Update German translations.

Description: Fix some issues, some causing lintian warnings
 Pointless quotation marks which get displayed in the rendered manual page.
 groff-message troff:<standard input>:868: warning:
  macro 'Om' not defined
  [usr/share/man/sv/man8/dnsmasq.8.gz:1]
 groff-message troff:<standard input>:2846: warning:
  macro 'SH-FILER' not defined (possibly missing space after 'SH')
  [usr/share/man/sv/man8/dnsmasq.8.gz:2]
Author: Sven Geuer <sge@debian.org>
Forwarded: no
Last-Update: 2025-12-04

CHANGELOG

@@ -24,7 +24,7 @@ version 2.92
 
 	Fix some edge-cases with domains and --address and --server. There
 	has been some regressions with this in previous releases. This change
-	fixes the priority order from loqwer to highest as:
+	fixes the priority order from lower to highest as:
 	--address with a IPv4 or IPv6 address (as long as the query matches the type)
         --address with # for all-zeros, as long as the query is A or AAAA)
         --address with no address, which returns NXDOMAIN or NOERROR for all types.
@@ -61,7 +61,7 @@ version 2.92
 
 	Add TFTP options windowsize (RFC 7440) and timeout (RFC 2349).
 	
-	Change the behaviour of the DHVPv6 server when a REBIND message
+	Change the behaviour of the DHCPv6 server when a REBIND message
 	is received but no lease exists. Under these circumstances a new
 	lease is created _only_ when the --dhcp-authoritative option is
 	set. This matches the behavior of the DHCPv4 server.

dnsmasq.conf.example

@@ -27,8 +27,8 @@
 
 # Replies which are not DNSSEC signed may be legitimate, because the domain
 # is unsigned, or may be forgeries. Setting this option tells dnsmasq to
-# check that an unsigned reply is OK, by finding a secure proof that a DS 
-# record somewhere between the root and the domain does not exist. 
+# check that an unsigned reply is OK, by finding a secure proof that a DS
+# record somewhere between the root and the domain does not exist.
 # The cost of setting this is that even queries in unsigned domains will need
 # one or more extra DNS queries to verify.
 #dnssec-check-unsigned
@@ -193,11 +193,11 @@
 #dhcp-range=1234::2, 1234::500, 64, 12h
 
 # Do Router Advertisements, BUT NOT DHCP for this subnet.
-#dhcp-range=1234::, ra-only 
+#dhcp-range=1234::, ra-only
 
 # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
-# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack 
-# hosts. Use the DHCPv4 lease to derive the name, network segment and 
+# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
+# hosts. Use the DHCPv4 lease to derive the name, network segment and
 # MAC address and assume that the host will also have an
 # IPv6 address calculated using the SLAAC algorithm.
 #dhcp-range=1234::, ra-names
@@ -220,9 +220,9 @@
 #dhcp-range=1234::, ra-stateless, ra-names
 
 # Do router advertisements for all subnets where we're doing DHCPv6
-# Unless overridden by ra-stateless, ra-names, et al, the router 
+# Unless overridden by ra-stateless, ra-names, et al, the router
 # advertisements will have the M and O bits set, so that the clients
-# get addresses and configuration from DHCPv6, and the A bit reset, so the 
+# get addresses and configuration from DHCPv6, and the A bit reset, so the
 # clients don't use SLAAC addresses.
 #enable-ra
 
@@ -295,11 +295,11 @@
 # any machine with Ethernet address starting 11:22:33:
 #dhcp-host=11:22:33:*:*:*,set:red
 
-# Give a fixed IPv6 address and name to client with 
+# Give a fixed IPv6 address and name to client with
 # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
 # Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
 # Note also that the [] around the IPv6 address are obligatory.
-#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] 
+#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
 
 # Ignore any clients which are not specified in dhcp-host lines
 # or /etc/ethers. Equivalent to ISC "deny unknown-clients".
@@ -355,7 +355,7 @@
 # Send DHCPv6 option. Note [] around IPv6 addresses.
 #dhcp-option=option6:dns-server,[1234::77],[1234::88]
 
