +1693,7 @@ msgstr "ingen adresse konfigurert"
+ msgid "no leases left"
+ msgstr "ingen leier igjen"
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, c-format
+ msgid "%u client provides name: %s"
+ msgstr ""
+@@ -1656,7 +1702,7 @@ msgstr ""
+ msgid "PXE BIS not supported"
+ msgstr ""
+ 
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, fuzzy, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr "deaktiverer DHCP statisk adresse %s"
+@@ -1692,7 +1738,7 @@ msgstr ""
+ msgid "wrong address"
+ msgstr "gal adresse"
+ 
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr "leie ikke funnet"
+ 
+@@ -1742,7 +1788,7 @@ msgstr "kan ikke sende DHCP opsjon %d: ikke mer plass i pakken"
+ msgid "PXE menu too large"
+ msgstr ""
+ 
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, fuzzy, c-format
+ msgid "%u requested options: %s"
+ msgstr "kompilerings opsjoner: %s"
+@@ -1757,7 +1803,7 @@ msgstr ""
+ msgid "cannot create netlink socket: %s"
+ msgstr "kan ikke binde netlink socket: %s"
+ 
+-#: netlink.c:347
++#: netlink.c:348
+ #, fuzzy, c-format
+ msgid "netlink returns error: %s"
+ msgstr "DBus feil: %s"
+@@ -1875,66 +1921,66 @@ msgstr "ingen adresse omr
+ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr "ingen adresse område tilgjengelig for DHCP krav %s %s"
+ 
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, fuzzy, c-format
+ msgid "%u vendor class: %u"
+ msgstr "DBus feil: %s"
+ 
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, fuzzy, c-format
+ msgid "%u client MAC address: %s"
+ msgstr "ingen tilknytning (interface) med adresse %s"
+ 
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, fuzzy, c-format
+ msgid "unknown prefix-class %d"
+ msgstr "ukjent leie"
+ 
+-#: rfc3315.c:791 rfc3315.c:913
++#: rfc3315.c:803 rfc3315.c:902
++#, fuzzy
++msgid "address unavailable"
++msgstr "adresse ikke tilgjengelig"
++
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
+ msgid "success"
+ msgstr ""
+ 
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
+ #, fuzzy
+ msgid "no addresses available"
+ msgstr "ingen adresse tilgjengelig"
+ 
+-#: rfc3315.c:865
+-#, fuzzy
+-msgid "address unavailable"
+-msgstr "adresse ikke tilgjengelig"
+-
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr ""
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr ""
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr ""
+ 
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ #, fuzzy
+ msgid "address invalid"
+ msgstr "adresse i bruk"
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr ""
+ 
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ #, fuzzy
+ msgid "all addresses still on link"
+ msgstr "dårlig adresse ved %s linje %d"
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr ""
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr ""
+ 
+@@ -2027,7 +2073,7 @@ msgstr ""
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr "kan ikke lage DHCP socket: %s"
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr ""
+@@ -2042,54 +2088,89 @@ msgstr "feilet 
+ msgid "failed to create IPset control socket: %s"
+ msgstr "feilet å lage lytte socket: %s"
+ 
++#: dnssec.c:425 dnssec.c:469
++#, fuzzy, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr "feilet å lese %s: %s"
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr ""
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr ""
+ 
+-#: tables.c:105
++#: tables.c:109
+ #, fuzzy, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr "feilet å få tilgang til %s: %s"
+ 
+-#: tables.c:119
++#: tables.c:123
+ #, fuzzy, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr "benytter lokale adresser kun for %s %s"
+ 
+-#: tables.c:127
++#: tables.c:131
+ #, fuzzy, c-format
+ msgid "error: cannot use table name %s"
+ msgstr "klarer ikke å få vertsnavn: %s"
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr ""
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr ""
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr ""
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr ""
+ 
+-#: tables.c:162
++#: tables.c:166
+ #, fuzzy, c-format
+ msgid "%d addresses %s"
+ msgstr "les %s - %d adresser"
+ 
++#: inotify.c:46
++#, fuzzy, c-format
++msgid "failed to create inotify: %s"
++msgstr "feilet å lese %s: %s"
++
++#: inotify.c:60
++#, fuzzy, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr "kan ikke åpne eller lage leie fil: %s"
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++#: inotify.c:75 inotify.c:112
++#, fuzzy, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr "feilet å lage lytte socket: %s"
++
++#: inotify.c:97
++#, fuzzy, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr "kan ikke lese %s: %s"
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
++
+ #~ msgid "duplicate IP address %s in dhcp-config directive."
+ #~ msgstr "dubliserte IP adresser i %s dhcp-config direktiv."
+ 
+diff --git a/po/pl.po b/po/pl.po
+index 705f1779390f..362e41226644 100644
+--- a/po/pl.po
++++ b/po/pl.po
+@@ -21,70 +21,70 @@ msgstr ""
+ "X-Generator: Poedit 1.6.9\n"
+ "X-Language: pl_PL\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr "Wewnętrzny błąd w pamięci podręcznej."
+ 
+-#: cache.c:908
++#: cache.c:941
+ #, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr "nie potrafię wczytać nazw z %s: %s"
+ 
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, c-format
+ msgid "bad address at %s line %d"
+ msgstr "błędny adres w pliku %s, w linii %d"
+ 
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr "błędna nazwa w pliku %s, w linii %d"
+ 
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr "wczytałem %s - %d adresów"
+ 
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr "wyczyszczono pamięć podręczną"
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr "Nie znalazłem adresu IPv4 komputera %s"
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr "%s to nazwa CNAME, nie przypisuję jej dzierżawie DHCP %s"
+ 
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr "nazwa %s nie została nadana dzierżawie DHCP %s, ponieważ nazwa istnieje w %s i ma już adres %s"
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr "czas %lu"
+ 
+-#: cache.c:1367
++#: cache.c:1422
+ #, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr "wielkość pamięci podręcznej: %d; %d z %d miejsc aktualnych wpisów użyto ponownie."
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr "%u zapytań przesłanych dalej, %u odpowiedzi udzielonych samodzielnie"
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr "zapytań do stref autorytatywnych %u"
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr "serwer %s#%d: %u zapytań wysłanych, %u ponowionych lub nieudanych"
+@@ -98,7 +98,7 @@ msgstr "brak możliwości użycia generatora liczb losowych: %s"
+ msgid "failed to allocate memory"
+ msgstr "nie udało się przydzielić pamięci"
+ 
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr "nie można dostać pamięci"
+ 
+@@ -112,589 +112,622 @@ msgstr "błąd podczas próby utworzenia potoku: %s"
+ msgid "failed to allocate %d bytes"
+ msgstr "niemożliwość przydzielenia %d bajtów pamięci"
+ 
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr "nieskończona"
+ 
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr "Wskazanie adresów, na których należy nasłuchiwać."
+ 
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr "Zwracanie adresu IP dla wszystkich hostów we wskazanych domenach."
+ 
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr "Wyłączenie przekazywania zapytań odwrotnych dla prywatnych zakresów IP."
+ 
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr "Traktowanie adresu IP jako NXDOMAIN (unieważnia ,,Verisign wildcard'')."
+ 
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr "Wskazanie wielkości pamięci podręcznej (domyślnie: %s miejsc)."
+ 
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr "Wskazanie pliku konfiguracyjnego (domyślnie: %s)."
+ 
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr "NIE twórz procesu potomnego w tle: działanie w trybie debugowania."
+ 
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr "Wyłączenie przekazywania zapytań bez podanej części domenowej."
+ 
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr "Zwracanie samowskazującego rekordu MX dla lokalnych hostów."
+ 
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr "Rozwijanie prostych nazw z /etc/hosts przyrostkiem domenowym."
+ 
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr "Wyłączenie przekazywania pozornych zapytań DNS z komputerów działających pod Windows."
+ 
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr "Włączenie serwera DHCP dla wskazanego zakresu adresów."
+ 
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr "Po uruchomieniu zmiana grupy procesu na podaną (domyślnie: %s)."
+ 
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr "Ustawienie adresu lub nazwy dla wskazanego komputera."
+ 
+-#: option.c:332
++#: option.c:344
+ msgid "Read DHCP host specs from file."
+ msgstr "Wskazanie pliku z wartościami 'dhcp-host='."
+ 
+-#: option.c:333
++#: option.c:345
+ msgid "Read DHCP option specs from file."
+ msgstr "Wskazanie pliku z wartościami 'dhcp-option='."
+ 
+-#: option.c:334
++#: option.c:346
++#, fuzzy
++msgid "Read DHCP host specs from a directory."
++msgstr "Wskazanie pliku z wartościami 'dhcp-host='."
++
++#: option.c:347
++#, fuzzy
++msgid "Read DHCP options from a directory."
++msgstr "Wskazanie pliku z wartościami 'dhcp-option='."
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr "Warunkowe ustawianie znaczników."
+ 
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr "NIE wczytywanie pliku %s."
+ 
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr "Wskazanie dodatkowego pliku 'hosts' oprócz %s."
+ 
+-#: option.c:337
++#: option.c:351
++#, fuzzy
++msgid "Read hosts files from a directory."
++msgstr "Wskazanie pliku z wartościami 'dhcp-host='."
++
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr "Interfejsy, na których nasłuchiwać."
+ 
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr "Interfejsy, na których NIE nasłuchiwać."
+ 
+-#: option.c:339
++#: option.c:354
+ msgid "Map DHCP user class to tag."
+ msgstr "Przyporządkowanie znacznika w zależności od klasy użytkownika DHCP."
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr "Przyporządkowanie znacznika w zależności od numeru obwodu (w rozumieniu RFC3046)."
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr "Przyporządkowanie znacznika w zależności od numeru agenta (w rozumieniu RFC3046)."
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr "Przyporządkowanie znacznika w zależności od numeru subskrybenta (w rozumieniu RFC3993)."
+ 
+-#: option.c:343
++#: option.c:358
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr "Wyłączenie DHCP dla hostów z określonym znacznikiem."
+ 
+-#: option.c:344
++#: option.c:359
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr "Wymuszenie odpowiedzi w trybie rozgłoszeniowym dla hostów z określonym znacznikiem."
+ 
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr "NIE twórz procesu potomnego w tle i NIE włączaj trybu debugowania."
+ 
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr "Zakładanie, że jesteśmy jedynym serwerem DHCP w sieci lokalnej."
+ 
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr "Ścieżka przechowywania pliku dzierżaw DHCP (domyślnie: %s)."
+ 
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr "Włączenie zwracania rekordu MX dla hostów lokalnych."
+ 
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr "Specyfikacja rekordu MX."
+ 
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr "Określenie opcji BOOTP serwera DHCP."
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr "Wyłączenie obserwowania pliku %s; ponowne odczytywanie tylko po odebraniu sygnału SIGHUP."
+ 
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr "Wyłączenie przechowywania w pamięci podręcznej wyników nieudanych wyszukiwań."
+ 
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr "Odpytywanie serwerów nazw w kolejności ich wystąpienia w %s."
+ 
+-#: option.c:354
++#: option.c:369
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr "Specyfikacja opcji wysyłanej do klientów DHCP."
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr "Opcja DHCP wysyłana nawet jeżeli klient o nią nie prosi."
+ 
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr "Wskazanie portu do nasłuchiwania zapytań DNS (domyślnie: 53)."
+ 
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr "Maksymalna obsługiwana wielkość pakietu EDNS.0 (domyślnie: %s)."
+ 
+-#: option.c:358
++#: option.c:373
+ msgid "Log DNS queries."
+ msgstr "Włączenie spisywania zapytań DNS do logu."
+ 
+-#: option.c:359
++#: option.c:374
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr "Wymuszenie użycia wskazanego portu UDP do odpytywania nadrzędnych serwerów DNS i odbierania od nich odpowiedzi."
+ 
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr "Wyłączenie czytania pliku resolv.conf."
+ 
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr "Wskazanie położenia pliku resolv.conf (domyślnie: %s)."
+ 
+-#: option.c:362
++#: option.c:377
+ msgid "Specify path to file with server= options"
+ msgstr "Wskazanie położenia pliku z opcjami server="
+ 
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr "Wskazywanie adresów serwerów nazw, opcjonalnie z przypisaniem do domeny."
+ 
+-#: option.c:364
++#: option.c:379
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr "Wskazanie serwerów nazw do odwrotnej translacji adresów."
+ 
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr "Wyłączenie przekazywania zapytań do wskazanych domen."
+ 
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr "Wskazanie domeny dla serwera DHCP."
+ 
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr "Określenie domyślnego celu w rekordzie MX."
+ 
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr "Określenie (w sekundach) czasu ważności odpowiedzi udzielonych na podstawie /etc/hosts (domyślnie 0)."
+ 
+-#: option.c:369
++#: option.c:384
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr "Określenie (w sekundach) czasu ważności negatywnych odpowiedzi."
+ 
+-#: option.c:370
++#: option.c:385
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr "Ograniczenie maksymalnego czasu ważności odpowiedzi (TTL) podawanego klientom [w sekundach]."
+ 
+-#: option.c:371
++#: option.c:386
++#, fuzzy
++msgid "Specify time-to-live ceiling for cache."
++msgstr "Określenie (w sekundach) czasu ważności negatywnych odpowiedzi."
++
++#: option.c:387
++#, fuzzy
++msgid "Specify time-to-live floor for cache."
++msgstr "Określenie (w sekundach) czasu ważności negatywnych odpowiedzi."
++
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr "Zmiana użytkownika procesu na wskazanego (po uruchomieniu, domyślnie: %s)."
+ 
+-#: option.c:372
++#: option.c:389
+ msgid "Map DHCP vendor class to tag."
+ msgstr "Przyporządkowanie znacznika w zależności od typu klienta DHCP."
+ 
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr "Wydrukowanie informacji o programie i ochronie praw autorskich."
+ 
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr "Tłumaczenie adresów IPv4 z serwerów nadrzędnych."
+ 
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr "Określenie rekordu SRV."
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr "Wyświetla ten komunikat. Użyj '--help dhcp' chcąc przejrzeć listę opcji DHCP (dhcp-option=xxx,...)."
+ 
+-#: option.c:377
++#: option.c:394
+ #, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr "Określenie ścieżki do pliku PID (domyślnie: %s)."
+ 
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr "Maksymalna liczba dzierżaw DHCP (domyślnie: %s)."
+ 
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr "Uzależnienie odpowiedzi DNS od interfejsu, na którym odebrano zapytanie (wygodne dla serwerów kilku podsieci z różnymi adresami w /etc/hosts)."
+ 
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr "Specyfikacja rekordu DNS TXT."
+ 
+-#: option.c:381
++#: option.c:398
+ msgid "Specify PTR DNS record."
+ msgstr "Specyfikacja rekordu DNS PTR."
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr "Zwraca nazwę domenową powiązaną z adresem interfejsu sieciowego."
+ 
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr "Nasłuchiwanie tylko na wykorzystywanych interfejsach (umożliwia uruchomienie osobnych serwerów dla różnych kart)."
+ 
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr "Wczytanie przyporządkowań adresów z %s."
+ 
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr "Włączenie używania interfejsu DBus do informowania o zmianach konfiguracji."
+ 
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr "Uruchomienie na wskazanym interfejsie tylko DNS-a, bez usług DHCP i TFTP."
+ 
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr "Włączenie dynamicznego przydzielania adresów dla klientów BOOTP."
+ 
+-#: option.c:388
++#: option.c:405
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr "Przyporządkowanie znacznika w zależności od adresu MAC (można używać uogólnień: *)."
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr "Traktowanie żądań DHCP odebranych na interfejsach alias, ..., jako odebranych na iface."
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr "Pominięcie sprawdzania za pomocą ICMP niezajętości adresu przed jego wydzierżawieniem."
+ 
+-#: option.c:391
++#: option.c:408
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr "Skrypt powłoki uruchamiany po przyznaniu lub zwolnieniu adresu."
+ 
+-#: option.c:392
++#: option.c:409
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr "Skrypt Lua uruchamiany po przyznaniu lub zwolnieniu adresu."
+ 
+-#: option.c:393
++#: option.c:410
+ msgid "Run lease-change scripts as this user."
+ msgstr "Wskazanie użytkownika z którego uprawnieniami będą uruchamiane skrypty."
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr "Wczytanie wszystkich plików ze wskazanego katalogu jako konfiguracyjnych."
+ 
+-#: option.c:395
++#: option.c:412
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr "Wskazanie kanału syslog-a do którego mają trafiać komunikaty (domyślnie: DAEMON)"
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr "Nieużywanie bazy dzierżaw."
+ 
+-#: option.c:397
++#: option.c:414
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr "Maksymalna liczba jednocześnie obsługiwanych zapytań DNS (domyślnie: %s)"
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr "Czyszczenie pamięci podręcznej serwera nazw w przypadku ponownego odczytu %s."
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr "Nie zwracanie uwagi na nazwę podawaną przez klienta w przypadku dopasowania wszystkich wymienionych znaczników."
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr "Wyłączenie oszczędzania miejsca w pakiecie DHCP przez przesuwanie pól servername i filename do opcji DHCP. Wymusza prostszy tryb budowy pakietu rozwiązując problemy z nieprzystosowanymi klientami DHCP."
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr "Włączenie wbudowanego serwera TFTP (tylko do wysyłania)."
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr "Ograniczenie działania serwera TFTP do wskazanego katalogu i podkatalogów. Nazwy z .. są odrzucane, / odnosi się do wskazanego katalogu."
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr "Doklejanie adresu IP klienta do głównego katalogu TFTP. Jeżeli wynikowy katalog nie istnieje, nadal wykorzystuje się tftp-root."
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr "Ograniczenie dostępu do plików przez TFTP do tych, których właścicielem jest użytkownik uruchamiający dnsmasq-a."
+ 
+-#: option.c:405
++#: option.c:422
+ #, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr "Maksymalna liczba jednocześnie obsługiwanych połączeń TFTP (domyślnie %s)."
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr "Wyłączenie możliwości negocjowania wielkości bloku dla przesyłów przez TFTP."
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr "Konwertowanie nazw plików żądanych przez TFTP do małych liter"
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr "Wskazanie zakresu portów do użytku TFTP."
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr "Włączenie spisywania w logu operacji DHCP."
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr "Włączenie asynchronicznego zapisywania do logu z ewentualnym wskazaniem długości kolejki."
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr "Odfiltrowywanie adresów wskazujących na komputery w sieciach wewnętrznych spośród odpowiedzi od zewnętrznych serwerów DNS."
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr "Zezwolenie na przekazywanie odpowiedzi w klasie 127.0.0.0/8. Dla serwerów RBL."
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr "Dezaktywacja zabezpieczenia przed atakami DNS-rebind dla wskazanych domen."
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr "Jednoczesne odpytywanie wszystkich serwerów nadrzędnych; klientowi przekazywana jest pierwsza odpowiedź."
+ 
+-#: option.c:415
++#: option.c:432
+ msgid "Set tag if client includes matching option in request."
+ msgstr "Ustawienie znacznika jeżeli w żądaniu DHCP pojawi się wskazana opcja, ewentualnie o konkretnej wartości."
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr "Użycie alternatywnych portów dla usługi DHCP."
+ 
+-#: option.c:417
++#: option.c:434
+ msgid "Specify NAPTR DNS record."
+ msgstr "Specyfikacja rekordu DNS NAPTR."
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr "Ustawienie dolnej granicy numerów portów do przesyłania zapytań DNS."
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr "Przechowywanie w serwerze DNS dnsmasq-a tylko w pełni kwalifikowanych nazw zgłaszanych przez klientów DHCP."
+ 
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr "Generowanie nazw na podstawie MAC-adresów dla klientów bez nazwy."
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr "Traktowanie wskazanych serwerów pośredniczących DHCP jako działających w trybie \"pełnomocnika\" (full-proxy)."
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr "Przekazywanie żądań DHCP do zdalnego serwera"
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr "Wskazanie synonimu nazwy komputera lokalnego - znanego z /etc/hosts albo z DHCP."
+ 
+-#: option.c:424
++#: option.c:441
+ msgid "Prompt to send to PXE clients."
+ msgstr "Zgłoszenie wysyłane klientom PXE."
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr "Składnik menu PXE (--> man)."
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr "Sprawdzenie składni."
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr "Przekazywanie MAC-adresu komputera pytającego w ruchu wychodzącym DNS."
+ 
+-#: option.c:428
++#: option.c:445
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr "Zamieszczanie adresu IP pytającego w przekazywanych zapytaniach DNS."
+ 
+-#: option.c:429
++#: option.c:446
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr "Przekazywanie wyników weryfikacji DNSSEC z serwerów nadrzędnych."
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr "Zmiana sposobu przydzielania adresów IP na sekwencyjny."
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr "Zachowanie znacznika połączenia z odebranego zapytania DNS w ruchu zewnętrznym."
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr "Zezwolenie klientom DHCP na uaktualnianie DDNS-ów."
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr "Załączenie anonsowania (RA) na interfejsach serwujących DHCPv6"
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr "Określenie DHCPv6 DUID"
+ 
+-#: option.c:435
++#: option.c:452
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr "Określenie rekordów A/AAAA i PTR"
+ 
+-#: option.c:436
++#: option.c:453
+ msgid "Specify arbitrary DNS resource record"
+ msgstr "Określenie rekordu TXT"
+ 
+-#: option.c:437
++#: option.c:454
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr "Dynamiczne podpinanie do interfejsów sieciowych"
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr "Eksportowanie lokalnych nazw hostów do globalnego DNS-a"
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr "Domena pod którą będą eksportowane lokalne nazwy"
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr "Określenie TTL dla odpowiedzi autorytatywnych"
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr "Określenie danych strefy autorytatywnej (SOA)"
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr "Pomocnicze serwery autorytatywne dla forwardowanych domen"
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr "Wskazanie serwerów uprawnionych do transferu stref"
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr "Wyszczególnienie ipset-ów, do których będą dopisywane adresy IP leżące we wskazanych domenach"
+ 
+-#: option.c:445
++#: option.c:462
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr "Wskazanie domeny i zakresu adresów dla generowanych nazw"
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr "Uaktywnienie walidacji DNSSEC"
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr "Wskazanie punktu zaufania dla uwierzytelniania DNSSEC."
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr "Akceptowanie nieuwiarygodnionych odpowiedzi DNSSEC (ustawienie bitu CD w zapytaniach)."
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr "Upewnianie się, że odpowiedzi bez DNSSEC pochodzą ze stref niepodpisanych."
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr "Wyłączenie sprawdzania sygnatur czasowych DNSSEC do pierwszego przeładowania pamięci podręcznej."
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr "Określenie prefiksu klasy DHCPv6"
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr "Ustawianie priorytetu, okresu rozsyłania oraz czasu życia rutera (RA)."
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr "Wyłączenie logowania zwyczajnego DHCP."
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr "Wyłączenie logowania zwyczajnego DHCPv6."
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr "Wyłączenie logowania RA."
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr "Akceptowanie zapytań wyłącznie z sieci podpiętych bezpośrednio."
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr "Wykrywanie i usuwanie pętli zapytań DNS."
+ 
+-#: option.c:661
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+@@ -703,312 +736,312 @@ msgstr ""
+ "Użycie: dnsmasq [opcje]\n"
+ "\n"
+ 
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr "W tym systemie w linii poleceń można używać wyłącznie jednoliterowych opcji.\n"
+ 
+-#: option.c:665
++#: option.c:684
+ #, c-format
+ msgid "Valid options are:\n"
+ msgstr "Dostępne opcje:\n"
+ 
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr "nieprawidłowy numer portu"
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr "nie ma możliwości dowiązywania do interfejsu"
+ 
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ msgid "bad interface name"
+ msgstr "nieprawidłowa nazwa interfejsu"
+ 
+-#: option.c:792
++#: option.c:811
+ msgid "bad address"
+ msgstr "zły adres"
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr "nieobsługiwany rodzaj enkapsulacji opcji IPv6"
+ 
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr "błąd w dhcp-option"
+ 
+-#: option.c:1056
++#: option.c:1075
+ msgid "bad IP address"
+ msgstr "zły adres IP"
+ 
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ msgid "bad IPv6 address"
+ msgstr "zły adres IPv6"
+ 
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr "nieprawidłowa nazwa domeny w dhcp-option"
+ 
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr "zbyt długa dhcp-option (>255 znaków)"
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr "niedopuszczalne dhcp-match"
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr "wielokrotne użycie opcji niedozwolone (pojawiła się wcześniej w linii poleceń)"
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr "wielokrotne użycie opcji niedozwolone (pojawiła się wsześniej w pliku konfiguracyjnym)"
+ 
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr "brak dostępu do katalogu %s: %s"
+ 
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, c-format
+ msgid "cannot access %s: %s"
+ msgstr "brak dostępu do %s: %s"
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr "zmiana log-facility w systemie Android nie jest możliwa"
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr "nierozpoznany znacznik logów"
+ 
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr "nieprawidłowa wartość preferencji MX"
+ 
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr "nieprawidłowa nazwa MX"
+ 
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr "nieprawidłowa wartość celu MX"
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr "w uClinuksie nie ma możliwości uruchamiania skryptów"
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr "żeby mieć możliwość używania skryptów wywoływanych przy zmianie dzierżawy, przekompiluj dnsmasq-a z włączoną flagą HAVE_SCRIPT"
+ 
+-#: option.c:1687
++#: option.c:1714
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr "używanie skryptów Lua, wymaga skompilowania dnsmasq-a z flagą HAVE_LUASCRIPT"
+ 
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ msgid "bad prefix"
+ msgstr "zła maska"
+ 
+-#: option.c:2289
++#: option.c:2352
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr "chcąc korzystać z ipsets przekompiluj dnsmasq-a z HAVE_IPSET"
+ 
+-#: option.c:2469
++#: option.c:2545
+ msgid "bad port range"
+ msgstr "nieprawidłowy zakres numerów portów"
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr "nieprawidłowa nazwa urządzenia w bridge-interface"
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr "można wskazać tylko jeden znacznik sieci"
+ 
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr "nieprawidłowy zakres dhcp-range"
+ 
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr "niespójny zakres adresów DHCP"
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr "długość prefiksu musi wynosić dokładnie 64 dla podsieci RA"
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr "długość prefiksu musi wynosić dokładnie 64 dla konstruktorów podsieci"
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr "długość prefiksu musi wynosić co najmniej 64"
+ 
+-#: option.c:2660
++#: option.c:2736
+ msgid "inconsistent DHCPv6 range"
+ msgstr "niespójny zakres adresów DHCPv6"
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr "prefiks musi wynosić zero z argumentem \"constructor:\""
+ 
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ msgid "bad hex constant"
+ msgstr "zapis niezgodny z formatem szesnastkowym"
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr "--dhcp-host nie dopuszcza dopasowywania na podstawie znaczników"
+ 
+-#: option.c:2852
++#: option.c:2928
+ #, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr "powtórzony adres IP %s w specyfikacji dhcp-host"
+ 
+-#: option.c:2910
++#: option.c:2986
+ msgid "bad DHCP host name"
+ msgstr "niedopuszczalna nazwa komputera w dhcp-host"
+ 
+-#: option.c:2992
++#: option.c:3068
+ msgid "bad tag-if"
+ msgstr "nieprawidłowa składnia 'tag-if'"
+ 
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr "nieprawidłowy numer portu"
+ 
+-#: option.c:3378
++#: option.c:3454
+ msgid "bad dhcp-proxy address"
+ msgstr "zły adres dhcp-proxy"
+ 
+-#: option.c:3404
++#: option.c:3480
+ msgid "Bad dhcp-relay"
+ msgstr "zły dhcp-relay"
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr "nieprawidłowe argumenty RA"
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr "zły DUID"
+ 
+-#: option.c:3481
++#: option.c:3557
+ msgid "invalid alias range"
+ msgstr "nieprawidłowy zakres adresów w --alias"
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr "zła CNAME"
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr "powtórzona CNAME"
+ 
+-#: option.c:3560
++#: option.c:3636
+ msgid "bad PTR record"
+ msgstr "nieprawidłowy zapis rekordu PTR"
+ 
+-#: option.c:3591
++#: option.c:3667
+ msgid "bad NAPTR record"
+ msgstr "nieprawidłowy zapis rekordu NAPTR"
+ 
+-#: option.c:3625
++#: option.c:3701
+ msgid "bad RR record"
+ msgstr "nieprawidłowy zapis rekordu RR"
+ 
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr "nieprawidłowy zapis rekordu TXT"
+ 
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr "nieprawidłowy zapis rekordu SRV"
+ 
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr "nieprawidłowa wartość celu SRV"
+ 
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr "nieprawidłowy priorytet"
+ 
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr "nieprawidłowa waga"
+ 
+-#: option.c:3748
++#: option.c:3824
+ msgid "Bad host-record"
+ msgstr "nieprawidłowy zapis host-record"
+ 
+-#: option.c:3765
++#: option.c:3841
+ msgid "Bad name in host-record"
+ msgstr "niedopuszczalna nazwa w host-record"
+ 
+-#: option.c:3826
++#: option.c:3906
+ msgid "bad trust anchor"
+ msgstr "nieprawidłowa specyfikacja punktu zaufania"
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr "zły zapis szesnastkowy"
+ 
+-#: option.c:3850
++#: option.c:3930
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr "nieobsługiwana opcja (sprawdź, czy obsługa DHCP/TFTP/DNSSEC/DBus została wkompilowana)"
+ 
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr "brakuje \""
+ 
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr "nieprawidłowa opcja"
+ 
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr "nadwyżkowy parametr"
+ 
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr "brak parametru"
+ 
+-#: option.c:3972
++#: option.c:4052
+ msgid "illegal option"
+ msgstr "niedopuszczalna opcja"
+ 
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr "błąd"
+ 
+-#: option.c:3981
++#: option.c:4061
+ #, c-format
+ msgid " at line %d of %s"
+ msgstr " w linii %d pliku %s"
+ 
+-#: option.c:4045 option.c:4168 tftp.c:667
+-#, c-format
+-msgid "cannot read %s: %s"
+-msgstr "błąd odczytu z pliku %s: %s"
+-
+-#: option.c:4229 option.c:4265
++#: option.c:4076 option.c:4323 option.c:4359
+ #, c-format
+ msgid "read %s"
+ msgstr "przeczytałem %s"
+ 
+-#: option.c:4331
++#: option.c:4139 option.c:4262 tftp.c:667
++#, c-format
++msgid "cannot read %s: %s"
++msgstr "błąd odczytu z pliku %s: %s"
++
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr "jakieś śmieci w linii poleceń"
+ 
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr "Dnsmasq, wersja %s  %s\n"
+ 
+-#: option.c:4367
++#: option.c:4461
+ #, c-format
+ msgid ""
+ "Compile time options: %s\n"
+@@ -1017,89 +1050,89 @@ msgstr ""
+ "Wkompilowane opcje %s\n"
+ "\n"
+ 
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr "Autor nie daje ŻADNYCH GWARANCJI egzekwowalnych prawnie.\n"
+ 
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr "Dnsmasq jest wolnym oprogramowaniem, możesz go rozprowadzać\n"
+ 
+-#: option.c:4370
++#: option.c:4464
+ #, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr "na warunkach określonych w GNU General Public Licence, w wersji 2 lub 3.\n"
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr "spróbuj: --help"
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr "spróbuj: -w"
+ 
+-#: option.c:4385
++#: option.c:4479
+ #, c-format
+ msgid "bad command line options: %s"
+ msgstr "nieprawidłowa opcja w linii poleceń %s"
+ 
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr "nie można pobrać nazwy hosta: %s"
+ 
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr "w trybie no-poll można wskazać najwyżej jeden plik resolv.conf."
+ 
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr "musisz mieć dokładnie jeden plik resolv.conf do odczytu domen."
+ 
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, c-format
+ msgid "failed to read %s: %s"
+ msgstr "nie udało się odczytać %s: %s"
+ 
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr "brak wytycznych wyszukiwania w %s"
+ 
+-#: option.c:4513
++#: option.c:4614
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr "w przypadku używania --dhcp-fqdn trzeba wskazać domyślną domenę"
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr "składnia sprawdzona, jest prawidłowa"
+ 
+-#: forward.c:114
++#: forward.c:111
+ #, c-format
+ msgid "failed to send packet: %s"
+ msgstr "wysyłanie pakietu nie powiodło się: %s"
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr "odrzucam odpowiedź DNS: nie zgadza się specyfikacja podsieci"
+ 
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr "serwer nazw %s odmawia wykonania zapytania rekurencyjnego"
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr "prawdopodobnie wykryto atak DNS-rebind: %s"
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr "Ignorowanie zapytań z sieci pozalokalnych."
+ 
+-#: forward.c:2101
++#: forward.c:2178
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr "Osiągnięto graniczną ilość jednocześnie obsługiwanych zapytań DNS (maks: %d)"
+@@ -1189,263 +1222,282 @@ msgstr "używam serwera nazw %s#%d (przez %s)"
+ msgid "using nameserver %s#%d"
+ msgstr "używam serwera nazw %s#%d"
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
++msgstr ""
++
++#: dnsmasq.c:156
++#, fuzzy
++msgid "no trust anchors provided for DNSSEC"
+ msgstr "Nie wskazano punktów zaufania dla DNSSEC."
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:159
++#, fuzzy
++msgid "cannot reduce cache size from default when DNSSEC enabled"
+ msgstr "Brak możliwości zmniejszenia pamięci podręcznej poniżej wielkości domyślnej w przypadku używania DNSSEC."
+ 
+-#: dnsmasq.c:159
++#: dnsmasq.c:161
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr "obsługa DNSSEC niedostępna - ustaw HAVE_DNSSEC w src/config.h"
+ 
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr "Serwer TFTP nie został wkompilowany -- ustaw HAVE_TFTP w src/config.h"
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++#, fuzzy
++msgid "cannot use --conntrack AND --query-port"
+ msgstr "--conntrack i --query-port wykluczają się wzajemnie"
+ 
+-#: dnsmasq.c:173
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++#: dnsmasq.c:175
++#, fuzzy
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr "Wsparcie dla przekazywania znaczników połączeń (conntrack) nie zostało wkompilowane - ustaw HAVE_CONNTRACK w src/config.h"
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ msgid "asychronous logging is not available under Solaris"
+ msgstr "zapis do logów w trybie asynchronicznym nie jest dostępny w Solarisie"
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ msgid "asychronous logging is not available under Android"
+ msgstr "zapis do logów w trybie asynchronicznym nie jest dostępny w Androidzie"
+ 
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr "tryb autorytatywny DNS-a niedostępny - ustaw HAVE_AUTH w src/config.h"
+ 
+-#: dnsmasq.c:193
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++#: dnsmasq.c:195
++#, fuzzy
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr "Wykrywanie pętli zapytań nie zostało wkompilowane - ustaw HAVE_LOOP w src/config.h"
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr "za pomocą --auth-soa musi zostać ustawiony numer seryjny strefy"
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr "konstrukcja dhcp-range nie jest dostępna w tym systemie"
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr "--bind-interfaces i --bind-dynamic wzajemnie się wykluczają"
+ 
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr "błąd podczas tworzenia listy interfejsów sieciowych: %s"
+ 
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr "nieznany interfejs %s"
+ 
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr "błąd DBus: %s"
+ 
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr "Obsługa DBus nie została wkompilowana -- ustaw HAVE_DBUS w src/config.h"
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr "nieznany użytkownik lub grupa: %s"
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr "nie potrafię wejść do głównego katalogu: %s"
+ 
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr "uruchomiony, wersja %s, DNS wyłączony"
+ 
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr "uruchomiony, wersja %s, %d miejsc w pamięci podręcznej"
+ 
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr "uruchomiony, wersja %s, pamięć podręczna wyłączona"
+ 
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr "opcje kompilacji: %s"
+ 
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr "obsługa DBus włączona, podłączono do serwera DBus"
+ 
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr "obsługa DBus włączona, trwa podłączanie do serwera DBus"
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr "usługa DNS ograniczona do lokalnych podsieci"
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr "walidacja DNSSEC włączona"
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr "sprawdzanie sygnatur czasowych DNSSEC wyłączone do czasu przeładowania pamięci podręcznej"
+ 
+-#: dnsmasq.c:684
++#: dnsmasq.c:708
++#, fuzzy
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr "sprawdzanie sygnatur czasowych DNSSEC wyłączone do czasu przeładowania pamięci podręcznej"
++
++#: dnsmasq.c:713
+ #, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr "UWAGA! Nie udało się zmienić użytkownika pliku %s: %s"
+ 
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr "ustawiam --bind-interfaces z powodu ograniczeń systemu operacyjnego"
+ 
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr "uwaga: interfejs %s nie jest włączony"
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr "uwaga: ignoruję opcję resolv-file, ponieważ wybrano tryb no-resolv"
+ 
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ msgid "warning: no upstream servers configured"
+ msgstr "uwaga: nie wskazano nadrzędnych serwerów DNS"
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr "włączono asynchroniczny tryb zapisu do logów z kolejką na %d komunikatów"
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr "anonsowanie rutera IPv6 włączone"
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr "DHCP, gniazda dowiązane na wyłączność interfejsowi %s"
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr "z głównym katalogiem w "
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "enabled"
+ msgstr "włączony"
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr "w trybie bezpiecznym"
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr "ograniczam ilość jednoczesnych przesłań TFTP do %d"
+ 
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr "podłączono do DBus-a"
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr "nie potrafię przełączyć się do pracy w tle: %s"
+ 
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, c-format
+ msgid "failed to create helper: %s"
+ msgstr "nie udało się utworzyć procesu pomocniczego: %s"
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr "nie powiodło się ustawianie ograniczeń (capabilities): %s"
+ 
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr "nie udało się zmienić użytkownika procesu na %s: %s"
+ 
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr "nie udało się zmienić grupy procesu na %s: %s"
+ 
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr "nie udało się otworzyć pliku z PID-em %s: %s"
+ 
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, c-format
+ msgid "cannot open log %s: %s"
+ msgstr "nie udało się otworzyć logu %s: %s"
+ 
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr "nie udało się wczytać skryptu Lua: %s"
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr "katalog TFTP %s nie jest dostępny: %s"
+ 
+-#: dnsmasq.c:1151
++#: dnsmasq.c:1183
++#, fuzzy, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr "nie potrafię otworzyć albo utworzyć pliku dzierżaw %s: %s"
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr "trwa sprawdzanie sygnatur czasowych podpisów DNSSEC"
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, c-format
+ msgid "script process killed by signal %d"
+ msgstr "skrypt został zabity sygnałem %d"
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, c-format
+ msgid "script process exited with status %d"
+ msgstr "skrypt zakończył się z kodem powrotu %d"
+ 
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, c-format
+ msgid "failed to execute %s: %s"
+ msgstr "nie udało się uruchomić %s: %s"
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr "zakończyłem działanie z powodu odebrania SIGTERM"
+ 
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, c-format
+ msgid "failed to access %s: %s"
+ msgstr "brak dostępu do %s: %s"
+ 
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr "czytanie %s"
+ 
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr "w %s nie znalazłem serwerów, spróbuję ponownie później"
+@@ -1485,27 +1537,27 @@ msgstr "nieznany interfejs %s w bridge-u"
+ msgid "DHCP packet received on %s which has no address"
+ msgstr "żądanie DHCP odebrano na interfejsie %s, który nie ma adresu"
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr "uzupełnienie pamięci podręcznej ARP nie powiodło się: %s"
+ 
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr "zakres adresów DHCP %s -- %s jest niespójny z maską sieci %s"
+ 
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, c-format
+ msgid "bad line at %s line %d"
+ msgstr "zła zawartość pliku %s, w linii %d"
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr "w %s pomijam linię %d -- powtórzona nazwa lub adres IP"
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr "przekazywanie DHCP %s -> %s"
+@@ -1576,12 +1628,12 @@ msgstr "%u klasa użytkownika: %s"
+ msgid "disabled"
+ msgstr "wyłączony(a)"
+ 
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr "ignoruję"
+ 
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr "adres jest w użyciu"
+ 
+@@ -1601,7 +1653,7 @@ msgstr "brak skonfigurowanego adresu"
+ msgid "no leases left"
+ msgstr "brak wolnych dzierżaw"
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, c-format
+ msgid "%u client provides name: %s"
+ msgstr "klient %u przedstawia się jako %s"
+@@ -1610,7 +1662,7 @@ msgstr "klient %u przedstawia się jako %s"
+ msgid "PXE BIS not supported"
+ msgstr "PXE BIS nie jest obsługiwane"
+ 
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr "wyłączam statyczne przypisanie adresu %s dla %s"
+@@ -1646,7 +1698,7 @@ msgstr "nieprawidłowy identyfikator serwera (server-ID)"
+ msgid "wrong address"
+ msgstr "błędny adres"
+ 
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr "dzierżawa nieznaleziona"
+ 
+@@ -1696,7 +1748,7 @@ msgstr "nie mam możliwości wysłania opcji %d DHCP/BOOTP: niedostateczna iloś
+ msgid "PXE menu too large"
+ msgstr "menu PXE zbyt duże"
+ 
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, c-format
+ msgid "%u requested options: %s"
+ msgstr "%u zażądano: %s"
+@@ -1711,7 +1763,7 @@ msgstr "nie mogę wysłać opcji RFC3925: za długi łańcuch opcji przy numerze
+ msgid "cannot create netlink socket: %s"
+ msgstr "nie potrafię utworzyć połączenia netlink %s"
+ 
+-#: netlink.c:347
++#: netlink.c:348
+ #, c-format
+ msgid "netlink returns error: %s"
+ msgstr "wystąpił błąd w połączeniu netlink %s"
+@@ -1829,62 +1881,62 @@ msgstr "nie zdefiniowano zakresu adresów odpowiedniego dla żądania DHCPv6 od
+ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr "%u dostępna podsieć DHCPv6: %s/%d"
+ 
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, c-format
+ msgid "%u vendor class: %u"
+ msgstr "%u klasa dostawcy: %u"
+ 
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, c-format
+ msgid "%u client MAC address: %s"
+ msgstr "adres MAC klienta %u: %s"
+ 
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, c-format
+ msgid "unknown prefix-class %d"
+ msgstr "nieznana klasa sieci %d"
+ 
+-#: rfc3315.c:791 rfc3315.c:913
++#: rfc3315.c:803 rfc3315.c:902
++msgid "address unavailable"
++msgstr "adres niedostępny"
++
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
+ msgid "success"
+ msgstr "udane"
+ 
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
+ msgid "no addresses available"
+ msgstr "brak wolnych adresów"
+ 
+-#: rfc3315.c:865
+-msgid "address unavailable"
+-msgstr "adres niedostępny"
+-
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr "poza zasięgiem"
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr "brak powiązania"
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr "przestarzały"
+ 
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ msgid "address invalid"
+ msgstr "niepoprawny adres"
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr "brak potwierdzenia"
+ 
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ msgid "all addresses still on link"
+ msgstr "wszystkie adresy ciągle w użyciu"
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr "adres został zwolniony"
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr "Nie mogę rozesłać do serwerów DHCPv6 nie mając prawidłowego interfejsu"
+ 
+@@ -1977,7 +2029,7 @@ msgstr "przekazywanie DHCP z %s do %s"
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr "nie udało się utworzyć gniazda dla ICMPv6: %s"
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr "ignoruję żądanie transferu strefy od %s"
+@@ -1992,54 +2044,89 @@ msgstr "niezgodna wersja jądra: %s"
+ msgid "failed to create IPset control socket: %s"
+ msgstr "nie powiodło się otwieranie gniazda sterującego IPset: %s"
+ 
++#: dnssec.c:425 dnssec.c:469
++#, fuzzy, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr "nie udało się otworzyć pliku z PID-em %s: %s"
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr "DNSSEC: zużycie pamięci %u, maks. %u, przydzielona %u"
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr "błąd: niepoprawnie użyty fill_addr"
+ 
+-#: tables.c:105
++#: tables.c:109
+ #, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr "brak dostępu do /dev/pf (filtra pakietów): %s"
+ 
+-#: tables.c:119
++#: tables.c:123
+ #, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr "uwaga: brak otwartych filtrów pakietów %s"
+ 
+-#: tables.c:127
++#: tables.c:131
+ #, c-format
+ msgid "error: cannot use table name %s"
+ msgstr "błąd: nie potrafię użyć nazwy tablicy %s"
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr "błąd: nie potrafię strlcpy nazwy tablicy %s"
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr "uwaga: pfr_add_tables: %s(%d)"
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr "info: tablica utworzona"
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr "uwaga: DIOCR%sADDRS: %s"
+ 
+-#: tables.c:162
++#: tables.c:166
+ #, c-format
+ msgid "%d addresses %s"
+ msgstr "%d adresów %s"
+ 
++#: inotify.c:46
++#, fuzzy, c-format
++msgid "failed to create inotify: %s"
++msgstr "nie udało się utworzyć procesu pomocniczego: %s"
++
++#: inotify.c:60
++#, fuzzy, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr "nie potrafię otworzyć albo utworzyć pliku dzierżaw %s: %s"
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++#: inotify.c:75 inotify.c:112
++#, fuzzy, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr "nie udało się otworzyć gniazda %s: %s"
++
++#: inotify.c:97
++#, fuzzy, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr "brak dostępu do katalogu %s: %s"
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
++
+ #~ msgid "Always send frequent router-advertisements"
+ #~ msgstr "Rozsyłanie wielokrotne anonsów rutera (RA)"
+ 
+diff --git a/po/pt_BR.po b/po/pt_BR.po
+index b91cf6ce53b4..ef6e4cbf529b 100644
+--- a/po/pt_BR.po
++++ b/po/pt_BR.po
+@@ -16,70 +16,70 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=2; plural=(n > 1);\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr ""
+ 
+-#: cache.c:908
++#: cache.c:941
+ #, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr ""
+ 
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, c-format
+ msgid "bad address at %s line %d"
+ msgstr ""
+ 
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr ""
+ 
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr ""
+ 
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr ""
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr ""
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr ""
+ 
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr ""
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr ""
+ 
+-#: cache.c:1367
++#: cache.c:1422
+ #, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr ""
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr ""
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr ""
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr ""
+@@ -93,7 +93,7 @@ msgstr ""
+ msgid "failed to allocate memory"
+ msgstr ""
+ 
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr ""
+ 
+@@ -107,990 +107,1018 @@ msgstr ""
+ msgid "failed to allocate %d bytes"
+ msgstr ""
+ 
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr ""
+ 
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr ""
+ 
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr ""
+ 
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr ""
+ 
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr ""
+ 
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr ""
+ 
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr ""
+ 
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr ""
+ 
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr ""
+ 
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr ""
+ 
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr ""
+ 
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr ""
+ 
+-#: option.c:332
++#: option.c:344
+ msgid "Read DHCP host specs from file."
+ msgstr ""
+ 
+-#: option.c:333
++#: option.c:345
+ msgid "Read DHCP option specs from file."
+ msgstr ""
+ 
+-#: option.c:334
++#: option.c:346
++msgid "Read DHCP host specs from a directory."
++msgstr ""
++
++#: option.c:347
++msgid "Read DHCP options from a directory."
++msgstr ""
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr ""
+ 
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr ""
+ 
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr ""
+ 
+-#: option.c:337
++#: option.c:351
++msgid "Read hosts files from a directory."
++msgstr ""
++
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr ""
+ 
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr ""
+ 
+-#: option.c:339
++#: option.c:354
+ msgid "Map DHCP user class to tag."
+ msgstr ""
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr ""
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr ""
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr ""
+ 
+-#: option.c:343
++#: option.c:358
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr ""
+ 
+-#: option.c:344
++#: option.c:359
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr ""
+ 
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr ""
+ 
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr ""
+ 
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr ""
+ 
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr ""
+ 
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr ""
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr ""
+ 
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr ""
+ 
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr ""
+ 
+-#: option.c:354
++#: option.c:369
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr ""
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr ""
+ 
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr ""
+ 
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:358
++#: option.c:373
+ msgid "Log DNS queries."
+ msgstr ""
+ 
+-#: option.c:359
++#: option.c:374
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr ""
+ 
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr ""
+ 
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:362
++#: option.c:377
+ msgid "Specify path to file with server= options"
+ msgstr ""
+ 
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr ""
+ 
+-#: option.c:364
++#: option.c:379
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr ""
+ 
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr ""
+ 
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr ""
+ 
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr ""
+ 
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr ""
+ 
+-#: option.c:369
++#: option.c:384
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr ""
+ 
+-#: option.c:370
++#: option.c:385
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr ""
+ 
+-#: option.c:371
++#: option.c:386
++msgid "Specify time-to-live ceiling for cache."
++msgstr ""
++
++#: option.c:387
++msgid "Specify time-to-live floor for cache."
++msgstr ""
++
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:372
++#: option.c:389
+ msgid "Map DHCP vendor class to tag."
+ msgstr ""
+ 
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr ""
+ 
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr ""
+ 
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr ""
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr ""
+ 
+-#: option.c:377
++#: option.c:394
+ #, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr ""
+ 
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr ""
+ 
+-#: option.c:381
++#: option.c:398
+ msgid "Specify PTR DNS record."
+ msgstr ""
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr ""
+ 
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr ""
+ 
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr ""
+ 
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr ""
+ 
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr ""
+ 
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr ""
+ 
+-#: option.c:388
++#: option.c:405
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr ""
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr ""
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr ""
+ 
+-#: option.c:391
++#: option.c:408
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:392
++#: option.c:409
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:393
++#: option.c:410
+ msgid "Run lease-change scripts as this user."
+ msgstr ""
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr ""
+ 
+-#: option.c:395
++#: option.c:412
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr ""
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr ""
+ 
+-#: option.c:397
++#: option.c:414
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr ""
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr ""
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr ""
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr ""
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr ""
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr ""
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr ""
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr ""
+ 
+-#: option.c:405
++#: option.c:422
+ #, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr ""
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr ""
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr ""
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr ""
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr ""
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr ""
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr ""
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr ""
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr ""
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr ""
+ 
+-#: option.c:415
++#: option.c:432
+ msgid "Set tag if client includes matching option in request."
+ msgstr ""
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr ""
+ 
+-#: option.c:417
++#: option.c:434
+ msgid "Specify NAPTR DNS record."
+ msgstr ""
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr ""
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr ""
+ 
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr ""
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr ""
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr ""
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr ""
+ 
+-#: option.c:424
++#: option.c:441
+ msgid "Prompt to send to PXE clients."
+ msgstr ""
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr ""
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr ""
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:428
++#: option.c:445
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:429
++#: option.c:446
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr ""
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr ""
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr ""
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr ""
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr ""
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr ""
+ 
+-#: option.c:435
++#: option.c:452
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr ""
+ 
+-#: option.c:436
++#: option.c:453
+ msgid "Specify arbitrary DNS resource record"
+ msgstr ""
+ 
+-#: option.c:437
++#: option.c:454
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr ""
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr ""
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr ""
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr ""
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr ""
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr ""
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr ""
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr ""
+ 
+-#: option.c:445
++#: option.c:462
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr ""
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr ""
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr ""
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr ""
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr ""
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr ""
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr ""
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr ""
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr ""
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr ""
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr ""
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr ""
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr ""
+ 
+-#: option.c:661
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+ "\n"
+ msgstr ""
+ 
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr ""
+ 
+-#: option.c:665
++#: option.c:684
+ #, c-format
+ msgid "Valid options are:\n"
+ msgstr ""
+ 
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr ""
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr ""
+ 
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ msgid "bad interface name"
+ msgstr ""
+ 
+-#: option.c:792
++#: option.c:811
+ msgid "bad address"
+ msgstr ""
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr ""
+ 
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr ""
+ 
+-#: option.c:1056
++#: option.c:1075
+ msgid "bad IP address"
+ msgstr ""
+ 
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ msgid "bad IPv6 address"
+ msgstr ""
+ 
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr ""
+ 
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr ""
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr ""
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr ""
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr ""
+ 
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr ""
+ 
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, c-format
+ msgid "cannot access %s: %s"
+ msgstr ""
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr ""
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr ""
+ 
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr ""
+ 
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr ""
+ 
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr ""
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr ""
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr ""
+ 
+-#: option.c:1687
++#: option.c:1714
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr ""
+ 
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ msgid "bad prefix"
+ msgstr ""
+ 
+-#: option.c:2289
++#: option.c:2352
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr ""
+ 
+-#: option.c:2469
++#: option.c:2545
+ msgid "bad port range"
+ msgstr ""
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr ""
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr ""
+ 
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr ""
+ 
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr ""
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr ""
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr ""
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr ""
+ 
+-#: option.c:2660
++#: option.c:2736
+ msgid "inconsistent DHCPv6 range"
+ msgstr ""
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr ""
+ 
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ msgid "bad hex constant"
+ msgstr ""
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr ""
+ 
+-#: option.c:2852
++#: option.c:2928
+ #, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr ""
+ 
+-#: option.c:2910
++#: option.c:2986
+ msgid "bad DHCP host name"
+ msgstr ""
+ 
+-#: option.c:2992
++#: option.c:3068
+ msgid "bad tag-if"
+ msgstr ""
+ 
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr ""
+ 
+-#: option.c:3378
++#: option.c:3454
+ msgid "bad dhcp-proxy address"
+ msgstr ""
+ 
+-#: option.c:3404
++#: option.c:3480
+ msgid "Bad dhcp-relay"
+ msgstr ""
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr ""
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr ""
+ 
+-#: option.c:3481
++#: option.c:3557
+ msgid "invalid alias range"
+ msgstr ""
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr ""
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr ""
+ 
+-#: option.c:3560
++#: option.c:3636
+ msgid "bad PTR record"
+ msgstr ""
+ 
+-#: option.c:3591
++#: option.c:3667
+ msgid "bad NAPTR record"
+ msgstr ""
+ 
+-#: option.c:3625
++#: option.c:3701
+ msgid "bad RR record"
+ msgstr ""
+ 
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr ""
+ 
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr ""
+ 
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr ""
+ 
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr ""
+ 
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr ""
+ 
+-#: option.c:3748
++#: option.c:3824
+ msgid "Bad host-record"
+ msgstr ""
+ 
+-#: option.c:3765
++#: option.c:3841
+ msgid "Bad name in host-record"
+ msgstr ""
+ 
+-#: option.c:3826
++#: option.c:3906
+ msgid "bad trust anchor"
+ msgstr ""
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr ""
+ 
+-#: option.c:3850
++#: option.c:3930
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr ""
+ 
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr ""
+ 
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr ""
+ 
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr ""
+ 
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr ""
+ 
+-#: option.c:3972
++#: option.c:4052
+ msgid "illegal option"
+ msgstr ""
+ 
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr ""
+ 
+-#: option.c:3981
++#: option.c:4061
+ #, c-format
+ msgid " at line %d of %s"
+ msgstr ""
+ 
+-#: option.c:4045 option.c:4168 tftp.c:667
++#: option.c:4076 option.c:4323 option.c:4359
+ #, c-format
+-msgid "cannot read %s: %s"
++msgid "read %s"
+ msgstr ""
+ 
+-#: option.c:4229 option.c:4265
++#: option.c:4139 option.c:4262 tftp.c:667
+ #, c-format
+-msgid "read %s"
++msgid "cannot read %s: %s"
+ msgstr ""
+ 
+-#: option.c:4331
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr ""
+ 
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr ""
+ 
+-#: option.c:4367
++#: option.c:4461
+ #, c-format
+ msgid ""
+ "Compile time options: %s\n"
+ "\n"
+ msgstr ""
+ 
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr ""
+ 
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr ""
+ 
+-#: option.c:4370
++#: option.c:4464
+ #, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr ""
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr ""
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr ""
+ 
+-#: option.c:4385
++#: option.c:4479
+ #, c-format
+ msgid "bad command line options: %s"
+ msgstr ""
+ 
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr ""
+ 
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr ""
+ 
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr ""
+ 
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, c-format
+ msgid "failed to read %s: %s"
+ msgstr ""
+ 
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr ""
+ 
+-#: option.c:4513
++#: option.c:4614
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr ""
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr ""
+ 
+-#: forward.c:114
++#: forward.c:111
+ #, c-format
+ msgid "failed to send packet: %s"
+ msgstr ""
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr ""
+ 
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr ""
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr ""
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr ""
+ 
+-#: forward.c:2101
++#: forward.c:2178
+ #, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr ""
+@@ -1180,263 +1208,276 @@ msgstr ""
+ msgid "using nameserver %s#%d"
+ msgstr ""
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:156
++msgid "no trust anchors provided for DNSSEC"
+ msgstr ""
+ 
+ #: dnsmasq.c:159
++msgid "cannot reduce cache size from default when DNSSEC enabled"
++msgstr ""
++
++#: dnsmasq.c:161
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++msgid "cannot use --conntrack AND --query-port"
+ msgstr ""
+ 
+-#: dnsmasq.c:173
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++#: dnsmasq.c:175
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ msgid "asychronous logging is not available under Solaris"
+ msgstr ""
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ msgid "asychronous logging is not available under Android"
+ msgstr ""
+ 
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:193
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++#: dnsmasq.c:195
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr ""
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr ""
+ 
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr ""
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr ""
+ 
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr ""
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr ""
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr ""
+ 
+-#: dnsmasq.c:684
++#: dnsmasq.c:708
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr ""
++
++#: dnsmasq.c:713
+ #, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr ""
+ 
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr ""
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr ""
+ 
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ msgid "warning: no upstream servers configured"
+ msgstr ""
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr ""
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr ""
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr ""
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, c-format
+ msgid "failed to create helper: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, c-format
+ msgid "cannot open log %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1151
++#: dnsmasq.c:1183
++#, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr ""
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr ""
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, c-format
+ msgid "script process killed by signal %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, c-format
+ msgid "script process exited with status %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, c-format
+ msgid "failed to execute %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr ""
+ 
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, c-format
+ msgid "failed to access %s: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr ""
+@@ -1476,27 +1517,27 @@ msgstr ""
+ msgid "DHCP packet received on %s which has no address"
+ msgstr ""
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr ""
+ 
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr ""
+ 
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, c-format
+ msgid "bad line at %s line %d"
+ msgstr ""
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr ""
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr ""
+@@ -1567,12 +1608,12 @@ msgstr ""
+ msgid "disabled"
+ msgstr ""
+ 
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr ""
+ 
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr ""
+ 
+@@ -1592,7 +1633,7 @@ msgstr ""
+ msgid "no leases left"
+ msgstr ""
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, c-format
+ msgid "%u client provides name: %s"
+ msgstr ""
+@@ -1601,7 +1642,7 @@ msgstr ""
+ msgid "PXE BIS not supported"
+ msgstr ""
+ 
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr ""
+@@ -1637,7 +1678,7 @@ msgstr ""
+ msgid "wrong address"
+ msgstr ""
+ 
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr ""
+ 
+@@ -1687,7 +1728,7 @@ msgstr ""
+ msgid "PXE menu too large"
+ msgstr ""
+ 
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, c-format
+ msgid "%u requested options: %s"
+ msgstr ""
+@@ -1702,7 +1743,7 @@ msgstr ""
+ msgid "cannot create netlink socket: %s"
+ msgstr ""
+ 
+-#: netlink.c:347
++#: netlink.c:348
+ #, c-format
+ msgid "netlink returns error: %s"
+ msgstr ""
+@@ -1820,62 +1861,62 @@ msgstr ""
+ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr ""
+ 
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, c-format
+ msgid "%u vendor class: %u"
+ msgstr ""
+ 
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, c-format
+ msgid "%u client MAC address: %s"
+ msgstr ""
+ 
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, c-format
+ msgid "unknown prefix-class %d"
+ msgstr ""
+ 
+-#: rfc3315.c:791 rfc3315.c:913
+-msgid "success"
++#: rfc3315.c:803 rfc3315.c:902
++msgid "address unavailable"
+ msgstr ""
+ 
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
+-msgid "no addresses available"
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
++msgid "success"
+ msgstr ""
+ 
+-#: rfc3315.c:865
+-msgid "address unavailable"
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
++msgid "no addresses available"
+ msgstr ""
+ 
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr ""
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr ""
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr ""
+ 
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ msgid "address invalid"
+ msgstr ""
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr ""
+ 
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ msgid "all addresses still on link"
+ msgstr ""
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr ""
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr ""
+ 
+@@ -1968,7 +2009,7 @@ msgstr ""
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr ""
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr ""
+@@ -1983,50 +2024,85 @@ msgstr ""
+ msgid "failed to create IPset control socket: %s"
+ msgstr ""
+ 
++#: dnssec.c:425 dnssec.c:469
++#, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr ""
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr ""
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr ""
+ 
+-#: tables.c:105
++#: tables.c:109
+ #, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr ""
+ 
+-#: tables.c:119
++#: tables.c:123
+ #, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr ""
+ 
+-#: tables.c:127
++#: tables.c:131
+ #, c-format
+ msgid "error: cannot use table name %s"
+ msgstr ""
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr ""
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr ""
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr ""
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr ""
+ 
+-#: tables.c:162
++#: tables.c:166
+ #, c-format
+ msgid "%d addresses %s"
+ msgstr ""
++
++#: inotify.c:46
++#, c-format
++msgid "failed to create inotify: %s"
++msgstr ""
++
++#: inotify.c:60
++#, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr ""
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++#: inotify.c:75 inotify.c:112
++#, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr ""
++
++#: inotify.c:97
++#, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr ""
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
+diff --git a/po/ro.po b/po/ro.po
+index 6887fcb62636..0ac8bd63e25f 100644
+--- a/po/ro.po
++++ b/po/ro.po
+@@ -15,71 +15,71 @@ msgstr ""
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
+ 
+-#: cache.c:505
++#: cache.c:523
+ msgid "Internal error in cache."
+ msgstr ""
+ 
+ # for compatibility purposes the letters â, ă, ş, ţ and î can be written as their look-alike correspondent.
+-#: cache.c:908
++#: cache.c:941
+ #, fuzzy, c-format
+ msgid "failed to load names from %s: %s"
+ msgstr "încărcarea numelor din %s: %s a eşuat"
+ 
+-#: cache.c:934 dhcp.c:820
++#: cache.c:967 dhcp.c:825
+ #, c-format
+ msgid "bad address at %s line %d"
+ msgstr "adresă greşită în %s, linia %d"
+ 
+-#: cache.c:985 dhcp.c:836
++#: cache.c:1018 dhcp.c:841
+ #, c-format
+ msgid "bad name at %s line %d"
+ msgstr "nume greşit în %s linia %d"
+ 
+-#: cache.c:992 dhcp.c:911
++#: cache.c:1027 dhcp.c:916
+ #, c-format
+ msgid "read %s - %d addresses"
+ msgstr "citesc %s - %d adrese"
+ 
+-#: cache.c:1100
++#: cache.c:1135
+ msgid "cleared cache"
+ msgstr "memoria temporară a fost ştearsă"
+ 
+-#: cache.c:1123
++#: cache.c:1164
+ #, c-format
+ msgid "No IPv4 address found for %s"
+ msgstr ""
+ 
+-#: cache.c:1201
++#: cache.c:1242
+ #, c-format
+ msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+ msgstr ""
+ 
+-#: cache.c:1225
++#: cache.c:1266
+ #, c-format
+ msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+ msgstr "nu pot da numele %s împrumutului de adresă DHCP a lui %s deoarece numeleexistă în %s cu adresa %s"
+ 
+-#: cache.c:1366
++#: cache.c:1421
+ #, c-format
+ msgid "time %lu"
+ msgstr ""
+ 
+-#: cache.c:1367
++#: cache.c:1422
+ #, fuzzy, c-format
+ msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+ msgstr "cantitate de memorie temporară %d, %d/%d stocări temporare aureutilizat locaţii neexpirate."
+ 
+-#: cache.c:1369
++#: cache.c:1424
+ #, c-format
+ msgid "queries forwarded %u, queries answered locally %u"
+ msgstr ""
+ 
+-#: cache.c:1372
++#: cache.c:1427
+ #, c-format
+ msgid "queries for authoritative zones %u"
+ msgstr ""
+ 
+-#: cache.c:1398
++#: cache.c:1453
+ #, c-format
+ msgid "server %s#%d: queries sent %u, retried or failed %u"
+ msgstr ""
+@@ -94,7 +94,7 @@ msgstr "ascultarea pe socket a eşuat: %s"
+ msgid "failed to allocate memory"
+ msgstr "nu pot încărca %d bytes"
+ 
+-#: util.c:243 option.c:579
++#: util.c:243 option.c:598
+ msgid "could not get memory"
+ msgstr "nu am putut aloca memorie"
+ 
+@@ -108,610 +108,643 @@ msgstr "nu pot citi %s: %s"
+ msgid "failed to allocate %d bytes"
+ msgstr "nu pot încărca %d bytes"
+ 
+-#: util.c:429
++#: util.c:430
+ #, c-format
+ msgid "infinite"
+ msgstr "infinit"
+ 
+-#: option.c:318
++#: option.c:330
+ msgid "Specify local address(es) to listen on."
+ msgstr "Specificaţi adresele locale deservite."
+ 
+-#: option.c:319
++#: option.c:331
+ msgid "Return ipaddr for all hosts in specified domains."
+ msgstr "Afişează adresele IP ale maşinilor în domeniul dat."
+ 
+-#: option.c:320
++#: option.c:332
+ msgid "Fake reverse lookups for RFC1918 private address ranges."
+ msgstr "Simulează căutări după adresă pentru domenii de adresă private (RFC1918)."
+ 
+-#: option.c:321
++#: option.c:333
+ msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+ msgstr "Interpretează adresa IP ca NXDOMAIN (împotriva manipulărilor Verisign)"
+ 
+-#: option.c:322
++#: option.c:334
+ #, c-format
+ msgid "Specify the size of the cache in entries (defaults to %s)."
+ msgstr "Specifică mărimea înregistrărilor temporare (implicit e %s)."
+ 
+-#: option.c:323
++#: option.c:335
+ #, c-format
+ msgid "Specify configuration file (defaults to %s)."
+ msgstr "Specifică fişier de configurare (implicit e %s)."
+ 
+-#: option.c:324
++#: option.c:336
+ msgid "Do NOT fork into the background: run in debug mode."
+ msgstr "NU porneşte în fundal: rulează în modul depanare."
+ 
+-#: option.c:325
++#: option.c:337
+ msgid "Do NOT forward queries with no domain part."
+ msgstr "NU înainta cererile ce nu conţin domeniu DNS."
+ 
+-#: option.c:326
++#: option.c:338
+ msgid "Return self-pointing MX records for local hosts."
+ msgstr "Răspunde cu înregistrări MX spre el însuşi pentru maşini locale."
+ 
+-#: option.c:327
++#: option.c:339
+ msgid "Expand simple names in /etc/hosts with domain-suffix."
+ msgstr "Adaugă numelor simple din /etc/hosts numele domeniului ca sufix."
+ 
+-#: option.c:328
++#: option.c:340
+ msgid "Don't forward spurious DNS requests from Windows hosts."
+ msgstr "Nu inainta cereri DNS defecte provenite de la maşini Windows."
+ 
+-#: option.c:329
++#: option.c:341
+ msgid "Enable DHCP in the range given with lease duration."
+ msgstr "Activează DHCP în domeniul dat cu durată limitată de împrumut."
+ 
+-#: option.c:330
++#: option.c:342
+ #, c-format
+ msgid "Change to this group after startup (defaults to %s)."
+ msgstr "Rulează sub acest grup după pornire (implicit e %s)."
+ 
+-#: option.c:331
++#: option.c:343
+ msgid "Set address or hostname for a specified machine."
+ msgstr "Schimbă adresa sau numele maşinii specificate."
+ 
+-#: option.c:332
++#: option.c:344
+ #, fuzzy
+ msgid "Read DHCP host specs from file."
+ msgstr "nume MX invalid"
+ 
+-#: option.c:333
++#: option.c:345
+ msgid "Read DHCP option specs from file."
+ msgstr ""
+ 
+-#: option.c:334
++#: option.c:346
++#, fuzzy
++msgid "Read DHCP host specs from a directory."
++msgstr "nume MX invalid"
++
++#: option.c:347
++#, fuzzy
++msgid "Read DHCP options from a directory."
++msgstr "nume MX invalid"
++
++#: option.c:348
+ msgid "Evaluate conditional tag expression."
+ msgstr ""
+ 
+-#: option.c:335
++#: option.c:349
+ #, c-format
+ msgid "Do NOT load %s file."
+ msgstr "Nu încarcă fişierul %s."
+ 
+-#: option.c:336
++#: option.c:350
+ #, c-format
+ msgid "Specify a hosts file to be read in addition to %s."
+ msgstr "Specifică spre citire un fişier hosts adiţional la %s."
+ 
+-#: option.c:337
++#: option.c:351
++#, fuzzy
++msgid "Read hosts files from a directory."
++msgstr "nume MX invalid"
++
++#: option.c:352
+ msgid "Specify interface(s) to listen on."
+ msgstr "Specifică interfeţele deservite."
+ 
+-#: option.c:338
++#: option.c:353
+ msgid "Specify interface(s) NOT to listen on."
+ msgstr "Specifică interfeţele NE-deservite."
+ 
+-#: option.c:339
++#: option.c:354
+ #, fuzzy
+ msgid "Map DHCP user class to tag."
+ msgstr "Leagă clasa de utilizator DHCP cu grup de opţiuni."
+ 
+-#: option.c:340
++#: option.c:355
+ msgid "Map RFC3046 circuit-id to tag."
+ msgstr ""
+ 
+-#: option.c:341
++#: option.c:356
+ msgid "Map RFC3046 remote-id to tag."
+ msgstr ""
+ 
+-#: option.c:342
++#: option.c:357
+ msgid "Map RFC3993 subscriber-id to tag."
+ msgstr ""
+ 
+-#: option.c:343
++#: option.c:358
+ #, fuzzy
+ msgid "Don't do DHCP for hosts with tag set."
+ msgstr "Nu furniza DHCP maşinilor din grupul de opţiuni."
+ 
+-#: option.c:344
++#: option.c:359
+ #, fuzzy
+ msgid "Force broadcast replies for hosts with tag set."
+ msgstr "Nu furniza DHCP maşinilor din grupul de opţiuni."
+ 
+-#: option.c:345
++#: option.c:360
+ msgid "Do NOT fork into the background, do NOT run in debug mode."
+ msgstr "NU porneşte în fundal, NU rulează în modul depanare."
+ 
+-#: option.c:346
++#: option.c:361
+ msgid "Assume we are the only DHCP server on the local network."
+ msgstr "Presupune că suntem singurul server DHCP din reţeaua locală."
+ 
+-#: option.c:347
++#: option.c:362
+ #, c-format
+ msgid "Specify where to store DHCP leases (defaults to %s)."
+ msgstr "Specifică fişierul de stocare a împrumuturilor DHCP (implicit e %s)."
+ 
+-#: option.c:348
++#: option.c:363
+ msgid "Return MX records for local hosts."
+ msgstr "Răspunde cu întregistrări MX pentru maşini locale."
+ 
+-#: option.c:349
++#: option.c:364
+ msgid "Specify an MX record."
+ msgstr "Specifică o înregistrare MX."
+ 
+-#: option.c:350
++#: option.c:365
+ msgid "Specify BOOTP options to DHCP server."
+ msgstr "Specifică opţiuni BOOTP serverului DHCP."
+ 
+-#: option.c:351
++#: option.c:366
+ #, c-format
+ msgid "Do NOT poll %s file, reload only on SIGHUP."
+ msgstr "Nu încărca fişierul %s, citeşte-l doar la SIGHUP."
+ 
+-#: option.c:352
++#: option.c:367
+ msgid "Do NOT cache failed search results."
+ msgstr "NU memora rezultatele de căutare DNS eşuatată."
+ 
+-#: option.c:353
++#: option.c:368
+ #, c-format
+ msgid "Use nameservers strictly in the order given in %s."
+ msgstr "Foloseşte servere DNS strict în ordinea dată în %s."
+ 
+-#: option.c:354
++#: option.c:369
+ #, fuzzy
+ msgid "Specify options to be sent to DHCP clients."
+ msgstr "Configurează opţiuni în plusce trebuie trimise clienţilor DHCP."
+ 
+-#: option.c:355
++#: option.c:370
+ msgid "DHCP option sent even if the client does not request it."
+ msgstr ""
+ 
+-#: option.c:356
++#: option.c:371
+ msgid "Specify port to listen for DNS requests on (defaults to 53)."
+ msgstr "Specifică numărul portului pentru cereri DNS (implicit e 53)."
+ 
+-#: option.c:357
++#: option.c:372
+ #, c-format
+ msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+ msgstr "Marimea maximă a pachetului UDP pentru EDNS.0 (implicit e %s)."
+ 
+-#: option.c:358
++#: option.c:373
+ #, fuzzy
+ msgid "Log DNS queries."
+ msgstr "Înregistrează tranzacţiile."
+ 
+-#: option.c:359
++#: option.c:374
+ #, fuzzy
+ msgid "Force the originating port for upstream DNS queries."
+ msgstr "Forţează acest port pentru datele ce pleacă."
+ 
+-#: option.c:360
++#: option.c:375
+ msgid "Do NOT read resolv.conf."
+ msgstr "NU citi fişierul resolv.conf"
+ 
+-#: option.c:361
++#: option.c:376
+ #, c-format
+ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr "Specifică calea către resolv.conf (implicit e %s)."
+ 
+-#: option.c:362
++#: option.c:377
+ #, fuzzy
+ msgid "Specify path to file with server= options"
+ msgstr "Specifică o cale pentru fişierul PID. (implicit %s)."
+ 
+-#: option.c:363
++#: option.c:378
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr "Specifică adresele server(elor) superioare cu domenii opţionale."
+ 
+-#: option.c:364
++#: option.c:379
+ #, fuzzy
+ msgid "Specify address of upstream servers for reverse address queries"
+ msgstr "Specifică adresele server(elor) superioare cu domenii opţionale."
+ 
+-#: option.c:365
++#: option.c:380
+ msgid "Never forward queries to specified domains."
+ msgstr "Nu înaintează cererile spre domeniile specificate."
+ 
+-#: option.c:366
++#: option.c:381
+ msgid "Specify the domain to be assigned in DHCP leases."
+ msgstr "Specifică domeniul de transmis prin DHCP."
+ 
+-#: option.c:367
++#: option.c:382
+ msgid "Specify default target in an MX record."
+ msgstr "Specifică o ţintă într-o înregistrare MX."
+ 
+-#: option.c:368
++#: option.c:383
+ msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+ msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
+ 
+-#: option.c:369
++#: option.c:384
+ #, fuzzy
+ msgid "Specify time-to-live in seconds for negative caching."
+ msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
+ 
+-#: option.c:370
++#: option.c:385
+ #, fuzzy
+ msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+ msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
+ 
+-#: option.c:371
++#: option.c:386
++#, fuzzy
++msgid "Specify time-to-live ceiling for cache."
++msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
++
++#: option.c:387
++#, fuzzy
++msgid "Specify time-to-live floor for cache."
++msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
++
++#: option.c:388
+ #, c-format
+ msgid "Change to this user after startup. (defaults to %s)."
+ msgstr "Rulează sub acest utilizator după pornire. (implicit e %s)."
+ 
+-#: option.c:372
++#: option.c:389
+ #, fuzzy
+ msgid "Map DHCP vendor class to tag."
+ msgstr "Trimite opţiuni DHCP în funcţie de marca plăcii de reţea."
+ 
+-#: option.c:373
++#: option.c:390
+ msgid "Display dnsmasq version and copyright information."
+ msgstr "Afişează versiunea dnsmasq şi drepturile de autor."
+ 
+-#: option.c:374
++#: option.c:391
+ msgid "Translate IPv4 addresses from upstream servers."
+ msgstr "Traduce adresele IPv4 de la serverele DNS superioare."
+ 
+-#: option.c:375
++#: option.c:392
+ msgid "Specify a SRV record."
+ msgstr "Specifică o înregistrare SRV."
+ 
+-#: option.c:376
++#: option.c:393
+ msgid "Display this message. Use --help dhcp for known DHCP options."
+ msgstr ""
+ 
+-#: option.c:377
++#: option.c:394
+ #, fuzzy, c-format
+ msgid "Specify path of PID file (defaults to %s)."
+ msgstr "Specifică o cale pentru fişierul PID. (implicit %s)."
+ 
+-#: option.c:378
++#: option.c:395
+ #, c-format
+ msgid "Specify maximum number of DHCP leases (defaults to %s)."
+ msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
+ 
+-#: option.c:379
++#: option.c:396
+ msgid "Answer DNS queries based on the interface a query was sent to."
+ msgstr "Răspunde cererilor DNS în funcţie de interfaţa pe care a venit cererea."
+ 
+-#: option.c:380
++#: option.c:397
+ msgid "Specify TXT DNS record."
+ msgstr "Specifică o înregistrare TXT."
+ 
+-#: option.c:381
++#: option.c:398
+ #, fuzzy
+ msgid "Specify PTR DNS record."
+ msgstr "Specifică o înregistrare TXT."
+ 
+-#: option.c:382
++#: option.c:399
+ msgid "Give DNS name to IPv4 address of interface."
+ msgstr ""
+ 
+-#: option.c:383
++#: option.c:400
+ msgid "Bind only to interfaces in use."
+ msgstr "Ascultă doar pe interfeţele active."
+ 
+-#: option.c:384
++#: option.c:401
+ #, c-format
+ msgid "Read DHCP static host information from %s."
+ msgstr "Citeşte informaţii DHCP statice despre maşină din %s."
+ 
+-#: option.c:385
++#: option.c:402
+ msgid "Enable the DBus interface for setting upstream servers, etc."
+ msgstr "Activeaza interfaţa DBus pentru configurarea serverelor superioare."
+ 
+-#: option.c:386
++#: option.c:403
+ msgid "Do not provide DHCP on this interface, only provide DNS."
+ msgstr "Nu activează DHCP ci doar DNS pe această interfaţă."
+ 
+-#: option.c:387
++#: option.c:404
+ msgid "Enable dynamic address allocation for bootp."
+ msgstr "Activează alocarea dinamică a adreselor pentru BOOTP."
+ 
+-#: option.c:388
++#: option.c:405
+ #, fuzzy
+ msgid "Map MAC address (with wildcards) to option set."
+ msgstr "Trimite opţiuni DHCP în funcţie de marca plăcii de reţea."
+ 
+-#: option.c:389
++#: option.c:406
+ msgid "Treat DHCP requests on aliases as arriving from interface."
+ msgstr ""
+ 
+-#: option.c:390
++#: option.c:407
+ msgid "Disable ICMP echo address checking in the DHCP server."
+ msgstr ""
+ 
+-#: option.c:391
++#: option.c:408
+ msgid "Shell script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:392
++#: option.c:409
+ msgid "Lua script to run on DHCP lease creation and destruction."
+ msgstr ""
+ 
+-#: option.c:393
++#: option.c:410
+ msgid "Run lease-change scripts as this user."
+ msgstr ""
+ 
+-#: option.c:394
++#: option.c:411
+ msgid "Read configuration from all the files in this directory."
+ msgstr ""
+ 
+-#: option.c:395
++#: option.c:412
+ #, fuzzy
+ msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+ msgstr "Rulează sub acest utilizator după pornire. (implicit e %s)."
+ 
+-#: option.c:396
++#: option.c:413
+ msgid "Do not use leasefile."
+ msgstr ""
+ 
+-#: option.c:397
++#: option.c:414
+ #, fuzzy, c-format
+ msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+ msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
+ 
+-#: option.c:398
++#: option.c:415
+ #, c-format
+ msgid "Clear DNS cache when reloading %s."
+ msgstr ""
+ 
+-#: option.c:399
++#: option.c:416
+ msgid "Ignore hostnames provided by DHCP clients."
+ msgstr ""
+ 
+-#: option.c:400
++#: option.c:417
+ msgid "Do NOT reuse filename and server fields for extra DHCP options."
+ msgstr ""
+ 
+-#: option.c:401
++#: option.c:418
+ msgid "Enable integrated read-only TFTP server."
+ msgstr ""
+ 
+-#: option.c:402
++#: option.c:419
+ msgid "Export files by TFTP only from the specified subtree."
+ msgstr ""
+ 
+-#: option.c:403
++#: option.c:420
+ msgid "Add client IP address to tftp-root."
+ msgstr ""
+ 
+-#: option.c:404
++#: option.c:421
+ msgid "Allow access only to files owned by the user running dnsmasq."
+ msgstr ""
+ 
+-#: option.c:405
++#: option.c:422
+ #, fuzzy, c-format
+ msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+ msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
+ 
+-#: option.c:406
++#: option.c:423
+ msgid "Disable the TFTP blocksize extension."
+ msgstr ""
+ 
+-#: option.c:407
++#: option.c:424
+ msgid "Convert TFTP filenames to lowercase"
+ msgstr ""
+ 
+-#: option.c:408
++#: option.c:425
+ msgid "Ephemeral port range for use by TFTP transfers."
+ msgstr ""
+ 
+-#: option.c:409
++#: option.c:426
+ msgid "Extra logging for DHCP."
+ msgstr ""
+ 
+-#: option.c:410
++#: option.c:427
+ msgid "Enable async. logging; optionally set queue length."
+ msgstr ""
+ 
+-#: option.c:411
++#: option.c:428
+ msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+ msgstr ""
+ 
+-#: option.c:412
++#: option.c:429
+ msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+ msgstr ""
+ 
+-#: option.c:413
++#: option.c:430
+ msgid "Inhibit DNS-rebind protection on this domain."
+ msgstr ""
+ 
+-#: option.c:414
++#: option.c:431
+ msgid "Always perform DNS queries to all servers."
+ msgstr ""
+ 
+-#: option.c:415
++#: option.c:432
+ msgid "Set tag if client includes matching option in request."
+ msgstr ""
+ 
+-#: option.c:416
++#: option.c:433
+ msgid "Use alternative ports for DHCP."
+ msgstr ""
+ 
+-#: option.c:417
++#: option.c:434
+ #, fuzzy
+ msgid "Specify NAPTR DNS record."
+ msgstr "Specifică o înregistrare TXT."
+ 
+-#: option.c:418
++#: option.c:435
+ msgid "Specify lowest port available for DNS query transmission."
+ msgstr ""
+ 
+-#: option.c:419
++#: option.c:436
+ msgid "Use only fully qualified domain names for DHCP clients."
+ msgstr ""
+ 
+-#: option.c:420
++#: option.c:437
+ msgid "Generate hostnames based on MAC address for nameless clients."
+ msgstr ""
+ 
+-#: option.c:421
++#: option.c:438
+ msgid "Use these DHCP relays as full proxies."
+ msgstr ""
+ 
+-#: option.c:422
++#: option.c:439
+ msgid "Relay DHCP requests to a remote server"
+ msgstr ""
+ 
+-#: option.c:423
++#: option.c:440
+ msgid "Specify alias name for LOCAL DNS name."
+ msgstr ""
+ 
+-#: option.c:424
++#: option.c:441
+ #, fuzzy
+ msgid "Prompt to send to PXE clients."
+ msgstr "Configurează opţiuni în plusce trebuie trimise clienţilor DHCP."
+ 
+-#: option.c:425
++#: option.c:442
+ msgid "Boot service for PXE menu."
+ msgstr ""
+ 
+-#: option.c:426
++#: option.c:443
+ msgid "Check configuration syntax."
+ msgstr ""
+ 
+-#: option.c:427
++#: option.c:444
+ msgid "Add requestor's MAC address to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:428
++#: option.c:445
+ msgid "Add requestor's IP subnet to forwarded DNS queries."
+ msgstr ""
+ 
+-#: option.c:429
++#: option.c:446
+ #, fuzzy
+ msgid "Proxy DNSSEC validation results from upstream nameservers."
+ msgstr "Traduce adresele IPv4 de la serverele DNS superioare."
+ 
+-#: option.c:430
++#: option.c:447
+ msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+ msgstr ""
+ 
+-#: option.c:431
++#: option.c:448
+ msgid "Copy connection-track mark from queries to upstream connections."
+ msgstr ""
+ 
+-#: option.c:432
++#: option.c:449
+ msgid "Allow DHCP clients to do their own DDNS updates."
+ msgstr ""
+ 
+-#: option.c:433
++#: option.c:450
+ msgid "Send router-advertisements for interfaces doing DHCPv6"
+ msgstr ""
+ 
+-#: option.c:434
++#: option.c:451
+ msgid "Specify DUID_EN-type DHCPv6 server DUID"
+ msgstr ""
+ 
+-#: option.c:435
++#: option.c:452
+ #, fuzzy
+ msgid "Specify host (A/AAAA and PTR) records"
+ msgstr "Specifică o înregistrare MX."
+ 
+-#: option.c:436
++#: option.c:453
+ #, fuzzy
+ msgid "Specify arbitrary DNS resource record"
+ msgstr "Specifică o înregistrare TXT."
+ 
+-#: option.c:437
++#: option.c:454
+ #, fuzzy
+ msgid "Bind to interfaces in use - check for new interfaces"
+ msgstr "interfaţă necunoscută %s"
+ 
+-#: option.c:438
++#: option.c:455
+ msgid "Export local names to global DNS"
+ msgstr ""
+ 
+-#: option.c:439
++#: option.c:456
+ msgid "Domain to export to global DNS"
+ msgstr ""
+ 
+-#: option.c:440
++#: option.c:457
+ msgid "Set TTL for authoritative replies"
+ msgstr ""
+ 
+-#: option.c:441
++#: option.c:458
+ msgid "Set authoritive zone information"
+ msgstr ""
+ 
+-#: option.c:442
++#: option.c:459
+ msgid "Secondary authoritative nameservers for forward domains"
+ msgstr ""
+ 
+-#: option.c:443
++#: option.c:460
+ msgid "Peers which are allowed to do zone transfer"
+ msgstr ""
+ 
+-#: option.c:444
++#: option.c:461
+ msgid "Specify ipsets to which matching domains should be added"
+ msgstr ""
+ 
+-#: option.c:445
++#: option.c:462
+ msgid "Specify a domain and address range for synthesised names"
+ msgstr ""
+ 
+-#: option.c:446
++#: option.c:463
+ msgid "Activate DNSSEC validation"
+ msgstr ""
+ 
+-#: option.c:447
++#: option.c:464
+ msgid "Specify trust anchor key digest."
+ msgstr ""
+ 
+-#: option.c:448
++#: option.c:465
+ msgid "Disable upstream checking for DNSSEC debugging."
+ msgstr ""
+ 
+-#: option.c:449
++#: option.c:466
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+ msgstr ""
+ 
+-#: option.c:450
++#: option.c:467
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+ msgstr ""
+ 
+-#: option.c:452
++#: option.c:468
++msgid "Timestamp file to verify system clock for DNSSEC"
++msgstr ""
++
++#: option.c:470
+ msgid "Specify DHCPv6 prefix class"
+ msgstr ""
+ 
+-#: option.c:454
++#: option.c:472
+ msgid "Set priority, resend-interval and router-lifetime"
+ msgstr ""
+ 
+-#: option.c:455
++#: option.c:473
+ msgid "Do not log routine DHCP."
+ msgstr ""
+ 
+-#: option.c:456
++#: option.c:474
+ msgid "Do not log routine DHCPv6."
+ msgstr ""
+ 
+-#: option.c:457
++#: option.c:475
+ msgid "Do not log RA."
+ msgstr ""
+ 
+-#: option.c:458
++#: option.c:476
+ msgid "Accept queries only from directly-connected networks"
+ msgstr ""
+ 
+-#: option.c:459
++#: option.c:477
+ msgid "Detect and remove DNS forwarding loops"
+ msgstr ""
+ 
+-#: option.c:661
++#: option.c:478
++msgid "Ignore DNS responses containing ipaddr."
++msgstr ""
++
++#: option.c:680
+ #, c-format
+ msgid ""
+ "Usage: dnsmasq [options]\n"
+@@ -720,332 +753,332 @@ msgstr ""
+ "Utilizare: dnsmasq [opţiuni]\n"
+ "\n"
+ 
+-#: option.c:663
++#: option.c:682
+ #, c-format
+ msgid "Use short options only on the command line.\n"
+ msgstr "Folosiţi opţiunile prescurtate doar în linie de comandă.\n"
+ 
+-#: option.c:665
++#: option.c:684
+ #, fuzzy, c-format
+ msgid "Valid options are:\n"
+ msgstr "Opţiunile valide sunt:\n"
+ 
+-#: option.c:722 option.c:726
++#: option.c:741 option.c:745
+ msgid "bad port"
+ msgstr "port invalid"
+ 
+-#: option.c:753 option.c:785
++#: option.c:772 option.c:804
+ msgid "interface binding not supported"
+ msgstr ""
+ 
+-#: option.c:762 option.c:3494
++#: option.c:781 option.c:3570
+ #, fuzzy
+ msgid "bad interface name"
+ msgstr "nume MX invalid"
+ 
+-#: option.c:792
++#: option.c:811
+ #, fuzzy
+ msgid "bad address"
+ msgstr "citesc %s - %d adrese"
+ 
+-#: option.c:974
++#: option.c:993
+ msgid "unsupported encapsulation for IPv6 option"
+ msgstr ""
+ 
+-#: option.c:988
++#: option.c:1007
+ msgid "bad dhcp-option"
+ msgstr "dhcp-option invalid"
+ 
+-#: option.c:1056
++#: option.c:1075
+ #, fuzzy
+ msgid "bad IP address"
+ msgstr "citesc %s - %d adrese"
+ 
+-#: option.c:1059 option.c:1197 option.c:2812
++#: option.c:1078 option.c:1216 option.c:2888
+ #, fuzzy
+ msgid "bad IPv6 address"
+ msgstr "citesc %s - %d adrese"
+ 
+-#: option.c:1224 option.c:1318
++#: option.c:1243 option.c:1337
+ msgid "bad domain in dhcp-option"
+ msgstr "domeniu DNS invalid în declaraţia dhcp-option"
+ 
+-#: option.c:1356
++#: option.c:1375
+ msgid "dhcp-option too long"
+ msgstr "declararea dhcp-option este prea lungă"
+ 
+-#: option.c:1363
++#: option.c:1382
+ msgid "illegal dhcp-match"
+ msgstr ""
+ 
+-#: option.c:1425
++#: option.c:1444
+ msgid "illegal repeated flag"
+ msgstr ""
+ 
+-#: option.c:1433
++#: option.c:1452
+ msgid "illegal repeated keyword"
+ msgstr ""
+ 
+-#: option.c:1495 option.c:4092
++#: option.c:1517 option.c:4186
+ #, fuzzy, c-format
+ msgid "cannot access directory %s: %s"
+ msgstr "nu pot citi %s: %s"
+ 
+-#: option.c:1541 tftp.c:493
++#: option.c:1563 tftp.c:493
+ #, fuzzy, c-format
+ msgid "cannot access %s: %s"
+ msgstr "nu pot citi %s: %s"
+ 
+-#: option.c:1588
++#: option.c:1615
+ msgid "setting log facility is not possible under Android"
+ msgstr ""
+ 
+-#: option.c:1597
++#: option.c:1624
+ msgid "bad log facility"
+ msgstr ""
+ 
+-#: option.c:1650
++#: option.c:1677
+ msgid "bad MX preference"
+ msgstr "preferinţă MX invalidă"
+ 
+-#: option.c:1655
++#: option.c:1682
+ msgid "bad MX name"
+ msgstr "nume MX invalid"
+ 
+-#: option.c:1669
++#: option.c:1696
+ msgid "bad MX target"
+ msgstr "ţintă MX invalidă"
+ 
+-#: option.c:1681
++#: option.c:1708
+ msgid "cannot run scripts under uClinux"
+ msgstr ""
+ 
+-#: option.c:1683
++#: option.c:1710
+ msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+ msgstr ""
+ 
+-#: option.c:1687
++#: option.c:1714
+ msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+ msgstr ""
+ 
+-#: option.c:1928 option.c:1966 option.c:2015
++#: option.c:1970 option.c:2015 option.c:2071
+ #, fuzzy
+ msgid "bad prefix"
+ msgstr "port invalid"
+ 
+-#: option.c:2289
++#: option.c:2352
+ msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+ msgstr ""
+ 
+-#: option.c:2469
++#: option.c:2545
+ #, fuzzy
+ msgid "bad port range"
+ msgstr "port invalid"
+ 
+-#: option.c:2485
++#: option.c:2561
+ msgid "bad bridge-interface"
+ msgstr ""
+ 
+-#: option.c:2545
++#: option.c:2621
+ msgid "only one tag allowed"
+ msgstr ""
+ 
+-#: option.c:2565 option.c:2577 option.c:2683 option.c:2724
++#: option.c:2641 option.c:2653 option.c:2759 option.c:2800
+ msgid "bad dhcp-range"
+ msgstr "dhcp-range invalid"
+ 
+-#: option.c:2592
++#: option.c:2668
+ msgid "inconsistent DHCP range"
+ msgstr "domeniu DHCP inconsistent"
+ 
+-#: option.c:2651
++#: option.c:2727
+ msgid "prefix length must be exactly 64 for RA subnets"
+ msgstr ""
+ 
+-#: option.c:2653
++#: option.c:2729
+ msgid "prefix length must be exactly 64 for subnet constructors"
+ msgstr ""
+ 
+-#: option.c:2657
++#: option.c:2733
+ msgid "prefix length must be at least 64"
+ msgstr ""
+ 
+-#: option.c:2660
++#: option.c:2736
+ #, fuzzy
+ msgid "inconsistent DHCPv6 range"
+ msgstr "domeniu DHCP inconsistent"
+ 
+-#: option.c:2671
++#: option.c:2747
+ msgid "prefix must be zero with \"constructor:\" argument"
+ msgstr ""
+ 
+-#: option.c:2782 option.c:2830
++#: option.c:2858 option.c:2906
+ #, fuzzy
+ msgid "bad hex constant"
+ msgstr "dhcp-host invalid"
+ 
+-#: option.c:2804
++#: option.c:2880
+ msgid "cannot match tags in --dhcp-host"
+ msgstr ""
+ 
+-#: option.c:2852
++#: option.c:2928
+ #, fuzzy, c-format
+ msgid "duplicate dhcp-host IP address %s"
+ msgstr "adresă IP duplicat %s în declaraţia dhcp-config."
+ 
+-#: option.c:2910
++#: option.c:2986
+ #, fuzzy
+ msgid "bad DHCP host name"
+ msgstr "nume MX invalid"
+ 
+-#: option.c:2992
++#: option.c:3068
+ #, fuzzy
+ msgid "bad tag-if"
+ msgstr "ţintă MX invalidă"
+ 
+-#: option.c:3316 option.c:3710
++#: option.c:3392 option.c:3786
+ msgid "invalid port number"
+ msgstr "număr de port invalid"
+ 
+-#: option.c:3378
++#: option.c:3454
+ #, fuzzy
+ msgid "bad dhcp-proxy address"
+ msgstr "citesc %s - %d adrese"
+ 
+-#: option.c:3404
++#: option.c:3480
+ #, fuzzy
+ msgid "Bad dhcp-relay"
+ msgstr "dhcp-range invalid"
+ 
+-#: option.c:3430
++#: option.c:3506
+ msgid "bad RA-params"
+ msgstr ""
+ 
+-#: option.c:3439
++#: option.c:3515
+ msgid "bad DUID"
+ msgstr ""
+ 
+-#: option.c:3481
++#: option.c:3557
+ #, fuzzy
+ msgid "invalid alias range"
+ msgstr "pondere invalidă"
+ 
+-#: option.c:3535
++#: option.c:3611
+ msgid "bad CNAME"
+ msgstr ""
+ 
+-#: option.c:3540
++#: option.c:3616
+ msgid "duplicate CNAME"
+ msgstr ""
+ 
+-#: option.c:3560
++#: option.c:3636
+ #, fuzzy
+ msgid "bad PTR record"
+ msgstr "înregistrare SRV invalidă"
+ 
+-#: option.c:3591
++#: option.c:3667
+ #, fuzzy
+ msgid "bad NAPTR record"
+ msgstr "înregistrare SRV invalidă"
+ 
+-#: option.c:3625
++#: option.c:3701
+ #, fuzzy
+ msgid "bad RR record"
+ msgstr "înregistrare SRV invalidă"
+ 
+-#: option.c:3655
++#: option.c:3731
+ msgid "bad TXT record"
+ msgstr "înregistrare TXT invalidă"
+ 
+-#: option.c:3696
++#: option.c:3772
+ msgid "bad SRV record"
+ msgstr "înregistrare SRV invalidă"
+ 
+-#: option.c:3703
++#: option.c:3779
+ msgid "bad SRV target"
+ msgstr "ţintă SRV invalidă"
+ 
+-#: option.c:3717
++#: option.c:3793
+ msgid "invalid priority"
+ msgstr "prioritate invalidă"
+ 
+-#: option.c:3724
++#: option.c:3800
+ msgid "invalid weight"
+ msgstr "pondere invalidă"
+ 
+-#: option.c:3748
++#: option.c:3824
+ #, fuzzy
+ msgid "Bad host-record"
+ msgstr "înregistrare SRV invalidă"
+ 
+-#: option.c:3765
++#: option.c:3841
+ #, fuzzy
+ msgid "Bad name in host-record"
+ msgstr "nume invalid în %s"
+ 
+-#: option.c:3826
++#: option.c:3906
+ #, fuzzy
+ msgid "bad trust anchor"
+ msgstr "port invalid"
+ 
+-#: option.c:3840
++#: option.c:3920
+ msgid "bad HEX in trust anchor"
+ msgstr ""
+ 
+-#: option.c:3850
++#: option.c:3930
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+ msgstr ""
+ 
+-#: option.c:3909
++#: option.c:3989
+ msgid "missing \""
+ msgstr "lipseşte \""
+ 
+-#: option.c:3966
++#: option.c:4046
+ msgid "bad option"
+ msgstr "opţiune invalidă"
+ 
+-#: option.c:3968
++#: option.c:4048
+ msgid "extraneous parameter"
+ msgstr "parametru nerecunoscut"
+ 
+-#: option.c:3970
++#: option.c:4050
+ msgid "missing parameter"
+ msgstr "parametru lipsa"
+ 
+-#: option.c:3972
++#: option.c:4052
+ #, fuzzy
+ msgid "illegal option"
+ msgstr "opţiune invalidă"
+ 
+-#: option.c:3979
++#: option.c:4059
+ msgid "error"
+ msgstr "eroare"
+ 
+-#: option.c:3981
++#: option.c:4061
+ #, fuzzy, c-format
+ msgid " at line %d of %s"
+ msgstr "%s la linia %d din %%s"
+ 
+-#: option.c:4045 option.c:4168 tftp.c:667
+-#, c-format
+-msgid "cannot read %s: %s"
+-msgstr "nu pot citi %s: %s"
+-
+-#: option.c:4229 option.c:4265
++#: option.c:4076 option.c:4323 option.c:4359
+ #, fuzzy, c-format
+ msgid "read %s"
+ msgstr "citesc %s"
+ 
+-#: option.c:4331
++#: option.c:4139 option.c:4262 tftp.c:667
++#, c-format
++msgid "cannot read %s: %s"
++msgstr "nu pot citi %s: %s"
++
++#: option.c:4425
+ msgid "junk found in command line"
+ msgstr ""
+ 
+-#: option.c:4366
++#: option.c:4460
+ #, c-format
+ msgid "Dnsmasq version %s  %s\n"
+ msgstr "dnsmasq versiunea %s  %s\n"
+ 
+-#: option.c:4367
++#: option.c:4461
+ #, fuzzy, c-format
+ msgid ""
+ "Compile time options: %s\n"
+@@ -1054,89 +1087,89 @@ msgstr ""
+ "Opţiuni cu care a fost compilat %s\n"
+ "\n"
+ 
+-#: option.c:4368
++#: option.c:4462
+ #, c-format
+ msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+ msgstr "Acest program vine FĂRĂ NICI O GARANŢIE.\n"
+ 
+-#: option.c:4369
++#: option.c:4463
+ #, c-format
+ msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+ msgstr "Dnsmasq este un program gratuit, sunteţi invitaţi să-l redistribuiţi\n"
+ 
+-#: option.c:4370
++#: option.c:4464
+ #, fuzzy, c-format
+ msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+ msgstr "în termenii Licenţei publice generale GNU, versiunea 2.\n"
+ 
+-#: option.c:4381
++#: option.c:4475
+ msgid "try --help"
+ msgstr ""
+ 
+-#: option.c:4383
++#: option.c:4477
+ msgid "try -w"
+ msgstr ""
+ 
+-#: option.c:4385
++#: option.c:4479
+ #, fuzzy, c-format
+ msgid "bad command line options: %s"
+ msgstr "opţiuni în linie de comandă invalide: %s."
+ 
+-#: option.c:4434
++#: option.c:4535
+ #, c-format
+ msgid "cannot get host-name: %s"
+ msgstr "nu pot citi numele maşinii: %s"
+ 
+-#: option.c:4462
++#: option.c:4563
+ msgid "only one resolv.conf file allowed in no-poll mode."
+ msgstr "se permite un singur fişier resolv.conf în modul no-poll"
+ 
+-#: option.c:4472
++#: option.c:4573
+ msgid "must have exactly one resolv.conf to read domain from."
+ msgstr "am nevoie de un singur resolv.conf din care să citesc numele domeniului."
+ 
+-#: option.c:4475 network.c:1506 dhcp.c:769
++#: option.c:4576 network.c:1506 dhcp.c:774
+ #, fuzzy, c-format
+ msgid "failed to read %s: %s"
+ msgstr "nu pot citi %s: %s"
+ 
+-#: option.c:4492
++#: option.c:4593
+ #, c-format
+ msgid "no search directive found in %s"
+ msgstr "nu s-a găsit nici un criteriu de căutare în %s"
+ 
+-#: option.c:4513
++#: option.c:4614
+ msgid "there must be a default domain when --dhcp-fqdn is set"
+ msgstr ""
+ 
+-#: option.c:4522
++#: option.c:4623
+ msgid "syntax check OK"
+ msgstr ""
+ 
+-#: forward.c:114
++#: forward.c:111
+ #, fuzzy, c-format
+ msgid "failed to send packet: %s"
+ msgstr "ascultarea pe socket a eşuat: %s"
+ 
+-#: forward.c:574
++#: forward.c:572
+ msgid "discarding DNS reply: subnet option mismatch"
+ msgstr ""
+ 
+-#: forward.c:597
++#: forward.c:595
+ #, c-format
+ msgid "nameserver %s refused to do a recursive query"
+ msgstr "serverul DNS %s refuză interogările recursive"
+ 
+-#: forward.c:629
++#: forward.c:627
+ #, c-format
+ msgid "possible DNS-rebind attack detected: %s"
+ msgstr ""
+ 
+-#: forward.c:1132 forward.c:1663
++#: forward.c:1156 forward.c:1722
+ msgid "Ignoring query from non-local network"
+ msgstr ""
+ 
+-#: forward.c:2101
++#: forward.c:2178
+ #, fuzzy, c-format
+ msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+ msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
+@@ -1226,273 +1259,286 @@ msgstr "folosim serverul DNS %s#%d"
+ msgid "using nameserver %s#%d"
+ msgstr "folosim serverul DNS %s#%d"
+ 
+-#: dnsmasq.c:154
+-msgid "No trust anchors provided for DNSSEC"
++#: dnsmasq.c:149
++msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:157
+-msgid "Cannot reduce cache size from default when DNSSEC enabled"
++#: dnsmasq.c:156
++msgid "no trust anchors provided for DNSSEC"
+ msgstr ""
+ 
+ #: dnsmasq.c:159
++msgid "cannot reduce cache size from default when DNSSEC enabled"
++msgstr ""
++
++#: dnsmasq.c:161
+ #, fuzzy
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+ msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
+ 
+-#: dnsmasq.c:165
++#: dnsmasq.c:167
+ #, fuzzy
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+ msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
+ 
+-#: dnsmasq.c:170
+-msgid "Cannot use --conntrack AND --query-port"
++#: dnsmasq.c:172
++msgid "cannot use --conntrack AND --query-port"
+ msgstr ""
+ 
+-#: dnsmasq.c:173
++#: dnsmasq.c:175
+ #, fuzzy
+-msgid "Conntrack support not available: set HAVE_CONNTRACK in src/config.h"
++msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+ msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
+ 
+-#: dnsmasq.c:178
++#: dnsmasq.c:180
+ msgid "asychronous logging is not available under Solaris"
+ msgstr ""
+ 
+-#: dnsmasq.c:183
++#: dnsmasq.c:185
+ msgid "asychronous logging is not available under Android"
+ msgstr ""
+ 
+-#: dnsmasq.c:188
++#: dnsmasq.c:190
+ #, fuzzy
+ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
+ 
+-#: dnsmasq.c:193
++#: dnsmasq.c:195
+ #, fuzzy
+-msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
++msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+ msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
+ 
+-#: dnsmasq.c:201
++#: dnsmasq.c:203
+ msgid "zone serial must be configured in --auth-soa"
+ msgstr ""
+ 
+-#: dnsmasq.c:219
++#: dnsmasq.c:221
+ msgid "dhcp-range constructor not available on this platform"
+ msgstr ""
+ 
+-#: dnsmasq.c:262
++#: dnsmasq.c:264
+ msgid "cannot set --bind-interfaces and --bind-dynamic"
+ msgstr ""
+ 
+-#: dnsmasq.c:265
++#: dnsmasq.c:267
+ #, c-format
+ msgid "failed to find list of interfaces: %s"
+ msgstr "enumerarea interfeţelor a eşuat: %s"
+ 
+-#: dnsmasq.c:274
++#: dnsmasq.c:276
+ #, c-format
+ msgid "unknown interface %s"
+ msgstr "interfaţă necunoscută %s"
+ 
+-#: dnsmasq.c:330 dnsmasq.c:954
++#: dnsmasq.c:340 dnsmasq.c:1004
+ #, c-format
+ msgid "DBus error: %s"
+ msgstr "eroare DBus: %s"
+ 
+-#: dnsmasq.c:333
++#: dnsmasq.c:343
+ msgid "DBus not available: set HAVE_DBUS in src/config.h"
+ msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
+ 
+-#: dnsmasq.c:361
++#: dnsmasq.c:371
+ #, c-format
+ msgid "unknown user or group: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:416
++#: dnsmasq.c:426
+ #, c-format
+ msgid "cannot chdir to filesystem root: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:653
++#: dnsmasq.c:667
+ #, fuzzy, c-format
