Adding upstream version 4.22.0.upstream/4.22.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 494 insertions, 0 deletions

diff --git a/templates/man8/update-crypto-policies.8.pot b/templates/man8/update-crypto-policies.8.pot
new file mode 100644
index 00000000..1901a673
--- /dev/null
+++ b/templates/man8/update-crypto-policies.8.pot
@@ -0,0 +1,494 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2022-06-16 17:37+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: TH
+#: debian-unstable
+#, no-wrap
+msgid "UPDATE-CRYPTO-POLI"
+msgstr ""
+
+#. type: TH
+#: debian-unstable
+#, no-wrap
+msgid "08/24/2019"
+msgstr ""
+
+#. type: TH
+#: debian-unstable
+#, no-wrap
+msgid "update-crypto-policies"
+msgstr ""
+
+#. type: TH
+#: debian-unstable
+#, no-wrap
+msgid "\\ \""
+msgstr ""
+
+#.  -----------------------------------------------------------------
+#.  * MAIN CONTENT STARTS HERE *
+#.  -----------------------------------------------------------------
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "NAME"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"update-crypto-policies - manage the policies available to the various "
+"cryptographic back-ends\\&."
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "SYNOPSIS"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "B<update-crypto-policies> [I<COMMAND>]"
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"B<update-crypto-policies(8)> is used to set the policy applicable for the "
+"various cryptographic back-ends, such as SSL/TLS libraries\\&. That will be "
+"the default policy used by these back-ends unless the application user "
+"configures them otherwise\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"The available policies are described in the B<crypto-policies(7)> manual "
+"page\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"The desired system policy is selected in /etc/crypto-policies/config and "
+"this tool will generate the individual policy requirements for all back-ends "
+"that support such configuration\\&. After this tool is called the "
+"administrator is assured that any application that utilizes the supported "
+"back-ends will follow a policy that adheres to the configured profile\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Note that the above assurance does apply to the extent that applications are "
+"configured to follow the default policy (the details vary on the back-end, "
+"see below for more information)\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"The generated back-end policies will be placed in /etc/crypto-policies/back-"
+"ends\\&. Currently the supported back-ends are:"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "GnuTLS library"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "OpenSSL library"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "NSS library"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "OpenJDK"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "Libkrb5"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "BIND"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "OpenSSH"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "Libreswan"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "libssh"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Applications and languages which rely on any of these back-ends will follow "
+"the system policies as well\\&. Examples are apache httpd, nginx, php, and "
+"others\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"In general after changing the system crypto policies with the update-crypto-"
+"policies --set command it is recommended to restart the system for the "
+"effect to fully take place as the policy configuration files are loaded on "
+"application start-up\\&. Otherwise applications started before the command "
+"was run need to be restarted to load the updated configuration\\&."
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "COMMANDS"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "The following commands are available in update-crypto-policies tool\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "--show: Shows the currently applied crypto policy"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"--is-applied: Returns success if the currently configured policy is already "
+"applied\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "--set: Sets the current policy and overwrites the config file\\&."
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "OPTIONS"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "The following options are available in update-crypto-policies tool\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"--no-check: By default this tool does a sanity check on whether the "
+"configured policy is accepted by the supported tools\\&. This option "
+"disables those checks\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"--no-reload: By default this tool causes some running applications to reload "
+"the configured policy\\&. This option skips the reloading\\&."
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "APPLICATION SUPPORT"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Applications in the operating system that provide a default configuration "
+"file that includes a cryptographic policy string will be modified gradually "
+"to support these policies\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"When an application provides a configuration file, the changes needed to "
+"utilize the system-wide policy are the following\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Applications using GnuTLS: If an application allows the configuration of "
+"cipher priotities via a string, the special priority string \"@SYSTEM\" "
+"should replace any other priority string\\&. Applications which use the "
+"default library settings automatically adhere to the policy\\&. Applications "
+"following the policy inherit the settings for cipher suite preference, TLS "
+"and DTLS protocol versions, allowed elliptic curves, and limits for "
+"cryptographic keys\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Applications using OpenSSL: If an application allows the configuration of "
+"ciphersuite string, the special cipher string \"PROFILE=SYSTEM\" should "
+"replace any other cipher string\\&. Applications which use the default "
+"library settings automatically adhere to the policy\\&. Applications "
+"following the policy inherit the settings for cipher suite preference\\&. By "
+"default the OpenSSL library reads a configuration file when it is "
+"initialized\\&. If the applicaton does not override loading of the "
+"configuration file, the policy also sets the minimum TLS protocol version "
+"and default cipher suite preference via this file\\&. If the application is "
+"long-running such as the httpd server it has to be restarted to reload the "
+"configuration file after policy is changed\\&. Otherwise the changed policy "
+"cannot take effect\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Applications using NSS: Applications using NSS will load the crypto policies "
+"by default\\&. They inherit the settings for cipher suite preference, TLS "
+"and DTLS protocol versions, allowed elliptic curves, and limits for "
+"cryptographic keys\\&. Note that unlike OpenSSL and GnuTLS, the NSS policy "
+"is enforced by default; to prevent applications from adhering to the policy "
+"the NSS_IGNORE_SYSTEM_POLICY environment variable must be set to 1 prior to "
+"executing that application\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Applications using Java: No special treatment is required\\&. Applications "
+"using Java will load the crypto policies by default\\&. These applications "
+"will then inherit the settings for allowed cipher suites, allowed TLS and "
+"DTLS protocol versions, allowed elliptic curves, and limits for "
+"cryptographic keys\\&. To prevent openjdk applications from adhering to the "
+"policy the E<lt>java\\&.homeE<gt>/jre/lib/security/java\\&.security file "
+"should be edited to contain security\\&.useSystemPropertiesFile=false\\&. "
+"Alternatively one can create a file containing the overridden values for "
+"I<jdk\\&.tls\\&.disabledAlgorithms>, I<jdk\\&.certpath\\&."