-# Send DHCPv6 option for namservers as the machine running 
+# Send DHCPv6 option for namservers as the machine running
 # dnsmasq and another.
 #dhcp-option=option6:dns-server,[::],[1234::88]
 
@@ -560,7 +560,7 @@
 # Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039.
 # In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit
 # option with a DHCPACK including a Rapid Commit option and fully committed address
-# and configuration information. This must only be enabled if either the server is 
+# and configuration information. This must only be enabled if either the server is
 # the only server for the subnet, or multiple servers are present and they each
 # commit a binding for all clients.
 #dhcp-rapid-commit

man/dnsmasq.8

@@ -918,7 +918,7 @@ fast.
 
 Versions of dnsmasq prior to 2.80 defaulted to not checking unsigned replies, and used 
 .B --dnssec-check-unsigned
-to switch this on. Such configurations will continue to work as before, but those which used the default of no checking will need to be altered to explicitly select no checking. The new default is because switching off checking for unsigned replies is inherently dangerous. Not only does it open the possiblity of forged replies, but it allows everything to appear to be working even when the upstream namesevers do not support DNSSEC, and in this case no DNSSEC validation at all is occurring.
+to switch this on. Such configurations will continue to work as before, but those which used the default of no checking will need to be altered to explicitly select no checking. The new default is because switching off checking for unsigned replies is inherently dangerous. Not only does it open the possibility of forged replies, but it allows everything to appear to be working even when the upstream namesevers do not support DNSSEC, and in this case no DNSSEC validation at all is occurring.
 .TP
 .B --dnssec-no-timecheck
 DNSSEC signatures are only valid for specified time windows, and should be rejected outside those windows. This generates an
@@ -1197,7 +1197,7 @@ the appropriate network part inserted. For IPv6, an address may include a prefix
 which (in this case) specifies four addresses, 1234::50 to 1234::53. This (an the ability
 to specify multiple addresses) is useful
 when a host presents either a consistent name or hardware-ID, but varying DUIDs, since it allows
-dnsmasq to honour the static address allocation but assign a different adddress for each DUID. This
+dnsmasq to honour the static address allocation but assign a different address for each DUID. This
 typically occurs when chain netbooting, as each stage of the chain gets in turn allocates an address.
 
 Note that in IPv6 DHCP, the hardware address may not be
@@ -1347,7 +1347,7 @@ The special address 0.0.0.0 means "the address of the system running dnsmasq".
 
 An option without data is valid, and includes just the option without data.
 (There is only one option with a zero length data field currently defined for DHCPv4, 80:rapid commit, so this feature is not very useful in practice). Options for which dnsmasq normally
-provides default values can be ommitted by defining the option with no data. These are
+provides default values can be omitted by defining the option with no data. These are
 netmask, broadcast, router, DNS server, domainname and hostname. Thus, for DHCPv4
 .B --dhcp-option = option:router
 will result in no router option being sent, rather than the default of the host on which dnsmasq is running. For DHCPv6, the same is true of the options DNS server and refresh time.
@@ -1490,7 +1490,7 @@ prefix-delegation from relayed DHCP transactions. See
 for details.
 .TP
 .B --dhcp-split-relay=<local address>,[<server address>[#<server port>]],<server-facing-interface>|<server-facing-address>
-A usefully enchanced version of DHCPv4 relay. IPv4 DHCP normally uses a single address
+A usefully enhanced version of DHCPv4 relay. IPv4 DHCP normally uses a single address
 for two functions; it is used by the DHCP server to determine which network to allocate
 an address on, and it is used as the address of the relay to which the server sends packets.
 
@@ -1501,7 +1501,7 @@ local address is also used as server-ID override so that the client always sends
 via the relay. The effect of this is that server doesn't require
 a route to the client network and the clients don't require a route to the server.
 