+ msgid "started, version %s DNS disabled"
+ msgstr "am pornit, versiunea %s memorie temporară dezactivată"
+ 
+-#: dnsmasq.c:655
++#: dnsmasq.c:669
+ #, c-format
+ msgid "started, version %s cachesize %d"
+ msgstr "am ponit, versiunea %s memorie temporară %d"
+ 
+-#: dnsmasq.c:657
++#: dnsmasq.c:671
+ #, c-format
+ msgid "started, version %s cache disabled"
+ msgstr "am pornit, versiunea %s memorie temporară dezactivată"
+ 
+-#: dnsmasq.c:659
++#: dnsmasq.c:673
+ #, c-format
+ msgid "compile time options: %s"
+ msgstr "compilat cu opţiunile: %s"
+ 
+-#: dnsmasq.c:665
++#: dnsmasq.c:679
+ msgid "DBus support enabled: connected to system bus"
+ msgstr "suportul DBus activ: sunt conectat la magistrala sistem"
+ 
+-#: dnsmasq.c:667
++#: dnsmasq.c:681
+ msgid "DBus support enabled: bus connection pending"
+ msgstr "suportul DBus activ: aştept conexiunea la magistrală"
+ 
+-#: dnsmasq.c:672
++#: dnsmasq.c:686
+ msgid "DNS service limited to local subnets"
+ msgstr ""
+ 
+-#: dnsmasq.c:677
++#: dnsmasq.c:702
+ msgid "DNSSEC validation enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:679
++#: dnsmasq.c:705
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+ msgstr ""
+ 
++#: dnsmasq.c:708
++msgid "DNSSEC signature timestamps not checked until system time valid"
++msgstr ""
++
+ # for compatibility purposes the letters â, ă, ş, ţ and î can be written as their look-alike correspondent.
+-#: dnsmasq.c:684
++#: dnsmasq.c:713
+ #, fuzzy, c-format
+ msgid "warning: failed to change owner of %s: %s"
+ msgstr "încărcarea numelor din %s: %s a eşuat"
+ 
+-#: dnsmasq.c:688
++#: dnsmasq.c:717
+ msgid "setting --bind-interfaces option because of OS limitations"
+ msgstr "specific opţiunea --bind-interfaces din cauza limitărilor SO"
+ 
+-#: dnsmasq.c:698
++#: dnsmasq.c:727
+ #, c-format
+ msgid "warning: interface %s does not currently exist"
+ msgstr "atenţie: interfaţa %s nu există momentan"
+ 
+-#: dnsmasq.c:703
++#: dnsmasq.c:732
+ msgid "warning: ignoring resolv-file flag because no-resolv is set"
+ msgstr ""
+ 
+-#: dnsmasq.c:706
++#: dnsmasq.c:735
+ #, fuzzy
+ msgid "warning: no upstream servers configured"
+ msgstr "configurăm serverele superioare prin Dbus"
+ 
+-#: dnsmasq.c:710
++#: dnsmasq.c:739
+ #, c-format
+ msgid "asynchronous logging enabled, queue limit is %d messages"
+ msgstr ""
+ 
+-#: dnsmasq.c:731
++#: dnsmasq.c:760
+ msgid "IPv6 router advertisement enabled"
+ msgstr ""
+ 
+-#: dnsmasq.c:736
++#: dnsmasq.c:765
+ #, c-format
+ msgid "DHCP, sockets bound exclusively to interface %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ msgid "root is "
+ msgstr ""
+ 
+-#: dnsmasq.c:753
++#: dnsmasq.c:782
+ #, fuzzy
+ msgid "enabled"
+ msgstr "dezactivat"
+ 
+-#: dnsmasq.c:755
++#: dnsmasq.c:784
+ msgid "secure mode"
+ msgstr ""
+ 
+-#: dnsmasq.c:781
++#: dnsmasq.c:810
+ #, c-format
+ msgid "restricting maximum simultaneous TFTP transfers to %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:956
++#: dnsmasq.c:1006
+ msgid "connected to system DBus"
+ msgstr "magistrala sistem Dbus conectată"
+ 
+-#: dnsmasq.c:1106
++#: dnsmasq.c:1156
+ #, c-format
+ msgid "cannot fork into background: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1109
++#: dnsmasq.c:1159
+ #, fuzzy, c-format
+ msgid "failed to create helper: %s"
+ msgstr "nu pot citi %s: %s"
+ 
+-#: dnsmasq.c:1112
++#: dnsmasq.c:1162
+ #, c-format
+ msgid "setting capabilities failed: %s"
+ msgstr ""
+ 
+ # for compatibility purposes the letters â, ă, ş, ţ and î can be written as their look-alike correspondent.
+-#: dnsmasq.c:1115
++#: dnsmasq.c:1165
+ #, fuzzy, c-format
+ msgid "failed to change user-id to %s: %s"
+ msgstr "încărcarea numelor din %s: %s a eşuat"
+ 
+ # for compatibility purposes the letters â, ă, ş, ţ and î can be written as their look-alike correspondent.
+-#: dnsmasq.c:1118
++#: dnsmasq.c:1168
+ #, fuzzy, c-format
+ msgid "failed to change group-id to %s: %s"
+ msgstr "încărcarea numelor din %s: %s a eşuat"
+ 
+-#: dnsmasq.c:1121
++#: dnsmasq.c:1171
+ #, fuzzy, c-format
+ msgid "failed to open pidfile %s: %s"
+ msgstr "nu pot citi %s: %s"
+ 
+-#: dnsmasq.c:1124
++#: dnsmasq.c:1174
+ #, fuzzy, c-format
+ msgid "cannot open log %s: %s"
+ msgstr "nu pot deschide %s:%s"
+ 
+-#: dnsmasq.c:1127
++#: dnsmasq.c:1177
+ #, fuzzy, c-format
+ msgid "failed to load Lua script: %s"
+ msgstr "nu pot încărca %s: %s"
+ 
+-#: dnsmasq.c:1130
++#: dnsmasq.c:1180
+ #, c-format
+ msgid "TFTP directory %s inaccessible: %s"
+ msgstr ""
+ 
+-#: dnsmasq.c:1151
++#: dnsmasq.c:1183
++#, fuzzy, c-format
++msgid "cannot create timestamp file %s: %s"
++msgstr "nu pot creea sau deschide fişierul cu împrumuturi: %s"
++
++#: dnsmasq.c:1204
+ msgid "now checking DNSSEC signature timestamps"
+ msgstr ""
+ 
+-#: dnsmasq.c:1218
++#: dnsmasq.c:1271
+ #, c-format
+ msgid "script process killed by signal %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1222
++#: dnsmasq.c:1275
+ #, c-format
+ msgid "script process exited with status %d"
+ msgstr ""
+ 
+-#: dnsmasq.c:1226
++#: dnsmasq.c:1279
+ #, fuzzy, c-format
+ msgid "failed to execute %s: %s"
+ msgstr "accesarea serverului %s a eşuat: %s"
+ 
+-#: dnsmasq.c:1281
++#: dnsmasq.c:1334
+ msgid "exiting on receipt of SIGTERM"
+ msgstr "am primit SIGTERM, am terminat"
+ 
+-#: dnsmasq.c:1309
++#: dnsmasq.c:1362
+ #, fuzzy, c-format
+ msgid "failed to access %s: %s"
+ msgstr "accesarea serverului %s a eşuat: %s"
+ 
+-#: dnsmasq.c:1339
++#: dnsmasq.c:1392
+ #, c-format
+ msgid "reading %s"
+ msgstr "citesc %s"
+ 
+-#: dnsmasq.c:1350
++#: dnsmasq.c:1403
+ #, fuzzy, c-format
+ msgid "no servers found in %s, will retry"
+ msgstr "nu s-a găsit nici un criteriu de căutare în %s"
+@@ -1532,27 +1578,27 @@ msgstr "interfaţă necunoscută %s"
+ msgid "DHCP packet received on %s which has no address"
+ msgstr ""
+ 
+-#: dhcp.c:408
++#: dhcp.c:412
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+ msgstr ""
+ 
+-#: dhcp.c:506
++#: dhcp.c:511
+ #, c-format
+ msgid "DHCP range %s -- %s is not consistent with netmask %s"
+ msgstr "domeniu DHCP %s -- %s nu este consistent cu masca de reţea %s"
+ 
+-#: dhcp.c:807
++#: dhcp.c:812
+ #, c-format
+ msgid "bad line at %s line %d"
+ msgstr "linie invalidă în %s rândul %d"
+ 
+-#: dhcp.c:850
++#: dhcp.c:855
+ #, c-format
+ msgid "ignoring %s line %d, duplicate name or IP address"
+ msgstr ""
+ 
+-#: dhcp.c:994 rfc3315.c:2089
++#: dhcp.c:999 rfc3315.c:2139
+ #, c-format
+ msgid "DHCP relay %s -> %s"
+ msgstr ""
+@@ -1623,12 +1669,12 @@ msgstr "eroare DBus: %s"
+ msgid "disabled"
+ msgstr "dezactivat"
+ 
+-#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:602 rfc3315.c:823
+-#: rfc3315.c:1095
++#: rfc2131.c:539 rfc2131.c:967 rfc2131.c:1385 rfc3315.c:603 rfc3315.c:860
++#: rfc3315.c:1139
+ msgid "ignored"
+ msgstr "ignorat"
+ 
+-#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:873
++#: rfc2131.c:554 rfc2131.c:1205 rfc3315.c:910
+ msgid "address in use"
+ msgstr "adresa este folosită"
+ 
+@@ -1648,7 +1694,7 @@ msgstr "adresă lipsă"
+ msgid "no leases left"
+ msgstr "nu mai am de unde să împrumut"
+ 
+-#: rfc2131.c:691 rfc3315.c:475
++#: rfc2131.c:691 rfc3315.c:476
+ #, c-format
+ msgid "%u client provides name: %s"
+ msgstr ""
+@@ -1657,7 +1703,7 @@ msgstr ""
+ msgid "PXE BIS not supported"
+ msgstr ""
+ 
+-#: rfc2131.c:935 rfc3315.c:1189
++#: rfc2131.c:935 rfc3315.c:1233
+ #, fuzzy, c-format
+ msgid "disabling DHCP static address %s for %s"
+ msgstr "dezactivăm adresele DHCP statice %s"
+@@ -1693,7 +1739,7 @@ msgstr ""
+ msgid "wrong address"
+ msgstr "adresă greşită"
+ 
+-#: rfc2131.c:1143 rfc3315.c:969
++#: rfc2131.c:1143 rfc3315.c:1006
+ msgid "lease not found"
+ msgstr "împrumutul nu a fost găsit"
+ 
+@@ -1743,7 +1789,7 @@ msgstr "nu pot trimite opţiunea DHCP %d: nu mai este loc în pachet"
+ msgid "PXE menu too large"
+ msgstr ""
+ 
+-#: rfc2131.c:2173 rfc3315.c:1456
++#: rfc2131.c:2173 rfc3315.c:1506
+ #, fuzzy, c-format
+ msgid "%u requested options: %s"
+ msgstr "compilat cu opţiunile: %s"
+@@ -1758,7 +1804,7 @@ msgstr ""
+ msgid "cannot create netlink socket: %s"
+ msgstr "nu pot să activez socket-ul netlink: %s"
+ 
+-#: netlink.c:347
++#: netlink.c:348
+ #, fuzzy, c-format
+ msgid "netlink returns error: %s"
+ msgstr "eroare DBus: %s"
+@@ -1876,66 +1922,66 @@ msgstr "nici un domeniu de adrese disponibil pentru cererea DHCP %s %s"
+ msgid "%u available DHCPv6 subnet: %s/%d"
+ msgstr "nici un domeniu de adrese disponibil pentru cererea DHCP %s %s"
+ 
+-#: rfc3315.c:379
++#: rfc3315.c:380
+ #, fuzzy, c-format
+ msgid "%u vendor class: %u"
+ msgstr "eroare DBus: %s"
+ 
+-#: rfc3315.c:427
++#: rfc3315.c:428
+ #, fuzzy, c-format
+ msgid "%u client MAC address: %s"
+ msgstr "nu exista interfaţă pentru adresa %s"
+ 
+-#: rfc3315.c:659
++#: rfc3315.c:660
+ #, fuzzy, c-format
+ msgid "unknown prefix-class %d"
+ msgstr "împrumut necunoscut"
+ 
+-#: rfc3315.c:791 rfc3315.c:913
++#: rfc3315.c:803 rfc3315.c:902
++#, fuzzy
++msgid "address unavailable"
++msgstr "adresă indisponibilă"
++
++#: rfc3315.c:815 rfc3315.c:950 rfc3315.c:1283
+ msgid "success"
+ msgstr ""
+ 
+-#: rfc3315.c:806 rfc3315.c:808 rfc3315.c:921 rfc3315.c:923
++#: rfc3315.c:843 rfc3315.c:845 rfc3315.c:958 rfc3315.c:960
+ #, fuzzy
+ msgid "no addresses available"
+ msgstr "nici o adresă disponibilă"
+ 
+-#: rfc3315.c:865
+-#, fuzzy
+-msgid "address unavailable"
+-msgstr "adresă indisponibilă"
+-
+-#: rfc3315.c:900
++#: rfc3315.c:937
+ msgid "not on link"
+ msgstr ""
+ 
+-#: rfc3315.c:973 rfc3315.c:1151 rfc3315.c:1228
++#: rfc3315.c:1010 rfc3315.c:1195 rfc3315.c:1272
+ msgid "no binding found"
+ msgstr ""
+ 
+-#: rfc3315.c:1011
++#: rfc3315.c:1048
+ msgid "deprecated"
+ msgstr ""
+ 
+-#: rfc3315.c:1016
++#: rfc3315.c:1053
+ #, fuzzy
+ msgid "address invalid"
+ msgstr "adresa este folosită"
+ 
+-#: rfc3315.c:1061
++#: rfc3315.c:1100
+ msgid "confirm failed"
+ msgstr ""
+ 
+-#: rfc3315.c:1072
++#: rfc3315.c:1116
+ #, fuzzy
+ msgid "all addresses still on link"
+ msgstr "adresă greşită în %s, linia %d"
+ 
+-#: rfc3315.c:1160
++#: rfc3315.c:1204
+ msgid "release received"
+ msgstr ""
+ 
+-#: rfc3315.c:2080
++#: rfc3315.c:2130
+ msgid "Cannot multicast to DHCPv6 server without correct interface"
+ msgstr ""
+ 
+@@ -2028,7 +2074,7 @@ msgstr ""
+ msgid "cannot create ICMPv6 socket: %s"
+ msgstr "nu pot creea socket DHCP: %s"
+ 
+-#: auth.c:429
++#: auth.c:436
+ #, c-format
+ msgid "ignoring zone transfer request from %s"
+ msgstr ""
+@@ -2043,54 +2089,89 @@ msgstr "activarea socket-ului server-ului DHCP a eşuat: %s"
+ msgid "failed to create IPset control socket: %s"
+ msgstr "creearea socket-ului de ascultare a eşuat: %s"
+ 
++#: dnssec.c:425 dnssec.c:469
++#, fuzzy, c-format
++msgid "failed to update mtime on %s: %s"
++msgstr "nu pot citi %s: %s"
++
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+ msgstr ""
+ 
+-#: tables.c:76
++#: tables.c:80
+ msgid "error: fill_addr missused"
+ msgstr ""
+ 
+-#: tables.c:105
++#: tables.c:109
+ #, fuzzy, c-format
+ msgid "failed to access pf devices: %s"
+ msgstr "accesarea serverului %s a eşuat: %s"
+ 
+-#: tables.c:119
++#: tables.c:123
+ #, fuzzy, c-format
+ msgid "warning: no opened pf devices %s"
+ msgstr "folosim adresele locale doar pentru %S %s"
+ 
+-#: tables.c:127
++#: tables.c:131
+ #, fuzzy, c-format
+ msgid "error: cannot use table name %s"
+ msgstr "nu pot citi numele maşinii: %s"
+ 
+-#: tables.c:135
++#: tables.c:139
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+ msgstr ""
+ 
+-#: tables.c:141
++#: tables.c:145
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+ msgstr ""
+ 
+-#: tables.c:147
++#: tables.c:151
+ msgid "info: table created"
+ msgstr ""
+ 
+-#: tables.c:158
++#: tables.c:162
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+ msgstr ""
+ 
+-#: tables.c:162
++#: tables.c:166
+ #, fuzzy, c-format
+ msgid "%d addresses %s"
+ msgstr "citesc %s - %d adrese"
+ 
++#: inotify.c:46
++#, fuzzy, c-format
++msgid "failed to create inotify: %s"
++msgstr "nu pot citi %s: %s"
++
++#: inotify.c:60
++#, fuzzy, c-format
++msgid "cannot cannonicalise resolv-file %s: %s"
++msgstr "nu pot creea sau deschide fişierul cu împrumuturi: %s"
++
++#: inotify.c:72
++#, c-format
++msgid "directory %s for resolv-file is missing, cannot poll"
++msgstr ""
++
++#: inotify.c:75 inotify.c:112
++#, fuzzy, c-format
++msgid "failed to create inotify for %s: %s"
++msgstr "creearea socket-ului de ascultare a eşuat: %s"
++
++#: inotify.c:97
++#, fuzzy, c-format
++msgid "bad dynamic directory %s: %s"
++msgstr "nu pot citi %s: %s"
++
++#: inotify.c:197
++#, c-format
++msgid "inotify, new or changed file %s"
++msgstr ""
++
+ #~ msgid "duplicate IP address %s in dhcp-config directive."
+ #~ msgstr "adresă IP duplicat %s în declaraţia dhcp-config."
+ 
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch b/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch
new file mode 100644 (file)
index 0000000..b273220
--- /dev/null
+++ b/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch
@@ -0,0 +1,199 @@
+From 30d0879ed55cb67b1b735beab3d93f3bb3ef1dd2 Mon Sep 17 00:00:00 2001
+From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
+Date: Tue, 31 Mar 2015 22:32:11 +0100
+Subject: [PATCH 68/98] add --tftp-no-fail to ignore missing tftp root
+
+---
+ CHANGELOG            |  3 +++
+ dnsmasq.conf.example |  3 +++
+ man/dnsmasq.8        |  3 +++
+ src/dnsmasq.c        | 40 ++++++++++++++++++++++++++++++----------
+ src/dnsmasq.h        |  4 +++-
+ src/option.c         |  3 +++
+ 6 files changed, 45 insertions(+), 11 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 4f4fa305deaa..34432ae4807f 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -72,6 +72,9 @@ version 2.73
+           on systems without an RTC, whilst allowing DNS queries before the
+           clock is valid so that NTP can run. Thanks to
+           Kevin Darbyshire-Bryant for developing this idea.
++
++          Add --tftp-no-fail option. Thanks to Stefan Tomanek for
++          the patch.
+       
+       
+ version 2.72
+diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
+index 1bd305dbdbad..67be99acb028 100644
+--- a/dnsmasq.conf.example
++++ b/dnsmasq.conf.example
+@@ -486,6 +486,9 @@
+ # Set the root directory for files available via FTP.
+ #tftp-root=/var/ftpd
+ 
++# Do not abort if the tftp-root is unavailable
++#tftp-no-fail
++
+ # Make the TFTP server more secure: with this set, only files owned by
+ # the user dnsmasq is running as will be send over the net.
+ #tftp-secure
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 1f1dd7b69c53..6b4626cc0aad 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -1711,6 +1711,9 @@ Absolute paths (starting with /) are allowed, but they must be within
+ the tftp-root. If the optional interface argument is given, the
+ directory is only used for TFTP requests via that interface.
+ .TP
++.B --tftp-no-fail
++Do not abort startup if specified tftp root directories are inaccessible.
++.TP
+ .B --tftp-unique-root
+ Add the IP address of the TFTP client as a path component on the end
+ of the TFTP-root (in standard dotted-quad format). Only valid if a
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index b784951950d4..0d4d4558a2e2 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -58,6 +58,9 @@ int main (int argc, char **argv)
+   struct dhcp_context *context;
+   struct dhcp_relay *relay;
+ #endif
++#ifdef HAVE_TFTP
++  int tftp_prefix_missing = 0;
++#endif
+ 
+ #ifdef LOCALEDIR
+   setlocale(LC_ALL, "");
+@@ -636,7 +639,7 @@ int main (int argc, char **argv)
+ #endif
+ 
+ #ifdef HAVE_TFTP
+-      if (option_bool(OPT_TFTP))
++  if (option_bool(OPT_TFTP))
+     {
+       DIR *dir;
+       struct tftp_prefix *p;
+@@ -645,24 +648,33 @@ int main (int argc, char **argv)
+       {
+         if (!((dir = opendir(daemon->tftp_prefix))))
+           {
+-            send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
+-            _exit(0);
++            tftp_prefix_missing = 1;
++            if (!option_bool(OPT_TFTP_NO_FAIL))
++              {
++                send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
++                _exit(0);
++              }
+           }
+         closedir(dir);
+       }
+-
++      
+       for (p = daemon->if_prefix; p; p = p->next)
+       {
++        p->missing = 0;
+         if (!((dir = opendir(p->prefix))))
+-         {
+-           send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
+-           _exit(0);
+-         } 
++          {
++            p->missing = 1;
++            if (!option_bool(OPT_TFTP_NO_FAIL))
++              {
++                send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
++                _exit(0);
++              }
++          } 
+         closedir(dir);
+       }
+     }
+ #endif
+-
++  
+   if (daemon->port == 0)
+     my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
+   else if (daemon->cachesize != 0)
+@@ -772,7 +784,8 @@ int main (int argc, char **argv)
+ 
+ #ifdef HAVE_TFTP
+   if (option_bool(OPT_TFTP))
+-    {
++    { 
++      struct tftp_prefix *p;
+ #ifdef FD_SETSIZE
+       if (FD_SETSIZE < (unsigned)max_fd)
+       max_fd = FD_SETSIZE;
+@@ -782,7 +795,14 @@ int main (int argc, char **argv)
+               daemon->tftp_prefix ? _("root is ") : _("enabled"),
+               daemon->tftp_prefix ? daemon->tftp_prefix: "",
+               option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
++       
++      if (tftp_prefix_missing)
++      my_syslog(MS_TFTP | LOG_WARNING, _("warning: %s inaccessible"), daemon->tftp_prefix);
+       
++      for (p = daemon->if_prefix; p; p = p->next)
++      if (p->missing)
++         my_syslog(MS_TFTP | LOG_WARNING, _("warning: TFTP directory %s inaccessible"), p->prefix);
++
+       /* This is a guess, it assumes that for small limits, 
+        disjoint files might be served, but for large limits, 
+        a single file will be sent to may clients (the file only needs
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index de95d0e875e3..42952fc76c7a 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -240,7 +240,8 @@ struct event_desc {
+ #define OPT_LOCAL_SERVICE  49
+ #define OPT_LOOP_DETECT    50
+ #define OPT_EXTRALOG       51
+-#define OPT_LAST           52
++#define OPT_TFTP_NO_FAIL   52
++#define OPT_LAST           53
+ 
+ /* extra flags for my_syslog, we use a couple of facilities since they are known 
+    not to occupy the same bits as priorities, no matter how syslog.h is set up. */
+@@ -901,6 +902,7 @@ struct addr_list {
+ struct tftp_prefix {
+   char *interface;
+   char *prefix;
++  int missing;
+   struct tftp_prefix *next;
+ };
+ 
+diff --git a/src/option.c b/src/option.c
+index 3009eb545fde..f91cfbb1aa54 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -153,6 +153,7 @@ struct myoption {
+ #define LOPT_DHOPT_INOTIFY 341
+ #define LOPT_HOST_INOTIFY  342
+ #define LOPT_DNSSEC_STAMP  343
++#define LOPT_TFTP_NO_FAIL  344
+ 
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =  
+@@ -235,6 +236,7 @@ static const struct myoption opts[] =
+     { "dhcp-ignore-names", 2, 0, LOPT_NO_NAMES },
+     { "enable-tftp", 2, 0, LOPT_TFTP },
+     { "tftp-secure", 0, 0, LOPT_SECURE },
++    { "tftp-no-fail", 0, 0, LOPT_TFTP_NO_FAIL },
+     { "tftp-unique-root", 0, 0, LOPT_APREF },
+     { "tftp-root", 1, 0, LOPT_PREFIX },
+     { "tftp-max", 1, 0, LOPT_TFTP_MAX },
+@@ -419,6 +421,7 @@ static struct {
+   { LOPT_PREFIX, ARG_DUP, "<dir>[,<iface>]", gettext_noop("Export files by TFTP only from the specified subtree."), NULL },
+   { LOPT_APREF, OPT_TFTP_APREF, NULL, gettext_noop("Add client IP address to tftp-root."), NULL },
+   { LOPT_SECURE, OPT_TFTP_SECURE, NULL, gettext_noop("Allow access only to files owned by the user running dnsmasq."), NULL },
++  { LOPT_TFTP_NO_FAIL, OPT_TFTP_NO_FAIL, NULL, gettext_noop("Do not terminate the service if TFTP directories are inaccessible."), NULL },
+   { LOPT_TFTP_MAX, ARG_ONE, "<integer>", gettext_noop("Maximum number of conncurrent TFTP transfers (defaults to %s)."), "#" },
+   { LOPT_NOBLOCK, OPT_TFTP_NOBLOCK, NULL, gettext_noop("Disable the TFTP blocksize extension."), NULL },
+   { LOPT_TFTP_LC, OPT_TFTP_LC, NULL, gettext_noop("Convert TFTP filenames to lowercase"), NULL },
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0069-Whitespace-fixes.patch b/src/patches/dnsmasq/0069-Whitespace-fixes.patch
new file mode 100644 (file)
index 0000000..684ef64
--- /dev/null
+++ b/src/patches/dnsmasq/0069-Whitespace-fixes.patch
@@ -0,0 +1,85 @@
+From 7aa970e2c7043201663d86a4b5d8cd5c592cef39 Mon Sep 17 00:00:00 2001
+From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
+Date: Wed, 1 Apr 2015 17:55:07 +0100
+Subject: [PATCH 69/98] Whitespace fixes.
+
+---
+ src/dnsmasq.c | 14 +++++++-------
+ src/tftp.c    |  2 +-
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 0d4d4558a2e2..a7c5da8fbd01 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -345,7 +345,7 @@ int main (int argc, char **argv)
+ #else
+   die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
+ #endif
+-  
++
+   if (daemon->port != 0)
+     pre_allocate_sfds();
+ 
+@@ -657,7 +657,7 @@ int main (int argc, char **argv)
+           }
+         closedir(dir);
+       }
+-      
++
+       for (p = daemon->if_prefix; p; p = p->next)
+       {
+         p->missing = 0;
+@@ -669,12 +669,12 @@ int main (int argc, char **argv)
+                 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
+                 _exit(0);
+               }
+-          } 
++          }
+         closedir(dir);
+       }
+     }
+ #endif
+-  
++
+   if (daemon->port == 0)
+     my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
+   else if (daemon->cachesize != 0)
+@@ -784,7 +784,7 @@ int main (int argc, char **argv)
+ 
+ #ifdef HAVE_TFTP
+   if (option_bool(OPT_TFTP))
+-    { 
++    {
+       struct tftp_prefix *p;
+ #ifdef FD_SETSIZE
+       if (FD_SETSIZE < (unsigned)max_fd)
+@@ -795,10 +795,10 @@ int main (int argc, char **argv)
+               daemon->tftp_prefix ? _("root is ") : _("enabled"),
+               daemon->tftp_prefix ? daemon->tftp_prefix: "",
+               option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
+-       
++
+       if (tftp_prefix_missing)
+       my_syslog(MS_TFTP | LOG_WARNING, _("warning: %s inaccessible"), daemon->tftp_prefix);
+-      
++
+       for (p = daemon->if_prefix; p; p = p->next)
+       if (p->missing)
+          my_syslog(MS_TFTP | LOG_WARNING, _("warning: TFTP directory %s inaccessible"), p->prefix);
+diff --git a/src/tftp.c b/src/tftp.c
+index a57a31514f44..d3fb6d7492e4 100644
+--- a/src/tftp.c
++++ b/src/tftp.c
+@@ -236,7 +236,7 @@ void tftp_request(struct listener *listen, time_t now)
+       if (ioctl(listen->tftpfd, SIOCGIFMTU, &ifr) != -1)
+       mtu = ifr.ifr_mtu;      
+     }
+-  
++
+   if (name)
+     {
+       /* check for per-interface prefix */ 
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch b/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch
new file mode 100644 (file)
index 0000000..aa24c01
--- /dev/null
+++ b/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch
@@ -0,0 +1,254 @@
+From fe3992f9fa69fa975ea31919c53933b5f6a63527 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 3 Apr 2015 21:25:05 +0100
+Subject: [PATCH 70/98] Return INSECURE, rather than BOGUS when DS proved not
+ to exist.
+
+Return INSECURE when validating DNS replies which have RRSIGs, but
+when a needed DS record in the trust chain is proved not to exist.
+It's allowed for a zone to set up DNSKEY and RRSIG records first, then
+add a DS later, completing the chain of trust.
+
+Also, since we don't have the infrastructure to track that these
+non-validated replies have RRSIGS, don't cache them, so we don't
+provide answers with missing RRSIGS from the cache.
+---
+ src/dnsmasq.h |  1 +
+ src/dnssec.c  |  2 +-
+ src/forward.c | 87 +++++++++++++++++++++++++++++++++++++++++++++--------------
+ 3 files changed, 69 insertions(+), 21 deletions(-)
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 42952fc76c7a..6fe4a4189188 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -583,6 +583,7 @@ struct hostsfile {
+ #define STAT_NO_NS             10
+ #define STAT_NEED_DS_NEG       11
+ #define STAT_CHASE_CNAME       12
++#define STAT_INSECURE_DS       13
+ 
+ #define FREC_NOREBIND           1
+ #define FREC_CHECKING_DISABLED  2
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 14bae7e9bf75..05e0983cb251 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -981,7 +981,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+   
+   /* If we've cached that DS provably doesn't exist, result must be INSECURE */
+   if (crecp->flags & F_NEG)
+-    return STAT_INSECURE;
++    return STAT_INSECURE_DS;
+   
+   /* NOTE, we need to find ONE DNSKEY which matches the DS */
+   for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--) 
+diff --git a/src/forward.c b/src/forward.c
+index 985814c3aec5..e8cf615aa939 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -521,7 +521,8 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
+ }
+ 
+ static size_t process_reply(struct dns_header *header, time_t now, struct server *server, size_t n, int check_rebind, 
+-                          int no_cache, int cache_secure, int ad_reqd, int do_bit, int added_pheader, int check_subnet, union mysockaddr *query_source)
++                          int no_cache, int cache_secure, int bogusanswer, int ad_reqd, int do_bit, int added_pheader, 
++                          int check_subnet, union mysockaddr *query_source)
+ {
+   unsigned char *pheader, *sizep;
+   char **sets = 0;
+@@ -634,7 +635,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
+     }
+   
+ #ifdef HAVE_DNSSEC
+-  if (no_cache && !(header->hb4 & HB4_CD)) 
++  if (bogusanswer && !(header->hb4 & HB4_CD)) 
+     {
+       if (!option_bool(OPT_DNSSEC_DEBUG))
+       {
+@@ -786,7 +787,7 @@ void reply_query(int fd, int family, time_t now)
+      everything is broken */
+   if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != SERVFAIL)
+     {
+-      int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0;
++      int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
+ 
+       if (option_bool(OPT_NO_REBIND))
+       check_rebind = !(forward->flags & FREC_NOREBIND);
+@@ -819,7 +820,13 @@ void reply_query(int fd, int family, time_t now)
+         else if (forward->flags & FREC_DS_QUERY)
+           {
+             status = dnssec_validate_ds(now, header, n, daemon->namebuff, daemon->keyname, forward->class);
+-            if (status == STAT_NO_DS || status == STAT_NO_NS)
++            /* Provably no DS, everything below is insecure, even if signatures are offered */
++            if (status == STAT_NO_DS)
++              /* We only cache sigs when we've validated a reply.
++                 Avoid caching a reply with sigs if there's a vaildated break in the 
++                 DS chain, so we don't return replies from cache missing sigs. */
++              status = STAT_INSECURE_DS;
++            else if (status == STAT_NO_NS)
+               status = STAT_BOGUS;
+           }
+         else if (forward->flags & FREC_CHECK_NOSIGN)
+@@ -959,8 +966,14 @@ void reply_query(int fd, int family, time_t now)
+                 else if (forward->flags & FREC_DS_QUERY)
+                   {
+                     status = dnssec_validate_ds(now, header, n, daemon->namebuff, daemon->keyname, forward->class);
+-                    if (status == STAT_NO_DS || status == STAT_NO_NS)
+-                      status = STAT_BOGUS;
++                     /* Provably no DS, everything below is insecure, even if signatures are offered */
++                    if (status == STAT_NO_DS)
++                      /* We only cache sigs when we've validated a reply.
++                         Avoid caching a reply with sigs if there's a vaildated break in the 
++                         DS chain, so we don't return replies from cache missing sigs. */
++                      status = STAT_INSECURE_DS;
++                    else if (status == STAT_NO_NS)
++                      status = STAT_BOGUS; 
+                   }
+                 else if (forward->flags & FREC_CHECK_NOSIGN)
+                   {
+@@ -985,6 +998,17 @@ void reply_query(int fd, int family, time_t now)
+               }
+           }
+         
++        no_cache_dnssec = 0;
++
++        if (status == STAT_INSECURE_DS)
++          {
++            /* We only cache sigs when we've validated a reply.
++               Avoid caching a reply with sigs if there's a vaildated break in the 
++               DS chain, so we don't return replies from cache missing sigs. */
++            status = STAT_INSECURE;
++            no_cache_dnssec = 1;
++          }
++        
+         if (status == STAT_TRUNCATED)
+           header->hb3 |= HB3_TC;
+         else
+@@ -1002,12 +1026,13 @@ void reply_query(int fd, int family, time_t now)
+             log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
+           }
+         
+-        no_cache_dnssec = 0;
+-        
+         if (status == STAT_SECURE)
+           cache_secure = 1;
+         else if (status == STAT_BOGUS)
+-          no_cache_dnssec = 1;
++          {
++            no_cache_dnssec = 1;
++            bogusanswer = 1;
++          }
+       }
+ #endif     
+       
+@@ -1017,7 +1042,7 @@ void reply_query(int fd, int family, time_t now)
+       else
+       header->hb4 &= ~HB4_CD;
+       
+-      if ((nn = process_reply(header, now, server, (size_t)n, check_rebind, no_cache_dnssec, cache_secure,
++      if ((nn = process_reply(header, now, server, (size_t)n, check_rebind, no_cache_dnssec, cache_secure, bogusanswer, 
+                             forward->flags & FREC_AD_QUESTION, forward->flags & FREC_DO_QUESTION, 
+                             forward->flags & FREC_ADDED_PHEADER, forward->flags & FREC_HAS_SUBNET, &forward->source)))
+       {
+@@ -1420,7 +1445,7 @@ static int do_check_sign(struct frec *forward, int status, time_t now, char *nam
+     }
+ }
+ 
+-/* Move toward the root, until we find a signed non-existance of a DS, in which case
++/* Move down from the root, until we find a signed non-existance of a DS, in which case
+    an unsigned answer is OK, or we find a signed DS, in which case there should be 
+    a signature, and the answer is BOGUS */
+ static int  tcp_check_for_unsigned_zone(time_t now, struct dns_header *header, size_t plen, int class, char *name, 
+@@ -1570,8 +1595,13 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
+   else if (status == STAT_NEED_DS || status == STAT_NEED_DS_NEG)
+     {
+       new_status = dnssec_validate_ds(now, header, n, name, keyname, class);
+-      if (status == STAT_NEED_DS && (new_status == STAT_NO_DS || new_status == STAT_NO_NS))
+-      new_status = STAT_BOGUS;
++      if (status == STAT_NEED_DS)
++      {
++        if (new_status == STAT_NO_DS)
++          new_status = STAT_INSECURE_DS;
++        else if (new_status == STAT_NO_NS)
++          new_status = STAT_BOGUS;
++      }
+     }
+   else if (status == STAT_CHASE_CNAME)
+     new_status = dnssec_chase_cname(now, header, n, name, keyname);
+@@ -1630,8 +1660,13 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
+             else if (status == STAT_NEED_DS || status == STAT_NEED_DS_NEG)
+               {
+                 new_status = dnssec_validate_ds(now, header, n, name, keyname, class);
+-                if (status == STAT_NEED_DS  && (new_status == STAT_NO_DS || new_status == STAT_NO_NS))
+-                  new_status = STAT_BOGUS; /* Validated no DS */
++                if (status == STAT_NEED_DS)
++                  {
++                    if (new_status == STAT_NO_DS)
++                      new_status = STAT_INSECURE_DS;
++                    else if (new_status == STAT_NO_NS)
++                      new_status = STAT_BOGUS; /* Validated no DS */
++                  }
+               }
+             else if (status == STAT_CHASE_CNAME)
+               new_status = dnssec_chase_cname(now, header, n, name, keyname);
+@@ -1652,7 +1687,7 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
+               goto another_tcp_key;
+           }
+       }
+-
++      
+       free(packet);
+     }
+   return new_status;
+@@ -1673,7 +1708,7 @@ unsigned char *tcp_request(int confd, time_t now,
+   int local_auth = 0;
+ #endif
+   int checking_disabled, ad_question, do_bit, added_pheader = 0;
+-  int check_subnet, no_cache_dnssec = 0, cache_secure = 0;
++  int check_subnet, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
+   size_t m;
+   unsigned short qtype;
+   unsigned int gotname;
+@@ -1941,6 +1976,15 @@ unsigned char *tcp_request(int confd, time_t now,
+                         int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount);
+                         char *result;
+ 
++                        if (status == STAT_INSECURE_DS)
++                          {
++                            /* We only cache sigs when we've validated a reply.
++                               Avoid caching a reply with sigs if there's a vaildated break in the 
++                               DS chain, so we don't return replies from cache missing sigs. */
++                            status = STAT_INSECURE;
++                            no_cache_dnssec = 1;
++                          }
++                        
+                         if (keycount == 0)
+                           {
+                             result = "ABANDONED";
+@@ -1952,8 +1996,11 @@ unsigned char *tcp_request(int confd, time_t now,
+                         log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
+                         
+                         if (status == STAT_BOGUS)
+-                          no_cache_dnssec = 1;
+-                        
++                          {
++                            no_cache_dnssec = 1;
++                            bogusanswer = 1;
++                          }
++
+                         if (status == STAT_SECURE)
+                           cache_secure = 1;
+                       }
+@@ -1987,7 +2034,7 @@ unsigned char *tcp_request(int confd, time_t now,
+ #endif
+ 
+                     m = process_reply(header, now, last_server, (unsigned int)m, 
+-                                      option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec,
++                                      option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, bogusanswer,
+                                       cache_secure, ad_question, do_bit, added_pheader, check_subnet, &peer_addr); 
+                     
+                     break;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch b/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch
new file mode 100644 (file)
index 0000000..ac57b8b
--- /dev/null
+++ b/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch
@@ -0,0 +1,26 @@
+From 982faf402487e265ed11ac03524531d42b03c966 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 3 Apr 2015 21:42:30 +0100
+Subject: [PATCH 71/98] Fix compiler warning when not including DNSSEC.
+
+---
+ src/forward.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index e8cf615aa939..3f6b9a23b6ab 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -530,7 +530,8 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
+   size_t plen; 
+ 
+   (void)ad_reqd;
+-  (void) do_bit;
++  (void)do_bit;
++  (void)bogusanswer;
+ 
+ #ifdef HAVE_IPSET
+   if (daemon->ipsets && extract_request(header, n, daemon->namebuff, NULL))
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch b/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch
new file mode 100644 (file)
index 0000000..2303ec3
--- /dev/null
+++ b/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch
@@ -0,0 +1,54 @@
+From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 6 Apr 2015 17:19:13 +0100
+Subject: [PATCH 72/98] Fix crash caused by looking up servers.bind when many
+ servers defined.
+
+---
+ CHANGELOG   | 7 ++++++-
+ src/cache.c | 4 ++--
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 34432ae4807f..6aa3d851a297 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -75,7 +75,12 @@ version 2.73
+ 
+           Add --tftp-no-fail option. Thanks to Stefan Tomanek for
+           the patch.
+-      
++
++          Fix crash caused by looking up servers.bind, CHAOS text record,
++          when more than about five --servers= lines are in the dnsmasq
++          config. This causes memory corruption which causes a crash later.
++          Thanks to Matt Coddington for sterling work chasing this down.
++
+       
+ version 2.72
+             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/src/cache.c b/src/cache.c
+index d7bea574c0d8..178d654ca92e 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1367,7 +1367,7 @@ int cache_make_stat(struct txt_record *t)
+               }
+           port = prettyprint_addr(&serv->addr, daemon->addrbuff);
+           lenp = p++; /* length */
+-          bytes_avail = (p - buff) + bufflen;
++          bytes_avail = bufflen - (p - buff );
+           bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
+           if (bytes_needed >= bytes_avail)
+             {
+@@ -1381,7 +1381,7 @@ int cache_make_stat(struct txt_record *t)
+               lenp = p - 1;
+               buff = new;
+               bufflen = newlen;
+-              bytes_avail = (p - buff) + bufflen;
++              bytes_avail =  bufflen - (p - buff );
+               bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
+             }
+           *lenp = bytes_needed;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch b/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch
new file mode 100644 (file)
index 0000000..82471ae
--- /dev/null
+++ b/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch
@@ -0,0 +1,61 @@
+From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 9 Apr 2015 21:48:00 +0100
+Subject: [PATCH 73/98] Fix crash on receipt of certain malformed DNS requests.
+
+---
+ CHANGELOG     | 3 +++
+ src/rfc1035.c | 9 ++++++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 6aa3d851a297..9af617056f1f 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -125,6 +125,9 @@ version 2.72
+             Fix problem with --local-service option on big-endian platforms
+           Thanks to Richard Genoud for the patch.
+ 
++          Fix crash on receipt of certain malformed DNS requests. Thanks
++          to Nick Sampanis for spotting the problem.
++      
+ 
+ version 2.71
+             Subtle change to error handling to help DNSSEC validation 
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 7a07b0cee906..a995ab50d74a 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
+ size_t setup_reply(struct dns_header *header, size_t qlen,
+               struct all_addr *addrp, unsigned int flags, unsigned long ttl)
+ {
+-  unsigned char *p = skip_questions(header, qlen);
++  unsigned char *p;
++
++  if (!(p = skip_questions(header, qlen)))
++    return 0;
+   
+   /* clear authoritative and truncated flags, set QR flag */
+   header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
+@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+     SET_RCODE(header, NOERROR); /* empty domain */
+   else if (flags == F_NXDOMAIN)
+     SET_RCODE(header, NXDOMAIN);
+-  else if (p && flags == F_IPV4)
++  else if (flags == F_IPV4)
+     { /* we know the address */
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);
+@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+       add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
+     }
+ #ifdef HAVE_IPV6
+-  else if (p && flags == F_IPV6)
++  else if (flags == F_IPV6)
+     {
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch b/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch
new file mode 100644 (file)
index 0000000..6a7d798
--- /dev/null
+++ b/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch
@@ -0,0 +1,113 @@
+From 38440b204db65f9be16c4c3daa7e991e4356f6ed Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 12 Apr 2015 21:52:47 +0100
+Subject: [PATCH 74/98] Fix crash in auth code with odd configuration.
+
+---
+ CHANGELOG  | 32 +++++++++++++++++++++-----------
+ src/auth.c | 13 ++++++++-----
+ 2 files changed, 29 insertions(+), 16 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 9af617056f1f..f2142c71cbdc 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -68,18 +68,31 @@ version 2.73
+           Fix broken DNSSEC validation of ECDSA signatures.
+ 
+           Add --dnssec-timestamp option, which provides an automatic
+-          way to detect when the system time becomes valid after boot
+-          on systems without an RTC, whilst allowing DNS queries before the
+-          clock is valid so that NTP can run. Thanks to
+-          Kevin Darbyshire-Bryant for developing this idea.
++          way to detect when the system time becomes valid after 
++          boot on systems without an RTC, whilst allowing DNS 
++          queries before the clock is valid so that NTP can run. 
++          Thanks to Kevin Darbyshire-Bryant for developing this idea.
+ 
+           Add --tftp-no-fail option. Thanks to Stefan Tomanek for
+           the patch.
+ 
+-          Fix crash caused by looking up servers.bind, CHAOS text record,
+-          when more than about five --servers= lines are in the dnsmasq
+-          config. This causes memory corruption which causes a crash later.
+-          Thanks to Matt Coddington for sterling work chasing this down.
++          Fix crash caused by looking up servers.bind, CHAOS text 
++          record, when more than about five --servers= lines are 
++          in the dnsmasq config. This causes memory corruption 
++          which causes a crash later. Thanks to Matt Coddington for 
++          sterling work chasing this down.
++
++          Fix crash on receipt of certain malformed DNS requests.
++          Thanks to Nick Sampanis for spotting the problem.
++
++            Fix crash in authoritative DNS code, if a .arpa zone 
++          is declared as authoritative, and then a PTR query which
++          is not to be treated as authoritative arrived. Normally, 
++          directly declaring .arpa zone as authoritative is not 
++          done, so this crash wouldn't be seen. Instead the 
++          relevant .arpa zone should be specified as a subnet
++          in the auth-zone declaration. Thanks to Johnny S. Lee
++          for the bugreport and initial patch.
+ 
+       
+ version 2.72
+@@ -125,10 +138,7 @@ version 2.72
+             Fix problem with --local-service option on big-endian platforms
+           Thanks to Richard Genoud for the patch.
+ 
+-          Fix crash on receipt of certain malformed DNS requests. Thanks
+-          to Nick Sampanis for spotting the problem.
+       
+-
+ version 2.71
+             Subtle change to error handling to help DNSSEC validation 
+           when servers fail to provide NODATA answers for 
+diff --git a/src/auth.c b/src/auth.c
+index 15721e52793f..4a5c39fc5c07 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -141,7 +141,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+             for (zone = daemon->auth_zones; zone; zone = zone->next)
+               if ((subnet = find_subnet(zone, flag, &addr)))
+                 break;
+-            
++                      
+             if (!zone)
+               {
+                 auth = 0;
+@@ -186,7 +186,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+         
+         if (intr)
+           {
+-            if (in_zone(zone, intr->name, NULL))
++            if (local_query || in_zone(zone, intr->name, NULL))
+               {       
+                 found = 1;
+                 log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
+@@ -208,8 +208,11 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+                   *p = 0; /* must be bare name */
+                 
+                 /* add  external domain */
+-                strcat(name, ".");
+-                strcat(name, zone->domain);
++                if (zone)
++                  {
++                    strcat(name, ".");
++                    strcat(name, zone->domain);
++                  }
+                 log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid));
+                 found = 1;
+                 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
+@@ -217,7 +220,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+                                         T_PTR, C_IN, "d", name))
+                   anscount++;
+               }
+-            else if (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL))
++            else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query || in_zone(zone, name, NULL)))
+               {
+                 log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));
+                 found = 1;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch
new file mode 100644 (file)
index 0000000..76f3143
--- /dev/null
+++ b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch
@@ -0,0 +1,106 @@
+From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 16 Apr 2015 15:05:30 +0100
+Subject: [PATCH 75/98] Auth: correct replies to NS and SOA in .arpa zones.
+
+---
+ CHANGELOG  |  8 ++++++++
+ src/auth.c | 51 ++++++++++++++++++++++++++++++---------------------
+ 2 files changed, 38 insertions(+), 21 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index f2142c71cbdc..0619788e9cef 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -94,6 +94,14 @@ version 2.73
+           in the auth-zone declaration. Thanks to Johnny S. Lee
+           for the bugreport and initial patch.
+ 
++          Fix authoritative DNS code to correctly reply to NS 
++          and SOA queries for .arpa zones for which we are 
++          declared authoritative by means of a subnet in auth-zone.
++          Previously we provided correct answers to PTR queries
++          in such zones (including NS and SOA) but not direct
++          NS and SOA queries. Thanks to Johnny S. Lee for 
++          pointing out the problem.
++
+       
+ version 2.72
+             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/src/auth.c b/src/auth.c
+index 4a5c39fc5c07..2b0b7d6b052d 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -131,24 +131,27 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+         continue;
+       }
+ 
+-      if (qtype == T_PTR)
++      if ((qtype == T_PTR || qtype == T_SOA || qtype == T_NS) &&
++        (flag = in_arpa_name_2_addr(name, &addr)) &&
++        !local_query)
+       {
+-        if (!(flag = in_arpa_name_2_addr(name, &addr)))
+-          continue;
+-
+-        if (!local_query)
++        for (zone = daemon->auth_zones; zone; zone = zone->next)
++          if ((subnet = find_subnet(zone, flag, &addr)))
++            break;
++        
++        if (!zone)
+           {
+-            for (zone = daemon->auth_zones; zone; zone = zone->next)
+-              if ((subnet = find_subnet(zone, flag, &addr)))
+-                break;
+-                      
+-            if (!zone)
+-              {
+-                auth = 0;
+-                continue;
+-              }
++            auth = 0;
++            continue;
+           }
++        else if (qtype == T_SOA)
++          soa = 1, found = 1;
++        else if (qtype == T_NS)
++          ns = 1, found = 1;
++      }
+ 
++      if (qtype == T_PTR && flag)
++      {
+         intr = NULL;
+ 
+         if (flag == F_IPV4)
+@@ -243,14 +246,20 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+       }
+       
+     cname_restart:
+-      for (zone = daemon->auth_zones; zone; zone = zone->next)
+-      if (in_zone(zone, name, &cut))
+-        break;
+-      
+-      if (!zone)
++      if (found)
++      /* NS and SOA .arpa requests have set found above. */
++      cut = NULL;
++      else
+       {
+-        auth = 0;
+-        continue;
++        for (zone = daemon->auth_zones; zone; zone = zone->next)
++          if (in_zone(zone, name, &cut))
++            break;
++        
++        if (!zone)
++          {
++            auth = 0;
++            continue;
++          }
+       }
+ 
+       for (rec = daemon->mxnames; rec; rec = rec->next)
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch b/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch
new file mode 100644 (file)
index 0000000..9401cb9
--- /dev/null
+++ b/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch
@@ -0,0 +1,36 @@
+From b4c0f092d8ce63ea4763c0ac17aa8d24318ad301 Mon Sep 17 00:00:00 2001
+From: Stefan Tomanek <stefan.tomanek+dnsmasq@wertarbyte.de>
+Date: Thu, 16 Apr 2015 15:20:59 +0100
+Subject: [PATCH 76/98] Fix (srk induced) crash in new tftp_no_fail code.
+
+---
+ src/dnsmasq.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index a7c5da8fbd01..20b15c05103a 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -655,7 +655,8 @@ int main (int argc, char **argv)
+                 _exit(0);
+               }
+           }
+-        closedir(dir);
++        else
++          closedir(dir);
+       }
+ 
+       for (p = daemon->if_prefix; p; p = p->next)
+@@ -670,7 +671,8 @@ int main (int argc, char **argv)
+                 _exit(0);
+               }
+           }
+-        closedir(dir);
++        else
++          closedir(dir);
+       }
+     }
+ #endif
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch b/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch
new file mode 100644 (file)
index 0000000..a14b1a8
--- /dev/null
+++ b/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch
@@ -0,0 +1,26 @@
+From 0df29f5e23fd2f16181847db1fcf3a8b392d869a Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 16 Apr 2015 15:24:52 +0100
+Subject: [PATCH 77/98] Note CVE-2015-3294
+
+---
+ CHANGELOG | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 0619788e9cef..7f2b1e002e9e 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -84,6 +84,9 @@ version 2.73
+ 
+           Fix crash on receipt of certain malformed DNS requests.
+           Thanks to Nick Sampanis for spotting the problem.
++          Note that this is could allow the dnsmasq process's
++          memory to be read by an attacker under certain
++          circumstances, so it has a CVE, CVE-2015-3294 
+ 
+             Fix crash in authoritative DNS code, if a .arpa zone 
+           is declared as authoritative, and then a PTR query which
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch b/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch
new file mode 100644 (file)
index 0000000..2204d24
--- /dev/null
+++ b/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch
@@ -0,0 +1,59 @@
+From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 17 Apr 2015 22:50:20 +0100
+Subject: [PATCH 78/98] Log domain when reporting DNSSEC validation failure.
+
+---
+ src/forward.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index 3f6b9a23b6ab..1c7da3f5655c 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -1014,7 +1014,7 @@ void reply_query(int fd, int family, time_t now)
+           header->hb3 |= HB3_TC;
+         else
+           {
+-            char *result;
++            char *result, *domain = "result";
+             
+             if (forward->work_counter == 0)
+               {
+@@ -1024,7 +1024,10 @@ void reply_query(int fd, int family, time_t now)
+             else
+               result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
+             
+-            log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
++            if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL))
++              domain = daemon->namebuff;
++
++            log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
+           }
+         
+         if (status == STAT_SECURE)
+@@ -1975,7 +1978,7 @@ unsigned char *tcp_request(int confd, time_t now,
+                       {
+                         int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */
+                         int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount);
+-                        char *result;
++                        char *result, *domain = "result";
+ 
+                         if (status == STAT_INSECURE_DS)
+                           {
+@@ -1993,8 +1996,10 @@ unsigned char *tcp_request(int confd, time_t now,
+                           }
+                         else
+                           result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
+-                        
+-                        log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
++                         if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
++                           domain = daemon->namebuff;
++
++                        log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
+                         
+                         if (status == STAT_BOGUS)
+                           {
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch b/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch
new file mode 100644 (file)
index 0000000..6db33bb
--- /dev/null
+++ b/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch
@@ -0,0 +1,28 @@
+From a006eb7e1486023480ea40244720ef7aab51de71 Mon Sep 17 00:00:00 2001
+From: Moshe Levi <moshele@mellanox.com>
+Date: Sun, 19 Apr 2015 22:10:40 +0100
+Subject: [PATCH 79/98] Check IP address command line arg in dhcp_release.c
+
+---
+ contrib/wrt/dhcp_release.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/contrib/wrt/dhcp_release.c b/contrib/wrt/dhcp_release.c
+index 53f47dda3aec..a51f04b30cab 100644
+--- a/contrib/wrt/dhcp_release.c
++++ b/contrib/wrt/dhcp_release.c
+@@ -277,6 +277,11 @@ int main(int argc, char **argv)
+       exit(1);
+     }
+   
++  if (inet_addr(argv[2]) == INADDR_NONE)
++    {
++      perror("invalid ip address");
++      exit(1);
++    }
+   
+   lease.s_addr = inet_addr(argv[2]);
+   server = find_interface(lease, nl, if_nametoindex(argv[1]));
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch b/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch
new file mode 100644 (file)
index 0000000..4fe26ac
--- /dev/null
+++ b/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch
@@ -0,0 +1,53 @@
+From 338b340be9e7198f5c0f68133d070d6598a0814c Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 20 Apr 2015 21:34:05 +0100
+Subject: [PATCH 80/98] Revert 61b838dd574c51d96fef100285a0d225824534f9 and
+ just quieten log instead.
+
+---
+ src/rfc3315.c | 24 ++++++++++--------------
+ 1 file changed, 10 insertions(+), 14 deletions(-)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index c1ddc805988d..c45116a40a09 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -824,25 +824,21 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+         }
+       else
+         { 
+-          /* Windows 8 always requests an address even if the Managed bit
+-             in RA is 0 and it keeps retrying if it receives a reply
+-             stating that no addresses are available. We solve this 
+-             by not replying at all if we're not configured to give any 
+-             addresses by DHCPv6. RFC 3315 17.2.1. appears to allow this. */
+-          
+-          for (c = state->context; c; c = c->current)
+-            if (!(c->flags & CONTEXT_RA_STATELESS))
+-              break;
+-          
+-          if (!c)
+-            return 0;
+-          
+           /* no address, return error */
+           o1 = new_opt6(OPTION6_STATUS_CODE);
+           put_opt6_short(DHCP6NOADDRS);
+           put_opt6_string(_("no addresses available"));
+           end_opt6(o1);
+-          log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, _("no addresses available"));
++
++          /* Some clients will ask repeatedly when we're not giving
++             out addresses because we're in stateless mode. Avoid spamming
++             the log in that case. */
++          for (c = state->context; c; c = c->current)
++            if (!(c->flags & CONTEXT_RA_STATELESS))
++              {
++                log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, _("no addresses available"));
++                break;
++              }
+         }
+ 
+       break;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch b/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch
new file mode 100644 (file)
index 0000000..13ff059
--- /dev/null
+++ b/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch
@@ -0,0 +1,215 @@
+From cbe379ad6b52a538a4416a7cd992817e5637ccf9 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 21 Apr 2015 22:57:06 +0100
+Subject: [PATCH 81/98] Handle domain names with '.' or /000 within labels.
+
+Only in DNSSEC mode, where we might need to validate or store
+such names. In none-DNSSEC mode, simply don't cache these, as before.
+---
+ src/dns-protocol.h |  4 ++++
+ src/dnsmasq.c      | 15 +++++++++++++--
+ src/dnssec.c       | 40 +++++++++++++++++++++++++++++++---------
+ src/rfc1035.c      | 16 +++++++++++++++-
+ src/util.c         |  9 ++++++++-
+ 5 files changed, 71 insertions(+), 13 deletions(-)
+
+diff --git a/src/dns-protocol.h b/src/dns-protocol.h
+index 16fade33d98c..7f5d686bb150 100644
+--- a/src/dns-protocol.h
++++ b/src/dns-protocol.h
+@@ -142,3 +142,7 @@ struct dns_header {
+ 
+ #define ADD_RDLEN(header, pp, plen, len) \
+   (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1))
++
++/* Escape character in our presentation format for names.
++   Cannot be '.' or /000 and must be !isprint() */
++#define NAME_ESCAPE 1
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 20b15c05103a..19a6428b09e8 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -102,8 +102,19 @@ int main (int argc, char **argv)
+ #ifdef HAVE_DNSSEC
+   if (option_bool(OPT_DNSSEC_VALID))
+     {
+-      daemon->keyname = safe_malloc(MAXDNAME);
+-      daemon->workspacename = safe_malloc(MAXDNAME);
++      /* Note that both /000 and '.' are allowed within labels. These get
++       represented in presentation format using NAME_ESCAPE as an escape
++       character when in DNSSEC mode. 
++       In theory, if all the characters in a name were /000 or
++       '.' or NAME_ESCAPE then all would have to be escaped, so the 
++       presentation format would be twice as long as the spec.
++
++       daemon->namebuff was previously allocated by the option-reading
++       code before we knew if we're in DNSSEC mode, so reallocate here. */
++      free(daemon->namebuff);
++      daemon->namebuff = safe_malloc(MAXDNAME * 2);
++      daemon->keyname = safe_malloc(MAXDNAME * 2);
++      daemon->workspacename = safe_malloc(MAXDNAME * 2);
+     }
+ #endif
+ 
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 05e0983cb251..c116a7b5f6f4 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -321,10 +321,18 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
+    thus generating names in canonical form.
+    Calling to_wire followed by from_wire is almost an identity,
+    except that the UC remains mapped to LC. 
++
++   Note that both /000 and '.' are allowed within labels. These get
++   represented in presentation format using NAME_ESCAPE as an escape
++   character. In theory, if all the characters in a name were /000 or
++   '.' or NAME_ESCAPE then all would have to be escaped, so the 
++   presentation format would be twice as long as the spec (1024). 
++   The buffers are all delcared as 2049 (allowing for the trailing zero) 
++   for this reason.
+ */
+ static int to_wire(char *name)
+ {
+-  unsigned char *l, *p, term;
++  unsigned char *l, *p, *q, term;
+   int len;
+ 
+   for (l = (unsigned char*)name; *l != 0; l = p)
+@@ -332,7 +340,10 @@ static int to_wire(char *name)
+       for (p = l; *p != '.' && *p != 0; p++)
+       if (*p >= 'A' && *p <= 'Z')
+         *p = *p - 'A' + 'a';
+-      
++      else if (*p == NAME_ESCAPE)
++        for (q = p; *q; q++)
++            *q = *(q+1);
++             
+       term = *p;
+       
+       if ((len = p - l) != 0)
+@@ -351,13 +362,23 @@ static int to_wire(char *name)
+ /* Note: no compression  allowed in input. */
+ static void from_wire(char *name)
+ {
+-  unsigned char *l;
++  unsigned char *l, *p, *last;
+   int len;
+-
++  
++  for (last = (unsigned char *)name; *last != 0; last += *last+1);
++  
+   for (l = (unsigned char *)name; *l != 0; l += len+1)
+     {
+       len = *l;
+       memmove(l, l+1, len);
++      for (p = l; p < l + len; p++)
++      if (*p == '.' || *p == 0 || *p == NAME_ESCAPE)
++        {
++          memmove(p+1, p, 1 + last - p);
++          len++;
++          *p++ = NAME_ESCAPE;
++        }
++      
+       l[len] = '.';
+     }
+ 
+@@ -645,7 +666,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int
+             if (left1 != 0)
+               memmove(buff1, buff1 + len1 - left1, left1);
+             
+-            if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0)
++            if ((len1 = get_rdata(header, plen, end1, buff1 + left1, (MAXDNAME * 2) - left1, &p1, &dp1)) == 0)
+               {
+                 quit = 1;
+                 len1 = end1 - p1;
+@@ -656,7 +677,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int
+             if (left2 != 0)
+               memmove(buff2, buff2 + len2 - left2, left2);
+             
+-            if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0)
++            if ((len2 = get_rdata(header, plen, end2, buff2 + left2, (MAXDNAME *2) - left2, &p2, &dp2)) == 0)
+               {
+                 quit = 1;
+                 len2 = end2 - p2;
+@@ -902,10 +923,11 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+         
+         end = p + rdlen;
+         
+-        /* canonicalise rdata and calculate length of same, use name buffer as workspace */
++        /* canonicalise rdata and calculate length of same, use name buffer as workspace.
++           Note that name buffer is twice MAXDNAME long in DNSSEC mode. */
+         cp = p;
+         dp = rr_desc;
+-        for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg);
++        for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)) != 0; len += seg);
+         len += end - cp;
+         len = htons(len);
+         hash->update(ctx, 2, (unsigned char *)&len); 
+@@ -913,7 +935,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+         /* Now canonicalise again and digest. */
+         cp = p;
+         dp = rr_desc;
+-        while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)))
++        while ((seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)))
+           hash->update(ctx, seg, (unsigned char *)name);
+         if (cp != end)
+           hash->update(ctx, end - cp, cp);
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index a995ab50d74a..19fecc818c06 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -128,6 +128,15 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+           if (isExtract)
+             {
+               unsigned char c = *p;
++#ifdef HAVE_DNSSEC
++              if (option_bool(OPT_DNSSEC_VALID))
++                {
++                  if (c == 0 || c == '.' || c == NAME_ESCAPE)
++                    *cp++ = NAME_ESCAPE;
++                  *cp++ = c;
++                }
++              else
++#endif
+               if (c != 0 && c != '.')
+                 *cp++ = c;
+               else
+@@ -144,9 +153,14 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+                   cp++;
+                   if (c1 >= 'A' && c1 <= 'Z')
+                     c1 += 'a' - 'A';
++#ifdef HAVE_DNSSEC
++                  if (option_bool(OPT_DNSSEC_VALID) && c1 == NAME_ESCAPE)
++                    c1 = *cp++;
++#endif
++                  
+                   if (c2 >= 'A' && c2 <= 'Z')
+                     c2 += 'a' - 'A';
+-                  
++                   
+                   if (c1 != c2)
+                     retvalue =  2;
+                 }
+diff --git a/src/util.c b/src/util.c
+index 648bc4d4b428..0c1a48b4700a 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -226,7 +226,14 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval)
+     {
+       unsigned char *cp = p++;
+       for (j = 0; *sval && (*sval != '.'); sval++, j++)
+-      *p++ = *sval;
++      {
++#ifdef HAVE_DNSSEC
++        if (option_bool(OPT_DNSSEC_VALID) && *sval == NAME_ESCAPE)
++          *p++ = *(++sval);
++        else
++#endif                
++          *p++ = *sval;
++      }
+       *cp  = j;
+       if (*sval)
+       sval++;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch b/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch
new file mode 100644 (file)
index 0000000..2429e99
--- /dev/null
+++ b/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch
@@ -0,0 +1,136 @@
+From b8f16556d36924cd8dc7663cb4129d7b1f3fc2be Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 22 Apr 2015 21:14:31 +0100
+Subject: [PATCH 82/98] Tweaks to previous, DNS label charset commit.
+
+---
+ src/dns-protocol.h |  6 +++++-
+ src/dnssec.c       |  9 ++++++---
+ src/rfc1035.c      | 25 ++++++++++++++++++-------
+ src/util.c         |  2 +-
+ 4 files changed, 30 insertions(+), 12 deletions(-)
+
+diff --git a/src/dns-protocol.h b/src/dns-protocol.h
+index 7f5d686bb150..4b71746f8d26 100644
+--- a/src/dns-protocol.h
++++ b/src/dns-protocol.h
+@@ -144,5 +144,9 @@ struct dns_header {
+   (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1))
+ 
+ /* Escape character in our presentation format for names.
+-   Cannot be '.' or /000 and must be !isprint() */
++   Cannot be '.' or /000 and must be !isprint().
++   Note that escaped chars are stored as
++   <NAME_ESCAPE> <orig-char+1>
++   to ensure that the escaped form of /000 doesn't include /000
++*/
+ #define NAME_ESCAPE 1
+diff --git a/src/dnssec.c b/src/dnssec.c
+index c116a7b5f6f4..a9e12153ccf2 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -341,9 +341,11 @@ static int to_wire(char *name)
+       if (*p >= 'A' && *p <= 'Z')
+         *p = *p - 'A' + 'a';
+       else if (*p == NAME_ESCAPE)
+-        for (q = p; *q; q++)
++        {
++          for (q = p; *q; q++)
+             *q = *(q+1);
+-             
++          (*p)--;
++        }
+       term = *p;
+       
+       if ((len = p - l) != 0)
+@@ -376,7 +378,8 @@ static void from_wire(char *name)
+         {
+           memmove(p+1, p, 1 + last - p);
+           len++;
+-          *p++ = NAME_ESCAPE;
++          *p++ = NAME_ESCAPE; 
++          (*p)++;
+         }
+       
+       l[len] = '.';
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 19fecc818c06..32df31ad603c 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -20,7 +20,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+                char *name, int isExtract, int extrabytes)
+ {
+   unsigned char *cp = (unsigned char *)name, *p = *pp, *p1 = NULL;
+-  unsigned int j, l, hops = 0;
++  unsigned int j, l, namelen = 0, hops = 0;
+   int retvalue = 1;
+   
+   if (isExtract)
+@@ -94,9 +94,15 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+           count = 256;
+         digs = ((count-1)>>2)+1;
+         
+-        /* output is \[x<hex>/siz]. which is digs+9 chars */
+-        if (cp - (unsigned char *)name + digs + 9 >= MAXDNAME)
++        /* output is \[x<hex>/siz]. which is digs+6/7/8 chars */
++        namelen += digs+6;
++        if (count > 9)
++          namelen++;
++        if (count > 99)
++          namelen++;
++        if (namelen+1 >= MAXDNAME)
+           return 0;
++
+         if (!CHECK_LEN(header, p, plen, (count-1)>>3))
+           return 0;
+ 
+@@ -119,7 +125,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+       }
+       else 
+       { /* label_type = 0 -> label. */
+-        if (cp - (unsigned char *)name + l + 1 >= MAXDNAME)
++        namelen += l;
++        if (namelen+1 >= MAXDNAME)
+           return 0;
+         if (!CHECK_LEN(header, p, plen, l))
+           return 0;
+@@ -132,8 +139,12 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+               if (option_bool(OPT_DNSSEC_VALID))
+                 {
+                   if (c == 0 || c == '.' || c == NAME_ESCAPE)
+-                    *cp++ = NAME_ESCAPE;
+-                  *cp++ = c;
++                    {
++                      *cp++ = NAME_ESCAPE;
++                      *cp++ = c+1;
++                    }
++                  else
++                    *cp++ = c; 
+                 }
+               else
+ #endif
+@@ -155,7 +166,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+                     c1 += 'a' - 'A';
+ #ifdef HAVE_DNSSEC
+                   if (option_bool(OPT_DNSSEC_VALID) && c1 == NAME_ESCAPE)
+-                    c1 = *cp++;
++                    c1 = (*cp++)-1;
+ #endif
+                   
+                   if (c2 >= 'A' && c2 <= 'Z')
+diff --git a/src/util.c b/src/util.c
+index 0c1a48b4700a..9299703c6d30 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -229,7 +229,7 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval)
+       {
+ #ifdef HAVE_DNSSEC
+         if (option_bool(OPT_DNSSEC_VALID) && *sval == NAME_ESCAPE)
+-          *p++ = *(++sval);
++          *p++ = (*(++sval))-1;
+         else
+ #endif                
+           *p++ = *sval;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch b/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch
new file mode 100644 (file)
index 0000000..423b40e
--- /dev/null
+++ b/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch
@@ -0,0 +1,46 @@
+From a5ae1f85873829efe473075ad77806cc02792622 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 25 Apr 2015 21:46:10 +0100
+Subject: [PATCH 83/98] Logs in DHCPv6 not suppressed by dhcp6-quiet.
+
+---
+ CHANGELOG     | 6 +++++-
+ src/rfc3315.c | 4 ++--
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 7f2b1e002e9e..af2b22cf8f73 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -103,7 +103,11 @@ version 2.73
+           Previously we provided correct answers to PTR queries
+           in such zones (including NS and SOA) but not direct
+           NS and SOA queries. Thanks to Johnny S. Lee for 
+-          pointing out the problem.
++          pointing out the problem.
++
++          Fix logging of DHCPREPLY which should be suppressed 
++          by quiet-dhcp6. Thanks to J. Pablo Abonia for 
++          spotting the problem.
+ 
+       
+ version 2.72
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index c45116a40a09..b4f5dd2db61f 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -1047,9 +1047,9 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+                 {
+                   preferred_time = valid_time = 0;
+                   message = _("address invalid");
+-                }
++                } 
+ 
+-              if (message)
++              if (message && (message != state->hostname))
+                 log6_packet(state, "DHCPREPLY", req_addr, message);   
+               else
+                 log6_quiet(state, "DHCPREPLY", req_addr, message);
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch b/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch
new file mode 100644 (file)
index 0000000..555bd6c
--- /dev/null
+++ b/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch
@@ -0,0 +1,28 @@
+From 8efd731cc4ed2baa42aa69d0a9d336392e9987cb Mon Sep 17 00:00:00 2001
+From: "Johnny S. Lee" <_@jsl.io>
+Date: Sun, 26 Apr 2015 22:23:57 +0100
+Subject: [PATCH 84/98] Make get-version work when repo is a git submodule.
+
+---
+ bld/get-version | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/bld/get-version b/bld/get-version
+index 7ab75db729ac..5372869c0852 100755
+--- a/bld/get-version
++++ b/bld/get-version
+@@ -11,8 +11,9 @@
+ # If there is more than one v[0-9].* tag, sort them and use the
+ # first. This favours, eg v2.63 over 2.63rc6.
+ 
+-if which git >/dev/null 2>&1 && [ -d $1/.git ]; then
+-     cd $1; git describe | sed 's/^v//'
++if which git >/dev/null 2>&1 && \
++    ([ -d $1/.git ] || grep '^gitdir:' $1/.git >/dev/null 2>&1); then 
++    cd $1; git describe | sed 's/^v//'
+ elif grep '\$Format:%d\$' $1/VERSION >/dev/null 2>&1; then
+ # unsubstituted VERSION, but no git available.
+     echo UNKNOWN
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch b/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch
new file mode 100644 (file)
index 0000000..828c21f
--- /dev/null
+++ b/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch
@@ -0,0 +1,40 @@
+From e66b4dff3c562c7836d5be4c26972d665ad783f1 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 28 Apr 2015 20:45:57 +0100
+Subject: [PATCH 85/98] Fix argument-order botch which broke DNSSEC for TCP
+ queries.
+
+---
+ src/forward.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index 1c7da3f5655c..a8e403c4b25e 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -1996,8 +1996,9 @@ unsigned char *tcp_request(int confd, time_t now,
+                           }
+                         else
+                           result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
+-                         if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
+-                           domain = daemon->namebuff;
++                        
++                        if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
++                          domain = daemon->namebuff;
+ 
+                         log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
+                         
+@@ -2040,8 +2041,8 @@ unsigned char *tcp_request(int confd, time_t now,
+ #endif
+ 
+                     m = process_reply(header, now, last_server, (unsigned int)m, 
+-                                      option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, bogusanswer,
+-                                      cache_secure, ad_question, do_bit, added_pheader, check_subnet, &peer_addr); 
++                                      option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer,
++                                      ad_question, do_bit, added_pheader, check_subnet, &peer_addr); 
+                     
+                     break;
+                   }
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch b/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch
new file mode 100644 (file)
index 0000000..9d3aadc
--- /dev/null
+++ b/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch
@@ -0,0 +1,29 @@
+From 2ed162ac204f3609fe4d9f9a0430baeaa352d88f Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 28 Apr 2015 21:26:35 +0100
+Subject: [PATCH 86/98] Don't remove RRSIG RR from answers to ANY queries when
+ the do bit is not set.
+
+---
+ src/rfc1035.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 32df31ad603c..5828055caa5d 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1608,6 +1608,11 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+       GETSHORT(qtype, p); 
+       GETSHORT(qclass, p);
+ 
++      /* Don't filter RRSIGS from answers to ANY queries, even if do-bit
++       not set. */
++      if (qtype == T_ANY)
++      *do_bit = 1;
++
+       ans = 0; /* have we answered this question */
+       
+       if (qtype == T_TXT || qtype == T_ANY)
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch b/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch
new file mode 100644 (file)
index 0000000..743548e
--- /dev/null
+++ b/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch
@@ -0,0 +1,57 @@
+From 64bcff1c7c72eecda8750bc2dca8b4c5dc38a837 Mon Sep 17 00:00:00 2001
+From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
+Date: Tue, 28 Apr 2015 21:55:18 +0100
+Subject: [PATCH 87/98] Constify some DHCP lease management functions.
+
+---
+ src/dnsmasq.h | 7 ++++---
+ src/lease.c   | 8 ++++----
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 6fe4a4189188..824a86009439 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -1304,9 +1304,10 @@ void lease_update_slaac(time_t now);
+ void lease_set_iaid(struct dhcp_lease *lease, int iaid);
+ void lease_make_duid(time_t now);
+ #endif
+-void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
+-                    unsigned char *clid, int hw_len, int hw_type, int clid_len, time_t now, int force);
+-void lease_set_hostname(struct dhcp_lease *lease, char *name, int auth, char *domain, char *config_domain);
++void lease_set_hwaddr(struct dhcp_lease *lease, const unsigned char *hwaddr,
++                    const unsigned char *clid, int hw_len, int hw_type,
++                    int clid_len, time_t now, int force);
++void lease_set_hostname(struct dhcp_lease *lease, const char *name, int auth, char *domain, char *config_domain);
+ void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now);
+ void lease_set_interface(struct dhcp_lease *lease, int interface, time_t now);
+ struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr, int hw_len, int hw_type,  
+diff --git a/src/lease.c b/src/lease.c
+index 545bbb7fd09c..8adb60588671 100644
+--- a/src/lease.c
++++ b/src/lease.c
+@@ -813,9 +813,9 @@ void lease_set_iaid(struct dhcp_lease *lease, int iaid)
+ }
+ #endif
+ 
+-void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
+-                    unsigned char *clid, int hw_len, int hw_type, int clid_len, 
+-                    time_t now, int force)
++void lease_set_hwaddr(struct dhcp_lease *lease, const unsigned char *hwaddr,
++                    const unsigned char *clid, int hw_len, int hw_type,
++                    int clid_len, time_t now, int force)
+ {
+ #ifdef HAVE_DHCP6
+   int change = force;
+@@ -897,7 +897,7 @@ static void kill_name(struct dhcp_lease *lease)
+   lease->hostname = lease->fqdn = NULL;
+ }
+ 
+-void lease_set_hostname(struct dhcp_lease *lease, char *name, int auth, char *domain, char *config_domain)
++void lease_set_hostname(struct dhcp_lease *lease, const char *name, int auth, char *domain, char *config_domain)
+ {
+   struct dhcp_lease *lease_tmp;
+   char *new_name = NULL, *new_fqdn = NULL;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch b/src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch
new file mode 100644 (file)
index 0000000..af4d6d7
--- /dev/null
+++ b/src/patches/dnsmasq/0088-Handle-UDP-packet-loss-when-fragmentation-of-large-p.patch
@@ -0,0 +1,332 @@
+From a77cec8d58231d71cbc26615f0c0f0292c09ef54 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 8 May 2015 16:25:38 +0100
+Subject: [PATCH 88/98] Handle UDP packet loss when fragmentation of large
+ packets is broken.
+
+---
+ CHANGELOG     |  6 ++++++
+ src/config.h  |  1 +
+ src/dnsmasq.h |  5 +++--
+ src/dnssec.c  | 11 +++++++++--
+ src/forward.c | 37 +++++++++++++++++++++++++++++--------
+ src/network.c |  1 +
+ src/option.c  | 18 +++++++++++-------
+ src/rfc1035.c | 22 ++++++----------------
+ 8 files changed, 66 insertions(+), 35 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index af2b22cf8f73..d8fc57a418bb 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -109,6 +109,12 @@ version 2.73
+           by quiet-dhcp6. Thanks to J. Pablo Abonia for 
+           spotting the problem.
+ 
++          Try and handle net connections with broken fragmentation 
++          that lose large UDP packets. If a server times out, 
++            reduce the maximum UDP packet size field in the EDNS0
++          header to 1280 bytes. If it then answers, make that
++          change permanent.
++
+       
+ version 2.72
+             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/src/config.h b/src/config.h
+index 8def6f200461..f75fe9db7081 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -19,6 +19,7 @@
+ #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
+ #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
+ #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
++#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */
+ #define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */
+ #define DNSSEC_WORK 50 /* Max number of queries to validate one question */
+ #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 824a86009439..ab16f79b3ec9 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -504,7 +504,7 @@ struct server {
+   char interface[IF_NAMESIZE+1];
+   struct serverfd *sfd; 
+   char *domain; /* set if this server only handles a domain. */ 
+-  int flags, tcpfd;
++  int flags, tcpfd, edns_pktsz;
+   unsigned int queries, failed_queries;
+ #ifdef HAVE_LOOP
+   u32 uid;
+@@ -594,6 +594,7 @@ struct hostsfile {
+ #define FREC_DO_QUESTION       64
+ #define FREC_ADDED_PHEADER    128
+ #define FREC_CHECK_NOSIGN     256
++#define FREC_TEST_PKTSZ       512
+ 
+ #ifdef HAVE_DNSSEC
+ #define HASH_SIZE 20 /* SHA-1 digest size */
+@@ -1148,7 +1149,7 @@ int in_zone(struct auth_zone *zone, char *name, char **cut);
+ #endif
+ 
+ /* dnssec.c */
+-size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr);
++size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr, int edns_pktsz);
+ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t n, char *name, char *keyname, int class);
+ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class);
+ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer, int *nons);
+diff --git a/src/dnssec.c b/src/dnssec.c
+index a9e12153ccf2..e91d7c2cf040 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -2162,10 +2162,12 @@ int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
+     }
+ }
+ 
+-size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
++size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, 
++                           int type, union mysockaddr *addr, int edns_pktsz)
+ {
+   unsigned char *p;
+   char *types = querystr("dnssec-query", type);
++  size_t ret;
+ 
+   if (addr->sa.sa_family == AF_INET) 
+     log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
+@@ -2194,7 +2196,12 @@ size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, i
+   PUTSHORT(type, p);
+   PUTSHORT(class, p);
+ 
+-  return add_do_bit(header, p - (unsigned char *)header, end);
++  ret = add_do_bit(header, p - (unsigned char *)header, end);
++
++  if (find_pseudoheader(header, ret, NULL, &p, NULL))
++    PUTSHORT(edns_pktsz, p);
++
++  return ret;
+ }
+ 
+ /* Go through a domain name, find "pointers" and fix them up based on how many bytes
+diff --git a/src/forward.c b/src/forward.c
+index a8e403c4b25e..592243fd4d35 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -253,6 +253,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
+   void *hash = &crc;
+ #endif
+  unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
++ unsigned char *pheader;
+ 
+  (void)do_bit;
+ 
+@@ -261,19 +262,32 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
+     forward = NULL;
+   else if (forward || (hash && (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash))))
+     {
++      /* If we didn't get an answer advertising a maximal packet in EDNS,
++       fall back to 1280, which should work everywhere on IPv6.
++       If that generates an answer, it will become the new default
++       for this server */
++      forward->flags |= FREC_TEST_PKTSZ;
++      
+ #ifdef HAVE_DNSSEC
+       /* If we've already got an answer to this query, but we're awaiting keys for validation,
+        there's no point retrying the query, retry the key query instead...... */
+       if (forward->blocking_query)
+       {
+         int fd;
+-
++        
++        forward->flags &= ~FREC_TEST_PKTSZ;
++        
+         while (forward->blocking_query)
+           forward = forward->blocking_query;
++         
++        forward->flags |= FREC_TEST_PKTSZ;
+         
+         blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
+         plen = forward->stash_len;
+         
++        if (find_pseudoheader(header, plen, NULL, &pheader, NULL))
++          PUTSHORT((forward->flags & FREC_TEST_PKTSZ) ? SAFE_PKTSZ : forward->sentto->edns_pktsz, pheader);
++
+         if (forward->sentto->addr.sa.sa_family == AF_INET) 
+           log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec");
+ #ifdef HAVE_IPV6
+@@ -417,7 +431,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
+         plen = new_plen;
+       }
+ #endif
+-
++      
+       while (1)
+       { 
+         /* only send to servers dealing with our domain.
+@@ -464,6 +478,9 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
+                   }
+ #endif
+               }
++
++            if (find_pseudoheader(header, plen, NULL, &pheader, NULL))
++              PUTSHORT((forward->flags & FREC_TEST_PKTSZ) ? SAFE_PKTSZ : start->edns_pktsz, pheader);
+             
+             if (retry_send(sendto(fd, (char *)header, plen, 0,
+                                   &start->addr.sa,
+@@ -760,7 +777,6 @@ void reply_query(int fd, int family, time_t now)
+     }   
+    
+   server = forward->sentto;
+-  
+   if ((forward->sentto->flags & SERV_TYPE) == 0)
+     {
+       if (RCODE(header) == REFUSED)
+@@ -781,7 +797,12 @@ void reply_query(int fd, int family, time_t now)
+       if (!option_bool(OPT_ALL_SERVERS))
+       daemon->last_server = server;
+     }
+-
++ 
++  /* We tried resending to this server with a smaller maximum size and got an answer.
++     Make that permanent. */
++  if (server && (forward->flags & FREC_TEST_PKTSZ))
++    server->edns_pktsz = SAFE_PKTSZ;
++  
+   /* If the answer is an error, keep the forward record in place in case
+      we get a good reply from another server. Kill it when we've
+      had replies from all to avoid filling the forwarding table when
+@@ -890,7 +911,7 @@ void reply_query(int fd, int family, time_t now)
+                   {
+                     new->flags |= FREC_DNSKEY_QUERY; 
+                     nn = dnssec_generate_query(header, ((char *) header) + daemon->packet_buff_sz,
+-                                               daemon->keyname, forward->class, T_DNSKEY, &server->addr);
++                                               daemon->keyname, forward->class, T_DNSKEY, &server->addr, server->edns_pktsz);
+                   }
+                 else 
+                   {
+@@ -899,7 +920,7 @@ void reply_query(int fd, int family, time_t now)
+                     else
+                       new->flags |= FREC_DS_QUERY;
+                     nn = dnssec_generate_query(header,((char *) header) + daemon->packet_buff_sz,
+-                                               daemon->keyname, forward->class, T_DS, &server->addr);
++                                               daemon->keyname, forward->class, T_DS, &server->addr, server->edns_pktsz);
+                   }
+                 if ((hash = hash_questions(header, nn, daemon->namebuff)))
+                   memcpy(new->hash, hash, HASH_SIZE);
+@@ -1526,7 +1547,7 @@ static int  tcp_check_for_unsigned_zone(time_t now, struct dns_header *header, s
+       
+       /* Can't find it in the cache, have to send a query */
+ 
+-      m = dnssec_generate_query(header, ((char *) header) + 65536, name_start, class, T_DS, &server->addr);
++      m = dnssec_generate_query(header, ((char *) header) + 65536, name_start, class, T_DS, &server->addr, server->edns_pktsz);
+       
+       *length = htons(m);
+       
+@@ -1638,7 +1659,7 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
+ 
+     another_tcp_key:
+       m = dnssec_generate_query(new_header, ((char *) new_header) + 65536, keyname, class, 
+-                              new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS, &server->addr);
++                              new_status == STAT_NEED_KEY ? T_DNSKEY : T_DS, &server->addr, server->edns_pktsz);
+       
+       *length = htons(m);
+       
+diff --git a/src/network.c b/src/network.c
+index 992f023c31de..a1d90c876fc1 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -1396,6 +1396,7 @@ void add_update_server(int flags,
+       serv->domain = domain_str;
+       serv->next = next;
+       serv->queries = serv->failed_queries = 0;
++      serv->edns_pktsz = daemon->edns_pktsz;
+ #ifdef HAVE_LOOP
+       serv->uid = rand32();
+ #endif      
+diff --git a/src/option.c b/src/option.c
+index f91cfbb1aa54..c7add88de7ac 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -4498,15 +4498,19 @@ void read_opts(int argc, char **argv, char *compile_opts)
+     {
+       struct server *tmp;
+       for (tmp = daemon->servers; tmp; tmp = tmp->next)
+-      if (!(tmp->flags & SERV_HAS_SOURCE))
+-        {
+-          if (tmp->source_addr.sa.sa_family == AF_INET)
+-            tmp->source_addr.in.sin_port = htons(daemon->query_port);
++      {
++        tmp->edns_pktsz = daemon->edns_pktsz;
++       
++        if (!(tmp->flags & SERV_HAS_SOURCE))
++          {
++            if (tmp->source_addr.sa.sa_family == AF_INET)
++              tmp->source_addr.in.sin_port = htons(daemon->query_port);
+ #ifdef HAVE_IPV6
+-          else if (tmp->source_addr.sa.sa_family == AF_INET6)
+-            tmp->source_addr.in6.sin6_port = htons(daemon->query_port);
++            else if (tmp->source_addr.sa.sa_family == AF_INET6)
++              tmp->source_addr.in6.sin6_port = htons(daemon->query_port);
+ #endif 
+-        } 
++          }
++      } 
+     }
+   
+   if (daemon->if_addrs)
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 5828055caa5d..8b1709dd3495 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -552,7 +552,7 @@ static size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned
+       return plen;
+       *p++ = 0; /* empty name */
+       PUTSHORT(T_OPT, p);
+-      PUTSHORT(daemon->edns_pktsz, p); /* max packet length */
++      PUTSHORT(SAFE_PKTSZ, p); /* max packet length, this will be overwritten */
+       PUTSHORT(0, p);    /* extended RCODE and version */
+       PUTSHORT(set_do ? 0x8000 : 0, p); /* DO flag */
+       lenp = p;
+@@ -1537,7 +1537,6 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+   unsigned short flag;
+   int q, ans, anscount = 0, addncount = 0;
+   int dryrun = 0, sec_reqd = 0, have_pseudoheader = 0;
+-  int is_sign;
+   struct crec *crecp;
+   int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
+   struct mx_srv_record *rec;
+@@ -1557,28 +1556,19 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+      forward rather than answering from the cache, which doesn't include
+      security information, unless we're in DNSSEC validation mode. */
+ 
+-  if (find_pseudoheader(header, qlen, NULL, &pheader, &is_sign))
++  if (find_pseudoheader(header, qlen, NULL, &pheader, NULL))
+     { 
+-      unsigned short udpsz, flags;
+-      unsigned char *psave = pheader;
+-
++      unsigned short flags;
++      
+       have_pseudoheader = 1;
+ 
+-      GETSHORT(udpsz, pheader);
+-      pheader += 2; /* ext_rcode */
++      pheader += 4; /* udp size, ext_rcode */
+       GETSHORT(flags, pheader);
+       
+       if ((sec_reqd = flags & 0x8000))
+       *do_bit = 1;/* do bit */ 
+-      *ad_reqd = 1;
+-
+-      /* If our client is advertising a larger UDP packet size
+-       than we allow, trim it so that we don't get an overlarge
+-       response from upstream */
+-
+-      if (!is_sign && (udpsz > daemon->edns_pktsz))
+-      PUTSHORT(daemon->edns_pktsz, psave); 
+ 
++      *ad_reqd = 1;
+       dryrun = 1;
+     }
+ 
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch b/src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch
new file mode 100644 (file)
index 0000000..c75d864
--- /dev/null
+++ b/src/patches/dnsmasq/0089-Check-IPv4-mapped-IPv6-addresses-with-stop-rebind.patch
@@ -0,0 +1,59 @@
+From b059c96dc69dfe3055c5b32b078a05c53b11ebb3 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 8 May 2015 20:25:51 +0100
+Subject: [PATCH 89/98] Check IPv4-mapped IPv6 addresses with --stop-rebind.
+
+---
+ CHANGELOG     |  3 +++
+ src/rfc1035.c | 21 +++++++++++++++++----
+ 2 files changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index d8fc57a418bb..94a521f996e2 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -115,6 +115,9 @@ version 2.73
+           header to 1280 bytes. If it then answers, make that
+           change permanent.
+ 
++          Check IPv4-mapped IPv6 addresses when --stop-rebind
++          is active. Thanks to Jordan Milne for spotting this.
++
+       
+ version 2.72
+             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 8b1709dd3495..5e3f566fdbc5 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1117,10 +1117,23 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
+                     memcpy(&addr, p1, addrlen);
+                     
+                     /* check for returned address in private space */
+-                    if (check_rebind &&
+-                        (flags & F_IPV4) &&
+-                        private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
+-                      return 1;
++                    if (check_rebind)
++                      {
++                        if ((flags & F_IPV4) &&
++                            private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
++                          return 1;
++                        
++#ifdef HAVE_IPV6
++                        if ((flags & F_IPV6) &&
++                            IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6))
++                          {
++                            struct in_addr v4;
++                            v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3];
++                            if (private_net(v4, !option_bool(OPT_LOCAL_REBIND)))
++                              return 1;
++                          }
++#endif
++                      }
+                     
+ #ifdef HAVE_IPSET
+                     if (ipsets && (flags & (F_IPV4 | F_IPV6)))
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch b/src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch
new file mode 100644 (file)
index 0000000..b6d9c47
--- /dev/null
+++ b/src/patches/dnsmasq/0090-Tweak-EDNS-timeout-code.patch
@@ -0,0 +1,29 @@
+From 86fa1046920dedc8134136a6244ca96e8a37e9d8 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 10 May 2015 13:50:59 +0100
+Subject: [PATCH 90/98] Tweak EDNS timeout code.
+
+---
+ src/forward.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index 592243fd4d35..74e5ab66c423 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -799,8 +799,10 @@ void reply_query(int fd, int family, time_t now)
+     }
+  
+   /* We tried resending to this server with a smaller maximum size and got an answer.
+-     Make that permanent. */
+-  if (server && (forward->flags & FREC_TEST_PKTSZ))
++     Make that permanent. To avoid reduxing the packet size for an single dropped packet,
++     only do this when we get a truncated answer, or one larger than the safe size. */
++  if (server && (forward->flags & FREC_TEST_PKTSZ) && 
++      ((header->hb3 & HB3_TC) || n >= SAFE_PKTSZ))
+     server->edns_pktsz = SAFE_PKTSZ;
+   
+   /* If the answer is an error, keep the forward record in place in case
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch b/src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch
new file mode 100644 (file)
index 0000000..b65bb87
--- /dev/null
+++ b/src/patches/dnsmasq/0091-Pointer-to-mail-archive-mailing-list-mirror-in-doc.h.patch
@@ -0,0 +1,28 @@
+From 585840b03365372679907f175b07a01c9d621ae0 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 13 May 2015 12:35:57 +0100
+Subject: [PATCH 91/98] Pointer to mail-archive mailing list mirror in
+ doc.html.
+
+---
+ doc.html | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/doc.html b/doc.html
+index 92c9d0d6f34c..54f59bbbd4d0 100644
+--- a/doc.html
++++ b/doc.html
+@@ -74,7 +74,9 @@ for details.
+ There is a dnsmasq mailing list at <A
+ HREF="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss">
+ http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</A> which should be the
+-first location for queries, bugreports, suggestions etc.
++first location for queries, bugreports, suggestions etc. The list is mirrored, with a
++search facility, at <A HREF="https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/">
++https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/</A>.
+ You can contact me at <A
+ HREF="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</A>.
+ 
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch b/src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch
new file mode 100644 (file)
index 0000000..84246c3
--- /dev/null
+++ b/src/patches/dnsmasq/0092-Allow-T1-and-T2-DHCPv4-options-to-be-set.patch
@@ -0,0 +1,200 @@
+From ca85a28241ef87919d68d52c843b6964b7070e11 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 13 May 2015 22:33:04 +0100
+Subject: [PATCH 92/98] Allow T1 and T2 DHCPv4 options to be set.
+
+---
+ CHANGELOG            |  3 +++
+ dnsmasq.conf.example |  8 ++++++
+ src/dhcp-common.c    |  4 +--
+ src/rfc2131.c        | 71 ++++++++++++++++++++++++++++++++++++----------------
+ 4 files changed, 63 insertions(+), 23 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 94a521f996e2..ef39a415788b 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -118,6 +118,9 @@ version 2.73
+           Check IPv4-mapped IPv6 addresses when --stop-rebind
+           is active. Thanks to Jordan Milne for spotting this.
+ 
++          Allow DHCPv4 options T1 and T2 to be set using --dhcp-option.
++          Thanks to Kevin Benton for patches and work on this.
++
+       
+ version 2.72
+             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
+index 67be99acb028..1ae11dfb5358 100644
+--- a/dnsmasq.conf.example
++++ b/dnsmasq.conf.example
+@@ -345,6 +345,14 @@
+ # Ask client to poll for option changes every six hours. (RFC4242)
+ #dhcp-option=option6:information-refresh-time,6h
+ 
++# Set option 58 client renewal time (T1). Defaults to half of the
++# lease time if not specified. (RFC2132)
++#dhcp-option=option:T1:1m
++
++# Set option 59 rebinding time (T2). Defaults to 7/8 of the
++# lease time if not specified. (RFC2132)
++#dhcp-option=option:T2:2m
++
+ # Set the NTP time server address to be the same machine as
+ # is running dnsmasq
+ #dhcp-option=42,0.0.0.0
+diff --git a/src/dhcp-common.c b/src/dhcp-common.c
+index ce115202a646..bc48f41a14d7 100644
+--- a/src/dhcp-common.c
++++ b/src/dhcp-common.c
+@@ -545,8 +545,8 @@ static const struct opttab_t {
+   { "parameter-request", 55, OT_INTERNAL },
+   { "message", 56, OT_INTERNAL },
+   { "max-message-size", 57, OT_INTERNAL },
+-  { "T1", 58, OT_INTERNAL | OT_TIME},
+-  { "T2", 59, OT_INTERNAL | OT_TIME},
++  { "T1", 58, OT_TIME},
++  { "T2", 59, OT_TIME},
+   { "vendor-class", 60, 0 },
+   { "client-id", 61, OT_INTERNAL },
+   { "nis+-domain", 64, OT_NAME },
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index 55526443dc84..a10e499ef768 100644
+--- a/src/rfc2131.c
++++ b/src/rfc2131.c
+@@ -52,7 +52,9 @@ static void do_options(struct dhcp_context *context,
+                      int null_term, int pxearch,
+                      unsigned char *uuid,
+                      int vendor_class_len,
+-                     time_t now);
++                     time_t now,
++                     unsigned int lease_time,
++                     unsigned short fuzz);
+ 
+ 
+ static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt); 
+@@ -610,7 +612,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+             
+             clear_packet(mess, end);
+             do_options(context, mess, end, NULL, hostname, get_domain(mess->yiaddr), 
+-                       netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now);
++                       netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now, 0xffffffff, 0);
+           }
+       }
+       
+@@ -1042,13 +1044,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+       option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
+       option_put(mess, end, OPTION_LEASE_TIME, 4, time);
+       /* T1 and T2 are required in DHCPOFFER by HP's wacky Jetdirect client. */
+-      if (time != 0xffffffff)
+-      {
+-        option_put(mess, end, OPTION_T1, 4, (time/2));
+-        option_put(mess, end, OPTION_T2, 4, (time*7)/8);
+-      }
+       do_options(context, mess, end, req_options, offer_hostname, get_domain(mess->yiaddr), 
+-               netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now);
++               netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now, time, fuzz);
+       
+       return dhcp_packet_size(mess, agent_id, real_end);
+       
+@@ -1367,15 +1364,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+         option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
+         option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
+         option_put(mess, end, OPTION_LEASE_TIME, 4, time);
+-        if (time != 0xffffffff)
+-          {
+-            while (fuzz > (time/16))
+-              fuzz = fuzz/2; 
+-            option_put(mess, end, OPTION_T1, 4, (time/2) - fuzz);
+-            option_put(mess, end, OPTION_T2, 4, ((time/8)*7) - fuzz);
+-          }
+         do_options(context, mess, end, req_options, hostname, get_domain(mess->yiaddr), 
+-                   netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now);
++                   netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now, time, fuzz);
+       }
+ 
+       return dhcp_packet_size(mess, agent_id, real_end); 
+@@ -1440,7 +1430,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+       }
+ 
+       do_options(context, mess, end, req_options, hostname, get_domain(mess->ciaddr),
+-               netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now);
++               netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid, vendor_class_len, now, 0xffffffff, 0);
+       
+       *is_inform = 1; /* handle reply differently */
+       return dhcp_packet_size(mess, agent_id, real_end); 
+@@ -2137,7 +2127,9 @@ static void do_options(struct dhcp_context *context,
+                      int null_term, int pxe_arch,
+                      unsigned char *uuid,
+                      int vendor_class_len,
+-                     time_t now)
++                     time_t now,
++                     unsigned int lease_time,
++                     unsigned short fuzz)
+ {
+   struct dhcp_opt *opt, *config_opts = daemon->dhcp_opts;
+   struct dhcp_boot *boot;
+@@ -2261,7 +2253,42 @@ static void do_options(struct dhcp_context *context,
+   /* rfc3011 says this doesn't need to be in the requested options list. */
+   if (subnet_addr.s_addr)
+     option_put(mess, end, OPTION_SUBNET_SELECT, INADDRSZ, ntohl(subnet_addr.s_addr));
+-  
++   
++  if (lease_time != 0xffffffff)
++    { 
++      unsigned int t1val = lease_time/2; 
++      unsigned int t2val = (lease_time*7)/8;
++      unsigned int hval;
++      
++      /* If set by user, sanity check, so not longer than lease. */
++      if ((opt = option_find2(OPTION_T1)))
++      {
++        hval = ntohl(*((unsigned int *)opt->val));
++        if (hval < lease_time && hval > 2)
++          t1val = hval;
++      }
++
++       if ((opt = option_find2(OPTION_T2)))
++      {
++        hval = ntohl(*((unsigned int *)opt->val));
++        if (hval < lease_time && hval > 2)
++          t2val = hval;
++      }
++                
++       while (fuzz > (t1val/8))
++       fuzz = fuzz/2;
++       
++       t1val -= fuzz;
++       t2val -= fuzz;
++       
++       /* ensure T1 is still < T2 */
++       if (t2val <= t1val)
++       t1val = t2val - 1; 
++
++       option_put(mess, end, OPTION_T1, 4, t1val);
++       option_put(mess, end, OPTION_T2, 4, t2val);
++    }
++
+   /* replies to DHCPINFORM may not have a valid context */
+   if (context)
+     {
+@@ -2356,12 +2383,14 @@ static void do_options(struct dhcp_context *context,
+       if (!(opt->flags & DHOPT_FORCE) && !in_list(req_options, optno))
+       continue;
+       
+-      /* prohibit some used-internally options */
++      /* prohibit some used-internally options. T1 and T2 already handled. */
+       if (optno == OPTION_CLIENT_FQDN ||
+         optno == OPTION_MAXMESSAGE ||
+         optno == OPTION_OVERLOAD ||
+         optno == OPTION_PAD ||
+-        optno == OPTION_END)
++        optno == OPTION_END ||
++        optno == OPTION_T1 ||
++        optno == OPTION_T2)
+       continue;
+ 
+       if (optno == OPTION_SNAME && done_server)
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0093-Tweak-last-commit.patch b/src/patches/dnsmasq/0093-Tweak-last-commit.patch
new file mode 100644 (file)
index 0000000..578e764
--- /dev/null
+++ b/src/patches/dnsmasq/0093-Tweak-last-commit.patch
@@ -0,0 +1,37 @@
+From 7c0f2543a7e761d1ec82738374556beeb8a35bef Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 14 May 2015 21:16:18 +0100
+Subject: [PATCH 93/98] Tweak last commit.
+
+---
+ src/rfc2131.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index a10e499ef768..b95f9beadf59 100644
+--- a/src/rfc2131.c
++++ b/src/rfc2131.c
+@@ -2275,16 +2275,16 @@ static void do_options(struct dhcp_context *context,
+           t2val = hval;
+       }
+                 
++       /* ensure T1 is still < T2 */
++       if (t2val <= t1val)
++       t1val = t2val - 1; 
++
+        while (fuzz > (t1val/8))
+        fuzz = fuzz/2;
+        
+        t1val -= fuzz;
+        t2val -= fuzz;
+        
+-       /* ensure T1 is still < T2 */
+-       if (t2val <= t1val)
+-       t1val = t2val - 1; 
+-
+        option_put(mess, end, OPTION_T1, 4, t1val);
+        option_put(mess, end, OPTION_T2, 4, t2val);
+     }
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch b/src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch
new file mode 100644 (file)
index 0000000..a7d7546
--- /dev/null
+++ b/src/patches/dnsmasq/0094-Use-correct-DHCP-context-for-PXE-proxy-server-id.patch
@@ -0,0 +1,29 @@
+From 62018e1f720fa11e83879111a4b1b3753b5c25bb Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 14 May 2015 21:30:00 +0100
+Subject: [PATCH 94/98] Use correct DHCP context for PXE-proxy server-id.
+
+---
+ src/rfc2131.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index b95f9beadf59..70d1e59530ad 100644
+--- a/src/rfc2131.c
++++ b/src/rfc2131.c
+@@ -888,10 +888,10 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+                 
+                 option_put(mess, end, OPTION_MESSAGE_TYPE, 1, 
+                            mess_type == DHCPDISCOVER ? DHCPOFFER : DHCPACK);
+-                option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(context->local.s_addr));
++                option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(tmp->local.s_addr));
+                 pxe_misc(mess, end, uuid);
+                 prune_vendor_opts(tagif_netid);
+-                do_encap_opts(pxe_opts(pxearch, tagif_netid, context->local, now), OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0);
++                do_encap_opts(pxe_opts(pxearch, tagif_netid, tmp->local, now), OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0);
+                 
+                 log_packet("PXE", NULL, emac, emac_len, iface_name, ignore ? "proxy-ignored" : "proxy", NULL, mess->xid);
+                 log_tags(tagif_netid, ntohl(mess->xid));
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch b/src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch
new file mode 100644 (file)
index 0000000..b1b06f2
--- /dev/null
+++ b/src/patches/dnsmasq/0095-Fix-buffer-overflow-introduced-in-2.73rc6.patch
@@ -0,0 +1,49 @@
+From 5d07d77e75e0f02bc0a8f6029ffbc8b371fa804e Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 15 May 2015 18:13:06 +0100
+Subject: [PATCH 95/98] Fix buffer overflow introduced in 2.73rc6.
+
+Fix off-by-one in code which checks for over-long domain names
+in received DNS packets. This enables buffer overflow attacks
+which can certainly crash dnsmasq and may allow for arbitrary
+code execution. The problem was introduced in commit b8f16556d,
+release 2.73rc6, so has not escaped into any stable release.
+Note that the off-by-one was in the label length determination,
+so the buffer can be overflowed by as many bytes as there are
+labels in the name - ie, many.
+
+Thanks to Ron Bowes, who used lcmatuf's afl-fuzz tool to find
+the problem.
+---
+ src/rfc1035.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 5e3f566fdbc5..a95241f83523 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -94,8 +94,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+           count = 256;
+         digs = ((count-1)>>2)+1;
+         
+-        /* output is \[x<hex>/siz]. which is digs+6/7/8 chars */
+-        namelen += digs+6;
++        /* output is \[x<hex>/siz]. which is digs+7/8/9 chars */
++        namelen += digs+7;
+         if (count > 9)
+           namelen++;
+         if (count > 99)
+@@ -125,8 +125,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+       }
+       else 
+       { /* label_type = 0 -> label. */
+-        namelen += l;
+-        if (namelen+1 >= MAXDNAME)
++        namelen += l + 1; /* include period */
++        if (namelen >= MAXDNAME)
+           return 0;
+         if (!CHECK_LEN(header, p, plen, l))
+           return 0;
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch b/src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch
new file mode 100644 (file)
index 0000000..db0a1e5
--- /dev/null
+++ b/src/patches/dnsmasq/0096-Remove-support-for-DNS-Extended-Label-Types.patch
@@ -0,0 +1,89 @@
+From 06568c663643b9ed1577d95efee69d734f427cf5 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 15 May 2015 20:43:48 +0100
+Subject: [PATCH 96/98] Remove support for DNS Extended Label Types.
+
+The support was only partial, and the whole concept is
+now deprecated in the standards.
+---
+ src/rfc1035.c | 52 ++++------------------------------------------------
+ 1 file changed, 4 insertions(+), 48 deletions(-)
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index a95241f83523..56647b02ab4d 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -77,53 +77,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+         
+         p = l + (unsigned char *)header;
+       }
+-      else if (label_type == 0x80)
+-      return 0; /* reserved */
+-      else if (label_type == 0x40)
+-      { /* ELT */
+-        unsigned int count, digs;
+-        
+-        if ((l & 0x3f) != 1)
+-          return 0; /* we only understand bitstrings */
+-
+-        if (!isExtract)
+-          return 0; /* Cannot compare bitsrings */
+-        
+-        count = *p++;
+-        if (count == 0)
+-          count = 256;
+-        digs = ((count-1)>>2)+1;
+-        
+-        /* output is \[x<hex>/siz]. which is digs+7/8/9 chars */
+-        namelen += digs+7;
+-        if (count > 9)
+-          namelen++;
+-        if (count > 99)
+-          namelen++;
+-        if (namelen+1 >= MAXDNAME)
+-          return 0;
+-
+-        if (!CHECK_LEN(header, p, plen, (count-1)>>3))
+-          return 0;
+-
+-        *cp++ = '\\';
+-        *cp++ = '[';
+-        *cp++ = 'x';
+-        for (j=0; j<digs; j++)
+-          {
+-            unsigned int dig;
+-            if (j%2 == 0)
+-              dig = *p >> 4;
+-            else
+-              dig = *p++ & 0x0f;
+-            
+-            *cp++ = dig < 10 ? dig + '0' : dig + 'A' - 10;
+-          } 
+-        cp += sprintf((char *)cp, "/%d]", count);
+-        /* do this here to overwrite the zero char from sprintf */
+-        *cp++ = '.';
+-      }
+-      else 
++      else if (label_type == 0x00)
+       { /* label_type = 0 -> label. */
+         namelen += l + 1; /* include period */
+         if (namelen >= MAXDNAME)
+@@ -176,12 +130,14 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
+                     retvalue =  2;
+                 }
+             }
+-        
++          
+         if (isExtract)
+           *cp++ = '.';
+         else if (*cp != 0 && *cp++ != '.')
+           retvalue = 2;
+       }
++      else
++      return 0; /* label types 0x40 and 0x80 not supported */
+     }
+ }
+  
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch b/src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch
new file mode 100644 (file)
index 0000000..b9f2e63
--- /dev/null
+++ b/src/patches/dnsmasq/0097-Select-correct-DHCP-context-when-in-PXE-bootserver-m.patch
@@ -0,0 +1,26 @@
+From 7f8565b94ca52dde31f7688a9f9a0cc611d9dae3 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 19 May 2015 23:01:27 +0100
+Subject: [PATCH 97/98] Select correct DHCP context when in PXE bootserver
+ mode.
+
+---
+ src/rfc2131.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index 70d1e59530ad..e602a21585c9 100644
+--- a/src/rfc2131.c
++++ b/src/rfc2131.c
+@@ -805,7 +805,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+           if (service->type == type)
+             break;
+         
+-        if (!service || !service->basename)
++        if (!service || !service->basename || !(context = narrow_context(context, mess->ciaddr, tagif_netid)))
+           return 0;
+         
+         clear_packet(mess, end);
+-- 
+2.1.0
+