+"disabledAlgorithms> and pass the location of that file to Java on the "
+"command line using the -Djava\\&.security\\&.properties=E<lt>path to "
+"fileE<gt>\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Applications using libkrb5: No special treatment is required\\&. "
+"Applications will follow the crypto policies by default\\&. These "
+"applications inherit the settings for the permitted encryption types for "
+"tickets as well as the cryptographic key limits for the PKINIT protocol\\&. "
+"A system-wide opt-out is available by deleting the /etc/krb5\\&.conf\\&.d/"
+"crypto-policies link\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"BIND: This application inherits the set of blacklisted algorithms\\&. To opt-"
+"out from the policy, remove the policy include directive in the named\\&."
+"conf file\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"OpenSSH: Both server and client application inherits the cipher preferences, "
+"the key exchange algorithms as well as the GSSAPI key exchange "
+"algorithms\\&. To opt-out from the policy for client, override the global "
+"ssh_config with a user-specific configuration in ~/\\&.ssh/config\\&. See "
+"ssh_config(5) for more information\\&. To opt-out from the policy for "
+"server, uncomment the line containing CRYPTO_POLICY= in /etc/sysconfig/sshd "
+"\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Libreswan: Both servers and clients inherit the ESP and IKE preferences, if "
+"they are not overridden in the connection configuration file\\&. Note that "
+"due to limitations of libreswan, crypto policies is restricted to supporting "
+"IKEv2\\&. To opt-out from the policy, comment the line including /etc/crypto-"
+"policies/back-ends/libreswan\\&.config from /etc/ipsec\\&.conf\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Applications using libssh: Both client and server applications using libssh "
+"will load the crypto policies by default\\&. They inherit the ciphers, key "
+"exchange, message authentication, and signature algorithms preferences\\&."
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "POLICY CONFIGURATION"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"One of the supported profiles should be set in /etc/crypto-policies/config "
+"and this script should be run afterwards\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "In case of a parsing error no policies will be updated\\&."
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "CUSTOM POLICIES"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"The custom policies can take two forms\\&. First form is a full custom "
+"policy file which is supported by the update-crypto-policies tool in the "
+"same way as the policies shipped along the tool in the package\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"The second form can be called a subpolicy or policy modifier\\&. This form "
+"modifies aspects of any base policy file by removing or adding algorithms or "
+"protocols\\&. The subpolicies can be appended on the update-crypto-policies "
+"--set command line to the base policy separated by the : character\\&. There "
+"can be multiple subpolicies appended\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Let\\(cqs suppose we have subpolicy NO-SHA1 that drops support for SHA1 hash "
+"and subpolicy GOST that enables support for the various algorithms specified "
+"in Russian GOST standards\\&. You can set the DEFAULT policy with disabled "
+"SHA1 support and enabled GOST support by running the following command:"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "update-crypto-policies --set DEFAULT:NO-SHA1:GOST"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"This command generates and applies configuration that will be modification "
+"of the DEFAULT policy with changes specified in the NO-SHA1 and GOST "
+"subpolicies\\&."
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "FILES"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "/etc/crypto-policies/config"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"The file contains the current system policy\\&. It should contain a string "
+"of one of the profiles listed in the B<crypto-policies(7)> page (e\\&.g\\&., "
+"DEFAULT)\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "/etc/crypto-policies/back-ends"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Contains the generated policies in separated files, and in a format readable "
+"by the supported back ends\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "/etc/crypto-policies/local\\&.d"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid ""
+"Contains additional files to be appended to the generated policy files\\&. "
+"The files present must adhere to $app-XXX\\&.config file naming, where XXX "
+"is any arbitrary identifier\\&. For example, to append a line to "
+"GnuTLS\\*(Aq generated policy, create a gnutls-extra-line\\&.config file in "
+"local\\&.d\\&. This will be appended to the generated gnutls\\&.config "
+"during update-crypto-policies\\&. These overrides, are only functional for "
+"the gnutls, bind, java (openjdk) and krb5 back-ends\\&."
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "crypto-policies(7), fips-mode-setup(8)"
+msgstr ""
+
+#. type: SH
+#: debian-unstable
+#, no-wrap
+msgid "AUTHOR"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable
+msgid "Written by Nikos Mavrogiannopoulos\\&."
+msgstr ""