-The third parameter is mandatory. If it is an interface name it cannot be a wildcard and the same filtering as descibed in
+The third parameter is mandatory. If it is an interface name it cannot be a wildcard and the same filtering as described in
 --dhcp-relay applies; answers from the server must arrve via the specified interface. If the third parameter
 is an IP address it must be an address of a local interface which is routable from the server; In this case no filtering
 is done, the reply packets can arrive via any route.
@@ -1672,7 +1672,7 @@ likely to move IP address; for this reason it should not be generally used.
 .TP
 .B --dhcp-ignore-clid
 Dnsmasq is reading 'client identifier' (RFC 2131) option sent by clients
-(if available) to identify clients. This allow to serve same IP address
+(if available) to identify clients. This allow one to serve same IP address
 for a host using several interfaces. Use this option to disable 'client identifier'
 reading, i.e. to always identify a host using the MAC address.
 .TP
@@ -1953,7 +1953,7 @@ was sent, and the complete pathname of the file.
 
 The "relay-snoop" action is invoked when dnsmasq is configured as a DHCP
 relay for DHCPv6 and it relays a prefx delegation to a client. The arguments
-are the name of the interface where the client is conected, its (link-local)
+are the name of the interface where the client is connected, its (link-local)
 address on that interface and the delegated prefix. This information is
 sufficient to install routes to the delegated prefix of a router. See
 .B --dhcp-relay
@@ -2304,7 +2304,7 @@ therein is updated when dnsmasq receives SIGHUP.
 .B \--conf-script=<file>[ <arg]
 Execute <file>, and treat what it emits to stdout as the contents of a configuration file.
 If the script exits with a non-zero exit code, dnsmasq treats this as a fatal error.
-The script can be passed arguments, space seperated from the filename and each other so, for instance
+The script can be passed arguments, space separated from the filename and each other so, for instance
 .B --conf-dir="/etc/dnsmasq-uncompress-ads /share/ads-domains.gz"
 
 with /etc/dnsmasq-uncompress-ads containing 

man/sv/dnsmasq.8

@@ -4,7 +4,7 @@ dnsmasq \- En lättviktig DHCP- och caching-DNS-server.
 .SH SYNOPSIS
 .B dnsmasq
 .I [OPTION]...
-.SH ”BESKRIVNING”
+.SH BESKRIVNING
 .BR dnsmasq
 är en lättviktig DNS-, TFTP-, PXE-, routerannonserings- och DHCP-server. Den är avsedd att tillhandahålla 
 kopplade DNS- och DHCP-tjänster till ett LAN.
@@ -864,8 +864,8 @@ de tas emot från uppströms.
 Dnsmasq kan kryptera bokstäverna i DNS-frågor som skickas uppströms som en säkerhetsfunktion.
 Denna teknik kan interagera dåligt med sällsynta trasiga DNS-servrar som inte bevarar bokstäverna
 i frågan i sitt svar. Första gången ett svar returneras
-som matchar frågan i alla avseenden utom bokstäverna, loggas en varning
-. Om detta sammanfaller med att DNS inte fungerar, är det
+som matchar frågan i alla avseenden utom bokstäverna, loggas en varning.
+Om detta sammanfaller med att DNS inte fungerar, är det
 nödvändigt att inaktivera funktionen. I version 2.91 är 0x20-kodning
 inaktiverad som standard och måste aktiveras med --do-0x20-encode. Standardinställningen
 kan komma att ändras i framtiden, så för att vara säker på dess status efter en uppgradering, ställ in --do-0x20-encode
@@ -2843,7 +2843,7 @@ dnsmasq inte har något direkt sätt att bestämma vilken teckenuppsättning som
 anta att det är systemets standard.
  
 
-.SH-FILER
+.SH FILER
 .IR /etc/dnsmasq.conf 
 
 .IR /usr/local/etc/dnsmasq.conf

po/de.po

@@ -2,7 +2,7 @@
 #
 # This revised version is (C) Copyright by
 # Matthias Andree <matthias.andree@gmx.de>, 2010 - 2021.
-# Conrad Kostecki <conrad@kostecki.com>, 2014 - 2024.
+# Conrad Kostecki <conrad@kostecki.com>, 2014 - 2025.
 # It is subject to the GNU General Public License v2,
 # or at your option, any later version.
 #
@@ -10,10 +10,10 @@
 # Simon Kelley <simon@thekelleys.org.uk>, 2005.
 msgid ""
 msgstr ""
-"Project-Id-Version: dnsmasq 2.91\n"
+"Project-Id-Version: dnsmasq 2.92\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2021-03-20 00:00+0000\n"
-"PO-Revision-Date: 2024-12-23 22:36+0100\n"
+"PO-Revision-Date: 2025-12-06 16:24+0100\n"
 "Last-Translator: Conrad Kostecki <conrad@kostecki.com>\n"
 "Language-Team: German <de@li.org>\n"
 "Language: de\n"
@@ -21,7 +21,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 3.5\n"
+"X-Generator: Poedit 3.8\n"
 