diff --git a/src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch b/src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch
new file mode 100644 (file)
index 0000000..1be4278
--- /dev/null
+++ b/src/patches/dnsmasq/0098-Tweak-immediately-previous-patch.patch
@@ -0,0 +1,33 @@
+From 549b1a478c5eee9dbd3a0709913a26ec29d30f2c Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 20 May 2015 20:20:24 +0100
+Subject: [PATCH 98/98] Tweak immediately previous patch.
+
+---
+ src/rfc2131.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index e602a21585c9..9f69ed595903 100644
+--- a/src/rfc2131.c
++++ b/src/rfc2131.c
+@@ -805,9 +805,14 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+           if (service->type == type)
+             break;
+         
+-        if (!service || !service->basename || !(context = narrow_context(context, mess->ciaddr, tagif_netid)))
+-          return 0;
++        for (; context; context = context->current)
++          if (match_netid(context->filter, tagif_netid, 1) &&
++              is_same_net(mess->ciaddr, context->start, context->netmask))
++            break;
+         
++        if (!service || !service->basename || !context)
++          return 0;
++                
+         clear_packet(mess, end);
+         
+         mess->yiaddr = mess->ciaddr;
+-- 
+2.1.0
+

diff --git a/src/patches/dracut-038_add_sdhci-pci.patch b/src/patches/dracut-038_add_sdhci-pci.patch
new file mode 100644 (file)
index 0000000..b002246
--- /dev/null
+++ b/src/patches/dracut-038_add_sdhci-pci.patch
@@ -0,0 +1,12 @@
+diff -Naur dracut-038.org/modules.d/90kernel-modules/module-setup.sh dracut-038/modules.d/90kernel-modules/module-setup.sh
+--- dracut-038.org/modules.d/90kernel-modules/module-setup.sh  2014-06-30 12:03:12.000000000 +0200
++++ dracut-038/modules.d/90kernel-modules/module-setup.sh      2015-05-05 14:58:56.820197839 +0200
+@@ -47,7 +47,7 @@
+             atkbd i8042 usbhid hid-apple hid-sunplus hid-cherry hid-logitech \
+             hid-logitech-dj hid-microsoft firewire-ohci \
+             pcmcia usb_storage nvme hid-hyperv hv-vmbus \
+-            sdhci_acpi
++            sdhci_acpi sdhci_pci
+ 
+         if [[ "$(uname -p)" == arm* ]]; then
+             # arm specific modules