 #: cache.c:696
 msgid "Internal error in cache."
@@ -94,22 +94,22 @@ msgstr "Anfragen nach autoritativen Zonen %u"
 #: cache.c:2078
 #, c-format
 msgid "DNSSEC per-query subqueries HWM %u"
-msgstr ""
+msgstr "DNSSEC-Unterabfragen pro Anfrage HWM %u"
 
 #: cache.c:2079
 #, c-format
 msgid "DNSSEC per-query crypto work HWM %u"
-msgstr ""
+msgstr "DNSSEC-Kryptografie pro Anfrage HWM %u"
 
 #: cache.c:2080
 #, c-format
 msgid "DNSSEC per-RRSet signature fails HWM %u"
-msgstr ""
+msgstr "DNSSEC-Signatur pro RRSet fehlgeschlagen HWM %u"
 
 #: cache.c:2084
 #, c-format
 msgid "child processes for TCP requests: in use %zu, highest since last SIGUSR1 %zu, max allowed %zu."
-msgstr ""
+msgstr "Kindprozesse für TCP-Anfragen: aktuell in Gebrauch %zu, höchster Wert seit letztem SIGUSR1 %zu, maximal erlaubt %zu."
 
 #: cache.c:2113
 #, c-format
@@ -215,9 +215,8 @@ msgid "Don't include IPv6 addresses in DNS answers."
 msgstr "Keine IPv6-Adressen in DNS-Antworten inkludieren."
 
 #: option.c:430
-#, fuzzy
 msgid "Don't include resource records of the given type in DNS answers."
-msgstr "Keine IPv4-Adressen in DNS-Antworten inkludieren."
+msgstr "Resource Records des angegebenen Typs nicht in DNS-Antworten einfügen."
 
 #: option.c:431
 msgid "Enable DHCP in the range given with lease duration."
@@ -354,9 +353,8 @@ msgid "DHCP option sent even if the client does not request it."
 msgstr "DHCP-Option, die selbst ohne Klientenanfrage gesendet wird."
 
 #: option.c:463
-#, fuzzy
 msgid "DHCP option sent only to PXE clients."
-msgstr "Aufforderung, die an PXE-Klienten geschickt wird."
+msgstr "DHCP-Option wird nur an PXE-Clients gesendet."
 
 #: option.c:464
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
@@ -509,14 +507,12 @@ msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr "Auf dieser Schnittstelle kein DHCP anbieten, sondern nur DNS."
 
 #: option.c:500
-#, fuzzy
 msgid "Do not provide DHCPv6 on this interface."
-msgstr "Auf dieser Schnittstelle kein DHCP anbieten, sondern nur DNS."
+msgstr "DHCPv6 auf dieser Schnittstelle nicht bereitstellen."
 
 #: option.c:501
-#, fuzzy
 msgid "Do not provide DHCPv4 on this interface."
-msgstr "Auf dieser Schnittstelle kein DHCP anbieten, sondern nur DNS."
+msgstr "DHCPv4 auf dieser Schnittstelle nicht bereitstellen."
 