diff --git a/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch b/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch
new file mode 100644 (file)
index 0000000..24a8ca1
--- /dev/null
+++ b/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch
@@ -0,0 +1,34 @@
+From c667589410912ca980a78f417e86dd6585d58f9a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 4 May 2015 16:00:31 +0200
+Subject: [PATCH] Skip search for hypervisor name when the CPU string is empty
+
+---
+ src/_fireinfo/fireinfo.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/_fireinfo/fireinfo.c b/src/_fireinfo/fireinfo.c
+index fc639d9d4cd9..6601c21a733f 100644
+--- a/src/_fireinfo/fireinfo.c
++++ b/src/_fireinfo/fireinfo.c
+@@ -156,11 +156,12 @@ int detect_hypervisor(int *hypervisor) {
+ 
+               *hypervisor = HYPER_OTHER;
+ 
+-              int id;
+-              for (id = HYPER_NONE + 1; id < HYPER_LAST; id++) {
+-                      if (strcmp(hypervisor_ids[id], sig.text) == 0) {
+-                              *hypervisor = id;
+-                              break;
++              if (*sig.text) {
++                      for (int id = HYPER_NONE + 1; id < HYPER_LAST; id++) {
++                              if (strcmp(hypervisor_ids[id], sig.text) == 0) {
++                                      *hypervisor = id;
++                                      break;
++                              }
+                       }
+               }
+ 
+-- 
+2.1.0
+