 #: option.c:502
 msgid "Enable dynamic address allocation for bootp."
@@ -536,7 +532,7 @@ msgstr "Geben Sie zusätzliche Netzwerke an, die eine Broadcast-Domäne für DHC
 
 #: option.c:506
 msgid "Enable RFC 4388 leasequery functions for DHCPv4"
-msgstr ""
+msgstr "RFC-4388-Leasequery-Funktionen für DHCPv4 aktivieren"
 
 #: option.c:507
 msgid "Disable ICMP echo address checking in the DHCP server."
@@ -858,9 +854,8 @@ msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr "Zeitstempel-Datei für die Verifizierung der Systemuhrzeit für DNSSEC"
 
 #: option.c:586
-#, fuzzy
 msgid "Set resource limits for DNSSEC validation"
-msgstr "Aktiviere DNSSEC-Validierung"
+msgstr "Ressourcenlimits für die DNSSEC-Validierung festlegen"
 
 #: option.c:587
 msgid "Set MTU, priority, resend-interval and router-lifetime"
@@ -907,14 +902,12 @@ msgid "Enables DHCPv4 Rapid Commit option."
 msgstr "Aktiviert die DHCPv4-\"Rapid Commit\"-Option."
 
 #: option.c:598
-#, fuzzy
 msgid "Path to debug packet dump file."
-msgstr "Pfad zur Paketablagedatei zur Fehlersuche"
+msgstr "Pfad zur Dump-Datei für das Debug-Paket."
 
 #: option.c:599
-#, fuzzy
 msgid "Mask which packets to dump."
-msgstr "Maskiere Pakete, welche abgelegt werden sollen"
+msgstr "Maskiere, welche Pakete protokolliert werden sollen."
 
 #: option.c:600
 msgid "Call dhcp-script when lease expiry changes."
@@ -934,26 +927,23 @@ msgstr "Unterdrückt die Round-Robin-Sortierung von DNS-Einträgen."
 
 #: option.c:604
 msgid "Suppress DNS bit 0x20 encoding."
-msgstr ""
+msgstr "DNS-Bit-0x20-Codierung unterdrücken."
 
 #: option.c:605
 msgid "Enable DNS bit 0x20 encoding."
-msgstr ""
+msgstr "DNS-Bit-0x20-Codierung aktivieren."
 
 #: option.c:606
-#, fuzzy
 msgid "Do not add CHAOS TXT records."
-msgstr "fehlerhafter TXT-Eintrag"
+msgstr "Keine CHAOS-TXT-Einträge hinzufügen."
 
 #: option.c:607
-#, fuzzy
 msgid "Cache this DNS resource record type."
-msgstr "Spezifiziere einen beliebiegen DNS Eintrag"
+msgstr "Diesen DNS-Resource-Record-Typ cachen."
 
 #: option.c:608
-#, fuzzy
 msgid "Maximum number of concurrent tcp connections."
-msgstr "Maximale Anzahl gleichzeitiger TFTP-Übertragungen (%s voreingestellt)."
+msgstr "Maximale Anzahl gleichzeitiger TCP-Verbindungen."
 
 #: option.c:838
 #, c-format
@@ -1056,7 +1046,7 @@ msgstr "DHCP-Option zu lang"
 
 #: option.c:1961
 msgid "No vendor-encap options allowed in dhcp-option-pxe"
-msgstr ""
+msgstr "Keine vendor-encap-Optionen in dhcp-option-pxe erlaubt"
 
 #: option.c:1968
 msgid "illegal dhcp-match"
@@ -1141,9 +1131,8 @@ msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist direct
 msgstr "Neukompilierung mit HAVE_CONNTRACK notwendig, um connmark-allowlist-Direktiven zu aktivieren"
 
 #: option.c:3585
-#, fuzzy
 msgid "bad RR type"
-msgstr "fehlerhafter RR-Eintrag"
+msgstr "Ungültiger RR-Typ"
 
 #: option.c:3644
 msgid "bad port range"
@@ -1203,9 +1192,8 @@ msgid "duplicate dhcp-host IP address %s"
 msgstr "doppelte dhcp-host IP-Adresse %s"
 
 #: option.c:4201
-#, fuzzy
 msgid "DHCP host has multiple names"
-msgstr "fehlerhafter DHCP-Hostname"
+msgstr "DHCP-Host hat mehrere Namen"
 