diff --git a/src/patches/glibc/glibc-rh1207995.patch b/src/patches/glibc/glibc-rh1207995.patch
new file mode 100644 (file)
index 0000000..1732de6
--- /dev/null
+++ b/src/patches/glibc/glibc-rh1207995.patch
@@ -0,0 +1,27 @@
+#
+# Based on the following commit:
+#
+# commit f9d2d03254a58d92635a311a42253eeed5a40a47
+# Author: Andreas Schwab <schwab@suse.de>
+# Date:   Mon May 26 18:01:31 2014 +0200
+# 
+#     Fix invalid file descriptor reuse while sending DNS query (BZ #15946)
+# 
+# 2014-06-03  Andreas Schwab  <schwab@suse.de>
+# 
+#      [BZ #15946]
+#      * resolv/res_send.c (send_dg): Reload file descriptor after
+#      calling reopen.
+# 
+diff --git a/resolv/res_send.c b/resolv/res_send.c
+index 3273d55..af42b8a 100644
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -1410,6 +1410,7 @@ send_dg(res_state statp,
+                                       retval = reopen (statp, terrno, ns);
+                                       if (retval <= 0)
+                                               return retval;
++                                      pfd[0].fd = EXT(statp).nssocks[ns];
+                               }
+                       }
+                       goto wait;