 #: option.c:4209
 msgid "bad DHCP host name"
@@ -1452,7 +1440,7 @@ msgstr "keine \"search\"-Anweisung in %s gefunden"
 #: option.c:6284
 #, c-format
 msgid "srv-host name %s too long after domain appended"
-msgstr ""
+msgstr "srv-Hostname %s nach Anfügen der Domain zu lang"
 
 #: option.c:6293
 msgid "there must be a default domain when --dhcp-fqdn is set"
@@ -1483,12 +1471,12 @@ msgstr "möglichen DNS-Rebind-Angriff entdeckt: %s"
 
 #: forward.c:1013 forward.c:2280
 msgid "limit exceeded: per-query subqueries"
-msgstr ""
+msgstr "Limit überschritten: Unterabfragen pro Anfrage"
 
 #: forward.c:1103 forward.c:2288
 #, c-format
 msgid "validation of %s failed: resource limit exceeded."
-msgstr ""
+msgstr "Validierung von %s fehlgeschlagen: Ressourcenlimit überschritten."
 
 #: forward.c:1697
 #, c-format
@@ -1496,9 +1484,9 @@ msgid "ignoring query from non-local network %s (logged only once)"
 msgstr "Ignoriere Abfrage von nicht-lokalen Netzwerk %s (Nur einmal protokolliert)"
 
 #: forward.c:2120
-#, fuzzy, c-format
+#, c-format
 msgid "TCP connection failed to %s#%d"
-msgstr "Einspeisen in ARP-Zwischenspeicher fehlgeschlagen: %s"
+msgstr "TCP-Verbindung zu %s#%d fehlgeschlagen"
 
 #: forward.c:2426
 #, c-format
@@ -1522,7 +1510,7 @@ msgstr "Maximale Anzahl gleichzeitiger DNS-Abfragen, die erreicht %s (max. %d)"
 
 #: forward.c:3243
 msgid "Case mismatch in DNS reply - check bit 0x20 encoding."
-msgstr ""
+msgstr "Groß-/Kleinschreibung stimmt in der DNS-Antwort nicht überein – Bit-0x20-Codierung überprüfen."
 
 #: network.c:705
 #, c-format
@@ -1797,9 +1785,8 @@ msgid "DNS service limited to local subnets"
 msgstr "DNS-Dienst auf Unternetze eingeschränkt"
 
 #: dnsmasq.c:882
-#, fuzzy
 msgid "DNS service limited to localhost"
-msgstr "DNS-Dienst auf Unternetze eingeschränkt"
+msgstr "DNS-Dienst auf localhost beschränkt"
 
 #: dnsmasq.c:885
 #, c-format
@@ -1839,9 +1826,9 @@ msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr "DNSSEC Signatur-Zeitstempel werden erst überprüft, sobald die Systemuhrzeit gültig ist"
 
 #: dnsmasq.c:946
-#, fuzzy, c-format
+#, c-format
 msgid "configured with negative trust anchor for %s"
-msgstr "konfiguriert mit Vertrauensanker für %s Schlüsselanhänger %u"
+msgstr "Mit negativem Vertrauensanker für %s konfiguriert"
 
 #: dnsmasq.c:946
 #, c-format
@@ -1867,9 +1854,8 @@ msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr "Warnung: Ignoriere \"resolv-file\", weil \"no-resolv\" aktiv ist"
 
 #: dnsmasq.c:981
-#, fuzzy
 msgid "no upstream servers configured - please set them from DBus"
-msgstr "Warnung: keine vorgeschalteten Server konfiguriert"
+msgstr "Keine Upstream-Server konfiguriert – bitte über DBus festlegen"
 
 #: dnsmasq.c:984
 msgid "warning: no upstream servers configured"
@@ -1987,7 +1973,7 @@ msgstr "Kann keine Zeitstempel-Datei %s erzeugen: %s"
 #: dnsmasq.c:1576
 #, c-format
 msgid "TCP helper process %u died unexpectedly"
-msgstr ""
+msgstr "TCP-Hilfsprozess %u ist unerwartet abgestürzt"
 
 #: dnsmasq.c:1592
 #, c-format
@@ -2085,7 +2071,7 @@ msgstr "DHCP-Bereich %s - %s passt nicht zur Netzmaske %s"
 #: dhcp.c:680 dhcp6.c:467
 #, c-format
 msgid "DHCP relay address %s appears on more than one interface"
-msgstr ""
+msgstr "DHCP-Relay-Adresse %s erscheint auf mehr als einer Schnittstelle"
 
 #: dhcp.c:978
 #, c-format
@@ -2117,9 +2103,8 @@ msgid "too many stored leases"
 msgstr "zu viele Leases gespeichert"
 
 #: lease.c:183
-#, fuzzy
 msgid "lease-change script name is too long"
-msgstr "Lease-Änderungs-Skript mit den Rechten dieses Nutzers ausführen."
+msgstr "Der Name des Lease-Change-Skripts ist zu lang"
 
 #: lease.c:203
 #, c-format
@@ -2232,7 +2217,7 @@ msgstr "PXE BIS nicht unterstützt"
 #: rfc2131.c:1088
 #, c-format
 msgid "leasequery from %s not permitted"
-msgstr ""
+msgstr "Leasequery von %s nicht erlaubt"
 
 #: rfc2131.c:1259 rfc3315.c:1248
 #, c-format
@@ -2338,14 +2323,14 @@ msgid "%u reply delay: %d"
 msgstr "%u Antwortverzögerung: %d"
 
 #: rfc2131.c:3118
-#, fuzzy, c-format
+#, c-format
 msgid "Cannot send to server via interface %s: %s"
-msgstr "DHCP-Relay kann nicht über die Schnittstelle %s gesendet werden"
+msgstr "Kann nicht über Schnittstelle %s an Server senden: %s"
 
 #: rfc2131.c:3189
-#, fuzzy, c-format
+#, c-format
 msgid "Cannot broadcast DHCP relay via interface %s: %s"
-msgstr "DHCP-Relay kann nicht über die Schnittstelle %s gesendet werden"
+msgstr "Kann DHCP-Relay nicht über Schnittstelle %s senden: %s"
 
 #: rfc2131.c:3213
 #, c-format
@@ -2413,14 +2398,14 @@ msgid "unable to get free port for TFTP"
 msgstr "konnte keinen freien Port für TFTP bekommen"
 
 #: tftp.c:367
-#, fuzzy, c-format
+#, c-format
 msgid "unsupported write request from %s"
-msgstr "nicht unterstützte Anfrage von %s"
+msgstr "Nicht unterstützte Schreibanfrage von %s"
 
 #: tftp.c:371
-#, fuzzy, c-format
+#, c-format
 msgid "empty filename in request from %s"
-msgstr "nicht unterstützte Anfrage von %s"
+msgstr "Leerer Dateiname in Anfrage von %s"
 
 #: tftp.c:373
 #, c-format
@@ -2438,9 +2423,9 @@ msgid "ignoring packet from %s (TID mismatch)"
 msgstr "Paket von %s wird ignoriert (TID-Nichtübereinstimmung)"
 
 #: tftp.c:730
-#, fuzzy, c-format
+#, c-format
 msgid "timeout sending %s to %s"
-msgstr "konnte %s nicht an %s senden"
+msgstr "Zeitüberschreitung beim Senden von %s an %s"
 
 #: tftp.c:732
 #, c-format
@@ -2494,7 +2479,7 @@ msgstr "Kann nicht an DHCPv6-Server-Socket binden: %s"
 #: dhcp6.c:152
 #, c-format
 msgid "Working around kernel bug: faulty source address scope for VRF slave %s"
-msgstr ""
+msgstr "Umgehung eines Kernel-Fehlers: fehlerhafter Quelladressbereich für VRF-Slave %s"
 
 #: rfc3315.c:174
 #, c-format
@@ -2522,9 +2507,9 @@ msgid "%u client MAC address: %s"
 msgstr "%u Klient MAC-Adresse: %s"
 
 #: rfc3315.c:487
-#, fuzzy, c-format
+#, c-format
 msgid "%u cannot determine client MAC address"
-msgstr "%u Klient MAC-Adresse: %s"
+msgstr "%u kann die MAC-Adresse des Clients nicht bestimmen"
 