diff --git a/src/patches/glibc/glibc-rh1209375.patch b/src/patches/glibc/glibc-rh1209375.patch
new file mode 100644 (file)
index 0000000..74393f0
--- /dev/null
+++ b/src/patches/glibc/glibc-rh1209375.patch
@@ -0,0 +1,18 @@
+@@ -, +, @@
+ resolv/nss_dns/dns-host.c:getanswer_r.
+---
+ resolv/nss_dns/dns-host.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+--- a/resolv/nss_dns/dns-host.c
++++ a/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+   int have_to_map = 0;
+   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+   buffer += pad;
+-  if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
++  buflen = buflen > pad ? buflen - pad : 0;
++  if (__builtin_expect (buflen < sizeof (struct host_data), 0))
+     {
+       /* The buffer is too small.  */
+     too_small:
+--

diff --git a/src/patches/hostapd-2.3_increase_EAPOL-timeouts.patch b/src/patches/hostapd-2.3_increase_EAPOL-timeouts.patch
new file mode 100644 (file)
index 0000000..bbda55a
--- /dev/null
+++ b/src/patches/hostapd-2.3_increase_EAPOL-timeouts.patch
@@ -0,0 +1,16 @@
+diff -Naur hostapd-2.3.org/src/ap/wpa_auth.c hostapd-2.3/src/ap/wpa_auth.c
+--- hostapd-2.3.org/src/ap/wpa_auth.c  2014-10-09 16:41:31.000000000 +0200
++++ hostapd-2.3/src/ap/wpa_auth.c      2015-04-07 16:32:10.671422975 +0200
+@@ -45,9 +45,9 @@
+ 
+ static const u32 dot11RSNAConfigGroupUpdateCount = 4;
+ static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
+-static const u32 eapol_key_timeout_first = 100; /* ms */
+-static const u32 eapol_key_timeout_subseq = 1000; /* ms */
+-static const u32 eapol_key_timeout_first_group = 500; /* ms */
++static const u32 eapol_key_timeout_first = 300; /* ms */
++static const u32 eapol_key_timeout_subseq = 3000; /* ms */
++static const u32 eapol_key_timeout_first_group = 1500; /* ms */
+ 
+ /* TODO: make these configurable */
+ static const int dot11RSNAConfigPMKLifetime = 43200;