 #: rfc3315.c:783 rfc3315.c:880
 msgid "address unavailable"
@@ -2651,9 +2636,9 @@ msgid "DHCP relay from %s via %s"
 msgstr "DHCP-Relay von %s über %s"
 
 #: dhcp-common.c:1071
-#, fuzzy, c-format
+#, c-format
 msgid "DHCP split-relay from %s to %s via %s"
-msgstr "DHCP Weiterleitung von %s nach %s über %s"
+msgstr "DHCP-Split-Relay von %s nach %s über %s"
 
 #: dhcp-common.c:1073
 #, c-format
@@ -2784,21 +2769,21 @@ msgstr "Systemzeit als gültig betrachtet, prüfe jetzt DNSSEC Signatur-Zeitstem
 
 #: dnssec.c:431
 msgid "per-query crypto work"
-msgstr ""
+msgstr "Kryptografische Arbeit pro Anfrage"
 
 #: dnssec.c:697
 msgid "per-RRSet signature fails"
-msgstr ""
+msgstr "Signatur pro RRSet fehlgeschlagen"
 
 #: dnssec.c:1027
 #, c-format
 msgid "Insecure reply received for DS %s, assuming that's OK for a RFC-1918 address."
-msgstr ""
+msgstr "Unsichere Antwort für DS %s empfangen, Annahme, dass dies für eine RFC-1918-Adresse in Ordnung ist."
 
 #: dnssec.c:1034
 #, c-format
 msgid "Insecure reply received for DS %s, assuming non-DNSSEC domain-specific server."
-msgstr ""
+msgstr "Unsichere Antwort für DS %s empfangen, Annahme eines nicht-DNSSEC-domänenspezifischen Servers."
 
 #: dnssec.c:1041
 #, c-format
@@ -2808,7 +2793,7 @@ msgstr "Unsichere DS-Antwort für %s, bitte Domainkonfiguration und Upstream DNS
 #: dnssec.c:1152
 #, c-format
 msgid "Negative DS reply without NS record received for %s, assuming non-DNSSEC domain-specific server."
-msgstr ""
+msgstr "Negative DS-Antwort ohne NS-Eintrag für %s empfangen, Annahme eines nicht-DNSSEC-domänenspezifischen Servers."
 
 #: blockdata.c:55
 #, c-format
@@ -2909,9 +2894,9 @@ msgid "cannot create %s: %s"
 msgstr "kann %s nicht erstellen: %s"
 
 #: dump.c:76
-#, fuzzy, c-format
+#, c-format
 msgid "cannot open pipe %s: %s"
-msgstr "Kann Logdatei %s nicht öffnen: %s"
+msgstr "Kann Pipe %s nicht öffnen: %s"
 
 #: dump.c:82
 #, c-format

src/rfc3315.c

@@ -1596,9 +1596,14 @@ static void get_context_tag(struct state *state, struct dhcp_context *context)
 
 static int check_ia(struct state *state, void *opt, void **endp, void **ia_option)
 {
-  state->ia_type = opt6_type(opt);
   *ia_option = NULL;
 
+  /* must be a minimal option to check without stepping outside received packet. */
+  if (opt6_ptr(opt, 4) > state->end)
+    return 0;
+  
+  state->ia_type = opt6_type(opt);
+  
   if (state->ia_type != OPTION6_IA_NA && state->ia_type != OPTION6_IA_TA)
     return 0;
   
@@ -1608,7 +1613,10 @@ static int check_ia(struct state *state, void *opt, void **endp, void **ia_optio
   if (state->ia_type == OPTION6_IA_TA && opt6_len(opt) < 4)
     return 0;
   
-  *endp = opt6_ptr(opt, opt6_len(opt));
+  /* Check we don't overflow the received packet. */
+  if ((*endp = opt6_ptr(opt, opt6_len(opt))) > state->end)
+    return 0;
+  
   state->iaid = opt6_uint(opt, 0, 4);
   *ia_option = opt6_find(opt6_ptr(opt, state->ia_type == OPTION6_IA_NA ? 12 : 4), *endp, OPTION6_IAADDR, 24);