diff --git a/src/patches/linux-3.14.x-hyperv-2008-fix.patch b/src/patches/linux-3.14.x-hyperv-2008-fix.patch
new file mode 100644 (file)
index 0000000..e538e08
--- /dev/null
+++ b/src/patches/linux-3.14.x-hyperv-2008-fix.patch
@@ -0,0 +1,50 @@
+From 99d3016de4f2a29635f5382b0e9bd0e5f2151487 Mon Sep 17 00:00:00 2001
+From: Haiyang Zhang <haiyangz@microsoft.com>
+Date: Sun, 9 Mar 2014 16:10:59 -0700
+Subject: hyperv: Change the receive buffer size for legacy hosts
+
+Due to a bug in the Hyper-V host verion 2008R2, we need to use a slightly smaller
+receive buffer size, otherwise the buffer will not be accepted by the legacy hosts.
+
+Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+
+diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h
+index 7d06b49..13010b4 100644
+--- a/drivers/net/hyperv/hyperv_net.h
++++ b/drivers/net/hyperv/hyperv_net.h
+@@ -513,6 +513,7 @@ struct nvsp_message {
+ #define NETVSC_MTU 65536
+ 
+ #define NETVSC_RECEIVE_BUFFER_SIZE            (1024*1024*16)  /* 16MB */
++#define NETVSC_RECEIVE_BUFFER_SIZE_LEGACY     (1024*1024*15)  /* 15MB */
+ 
+ #define NETVSC_RECEIVE_BUFFER_ID              0xcafe
+ 
+diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c
+index 1a0280d..daddea2 100644
+--- a/drivers/net/hyperv/netvsc.c
++++ b/drivers/net/hyperv/netvsc.c
+@@ -365,6 +365,11 @@ static int netvsc_connect_vsp(struct hv_device *device)
+               goto cleanup;
+ 
+       /* Post the big receive buffer to NetVSP */
++      if (net_device->nvsp_version <= NVSP_PROTOCOL_VERSION_2)
++              net_device->recv_buf_size = NETVSC_RECEIVE_BUFFER_SIZE_LEGACY;
++      else
++              net_device->recv_buf_size = NETVSC_RECEIVE_BUFFER_SIZE;
++
+       ret = netvsc_init_recv_buf(device);
+ 
+ cleanup:
+@@ -898,7 +903,6 @@ int netvsc_device_add(struct hv_device *device, void *additional_info)
+       ndev = net_device->ndev;
+ 
+       /* Initialize the NetVSC channel extension */
+-      net_device->recv_buf_size = NETVSC_RECEIVE_BUFFER_SIZE;
+       spin_lock_init(&net_device->recv_pkt_list_lock);
+ 
+       INIT_LIST_HEAD(&net_device->recv_pkt_list);
+-- 
+cgit v0.10.2
+

diff --git a/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch b/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch
deleted file mode 100644 (file)
index 1c0f994..0000000
--- a/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 7f558e6e8abee42cc966e2cb64be0de875797e07 Mon Sep 17 00:00:00 2001
-From: Arne Fitzenreiter <arne_f@ipfire.org>
-Date: Fri, 20 Feb 2015 10:01:26 +0100
-Subject: [PATCH] sun7i: dts: lamobo-r1: fix sata pwr regulator pin.
-
-Lamobo-R1 use PB3 instead of PB8 for controlling the SATA power regulator.
----
- arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts b/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts
-index 1eb6c9b..d634d2f 100644
---- a/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts
-+++ b/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts
-@@ -166,6 +166,16 @@
-                               reg = <1>;
-                       };
-               };
-+
-+              pio: pinctrl@01c20800 {
-+                      ahci_pwr_pin_a: ahci_pwr_pin@0 {
-+                              allwinner,pins = "PB3";
-+                              allwinner,function = "gpio_out";
-+                              allwinner,drive = <0>;
-+                              allwinner,pull = <0>;
-+                      };
-+              };
-+
-       };
- 
-       leds {
-@@ -181,6 +191,14 @@
-       };
- 
-         reg_ahci_5v: ahci-5v {
-+              compatible = "regulator-fixed";
-+              pinctrl-names = "default";
-+              pinctrl-0 = <&ahci_pwr_pin_a>;
-+              regulator-name = "ahci-5v";
-+              regulator-min-microvolt = <5000000>;
-+              regulator-max-microvolt = <5000000>;
-+              enable-active-high;
-+              gpio = <&pio 1 3 0>;
-                 status = "okay";
-         };
- 
--- 
-1.8.5.2
-

diff --git a/src/patches/openssl-1.0.2-fix_parallel_build-1.patch b/src/patches/openssl-1.0.2-fix_parallel_build-1.patch
new file mode 100644 (file)
index 0000000..acfaa72
--- /dev/null
+++ b/src/patches/openssl-1.0.2-fix_parallel_build-1.patch
@@ -0,0 +1,340 @@
+Submitted By:            Armin K. <krejzi at email dot com>
+Date:                    2015-01-23
+Initial Package Version: 1.0.1e
+Upstream Status:         Unknown
+Origin:                  https://github.com/Alexpux/Qt-builds/tree/master/patches/openssl
+Description:             Fixes build when using more than one make job to build the package.
+
+--- a/crypto/Makefile  2015-01-22 17:12:09.000000000 +0100
++++ b/crypto/Makefile  2015-01-23 16:42:13.460175569 +0100
+@@ -85,11 +85,11 @@
+       @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+ 
+ subdirs:
+-      @target=all; $(RECURSIVE_MAKE)
++      +@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+       $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+-      @target=files; $(RECURSIVE_MAKE)
++      +@target=files; $(RECURSIVE_MAKE)
+ 
+ links:
+       @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib:  $(LIB)
+       @touch lib
+-$(LIB):       $(LIBOBJ)
++$(LIB):       $(LIBOBJ) | subdirs
+       $(AR) $(LIB) $(LIBOBJ)
+       test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+       $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+       fi
+ 
+ libs:
+-      @target=lib; $(RECURSIVE_MAKE)
++      +@target=lib; $(RECURSIVE_MAKE)
+ 
+ install:
+       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done;
+-      @target=install; $(RECURSIVE_MAKE)
++      +@target=install; $(RECURSIVE_MAKE)
+ 
+ lint:
+       @target=lint; $(RECURSIVE_MAKE)
+--- a/engines/Makefile 2015-01-22 17:12:24.000000000 +0100
++++ b/engines/Makefile 2015-01-23 16:42:13.461175596 +0100
+@@ -72,7 +72,7 @@
+ 
+ all:  lib subdirs
+ 
+-lib:  $(LIBOBJ)
++lib:  $(LIBOBJ) | subdirs
+       @if [ -n "$(SHARED_LIBS)" ]; then \
+               set -e; \
+               for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+ 
+ subdirs:
+       echo $(EDIRS)
+-      @target=all; $(RECURSIVE_MAKE)
++      +@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+               done; \
+       fi
+-      @target=install; $(RECURSIVE_MAKE)
++      +@target=install; $(RECURSIVE_MAKE)
+ 
+ tags:
+       ctags $(SRC)
+--- a/Makefile.org     2015-01-22 15:58:06.000000000 +0100
++++ b/Makefile.org     2015-01-23 16:42:13.461175596 +0100
+@@ -274,17 +274,17 @@
+ build_libs: build_crypto build_ssl build_engines
+ 
+ build_crypto:
+-      @dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
+-      @dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
+-      @dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
+-      @dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
+-      @dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
+-      @dir=tools; target=all; $(BUILD_ONE_CMD)
++      +@dir=crypto; target=all; $(BUILD_ONE_CMD)
++build_ssl: build_crypto
++      +@dir=ssl; target=all; $(BUILD_ONE_CMD)
++build_engines: build_crypto
++      +@dir=engines; target=all; $(BUILD_ONE_CMD)
++build_apps: build_libs
++      +@dir=apps; target=all; $(BUILD_ONE_CMD)
++build_tests: build_libs
++      +@dir=test; target=all; $(BUILD_ONE_CMD)
++build_tools: build_libs
++      +@dir=tools; target=all; $(BUILD_ONE_CMD)
+ 
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -536,9 +536,9 @@
+ dist_pem_h:
+       (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ 
+-install: all install_docs install_sw
++install: install_docs install_sw
+ 
+-install_sw:
++install_dirs:
+       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -547,12 +547,19 @@
+               $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+               $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+               $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++      @$(PERL) $(TOP)/util/mkdir-p.pl \
++              $(INSTALL_PREFIX)$(MANDIR)/man1 \
++              $(INSTALL_PREFIX)$(MANDIR)/man3 \
++              $(INSTALL_PREFIX)$(MANDIR)/man5 \
++              $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+       @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+       do \
+       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done;
+-      @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++      +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+       @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+       do \
+               if [ -f "$$i" ]; then \
+@@ -636,12 +643,7 @@
+               done; \
+       done
+ 
+-install_docs:
+-      @$(PERL) $(TOP)/util/mkdir-p.pl \
+-              $(INSTALL_PREFIX)$(MANDIR)/man1 \
+-              $(INSTALL_PREFIX)$(MANDIR)/man3 \
+-              $(INSTALL_PREFIX)$(MANDIR)/man5 \
+-              $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+       @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+       here="`pwd`"; \
+       filecase=; \
+--- a/Makefile.shared  2015-01-20 13:33:36.000000000 +0100
++++ b/Makefile.shared  2015-01-23 16:42:13.461175596 +0100
+@@ -105,6 +105,7 @@
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+       -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+                       done; \
+               fi; \
+               if [ -n "$$SHLIB_SOVER" ]; then \
++                      [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+                       ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+                         ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+               fi; \
+--- a/test/Makefile    2015-01-22 17:12:26.000000000 +0100
++++ b/test/Makefile    2015-01-23 16:42:13.461175596 +0100
+@@ -132,7 +132,7 @@
+ tags:
+       ctags $(SRC)
+ 
+-tests:        exe apps $(TESTS)
++tests:        exe $(TESTS)
+ 
+ apps:
+       @(cd ..; $(MAKE) DIRS=apps all)
+@@ -398,109 +398,109 @@
+               link_app.$${shlib_target}
+ 
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+-      @target=$(RSATEST); $(BUILD_CMD)
++      +@target=$(RSATEST); $(BUILD_CMD)
+ 
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+-      @target=$(BNTEST); $(BUILD_CMD)
++      +@target=$(BNTEST); $(BUILD_CMD)
+ 
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+-      @target=$(ECTEST); $(BUILD_CMD)
++      +@target=$(ECTEST); $(BUILD_CMD)
+ 
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+-      @target=$(EXPTEST); $(BUILD_CMD)
++      +@target=$(EXPTEST); $(BUILD_CMD)
+ 
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+-      @target=$(IDEATEST); $(BUILD_CMD)
++      +@target=$(IDEATEST); $(BUILD_CMD)
+ 
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+-      @target=$(MD2TEST); $(BUILD_CMD)
++      +@target=$(MD2TEST); $(BUILD_CMD)
+ 
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+-      @target=$(SHATEST); $(BUILD_CMD)
++      +@target=$(SHATEST); $(BUILD_CMD)
+ 
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+-      @target=$(SHA1TEST); $(BUILD_CMD)
++      +@target=$(SHA1TEST); $(BUILD_CMD)
+ 
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+-      @target=$(SHA256TEST); $(BUILD_CMD)
++      +@target=$(SHA256TEST); $(BUILD_CMD)
+ 
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+-      @target=$(SHA512TEST); $(BUILD_CMD)
++      +@target=$(SHA512TEST); $(BUILD_CMD)
+ 
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+-      @target=$(RMDTEST); $(BUILD_CMD)
++      +@target=$(RMDTEST); $(BUILD_CMD)
+ 
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+-      @target=$(MDC2TEST); $(BUILD_CMD)
++      +@target=$(MDC2TEST); $(BUILD_CMD)
+ 
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+-      @target=$(MD4TEST); $(BUILD_CMD)
++      +@target=$(MD4TEST); $(BUILD_CMD)
+ 
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+-      @target=$(MD5TEST); $(BUILD_CMD)
++      +@target=$(MD5TEST); $(BUILD_CMD)
+ 
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+-      @target=$(HMACTEST); $(BUILD_CMD)
++      +@target=$(HMACTEST); $(BUILD_CMD)
+ 
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+-      @target=$(WPTEST); $(BUILD_CMD)
++      +@target=$(WPTEST); $(BUILD_CMD)
+ 
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+-      @target=$(RC2TEST); $(BUILD_CMD)
++      +@target=$(RC2TEST); $(BUILD_CMD)
+ 
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+-      @target=$(BFTEST); $(BUILD_CMD)
++      +@target=$(BFTEST); $(BUILD_CMD)
+ 
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+-      @target=$(CASTTEST); $(BUILD_CMD)
++      +@target=$(CASTTEST); $(BUILD_CMD)
+ 
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+-      @target=$(RC4TEST); $(BUILD_CMD)
++      +@target=$(RC4TEST); $(BUILD_CMD)
+ 
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+-      @target=$(RC5TEST); $(BUILD_CMD)
++      +@target=$(RC5TEST); $(BUILD_CMD)
+ 
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+-      @target=$(DESTEST); $(BUILD_CMD)
++      +@target=$(DESTEST); $(BUILD_CMD)
+ 
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+-      @target=$(RANDTEST); $(BUILD_CMD)
++      +@target=$(RANDTEST); $(BUILD_CMD)
+ 
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+-      @target=$(DHTEST); $(BUILD_CMD)
++      +@target=$(DHTEST); $(BUILD_CMD)
+ 
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+-      @target=$(DSATEST); $(BUILD_CMD)
++      +@target=$(DSATEST); $(BUILD_CMD)
+ 
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+-      @target=$(METHTEST); $(BUILD_CMD)
++      +@target=$(METHTEST); $(BUILD_CMD)
+ 
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+-      @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++      +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ 
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+-      @target=$(ENGINETEST); $(BUILD_CMD)
++      +@target=$(ENGINETEST); $(BUILD_CMD)
+ 
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+-      @target=$(EVPTEST); $(BUILD_CMD)
++      +@target=$(EVPTEST); $(BUILD_CMD)
+ 
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+-      @target=$(ECDSATEST); $(BUILD_CMD)
++      +@target=$(ECDSATEST); $(BUILD_CMD)
+ 
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+-      @target=$(ECDHTEST); $(BUILD_CMD)
++      +@target=$(ECDHTEST); $(BUILD_CMD)
+ 
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+-      @target=$(IGETEST); $(BUILD_CMD)
++      +@target=$(IGETEST); $(BUILD_CMD)
+ 
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+-      @target=$(JPAKETEST); $(BUILD_CMD)
++      +@target=$(JPAKETEST); $(BUILD_CMD)
+ 
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+-      @target=$(ASN1TEST); $(BUILD_CMD)
++      +@target=$(ASN1TEST); $(BUILD_CMD)
+ 
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+-      @target=$(SRPTEST); $(BUILD_CMD)
++      +@target=$(SRPTEST); $(BUILD_CMD)
+ 
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+       @target=$(V3NAMETEST); $(BUILD_CMD)
+@@ -522,7 +522,7 @@
+ #     fi
+ 
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+-      @target=dummytest; $(BUILD_CMD)
++      +@target=dummytest; $(BUILD_CMD)
+ 
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+ 

diff --git a/src/patches/openssl-1.0.1e-rpmbuild.patch b/src/patches/openssl-1.0.2a-rpmbuild.patch
similarity index 60%
rename from src/patches/openssl-1.0.1e-rpmbuild.patch
rename to src/patches/openssl-1.0.2a-rpmbuild.patch
index b01520ea2c765611b458f6163b029316a85e29d4..2395d86664dd28a4021a902c0a63bd9af4020d24 100644 (file)
--- a/src/patches/openssl-1.0.1e-rpmbuild.patch
+++ b/src/patches/openssl-1.0.2a-rpmbuild.patch
@@ -1,7 +1,25 @@
-diff -up openssl-1.0.1e/Configure.rpmbuild openssl-1.0.1e/Configure
---- openssl-1.0.1e/Configure.rpmbuild  2014-08-13 19:19:53.211005598 +0200
-+++ openssl-1.0.1e/Configure   2014-08-13 19:29:21.704099285 +0200
-@@ -1675,7 +1676,7 @@ while (<IN>)
+diff -Nur openssl-1.0.2a-vanilla/Configure openssl-1.0.2a/Configure
+--- openssl-1.0.2a-vanilla/Configure   2015-03-19 13:30:36.000000000 +0000
++++ openssl-1.0.2a/Configure   2015-04-23 10:31:41.336569854 +0000
+@@ -348,7 +348,7 @@
+ ####
+ # *-generic* is endian-neutral target, but ./config is free to
+ # throw in -D[BL]_ENDIAN, whichever appropriate...
+-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic32","gcc:\$(CFLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(CFLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-ppc",  "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ #######################################################################
+@@ -389,7 +389,7 @@
+ "linux64-mips64",   "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### IA-32 targets...
+ "linux-ia32-icc",     "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf",  "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf",  "gcc:-DL_ENDIAN \$(CFLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_SONAMEVER)",
+ "linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+ ####
+ "linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+@@ -1737,7 +1737,7 @@
        elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
                {
                my $sotmp = $1;
@@ -10,10 +28,10 @@ diff -up openssl-1.0.1e/Configure.rpmbuild openssl-1.0.1e/Configure
                }
        elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
                {
-diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org
---- openssl-1.0.1e/Makefile.org.rpmbuild       2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/Makefile.org        2014-08-13 19:19:53.218005759 +0200
-@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
+diff -Nur openssl-1.0.2a-vanilla/Makefile.org openssl-1.0.2a/Makefile.org
+--- openssl-1.0.2a-vanilla/Makefile.org        2015-03-19 13:30:36.000000000 +0000
++++ openssl-1.0.2a/Makefile.org        2015-04-23 10:30:03.184371933 +0000
+@@ -10,6 +10,7 @@
  SHLIB_MAJOR=
  SHLIB_MINOR=
  SHLIB_EXT=
@@ -21,7 +39,7 @@ diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org
  PLATFORM=dist
  OPTIONS=
  CONFIGURE_ARGS=
-@@ -333,10 +334,9 @@ clean-shared:
+@@ -335,10 +336,9 @@
  link-shared:
        @ set -e; for i in $(SHLIBDIRS); do \
                $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
@@ -33,7 +51,7 @@ diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org
        done
  
  build-shared: do_$(SHLIB_TARGET) link-shared
-@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET):
+@@ -349,7 +349,7 @@
                        libs="$(LIBKRB5) $$libs"; \
                fi; \
                $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
@@ -42,22 +60,3 @@ diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org
                        LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
                        LIBDEPS="$$libs $(EX_LIBS)" \
                        link_a.$(SHLIB_TARGET); \
---- a/Configure.old    2015-03-19 18:10:45.101201021 +0000
-+++ b/Configure        2015-03-19 18:11:19.324547495 +0000
-@@ -345,14 +345,14 @@
- ####
- # *-generic* is endian-neutral target, but ./config is free to
- # throw in -D[BL]_ENDIAN, whichever appropriate...
--"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_SONAMEVER)",
- "linux-ppc",  "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- # It's believed that majority of ARM toolchains predefine appropriate -march.
- # If you compiler does not, do complement config command line with one!
- "linux-armv4",        "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### IA-32 targets...
- "linux-ia32-icc",     "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-elf",  "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf",  "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_SONAMEVER)",
- "linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
- ####
- "linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

diff --git a/src/patches/openssl-1.0.2a_auto_enable_padlock.patch b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
new file mode 100644 (file)
index 0000000..b5c0e95
--- /dev/null
+++ b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
@@ -0,0 +1,34 @@
+diff -Naur openssl-1.0.2a.org/crypto/engine/eng_all.c openssl-1.0.2a/crypto/engine/eng_all.c
+--- openssl-1.0.2a.org/crypto/engine/eng_all.c 2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/crypto/engine/eng_all.c     2015-04-27 12:27:05.063569969 +0200
+@@ -120,6 +120,14 @@
+     ENGINE_load_capi();
+ # endif
+ #endif
++#ifdef OPENSSL_NO_STATIC_ENGINE
++      ENGINE *e;
++      e = ENGINE_by_id("padlock");
++      if (e != NULL) {
++              ENGINE_add(e);
++              ENGINE_free(e);
++      }
++#endif
+     ENGINE_register_all_complete();
+ }
+ 
+diff -Naur openssl-1.0.2a.org/ssl/ssl_algs.c openssl-1.0.2a/ssl/ssl_algs.c
+--- openssl-1.0.2a.org/ssl/ssl_algs.c  2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/ssl/ssl_algs.c      2015-04-27 11:04:27.893399695 +0200
+@@ -151,5 +151,12 @@
+ #endif
+     /* initialize cipher/digest methods table */
+     ssl_load_ciphers();
++
++    /* Init available hardware crypto engines */
++    ENGINE_load_builtin_engines();
++    ENGINE_register_all_complete();
++    ENGINE * padlock = ENGINE_by_id("padlock");
++    if (padlock) ENGINE_set_default_ciphers(padlock);
++
+     return (1);
+ }

diff --git a/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch b/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
new file mode 100644 (file)
index 0000000..097cc80
--- /dev/null
+++ b/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
@@ -0,0 +1,11 @@
+diff -Naur openssl-1.0.2a.org/crypto/x86cpuid.pl openssl-1.0.2a/crypto/x86cpuid.pl
+--- openssl-1.0.2a.org/crypto/x86cpuid.pl      2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/crypto/x86cpuid.pl  2015-04-28 13:47:57.853521020 +0200
+@@ -71,6 +71,7 @@
+       &mov    ("eax",1);
+       &xor    ("ecx","ecx");
+       &cpuid  ();
++      &and    ("ecx",0xfffffdff);     # clear SSSE3 because it is incredible slow on AMD's
+       &bt     ("edx",28);
+       &jnc    (&label("generic"));
+       &shr    ("ebx",16);

diff --git a/src/patches/qemu-0.15.0_missing_definitions_hack.patch b/src/patches/qemu-0.15.0_missing_definitions_hack.patch
deleted file mode 100644 (file)
index 4ff2c08..0000000
--- a/src/patches/qemu-0.15.0_missing_definitions_hack.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff -Naur qemu-kvm-0.15.0.org/hw/9pfs/virtio-9p-local.c qemu-kvm-0.15.0/hw/9pfs/virtio-9p-local.c
---- qemu-kvm-0.15.0.org/hw/9pfs/virtio-9p-local.c      2011-08-09 14:40:29.000000000 +0200
-+++ qemu-kvm-0.15.0/hw/9pfs/virtio-9p-local.c  2011-08-14 10:31:22.711480316 +0200
-@@ -21,6 +21,16 @@
- #include <sys/un.h>
- #include <attr/xattr.h>
- 
-+#ifndef AT_FDCWD
-+/* Copied from linux/include/linux/fcntl.h * because direct include fails */
-+#define AT_FDCWD              -100    /* Special value used to indicate
-+                                           openat should use the current
-+                                           working directory. */
-+#define AT_SYMLINK_NOFOLLOW   0x100   /* Do not follow symbolic links.  */
-+#define AT_REMOVEDIR          0x200   /* Remove directory instead of
-+                                           unlinking file.  */
-+#define AT_SYMLINK_FOLLOW     0x400   /* Follow symbolic links.  */
-+#endif
- 
- static int local_lstat(FsContext *fs_ctx, const char *path, struct stat *stbuf)
- {
-diff -Naur qemu-kvm-0.15.0.org/linux-user/syscall.c qemu-kvm-0.15.0/linux-user/syscall.c
---- qemu-kvm-0.15.0.org/linux-user/syscall.c   2011-08-09 14:40:29.000000000 +0200
-+++ qemu-kvm-0.15.0/linux-user/syscall.c       2011-08-14 12:43:43.190231600 +0200
-@@ -971,6 +971,16 @@
-     return result;
- }
- 
-+/* Copied from linux/include/asm/resource.h * because direct include fails */
-+
-+#ifndef RLIMIT_NICE
-+#define RLIMIT_NICE           13      /* max nice prio allowed to raise to
-+                                         0-39 for nice level 19 .. -20 */
-+#endif
-+#ifndef RLIMIT_RTPRIO
-+#define RLIMIT_RTPRIO         14      /* maximum realtime priority */
-+#endif
-+
- static inline int target_to_host_resource(int code)
- {
-     switch (code) {

diff --git a/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch b/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch
deleted file mode 100644 (file)
index 44b247e..0000000
--- a/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit 650a3ad5151958b99a95836fb8b84b8aa18da1be
-Author: Tobias Brunner <tobias@strongswan.org>
-Date:   Wed Feb 25 08:09:11 2015 +0100
-
-    ike-sa-manager: Make sure the message ID of initial messages is 0
-    
-    It is mandated by the RFCs and it is expected by the task managers.
-    
-    Initial messages with invalid MID will be treated like regular messages,
-    so no IKE_SA will be created for them.  Instead, if the responder SPI is 0
-    no SA will be found and the message is rejected with ALERT_INVALID_IKE_SPI.
-    If an SPI is set and we do find an SA, then we either ignore the message
-    because the MID is unexpected, or because we don't allow initial messages
-    on established connections.
-    
-    There is one exception, though, if an attacker can slip in an IKE_SA_INIT
-    with both SPIs set before the client's IKE_AUTH is handled by the server,
-    it does get processed (see next commit).
-    
-    References #816.
-
-diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
-index d0cbd47..5e2b925 100644
---- a/src/libcharon/sa/ike_sa_manager.c
-+++ b/src/libcharon/sa/ike_sa_manager.c
-@@ -1184,7 +1184,8 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
- 
-       DBG2(DBG_MGR, "checkout IKE_SA by message");
- 
--      if (id->get_responder_spi(id) == 0)
-+      if (id->get_responder_spi(id) == 0 &&
-+              message->get_message_id(message) == 0)
-       {
-               if (message->get_major_version(message) == IKEV2_MAJOR_VERSION)
-               {

diff --git a/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch b/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch
deleted file mode 100644 (file)
index 4d76e7c..0000000
--- a/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-commit dd0ebb54837298c869389d36a0b42eefdb893dd6
-Author: Tobias Brunner <tobias@strongswan.org>
-Date:   Wed Feb 25 08:30:33 2015 +0100
-
-    ikev2: Only accept initial messages in specific states
-    
-    The previous code allowed an attacker to slip in an IKE_SA_INIT with
-    both SPIs and MID 1 set when an IKE_AUTH would be expected instead.
-    
-    References #816.
-
-diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
-index be84e71..540d4dc 100644
---- a/src/libcharon/sa/ikev2/task_manager_v2.c
-+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
-@@ -1304,17 +1304,16 @@ METHOD(task_manager_t, process_message, status_t,
-       {
-               if (mid == this->responding.mid)
-               {
--                      /* reject initial messages once established */
--                      if (msg->get_exchange_type(msg) == IKE_SA_INIT ||
--                              msg->get_exchange_type(msg) == IKE_AUTH)
-+                      /* reject initial messages if not received in specific states */
-+                      if ((msg->get_exchange_type(msg) == IKE_SA_INIT &&
-+                               this->ike_sa->get_state(this->ike_sa) != IKE_CREATED) ||
-+                              (msg->get_exchange_type(msg) == IKE_AUTH &&
-+                               this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING))
-                       {
--                              if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
--                                      this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
--                              {
--                                      DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
--                                               exchange_type_names, msg->get_exchange_type(msg));
--                                      return FAILED;
--                              }
-+                              DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N",
-+                                       exchange_type_names, msg->get_exchange_type(msg),
-+                                       ike_sa_state_names, this->ike_sa->get_state(this->ike_sa));
-+                              return FAILED;
-                       }
-                       if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
-                       {       /* with MOBIKE, we do no implicit updates */

diff --git a/src/patches/strongswan-5.2.2-issue-816-eb25190.patch b/src/patches/strongswan-5.2.2-issue-816-eb25190.patch
deleted file mode 100644 (file)
index 8dcb32b..0000000
--- a/src/patches/strongswan-5.2.2-issue-816-eb25190.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-commit eb251906298b529fa53b8a99746a9a7a9f318dd5
-Author: Tobias Brunner <tobias@strongswan.org>
-Date:   Wed Feb 25 08:18:58 2015 +0100
-
-    ikev2: Don't destroy the SA if an IKE_SA_INIT with unexpected MID is received
-    
-    This reverts 8f727d800751 ("Clean up IKE_SA state if IKE_SA_INIT request
-    does not have message ID 0") because it allowed to close any IKE_SA by
-    sending an IKE_SA_INIT with an unexpected MID and both SPIs set to those
-    of that SA.
-    
-    The next commit will prevent SAs from getting created for IKE_SA_INIT messages
-    with invalid MID.
-    
-    Fixes #816.
-
-diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
-index 48266aa..be84e71 100644
---- a/src/libcharon/sa/ikev2/task_manager_v2.c
-+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
-@@ -1355,10 +1355,6 @@ METHOD(task_manager_t, process_message, status_t,
-               {
-                       DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
-                                mid, this->responding.mid);
--                      if (msg->get_exchange_type(msg) == IKE_SA_INIT)
--                      {       /* clean up IKE_SA state if IKE_SA_INIT has invalid msg ID */
--                              return DESTROY_ME;
--                      }
-               }
-       }
-       else

diff --git a/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch b/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch
deleted file mode 100644 (file)
index 0c54812..0000000
--- a/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From cd2c30a56ec9bdab8b3923851509f27a4fd6f537 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Tue, 10 Feb 2015 19:03:44 +0100
-Subject: [PATCH] ikev1: Set protocol ID and SPIs in INITIAL-CONTACT
- notification payloads
-
-The payload we sent before is not compliant with RFC 2407 and thus some
-peers might abort negotiation (e.g. with an INVALID-PROTOCOL-ID error).
-
- #819
----
- src/libcharon/sa/ikev1/tasks/main_mode.c |   15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
-index 5065e70..3ea4a2a 100644
---- a/src/libcharon/sa/ikev1/tasks/main_mode.c
-+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
-@@ -213,6 +213,10 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message,
- {
-       identification_t *idr;
-       host_t *host;
-+      notify_payload_t *notify;
-+      ike_sa_id_t *ike_sa_id;
-+      u_int64_t spi_i, spi_r;
-+      chunk_t spi;
- 
-       idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE);
-       if (idr && !idr->contains_wildcards(idr))
-@@ -224,8 +228,15 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message,
-                       if (!charon->ike_sa_manager->has_contact(charon->ike_sa_manager,
-                                                                               idi, idr, host->get_family(host)))
-                       {
--                              message->add_notify(message, FALSE, INITIAL_CONTACT_IKEV1,
--                                                                      chunk_empty);
-+                              notify = notify_payload_create_from_protocol_and_type(
-+                                                              PLV1_NOTIFY, PROTO_IKE, INITIAL_CONTACT_IKEV1);
-+                              ike_sa_id = this->ike_sa->get_id(this->ike_sa);
-+                              spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
-+                              spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
-+                              spi = chunk_cata("cc", chunk_from_thing(spi_i),
-+                                                               chunk_from_thing(spi_r));
-+                              notify->set_spi_data(notify, spi);
-+                              message->add_payload(message, (payload_t*)notify);
-                       }
-               }
-       }
--- 
-1.7.9.5
-

diff --git a/src/patches/strongswan-5.3.1-build-timeattack.patch b/src/patches/strongswan-5.3.1-build-timeattack.patch
new file mode 100644 (file)
index 0000000..948c4fc
--- /dev/null
+++ b/src/patches/strongswan-5.3.1-build-timeattack.patch
@@ -0,0 +1,11 @@
+--- strongswan-5.3.1/scripts/Makefile.am.old   2015-06-04 17:20:43.539244145 +0000
++++ strongswan-5.3.1/scripts/Makefile.am       2015-06-04 17:20:51.760510631 +0000
+@@ -42,7 +42,7 @@
+ dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+ aes_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+ settings_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+-timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
++timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(RTLIB)
+ 
+ key2keyid.o : $(top_builddir)/config.status
+ 

diff --git a/src/patches/strongswan-5.0.2_ipfire.patch b/src/patches/strongswan-ipfire.patch
similarity index 78%
rename from src/patches/strongswan-5.0.2_ipfire.patch
rename to src/patches/strongswan-ipfire.patch
index 71eb24e481e9b208a9563bb6855c230a37b2accf..7071983b8c6d246cbe6a62ceb98df8de48afb36a 100644 (file)
--- a/src/patches/strongswan-5.0.2_ipfire.patch
+++ b/src/patches/strongswan-ipfire.patch
@@ -1,8 +1,8 @@
---- a/src/_updown/_updown.in
-+++ b/src/_updown/_updown.in
-@@ -178,6 +178,29 @@
-       ;;
- esac
+--- strongswan-5.3.0/src/_updown/_updown.in.old        2015-03-17 18:17:43.000000000 +0000
++++ strongswan-5.3.0/src/_updown/_updown.in    2015-03-30 22:48:27.084030719 +0000
+@@ -122,6 +122,29 @@
+ #              address family.
+ #
  
 +function ip_encode() {
 +      local IFS=.
@@ -27,26 +27,26 @@
 +      [ $vlsm -eq 0 ] && echo 0 || echo $(( -1 << $(( 32 - $vlsm )) ))
 +}
 +
- # utility functions for route manipulation
- # Meddling with this stuff should not be necessary and requires great care.
- uproute() {
-@@ -407,12 +430,12 @@
+ # define a minimum PATH environment in case it is not set
+ PATH="/sbin:/bin:/usr/sbin:/usr/bin:@sbindir@"
+ export PATH
+@@ -232,12 +255,12 @@
        # connection to me, with (left/right)firewall=yes, coming up
        # This is used only by the default updown script, not by your custom
        # ones, so do not mess with it; see CAUTION comment up at top.
 -      iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+      iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++      iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
            -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
            -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 -      iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+      iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++      iptables --wait -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
            -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
 -          -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
 +          -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50
        #
        # allow IPIP traffic because of the implicit SA created by the kernel if
        # IPComp is used (for small inbound packets that are not compressed)
-@@ -428,10 +451,10 @@
+@@ -253,10 +276,10 @@
          if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
          then
            logger -t $TAG -p $FAC_PRIO \
@@ -59,23 +59,23 @@
          fi
        fi
        ;;
-@@ -439,12 +462,12 @@
+@@ -264,12 +287,12 @@
        # connection to me, with (left/right)firewall=yes, going down
        # This is used only by the default updown script, not by your custom
        # ones, so do not mess with it; see CAUTION comment up at top.
 -      iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+      iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++      iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
            -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
            -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 -      iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+      iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++      iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
            -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
 -          -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
 +          -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50
        #
        # IPIP exception teardown
        if [ -n "$PLUTO_IPCOMP" ]
-@@ -459,10 +482,10 @@
+@@ -284,10 +307,10 @@
          if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
          then
            logger -t $TAG -p $FAC_PRIO -- \
@@ -88,17 +88,17 @@
          fi
        fi
        ;;
-@@ -472,24 +495,24 @@
+@@ -297,24 +320,24 @@
        # ones, so do not mess with it; see CAUTION comment up at top.
        if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
        then
 -        iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+        iptables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++        iptables --wait -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
              -s $PLUTO_MY_CLIENT $S_MY_PORT \
 -            -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
 -        iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
 +            -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50
-+        iptables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++        iptables --wait -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
              -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
 -            -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 +            -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN
@@ -109,28 +109,28 @@
        if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
        then
 -        iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+        iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++        iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
              -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
 -            -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 -        iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
 +            -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN
-+        iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++        iptables --wait -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
              -s $PLUTO_MY_CLIENT $S_MY_PORT \
 -            -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
 +            -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50
        fi
        #
        # allow IPIP traffic because of the implicit SA created by the kernel if
-@@ -497,7 +520,7 @@
+@@ -322,7 +345,7 @@
        # INPUT is correct here even for forwarded traffic.
        if [ -n "$PLUTO_IPCOMP" ]
        then
 -        iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
-+        iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p 4 \
++        iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p 4 \
              -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
        fi
        #
-@@ -507,12 +530,51 @@
+@@ -332,12 +355,51 @@
          if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
          then
            logger -t $TAG -p $FAC_PRIO \
@@ -145,13 +145,13 @@
 +
 +      #
 +      # Open Firewall for IPinIP + AH + ESP Traffic
-+        iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p IP \
++        iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p IP \
 +            -s $PLUTO_PEER $S_PEER_PORT \
 +            -d $PLUTO_ME $D_MY_PORT -j ACCEPT
-+        iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p AH \
++        iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p AH \
 +            -s $PLUTO_PEER $S_PEER_PORT \
 +            -d $PLUTO_ME $D_MY_PORT -j ACCEPT
-+        iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p ESP \
++        iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p ESP \
 +            -s $PLUTO_PEER $S_PEER_PORT \
 +            -d $PLUTO_ME $D_MY_PORT -j ACCEPT
 +      if [ $VPN_LOGGING ]
@@ -171,7 +171,7 @@
 +      done
 +
 +      if [ -n "${src}" ]; then
-+              iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
++              iptables --wait -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
 +              logger -t $TAG -p $FAC_PRIO \
 +                      "snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
 +      else
@@ -184,18 +184,18 @@
        ;;
  down-client:iptables)
        # connection to client subnet, with (left/right)firewall=yes, going down
-@@ -520,34 +582,34 @@
+@@ -345,34 +407,34 @@
        # ones, so do not mess with it; see CAUTION comment up at top.
        if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
        then
 -        iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+        iptables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++        iptables --wait -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
              -s $PLUTO_MY_CLIENT $S_MY_PORT \
              -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
 -               $IPSEC_POLICY_OUT -j ACCEPT
 -        iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
 +               $IPSEC_POLICY_OUT -j MARK --set-mark 50
-+        iptables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++        iptables --wait -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
              -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
              -d $PLUTO_MY_CLIENT $D_MY_PORT \
 -               $IPSEC_POLICY_IN -j ACCEPT
@@ -207,13 +207,13 @@
        if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
        then
 -        iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+        iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++        iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
              -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
              -d $PLUTO_MY_CLIENT $D_MY_PORT \
 -               $IPSEC_POLICY_IN -j ACCEPT
 -        iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
 +               $IPSEC_POLICY_IN -j RETURN
-+        iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++        iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
              -s $PLUTO_MY_CLIENT $S_MY_PORT \
              -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
 -               $IPSEC_POLICY_OUT -j ACCEPT
@@ -224,11 +224,11 @@
        if [ -n "$PLUTO_IPCOMP" ]
        then
 -        iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
-+        iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p 4 \
++        iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p 4 \
              -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
        fi
        #
-@@ -557,12 +619,51 @@
+@@ -382,12 +444,51 @@
          if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
          then
            logger -t $TAG -p $FAC_PRIO -- \
@@ -243,13 +243,13 @@
 +
 +      #
 +      # Close Firewall for IPinIP + AH + ESP Traffic
-+        iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p IP \
++        iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p IP \
 +            -s $PLUTO_PEER $S_PEER_PORT \
 +            -d $PLUTO_ME $D_MY_PORT -j ACCEPT
-+        iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p AH \
++        iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p AH \
 +            -s $PLUTO_PEER $S_PEER_PORT \
 +            -d $PLUTO_ME $D_MY_PORT -j ACCEPT
-+        iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p ESP \
++        iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p ESP \
 +            -s $PLUTO_PEER $S_PEER_PORT \
 +            -d $PLUTO_ME $D_MY_PORT -j ACCEPT
 +      if [ $VPN_LOGGING ]
@@ -269,7 +269,7 @@
 +      done
 +
 +      if [ -n "${src}" ]; then
-+              iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
++              iptables --wait -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
 +              logger -t $TAG -p $FAC_PRIO \
 +                      "snat- $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
 +      else
@@ -282,83 +282,83 @@
        ;;
  #
  # IPv6
-@@ -597,10 +698,10 @@
+@@ -412,10 +513,10 @@
        # connection to me, with (left/right)firewall=yes, coming up
        # This is used only by the default updown script, not by your custom
        # ones, so do not mess with it; see CAUTION comment up at top.
 -      ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+      ip6tables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++      ip6tables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
            -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
            -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 -      ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+      ip6tables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++      ip6tables --wait -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
            -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
            -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
        #
-@@ -621,10 +722,10 @@
+@@ -436,10 +537,10 @@
        # connection to me, with (left/right)firewall=yes, going down
        # This is used only by the default updown script, not by your custom
        # ones, so do not mess with it; see CAUTION comment up at top.
 -      ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+      ip6tables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++      ip6tables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
            -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
            -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 -      ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+      ip6tables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++      ip6tables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
            -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
            -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
        #
-@@ -647,10 +748,10 @@
+@@ -462,10 +563,10 @@
        # ones, so do not mess with it; see CAUTION comment up at top.
        if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
        then
 -        ip6tables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+        ip6tables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++        ip6tables --wait -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
              -s $PLUTO_MY_CLIENT $S_MY_PORT \
              -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
 -        ip6tables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+        ip6tables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++        ip6tables --wait -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
              -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
              -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
        fi
-@@ -659,10 +760,10 @@
+@@ -474,10 +575,10 @@
        # or sometimes host access via the internal IP is needed
        if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
        then
 -        ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+        ip6tables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++        ip6tables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
              -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
              -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 -        ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+        ip6tables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++        ip6tables --wait -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
              -s $PLUTO_MY_CLIENT $S_MY_PORT \
              -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
        fi
-@@ -686,11 +787,11 @@
+@@ -501,11 +602,11 @@
        # ones, so do not mess with it; see CAUTION comment up at top.
        if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
        then
 -        ip6tables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+        ip6tables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++        ip6tables --wait -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
              -s $PLUTO_MY_CLIENT $S_MY_PORT \
              -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
                 $IPSEC_POLICY_OUT -j ACCEPT
 -        ip6tables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+        ip6tables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++        ip6tables --wait -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
              -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
              -d $PLUTO_MY_CLIENT $D_MY_PORT \
                 $IPSEC_POLICY_IN -j ACCEPT
-@@ -700,11 +801,11 @@
+@@ -515,11 +616,11 @@
        # or sometimes host access via the internal IP is needed
        if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
        then
 -        ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+        ip6tables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++        ip6tables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
              -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
              -d $PLUTO_MY_CLIENT $D_MY_PORT \
                 $IPSEC_POLICY_IN -j ACCEPT
 -        ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+        ip6tables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++        ip6tables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
              -s $PLUTO_MY_CLIENT $S_MY_PORT \
              -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
                 $IPSEC_POLICY_OUT -j ACCEPT

diff --git a/src/scripts/ovpn-ccd-convert b/src/scripts/ovpn-ccd-convert
index 7aa8cf13ea42106ce2abba086b6d7ce886fcfbb9..f4967065622303c463c0e5b68c3cb2aa7ac08768 100644 (file)
--- a/src/scripts/ovpn-ccd-convert
+++ b/src/scripts/ovpn-ccd-convert
@@ -42,7 +42,7 @@ foreach my $key (keys %ovpnconfig){
        }else{
                print "Client $ovpnconfig{$key}[2] NOT converted!\n";
        }
-       $ovpnconfig{$key}[32] = 'dynamic';
+       $ovpnconfig{$key}[32] = 'dynamic' if ($ovpnconfig{$key}[32] eq '');
 }
 &General::writehasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
 if ($running eq 'on')

diff --git a/src/scripts/ovpn-collectd-convert b/src/scripts/ovpn-collectd-convert
new file mode 100644 (file)
index 0000000..59d67b9
--- /dev/null
+++ b/src/scripts/ovpn-collectd-convert
@@ -0,0 +1,26 @@
+#!/usr/bin/perl
+# Converter script for adding existing OpenVPN N2N connections to collectd
+# Used for core update 89
+
+my %ovpnconfig=();
+
+require '/var/ipfire/general-functions.pl';
+
+open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
+print COLLECTDVPN "Loadplugin openvpn\n";
+print COLLECTDVPN "\n";
+print COLLECTDVPN "<Plugin openvpn>\n";
+print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
+
+&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
+foreach my $key (keys %ovpnconfig) {
+       if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] eq 'net') {
+               print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ovpnconfig{$key}[1]-n2n\"\n";
+       }
+}
+
+print COLLECTDVPN "</Plugin>\n";
+close(COLLECTDVPN);
+
+# Reload collectd afterwards
+system("/usr/local/bin/collectdctrl restart &>/dev/null");

diff --git a/src/scripts/xt_geoip_build b/src/scripts/xt_geoip_build
new file mode 100644 (file)
index 0000000..202156f
--- /dev/null
+++ b/src/scripts/xt_geoip_build
@@ -0,0 +1,89 @@
+#!/usr/bin/perl
+#
+#      Converter for MaxMind CSV database to binary, for xt_geoip
+#      Copyright © Jan Engelhardt, 2008-2011
+#
+use Getopt::Long;
+use IO::Handle;
+use Text::CSV_XS; # or trade for Text::CSV
+use strict;
+
+my $csv = Text::CSV_XS->new({
+       allow_whitespace => 1,
+       binary => 1,
+       eol => $/,
+}); # or Text::CSV
+my $target_dir = ".";
+
+&Getopt::Long::Configure(qw(bundling));
+&GetOptions(
+       "D=s" => \$target_dir,
+);
+
+if (!-d $target_dir) {
+       print STDERR "Target directory $target_dir does not exist.\n";
+       exit 1;
+}
+
+my $dir = "$target_dir/LE";
+if (!-e $dir && !mkdir($dir)) {
+       print STDERR "Could not mkdir $dir: $!\n";
+       exit 1;
+}
+
+&dump(&collect());
+
+sub collect
+{
+       my %country;
+
+       while (my $row = $csv->getline(*ARGV)) {
+               if (!defined($country{$row->[4]})) {
+                       $country{$row->[4]} = {
+                               name => $row->[5],
+                               pool_v4 => [],
+                               pool_v6 => [],
+                       };
+               }
+               my $c = $country{$row->[4]};
+
+               push(@{$c->{pool_v4}}, [$row->[2], $row->[3]]);
+
+               if ($. % 4096 == 0) {
+                       print STDERR "\r\e[2K$. entries";
+               }
+       }
+
+       print STDERR "\r\e[2K$. entries total\n";
+       return \%country;
+}
+
+sub dump
+{
+       my $country = shift @_;
+
+       foreach my $iso_code (sort keys %$country) {
+               &dump_one($iso_code, $country->{$iso_code});
+       }
+}
+
+sub dump_one
+{
+       my($iso_code, $country) = @_;
+       my($file, $fh_le, $fh_be);
+
+       printf "%5u IPv4 ranges for %s %s\n",
+               scalar(@{$country->{pool_v4}}),
+               $iso_code, $country->{name};
+
+       $file = "$target_dir/LE/".uc($iso_code).".iv4";
+       if (!open($fh_le, "> $file")) {
+               print STDERR "Error opening $file: $!\n";
+               exit 1;
+       }
+       foreach my $range (@{$country->{pool_v4}}) {
+               print $fh_le pack("VV", $range->[0], $range->[1]);
+               #print $fh_be pack("NN", $range->[0], $range->[1]);
+       }
+       close $fh_le;
+}

diff --git a/src/scripts/xt_geoip_update b/src/scripts/xt_geoip_update
new file mode 100644 (file)
index 0000000..0ee7744
--- /dev/null
+++ b/src/scripts/xt_geoip_update
@@ -0,0 +1,137 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2014 IPFire Development Team <info@ipfire.org>                #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+TMP_PATH=$(mktemp -d)
+TMP_FILE=$(mktemp -p $TMP_PATH)
+
+SCRIPT_PATH=/usr/local/bin
+DEST_PATH=/usr/share/xt_geoip
+
+DL_URL=http://geolite.maxmind.com/download/geoip/database
+DL_FILE=GeoIPCountryCSV.zip
+
+CSV_FILE=GeoIPCountryWhois.csv
+
+ARCH=LE
+
+eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
+
+function download() {
+       echo "Downloading latest GeoIP ruleset..."
+
+       # Create temporary directory.
+       mkdir -pv $TMP_PATH
+
+       # Proxy settings.
+       # Check if a proxy should be used.
+       if [[ $UPSTREAM_PROXY ]]; then
+               PROXYSETTINGS="-e http_proxy=http://"
+
+               # Check if authentication against the proxy is configured.
+               if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then
+                       PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_USER:$UPSTREAM_PASSWORD@"
+               fi
+
+               # Add proxy server.
+               PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_PROXY"
+       fi
+
+       # Get the latest GeoIP database from server.
+       wget $DL_URL/$DL_FILE $PROXYSETTINGS -O $TMP_FILE
+
+       # Extract files.
+       unzip $TMP_FILE -d $TMP_PATH
+
+       return 0
+}
+
+function build() {
+       echo "Convert database..."
+
+       # Check if the csv file exists.
+       if [ ! -e $TMP_PATH/$CSV_FILE ]; then
+               echo "$TMP_PATH/$CSV_FILE not found. Exiting."
+               return 1
+       fi
+
+       # Run script to convert the CSV file into several xtables
+       # compatible binary files.
+       if ! $SCRIPT_PATH/xt_geoip_build $TMP_PATH/$CSV_FILE -D $TMP_PATH; then
+               echo "Could not convert ruleset. Aborting." >&2
+               return 1
+       fi
+
+       return 0
+}
+
+function install() {
+       echo "Install databases..."
+
+       # Check if our destination exist.
+       if [ ! -e "$DEST_PATH" ]; then
+               mkdir -p $DEST_PATH &>/dev/null
+       fi
+
+       # Install databases.
+       if ! cp -af $TMP_PATH/$ARCH $DEST_PATH &>/dev/null; then
+               echo "Could not copy files. Aborting." >&2
+               return 1
+       fi
+
+       return 0
+}
+
+function cleanup() {
+       echo "Cleaning up temporary files..."
+       if ! rm -rf $TMP_PATH &>/dev/null; then
+               echo "Could not remove files. Aborting." >&2
+               return 1
+       fi
+
+       return 0
+}
+
+function main() {
+       # Download ruleset.
+       download || exit $?
+
+       # Convert the ruleset.
+       if ! build; then
+               # Do cleanup.
+               cleanup || exit $?
+               exit 1
+       fi
+
+       # Install the converted ruleset.
+       if ! install; then
+               # Do cleanup.
+               cleanup || exit $?
+               exit 1
+       fi
+
+       # Finaly remove temporary files.
+       cleanup || exit $?
+
+       return 0
+}
+
+# Run the main function.
+main

diff --git a/src/setup/netstuff.c b/src/setup/netstuff.c
index a656e9f910b183a8520b95308c7f02ed02503caa..f5b3849893e0784f63ba8cdf6752d50c45588766 100644 (file)
--- a/src/setup/netstuff.c
+++ b/src/setup/netstuff.c
@@ -527,27 +527,6 @@ int rename_nics(void) {
                                }
 }
 
-int create_udev(void)
-{
-       #define UDEV_NET_CONF "/etc/udev/rules.d/30-persistent-network.rules"
-       FILE *fp;
-       int i;
-
-       if ( (fp = fopen(UDEV_NET_CONF, "w")) == NULL ) {
-               fprintf(stderr,"Couldn't open" UDEV_NET_CONF);
-               return 1;
-       }
-
-       for (i = 0 ; i < 4 ; i++)
-       {
-               if (strcmp(knics[i].macaddr, "")) {
-                       fprintf(fp,"\n# %s\nACTION==\"add\", SUBSYSTEM==\"net\", ATTR{type}==\"1\", ATTR{address}==\"%s\", NAME=\"%s0\"\n", knics[i].description, knics[i].macaddr, lcolourcard[i]);
-               }
-       }
-       fclose(fp);
-       return 0;
-}
-
 int write_configs_netudev(int card , int colour)
 {      
        char commandstring[STRING_SIZE];

diff --git a/src/setup/networking.c b/src/setup/networking.c
index df4f00f0b1f6b28e238aefd255780708fea4dbba..0791764ebddaab149397557ccaf090edbc65a0d9 100644 (file)
--- a/src/setup/networking.c
+++ b/src/setup/networking.c
@@ -117,7 +117,6 @@ int handlenetworking(void)
        } else {
                rename_nics();
        }
-       create_udev();
        return 1;
 }
 

diff --git a/src/setup/po/pt_BR.po b/src/setup/po/pt_BR.po
index b1ea09c51a578e01c84173308261c3e686aa4088..eb408edc55d3c4f560d146bfc9d4bbfab31a9466 100644 (file)
--- a/src/setup/po/pt_BR.po
+++ b/src/setup/po/pt_BR.po
@@ -5,14 +5,15 @@
 # Translators:
 # douglasdiasn <douglasdiasn@gmail.com>, 2015
 # Evertton de Lima <e.everttonlima@gmail.com>, 2015
+# Moisés Bites Borges de Castro <moisesbites@gmail.com>, 2015
 # Rafael Tavares <rafael@ibinetwork.com.br>, 2015
 msgid ""
 msgstr ""
 "Project-Id-Version: IPFire Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2014-08-21 15:12+0000\n"
-"PO-Revision-Date: 2015-02-16 23:15+0000\n"
-"Last-Translator: Evertton de Lima <e.everttonlima@gmail.com>\n"
+"PO-Revision-Date: 2015-03-24 21:31+0000\n"
+"Last-Translator: Moisés Bites Borges de Castro <moisesbites@gmail.com>\n"
 "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/ipfire/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -22,7 +23,7 @@ msgstr ""
 
 #: dhcp.c:50
 msgid "Start address:"
-msgstr "Endereço de Inicial:"
+msgstr "Endereço inicial:"
 
 #: dhcp.c:51
 msgid "End address:"
@@ -38,15 +39,15 @@ msgstr "DNS Secundário:"
 
 #: dhcp.c:54
 msgid "Default lease (mins):"
-msgstr "Tempo padrão (mins):"
+msgstr "Concessão padrão (min):"
 
 #: dhcp.c:55
 msgid "Max lease (mins):"
-msgstr "Tempo máximo (mins)"
+msgstr "Concessão máxima (min)"
 
 #: dhcp.c:56
 msgid "Domain name suffix:"
-msgstr ""
+msgstr "Sufixo do nome de Domínio:"
 
 #: dhcp.c:86 dhcp.c:93 dhcp.c:101 domainname.c:34 hostname.c:37 keymap.c:70
 #: misc.c:40 misc.c:52 netstuff.c:377 netstuff.c:566 netstuff.c:704
@@ -58,7 +59,7 @@ msgstr "Não foi possível abrir o arquivo de configurações"
 
 #: dhcp.c:111
 msgid "DHCP server configuration"
-msgstr "Configurar servidor DHCP"
+msgstr "Configuração do servidor DHCP"
 
 #: dhcp.c:116
 msgid "Configure the DHCP server by entering the settings information."
@@ -87,11 +88,11 @@ msgstr "Cancelar"
 msgid ""
 "The following fields are invalid:\n"
 "\n"
-msgstr "Os campos a seguir são inválidos: \n"
+msgstr "Os campos a seguir são inválidos: \n\n"
 
 #: dhcp.c:159
 msgid "Start address"
-msgstr "Endereço de Inicial"
+msgstr "Endereço inicial"
 
 #: dhcp.c:165
 msgid "End address"
@@ -107,19 +108,19 @@ msgstr "DNS Secundário"
 
 #: dhcp.c:189
 msgid "Default lease time"
-msgstr "Tempo padrão"
+msgstr "Tempo de concessão padrão"
 
 #: dhcp.c:195
 msgid "Max. lease time"
-msgstr "Tempo máximo padrão"
+msgstr "Tempo de concessão máximo"
 
 #: domainname.c:42 main.c:70
 msgid "Domain name"
-msgstr "Domínio "
+msgstr "Nome de Domínio "
 
 #: domainname.c:42
 msgid "Enter Domain name"
-msgstr "Entre com o nome do Domínio"
+msgstr "Digite o nome do Domínio"
 
 #: domainname.c:48
 msgid "Domain name cannot be empty."
@@ -135,11 +136,11 @@ msgstr "O nome de Domínio pode conter somente letras, números, hífens e ponto
 
 #: hostname.c:46 main.c:69
 msgid "Hostname"
-msgstr "Hostname"
+msgstr "Nome do Host"
 
 #: hostname.c:46
 msgid "Enter the machine's hostname."
-msgstr "Entre com o nome do host."
+msgstr "Entre com o nome de Host da máquina."
 
 #: hostname.c:53
 msgid "Hostname cannot be empty."
@@ -260,7 +261,7 @@ msgstr "Estático "
 
 #: netstuff.c:104
 msgid "DHCP"
-msgstr "Automático "
+msgstr "DHCP"
 
 #: netstuff.c:105
 msgid "PPP DIALUP (PPPoE, modem, ATM ...)"
@@ -300,7 +301,7 @@ msgstr "Nome do Host DHCP:"
 
 #: netstuff.c:396 netstuff.c:709
 msgid "Unset"
-msgstr ""
+msgstr "Desativado"
 
 #: netstuff.c:669
 #, c-format
@@ -342,11 +343,11 @@ msgstr "Você realmente quer remover a interface %s associada?"
 
 #: netstuff.c:755
 msgid "Select network driver"
-msgstr "Selecionar driver de rede"
+msgstr "Selecionar o driver de rede"
 
 #: netstuff.c:755
 msgid "Set additional module parameters"
-msgstr ""
+msgstr "Especifique os parâmetros adicionais"
 
 #: netstuff.c:762
 msgid "Loading module..."
@@ -354,11 +355,11 @@ msgstr "Carregando modulo..."
 
 #: netstuff.c:777
 msgid "Unable to load driver module."
-msgstr ""
+msgstr "Não foi possível carregar o driver."
 
 #: netstuff.c:780
 msgid "Module name cannot be blank."
-msgstr ""
+msgstr "O nome do módulo não pode ficar vazio."
 
 #: networking.c:110
 msgid "Stopping network..."
@@ -459,7 +460,7 @@ msgid ""
 "list those interfaces which have ethernet attached. If you change this "
 "setting, a network restart will be required, and you will have to "
 "reconfigure the network driver assignments."
-msgstr ""
+msgstr "Selecione a configuração de rede para %s. Os tipos de configuração seguintes lista as interfaces cabo Ethernet. Se você alterar estas configurações, uma reinicialização de rede será exigida, e você terá que reconfigurar os drivers de rede especificados."
 
 #: networking.c:307
 #, c-format
@@ -467,13 +468,13 @@ msgid ""
 "Not enough netcards for your choice.\n"
 "\n"
 "Needed: %d - Available: %d\n"
-msgstr ""
+msgstr "Não há dispositivos de rede suficientes para sua escolha.\n\nNecessárias: %d - Disponíveis: %d\n"
 
 #: networking.c:359
 msgid ""
 "Configure network drivers, and which interface each card is assigned to. The current configuration is as follows:\n"
 "\n"
-msgstr ""
+msgstr "Configure os drivers de rede, e a placa de rede que a interface está relacionada. A configuração atual é a seguinte:\n\n"
 
 #: networking.c:408
 msgid "Do you wish to change these settings?"
@@ -487,7 +488,7 @@ msgstr "Reiniciando rede non-local..."
 msgid ""
 "Please choose the interface you wish to change.\n"
 "\n"
-msgstr ""
+msgstr "Por favor, escolha a interface de rede que quer alterar.\n\n"
 
 #: networking.c:519
 msgid "Assigned Cards"
@@ -504,11 +505,11 @@ msgid ""
 "connection to the %s machine will be broken, and you will have to reconnect "
 "on the new IP. This is a risky operation, and should only be attempted if "
 "you have physical access to the machine, should something go wrong."
-msgstr ""
+msgstr "Se você alterar o endereço IP, e você estiver logado remotamente, sua conexão com a máquina %s cairá, e você terá que reconectar através do novo IP. Esta é uma operação arriscada, e somente deve ser feita se você tem acesso físico à máquina, caso algo errado aconteça."
 
 #: networking.c:641
 msgid "Select the interface you wish to reconfigure."
-msgstr ""
+msgstr "Selecione a interface que deseja reconfigurar."
 
 #: networking.c:729
 msgid "Default gateway:"
@@ -518,7 +519,7 @@ msgstr "Gateway padrão:"
 msgid ""
 "Enter the DNS and gateway information. These settings are used only with "
 "Static IP (and DHCP if DNS set) on the RED interface."
-msgstr ""
+msgstr "Digite as informações de DNS e roteador. Estas configurações são usada somente com IP estático (e DHCP se o DNS está habilitado) para a inerface VERMELHA."
 
 #: networking.c:773
 msgid "Default gateway"
@@ -531,7 +532,7 @@ msgstr "DNS secundário especificado sem um DNS primário"
 #: passwords.c:33
 msgid ""
 "Enter the 'root' user password. Login as this user for commandline access."
-msgstr ""
+msgstr "Digite a senha do usuário 'root'. Autentique com este usuário para acesso à linha de comando."
 
 #: passwords.c:38 passwords.c:61
 msgid "Setting password"
@@ -550,17 +551,17 @@ msgstr "Problema ao configurar senha 'root'"
 msgid ""
 "Enter %s 'admin' user password. This is the user to use for logging into the"
 " %s web administration pages."
-msgstr ""
+msgstr "Digite a senha do usuário 'admin' do %s. Este é o usuário para autenticação na interface web de administração do %s."
 
 #: passwords.c:60
 #, c-format
 msgid "Setting %s 'admin' user password..."
-msgstr ""
+msgstr "Especificando a senha do usuário 'admin' do %s..."
 
 #: passwords.c:62
 #, c-format
 msgid "Problem setting %s 'admin' user password."
-msgstr ""
+msgstr "Tem um problema ao gravar senha do usuário 'admin' do %s."
 
 #: passwords.c:76
 msgid "Password:"

diff --git a/src/setup/po/tr.po b/src/setup/po/tr.po
index 4e684182d1d3f308892f8ea7e5e770a15e3ec372..9e52d072c2c03aed0995f6342e8a68eb447020ad 100644 (file)
--- a/src/setup/po/tr.po
+++ b/src/setup/po/tr.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: IPFire Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2014-08-21 15:12+0000\n"
-"PO-Revision-Date: 2015-02-28 22:59+0000\n"
+"PO-Revision-Date: 2015-03-20 15:05+0000\n"
 "Last-Translator: Ersan YILDIRIM <ersan73@gmail.com>\n"
 "Language-Team: Turkish (http://www.transifex.com/projects/p/ipfire/language/tr/)\n"
 "MIME-Version: 1.0\n"
@@ -503,7 +503,7 @@ msgid ""
 "connection to the %s machine will be broken, and you will have to reconnect "
 "on the new IP. This is a risky operation, and should only be attempted if "
 "you have physical access to the machine, should something go wrong."
-msgstr "Eğer bu IP adresini değiştirirseniz, ve uzaktan oturum açmışsanız, %s makinesine olan bağlantınız kopacaktır ve yeni IP adresine tekrar bağlanmanız gerekecektir. Bu riskli bir işlemdir ve bir şeylerin ters gitmesi durumunda makineye fiziksel erişiminiz varsa kullanmalısınız."
+msgstr "Uzaktan oturum açtığınızda bu IP adresini değiştirirseniz %s makinesine olan bağlantınız kopacaktır ve yeni IP adresine tekrar bağlanmanız gerekecektir. Bu riskli bir işlemdir ve bir şeylerin ters gitmesi durumunda makineye fiziksel erişiminiz varsa kullanmalısınız."
 
 #: networking.c:641
 msgid "Select the interface you wish to reconfigure."

diff --git a/src/setup/setup.h b/src/setup/setup.h
index 388d2edcfed9ff75ebbe7182235db51abf19cb6f..14fd64634bd4ef3ad09f33be14f86c75610d863c 100644 (file)
--- a/src/setup/setup.h
+++ b/src/setup/setup.h
@@ -79,7 +79,6 @@ void networkdialogcallbacktype(newtComponent cm, void *data);
 int interfacecheck(struct keyvalue *kv, char *colour);
 int rename_nics(void);
 int init_knics(void);
-int create_udev(void);
 int scan_network_cards(void);
 int nicmenu(int colour);
 int clear_card_entry(int cards);

diff --git a/src/squid-accounting/accounting.cgi b/src/squid-accounting/accounting.cgi
index eabb0c2956641bcb17676797f7ab9658fe2883c0..1ec9849eb7e3e14aae4c7bccf3b96ce0c1f4376b 100755 (executable)
--- a/src/squid-accounting/accounting.cgi
+++ b/src/squid-accounting/accounting.cgi
@@ -907,7 +907,7 @@ sub generatemonthgraph{
        my $sth;
        my $cnt=0;
        #If we want to show Data from within last 2 months, get DATA from ACCT
-       if ( ! $grmon < ($mon+1) && $gryear == ($year+1900)){
+       if ( $grmon == ($mon)+1 && $gryear == ($year+1900)){
                $sth=&ACCT::getmonthgraphdata("ACCT",$from,$till,$grhost);
        }else{
                #If we want to show data from a date older than last two months, use ACCT_HIST
@@ -1959,9 +1959,9 @@ END
 sub viewtablehosts{
        $dbh=&ACCT::connectdb;
        &Header::openbox('100%', 'left', $Lang::tr{'acct hosts'});
-       my $mon=$_[0];
-       my $year=$_[1];
-       my ($from,$till)=&ACCT::getmonth($mon,$year);
+       my $mon1=$_[0];
+       my $year1=$_[1];
+       my ($from,$till)=&ACCT::getmonth($mon1,$year1);
        $count=0;
        #Menu to display another month
        print<<END;
@@ -1986,7 +1986,7 @@ END
                </select></td>
                <td style='text-align: center;'><select name='year'>
 END
-       for (my $j=2014;$j<=($year);$j++){
+       for (my $j=2014;$j<=($year1);$j++){
                if(($_[1]) eq $j){
                        print"<option selected>$j</option>";
                }else{
@@ -2011,7 +2011,12 @@ END
                <th></th>
        </tr>
 END
-       my $res = $dbh->selectall_arrayref("SELECT SUM(BYTES),min(TIME_RUN),max(TIME_RUN),NAME from ACCT where TIME_RUN between ".$from." and ".$till." group by NAME;");
+       my $res;
+       if (($mon)+1 == $mon1 && ($year)+1900 == $year1){
+               $res = $dbh->selectall_arrayref("SELECT SUM(BYTES),min(TIME_RUN),max(TIME_RUN),NAME from ACCT where TIME_RUN between ".$from." and ".$till." group by NAME;");
+       }else{
+               $res = $dbh->selectall_arrayref("SELECT SUM(BYTES),min(strftime('%s',TIME_RUN)),max(strftime('%s',TIME_RUN)),NAME from ACCT_HIST where date(TIME_RUN) > date($from,'unixepoch') and date(TIME_RUN) < date($till,'unixepoch') group by NAME;");
+       }
        my $sumbytes;
        my $type;
        my $lineval;
@@ -2036,8 +2041,8 @@ END
                                        <input type='image' src='/images/utilities-system-monitor.png' alt="$Lang::tr{'status'}" title="$Lang::tr{'status'}" />
                                        <input type='hidden' name='ACTION' value='viewgraph'>
                                        <input type='hidden' name='host' value='$name'>
-                                       <input type='hidden' name='month' value='$mon'>
-                                       <input type='hidden' name='year' value='$year'>
+                                       <input type='hidden' name='month' value='$mon1'>
+                                       <input type='hidden' name='year' value='$year1'>
                                        <input type='hidden' name='traffic' value="$Lang::tr{'acct sum'} $Lang::tr{'acct traffic'} $lineval $type">
                                        </form>
                                        

diff --git a/src/squid-accounting/acct-lib.pl b/src/squid-accounting/acct-lib.pl
index 7969a5023908b9c3e5dc402e57d5f5b45f1a618b..58b154a34581d7435762d9f8b10126139a258b7d 100644 (file)
--- a/src/squid-accounting/acct-lib.pl
+++ b/src/squid-accounting/acct-lib.pl
@@ -93,8 +93,10 @@ sub delbefore {
 }
 
 sub movedbdata {
-       $dbh->do("insert into ACCT_HIST select datetime(TIME_RUN,'unixepoch'),NAME,SUM(BYTES) from ACCT where  date(TIME_RUN,'unixepoch') < date('now','-2 months') group by NAME,date(TIME_RUN,'unixepoch');");
-       $dbh->do("DELETE FROM ACCT WHERE datetime(TIME_RUN,'unixepoch') < date('now','-2 months');");
+       &connectdb;
+       $dbh->do("insert into ACCT_HIST select datetime(TIME_RUN,'unixepoch'),NAME,SUM(BYTES) from ACCT where datetime(TIME_RUN,'unixepoch') < datetime('now','start of month') group by NAME,datetime(TIME_RUN,'unixepoch');");
+       $dbh->do("DELETE FROM ACCT WHERE datetime(TIME_RUN,'unixepoch') < date('now','start of month');");
+       &closedb;
 }
 
 sub gethourgraphdata {
@@ -119,10 +121,10 @@ sub getmonthgraphdata {
        my $name=$_[3];
        my $res;
        $dbh=connectdb;
-       if ($table eq 'ACCT'){
-               $res = $dbh->selectall_arrayref( "SELECT  strftime('%d.%m.%Y',xx.tag),(SELECT SUM(BYTES)/1024/1024 FROM ACCT WHERE date(TIME_RUN,'unixepoch') <= xx.tag and NAME = '".$name."') kum_bytes FROM (SELECT date(TIME_RUN,'unixepoch') tag,SUM(BYTES)/1024/1024 sbytes FROM ACCT WHERE NAME='".$name."' and TIME_RUN between ".$from." and ".$till." GROUP by date(TIME_RUN,'unixepoch')) xx;");
+       if ($table eq 'ACCT_HIST'){
+               $res = $dbh->selectall_arrayref( "SELECT strftime('%d.%m.%Y',TIME_RUN),(SELECT SUM(BYTES)/1024/1024 FROM ACCT_HIST WHERE TIME_RUN <= ah.TIME_RUN and TIME_RUN > date($from,'unixepoch') and NAME = '".$name."') kum_bytes FROM ACCT_HIST ah WHERE date(TIME_RUN) > date(".$from.",'unixepoch') AND date(TIME_RUN) < date(".$till.",'unixepoch') AND NAME = '".$name."' group by date(TIME_RUN);");
        }else{
-               $res = $dbh->selectall_arrayref( "SELECT TIME_RUN, (SELECT SUM(BYTES)/1024/1024 FROM ACCT_HIST WHERE TIME_RUN <= ah.TIME_RUN and NAME = '".$name."') kum_bytes FROM ACCT_HIST ah WHERE TIME_RUN BETWEEN date(".$from.",'unixepoch') AND date(".$till.",'unixepoch') AND NAME = '".$name."' group by TIME_RUN;");
+               $res = $dbh->selectall_arrayref( "SELECT strftime('%d.%m.%Y',xx.tag),(SELECT SUM(BYTES)/1024/1024 FROM ACCT WHERE date(TIME_RUN,'unixepoch') <= xx.tag and TIME_RUN > ".$from." and NAME = '".$name."') kum_bytes FROM (SELECT NAME,date(TIME_RUN,'unixepoch') tag,SUM(BYTES)/1024/1024 sbytes FROM ACCT WHERE NAME='".$name."' and TIME_RUN between ".$from." and ".$till." GROUP by NAME,date(TIME_RUN,'unixepoch')) xx;");
        }
        $dbh=closedb;
        return $res;

diff --git a/src/squid-accounting/acct.pl b/src/squid-accounting/acct.pl
index 79fc7bae43eede00a9444d2c5e761cf7ec60793a..722268945826c0cd8d2228eb2d100f5011999131 100755 (executable)
--- a/src/squid-accounting/acct.pl
+++ b/src/squid-accounting/acct.pl
@@ -100,7 +100,7 @@ if (-f $proxyenabled && $proxylog eq $Lang::tr{'running'}){
                open (FH,">/var/log/accounting.log");
                close (FH);
                chmod 0755, "/var/log/accounting.log";
-               #move all db entries older than 2 months to second table and cumulate them hourly
+               #move all db entries older than this month to second table and cumulate them daily
                &ACCT::movedbdata;
                &ACCT::logger($settings{'LOG'},"New Month. Old trafficvalues moved to ACCT_HIST Table\n");
                if ($settings{'USEMAIL'} eq 'on'){

diff --git a/tools/checkwronginitlinks b/tools/checkrootfiles
similarity index 76%
rename from tools/checkwronginitlinks
rename to tools/checkrootfiles
index 65fc946b68e7b8c83e52d9be3309fdc4ca7821d0..74fab3e02310b6bce11bf37e8375f9bd02e7dea5 100755 (executable)
--- a/tools/checkwronginitlinks
+++ b/tools/checkrootfiles
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2013  IPFire Team  info@ipfire.org                       #
+# Copyright (C) 2007-2015  IPFire Team  info@ipfire.org                       #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -32,3 +32,17 @@ if [ "${?}" == "0" ]; then
        grep -r "^var/run//*" ./config/rootfiles/
        echo "Comment this and create it at initskript if needed !"
 fi
+
+grep -r "/i586" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore >/dev/null 2>&1
+if [ "${?}" == "0" ]; then
+       echo "Error! '/i586' in rootfiles files found!"
+       grep -r "/i586" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore
+       echo "Replace by MACHINE !"
+fi
+
+grep -r "/armv5tel" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore >/dev/null 2>&1
+if [ "${?}" == "0" ]; then
+       echo "Error! '/armv5tel' in rootfiles files found!"
+       grep -r "/armv5tel" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore
+       echo "Replace by MACHINE !"
+fi